1、实验环境
以华为模拟器eNSP为实验环境,结合wireshark抓包进行BGP/MPLS ××× OptionA 控制层面、数据层面以及日常排错三个方面进行研究;如下图所示:
2、配置流程 1)配置IGP与公网MPLS LDP隧道: ① ISP1 PE1: router id 1.1.1.1 ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 12.12.12.0 0.0.0.255 mpls lsr-id 1.1.1.1 mpls mpls ldp interface LoopBack0 ip address 1.1.1.1 255.255.255.255 mpls mpls ldp interface GigabitEthernet0/0/0 ip address 12.12.12.1 255.255.255.0 mpls mpls ldp P1: router id 2.2.2.2 ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 12.12.12.0 0.0.0.255 network 23.23.23.0 0.0.0.255 mpls lsr-id 2.2.2.2 mpls mpls ldp ip address 2.2.2.2 255.255.255.255 mpls mpls ldp interface GigabitEthernet0/0/0 ip address 12.12.12.2 255.255.255.0 mpls mpls ldp interface GigabitEthernet0/0/1 ip address 23.23.23.2 255.255.255.0 mpls mpls ldp ASBR1: router id 3.3.3.3 ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 23.23.23.0 0.0.0.255 mpls lsr-id 3.3.3.3 mpls mpls ldp ip address 3.3.3.3 255.255.255.255 mpls mpls ldp interface GigabitEthernet0/0/1 ip address 23.23.23.3 255.255.255.0 mpls mpls ldp 查看公网路有: <ASBR1>dis ip routing-table protocol ospf Route Flags: R - relay, D - download to fib
Public routing table : OSPF Destinations : 3 Routes : 3
OSPF routing table status : <Active> Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 2 D 23.23.23.2 GigabitEthernet
0/0/1 2.2.2.2/32 OSPF 10 1 D 23.23.23.2 GigabitEthernet 0/0/1 12.12.12.0/24 OSPF 10 2 D 23.23.23.2 GigabitEthernet 0/0/1
OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 查看MPLS LDP session: <ASBR1>dis mpls ldp session
LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted.
PeerID Status LAM SsnRole SsnAge KASent/Rcv
2.2.2.2:0 Operational DU Active 0000:00:18 75/75
TOTAL: 1 session(s) Found. 查看MPLS LSP: <ASBR1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 NULL/1024 -/GE0/0/1
1.1.1.1/32 1024/1024 -/GE0/0/1
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1025/3 -/GE0/0/1
3.3.3.3/32 3/NULL -/-
②ISP2
PE2:
router id 6.6.6.6
ospf 2
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.56.56.0 0.0.0.255
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 56.56.56.6 255.255.255.0
mpls
mpls ldp
P2:
router id 5.5.5.5
ospf 2
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 56.56.56.0 0.0.0.255
network 45.45.45.0 0.0.0.255
mpls lsr-id 5.5.5.5
mpls
mpls ldp
ip address 5.5.5.5 255.255.255.255
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 56.56.56.5 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 45.45.45.5 255.255.255.0
mpls
mpls ldp
ASBR2:
router id 4.4.4.4
ospf 2
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 45.45.45.0 0.0.0.255
mpls lsr-id 4.4.4.4
mpls
mpls ldp
ip address 4.4.4.4 255.255.255.255
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 45.45.45.4 255.255.255.0
mpls
mpls ldp
查看公网路有:
<ASBR2>dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
Public routing table : OSPF Destinations : 3 Routes : 3
OSPF routing table status : <Active> Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
5.5.5.5/32 OSPF 10 1 D 45.45.45.5 GigabitEthernet
0/0/1 6.6.6.6/32 OSPF 10 2 D 45.45.45.5 GigabitEthernet 0/0/1 56.56.56.0/24 OSPF 10 2 D 45.45.45.5 GigabitEthernet 0/0/1
OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 查看MPLS LDP session: <ASBR2>dis mpls ldp session
LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted.
