【实验】MPLS L3VPN中OSPF三类和五类LSA防环机制

本文最后一次被修改是在:2016年11月6日20:26:23

其他相关文章:

  • 如果您只是想查看MPLS L3VPN的基础配置,请看:《【实验】MPLS L3VPN详解》;
  • 如果您想查看更多关于MPLS L3VPN的内容请在搜索框中搜索:“MPLS L3VPN”。

 

实验环境:

操作系统:Windows 10(1607,14393.351,当时最新测试版),模拟器:GNS3 IOU for Windows 1.5.2(当时最新正式版)
注:当然,只要有思科模拟器都可以做这个实验

MPLS L3VPN中OSPF三类和五类LSA防环机制
MPLS L3VPN中OSPF三类和五类LSA防环机制

实验需求:

  • IOU2、IOU3和IOU4相当于是服务提供商(SP),运行MPLS、IGP(OSPF)和BGP;
  • IOU1、IOU5和IOU6相当于是某企业,通过服务提供商(SP)提供的MPLS L3VPN进行互通;
  • 同时,IOU1和IOU5之间还有一段备份链路,比如是通过无线4G使用GRE tunnel技术搭建起来的。

先配置IP地址,IP地址我的配置习惯是:

  1. 对于路由器IOUx的Lo 0地址:x.x.x.x /32;
  2. 对于路由器IOUx和IOUy的直连地址:IOUx 上是 xy.1.1.x /24,IOUy 上是 xy.1.1.y /24,同时x < y。
IOU1:

en
conf t
int l 0
ip add 1.1.1.1 255.255.255.255

int e 0/0
ip add 12.1.1.1 255.255.255.0
no sh

int e 0/1
ip add 15.1.1.1 255.255.255.0
no sh

IOU2:

en
conf t
int l 0
ip add 2.2.2.2 255.255.255.255

int e 0/0
ip add 12.1.1.2 255.255.255.0
no sh

int e 0/1
ip add 23.1.1.2 255.255.255.0
no sh

IOU3:

en
conf t
int l 0
ip add 3.3.3.3 255.255.255.255

int e 0/0
ip add 36.1.1.3 255.255.255.0
no sh

int e 0/1
ip add 23.1.1.3 255.255.255.0
no sh

int e 0/2
ip add 34.1.1.3 255.255.255.0
no sh

IOU4:

en
conf t
int l 0
ip add 4.4.4.4 255.255.255.255

int e 0/0
ip add 45.1.1.4 255.255.255.0
no sh

int e 0/2
ip add 34.1.1.4 255.255.255.0
no sh

IOU5:

en
conf t
int l 0
ip add 5.5.5.5 255.255.255.255

int e 0/0
ip add 45.1.1.5 255.255.255.0
no sh

int e 0/1
ip add 15.1.1.5 255.255.255.0
no sh

IOU6:

en
conf t
int l 0
ip add 6.6.6.6 255.255.255.255

int e 0/0
ip add 36.1.1.6 255.255.255.0
no sh

再根据图中的要求快速完成MPLS L3VPN的配置:

IOU2:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router os 100
router-id 2.2.2.2

int e 0/1
mpls ip

int r e 0/1 , l 0
ip os 100 a 0

router bgp 100
bgp router-id 2.2.2.2
no bgp def ipv4
nei 3.3.3.3 remot 100
nei 3.3.3.3 up l 0
nei 4.4.4.4 remot 100
nei 4.4.4.4 up l 0
add vpnv4 un
nei 3.3.3.3 ac
nei 4.4.4.4 ac

ip vrf IOU1
rd 100:1
route-target export 1:1
route-target import 5:5
route-target import 6:6

int e 0/0
ip vrf f IOU1
ip add 12.1.1.2 255.255.255.0

router os 200 vrf IOU1
red bgp 100 subnets

int e 0/0
ip os 200 a 0

router bgp 100
add ipv4 vrf IOU1
red os 200

IOU3:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router os 100
router-id 3.3.3.3

