思科运行商XR设备实现跨域MPLS VPN的Option3（即OptionC）方案详解

思科运行商XR设备实现跨域MPLS VPN的Option3（即OptionC）方案详解

8.3.1 实施各AS内部的IGP和LDP协议

如图8-2所示，在AS100内实施OSPF协议，在AS200内实施IS-IS协议，并且完成LDP的自动配置。

AS200： ASBR-R4(config)#router isis ASBR-R4(config-router)# net 49.4567.0000.0000.4444.00 ASBR-R4(config-router)# mpls ldp autoconfig level-1 ASBR-R4(config-router)# is-type level-1 ASBR-R4(config-router)# metric-style wide ASBR-R4(config-router)# log-adjacency-changes ASBR-R4(config-router)#int lo0 ASBR-R4(config-if)#ip router isis ASBR-R4(config-if)#int e0/1 ASBR-R4(config-if)#ip router isis ASBR-R4(config-if)#int e0/3 ASBR-R4(config-if)#ip router isis ! RR-R5(config)#router isis RR-R5(config-router)# net 49.4567.0000.0000.5555.00 RR-R5(config-router)# is-type level-1 RR-R5(config-router)# metric-style wide RR-R5(config-router)# log-adjacency-changes RR-R5(config-router)#mpls ldp autoconfig level-1 RR-R5(config-router)# RR-R5(config-router)#exi RR-R5(config)#int lo0 RR-R5(config-if)#ip router isis RR-R5(config-if)#int r e0/0 - 1 RR-R5(config-if-range)#ip router isis ! PE-R6(config)#router isis PE-R6(config-router)# mpls ldp autoconfig level-1 PE-R6(config-router)# is-type level-1 PE-R6(config-router)# metric-style wide PE-R6(config-router)# log-adjacency-changes PE-R6(config-router)# net 49.4567.0000.0000.6666.00 PE-R6(config-router)# PE-R6(config-router)#exi PE-R6(config)#int lo0 PE-R6(config-if)#ip router isis PE-R6(config-if)#int r e0/1 - 2 PE-R6(config-if-range)#ip router isis

验证IS-IS邻居和LDP邻居RR-R5#show isis neighbors

System Id Type Interface IP Address State Holdtime Circuit IdASBR-R4 L1 Et0/0 45.1.1.4 UP 22 RR-R5.01 PE-R6 L1 Et0/1 56.1.1.6 UP 25 RR-R5.02 RR-R5#show mpls ldp neighbor Peer LDP Ident: 44.1.1.1:0; Local LDP Ident 55.1.1.1:0TCP connection: 44.1.1.1.646 - 55.1.1.1.35275State: Oper; Msgs sent/rcvd: 14/15; DownstreamUp time: 00:04:40LDP discovery sources:Ethernet0/0, Src IP addr: 45.1.1.4Addresses bound to peer LDP Ident:45.1.1.4 24.1.1.4 46.1.1.4 44.1.1.1 Peer LDP Ident: 66.1.1.1:0; Local LDP Ident 55.1.1.1:0TCP connection: 66.1.1.1.22823 - 55.1.1.1.646State: Oper; Msgs sent/rcvd: 13/14; DownstreamUp time: 00:04:35LDP discovery sources:Ethernet0/1, Src IP addr: 56.1.1.6Addresses bound to peer LDP Ident:56.1.1.6 46.1.1.6 66.1.1.1查看标签转发表，由于P设备刚好是LSP的次末跳设备，所以，它看到的去往ASBR和PE的环回口标签应该为PopRR-R5#show mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 16 Pop Label 44.1.1.1/32 0 Et0/0 45.1.1.4 17 Pop Label 46.1.1.0/24 0 Et0/0 45.1.1.4 Pop Label 46.1.1.0/24 0 Et0/1 56.1.1.6 18 Pop Label 66.1.1.1/32 0 Et0/1 56.1.1.6AS100的配置

