MPLS VPN 之CE端运行BGP实验分析
实验拓扑图
实验描述:主要模拟CE端运行EBGP,PE端的配置及路由分析,主要分为两步来分析,两CE端运行相同的自治系统及不同的自治系统。
1、当两CE端(属于相同的VRF Ting)运行不同的BGP自治系统的情况分析
当CE-R5与CE-R7运行BGP协议,并且AS分别为55和77,以下为各设备配置;
PE-R1:
ip vrf Ting
rd 100:11
route-target export 100:14
route-target import 100:13
ip cef
mpls label range 100 199
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/1
ip vrf forwarding Ting
ip address 15.1.1.1 255.255.255.252
!
interface FastEthernet1/0
ip address 12.1.1.1 255.255.255.252
mpls ip
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 12.1.1.0 0.0.0.3 area 0
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
address-family ipv4 vrf Ting
neighbor 15.1.1.2 remote-as 55
neighbor 15.1.1.2 activate //并没有进行重分布
PE-R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.252
mpls ip
interface FastEthernet0/1
ip address 23.1.1.1 255.255.255.252
mpls ip
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 12.1.1.0 0.0.0.3 area 0
network 23.1.1.0 0.0.0.3 area 0
PE-R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 23.1.1.2 255.255.255.252
mpls ip
interface FastEthernet1/0
ip vrf forwarding Ting
ip address 37.1.1.1 255.255.255.252
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 23.1.1.0 0.0.0.3 area 0
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
address-family ipv4 vrf Ting
neighbor 37.1.1.2 remote-as 77
neighbor 37.1.1.2 activate //并没有进行重分布配置
CE-R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface FastEthernet0/0
ip address 15.1.1.2 255.255.255.252
router bgp 55
bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
network 15.1.1.0 mask 255.255.255.252 //将环回接口及互联接口通告至BGP中
neighbor 15.1.1.1 remote-as 100
CE-R7:
interface Loopback0
ip address 7.7.7.7 255.255.255.255
interface FastEthernet0/0
ip address 37.1.1.2 255.255.255.252
router bgp 77
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
network 37.1.1.0 mask 255.255.255.252 //将环回接口及互联接口通告至BGP中
neighbor 37.1.1.1 remote-as 100
在PE-R1上查看EBGP建立情况
R1#show ip bgp all su
For address family: VPNv4 Unicast
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 23, main routing table version 23
6 network entries using 936 bytes of memory
6 path entries using 480 bytes of memory
5/4 BGP path/bestpath attribute entries using 720 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
4 BGP extended community entries using 128 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2312 total bytes of memory
BGP activity 11/5 prefixes, 11/5 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 100 34 32 23 0 0 00:22:41 3
15.1.1.2 4 55 25 29 23 0 0 00:18:29 2
从输出可知,邻居已经建立,并且出到两条路由,如下:
R1#show ip bgp vpnv4 all
BGP table version is 23, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:11 (default for vrf Ting)
*> 5.5.5.5/32 15.1.1.2 0 0 55 i
*>i 7.7.7.7/32 3.3.3.3 0 100 0 77 i
r> 15.1.1.0/30 15.1.1.2 0 0 55 i
*>i 37.1.1.0/30 3.3.3.3 0 100 0 77 i
从路由表可知,在R5和R7通告的四个前辍条目都已经加入路由表项,而且并没有进行重分布,由此可知EBGP与MP-BGP之间的重分布是自动进行的,并不需要进行重分布配置。
CE-R7及CE-R5查看路由情况:
R7#show ip route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 37.1.1.1, 00:13:18
7.0.0.0/32 is subnetted, 1 subnets
C 7.7.7.7 is directly connected, Loopback0
15.0.0.0/30 is subnetted, 1 subnets
B 15.1.1.0 [20/0] via 37.1.1.1, 00:13:18
37.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 37.1.1.0/30 is directly connected, FastEthernet0/0
L 37.1.1.2/32 is directly connected, FastEthernet0/0
R5#show ip route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
7.0.0.0/32 is subnetted, 1 subnets
B 7.7.7.7 [20/0] via 15.1.1.1, 00:14:13
15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 15.1.1.0/30 is directly connected, FastEthernet0/0
L 15.1.1.2/32 is directly connected, FastEthernet0/0
37.0.0.0/30 is subnetted, 1 subnets
B 37.1.1.0 [20/0] via 15.1.1.1, 00:14:13
R5#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
1 15.1.1.1 96 msec 56 msec 128 msec
2 12.1.1.2 [MPLS: Labels 200/307 Exp 0] 172 msec 160 msec 184 msec
3 37.1.1.1 [AS 77] [MPLS: Label 307 Exp 0] 152 msec 124 msec 96 msec
4 37.1.1.2 [AS 77] 168 msec 132 msec 128 msec
2、当CE-R5和CE-R7运行相同的AS 55时情况分析
R7及R3上的配置,如下:
R7配置:
router bgp 55
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
network 37.1.1.0 mask 255.255.255.252
neighbor 37.1.1.1 remote-as 100
R3配置:
address-family ipv4 vrf Ting
neighbor 37.1.1.2 remote-as 55
neighbor 37.1.1.2 activate
