MPLS ×××第七话：PE-CE间运行OSPF进阶之伪装链路

 OSPF提供了很多的小特性，可以说他很灵活，也可以说他很复杂。我就有一个经验，如果你启用ISIS的话，你会发现他发现邻居学习路由十分快，但是OSPF就需要一点点时间。简单好用才是最好，网络界有一个KISS原理，就是keep it simple，stupid。

下面的这个实验描述了这么一种情况。有一个公司有四个分部，分部之间通过ISP提供×××连接。PE-CE间运行OSPF在area 0，其中CE-3和CE-4有一条低速链路，也运行在OSPF area 0。

这种拓扑造成的结果就是次优路由。分部之间所有的数据流量都没有走ISP的superbackbone，走的是CE-3和CE-4间的backdoor链路。造成这种原因的原因很简单，就是OSPF路由优先级的比较：O>O IA。

要改变这种情况的可以使用sham-link（伪装链路），他能够在PE之间建立一条链路来泛洪LSA，也就是说，PE之间能够传递O路由了。Sham-link也算一种按需电路，按需电路的特点就是没有周期性的LSA刷新了，这样节省了带宽，减轻网络负载。

建立Sham-link特别需要注意的一点是，他是作为×××客户地址空间里面的，因此，这个地址需要宣告经 MP-BGP被对端PE学习到后才能够建立连接。在实际的生产环境中，也需要考虑客户的地址编址方案然后建立loopback接口实现连接。

基本配置

R1:

!

hostname CE1-A

!

interface Loopback0

 ip address 172.16.10.1 255.255.255.0

 ip ospf network point-to-point

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.15

 encapsulation dot1Q 15

 ip address 15.1.1.1 255.255.255.0

!

router ospf 100

 router-id 1.1.1.1

 log-adjacency-changes

 passive-interface Loopback0

 network 15.1.1.1 0.0.0.0 area 0

 network 172.16.10.0 0.0.0.255 area 0

 distribute-list 10 in FastEthernet0/0.15   #这里使用分发列表拒绝了一些无关紧要的路由是路由表更直观

!

access-list 10 deny   34.1.1.0 0.0.0.255

access-list 10 deny   35.1.1.0 0.0.0.255

access-list 10 deny   27.1.1.0 0.0.0.255

access-list 10 deny   47.1.1.0 0.0.0.255

access-list 10 permit any

!

R2:

!

hostname CE2-A

!

interface Loopback0

 ip address 172.16.20.1 255.255.255.0

 ip ospf network point-to-point

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.27

 encapsulation dot1Q 27

 ip address 27.1.1.2 255.255.255.0

!

router ospf 100

 router-id 2.2.2.2

 log-adjacency-changes

 passive-interface Loopback0

 network 27.1.1.2 0.0.0.0 area 0

 network 172.16.20.0 0.0.0.255 area 0

 distribute-list 10 in FastEthernet0/0.27    

!

access-list 10 deny   34.1.1.0 0.0.0.255

access-list 10 deny   35.1.1.0 0.0.0.255

access-list 10 deny   15.1.1.0 0.0.0.255

access-list 10 deny   47.1.1.0 0.0.0.255

access-list 10 permit any

 

R3:

hostname CE3-A

!

interface Loopback0

 ip address 172.16.30.1 255.255.255.0

 ip ospf network point-to-point

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.34

 encapsulation dot1Q 34

 ip address 34.1.1.3 255.255.255.0

!

interface FastEthernet0/0.35

 encapsulation dot1Q 35

 ip address 35.1.1.3 255.255.255.0

!

router ospf 100

 router-id 3.3.3.3

 log-adjacency-changes

 passive-interface Loopback0

 network 34.1.1.3 0.0.0.0 area 0

 network 35.1.1.3 0.0.0.0 area 0

 network 172.16.30.0 0.0.0.255 area 0

 distribute-list 10 in FastEthernet0/0.34

 distribute-list 10 in FastEthernet0/0.35

!

access-list 10 deny   15.1.1.0 0.0.0.255

access-list 10 deny   27.1.1.0 0.0.0.255

access-list 10 deny   47.1.1.0 0.0.0.255

access-list 10 permit any

!

