Skip to main content

跨域MPLS VPN Option C配置案例(IOS XR)

·2005 words·10 mins
Rs
Rory
Author
Rory
Step by step the ladder is ascended

alt text

这篇文章介绍一下跨域 VPN Option C 在 IOX 设备上的配置案例

如果需要 CE 之间互通,我们需要考虑以下的问题:

RR与RR之间的控制层面与数据层面 ; CE与CE之间控制层面; CE与CE之间的数据层面 ;

下面将对这些详细说明。

RR 与 RR 之间的控制层面与数据层面
#

第一步将两个 AS 内的 IGP/MPLS LDP 使能。

第二步,RR1 于 RR2 之间建立 BGP 邻居是使用 loopback 接口,跨域的是不能通过 IGP 传递过去,需要在RR1--->R4--->R5--->RR2起 BGP LU 的邻居,并将自己的 loopback 口宣告出去,以 RR2 的 loopback0(10.1.22.22)举例:

RR2 的 BGP 配置如下:

RP/0/0/CPU0:RR02#show run router bgp
Tue Apr 14 12:00:01.138 UTC
router bgp 2
 bgp router-id 10.1.22.22
 address-family ipv4 unicast
  network 10.1.22.22/32    <<<<< 宣告本地loopback接口
  allocate-label all       <<<<< 在IOX系统内,启用BGP LU必须使能allocate-label,要不然不会为BGP路由分配标签
 !
 neighbor 10.1.5.5
  remote-as 2
  update-source Loopback0
  address-family ipv4 labeled-unicast
   route-reflector-client
  !
 !

R5 会收到 RR2 传递过来 label 为3的 prefix,并为之分配本地标签24007,并向 R4 发送路由更新。

RP/0/0/CPU0:R5#show bgp ipv4 labeled-unicast 10.1.22.22/32
Tue Apr 14 12:05:33.615 UTC
BGP routing table entry for 10.1.22.22/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                 16          16
    Local Label: 24007                                      <<<<<
Last Modified: Apr 11 18:36:21.564 for 2d17h
Paths: (1 available, best #1)
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.45.4
  Path #1: Received by speaker 0
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.45.4
  Local
    10.1.22.22 (metric 20) from 10.1.22.22 (10.1.22.22)
      Received Label 3                                       <<<<<
      Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, labeled-unicast
      Received Path ID 0, Local Path ID 1, version 16

R4 收到路由后为其分配本地标签24007

RP/0/0/CPU0:R4#show bgp ipv4 labeled-unicast 10.1.22.22/32
Tue Apr 14 12:08:11.833 UTC
BGP routing table entry for 10.1.22.22/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                 16          16
    Local Label: 24007                               <<<<<<<
Last Modified: Apr 11 18:36:30.321 for 2d17h
Paths: (1 available, best #1)
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.11.11
  Path #1: Received by speaker 0
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.11.11
  2
    10.1.45.5 from 10.1.45.5 (10.1.5.5)
      Received Label 24007                           <<<<<<<<
      Origin IGP, localpref 100, valid, external, best, group-best, labeled-unicast
      Received Path ID 0, Local Path ID 1, version 16
      Origin-AS validity: (disabled)
RP/0/0/CPU0:R4#

RR1 收到路由如下, 下一跳为域内 R4 的 loopback 地址。

RP/0/0/CPU0:RR01#show bgp ipv4 labeled-unicast 10.1.22.22/32
Tue Apr 14 12:11:22.591 UTC
BGP routing table entry for 10.1.22.22/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                 10          10
    Local Label: 24004                           <<<<<
Last Modified: Apr 11 18:36:37.538 for 2d17h
Paths: (1 available, best #1)
  Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
    0.2
  Path #1: Received by speaker 0
  Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):
    0.2
  2, (Received from a RR-client)
    10.1.4.4 (metric 20) from 10.1.4.4 (10.1.4.4)
      Received Label 24007                      <<<<<<<
      Origin IGP, localpref 100, valid, internal, best, group-best, labeled-unicast
      Received Path ID 0, Local Path ID 1, version 10
RP/0/0/CPU0:RR01#

那么路径 RR1--->R4--->R5--->RR2 到数据层面如下:

RP/0/0/CPU0:RR01#traceroute 10.1.22.22 source 10.1.11.11
Tue Apr 14 12:13:10.974 UTC

