5:MPLS
VPN PE CE OSPF
实验1
5.1
实验拓扑
5.2
实验需求
a. R1 R2 R3
组成P-NETWORK,底层协议采用EIGRP
b. R1 R2 R3
直连链路启用LDP,形成LDP
邻接关系
c. R1 R3
建立位于BGP AS 13
内MP-BGP IBGP
对等体关系
d. R4 R5
隶属于站点R13
中的CE
设备,要求最终R5
能PING
通所有R4 loopback
网络
5.2
实验步骤
步骤1:基础配置
例如: R1 R2 R3
的直连接口IP地址
R1 R2 R3
的底层路由协议EIGRP的配置
R1 R2 R3
启用MPLS,注意MPLS
的相关参数设置
R1
与R3
建立MP-BGP IBGP
对等体关系
在R1 R3
上创建对应的VRF,将接口加入VRF
步骤2:PE
设备上OSPF
的配置及CE
设备上OSPF
的相关配置
R1
Router ospf 1 vrf R13
Router-id 1.1.1.1
Network 31.31.14.1 0.0.0.0 a 0
R3
Router ospf 1 vrf R13
Router-id 3.3.3.3
Network 31.31.35.3 0.0.0.0 a 0
此时管理员完成如上配置后,我们应该在R1
上查看IGP
的VRF
表项,确认R1
学习到了所有OSPF
区域路由及外部路由,并且在此确认这些路由的类型,现象如下:
R1#show ip route vrf R13 ospf
Routing Table: R13
100.0.0.0/24 is subnetted, 1 subnets
O E2
100.100.100.0[110/20] via 31.31.14.4, 00:00:05,
Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O
4.4.4.4 [110/11] via 31.31.14.4, 00:00:05,
Ethernet0/0
44.0.0.0/32 is subnetted, 1 subnets
O IA
44.44.44.44 [110/11] via 31.31.14.4, 00:00:05,
Ethernet0/0
步骤3:完成PE
设备上IGP VRF
与MP-BGP VRF的双向重分发:
R1
Router bgp 13
Address-family ipv4 vrf R13
Redistribute ospf 1 match internal external //默认情况下IGP
VRF
的OSPF
只有区域内路由和区域间路由是可以被重分发进MP-BGP
VRF
的,而外部路由时默认不被重分发
Router ospf 1
Redistribute bgp 13 subnets
R3
Router bgp 13
Address-family ipv4 vrf R13
Redistribute ospf 1
Router ospf 1
Redistribute bgp 13 subnets
此时管理员应该抵达R5,查看R5
上所学习的OSPF
路由,确认MPLS-VPN OSPF
路由类型判断机制原理,现象如下:
R5#show ip route ospf
100.0.0.0/24 is subnetted, 1 subnets
O E2
100.100.100.0 [110/20] via 31.31.35.3, 00:01:43,
Ethernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O IA
4.4.4.4 [110/21] via 31.31.35.3, 00:01:43,
Ethernet0/1
44.0.0.0/32 is subnetted, 1 subnets
O IA
44.44.44.44 [110/21] via 31.31.35.3, 00:01:43,
Ethernet0/1
31.0.0.0/24 is subnetted, 2 subnets
O IA
31.31.14.0 [110/11] via 31.31.35.3, 00:01:43,
Ethernet0/1
5.4
校验
(1)
确认PE
设备被OSPF
认为上ABR,在R1
上用”show ip ospf”命令,现象如下:
R1#show ip ospf
Routing Process
"ospf 1" with ID 1.1.1.1
Domain ID type 0x0005, value 0.0.0.1
Start time:
00:15:05.288, Time elapsed: 00:14:05.580
Supports only
single TOS(TOS0) routes
Supports opaque
LSA
Supports
Link-local Signaling (LLS)
Supports area
transit capability
Connected to
MPLS VPN Superbackbone, VRF R13
//该输出画面在描述超级骨干区域的存在
It is an area
border and autonomous system boundary router//该输出画面描述当前设备为ABR也是ASBR
………………………………………………
(2)
确认当前PE
设备OSPF
的domain id(域ID)
R1#show ip ospf
Routing Process
"ospf 1" with ID 1.1.1.1
