免责声明:
1.本文所使用的软件均来自互联网,作者只为学习目的使用该软件,没有任何软件分发行为。
2.本文所展示的配置只适用于实验环境,不建议在生产环境使用完全相同的配置;由此导致的任何问题,作者不负任何责任。
实验拓扑
IP地址规划
| 设备 | Loopback 0 | Loopback 1 | G1 | G2 |
|---|---|---|---|---|
| CSR1 | 11.1.1.1/32 | 11.1.1.2/32 | 172.16.0.1/30 | 14.1.1.1/30 |
| CSS2 | 22.1.1.1/32 | -- | 172.16.0.2/30 | 172.16.0.6/30 |
| xrv | 33.1.1.1/32 | 33.1.1.2/32 | G0/0/0/2 172.16.0.5/30 | G0/0/0/0 35.1.1.1/30 |
| vIOS4 | 44.1.1.1/32 | -- | G0/0 14.1.1.2/30 | G0/1 45.1.1.1/30 |
| vIOS5 | 55.1.1.1/32 | -- | G0/0 35.1.1.2/30 | G0/1 45.1.1.2/30 |
设备型号及软件版本
| 设备 | 平台 | 软件版本 |
|---|---|---|
| vIOS4、vIOS5 | VIOS-ADVENTERPRISEK9-M | 15.6(2)T |
| CSR1, CSR2 | X86_64_LINUX_IOSD-UNIVERSALK9-M | 16.6.2 |
| XRv | ASR9000 IOS-XR | 6.0.1 |
目标
1. CSR1, CSR2和xrv配置 IS-IS协议作为底层IGP,在此基础上配置segment-routing。
2. CSR1和xrv作为PE设备,配置×××v4 BGP邻居,AS号64512。
3. CSR1和vIOS4配置单区域OSPFv2,进程ID 2019;xrv与vIOS5配置单区域OSPFv2,进程ID 2019;PE设备配置OSPFv2和MP-BGP双向重分布。
4. CSR1和xrv配置loopback 1接口,将该接口划分为客户VRF下,并在MP-BGP进程,客户VRF下宣告主机路由。
5. CSR1和xrv的OSPFv2配置sham-link
配置步骤
MPLS ×××基本配置步骤:
1.配置IGP,
2.配置MPLS(segment-routing),
3.配置MP-BGP,
4.配置VRF,
5.配置PE-CE路由协议,
6.PE 配置MP-BGP和VRF路由重分布。
IOS-XE和IOS-XR配置IGP(IS-IS)
设备接口IP地址配置(略)
- XEv3
router isis igp is-type level-2-only !---配置ISIS为骨干区域 net 49.2019.0519.0001.00 log-adjacency-changes !---记录邻接log信息 metric-style wide !---使能isis宽度量 exit interface Loopback0 ip router isis igp interface GigabitEthernet1 ip router isis igp isis circuit-type level-2-only !---修改链路为level-2 isis network point-to-point !---修改ISIS网络类型
- XRv4
router isis igp is-type level-2-only net 49.2019.0519.0003.00 log adjacency changes address-family ipv4 unicast metric-style wide interface Loopback0 address-family ipv4 unicast interface GigabitEthernet0/0/0/0 address-family ipv4 unicast circuit-type level-2-only point-to-point commit
2 验证IS-IS
CSR2#show ip route isis | b bn 11.0.0.0/32 is subnetted, 1 subnets i L2 11.1.1.1 [115/20] via 172.16.0.1, 1d00h, GigabitEthernet1 33.0.0.0/32 is subnetted, 1 subnets i L2 33.1.1.1 [115/20] via 172.16.0.5,19:06:28, GigabitEthernet2
RP/0/0/CPU0:xrv#show route ipv4 isis i L2 11.1.1.1/32 [115/30] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2 i L2 22.1.1.1/32 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2 i L2 172.16.0.0/30 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2
3 配置MPLS(segment-routing)
- XEv3
segment-routing mpls connected-prefix-sid-map address-family ipv4 11.1.1.1/32 index 1 range 1 exit-address-family router isis igp segment-routing mpls
- XRv4
segment-routing router isis igp address-family ipv4 unicast metric-style wide segment-routing mpls
interface Loopback0 address-family ipv4 unicast prefix-sid index 33 commit
4 验证MPLS
CSR1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 172.16.0.2-A 0 Gi1 172.16.0.2
21 Pop Label 11.1.1.2/32[V] 0 aggregate/ospf 16022 Pop Label 22.1.1.1/32 0 Gi1 172.16.0.2
16033 16033 33.1.1.1/32 0 Gi1 172.16.0.2
RP/0/0/CPU0:xrv#show mpls forwarding Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
16011 16011 SR Pfx (idx 11) Gi0/0/0/2 172.16.0.6 208166
16022 Pop SR Pfx (idx 22) Gi0/0/0/2 172.16.0.6 0
24006 Pop SR Adj (idx 1) Gi0/0/0/2 172.16.0.6 0
24007 Pop SR Adj (idx 3) Gi0/0/0/2 172.16.0.6 0
5 配置MP-BGP
- CSR1
router bgp 64512 bgp router-id 11.1.1.1 no bgp default ipv4-unicast neighbor 33.1.1.1 remote-as 64512 neighbor 33.1.1.1 update-source Loopback0 address-family ***v4 neighbor 33.1.1.1 activate
- xrv
