MPLS ×××业务分流案例
1.各路由器基本信息配置
2.OSPF规范配置,修改网络类型为点对点,配置被动接口
3.MPLS骨干网运行OSPF,标签分发协议为LDP
4.RT4和RT5运行MP_IPGP,利用MPLS ×××实现生产与办公业务分流
5.RT4 VRF SC与RT6运行RIP、RT4 VRF BG 与RT7配置静态路由、RT5 VRF SC与RT8运行OSPF,RT5 VRF BG与RT9运行EBGP
IP地址规划如下:
一.基本配置(略)
二.骨干网IGP调测
RT1:
router ospf 1
router-id 1.1.1.1
passive-interface Ethernet3/0
network 1.1.1.1 0.0.0.0 area 0
network 10.0.12.0 0.0.0.3 area 0
network 10.0.13.0 0.0.0.3 area 0
RT2:
router ospf 1
router-id 2.2.2.2
passive-interface default
no passive-interface Serial0/0
no passive-interface Serial0/1
no passive-interface FastEthernet1/0
network 2.2.2.2 0.0.0.0 area 0
network 10.0.12.0 0.0.0.3 area 0
network 10.0.23.0 0.0.0.3 area 0
network 10.0.24.0 0.0.0.3 area 0
int f1/0
ip ospf network point-to-point
RT3:
router ospf 1
router-id 3.3.3.3
passive-interface default
no passive-interface Serial0/0
no passive-interface Serial0/1
no passive-interface FastEthernet1/0
network 3.3.3.3 0.0.0.0 area 0
network 10.0.13.0 0.0.0.3 area 0
network 10.0.23.0 0.0.0.3 area 0
network 10.0.35.0 0.0.0.3 area 0
int f1/0
ip ospf network point-to-point
RT4:
router ospf 1
router-id 4.4.4.4
passive-interface default
no passive-interface Serial0/0
network 4.4.4.4 0.0.0.0 area 0
network 10.0.24.0 0.0.0.3 area 0
RT5:
router ospf 1
router-id 5.5.5.5
passive-interface default
no passive-interface Serial0/0
network 5.5.5.5 0.0.0.0 area 0
network 10.0.35.0 0.0.0.3 area 0
三.骨干网MPLS 调测
RT1:
ip cef // MPLS必须开启CEF
mpls ip //开启MPLS协议
mpls label protocol ldp //选择标签分发协议为LDP
int s0/1
mpls ip //在接口上开启MPLS
mpls mtu 1600 //设置最大MPLS MTU为1600
int s0/2
mpls ip
mpls mtu 1600
RT2:
ip cef
mpls ip
mpls label protocol ldp
int s0/0
mpls ip
mpls mtu 1600
int s0/1
mpls ip
mpls mtu 1600
int f1/0
mpls ip
mpls mtu 1600
RT3:
ip cef
mpls ip
mpls label protocol ldp
int s0/0
mpls ip
mpls mtu 1600
int s0/1
mpls ip
mpls mtu 1600
int f1/0
mpls ip
mpls mtu 1600
RT4:
ip cef
mpls ip
mpls label protocol ldp
int s0/0
mpls ip
mpls mtu 1600
RT5:
ip cef
mpls ip
mpls label protocol ldp
int s0/0
mpls ip
mpls mtu 1600
四.骨干网MP_BGP调测
RT4:
router bgp 65000
no synchronization //关闭同步
neighbor 5.5.5.5 remote-as 65000 //建立BGP邻居
neighbor 5.5.5.5 update-source Loopback0 //指定更新源
neighbor 5.5.5.5 next-hop-self //改变下一跳为自己
no auto-summary //关闭自动汇总
address-family vpnv4 //开启MP_BGP
neighbor 5.5.5.5 activate //建立MP_BGP邻居
neighbor 5.5.5.5 send-community extended //支持团体属性
exit-address-family //退出MP_BGP的配置
RT5:
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 65000
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
no auto-summary
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
五.VRF调测
RT4:
ip vrf BG //建立VRF 命名为BG
rd 2:2 //VRF的RD为2:2
route-target export 2:20 //导出RT为2:20
route-target import 2:10 //导入RT为2:10
ip vrf SC
rd 1:1
route-target export 1:20
route-target import 1:10
RT5:
ip vrf BG
rd 2:2
route-target export 2:10
route-target import 2:20
ip vrf SC
rd 1:1
route-target export 1:10
route-target import 1:20
六.PE与CE路由协议调测
RT4:
router rip //配置CE与PE VRF之间路由协议
version 2
no auto-summary
address-family ipv4 vrf SC //配置MP_BGP
network 172.16.0.0