int r e 0/1-2
mpls ip

int r e 0/1-2 , l 0
ip os 100 a 0

router bgp 100
bgp router-id 3.3.3.3
no bgp def ipv4
nei 2.2.2.2 remot 100
nei 2.2.2.2 up l 0
nei 4.4.4.4 remot 100
nei 4.4.4.4 up l 0
add vpnv4 un
nei 2.2.2.2 ac
nei 4.4.4.4 ac

ip vrf IOU6
rd 100:6
route-target export 6:6
route-target import 1:1

int e 0/0
ip vrf f IOU6
ip add 36.1.1.3 255.255.255.0

router os 300 vrf IOU6
red bgp 100 subnets

int e 0/0
ip os 300 a 0

router bgp 100
add ipv4 vrf IOU6
red os 300 ma e i

IOU4:

ip cef
mpls ip
mpls label pro ldp
mpls ldp ro l 0 fo

router os 100
router-id 4.4.4.4

int e 0/2
mpls ip

int r e 0/2 , l 0
ip os 100 a 0

router bgp 100
bgp router-id 4.4.4.4
no bgp def ipv4
nei 3.3.3.3 remot 100
nei 3.3.3.3 up l 0
nei 2.2.2.2 remot 100
nei 2.2.2.2 up l 0
add vpnv4 un
nei 3.3.3.3 ac
nei 2.2.2.2 ac

ip vrf IOU5
rd 100:5
route-target export 5:5
route-target import 1:1

int e 0/0
ip vrf f IOU5
ip add 45.1.1.4 255.255.255.0

router os 200 vrf IOU5
red bgp 100 subnets

int e 0/0
ip os 200 a 0

router bgp 100
add ipv4 vrf IOU5
red os 200 ma e i

IOU1:

router os 200
router-id 1.1.1.1
int r e 0/0 , e 0/1 , l 0
ip os 200 a 0

IOU5:

router os 200
router-id 5.5.5.5
int r e 0/0 , e 0/1 , l 0
ip os 200 a 0

IOU6:

router os 300
router-id 6.6.6.6
int r e 0/0 , l 0
ip os 300 a 0

实验过程:

先来看看IOU1的RIB(路由表),可以发现此时5.5.5.5是O路由:

IOU1#sh ip route 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 15.1.1.5, 00:00:44, Ethernet0/1 ———— O 路由
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/11] via 12.1.1.2, 00:00:20, Ethernet0/0
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.1.1.0/24 is directly connected, Ethernet0/0
L        12.1.1.1/32 is directly connected, Ethernet0/0
      15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        15.1.1.0/24 is directly connected, Ethernet0/1
L        15.1.1.1/32 is directly connected, Ethernet0/1
      36.0.0.0/24 is subnetted, 1 subnets
O E2     36.1.1.0 [110/1] via 12.1.1.2, 00:00:20, Ethernet0/0
      45.0.0.0/24 is subnetted, 1 subnets
O        45.1.1.0 [110/20] via 15.1.1.5, 00:00:44, Ethernet0/1

现在shutdown掉IOU1的e 0/1:

IOU1(config)#int e 0/1
IOU1(config-if)#sh
IOU1(config-if)#
*Nov  6 08:14:49.854: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/1 from
 FULL to DOWN, Neighbor Down: Interface down or detached
IOU1(config-if)#
*Nov  6 08:14:51.851: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to
 administratively down
*Nov  6 08:14:52.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
 changed state to down

mpls vpn ospf lsa 2首先IOU1和IOU5属于同一个OSPF进程和区域,在IOU1的e 0/1口shutdown后,IOU5的路由会从MPLS L3VPN传到IOU1(如上图所示)。因为中间的MPLS L3VPN相当于是OSPF的超级骨干区域(SuperBackbone),所以IOU1看到IOU5是O IA路由,而不是O路由了。

