本文最后一次被修改是在:2016年11月6日20:26:23
其他相关文章:
- 如果您只是想查看MPLS L3VPN的基础配置,请看:《【实验】MPLS L3VPN详解》;
- 如果您想查看更多关于MPLS L3VPN的内容请在搜索框中搜索:“MPLS L3VPN”。
实验环境:
操作系统:Windows 10(1607,14393.351,当时最新测试版),模拟器:GNS3 IOU for Windows 1.5.2(当时最新正式版)
注:当然,只要有思科模拟器都可以做这个实验
实验需求:
- IOU2、IOU3和IOU4相当于是服务提供商(SP),运行MPLS、IGP(OSPF)和BGP;
- IOU1、IOU5和IOU6相当于是某企业,通过服务提供商(SP)提供的MPLS L3VPN进行互通;
- 同时,IOU1和IOU5之间还有一段备份链路,比如是通过无线4G使用GRE tunnel技术搭建起来的。
先配置IP地址,IP地址我的配置习惯是:
- 对于路由器IOUx的Lo 0地址:x.x.x.x /32;
- 对于路由器IOUx和IOUy的直连地址:IOUx 上是 xy.1.1.x /24,IOUy 上是 xy.1.1.y /24,同时x < y。
| IOU1:
en int e 0/0 int e 0/1 |
IOU2:
en int e 0/0 int e 0/1 |
| IOU3:
en int e 0/0 int e 0/1 int e 0/2 |
IOU4:
en int e 0/0 int e 0/2 |
| IOU5:
en int e 0/0 int e 0/1 |
IOU6:
en int e 0/0 |
再根据图中的要求快速完成MPLS L3VPN的配置:
| IOU2:
ip cef router os 100 int e 0/1 int r e 0/1 , l 0 router bgp 100 ip vrf IOU1 int e 0/0 router os 200 vrf IOU1 int e 0/0 router bgp 100 |
IOU3:
ip cef router os 100 int r e 0/1-2 int r e 0/1-2 , l 0 router bgp 100 ip vrf IOU6 int e 0/0 router os 300 vrf IOU6 int e 0/0 router bgp 100 |
IOU4:
ip cef router os 100 int e 0/2 int r e 0/2 , l 0 router bgp 100 ip vrf IOU5 int e 0/0 router os 200 vrf IOU5 int e 0/0 router bgp 100 |
| IOU1:
router os 200 |
IOU5:
router os 200 |
IOU6:
router os 300 |
实验过程:
先来看看IOU1的RIB(路由表),可以发现此时5.5.5.5是O路由:
IOU1#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 [110/11] via 15.1.1.5, 00:00:44, Ethernet0/1 ———— O 路由 6.0.0.0/32 is subnetted, 1 subnets O E2 6.6.6.6 [110/11] via 12.1.1.2, 00:00:20, Ethernet0/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.1.0/24 is directly connected, Ethernet0/0 L 12.1.1.1/32 is directly connected, Ethernet0/0 15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 15.1.1.0/24 is directly connected, Ethernet0/1 L 15.1.1.1/32 is directly connected, Ethernet0/1 36.0.0.0/24 is subnetted, 1 subnets O E2 36.1.1.0 [110/1] via 12.1.1.2, 00:00:20, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 [110/20] via 15.1.1.5, 00:00:44, Ethernet0/1
现在shutdown掉IOU1的e 0/1:
IOU1(config)#int e 0/1 IOU1(config-if)#sh IOU1(config-if)# *Nov 6 08:14:49.854: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached IOU1(config-if)# *Nov 6 08:14:51.851: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down *Nov 6 08:14:52.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down
首先IOU1和IOU5属于同一个OSPF进程和区域,在IOU1的e 0/1口shutdown后,IOU5的路由会从MPLS L3VPN传到IOU1(如上图所示)。因为中间的MPLS L3VPN相当于是OSPF的超级骨干区域(SuperBackbone),所以IOU1看到IOU5是O IA路由,而不是O路由了。
超级骨干区域就好比是area 0+(或者理解为area 0),IOU1和IOU5好比是area 0(或者理解为area 1),所以IOU1和IOU5虽然同属一个OSPF进程和区域,但是他们之间被area 0+(或者理解为area 0)打断了。如果您还不清楚为什么IOU1看到IOU5是O IA路由,请看另一个实验:【实验】OSPF中一个关于O IA路由的问题。
IOU6和IOU1之间本来就不属于同一个OSPF进程和区域,所以在IOU1上IOU6的路由显示为O E2路由。
