MPLS VPN 网络中的OSPF Sham-Link

浏览数：28 / 时间：2015年06月20日

实验拓扑图

实验描述：如上图所示，现PE-R1、P-R2、PE-R3为MPLS VPN网络，两CE客户需要通过MPLS VPN骨干网络进行通信，并且CE-R4与CE-R6之间有一条链路作为备份链路，正常情况要，R4至R6的流量通过MPLS VPN网络走，当MPLS VPN网络存在故障时，通过R4与R6之间的互联链路走，下面配置OSPF Sham-Link实现上述要求。

1、首先配置MP-BGP，MPLS，VRF，PE与CE的OSPF路由协议

PE-R1的配置：

R1#show runn

ip vrf Mao

rd 100:10

route-target export 100:10

route-target import 100:11

ip cef

mpls label range 100 199

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0

ip vrf forwarding Mao

ip address 14.1.1.1 255.255.255.252

interface FastEthernet1/0

ip address 12.1.1.1 255.255.255.252

mpls ip

router ospf 2 vrf Mao

redistribute bgp 100 subnets

network 14.1.1.0 0.0.0.3 area 1

router ospf 1

router-id 1.1.1.1

network 1.1.1.1 0.0.0.0 area 0

network 12.1.1.0 0.0.0.3 area 0

router bgp 100

bgp log-neighbor-changes

no bgp default ipv4-unicast

neighbor 3.3.3.3 remote-as 100

neighbor 3.3.3.3 update-source Loopback0

address-family vpnv4

neighbor 3.3.3.3 activate

neighbor 3.3.3.3 send-community extended

exit-address-family

address-family ipv4 vrf Mao

redistribute ospf 2 match internal external 1 external 2

exit-address-family

P-R2配置：

ip cef

mpls label range 200 299

interface Loopback0

ip address 2.2.2.2 255.255.255.255

interface FastEthernet0/0

ip address 12.1.1.2 255.255.255.252

mpls ip

interface FastEthernet0/1

ip address 23.1.1.1 255.255.255.252

mpls ip

router ospf 1

router-id 2.2.2.2

network 2.2.2.2 0.0.0.0 area 0

network 12.1.1.0 0.0.0.3 area 0

network 23.1.1.0 0.0.0.3 area 0

PE-R3配置：

R3#show runn

ip vrf Mao

rd 100:10

route-target export 100:11

route-target import 100:10

ip cef

mpls label range 300 399

interface Loopback0

ip address 3.3.3.3 255.255.255.255

interface FastEthernet0/0

ip address 23.1.1.2 255.255.255.252

mpls ip

interface FastEthernet0/1

ip vrf forwarding Mao

ip address 36.1.1.1 255.255.255.252

router ospf 2 vrf Mao

redistribute bgp 100 subnets

network 36.1.1.0 0.0.0.3 area 1

router ospf 1

router-id 3.3.3.3

network 3.3.3.3 0.0.0.0 area 0

network 23.1.1.0 0.0.0.3 area 0

router bgp 100

bgp log-neighbor-changes

no bgp default ipv4-unicast

neighbor 1.1.1.1 remote-as 100

neighbor 1.1.1.1 update-source Loopback0

address-family vpnv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extended

exit-address-family

address-family ipv4 vrf Mao

redistribute ospf 2 match internal external 1 external 2

exit-address-family

CE-R4的配置：

interface Loopback0

ip address 4.4.4.4 255.255.255.255

interface FastEthernet0/0

ip address 14.1.1.2 255.255.255.252

interface FastEthernet0/1

ip address 46.1.1.1 255.255.255.252

router ospf 10

router-id 4.4.4.4

network 4.4.4.4 0.0.0.0 area 1

network 14.1.1.0 0.0.0.3 area 1

network 46.1.1.0 0.0.0.3 area 1

CE-R6的配置：

interface Loopback0

ip address 6.6.6.6 255.255.255.255

interface FastEthernet0/0

ip address 36.1.1.2 255.255.255.252

interface FastEthernet0/1

ip address 46.1.1.2 255.255.255.252

router ospf 2

router-id 6.6.6.6

network 6.6.6.6 0.0.0.0 area 1

network 36.1.1.0 0.0.0.3 area 1

network 46.1.1.0 0.0.0.3 area 1

2、CE端路由情况分析

查看CE端路由情况

R4#show ip route

4.0.0.0/32 is subnetted, 1 subnets

C 4.4.4.4 is directly connected, Loopback0

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/2] via 46.1.1.2, 00:10:24, FastEthernet0/1

14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 14.1.1.0/30 is directly connected, FastEthernet0/0

L 14.1.1.2/32 is directly connected, FastEthernet0/0

36.0.0.0/30 is subnetted, 1 subnets

O 36.1.1.0 [110/2] via 46.1.1.2, 00:10:24, FastEthernet0/1

46.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 46.1.1.0/30 is directly connected, FastEthernet0/1

L 46.1.1.1/32 is directly connected, FastEthernet0/1

从CE-R4看到6.6.6.6路由为区域内路由，是由于CE-R4与CE-R6之间互联的线路运行OSPF，并且在区域1中，而从MPLS VPN骨干网络中传过来的6.6.6.6路由为区域间路由；而OSPF的选路原则是区域内路由优于区域间路由；

在PE-R1上查看VPNV4路由，也可以看到6.6.6.6的路由，下一跳指向的是CE-R4，如下：

R1#show ip bgp vpnv4 all

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:10 (default for vrf Mao)

* i 4.4.4.4/32 3.3.3.3 3 100 0 ?