超级骨干区域就好比是area 0+(或者理解为area 0),IOU1和IOU5好比是area 0(或者理解为area 1),所以IOU1和IOU5虽然同属一个OSPF进程和区域,但是他们之间被area 0+(或者理解为area 0)打断了。如果您还不清楚为什么IOU1看到IOU5是O IA路由,请看另一个实验:【实验】OSPF中一个关于O IA路由的问题

IOU6和IOU1之间本来就不属于同一个OSPF进程和区域,所以在IOU1上IOU6的路由显示为O E2路由。

IOU1#sh ip ro
 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
        a - application route
        + - replicated route, % - next hop override

 Gateway of last resort is not set

       1.0.0.0/32 is subnetted, 1 subnets
 C        1.1.1.1 is directly connected, Loopback0
       5.0.0.0/32 is subnetted, 1 subnets
 O IA     5.5.5.5 [110/21] via 12.1.1.2, 00:11:12, Ethernet0/0
                                —— IOU5的OSPF进程号为200,与IOU1的OSPF进程号一致,
                                  同时被超级骨干区域隔断后这是O IA路由,而不是O路由
      6.0.0.0/32 is subnetted, 1 subnets
 O E2     6.6.6.6 [110/11] via 12.1.1.2, 00:11:35, Ethernet0/0
           —— IOU6的OSPF进程号为300,与IOU1的OSPF进程号不一致,所以这是O E2外部路由
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C        12.1.1.0/24 is directly connected, Ethernet0/0
 L        12.1.1.1/32 is directly connected, Ethernet0/0
       15.0.0.0/24 is subnetted, 1 subnets
 O IA     15.1.1.0 [110/30] via 12.1.1.2, 00:11:12, Ethernet0/0
       36.0.0.0/24 is subnetted, 1 subnets
 O E2     36.1.1.0 [110/1] via 12.1.1.2, 00:11:35, Ethernet0/0
       45.0.0.0/24 is subnetted, 1 subnets
 O IA     45.1.1.0 [110/11] via 12.1.1.2, 00:11:12, Ethernet0/0

现在我们开启IOU1的e 0/1接口,重新打开IOU1和IOU5之间的链路:

IOU1(config)#int e 0/1
IOU1(config-if)#no sh
IOU1(config-if)#
*Nov  6 08:40:42.896: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Nov  6 08:40:43.901: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
 changed state to up
IOU1(config-if)#
*Nov  6 08:40:48.511: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/1 from
 LOADING to FULL, Loading Done

然后接着完成下面的配置。

LSA-5 domain-tag防环:

通过上面的说明我们知道,对于IOU1和IOU5来说,来自IOU6的6.6.6.6的路由是O E2外部路由,属于LSA-5

如下图所示,如果没有相应的防环机制,6.6.6.6的路由就会经过IOU2传递给IOU1,IOU1再传递给IOU5,IOU5再传递给IOU4,IOU4再传递给IOU2,然后就出环了。

mpls vpn ospf lsa 3但是你会发现IOU4的vrf IOU5里并没有把这条6.6.6.6路由加入路由表:

IOU4#sh ip route vrf IOU5

Routing Table: IOU5
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/21] via 45.1.1.5, 00:00:09, Ethernet0/0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 45.1.1.5, 00:00:09, Ethernet0/0
      12.0.0.0/24 is subnetted, 1 subnets
O        12.1.1.0 [110/30] via 45.1.1.5, 00:00:09, Ethernet0/0
      15.0.0.0/24 is subnetted, 1 subnets
O        15.1.1.0 [110/20] via 45.1.1.5, 00:00:09, Ethernet0/0
      45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        45.1.1.0/24 is directly connected, Ethernet0/0
L        45.1.1.4/32 is directly connected, Ethernet0/0

我们去OSPF数据库看一看:

IOU4#sh ip ospf database

            OSPF Router with ID (4.4.4.4) (Process ID 100)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         510         0x80000002 0x00C008 2
3.3.3.3         3.3.3.3         474         0x80000003 0x00133F 3
4.4.4.4         4.4.4.4         473         0x80000002 0x008611 2

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
23.1.1.3        3.3.3.3         509         0x80000001 0x00AE4F
34.1.1.4        4.4.4.4         473         0x80000001 0x004B9A

            OSPF Router with ID (45.1.1.4) (Process ID 200)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         303         0x80000004 0x003673 3
5.5.5.5         5.5.5.5         303         0x80000004 0x002A03 3
12.1.1.2        12.1.1.2        481         0x80000002 0x00796C 1
45.1.1.4        45.1.1.4        462         0x80000002 0x000554 1

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
12.1.1.2        12.1.1.2        481         0x80000001 0x00FB0A
15.1.1.5        5.5.5.5         303         0x80000001 0x00D81F
45.1.1.4        45.1.1.4        462         0x80000001 0x00C7C4

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum       Tag
6.6.6.6         12.1.1.2        432         0x80000001 0x00B417    3489661028
                                                               —— 有6.6.6.6的路由
36.1.1.0        12.1.1.2        432         0x80000001 0x00784F   3489661028

其实这条路由已经做了五类domain-tag防环了。

关于tag的计算:十进制3489661028,转换成十六进制是:d0000064,再取后面的16个bit:0064,十六进制的0064也就是十进制的100,相当于在这里打了一个标记——把MPLS L3VPN上的BGP AS号(BGP AS 100)添加到了tag中。当IOU4看到这个tag,发现自己也在BGP AS 100中,于是这条路由就不加路由表了。

在IOU4上关闭OSPF防环(该命令将同时关闭三类和五类的OSPF防环机制):

IOU4(config)#router ospf 200
IOU4(config-router)#capability vrf-lite
IOU4(config-router)#
*Nov  6 08:50:57.399: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from
 FULL to DOWN, Neighbor Down: Interface down or detached
*Nov  6 08:50:57.406: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from
 LOADING to FULL, Loading Done
IOU4#sh ip route vrf IOU5

Routing Table: IOU5
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/21] via 45.1.1.5, 00:01:58, Ethernet0/0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 45.1.1.5, 00:01:58, Ethernet0/0
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/11] via 45.1.1.5, 00:01:58, Ethernet0/0
                 —— 我们可以看到6.6.6.6加路由表了,并选择了从45.1.1.5,也就是走IOU5
      12.0.0.0/24 is subnetted, 1 subnets
O        12.1.1.0 [110/30] via 45.1.1.5, 00:01:58, Ethernet0/0
      15.0.0.0/24 is subnetted, 1 subnets
O        15.1.1.0 [110/20] via 45.1.1.5, 00:01:58, Ethernet0/0
      36.0.0.0/24 is subnetted, 1 subnets
O E2     36.1.1.0 [110/1] via 45.1.1.5, 00:01:58, Ethernet0/0
      45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        45.1.1.0/24 is directly connected, Ethernet0/0
L        45.1.1.4/32 is directly connected, Ethernet0/0