PeerID Status LAM SsnRole SsnAge KASent/Rcv
5.5.5.5:0 Operational DU Passive 0000:00:24 100/100
TOTAL: 1 session(s) Found. 查看MPLS LSP: <ASBR2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
4.4.4.4/32 3/NULL -/-
5.5.5.5/32 NULL/3 -/GE0/0/1
5.5.5.5/32 1024/3 -/GE0/0/1
6.6.6.6/32 NULL/1025 -/GE0/0/1
6.6.6.6/32 1025/1025 -/GE0/0/1
2)配置各个站点CE与PE的×××实例:
①ISP1:
PE1:
ip vpn-instance spi
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance spi
ip address 192.168.1.254 255.255.255.0
ip vpn-instance spd
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
interface GigabitEthernet0/0/2
ip binding vpn-instance spd
ip address 10.10.1.254 255.255.255.0
ping测试站点到网关
②ISP2
PE2:
ip vpn-instance spi
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance spi
ip address 192.168.2.254 255.255.255.0
ip vpn-instance spd
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
interface GigabitEthernet0/0/2
ip binding vpn-instance spd
ip address 10.10.2.254 255.255.255.0
ping测试站点到网关
3)配置MP-EBGP在ISP1 PE1与ISP2 PE2 之间传递×××V4站点×××V4私网路由:
①想要ISP1的PE1与ISP2的PE2建立BGP peer,需要PE1的1.1.1.1 环回口与PE2的6.6.6.6首先三层路由相通;
ASBR1:
bgp 100
undo default ipv4-unicast
peer 34.34.34.4 as-number 200
ipv4-family unicast undo synchronization import-route ospf 1(正常只需要把ospf学到的1.1.1.1导入BGP) peer 34.34.34.4 enable
ASBR2: [ASBR2]dis ip routing-table protocol bgp Route Flags: R - relay, D - download to fib
Public routing table : BGP Destinations : 5 Routes : 5
BGP routing table status : <Active> Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 EBGP 255 2 D 34.34.34.3 GigabitEthernet
0/0/0 ASBR2: [ASBR2]dis current-configuration configuration ospf ospf 2 import-route bgp(正常把MP-EBGP学到的1.1.1.1导入就行) area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 45.45.45.0 0.0.0.255
bgp 200 undo default ipv4-unicast peer 34.34.34.3 as-number 100 ipv4-family unicast undo synchronization import-route ospf 2(把ospf学到的6.6.6.6导入MP-EBGP)) peer 34.34.34.3 enable ASBR1: <ASBR1>dis current-configuration configuration ospf ospf 1 import-route bgp(把MP-EBGP学到的6.6.6.6导入OSPF1) area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 23.23.23.0 0.0.0.255 PE1上ping PE1的6.6.6.6: <PE1>ping -a 1.1.1.1 6.6.6.6 PING 6.6.6.6: 56 data bytes, press CTRL_C to break Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=251 time=70 ms Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=251 time=40 ms Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=251 time=40 ms Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=251 time=50 ms Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=251 time=30 ms
--- 6.6.6.6 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/46/70 ms ②想要ISP1的PE1与ISP2的PE2私网路由想通,PE1的1.1.1.1与PE2的6.6.6.6的公网LSP隧道要通; 在PE1查看6.6.6.6 MPLS的公网标签分配情况: <PE1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
2.2.2.2/32 NULL/3 -/GE0/0/0
