MPLS ×××数据详细转发流程示意图:
配置思路:
在自治系统AS100中配置IGP,使得两台PE路由器的lo 0接口路由可达;
两台PE路由器路由可达后,在两台PE路由器之间建立MP-iBGP邻居关系,用来传输×××V4路由;
AS100中所有P路由器和PE路由器运行MPLS,并使用LDP来给非BGP路由分发标签;
在PE路由器和CE路由器之间运行ospf路由协议,使得PE路由器的VRF路由表可以学习到CE路由器的路由;
将PE路由器VRF学习到的路由重分发进BGP,使得对端PE路由器可以通过MP-iBGP邻居关系学习到×××V4路由;
将BGP路由在PE路由器上充分发进ce端ospf,使得CE路由器可以学习到相互的私有路由
上述拓扑基本配置
R1配置:
ip cef
!
ip vrf cisco
rd100:1
route-target export 100:2
route-target import 100:2
!
mpls label range 100 199
mpls label protocol ldp
interface Loopback0
ipaddress 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
ipvrf forwarding cisco
ipaddress 10.1.15.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
ipaddress 10.1.12.1 255.255.255.0
half-duplex
mplslabel protocol ldp
mplsip
!
router ospf 1 vrf cisco
log-adjacency-changes
redistribute bgp 100 subnets
network 10.1.15.0 0.0.0.255 area 0
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.0 0.0.0.255 area 0
!
router bgp 100
bgprouter-id 1.1.1.1
bgplog-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
neighbor 4.4.4.4 activate
noauto-summary
nosynchronization
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute ospf 1 vrf cisco match internalexternal 1 external 2
nosynchronization
exit-address-family
!
no ip http server
!
mpls ldp router-id Loopback0
R2配置:
ip cef
!
mpls label range 200 299
mpls label protocol ldp
!
interface Loopback0
ipaddress 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ipaddress 10.1.23.2 255.255.255.0
half-duplex
mplslabel protocol ldp
mplsip
!
interface Ethernet0/1
ipaddress 10.1.12.2 255.255.255.0
half-duplex
mplslabel protocol ldp
mplsip
!
router ospf 100
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0
!
no ip http server
!
mpls ldp router-id Loopback0
R3配置:
ip cef
!
mpls label range 300 399
mpls label protocol ldp
!
interface Loopback0
ipaddress 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ipaddress 10.1.23.3 255.255.255.0
half-duplex
mplslabel protocol ldp
mplsip
!
interface Ethernet0/1
ipaddress 10.1.34.3 255.255.255.0
half-duplex
mplslabel protocol ldp
mplsip
!
router ospf 100
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 10.1.23.0 0.0.0.255 area 0
network 10.1.34.0 0.0.0.255 area 0
!
no ip http server
!
mpls ldp router-id Loopback0
R4配置:
ip cef
!
ip vrf cisco
rd100:4
route-target export 100:2
route-target import 100:2
!
mpls label range 400 499
mpls label protocol ldp
!
interface Loopback0
ipaddress 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
ipvrf forwarding cisco
ip address10.1.46.4 255.255.255.0
half-duplex
!
interface Ethernet0/1
ipaddress 10.1.34.4 255.255.255.0
half-duplex
mplslabel protocol ldp
mplsip
!
router ospf 1 vrf cisco
log-adjacency-changes
redistribute bgp 100 subnets
network 10.1.46.0 0.0.0.255 area 0
!
router ospf 100
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 10.1.34.0 0.0.0.255 area 0
!
router bgp 100
bgplog-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
!
address-family ipv4
neighbor 1.1.1.1 activate
noauto-summary
nosynchronization
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute ospf 1 vrf cisco match internalexternal 1 external 2
nosynchronization
exit-address-family
!
mpls ldp router-id Loopback0
R5配置:
ip cef
interface Loopback0
ipaddress 5.5.5.5 255.255.255.255
!
interface Ethernet0/0
ipaddress 10.1.15.5 255.255.255.0
half-duplex
!
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 10.1.15.0 0.0.0.255 area 0
R6配置:
ip cef
interface Loopback0
ipaddress 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
ipaddress 10.1.46.6 255.255.255.0
half-duplex
!