Domain ID type
0x0005, value 0.0.0.1 //该输出画面描述了当前PE
设备的DOMAIN ID
类型与值,我们可以确认这个DOMAIN-ID
和PROCESS-ID(进程号)
是同一个值
……………………
(4)
在R1 PE
设备上确认来自C-NETWORK OSPF
路由的MP-BGP
拓展团体属性,现象如下:
R1#show ip bgp vpnv4 all 4.4.4.4 //查看MP-BGP
VRF
转发表中特定目标网络的详细信息
BGP routing table entry for 1:3:4.4.4.4/32, version
6
Paths: (1 available, best #1, table R13)
Advertised to
update-groups:
1
Local
31.31.14.4 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 11, localpref 100, weight 32768, valid,
sourced, best
Extended Community: RT:1:3 OSPF DOMAIN
ID:0x0005:0x000000010200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:1.1.1.1:0
mpls labels in/out 104/nolabel
RT 1:3
字段含义:这里输出的上VRF
的RT
值
OSPF DOMAIN ID:0x0005:
字段含义:OSPF domain-id
类型上0x0005,值为0x00000001(此值为进程号),0200默认添加值
OSPF RT:0.0.0.0:2:0
字段含义:RT
实际上上0x0306
被系统转换为RT,但和VRF
无关
0.0.0.0
代表区域0
2
代表LSA 2
0
代表选项
R1#show ip bgp vpnv4 all 44.44.44.44
BGP routing table entry for 1:3:44.44.44.44/32, version
8
Paths: (1 available, best #1, table R13)
Advertised to
update-groups:
1
Local
31.31.14.4 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 11, localpref 100, weight 32768, valid,
sourced, best
Extended Community: RT:1:3 OSPF DOMAIN
ID:0x0005:0x000000010200
OSPF
RT:0.0.0.0:3:0 OSPF ROUTER ID:1.1.1.1:0
mpls labels in/out 105/nolabel
R1#show ip bgp vpnv4 all 100.100.100.0
BGP routing table entry for 1:3:100.100.100.0/24, version
9
Paths: (1 available, best #1, table R13)
Advertised to
update-groups:
1
Local
31.31.14.4 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 20, localpref 100, weight 32768, valid,
sourced, best
Extended Community: RT:1:3 OSPF DOMAIN
ID:0x0005:0x000000010200
OSPF
RT:0.0.0.0:5:1 OSPF ROUTER ID:1.1.1.1:0
mpls labels in/out 103/nolabel
6:MPLS
VPN PE CE OSPF Domain-id
实验
6.1
实验拓扑
6.2
实验需求
a. R1 R2 R3
组成P-NETWORK,底层协议采用EIGRP
b. R1 R2 R3
直连链路启用LDP,形成LDP
邻接关系
c. R1 R3
建立位于BGP AS 13
内MP-BGP IBGP
对等体关系
d. R1
启用基于VRF的OSPF,其进程号为1
R3
启用基于VRF
的OSPF,其进程号为2
e. R5上看到R4
loopback 0对应的网络绝对不可以是外部路由
6.3
实验步骤
步骤1:完成基本配置
例如:P-NETWORK
网络的配置
PE
设备上VRF
的创建
步骤2:完成PE
上的OSPF
的配置
R1
router ospf 1 vrf R13
router-id 1.1.1.1
network 31.31.14.1 0.0.0.0 a 0
R3
router ospf 2 vrf R13
router-id 3.3.3.3
network 31.31.35.3 0.0.0.0 a 0
此时管理员应该注意下R1 R3
上基于VRF的OSPF
的domain-id
值,现象如下:
R1#show ip ospf
Routing Process
"ospf 1" with ID 1.1.1.1
Domain ID type 0x0005, value
0.0.0.1
R3#show ip ospf
Routing Process
"ospf 2" with ID 3.3.3.3
Domain ID type 0x0005, value
