MPLS ×××实验之OSPF sham-link

原创

717465139 2013-07-02 11:37:30 ©著作权

文章标签 ospf mpls-vpn sham-link 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者717465139的原创作品，请联系作者获取转载授权，否则将追究法律责任

配置Sham-Link 时，需要满足以下条件：

＊在PE 上单独创建/3 2 位的地址，在PE 之间使用这个地址来建立 Sham-Link 。

＊这个／32位地址的接口必须放入相应的VRF。

＊这个／32位地址必须在B GP 里发布，而不能在OSPF里发布。

注：Sham-Link 是有COST值的，PE 穿越MPLS ×××骨干网络的OSPF CO ST值，就是Sham-Link 的CO ST值，如果没有后门链路，Sham-Link 就不需要创建了。

说明: 在上图中，CE 路由器R3和R4上分别有地址33.3.3.3和44.4.4.4，配置 Sham-Link使PE 路由器到达远程场点地址从MPLS ×××骨干网络中传输。

1．配置R1与R2的路由协议为RIP-sh run 配置

R1#sh run | s r r

router rip

version 2

network 1.0.0.0

network 10.0.0.0

no auto-summary

R2#sh run | s r r

router rip

version 2

network 2.0.0.0

network 10.0.0.0

no auto-summary

2．在R1与R2上配置MPLS

ip cef

mpls label range 100 199

mpls label protocol ldp

mpls ldp router-id lo0 force

interface Ethernet1/0

ip address 10.1.12.1 255.255.255.0

mpls ip

ip cef

mpls label range 200 299

mpls label protocol ldp

mpls ldp router-id lo0 force

interface Ethernet1/1

ip address 10.1.12.2 255.255.255.0

mpls ip

3.配置MPLS ×××

R1#sh run | s ip vrf

ip vrf vpn1

rd 1:100

route-target export 1:100

route-target import 1:100

R1(config)#int e1/1

R1(config -i f)#ip vrf forwarding vpn1

R2#sh run | s ip vrf

ip vrf vpn1

rd 1:100

route-target export 1:100

route-target import 1:100

R2(config)#int e1/0

R2(config -i f)#ip vrf forwarding vpn1

4．配置OSPF

R1#sh run | s r o

router ospf 1 vrf vpn1

router-id 1.1.1.1

network 1.1.1.0 0.0.0.255 area 1

network 10.1.13.0 0.0.0.255 area 1

R2#sh run | s r o

router ospf 1 vrf vpn1

router-id 2.2.2.2

network 2.2.2.0 0.0.0.255 area 1

network 10.1.24.0 0.0.0.255 area 1

R3#sh run | s r o

router ospf 1

router-id 3.3.3.3

network 3.3.3.0 0.0.0.255 area 1

network 10.1.13.0 0.0.0.255 area 1

network 10.1.34.0 0.0.0.255 area 1

network 33.3.3.3 0.0.0.0 area 1

R4#sh run | s r o

router ospf 1

router-id 4.4.4.4

network 4.4.4.0 0.0.0.255 area 1

network 10.1.24.0 0.0.0.255 area 1

network 10.1.34.0 0.0.0.255 area 1

network 44.4.4.4 0.0.0.0 area 1

5.配置MP-BGP

R1#sh run | s r b

router bgp 12

bgp router-id 1.1.1.1

bgp log-neighbor-changes

neighbor 2.2.2.2 remote-as 12

neighbor 2.2.2.2 update-source Loopback0

address-family vpnv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community extended

exit-address-family

address-family ipv4 vrf vpn1

network 100.1.1.1 mask 255.255.255.255

redistribute ospf 1

exit-address-family

R2#sh run | s r b

router bgp 12

bgp router-id 2.2.2.2

bgp log-neighbor-changes

neighbor 1.1.1.1 remote-as 12

neighbor 1.1.1.1 update-source Loopback0

address-family vpnv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extended

exit-address-family

address-family ipv4 vrf vpn1

network 200.1.1.1 mask 255.255.255.255

redistribute ospf 1

exit-address-family

6.查看路由

(1)查看PE路由器R1 bgp的路由

R1#sh ip bgp vpnv4 all

BGP table version is 8, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf vpn1)

* i3.3.3.3/32 2.2.2.2 21 100 0 ?

*> 10.1.13.3 11 32768 ?

* i4.4.4.4/32 2.2.2.2 11 100 0 ?

*> 10.1.13.3 21 32768 ?

* i10.1.13.0/24 2.2.2.2 30 100 0 ?

*> 0.0.0.0 0 32768 ?

* i10.1.24.0/24 2.2.2.2 0 100 0 ?

*> 10.1.13.3 30 32768 ?

* i10.1.34.0/24 2.2.2.2 20 100 0 ?

*> 10.1.13.3 20 32768 ?

* i33.3.3.3/32 2.2.2.2 21 100 0 ?

*> 10.1.13.3 11 32768 ?

* i44.4.4.4/32 2.2.2.2 11 100 0 ?

*> 10.1.13.3 21 32768 ?

