OSPF shame-link原理与配置
存在以下这样一种场景:
现存在五台路由器:R1、R2、R3、R4、R5。
R1、R2、R3、R4所在的黑色区域为OSPF的area0区域,R1和R4之间的红色区域为MPLS-BGP-VPN区域。为了简化描述,我将红色区域称为上区域,黑色区域称为下区域。
【一、情景描述】
如果要想走上区域让R1与R4互通,因为两台路由器中间运行的不是OSPF,那么按照常理LSA应该是五类的。但是结果并不是预想的那样,此时两端是以三类LSA进行“沟通”的。
具体原因是:
在此情况,即MPLS-BGP-VPN与OSPF共存的情况下,OSPF会存在域ID,这时要是MPLS-BGP-VPN与OSPF两端相交的两台路由器的域ID相同,那么将会是三类LSA(O IA)。如果想改为五类LSA(O IE),可以选择修改域ID。使得两端域ID不同即可。
在这种情况下,一端的area 0区域的路由信息经过中间的MPLS-BGP-VPN区域以三类LSA到达另一个area0区域,说明中间的区域要比两端的area0更高级,更"area 0",故中间的这种区域就被称之为“超级骨干域”。
假设就是在以上的场景下企业有这样的需求:上区域的R1与R4之间是MPLS专线,下区域的R2与R3之间是专线,让R1、R4之间互通走上区域,而不是走下区域。
这时,上区域内是三类LSA,下区域,即OSPF area 0区域内是一类LSA
根据: O>O IA>O IE
这时R1、R4之间通信只会走下区域,即OSPF区域,而不会走MPLS-BGP-VPN。
-
这时可能会有人说:那改个cost值不就行了。
但是O>O IA>O IE是雷打不动的定律,大于一切策略,修改cost值压根不会修改原来的走法。
这时,
为了满足这样的要求,OSPF就出现了shame-link这样一种解决方法:将三类LSA转变为一类LSA。
但是
三类LSA是路由,一类LSA是拓扑,怎么能将三类LSA转变为一类LSA呢?
在这里,shame-link就挺像虚链路,将两边的两台路由器进行建邻,将shame-link宣告到area 0中,这相当于将上面两边的area 0进行了“缝合”,变成了一个area 0。只是虚链路所在的区域是OSPF内,shame-link是OSPF外
这样,上区域和下区域都是area 0了,就可以通过修改cost值进行选路干涉了
【二、配置】
1.铺设MPLS-BGP-VPN,底层动态路由协议为eigrp
以R1为例:
router bgp 100
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
neighbor 10.4.4.4 remote-as 100
neighbor 10.4.4.4 update-source Loopback0
address-family v4
neighbor 10.4.4.4 activate
2.在R1、R4、R5所有所处在MPLS-BGP-VPN中的接口进行MPLS配置
以R1为例:
interface e0/1
mpls ip
3.R1、R4设置VRF
以R1为例:
ip vrf shame
rd 1:1
route-target both 1:1 //R1、R4设置rt值一样
4.R1、R4的e0/0划入VRF中
以R1为例:
interface e0/0
ip vrf forwarding shame
5.R1、R2、R3、R4之间运行OSPF协议
以R1为例:
router ospf 1 vrf shame
router-id 1.1.1.1
network 10.1.12.0 0.0.0.255 area 0
以R2为例:
router ospf 1
router-id 2.2.2.2
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
network 10.2.2.2 0.0.0.0 area 0
6.R1、R4上进行OSPF和MPLS-BGP-VPN双向双点重发布
以R1为例:
router ospf 1
redistribute bgp 100 subnets
router bgp 100
address-family ipv4 vrf shame
redistribute ospf 1
在此拓扑图中,因为下区域为一类LSA,上区域为三类LSA,故天生R2到R3会走下面,为了展现出经过MPLS-BGP-VPN区域修改域ID,三类LSA变为五类LSA,故在此我将R2的e0/1以及R3的e0/0接口shutdown,来观察R2,R3的路由表,如下
R2:
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.2/32 is directly connected, Ethernet0/0
O IA 10.1.34.0/24 [110/11] via 10.1.12.1, 00:00:21, Ethernet0/0
C 10.2.2.2/32 is directly connected, Loopback0
O IA 10.3.3.3/32 [110/21] via 10.1.12.1, 00:00:21, Ethernet0/0
R3:
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA 10.1.12.0/24 [110/11] via 10.1.34.4, 00:00:37, Ethernet0/1
C 10.1.34.0/24 is directly connected, Ethernet0/1
L 10.1.34.3/32 is directly connected, Ethernet0/1
O IA 10.2.2.2/32 [110/21] via 10.1.34.4, 00:00:37, Ethernet0/1
C 10.3.3.3/32 is directly connected, Loopback0
在将R1的域ID设置为2,如下
R1:
router ospf 1
domian-id 0.0.0.2
即两边的域ID不同时,再观察R2、R3的路由表,如下
R2:
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.2/32 is directly connected, Ethernet0/0
O E2 10.1.34.0/24 [110/1] via 10.1.12.1, 00:00:04, Ethernet0/0
C 10.2.2.2/32 is directly connected, Loopback0
O E2 10.3.3.3/32 [110/11] via 10.1.12.1, 00:00:04, Ethernet0/0
R3:
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O E2 10.1.12.0/24 [110/1] via 10.1.34.4, 00:03:05, Ethernet0/1
C 10.1.34.0/24 is directly connected, Ethernet0/1
L 10.1.34.3/32 is directly connected, Ethernet0/1
O E2 10.2.2.2/32 [110/11] via 10.1.34.4, 00:03:05, Ethernet0/1
C 10.3.3.3/32 is directly connected, Loopback0
即三类LSA转变为五类LSA,验证了域ID的不同会影响产生的LSA