0.0.0.2
步骤3:完成PE
设备上IGP
与MP-BGP
的双向重分发
R1
router bgp 13
address-family ipv4 vrf R13
redistribute ospf 1
router ospf 1
redistribute bgp 13 subnets
R3
router bgp 13
address-family ipv4 vrf R13
redistribute ospf 2
router ospf 2
redistribute bgp 13 subnets
此时管理员应该到R5上校验所学习到的关于4.4.4.4
的网络信息:
R5#show ip route ospf
4.0.0.0/32 is subnetted, 1 subnets
O E2
4.4.4.4 [110/11] via 31.31.35.3, 00:00:45,
Ethernet0/1
31.0.0.0/24 is subnetted, 2 subnets
O E2
31.31.14.0 [110/1] via 31.31.35.3, 00:00:45,
Ethernet0/1
步骤4:在PE
设备上将OSPF
的domain-id
值统一
R1
router ospf 1
domain-id 0.0.0.1
R3
router ospf 2
domain-id 0.0.0.1
此时管理员应该在PE
设备上利用”show ip ospf”命令校验domain-id
是否修改,现象如下:
R1#show ip ospf
Routing Process
"ospf 1" with ID 1.1.1.1
Domain ID type 0x0005, value
0.0.0.1
R3#show ip ospf
Routing Process
"ospf 2" with ID 3.3.3.3
Domain ID type 0x0005, value
0.0.0.1
6.4
校验
(1)
管理员在R5上确认路由类型从O
E2
变为 O IA
R5#show ip route ospf
4.0.0.0/32 is subnetted, 1 subnets
O IA
4.4.4.4 [110/21] via 31.31.35.3, 00:02:15,
Ethernet0/1
31.0.0.0/24 is subnetted, 2 subnets
O IA
31.31.14.0 [110/11] via 31.31.35.3, 00:02:15,
Ethernet0/1
7:MPLS
VPN PE CE OSPF
虚链路实验
7.1
实验拓扑
7.2
实验需求
a.
R1 R2 R3
组成P-NETWORK
b.
R1 R3
扮演PE
设备,创建VRF,VRF
参数如下:
VRF NAME : PASS
VRF RD
: 184:184
VRF RT
: 184:184
c.
按拓扑要求完成OSPF
的配置
7.3
实验步骤
步骤1:完成基本配置
例如:P-NETWORK
PE
C-NETWORK
配置
此时管理员应该注意R1 VRF
路由表项,现象如下:
R1#show ip route vrf R13 ospf
Routing Table: R13
4.0.0.0/32 is subnetted, 1 subnets
O
4.4.4.4 [110/11] via 31.31.14.4, 00:06:03,
Ethernet0/1
R4#show ip route ospf
5.0.0.0/32 is subnetted, 1 subnets
O
5.5.5.5 [110/11] via 31.31.45.5, 00:05:50,
Ethernet0/0
步骤2:配置虚链路
R1
router ospf 1 vrf R13
area 1 virtual-link 4.4.4.4 作为传输区域,和标示为4.4.4.4的设备建立虚链路,千万不要打错远端设备OSPF
ROUTER-ID
R4
router ospf 1
area 1 virtual-link 1.1.1.1
此时管理员应该注意下R1
上OSPF
的邻接关系状态,现象如下:
R1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Address
Interface
4.4.4.4
0
FULL/ -
-
31.31.14.4
OSPF_VL0
4.4.4.4
1
FULL/BDR
00:00:31
31.31.14.4
Ethernet0/1
7.4
校验
(1)
确认R1 VRF
里学习到所连接C-NETWORK
的所有路由
R1#show ip route vrf R13 ospf
Routing Table: R13
4.0.0.0/32 is subnetted, 1 subnets
O
4.4.4.4 [110/11] via 31.31.14.4, 00:01:37, Ethernet0/1
5.0.0.0/32 is subnetted, 1 subnets
O
5.5.5.5
[110/21] via 31.31.14.4, 00:01:37, Ethernet0/1
31.0.0.0/24 is subnetted, 2 subnets
O
31.31.45.0[110/20] via 31.31.14.4, 00:01:37,
Ethernet0/1
7.5
思考题
(1)R5的loopback
0网络透过虚链路被R1的VRF
学习后,是OSPF
的什么类型路由?
