2019独角兽企业重金招聘Python工程师标准>>>
看完了看完了看完了,豪爽豪爽豪爽,一个月了,写得挺棒。总共14个mpls 的实验,为留下学习的痕迹,原封不动献出。
CCIE实验手册 |
(路由部分-MPLSVPN基础篇)
[CCIE] JUSTECH思科教学小组 著
|
|
|
|
JUSTECH网络科技有限公司
目录
1:MPLS VPN 基础实验
1.1 实验拓扑
1.2 实验需求
1.3 配置步骤
1.4 校验
2:MPLS VPN PE CE 间动态路由协议+UNTAG 实验
2.1 实验拓扑
2.2 实验需求
2.3 实验步骤
2.5 校验
2.6 思考题:
3:MPLS VPN RT 设计实验
3.1 实验拓扑
3.3 实验需求
3.4 实验步骤
3.4 校验:
3.5 思考题
4:MPLS VPN 中VRF IMPORT MAP 实验
4.1 实验拓扑
4.2 实验需求
4.3 实验步骤
4.4 校验
4.5 思考题
5:MPLS VPN PE CE OSPF 实验1
5.1 实验拓扑
5.2 实验需求
5.2 实验步骤
5.4 校验
6:MPLS VPN PE CE OSPF Domain-id 实验
6.1 实验拓扑
6.2 实验需求
6.3 实验步骤
6.4 校验
7:MPLS VPN PE CE OSPF 虚链路实验
7.1 实验拓扑
7.2 实验需求
7.3 实验步骤
7.4 校验
7.5 思考题
8:MPLS VPN Sham-link(伪链路) 实验
8.1 实验拓扑
8.2 实验需求
8.3 实验步骤
8.4 校验
9:MPLS-VPN SHAM-LINK 疑难解析实验
9.1 实验拓扑
9.2 实验需求
9.3 实验步骤
9.4 校验
9.5思考题
10:跨域的MPLS VPN (Option A)
10.1 实验拓扑
10.1 实验需求
10.2 实验步骤
10.4 校验
10.5 思考题
11:跨域的MPLS VPN (Option B -2a)
11.1 实验拓扑
11.2实验需求
11.3实验步骤
11.4思考题
12:跨域的MPLS VPN (Option B - 2b)
12.1 实验拓扑
12.2 实验需求
12.3配置步骤
12.4 校验
13:跨域的MPLS VPN (Option B -2c)
13.1 实验拓扑
13.2 实验需求
13.4 校验
14:跨域的MPLS VPN (Option C)
14.1 实验拓扑
14.2 实验需求
14.3 实验步骤
14.4 校验
14.5 思考题
1:MPLS VPN 基础实验
1.1 实验拓扑
1.2 实验需求
a.R1 R2 R3 的直连网络及loopback 0网络被宣告进EIGRP 1
b.R1 R2 R3 的直连网络启用MPLS,要求按如下需求完成MPLS 的配置:
MPLS 标签分配分发协议:LDP
MPLS LDP ROUTER-ID: loopback 0
R1 MPLS 标签取值范围上100~199
R2 200~299
R3 300~399
c.要求R1 与R3 建立位于BGP AS 13 内的IBGP 对等体关系,并且激活MP-BGP 对等体关系
d.要求R1 与R3 作为PE 设备创建VRF 参数如下:
VRF KFC VRF M
RD 1:1 RD 2:2
ROUTE-TARGET 1:1 ROUTE-TARGET 2:2
e.要求通过适当的配置使得KFC 站点所包含的C-NETWORK 可以相互通讯,同样M 站点所包含的C-NETWORK 网络可以相互通讯
1.3 配置步骤
步骤1:完成P-NETWORK 中基础配置
只包含接口IP及EIGRP
此时完成如上配置,管理员应该确认R1 R2 R3 可以分别抵达对方LOOPBACK 0 网络,因为该网络一会会被当做LDP 的ROUTER-ID 及BGP ROUTER-ID
步骤2:根据需求完成MPLS 的配置
R1
Mpls label protocol ldp
Mpls label range 100 199
Mpls ldp router-id lo 0
Int e0/0
Mpls ip
R2
Mpls label protocol ldp
Mpls label range 200 299
Mpls ldp router-id lo 0
Int range e0/0 -1
Mpls ip
R3
Mpls label protocol ldp
Mpls label range 300 399
Mpls ldp router-id lo 0
Int e0/1
Mpls ip
此时管理员完成如上配置,应该确认LDP 的邻接关系已经形成,利用”show mpls ldp neighbor”命令,现象如下:
R2#show mpls ldp neighbor
Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0
TCP connection: 1.1.1.1.646 - 2.2.2.2.55979
State: Oper; Msgs sent/rcvd: 8/8; Downstream
Up time: 00:00:47
LDP discovery sources:
Ethernet0/0, Src IP addr: 31.31.12.1
Addresses bound to peer LDP Ident:
31.31.12.1 1.1.1.1
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.26969 - 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 8/8; Downstream
Up time: 00:00:34
LDP discovery sources:
Ethernet0/1, Src IP addr: 31.31.23.3