router ospf 1
router-id 6.6.6.6
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
network10.1.46.0 0.0.0.255 area 0
分析:
当R1和R4建立MP-iBG邻居关系后,R1在将从VRF cisco中学习到的路由5.5.5.5/32发送给R4时将携带RD 100:1,并且分配标签为106,如下:
R1#show ip bgp vpnv4 rd 100:1 labels
Network Next Hop In label/Out label
RouteDistinguisher: 100:1(cisco)
5.5.5.5/32 10.1.15.5 106/nolabel
R4#SHOw ip bgp vpnv4 rd 100:1 labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
5.5.5.5/32 1.1.1.1 nolabel/106
注意:BGP只会为每一个×××V4前缀分配一个标签,这个标签用来说明报文的下一跳是谁,也就是说如果×××V4在MP-BGP传输的过程中,如果×××V4前缀的下一跳不发生变化,那么途径的BGP路由器将没有权利修改标签。
以下是MP-iBGP在vpnv4路由更新时的调试信息:
*Mar 1 00:06:27.167: vpn:bgp_vpnv4_alloc_tag route_tag_change for cisco:5.5.5.5/255.255.255.255
*Mar 1 00:06:27.167: vpn:tag_vpn_find_route_tags: 100:1:5.5.5.5
*Mar 1 00:06:27.171: vpn:intag=106, outtag=unknown, outtag owner=BGP
*Mar 1 00:04:29.171: vpn: bgp_vpnv4_bnetinit: 100:4:6.6.6.6/32
*Mar 1 00:04:29.175: BGP: Accepted path from 4.4.4.4
*Mar 1 00:04:42.131: vpn:bgp_vpnv4_bnetinit: 100:1:6.6.6.6/32
*Mar 1 00:04:42.283: vpn:tag_vpn_find_route_tags: 100:1:6.6.6.6
*Mar 1 00:04:42.287: vpn:intag=vpn-route, outtag=405, outtag owner=BGP
可以看到R1学习到的100:4:6.6.6.6的outlable标签为405,是R4所分配
R1给前缀100:1:5.5.5.5,分配的in lable 标签为106
在R5上查看,可以看到R5已经学习到了6.6.6.6/32的路由信息,R6同理会学到5.5.5.5/32的路由
R5#show ip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
O IA 6.6.6.6 [110/21] via10.1.15.1, 00:13:02, Ethernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.15.0 is directly connected, Ethernet0/0
O IA 10.1.46.0 [110/11] via 10.1.15.1, 00:13:02, Ethernet0/0
你会发现从MP-iBGP重分发进入的路由是域间路由标识IA,原因如下:
为OSPF工作的BGP扩展属性使得OSPF路由可以完全的在远端PE路由器上重建,路由类型让远端PE路由器了解到什么类型的路由在OSPF中通告。如果是类型1和2或者3的话,远程PE路由器将会通告一条域间汇总路由到OSPF中。
在PE路由器R1上查看VRF路由表:
R1#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/11] via 10.1.15.5, 00:55:43, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [200/11] via 4.4.4.4, 00:57:23
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.15.0 is directly connected, Ethernet0/0
B 10.1.46.0 [200/0] via 4.4.4.4, 00:57:23
可以看到去往6.6.6.6/32的路由为BGP路由,并且下一跳为4.4.4.4
查看6.6.6.6的vpn 标签:
R1#show ip bgp vpnv4 rd 100:4 LAbels
Network Next Hop In label/Out label
Route Distinguisher: 100:4
6.6.6.6/32 4.4.4.4 nolabel/405
可以看到6.6.6.6的vpn outlable标签为405,当数据在进入VRF cisco后将添加底部标签405
查看4.4.4.4的LDP标签
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
100 Pop tag 10.1.23.0/24 0 Et0/1 10.1.12.2
101 203 10.1.34.0/24 0 Et0/1 10.1.12.2
102 Pop tag 2.2.2.2/32 0 Et0/1 10.1.12.2
103 201 3.3.3.3/32 0 Et0/1 10.1.12.2
104 202 4.4.4.4/32 0 Et0/1 10.1.12.2
105 Aggregate 10.1.15.0/24[V] 0
106 Untagged 5.5.5.5/32[V] 570 Et0/0 10.1.15.5
在加入底部标签405后将数据将会压入递归查询到的下一跳4.4.4.4的出站标签202,
在P路由器R2上查看路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 10.1.12.1, 00:13:16, Ethernet0/1
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 10.1.23.3, 00:13:16, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/21] via 10.1.23.3, 00:13:16, Ethernet0/0
10.0.0.0/24 is subnetted, 3 subnets
C 10.1.12.0 is directly connected, Ethernet0/1
C 10.1.23.0 is directly connected, Ethernet0/0
O 10.1.34.0 [110/20] via 10.1.23.3, 00:13:17, Ethernet0/0
可以看到R2上不存在5.5.5.5和6.6.6.6的路由信息,所以在AS100中用户数据的转发只能靠标签转发来完成,二不是IP路由转发
查看R2的标签转发信息库,如下:
R2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
200 Pop tag 1.1.1.1/32 14931 Et0/1 10.1.12.1
201 Pop tag 3.3.3.3/32 0 Et0/0 10.1.23.3
202 302 4.4.4.4/32 19345 Et0/0 10.1.23.3
203 Pop tag 10.1.34.0/24 0 Et0/0 10.1.23.3
可以看到R2对于路由4.4.4.4的本地标签为202,远程标签为302,在数据进入p路由器R2后,将完全按照标签进行转发,而不是路由转发,从而实现通信。
Ping测试:
R5#ping 6.6.6.6 source 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6,timeout is 2 seconds:
Packet sent with a source address of5.5.5.5
!!!!!
Success rate is 100 percent (5/5),round-trip min/avg/max = 56/91/112 ms
可以看到没有问题,能够通信