是区域内路由,代码是O
8:MPLS
VPN Sham-link(伪链路)
实验
8.1
实验拓扑
8.2
实验需求
a. R1 R2 R3
组成P-Network
b.R1 R3
扮演PE设备,按如下需求完成VRF的创建:
VRF NAME : R13
VRF RD
: 1:3
VRF RT
: 1:3
C.
按拓扑要求完成OSPF
的配置,要求R4 R5
最终以OSPF
内部路由的形式学习到对端loopback 0
网络
8.3
实验步骤
步骤1:完成基础配置
例如:P-NETWORK
的配置
PE
上VRF的配置及PE
与CE
间OSPF
的配置
此时管理员应该在R4 R5
上观察路由表,现象如下:
R4#show ip route ospf
5.0.0.0/32 is subnetted, 1 subnets
O IA
5.5.5.5 [110/21] via 31.31.14.1, 00:09:29,
Ethernet0/0
31.0.0.0/24 is subnetted, 2 subnets
O IA
31.31.35.0 [110/11] via 31.31.14.1, 00:09:29,
Ethernet0/0
R5#show ip route ospf
4.0.0.0/32 is subnetted, 1 subnets
O IA
4.4.4.4 [110/21] via 31.31.35.3, 00:09:55,
Ethernet0/1
31.0.0.0/24 is subnetted, 2 subnets
O IA
31.31.14.0 [110/11] via 31.31.35.3, 00:09:55,
Ethernet0/1
步骤2:在PE
设备上实现伪链路,达到路由还原的目的
R1
int loopback 1
ip vrf for R13
ip add 11.11.11.11 255.255.255.255
exi
router bgp 13
address-family ipv4 vrf R13
network 11.11.11.11 mask 255.255.255.255
exi
router ospf 1 vrf R13
area 0 sham-link 11.11.11.11 33.33.33.33
exi
R3
int loopback 1
ip vrf for R13
ip add 33.33.33.33 255.255.255.255
exi
router bgp 13
address-family ipv4 vrf R13
network 33.33.33.33mask 255.255.255.255
exi
router ospf 1 vrf R13
area 0 sham-link 33.33.33.33 11.11.11.11
8.4
校验
(1)
在R1
上检查MP-BGP VRF
转发表
R1#show ip bgp vpnv4 all
BGP table version is 17, local router ID is
1.1.1.1
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next
Hop
Metric LocPrf Weight Path
Route Distinguisher: 1:3 (default for vrf R13)
*> 4.4.4.4/32
31.31.14.4
11
32768 ?
r>i5.5.5.5/32
3.3.3.3
11
100
0 ?
*> 11.11.11.11/32
0.0.0.0
0
32768 i
*> 31.31.14.0/24
0.0.0.0
0
32768 ?
r>i31.31.35.0/24
3.3.3.3
0
100
0 ?
*>i33.33.33.33/32
3.3.3.3
0
100
0 i
R3#show ip bgp vpnv4 all
BGP table version is 17, local router ID is
3.3.3.3
Status codes: s suppressed, d damped, h history, * valid,
> best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 1:3 (default for vrf R13)
r>i4.4.4.4/32
1.1.1.1
11
100
0 ?
*> 5.5.5.5/32
31.31.35.5
11
32768 ?
*>i11.11.11.11/32
1.1.1.1
0
100
0 i
r>i31.31.14.0/24
1.1.1.1
0
100
0 ?
*> 31.31.35.0/24
0.0.0.0
0
32768 ?