R3： router ospf 110 mpls ldp autoconfig area 0 ! interface Loopback0 ip address 33.1.1.1 255.255.255.255 ip ospf 110 area 0 ! interface Ethernet0/1 ip address 23.1.1.3 255.255.255.0 ip ospf 110 area 0 end ! interface Ethernet0/2 ip address 13.1.1.3 255.255.255.0 ip ospf 110 area 0 XR1： router ospf 110 area 0 mpls ldp auto-config interface Loopback0 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! mpls ldp router-id 22.1.1.1 XR2： router ospf 110 area 0 mpls ldp auto-config interface Loopback0 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/2 ! ! ! mpls ldp router-id 22.1.1.1

验证OSPF邻居、LDP邻居和标签转发表RR-R3#show ip ospf nei

Neighbor ID Pri State Dead Time Address Interface11.1.1.1 1 FULL/BDR 00:00:31 13.1.1.1 Ethernet0/222.1.1.1 1 FULL/BDR 00:00:34 23.1.1.2 Ethernet0/1RR-R3#show mpls ldp neighbor Peer LDP Ident: 11.1.1.1:0; Local LDP Ident 33.1.1.1:0TCP connection: 11.1.1.1.646 - 33.1.1.1.16513State: Oper; Msgs sent/rcvd: 17/18; DownstreamUp time: 00:08:07LDP discovery sources:Ethernet0/2, Src IP addr: 13.1.1.1Addresses bound to peer LDP Ident:12.1.1.1 13.1.1.1 11.1.1.1 Peer LDP Ident: 22.1.1.1:0; Local LDP Ident 33.1.1.1:0TCP connection: 22.1.1.1.646 - 33.1.1.1.49735State: Oper; Msgs sent/rcvd: 14/15; DownstreamUp time: 00:04:20LDP discovery sources:Ethernet0/1, Src IP addr: 23.1.1.2Addresses bound to peer LDP Ident:22.1.1.1 23.1.1.2 12.1.1.2 Duplicate Addresses advertised by peer:13.1.1.1 RR-R3#show mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 16 Pop Label 12.1.1.0/24 0 Et0/2 13.1.1.1 Pop Label 12.1.1.0/24 0 Et0/1 23.1.1.2 17 Pop Label 11.1.1.1/32 599 Et0/2 13.1.1.1 18 Pop Label 22.1.1.1/32 503 Et0/1 23.1.1.2到此两个AS的域内配置完毕

8.3.2 构建RR之间的MP-EBGP邻居关系

为了使得RR之间能构建EBGP邻居，那么需要在两个ASBR之间构建IPv4单播的EBGP，以及构建RR和ASBR之间的IBGP邻居。即R2和R4建立EBGP邻居，R3和R2以及R5和R4建立IBGP邻居。然后通告R3和R5的环回口，使得两者可以建立EBGP

XR2： route-policy EBGP pass end-policy router bgp 100 address-family ipv4 unicast ! neighbor 24.1.1.4 remote-as 200 address-family ipv4 unicast route-policy EBGP in route-policy EBGP out ! ! neighbor 33.1.1.1 remote-as 100 update-source Loopback0 address-family ipv4 unicast next-hop-self ！ R3： router bgp 100 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 22.1.1.1 remote-as 100 neighbor 22.1.1.1 update-source Loopback0 ! address-family ipv4 network 33.1.1.1 mask 255.255.255.255 neighbor 22.1.1.1 route-reflector-client neighbor 22.1.1.1 activate ！ ASBR-R4 router bgp 200 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 24.1.1.2 remote-as 100 neighbor 55.1.1.1 remote-as 200 neighbor 55.1.1.1 update-source Loopback0 ! address-family ipv4 neighbor 24.1.1.2 activate neighbor 55.1.1.1 activate neighbor 55.1.1.1 next-hop-self ！ R5： router bgp 200 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 44.1.1.1 remote-as 200 neighbor 44.1.1.1 update-source Loopback0 ! address-family ipv4 network 55.1.1.1 mask 255.255.255.255 neighbor 44.1.1.1 route-reflector-client neighbor 44.1.1.1 activate

本步骤都是常规的建立IPv4单播BGP的邻居和更新RR的环回口路由即可。RP/0/0/CPU0:ASBR-2#show bgp ipv4 unicast summary //ASBR构建成功EBGP邻居和IBGP邻居Fri Oct 14 12:52:56.454 UTCBGP router identifier 22.1.1.1, local AS number 100BGP generic scan interval 60 secsBGP table state: ActiveTable ID: 0xe0000000 RD version: 4BGP main routing table version 4BGP scan interval 60 secs

BGP is operating in STANDALONE mode.

