07 MPLS VPN与OSPF防环机制
作者:互联网
1、底层IGP
2、配置MPLS LDP
3、配置MP-BGP
R2(config)#router bgp 100
R2(config-router)#neighbor 4.4.4.4 remote-as 100
R2(config-router)#neighbor 4.4.4.4 update-source loopback 0
R2(config-router)#neighbor 5.5.5.5 remote-as 100
R2(config-router)#neighbor 5.5.5.5 update-source loopback 0
R2(config-router)#address-family vpnv4 unicast
R2(config-router-af)#neighbor 4.4.4.4 activate
R2(config-router-af)#neighbor 5.5.5.5 activate
R4(config)#router bgp 100
R4(config-router)#neighbor 2.2.2.2 remote-as 100
R4(config-router)#neighbor 2.2.2.2 update-source loopback 0
R4(config-router)#neighbor 5.5.5.5 remote-as 100
R4(config-router)#neighbor 5.5.5.5 update-source loopback 0
R4(config-router)#address-family vpnv4 unicast
R4(config-router-af)#neighbor 2.2.2.2 activate
R4(config-router-af)#neighbor 5.5.5.5 activate
R5(config)#router bgp 100
R5(config-router)#neighbor 2.2.2.2 remote-as 100
R5(config-router)#neighbor 2.2.2.2 update-source loopback 0
R5(config-router)#neighbor 4.4.4.4 remote-as 100
R5(config-router)#neighbor 4.4.4.4 update-source loopback 0
R5(config-router)#address-family vpnv4 unicast
R5(config-router-af)#neighbor 2.2.2.2 activate
R5(config-router-af)#neighbor 4.4.4.4 activate
4、查看BGP邻居信息
R2(config)#do show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 100 8 7 1 0 0 00:02:57 0
5.5.5.5 4 100 4 3 1 0 0 00:01:06 0
R4#show ip bgp summary
BGP router identifier 4.4.4.4, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 100 8 8 1 0 0 00:03:22 0
5.5.5.5 4 100 4 3 1 0 0 00:01:21 0
R5#show ip bgp summary
BGP router identifier 5.5.5.5, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 100 3 5 1 0 0 00:01:46 0
4.4.4.4 4 100 3 4 1 0 0 00:01:37 0
5、配置VRF,以及RD、RT并绑定接口
R2(config)#vrf definition alex
R2(config-vrf)#rd 6:6
R2(config-vrf)#route-target both 8:8
R2(config-vrf)#address-family ipv4
R2(config-vrf-af)#exit
R2(config-vrf)#exit
R2(config)#interface ethernet 0/0
R2(config-if)#vrf forwarding alex
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R4(config)#vrf definition alex
R4(config-vrf)#rd 6:6
R4(config-vrf)#route-target both 8:8
R4(config-vrf)#address-family ipv4
R4(config-vrf-af)#exit
R4(config-vrf)#exit
R4(config)#interface ethernet 0/2
R4(config-if)#vrf forwarding alex
R4(config-if)#ip address 47.1.1.4 255.255.255.0
R5(config)#vrf definition alex
R5(config-vrf)#rd 6:6
R5(config-vrf)#route-target both 8:8
R5(config-vrf)#address-family ipv4
R5(config-vrf-af)#exit
R5(config-vrf)#exit
R5(config)#interface ethernet 0/0
R5(config-if)#vrf forwarding alex
R5(config-if)#ip address 56.1.1.5 255.255.255.0
6、PE与CE之间部署OSPF
R1(config)#interface ethernet 0/0
R1(config-if)#ip ospf 100 area 0
R2(config)#interface ethernet 0/0
R2(config-if)#ip ospf 100 area 0
R4(config)#interface ethernet 0/2
R4(config-if)#ip ospf 100 area 0
R5(config)#interface ethernet 0/0
R5(config-if)#ip ospf 100 area 0
R6(config)#interface range ethernet 0/0-1
R6(config-if-range)#ip ospf 100 area 0
R7(config)#interface range ethernet 0/1-2
R7(config-if-range)#ip ospf 100 area 0
7、在PE上双点双向路由重分布
R2(config)#router bgp 100
R2(config-router)#address-family ipv4 vrf alex
R2(config-router-af)#redistribute ospf 100 vrf alex
R2(config-router-af)#exit
R2(config-router)#exit
R2(config)#router ospf 100 vrf alex
R2(config-router)#redistribute bgp 100
R4(config)#router bgp 100
R4(config-router)#address-family ipv4 vrf alex
R4(config-router-af)#redistribute ospf 100 vrf alex
R4(config-router-af)#exit
R4(config-router)#exit
R4(config)#router ospf 100 vrf alex
R4(config-router)#redistribute bgp 100
R5(config)#router bgp 100
R5(config-router)#address-family ipv4 vrf alex
R5(config-router-af)#redistribute ospf 100 vrf alex
R5(config-router-af)#exit
R5(config-router)#exit
R5(config)#router ospf 100 vrf alex
R5(config-router)#redistribute bgp 100
8、在R1上将loopback 0宣告进OSPF中
R1(config)#interface loo 0
R1(config-if)#ip ospf 100 area 0
9、在R6上查看OSPF路由表
