Detailed background and experiment of mpls option abc

Others 2021-03-27 17:53:11 views: null

learning target:

: Understanding MPLS

Learning Content:

prompt:

1. Review of single-domain mpls vpn architecture
2. Design idea
of Option A 3. Command line of Option A
4. Design idea
of Option B
5. Command line of Option B 5. Configuration based on Cisco Huawei

study-time:

Tips: You can add the planned study time here.
For example:
1. Monday to Friday 7 pm-9 pm
2, Saturday 9 am-11 am
3, Sunday 3 pm-6 pm

Learning output:

content:

Single domain VPN:

zz
mpls vpn processing behavior: isp internal network runs igp internal network to start an mpls ldp. Create a vpn instance on pe, and take a different vpn instance for each independent customer to associate with the customer. The easiest way to associate is. Directly take the created vpn instance to make a binding with the customer. The routes learned through this interface will be added to the sub-routing table corresponding to the vpn instance. And because there are vpn v4 neighbors established between PEs, set the rt and rd of the route in the vpn instance, and combine the route prefix mask +rd and rt to convert the ipv4 route into a vpn v4 route and pass it on to other pes. Other pe rt and rd do import and export operations to restore the vpn v4 route to an ipv4 route, and pass the route to another pe connected. The inner label is automatically advertised by the pe router when it advertises the vpn v4 route. The received label cannot be used directly because it cannot be read without a router running vpn insatnce. Need to enable mpls to update the igp route corresponding to the source address for vpn v4 neighbors to do a label distribution

When forwarding through the public network interface of pe, the data will be labeled, usually two layers, and inner label: usually a vpn v4 label. Outer layer: Go to the vpn v4 neighbor for the label of the igp route corresponding to the next hop of the route. The intermediate router will only look at the external label and will only consider it to be sent to the pe. After reaching the pe, it will only pop up through the PHP last hop label The remaining inner label pe is forwarding data by looking up the vpn instance routing table.

ps: Single domain is not common in the daily network environment, because the conditions for single domain are very harsh, because the headquarters and the company need to be connected to the same operator and need to be in the same as. So when we want to implement a cross-domain and cross-operator architecture, there are 4 solutions: option ab c1 c2.

The design idea of ​​option a: Asbr does not treat one ISP as the ISP, but when the customer sees it

experiment

Check the topology to understand the role of the router:

Experiment purpose: connect two operators to connect different customers of the same company, use mpls vpn option a to get through

Insert picture description here

option a:

r1, r2: devices at both ends of the link interconnected between asbr and isp. Asbr does not need to run mpls between as domains, and only establishes an ipv4 neighbor relationship to send simple routes to each other

ps: In the orthodox option a bc, r1 and r2 will not do route redistribution, only in option c2 through redistribution to achieve route transmission. Start the sub-interface between ar1 and ar2, and send private network routes by binding the sub-interfaces.

Open vpn v4 neighbors 1 and 5vpn v4 neighbors between 2 and 6 . 2 and 1 can receive vpn v4 routes but cannot join the routing table plus the routing table. The premise is to create vrf r7 r8 as rr. They are not in the backbone traffic transmission path of the small data layer.

9.10 is a route reflector. Because in the operator's network environment, a large number of routers are required to run bgp, and ibgp neighbors need to be established. If there is no reflector, the neighbor establishment will be bloated. rr will ignore the vpn v4 r5 filter mechanism. rt filter: I received the route through my vpn v4 neighbor, and all received it. Can only be given to ibgp neighbors. But ibgp can be passed to other EBGP neighbors through the released rt, and has no contact with ibgp neighbors.

When the pe router transmits the vpnv 4 route, the premise is that it creates the vrf, the route of ce will be collected in the vrf and sent to the neighbor. The neighbor will check the rt carried by the route when it receives it. If it is imported by him, it will be discarded.

Option a: Design idea, take r2 and r1 as ce to see each other, create vrf, establish ebgp or igp between asbr. The ipv4 routes that are transmitted to each other are all ipv4 routes, but the routes transmitted from the other side will be added to the vrf routing table.

Disadvantages:

  1. The amount of configuration is relatively large
  2. Labeled messages cannot be transmitted end-to-end, and cannot be used for qos
  3. Optiion a can only be done when different as and as connected by different customers are also interconnected. It does not have any scalability.

option b:

Establish vpn v4 neighbors directly between r1 and r2 without subinterfaces. Direct links need to use mpls to create the same import and export rt as vrf similar to r6. The rt filter of vpn v4 needs to be turned off. Only when the filter is turned off can the vpn v4 be received before it can be added to the local vpn v4 bgp table. Pass the route from asbr to asbr at the other end