 

R4:

 

hostname CE4-A

!

boot-start-marker

!

interface Loopback0

 ip address 172.16.40.1 255.255.255.0

 ip ospf network point-to-point

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.34

 encapsulation dot1Q 34

 ip address 34.1.1.4 255.255.255.0

!

interface FastEthernet0/0.47

 encapsulation dot1Q 47

 ip address 47.1.1.4 255.255.255.0

!

router ospf 100

 router-id 4.4.4.4

 log-adjacency-changes

 passive-interface Loopback0

 network 34.1.1.4 0.0.0.0 area 0

 network 47.1.1.4 0.0.0.0 area 0

 network 172.16.40.0 0.0.0.255 area 0

 distribute-list 10 in FastEthernet0/0.34

 distribute-list 10 in FastEthernet0/0.47

!

access-list 10 deny   15.1.1.0 0.0.0.255

access-list 10 deny   27.1.1.0 0.0.0.255

access-list 10 deny   35.1.1.0 0.0.0.255

access-list 10 permit any

 

 

R5:

!

hostname PE1-AS1

!

ip cef

!

ip vrf ×××-A

 rd 1:0

 route-target export 1:0

 route-target import 1:0

!

mpls label range 500 599

mpls label protocol ldp

!

interface Loopback0

 ip address 5.5.5.5 255.255.255.255

 isis circuit-type level-2-only

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.15

 encapsulation dot1Q 15

 ip vrf forwarding ×××-A

 ip address 15.1.1.5 255.255.255.0

!

interface FastEthernet0/0.35

 encapsulation dot1Q 35

 ip vrf forwarding ×××-A

 ip address 35.1.1.5 255.255.255.0

!

interface FastEthernet0/0.56

 encapsulation dot1Q 56

 ip address 56.1.1.5 255.255.255.0

 ip router isis

 mpls ldp discovery transport-address interface

 mpls ip

 isis circuit-type level-2-only

!

router ospf 100 vrf ×××-A

 router-id 5.5.5.5

 log-adjacency-changes

 redistribute bgp 1 subnets

 network 15.1.1.5 0.0.0.0 area 0

 network 35.1.1.5 0.0.0.0 area 0

!

router isis

 net 47.5670.0000.0005.00

 is-type level-2-only

 metric-style wide

 passive-interface Loopback0

!

router bgp 1

 bgp router-id 5.5.5.5

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 7.7.7.7 remote-as 1

 neighbor 7.7.7.7 update-source Loopback0

 !

 address-family vpnv4

 neighbor 7.7.7.7 activate

 neighbor 7.7.7.7 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf ×××-A

 redistribute ospf 100 vrf ×××-A

 no synchronization

 exit-address-family

!

ip http server

no ip http secure-server

!

mpls ldp router-id Loopback0 force

!

R6:

hostname P-AS1

!

ip cef

!

mpls label range 600 699

mpls label protocol ldp       

!

interface Loopback0

 ip address 6.6.6.6 255.255.255.255

 isis circuit-type level-2-only

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.56

 encapsulation dot1Q 56

 ip address 56.1.1.6 255.255.255.0

 ip router isis

 mpls ldp discovery transport-address interface

 mpls ip

 isis circuit-type level-2-only

!

interface FastEthernet0/0.67

 encapsulation dot1Q 67

 ip address 67.1.1.6 255.255.255.0

 ip router isis

 mpls ldp discovery transport-address interface

 mpls ip

 isis circuit-type level-2-only

!

router isis

 net 47.5670.0000.0006.00

 is-type level-2-only

 metric-style wide

 passive-interface Loopback0

!

mpls ldp router-id Loopback0 force

!

