看完了看完了看完了,豪爽豪爽豪爽,一个月了,写得挺棒。总共14个mpls
vpn的实验,为留下学习的痕迹,原封不动献出。
|
CCIE实验手册 |
|
(路由部分-MPLSVPN基础篇) [CCIE] |
|
|
|
|
JUSTECH网络科技有限公司
目录
2:MPLS
VPN PE CE
间动态路由协议+UNTAG
实验
6:MPLS
VPN PE CE OSPF Domain-id
实验
实验
校验
实验拓扑
12:跨域的MPLS
VPN
(Option B - 2b)
1:MPLS VPN
基础实验
实验拓扑
1.2
实验需求
a.R1 R2 R3
的直连网络及loopback 0网络被宣告进EIGRP
1
b.R1 R2 R3
的直连网络启用MPLS,要求按如下需求完成MPLS
的配置:
MPLS
标签分配分发协议:LDP
MPLS LDP ROUTER-ID: loopback 0
R1 MPLS
标签取值范围上100~199
R2
200~299
R3
300~399
c.要求R1
与R3
建立位于BGP AS 13
内的IBGP
对等体关系,并且激活MP-BGP
对等体关系
d.要求R1
与R3
作为PE
设备创建VRF
参数如下:
VRF KFC
VRF M
RD 1:1
RD 2:2
ROUTE-TARGET 1:1
ROUTE-TARGET 2:2
e.要求通过适当的配置使得KFC
站点所包含的C-NETWORK
可以相互通讯,同样M
站点所包含的C-NETWORK
网络可以相互通讯
1.3
配置步骤
步骤1:完成P-NETWORK
中基础配置
只包含接口IP及EIGRP
此时完成如上配置,管理员应该确认R1 R2 R3
可以分别抵达对方LOOPBACK 0
网络,因为该网络一会会被当做LDP
的ROUTER-ID
及BGP ROUTER-ID
步骤2:根据需求完成MPLS
的配置
R1
Mpls label protocol ldp
Mpls label range 100 199
Mpls ldp router-id lo 0
Int e0/0
Mpls ip
R2
Mpls label protocol ldp
Mpls label range 200 299
Mpls ldp router-id lo 0
Int range e0/0 -1
Mpls ip
R3
Mpls label protocol ldp
Mpls label range 300 399
Mpls ldp router-id lo 0
Int e0/1
Mpls ip
此时管理员完成如上配置,应该确认LDP
的邻接关系已经形成,利用”show mpls ldp
neighbor”命令,现象如下:
R2#show mpls ldp neighbor
Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0
TCP connection: 1.1.1.1.646 - 2.2.2.2.55979
State: Oper; Msgs sent/rcvd: 8/8;
Downstream
Up time: 00:00:47
LDP discovery sources:
Ethernet0/0, Src IP addr: 31.31.12.1
Addresses bound to peer LDP Ident:
31.31.12.1
1.1.1.1
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.26969 - 2.2.2.2.646
State:
Oper; Msgs sent/rcvd: 8/8; Downstream
Up time: 00:00:34
LDP discovery sources:
Ethernet0/1, Src IP addr: 31.31.23.3
Addresses bound to peer LDP Ident:
31.31.23.3
3.3.3.3
步骤3:完成R1
与R3的BGP
及MP-BGP
的对等体关系建立
R1
Router bgp 13
Bgp router-id 1.1.1.1
Neighbor 3.3.3.3 remote 13
Nei 3.3.3.3 up lo 0
no bgp default ipv4-unicast //阻止BGP
进程建立BGPV4
对等体关系
Address-family vpnv4 unicast
Neighbor 3.3.3.3 ac
neighbor 3.3.3.3 send-community extended //该命令行事系统自行配置的,含义为发送MP-BGP拓展团体属性,其实就是说RD
RT
及栈底标签可以被当做路由更新的一部分发送出去
R3
Router bgp 13
Bgp router-id 3.3.3.3
Nei 1.1.1.1 remote 13
Nei 1.1.1.1 up lo 0
no bgp default ipv4-unicast
Add vpnv un
Nei 1.1.1.1 ac
neighbor 3.3.3.3 send-community extended
此时管理员完成如上配置,必须确认MP-BGP
对等体关系建立完毕,现象如下:
R1#show ip bgp vpnv4 all summary //该命令用于查看MP-BGP
对等体关系是否建立
BGP router identifier 1.1.1.1, local AS number
13
BGP table version is 1, main routing table version
1
Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
OutQ Up/Down
State/PfxRcd
3.3.3.3
4
13
2
2
0
0
0 00:00:08
0
R3#show ip bgp vpnv4 all summary
BGP router identifier 3.3.3.3, local AS number
13
BGP table version is 1, main routing table version
1
Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
OutQ Up/Down
State/PfxRcd
1.1.1.1
4
13
2
2
0
0
0 00:00:24
0
步骤4:在PE
设备上创建VRF
R1
Ip vrf KFC
Rd 1:1
Route-target 1:1
Exit
Ip vrf M
Rd 2:2
Route-target 2:2
R3
Ip vrf KFC
Rd 1:1
Route-target 1:1
Exit
Ip vrf M
Rd 2:2
Route-target 2:2
步骤5:在PE
设备上将指定接口划入特定VRF
R1
Interface s1/0
Ip vrf forward KFC
Ip add 31.31.14.1 255.255.255.0
No sh
!