Lack: Although the label is not interrupted, when the label is transmitted on the left ISP, the label is advertised by r2. When passing between asbrs, the label is exchanged with the label advertised by the opposite asbr, and the label is transmitted in the right ISP. It is the label distributed by the pe router that actually generated this route. Different operators need to be interconnected. When a third-party operator is interrupted, it is not feasible to interrupt the interconnection of different operators as a traversal route, and it is not feasible to connect customers directly

When r9 passes the route to r10, the next hop will become r9, and the next hop received by r5 will be r9. There will be problems and traffic routing will be very strange. Even if rr can be used as a route reflector, the CPU memory is already extremely large. If it is still in the flow path and needs to do traffic transmission, then under the double blow of the control plane and the data plane, rr may not be able to hold it. Solving by next-hop-unchange can ensure that the next hop of the route is unchanged

option c1:


Bgp- based solutions r6, r5k and rr establish vpn v4 neighbors, asbr establish ipv4 neighbors, rr needs to pass vpn v4 routes to ebgp neighbors. r9 r10 needs to turn off the vpn v4 filter.

Make three third labels: about asbr's igp routing label

bgp end-to-end delivery

option c2:

R2 sends its as route to r1, asbr and rr do not need to establish an internal igp neighbor relationship, and
route igp to bgp through redistribution. When redistributing routes with labels, label inheritance,

ps: Huawei will not send tagged packets to ebgp neighbors by default. When receiving tagged ebgp routes and discovering to ibgp neighbors, the label cannot by default. The prerequisite for pe to receive pe's route and add table is that the peer has 32 bits. Host routing

experiment:

1. Configure the interface ip address

r7: 192.168.7.7 192.168.57.7
r8 172.16.8.8 172.16.68.8
Others: xy.1.1.x xy.1.1.y

2. Enable igp on the operator's intranet

r1
router isis 
net 49.0001.0000.0000.0001.00
log-adjacency-changes all
is-type level-2-only 
metric-style wide
interface range loopback 0 . ethernet 0/1 
ip router isis 

r3:
router isis 
net 49.0001.0000.0000.0003.00
log-adjacency-changes all
is-type level-2-only 
metric-style wide
intface range ethernet 0/0-2 ,loopback 0
ip router isi 

r5:
router isis 
net 49.0001.0000.0000.0005.00
log-adjacency-changes all
is-type level-2-only 
metric-style wide
int range e0/0-1 ,loopback
ip router isis 

r10:
r5:
router isis 
net 49.0001.0000.0000.000A.00
log-adjacency-changes all
is-type level-2-only 
metric-style wide
int range e0/0 ,loopback 0
ip router isis 

r2
router ospf 110 
router-id 2.2.2.2
intface range ethernet 0/0 ,loopback 0
ip ospf 110 area 0

r4:
router ospf 110
router-id 4.4.4.4
int range e0/0-2 ,loopback 0
ip ospf 110 area 0

r6:
router ospf 110 
router-id 6.6.6.6
int range e0/1 ,loopback 0
ip ospf 110 area 0

r9:
router ospf 110
router-id 9.9.9.9
int range e0/0,loopback 0
ip ospf 110 area 0

3. Enable mpls on the intranet




r1,r2,r3,r4,r5,r6 ,r9 ,r10:
ip cef 
mpls ip 
mpls label protocol ldp 
mpls ldp router-id loopback 0 force 
内网接口启用 mpls ip 

show mpls ldp neighbor

4. Solve the problems of ce and pe

r6
vrf definition a-bj
address-family ipv4 unicast 
exit
rd 10:10
address-family ipv4 unicast 
route-target both 1010
exit
int eth0/0
vrf forwarding a-bj
ip add 172.16.68.6 255.255.255.0
ping vrf 172.16.68.8 


r8:
router bgp 8 
no auto-summary 
no synchronization 
bgp router-id 8.8.8.8
redistribute connected
neighbor 172.16.68.6 remote-as 8


r6:router bgp 10
no auto-summary
no synchronazation 
bgp router-id 6.6.6.6
addres-family ipv4 vrf a-bj 
neighbor 172.16.68.8 remote-as 8
neighbor 172.16.68.8 active 

r5:
vrf definition a-sh
rd 10:10
address-family ipv4 unicast 
route-target 1010 both 
int e0/2 
vrf forwarding a-sh 
ip add 192.168.57.5 255.255.255.0

router bgp 5
no synchronization
no auto-summary
bgp router-id 5.5.5.5
address-family ipv4 unicast vrf  a-sh
neighbor 192.168.57.7


r7 
router bgp 7
no synchronization
no auto-summary
bgp router-id 7.7.7.7
neighbor 192.168.57.5 remote-as 5
reditribute connected
ps show bgp vrf name vpnv4 unicast to see routing
                 show bgp vrf 名  vpnv4 unicast summary 查看邻居

option a

r1 r2 create vrf

r2:
vrf definition a-bj 
rd 10:10 
address-family ipv4 unicast 
router-target both 10:10 
interface e0/1.10