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVerSpeaker 4 4 4 4 4 4

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd24.1.1.4 0 200 109 99 4 0 0 01:35:33 133.1.1.1 0 100 118 104 4 0 0 01:40:52 1我们的目的是使得R3和R5的环回口可以通信，那我们来查看通过BGP更新得到的路由RR-R3#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

55.0.0.0/32 is subnetted, 1 subnets

B 55.1.1.1 [200/0] via 22.1.1.1, 00:21:30RR-R5#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

33.0.0.0/32 is subnetted, 1 subnets

B 33.1.1.1 [200/0] via 44.1.1.1, 01:41:23RR-R5#ping 33.1.1.1 source loopback 0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 33.1.1.1, timeout is 2 seconds:Packet sent with a source address of 55.1.1.1 !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms环回口之间已经可以通信，那么现在我们来构建MP-EBGP邻居

RR-R5(config)#router bgp 200 RR-R5(config-router)#neighbor 33.1.1.1 remote-as 100 RR-R5(config-router)#neighbor 33.1.1.1 update-source lo0 RR-R5(config-router)#neighbor 33.1.1.1 ebgp-multihop RR-R5(config-router)#address-family vpnv4 RR-R5(config-router-af)#neighbor 33.1.1.1 activate ! RR-R3(config)#router bgp 100 RR-R3(config-router)#neighbor 55.1.1.1 remote-as 200 RR-R3(config-router)#neighbor 55.1.1.1 update-source lo0 RR-R3(config-router)#neighbor 55.1.1.1 ebgp-multihop RR-R3(config-router)#address-family vpnv4 RR-R3(config-router-af)#neighbor 55.1.1.1 activate

RR之间的多协议BGP已经建立RR-R3#show bgp vpnv4 unicast all summary BGP router identifier 33.1.1.1, local AS number 100BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd55.1.1.1 4 200 11 12 1 0 0 00:08:03 0RR-R5#show bgp vpnv4 unicast all summary BGP router identifier 55.1.1.1, local AS number 200BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd33.1.1.1 4 100 12 12 1 0 0 00:08:35 0RR-R5#

8.3.3 构建RR和PE设备的MP-iBGP邻居关系

本步骤的目的是使得PE得到的客户的×××v4路由可以更新到RR，然后通过RR更新给对端的EBGPXR1：

router bgp 100 address-family vpnv4 unicast ! neighbor 33.1.1.1 remote-as 100 update-source Loopback0 address-family vpnv4 unicast ！ R3： RR-R3(config)#router bgp 100 RR-R3(config-router)#neighbor 11.1.1.1 remote-as 100 RR-R3(config-router)#neighbor 11.1.1.1 update-source lo0 RR-R3(config-router)#address-family vpnv4 unicast RR-R3(config-router-af)#neighbor 11.1.1.1 activate RR-R3(config-router-af)#neighbor 11.1.1.1 route-reflector-client ！ R5： RR-R5(config)#router bgp 200 RR-R5(config-router)#neighbor 66.1.1.1 remote-as 200 RR-R5(config-router)#neighbor 66.1.1.1 update-source lo0 RR-R5(config-router)#address-family vpnv4 unicast RR-R5(config-router-af)#neighbor 66.1.1.1 route-reflector-client ！ PE-R6(config)#router bgp 200 PE-R6(config-router)#neighbor 55.1.1.1 remote-as 200 PE-R6(config-router)#neighbor 55.1.1.1 update-source lo0 PE-R6(config-router)#address-family vpnv4 PE-R6(config-router-af)#neighbor 55.1.1.1 update-source lo0 PE-R6(config-router-af)#neighbor 55.1.1.1 activate PE-R6(config-router-af)#

验证MP-BGP邻居RR-R5#show bgp vpnv4 unicast all summary //RR和本AS的PE构建了iBGP邻居，和对端AS的RR构建了EBGP邻居BGP router identifier 55.1.1.1, local AS number 200BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd33.1.1.1 4 100 330 328 1 0 0 04:54:47 066.1.1.1 4 200 5 5 1 0 0 00:01:23 0RP/0/0/CPU0:PE-XR1#show bgp vpnv4 unicast summary //PE和RR构建了正常的BGP邻居Fri Oct 14 17:52:32.823 UTCBGP router identifier 11.1.1.1, local AS number 100BGP generic scan interval 60 secsBGP table state: ActiveTable ID: 0x0 RD version: 0BGP main routing table version 1BGP scan interval 60 secs

BGP is operating in STANDALONE mode.