2.2.2.2/32 1024/3 -/GE0/0/0
3.3.3.3/32 NULL/1024 -/GE0/0/0
3.3.3.3/32 1025/1024 -/GE0/0/0
1.1.1.1/32 3/NULL -/-
<PE1>dis fib 6.6.6.6
Route Entry Count: 1
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
6.6.6.6/32 12.12.12.2 DGHU t[2451] GE0/0/0 0x0
在FIB表中包括Destination、Mask、Nexthop、Flag、TimeStamp、Interface和TunnelID字段,其中Destination、Mask、Nexthop、Interface字段是与IP路由表的对应字段一样,其他3个字段说明:
①Flag:转发表项的标志,可能是G、H、U、S、D、B、L中一个或多字母组合。
●G(Gateway网关路由):表示下一跳是网关。
●H(Host主机路由):表示该路由为主机路由。
●U(Up可用路由):表示该路由状态是Up。
●S(Static静态路由):表示该路由为手动配置路由。
●D(Dynamic 动态路由):表示该路由为根据路由算法自动生成路由。
●B(Black Hole 黑洞路由):表示下一跳是空接口。
●L(Vlink Route):表示Vlink类型路由
②TimeStamp:转发表项的时间戳,表示该表项已存在的时间,单位是s。
③TunnelID:表示转发表项索引。该值不为0时,表示匹配该项的报文通过对应的隧道进行转发。该值为0时,表示报文不通过隧道转发。
<PE1>dis fib 3.3.3.3 Route Entry Count: 1 Destination/Mask Nexthop Flag TimeStamp Interface TunnelID 3.3.3.3/32 12.12.12.2 DGHU t[56] GE0/0/0 0x3 P1:<P1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 NULL/3 -/GE0/0/0
1.1.1.1/32 1026/3 -/GE0/0/0
2.2.2.2/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE0/0/1
3.3.3.3/32 1027/3 -/GE0/0/1
<P1>dis fib 6.6.6.6
Route Entry Count: 1
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
6.6.6.6/32 23.23.23.3 DGHU t[6087] GE0/0/1 0x0
ASBR1:<ASBR1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 NULL/1026 -/GE0/0/1
1.1.1.1/32 1030/1026 -/GE0/0/1
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1031/3 -/GE0/0/1
3.3.3.3/32 3/NULL -/-
ASBR2 IPV4 MP-EBGP不会给公网6.6.6.6 路由分发标签;
ASBR2与ASBR1 IPV4 MP-EBGP默认路由默认不会携带标签;
[ASBR2]dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
5.5.5.5/32 NULL/3 -/GE0/0/1
5.5.5.5/32 1030/3 -/GE0/0/1
4.4.4.4/32 3/NULL -/-
6.6.6.6/32 NULL/1027 -/GE0/0/1
6.6.6.6/32 1031/1027 -/GE0/0/1
<ASBR1>dis bgp ip routing-table label
ASBR2上配置:
配置ASBR2把6.6.6.6 发给ASBR1时分配标签:
并配置ASBR2与ASBR1 IPV4-MP-EBGP有携带路由标签的能力:
[ASBR2]route-policy label permit node 10
apply mpls-label
bgp 200
peer 34.34.34.3 as-number 100
ipv4-family unicast
undo synchronization
import-route ospf 2
peer 34.34.34.3 enable
peer 34.34.34.3 route-policy label export
peer 34.34.34.3 label-route-capability
ASBR1s上也配置IPv4的MP-BGP有有携带路由标签的能力: bgp 100 peer 34.34.34.4 as-number 200 ipv4-family unicast undo synchronization import-route ospf 1 peer 34.34.34.4 enable peer 34.34.34.4 label-route-capability
此时在ASBR1上查看发现ASBR2 在把6.6.6.6公网路由传给ASBR1时已经分发了标签并且可以在IPV4-MP-EBGP上携带: [ASBR1]dis bgp routing-table label
BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 5
Network NextHop In/Out Label
*> 4.4.4.4 34.34.34.4 NULL/1036 *> 5.5.5.5 34.34.34.4 NULL/1033 *> 6.6.6.6 34.34.34.4 NULL/1035 *> 45.45.45.0 34.34.34.4 NULL/1032 *> 56.56.56.0 34.34.34.4 NULL/1034 ASBR2 IPV4-MP-EBGP给6.6.6.6分配了1035的标签 <P1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 NULL/3 -/GE0/0/0
1.1.1.1/32 1026/3 -/GE0/0/0
2.2.2.2/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE0/0/1