encapsulation dot1q 10 
vrf forwarding a-bj 
ip adddress 10.1.1.2 255.255.255.0
no shut

r6:
no bgp default ipv4-unicast 
neighbor 9.9.9.9 remote-as 10
address-family vpnv4 unicast 
neighbor 9.9.9.9 active



r9

router bgp 10
no auto-summary
no synchronization
bgp router-id 9.9.9.9
no bgp default ipv4-unicast 
bgp router-id 9.9.9.9
neighbor 6.6.6.6 remote-as 10
neighbor 2.2.2.2 remote-as 10
neighbor 6.6.6.6 update-sorce loopback 0
address-family vpnv4 unicast 
neighbor 6.6.6.6 active
neighbor 2.2.2.2 active

**neighbor 6.6.6.6 route-reflector-client
neighbor 2.2.2.2 route-reflector-client**


r2:
router bgp 10 
no auto-summary
no synchronization 
bgp router-id 2.2.2.2 
no bgp default  ipv4 unicast 
neighbor 9.9.9.9 remote-as 10
neighbor 9.9.9.9 update-source loopback 0

address-family vpnv4 unicast 
neighbor 9.9.9.9 active

r2 and r1 establish neighbors


router	bgp	10 
address-family ipv4 vrf	a-bj
neighbor10.1.1.1  remote-as 20
neighbor 10.1.1.1 activate

Vpn v4 on the right

r10 :
router	bgp 20
no auto-summary 
no synchronizaiton 
bgp router	-id 10.10.10.10
no bgp default ipv4-unicast 
neighbor 5.5.5.5 remote-as 20
neighbor 1.1.1.1 remote-as 20
neighbor 5.5.5.5 update-source loopback 0
neighbor 1.1.1.1 update-source loopback 0
address-family vpnv4 unicast 
neighbor 5.5.5.5 activate 
neighbor 5.5.5.5 activate 
neighbor 5.5.5.5 route-reflector-client
neighbor 1.1.1.1 route-reflector-client


r5:
router bgp 20 

bgp router-id 5.5.5.5
no bgp default ipv4 unicast 
neighbor 10.10.10.10 remote-as 20
neighbor 10.10.10.10 update-source loopback 0
address-family vpnv4 unicast 
neighbor 10.10.10.10 activate

r1
router bgp 20 
no auto-summary
no synchronization 
bgp router-id 1.1.1.1
no bgp default ipv4 unicast 
neighbor 10.10.10.10 remote-as 20
neighbor 10.10.10.10 update-source loopback 0
address-family vpnv4 unicast 
neighbor 10.10.10.10 activate

vrf for r1

vrf definition a-sh 
rd 10:10 
address-family ipv4 unicast 
route-target both 10:10
int e0/1.10
encapsulation dot1q 10 
vrf forwarding a-sh
ip add 10.1.1.1 255.255.255.0
no shut

r1 and r2 are connected

r1
router	bgp 20
address-family ipv4 vrf a-sh 
neighbor 10.1.1.2 remote-as 10 
neighbor 10.1.1.2 activate

option B

1. Directly establish vpnv4 neighbors between asbr and delete vrf

ar1:
routter bgp 20
neighbor 12.1.1.2 remote-as 10 
address-family vpnv4 unicast 
neighbor 12.1.1.2 activate 
 
 r2
 router bgp 10
 neighbor 12.1.1.1 remote-as 20
 address-family vpnv4 unicast 
 neighobr 12.1.1.1 activate

But now I can’t see the passed vpnv4 route. I need to turn off the rt filter.

no bgp default route-target filter
清路由 clear bgp vpnv4 unicast * soft 

r1 
router bgp 20 
addres-family vpnv4 unicast 
neighbor 10.10.10.10 next-hop-self 
 clear bgp vpnv4 unicast * soft 
r2
router bgp 10 
addres-family vpnv4 unicast 
neighbor 9.9.9.9 next-hop-self 
 clear bgp vpnv4 unicast * soft

According to common sense: it is impossible to communicate, but also need to enable the mpls
Cisco emulator. When the vpnv4 neighbor is enabled for the physical link, the physical interface will automatically enable mpls vrf forwarding

option C

There is no need to establish vpnv4 bgp between 1 and 2 to establish ipv4 to transmit public network routes

r1
router bgp 20
no neighbor 12.1.1.2 remote-as 10
neighbor 12.1.1.2 remote-as 10
address-family ipv4 unicast 
neighbor 12.1.1.2 activate 
neighbor 12.1.1.2 send-label 

r2
router bgp 10 
no neighbor 12.1.1.1  remote-as 20
 neighbor 12.1.1.1  remote-as 20
 address-family ipv4 unicast 
neighbor 12.1.1.1 activate 
neighbor 12.1.1.1 send-label