在R3上查看bgp 邻居关系
R3#show ip bgp all su
For address family: VPNv4 Unicast
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 26, main routing table version 26
6 network entries using 936 bytes of memory
6 path entries using 480 bytes of memory
5/4 BGP path/bestpath attribute entries using 720 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
4 BGP extended community entries using 128 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2288 total bytes of memory
BGP activity 13/7 prefixes, 13/7 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 52 55 26 0 0 00:40:29 3
37.1.1.2 4 55 7 7 26 0 0 00:02:09 2
EBGP邻居已经建立,并且收到两条来至37.1.1.2的前辍路由,如下:
R3#show ip bgp vpnv4 all
BGP table version is 26, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:11 (default for vrf Ting)
*>i 5.5.5.5/32 1.1.1.1 0 100 0 55 i
*> 7.7.7.7/32 37.1.1.2 0 0 55 i
*>i 15.1.1.0/30 1.1.1.1 0 100 0 55 i
r> 37.1.1.0/30 37.1.1.2 0 0 55 i
在PE-R1上查看路由情况,如下:
R1#show ip bgp vpnv4 all
BGP table version is 29, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:11 (default for vrf Ting)
*> 5.5.5.5/32 15.1.1.2 0 0 55 i
*>i 7.7.7.7/32 3.3.3.3 0 100 0 55 i
r> 15.1.1.0/30 15.1.1.2 0 0 55 i
*>i 37.1.1.0/30 3.3.3.3 0 100 0 55 i
从上可知,从R7通告的两条前辍已经通过MP-BGP传递至PE-R1上,现在在CE-R5上查看路由情况
R5#show ip bgp all su
For address family: IPv4 Unicast
BGP router identifier 5.5.5.5, local AS number 55
BGP table version is 13, main routing table version 13
2 network entries using 288 bytes of memory
2 path entries using 160 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 584 total bytes of memory
BGP activity 7/5 prefixes, 7/5 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
15.1.1.1 4 100 57 51 13 0 0 00:41:57 0
从上面输出可知,EBGP邻居已经建立,但并未收到BGP路由前辍,这是为什么呢?
可用debug ip bgp updates查看原因
如下:
R5#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast
*Dec 1 22:35:26.991: BGP(0): 15.1.1.1 rcv UPDATE w/ attr: nexthop 15.1.1.1, origin i, originator 0.0.0.0, merged path 100 55, AS_PATH , community , extended community , SSA attribute
*Dec 1 22:35:27.003: BGPSSA ssacount is 0
*Dec 1 22:35:27.003: BGP(0): 15.1.1.1 rcv UPDATE about 7.7.7.7/32 -- DENIED due to: AS-PATH contains our own AS;
*Dec 1 22:35:27.007: BGP(0): 15.1.1.1 rcv UPDATE about 37.1.1.0/30 -- DENIED due to: AS-PATH contains our own AS;
从上述debug可知,R5接收到来至15.1.1.1(PE-R1)路由器传来的7.7.7.7/32及37.1.1.0/30的前辍,其自治系统与自已的相同,由于BGP的防环机制,拒绝把AS号与自己相同的前辍路由加入路由表,而是将其丢弃。
在CE-R7的情况也是如此,如下:
R7#show ip bgp all su
For address family: IPv4 Unicast
BGP router identifier 7.7.7.7, local AS number 55
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
2 path entries using 160 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 584 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
37.1.1.1 4 100 28 28 3 0 0 00:20:56 0
如果出现上述情况,怎样才能让R7通过的前辍加入R5的路由表呢?可用两种方法进行解决。
1)、配置允许AS重叠
在PE-R1和PE-R3上配置允许AS重叠
R1(config)#router bgp 100
R1(config-router)#address-family ipv4 vrf Ting
R1(config-router-af)#neighbor 15.1.1.2 as-override
R3(config)#router bgp 100
R3(config-router)#address-family ipv4 vrf Ting
R3(config-router-af)#neighbor 37.1.1.2 as-override
在R5上查看BGP路由情况
R5#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 15, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 0.0.0.0 0 32768 i
*> 7.7.7.7/32 15.1.1.1 0 100 100 i
*> 15.1.1.0/30 0.0.0.0 0 32768 i
*> 37.1.1.0/30 15.1.1.1 0 100 100 i
从上可知,AS号被重写,不是100 55 ,而是两个100,从而与自己的AS不同,就将其加入路由表,R7的情况也是如此;
R7#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 5, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 37.1.1.1 0 100 100 i
*> 7.7.7.7/32 0.0.0.0 0 32768 i
*> 15.1.1.0/30 37.1.1.1 0 100 100 i
*> 37.1.1.0/30 0.0.0.0 0 32768 i
2)、允许AS相同的进入
在R5及R7上配置如下命令
R5(config)#router bgp 55
R5(config-router)#neighbor 15.1.1.1 allowas-in
R7(config)#router bgp 55
R7(config-router)#neighbor 37.1.1.1 allowas-in
在R5上查看路由情况
R5#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 19, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 0.0.0.0 0 32768 i
*> 7.7.7.7/32 15.1.1.1 0 100 55 i
*> 15.1.1.0/30 0.0.0.0 0 32768 i
*> 37.1.1.0/30 15.1.1.1 0 100 55 i
从上可知,BGP的自治系统号并没有被修改。
总结:
1.CE端运行BGP时,不需要与MP-BGP之间配置重分布,路由自动导入;
2.如果两CE端运行的BGP自治系统号相同,会导致互相的路由都不会出现在路由表中,其原因是BGP的防环机制,要想打破其机制,可通过上述两种方法进行配置修改,以达到设计效果。
本文出自 “暮云风潇” 博客,请务必保留此出处http://muyun.blog.51cto.com/952166/1585285
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