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVerSpeaker 1 1 1 1 1 1

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd33.1.1.1 0 100 8 6 1 0 0 00:03:41 0

8.3.4 实施VRF并且实施客户端的BGP协议以获取×××v4路由

本步骤的主要目的是获取客户的路由并且更新到其他CE站点XR上实施VRF并且和R8构建EBGP邻居

vrf Ender address-family ipv4 unicast import route-target 100:200 ! export route-target 100:200 //实施RT值为100:200 ! ! ! interface GigabitEthernet0/0/0/3 vrf Ender //把连接CE的接口划入VRF接口 ipv4 address 18.1.1.1 255.255.255.0 no shutdown ！ router bgp 100 vrf Ender rd 100:200 //在BGP的vrf下设置RD值，该值自定义 address-family ipv4 unicast //在BGP的vrf地址族初始化IPv4单播地址族 ! neighbor 18.1.1.8 remote-as 300 address-family ipv4 unicast as-override //和CE激活IPv4邻居，并且配置修改AS的命令，使得CE可以正常得到其他CE站点的路由，用以解决EBGP防环导致的路由无法收取问题 route-policy PASS in route-policy PASS out//针对邻居应用放行所有EBGP邻居，否则默认为丢弃策略 ！ route-policy PASS pass end-policy R8： router bgp 300 bgp log-neighbor-changes network 88.1.1.1 mask 255.255.255.255 neighbor 18.1.1.1 remote-as 100

我们可以直接查看R3，如果PE和CE构建了邻居，那么PE会把路由更新到R3RR-R3#show bgp vpnv4 unicast all //R3已经正常的得到了本侧AS的路由BGP table version is 2, local router ID is 33.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200*>i 88.1.1.1/32 11.1.1.1 0 100 0 300 iAS100已经实施完毕，接下来实施AS200的PE和CE

PE-R6： PE-R6(config)#vrf definition Ender PE-R6(config-vrf)#rd 100:200 PE-R6(config-vrf)#address-family ipv4 PE-R6(config-vrf-af)#route-target 100:200 ! PE-R6(config-vrf)#int e0/3 PE-R6(config-if)#no shu PE-R6(config-if)#vrf forwarding PE-R6(config-if)#ip add 67.1.1.6 255.255.255.0 ! PE-R6(config)#router bgp 200 PE-R6(config-router)#address-family ipv4 vrf Ender PE-R6(config-router-af)#neighbor 67.1.1.7 remote-as 300 PE-R6(config-router-af)# neighbor 67.1.1.7 as-override ！ R7： router bgp 300 bgp log-neighbor-changes network 77.1.1.1 mask 255.255.255.255 neighbor 67.1.1.6 remote-as 200

验证RR上是否得到了本AS一侧的客户的路由RR-R5#show bgp vpnv4 unicast all //RR上得到了两侧客户的环回口路由 BGP table version is 3, local router ID is 55.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i> 88.1.1.1/32 33.1.1.1 0 100 300 i但是别高兴的太早哦，我们来查看CE站点CE-R7#show ip route bCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