验证完毕将R2的e0/1以及R3的e0/0接口no shutdown,将R1的域ID改为原来的1
7.设置shame-link
1.) 分别在R1、R4上启用新的环回接口
R1
interface lookback 99
ip address 10.99.1.1 255.255.255.255
R4
interface lookback 99
ip address 10.99.4.4 255.255.255.255
2.) 将R1、R4的环回接口划入到VRF中
R1
interface lookback 99
ip vrf forwarding shame
ip address 10.99.1.1 255.255.255.255
R4
interface lookback 99
ip vrf forwarding shame
ip address 10.99.4.4 255.255.255.255
3.) 将R1、R4接口路由通告进入MPLS-BGP-VRF中
R1
router bgp 100
address-family ipv4 vrf shame
network 10.99.1.1 mask 255.255.255.255
R4
router bgp 100
address-family ipv4 vrf shame
network 10.99.4.4 mask 255.255.255.255
4.) 在两端启用shame-link通告进入0区域
R1
router ospf 1
area 0 shame-link 10.99.1.1 10.99.4.4
R4
router ospf 1
area 0 shame-link 10.99.4,4 10.99.1.1
这时shame-link就配置好了
这是原来R2的路由表
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.2/32 is directly connected, Ethernet0/0
O IA 10.1.34.0/24 [110/11] via 10.1.12.1, 00:08:50, Ethernet0/0
C 10.2.2.2/32 is directly connected, Loopback0
O IA 10.3.3.3/32 [110/21] via 10.1.12.1, 00:08:50, Ethernet0/0
O E2 10.99.1.1/32 [110/1] via 10.1.12.1, 00:04:38, Ethernet0/0
O E2 10.99.4.4/32 [110/1] via 10.1.12.1, 00:03:26, Ethernet0/0
这是R2设置完shame-link的路由表
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.2/32 is directly connected, Ethernet0/0
O 10.1.34.0/24 [110/21] via 10.1.12.1, 00:00:18, Ethernet0/0
C 10.2.2.2/32 is directly connected, Loopback0
O 10.3.3.3/32 [110/22] via 10.1.12.1, 00:00:18, Ethernet0/0
O E2 10.99.1.1/32 [110/1] via 10.1.12.1, 00:06:58, Ethernet0/0
O E2 10.99.4.4/32 [110/1] via 10.1.12.1, 00:05:46, Ethernet0/0
发现最终三类LSA的路由变成了一类LSA的路由,由带O IA的变成了带O的,满足了我们最初的期望
这时,上区域和下区域都变为了area 0,这样就可以进行修改cost来进行干涉选路
在R1上的VRF路由表中,到达R3的10.3.3.3/32走的是上区域,这时我想让它走下区域,经过OSPF选路规则,优选沿途cost值之和最小的路,其中,计算cost值不加自己出接口和目的接口的cost。
查看各个接口的cost值
R1:
r1#show ip ospf inter brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
SL0 1 0 0.0.0.0/0 1 P2P 1/1
Et0/0 1 0 10.1.12.1/24 10 BDR 1/1
R2:
r2#show ip ospf inter brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.2.2.2/32 1 LOOP 0/0
Et0/1 1 0 10.1.23.2/24 10 DOWN 0/0
Et0/0 1 0 10.1.12.2/24 10 DR 1/1
R3:
r3#show ip ospf inter brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.3.3.3/32 1 LOOP 0/0
Et0/1 1 0 10.1.34.3/24 10 BDR 1/1
Et0/0 1 0 10.1.23.3/24 10 DOWN 0/0
R4:
r4#show ip ospf inter brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
SL0 1 0 0.0.0.0/0 1 P2P 1/1
Et0/0 1 0 10.1.34.4/24 10 DR 1/1
经过计算,R1到R3的10.3.3.3/32走下区域的cost值为20,这样将上区域shame-link的coat值修改为10,加上沿途剩余的cost正好等于下区域的cost之和,就可以实现负载分担,如下表
R1:
area 0 sham-link 10.99.1.1 10.99.4.4 cost 10
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.1/32 is directly connected, Ethernet0/0
O 10.1.23.0/24 [110/20] via 10.1.12.2, 00:10:12, Ethernet0/0
O 10.1.34.0/24 [110/20] via 10.4.4.4, 00:00:13
O 10.2.2.2/32 [110/11] via 10.1.12.2, 00:10:55, Ethernet0/0
O 10.3.3.3/32 [110/21] via 10.1.12.2, 00:00:13, Ethernet0/0
[110/21] via 10.4.4.4, 00:00:13
C 10.99.1.1/32 is directly connected, Loopback99
B 10.99.4.4/32 [200/0] via 10.4.4.4, 00:02:53
R2:
area 0 sham-link 10.99.4.4 10.99.1.1 cost 10
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O 10.1.12.0/24 [110/20] via 10.1.1.1, 00:09:37
O 10.1.23.0/24 [110/20] via 10.1.34.3, 00:19:26, Ethernet0/0
C 10.1.34.0/24 is directly connected, Ethernet0/0
L 10.1.34.4/32 is directly connected, Ethernet0/0