R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/21] via 47.1.1.4, 00:09:24, Ethernet0/2
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/11] via 47.1.1.4, 00:13:42, Ethernet0/2
56.0.0.0/24 is subnetted, 1 subnets
O 56.1.1.0 [110/20] via 67.1.1.6, 00:19:38, Ethernet0/1
10、在R6上查看1.1.1.1路由的详细信息
R6#show ip ospf database summary 1.1.1.1
OSPF Router with ID (6.6.6.6) (Process ID 100)
Summary Net Link States (Area 0)
LS age: 601
Options: (No TOS-capability, DC, Downward) #downward代表down bit位
LS Type: Summary Links(Network)
Link State ID: 1.1.1.1 (summary Network Number)
Advertising Router: 47.1.1.4
LS Seq Number: 80000001
Checksum: 0x7206
Length: 28
Network Mask: /32
MTID: 0 Metric: 11
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 600
Options: (No TOS-capability, DC, Downward) #down bit位
LS Type: Summary Links(Network)
Link State ID: 1.1.1.1 (summary Network Number)
Advertising Router: 56.1.1.5
LS Seq Number: 80000001
Checksum: 0x1B53
Length: 28
Network Mask: /32
MTID: 0 Metric: 11
为了可以清楚的看到实验效果
1、在R4上修改VRF的RT值,使得R4上学习不到R2直接传递过来的1.1.1.1的路由
R4(config)#vrf definition alex
R4(config-vrf)#no route-target import 8:8
R4(config-vrf)#route-target import 10:10
2、此时在R7上查看路由
R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/31] via 67.1.1.6, 00:02:26, Ethernet0/1
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/21] via 67.1.1.6, 00:02:26, Ethernet0/1
56.0.0.0/24 is subnetted, 1 subnets
O 56.1.1.0 [110/20] via 67.1.1.6, 00:27:32, Ethernet0/1
3、在R上查看详细的路由信息
R7#show ip ospf database summary 1.1.1.1
OSPF Router with ID (7.7.7.7) (Process ID 100)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 1608
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 1.1.1.1 (summary Network Number)
Advertising Router: 56.1.1.5
LS Seq Number: 80000001
Checksum: 0x1B53
Length: 28
Network Mask: /32
MTID: 0 Metric: 11
4、在R4上查看VRF路由表
R4#show ip route vrf alex
Routing Table: alex
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
47.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 47.1.1.0/24 is directly connected, Ethernet0/2
L 47.1.1.4/32 is directly connected, Ethernet0/2
56.0.0.0/24 is subnetted, 1 subnets
O 56.1.1.0 [110/30] via 47.1.1.7, 00:27:13, Ethernet0/2
67.0.0.0/24 is subnetted, 1 subnets
O 67.1.1.0 [110/20] via 47.1.1.7, 00:27:13, Ethernet0/2
5、在R4上查看OSPF数据库
R4#show ip ospf database
OSPF Router with ID (4.4.4.4) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 139 0x80000006 0x00A223 2
3.3.3.3 3.3.3.3 38 0x8000000A 0x004B98 4
4.4.4.4 4.4.4.4 2 0x80000006 0x00682C 2
5.5.5.5 5.5.5.5 1986 0x80000005 0x008402 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
23.1.1.2 2.2.2.2 139 0x80000004 0x00E01F
34.1.1.3 3.3.3.3 38 0x80000004 0x007D6A
35.1.1.3 3.3.3.3 38 0x80000004 0x00A240
OSPF Router with ID (47.1.1.4) (Process ID 100)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
6.6.6.6 6.6.6.6 1731 0x80000005 0x007252 2
7.7.7.7 7.7.7.7 1902 0x80000005 0x00CA01 2
47.1.1.4 47.1.1.4 1666 0x80000005 0x001536 1
56.1.1.5 56.1.1.5 1657 0x80000005 0x00E440 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
47.1.1.7 7.7.7.7 1902 0x80000001 0x005143
56.1.1.6 6.6.6.6 1731 0x80000001 0x005337
67.1.1.7 7.7.7.7 140 0x80000003 0x001D7E
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 56.1.1.5 1657 0x80000001 0x001B53
12.1.1.0 56.1.1.5 1657 0x80000001 0x00313D
6、1.1.1.1的路由时存在于数据库的
7、在R4上查看1.1.1.1的详细信息
R4#show ip ospf database summary 1.1.1.1
OSPF Router with ID (4.4.4.4) (Process ID 1)
OSPF Router with ID (47.1.1.4) (Process ID 100)
Summary Net Link States (Area 0)
LS age: 1737
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 1.1.1.1 (summary Network Number)
Advertising Router: 56.1.1.5
LS Seq Number: 80000001
Checksum: 0x1B53
Length: 28
Network Mask: /32
MTID: 0 Metric: 11
8、是由R7传递过来的,带有 down bit位
9、在R4上查看VPNV4路由
R4#show ip bgp vpnv4 all
BGP table version is 28, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 6:6 (default for vrf alex)
*> 47.1.1.0/24 0.0.0.0 0 32768 ?