Addresses bound to peer LDP Ident:
31.31.23.3 3.3.3.3
步骤3:完成R1 与R3的BGP 及MP-BGP 的对等体关系建立
R1
Router bgp 13
Bgp router-id 1.1.1.1
Neighbor 3.3.3.3 remote 13
Nei 3.3.3.3 up lo 0
no bgp default ipv4-unicast //阻止BGP 进程建立BGPV4 对等体关系
Address-family v4 unicast
Neighbor 3.3.3.3 ac
neighbor 3.3.3.3 send-community extended //该命令行事系统自行配置的,含义为发送MP-BGP拓展团体属性,其实就是说RD RT 及栈底标签可以被当做路由更新的一部分发送出去
R3
Router bgp 13
Bgp router-id 3.3.3.3
Nei 1.1.1.1 remote 13
Nei 1.1.1.1 up lo 0
no bgp default ipv4-unicast
Add v un
Nei 1.1.1.1 ac
neighbor 3.3.3.3 send-community extended
此时管理员完成如上配置,必须确认MP-BGP 对等体关系建立完毕,现象如下:
R1#show ip bgp v4 all summary //该命令用于查看MP-BGP 对等体关系是否建立
BGP router identifier 1.1.1.1, local AS number 13
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 13 2 2 0 0 0 00:00:08 0
R3#show ip bgp v4 all summary
BGP router identifier 3.3.3.3, local AS number 13
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 13 2 2 0 0 0 00:00:24 0
步骤4:在PE 设备上创建VRF
R1
Ip vrf KFC
Rd 1:1
Route-target 1:1
Exit
Ip vrf M
Rd 2:2
Route-target 2:2
R3
Ip vrf KFC
Rd 1:1
Route-target 1:1
Exit
Ip vrf M
Rd 2:2
Route-target 2:2
步骤5:在PE 设备上将指定接口划入特定VRF
R1
Interface s1/0
Ip vrf forward KFC
Ip add 31.31.14.1 255.255.255.0
No sh
!
Int s1/1
Ip vrf for M
Ip add 31.31.15.1 255.255.255.0
No sh
R3
Int s1/1
Ip vrf for KFC
Ip add 31.31.37.3 255.255.255.0
No sh
!
Int s0/0
Ip vrf for M
Ip add 31.31.36.3 255.255.255.0
No sh
此时管理员完成如上配置后应做如下检查:
(1)检查当前设备VRF 配置
R1#show ip vrf
Name Default RD Interfaces
KFC 1:1 Se1/0
M 2:2 Se1/1
R3#show ip vrf
Name Default RD Interfaces
KFC 1:1 Se1/1
M 2:2 Se1/0
步骤6:在R1 R3 上用静态路由往VRF 表中注入路由
R1
ip route vrf KFC 10.1.1.0 255.255.255.0 Serial1/0
ip route vrf KFC 44.44.44.0 255.255.255.0 Serial1/0
ip route vrf M 10.1.1.0 255.255.255.0 Serial1/1
ip route vrf M 55.55.55.0 255.255.255.0 Serial1/1
R3
ip route vrf KFC 10.2.2.0 255.255.255.0 Serial1/1
ip route vrf KFC 77.77.77.0 255.255.255.0 Serial1/1
ip route vrf M 10.2.2.0 255.255.255.0 Serial1/0
ip route vrf M 66.66.66.0 255.255.255.0 Serial1/0
步骤7:在R1 R3 上完成MP-BGP 下的IGPS VRF 进MP-BGP VRF
R1
Router bgp 13
Address-family ipv4 vrf KFC
Redistribute static
Exit
Address-family ipv4 vrf M
Redistribute static
R3
Router bgp 13
Address-family ipv4 vrf KFC
Redistribute static
Exit
Address-family ipv4 vrf M
Redistribute static
步骤8:完成CE设备配置
此处管理员除了根据拓扑需求完成基本的配置,别忘记在CE 设备添加缺省路由,下一跳指向PE设备。
1.4 校验
(1) 在R1 R3 上查看对应VRF 表项中的静态路由
需要确认C-NETWORK 的网络被以静态路由的形式注入VRF 表
R1#show ip route vrf KFC static
10.0.0.0/24 is subnetted, 2 subnets
S 10.1.1.0 is directly connected, Serial1/0
44.0.0.0/24 is subnetted, 1 subnets
