MPLS ×××中PE和CE之间使用ospf协议时的几点问题
问题1:公司两个场点之间互相学习到的路由是域间路由还是域内路由的问题.
为OSPF工作的BGP扩展属性使得OSPF路由可以完全的在远端PE路由器上重建,路由类型让远端PE路由器了解到什么类型的路由在OSPF中通告。如果是类型1和2或者3的话,远程PE路由器将会通告一条域间汇总路由到OSPF 中,这个在我上片实验的结果中已经有所体现;
域ID告诉远端PE路由器通告的是否是一条外部OSPF路由,默认情况下域ID一般同OSPF 进程ID的值相同,如果PE路由器收到的路由的域ID同OSPF VRF的进程ID不能匹配的话,这条路由将会以OSPF外部路由,度量值为类型2的形式通告;
当然,可以在OSPF vrf进程中使用命令修改域ID来控制通告的是域间路由还是外部路由;
上图中,左边场点的ospf进程ID为 1,右边场点ospf进程ID为 2:
在将MP-BGP学习到的路由从PE路由器重分发进OSPF时,R5和R6学习到的路由分别如下:
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.6.6.6 [110/11] via 10.1.15.1, 01:29:17, Ethernet0/0
10.0.0.0/24 is subnetted, 3 subnets
C 10.1.15.0 is directly connected, Ethernet0/0
O E2 10.1.46.0 [110/1] via 10.1.15.1, 01:29:17, Ethernet0/0
C 10.1.57.0 is directly connected, Ethernet0/1
R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/11] via 10.1.46.4, 00:58:58, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
C 6.6.6.6 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 3 subnets
O E2 10.1.15.0 [110/1] via 10.1.46.4, 00:58:58, Ethernet0/0
C 10.1.46.0 is directly connected, Ethernet0/0
C 10.1.67.0 is directly connected, Ethernet0/1
可以看到彼此学习到的路由全部为E2类型的,在PE路由器上查看BGP扩展团体属性对OSPF的支持,以路由5.5.5.5为例,在R4上查看:
R4#show ip bgp vpnv4 rd 100:1 5.5.5.5
BGP routing table entry for 100:1:5.5.5.5/32, version 6
Paths: (1 available, best #1, no table)
Not advertised to any peer
Local
1.1.1.1 (metric 31) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 11, localpref 100, valid, internal, best
Extended Community: RT:100:2 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
mpls labels in/out nolabel/105
可以看到DOMIN-ID、OSPF-ROUTER-ID、OSPF RT等OSPF属性作为BGP扩展团体属性传输给了R4,需要详细了解具体含义请自行查询资料。
在R4上将DOMIN-ID变更为0.0.0.1后,查看路由,发现R6的路由已经变为域间路由,如下:
R4(config)#router ospf 2 vrf cisco
R4(config-router)#domain-id 0.0.0.1
R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/21] via 10.1.46.4, 00:00:48, Ethernet0/0
6.0.0.0/32 is subnetted, 1 subnets
C 6.6.6.6 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.1.15.0 [110/11] via 10.1.46.4, 00:00:48, Ethernet0/0
C 10.1.46.0 is directly connected, Ethernet0/0
C 10.1.67.0 is directly connected, Ethernet0/1
问题2:当公司两个场点之间有链路直接连通并在一个OSPF area中时产生的次优路径问题:
当公司两个场点之间使用一条OSPF链路连通并处于一个ara中时,两场点将会通过ospf链路互相学习到彼此的网络,并且路由类型将为域内路由,根据ospf选路原则,域内路由优先于域间路由,域间路由优先于外部路由。所以在这种情况下,场点之间的数据传输将会通过OSPF路由传输而不会通过MPLS ×××骨干网络。
解决:通过OSPF sham-link链路在PE之间伪装一条虚拟链路,将两个场点虚拟的连接起来,从而使得通过MPLS vpn 骨干网络通告的路由也变为OSPF 域内路由,这样就可以通过调节sham-link链路的COST值来控制数据流的路由选择。
如下图:在两个长点间添加路由器R7作为后门链路,
在后门链路没有配置OSPF时,在R5上trace6.6.6.6的路径如下
R5#traceroute 6.6.6.6 source 5.5.5.5
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.15.1 24 msec 48 msec 12 msec
2 10.1.12.2 64 msec 116 msec 100 msec
3 10.1.23.3 76 msec 128 msec 92 msec
4 10.1.46.4 64 msec 96 msec 64 msec
5 10.1.46.6 160 msec * 128 msec
可以看到数据通过MPLS骨干网络到达目的地
然后配置路由器R7为两个场点OSPF area 0的互联路由器,在R5查看路由:
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/41] via 10.1.57.7, 00:00:20, Ethernet0/1
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/31] via 10.1.57.7, 00:00:20, Ethernet0/1
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.15.0 is directly connected, Ethernet0/0
O 10.1.46.0 [110/40] via 10.1.57.7, 00:00:20, Ethernet0/1
C 10.1.57.0 is directly connected, Ethernet0/1
O 10.1.67.0 [110/30] via 10.1.57.7, 00:00:22, Ethernet0/1
可以看到去往6.6.6.6的路由已经变为域内路由,并且下一跳路由为R7,trace 6.6.6.6
R5#traceroute 6.6.6.6 source loopback 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.57.7 32 msec 28 msec 32 msec
2 10.1.67.6 44 msec * 60 msec
可以看到去往6.6.6.6的路由已经不通过MPLS ×××骨干网络了,而是通过后门链路R7到达目标。
在PE路由器R1和R4上建立sham-link链路来解决此问题:
配置sham-link链路时的注意事项:
伪装链路有两个端点地址;
这两个端点地址都是PE路由器上特定VRF中的一个/32位的地址;
伪装链路地址必须使用MP-BGP以vpnv4的地址形式通告给对端PE;
LSA周期性的泛洪不会在伪装链路上通过,相当于一条按需链路;
配置如下:
R1
ip cef
ip vrf cisco
rd 100:1
route-target export 100:2
route-target import 100:2
!
