MPBGP MPLS VPN 实验组网—— PE 与 CE 间使用EBGP(AS号替换substitute-as
https://i-blog.csdnimg.cn/direct/18e28d8fcf184aa1a3d46c70d50849d9.png实验目标
A-Hub 与 A-Spoke 为同一家公司的两地网络,B-Hub 与 B-Spoke 为另一家公司的两地网络,AR1、AR2、AR3 为运营商网络,内部 IGP 使用 OSPF 连通,外网构建 BGP 网络;各个 CE 与PE 之间部署运行 EBGP,且 A-Hub 与 A-Spoke 使用类似的 AS号码,B-Hub 与 B-Spoke 使用类似的 AS 号码;令 RTA 与 RTC
之间实现 MPLS VPN,在穿越 BGP 网络环境下实现公司内部的通信
RD+RT
RT是属性(RT【RouteTarget】路由标记;BGP的扩展community属性)
RD是数值(RD【Route Distinguisher】路由区分器)
更新与撤销,都会携带RD值;在IPv4前缀前加上RD,转换为全局唯一的VPN-IPv4路由
RD的结构使得每个运营商可以独立地分配RD,但为了在某些应用场景下包管路由正常,
必须包管RD全局唯一(其实保举每个客户一个RD)
RT的本质是每个VPN实例表达自己的路由取舍及喜好的方式(RT在路由学习时区分)
一、基础设置
基础设置,端口IP
//防止自动退出
user-interface con 0
idle-timeout 0 0
q
1、AR1、AR2、AR3 使用OSPF
AR1
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.252
interface GigabitEthernet0/0/1
ip address 14.1.1.1 255.255.255.252
interface GigabitEthernet0/0/2
ip address 15.1.1.1 255.255.255.252
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1 router-id 1.1.1.1
area 0
network 12.1.1.1 0.0.0.3
AR2
system-view
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 23.1.1.1 255.255.255.252
interface GigabitEthernet0/0/2
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf 1 router-id 2.2.2.2
area 0
network 12.1.1.2 0.0.0.3
network 23.1.1.1 0.0.0.3
network 2.2.2.2 0.0.0.0
AR3
sys
interface GigabitEthernet0/0/0
ip address 23.1.1.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 36.1.1.1 255.255.255.252
interface GigabitEthernet0/0/2
ip address 37.1.1.1 255.255.255.252
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1 router-id 3.3.3.3
area 0
net 23.1.1.0 0.0.0.255
net 3.3.3.3 0.0.0.0
AR2查看OSPF关系是否正常启动
dis ospf peer br
OSPF Process 1 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full
0.0.0.0 GigabitEthernet0/0/1 3.3.3.3 Full
----------------------------------------------------------------------------
2、AR1-AR3 起BGP
AR1-AR3 起BGP
AR1
BGP 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface lo 0
AR3
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface lo 0
AR1-AR3 使能对等体交换 BGP-VPNv4 路由信息
AR1
ipv4-family vpnv4
peer 3.3.3.3 enable
AR3
ipv4-family vpnv4
peer 1.1.1.1 enable
BGP-VPNv4查看BGP邻居关系
dis bgp vpnv4 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V ASMsgRcvdMsgSentOutQ Up/Down State Pre fRcv
3.3.3.3 4 100 2 3 0 00:00:37 Established 0
3、 全局开启MPLS LDP
R1 (只有G0/0/0须要使用LDP,G0/0/1使用MP-BGP)
mpls lsr-id 1.1.1.1
mpls
Info: Mpls starting, please wait... OK!
mpls ldp
int g0/0/0
mpls
mpls ldp
R2
mpls lsr-id 2.2.2.2
mpls
Info: Mpls starting, please wait... OK!
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
R3
mpls ls 3.3.3.3
mpls
Info: Mpls starting, please wait... OK!