S 44.44.44.0 is directly connected, Serial1/0
R1#show ip route vrf M static
55.0.0.0/24 is subnetted, 1 subnets
S 55.55.55.0 is directly connected, Serial1/1
10.0.0.0/24 is subnetted, 2 subnets
S 10.1.1.0 is directly connected, Serial1/1
R3#show ip route vrf KFC static
77.0.0.0/24 is subnetted, 1 subnets
S 77.77.77.0 is directly connected, Serial1/1
10.0.0.0/24 is subnetted, 2 subnets
S 10.2.2.0 is directly connected, Serial1/1
R3#show ip route vrf M static
66.0.0.0/24 is subnetted, 1 subnets
S 66.66.66.0 is directly connected, Serial1/0
10.0.0.0/24 is subnetted, 2 subnets
S 10.2.2.0 is directly connected, Serial1/0
假设此时管理员需要在PE 设备上确认某个VRF的C-NETWORK 网络可达性,我们建立利用如下命令:
R1#ping vrf KFC 44.44.44.44
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/52/80 ms
R1#
(2)确认IGPS的VRF 条目被成功的注入MP-BGP 的VRF表中
R1#show ip bgp v4 all
BGP table version is 17, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf KFC) //描述VRF KFC 转发表项
*> 10.1.1.0/24 0.0.0.0 0 32768 ?
*>i10.2.2.0/24 3.3.3.3 0 100 0 ?
*> 44.44.44.0/24 0.0.0.0 0 32768 ?
*>i77.77.77.0/24 3.3.3.3 0 100 0 ?
Route Distinguisher: 2:2 (default for vrf M)
*> 10.1.1.0/24 0.0.0.0 0 32768 ?
*>i10.2.2.0/24 3.3.3.3 0 100 0 ?
*> 55.55.55.0/24 0.0.0.0 0 32768 ?
*>i66.66.66.0/24 3.3.3.3 0 100 0 ?
(3)在PE 设备上查看MP-BGP 给BGP 条目分配的栈底标签
R1#show ip bgp v4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 1:1 (KFC)
10.1.1.0/24 0.0.0.0 103/nolabel
10.2.2.0/24 3.3.3.3 nolabel/305
44.44.44.0/24 0.0.0.0 104/nolabel
77.77.77.0/24 3.3.3.3 nolabel/306
Route Distinguisher: 2:2 (M)
10.1.1.0/24 0.0.0.0 105/nolabel
10.2.2.0/24 3.3.3.3 nolabel/303
55.55.55.0/24 0.0.0.0 106/nolabel
66.66.66.0/24 3.3.3.3 nolabel/304
In label 字段:其对应的值是当前PE 设备BGP 给特定网络分配的本地栈底标签
Out label 字段:其对应的值是对端PE设备BGP 给特定网络分配的远程栈底标签
!!注意
当数据包去向特定网络需要栈底标签时,一定使用的是远程栈底标签。
(4)查看MP-BGP 发送的VPNV4 路由更新
R1#show ip bgp v4 all 10.1.1.0
BGP routing table entry for 1:1:10.1.1.0/24, version 4
Paths: (1 available, best #1, table KFC)
Advertised to update-groups:
1
Local
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:1:1
mpls labels in/out 103/nolabel
BGP routing table entry for 2:2:10.1.1.0/24, version 8
Paths: (1 available, best #1, table M)
Advertised to update-groups:
1
Local
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:2:2
mpls labels in/out 105/nolabel
(5)查看P-NETWORK 中PE 及P 设备的MPLS 标签转发信息库(LFIB)
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
100 Pop tag 2.2.2.0/24 0 Et0/0 31.31.12.2
101 201 3.3.3.0/24 0 Et0/0 31.31.12.2
102 Pop tag 31.31.23.0/24 0 Et0/0 31.31.12.2
103 Untagged 10.1.1.0/24[V] 1040 Se1/0 point2point