Int s1/1
Ip vrf for M
Ip add 31.31.15.1 255.255.255.0
No sh
R3
Int s1/1
Ip vrf for KFC
Ip add 31.31.37.3 255.255.255.0
No sh
!
Int s0/0
Ip vrf for M
Ip add 31.31.36.3 255.255.255.0
No sh
此时管理员完成如上配置后应做如下检查:
(1)检查当前设备VRF
配置
R1#show ip vrf
Name
Default RD
Interfaces
KFC
1:1
Se1/0
M
2:2
Se1/1
R3#show ip vrf
Name
Default RD
Interfaces
KFC
1:1
Se1/1
M
2:2
Se1/0
步骤6:在R1
R3
上用静态路由往VRF
表中注入路由
R1
ip route vrf KFC 10.1.1.0 255.255.255.0
Serial1/0
ip route vrf KFC 44.44.44.0 255.255.255.0
Serial1/0
ip route vrf M 10.1.1.0 255.255.255.0 Serial1/1
ip route vrf M 55.55.55.0 255.255.255.0
Serial1/1
R3
ip route vrf KFC 10.2.2.0 255.255.255.0
Serial1/1
ip route vrf KFC 77.77.77.0 255.255.255.0
Serial1/1
ip route vrf M 10.2.2.0 255.255.255.0 Serial1/0
ip route vrf M 66.66.66.0 255.255.255.0
Serial1/0
步骤7:在R1
R3
上完成MP-BGP
下的IGPS VRF
进MP-BGP VRF
R1
Router bgp 13
Address-family ipv4 vrf KFC
Redistribute static
Exit
Address-family ipv4 vrf M
Redistribute static
R3
Router bgp 13
Address-family ipv4 vrf KFC
Redistribute static
Exit
Address-family ipv4 vrf M
Redistribute static
步骤8:完成CE设备配置
此处管理员除了根据拓扑需求完成基本的配置,别忘记在CE
设备添加缺省路由,下一跳指向PE设备。
1.4
校验
(1)
在R1 R3
上查看对应VRF
表项中的静态路由
需要确认C-NETWORK
的网络被以静态路由的形式注入VRF
表
R1#show ip route vrf KFC static
10.0.0.0/24 is subnetted, 2 subnets
S
10.1.1.0 is directly connected, Serial1/0
44.0.0.0/24 is subnetted, 1 subnets
S
44.44.44.0 is directly connected, Serial1/0
R1#show ip route vrf M static
55.0.0.0/24 is subnetted, 1 subnets
S
55.55.55.0 is directly connected, Serial1/1
10.0.0.0/24 is subnetted, 2 subnets
S
10.1.1.0 is directly connected, Serial1/1
R3#show ip route vrf KFC static
77.0.0.0/24 is subnetted, 1 subnets
S
77.77.77.0 is directly connected, Serial1/1
10.0.0.0/24 is subnetted, 2 subnets
S
10.2.2.0 is directly connected, Serial1/1
R3#show ip route vrf M static
66.0.0.0/24 is subnetted, 1 subnets
S
66.66.66.0 is directly connected, Serial1/0
10.0.0.0/24 is subnetted, 2 subnets
S
10.2.2.0 is directly connected, Serial1/0
假设此时管理员需要在PE
设备上确认某个VRF的C-NETWORK
网络可达性,我们建立利用如下命令:
R1#ping vrf KFC
44.44.44.44
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max
= 32/52/80 ms
R1#
(2)确认IGPS的VRF
条目被成功的注入MP-BGP
的VRF表中
R1#show ip bgp vpnv4 all
BGP table version is 17, local router ID is
1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route
Distinguisher: 1:1 (default for vrf KFC) //描述VRF
KFC
转发表项
*>
10.1.1.0/24
0.0.0.0
0
32768 ?
