华为HCIEv3.0考试实战跨域MPLS 解决方案-HCIE认证培训讲师安德
因网站发布限制,联系客服可获取完整文档 点击获取
域间MPLS VPN即数据流跨多AS进行互访。其中OptionC方案具备最好的扩展性。OptionC需要在PE/RR之间直接建立LSP隧道,那么这必然使得PE/RR需要学习到对端PE/RR的环回接口的路由和标签,需要2种方法去解决:BGP去分发标签;LDP去分发标签,这其实就是OptionC的2种解决方案。
在解决方案1中,在ASBR的位置会运行BGP去来分发IPv4单播路由的标签,使得到达对端PE/RR的标签连续。所以在PE发送数据时会携带3层标签:1)最内层是远端PE的BGP协议自动为VPN路由分配的标签;2)中间层标签是本ASBR的BGP为远端的PE/RR的更新源分配的BGP LSP;3)最外层标签是AS内部的LDP为IGP路由分配的标签
跨域VPN-OptionC的应用场景中,存在以下两种特殊的标签操作类型:Swappush:先将数据报文的内层标签交换,再压入另一个隧道的标签;Popgo:先将数据报文的内层标签弹出,再压入另一个隧道的标签。
在本案例中,步骤1到步骤5实现了MPLS VPN跨域MPLS VPN OptionC的控制层面,即路由更新,在后续步骤中讨论了数据转发层面,即标签转发。
BGP邻居关系以及路由更新参考下图
IGP作为底层协议在本例的两个AS使用了OSPF
以R3为例,基本OSPF实施如下,其他设备请自行实施,注意不要把ASBR之间的接口实施OSPF
ospf 1
area 0.0.0.0
interface GigabitEthernet0/0/1
ip address 10.1.23.3 255.255.255.0
ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/2
ip address 10.1.13.3 255.255.255.0
ospf enable 1 area 0.0.0.0
验证OSPF邻居和路由
[R3]display ospf peer brief
OSPF Process 1 with Router ID 10.1.34.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 10.1.12.2 Full
0.0.0.0 GigabitEthernet0/0/2 10.1.12.1 Full
----------------------------------------------------------------------------
[R3]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 3 Routes : 4
OSPF routing table status : <Active>
Destinations : 3 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.12.0/24 OSPF 10 2 D 10.1.23.2 GigabitEthernet0/0/1
OSPF 10 2 D 10.1.13.1 GigabitEthernet0/0/2
11.1.1.1/32 OSPF 10 1 D 10.1.13.1 GigabitEthernet0/0/2
22.1.1.1/32 OSPF 10 1 D 10.1.23.2 GigabitEthernet0/0/1
查看AS200内的OSPF路由
<R4>display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 3 Routes : 4
OSPF routing table status : <Active>
Destinations : 3 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.56.0/24 OSPF 10 2 D 10.1.45.5 GigabitEthernet0/0/1
OSPF 10 2 D 10.1.46.6 GigabitEthernet0/0/2
55.1.1.1/32 OSPF 10 1 D 10.1.45.5 GigabitEthernet0/0/1
66.1.1.1/32 OSPF 10 1 D 10.1.46.6 GigabitEthernet0/0/2
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
以R4为例
mpls lsr-id 44.1.1.1
mpls
mpls ldp
AS内部设备互联接口配置MPLS和LDP
interface GigabitEthernet0/0/1
ip address 10.1.45.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 10.1.46.4 255.255.255.0
ospf enable 1 area 0.0.0.0
mpls
mpls ldp
验证AS内部的LDP会话以及LSP
<R4>display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
55.1.1.1:0 Operational DU Passive 0000:01:03 254/254
66.1.1.1:0 Operational DU Passive 0000:01:03 254/254
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found
<R4>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
44.1.1.1/32 3/NULL -/-
55.1.1.1/32 NULL/3 -/GE0/0/1
55.1.1.1/32 1024/3 -/GE0/0/1
66.1.1.1/32 NULL/3 -/GE0/0/2
66.1.1.1/32 1025/3 -/GE0/0/2
AS100内的LDP的LSP
<R3>display mpls lsp protocol ldp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
33.1.1.1/32 3/NULL -/-
11.1.1.1/32 NULL/3 -/GE0/0/2
11.1.1.1/32 1024/3 -/GE0/0/2
22.1.1.1/32 NULL/3 -/GE0/0/1
