跨域MPLS 虚拟私有网络的Option 2 解决方案全实战

跨域MPLS ×××的Option 2 解决方案实战

读者如果要完成Option2的实施,可以在Option1的基础上完成,也可以在构建完毕两个AS内部的MPLS ×××之后来实施。
Option2和Option1的区别在于在ASBR上不在需要VRF的实施,而直接通过直连路由在ASBR之间构建MP-EBGP的×××V4邻居关系,即通过BGP更新两侧AS的客户路由;同时在ASBR之间为标签转发,而不在是IP转发
8.2.1 Option2中ASBR之间构建×××v4的EBGP邻居
请读者自行去掉ASBR上的VRF配置(直连接口需要重新配置全局的IPv4地址)。

R4-ASBR#
R4-ASBR(config)#int g3
R4-ASBR(config-if)#no vrf for QYT
% Interface GigabitEthernet3 IPv4 disabled and address(es) removed due to enabling VRF QYT
R4-ASBR(config-if)#ip address 24.1.1.4 255.255.255.0
R4-ASBR(config-if)#do ping 24.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.1.1.2, timeout is 2 seconds:
.!!!!
interface GigabitEthernet3
 ip address 24.1.1.4 255.255.255.0
RP/0/0/CPU0:ASBR-R2#sh run interface gigabitEthernet 0/0/0/1
Fri Jun 24 06:46:45.453 UTC
interface GigabitEthernet0/0/0/1
 ipv4 address 24.1.1.2 255.255.255.0
我们来完成ASBR上的×××V4的EBGP邻居:
ASBR-R2:
router bgp 100
 address-family ***v4 unicast
  !
 neighbor 11.1.1.1
  remote-as 100
  update-source Loopback0
  address-family ***v4 unicast //和PE之间的×××v4的iBGP邻居关系,用于更新×××v4的路由
   next-hop-self //不要忘记针对iBGP邻居关系做下一跳自我,因为×××v4的路由从AS200接收之后会保留下一跳为24.1.1.4,此时下一跳不可达,会造成×××v4路由不优化
  !
 !
 neighbor 24.1.1.4
  remote-as 200
  address-family ***v4 unicast //和AS200构建×××v4的eBGP邻居,在XR上的EBGP上需要通过RPL放行路由
   route-policy EBGP in
   route-policy EBGP out
!
route-policy EBGP
  pass
end-policy
!
ASBR-R4:
router bgp 200
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 24.1.1.2 remote-as 100
 neighbor 66.1.1.1 remote-as 200
 neighbor 66.1.1.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family ***v4
  neighbor 24.1.1.2 activate //IOS上针对邻居建立×××v4的EBGP邻居
  neighbor 24.1.1.2 send-community extended
  neighbor 66.1.1.1 activate
  neighbor 66.1.1.1 send-community extended
  neighbor 66.1.1.1 next-hop-self //针对×××V4的iBGP邻居修改下一跳自我使得×××v4路由最优
验证ASBR上的×××v4邻居关系:
R4-ASBR#show bgp ***v4 unicast all summary 
BGP router identifier 44.1.1.1, local AS number 200
BGP table version is 5, main routing table version 5
4 network entries using 1024 bytes of memory
4 path entries using 480 bytes of memory
4/4 BGP path/bestpath attribute entries using 1088 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
3 BGP extended community entries using 180 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2796 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
24.1.1.2        4          100    1018    1123        5    0    0 16:53:51        0
66.1.1.1        4          200    1130    1125        5    0    0 16:56:44        0

在IOS上当建立×××v4的eBGP之后会自动发生如下的一些变化:
1.会产生一条对端直连接口的32位主机路由
2.直连接口下会自动生成一条命令 : mpls bgp forwarding,BGP去分配标签
3.生成对端直连地址的32位直连地址的pop标签
我们在IOS上验证如上3点:
R4-ASBR#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route

    • replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 10.255.0.1 to network 0.0.0.0

  10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.255.0.0/16 is directly connected, GigabitEthernet1
L 10.255.1.42/32 is directly connected, GigabitEthernet1
24.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 24.1.1.0/24 is directly connected, GigabitEthernet3
C 24.1.1.2/32 is directly connected, GigabitEthernet3
L 24.1.1.4/32 is directly connected, GigabitEthernet3
44.0.0.0/32 is subnetted, 1 subnets
C 44.1.1.1 is directly connected, Loopback0
45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 45.1.1.0/24 is directly connected, GigabitEthernet2
L 45.1.1.4/32 is directly connected, GigabitEthernet2
R4-ASBR#sh run int g3
Building configuration...

