交换机
园区网交换机
数据中心与云计算交换机
中小网络精简型交换机
工业交换机
意图网络指挥官
无线
放装型无线接入点
墙面型无线接入点
智分无线接入点
室外无线接入点
场景化无线
无线控制器
小锐A系列
统一运维
身份管理
服务产品
运营商
政府
金融
互联网
电力能源
制造业
高教/职教
医疗卫生
交通
地产酒店文旅·连锁服务
公共安全
功能介绍:
伪链路(sham-link)不是一条真正的链路,它是指在两台PE上的VRF间建立的一条“虚拟链路”。伪链路和正常的OSPF 链路一样,有自己的OSPF 接口,可以发送OSPF 协议报文,建立邻居,发送LSA ,当LSA 在伪链路中进行泛洪时,所有的OSPF 路由类型不会改变。
不同PE的VRF OSPF实例建立伪链路的目的主要有以下两点:
1)通过MP-IBGP携带私网路由的方式,只是传递路由,到达对端PE后的还原工作也只是尽力而为式的引入原有OSPF 路由信息,并不能真正使OSPF 的拓扑信息得到沟通。通过伪链路在建立一条OSPF 链路,从而使各个站点内的OSPF 实例能够真正连通,并建立完整的拓扑信息。
2)同一VPN内的不同站点通过MPLS 骨干网交互信息,但是这些VPN站点内部又连接一条链路,其目的是在MPLS 骨干网无法使用时,VPN站点间仍然可以通过该链路通信,这种链路称为“后门链路”。如果VPN用户的两个站点同属于同一个OSPF 区域,且这两个站点间又连接一条“后门链路”,那么两个站点内的路由即通过MPLS 骨干网交互,也通过“后门链路”交互,由于通过MPLS 骨干网交互后的路由为域间路由,而通过“后门链路”交互后的路由为域内路由,显然后门链路所通告的域内路由优于MPLS 骨干网通告的域间路由,因而这两个站点内的路由转发会优先走后门链路,这不符合 VPN用户连接“后门链路”的意图,因此这种应用也需要使用伪链路。
一、组网需求
R2与R3建立sham-link,得到的结果是:
1、R2从R3学习到的4.4.4.4/32路由为OSPF域内路由;
2、R1由于从R2学习到的是域内路由,优于从R3学习到的VPN路由,因此R1去往4.4.4.4/32的路径是 R1-->R5-->R2-->R3-->R4。
二、组网拓扑
三、配置要点
1、设备基础配置,参考”OSPF VPN案例剖析“章节
2、新建LOOP接口,将该LOOP接口添加进VRF:
3、将LOOP接口通告进L3VPN:
4、配置sham-link
四、配置步骤
1、新建LOOP接口,将该LOOP接口添加进VRF:
R2:
interface Loopback 1
ip vrf forwarding ruijie
ip ref
ip address 22.22.22.22 255.255.255.255
R3:
interface Loopback 1
ip vrf forwarding ruijie
ip ref
ip address 33.33.33.33 255.255.255.255
2、将LOOP接口通告进L3VPN:
R2:
router bgp 1
address-family ipv4 vrf ruijie
network 22.22.22.22 mask 255.255.255.255
R3:
router bgp 1
address-family ipv4 vrf ruijie
network 33.33.33.33 mask 255.255.255.255
3、配置sham-link
R2:
router ospf 1 vrf ruijie
area 0 sham-link 22.22.22.22 33.33.33.33
R3:
router ospf 1 vrf ruijie
area 0 sham-link 33.33.33.33 22.22.22.22
//技巧:
sham-link必须使用LOOP地址建立,且LOOP接口必须通告入OSPF,否则sham-link无法建立。如果配置错误,设备会自动告警,例如:
R1(config-router)#area 0 sham-link 10.10.15.1 20.20.34.3
R1(config-router)#*Mar 18 12:21:56: %7: Warning: The source address of the sham-link must be a 32-bit loopback address bound to local vrf ruijie,please re-configure it.*Mar 18 12:21:56: %7: Warning: The source address of the sham-link should not be advertised by OSPF.
