产品
产品中心
< 返回主菜单
产品

交换机

交换机所有产品
< 返回产品
交换机
查看交换机首页 >

无线

无线所有产品
< 返回产品
无线
查看无线首页 >

云桌面

云桌面产品方案中心
< 返回产品
云桌面
查看云桌面首页 >

安全

安全所有产品
< 返回产品
安全
查看安全首页 >
产品中心首页 >
行业
行业中心
< 返回主菜单
行业
行业中心首页 >

【RSR】RSR如何配置ASBR不改变下一跳方式的MPLS VPN(跨域option B)

发布时间:2013-09-12
点击量:4940

一、组网需求

1、拓扑中的CE1,CE2分别用一台路由器用MCE技术进行模拟;

2、要求实现跨域的MPLS/VPN访问,即实现VPN-A的1.1.1.1和7.7.7.7互通,VPN-B的11.11.11.11和77.77.77.77互通;

3、该拓扑中在ASBR1分别对RR,ASBR2将直连的32位主机路由重发布到各自AS的IGP,使得下一跳可达。

 

 

二、组网拓扑

     

 

三、配置要点

1、部署AS核心的IGP路由协议

2、部署AS核心的MPLS

1)全局开启MPLS转发功能

2)全局开启LDP标签分发协议

3)开启接口的标签交换能力

4)接口下开启LDP协议

5)接口下配置MTU

3、部署PE-PE的MP-BGP协议

1)启用BGP进程

2)进入VPNV4地址簇下激活VPNV4邻居关系

3)配置路由反射器RR

4、部署PE-CE的路由协议

1)创建VRF实例

2)将相关接口划入对应的VRF实例中

3)配置PE-CE的路由协议

5、将CE的路由重发布进MP-BGP

6、将MP-BGP的路由重发布进CE

//到第6步为止,是完整的域内VPN配置

7、跨域option B模式ASBR间的部署(不改变下一跳方式)

1)ASBR间建立MP-EBGP邻居关系

2)ASBR关闭RT过滤

//详细配置文件,参考六、附件

四、配置步骤

第1步--第6步,是配置域内VPN,参考跨域option A章节的前6步(参考:典型配置--->MPLS VPN--->跨域option A)

7、跨域option B模式ASBR间的部署不改变下一跳方式

ASBR1(R4)上的相关配置

1)ASBR间建立MP-EBGP邻居关系

router bgp 100

 bgp router-id 4.4.4.4

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

neighbor 3.3.3.3 remote-as 100

 neighbor 3.3.3.3 update-source Loopback 0

 neighbor 45.4.4.5 remote-as 200            

 //指定MP-EBGP邻居注意这里不要配置neighbor 45.4.4.5 update-source Loopback 0

 //使用直连地址建立MP-EBGP邻居

 !

 address-family vpnv4 unicast

 neighbor 3.3.3.3 activate

 neighbor 3.3.3.3 send-community extended

 neighbor 45.4.4.5 activate

 neighbor 45.4.4.5 send-community extended

 exit-address-family

2)ASBR关闭RT过滤

router bgp 100

 no bgp default route-target filter

//缺省情况下,PE收到其他PE(或者ASBR)发送的VPN路由,如果该VPN路由不会被本设备上任何一个VRF导入,PE设备就拒绝该路由。可以通过如下两种方法解决:

A. 启用no bgp default route-target filter,PE设备会接受其他PE(或ASBR)发送过来的所有VPN路由,不管本地的VRF是否会导入该VPN路由。

B. 在ASBR上建立相关的VRF,并配置相关的路由目标,将路由导入到ASBR,此方法不推荐。

3)ASBR将MP-EBGP直连网段重发布进IGP

根据IGP使用的路由协议进行重发布,该案例IGP使用RIP。

a)定义prefix-list

ip prefix-list 1 seq 5 permit 45.4.4.5/32

b)定义route-map

route-map C permit 10

 match ip address prefix-list 1

c)分别将对端32位的主机路由重发布进各自AS中的IGP

router rip

redistribute connected metric 1 route-map C

//可以直接重发布直连路由这里为了精确控制采用了route-map

五、配置验证

1、通过Ping测试VPN间的路由连通性:

R1#ping vrf VPN-A 7.7.7.7 sou 1.1.1.1

Sending 5, 100-byte ICMP Echoes to 7.7.7.7, timeout is 2 seconds:

