Segment routing(段路由)~大道至简
模拟器:
链接:https://pan.baidu.com/s/1boACoEz 密码:gr2w
基础知识:
1)IGP基础(OSPF和中间到中间系统协议)
2)BGP协议基础
3)MPLS(多谢标签交换)
IOS-XRv 5.2--6.0.1
1.段路由简介
思科的SR使用数字代表segment(比如16003),不用再实施麻烦的LDP和RSVP协议
全局段--->SRGB(标签范围),从16000开始,到23999是推荐使用的范围-->在所有设备上实施这个范围2.SR的控制层面
IGP(ISIS和OSPF)来分发段:a.前缀段(prefix-SID) 1.1.1.4/32关联了一个段,比如16004
b.邻接段,用数字来表明一个邻接peer
24003代表某个邻接
RP/0/0/CPU0:R1#show ospf neighbor detail
Wed Apr 18 15:21:09.931 UTC
- Indicates MADJ interface
Indicates Neighbor awaiting BFD session up
Neighbors for OSPF 110
Neighbor 22.1.1.1, interface address 12.1.1.2
In the area 0 via interface GigabitEthernet0/0/0/0
Neighbor priority is 1, State is FULL, 6 state changes
DR is 12.1.1.2 BDR is 12.1.1.1
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:38
Neighbor is up for 02:31:15
Number of DBD retrans during last exchange 0
Index 2/2, retransmission queue length 0, number of retransmission 4
First 0(0)/0(0) Next 0(0)/0(0)
Last retransmission scan length is 2, maximum is 2
Last retransmission scan time is 0 msec, maximum is 0 msec
LS Ack list: NSR-sync pending 0, high water mark 0
Adjacency SID Label: 24000
Unprotected Adjacency SID Label: 24001
Neighbor 33.1.1.1, interface address 13.1.1.3
In the area 0 via interface GigabitEthernet0/0/0/1
Neighbor priority is 1, State is FULL, 6 state changes
DR is 13.1.1.3 BDR is 13.1.1.1
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:38
Neighbor is up for 02:31:21
Number of DBD retrans during last exchange 0
Index 1/1, retransmission queue length 0, number of retransmission 4
First 0(0)/0(0) Next 0(0)/0(0)
Last retransmission scan length is 2, maximum is 2
Last retransmission scan time is 0 msec, maximum is 0 msec
LS Ack list: NSR-sync pending 0, high water mark 0
Adjacency SID Label: 24002
Unprotected Adjacency SID Label: 24003
BGP(多协议BGP)来分发段:LU(IPv4单播标签)--->域间的MPLS VPN实施(Option ABC)
需要配置的内容---->转发表(数据转发层面)
ASR系列路由器(9000)
XR上一个简单的配置:
router ospf 110
router-id 11.1.1.1
area 0 //进入区域0
segment-routing mpls //开启运行SR。
interface Loopback0 //环回接口0运行在OSPF的区域0
passive enable
prefix-sid absolute 16001 //对某个32位的前缀来关联全局标签(SID)16001
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
15:11
只分发32位的SID,那么网段怎么办?
R2 R5 上是不是都是2个进程?
我看书上有这样一段描述:前缀段和邻接段都能通过IGP通告,全局可见。但是前缀段(Prefix Segment)全局有效,邻接段(Adj Segment)本地有效怎么理解?既然都全局有效全局可见就说明SID在全网都能学习到,那么本地有效和全局有效之间的区别在哪里?
3.SR的转发层面
router ospf 110
router-id 11.1.1.1
area 0
segment-routing forwarding mpls //非常关键的补充命令,SR改造后的OSPF分发的标签可以去承载数据,IS-IS协议并不需要
观察从R1到R4的数据转发
标签行为/标签动作:压入标签、交换标签和弹出标签
RP/0/0/CPU0:R1#show cef 44.1.1.1 detail //入口PE完成
Wed Apr 18 15:33:48.159 UTC
44.1.1.1/32, version 47, internal 0x1000001 0x81 (ptr 0xa13f2274) [1], 0x0 (0xa13bd638), 0xa28 (0xa168807c)
Updated Apr 18 15:20:40.723
local adjacency 12.1.1.2
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xa12862b8) reference count 3, flags 0x68, source rib (7), 0 backups
[2 type 5 flags 0x8401 (0xa15754c4) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xa13bd638, sh-ldi=0xa15754c4]
gateway array update type-time 1 Apr 18 15:20:40.723
LDI Update time Apr 18 15:20:40.723
LW-LDI-TS Apr 18 15:20:40.723
via 12.1.1.2/32, GigabitEthernet0/0/0/0, 5 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xa10e53a0 0x0]
next hop 12.1.1.2/32
local adjacency
local label 16004 labels imposed {16004}
via 13.1.1.3/32, GigabitEthernet0/0/0/1, 5 dependencies, weight 0, class 0 [flags 0x0]
path-idx 1 NHID 0x0 [0xa10e52a4 0x0]
next hop 13.1.1.3/32
local adjacency
local label 16004 labels imposed {16004}
Load distribution: 0 1 (refcount 2)
Hash OK Interface Address
0 Y GigabitEthernet0/0/0/0 12.1.1.2
1 Y GigabitEthernet0/0/0/1 13.1.1.3 Pop行为是指弹掉一层标签(SR的标签弹空)
SR实施的外层标签,此时没有运行LDP/RSVP依旧通过标签转发了数据
RP/0/0/CPU0:R1#traceroute 44.1.1.1
Wed Apr 18 15:43:20.230 UTC
Type escape sequence to abort.
Tracing the route to 44.1.1.1
1 13.1.1.3 [MPLS: Label 16004 Exp 0] 39 msec 9 msec 29 msec //16004这个SR承载了数据
2 34.1.1.4 19 msec * 9 msec
4.SRGB
范围是16000到23999,推荐值,不要轻易做出改变
5.实施
前边已经在SR区域实施了OSPF的SR(3条重要命令)
重要的设备:PE的
主要是客户的路由更新
PE-R4
router bgp 100 //开启BGP
address-family vpnv4 unicast //开启BGP的支持VPNv4路由功能
!
neighbor 11.1.1.1 //和另外的PE-R1建立邻居关系
remote-as 100
update-source Loopback0 //更新源为环回接口,SID为16004
address-family vpnv4 unicast //针对该邻居激活VPNv4的功能
!
!
vrf QYT //BGP中修改某个客户的配置
rd 100:100 //针对该客户(vrf)配置一种标识符,即64位的RD,强烈建议每个客户用于唯一的RD值
address-family ipv4 unicast //进入该客户的单播地址族
redistribute ospf 1 //把客户的路由引入客户的VRF的BGP--自动的引入到VPNv4
6.迁移到SR
方式:
共存:入口PE的SR或者LDP标签2选1.默认优选LDP,可以命令改变为优选SR
RP/0/0/CPU0:R1(config-ospf)#segment-routing sr-prefer
互操作:P设备和出口PE无需关心
迁移:1.升级IOS到支持SR 2.所有PE配置SR优选 3.移除LDP
支持IPv4单播标签 lablel-unicast