*>i10.2.2.0/24
3.3.3.3
0
100
0 ?
*>
44.44.44.0/24
0.0.0.0 0
32768 ?
*>i77.77.77.0/24
3.3.3.3
0
100
0 ?
Route Distinguisher: 2:2 (default for vrf M)
*> 10.1.1.0/24
0.0.0.0
0
32768 ?
*>i10.2.2.0/24
3.3.3.3
0
100
0 ?
*> 55.55.55.0/24
0.0.0.0
0
32768 ?
*>i66.66.66.0/24
3.3.3.3
0
100
0 ?
(3)在PE
设备上查看MP-BGP
给BGP
条目分配的栈底标签
R1#show ip bgp vpnv4 all labels
Network
Next Hop
In label/Out label
Route Distinguisher: 1:1 (KFC)
10.1.1.0/24
0.0.0.0
103/nolabel
10.2.2.0/24
3.3.3.3
nolabel/305
44.44.44.0/24
0.0.0.0
104/nolabel
77.77.77.0/24
3.3.3.3
nolabel/306
Route Distinguisher: 2:2 (M)
10.1.1.0/24
0.0.0.0
105/nolabel
10.2.2.0/24
3.3.3.3
nolabel/303
55.55.55.0/24
0.0.0.0
106/nolabel
66.66.66.0/24
3.3.3.3
nolabel/304
In label
字段:其对应的值是当前PE
设备BGP
给特定网络分配的本地栈底标签
Out label
字段:其对应的值是对端PE设备BGP
给特定网络分配的远程栈底标签
!!注意
当数据包去向特定网络需要栈底标签时,一定使用的是远程栈底标签。
(4)查看MP-BGP
发送的VPNV4
路由更新
R1#show ip bgp vpnv4 all 10.1.1.0
BGP routing table
entry for 1:1:10.1.1.0/24, version 4
Paths: (1 available, best #1, table KFC)
Advertised to update-groups:
1
Local
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, weight 32768, valid,
sourced, best
Extended Community: RT:1:1
mpls labels in/out 103/nolabel
BGP routing table
entry for 2:2:10.1.1.0/24, version 8
Paths: (1 available, best #1, table M)
Advertised to update-groups:
1
Local
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, weight 32768, valid,
sourced, best
Extended Community: RT:2:2
mpls labels in/out 105/nolabel
(5)查看P-NETWORK
中PE
及P
设备的MPLS
标签转发信息库(LFIB)
R1#show mpls forwarding-table
Local
Outgoing
Prefix
Bytes tag
Outgoing Next
Hop
tag
tag or VC or
Tunnel Id
switched
interface
100
Pop tag
2.2.2.0/24
0
Et0/0
31.31.12.2
101
201 3.3.3.0/24
0
Et0/0
31.31.12.2
102
Pop tag
31.31.23.0/24
0
Et0/0
31.31.12.2
103
Untagged
10.1.1.0/24[V]
1040
Se1/0
point2point
104
Untagged
44.44.44.0/24[V] 0
Se1/0
point2point
105
Untagged
10.1.1.0/24[V]
0
Se1/1
point2point
106
Untagged
55.55.55.0/24[V] 0
Se1/1
point2point
R2#show mpls forwarding-table
Local
Outgoing
Prefix
Bytes tag
Outgoing Next
Hop
tag
tag or VC or
Tunnel Id
switched
interface
200
Pop tag 1.1.1.0/24
9385
Et0/0
31.31.12.1
201
Pop
tag 3.3.3.0/24
11742
Et0/1
31.31.23.3
R3#show mpls forwarding-table
Local
Outgoing
Prefix
Bytes tag
Outgoing Next
Hop
tag
tag or VC or
Tunnel Id
switched
interface
300
200
1.1.1.0/24
0
Et0/1
31.31.23.2
301
Pop tag
2.2.2.0/24
0
Et0/1
31.31.23.2
302
Pop tag
31.31.12.0/24
0
Et0/1
31.31.23.2
303
Untagged
10.2.2.0/24[V]
0
Se1/0
point2point
304
Untagged
66.66.66.0/24[V] 0
Se1/0
point2point
305
Untagged
10.2.2.0/24[V]
520
Se1/1
point2point
306
Untagged
77.77.77.0/24[V] 520
Se1/1
point2point
2:MPLS
VPN PE CE
间动态路由协议+UNTAG
实验
2.1
实验拓扑
2.2
实验需求
a.R1 R2 R3
组成P-NETWORK,底层协议采用OSPF,R1
R2 R3
直连网络及LOOPBACK 0网络宣告进OSPF。
b.R1 R2 R3
启用MPLS,R1
R2 R3
的标签分配取值范围如下:
R1:100
199
R2:200
299
R3:300
399
c.R1 R3
建立位于BGP AS 13
内的IBGP MP-BGP
对等体关系。
d.R1 R3
按拓扑需求创建两个VRF
分别是VRF R47,VRF
R56。
e.按拓扑要求在R1
R4
间启用RIPV2,R1
R5
间启用EIGRP,R3
R6间启用OSPF,R3
R7
间启用BGP。
f.要求完成MPLS
VPN
的配置,使得R4 R7
可以相互通讯,R5 R6
可以相互通讯。
2.3
实验步骤
步骤1:完成所有CE
设备的配置
步骤2:完成P-NETWORK
的配置
例如:底层协议OSPF
MPLS
MP-BGP
此时完成如上配置后,管理员应该做如下检查:
(1)
LDP
的邻接关系是否建立?