  < press Ctrl+C to break >

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

R1#ping vrf VPN-B 77.77.77.77 sou 11.11.11.11

Sending 5, 100-byte ICMP Echoes to 77.77.77.77, timeout is 2 seconds:

  < press Ctrl+C to break >

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

2、通过Traceroute测试路径:

R1#traceroute vrf VPN-A 7.7.7.7  source 1.1.1.1

  < press Ctrl+C to break >

Tracing the route to 7.7.7.7

 

 1    12.1.1.2 0 msec 0 msec 0 msec

 2    *    *    *

 3    *    *    *

 4    *    *    *

 5    56.5.5.6 0 msec 0 msec 0 msec

 6    7.7.7.7 10 msec 10 msec 10 msec

R1#traceroute vrf VPN-B 77.77.77.77 source 11.11.11.11

  < press Ctrl+C to break >

Tracing the route to 77.77.77.77

 

 1    21.1.1.2 0 msec 0 msec 10 msec

 2    *    *    *

 3    *    *    *

 4    *    *    *

 5    56.5.5.6 0 msec 0 msec 0 msec

 6    77.77.77.77 10 msec 10 msec 10 msec

 

3LSP ping测试

R2#ping mpls ipv4 4.4.4.4/32

Sending 5, 84-byte MPLS Echoes to 4.4.4.4/32,

     timeout is 2 seconds, send interval is 0 msec:

 

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

  'L' - labeled output interface, 'B' - unlabeled output interface,

  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,

  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,

  'P' - no rx intf label prot, 'p' - premature termination of LSP,

  'R' - transit router, 'I' - unknown upstream index,

  'X' - unknown return code, 'x' - return code 0

 

Press Ctrl+C to break.

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms

4LSP traceroute测试

R2#traceroute mpls ipv4 4.4.4.4/32

Tracing MPLS Label Switched Path to 4.4.4.4/32, timeout is 2 seconds

 

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

  'L' - labeled output interface, 'B' - unlabeled output interface,

  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,

  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,

  'P' - no rx intf label prot, 'p' - premature termination of LSP,

  'R' - transit router, 'I' - unknown upstream index,

  'X' - unknown return code, 'x' - return code 0

 

Press Ctrl+C to break.

  0 23.2.2.2        MRU 1500 [Labels: 1025 Exp: 0]

L 1 23.2.2.3        MRU 1500 [Labels: implicit-null Exp: 0] <1 ms

! 2 34.3.3.4        <1 ms

5、数据包走向分析

数据包走向分析,以VPN-A的1.1.1.1到7.7.7.7的流量为例。

1)CE1(R1)发送VPN-A的目的IP为7.7.7.7,源IP为1.1.1.1的流量,数据包到达PE1(R2),此时查看REF转发表。

R2#show ip ref route vrf VPN-A 7.0.0.0 255.0.0.0

Codes: * - default route

       # - zero route

 ip              mask            weight  path-id next-hop        interface            

 7.0.0.0         255.0.0.0       0       262140  0.0.0.0         ftn nhlfe      

2进入MPLS转发表查询

R2#show mpls forwarding-table ftn detail

Label Operation Code:

PH--PUSH label

PP--POP label

SW--SWAP label

SP--SWAP topmost label and push new label

DP--DROP packet

PC--POP label and continue lookup by IP or Label

PI--POP label and do ip lookup forward

PN--POP label and forward to nexthop

PM--POP label and do MAC lookup forward

PV--POP label and output to VC attach interface

IP--IP lookup forward

Local   Outgoing OP FEC                         Outgoing         Nexthop       

label   label                                   interface                      

--      imp-null PH 3.3.3.3/32                  Gi0/0.23         23.2.2.3      

          Added by Route(vrf Global), Tag Stack: { 3 }

--      1025     PH 4.4.4.4/32                  Gi0/0.23         23.2.2.3      

          Added by Route(vrf Global), Tag Stack: { 1025 }

--      imp-null PH 34.3.3.0/24                 Gi0/0.23         23.2.2.3      

          Added by Route(vrf Global), Tag Stack: { 3 }

--      1026     PH 45.4.4.5/32                 Gi0/0.23         23.2.2.3      

          Added by Route(vrf Global), Tag Stack: { 1026 }

--      1024     PH 7.0.0.0/8(V)                Gi0/0.23         23.2.2.3      

          Added by Route(vrf VPN-A), Tag Stack: { 1024 1026 }

--      1025     PH 67.6.6.0/24(V)              Gi0/0.23         23.2.2.3      

          Added by Route(vrf VPN-A), Tag Stack: { 1025 1026 }

--      1026     PH 76.6.6.0/24(V)              Gi0/0.23         23.2.2.3      

          Added by Route(vrf VPN-B), Tag Stack: { 1026 1026 }

--      1031     PH 77.0.0.0/8(V)               Gi0/0.23         23.2.2.3      

          Added by Route(vrf VPN-B), Tag Stack: { 1031 1026 }

 