IOU2#sh bgp vpnv4 un all
BGP table version is 31, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf IOU1)
* i 1.1.1.1/32       4.4.4.4                 21    100      0 ?
*>                   12.1.1.1                11         32768 ?
* i 5.5.5.5/32       4.4.4.4                 11    100      0 ?
*>                   12.1.1.1                21         32768 ?
*>i 6.6.6.6/32       4.4.4.4                 11    100      0 i —— 走4.4.4.4
* i                  3.3.3.3                 11    100      0 ?
* i 12.1.1.0/24      4.4.4.4                 30    100      0 ?
*>                   0.0.0.0                  0         32768 ?
* i 15.1.1.0/24      4.4.4.4                 20    100      0 ?
*>                   12.1.1.1                20         32768 ?
*>i 36.1.1.0/24      4.4.4.4                  1    100      0 i
* i                  3.3.3.3                  0    100      0 ?
*>  45.1.1.0/24      12.1.1.1                30         32768 ?
     Network          Next Hop            Metric LocPrf Weight Path
* i                  4.4.4.4                  0    100      0 ?
Route Distinguisher: 100:5
*>i 1.1.1.1/32       4.4.4.4                 21    100      0 ?
*>i 5.5.5.5/32       4.4.4.4                 11    100      0 ?
*>i 6.6.6.6/32       4.4.4.4                 11    100      0 i —— 走4.4.4.4
*>i 12.1.1.0/24      4.4.4.4                 30    100      0 ?
*>i 15.1.1.0/24      4.4.4.4                 20    100      0 ?
*>i 36.1.1.0/24      4.4.4.4                  1    100      0 i
*>i 45.1.1.0/24      4.4.4.4                  0    100      0 ?
Route Distinguisher: 100:6
*>i 6.6.6.6/32       3.3.3.3                 11    100      0 ?
*>i 36.1.1.0/24      3.3.3.3                  0    100      0 ?

IOU1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 15.1.1.5, 00:15:30, Ethernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/11] via 12.1.1.2, 00:44:32, Ethernet0/0  —— 6.6.6.6出环了
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.1.1.0/24 is directly connected, Ethernet0/0
L        12.1.1.1/32 is directly connected, Ethernet0/0
      15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        15.1.1.0/24 is directly connected, Ethernet0/1
L        15.1.1.1/32 is directly connected, Ethernet0/1
      36.0.0.0/24 is subnetted, 1 subnets
O E2     36.1.1.0 [110/1] via 12.1.1.2, 00:44:32, Ethernet0/0
      45.0.0.0/24 is subnetted, 1 subnets
O        45.1.1.0 [110/20] via 15.1.1.5, 00:05:27, Ethernet0/1

我们可以看到路由在IOU1→IOU2→IOU4→IOU5→IOU1之间循环:

IOU1#tra 6.6.6.6 so l 0
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
  1 12.1.1.2 5 msec 8 msec 6 msec
  2 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 2 msec 1 msec 1 msec
  3 45.1.1.4 [MPLS: Label 28 Exp 0] 2 msec 2 msec 4 msec
  4 45.1.1.5 0 msec 0 msec 1 msec
  5 15.1.1.1 0 msec 0 msec 0 msec
  6 12.1.1.2 0 msec 0 msec 1 msec
  7 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 0 msec 1 msec 1 msec
  8 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 1 msec 0 msec
  9 45.1.1.5 1 msec 0 msec 1 msec
10 15.1.1.1 1 msec 0 msec 1 msec
11 12.1.1.2 0 msec 1 msec 2 msec
12 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 1 msec 1 msec 1 msec
13 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 1 msec 1 msec
14 45.1.1.5 0 msec 1 msec 1 msec
15 15.1.1.1 1 msec 1 msec 0 msec
16 12.1.1.2 0 msec 1 msec 4 msec
17 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 2 msec 1 msec 1 msec
18 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 1 msec 1 msec
19 45.1.1.5 2 msec 2 msec 2 msec
20 15.1.1.1 4 msec 1 msec 1 msec
21 12.1.1.2 1 msec 2 msec 1 msec
22 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 3 msec 2 msec 1 msec
23 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 4 msec 11 msec
24 45.1.1.5 5 msec 2 msec 1 msec
25 15.1.1.1 2 msec 1 msec 2 msec
26 12.1.1.2 1 msec 1 msec 1 msec
27 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 2 msec 2 msec 2 msec
28 45.1.1.4 [MPLS: Label 28 Exp 0] 2 msec 1 msec 2 msec
29 45.1.1.5 1 msec 1 msec 4 msec
30 15.1.1.1 2 msec 2 msec 1 msec

现在,在IOU4上我们开启OSPF的防环机制:

IOU4(config)#router ospf 200
IOU4(config-router)#no capability vrf-lite
IOU4(config-router)#
*Nov  6 08:58:36.765: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from
 FULL to DOWN, Neighbor Down: Interface down or detached
*Nov  6 08:58:36.768: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from
 LOADING to FULL, Loading Done

LSA-3 down-bit防环:

在实验之前,我们先看三条show命令的结果:

一个是IOU1上sh ip route:

IOU1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 15.1.1.5, 00:17:59, Ethernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/11] via 12.1.1.2, 00:02:38, Ethernet0/0 ———— 默认是O E2路由
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.1.1.0/24 is directly connected, Ethernet0/0
L        12.1.1.1/32 is directly connected, Ethernet0/0
      15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        15.1.1.0/24 is directly connected, Ethernet0/1
L        15.1.1.1/32 is directly connected, Ethernet0/1
      36.0.0.0/24 is subnetted, 1 subnets
O E2     36.1.1.0 [110/1] via 12.1.1.2, 00:02:38, Ethernet0/0
      45.0.0.0/24 is subnetted, 1 subnets
O        45.1.1.0 [110/20] via 15.1.1.5, 00:16:35, Ethernet0/1

另两个是在IOU4上sh ip os database summary 6.6.6.6和sh ip os database ex 6.6.6.6:

IOU4#sh ip os database summary 6.6.6.6

            OSPF Router with ID (4.4.4.4) (Process ID 100)

            OSPF Router with ID (45.1.1.4) (Process ID 200)
IOU4#
IOU4#sh ip os database ex 6.6.6.6

            OSPF Router with ID (4.4.4.4) (Process ID 100)

            OSPF Router with ID (45.1.1.4) (Process ID 200)

                Type-5 AS External Link States

  LS age: 210
  Options: (No TOS-capability, DC, Downward) ———— 没想到LSA-5也设置了downbit
  LS Type: AS External Link
  Link State ID: 6.6.6.6 (External Network Number )
  Advertising Router: 12.1.1.2
  LS Seq Number: 80000001
  Checksum: 0xB417
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 11 
        Forward Address: 0.0.0.0
        External Route Tag: 3489661028
MPLS L3VPN中OSPF三类和五类LSA防环机制
MPLS L3VPN中OSPF三类和五类LSA防环机制

我们现在做如下修改,在IOU3的OSPF 300下配置命令:domain-id 0.0.0.200。这个时候IOU3把OSPF路由重分布进BGP后,OSPF路由所携带的进程号就不是300而是200了,OSPF的进程号信息是通过domain-id携带的。

那么IOU1上关于6.6.6.6的OSPF路由就显示为O IA三类路由(因为IOU1的OSPF进程号也是200),IOU2针对LSA-3就不打domain-tag了(针对五类的OSPF路由才打domain-tag),而使用LSA-3的down-bit位防环机制。

在IOU3的OSPF 300下:

IOU3(config)#router ospf 300
IOU3(config-router)#domain-id 0.0.0.200
IOU3(config-router)#do clear bgp vpnv4 unicast * soft
IOU1#sh ip route 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 15.1.1.5, 00:21:42, Ethernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O IA     6.6.6.6 [110/21] via 12.1.1.2, 00:02:41, Ethernet0/0 —— 6.6.6.6是O IA路由
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.1.1.0/24 is directly connected, Ethernet0/0
L        12.1.1.1/32 is directly connected, Ethernet0/0
      15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        15.1.1.0/24 is directly connected, Ethernet0/1
L        15.1.1.1/32 is directly connected, Ethernet0/1
      36.0.0.0/24 is subnetted, 1 subnets
O IA     36.1.1.0 [110/11] via 12.1.1.2, 00:02:41, Ethernet0/0
      45.0.0.0/24 is subnetted, 1 subnets
O        45.1.1.0 [110/20] via 15.1.1.5, 00:11:39, Ethernet0/1