IOU1#sh ip ro Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O IA 5.5.5.5 [110/21] via 12.1.1.2, 00:11:12, Ethernet0/0 —— IOU5的OSPF进程号为200,与IOU1的OSPF进程号一致, 同时被超级骨干区域隔断后这是O IA路由,而不是O路由 6.0.0.0/32 is subnetted, 1 subnets O E2 6.6.6.6 [110/11] via 12.1.1.2, 00:11:35, Ethernet0/0 —— IOU6的OSPF进程号为300,与IOU1的OSPF进程号不一致,所以这是O E2外部路由 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.1.0/24 is directly connected, Ethernet0/0 L 12.1.1.1/32 is directly connected, Ethernet0/0 15.0.0.0/24 is subnetted, 1 subnets O IA 15.1.1.0 [110/30] via 12.1.1.2, 00:11:12, Ethernet0/0 36.0.0.0/24 is subnetted, 1 subnets O E2 36.1.1.0 [110/1] via 12.1.1.2, 00:11:35, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets O IA 45.1.1.0 [110/11] via 12.1.1.2, 00:11:12, Ethernet0/0
现在我们开启IOU1的e 0/1接口,重新打开IOU1和IOU5之间的链路:
IOU1(config)#int e 0/1 IOU1(config-if)#no sh IOU1(config-if)# *Nov 6 08:40:42.896: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up *Nov 6 08:40:43.901: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up IOU1(config-if)# *Nov 6 08:40:48.511: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/1 from LOADING to FULL, Loading Done
然后接着完成下面的配置。
LSA-5 domain-tag防环:
通过上面的说明我们知道,对于IOU1和IOU5来说,来自IOU6的6.6.6.6的路由是O E2外部路由,属于LSA-5。
如下图所示,如果没有相应的防环机制,6.6.6.6的路由就会经过IOU2传递给IOU1,IOU1再传递给IOU5,IOU5再传递给IOU4,IOU4再传递给IOU2,然后就出环了。
但是你会发现IOU4的vrf IOU5里并没有把这条6.6.6.6路由加入路由表:
IOU4#sh ip route vrf IOU5
Routing Table: IOU5
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/21] via 45.1.1.5, 00:00:09, Ethernet0/0
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/11] via 45.1.1.5, 00:00:09, Ethernet0/0
12.0.0.0/24 is subnetted, 1 subnets
O 12.1.1.0 [110/30] via 45.1.1.5, 00:00:09, Ethernet0/0
15.0.0.0/24 is subnetted, 1 subnets
O 15.1.1.0 [110/20] via 45.1.1.5, 00:00:09, Ethernet0/0
45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 45.1.1.0/24 is directly connected, Ethernet0/0
L 45.1.1.4/32 is directly connected, Ethernet0/0
我们去OSPF数据库看一看:
IOU4#sh ip ospf database OSPF Router with ID (4.4.4.4) (Process ID 100) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 2.2.2.2 2.2.2.2 510 0x80000002 0x00C008 2 3.3.3.3 3.3.3.3 474 0x80000003 0x00133F 3 4.4.4.4 4.4.4.4 473 0x80000002 0x008611 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 23.1.1.3 3.3.3.3 509 0x80000001 0x00AE4F 34.1.1.4 4.4.4.4 473 0x80000001 0x004B9A OSPF Router with ID (45.1.1.4) (Process ID 200) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 303 0x80000004 0x003673 3 5.5.5.5 5.5.5.5 303 0x80000004 0x002A03 3 12.1.1.2 12.1.1.2 481 0x80000002 0x00796C 1 45.1.1.4 45.1.1.4 462 0x80000002 0x000554 1 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 12.1.1.2 12.1.1.2 481 0x80000001 0x00FB0A 15.1.1.5 5.5.5.5 303 0x80000001 0x00D81F 45.1.1.4 45.1.1.4 462 0x80000001 0x00C7C4 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 6.6.6.6 12.1.1.2 432 0x80000001 0x00B417 3489661028 —— 有6.6.6.6的路由 36.1.1.0 12.1.1.2 432 0x80000001 0x00784F 3489661028
其实这条路由已经做了五类domain-tag防环了。
关于tag的计算:十进制3489661028,转换成十六进制是:d0000064,再取后面的16个bit:0064,十六进制的0064也就是十进制的100,相当于在这里打了一个标记——把MPLS L3VPN上的BGP AS号(BGP AS 100)添加到了tag中。当IOU4看到这个tag,发现自己也在BGP AS 100中,于是这条路由就不加路由表了。
