MPLS OPTION A配置原理及数据通信分析荐

场景描述:
as 100和as 300模拟两家公司的自治域系统,现因业务合作需求,两公司需要建设mpls ***实现私网互访,as 567和as 8910模拟ISP,要求ar1 lo0口172.16.1.1和ar3 lo0口172.16.3.3通信。(ar2和ar4同需求)

各广播域网段和地址如图,isp路由器lo0地址以序号编号,如R5 lo0地址为5.5.5.5/32,R6-R10同理;R1-R4 lo0地址分别为172.16.1.1/32,172.16.2.2/( ? 5 / Q Z ^ (32,1723 | 4 G.16.3.3/32,172.16.4.4/32.
MPLS  OPTION A配置原理及数据通信分析荐

MPLS  OPTION A配置原理及数据通信分析荐

一、isp内部igp互通
1.1、配置所有设备ip地址,如图(具体步骤略)
1.2、isp内建立ospf邻居,宣告$ g _ * d环回口

R5:
ospf 1 router8 p $ P _ g {-id 5.5.5.5
area 0.0.0.0
network 5* 2 = Y.5.5.5 0.0.0.0
network 56.1.1.5 0.0.` L g ~ l $ s n0.0
R6:
ospf 1 router-id 6.6.6.6
ax ? Yrea 0.0.d p P ? { F a b0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
network 67.1.1.6 0.0.0.0
R7:
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 67.1.1.7 0.0.0.0
R8:
ospf 1 router-id 8.8.8.8
area 0.0.0.0
netwoV * | 0 C _ ; U prk 8.8.8.8 0.0.0.0
network 89.1.1.8 0.0.0.0
R9:
ospf 1. o $ j ! o = : router-id 9.9.9.9
area 0.0.0.0
network 9.9.9.9 0.0.0.0
network 89.1.1.9 0.0.E R O : D z I S0.0
network 91.1.1.9 0.0.0.0
R10:
ospf 1 router-id 10.10.15 l z j M0.10
area 0.0.0.0
network 10.10.10.10 0.0.0.0
network 91.1.1.10 0.0.0.0 

查看是否已成3 f *功建立ospf邻居:
MPLS  OPTION A配置原理及数据通信分析荐
MPLS  OPTION A配置原理及数据通信分析荐

二、isp内部建立mpls隧道,使用ldp自动分发标签,解决将来的路由黑洞

R5:
mpls lsr-id 5.5.5.5
mpls
interface GigabitEs J b $ 1 uthernet0/0/1
mpls
mpls ldp
R6:
mpls lsy O or-id 6.6.6.6
mpls
mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp
interface GigabitEthernet0/0/0
mpls
mpls ldp
R7:
mpls lsr-id 7.7.7.7
mpls
mpls ly { ; edp
interface GigabitEthernet0/0/0
mpls
mpls ldp
R8:
mpls lsr-id 8 @ t b 7 k }.8.8.8
mpls
mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp
R9:
mpls lsr-id 9.9.9.9
mpls
mpl~ E 8 ~ h 5s ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp
interface GigabitEthernet0/0/0
mpls
mpls ldp
R10:
mpls] T 1 lsr-id 10.10.10.10
mpls
mpls ldp
interfl ^ F b } Xace GigabitEthernet0/0/0
mpls
mpls ldp

查看ldp邻居是否成功建立:

[R6]dis mpls ldp peer
LDP Peer Information in PubY = ^ Alic network
A '*' before a peer means the peer is being deleted.
---------n - 5 D 0 b B---------------------------N * ,-------------------------------------l E j J v 6-----
PeerID                 Transpou ? b I p ( K QrtAddress   DiscoverySource
------------~ } 8------------------------------------------------------------------
5.5N 0 ] = C v Y h ^.5.5:0              5.5.5.5            Gigv W v G ( w Z CabitEthernet0/y n i e U 0/0
7.7.7.7:0              7.7.7.7t 1 * Z 9 . :            GigabitEthernet0/0/1
-------------T U ^ [ L b----W % s ?------------------------------------------------------------/ a o $ J-
TOTAL: 2 Peer(s) Found.
[R6]
[R8]dis mpls ldp peer
LDPP + s C 6 x Peer Information in Public network
A '*C a 0 n z' before a peer means the peer is being deleted.
---; t n 9--------------------------------------------& : ! b-------------------------------
PeerID                 TransportAdT r + ,dress   DiscoverySource
--------------------------------------------------------------6 A y 3 F a----------------
9.9.9.9:0              9.9.9.9            GigabitEthernet0/0/1
----------------------------b 3 h W - H B G 5--------------------------- ` / ~ 1 6 + c------------------------
TOTAL: 1 Peer(s) Found.
[R8]

三、PE设备建立v4邻居,用于将来传递路由

R5:
bt 6  W ) Hgp 567
undo defaulP E [ E ) D 1t ipv4-unicast
peer 7.7.7.7 as-number 567
peer 7.7.7.7 conneg u v w  [ pct-interface Lo% a + 1 $ y L jopBack0
ipv4-]  j @ qfamily unicast
undo synchronization
undo peer 7.7.k u G t X f  ; [7.7 enable
ipv4-2 r G [ y ] T } 1family ***v4
policy ***-target
peer 7.7.7.7 enable
R7:) ] j
bgp 567
undo default ipv4-+ H A | & { Junicast
peer 5.5.5.5 as-numh . eber 567
peer 5.5.5.5 co= z H m i , P xnnect-interface LoopBack0
ipv4-famiy 0 y M y yly unicast
undo synchronizatioG  #n
undo peer 5.5.5.5 enable
ipv4-family ***v4
policy ***-target
peer 5.5.r h @ I M e ? M5.5 enable
R8:
b* w ggp 891q I Y .0
undo default ipv4-ub W + p j q @ @nicast
peer 10.10.10.10 as-number 8910
peer 10.10.10.10 connect-inter( & g $face LoopBack0
ipv4-family unicast
undo syncZ d c p 7 L W v GhronS k ) T X _ Yization
undo peer 10.10.10.10 enable
ipv4-family ***v4
policV , c J y M ry ***-target
peer 10.10.10.10 ena! & | q k &ble
R10:
bgp 8910
undo default ipO P 0 n E ! * t ~v4R a D H _-unicast
peer 8.8.8.8 as-number 8910
pee[ | Z |r 8.8.8.8 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 8.8L & 4 B [ ) G O.8.8 enable
ipv4-family ***vv a R `  + w R4
policy ***-target
peer 8.8.8.8 enable

查看***v4邻居是否正常建立:

[R7]dis bgp ***v4 al pe
BGP local router ID : 7.7.7.7
Local AS number : 567
Total numbW K ( Y 2 y V H rer of peers : 1                Peers in established state : 1
Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Dr n V a ]own       State PrefRcv
5.5.5.5         4e + C N /         567        7        7     0 00:05:29 Established       0
[R7]
[R10]dis bgp  ***v4 al pe
BGP local router ID : 10.10.10.10
Local AS number : 8910
Total number of peers : 1                Peers in established state : 1
Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
8.8.8.8         4        8910        2        2     0 00:00:46 Established       0
[R10]