五、配置验证
1、配置R2与R3的sham-link功能,确保sham-link邻居建立:
R2#sho ip ospf sham-links
Sham Link SLINK0 to address 33.33.33.33 is up
Area 0.0.0.0 source address 22.22.22.22, Cost: 1
Output interface is GigabitEthernet 0/1
Nexthop address 3.3.3.3
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Adjacency state Full
2、通过show ip route vrf ruijie查看R1/R2的路由表,确认4.4.4.4的路由为O而不是B或者O E2
R1#sho ip rout vrf ruijie
Routing Table: ruijie
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default
Gateway of last resort is no set
O 4.4.4.4/32 [110/4] via 10.10.15.5, 00:01:02, GigabitEthernet 0/0
O 5.5.5.5/32 [110/101] via 10.10.15.5, 04:55:06, GigabitEthernet 0/0
C 10.10.15.0/24 is directly connected, GigabitEthernet 0/0
C 10.10.15.1/32 is local host.
O 10.10.25.0/24 [110/2] via 10.10.15.5, 02:04:46, GigabitEthernet 0/0
O 20.20.34.0/24 [110/4] via 10.10.15.5, 00:01:02, GigabitEthernet 0/0
B 33.33.33.33/32 [200/0] via 3.3.3.3, 00:06:02
R2#sho ip route vrf ruijie
Routing Table: ruijie
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default
Gateway of last resort is no set
O 4.4.4.4/32 [110/2] via 3.3.3.3, 00:01:20
O 5.5.5.5/32 [110/101] via 10.10.25.5, 02:04:15, GigabitEthernet 0/0
O 10.10.15.0/24 [110/2] via 10.10.25.5, 02:04:15, GigabitEthernet 0/0
C 10.10.25.0/24 is directly connected, GigabitEthernet 0/0
C 10.10.25.2/32 is local host.
O 20.20.34.0/24 [110/2] via 3.3.3.3, 00:01:20
C 22.22.22.22/32 is local host.
B 33.33.33.33/32 [200/0] via 3.3.3.3, 00:01:38
3、通过show ip route 查看R5/R4路由表,确认学习到的私网路由为O
R4#sho ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default
Gateway of last resort is no set
C 4.4.4.4/32 is local host.
O 5.5.5.5/32 [110/103] via 20.20.34.3, 00:02:05, FastEthernet 0/0
O 10.10.15.0/24 [110/4] via 20.20.34.3, 00:02:05, FastEthernet 0/0
O 10.10.25.0/24 [110/3] via 20.20.34.3, 00:02:05, FastEthernet 0/0
C 20.20.34.0/24 is directly connected, FastEthernet 0/0
C 20.20.34.4/32 is local host.
O E2 22.22.22.22/32 [110/1] via 20.20.34.3, 00:02:24, FastEthernet 0/0
O E2 33.33.33.33/32 [110/1] via 20.20.34.3, 00:02:04, FastEthernet 0/0
R5#sho ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default
Gateway of last resort is no set
O 4.4.4.4/32 [110/3] via 10.10.25.2, 00:02:32, FastEthernet 0/1
C 5.5.5.5/32 is local host.
C 10.10.15.0/24 is directly connected, FastEthernet 0/0
C 10.10.15.5/32 is local host.
C 10.10.25.0/24 is directly connected, FastEthernet 0/1
C 10.10.25.5/32 is local host.
O 20.20.34.0/24 [110/3] via 10.10.25.2, 00:02:32, FastEthernet 0/1
O E2 22.22.22.22/32 [110/1] via 10.10.25.2, 00:02:31, FastEthernet 0/1
O E2 33.33.33.33/32 [110/1] via 10.10.15.1, 00:02:48, FastEthernet 0/0
[110/1] via 10.10.25.2, 00:02:48, FastEthernet 0/1
4、通过show ip ospf da 查看R1/R2的OSPF数据库,确认私网4.4.4.4的1类LSA
R1# sho ip os da router //这里截取了部分
LS age: 871
Options: 0x2 (-|-|-|-|-|-|E|-) //注意到,这里DN位没有置位
Flags: 0x0
LS Type: router-LSA
Link State ID: 20.20.34.4
Advertising Router: 20.20.34.4
LS Seq Number: 80000014
Checksum: 0xb82e
Length: 48
Number of Links: 2
Link connected to: a Transit Network
(Link ID) Designated Router address: 20.20.34.4
(Link Data) Router Interface address: 20.20.34.4
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: Stub Network
(Link ID) Network/subnet number: 4.4.4.4
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metric: 0
通过以上信息验证,可以确认sham-link功能正常;也可学习到,sham-link功能启用后,OSPF路由在路由表的存在形式。