*> 56.1.1.0/24 47.1.1.7 30 32768 ?
*> 67.1.1.0/24 47.1.1.7 20 32768 ?
总结:
VRF或者VPN实例下绑定的OSPF进程,对带有down bit的三类LSA不能计算,不能计算即不能方剂你路由表
10、此时在R4上关闭down bit检测,允许计算路由
R4(config)#router ospf 100 vrf alex
R4(config-router)#capability vrf-lite #此行为会导致OSPF邻居重建
*Dec 30 04:20:28.923: %OSPF-5-ADJCHG: Process 100, Nbr 7.7.7.7 on Ethernet0/2 from FULL to DOWN, Neighbor Down: Interface down or detached
*Dec 30 04:20:28.930: %OSPF-5-ADJCHG: Process 100, Nbr 7.7.7.7 on Ethernet0/2 from LOADING to FULL, Loading Done
11、在R4上查看VRF路由表
R4#show ip route vrf alex
Routing Table: alex
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/41] via 47.1.1.7, 00:01:30, Ethernet0/2
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/31] via 47.1.1.7, 00:01:30, Ethernet0/2
47.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 47.1.1.0/24 is directly connected, Ethernet0/2
L 47.1.1.4/32 is directly connected, Ethernet0/2
56.0.0.0/24 is subnetted, 1 subnets
O 56.1.1.0 [110/30] via 47.1.1.7, 00:01:30, Ethernet0/2
67.0.0.0/24 is subnetted, 1 subnets
O 67.1.1.0 [110/20] via 47.1.1.7, 00:01:30, Ethernet0/2
12、在R4上查看BGP VPNV4路由表
R4#show ip bgp vpnv4 all
BGP table version is 34, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 6:6 (default for vrf alex)
*> 1.1.1.1/32 47.1.1.7 41 32768 ?
*> 12.1.1.0/24 47.1.1.7 31 32768 ?
*> 47.1.1.0/24 0.0.0.0 0 32768 ?
*> 56.1.1.0/24 47.1.1.7 30 32768 ?
*> 67.1.1.0/24 47.1.1.7 20 32768 ?
13、在R5上查看BGP VPNV4路由表
R5#show ip bgp vpnv4 all
BGP table version is 32, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 6:6 (default for vrf alex)
* i 1.1.1.1/32 4.4.4.4 41 100 0 ?
*>i 2.2.2.2 11 100 0 ?
* i 12.1.1.0/24 4.4.4.4 31 100 0 ?
*>i 2.2.2.2 0 100 0 ?
*> 47.1.1.0/24 56.1.1.6 30 32768 ?
* i 4.4.4.4 0 100 0 ?
* i 56.1.1.0/24 4.4.4.4 30 100 0 ?
*> 0.0.0.0 0 32768 ?
* i 67.1.1.0/24 4.4.4.4 20 100 0 ?
*> 56.1.1.6 20 32768 ?
总结:
关闭Down bit检测,VRF或者VPN实例下绑定的OSPF进程,会对带有down bit位的三类LSA计算,由于在PE设备上的双点双向重发布,1.1.1.1的路由将倒灌进VPNV4路由表,这样就形成了环
默认down bit检测时开启的
五类LSA 防环,模拟器做不出现象
标签:R4,07,OSPF,MPLS,vrf,router,100,VPN,config 来源: https://blog.csdn.net/weixin_50299079/article/details/115592043