*> 33.33.33.33/32
0.0.0.0
0
32768 i
(2)检查R1
与R3的SHAM-LINK
链路状态
R1#show ip ospf sham-links
Sham Link OSPF_SL0 to address 33.33.33.33 is
up
Area 0 source address 11.11.11.11
Run as demand
circuit
DoNotAge LSA
allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals
configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:02
Adjacency
State FULL (Hello suppressed)
………………………………
(3)校验R1
R3
上是否有SHAM-LINK
邻接关系
R1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Address
Interface
3.3.3.3
0
FULL/ -
-
33.33.33.33
OSPF_SL0
4.4.4.4
1
FULL/DR
00:00:35
31.31.14.4
Ethernet0/0
(4)R4
R5
查看路由表,确认O IA
路由被还原为O
R4#show ip route ospf
33.0.0.0/32 is subnetted, 1 subnets
O E2
33.33.33.33 [110/1] via 31.31.14.1, 00:04:56,
Ethernet0/0
5.0.0.0/32 is subnetted, 1 subnets
O
5.5.5.5 [110/22] via 31.31.14.1, 00:04:56,
Ethernet0/0
11.0.0.0/32 is subnetted, 1 subnets
O E2
11.11.11.11 [110/1] via 31.31.14.1, 00:04:56,
Ethernet0/0
31.0.0.0/24 is subnetted, 2 subnets
O
31.31.35.0 [110/21] via 31.31.14.1, 00:04:56,
Ethernet0/0、
R5#
R5#show ip route ospf
33.0.0.0/32 is subnetted, 1 subnets
O E2
33.33.33.33 [110/1] via 31.31.35.3, 00:05:22,
Ethernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O
4.4.4.4 [110/22] via 31.31.35.3, 00:05:22,
Ethernet0/1
11.0.0.0/32 is subnetted, 1 subnets
O E2
11.11.11.11 [110/1] via 31.31.35.3, 00:05:22,
Ethernet0/1
31.0.0.0/24 is subnetted, 2 subnets
O
31.31.14.0 [110/21] via 31.31.35.3, 00:05:22,
Ethernet0/1
9:MPLS-VPN
SHAM-LINK
疑难解析实验
9.1
实验拓扑
9.2
实验需求
a. R1 R2 R3
组成P-NETWORK
b.管理员按如下需求完成VRF
的创建:
VRF NAME:VPN-A
VRF RD :100:100
VRF RT :100:100
R1 R3
是PE
设备,R1 E0/1
口加入VRF,R3的E0/0
加入VRF
d.
管理员按拓扑要求完成OSPF
的配置
e.
要求最终R5
与R6
抵达任意OSPF
区域网络首选BACKBONE
链路,backbone
链路出现故障后才选择从backdoor
链路抵达
9.3
实验步骤
步骤1:完成基础配置
例如:P-Network
配置
VRF
的创建
C-Network
配置
此时管理员应该发现R1
是不从R4
学习R5 loopback 0网络
步骤2:完成PE
与CE
上的虚链路
R1
router ospf 1 vrf VPN_A
area 14 virtual-link 4.4.4.4
R4
router ospf 1
area 14 virtual-link 1.1.1.1
此时管理员应该发现R1
从R4
学习R5 LOOPBACK 0
网络,现象如下:
R1#show ip route vrf VPN_A ospf
Routing Table: VPN_A
5.0.0.0/32 is subnetted, 1 subnets
O
5.5.5.5 [110/21] via 31.31.14.4, 00:00:30,
Ethernet0/1
6.0.0.0/32 is subnetted, 1 subnets
O IA
6.6.6.6 [110/31] via 31.31.14.4, 00:00:30, Ethernet0/1
31.0.0.0/24 is subnetted, 4 subnets
O IA
31.31.36.0 [110/40] via 31.31.14.4, 00:00:30,
Ethernet0/1
O
31.31.45.0 [110/20] via 31.31.14.4, 00:00:30,
Ethernet0/1
O IA
31.31.56.0 [110/30] via 31.31.14.4, 00:00:30,
Ethernet0/1