CE-R7#CE-R8#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

CE-R8#我们发现在CE站点“空无一物”，此时我们必须查看PE设备是否得到了完整的路由RP/0/0/CPU0:PE-XR1#show bgp vpnv4 unicast Fri Oct 14 18:16:21.345 UTCBGP router identifier 11.1.1.1, local AS number 100BGP generic scan interval 60 secsBGP table state: ActiveTable ID: 0x0 RD version: 0BGP main routing table version 4BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > besti - internal, r RIB-failure, S stale, N Nexthop-discardOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200 (default for vrf Ender)

i77.1.1.1/32 55.1.1.1 0 100 0 200 300 i> 88.1.1.1/32 18.1.1.8 0 0 300 iPE-R6#show bgp vpnv4 unicast all BGP table version is 2, local router ID is 66.1.1.1Status codes: s suppressed, d damped, h history, valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200 (default for vrf Ender)*> 77.1.1.1/32 67.1.1.7 0 0 300 i i 88.1.1.1/32 33.1.1.1 0 100 0 100 300 I //我们发现了问题，即从其他AS更新得到的路由并非最优的路由，很明显，我们忘记了在多协议BGP的边界，即RR设备针对PE实施修改下一跳的命令。当然这里还有另外一个解决方案：此时下一跳为对端AS的RR设备的环回口，该接口地址已经通过BGP得到了路由，那么就可以有条件的把该路由引入到IGP。我们在此修改下一跳。 RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family vpnv4 unicast RR-R3(config-router-af)#neighbor 11.1.1.1 next-hop-self ！ RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family vpnv4 RR-R5(config-router-af)#neighbor 66.1.1.1 next-hop-self 验证PE得到的×××v4路由是否优化RP/0/0/CPU0:PE-XR1#show bgp vpnv4 unicast Fri Oct 14 18:22:40.049 UTCBGP router identifier 11.1.1.1, local AS number 100BGP generic scan interval 60 secsBGP table state: ActiveTable ID: 0x0 RD version: 0BGP main routing table version 6BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, valid, > besti - internal, r RIB-failure, S stale, N Nexthop-discardOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200 (default for vrf Ender)>i77.1.1.1/32 33.1.1.1 0 100 0 200 300 I //路由已经最优，那么就可以更新给CE端了> 88.1.1.1/32 18.1.1.8 0 0 300 iPE-R6#show bgp vpnv4 unicast all BGP table version is 3, local router ID is 66.1.1.1Status codes: s suppressed, d damped, h history, valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200 (default for vrf Ender)> 77.1.1.1/32 67.1.1.7 0 0 300 i>i 88.1.1.1/32 55.1.1.1 0 100 0 100 300 i验证CE端路由是否正常得到CE-R7#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

88.0.0.0/32 is subnetted, 1 subnets

B 88.1.1.1 [20/0] via 67.1.1.6, 00:01:46CE-R8#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

77.0.0.0/32 is subnetted, 1 subnets

B 77.1.1.1 [20/0] via 18.1.1.1, 00:02:06读者会发现此时客户站点正常的得到了其他站点的路由。当然现在数据无法实现通信，因为便签此时并不连续

8.3.5 域间MPLS的LSP连续的解决方案

标签分发协议有很多种，常用的自然是LDP协议，LDP协议可以为域内的IGP路由分发标签；另外一种为IPv4单播路由分发标签的工具是BGP协议。在本节中我们使用BGP为IPv4的单播路由分发标签，LDP方式我们将在13.4小节中实施。我们来观察R6-PE上到达×××v4路由88.1.1.1的下一跳，以及R5-RR上到达×××v4路由88.1.1.1的下一跳PE-R6#show bgp vpnv4 unicast all BGP table version is 3, local router ID is 66.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200 (default for vrf Ender)> 77.1.1.1/32 67.1.1.7 0 0 300 i>i 88.1.1.1/32 55.1.1.1 0 100 0 100 300 I //下一跳为55.1.1.1，而到达55.1.1.1的路由是通过IGP得到的，则LDP就已经分发了LSPRR-R5#show bgp vpnv4 unicast all BGP table version is 3, local router ID is 55.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i> 88.1.1.1/32 33.1.1.1 0 100 300 I //RR设备上到达该路由的下一跳为对端AS的RR的更新源地址，读者是想，现在到达该下一跳地址33.1.1.1是通过什么方式得到的路由呢？没错是BGP。而LDP协议是无法为BGP路由分发标签的。同样的道理，R3上看到的77.1.1.1的路由的下一跳是通过BGP得到的55.1.1.1RR-R3#show bgp vpnv4 unicast allBGP table version is 3, local router ID is 33.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200> 77.1.1.1/32 55.1.1.1 0 200 300 I //下一跳为55.1.1.1，而该路由通过下面一条验证得知通过BGP协议得到路由>i 88.1.1.1/32 11.1.1.1 0 100 0 300 iRR-R3#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route