Current configuration : 108 bytes
!
interface GigabitEthernet3
ip address 24.1.1.4 255.255.255.0
negotiation auto
mpls bgp forwarding
R4-ASBR#show mpls forwarding-table 24.1.1.2
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
405 Pop Label 24.1.1.2/32 0 Gi3 24.1.1.2
需要注意的是在IOS XR上并不会自动完成上述三点,我们需要额外的配置
8.2.2 解决ASBR收取×××v4路由问题
既然Option2的解决方案已经不再实施VRF,那如何来收取×××v4的路由呢?按照之前的知识点需要VRF的RT匹配才可以。对BGP,默认情况下开启了针对RT的过滤,在Option2中可以和关闭默认的对RT的过滤来收取所有×××v4的路由,当然这也会造成ASBR收取的×××v4路由过多,容易成为单点故障点

ASBR-R2:
router bgp 100
 address-family ***v4 unicast
  retain route-target all //IOS XR上收取所有的×××v4的命令开关
R4-ASBR#
router bgp 200
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 no bgp default route-target filter //关闭默认的针对RT的过滤
查看ASBR收到的×××v4路由:
RP/0/0/CPU0:ASBR-R2#show bgp ***v4 unicast  //收取了所有的×××v4的路由   
Fri Jun 24 07:06:22.373 UTC
BGP router identifier 22.1.1.1, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0   RD version: 0
BGP main routing table version 9
BGP NSR Initial initsync version 5 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:18
*>i18.1.1.0/24        11.1.1.1                 0    100      0 ?
*>i88.1.1.1/32        11.1.1.1                 2    100      0 ?
Route Distinguisher: 200:67
*> 67.1.1.0/24        24.1.1.4                               0 200 ?
*> 77.1.1.1/32        24.1.1.4                               0 200 ?

R4-ASBR#show bgp ***v4 unicast all
BGP table version is 5, local router ID is 44.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

 Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 100:18
> 18.1.1.0/24 24.1.1.2 0 100 ?
> 88.1.1.1/32 24.1.1.2 0 100 ?
Route Distinguisher: 200:67
>i 67.1.1.0/24 66.1.1.1 0 100 0 ?
>i 77.1.1.1/32 66.1.1.1 2 100 0 ?
8.2.3 PE设备收取×××v4路由
在Option1中,两个AS的VRF的RT属性可以不匹配,但是在Option2中PE设备(XR1和R6)VRF的RT必须匹配,否则PE设备无法收取×××v4的路由