说明: PE路由器 R1到达 33.3.3.3和44.4.4.4都从 CE路由器 R3走。

(２)查看PE路由器R1 vrf的路由

R1#sh ip route vrf vpn1

Routing Table: vpn1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/11] via 10.1.13.3, 00:15:24, Ethernet1/1

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/21] via 10.1.13.3, 00:07:17, Ethernet1/1

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.1.13.0/24 is directly connected, Ethernet1/1

L 10.1.13.1/32 is directly connected, Ethernet1/1

O 10.1.24.0/24 [110/30] via 10.1.13.3, 00:07:17, Ethernet1/1

O 10.1.34.0/24 [110/20] via 10.1.13.3, 00:07:17, Ethernet1/1

33.0.0.0/32 is subnetted, 1 subnets

O 33.3.3.3 [110/11] via 10.1.13.3, 00:08:04, Ethernet1/1

44.0.0.0/32 is subnetted, 1 subnets

O 44.4.4.4 [110/21] via 10.1.13.3, 00:07:17, Ethernet1/1

说明: PE路由器 R1到达 33.3.3.3和44.4.4.4都从 CE路由器 R3走。

7.在PE路由器之间创建Sham-Link

(1)在PE路由器上创建/32 位loopback地址

R1#sh run int l100

interface Loopback100

ip vrf forwarding vpn1 -------在配置完此命令后，地址会消失，需要重新配置IP。

ip address 100.1.1.1 255.255.255.255

end

说明: 创建的/32 位地址必须放入 VRF。

R2#sh run int l100

interface Loopback100

ip vrf forwarding vpn1

ip address 200.1.1.1 255.255.255.255

说明: 创建的/32 位地址必须放入 VRF。

(2)将/32 位地址在MP-BGP 里发布

R1(config)#router bg 12

R1(config-router)#address-family ipv4 vrf vpn1

R1(config-router-af)#network 100.1.1.1 mask 255.255.255.255

R2(config)#router bg 12

R2(config-router)#address-family ipv4 vrf vpn1

R2(config-router-af)#network 200.1.1.1 mask 255.255.255.255

(3) 创建Sham-Link

R1(config)#router ospf 2 vrf vpn1

r1(config-router)#area 1 sham-link 100.1.1.1 200.1.1.1 cost 10

说明: 创建Sham-Link 时，要指定源地址和目的地址，并且指明COST 值。

R2:

R2(config)#router ospf 1 vrf vpn1

R2(config-router)#area 1 sham-link 200.1.1.1 100.1.1.1 cost 10

说明: 创建Sham-Link 时，要指定源地址和目的地址，并且指明COST 值。

8．查看结果

(1)在PE路由器R1,R2上查看 Sham-Link

R1#sh ip os sham-links

Sham Link OSPF_SL0 to address 200.1.1.1 is up

Area 1 source address 100.1.1.1

Run as demand circuit

DoNotAge LSA allowed. Cost of using 10 State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40,

Hello due in 00:00:00

Adjacency State FULL (Hello suppressed)

Index 2/2, retransmission queue length 0, number of retransmission 0

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

R2#sh ip os sham-links

Sham Link OSPF_SL0 to address 100.1.1.1 is up

Area 1 source address 200.1.1.1

Run as demand circuit

DoNotAge LSA allowed. Cost of using 10 State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40,

Hello due in 00:00:08

Adjacency State FULL (Hello suppressed)

Index 2/2, retransmission queue length 0, number of retransmission 0

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

说明: Sham-Link建立成功。

(2)在PE路由器R1上查看 MP-BGP 的路由

R1#sh ip bgp vpnv4 all

BGP table version is 14, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf vpn1)

*> 3.3.3.3/32 10.1.13.3 11 32768 ?

r>i4.4.4.4/32 2.2.2.2 11 100 0 ?

*> 10.1.13.0/24 0.0.0.0 0 32768 ?

r>i10.1.24.0/24 2.2.2.2 0 100 0 ?

* i10.1.34.0/24 2.2.2.2 20 100 0 ?

*> 10.1.13.3 20 32768 ?

*> 33.3.3.3/32 10.1.13.3 11 32768 ?

r>i44.4.4.4/32 2.2.2.2 11 100 0 ?

*> 100.1.1.1/32 0.0.0.0 0 32768 i

*>i200.1.1.1/32 2.2.2.2 0 100 0 i

说明: 到达远程场点44.4.4.4 的路径选择从MPLS ××× 骨干网络中走。

(3)在PE路由器R1上查看 VRF 的路由

R1#sh ip route vrf vpn1

Routing Table: vpn1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/11] via 10.1.13.3, 01:15:29, Ethernet1/1

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/21] via 10.1.13.3, 01:07:22, Ethernet1/1

[110/21] via 200.1.1.1, 00:51:32

[110/21] via 2.2.2.2, 00:51:32

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.1.13.0/24 is directly connected, Ethernet1/1

L 10.1.13.1/32 is directly connected, Ethernet1/1

O 10.1.24.0/24 [110/20] via 2.2.2.2, 00:51:32

O 10.1.34.0/24 [110/20] via 10.1.13.3, 01:07:22, Ethernet1/1

33.0.0.0/32 is subnetted, 1 subnets

O 33.3.3.3 [110/11] via 10.1.13.3, 01:08:09, Ethernet1/1

44.0.0.0/32 is subnetted, 1 subnets

O 44.4.4.4 [110/21] via 2.2.2.2, 00:51:32

100.0.0.0/32 is subnetted, 1 subnets

C 100.1.1.1 is directly connected, Loopback100

200.1.1.0/32 is subnetted, 1 subnets

B 200.1.1.1 [200/0] via 2.2.2.2, 00:54:01

说明: 到达远程场点44.4.4.4 的路径选择从MPLS ××× 骨干网络中走。

注：因为sham-link 是要COST 值的，相当于物理接口，要调整CE 的选路，请调整

sham-link和各接口COST值来完成。

上一篇：mpls-vpn实验之内部通信、外部通信

下一篇：Wireshark抓包工具使用教程以及常用抓包规则

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