3.3.3.3/32 1027/3 -/GE0/0/1
但是P1上发现ASBR1的LDP无法给从ASBR2 通过IPV4-MP-EBGP的学到6.6.6.6路由分配标签;
ASBR1上LDP默认也不会给BGP路由分发标签
ASBR1上配置:
[ASBR1-mpls]lsp-trigger bgp-label-route
lsp-trigger bgp-label-route命令都用于配置LDP LSP的触发建立策略;(仅适用于带标签的公网BGP路由)
此时查看P1:
<P1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 NULL/3 -/GE0/0/0
1.1.1.1/32 1026/3 -/GE0/0/0
2.2.2.2/32 3/NULL -/-
3.3.3.3/32 NULL/3 -/GE0/0/1
3.3.3.3/32 1027/3 -/GE0/0/1
4.4.4.4/32 NULL/1035 -/GE0/0/1
4.4.4.4/32 1031/1035 -/GE0/0/1
6.6.6.6/32 NULL/1036 -/GE0/0/1
6.6.6.6/32 1032/1036 -/GE0/0/1
5.5.5.5/32 NULL/1037 -/GE0/0/1
5.5.5.5/32 1033/1037 -/GE0/0/1
ASBR1上的LDP给6.6.6.6分配了1032的标签;
同理对于1.1.1.1路由也是如此,配置ASBR1与ASBR2公网MP-EBGP可以携带有标签路由,应用策略使得IPV4-MP-EBGP给各种传递的路由分发MPLS label
ASBR上查看:ASBR1 MP-EBGP(IPV4单播)给1.1.1.1分发1040标签
<ASBR2>dis bgp routing-table label
BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop In/Out Label
*> 1.1.1.1 34.34.34.3 NULL/1040 *> 2.2.2.2 34.34.34.3 NULL/1038 *> 3.3.3.3 34.34.34.3 NULL/1042 *> 4.4.4.4 127.0.0.1 1036/NULL *> 5.5.5.5 45.45.45.5 1033/NULL *> 6.6.6.6 45.45.45.5 1035/NULL *> 12.12.12.0 34.34.34.3 NULL/1039 *> 23.23.23.0 34.34.34.3 NULL/1041 *> 45.45.45.0 45.45.45.4 1032/NULL *> 56.56.56.0 45.45.45.5 1034/NULL 同理ASBR2上配置MPLS 使得LDP可以给BGP路由打上MPLS标签; P2上查看:配置lsp-trigger bgp-label-route之前: <P2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
5.5.5.5/32 3/NULL -/-
4.4.4.4/32 NULL/3 -/GE0/0/1
4.4.4.4/32 1026/3 -/GE0/0/1
6.6.6.6/32 NULL/3 -/GE0/0/0
6.6.6.6/32 1027/3 -/GE0/0/0
配置lsp-trigger bgp-label-route之后:ASBR2 LDP给1.1.1.1分发的1032的标签
<P2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
5.5.5.5/32 3/NULL -/-
4.4.4.4/32 NULL/3 -/GE0/0/1
4.4.4.4/32 1026/3 -/GE0/0/1
6.6.6.6/32 NULL/3 -/GE0/0/0
6.6.6.6/32 1027/3 -/GE0/0/0
3.3.3.3/32 NULL/1040 -/GE0/0/1
3.3.3.3/32 1031/1040 -/GE0/0/1
1.1.1.1/32 NULL/1041 -/GE0/0/1
1.1.1.1/32 1032/1041 -/GE0/0/1
2.2.2.2/32 NULL/1042 -/GE0/0/1
2.2.2.2/32 1033/1042 -/GE0/0/1
PE1上测试:
<PE1>ping -c 1000 -a 1.1.1.1 6.6.6.6 <PE1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1032 -/GE0/0/0
6.6.6.6/32 1034?/1032 -/GE0/0/0
<P1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1036 -/GE0/0/1
6.6.6.6/32 1032/1036 -/GE0/0/1
<ASBR1>dis mpls lsp
LSP Information: BGP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1035 -/-
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1036/1035 -/-
<ASBR1>dis bgp routing-table label
BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop In/Out Label
*> 6.6.6.6 34.34.34.4 NULL/1035 <ASBR2>dis bgp routing-table label
BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop In/Out Label
*> 6.6.6.6 45.45.45.5 1035/NULL <ASBR2>dis mpls lsp
LSP Information: BGP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1035/NULL -/-
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1027 -/GE0/0/1
6.6.6.6/32 1031?/1027 -/GE0/0/1