R7:

hostname PE2-AS1

!

ip cef

!

ip vrf ×××-A

 rd 1:0

 route-target export 1:0

 route-target import 1:0

!        

no ip domain lookup

!

mpls label range 700 799

mpls label protocol ldp

!

interface Loopback0

 ip address 7.7.7.7 255.255.255.255

 isis circuit-type level-2-only

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/0.27

 encapsulation dot1Q 27

 ip vrf forwarding ×××-A

 ip address 27.1.1.7 255.255.255.0

!

interface FastEthernet0/0.47

 encapsulation dot1Q 47

 ip vrf forwarding ×××-A

 ip address 47.1.1.7 255.255.255.0

!        

interface FastEthernet0/0.67

 encapsulation dot1Q 67

 ip address 67.1.1.7 255.255.255.0

 ip router isis

 mpls ldp discovery transport-address interface

 mpls ip

 isis circuit-type level-2-only

!

router ospf 100 vrf ×××-A

 router-id 7.7.7.7

 log-adjacency-changes

 redistribute bgp 1 subnets

 network 27.1.1.7 0.0.0.0 area 0

 network 47.1.1.7 0.0.0.0 area 0

!

router isis

 net 47.5670.0000.0007.00

 is-type level-2-only

 metric-style wide

 passive-interface Loopback0

!

router bgp 1

 bgp router-id 7.7.7.7

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 5.5.5.5 remote-as 1

 neighbor 5.5.5.5 update-source Loopback0

 !

 address-family vpnv4

 neighbor 5.5.5.5 activate

 neighbor 5.5.5.5 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf ×××-A

 redistribute ospf 100 vrf ×××-A

 no synchronization

 exit-address-family

!

mpls ldp router-id Loopback0 force

!

基本配置完成之后查看一下。

1.       PE间的×××对等体建立

PE1-AS1#sh ip bgp vpnv4 all summary

BGP router identifier 5.5.5.5, local AS number 1

BGP table version is 19, main routing table version 19

9 network entries using 1233 bytes of memory

18 path entries using 1224 bytes of memory

15/7 BGP path/bestpath attribute entries using 1860 bytes of memory

2 BGP extended community entries using 80 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 4397 total bytes of memory

BGP activity 9/0 prefixes, 18/0 paths, scan interval 15 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

7.7.7.7         4     1      48      48       19    0    0 00:31:50        9

 

2.       CE学习到的路由（没有使用sham-link之前的路由表）。

CE3-A(config)#do sh ip route os

     172.16.0.0/24 is subnetted, 4 subnets

O       172.16.40.0 [110/11] via 34.1.1.4, 00:01:18, FastEthernet0/0.34

O       172.16.20.0 [110/31] via 34.1.1.4, 00:01:18, FastEthernet0/0.34

O       172.16.10.0 [110/21] via 35.1.1.5, 00:01:18, FastEthernet0/0.35

 

CE4-A(config)#do sh ip rou os

     172.16.0.0/24 is subnetted, 4 subnets

O       172.16.30.0 [110/11] via 34.1.1.3, 00:01:35, FastEthernet0/0.34

O       172.16.20.0 [110/21] via 47.1.1.7, 00:01:35, FastEthernet0/0.47

O       172.16.10.0 [110/31] via 34.1.1.3, 00:01:35, FastEthernet0/0.34

从上面CE-3和CE-4可以看出，都是O路由。这就是次优路由。对，O路由反而是次优路由，如果是O IA的话反而正常了。下面的PE路由器的路由输出也显示了他都没有走superbackbone，走的是IGP路由，即backdoor的那条低速链路。

PE1-AS1#sh ip bgp vpnv4 all

BGP table version is 19, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 1:0 (default for vrf ×××-A)

* i15.1.1.0/24      7.7.7.7                 40    100      0 ?

*>                  0.0.0.0                  0         32768 ?

* i27.1.1.0/24      7.7.7.7                  0    100      0 ?

*>                  35.1.1.3                40         32768 ?

* i34.1.1.0/24      7.7.7.7                 20    100      0 ?

*>                  35.1.1.3                20         32768 ?

* i35.1.1.0/24      7.7.7.7                 30    100      0 ?

*>                  0.0.0.0                  0         32768 ?

* i47.1.1.0/24      7.7.7.7                  0    100      0 ?

*>                  35.1.1.3                30         32768 ?

* i172.16.10.0/24   7.7.7.7                 41    100      0 ?

*>                  15.1.1.1                11         32768 ?

* i172.16.20.0/24   7.7.7.7                 11    100      0 ?

*>                  35.1.1.3                41         32768 ?

* i172.16.30.0/24   7.7.7.7                 21    100      0 ?

*>                  35.1.1.3                11         32768 ?

   Network          Next Hop            Metric LocPrf Weight Path

* i172.16.40.0/24   7.7.7.7                 11    100      0 ?