22.1.1.1/32 1025/3 -/GE0/0/1
测试PE之间的LDP的LSP,请在所有PE测试
<R1>ping lsp ip 33.1.1.1 32
LSP PING FEC: IPV4 PREFIX 33.1.1.1/32/ : 100 data bytes, press CTRL_C to break
Reply from 33.1.1.1: bytes=100 Sequence=1 time=20 ms
Reply from 33.1.1.1: bytes=100 Sequence=2 time=30 ms
<R3>ping lsp ip 11.1.1.1 32
LSP PING FEC: IPV4 PREFIX 11.1.1.1/32/ : 100 data bytes, press CTRL_C to break
Reply from 11.1.1.1: bytes=100 Sequence=1 time=20 ms
Reply from 11.1.1.1: bytes=100 Sequence=2 time=20 ms
<R4>ping lsp ip 66.1.1.1 32
LSP PING FEC: IPV4 PREFIX 66.1.1.1/32/ : 100 data bytes, press CTRL_C to break
Reply from 66.1.1.1: bytes=100 Sequence=1 time=20 ms
Reply from 66.1.1.1: bytes=100 Sequence=2 time=10 ms
<R6>ping lsp ip 44.1.1.1 32
LSP PING FEC: IPV4 PREFIX 44.1.1.1/32/ : 100 data bytes, press CTRL_C to break
Reply from 44.1.1.1: bytes=100 Sequence=1 time=10 ms
请读者自行完成CE的OSPF实施
R1:
ip vpn-instance QYT
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
ospf 2 vpn-instance QYT
import-route bgp
area 0.0.0.0
interface GigabitEthernet0/0/1
ip binding vpn-instance QYT
ip address 10.1.17.1 255.255.255.0
ospf enable 2 area 0.0.0.0
[R1]bgp 100
[R1-bgp]ipv4 vpn-instance QYT
[R1-bgp-QYT]import-route ospf 2
验证从CE侧得到的VPNv4路由
[R1-bgp]display bgp vpnv4 all rou
BGP Local router ID is 10.1.12.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
VPN-Instance QYT, Router ID 10.1.12.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
R6的配置
ip vpn-instance QYT
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
ospf 2 vpn-instance QYT
import-route bgp
area 0.0.0.0
interface GigabitEthernet0/0/1
ip binding vpn-instance QYT
ip address 10.1.68.6 255.255.255.0
ospf enable 2 area 0.0.0.0
[R6]bgp 200
[R6-bgp]ipv4 vpn-instance QYT
[R6-bgp-QYT]import-route ospf 2
验证从CE得到的VPNv4路由
<R6>display bgp vpnv4 all routing-table
BGP Local router ID is 10.1.56.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.68.0/24 0.0.0.0 0 0 ?
*> 88.1.1.1/32 0.0.0.0 2 0 ?
VPN-Instance QYT, Router ID 10.1.56.6:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.68.0/24 0.0.0.0 0 0 ?
*> 88.1.1.1/32 0.0.0.0 2 0 ?
R5:
bgp 200
peer 66.1.1.1 as-number 200
peer 66.1.1.1 connect-interface LoopBack0
#
ipv4-family vpnv4
undo policy vpn-target //关闭RT过滤策略,使得RR可以收取所有的VPNv4路由
peer 66.1.1.1 enable
peer 66.1.1.1 reflect-client //指定R6为RR的客户端
R6:
bgp 200
peer 55.1.1.1 as-number 200
peer 55.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 55.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 55.1.1.1 enable
验证邻居状态
[R6]display bgp vpnv4 all peer
BGP local router ID : 10.1.56.6
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
55.1.1.1 4 200 5 6 0 00:02:56 Established 0
<R5-RR>display bgp vpnv4 all routing-table //R5得到了R6更新来的VPNv4路由
BGP Local router ID is 10.1.56.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.68.0/24 66.1.1.1 0 100 0 ?
*>i 88.1.1.1/32 66.1.1.1 2 100 0 ?