O 10.2.2.2/32 [110/21] via 10.1.34.3, 00:09:37, Ethernet0/0
[110/21] via 10.1.1.1, 00:09:37
O 10.3.3.3/32 [110/11] via 10.1.34.3, 00:19:26, Ethernet0/0
B 10.99.1.1/32 [200/0] via 10.1.1.1, 00:13:18
C 10.99.4.4/32 is directly connected, Loopback99
这样就实现了shame-link的负载均衡
注意:
sham-link—是在ospf中创建的,所以建立双方的路由必须可达,因为其传递的是v4路由,所以双方建立的地址必须通告进ospf的v4路由中(opsf vrf a中)
所以上面把环回接口先关联到vrf空间中,再宣告到bgp的v4中,因为有双向重发布,所以其路由会发布到ospf的v4中-----一定不能这样:关联到vrf空间后,直接宣告到ospf的v4中,这样会出现问题,只能通过BGP的v4宣告
注:----环回地址配置为 24位,sham-link是down
32 sham-link是up
【三、show running config】
R1
ip vrf shame
rd 1:2
route-target export 1:1
route-target import 1:1
interface Loopback0
ip address 10.1.1.1 255.255.255.255
interface Loopback 99
ip vrf forwarding shame
ip address 10.99.1.1 255.255.255.255
interface Ethernet0/0
ip vrf forwarding shame
ip address 10.1.12.1 255.255.255.0
interface Ethernet0/1
ip address 10.1.15.1 255.255.255.0
mpls ip
router eigrp 90
network 10.1.1.1 0.0.0.0
network 10.1.15.0 0.0.0.255
router ospf 1 vrf shame
router-id 1.1.1.1
area 0 sham-link 10.99.1.1 10.99.4.4 cost 10
redistribute bgp 100 subnets
network 10.1.12.0 0.0.0.255 area 0
router bgp 100
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
neighbor 10.4.4.4 remote-as 100
neighbor 10.4.4.4 update-source Loopback0
address-family ipv4
neighbor 10.4.4.4 activate
address-family v4
neighbor 10.4.4.4 activate
neighbor 10.4.4.4 send-community both
address-family ipv4 vrf shame
network 10.99.1.1 mask 255.255.255.255
redistribute ospf 1
R2
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface Ethernet0/0
ip address 10.1.12.2 255.255.255.0
interface Ethernet0/1
ip address 10.1.23.2 255.255.255.0
router ospf 1
router-id 2.2.2.2
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
network 10.2.2.2 0.0.0.0 area 0
R3
interface Loopback0
ip address 10.3.3.3 255.255.255.255
interface Ethernet0/0
ip address 10.1.23.3 255.255.255.0
interface Ethernet0/1
ip address 10.1.34.3 255.255.255.0
router ospf 1
router-id 3.3.3.3
network 10.1.23.0 0.0.0.255 area 0
network 10.1.34.0 0.0.0.255 area 0
network 10.3.3.3 0.0.0.0 area 0
R4
ip vrf shame
rd 3:4
route-target export 1:1
route-target import 1:1
interface Loopback0
ip address 10.4.4.4 255.255.255.255
interface Loopback99
ip vrf forwarding shame
ip address 10.99.4.4 255.255.255.255
interface Ethernet0/0
ip vrf forwarding shame
ip address 10.1.34.4 255.255.255.0
interface Ethernet0/1
ip address 10.1.45.4 255.255.255.0
mpls ip
router eigrp 90
network 10.1.45.0 0.0.0.255
network 10.4.4.4 0.0.0.0
router ospf 1 vrf shame
router-id 4.4.4.4
area 0 sham-link 10.99.4.4 10.99.1.1 cost 10
redistribute bgp 100 subnets
network 10.1.34.0 0.0.0.255 area 0
router bgp 100
bgp router-id 4.4.4.4
no bgp default ipv4-unicast
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 update-source Loopback0
address-family ipv4
neighbor 10.1.1.1 activate
address-family v4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community both
address-family ipv4 vrf shame
network 10.99.4.4 mask 255.255.255.255
redistribute ospf 1
R5
interface Loopback0
ip address 10.5.5.5 255.255.255.255
interface Ethernet0/0
ip address 10.1.15.5 255.255.255.0
mpls ip
interface Ethernet0/1
ip address 10.1.45.5 255.255.255.0
mpls ip
router eigrp 90
network 10.1.15.0 0.0.0.255
network 10.1.45.0 0.0.0.255
network 10.5.5.5 0.0.0.0