router bgp 64512 bgp router-id 33.1.1.1 address-family ***v4 unicast neighbor 11.1.1.1 remote-as 64512 update-source Loopback0 address-family ***v4 unicast commit
- 验证如下:
CSR1#show bgp ***v4 unicast all sum | b gh Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 33.1.1.1 4 64512 1254 1429 315 0 0 20:17:43 4
RP/0/0/CPU0:xrv#show bgp ***v4 unicast summary | b gh Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 11.1.1.1 0 64512 1890 1674 249 0 0 20:18:04 4
6 配置VRF and PE-CE routing protocol
6.1定义VRF
- CSR1
vrf definition AAA rd 64512:4 address-family ipv4 route-target export 64512:45 route-target import 64512:45 exit-address-family
- xrv
vrf AAA address-family ipv4 unicast import route-target 64512:45 export route-target 64512:45
6.2 PE to CE Interface config
- CSR1
interface GigabitEthernet2 vrf forwarding AAA ip address 14.1.1.1 255.255.255.252 no shutdown
- xrv
interface GigabitEthernet0/0/0/0 vrf AAA ipv4 address 35.1.1.1 255.255.255.252 no shutdown
6.3 PE OSPFv2 config
- CSR1
router ospf 2019 vrf AAA router-id 14.1.1.1 interface GigabitEthernet2 ip ospf network point-to-point ip ospf 14 area 0
- xrv
router ospf 35 address-family ipv4 unicast vrf AAA router-id 35.1.1.1 address-family ipv4 unicast area 0 interface GigabitEthernet0/0/0/0 network point-to-point
6.4 CE OSPFv2 config
- vIOS4
interface GigabitEthernet0/0 ip address 14.1.1.2 255.255.255.252 no shutdown ip ospf 2019 area 0 ip ospf network point-to-point router ospf 2019 router-id 44.1.1.1
- vIOS5
interface GigabitEthernet0/0 ipv4 address 35.1.1.2 255.255.255.252 no shutdown ip ospf 2019 area 0 ip ospf network point-to-point router ospf 2019 router-id 55.1.1.1
6.5 PE OSPFv2 and MP-BGP redistribute
- CSR1
router ospf 14 vrf AAA redistribute bgp 64512 metric-type 1 subnets interface GigabitEthernet2 router bgp 64512 address-family ipv4 vrf AAA redistribute ospf 14 match internal external 1 external 2
- xrv
router ospf 35 vrf AAA redistribute bgp 64512 metric-type 1 router bgp 64512 vrf AAA rd 64512:5 address-family ipv4 unicast redistribute ospf 35 match internal external
6.6 验证PE-CE OSPFv2配置
CSR1#show ip route vrf AAA ospf | b bn 35.0.0.0/30 is subnetted, 1 subnets O 35.1.1.0 [110/2] via 33.1.1.1, 00:00:32 44.0.0.0/32 is subnetted, 1 subnets O 44.1.1.1 [110/2] via 14.1.1.2, 00:00:34, GigabitEthernet2 45.0.0.0/29 is subnetted, 1 subnets O IA 45.1.1.0 [110/20001] via 14.1.1.2, 00:00:34, GigabitEthernet2
vIOS4#sho ip route ospf | b bn 35.0.0.0/30 is subnetted, 1 subnets O E1 35.1.1.0 [110/2] via 14.1.1.1, 00:23:54, GigabitEthernet0/0 55.0.0.0/32 is subnetted, 1 subnets O E1 55.1.1.1 [110/3] via 14.1.1.1, 00:23:54, GigabitEthernet0/0
vIOS4#ping 55.1.1.1 sour lo 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 seconds: Packet sent with a source address of 44.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 11/15/33 ms vIOS4#traceroute 55.1.1.1 sour lo 0 Type escape sequence to abort. Tracing the route to 55.1.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 14.1.1.1 8 msec 5 msec 3 msec 2 172.16.0.2 [MPLS: Labels 16033/24003 Exp 0] 19 msec 25 msec 10 msec 3 172.16.0.5 [MPLS: Label 24003 Exp 0] 13 msec 12 msec 8 msec 4 35.1.1.2 12 msec 19 msec * vIOS4#
CSR1#sho bgp v4 uni all 44.1.1.1 BGP routing table entry for 64512:4:44.1.1.1/32, version 383 Paths: (1 available, best #1, table AAA) Advertised to update-groups: 5