show mpls ldp neighbor
(2)
MP-BGP的对等体关系是否建立?
show ip bgp vpnv4 all summary
(3)
关注R1 R2 R3
的loopback 0口网络在R1
R2 R3
路由表中的状态
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O
1.1.1.1 [110/11] via 31.31.12.1, 00:03:15, Ethernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O
3.3.3.3 [110/11] via 31.31.23.3, 00:03:15, Ethernet1/1
步骤3:在PE
设备上创建VRF
R1
Ip vrf R47
Rd 4:7
Route-target 4:7
!
Int s0/0
Ip vrf forward R47
Ip add 31.31.14.1 255.255.255.0
No sh
!
ip vrf R56
rd 5:6
route-target 5:6
!
Int s0/1
Ip vrf forward R56
Ip add 31.31.15.1 255.255.255.0
No sh
R3
Ip vrf R47
Rd 4:7
Route-target 4:7
!
Int s0/1
Ip vrf forward R47
Ip add 31.31.37.3 255.255.255.0
No sh
!
ip vrf R56
rd 5:6
route-target 5:6
!
Int s0/0
Ip vrf forward R56
Ip add 31.31.36.3 255.255.255.0
No sh
步骤4:完成PE上指定路由协议的配置
R1
Router rip
Address-family ipv4 vrf R47
Version 2
No auto-summary
Network 31.0.0.0
Exit
Router eigrp 1
Address-family ipv4 vrf R56
No auto-summary
Autonomous-system 1
Net 31.31.15.1 0.0.0.0
此时管理员应该在R1
上检查VRF R47
与VRF R56的路由表,确认PE
是否已经通过动态路由协议学习到C-NETWORK
的路由信息,现象如下:
R1#show ip route vrf R47 rip
44.0.0.0/24 is subnetted, 1 subnets
R
44.44.44.0[120/1] via 31.31.14.4, 00:00:25,
Serial0/0
R1#show ip route vrf R56 eigrp
55.0.0.0/24 is subnetted, 1 subnets
D
55.55.55.0 [90/2297856] via 31.31.15.5, 00:01:16,
Serial0/1
R3
Router ospf 2 vrf R56
Router-id 33.33.33.33
Network 31.31.36.3 0.0.0.0 a 0
!
Router bgp 13
Address-family ipv4 vrf R47
Neighbor 31.31.37.7 remote 7
Neighbor 31.31.37.7 activate
此时完成如上配置后,管理员应该确认R3
透过OSPF
学习到R6的C-NETWORK
网络信息,同时R3
也应该透过与R7
的BGP
学习到R7
的C-NETWORK
网络信息,现象如下:
R3#show ip route vrf R56 ospf
Routing Table: R56
66.0.0.0/32 is subnetted, 1 subnets
O
66.66.66.66[110/65] via 31.31.36.6, 00:00:59,
Serial0/0
R3#show ip route vrf R47 bgp
77.0.0.0/24 is subnetted, 1 subnets
B
77.77.77.0 [20/0] via 31.31.37.7,
00:00:07
步骤5:完成PE
上IGPS
协议到EGPS协议的双向充分发
R1
Router bgp 13
Address-family ipv4 vrf R47
Redistribute rip
!
Address-family ipv4 vrf R56
Redistribute eigrp 1
!
Router rip
Address-family ipv4 vrf R47
Redistribute bgp 13 metric 1
!