Type escape sequence to abort.
Tracing the route to 10.1.22.22

 1  10.1.31.3 [MPLS: Labels 24001/24007 Exp 0] 19 msec  29 msec  29 msec       【LDP label/BGP LU Label】
 2  10.1.34.4 [MPLS: Label 24007 Exp 0] 29 msec  19 msec  19 msec              【LDP 次末挑弹出只剩下BGP LU】
 3  10.1.45.5 [MPLS: Label 24007 Exp 0] 19 msec  19 msec  19 msec              【BGP LU, 到R5之后BGPlabel会弹出,查cef表域内转发】
 4  10.1.56.6 [MPLS: Label 24002 Exp 0] 19 msec  29 msec  29 msec              【LDP label】
 5  10.1.62.2 39 msec  *  19 msec                                              【LDP 次末跳弹出】
RP/0/0/CPU0:RR01#show cef 10.1.4.4/32
Tue Apr 14 12:13:34.462 UTC
10.1.4.4/32, version 9, internal 0x1000001 0x0 (ptr 0xa11dd680) [1], 0x0 (0xa11c0468), 0xa28 (0xa15d11b8)
 Updated Apr 10 12:57:39.266
 local adjacency 10.1.31.3
 Prefix Len 32, traffic index 0, precedence n/a, priority 3
   via 10.1.31.3/32, GigabitEthernet0/0/0/0, 5 dependencies, weight 0, class 0 [flags 0x0]
    path-idx 0 NHID 0x0 [0xa18aa110 0x0]
    next hop 10.1.31.3/32
    local adjacency
     local label 24000      labels imposed {24001}

CE 与 CE 之间控制层面
#

拿 R8 的 loopback0 路由10.1.8.8/32举例,R8 和 R7 建立 EBGP 链接,将路由传递给 R7.查看 R7 上的路由如下,为其分配 BGP VPNv4 的标签24002

RP/0/0/CPU0:R7#show bgp vrf VIP ipv4 unicast 10.1.8.8/32 detail
Wed Apr 15 03:33:52.790 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                  5           5
    Local Label: 24002 (no rewrite);
    Flags: 0x01141001+0x00000000;
Last Modified: Apr 10 12:58:37.619 for 4d14h
Paths: (1 available, best #1)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Flags: 0xc00000000d040003, import: 0x1f
  Not advertised to any peer
  65001
    10.1.78.8 from 10.1.78.8 (10.1.8.8)
      Origin IGP, metric 0, localpref 100, valid, external, best, group-best, import-candidate
      Received Path ID 0, Local Path ID 1, version 5
      Extended community: RT💯100
      Origin-AS validity: (disabled)

R7 与 RR2 建立 VPNv4 的邻居,RR2 收到这条 BGP 路由下一跳时 R7 的 loopback 口地址10.1.7.7

RP/0/0/CPU0:RR02#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail
Wed Apr 15 03:39:42.716 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                  3           3
    Flags: 0x00040001+0x00000000;
Last Modified: Apr 10 12:59:37.534 for 4d14h
Paths: (1 available, best #1)
  Advertised to peers (in unique update groups):
    10.1.11.11
  Path #1: Received by speaker 0
  Flags: 0x4000000025060205, import: 0x1f
  Advertised to peers (in unique update groups):
    10.1.11.11
  65001, (Received from a RR-client)
    10.1.7.7 (metric 20) from 10.1.7.7 (10.1.7.7)
      Received Label 24002
      Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf
      Received Path ID 0, Local Path ID 1, version 3
      Extended community: RT💯100
RP/0/0/CPU0:RR02#

RR2 与 RR1 建立 VPNv4 的邻居,并互指next-hop-unchanged,因此 RR1 上看到的路由下一条依旧为10.1.7.7

RP/0/0/CPU0:RR01#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail
Wed Apr 15 03:48:54.418 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                  5           5
    Flags: 0x00040001+0x00000000;
Last Modified: Apr 12 17:17:18.538 for 2d10h
Paths: (1 available, best #1)
  Advertised to peers (in unique update groups):
    10.1.2.2
  Path #1: Received by speaker 0
  Flags: 0x4000000025060001, import: 0x20
  Advertised to peers (in unique update groups):
    10.1.2.2
  2 65001
    10.1.7.7 (metric 20) from 10.1.22.22 (10.1.22.22)
      Received Label 24002
      Origin IGP, localpref 100, valid, external, best, group-best, import-candidate, not-in-vrf
      Received Path ID 0, Local Path ID 1, version 5
      Extended community: RT💯100
RP/0/0/CPU0:RR01#

