MPLS OPTION A配置原理及數據通訊分析

時間 2020-10-25

標籤 ide oop 測試 code orm router blog 接口欄目 Java 简体版

原文原文鏈接

場景描述：
as 100和as 300模擬兩家公司的自治域系統，現因業務合做需求，兩公司須要建設mpls ***實現私網互訪，as 567和as 8910模擬ISP，要求ar1 lo0口172.16.1.1和ar3 lo0口172.16.3.3通訊。（ar2和ar4同需求）ide

各廣播域網段和地址如圖，isp路由器lo0地址以序號編號，如R5 lo0地址爲5.5.5.5/32，R6-R10同理；R1-R4 lo0地址分別爲172.16.1.1/32，172.16.2.2/32，172.16.3.3/32,172.16.4.4/32.
oop

1、isp內部igp互通
1.一、配置全部設備ip地址，如圖（具體步驟略）
1.二、isp內創建ospf鄰居，宣告環回口測試

R5：
ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 56.1.1.5 0.0.0.0 

R6：
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 6.6.6.6 0.0.0.0 
  network 56.1.1.6 0.0.0.0 
  network 67.1.1.6 0.0.0.0 

R7：
ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 7.7.7.7 0.0.0.0 
  network 67.1.1.7 0.0.0.0 

R8：
ospf 1 router-id 8.8.8.8 
 area 0.0.0.0 
  network 8.8.8.8 0.0.0.0 
  network 89.1.1.8 0.0.0.0 

R9：
ospf 1 router-id 9.9.9.9 
 area 0.0.0.0 
  network 9.9.9.9 0.0.0.0 
  network 89.1.1.9 0.0.0.0 
  network 91.1.1.9 0.0.0.0

R10：
ospf 1 router-id 10.10.10.10 
 area 0.0.0.0 
  network 10.10.10.10 0.0.0.0 
  network 91.1.1.10 0.0.0.0

查看是否已成功創建ospf鄰居：

ui

2、isp內部創建mpls隧道，使用ldp自動分發標籤，解決未來的路由黑洞code

R5：
mpls lsr-id 5.5.5.5
mpls
interface GigabitEthernet0/0/1
 mpls
 mpls ldp

R6：
mpls lsr-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/1
 mpls
 mpls ldp
interface GigabitEthernet0/0/0
 mpls
 mpls ldp

R7：
mpls lsr-id 7.7.7.7
mpls
mpls ldp
interface GigabitEthernet0/0/0
 mpls
 mpls ldp

R8：
mpls lsr-id 8.8.8.8
mpls
mpls ldp
interface GigabitEthernet0/0/1
 mpls
 mpls ldp

R9：
mpls lsr-id 9.9.9.9
mpls
mpls ldp
interface GigabitEthernet0/0/1
 mpls
 mpls ldp
interface GigabitEthernet0/0/0
 mpls
 mpls ldp

R10：
mpls lsr-id 10.10.10.10
mpls
mpls ldp
interface GigabitEthernet0/0/0
 mpls
 mpls ldp

查看ldp鄰居是否成功創建：orm

[R6]dis mpls ldp peer 

 LDP Peer Information in Public network
 A '*' before a peer means the peer is being deleted.
 ------------------------------------------------------------------------------
 PeerID                 TransportAddress   DiscoverySource
 ------------------------------------------------------------------------------
 5.5.5.5:0              5.5.5.5            GigabitEthernet0/0/0
 7.7.7.7:0              7.7.7.7            GigabitEthernet0/0/1
 ------------------------------------------------------------------------------
 TOTAL: 2 Peer(s) Found.

[R6]

[R8]dis mpls ldp peer 

 LDP Peer Information in Public network
 A '*' before a peer means the peer is being deleted.
 ------------------------------------------------------------------------------
 PeerID                 TransportAddress   DiscoverySource
 ------------------------------------------------------------------------------
 9.9.9.9:0              9.9.9.9            GigabitEthernet0/0/1
 ------------------------------------------------------------------------------
 TOTAL: 1 Peer(s) Found.