<P2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/3 -/GE0/0/0
6.6.6.6/32 1027/3 -/GE0/0/0
<PE2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 3/NULL -/-
抓包:
PE1 出口:
P1出口:
ASBR1出口:
ASBR2出口:
P2出口:
注意在ASBR2上关于6.6.6.6路由标签分发上: <ASBR2>dis mpls lsp
LSP Information: BGP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1035/NULL -/-
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1031/1027 -/GE0/0/1
LDP给6.6.6.6分发的1031标签,IPv4-MP-BGP ASBR1给6.6.6.6分发的1035标签;1031的标签不会随路由传给ASBR1;
PE1与PE2正式开始配置×××V4的MP-EBGP路由:
PE1:
bgp 100
undo default ipv4-unicast
peer 6.6.6.6 as-number 200
peer 6.6.6.6 ebgp-max-hop 255
peer 6.6.6.6 connect-interface LoopBack0
ipv4-family unicast undo synchronization undo peer 6.6.6.6 enable
ipv4-family vpnv4 policy vpn-target peer 6.6.6.6 enable
ipv4-family vpn-instance spd network 10.10.1.0 255.255.255.0
ipv4-family vpn-instance spi network 192.168.1.0 PE2: bgp 200 undo default ipv4-unicast peer 1.1.1.1 as-number 100 peer 1.1.1.1 ebgp-max-hop 255 peer 1.1.1.1 connect-interface LoopBack0
ipv4-family unicast undo synchronization undo peer 1.1.1.1 enable
ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable
ipv4-family vpn-instance spd network 10.10.2.0 255.255.255.0
ipv4-family vpn-instance spi network 192.168.2.0 3、控制层面分析 1)CE3的路由192.168.2.0/24传递给CE1过程: ①PE2上连接CE3直连路由: <PE2>dis ip routing-table vpn-instance spi protocol direct Route Flags: R - relay, D - download to fib
spi routing table : Direct Destinations : 4 Routes : 4
Direct routing table status : <Active> Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/1 192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Direct routing table status : <Inactive>
Destinations : 0 Routes : 0
<PE2>dis ip routing-table vpn-instance spi verbose
Destination: 192.168.2.0/24
Protocol: Direct Process ID: 0
Preference: 0 Cost: 0
NextHop: 192.168.2.254 Neighbour: 0.0.0.0
State: Active Adv Age: 03h29m00s
Tag: 0 Priority: high
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D
②把vpn spi中192.168.2.0直连路由导入MP-BGP中: <PE2>dis current-configuration configuration bgp [V200R003C00] bgp 200 undo default ipv4-unicast peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack0 ipv4-family unicast undo synchronization peer 4.4.4.4 enable ipv4-family vpnv4 policy vpn-target peer 4.4.4.4 enable ipv4-family vpn-instance spi network 192.168.2.0 ③PE2 在MP-BGP中192.168.2.0/24路由情况: <PE2>dis bgp vpnv4 vpn-instance spi routing-table label
BGP Local router ID is 6.6.6.6 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 5 Route Distinguisher: 100:1 Network NextHop In/Out Label *> 192.168.2.0 192.168.2.254 1037/NULL <PE2>dis bgp vpnv4 vpn-instance spi routing-table 192.168.2.0
BGP local router ID : 6.6.6.6 Local AS number : 200
×××-Instance spi, Router ID 6.6.6.6:
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 192.168.2.0/24:
Network route.