R2的配置
bgp 100
peer 11.1.1.1 as-number 100
peer 11.1.1.1 connect-interface LoopBack0
#
ipv4-family vpnv4
undo policy vpn-target
peer 11.1.1.1 enable
peer 11.1.1.1 reflect-client
bgp 100
peer 22.1.1.1 as-number 100
peer 22.1.1.1 connect-interface LoopBack0
#
ipv4-family vpnv4
policy vpn-target
peer 22.1.1.1 enable
验证RR和客户端设备的邻居关系
<R2-RR>display bgp vpnv4 all peer
BGP local router ID : 10.1.12.2
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
11.1.1.1 4 100 7 7 0 00:05:40 Established 1
<R2-RR>display bgp vpnv4 all routing-table
BGP Local router ID is 10.1.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 0 100 0 ?
*>i 77.1.1.1/32 11.1.1.1 2 100 0 ?
为了使得R2和R5的更新源可达,需要在R2和R3,R5和R4以及R3和R4之间完成IPv4单播的BGP邻居,然后在BGP中产生R2和R5的更新源的路由
[R2-RR]bgp 100
[R2-RR-bgp]peer 33.1.1.1 as-number 100
[R2-RR-bgp]peer 33.1.1.1 connect-interface lo0
!
[R3]bgp 100
[R3-bgp]peer 22.1.1.1 as 100
[R3-bgp]peer 22.1.1.1 connect-interface lo0
[R3-bgp]peer 22.1.1.1 next-hop-local
[R3-bgp]peer 10.1.34.4 as 200
[R3-bgp]network 22.1.1.1 32
!
[R4]bgp 200
[R4-bgp]peer
[R4-bgp]peer 55.1.1.1 as 200
[R4-bgp]peer 55.1.1.1 con lo0
[R4-bgp]peer 55.1.1.1 next-hop-local
[R4-bgp]peer 10.1.34.3 as-number 100
[R4-bgp]network 55.1.1.1 32
!
[R5-RR]bgp 200
[R5-RR-bgp]peer 44.1.1.1 as-number 200
[R5-RR-bgp]peer 44.1.1.1 connect-interface lo0
测试R2的更新源和R5的更新源的路由与连接性
[R2-RR-bgp]dis bgp routing-table
BGP Local router ID is 10.1.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 22.1.1.1/32 33.1.1.1 1 100 0 i
*>i 55.1.1.1/32 33.1.1.1 1 100 0 200i
[R5-RR]display bgp routing-table
BGP Local router ID is 10.1.56.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 22.1.1.1/32 44.1.1.1 1 100 0 100i
*>i 55.1.1.1/32 44.1.1.1 1 100 0 i
[R2-RR-bgp]ping -a 22.1.1.1 55.1.1.1
PING 55.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 55.1.1.1: bytes=56 Sequence=1 ttl=253 time=50 ms
Reply from 55.1.1.1: bytes=56 Sequence=2 ttl=253 time=30 ms
在完成RR之间更新源的连接性之后,在RR之间完成eBGP的多跳的VPNv4邻居关系
[R2-RR-bgp]peer 55.1.1.1 as 200
[R2-RR-bgp]peer 55.1.1.1 con lo0
[R2-RR-bgp]peer 55.1.1.1 ebgp-max-hop 4
[R2-RR-bgp-af-vpnv4]peer 55.1.1.1 enable
!
[R5-RR-bgp]peer 22.1.1.1 as 100
[R5-RR-bgp]peer 22.1.1.1 con lo0
[R5-RR-bgp]peer 22.1.1.1 ebgp 4
[R5-RR-bgp]ipv4 vpnv4
[R5-RR-bgp-af-vpnv4]peer 22.1.1.1 enable
验证RR上VPNv4的邻居关系和路由情况
[R5-RR]display bgp vpnv4 all routing-table //路由反射器从对端eBGP邻居得到VPNv4的路由
BGP Local router ID is 10.1.56.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 22.1.1.1 0 100?
*>i 10.1.68.0/24 66.1.1.1 0 100 0 ?
*> 77.1.1.1/32 22.1.1.1 0 100?
*>i 88.1.1.1/32 66.1.1.1 2 100 0 ?
[R2-RR-bgp-af-vpnv4]dis bgp vpnv4 all rou
BGP Local router ID is 10.1.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 0 100 0 ?
*> 10.1.68.0/24 55.1.1.1 0 200?
*>i 77.1.1.1/32 11.1.1.1 2 100 0 ?
*> 88.1.1.1/32 55.1.1.1 0 200?
