这篇文章介绍一下跨域 VPN Option C 在 IOX 设备上的配置案例
如果需要 CE 之间互通,我们需要考虑以下的问题:
RR与RR之间的控制层面与数据层面 ; CE与CE之间控制层面; CE与CE之间的数据层面 ;
下面将对这些详细说明。
RR 与 RR 之间的控制层面与数据层面 #
第一步将两个 AS 内的 IGP/MPLS LDP 使能。
第二步,RR1 于 RR2 之间建立 BGP 邻居是使用 loopback 接口,跨域的是不能通过 IGP 传递过去,需要在RR1--->R4--->R5--->RR2起 BGP LU 的邻居,并将自己的 loopback 口宣告出去,以 RR2 的 loopback0(10.1.22.22)举例:
RR2 的 BGP 配置如下:
RP/0/0/CPU0:RR02#show run router bgp
Tue Apr 14 12:00:01.138 UTC
router bgp 2
bgp router-id 10.1.22.22
address-family ipv4 unicast
network 10.1.22.22/32 <<<<< 宣告本地loopback接口
allocate-label all <<<<< 在IOX系统内,启用BGP LU必须使能allocate-label,要不然不会为BGP路由分配标签
!
neighbor 10.1.5.5
remote-as 2
update-source Loopback0
address-family ipv4 labeled-unicast
route-reflector-client
!
!
R5 会收到 RR2 传递过来 label 为3的 prefix,并为之分配本地标签24007,并向 R4 发送路由更新。
RP/0/0/CPU0:R5#show bgp ipv4 labeled-unicast 10.1.22.22/32
Tue Apr 14 12:05:33.615 UTC
BGP routing table entry for 10.1.22.22/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 16 16
Local Label: 24007 <<<<<
Last Modified: Apr 11 18:36:21.564 for 2d17h
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.45.4
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.45.4
Local
10.1.22.22 (metric 20) from 10.1.22.22 (10.1.22.22)
Received Label 3 <<<<<
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 16
R4 收到路由后为其分配本地标签24007
RP/0/0/CPU0:R4#show bgp ipv4 labeled-unicast 10.1.22.22/32
Tue Apr 14 12:08:11.833 UTC
BGP routing table entry for 10.1.22.22/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 16 16
Local Label: 24007 <<<<<<<
Last Modified: Apr 11 18:36:30.321 for 2d17h
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.11.11
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.11.11
2
10.1.45.5 from 10.1.45.5 (10.1.5.5)
Received Label 24007 <<<<<<<<
Origin IGP, localpref 100, valid, external, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 16
Origin-AS validity: (disabled)
RP/0/0/CPU0:R4#
RR1 收到路由如下, 下一跳为域内 R4 的 loopback 地址。
RP/0/0/CPU0:RR01#show bgp ipv4 labeled-unicast 10.1.22.22/32
Tue Apr 14 12:11:22.591 UTC
BGP routing table entry for 10.1.22.22/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 10 10
Local Label: 24004 <<<<<
Last Modified: Apr 11 18:36:37.538 for 2d17h
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
0.2
2, (Received from a RR-client)
10.1.4.4 (metric 20) from 10.1.4.4 (10.1.4.4)
Received Label 24007 <<<<<<<
Origin IGP, localpref 100, valid, internal, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 10
RP/0/0/CPU0:RR01#
那么路径 RR1--->R4--->R5--->RR2 到数据层面如下:
RP/0/0/CPU0:RR01#traceroute 10.1.22.22 source 10.1.11.11
Tue Apr 14 12:13:10.974 UTC
Type escape sequence to abort.