104 Untagged 44.44.44.0/24[V] 0 Se1/0 point2point
105 Untagged 10.1.1.0/24[V] 0 Se1/1 point2point
106 Untagged 55.55.55.0/24[V] 0 Se1/1 point2point
R2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
200 Pop tag 1.1.1.0/24 9385 Et0/0 31.31.12.1
201 Pop tag 3.3.3.0/24 11742 Et0/1 31.31.23.3
R3#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
300 200 1.1.1.0/24 0 Et0/1 31.31.23.2
301 Pop tag 2.2.2.0/24 0 Et0/1 31.31.23.2
302 Pop tag 31.31.12.0/24 0 Et0/1 31.31.23.2
303 Untagged 10.2.2.0/24[V] 0 Se1/0 point2point
304 Untagged 66.66.66.0/24[V] 0 Se1/0 point2point
305 Untagged 10.2.2.0/24[V] 520 Se1/1 point2point
306 Untagged 77.77.77.0/24[V] 520 Se1/1 point2point
2:MPLS VPN PE CE 间动态路由协议+UNTAG 实验
2.1 实验拓扑
2.2 实验需求
a.R1 R2 R3 组成P-NETWORK,底层协议采用OSPF,R1 R2 R3 直连网络及LOOPBACK 0网络宣告进OSPF。
b.R1 R2 R3 启用MPLS,R1 R2 R3 的标签分配取值范围如下:
R1:100 199
R2:200 299
R3:300 399
c.R1 R3 建立位于BGP AS 13 内的IBGP MP-BGP 对等体关系。
d.R1 R3 按拓扑需求创建两个VRF 分别是VRF R47,VRF R56。
e.按拓扑要求在R1 R4 间启用RIPV2,R1 R5 间启用EIGRP,R3 R6间启用OSPF,R3 R7 间启用BGP。
f.要求完成MPLS VPN 的配置,使得R4 R7 可以相互通讯,R5 R6 可以相互通讯。
2.3 实验步骤
步骤1:完成所有CE 设备的配置
步骤2:完成P-NETWORK 的配置
例如:底层协议OSPF
MPLS
MP-BGP
此时完成如上配置后,管理员应该做如下检查:
(1) LDP 的邻接关系是否建立?
show mpls ldp neighbor
(2) MP-BGP的对等体关系是否建立?
show ip bgp v4 all summary
(3) 关注R1 R2 R3 的loopback 0口网络在R1 R2 R3 路由表中的状态
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 31.31.12.1, 00:03:15, Ethernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 31.31.23.3, 00:03:15, Ethernet1/1
步骤3:在PE 设备上创建VRF
R1
Ip vrf R47
Rd 4:7
Route-target 4:7
!
Int s0/0
Ip vrf forward R47
Ip add 31.31.14.1 255.255.255.0
No sh
!
ip vrf R56
rd 5:6
route-target 5:6
!
Int s0/1
Ip vrf forward R56
Ip add 31.31.15.1 255.255.255.0
No sh
R3
Ip vrf R47
Rd 4:7
Route-target 4:7
!
Int s0/1
Ip vrf forward R47
Ip add 31.31.37.3 255.255.255.0
No sh
!
ip vrf R56
rd 5:6
route-target 5:6
!
Int s0/0
Ip vrf forward R56
Ip add 31.31.36.3 255.255.255.0
No sh
步骤4:完成PE上指定路由协议的配置
R1
Router rip
Address-family ipv4 vrf R47
Version 2
No auto-summary
Network 31.0.0.0
Exit
Router eigrp 1
Address-family ipv4 vrf R56
No auto-summary
Autonomous-system 1
Net 31.31.15.1 0.0.0.0
此时管理员应该在R1 上检查VRF R47 与VRF R56的路由表,确认PE 是否已经通过动态路由协议学习到C-NETWORK 的路由信息,现象如下:
R1#show ip route vrf R47 rip
44.0.0.0/24 is subnetted, 1 subnets
R 44.44.44.0[120/1] via 31.31.14.4, 00:00:25, Serial0/0
R1#show ip route vrf R56 eigrp
55.0.0.0/24 is subnetted, 1 subnets
D 55.55.55.0 [90/2297856] via 31.31.15.5, 00:01:16, Serial0/1
R3
Router ospf 2 vrf R56
Router-id 33.33.33.33
Network 31.31.36.3 0.0.0.0 a 0
!