四、建立CE与PE设备的连接
4.1、PE设备上创建vrf实例

R5:
ip ***-instance 15
ipv4-family
route-distinguisher 15:15
***-targetz Y w 1 f / R 57:5 export-extcommunity
***-targe[ r nt 57:7 import-extcommunity
ip ***-instance 25
ipv4-family
routW c q n ) {e-distinguisher 25:25
***-target 75:5 export-extcommunity
***-target 75:7 import-extcommunity
R7:
ip ***-instance 17
ipv4-family
route-distinguisherd i E v 17:17
***-tar: 8 d Oget 57:7 export-extcX M e Z ]ommunity
***-tarZ - S Y w # U Wget 57:5 import-extcommunity
ip ***-instance 27
ipv4-family
route-distinguisher 27:27
***-target 75:7 export-extcommuno 3 6 i | Q Eity
***-target 75:5 import-extcommunity
R8:
ip ***-instance 38
ipv4-family
route-distinguisher 38:38
***-ta_ * Z % : * r V {rget 810:8 export-extcommuniE $ ? mty
***-target 810:10 import-extcommunity
ip ***-instance 48
ipv4-family
route-distinguisher 48:48
***-target 108L ^ z z | M y f j:8 exW a p G , H M 0port-extcommunity
***-target 108:10 import-extcommunity
R10:
ip ***-instance 310
ipv4-family
route-distinguisher 310:310
***U w c J r Z E-target 810:10 export-extcommunity
***-target 810:8 import-extcommunity
ip * 4 z v +**-instancR 4 ! * 1 ^e 410
ipv4-family
route-distinguisher 410:410
**j y B ; a A f { g*-targ~ ? R R ? d j 6 et 108:10 ex[ ~ # U * & , port-extcommunity
***-t( ( + , j & d Rarget 108:8 import-exF 3 _ ; ItcommunityZ [ Q
4.2、PE设备接口绑定vrf实例
R5:
interface GigabitE5 - f G pthernet0/0/0
ip binZ i  T . ; F s dding ***-instance 15
ip address 15.1.! W * p t 8 e ]1.5 255.255.255.0
interface GigabitEthernet0/0/2
ip b` z M vinding ***-instance 25
ip address 25.1.1.5 255.255.255.0
R10:
inR m f T rterface GigabitEthernet0/0/1
ip binding ***-instance 310
ip address 31.1K ; z.1.10 255.255.255.0
interface GiP ~ d } U [ f U xgabitEthernet0/0/2
ip binding ***-instance 4F K R U l c =10
ip address 41.1.1.10 255.255.255.0 

4.3、PE与CE建立bgp ipv4邻居关系

R5:
bgp 567
ipv4-family ***-instance 15
peer 15.1.1.1 as-number 100
ipv4-family ***-i& C P w I snstance 25
peer 25.1.1.2 as-number 200
R1:
bgp 100
peer 15.1.1.5 as-number 567
ipv4-family unicast
undo synchronization
peer 15.1.1.5 enable
R2:
bgp 200
peer 25.1.1.5 asW M p ) ] 8 + 4 ^-number 56B O d c ] C E p L7
ipv4-family unicast
undo synchronization
peer 25.1.1.5 enable
R10:
bgp 8910
ipv4-family ***-instance 310
peeG U  O F  Xr 31.1.1.3 as-number 300
ipv4-family ***-instance 410
peer 41.1.1.4 as-number 400
R3:
bgp 300
peer 3F N _ . V 0 c % M1.1.1.10 as-number 8910
ipv4-family unicast
undo synchronization
peer 31.1.1.10 enable
R4:
bgp 400
peer 41.1.1.10 as-number 8910
ipv4-fa? . u zmily unicast
undot M p 1 ` l synchronization
peer 41.1.1.10 enable