no auto-summary
version 2
exit-address-family
RT6:
router rip
version 2
network 6.0.0.0
network 172.16.0.0
no auto-summary
RT4:
ip route vrf BG 7.7.7.7 255.255.255.255 Serial0/2 172.17.47.2 //在VRF BG中添加静态路由
ip route vrf BG 172.17.7.0 255.255.255.0 Serial0/2 172.17.47.2
RT7:
ip route 0.0.0.0 0.0.0.0 172.17.47.1 //配置缺省路由
RT5:
router ospf 101 vrf SC //配置VRF SC OSPF
router-id 172.16.5.1
network 172.16.5.0 0.0.0.255 area 0
network 172.16.58.0 0.0.0.3 area 0
RT8:
router ospf 1
router-id 8.8.8.8
passive-interface Ethernet3/0
network 8.8.8.8 0.0.0.0 area 0
network 172.16.8.0 0.0.0.255 area 0
network 172.16.58.0 0.0.0.3 area 0
network 0.0.0.0 255.255.255.255 area 0
RT5:
router bgp 65000 //配置EBGP
address-family ipv4 vrf BG //配置MP_BGP
neighbor 172.17.59.2 remote-as 65001 //建立EBGP邻居
no auto-summary
no synchronization
exit-address-family
RT9:
router bgp 65001
no synchronization
network 9.9.9.9 mask 255.255.255.255
network 172.17.9.0 mask 255.255.255.0
network 172.17.59.0 mask 255.255.255.252
neighbor 172.17.59.1 remote-as 65000
no auto-summary
七.MPLS ×××调测
RT4:
router bgp 65000
address-family ipv4 vrf SC
redistribute connected metric 1000 //重分布直连到MP_BGP
redistribute rip metric 1000 //重RIP直连到MP_BGP
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf BG
redistribute connected metric 1000 //重分布直连到MP_BGP
redistribute static metric 1000 //重分布静态到MP_BGP
no auto-summary
no synchronization
exit-address-family
router rip
redistribute bgp 65000 metric 5 //重分布VRF SC到RIP
RT5:
router bgp 65000
address-family ipv4 vrf SC
redistribute connected metric 1000 //重分布直连到MP_BGP
redistribute ospf 101 vrf SC metric 1000 match internal external 1 external 2 //重分布OSPF 101 VRF SC中的匹配外部5类类型1和类型2的路由到MP_BGP中
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf BG
redistribute connected metric 1000 //重分布直连到MP_BGP
exit-address-family
//PE_CE路由协议为EBGP时,VRF中的EBGP路由自动导出至MP_BGP表。
调测命令:
show ip bgp vpnv4 all summary //显示MP_BGP的邻居信息
show mpls forwarding-tabel //显示MPLS转发表
show mpls ldp bindings //显示MPLS LDP的标签绑定信息
show ip route vrf SC //显示VRF SC的路由信息
show ip bgp vpnv4 all //显示BGP中×××V4的所有路由
show ip bgp vpnv4 all labels //显示BGP中×××V4的所有路由及标签
如果配置没有问题,而某条路由在MP-BGP表中存在,而没有自己导入VRF,请使用:
clear ip route vrf ×××名字
分析RT8的172.16.8.0/24路由的传播:
1.首先RT8上有一条直连路由
C 172.16.8.0/24 is directly connected, Ethernet3/0
2.RT5的VRF SC与RT8配置了OSPF(CE与PE VRF路由协议),通过OSPF将172.16.8.0/24路由传播到RT5的VRF SC(这条路由只在VRF SC中能看到,在RT5的全局路由表中不存在)
RT5#show ip route vrf SC
O 172.16.8.0/24 [110/110] via 172.16.58.2, 00:08:58, Serial0/1
3.通过重分布将OSPF的路由发布到MP_BGP中,同时为这路由加上RT、RD、私网标签
RT5#show ip bgp vpnv4 all labels
Route Distinguisher: 1:1 (SC)
172.16.8.0/24 172.16.58.2 26/nolabel
RD为1:1 ×××名为SC 下一跳为172.16.58.2私网IN标签为26 OUT标签为无
同时在MPLS标签转发中形成转发条目
RT5#show mpls forwarding-table
26 Untagged 172.16.8.0/24[V] 0 Se0/1 point2point
LOCAL标签为26(分发出去的私网标签)OUT标签为Untagged 删除标签 下一条为S0/1
4.MP_BGP发起路由,通过update来报文传播路由,打上公网标签,通过LSP传递到RT4(公网标签用来在MPLS网络中转发,LSP上的转发过程不再叙述)
RT5#show ip bgp vpnv4 all
Route Distinguisher: 1:1 (default for vrf SC)
*> 172.16.8.0/24 172.16.58.2 1000 32768 ?