RR1 与 R2 建立 VPNv4 的邻居,将此条路由通告出去,R2 上看到此路由的下一条为 10.1.7.7 ,R2 将之传递给 R1

RP/0/0/CPU0:R2#
RP/0/0/CPU0:R2#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail
Wed Apr 15 07:55:59.930 UTC
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:0
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                 11          11
    Flags: 0x00040001+0x00000000;
Last Modified: Apr 12 17:17:09.376 for 2d14h
Paths: (1 available, best #1)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Flags: 0x4000000025060005, import: 0x1f
  Not advertised to any peer
  2 65001
    10.1.7.7 (metric 20) from 10.1.11.11 (10.1.11.11)
      Received Label 24002
      Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf
      Received Path ID 0, Local Path ID 1, version 11
      Extended community: RT💯100
RP/0/0/CPU0:R2#

CE 与 CE 之间的数据层面
#

如上,R2 上看到10.1.8.8 下一跳是10.1.7.7,那么我们需要打通一条完整的 LSP,让数据层面可以正常转发。
这里有用到了 BGP LU, 首先 R7 与 R5 建立 BGP LU,并为自己的 loopback 地址分配3的标签
R5 收到后会为10.1.7.7分配24000的本地标签并送给 R4,下一跳为10.1.7.7
R4 收到后会为10.1.7.7分配24006的本地标签并发给 R2,并修改下一跳地址为自己,10.1.4.4
R2 上我们能看到 received lable 为24006,下一跳为10.1.4.4,域内地址

RP/0/0/CPU0:R5#show bgp ipv4 labeled-unicast 10.1.7.7/32
Wed Apr 15 08:03:24.181 UTC
BGP routing table entry for 10.1.7.7/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                 15          15
    Local Label: 24000
Last Modified: Apr 11 18:36:21.564 for 3d13h
Paths: (1 available, best #1)
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.45.4
  Path #1: Received by speaker 0
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.45.4
  Local
    10.1.7.7 (metric 20) from 10.1.22.22 (10.1.7.7)
      Received Label 3
      Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, labeled-unicast
      Received Path ID 0, Local Path ID 1, version 15
      Originator: 10.1.7.7, Cluster list: 10.1.22.22
RP/0/0/CPU0:R5#
RP/0/0/CPU0:R4#show bgp ipv4 labeled-unicast 10.1.7.7/32
Wed Apr 15 08:04:04.978 UTC
BGP routing table entry for 10.1.7.7/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                  5           5
    Local Label: 24006
Last Modified: Apr 10 12:58:55.321 for 4d19h
Paths: (1 available, best #1)
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.11.11
  Path #1: Received by speaker 0
  Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):
    10.1.11.11
  2
    10.1.45.5 from 10.1.45.5 (10.1.5.5)
      Received Label 24000
      Origin IGP, localpref 100, valid, external, best, group-best, labeled-unicast
      Received Path ID 0, Local Path ID 1, version 5
      Origin-AS validity: (disabled)

RP/0/0/CPU0:R2# show bgp ipv4 labeled-unicast 10.1.7.7/32
Wed Apr 15 08:07:55.011 UTC
BGP routing table entry for 10.1.7.7/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                  5           5
    Local Label: 24004
Last Modified: Apr 10 12:58:55.376 for 4d19h
Paths: (1 available, best #1)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Not advertised to any peer
  2
    10.1.4.4 (metric 20) from 10.1.11.11 (10.1.4.4)
      Received Label 24006
      Origin IGP, localpref 100, valid, internal, best, group-best, labeled-unicast
      Received Path ID 0, Local Path ID 1, version 5
      Originator: 10.1.4.4, Cluster list: 10.1.11.11

这时候我们在 R2 查看10.1.8.8的 cef 表可以看到标签为24001 24006 24002,对应10.1.4.4LDP标签/10.1.7.7 BGP LU标签/BGP VPNv4标签
在 R3 上根据标签表转发,栈顶标签次末跳弹出,剩余标签为 24006 24002 , 对应10.1.7.7 BGP LU标签/BGP VPNv4标签
在 R4 上根据标签表转发,修改栈顶标签, 24000 24002 对应 10.1.7.7 BGP LU标签/BGP VPNv4标签
在 R5 上根据标签表转发,修改栈顶标签,24000 24002对应10.1.7.7 LDP标签/ BGP VPNv4标签
在 R6 上根据标签表转发 ,栈顶标签次末跳弹出, 剩余标签为24002对应BGP VPNv4标签
在 R7 上先查标签表直接从Gi0/0/0/0送出