XR1:
vrf QYT
 address-family ipv4 unicast
  import route-target
   64512:78
  !
  export route-target
   64512:78
R6-PE:
vrf definition QYT
 rd 200:67
 !
 address-family ipv4
  route-target export 64512:78
  route-target import 64512:7
```8
查看PE设备上×××v4的路由情况:
PE-R6#show ip bgp ***v4 all 
BGP table version is 91, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:18
 *>i 18.1.1.0/24      44.1.1.1                 0    100      0 100 ?
 *>i 88.1.1.1/32      44.1.1.1                 0    100      0 100 ?
Route Distinguisher: 200:67 (default for vrf QYT)
 *>i 18.1.1.0/24      44.1.1.1                 0    100      0 100 ?
 *>  67.1.1.0/24      0.0.0.0                  0         32768 ?
 *>  77.1.1.1/32      67.1.1.7                 2         32768 ?
 *>i 88.1.1.1/32      44.1.1.1                 0    100      0 100 ?
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast //PE设备收取了所有×××v4的路由,而且是最优的,优化与否至关重要,PE设备路由优化是因为在ASBR上针对PE做了下一跳自我命令
Fri Jun 24 07:21:38.223 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0   RD version: 0
BGP main routing table version 79
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:18 (default for vrf QYT)
*> 18.1.1.0/24        0.0.0.0                  0         32768 ?
*>i67.1.1.0/24        22.1.1.1                      100      0 200 ?
*>i77.1.1.1/32        22.1.1.1                      100      0 200 ?
*> 88.1.1.1/32        18.1.1.8                 2         32768 ?
Route Distinguisher: 200:67
*>i67.1.1.0/24        22.1.1.1                      100      0 200 ?
*>i77.1.1.1/32        22.1.1.1                      100      0 200 ?
PE设备上的IGP和BGP的重分步不在赘述,仅仅给出配置,请读者自行完成

router ospf 10
vrf QYT
domain-id type 0005 value 000000000100
redistribute bgp 100
address-family ipv4 unicast
area 0
interface GigabitEthernet0/0/0/3
router bgp 100
address-family ***v4 unicast
!
neighbor 22.1.1.1
remote-as 100
update-source Loopback0
address-family ***v4 unicast
!
!
vrf QYT
rd 100:18
address-family ipv4 unicast
redistribute ospf 10 match internal external


此时客户端可以正常的收取到路由:
CE-R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      18.0.0.0/24 is subnetted, 1 subnets
O IA     18.1.1.0 [110/2] via 67.1.1.6, 00:45:32, GigabitEthernet0/1
      88.0.0.0/32 is subnetted, 1 subnets
O IA     88.1.1.1 [110/2] via 67.1.1.6, 00:45:32, GigabitEthernet0/1
8.2.4 解决ASBR为IOS XR的标签分发问题
在IOS XR的ASBR上需要手工创建一条去往对端ASBR直连接口的32位主机路由,而且不能接下一跳只能跟出接口
router static
 address-family ipv4 unicast
  24.1.1.4/32 GigabitEthernet0/0/0/1
RP/0/0/CPU0:ASBR-R2#show route static 
Fri Jun 24 09:00:49.082 UTC

S    24.1.1.4/32 is directly connected, 19:00:42, GigabitEthernet0/0/0/1
RP/0/0/CPU0:ASBR-R2#show mpls forwarding 
Fri Jun 24 09:01:20.680 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24000  17          11.1.1.1/32        Gi0/0/0/0    23.1.1.3        123841      
24001  Pop         33.1.1.1/32        Gi0/0/0/0    23.1.1.3        127575      
24002  Pop         13.1.1.0/24        Gi0/0/0/0    23.1.1.3        480         
24003  Pop         24.1.1.4/32        Gi0/0/0/1    24.1.1.4        123640     //去往对端的直连地址的32位主机路由的标签必须为Pop标签
24004  24003       100:18:18.1.1.0/24              11.1.1.1        0           
24005  24004       100:18:88.1.1.1/32              11.1.1.1        2158        
24006  403         200:67:67.1.1.0/24 Gi0/0/0/1    24.1.1.4        0           //读者可以在这里清晰的看到去往67.1.1.0的×××V4的路由的标签为403,去往77.1.1.1的标签为404
24007  404         200:67:77.1.1.1/32 Gi0/0/0/1    24.1.1.4        6428
验证数据报文的转发,客户的数据此时可以正常的通信,通过如下测试读者也可以看到多层标签的转发情况:
CE-R8#traceroute 77.1.1.1 source loopback 0 numeric 
Type escape sequence to abort.
Tracing the route to 77.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 18.1.1.1 7 msec 4 msec 4 msec
  2 13.1.1.3 [MPLS: Labels 18/24007 Exp 0] 27 msec 29 msec 25 msec
  3 23.1.1.2 [MPLS: Label 24007 Exp 0] 27 msec 26 msec 27 msec
  4 24.1.1.4 [MPLS: Label 404 Exp 0] 30 msec 30 msec 27 msec
  5 45.1.1.5 [MPLS: Labels 16/21 Exp 0] 34 msec 33 msec 22 msec
  6 67.1.1.6 [MPLS: Label 21 Exp 0] 22 msec 34 msec 20 msec
  7 67.1.1.7 32 msec *  43 msec

转载于:https://blog.51cto.com/enderjoe/2148836

你可能感兴趣的:(跨域MPLS 虚拟私有网络的Option 2 解决方案全实战)