Router bgp 13
Address-family ipv4 vrf R47
Neighbor 31.31.37.7 remote 7
Neighbor 31.31.37.7 activate
此时完成如上配置后,管理员应该确认R3 透过OSPF 学习到R6的C-NETWORK 网络信息,同时R3 也应该透过与R7 的BGP 学习到R7 的C-NETWORK 网络信息,现象如下:
R3#show ip route vrf R56 ospf
Routing Table: R56
66.0.0.0/32 is subnetted, 1 subnets
O 66.66.66.66[110/65] via 31.31.36.6, 00:00:59, Serial0/0
R3#show ip route vrf R47 bgp
77.0.0.0/24 is subnetted, 1 subnets
B 77.77.77.0 [20/0] via 31.31.37.7, 00:00:07
步骤5:完成PE 上IGPS 协议到EGPS协议的双向充分发
R1
Router bgp 13
Address-family ipv4 vrf R47
Redistribute rip
!
Address-family ipv4 vrf R56
Redistribute eigrp 1
!
Router rip
Address-family ipv4 vrf R47
Redistribute bgp 13 metric 1
!
Router eigrp 1
Address-family ipv4 vrf R56
Redistribute bgp 13 metric 10000 100 255 1 1500
R3
Router bgp 13
Address-family ipv4 vrf R56
Redistribute ospf 2
!
Router ospf 2
Redistribute bgp 13 subnets
此时管理员完成如上配置后,应该直接检查CE 设备,查看同一站点不同C-NETWORK 路由是否被交换学习,现象如下:
R4#show ip route rip
77.0.0.0/24 is subnetted, 1 subnets
R 77.77.77.0 [120/1] via 31.31.14.1, 00:00:06, Serial0/0
R7#show ip route bgp
44.0.0.0/24 is subnetted, 1 subnets
B 44.44.44.0 [20/0] via 31.31.37.3, 00:01:25
31.0.0.0/24 is subnetted, 2 subnets
B 31.31.14.0 [20/0] via 31.31.37.3, 00:01:25
R5#show ip route eigrp
66.0.0.0/32 is subnetted, 1 subnets
D EX 66.66.66.66 [170/2195456] via 31.31.15.1, 00:02:04, Serial0/1
31.0.0.0/24 is subnetted, 2 subnets
D EX 31.31.36.0 [170/2195456] via 31.31.15.1, 00:02:04, Serial0/1
R6#show ip route ospf
55.0.0.0/24 is subnetted, 1 subnets
O E2 55.55.55.0 [110/2297856] via 31.31.36.3, 00:02:05, Serial0/0
31.0.0.0/24 is subnetted, 2 subnets
O E2 31.31.15.0 [110/1] via 31.31.36.3, 00:02:05, Serial0/0
步骤6:记得在P-NETWORK 中将参与OSPF 的LOOPBACK 0网络类型进行修改
R1
Interface loopback 0
Ip ospf network point-to-point
R2
Interface loopback 0
Ip ospf network point-to-point
R3
Interface loopback 0
Ip ospf network point-to-point
2.5 校验
(1) 同一站点不同CE 设备PING 对端路由
2.6 思考题:
(1)请问什么时候运行LDP的路由器会给网络分配UNTAG 标签?
当前网络只有本地标签没有可用的远端标签,系统分配UNTAG。
(2) 请问在该试验中UNTAG 会带来什么问题?