查看{ ` a s ) %是否成功建立ipv4邻居关系:
MPLS  OPTION A配置原理及数据通信分析荐

五、使用子接口,建立asbr的bgp连接

R7:
interface GigabitEthernet0/0/1.13
dot1q termination vid 13
ip binding ***-instance 17
ip address 192.168.78.7 255.255.255.0
aS  B U G 2 d ! &rp broadl { ,cast enable
interface GigabitEth% $ .ernet0/0/1.24
dot1q termination vid 24
ip binding ***-instance 27
ip addro J + * eess 192.168.78.7 255.255.255.0
arp broadcast enable
bgp 567
ipv4-faV S } H j ? u cmily ***-ins) + 5 ` Otance 17
peer 192.168.78.8 as-number 8910
ipv4-family ***-instance 27
pe| 7 O p E = r ker 192.168.78.8 as-number 8910
R8:
interface GigabitEthernet0/0/0.13
dot1q termination vid 13
ip binding ***-instance 38
ip ad, + = f 4dress 192.g f w168.78.8 255.255.255.0
art S ~ 4 1p broadcast enable
interface GigabitEthernet0/0/0.24
dot1q termination vid 24
iJ @ e Y Rp binding **v B , a f r X f*-instance 48
ip address 192.168.h [ $ & q ; )78.8 255.255.w L ! E255.0
arp broadcast enable
bgp 8910
ipd , %v4-family ***-instance 39 @ # | n q 3 E |8
peer 192.168.78.7 as-number 567
ipv4-family *L m ,**-instance 48
peer 192.168.78.7 as-number 567

六、在CE设备上用bgp宣告路由U D K b :

R1:
bgp 100
network 172.16.1.1 255.255Q z Z , j ^ r p.255.255
R2:
bg, m b j ]p 200
network 172.16.2.2 255.255.255.255
R3:
bgp 300
network 172.16.3.3 255.255.255.255
R4:
bgp 400
network 172.16.4.4 255.255.255.255

七、测试
MPLS  OPTION A配置原理及数据通信分析荐
MPLS  OPTION A配置原理及数据通信分析荐

八、注意点
8.1、PE设备连接CE时,除了用bgp9 p z / ? C外,也可以用ospf、isis等igp协议,但这样做的话就必须在PE、CE设备上都执行双向R P v 7 7引入;
8.2、mpls lsr-id 路由必须可达,且需要是32位路由,因为ldp默认只为32位路由分配标签;

九、数据通信分析
9.1、路由传F ! 3递路径分析
R1使用bgp传递lo0路由172.16.1.1/32给R5,172.16.1.1/32通过R5的g/0/0/0口进入vrf 15,路T r X : Z .由被打上RD变成$ d f 5 g [ 396位的v4路由,因为R5和R7位mp-bgp邻居且出入RT值匹配,所以R7可以接收R5传来的172.16.1.1/32的路由并进入R7的vrf 17(此路由携带内网标签);R7的g0/0/1.13绑定vrf 17,右半部分的所有设备被R7当U e O f l M I [ V做vrf 17的CE,所以R7会把接收到的路由172.16.1.1/32进入vrN + p u Pf 17后的ipv4路由传递给R8;R8也把左半边设备当做CE,所2 K ^ s Q C = O以172.16.1.1/32会进入vrf 38并打上RD变成路由,再o . S i E根据RT出入值发送给R10(此路由携带内网标签);R10收到1.1.1.1/32后加入vrf 310并把ipv4路由发送给bgpj 4 s . ~ T邻居R3,R3至此收到了17K H 2 V2.16.1.1/32.
9.2、数据流量分析
R3查看全局路由表,发送目的地址为172.16.1.1的数据包给31.1.1.} n O d ; = Y10;R10查看-instance 310,在ip层下压入内网标签(用于告诉R8该查哪张路由表),再压入外网标签(用于解决as8910的路由黑洞);数据包到达R8后查找-instance 38路由表进入R7;R7查找1 z w /-instance 17路由表并压入, F W U : A d Z内网、外网标签,到达R5;R5查找-W b j r * Ainstance 15路由表转发给R1.

十、优缺点
优点:原理简单,便于理解,只是将ASBR所连接的另一个AS当做CE,然后通过子接口建立BGP( : H & W 1 ~邻居
缺点:配置过程繁琐,在需要建立多个通道的时候,ASBR上创建的子接口会很多;且ASBR需要维护路由,有违背MI z ` A L l ! lPLS ***路由传递按照CE1-PE1-PE2-CE2路线的理念。