Tracing the route to 10.1.22.22
1 10.1.31.3 [MPLS: Labels 24001/24007 Exp 0] 19 msec 29 msec 29 msec 【LDP label/BGP LU Label】
2 10.1.34.4 [MPLS: Label 24007 Exp 0] 29 msec 19 msec 19 msec 【LDP 次末挑弹出只剩下BGP LU】
3 10.1.45.5 [MPLS: Label 24007 Exp 0] 19 msec 19 msec 19 msec 【BGP LU, 到R5之后BGPlabel会弹出,查cef表域内转发】
4 10.1.56.6 [MPLS: Label 24002 Exp 0] 19 msec 29 msec 29 msec 【LDP label】
5 10.1.62.2 39 msec * 19 msec 【LDP 次末跳弹出】
RP/0/0/CPU0:RR01#show cef 10.1.4.4/32
Tue Apr 14 12:13:34.462 UTC
10.1.4.4/32, version 9, internal 0x1000001 0x0 (ptr 0xa11dd680) [1], 0x0 (0xa11c0468), 0xa28 (0xa15d11b8)
Updated Apr 10 12:57:39.266
local adjacency 10.1.31.3
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 10.1.31.3/32, GigabitEthernet0/0/0/0, 5 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xa18aa110 0x0]
next hop 10.1.31.3/32
local adjacency
local label 24000 labels imposed {24001}
CE 与 CE 之间控制层面 #
拿 R8 的 loopback0 路由10.1.8.8/32举例,R8 和 R7 建立 EBGP 链接,将路由传递给 R7.查看 R7 上的路由如下,为其分配 BGP VPNv4 的标签24002
RP/0/0/CPU0:R7#show bgp vrf VIP ipv4 unicast 10.1.8.8/32 detail
Wed Apr 15 03:33:52.790 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
Process bRIB/RIB SendTblVer
Speaker 5 5
Local Label: 24002 (no rewrite);
Flags: 0x01141001+0x00000000;
Last Modified: Apr 10 12:58:37.619 for 4d14h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Flags: 0xc00000000d040003, import: 0x1f
Not advertised to any peer
65001
10.1.78.8 from 10.1.78.8 (10.1.8.8)
Origin IGP, metric 0, localpref 100, valid, external, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 5
Extended community: RT:100:100
Origin-AS validity: (disabled)
R7 与 RR2 建立 VPNv4 的邻居,RR2 收到这条 BGP 路由下一跳时 R7 的 loopback 口地址10.1.7.7
RP/0/0/CPU0:RR02#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail
Wed Apr 15 03:39:42.716 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
Process bRIB/RIB SendTblVer
Speaker 3 3
Flags: 0x00040001+0x00000000;
Last Modified: Apr 10 12:59:37.534 for 4d14h
Paths: (1 available, best #1)
Advertised to peers (in unique update groups):
10.1.11.11
Path #1: Received by speaker 0
Flags: 0x4000000025060205, import: 0x1f
Advertised to peers (in unique update groups):
10.1.11.11
65001, (Received from a RR-client)
10.1.7.7 (metric 20) from 10.1.7.7 (10.1.7.7)
Received Label 24002
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf
Received Path ID 0, Local Path ID 1, version 3
Extended community: RT:100:100
RP/0/0/CPU0:RR02#
RR2 与 RR1 建立 VPNv4 的邻居,并互指next-hop-unchanged,因此 RR1 上看到的路由下一条依旧为10.1.7.7
RP/0/0/CPU0:RR01#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail
Wed Apr 15 03:48:54.418 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
Process bRIB/RIB SendTblVer
Speaker 5 5
Flags: 0x00040001+0x00000000;
Last Modified: Apr 12 17:17:18.538 for 2d10h
Paths: (1 available, best #1)
Advertised to peers (in unique update groups):
10.1.2.2
Path #1: Received by speaker 0
Flags: 0x4000000025060001, import: 0x20
Advertised to peers (in unique update groups):
10.1.2.2
2 65001
10.1.7.7 (metric 20) from 10.1.22.22 (10.1.22.22)
Received Label 24002