[R8]

3、PE設備創建v4鄰居，用於未來傳遞路由router

R5：
bgp 567
 undo default ipv4-unicast
 peer 7.7.7.7 as-number 567 
 peer 7.7.7.7 connect-interface LoopBack0
 ipv4-family unicast
  undo synchronization
  undo peer 7.7.7.7 enable
 ipv4-family ***v4
  policy ***-target
  peer 7.7.7.7 enable

R7：
bgp 567
 undo default ipv4-unicast
 peer 5.5.5.5 as-number 567 
 peer 5.5.5.5 connect-interface LoopBack0
 ipv4-family unicast
  undo synchronization
  undo peer 5.5.5.5 enable
 ipv4-family ***v4
  policy ***-target
  peer 5.5.5.5 enable

R8：
bgp 8910
 undo default ipv4-unicast
 peer 10.10.10.10 as-number 8910 
 peer 10.10.10.10 connect-interface LoopBack0
 ipv4-family unicast
  undo synchronization
  undo peer 10.10.10.10 enable
 ipv4-family ***v4
  policy ***-target
  peer 10.10.10.10 enable

R10：
bgp 8910
 undo default ipv4-unicast
 peer 8.8.8.8 as-number 8910 
 peer 8.8.8.8 connect-interface LoopBack0
 ipv4-family unicast
  undo synchronization
  undo peer 8.8.8.8 enable
 ipv4-family ***v4
  policy ***-target
  peer 8.8.8.8 enable

查看***v4鄰居是否正常創建：blog

[R7]dis bgp ***v4 al pe

 BGP local router ID : 7.7.7.7
 Local AS number : 567
 Total number of peers : 1                Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv

  5.5.5.5         4         567        7        7     0 00:05:29 Established       0
[R7]

[R10]dis bgp  ***v4 al pe

 BGP local router ID : 10.10.10.10
 Local AS number : 8910
 Total number of peers : 1                Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv

  8.8.8.8         4        8910        2        2     0 00:00:46 Established       0
[R10]

4、創建CE與PE設備的鏈接
4.一、PE設備上建立vrf實例接口

R5：
ip ***-instance 15
 ipv4-family
  route-distinguisher 15:15
  ***-target 57:5 export-extcommunity
  ***-target 57:7 import-extcommunity
ip ***-instance 25
 ipv4-family
  route-distinguisher 25:25
  ***-target 75:5 export-extcommunity
  ***-target 75:7 import-extcommunity

R7：
ip ***-instance 17
 ipv4-family
  route-distinguisher 17:17
  ***-target 57:7 export-extcommunity
  ***-target 57:5 import-extcommunity
ip ***-instance 27
 ipv4-family
  route-distinguisher 27:27
  ***-target 75:7 export-extcommunity
  ***-target 75:5 import-extcommunity

R8：
ip ***-instance 38
 ipv4-family
  route-distinguisher 38:38
  ***-target 810:8 export-extcommunity
  ***-target 810:10 import-extcommunity
ip ***-instance 48
 ipv4-family
  route-distinguisher 48:48
  ***-target 108:8 export-extcommunity
  ***-target 108:10 import-extcommunity

R10：
ip ***-instance 310
 ipv4-family
  route-distinguisher 310:310
  ***-target 810:10 export-extcommunity
  ***-target 810:8 import-extcommunity
ip ***-instance 410
 ipv4-family
  route-distinguisher 410:410
  ***-target 108:10 export-extcommunity
  ***-target 108:8 import-extcommunity

4.二、PE設備接口綁定vrf實例
R5：
interface GigabitEthernet0/0/0
 ip binding ***-instance 15
 ip address 15.1.1.5 255.255.255.0 
interface GigabitEthernet0/0/2
 ip binding ***-instance 25
 ip address 25.1.1.5 255.255.255.0 

R10：
interface GigabitEthernet0/0/1
 ip binding ***-instance 310
 ip address 31.1.1.10 255.255.255.0 
interface GigabitEthernet0/0/2
 ip binding ***-instance 410
 ip address 41.1.1.10 255.255.255.0

4.三、PE與CE創建bgp ipv4鄰居關係ip

R5：
bgp 567
 ipv4-family ***-instance 15 
  peer 15.1.1.1 as-number 100 
 ipv4-family ***-instance 25 
  peer 25.1.1.2 as-number 200 

R1：
bgp 100
 peer 15.1.1.5 as-number 567 
 ipv4-family unicast
  undo synchronization
  peer 15.1.1.5 enable

R2：
bgp 200
 peer 25.1.1.5 as-number 567 
 ipv4-family unicast
  undo synchronization
  peer 25.1.1.5 enable