Router eigrp 1
Address-family ipv4 vrf R56
Redistribute bgp 13 metric 10000 100 255 1 1500
R3
Router bgp 13
Address-family ipv4 vrf R56
Redistribute ospf 2
!
Router ospf 2
Redistribute bgp 13 subnets
此时管理员完成如上配置后,应该直接检查CE
设备,查看同一站点不同C-NETWORK
路由是否被交换学习,现象如下:
R4#show ip route rip
77.0.0.0/24 is subnetted, 1 subnets
R
77.77.77.0 [120/1] via 31.31.14.1, 00:00:06, Serial0/0
R7#show ip route bgp
44.0.0.0/24 is subnetted, 1 subnets
B
44.44.44.0
[20/0] via 31.31.37.3, 00:01:25
31.0.0.0/24 is subnetted, 2 subnets
B
31.31.14.0 [20/0] via 31.31.37.3, 00:01:25
R5#show ip route eigrp
66.0.0.0/32 is subnetted, 1 subnets
D EX
66.66.66.66 [170/2195456] via 31.31.15.1, 00:02:04,
Serial0/1
31.0.0.0/24 is subnetted, 2 subnets
D EX
31.31.36.0 [170/2195456] via 31.31.15.1, 00:02:04,
Serial0/1
R6#show ip route ospf
55.0.0.0/24 is subnetted, 1 subnets
O E2
55.55.55.0 [110/2297856] via 31.31.36.3, 00:02:05,
Serial0/0
31.0.0.0/24 is subnetted, 2 subnets
O E2
31.31.15.0 [110/1] via 31.31.36.3, 00:02:05, Serial0/0
步骤6:记得在P-NETWORK
中将参与OSPF
的LOOPBACK 0网络类型进行修改
R1
Interface loopback 0
Ip ospf network point-to-point
R2
Interface loopback 0
Ip ospf network point-to-point
R3
Interface loopback 0
Ip ospf network point-to-point
2.5
校验
(1)
同一站点不同CE
设备PING
对端路由
2.6
思考题:
(1)请问什么时候运行LDP的路由器会给网络分配UNTAG
标签?
当前网络只有本地标签没有可用的远端标签,系统分配UNTAG。
(2)
请问在该试验中UNTAG
会带来什么问题?
!!注意
Bgp的配置技巧
router
bgp
bgp
router-id
address-family
ipv4 unicast //创建BGPV4的对等体关系
neighbor
remote
address-family
vpnv4 unicast
//MP-BGP
对等体关系
neighbor
activate
address-family
ipv4 multicast //M-BGP
neighbor
active
address-family
ipv4 vrf //VRF
的BGP
neighbor
remote
neighbor
activate
3:MPLS
VPN RT
设计实验
3.1
实验拓扑
3.3
实验需求
a.R1 R2 R3
组成P-NETWORK,底层协议采用OSPF,R1
R2 R3
直连网络及LOOPBACK 0网络宣告进OSPF。
b.R1 R2 R3
启用MPLS,R1
R2 R3
的标签分配取值范围如下:
R1:100
199
R2:200
299
R3:300
399
c.R1 R2 ,R2 R3
建立位于BGP AS 13
内的IBGP MP-BGP
对等体关系。
d.R1 R3
按拓扑需求创建两个VRF
分别是VRF R47,VRF
R56。
e.按拓扑要求在R1
R4
间启用RIPV2,R1
R5
间启用EIGRP,R3
R6间启用OSPF,R3
R7
间启用BGP。
f.要求完成MPLS
VPN
的配置,使得R4 R7
可以相互通讯,R5 R6
可以相互通讯。
g.要求R8
创建VRF King_of_Router,并且能够学习到R56
及R47
站点路由,但是不希望R56
和R47
相互学习路由。且R8的88.88.88.0/24网络能PING
通R47
及R56的内网。
3.4
实验步骤
步骤1:完成
R1 R2 R3
的BGP
与MP-BGP
的配置
R1
Router bgp 13
Neighbor 2.2.2.2 remote 13
Nei 2.2.2.2 up lo 0
Ad v u
Nei 2.2.2.2 ac
Exit
R2
Router bgp 13
Neighbor 1.1.1.1 remote 13
Nei 1.1.1.1 up lo 0
Nei 3.3.3.3 remote 13
Nei 3.3.3.3 up lo 0
Ad v u
Nei 1.1.1.1 ac
Nei 3.3.3.3 ac
Exi
R3
Router bgp 13
Bgp router-id 3.3.3.3
Nei 2.2.2.2 remote 13
Nei 2.2.2.2 up lo 0
Ad v u
Nei 2.2.2.2 ac
End
此时管理员完成如上配置,应该在R2上检查是否与R1
R3
建立了MP-BGP
的IBGP-PEER
关系,现象如下:
R2#show ip bgp vpnv4 all summary
BGP router identifier 2.2.2.2, local AS number
13
BGP table version is 1, main routing table version
1
Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
OutQ Up/Down
State/PfxRcd
1.1.1.1
4
13
10
6
1
0
0 00:02:04
0
3.3.3.3
4
13
9
6
1
0
0 00:02:07
0
此时管理员还应该注意R1
与R3
及R2是否能够学到对端VRF
路由,现象如下:
R1#show ip bgp vpnv4 all
BGP table version is 18, local router ID is
1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 31.31.14.0/24
0.0.0.0
0
32768 ?