Origin IGP, localpref 100, valid, external, best, group-best, import-candidate, not-in-vrf
Received Path ID 0, Local Path ID 1, version 5
Extended community: RT:100:100
RP/0/0/CPU0:RR01#
RR1 与 R2 建立 VPNv4 的邻居,将此条路由通告出去,R2 上看到此路由的下一条为 10.1.7.7 ,R2 将之传递给 R1
RP/0/0/CPU0:R2#
RP/0/0/CPU0:R2#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail
Wed Apr 15 07:55:59.930 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
Process bRIB/RIB SendTblVer
Speaker 11 11
Flags: 0x00040001+0x00000000;
Last Modified: Apr 12 17:17:09.376 for 2d14h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Flags: 0x4000000025060005, import: 0x1f
Not advertised to any peer
2 65001
10.1.7.7 (metric 20) from 10.1.11.11 (10.1.11.11)
Received Label 24002
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf
Received Path ID 0, Local Path ID 1, version 11
Extended community: RT:100:100
RP/0/0/CPU0:R2#
CE 与 CE 之间的数据层面 #
如上,R2 上看到10.1.8.8 下一跳是10.1.7.7,那么我们需要打通一条完整的 LSP,让数据层面可以正常转发。
这里有用到了 BGP LU, 首先 R7 与 R5 建立 BGP LU,并为自己的 loopback 地址分配3的标签
R5 收到后会为10.1.7.7分配24000的本地标签并送给 R4,下一跳为10.1.7.7
R4 收到后会为10.1.7.7分配24006的本地标签并发给 R2,并修改下一跳地址为自己,10.1.4.4
R2 上我们能看到 received lable 为24006,下一跳为10.1.4.4,域内地址
RP/0/0/CPU0:R5#show bgp ipv4 labeled-unicast 10.1.7.7/32
Wed Apr 15 08:03:24.181 UTC
BGP routing table entry for 10.1.7.7/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 15 15
Local Label: 24000
Last Modified: Apr 11 18:36:21.564 for 3d13h
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.45.4
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.45.4
Local
10.1.7.7 (metric 20) from 10.1.22.22 (10.1.7.7)
Received Label 3
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 15
Originator: 10.1.7.7, Cluster list: 10.1.22.22
RP/0/0/CPU0:R5#
RP/0/0/CPU0:R4#show bgp ipv4 labeled-unicast 10.1.7.7/32
Wed Apr 15 08:04:04.978 UTC
BGP routing table entry for 10.1.7.7/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 5 5
Local Label: 24006
Last Modified: Apr 10 12:58:55.321 for 4d19h
Paths: (1 available, best #1)
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.11.11
Path #1: Received by speaker 0
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
10.1.11.11
2
10.1.45.5 from 10.1.45.5 (10.1.5.5)
Received Label 24000
Origin IGP, localpref 100, valid, external, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 5
Origin-AS validity: (disabled)
RP/0/0/CPU0:R2# show bgp ipv4 labeled-unicast 10.1.7.7/32
Wed Apr 15 08:07:55.011 UTC
BGP routing table entry for 10.1.7.7/32
Versions:
Process bRIB/RIB SendTblVer
Speaker 5 5
Local Label: 24004
Last Modified: Apr 10 12:58:55.376 for 4d19h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
2
10.1.4.4 (metric 20) from 10.1.11.11 (10.1.4.4)
Received Label 24006
Origin IGP, localpref 100, valid, internal, best, group-best, labeled-unicast
Received Path ID 0, Local Path ID 1, version 5
Originator: 10.1.4.4, Cluster list: 10.1.11.11
这时候我们在 R2 查看10.1.8.8的 cef 表可以看到标签为24001 24006 24002,对应10.1.4.4LDP标签/10.1.7.7 BGP LU标签/BGP VPNv4标签
在 R3 上根据标签表转发,栈顶标签次末跳弹出,剩余标签为 24006 24002 , 对应10.1.7.7 BGP LU标签/BGP VPNv4标签
在 R4 上根据标签表转发,修改栈顶标签, 24000 24002 对应 10.1.7.7 BGP LU标签/BGP VPNv4标签