Do ipv4 bgp

r6:  router bgp 10 
nextwork 6.6.6.6 mask 255.255.255.255
address-family ipv4 unicast 
neighbor 9.9.9.9 active
neighbor 9.9.9.9 send-label  通告ipv4路由携带标签

r9:
router bgp 10
address-family ipv4 unicast 
network 9.9.9.9 mask 255.255.255.255.255
neighbor 6.6.6.6 activate 
neighbor 6.6.6.6 route-reflector-client 
neighbor 6.6.6.6 send-label

neighbor 2.2.2.2 activate 
neighbor 2.2.2.2 route-reflector -client 
neighbor 2.2.2.2 send-label 

r2:
network 2.2.2 mask 255.255.255.255
address-family ipv4 unicast 
neighbor 9.9.9.9 activate
neighbor 9.9.9.9 send-label

Remove vpnv4

r2:
router bgp 10
address-family vpnv4 unicast 
no neighbor 9.9.9.9 activate 

r9:
router bgp 10
address-family vpnv4 unicast 
no neighbor 2.2.2.2 activate 

r1
router bgp 20
address-family vpnv4 unicast 
no neighbor10.10.10.10 activate 

r10

Intranet ibgp ipv4

r10
router bgp 20
addressfaily ipv4 unicast 
network 10.10.10.10 mask 255.255.255.255
neighbor 5.5.5.5 activate 
neighbor 5.5.5.5 route-reflector-client 
neighbor 5.5.5.5 send-label 


neighbor  1.1.1.1activate 
neighbor  1.1.1.1route-reflector-client 
neighbor  1.1.1.1send-label 

r5:
router bgp 20
address-family ipv4 unicast 
neighbor 10.10.10.10 activate 
neighbor 10.10.10.10 send-label 

r1 
router bgp 20
address-family ipv4 unicast 
neighbor 10.10.10.10 activate 
neighbor 10.10.10.10 send-label

1 to 10 2 to 9 refers to next-self-self because the xxxx activate related commands will be deleted in the vpnv4 sub-address cluster.

Build vpnv4 between 9 and 10 here

r9
router bgp 10 
no bgp default ipv4 unicast 
no bgp default route-target filter
neighobr 10.10.10.10 update-source loopback 0
neighbor 10.10.10.10 ebgp-multihop 

addresss-family vpnv4 unicast 
neighbor 10.10.10.10 next-hop-unchange 


r10:
router bgp 20
neighbor 9.9.9.9 remote-as 10
neighbor 9.9.9.9 ebgp-multihop 
no bgp default route-target filter
addresss-family vpnv4 unicast 
neighbor 9.9.9.9 activate 
neighbor 9.9.9.9 next-hop-unchange

show tag

show mpls forwarding-table 
show bgp ipv4 unicast labels

option C2

9 and 6 5 and 10 ipv4 bgp remove
r2 only need to establish ipv4 bgp route with r1

r9
router bgp 10
no neighbor 2.2.2.2 
address-family ipv4 unicast 
no network 9.9.9.9 mask 255.255.255.255
no neighbor 6.6.6.6 activate 
no neighbor 2.2.2.2 activate 


r6:
router bgp 10 
address-family ipv4 unicast 
no network 6.6.6.6 mask 255.255.255.255 
no neighbor 9.9.9.9 activate 

r2:
route bgp 10
address-family ipv4 unicast
no neighbor 9.9.9.9 activate 
no network 2.2.2.2 mask 255.255.255.255 

r10
router bgp 20
no neighbor 1.1.1.1 
adress-family ipv4 unicast 
no network 10.10.10.10 mask 255.255.255.255
no neighbor 5.5.5.5 activate 


r1:
router bgp 20 
no neighbor 10.10.10.10  // 直接去掉所有关于10.10.10.10 的配置
address-family ipv4 unicast 
no network 1.1.1.1 mask 255.255.255.255 
no neighbor 10.10.10.10 activate 

r5
router bgp 20
address-family ipv4 unicast 
no netwrok 5.5.5.5 mask 255.255.255.255
no neighbor 10.10.10.10 activate

r2 do route-map

r2
ip prefix-list ccie seq 10 permit 6.6.6.6/32 
ip prefix-list ccie sq1 20 permit 9.9.9.9/32 

route-map o-2-b permit 10
match ip address prefix-list ccie 

router bgp 10
address-family ipv4 unicast 
redistribute ospf 110 route-map o-2-b

r1
ip prefix-list ccie seq 10 permit 5.5.5.5/32 
ip prefix-list ccie sq1 20 permit 10.10.10.10/32 
route-map i-2-b permit 10
match ip address prefix-list ccie 
router bgp 20
address-family ipv4 unicast 
redistribute isis level-2  route-map i-2-b

Guess you like

Origin blog.csdn.net/weixin_45821358/article/details/108396786
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com