From: 0.0.0.0 (0.0.0.0)
Route Duration: 02h05m43s
Direct Out-interface: GigabitEthernet0/0/1
Original nexthop: 192.168.2.254
Qos information : 0x0
AS-path Nil, origin igp, MED 0, pref-val 0, valid, local, best, select, pre 0
Not advertised to any peer yet
PE2上的MP-BGP给192.168.2.0的×××v4路由分配的私网标签:
<PE2>dis bgp vpnv4 all routing-table label
BGP Local router ID is 6.6.6.6 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 100:1 Network NextHop In/Out Label
*>i 192.168.1.0 4.4.4.4 NULL/1029 *> 192.168.2.0 192.168.2.254 1037/NULL ④PE1 在MP-BGP中收到192.168.2.0/24路由情况: PE1上收到PE2 MP-EBGP 192.168.2.0 的×××V4路由分的标签1037 <PE1>dis bgp vpnv4 all routing-table label BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 4
Route Distinguisher: 100:1 Network NextHop In/Out Label *> 192.168.2.0 6.6.6.6 NULL/1037 PE1到PE2 6.6.6.6的公网MPLS标签: <PE1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1032 -/GE0/0/0
6.6.6.6/32 1034?/1032 -/GE0/0/0
<P1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1036 -/GE0/0/1
6.6.6.6/32 1032/1036 -/GE0/0/1
<ASBR1>dis mpls lsp
LSP Information: BGP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1035 -/-
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1036/1035 -/-
<ASBR1>dis bgp routing-table label
BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop In/Out Label
*> 6.6.6.6 34.34.34.4 NULL/1035 <ASBR2>dis bgp routing-table label
BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop In/Out Label
*> 6.6.6.6 45.45.45.5 1035/NULL <ASBR2>dis mpls lsp
LSP Information: BGP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1035/NULL -/-
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1027 -/GE0/0/1
6.6.6.6/32 1031?/1027 -/GE0/0/1
<P2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/3 -/GE0/0/0
6.6.6.6/32 1027/3 -/GE0/0/0
<PE2>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 3/NULL -/-
PE1上到6.6.6.6的FIB表: <PE1>dis fib 6.6.6.6 Route Entry Count: 1 Destination/Mask Nexthop Flag TimeStamp Interface TunnelID 6.6.6.6/32 12.12.12.2 DGHU t[12828] GE0/0/0 0x11
4、数据层面分析 1)CE1到CE3的192.168.2.1数据转发分析: ① PC1 192.168.1.1 到网关PE1上的192.168.1.254; ② 在PE1上查询spi vpn实例的路由表查到到192.168.2.0 下一跳为6.6.6.6;私网标签为1037; ③ 路由迭代,查找到路由如下: <PE1>dis ip routing-table 6.6.6.6 Route Flags: R - relay, D - download to fib
Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 6.6.6.6/32 O_ASE 150 1 D 12.12.12.2 GigabitEthernet0/0/0 <PE1>dis fib 6.6.6.6 Route Entry Count: 1 Destination/Mask Nexthop Flag TimeStamp Interface TunnelID 6.6.6.6/32 12.12.12.2 DGHU t[12828] GE0/0/0 0x11 ④MPLS ldp 为 6.6.6.6/32路由分配的公网标签为1032: <PE1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1032 -/GE0/0/0
6.6.6.6/32 1034?/1032 -/GE0/0/0
⑤ 去往192.168.2.1的数据包在PE1上G0/0/0封装如图所示;
PE1的G0/0/0上使能了MPLS,所以进行MPLS2.5层标签转发;
⑥ 在P1上查看标签路径:
<P1>dis fib 6.6.6.6
Route Entry Count: 1
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
6.6.6.6/32 23.23.23.3 DGHU t[12853] GE0/0/1 0x11
<P1>dis mpls lsp
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 NULL/1036 -/GE0/0/1
6.6.6.6/32 1032/1036 -/GE0/0/1
在P1离开接口G0/0/1上抓包发现只留公网标签1036私网标签1037:
⑦ 在ASBR1上BGP路由中发现路由6.6.6.6公网标签(ASBR2 IPV4-MP-EBGP分发)为1035:
BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop In/Out Label
*> 6.6.6.6 34.34.34.4 NULL/1035
离开ASBR1截图:
⑧注意在ASBR2上关于6.6.6.6路由标签分发上:
<ASBR2>dis mpls lsp
LSP Information: BGP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1035/NULL -/-
LSP Information: LDP LSP
FEC In/Out Label In/Out IF Vrf Name
6.6.6.6/32 1031/1027 -/GE0/0/1
LDP给6.6.6.6分发的1031标签,IPv4-MP-BGP ASBR1给6.6.6.6分发的1035标签;1031的标签不会随路由传给ASBR1;
离开ASBR2:
一直×××V4私网标签不变;公网标签不断变化;
⑨、通过路由表到PC3主机:
Ping的截图:
注意:Option C ISP-PE之间跨域主要解决:
1、 PE之间三层路由连通性;2.5层公网LSP连通性;
2、 为了三层路由ASBR1与ASBR2之间公网MP-EBGP连接;公网没有携带与分发MPLS标签能力;
3、 LDP默认在ASBR上不给BGP路由分发标签,哪它不会传给P设备任何关于PE环回地址的标签情况。