由于6.6.6.6所携带的进程号是200,和IOU2的OSPF 200进程号相同,所以IOU2将6.6.6.6重分布进OSPF时会成为O IA路由,并设置down-bit位,然后传给IOU1。如果IOU5把这条O IA路由传给了IOU4,IOU4会做VRF-lite检测,针对LSA-3只要携带down-bit位就不进行SPF计算,也就不放入路由表从而避免了潜在的环路。

IOU4#sh ip os database summary 6.6.6.6

            OSPF Router with ID (4.4.4.4) (Process ID 100)

            OSPF Router with ID (45.1.1.4) (Process ID 200)

                Summary Net Link States (Area 0)

  LS age: 1163
  Options: (No TOS-capability, DC, Downward) —— 设置了downbit,所以IOU4丢弃该路由
  LS Type: Summary Links(Network)
  Link State ID: 6.6.6.6 (summary Network Number)
  Advertising Router: 12.1.1.2
  LS Seq Number: 80000001
  Checksum: 0xD3B5
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 11

关于O E2和O IA路由识别的一个问题:

IOU6上重分布直连,这将是O E2路由:

int l 1
ip add 100.6.6.6 255.255.255.255

route-map A per 10
match int l 1

router os 300
red connected route-map A subnets

在IOU3上看到100.6.6.6就是O E2的路由:

IOU3#sh ip route vrf IOU6

Routing Table: IOU6
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
B        1.1.1.1 [200/11] via 2.2.2.2, 01:13:05
      5.0.0.0/32 is subnetted, 1 subnets
B        5.5.5.5 [200/21] via 2.2.2.2, 00:44:03
      6.0.0.0/32 is subnetted, 1 subnets
O        6.6.6.6 [110/11] via 36.1.1.6, 01:13:54, Ethernet0/0
      12.0.0.0/24 is subnetted, 1 subnets
B        12.1.1.0 [200/0] via 2.2.2.2, 01:13:05
      15.0.0.0/24 is subnetted, 1 subnets
B        15.1.1.0 [200/20] via 2.2.2.2, 00:44:13
      36.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        36.1.1.0/24 is directly connected, Ethernet0/0
L        36.1.1.3/32 is directly connected, Ethernet0/0
      45.0.0.0/24 is subnetted, 1 subnets
B        45.1.1.0 [200/30] via 2.2.2.2, 00:44:03
      100.0.0.0/32 is subnetted, 1 subnets
O E2     100.6.6.6 [110/20] via 36.1.1.6, 00:00:28, Ethernet0/0
                                            —— 因为直连是重分布进来的,所以是O E2

然后就算改了domain-id为0.0.0.200,IOU1也知道这是O E2的路由:

IOU1#sh ip route 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      5.0.0.0/32 is subnetted, 1 subnets
O        5.5.5.5 [110/11] via 15.1.1.5, 00:45:27, Ethernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O IA     6.6.6.6 [110/21] via 12.1.1.2, 00:26:26, Ethernet0/0 —— 6.6.6.6还是O IA
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.1.1.0/24 is directly connected, Ethernet0/0
L        12.1.1.1/32 is directly connected, Ethernet0/0
      15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        15.1.1.0/24 is directly connected, Ethernet0/1
L        15.1.1.1/32 is directly connected, Ethernet0/1
      36.0.0.0/24 is subnetted, 1 subnets
O IA     36.1.1.0 [110/11] via 12.1.1.2, 00:26:26, Ethernet0/0
      45.0.0.0/24 is subnetted, 1 subnets
O        45.1.1.0 [110/20] via 15.1.1.5, 00:35:24, Ethernet0/1
      100.0.0.0/32 is subnetted, 1 subnets
O E2     100.6.6.6 [110/20] via 12.1.1.2, 00:01:52, Ethernet0/0
                                                 —— 100.6.6.6并不是O IA,而是O E2