RR会把路由更新给PE设备,所以PE(R1和R6)设备会得到对端AS的客户站点的路由
<R1>dis bgp vpnv4 all routing-table
BGP Local router ID is 10.1.12.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
*>i 88.1.1.1/32 22.1.1.1 100 0 200?
VPN-Instance QYT, Router ID 10.1.12.1:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
*>i 88.1.1.1/32 22.1.1.1 100 0 200?
<R6>display bgp vpnv4 all routing-table
BGP Local router ID is 10.1.56.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 55.1.1.1 100 0 100?
*> 10.1.68.0/24 0.0.0.0 0 0 ?
*>i 77.1.1.1/32 55.1.1.1 100 0 100?
*> 88.1.1.1/32 0.0.0.0 2 0 ?
VPN-Instance QYT, Router ID 10.1.56.6:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 55.1.1.1 100 0 100?
*> 10.1.68.0/24 0.0.0.0 0 0 ?
*>i 77.1.1.1/32 55.1.1.1 100 0 100?
*> 88.1.1.1/32 0.0.0.0 2 0 ?
之前的配置已经在PE上把BGP引入到了OSPF协议,所以此时客户站点设备R7和R8也会得到远端站点的路由
<R7>dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.68.0/24 O_ASE 150 1 D 10.1.17.1 GigabitEthernet0/0/1
88.1.1.1/32 OSPF 10 2 D 10.1.17.1 GigabitEthernet0/0/1
<R8>display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.17.0/24 O_ASE 150 1 D 10.1.68.6 GigabitEthernet0/0/1
77.1.1.1/32 OSPF 10 2 D 10.1.68.6 GigabitEthernet0/0/1
到此控制层面基本完成实施。
ASBRs之间,ASBR和RR之间(正常情况下ASBR和PE开启该能力即可,本例有了RR之后增加了备份路径,同时本例ASBR和PE没有邻居关系,)开启标签IPv4路由能力
[R1-bgp-af-ipv4]peer 22.1.1.1 label-route-capability
[R2-RR-bgp-af-ipv4]peer 11.1.1.1 label-route-capability
[R2-RR-bgp-af-ipv4]peer 33.1.1.1 label-route-capability
!
[R3-bgp-af-ipv4]peer 22.1.1.1 label-route-capability
[R3-bgp-af-ipv4]peer 10.1.34.4 label-route-capability
interface GigabitEthernet0/0/0
ip address 10.1.34.3 255.255.255.0
mpls
!
[R4-bgp-af-ipv4]peer 10.1.34.3 label-route-capability
[R4-bgp-af-ipv4]peer 55.1.1.1 label-route-capability
interface GigabitEthernet0/0/0
ip address 10.1.34.4 255.255.255.0
mpls
!
[R5-RR-bgp-af-ipv4]peer 44.1.1.1 label-route-capability
[R5-RR-bgp-af-ipv4]peer 66.1.1.1 label-route-capability
!
[R6-bgp-af-ipv4]peer 55.1.1.1 label-route-capability
跨域BGP LSP需要配置路由策略来控制标签的分配,对于向本AS的PE发布的路由,如果是带标签的IPv4路由,为其重新分配MPLS标签;对于从本AS的PE接收的路由,在向对端ASBR发布时,分配MPLS标签
对邻居ASBR的处理
R3
route-policy ASBR permit node 10
apply mpls-label
bgp 100
ipv4 un
peer 10.1.34.4 route-policy ASBR export
!
[R4]route-policy ASBR permit node 10
[R4-route-policy] apply mpls-label
[R4-route-policy]bgp 200
[R4-bgp]ipv4 un
[R4-bgp-af-ipv4]peer 10.1.34.3 route-policy ASBR export
对PE(RR)的处理
R4
route-policy PE permit node 10
if-match mpls-label
apply mpls-label
bgp 200
[R4-bgp]ipv4 un
[R4-bgp-af-ipv4]peer 55.1.1.1 route-policy PE export
!
R3
[R3]route-policy PE permit node 10
Info: New Sequence of this List.