RP/0/0/CPU0:R2#show cef vrf  VIP 10.1.8.8
Wed Apr 15 08:16:49.124 UTC
10.1.8.8/32, version 8, internal 0x5000001 0x0 (ptr 0xa1221058) [1], 0x0 (0x0), 0x208 (0xa16b1210)
 Updated Apr 12 17:17:09.130
 Prefix Len 32, traffic index 0, precedence n/a, priority 3
   via 10.1.7.7/32, 3 dependencies, recursive [flags 0x6000]
    path-idx 0 NHID 0x0 [0xa172593c 0x0]
    recursion-via-/32
    next hop VRF - 'default', table - 0xe0000000
    next hop 10.1.7.7/32 via 24004/0/21
     next hop 10.1.23.3/32 Gi0/0/0/1    labels imposed {24001 24006 24002}
RP/0/0/CPU0:R3#show mpls forwarding  labels 24001
Wed Apr 15 08:28:05.079 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24001  Pop         10.1.4.4/32        Gi0/0/0/0    10.1.34.4       2212964
RP/0/0/CPU0:R3#
RP/0/0/CPU0:R4#show mpls forwarding labels 24006
Wed Apr 15 08:28:58.186 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24006  24000       10.1.7.7/32        Gi0/0/0/1    10.1.45.5       4344
RP/0/0/CPU0:R4#
RP/0/0/CPU0:R5#show mpls forwarding labels 24000
Wed Apr 15 08:29:33.724 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24000  24000       10.1.7.7/32        Gi0/0/0/0    10.1.56.6       4776
RP/0/0/CPU0:R5#
RP/0/0/CPU0:R6#show mpls forwarding labels 24000
Wed Apr 15 08:30:31.660 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24000  Pop         10.1.7.7/32        Gi0/0/0/1    10.1.67.7       1480864
RP/0/0/CPU0:R6#
RP/0/0/CPU0:R7#show mpls forwarding
Wed Apr 15 08:31:38.636 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24000  Pop         10.1.6.6/32        Gi0/0/0/1    10.1.67.6       774254
24001  24001       10.1.5.5/32        Gi0/0/0/1    10.1.67.6       6512
24002  Unlabelled  10.1.8.8/32[V]     Gi0/0/0/0    10.1.78.8       5936           <<<<<<<<<<
24006  24002       10.1.22.22/32      Gi0/0/0/1    10.1.67.6       742325
24007  24005       10.1.2.2/32                     10.1.5.5        0
24008  24006       10.1.11.11/32                   10.1.5.5        0
RP/0/0/CPU0:R7#

测试
#

RP/0/0/CPU0:R1#ping 10.1.8.8 source 10.1.1.1
Sun Apr 12 17:17:18.117 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.8.8, timeout is 2 seconds:

RP/0/0/CPU0:R1#traceroute 10.1.8.8 source 10.1.1.1
Sun Apr 12 17:17:20.567 UTC

Type escape sequence to abort.
Tracing the route to 10.1.8.8

 1  10.1.12.2 9 msec  0 msec  0 msec
 2  10.1.23.3 [MPLS: Labels 24001/24006/24002 Exp 0] 29 msec  29 msec  29 msec     LDP Label/BGP LU label/BGP VPN4 label
 3  10.1.34.4 [MPLS: Labels 24006/24002 Exp 0] 19 msec  19 msec  29 msec           BGP LU label/BGP VPN4 label
 4  10.1.45.5 [MPLS: Labels 24000/24002 Exp 0] 19 msec  19 msec  29 msec           BGP LU label/BGP VPN4 label
 5  10.1.56.6 [MPLS: Labels 24000/24002 Exp 0] 29 msec  19 msec  19 msec           LDP Label /BGP VPN4 label
 6  10.1.67.7 [MPLS: Label 24002 Exp 0] 29 msec  29 msec  19 msec                  BGP VPN4 label
 7  10.1.78.8 29 msec  *  39 msec
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#
RP/0/0/CPU0:R1#show route
Tue Jul 23 12:54:31.565 UTC

Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G  - DAGR, l - LISP
       A - access/subscriber, a - Application route
       M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path

Gateway of last resort is not set

L    10.1.1.1/32 is directly connected, 09:07:18, Loopback0
B    10.1.8.8/32 [20/0] via 10.1.12.2, 03:02:29
C    10.1.12.0/24 is directly connected, 09:07:18, GigabitEthernet0/0/0/0
L    10.1.12.1/32 is directly connected, 09:07:18, GigabitEthernet0/0/0/0

配置文件/抓包文件
#

https://mega.nz/folder/0LYyzSjJ#Nb-HXWTwsYMt28iYvtjmZQ