!!注意
Bgp的配置技巧
router bgp
bgp router-id
address-family ipv4 unicast //创建BGPV4的对等体关系
neighbor remote
address-family v4 unicast //MP-BGP 对等体关系
neighbor activate
address-family ipv4 multicast //M-BGP
neighbor active
address-family ipv4 vrf //VRF 的BGP
neighbor remote
neighbor activate
3:MPLS VPN RT 设计实验
3.1 实验拓扑
3.3 实验需求
a.R1 R2 R3 组成P-NETWORK,底层协议采用OSPF,R1 R2 R3 直连网络及LOOPBACK 0网络宣告进OSPF。
b.R1 R2 R3 启用MPLS,R1 R2 R3 的标签分配取值范围如下:
R1:100 199
R2:200 299
R3:300 399
c.R1 R2 ,R2 R3 建立位于BGP AS 13 内的IBGP MP-BGP 对等体关系。
d.R1 R3 按拓扑需求创建两个VRF 分别是VRF R47,VRF R56。
e.按拓扑要求在R1 R4 间启用RIPV2,R1 R5 间启用EIGRP,R3 R6间启用OSPF,R3 R7 间启用BGP。
f.要求完成MPLS VPN 的配置,使得R4 R7 可以相互通讯,R5 R6 可以相互通讯。
g.要求R8 创建VRF King_of_Router,并且能够学习到R56 及R47 站点路由,但是不希望R56 和R47 相互学习路由。且R8的88.88.88.0/24网络能PING 通R47 及R56的内网。
3.4 实验步骤
步骤1:完成 R1 R2 R3 的BGP 与MP-BGP 的配置
R1
Router bgp 13
Neighbor 2.2.2.2 remote 13
Nei 2.2.2.2 up lo 0
Ad v u
Nei 2.2.2.2 ac
Exit
R2
Router bgp 13
Neighbor 1.1.1.1 remote 13
Nei 1.1.1.1 up lo 0
Nei 3.3.3.3 remote 13
Nei 3.3.3.3 up lo 0
Ad v u
Nei 1.1.1.1 ac
Nei 3.3.3.3 ac
Exi
R3
Router bgp 13
Bgp router-id 3.3.3.3
Nei 2.2.2.2 remote 13
Nei 2.2.2.2 up lo 0
Ad v u
Nei 2.2.2.2 ac
End
此时管理员完成如上配置,应该在R2上检查是否与R1 R3 建立了MP-BGP 的IBGP-PEER 关系,现象如下:
R2#show ip bgp v4 all summary
BGP router identifier 2.2.2.2, local AS number 13
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 13 10 6 1 0 0 00:02:04 0
3.3.3.3 4 13 9 6 1 0 0 00:02:07 0
此时管理员还应该注意R1 与R3 及R2是否能够学到对端VRF 路由,现象如下:
R1#show ip bgp v4 all
BGP table version is 18, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 31.31.14.0/24 0.0.0.0 0 32768 ?
*> 44.44.44.0/24 31.31.14.4 1 32768 ?
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.15.0/24 0.0.0.0 0 32768 ?
*> 55.55.55.0/24 31.31.15.5 2297856 32768 ?
R3#show ip bgp v4 all
BGP table version is 19, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 77.77.77.0/24 31.31.37.7 0 0 7 i
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.36.0/24 0.0.0.0 0 32768 ?
*> 66.66.66.66/32 31.31.36.6 65 32768 ?
R2#show ip bgp v4 all
R2#
如上现象告诉我们能接收到VPNV4 更新的MP-BGP 设备,如果没有对应的VRF 存在,是忽略这些VPNV4 更新的,而且还证明BGP 的IBGP 水平分割对MP-BGP 也起效。
!!注意
R2
Router bgp 13
no bgp default route-target filter //关闭RT 过滤功能,当前路由器即便不存在特定的VRF 及RT 值,也能接收所有VPNV4 更新条目信息
cle ip bgp * v4 unicast out //该命令式MP-BGP 的软清除命令。
步骤2:为了R1 R3 能够相互交换路由信息,在R2 上配置MP-BGP 的RR
Router bgp 13
Address-family v4 unicast
Neighbor 1.1.1.1 route-reflector-client
Neighbor 3.3.3.3 route-reflector-client
此时,管理员完成如上配置,那么应该到R1 R3 上再次校验MP-BGP VRF 转发表,确认RR已经生效,现象如下:
R1#show ip bgp all
BGP table version is 24, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 31.31.14.0/24 0.0.0.0 0 32768 ?
*> 44.44.44.0/24 31.31.14.4 1 32768 ?
*>i77.77.77.0/24 3.3.3.3 0 100 0 7 i
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.15.0/24 0.0.0.0 0 32768 ?
*>i31.31.36.0/24 3.3.3.3 0 100 0 ?
*> 55.55.55.0/24 31.31.15.5 2297856 32768 ?
*>i66.66.66.66/32 3.3.3.3 65 100 0 ?
R3#show ip bgp v4 all
BGP table version is 27, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*>i31.31.14.0/24 1.1.1.1 0 100 0 ?
*>i44.44.44.0/24 1.1.1.1 1 100 0 ?
*> 77.77.77.0/24 31.31.37.7 0 0 7 i
Route Distinguisher: 5:6 (default for vrf R56)
*>i31.31.15.0/24 1.1.1.1 0 100 0 ?
*> 31.31.36.0/24 0.0.0.0 0 32768 ?
*>i55.55.55.0/24 1.1.1.1 2297856 100 0 ?
*> 66.66.66.66/32 31.31.36.6 65 32768 ?
R2#show ip bgp v4 all
BGP table version is 22, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7
*>i31.31.14.0/24 1.1.1.1 0 100 0 ?
*>i44.44.44.0/24 1.1.1.1 1 100 0 ?