此时管理员在R6
上查看R6
如何抵达R5 loopback 0
网络,现象如下:
R6#show ip route | in 5.5.5.5
O IA
5.5.5.5 [110/11] via 31.31.56.5, 00:05:40, Ethernet0/1
步骤3:在R6的E0/1
口重新设定COST,使得R6
抵达R5的LOOPBACK
0网络选择BACKBONE
路径抵达
R6
int e0/1
ip ospf cost 100
此时管理员再次关注R6
路由表中R5 LOOPBACK 0网络走向
R6#show ip route | in 5.5.5.5
O IA
5.5.5.5 [110/31] via 31.31.36.3, 00:00:39, Ethernet0/0
此时管理员开始关注R5
上如何抵达R6 LOOPBACK 0
网络
R5#show ip route | in 6.6.6.6
O
6.6.6.6 [110/11] via 31.31.56.6, 00:01:33, Ethernet0/1
步骤4:为了完成路由还原这里我们必须在R1
R5
上配置TUNNEL
,形成一个AREA 1
R1
interface Tunnel0
//创建编号为0的TUNNEL
接口
ip vrf
forwarding VPN_A
//将TUNNEL
接口加入VRF
ip unnumbered
Ethernet0/1 //由于不给新建任何地址,所以只能借用设备现有接口地址
tunnel
source Ethernet0/1 //指定TUNNEL
发送数据时,数据包的新包头中源IP地址
tunnel
destination 31.31.45.5 //指定TUNNEL
发送数据时,数据包的新包头中目的IP地址
tunnel mode gre
ip //指定TUNNEL
的数据封装格式为GRE(通用路由封装)
tunnel vrf VPN_A
//告诉TUNNEL
,TUNNEL
目的地址的可用路由条目存在于VRF VPN_A
中
ip ospf 1 area 1
//将该TUNNEL
修改为OSPF AREA 1
R5
interface Tunnel0
ip unnumbered
Ethernet0/0
ip ospf 1 area
1
tunnel source
Ethernet0/0
tunnel
destination 31.31.14.1
此时完成如上配置,管理员应该发现R1
上多了一个OSPF
邻接关系是TUNNE了的,现象如下:
R1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Address
Interface
4.4.4.4
0
FULL/ -
-
31.31.14.4
OSPF_VL0
5.5.5.5
0
FULL/ -
00:00:34
31.31.45.5
Tunnel0
4.4.4.4
1
FULL/DR
00:00:38
31.31.14.4
Ethernet0/1
步骤5:PE
设备配置SHAM-LINK
做路由还原
R1
interface loopback 1
ip vrf forward VPN_A
ip address 11.11.11.11 255.255.255.255
exi
router bgp 13
address-family ipv4 vrf VPN_A
network 11.11.11.11 mask 255.255.255.255
!
router ospf 1 vrf VPN_A
area 1 sham-link 11.11.11.11 33.33.33.33
R3
interface loopback 1
ip vrf forward VPN_A
ip address 33.33.33.33 255.255.255.255
exi
router bgp 13
address-family ipv4 vrf VPN_A
network 33.33.33.33 mask 255.255.255.255
!
router ospf 1 vrf VPN_A
area 1 sham-link 33.33.33.33 11.11.11.11
此时完成如上配置,管理员应该发现R1 R3
多了一个SHAM-LINK邻接关系,现象如下:
R1#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Address
Interface
4.4.4.4
0
FULL/ -
-
31.31.14.4
OSPF_VL0
3.3.3.3
0
FULL/ -
-
33.33.33.33
OSPF_SL1
5.5.5.5
0
FULL/ -
00:00:35
31.31.45.5
Tunnel0
4.4.4.4
1
FULL/DR
00:00:39
31.31.14.4
Ethernet0/1
步骤6:修改R5
E0/1
口COST值
interface e0/1
Ip ospf cost 20000
9.4
校验
(1)R5 R6
上校验对端LOOPBACK 0网络路由路径
R5#show ip route | in 6.6.6.6
O
6.6.6.6 [110/11123] via 31.31.14.1, 00:00:45, Tunnel0
R6#show ip route | in 5.5.5.5
O IA
5.5.5.5 [110/31] via 31.31.36.3, 00:01:03, Ethernet0/0
9.5思考题
(1)请问R5
R6
是否可以PING
通对端LOOPBACK 0
网络?假设可以通,请问路由路径及标签交换过程是什么?