mpls label range 100 199
mpls label protocol ldp
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback10
ip vrf forwarding cisco
ip address 11.11.11.11 255.255.255.255
!
interface Ethernet0/0
ip vrf forwarding cisco
ip address 10.1.15.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 10.1.12.1 255.255.255.0
half-duplex
mpls label protocol ldp
mpls ip
!
router ospf 1 vrf cisco
log-adjacency-changes
area 0 sham-link 11.11.11.11 44.44.44.44 cost 5
redistribute bgp 100 subnets
network 10.1.15.0 0.0.0.255 area 0
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.0 0.0.0.255 area 0
!
router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
neighbor 4.4.4.4 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute ospf 1 vrf cisco match internal external 1 external 2
no synchronization
network 11.11.11.11 mask 255.255.255.255
exit-address-family
R4配置
ip cef
!
ip vrf cisco
rd 100:4
route-target export 100:2
route-target import 100:2
!
mpls label range 400 499
mpls label protocol ldp
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Loopback10
ip vrf forwarding cisco
ip address 44.44.44.44 255.255.255.255
!
interface Ethernet0/0
ip vrf forwarding cisco
ip address 10.1.46.4 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 10.1.34.4 255.255.255.0
half-duplex
mpls label protocol ldp
mpls ip
!
router ospf 2 vrf cisco
log-adjacency-changes
area 0 sham-link 44.44.44.44 11.11.11.11 cost 5
redistribute bgp 100 subnets
network 10.1.46.0 0.0.0.255 area 0
!
router ospf 100
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 10.1.34.0 0.0.0.255 area 0
!
router bgp 100
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
!
address-family ipv4
neighbor 1.1.1.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute ospf 2 vrf cisco match internal external 1 external 2
no synchronization
network 44.44.44.44 mask 255.255.255.255
exit-address-family
!
no ip http server
!
mpls ldp router-id Loopback0
查看路由,在R5上:
R5#show ip rou
R5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/26] via 10.1.15.1, 00:20:38, Ethernet0/0
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/21] via 10.1.57.7, 00:20:38, Ethernet0/1
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.15.0 is directly connected, Ethernet0/0
O 10.1.46.0 [110/25] via 10.1.15.1, 00:20:38, Ethernet0/0
C 10.1.57.0 is directly connected, Ethernet0/1
O 10.1.67.0 [110/30] via 10.1.57.7, 00:20:39, Ethernet0/1
11.0.0.0/32 is subnetted, 1 subnets
O E2 11.11.11.11 [110/1] via 10.1.15.1, 00:20:39, Ethernet0/0
44.0.0.0/32 is subnetted, 1 subnets
O E2 44.44.44.44 [110/1] via 10.1.15.1, 00:20:39, Ethernet0/0
可以看到去往6.6.6.6的路由的下一跳是PE路由器R1,并且cost值为26(这个cost值还需要研究一下,不是应该是25吗,大家觉得呢)
trace测试:
R5#traceroute 6.6.6.6 source loopback 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.15.1 20 msec 28 msec 20 msec
2 10.1.12.2 92 msec 108 msec 96 msec
3 10.1.23.3 104 msec 84 msec 92 msec
4 10.1.46.4 68 msec 92 msec 68 msec
5 10.1.46.6 92 msec * 136 msec
可以看到路径已经没有问题了!!
未完待续......请查阅续!