*> 44.44.44.0/24
31.31.14.4
1
32768
?
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.15.0/24
0.0.0.0
0
32768 ?
*> 55.55.55.0/24
31.31.15.5
2297856
32768 ?
R3#show ip bgp vpnv4 all
BGP table version is 19, local router ID is
3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 77.77.77.0/24
31.31.37.7
0
0 7 i
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.36.0/24
0.0.0.0
0
32768 ?
*> 66.66.66.66/32
31.31.36.6
65
32768
?
R2#show ip bgp vpnv4 all
R2#
如上现象告诉我们能接收到VPNV4
更新的MP-BGP
设备,如果没有对应的VRF
存在,是忽略这些VPNV4
更新的,而且还证明BGP
的IBGP
水平分割对MP-BGP
也起效。
!!注意
R2
Router bgp 13
no bgp default route-target filter
//关闭RT
过滤功能,当前路由器即便不存在特定的VRF
及RT
值,也能接收所有VPNV4
更新条目信息
cle ip bgp * vpnv4 unicast out
//该命令式MP-BGP
的软清除命令。
步骤2:为了R1
R3
能够相互交换路由信息,在R2
上配置MP-BGP
的RR
Router bgp 13
Address-family vpnv4 unicast
Neighbor 1.1.1.1 route-reflector-client
Neighbor 3.3.3.3 route-reflector-client
此时,管理员完成如上配置,那么应该到R1 R3
上再次校验MP-BGP VRF
转发表,确认RR已经生效,现象如下:
R1#show ip bgp vpn all
BGP table version is 24, local router ID is
1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 31.31.14.0/24
0.0.0.0
0
32768 ?
*> 44.44.44.0/24
31.31.14.4
1
32768 ?
*>i77.77.77.0/24
3.3.3.3
0
100
0 7 i
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.15.0/24
0.0.0.0
0
32768 ?
*>i31.31.36.0/24
3.3.3.3
0
100
0 ?
*> 55.55.55.0/24
31.31.15.5
2297856
32768 ?
*>i66.66.66.66/32
3.3.3.3
65
100
0 ?
R3#show ip bgp vpnv4 all
BGP table version is 27, local router ID is
3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*>i31.31.14.0/24
1.1.1.1
0
100
0 ?
*>i44.44.44.0/24
1.1.1.1
1
100
0 ?
*> 77.77.77.0/24
31.31.37.7
0
0 7 i
Route Distinguisher: 5:6 (default for vrf R56)
*>i31.31.15.0/24
1.1.1.1
0
100
0 ?
*> 31.31.36.0/24
0.0.0.0
0
32768 ?
*>i55.55.55.0/24
1.1.1.1
2297856
100
0 ?
*> 66.66.66.66/32
31.31.36.6
65
32768 ?
R2#show ip bgp vpnv4 all
BGP table version is 22, local router ID is
2.2.2.2
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7
*>i31.31.14.0/24
1.1.1.1
0
100
0 ?
*>i44.44.44.0/24
1.1.1.1
1
100
0 ?
*>i77.77.77.0/24
3.3.3.3
0
100
0 7 i
Route Distinguisher: 5:6
*>i31.31.15.0/24
1.1.1.1
0
100
0 ?
*>i31.31.36.0/24
3.3.3.3
0
100
0 ?
*>i55.55.55.0/24
1.1.1.1
2297856
100
0 ?
*>i66.66.66.66/32
3.3.3.3
65
100
0 ?