在IOU4上关闭OSPF防环(该命令将同时关闭三类和五类的OSPF防环机制):
IOU4(config)#router ospf 200 IOU4(config-router)#capability vrf-lite IOU4(config-router)# *Nov 6 08:50:57.399: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Nov 6 08:50:57.406: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from LOADING to FULL, Loading Done
IOU4#sh ip route vrf IOU5 Routing Table: IOU5 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets O 1.1.1.1 [110/21] via 45.1.1.5, 00:01:58, Ethernet0/0 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 [110/11] via 45.1.1.5, 00:01:58, Ethernet0/0 6.0.0.0/32 is subnetted, 1 subnets O E2 6.6.6.6 [110/11] via 45.1.1.5, 00:01:58, Ethernet0/0 —— 我们可以看到6.6.6.6加路由表了,并选择了从45.1.1.5,也就是走IOU5 12.0.0.0/24 is subnetted, 1 subnets O 12.1.1.0 [110/30] via 45.1.1.5, 00:01:58, Ethernet0/0 15.0.0.0/24 is subnetted, 1 subnets O 15.1.1.0 [110/20] via 45.1.1.5, 00:01:58, Ethernet0/0 36.0.0.0/24 is subnetted, 1 subnets O E2 36.1.1.0 [110/1] via 45.1.1.5, 00:01:58, Ethernet0/0 45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 45.1.1.0/24 is directly connected, Ethernet0/0 L 45.1.1.4/32 is directly connected, Ethernet0/0 IOU2#sh bgp vpnv4 un all BGP table version is 31, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf IOU1) * i 1.1.1.1/32 4.4.4.4 21 100 0 ? *> 12.1.1.1 11 32768 ? * i 5.5.5.5/32 4.4.4.4 11 100 0 ? *> 12.1.1.1 21 32768 ? *>i 6.6.6.6/32 4.4.4.4 11 100 0 i —— 走4.4.4.4 * i 3.3.3.3 11 100 0 ? * i 12.1.1.0/24 4.4.4.4 30 100 0 ? *> 0.0.0.0 0 32768 ? * i 15.1.1.0/24 4.4.4.4 20 100 0 ? *> 12.1.1.1 20 32768 ? *>i 36.1.1.0/24 4.4.4.4 1 100 0 i * i 3.3.3.3 0 100 0 ? *> 45.1.1.0/24 12.1.1.1 30 32768 ? Network Next Hop Metric LocPrf Weight Path * i 4.4.4.4 0 100 0 ? Route Distinguisher: 100:5 *>i 1.1.1.1/32 4.4.4.4 21 100 0 ? *>i 5.5.5.5/32 4.4.4.4 11 100 0 ? *>i 6.6.6.6/32 4.4.4.4 11 100 0 i —— 走4.4.4.4 *>i 12.1.1.0/24 4.4.4.4 30 100 0 ? *>i 15.1.1.0/24 4.4.4.4 20 100 0 ? *>i 36.1.1.0/24 4.4.4.4 1 100 0 i *>i 45.1.1.0/24 4.4.4.4 0 100 0 ? Route Distinguisher: 100:6 *>i 6.6.6.6/32 3.3.3.3 11 100 0 ? *>i 36.1.1.0/24 3.3.3.3 0 100 0 ? IOU1#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 [110/11] via 15.1.1.5, 00:15:30, Ethernet0/1 6.0.0.0/32 is subnetted, 1 subnets O E2 6.6.6.6 [110/11] via 12.1.1.2, 00:44:32, Ethernet0/0 —— 6.6.6.6出环了 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.1.0/24 is directly connected, Ethernet0/0 L 12.1.1.1/32 is directly connected, Ethernet0/0 15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 15.1.1.0/24 is directly connected, Ethernet0/1 L 15.1.1.1/32 is directly connected, Ethernet0/1 36.0.0.0/24 is subnetted, 1 subnets O E2 36.1.1.0 [110/1] via 12.1.1.2, 00:44:32, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 [110/20] via 15.1.1.5, 00:05:27, Ethernet0/1
我们可以看到路由在IOU1→IOU2→IOU4→IOU5→IOU1之间循环:
IOU1#tra 6.6.6.6 so l 0 Type escape sequence to abort. Tracing the route to 6.6.6.6 VRF info: (vrf in name/id, vrf out name/id) 1 12.1.1.2 5 msec 8 msec 6 msec 2 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 2 msec 1 msec 1 msec 3 45.1.1.4 [MPLS: Label 28 Exp 0] 2 msec 2 msec 4 msec 4 45.1.1.5 0 msec 0 msec 1 msec 5 15.1.1.1 0 msec 0 msec 0 msec 6 12.1.1.2 0 msec 0 msec 1 msec 7 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 0 msec 1 msec 1 msec 8 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 1 msec 0 msec 9 45.1.1.5 1 msec 0 msec 1 msec 10 15.1.1.1 1 msec 0 msec 1 msec 11 12.1.1.2 0 msec 1 msec 2 msec 12 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 1 msec 1 msec 1 msec 13 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 1 msec 1 msec 14 45.1.1.5 0 msec 1 msec 1 msec 15 15.1.1.1 1 msec 1 msec 0 msec 16 12.1.1.2 0 msec 1 msec 4 msec 17 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 2 msec 1 msec 1 msec 18 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 1 msec 1 msec 19 45.1.1.5 2 msec 2 msec 2 msec 20 15.1.1.1 4 msec 1 msec 1 msec 21 12.1.1.2 1 msec 2 msec 1 msec 22 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 3 msec 2 msec 1 msec 23 45.1.1.4 [MPLS: Label 28 Exp 0] 1 msec 4 msec 11 msec 24 45.1.1.5 5 msec 2 msec 1 msec 25 15.1.1.1 2 msec 1 msec 2 msec 26 12.1.1.2 1 msec 1 msec 1 msec 27 23.1.1.3 [MPLS: Labels 17/28 Exp 0] 2 msec 2 msec 2 msec 28 45.1.1.4 [MPLS: Label 28 Exp 0] 2 msec 1 msec 2 msec 29 45.1.1.5 1 msec 1 msec 4 msec 30 15.1.1.1 2 msec 2 msec 1 msec
现在,在IOU4上我们开启OSPF的防环机制:
IOU4(config)#router ospf 200 IOU4(config-router)#no capability vrf-lite IOU4(config-router)# *Nov 6 08:58:36.765: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Nov 6 08:58:36.768: %OSPF-5-ADJCHG: Process 200, Nbr 5.5.5.5 on Ethernet0/0 from LOADING to FULL, Loading Done
LSA-3 down-bit防环:
在实验之前,我们先看三条show命令的结果:
一个是IOU1上sh ip route:
IOU1#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 [110/11] via 15.1.1.5, 00:17:59, Ethernet0/1 6.0.0.0/32 is subnetted, 1 subnets O E2 6.6.6.6 [110/11] via 12.1.1.2, 00:02:38, Ethernet0/0 ———— 默认是O E2路由 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.1.0/24 is directly connected, Ethernet0/0 L 12.1.1.1/32 is directly connected, Ethernet0/0 15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 15.1.1.0/24 is directly connected, Ethernet0/1 L 15.1.1.1/32 is directly connected, Ethernet0/1 36.0.0.0/24 is subnetted, 1 subnets O E2 36.1.1.0 [110/1] via 12.1.1.2, 00:02:38, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 [110/20] via 15.1.1.5, 00:16:35, Ethernet0/1
另两个是在IOU4上sh ip os database summary 6.6.6.6和sh ip os database ex 6.6.6.6:
IOU4#sh ip os database summary 6.6.6.6 OSPF Router with ID (4.4.4.4) (Process ID 100) OSPF Router with ID (45.1.1.4) (Process ID 200) IOU4# IOU4#sh ip os database ex 6.6.6.6 OSPF Router with ID (4.4.4.4) (Process ID 100) OSPF Router with ID (45.1.1.4) (Process ID 200) Type-5 AS External Link States LS age: 210 Options: (No TOS-capability, DC, Downward) ———— 没想到LSA-5也设置了downbit LS Type: AS External Link Link State ID: 6.6.6.6 (External Network Number ) Advertising Router: 12.1.1.2 LS Seq Number: 80000001 Checksum: 0xB417 Length: 36 Network Mask: /32 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 11 Forward Address: 0.0.0.0 External Route Tag: 3489661028