//此处针对7.0.0.0/8的FEC被分配了双层标签,顶层标签1026为R3为BGP下一跳分配的。底层标签1024为ASBR2(R5)为VPN路由分配的。

3)标签包到达路由器R3,执行swap操作,将顶层标签1026置换成8195.

R3#show mpls forwarding-table

 

Label Operation Code:

PH--PUSH label

PP--POP label

SW--SWAP label

SP--SWAP topmost label and push new label

DP--DROP packet

PC--POP label and continue lookup by IP or Label

PI--POP label and do ip lookup forward

PN--POP label and forward to nexthop

PM--POP label and do MAC lookup forward

PV--POP label and output to VC attach interface

IP--IP lookup forward

Local   Outgoing OP FEC                         Outgoing         Nexthop       

label   label                                   interface                      

--      imp-null PH 2.2.2.2/32                  Gi0/0.23         23.2.2.2      

--      imp-null PH 4.4.4.4/32                  Gi0/0.34         34.3.3.4      

--      8195     PH 45.4.4.5/32                 Gi0/0.34         34.3.3.4      

1024    imp-null PP 2.2.2.2/32                  Gi0/0.23         23.2.2.2      

1025    imp-null PP 4.4.4.4/32                  Gi0/0.34         34.3.3.4      

1026    8195     SW 45.4.4.5/32                 Gi0/0.34         34.3.3.4         

 

4)标签包到达ASBR1(R4),继续查找标签转发表,弹出顶层标签,执行POP操作;

R4#show mpls forwarding-table

 

Label Operation Code:

PH--PUSH label

PP--POP label

SW--SWAP label

SP--SWAP topmost label and push new label

DP--DROP packet

PC--POP label and continue lookup by IP or Label

PI--POP label and do ip lookup forward

PN--POP label and forward to nexthop

PM--POP label and do MAC lookup forward

PV--POP label and output to VC attach interface

IP--IP lookup forward

Local   Outgoing OP FEC                         Outgoing         Nexthop       

label   label                                   interface                      

--      1024     PH 2.2.2.2/32                  Gi3/1/0.34       34.3.3.3      

--      imp-null PH 3.3.3.3/32                  Gi3/1/0.34       34.3.3.3      

--      imp-null PH 23.2.2.0/24                 Gi3/1/0.34       34.3.3.3      

8192    1024     SW 2.2.2.2/32                  Gi3/1/0.34       34.3.3.3      

8193    imp-null PP 3.3.3.3/32                  Gi3/1/0.34       34.3.3.3      

8194    imp-null PP 23.2.2.0/24                 Gi3/1/0.34       34.3.3.3      

8195    imp-null PP 45.4.4.5/32                 Gi3/1/0.45       45.4.4.5      

8704    1536     SP 1.1.1.1/32                  Gi3/1/0.34       34.3.3.3      

8705    1536     SP 12.1.1.0/24                 Gi3/1/0.34       34.3.3.3      

8706    1537     SP 11.11.11.11/32              Gi3/1/0.34       34.3.3.3      

8707    1537     SP 21.1.1.0/24                 Gi3/1/0.34       34.3.3.3      

8708    1024     SW 7.0.0.0/8                   Gi3/1/0.45       45.4.4.5      

8709    1025     SW 67.6.6.0/24                 Gi3/1/0.45       45.4.4.5      

8710    1026     SW 76.6.6.0/24                 Gi3/1/0.45       45.4.4.5      

8711    1031     SW 77.0.0.0/8                  Gi3/1/0.45       45.4.4.5      

                    

 

5标签包抵达ASBR2 R5路由器执行SWAP操作

R5#show mpls forwarding-table detail

 

Label Operation Code:

PH--PUSH label

PP--POP label

SW--SWAP label

SP--SWAP topmost label and push new label

DP--DROP packet

PC--POP label and continue lookup by IP or Label

PI--POP label and do ip lookup forward

PN--POP label and forward to nexthop

PM--POP label and do MAC lookup forward

PV--POP label and output to VC attach interface

IP--IP lookup forward

Local   Outgoing OP FEC                         Outgoing         Nexthop       

label   label                                   interface                      

--      imp-null PH 6.6.6.6/32                  Gi0/0.56         56.5.5.6      

          Added by Route(vrf Global), Tag Stack: { 3 }

1024    1024     SW 7.0.0.0/8                   Gi0/0.56         56.5.5.6      

          Added by Route(vrf Global), Tag Stack: { 1024 }

1025    1024     SW 67.6.6.0/24                 Gi0/0.56         56.5.5.6      

          Added by Route(vrf Global), Tag Stack: { 1024 }

1026    1025     SW 76.6.6.0/24                 Gi0/0.56         56.5.5.6      

          Added by Route(vrf Global), Tag Stack: { 1025 }

1027    8704     SW 1.1.1.1/32                  Gi0/0.45         45.4.4.4      

          Added by Route(vrf Global), Tag Stack: { 8704 }

1028    8705     SW 12.1.1.0/24                 Gi0/0.45         45.4.4.4      

          Added by Route(vrf Global), Tag Stack: { 8705 }

1029    8706     SW 11.11.11.11/32              Gi0/0.45         45.4.4.4      

          Added by Route(vrf Global), Tag Stack: { 8706 }

1030    8707     SW 21.1.1.0/24                 Gi0/0.45         45.4.4.4      

          Added by Route(vrf Global), Tag Stack: { 8707 }

1031    1025     SW 77.0.0.0/8                  Gi0/0.56         56.5.5.6      

          Added by Route(vrf Global), Tag Stack: { 1025 }

1536    imp-null PP 6.6.6.6/32                  Gi0/0.56         56.5.5.6      

          Added by Route(vrf Global), Tag Stack: { 3 }

1537    imp-null PP 45.4.4.4/32                 Gi0/0.45         45.4.4.4      

          Added by Route(vrf Global), Tag Stack: { 3 }  

//此时标签包其实只有一层VPN标签1024了,ASBR2(R5)接着会发生一次标签的swap操作。按照情况来讲,此处会执行一个将VPN标签替换成两层的标签,鉴于本次试验环境的限制,此处只交换底层标签,就到PE2(R6)了。

 

6)标签包到达PE2(R6)路由器,POP标签:

R6#show mpls forwarding-table

 

Label Operation Code:

PH--PUSH label

PP--POP label

SW--SWAP label

SP--SWAP topmost label and push new label

DP--DROP packet

PC--POP label and continue lookup by IP or Label

PI--POP label and do ip lookup forward

PN--POP label and forward to nexthop

PM--POP label and do MAC lookup forward

PV--POP label and output to VC attach interface

IP--IP lookup forward

Local   Outgoing OP FEC                         Outgoing         Nexthop       

label   label                                   interface                      

--      imp-null PH 5.5.5.5/32                  Gi0/0.56         56.5.5.5      

--      1537     PH 45.4.4.4/32                 Gi0/0.56         56.5.5.5      

--      8704     PH 1.1.1.1/32(V)               Gi0/0.56         56.5.5.5      

--      8705     PH 12.1.1.0/24(V)              Gi0/0.56         56.5.5.5      

--      8706     PH 11.11.11.11/32(V)           Gi0/0.56         56.5.5.5      

--      8707     PH 21.1.1.0/24(V)              Gi0/0.56         56.5.5.5      

1024    --       PI VRF(VPN-A)                  --               --            

1025    --       PI VRF(VPN-B)                  --               --            

1536    imp-null PP 5.5.5.5/32                  Gi0/0.56         56.5.5.5      

1537    1537     SW 45.4.4.4/32                 Gi0/0.56         56.5.5.5     

7查找IP REF路由表还原IP数据包将数据包扔向GI0/0.67

 R6# show ip ref route vrf VPN-A 7.0.0.0 255.0.0.0  

Codes: * - default route

       # - zero route

 ip      mask            weight  path-id next-hop        interface            

 7.0.0.0 255.0.0.0       1       13      67.6.6.7        GigabitEthernet 0/0.67

8R7VPN-A的源IP7.7.7.7到目的IP1.1.1.1回包分析方式同上。

 

 六、附件

 

 

相关产品

返回顶部

请选择服务项目
关闭咨询页
售前咨询 售前咨询
售前咨询
售后服务 售后服务
售后服务
意见反馈 意见反馈
意见反馈
更多联系方式