步骤3:在R2
上完成VRF
的创建
R2
Ip vrf King_of_Routing
Rd 184:184
Route-target import 4:7
Route-target import 5:6
Route-target export 4:7
Route-target export 5:6
Exi
Int e1/2
Ip vrf forward King_of_Routing
Ip add 31.31.28.2 255.255.255.0
步骤4:在R2
与R8上创建RIPV2
用于交换路由更新
R2
Router rip
Address-family ipv4 vrf King_of_Routing
No auto-summary
Network 31.0.0.0
Redistribute bgp 13 metric 1
!
Router bgp 13
Address-family ipv4 vrf King_of_Routing
Redistribute rip
R8
Int e1/2
Ip add 31.31.28.8 255.255.255.0
No sh
!
Int lo 0
Ip add 88.88.88.88 255.255.255.0
No sh
!
Router rip
Ver 2
No auto
Net 31.0.0.0
Net 88.0.0.0
3.4
校验:
(1)在R2上检查MP-BGP
VRF
转发表
R2#show ip bgp vpnv4 all
BGP table version is 29, local router ID is
2.2.2.2
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7
*>i31.31.14.0/24
1.1.1.1
0
100
0 ?
*>i44.44.44.0/24
1.1.1.1
1
100
0 ?
*>i77.77.77.0/24
3.3.3.3
0
100
0 7 i
Route Distinguisher: 5:6
*>i31.31.15.0/24
1.1.1.1
0
100
0 ?
*>i31.31.36.0/24
3.3.3.3
0
100
0 ?
*>i55.55.55.0/24
1.1.1.1
2297856
100
0 ?
*>i66.66.66.66/32
3.3.3.3
65
100
0 ?
Route
Distinguisher: 184:184 (default for vrf King_of_Routing)
*>i31.31.14.0/24
1.1.1.1
0
100
0 ?
*>i31.31.15.0/24
1.1.1.1
0
100
0 ?
*>i31.31.36.0/24
3.3.3.3
0
100
0 ?
*>i44.44.44.0/24
1.1.1.1
1
100
0 ?
*>i55.55.55.0/24
1.1.1.1
2297856
100
0 ?
*>i66.66.66.66/32
3.3.3.3
65
100
0 ?
*>i77.77.77.0/24
3.3.3.3
0
100
0 7 i
*>88.88.88.0/24
0.0.0.0
0
100
0 i
R2#
(3)
在 R1 R3
上查看MP-BGP VPNV4
转发表
R1#show ip bgp vpnv4 all
BGP table version is 30, local router ID is
1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*> 31.31.14.0/24
0.0.0.0
0
32768 ?
*>i31.31.28.0/24
2.2.2.2
0
100
0 ?
*> 44.44.44.0/24
31.31.14.4
1
32768 ?
*>i77.77.77.0/24
3.3.3.3
0
100
0 7 i
*>i88.88.88.0/24
2.2.2.2
0
100
0 ?
Route Distinguisher: 5:6 (default for vrf R56)
*> 31.31.15.0/24
0.0.0.0
0
32768 ?
*>i31.31.28.0/24
2.2.2.2
0
100
0 ?
*>i31.31.36.0/24
3.3.3.3
0
100
0 ?
*> 55.55.55.0/24
31.31.15.5
2297856
32768 ?
*>i66.66.66.66/32
3.3.3.3
65
100
0 ?
*>i88.88.88.0/24
2.2.2.2
0
100
0 ?
Route Distinguisher: 184:184
*>i31.31.28.0/24
2.2.2.2
0
100
0 ?
*>i88.88.88.0/24
2.2.2.2
0
100
0 ?
R3#show ip bgp vpnv4 all
BGP table version is 33, local router ID is
3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 4:7 (default for vrf R47)
*>i31.31.14.0/24
1.1.1.1
0
100
0 ?
*>i31.31.28.0/24
2.2.2.2
0
100
0 ?
*>i44.44.44.0/24
1.1.1.1
1
100
0 ?
*> 77.77.77.0/24
31.31.37.7
0
0 7 i
*>i88.88.88.0/24
2.2.2.2 0
100
0 ?
Route Distinguisher: 5:6 (default for vrf R56)
*>i31.31.15.0/24
1.1.1.1
0
100
0 ?
*>i31.31.28.0/24
2.2.2.2
0
100
0 ?
*> 31.31.36.0/24
0.0.0.0
0
32768
?
*>i55.55.55.0/24
1.1.1.1
2297856
100
0 ?
*> 66.66.66.66/32
31.31.36.6
65
32768 ?
*>i88.88.88.0/24
2.2.2.2
0
100
0 ?
Route Distinguisher: 184:184
*>i31.31.28.0/24
2.2.2.2
0
100
0 ?