那为什么不是O IA呢?因为直连重分布到IOU6的时候就已经是O E2路由,所以重分布进MPLS L3VPN的MP-BGP时会为这个路由打上O E2的标记(如果重分布进MPLS L3VPN的MP-BGP的时候是O路由,那就不会在这条MP-BGP路由里携带有关5类LSA的标记):

IOU2#sh bgp vpnv4 un all 100.6.6.6
BGP routing table entry for 100:1:100.6.6.6/32, version 25
Paths: (1 available, best #1, table IOU1)
  Not advertised to any peer
  Refresh Epoch 2
  Local, imported path from 100:6:100.6.6.6/32 (global)
    3.3.3.3 (metric 11) from 3.3.3.3 (3.3.3.3)
      Origin incomplete, metric 20, localpref 100, valid, internal, best
      Extended Community: RT:6:6 OSPF DOMAIN ID:0x0005:0x000000C80200
        OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:36.1.1.3:0
      mpls labels in/out nolabel/22
      rx pathid: 0, tx pathid: 0x0
BGP routing table entry for 100:6:100.6.6.6/32, version 23
Paths: (1 available, best #1, no table)
  Not advertised to any peer
  Refresh Epoch 2
  Local
    3.3.3.3 (metric 11) from 3.3.3.3 (3.3.3.3)
      Origin incomplete, metric 20, localpref 100, valid, internal, best
      Extended Community: RT:6:6 OSPF DOMAIN ID:0x0005:0x000000C80200
        OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:36.1.1.3:0
                —— OSPF RT:0.0.0.0:5:1,5表示五类LSA标记,1表示是外部路由O E2
      mpls labels in/out nolabel/22
      rx pathid: 0, tx pathid: 0x0

总结VRF-lite工作过程:

1、针对LSA-5是比较domain-tag:

如果标记相同,则不放入路由表;如果标记不相同,则放入路由表。

比如上述环境的工作过程是:IOU2将6.6.6.6重分布进OSPF 200,由于6.6.6.6所携带的OSPF进程号是300,所以6.6.6.6会以O E2的路由出现在OSPF 200中,IOU2同时会给这条路由打上由其所处的BGP AS 100号衍生出来的一个标记。因为IOU4同样也处于BGP AS 100,所以IOU4也能衍生该标记值。该路由通过OSPF更新给IOU4,由于6.6.6.6所带的标记和IOU4自身衍生的标记值相同,IOU4将不会对该路由进行SPF算法,也不就放入路由表,从而避免了潜在的环路。

2、针对LSA-3是检测down-bit:

只要存在down-bit,就不放入路由表。

比如上述环境我们作如下修改,在IOU3的OSPF 300下domain-id 0.0.0.200(这个时候IOU3重分布进BGP所带的进程号就是200,而不是300)。那么IOU1上关于6.6.6.6就显示为O IA,IOU2针对LSA-3是不打domain-tag的,而是置down-bit位。

由于6.6.6.6所携带的进程号是200,和IOU2的OSPF 200进程号相同,所以IOU2将6.6.6.6重分布进OSPF时会成为O IA路由,并设置down-bit位,然后传给IOU1。如果IOU5把这条O IA路由传给了IOU4,IOU4会做VRF-lite检测,针对LSA-3只要携带down-bit位就不进行SPF计算,也就不放入路由表从而避免了潜在的环路。

 

如有错误,欢迎在下方留言指正,谢谢。

打赏作者
这里是 “ CCIE 工程师社区 ” 官方的捐款通道,您是否可以考虑请我们喝杯咖啡呢?

您的支持将鼓励我们继续创作!

[微信] 扫描二维码打赏

[支付宝] 扫描二维码打赏

Was this article helpful?

Related Articles

1 Comment

  1. 今天(2016年11月6日20:26:23)对本文进行了修改,修改了蛮多的描述性错误,也重新做了本次实验,增加了一些show命令的展示,增强了上下文的联系。

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.