*>i77.77.77.0/24 3.3.3.3 0 100 0 7 i
Route Distinguisher: 5:6
*>i31.31.15.0/24 1.1.1.1 0 100 0 ?
*>i31.31.36.0/24 3.3.3.3 0 100 0 ?
*>i55.55.55.0/24 1.1.1.1 2297856 100 0 ?
*>i66.66.66.66/32 3.3.3.3 65 100 0 ?
步骤3:在R2 上完成VRF 的创建
R2
Ip vrf King_of_Routing
Rd 184:184
Route-target import 4:7
Route-target import 5:6
Route-target export 4:7
Route-target export 5:6
Exi
Int e1/2
Ip vrf forward King_of_Routing
Ip add 31.31.28.2 255.255.255.0
步骤4:在R2 与R8上创建RIPV2 用于交换路由更新
R2
Router rip
Address-family ipv4 vrf King_of_Routing
No auto-summary
Network 31.0.0.0
Redistribute bgp 13 metric 1
!
Router bgp 13
Address-family ipv4 vrf King_of_Routing
Redistribute rip
R8
Int e1/2
Ip add 31.31.28.8 255.255.255.0
No sh
!
Int lo 0
Ip add 88.88.88.88 255.255.255.0
No sh
!
Router rip
Ver 2
No auto
Net 31.0.0.0
Net 88.0.0.0
3.4 校验:
(1)在R2上检查MP-BGP VRF 转发表
R2#show ip bgp v4 all
BGP table version is 29, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7
*>i31.31.14.0/24 1.1.1.1 0 100 0 ?
*>i44.44.44.0/24 1.1.1.1 1 100 0 ?
*>i77.77.77.0/24 3.3.3.3 0 100 0 7 i
Route Distinguisher: 5:6
*>i31.31.15.0/24 1.1.1.1 0 100 0 ?
*>i31.31.36.0/24 3.3.3.3 0 100 0 ?
*>i55.55.55.0/24 1.1.1.1 2297856 100 0 ?
*>i66.66.66.66/32 3.3.3.3 65 100 0 ?
Route Distinguisher: 184:184 (default for vrf King_of_Routing)
*>i31.31.14.0/24 1.1.1.1 0 100 0 ?
*>i31.31.15.0/24 1.1.1.1 0 100 0 ?
*>i31.31.36.0/24 3.3.3.3 0 100 0 ?
*>i44.44.44.0/24 1.1.1.1 1 100 0 ?
*>i55.55.55.0/24 1.1.1.1 2297856 100 0 ?
*>i66.66.66.66/32 3.3.3.3 65 100 0 ?
*>i77.77.77.0/24 3.3.3.3 0 100 0 7 i
*>88.88.88.0/24 0.0.0.0 0 100 0 i
R2#
(3) 在 R1 R3 上查看MP-BGP VPNV4 转发表
R1#show ip bgp v4 all
BGP table version is 30, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 31.31.14.0/24 0.0.0.0 0 32768 ?
*>i31.31.28.0/24 2.2.2.2 0 100 0 ?
*> 44.44.44.0/24 31.31.14.4 1 32768 ?
*>i77.77.77.0/24 3.3.3.3 0 100 0 7 i
*>i88.88.88.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.15.0/24 0.0.0.0 0 32768 ?
*>i31.31.28.0/24 2.2.2.2 0 100 0 ?
*>i31.31.36.0/24 3.3.3.3 0 100 0 ?
*> 55.55.55.0/24 31.31.15.5 2297856 32768 ?
*>i66.66.66.66/32 3.3.3.3 65 100 0 ?
*>i88.88.88.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 184:184
*>i31.31.28.0/24 2.2.2.2 0 100 0 ?
*>i88.88.88.0/24 2.2.2.2 0 100 0 ?
R3#show ip bgp v4 all
BGP table version is 33, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*>i31.31.14.0/24 1.1.1.1 0 100 0 ?
*>i31.31.28.0/24 2.2.2.2 0 100 0 ?
*>i44.44.44.0/24 1.1.1.1 1 100 0 ?
*> 77.77.77.0/24 31.31.37.7 0 0 7 i
*>i88.88.88.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 5:6 (default for vrf R56)
*>i31.31.15.0/24 1.1.1.1 0 100 0 ?
*>i31.31.28.0/24 2.2.2.2 0 100 0 ?
*> 31.31.36.0/24 0.0.0.0 0 32768 ?
*>i55.55.55.0/24 1.1.1.1 2297856 100 0 ?