mpls ldp
int g0/0/0
mpls
mpls ldp
查看LDP关系
AR3上执行display mpls ldp session命令可以看到与相邻的LDP对等体关系
Status为“Operational”。
(保举每步都查看下状态,避免累计到末了排障困难)
dis mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAMSsnRoleSsnAge KASent/Rcv
------------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 0000:00:39158/158
3.3.3.3:0 Operational DU Passive0000:00:35144/144
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
4.R1、R3 设置 VRF (Vpn-instance)
R1 设置VRF并绑定端口(端口地址会被扫除,重新设置)
RD建议每客户全局唯一,RT可以类似(RT决定这个路由我收不收)
R1与A-Hub的互联接口
ip vpn-instance A
route-distinguisher 100:1
vpn-target 100:1
int g0/0/1
ip binding vpn-instance A
ip add 14.1.1.1 30
R1与B-Hub的互联接口
ip vpn-instance B
route-distinguisher 200:1
vpn-target 200:1
int g0/0/2
ip binding vpn-instance B
ip add 15.1.1.1 30
R3 设置VRF (VPN实例)
ip vpn-instance A
route-distinguisher 100:1
vpn-target 100:1
int g0/0/1
ip binding vpn-instance A
ip add 36.1.1.1 30
ip vpn-instance B
route-distinguisher 200:1
vpn-target 200:1
int g0/0/2
ip binding vpn-instance B
ip add 37.1.1.1 30
二、CE、PE 起EBGP关系
A-Hub 、AR1
A-Hub
bgp 200
peer 14.1.1.1 as-number 100
peer 14.1.1.1 ebgp-max-hop 2
peer 14.1.1.1 connect-interface GigabitEthernet 0/0/0
AR1
bgp 100
ipv4-family vpn-instance A
peer 14.1.1.2 as 200
peer 14.1.1.2 ebgp-max-hop 2
peer 14.1.1.2 connect-interface g0/0/1
查看BGP关系
dis bgp peer
BGP local router ID : 14.1.1.2
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer V ASMsgRcvdMsgSentOutQUp/Down State Pre
fRcv
14.1.1.1 4 100 2 5 0 00:00:02 Established
B-Hub 、AR1
查看BGP关系不停处于 Idle状态,查看发现B-Hub BGP AS号未按照规划使用
undo bgp 重新 进入 bgp as 300
B-Hub
bgp 200
peer 15.1.1.1 as-number 100
peer 15.1.1.1 ebgp-max-hop 2
peer 15.1.1.1 connect-interface GigabitEthernet 0/0/0
AR1
bgp 100
ipv4-family vpn-instance B
peer 15.1.1.2 as 300
peer 15.1.1.2 ebgp-max-hop 2
peer 15.1.1.2 connect-interface g0/0/2
A-Spoke、AR3
A-Spoke
bgp 200
peer 36.1.1.1 as-number 100
peer 36.1.1.1 ebgp-max-hop 2
peer 36.1.1.1 connect-interface GigabitEthernet 0/0/0
AR3
bgp 100
ipv4-family vpn-instance A
peer 36.1.1.2 as 200
peer 36.1.1.2 ebgp-max-hop 2
peer 36.1.1.2 connect-interface g0/0/1
B-Spoke、AR3(关系未启动,查看是接口绑定VPN 关系错误,有提示黏贴的时候没注意)
B-Spoke
bgp 300
peer 37.1.1.1 as-number 100
peer 37.1.1.1 ebgp-max-hop 2
peer 37.1.1.1 connect-interface GigabitEthernet 0/0/0
AR3
bgp 100
ipv4-family vpn-instance B
peer 37.1.1.2 as 300
peer 37.1.1.2 ebgp-max-hop 2
peer 37.1.1.2 connect-interface g0/0/2
测试排障
A
int lo 1
ip address 192.168.1.1 24
bgp 200
net 192.168.1.0
B
int lo 1
ip add 172.168.1.1 24
net 172.168.1.1 24
可以查看到 PE (AR1)收到了192.168.2.1的路由但是 A-Hub却没有收到
AR1
dis bgp vpnv4 vpn-instance A routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history,i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance A, Router ID 1.1.1.1:
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.1.0 14.1.1.2 0 0 200i
*>i192.168.2.1/32 3.3.3.3 0 100 0 200i
A-Hub
dis bgp routing-table
BGP Local router ID is 14.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history,i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.1.0 0.0.0.0 0 0 i
IBGP:运行于同一AS内部的BGP称为IBGP。为防止AS内产生环路,BGP装备不将从IBGP对等体学习到的路由发布给其他IBGP对等体
在MPLS VPN场景中,若PE与CE之间运行EBGP交互路由信息,则大概会出现两个站点的AS号类似的情况
https://i-blog.csdnimg.cn/direct/b0ce7be73664484dbd44629100b801e8.png
若CE1通过EBGP向PE1发送一条私网路由,并颠末PE2发送到CE2,则CE2会由于AS号重复丢弃这条路由,
导致属于同一VPN的Site 1和Site 2之间无法连通
*
peer substitute-as
执行此命令后,当PE向指定对等体中的CE发布路由时,如果路由的AS_Path中有与CE类似的AS号,将被替换成PE的AS号后再发布。
说明:peer substitute-as仅适用于BGP MPLS IP/VPN里的PE装备上,设置不当会引起路由环路,请谨慎使用。
进入AR1
ipv4-family vpn-instance A
peer 14.1.1.2 substitute-as
再次查看 A-Hub的路由条目
https://i-blog.csdnimg.cn/direct/9840cdc3f5fa4afeaaceef62d0c4bd60.png
但是此时没有在R3上进行对于A-Hub的AS号替换
此时 A-Spoke路由条目依旧不正常
dis bgp routing-table
BGP Local router ID is 36.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history,i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.2.1/32 0.0.0.0 0 0 i
AR3
ipv4-family vpn-instance A
peer 36.1.1.2 substitute-as
此时从Ahub ping A spoke
ping -a 192.168.1.1 192.168.2.1
PING 192.168.2.1: 56data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=252 time=50 ms
Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=252 time=50 ms
Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=252 time=40 ms
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]