在 R5 上根据标签表转发,修改栈顶标签,24000 24002对应10.1.7.7 LDP标签/ BGP VPNv4标签
在 R6 上根据标签表转发 ,栈顶标签次末跳弹出, 剩余标签为24002对应BGP VPNv4标签
在 R7 上先查标签表直接从Gi0/0/0/0送出
RP/0/0/CPU0:R2#show cef vrf VIP 10.1.8.8
Wed Apr 15 08:16:49.124 UTC
10.1.8.8/32, version 8, internal 0x5000001 0x0 (ptr 0xa1221058) [1], 0x0 (0x0), 0x208 (0xa16b1210)
Updated Apr 12 17:17:09.130
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 10.1.7.7/32, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa172593c 0x0]
recursion-via-/32
next hop VRF - 'default', table - 0xe0000000
next hop 10.1.7.7/32 via 24004/0/21
next hop 10.1.23.3/32 Gi0/0/0/1 labels imposed {24001 24006 24002}
RP/0/0/CPU0:R3#show mpls forwarding labels 24001
Wed Apr 15 08:28:05.079 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24001 Pop 10.1.4.4/32 Gi0/0/0/0 10.1.34.4 2212964
RP/0/0/CPU0:R3#
RP/0/0/CPU0:R4#show mpls forwarding labels 24006
Wed Apr 15 08:28:58.186 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24006 24000 10.1.7.7/32 Gi0/0/0/1 10.1.45.5 4344
RP/0/0/CPU0:R4#
RP/0/0/CPU0:R5#show mpls forwarding labels 24000
Wed Apr 15 08:29:33.724 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 24000 10.1.7.7/32 Gi0/0/0/0 10.1.56.6 4776
RP/0/0/CPU0:R5#
RP/0/0/CPU0:R6#show mpls forwarding labels 24000
Wed Apr 15 08:30:31.660 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 10.1.7.7/32 Gi0/0/0/1 10.1.67.7 1480864
RP/0/0/CPU0:R6#
RP/0/0/CPU0:R7#show mpls forwarding
Wed Apr 15 08:31:38.636 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 10.1.6.6/32 Gi0/0/0/1 10.1.67.6 774254
24001 24001 10.1.5.5/32 Gi0/0/0/1 10.1.67.6 6512
24002 Unlabelled 10.1.8.8/32[V] Gi0/0/0/0 10.1.78.8 5936 <<<<<<<<<<
24006 24002 10.1.22.22/32 Gi0/0/0/1 10.1.67.6 742325
24007 24005 10.1.2.2/32 10.1.5.5 0
24008 24006 10.1.11.11/32 10.1.5.5 0
RP/0/0/CPU0:R7#
测试 #
RP/0/0/CPU0:R1#ping 10.1.8.8 source 10.1.1.1
Sun Apr 12 17:17:18.117 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.8.8, timeout is 2 seconds:
RP/0/0/CPU0:R1#traceroute 10.1.8.8 source 10.1.1.1
Sun Apr 12 17:17:20.567 UTC
Type escape sequence to abort.
Tracing the route to 10.1.8.8
1 10.1.12.2 9 msec 0 msec 0 msec
2 10.1.23.3 [MPLS: Labels 24001/24006/24002 Exp 0] 29 msec 29 msec 29 msec LDP Label/BGP LU label/BGP VPN4 label
3 10.1.34.4 [MPLS: Labels 24006/24002 Exp 0] 19 msec 19 msec 29 msec BGP LU label/BGP VPN4 label
4 10.1.45.5 [MPLS: Labels 24000/24002 Exp 0] 19 msec 19 msec 29 msec BGP LU label/BGP VPN4 label
5 10.1.56.6 [MPLS: Labels 24000/24002 Exp 0] 29 msec 19 msec 19 msec LDP Label /BGP VPN4 label
6 10.1.67.7 [MPLS: Label 24002 Exp 0] 29 msec 29 msec 19 msec BGP VPN4 label
7 10.1.78.8 29 msec * 39 msec
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#show route
Tue Jul 23 12:54:31.565 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path
Gateway of last resort is not set
L 10.1.1.1/32 is directly connected, 09:07:18, Loopback0
B 10.1.8.8/32 [20/0] via 10.1.12.2, 03:02:29
C 10.1.12.0/24 is directly connected, 09:07:18, GigabitEthernet0/0/0/0
L 10.1.12.1/32 is directly connected, 09:07:18, GigabitEthernet0/0/0/0