需求描述:
R9与R10分别是两家企业的出口路由器,现两家公司因业务合作须建设***实现私网互访,要求采用跨域MPLS *** OPTION B解决方案。其中AS100和AS200模拟ISP,R1和R7为PE,R3和R5为ASBR,R2和R6为P,R4和R8为RR,R9和R10为CE。各路由器之间地址为xx.1.1.x/24,loopback0地址为x.x.x.x/32。拓补图如下:
(声明:此拓补图搬运自SPOTO数通老师童驰阳,且已征得童老师同意。)
一、ISP内部IGP全互通
R1:
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
R2:
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 23.1.1.2 0.0.0.0
network 24.1.1.2 0.0.0.0
R3:
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
R4:
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 24.1.1.4 0.0.0.0
查看ospf邻居是否都已建立成功:
R5:
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 56.1.1.5 0.0.0.0
R6:
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
network 67.1.1.6 0.0.0.0
network 68.1.1.6 0.0.0.0
R7:
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 67.1.1.7 0.0.0.0
R8:
ospf 1 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 68.1.1.8 0.0.0.0
查看ospf邻居是否都已建立成功:
二、ISP内部启用LDP建立公网隧道,用于解决将来的路由黑洞问题
R1:
mpls lsr-id 1.1.1.1
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
R2:
mpls lsr-id 2.2.2.2
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
int g0/0/2
mpls
mpls ldp
R3:
mpls lsr-id 3.3.3.3
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
R4:
mpls lsr-id 4.4.4.4
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
查看是否成功建立LDP邻居:
R5:
mpls lsr-id 5.5.5.5
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
R6:
mpls lsr-id 6.6.6.6
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
int g0/0/1
mpls
mpls ldp
int g0/0/2
mpls
mpls ldp
R7:
mpls lsr-id 7.7.7.7
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
R8:
mpls lsr-id 8.8.8.8
mpls
mpls ldp
int g0/0/0
mpls
mpls ldp
查看是否成功建立LDP邻居:
R3和R5互连的接口上启用mpls,用于为***v4路由进行跨域标签转换
R3:
interface GigabitEthernet0/0/1
mpls
R5:
interface GigabitEthernet0/0/1
mpls
三、ISP内部建立MP-IBGP邻居,ISP之间建立MP-EBGP邻居,用于传递将来的***v4路由
3.1、R1与R4、R3与R4建立MP-IBGP邻居关系,R1与R3是反射器R4的客户端,R4采用按组打包方式与R1、R3建立邻居关系:
R1:
bgp 100
undo default ipv4-unicast
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 4.4.4.4 enable
ipv4-family ***v4
policy ***-target
peer 4.4.4.4 enable
R3:
bgp 100
undo default ipv4-unicast
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 4.4.4.4 enable
ipv4-family ***v4
undo policy ***-target
peer 4.4.4.4 enable
#因为R3上不需要创建VRF实例,所以不存在RT值,使用undo policy ***-target保证可以收发***v4路由
R4:
bgp 100
undo default ipv4-unicast
peer 1.1.1.1 as-number 100
peer 3.3.3.3 as-number 100
group ibgp internal
peer ibgp connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer ibgp enable
undo peer 1.1.1.1 enable
undo peer 3.3.3.3 enable
ipv4-family ***v4
undo policy ***-target
peer ibgp enable
peer ibgp reflect-client
peer 1.1.1.1 enable
peer 1.1.1.1 group ibgp
peer 3.3.3.3 enable
peer 3.3.3.3 group ibgp
#因为R4上不需要创建VRF实例,所以不存在RT值,使用undo policy ***-target保证可以收发***v4路由
查看MP-IBGP邻居是否成功建立:
3.2、R5与R8、R7与R8建立MP-IBGP邻居关系,R5与R7是反射器R8的客户端,R8采用按组打包方式与R5、R7建立邻居关系:
R5:
bgp 200
undo default ipv4-unicast
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 8.8.8.8 enable