[R3-route-policy] if-match mpls-label
[R3-route-policy] apply mpls-label
bgp 100
[R3-bgp]ipv4 unicast
[R3-bgp-af-ipv4]peer 22.1.1.1 route-policy PE export
此时数据可以完成通信
<R7>ping -a 77.1.1.1 88.1.1.1
PING 88.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 88.1.1.1: bytes=56 Sequence=1 ttl=251 time=40 ms
Reply from 88.1.1.1: bytes=56 Sequence=2 ttl=251 time=30 ms
--- 88.1.1.1 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/35/40 ms
查看PE上去往远端客户的VPNv4路由
<R1>dis bgp vpnv4 all rou
BGP Local router ID is 10.1.12.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.17.0/24 0.0.0.0 0 0 ?
*>i 10.1.68.0/24 22.1.1.1 100 0 200?
*> 77.1.1.1/32 0.0.0.0 2 0 ?
*>i 88.1.1.1/32 22.1.1.1 100 0 200? //PE即R1去往88.1.1.1的下一跳为RR即R2
[R2-RR-bgp-af-vpnv4]dis bgp vpnv4 all routing-table
BGP Local router ID is 10.1.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 1:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.17.0/24 11.1.1.1 0 100 0 ?
*> 10.1.68.0/24 55.1.1.1 0 200?
*>i 77.1.1.1/32 11.1.1.1 2 100 0 ?
*> 88.1.1.1/32 55.1.1.1 0 200? //RR即R2去往88.1.1.1的下一跳为远端RR即R5
VPNv4路由的下一跳就是标签转发路径LSP的目标地址,那么在R2上查看去往55.1.1.1的LSP:
<R2-RR>display bgp routing-table label //R2上由于配置了BGP为IPv4单播路由分发标签,所以具备到达55.1.1.1的标签,下一跳为33.1.1.1
BGP Local router ID is 10.1.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop In/Out Label
*>i 55.1.1.1 33.1.1.1 NULL/1027 //R2上多协议BGP分配的到达下一跳55.1.1.1的出标签1027,由R3分配
<R2-RR>display mpls lsp //查看R2上所有的MPLS标签转发路径
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
55.1.1.1/32 NULL/1027 -/- //BGP分配的到达下一跳55.1.1.1的标签为1027
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.1.17.0/24 1054/1032 -/- ASBR LSP
77.1.1.1/32 1055/1033 -/- ASBR LSP
10.1.68.0/24 1056/1050 -/- ASBR LSP
88.1.1.1/32 1057/1051 -/- ASBR LSP //由于R2上拥有VPNv4路由,所以可以直接看到到达88.1.1.1的L3VPN LSP的出标签为1051,这是R5为该条VPNv4路由向R2分配内层标签
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
22.1.1.1/32 3/NULL -/-
11.1.1.1/32 NULL/3 -/GE0/0/0
11.1.1.1/32 1024/3 -/GE0/0/0
33.1.1.1/32 NULL/3 -/GE0/0/1
33.1.1.1/32 1025/3 -/GE0/0/1
R2的下一跳为R3,所以查看R3
<R3>display bgp routing-table label
BGP Local router ID is 10.1.34.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop In/Out Label
*> 22.1.1.1 10.1.23.2 1026/NULL
*> 55.1.1.1 10.1.34.4 1027/1026 //查看BGP为IPv4单播路由分配的标签,R2转发的1027到达R3为IN标签,被交换为OUT标签1026,下一跳为R4的10.1.34.4
<R3>display mpls lsp //查看ASBR R3上所有的标签交换通道
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
55.1.1.1/32 NULL/1026 -/- //去往88.1.1.1的VPNv4路由的下一跳55.1.1.1的出标签为1026(外层标签),注意该ASBR无法看到到达55.1.1.1的内层标签(但它确实存在)
22.1.1.1/32 1026/NULL -/- 55.1.1.1/32 1027/1026 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
33.1.1.1/32 3/NULL -/-
11.1.1.1/32 NULL/3 -/GE0/0/2
11.1.1.1/32 1024/3 -/GE0/0/2
22.1.1.1/32 NULL/3 -/GE0/0/1
22.1.1.1/32 1025/3 -/GE0/0/1
接下来查看到达55.1.1.1的标签行为
<R3>display mpls lsp include 55.1.1.1 32 ver
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
No : 1
VrfIndex :
RD Value : 0:0
Fec : 55.1.1.1/32
Nexthop : 10.1.34.4
In-Label : NULL