Refresh Epoch 1 Local 14.1.1.2 (via vrf ospf) from 0.0.0.0 (11.1.1.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x0000000E0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:14.1.1.1:0 mpls labels in/out 23/nolabel rx pathid: 0, tx pathid: 0x0 !--- DOMAIN ID:0x0005:0x0000000E0200 16进制E*=10进制14(CSR1 ospfv2 进程ID)
6.7 修改/添加ospfv2 DOMAIN ID
- IOS-XR默认不携带DOMAIN ID值
RP/0/0/CPU0:xrv#show bgp ***v4 uni vrf ospf 55.1.1.1/32
BGP routing table entry for 55.1.1.1/32, Route Distinguisher: 64512:5 Versions: Process bRIB/RIB SendTblVer Speaker 345 345 Local Label: 24003 Last Modified: May 22 02:21:42.463 for 06:05:44 Paths: (1 available, best #1) Advertised to peers (in unique update groups): 11.1.1.1
Path #1: Received by speaker 0 Advertised to peers (in unique update groups): 11.1.1.1
Local 35.1.1.2 from 0.0.0.0 (33.1.1.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, redistributed, best, group-best, import-candidate Received Path ID 0, Local Path ID 1, version 345 Extended community: OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45CSR1#show bgp ***v4 uni vrf AAA 55.1.1.1/32 BGP routing table entry for 64512:4:55.1.1.1/32, version 417 Paths: (1 available, best #1, table ospf, RIB-failure(17)) Not advertised to any peer Refresh Epoch 1 Local, imported path from 64512:5:55.1.1.1/32 (global) 33.1.1.1 (metric 30) (via default) from 33.1.1.1 (33.1.1.1) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:64512:45 OSPF RT:0.0.0.0:1:0 OSPF ROUTER ID:35.1.1.1:0 mpls labels in/out nolabel/24003 rx pathid: 0, tx pathid: 0x0
- 在IOS-XR设备添加DOMAIN ID
RP/0/0/CPU0:xrv#conf RP/0/0/CPU0:xrv(config)#router ospf 35 RP/0/0/CPU0:xrv(config-ospf)#vrf AAA RP/0/0/CPU0:xrv(config-ospf-vrf)#domain-id type 0005 value 000000230200 RP/0/0/CPU0:xrv(config-ospf-vrf)#commit !--- 23(hex)=35(dec) RP/0/0/CPU0:xrv(config-ospf-vrf)#do show bgp ***v4 uni vrf ospf 55.1.1.1/32 | in community Wed May 22 09:38:03.422 UTC Extended community: OSPF domain-id:0x5:0x000000230200 OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45
CSR1#show bgp ***v4 uni vrf ospf 55.1.1.1/32 | i unity Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x000000230200
6.8 配置CE之间的backdoor link
- vIOS5
interface GigabitEthernet0/1 ip address 45.1.1.5 255.255.255.248 ip ospf network point-to-point ip ospf 2019 area 45 ip ospf cost 20000 !---模拟×××链路故障,在vIOS5上手工shutdown链路 vIOS5(config-if)#int g0/0 vIOS5(config-if)#shu *May 20 10:17:09.190: %OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *May 20 10:17:11.136: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down *May 20 10:17:12.137: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down vIOS5(config-if)# vIOS5(config-if)#do sho ip route ospf | b bn 14.0.0.0/30 is subnetted, 1 subnets O IA 14.1.1.0 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1 35.0.0.0/30 is subnetted, 1 subnets O 35.1.1.0 [110/20003] via 45.1.1.4, 00:00:33, GigabitEthernet0/1 44.0.0.0/32 is subnetted, 1 subnets O IA 44.1.1.1 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1 vIOS5(config-if)# !---在vIOS4上查看ospf路由 vIOS4#sho ip route ospf | b bn 35.0.0.0/30 is subnetted, 1 subnets O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:09:31, GigabitEthernet0/0 55.0.0.0/32 is subnetted, 1 subnets O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:09:31, GigabitEthernet0/0 vIOS4#sho ip route ospf | b bn 35.0.0.0/30 is subnetted, 1 subnets O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:11:41, GigabitEthernet0/0 55.0.0.0/32 is subnetted, 1 subnets O IA 55.1.1.1 [110/20001] via 45.1.1.5, 00:00:05, GigabitEthernet0/1 !---恢复链路 vIOS5(config-if)#no shu *May 20 10:18:48.972: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up *May 20 10:18:49.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *May 20 10:19:04.220: %OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