*>                  35.1.1.3                21         32768 ?

 

3.       在PE上建立loopback接口，并且重发布进MP-BGP

PE1-AS1:

interface Loopback1

 ip vrf forwarding ×××-A

 ip address 172.16.5.1 255.255.255.255

 

router bgp 1

 address-family ipv4 vrf ×××-A

 network 172.16.5.1 mask 255.255.255.255

 

AS1-PE2上作同样的动作，接口地址为172.16.7.1

 

4.       查看是否收到新发布的路由。

PE1-AS1#sh ip b vpn all 172.16.7.1

BGP routing table entry for 1:0:172.16.7.1/32, version 25

Paths: (1 available, best #1, table ×××-A)

  Not advertised to any peer

  Local

    7.7.7.7 (metric 20) from 7.7.7.7 (7.7.7.7)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:1:0

      mpls labels in/out nolabel/712

收到了。

5.       建立SHAM-LINK。

AS1-PE1:

router ospf 100 vrf ×××-A

 area 0 sham-link 172.16.5.1 172.16.7.1

AS1-PE2上做同样的动作。

如果操作正常会看到这样的消息提示，

*Mar  1 00:17:05.339: %OSPF-5-ADJCHG: Process 100, Nbr 5.5.5.5 on OSPF_SL0 from LOADING to FULL, Loading Done

 我们此时去查看AS1-PE1的ospf邻居表就会发现有三个邻居，如下所示：

PE1-AS1#sh ip os n

Neighbor ID     Pri   State           Dead Time   Address         Interface

7.7.7.7           0   FULL/  -           -        172.16.7.1      OSPF_SL0

3.3.3.3           1   FULL/DR         00:00:38    35.1.1.3        FastEthernet0/0.35

1.1.1.1           1   FULL/DR         00:00:34    15.1.1.1        FastEthernet0/0.15

其中7.7.7.7就是用sham-link建立起来的，他的接口显示的是OSPF-SL0，与建立虚链路有点类似。

当然，我们可以直接使用命令show ip ospf sham-link来更直接的查看建立信息。

PE1-AS1#sh ip ospf sham-links

Sham Link OSPF_SL0 to address 172.16.7.1 is up

Area 0 source address 172.16.5.1

  Run as demand circuit

  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,

  Timer intervals configured, Hello 10, Dead 40, Wait 40,

    Hello due in 00:00:06

    Adjacency State FULL (Hello suppressed)

    Index 3/3, retransmission queue length 0, number of retransmission 0

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 0, maximum is 0

    Last retransmission scan time is 0 msec, maximum is 0 msec

6.       再去CE上看看路由表。

CE3-A#sh ip route os

     172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks

O       172.16.40.0/24 [110/11] via 34.1.1.4, 00:00:03, FastEthernet0/0.34

O       172.16.20.0/24 [110/22] via 35.1.1.5, 00:00:03, FastEthernet0/0.35

O       172.16.10.0/24 [110/21] via 35.1.1.5, 00:00:03, FastEthernet0/0.35

O E2    172.16.5.1/32 [110/1] via 35.1.1.5, 00:00:03, FastEthernet0/0.35

O E2    172.16.7.1/32 [110/1] via 35.1.1.5, 00:00:03, FastEthernet0/0.35

注意上面的输出，去往 CE1和CE2的路由都正确了，但是去往CE4的还是不对，期望的结果是走superbackbone而不是这条backdoor。

通过修改cost值实现。可以修改后门链路的cost值也可以修改sham-link的cost值。修改方法很简单这里不列了。

CE3-A#sh ip rou os

     172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks

O       172.16.40.0/24 [110/22] via 35.1.1.5, 00:07:30, FastEthernet0/0.35

O       172.16.20.0/24 [110/22] via 35.1.1.5, 00:07:30, FastEthernet0/0.35

O       172.16.10.0/24 [110/21] via 35.1.1.5, 00:07:30, FastEthernet0/0.35

O E2    172.16.5.1/32 [110/1] via 35.1.1.5, 00:07:30, FastEthernet0/0.35

O E2    172.16.7.1/32 [110/1] via 35.1.1.5, 00:07:30, FastEthernet0/0.35

这就对了。