*> 66.66.66.66/32 31.31.36.6 65 32768 ?
*>i88.88.88.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 184:184
*>i31.31.28.0/24 2.2.2.2 0 100 0 ?
*>i88.88.88.0/24 2.2.2.2 0 100 0 ?
3.5 思考题
(1)什么时候VRF 才把RT EXPORT 值打入VPNV4 更新?
只有当前PE设备从CE 设备学习路由时。
4:MPLS VPN 中VRF IMPORT MAP 实验
4.1 实验拓扑
4.2 实验需求
a.R1 R2 启用EIGRP 当做底层协议,R1 R2 将本地直连网络及LOOPBACK 0网络宣告进EIGRP。
b.R1 R2 直连网络启用MPLS,标签分配范围如下:
R1 100 199
R2 200 299
c.R1 R2 上创建VRF CCCIE,RD 为1:3 、RT 为1:3
d.R2 作为PE 设备与R3 启用RIP,共享C-NETWORK 路由信息
e.最终要求在R1 的VRF CCIE 中,值看到3.3.3.0/24 网络
4.3 实验步骤
步骤1:基础配置
例如:底层协议
MPLS
MP-BGP
VRF
PE-CE 间路由协议及PE上的IGPS 和MP-BGP 的相互充分发
此时管理员完成如上配置,应该在R1 上利用”show ip bgp v4 all”命令确认R1VRF 表中所学习的路由,现象如下:
R1#show ip bgp v al
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:3 (default for vrf R13)
*>i3.3.3.0/24 2.2.2.2 1 100 0 ?
*>i31.31.23.0/24 2.2.2.2 0 100 0 ?
*>i33.33.33.0/24 2.2.2.2 1 100 0 ?
R1#show ip route vrf R13 bgp
R1#show ip route vrf R13 bgp
3.0.0.0/24 is subnetted, 1 subnets
B 3.3.3.0 [200/1] via 2.2.2.2, 00:02:45
B 33.33.33.0[200/1]via 2.2.2.2,00:02:45
B 31.31.23.0[200/1]via 2.2.2.2,00:02:45
步骤2:在R1 上配置import-map使得R1 VRF 表中只装在3.3.3.0 网络信息
Access-list 1 permit 3.3.3.0 0.0.0.255 //利用该ACL 匹配出ROUTE-MAP 所关心的网络
!
Route-map IM permit 10 //创建名为IM 的ROUTE-MAP,第10个策略对ACL 1 匹配的网络进行放行
Match ip address 1
Exi
!
Ip vrf R13
Import map IM //在VRF 下套用IMPORT-MAP,阻止来自远端PE的路由进入IGP VRF 表
4.4 校验
(1) 在R1 上查看3.3.3.0 与33.33.33.0 在BGP 转发表中的区别
R1#show ip bgp v4 all 3.3.3.0 //查看MP-BGP 转发表中特定条目信息
BGP routing table entry for 1:3:3.3.3.0/24, version 5
Paths: (1 available, best #1, table R13)//含义是可以进入IGP VRF R13
Not advertised to any peer
Local
2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 1, localpref 100, valid, internal, best
Extended Community: RT:1:3
mpls labels in/out nolabel/205
R1#show ip bgp v4 all 33.33.33.0
BGP routing table entry for 1:3:33.33.33.0/24, version 9
Paths: (1 available, best #1, no table)//不能被注入任何IGP VRF 表
Flag: 0x800
Not advertised to any peer
Local
2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 1, localpref 100, valid, internal, best
Extended Community: RT:1:3
mpls labels in/out nolabel/204
(2)查看R1 IGP VRF 表,确认是否只学习了3.3.3.0
R1#show ip route vrf R13 bgp
3.0.0.0/24 is subnetted, 1 subnets
B 3.3.3.0 [200/1] via 2.2.2.2, 00:02:45
4.5 思考题
(1)请解释export map的作用?
export map 和import map 的最大不同在于:
export map 可以完成路由泄露,比如当前站点VRF 的export rt value 为1:1,但是我们现在希望特定的路由变成VPNV4 更新被发送时,携带export rt value 2:2的信息,那么我们就可以利用acl匹配该网络,并且用ROUTE-MAP 对该ACL 匹配的网络做set extended rt 2:2 ,这样该路由就可以被远端import rt 为2:2的VRF 学习,达到了路由泄露的目的,但是这里如果不利用 additive 关键字,会导致该路由只携带一个RT值,会影响路由的学习。