MP_BGP始发此路由
以上是MP_BGP的update报文,就是将原有的BGP的NIRL属性和不可达路由属性替换成MP_REACH_NLRI和MP_UNREACH_NIRL属性
Extended_Communities属性中有RT为1:10
MP_REACH_NLRI属性中有私网标签为26 RD为1:1 IPV4路由172.16.8.0/24
VRF的IPV4路由打上RD,就变成了×××V4路由
补充:
RD路由区分符,主要用来标识不同的IP地址空间,因此每个VRF都必须(也只能)配置1个RD;
RT路由目标,就是Extended Comununity属性,用来控制VRF之间的互访关系,将VRF的IPV4路由打上RT导出到MP_BGP中,经PE-PE之间MP-IBGP邻居传播到远端的PE上,远端PE进行RT匹配,根据RT的匹配关系,将这些路由导入到不同的VRF中。利用RT的导入导出关系,控制VRF的访问范围,就形成了不同的×××,也就实现了业务分流。
5.RT4的MP_BGP收到此update报文后,比较RT是否跟自己的VRF入RT一致,若有一致,则导入到相应的VRF中,这里的是与RT4的VRF SC一致,所以导入
,同时将私网标签和RD保存
RT4#show ip bgp vpnv4 all labels
Route Distinguisher: 1:1 (SC)
172.16.8.0/24 5.5.5.5 nolabel/26
RD为1:1 ×××名为SC 下一跳为5.5.5.5 私网IN标签为无 OUT标签为26
RT4#show ip bgp vpnv4 all labels
Route Distinguisher: 1:1 (SC)
*>i172.16.8.0/24 5.5.5.5 1000 100 0 ?
RT4收到的BGP路由
6.通过重分布将MP_BGP的路由发布到RIP中,通过RT4的VRF SC与RT6之间的RIP路由协议将路由传递给RT6,最后RT6上形成一条RIP路由
R 172.16.8.0/24 [120/5] via 172.16.46.1, 00:00:21, Serial0/0
其它CE与PE VRF间的IGP路由协议路由的传播与以上类似
RT6的与RT8的172.168.1的通信过程分析(其中所提到的路由条目可看上面):
首先RT6收到数据包,以目标IP查找路由,找到匹配项出接口为S0/0,数据转发,RT4的VRF SC收到该数据包,查找路由表,找到匹配的BGP路由,私网OUT标签为26,下一跳为5.5.5.5,不是直连的,以5.5.5.5为目标IP查找MPLS转发表,找到匹配项,OUT标签为21(关于5.5.5.5标签的分发看前面的博文吧)
,出接口为S0/0,为直连接口转发,通过LSP传播到RT5(中间MPLS转发见前面博文),RT5通过私网标签26查找MPLS转发表,找到匹配项,OUT标签为Untagged ,删除标签,从出接口S0/1转发出去,RT8收到数据包,查找路由表,交给相应的接口。
附加:RT7可以访问RT8和RT9,RT6只能和RT8通讯 应该怎么配置VRF
RT4 VRF BG配置如下:
ip vrf BG
rd 2:2
route-target export 2:20
route-target import 2:10
route-target import 1:10
RT5的VRF SC配置如下:
ip vrf SC
rd 1:1
route-target export 1:10
route-target import 1:20
route-target import 2:20
其它配置同上不变!即可实现以上需求!
末做修改前是不通的,修改后可以互通!VRF的RT可以灵活运用,来使业务分流!后面将会有一篇MPLS ×××互访关系控制案例!这里就不多讲了!