vIOS4#sho ip route ospf | b bn 35.0.0.0/30 is subnetted, 1 subnets O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:14:48, GigabitEthernet0/0 55.0.0.0/32 is subnetted, 1 subnets O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:01:18, GigabitEthernet0/0
6.9 配置OSPFv2 sham-link
6.9.1 Config loopback 1 and propaganda into BGP VRF address-family IPv4
- CSR1
interface Loopback1 vrf forwarding ospf ipv4 address 11.1.1.2 255.255.255.255 router bgp 64512 address-family ipv4 vrf AAA network 11.1.1.2 mask 255.255.255.255
- xrv
interface Loopback1 vrf AAA ipv4 address 33.1.1.2 255.255.255.255 router bgp 64512 vrf AAA address-family ipv4 unicast network 33.1.1.2/32
6.9.2 Under OSPFv2 process config sham-link
- CSR1
router ospf 14 vrf AAA area 0 sham-link 11.1.1.2 33.1.1.2 cost 200
- xrv
router ospf 35 vrf AAA address-family ipv4 unicast area 0 sham-link 33.1.1.2 11.1.1.2 cost 200
6.10 验证sham-ink
CSR1(config-router)#area 0 sham-link 11.1.1.2 33.1.1.2 cost 200 CSR1(config-router)#do sho ip ospf neig *May 22 08:45:02.593: %OSPF-5-ADJCHG: Process 14, Nbr 35.1.1.1 on OSPF_SL3 from LOADING to FULL, Loading Done Neighbor ID Pri State Dead Time Address Interface 35.1.1.1 0 FULL/ - 00:00:37 33.1.1.2 OSPF_SL3 44.1.1.1 0 FULL/ - 00:00:34 14.1.1.2 GigabitEthernet2
CSR1#show ip route vrf AAA ospf | b bn 35.0.0.0/30 is subnetted, 1 subnets O 35.1.1.0 [110/201] via 33.1.1.1, 01:04:13 44.0.0.0/32 is subnetted, 1 subnets O 44.1.1.1 [110/2] via 14.1.1.2, 01:05:46, GigabitEthernet2 45.0.0.0/29 is subnetted, 1 subnets O IA 45.1.1.0 [110/20001] via 14.1.1.2, 01:05:46, GigabitEthernet2 55.0.0.0/32 is subnetted, 1 subnets O 55.1.1.1 [110/202] via 33.1.1.1, 01:04:13 vIOS4#sho ip route ospf | b bn 11.0.0.0/32 is subnetted, 1 subnets O E1 11.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0 33.0.0.0/32 is subnetted, 1 subnets O E1 33.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0 35.0.0.0/30 is subnetted, 1 subnets O 35.1.1.0 [110/202] via 14.1.1.1, 01:04:42, GigabitEthernet0/0 55.0.0.0/32 is subnetted, 1 subnets O 55.1.1.1 [110/203] via 14.1.1.1, 01:04:42, GigabitEthernet0/0
6.11 隐藏sham-link地址
- CSR1:
ip prefix-list conn seq 5 permit 11.1.1.2/32 ip prefix-list conn seq 10 permit 33.1.1.2/32 route-map deny-conn deny 10 match ip address prefix-list conn route-map deny-conn permit 20 CSR1(config-router-af)#router ospf 14 vrf ospf CSR1(config-router)#redis bgp 64512 subnets route-map deny-conn
- xrv:
prefix-set conn 11.1.1.2/32, 33.1.1.2/32 end-set
route-policy deny-conn if destination in conn then drop else pass endif end-policy
RP/0/0/CPU0:xrv(config)#router ospf 35 RP/0/0/CPU0:xrv(config-ospf)#vrf ospf RP/0/0/CPU0:xrv(config-ospf-vrf)#redist bgp 64512 route-policy deny-conn RP/0/0/CPU0:xrv(config-ospf-vrf)#commit
vIOS5#sho ip route ospf | b bn 14.0.0.0/30 is subnetted, 1 subnets O 14.1.1.0 [110/202] via 35.1.1.1, 00:07:05, GigabitEthernet0/0 44.0.0.0/32 is subnetted, 1 subnets O 44.1.1.1 [110/203] via 35.1.1.1, 00:07:05, GigabitEthernet0/0 CE设备看不到sham-link地址