R10：
bgp 8910
 ipv4-family ***-instance 310 
  peer 31.1.1.3 as-number 300 
 ipv4-family ***-instance 410 
  peer 41.1.1.4 as-number 400 

R3：
bgp 300
 peer 31.1.1.10 as-number 8910 
 ipv4-family unicast
  undo synchronization
  peer 31.1.1.10 enable

R4：
bgp 400
 peer 41.1.1.10 as-number 8910 
 ipv4-family unicast
  undo synchronization
  peer 41.1.1.10 enable

查看是否成功創建ipv4鄰居關係：

5、使用子接口，創建asbr的bgp鏈接

R7：
interface GigabitEthernet0/0/1.13
 dot1q termination vid 13
 ip binding ***-instance 17
 ip address 192.168.78.7 255.255.255.0 
 arp broadcast enable
interface GigabitEthernet0/0/1.24
 dot1q termination vid 24
 ip binding ***-instance 27
 ip address 192.168.78.7 255.255.255.0 
 arp broadcast enable
bgp 567
 ipv4-family ***-instance 17 
  peer 192.168.78.8 as-number 8910 
 ipv4-family ***-instance 27 
  peer 192.168.78.8 as-number 8910 

R8：
interface GigabitEthernet0/0/0.13
 dot1q termination vid 13
 ip binding ***-instance 38
 ip address 192.168.78.8 255.255.255.0 
 arp broadcast enable
interface GigabitEthernet0/0/0.24
 dot1q termination vid 24
 ip binding ***-instance 48
 ip address 192.168.78.8 255.255.255.0 
 arp broadcast enable
bgp 8910
 ipv4-family ***-instance 38 
  peer 192.168.78.7 as-number 567 
 ipv4-family ***-instance 48 
  peer 192.168.78.7 as-number 567

6、在CE設備上用bgp宣告路由

R1：
bgp 100
network 172.16.1.1 255.255.255.255

R2：
bgp 200
network 172.16.2.2 255.255.255.255

R3：
bgp 300
network 172.16.3.3 255.255.255.255

R4：
bgp 400
network 172.16.4.4 255.255.255.255

7、測試

8、注意點
8.一、PE設備鏈接CE時，除了用bgp外，也能夠用ospf、isis等igp協議，但這樣作的話就必須在PE、CE設備上都執行雙向引入；
8.二、mpls lsr-id 路由必須可達，且須要是32位路由，由於ldp默認只爲32位路由分配標籤；

9、數據通訊分析
9.一、路由傳遞路徑分析
R1使用bgp傳遞lo0路由172.16.1.1/32給R5，172.16.1.1/32經過R5的g/0/0/0口進入vrf 15，路由被打上RD變成96位的v4路由，由於R5和R7位mp-bgp鄰居且出入RT值匹配，因此R7能夠接收R5傳來的172.16.1.1/32的路由並進入R7的vrf 17(此路由攜帶內網標籤)；R7的g0/0/1.13綁定vrf 17，右半部分的全部設備被R7當作vrf 17的CE，因此R7會把接收到的路由172.16.1.1/32進入vrf 17後的ipv4路由傳遞給R8；R8也把左半邊設備當作CE，因此172.16.1.1/32會進入vrf 38並打上RD變成路由，再根據RT出入值發送給R10(此路由攜帶內網標籤)；R10收到1.1.1.1/32後加入vrf 310並把ipv4路由發送給bgp鄰居R3，R3至此收到了172.16.1.1/32.
9.二、數據流量分析
R3查看全局路由表，發送目的地址爲172.16.1.1的數據包給31.1.1.10；R10查看-instance 310，在ip層下壓入內網標籤(用於告訴R8該查哪張路由表)，再壓入外網標籤(用於解決as8910的路由黑洞)；數據包到達R8後查找-instance 38路由表進入R7；R7查找-instance 17路由表並壓入內網、外網標籤，到達R5；R5查找-instance 15路由錶轉發給R1.

10、優缺點
優勢：原理簡單，便於理解，只是將ASBR所鏈接的另外一個AS當作CE，而後經過子接口創建BGP鄰居
缺點：配置過程繁瑣，在須要創建多個通道的時候，ASBR上建立的子接口會不少；且ASBR須要維護路由，有違背MPLS ***路由傳遞按照CE1-PE1-PE2-CE2路線的理念。