Out-Label : 1026
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4096
Token : 0x8
LsrType : Ingress //作为入口角色时,不用关心55.1.1.1的标签
Outgoing token : 0x7
Label Operation : PUSH
Mpls-Mtu : ------
TimeStamp : 7138sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : -------
BackupBGPKey : -------
FrrOutLabel : -------
No : 2
VrfIndex :
RD Value : 0:0
Fec : 55.1.1.1/32
Nexthop : -------
In-Label : 1027
Out-Label : 1026 //出标签为1026,即数据被标签1026承载转发出去
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4098
Token : 0x0
LsrType : Egress //关注作为出口设备时,到达55.1.1.1的标签行为
Outgoing token : 0x0
Label Operation : SWAPPUSH //拥有特殊的标签行为SWAPPUSH。标签转发行为是先SWAP(即把1027转换为1026),由于是去往对端ASBR,所以也需要压入标签,即1027。Swappush的行为:先将数据报文的内层标签交换,再压入另一个隧道的标签
Mpls-Mtu : ------
TimeStamp : 6996sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : 0x4
BackupBGPKey : -------
FrrOutLabel : -------
下一跳为R4,所以查看R4的去往下一跳44.1.1.1的标签通道
<R4>display mpls lsp include 55.1.1.1 32
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
55.1.1.1/32 1026/NULL -/- //去往55.1.1.1的出标签已经为空,这和标签行为(下文的POPGO)有关。此时仅仅剩余1个内层标签1051。
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
55.1.1.1/32 NULL/3 -/GE0/0/1
55.1.1.1/32 1024/3 -/GE0/0/1
查看ASBR上LSP的详细信息
<R4>dis mpls lsp verbose
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
No : 1
VrfIndex :
RD Value : 0:0
Fec : 55.1.1.1/32
Nexthop : -------
In-Label : 1026
Out-Label : NULL
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4096
Token : 0x0
LsrType : Egress
Outgoing token : 0x1
Label Operation : POPGO //作为出口设备,去往55.1.1.1的特殊标签行为是POPGO,即先将数据报文的内层标签弹出,再压入另一个隧道的标签,使得标签连续。这是指弹掉标签,仅仅剩余R5为88.1.1.1分配的内层标签1051
Mpls-Mtu : ------
TimeStamp : 7866sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : -------
BackupBGPKey : -------
FrrOutLabel : -------
No : 2
VrfIndex :
RD Value : 0:0
Fec : 22.1.1.1/32
Nexthop : 10.1.34.3
In-Label : NULL
Out-Label : 1026
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4097
Token : 0x6
LsrType : Ingress
Outgoing token : 0x5
Label Operation : PUSH
Mpls-Mtu : ------
TimeStamp : 7855sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : -------
BackupBGPKey : -------
FrrOutLabel : -------
No : 3
VrfIndex :
RD Value : 0:0
Fec : 22.1.1.1/32
Nexthop : -------
In-Label : 1027
Out-Label : 1026
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4098
Token : 0x0
LsrType : Egress
Outgoing token : 0x0
Label Operation : SWAPPUSH //作为出口(egress)设备,去往对端RR的下一跳地址标签行为是先交换再压入标签。这点读者可以查看R3上发送数据到达55.1.1.1的转发行为,转发行为一致。
Mpls-Mtu : ------
TimeStamp : 7667sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : 0x4
下一跳为R5,所以查看R5的LSP
<R5-RR>display mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
22.1.1.1/32 NULL/1027 -/-
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.1.17.0/24 1048/1054 -/- ASBR LSP
77.1.1.1/32 1049/1055 -/- ASBR LSP
10.1.68.0/24 1050/1032 -/- ASBR LSP
88.1.1.1/32 1051/1033 -/- ASBR LSP //去往88.1.1.1的内层标签为1033,当然标签在这个位置进行了交换,由1051(R5为R2分配的标签)交换为1033(PE即R6分配的标签)