我们现在做如下修改,在IOU3的OSPF 300下配置命令:domain-id 0.0.0.200。这个时候IOU3把OSPF路由重分布进BGP后,OSPF路由所携带的进程号就不是300而是200了,OSPF的进程号信息是通过domain-id携带的。
那么IOU1上关于6.6.6.6的OSPF路由就显示为O IA三类路由(因为IOU1的OSPF进程号也是200),IOU2针对LSA-3就不打domain-tag了(针对五类的OSPF路由才打domain-tag),而使用LSA-3的down-bit位防环机制。
在IOU3的OSPF 300下:
IOU3(config)#router ospf 300 IOU3(config-router)#domain-id 0.0.0.200 IOU3(config-router)#do clear bgp vpnv4 unicast * soft
IOU1#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 [110/11] via 15.1.1.5, 00:21:42, Ethernet0/1 6.0.0.0/32 is subnetted, 1 subnets O IA 6.6.6.6 [110/21] via 12.1.1.2, 00:02:41, Ethernet0/0 —— 6.6.6.6是O IA路由 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.1.0/24 is directly connected, Ethernet0/0 L 12.1.1.1/32 is directly connected, Ethernet0/0 15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 15.1.1.0/24 is directly connected, Ethernet0/1 L 15.1.1.1/32 is directly connected, Ethernet0/1 36.0.0.0/24 is subnetted, 1 subnets O IA 36.1.1.0 [110/11] via 12.1.1.2, 00:02:41, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 [110/20] via 15.1.1.5, 00:11:39, Ethernet0/1
由于6.6.6.6所携带的进程号是200,和IOU2的OSPF 200进程号相同,所以IOU2将6.6.6.6重分布进OSPF时会成为O IA路由,并设置down-bit位,然后传给IOU1。如果IOU5把这条O IA路由传给了IOU4,IOU4会做VRF-lite检测,针对LSA-3只要携带down-bit位就不进行SPF计算,也就不放入路由表从而避免了潜在的环路。
IOU4#sh ip os database summary 6.6.6.6 OSPF Router with ID (4.4.4.4) (Process ID 100) OSPF Router with ID (45.1.1.4) (Process ID 200) Summary Net Link States (Area 0) LS age: 1163 Options: (No TOS-capability, DC, Downward) —— 设置了downbit,所以IOU4丢弃该路由 LS Type: Summary Links(Network) Link State ID: 6.6.6.6 (summary Network Number) Advertising Router: 12.1.1.2 LS Seq Number: 80000001 Checksum: 0xD3B5 Length: 28 Network Mask: /32 MTID: 0 Metric: 11
关于O E2和O IA路由识别的一个问题:
IOU6上重分布直连,这将是O E2路由:
int l 1 ip add 100.6.6.6 255.255.255.255 route-map A per 10 match int l 1 router os 300 red connected route-map A subnets
在IOU3上看到100.6.6.6就是O E2的路由:
IOU3#sh ip route vrf IOU6 Routing Table: IOU6 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets B 1.1.1.1 [200/11] via 2.2.2.2, 01:13:05 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [200/21] via 2.2.2.2, 00:44:03 6.0.0.0/32 is subnetted, 1 subnets O 6.6.6.6 [110/11] via 36.1.1.6, 01:13:54, Ethernet0/0 12.0.0.0/24 is subnetted, 1 subnets B 12.1.1.0 [200/0] via 2.2.2.2, 01:13:05 15.0.0.0/24 is subnetted, 1 subnets B 15.1.1.0 [200/20] via 2.2.2.2, 00:44:13 36.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 36.1.1.0/24 is directly connected, Ethernet0/0 L 36.1.1.3/32 is directly connected, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets B 45.1.1.0 [200/30] via 2.2.2.2, 00:44:03 100.0.0.0/32 is subnetted, 1 subnets O E2 100.6.6.6 [110/20] via 36.1.1.6, 00:00:28, Ethernet0/0 —— 因为直连是重分布进来的,所以是O E2