replicated route, % - next hop override

Gateway of last resort is not set

55.0.0.0/32 is subnetted, 1 subnets

B 55.1.1.1 [200/0] via 22.1.1.1, 05:44:24LDP不能解决LSP连续问题，同时在ASBR之间也需要一种使得LSP连续的方式。在前边的学习中我们知道BGP是一种重要的分发标签的协议，除了可以分发×××v4路由的标签，还可以为IPv4单播路由分发标签。在ASBR和RR之间通过BGP的方式为从BGP协议得到的RR的更新源的IPv4单播路由分发标签

ASBR-R4(config)#router bgp 200 ASBR-R4(config-router)#address-family ipv4 unicast ASBR-R4(config-router-af)#neighbor 24.1.1.2 send-label //IPv4地址族下协商为IPv4单播路由分发标签的能力 ASBR-R4(config-router-af)#neighbor 55.1.1.1 send-label //IPv4地址族下协商为IPv4单播路由分发标签的能力 ！ R5： RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family ipv4 unicast RR-R5(config-router-af)#neighbor 44.1.1.1 send-label 验证IPv4单播标签： RR-R5#show bgp ipv4 un RR-R5#show bgp ipv4 unicast la RR-R5#show bgp ipv4 unicast labels Network Next Hop In label/Out label 33.1.1.1/32 44.1.1.1 nolabel/19 //R5现在有了出方向的标签19 55.1.1.1/32 0.0.0.0 imp-null/nolabel 在AS100中存在XR设备, IOS XR通过ipv4 labeled-unicast地址族来支持IPv4标签 router static address-family ipv4 unicast 24.1.1.4/32 GigabitEthernet0/0/0/1 //手工写到达对端ASBR的直连地址的主机路由的静态路由，而且必须为出接口，才能使得ASBR得到到达对端ASBR的Pop标签 ! ! router bgp 100 address-family ipv4 unicast allocate-label all //在IPv4单播路由下针对所有路由分发开关，默认不分发任何标签 ! neighbor 24.1.1.4 address-family ipv4 labeled-unicast //针对EBGP，在IPv4单播标签地址族下继承原来的IPv4单播路由的策略 route-policy EBGP in route-policy EBGP out ! ! neighbor 33.1.1.1 address-family ipv4 labeled-unicast //针对RR激活IPv4单播标签地址族 next-hop-self R3： RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family ipv4 unicast RR-R3(config-router-af)#neighbor 22.1.1.1 send-label //R3在IPv4单播地址族下和ASBR构建IPv4单播标签地址族邻居

验证RR设备标签是否分发成功RR-R3#show bgp ipv4 unicast labels Network Next Hop In label/Out label33.1.1.1/32 0.0.0.0 imp-null/nolabel55.1.1.1/32 22.1.1.1 nolabel/16004 //R3得到了到达×××v4下一跳即55.1.1.1的的出方向标签，R2分发的16004RP/0/0/CPU0:ASBR-2#show mpls forwarding Fri Oct 14 19:02:27.845 UTCLocal Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched

16000 Pop 11.1.1.1/32 Gi0/0/0/2 12.1.1.1 55282 16001 Pop 13.1.1.0/24 Gi0/0/0/2 12.1.1.1 0 16002 Pop 24.1.1.4/32 Gi0/0/0/1 24.1.1.4 1424 //该Pop（一定是Pop）标签是到达24.1.1.4的标签，这就是我们写静态路由的目的 16003 Pop 33.1.1.1/32 Gi0/0/0/0 23.1.1.3 153104 16004 16 55.1.1.1/32 Gi0/0/0/1 24.1.1.4 61789 //ASBR上到达55.1.1.1的标签为24.1.1.4分配的标签16CE-R7#traceroute 88.1.1.1 source loopback 0 numeric //此时RR设备到达×××v4路由下一跳的LSP连续，那么数据可以正常的在CE站点间发送。Type escape sequence to abort.Tracing the route to 88.1.1.1VRF info: (vrf in name/id, vrf out name/id)1 67.1.1.6 1 msec 0 msec 0 msec2 56.1.1.5 [MPLS: Label 20 Exp 0] 25 msec 26 msec 21 msec3 45.1.1.4 [MPLS: Labels 19/19 Exp 0] 20 msec 22 msec 20 msec4 24.1.1.2 [MPLS: Labels 16003/19 Exp 0] 23 msec 20 msec 19 msec5 23.1.1.3 [MPLS: Label 19 Exp 0] 29 msec 22 msec 24 msec6 13.1.1.1 [MPLS: Label 16003 Exp 0] 23 msec 19 msec 18 msec7 18.1.1.8 20 msec * 29 msec8.3.6 优化标签转发路径解决方案虽然数据可以正常的通信，但请读者仔细观察，其实在我们的拓扑中XR1和XR之间，R4和R6之间存在链路，而且运行了LDP协议，如果此时数据通过这些链路来转发，那么转发效率明显优于现有的转发路径。解决方案是在RR设备上针对MP-EBGP邻居做下一跳不变命令，即保持到达×××v4路由的下一跳为PE设备

RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family vpnv4 RR-R3(config-router-af)#neighbor 55.1.1.1 next-hop-unchanged //针对EBGP做下一跳不变命令，即依旧保持下一跳为PE设备的更新源 ！ RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family vpnv4 unicast RR-R5(config-router-af)#neighbor 33.1.1.1 next-hop-unchanged

验证×××v4路由的下一跳RR-R5#show bgp vpnv4 unicast all BGP table version is 10, local router ID is 55.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:200*>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i

88.1.1.1/32 11.1.1.1 0 100 300 iRR-R3#show bgp vpnv4 unicast all BGP table version is 12, local router ID is 33.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200 77.1.1.1/32 66.1.1.1 0 200 300 i*>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i读者会发现下一跳不可达，很简单，RR上并未得到该路由。解决方案我想读者也很容易想到，只要在BGP协议中通告该路由即可 ASBR-R4(config)#router bgp 200 ASBR-R4(config-router)#address-family ipv4 unicast ASBR-R4(config-router-af)#network 66.1.1.1 mask 255.255.255.255 ！ RP/0/0/CPU0:ASBR-2(config)#router bgp 100 RP/0/0/CPU0:ASBR-2(config-bgp)# RP/0/0/CPU0:ASBR-2(config-bgp)#address-family ipv4 unicast RP/0/0/CPU0:ASBR-2(config-bgp-af)#network 11.1.1.1/32 RP/0/0/CPU0:ASBR-2(config-bgp-af)#commi 在修改完毕下一跳之后，我们来查看下一跳的改变RR-R3#show bgp vpnv4 unicast all BGP table version is 13, local router ID is 33.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200> 77.1.1.1/32 66.1.1.1 0 200 300 I //下一跳由RR改变为PE的更新源，那么此时我们就要关注到达PE更新源的LSP连续问题，当然它还是连续的，不是嘛！>i 88.1.1.1/32 11.1.1.1 0 100 0 300 iRR-R5#show bgp vpnv4 unicast all BGP table version is 11, local router ID is 55.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i> 88.1.1.1/32 11.1.1.1 0 100 300 i让我们来验证最后的优化完毕的转发路径CE-R7#traceroute 88.1.1.1 source loopback 0 numeric //该路径不在经过R3，报文到达R2后直接转发到R1Type escape sequence to abort.Tracing the route to 88.1.1.1VRF info: (vrf in name/id, vrf out name/id)1 67.1.1.6 6 msec 0 msec 1 msec2 56.1.1.5 [MPLS: Label 20 Exp 0] 25 msec 25 msec 27 msec3 45.1.1.4 [MPLS: Labels 21/16003 Exp 0] 24 msec 29 msec 25 msec4 24.1.1.2 [MPLS: Labels 16000/16003 Exp 0] 24 msec 31 msec 26 msec5 12.1.1.1 [MPLS: Label 16003 Exp 0] 23 msec 25 msec 30 msec6 18.1.1.8 26 msec * 26 msec到此Option3实施完毕。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。