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
44.1.1.1/32 NULL/3 -/GE0/0/1
44.1.1.1/32 1024/3 -/GE0/0/1
55.1.1.1/32 3/NULL -/-
66.1.1.1/32 NULL/3 -/GE0/0/0
66.1.1.1/32 1025/3 -/GE0/0/0
关注88.1.1.1的的标签行为:
<R5-RR>display mpls lsp include 88.1.1.1 32 verbose
-------------------------------------------------------------------------------
LSP Information: L3VPN LSP
-------------------------------------------------------------------------------
No : 1
VrfIndex : ASBR LSP
RD Value : 1:1
Fec : 88.1.1.1/32
Nexthop : -------
In-Label : 1051
Out-Label : 1033
In-Interface : ----------
Out-Interface : ----------
LspIndex : 4101
Token : 0x0
LsrType : Egress
Outgoing token : 0x5
Label Operation : SWAPPUSH //先交换内层标签(1051交换为1031)再压入标签(由于是次末跳,所以POP,无法看到)
Mpls-Mtu : ------
TimeStamp : 3862sec
FrrToken : 0x0
FrrOutgoingToken : 0x0
BGPKey : 0xd
BackupBGPKey : -------
FrrOutLabel : -------
查看R6的LSP
<R6>dis mpls lsp
-------------------------------------------------------------------------------
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.1.68.0/24 1032/NULL -/- QYT
88.1.1.1/32 1033/NULL -/- QYT //PE,R6为VPN路由88.1.1.1分配的标签确实为1033
22.1.1.1/32 NULL/1027 -/-
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
66.1.1.1/32 3/NULL -/-
44.1.1.1/32 NULL/3 -/GE0/0/2
44.1.1.1/32 1024/3 -/GE0/0/2
55.1.1.1/32 NULL/3 -/GE0/0/0
55.1.1.1/32 1025/3 -/GE0/0/0
最后我们来查看数据的转发:
<R7>ping -a 77.1.1.1 88.1.1.1
PING 88.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 88.1.1.1: bytes=56 Sequence=1 ttl=249 time=70 ms
Reply from 88.1.1.1: bytes=56 Sequence=2 ttl=249 time=50 ms
Reply from 88.1.1.1: bytes=56 Sequence=3 ttl=249 time=60 ms
Reply from 88.1.1.1: bytes=56 Sequence=4 ttl=249 time=60 ms
Reply from 88.1.1.1: bytes=56 Sequence=5 ttl=249 time=60 ms
此时数据虽然可以通信,但是数据转发并不是优化的。我们来跟踪转发路径:
<R7>tracert -a 77.1.1.1 88.1.1.1
traceroute to 88.1.1.1(88.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.17.1 20 ms 20 ms 20 ms
2 * * *
3 10.1.23.3 50 ms 50 ms 60 ms
4 10.1.34.4 40 ms 40 ms 60 ms
5 * * *
6 10.1.68.6 70 ms 50 ms 40 ms
7 10.1.68.8 70 ms 70 ms 50 ms
此时的数据包的转发路径是R1-R2-R3-R4-R5-R6-R8,我们之所以看到*是因为RR上没有能力响应R7的请求。
为了看到3层标签,请读者关闭R1和R6的g0/0/2接口,请使用如下命令查看
<R8>tracert -v -a 88.1.1.1 77.1.1.1
traceroute to 77.1.1.1(77.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.68.6 20 ms 20 ms 10 ms
2 10.1.56.5[MPLS Label=1024/1033/1027 Exp=0/0/0 S=0/0/1 TTL=1/1/1] 40 ms 50 ms 50 ms //最内层的1027是VPNv4的标签,即远端PE-R1的多协议BGP自动分配的;中间层的1033是多协议BGP为到远端PE-R1的更新源地址11.1.1.1的标签;最外层的1024是LDP协议为到本AS的ASBR的更新源地址44.1.1.1的标签。
3 10.1.45.4[MPLS Label=1033/1027 Exp=0/0 S=0/1 TTL=1/2] 40 ms 40 ms 40 ms
4 10.1.34.3[MPLS Label=1024/1027 Exp=0/0 S=0/1 TTL=1/3] 50 ms 50 ms 30 ms
5 10.1.23.2[MPLS Label=1024/1027 Exp=0/0 S=0/1 TTL=1/4] 40 ms 40 ms 40 ms
6 10.1.17.1 70 ms 50 ms 40 ms
7 10.1.17.7 40 ms 60 ms 40 ms
在R6的g0/0/0抓取的88.1.1.1到77.1.1.1的3层标签报文
还有域间MPLS VPN Option解决方案2内容
...
...
...
网站字数限制,完整内容联系网站客服获取 点击获取
乾颐堂客服热线:400-618-8070
乾颐堂官网:www.qytang.com
乾颐堂网络实验室 我们为您想的更多
|
姓名:
Q Q:
电话:
|
400-618-8070