然后就算改了domain-id为0.0.0.200,IOU1也知道这是O E2的路由:
IOU1#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O 5.5.5.5 [110/11] via 15.1.1.5, 00:45:27, Ethernet0/1 6.0.0.0/32 is subnetted, 1 subnets O IA 6.6.6.6 [110/21] via 12.1.1.2, 00:26:26, Ethernet0/0 —— 6.6.6.6还是O IA 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 12.1.1.0/24 is directly connected, Ethernet0/0 L 12.1.1.1/32 is directly connected, Ethernet0/0 15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 15.1.1.0/24 is directly connected, Ethernet0/1 L 15.1.1.1/32 is directly connected, Ethernet0/1 36.0.0.0/24 is subnetted, 1 subnets O IA 36.1.1.0 [110/11] via 12.1.1.2, 00:26:26, Ethernet0/0 45.0.0.0/24 is subnetted, 1 subnets O 45.1.1.0 [110/20] via 15.1.1.5, 00:35:24, Ethernet0/1 100.0.0.0/32 is subnetted, 1 subnets O E2 100.6.6.6 [110/20] via 12.1.1.2, 00:01:52, Ethernet0/0 —— 100.6.6.6并不是O IA,而是O E2
那为什么不是O IA呢?因为直连重分布到IOU6的时候就已经是O E2路由,所以重分布进MPLS L3VPN的MP-BGP时会为这个路由打上O E2的标记(如果重分布进MPLS L3VPN的MP-BGP的时候是O路由,那就不会在这条MP-BGP路由里携带有关5类LSA的标记):
IOU2#sh bgp vpnv4 un all 100.6.6.6 BGP routing table entry for 100:1:100.6.6.6/32, version 25 Paths: (1 available, best #1, table IOU1) Not advertised to any peer Refresh Epoch 2 Local, imported path from 100:6:100.6.6.6/32 (global) 3.3.3.3 (metric 11) from 3.3.3.3 (3.3.3.3) Origin incomplete, metric 20, localpref 100, valid, internal, best Extended Community: RT:6:6 OSPF DOMAIN ID:0x0005:0x000000C80200 OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:36.1.1.3:0 mpls labels in/out nolabel/22 rx pathid: 0, tx pathid: 0x0 BGP routing table entry for 100:6:100.6.6.6/32, version 23 Paths: (1 available, best #1, no table) Not advertised to any peer Refresh Epoch 2 Local 3.3.3.3 (metric 11) from 3.3.3.3 (3.3.3.3) Origin incomplete, metric 20, localpref 100, valid, internal, best Extended Community: RT:6:6 OSPF DOMAIN ID:0x0005:0x000000C80200 OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:36.1.1.3:0 —— OSPF RT:0.0.0.0:5:1,5表示五类LSA标记,1表示是外部路由O E2 mpls labels in/out nolabel/22 rx pathid: 0, tx pathid: 0x0
总结VRF-lite工作过程:
1、针对LSA-5是比较domain-tag:
如果标记相同,则不放入路由表;如果标记不相同,则放入路由表。
比如上述环境的工作过程是:IOU2将6.6.6.6重分布进OSPF 200,由于6.6.6.6所携带的OSPF进程号是300,所以6.6.6.6会以O E2的路由出现在OSPF 200中,IOU2同时会给这条路由打上由其所处的BGP AS 100号衍生出来的一个标记。因为IOU4同样也处于BGP AS 100,所以IOU4也能衍生该标记值。该路由通过OSPF更新给IOU4,由于6.6.6.6所带的标记和IOU4自身衍生的标记值相同,IOU4将不会对该路由进行SPF算法,也不就放入路由表,从而避免了潜在的环路。
2、针对LSA-3是检测down-bit:
只要存在down-bit,就不放入路由表。
比如上述环境我们作如下修改,在IOU3的OSPF 300下domain-id 0.0.0.200(这个时候IOU3重分布进BGP所带的进程号就是200,而不是300)。那么IOU1上关于6.6.6.6就显示为O IA,IOU2针对LSA-3是不打domain-tag的,而是置down-bit位。
由于6.6.6.6所携带的进程号是200,和IOU2的OSPF 200进程号相同,所以IOU2将6.6.6.6重分布进OSPF时会成为O IA路由,并设置down-bit位,然后传给IOU1。如果IOU5把这条O IA路由传给了IOU4,IOU4会做VRF-lite检测,针对LSA-3只要携带down-bit位就不进行SPF计算,也就不放入路由表从而避免了潜在的环路。
如有错误,欢迎在下方留言指正,谢谢。
今天(2016年11月6日20:26:23)对本文进行了修改,修改了蛮多的描述性错误,也重新做了本次实验,增加了一些show命令的展示,增强了上下文的联系。