*>i88.88.88.0/24
2.2.2.2
0
100
0 ?
3.5
思考题
(1)什么时候VRF
才把RT EXPORT
值打入VPNV4
更新?
只有当前PE设备从CE
设备学习路由时。
4:MPLS
VPN
中VRF IMPORT MAP
实验
4.1
实验拓扑
4.2
实验需求
a.R1 R2
启用EIGRP
当做底层协议,R1 R2
将本地直连网络及LOOPBACK 0网络宣告进EIGRP。
b.R1 R2
直连网络启用MPLS,标签分配范围如下:
R1 100 199
R2 200 299
c.R1 R2
上创建VRF CCCIE,RD
为1:3
、RT
为1:3
d.R2
作为PE
设备与R3
启用RIP,共享C-NETWORK
路由信息
e.最终要求在R1
的VRF CCIE
中,值看到3.3.3.0/24
网络
4.3
实验步骤
步骤1:基础配置
例如:底层协议
MPLS
MP-BGP
VRF
PE-CE
间路由协议及PE上的IGPS
和MP-BGP
的相互充分发
此时管理员完成如上配置,应该在R1
上利用”show ip bgp vpnv4 all”命令确认R1VRF
表中所学习的路由,现象如下:
R1#show ip bgp v al
BGP table version is 4, local router ID is
1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next
Hop
Metric LocPrf Weight Path
Route Distinguisher: 1:3 (default for vrf R13)
*>i3.3.3.0/24
2.2.2.2
1
100
0 ?
*>i31.31.23.0/24
2.2.2.2
0
100
0 ?
*>i33.33.33.0/24
2.2.2.2 1
100
0 ?
R1#show ip route vrf R13 bgp
R1#show ip route vrf R13 bgp
3.0.0.0/24 is subnetted, 1 subnets
B
3.3.3.0 [200/1] via 2.2.2.2, 00:02:45
B
33.33.33.0[200/1]via 2.2.2.2,00:02:45
B
31.31.23.0[200/1]via 2.2.2.2,00:02:45
步骤2:在R1
上配置import-map使得R1
VRF
表中只装在3.3.3.0
网络信息
Access-list 1 permit 3.3.3.0 0.0.0.255
//利用该ACL
匹配出ROUTE-MAP
所关心的网络
!
Route-map IM permit 10 //创建名为IM
的ROUTE-MAP,第10个策略对ACL
1
匹配的网络进行放行
Match ip address 1
Exi
!
Ip vrf R13
Import map IM //在VRF
下套用IMPORT-MAP,阻止来自远端PE的路由进入IGP
VRF
表
4.4
校验
(1)
在R1
上查看3.3.3.0
与33.33.33.0
在BGP
转发表中的区别
R1#show ip bgp vpnv4 all 3.3.3.0 //查看MP-BGP
转发表中特定条目信息
BGP routing table entry for 1:3:3.3.3.0/24, version
5
Paths: (1 available, best #1, table
R13)//含义是可以进入IGP
VRF R13
Not advertised to any peer
Local
2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 1, localpref 100, valid, internal,
best
Extended Community: RT:1:3
mpls labels in/out nolabel/205
R1#show ip bgp vpnv4 all 33.33.33.0
BGP routing table entry for 1:3:33.33.33.0/24, version
9
Paths: (1 available, best #1, no
table)//不能被注入任何IGP
VRF
表
Flag: 0x800
Not advertised to any peer
Local
2.2.2.2 (metric 409600) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 1, localpref 100, valid, internal,
best
Extended Community: RT:1:3
mpls labels in/out nolabel/204
(2)查看R1
IGP VRF
表,确认是否只学习了3.3.3.0
R1#show ip route vrf R13 bgp
3.0.0.0/24 is subnetted, 1 subnets
B
3.3.3.0 [200/1] via 2.2.2.2, 00:02:45
4.5
思考题
(1)请解释export
map的作用?
export map
和import map
的最大不同在于:
export map
可以完成路由泄露,比如当前站点VRF
的export rt value
为1:1,但是我们现在希望特定的路由变成VPNV4
更新被发送时,携带export rt value 2:2的信息,那么我们就可以利用acl匹配该网络,并且用ROUTE-MAP
对该ACL
匹配的网络做set extended rt 2:2
,这样该路由就可以被远端import rt
为2:2的VRF
学习,达到了路由泄露的目的,但是这里如果不利用 additive
关键字,会导致该路由只携带一个RT值,会影响路由的学习。