ipv4-family ***v4
undo policy ***-target
peer 8.8.8.8 enable
#因为R5上不需要创建VRF实例,所以不存在RT值,使用undo policy ***-target保证可以收发***v4路由
R7:
bgp 200
undo default ipv4-unicast
peer 8.8.8.8 as-number 200
peer 8.8.8.8 connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer 8.8.8.8 enable
ipv4-family ***v4
policy ***-target
peer 8.8.8.8 enable
R8:
bgp 200
undo default ipv4-unicast
peer 5.5.5.5 as-number 200
peer 7.7.7.7 as-number 200
group ibgp internal
peer ibgp connect-interface LoopBack0
ipv4-family unicast
undo synchronization
undo peer ibgp enable
undo peer 5.5.5.5 enable
undo peer 7.7.7.7 enable
ipv4-family ***v4
undo policy ***-target
peer ibgp enable
peer ibgp reflect-client
peer 5.5.5.5 enable
peer 5.5.5.5 group ibgp
peer 7.7.7.7 enable
peer 7.7.7.7 group ibgp
#因为R8上不需要创建VRF实例,所以不存在RT值,使用undo policy ***-target保证可以收发***v4路由
查看MP-IBGP邻居是否成功建立:
3.3、R3与R5建立MP-EBGP邻居
R3:
bgp 100
undo default ipv4-unicast
peer 35.1.1.5 as-number 200
ipv4-family unicast
undo synchronization
undo peer 35.1.1.5 enable
ipv4-family ***v4
undo policy ***-target
peer 35.1.1.5 enable
R5:
bgp 200
undo default ipv4-unicast
peer 35.1.1.3 as-number 100
ipv4-family unicast
undo synchronization
undo peer 35.1.1.3 enable
ipv4-family ***v4
undo policy ***-target
peer 35.1.1.3 enable
查看MP-EBGP邻居是否成功建立:
四、建立CE与PE的BGP邻居关系
4.1、R1上创建***-instance 9,与R9建立BGP邻居
R1:
ip ***-instance 9
ipv4-family
route-distinguisher 1:1
***-target 9:10 export-extcommunity
***-target 10:9 import-extcommunity
interface GigabitEthernet0/0/1
ip binding ***-instance 9
ip address 192.168.1.1 255.255.255.0
bgp 100
ipv4-family ***-instance 9
peer 192.168.1.9 as-number 9
R9:
bgp 9
peer 192.168.1.1 as-number 100
ipv4-family unicast
undo synchronization
peer 192.168.1.1 enable
查看BGP邻居是否成功建立:
4.2、R7上创建***-instance 10,与R10建立BGP邻居
R7:
ip ***-instance 10
ipv4-family
route-distinguisher 7:7
***-target 10:9 export-extcommunity
***-target 9:10 import-extcommunity
interface GigabitEthernet0/0/1
ip binding ***-instance 10
ip address 192.168.7.7 255.255.255.0
bgp 200
ipv4-family ***-instance 10
peer 192.168.7.10 as-number 10
R10:
bgp 10
peer 192.168.7.7 as-number 200
ipv4-family unicast
undo synchronization
peer 192.168.7.7 enable
查看BGP邻居是否成功建立:
五、CE宣告路由并测试
5.1、在R9和R10上使用BGP宣告loopback0路由
R9:
bgp 9
network 192.168.9.9 255.255.255.255
R10:
bgp 10
network 192.168.10.10 255.255.255.255
5.2、测试
六、路由传递过程分析
R9通过BGP宣告192.168.9.9/32,R1收到192.168.9.9/32路由后打上***-instance 9的RD,得到96位的***v4路由;R1把***v4路由192.168.9.9/32传递给R4,因为R1、R3都是反射器R4的客户端,所以R4会把***v4路由192.168.9.9/32反射给R3;R3继续把***v4路由192.168.9.9/32传给R5,R5传给R8,R8反射给R7;192.168.9.9/32进入R7的***-instance 10后,变成ipv4路由,最后传给R10.
七、数据通信过程分析
R1查找全局路由表,将去往192.168.9.9/32的数据包发送给R7,R7查找***-instance 10路由表,将数据包打上公网标签(用于解决路由黑洞问题)和私网标签(用于解决对端PE设备即R1该查哪张***-instance表的问题),然后发给R5;R5收到没有公网标签的数据包后,进行私网标签转换,然后把数据包转发给R3;R3收到数据包后再进行私网标签转换,然后打上公网标签发给R1;R1看到私网标签,即可知道应该查找***-instance 9路由表,最后把数据转发给R9.
八、优缺点
优点:与OPTION A相比,ASBR之间不需要启用子接口,不需要维护大量的EBGP邻居关系。
缺点:ASBR上还是需要维护***v4路由,有违***路由按照CE1-PE1-PE2-CE2的理念。