*> 14.1.1.2 2 32768 ?

*> 6.6.6.6/32 14.1.1.2 3 32768 ?

* i 3.3.3.3 2 100 0 ?

* i 14.1.1.0/30 3.3.3.3 3 100 0 ?

*> 0.0.0.0 0 32768 ?

*> 36.1.1.0/30 14.1.1.2 3 32768 ?

* i 3.3.3.3 0 100 0 ?

*> 46.1.1.0/30 14.1.1.2 2 32768 ?

* i 3.3.3.3 2 100 0 ?

R1#show ip route vrf Mao

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/2] via 14.1.1.2, 00:40:39, FastEthernet0/0

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/3] via 14.1.1.2, 00:23:00, FastEthernet0/0

14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 14.1.1.0/30 is directly connected, FastEthernet0/0

L 14.1.1.1/32 is directly connected, FastEthernet0/0

36.0.0.0/30 is subnetted, 1 subnets

O 36.1.1.0 [110/3] via 14.1.1.2, 00:23:00, FastEthernet0/0

46.0.0.0/30 is subnetted, 1 subnets

O 46.1.1.0 [110/2] via 14.1.1.2, 00:23:00, FastEthernet0/0

当将CE-R4与CE-R6互联的线路shutdown后，查看R4的路由如下：

R4(config)#int fa0/1

R4(config-if)#shutdown

R4#show ip route

4.0.0.0/32 is subnetted, 1 subnets

C 4.4.4.4 is directly connected, Loopback0

6.0.0.0/32 is subnetted, 1 subnets

O IA 6.6.6.6 [110/3] via 14.1.1.1, 00:00:52, FastEthernet0/0

14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 14.1.1.0/30 is directly connected, FastEthernet0/0

L 14.1.1.2/32 is directly connected, FastEthernet0/0

36.0.0.0/30 is subnetted, 1 subnets

O IA 36.1.1.0 [110/2] via 14.1.1.1, 00:00:52, FastEthernet0/0

46.0.0.0/30 is subnetted, 1 subnets

O IA 46.1.1.0 [110/3] via 14.1.1.1, 00:00:52, FastEthernet0/0

现在看到的路由是区域间路由，是PE-R1传过来的，为实现网络的可靠性，正常情况下，R4与R6之间的链路是备份线路，平时数据通过MPLS VPN传递，为实现上述R4路由输出情况，现在在PE路由器之间配置Sham-Link实现两CE端日常数据通过MPLS VPN网络传递，当MPLS VPN网络出现故障时，数据流量切换至R4与R6的互联线路，以便不影响两CE端的互访。

3、Sham-Link配置

R1(config)#int loo 11 //用于建立OSPF Sham-Link

R1(config-if)#ip vrf forwarding Mao

R1(config-if)#ip add 11.1.1.1 255.255.255.255

R1(config)#router bgp 100

R1(config-router)#address-family ipv4 vrf Mao

R1(config-router-af)#network 11.1.1.1 mask 255.255.255.255 //将其发布至MP-BGP中

R1(config)#router ospf 2 vrf Mao

R1(config-router)#area 1 sham-link 11.1.1.1 33.1.1.1 cost 5 //创建sham-link

R3(config)#int loo 33

R3(config-if)#ip vrf forwarding Mao

R3(config-if)#ip add 33.1.1.1 255.255.255.255

R3(config)#router bgp 100

R3(config-router)#address-family ipv4 vrf Mao

R3(config-router-af)#network 33.1.1.1 mask 255.255.255.255

R3(config)#router ospf 2 vrf Mao

R3(config-router)#area 1 sham-link 33.1.1.1 11.1.1.1 cost 5

查看其邻居是否建立成功，可用show ip ospf neighbor或者show ip ospf sham-link

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

2.2.2.2 1 FULL/BDR 00:00:36 23.1.1.1 FastEthernet0/0

14.1.1.1 0 FULL/ - 00:00:30 11.1.1.1 OSPF_SL0

6.6.6.6 1 FULL/DR 00:00:36 36.1.1.2 FastEthernet0/1

R3#show ip ospf sham-links

Sham Link OSPF_SL0 to address 11.1.1.1 is up

Area 1 source address 33.1.1.1

Run as demand circuit

DoNotAge LSA allowed. Cost of using 5 State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40,

Hello due in 00:00:04

Adjacency State FULL (Hello suppressed)

Index 2/2, retransmission queue length 0, number of retransmission 0

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 0, maximum is 0

Last retransmission scan time is 0 msec, maximum is 0 msec

4、Sham-link配置分析及结果分析

上面sham-link的配置设置了cost值为5，那么PE-PE之间这条sham-link的开销值就为5，此时查看R4上的路由，6.6.6.6的路由下一跳还是直接指向R6，并没有走MPLS VPN网络。

R4#show ip route

4.0.0.0/32 is subnetted, 1 subnets

C 4.4.4.4 is directly connected, Loopback0

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/2] via 46.1.1.2, 00:13:09, FastEthernet0/1

11.0.0.0/32 is subnetted, 1 subnets

O E2 11.1.1.1 [110/1] via 14.1.1.1, 00:10:07, FastEthernet0/0

14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 14.1.1.0/30 is directly connected, FastEthernet0/0

L 14.1.1.2/32 is directly connected, FastEthernet0/0

33.0.0.0/32 is subnetted, 1 subnets

O E2 33.1.1.1 [110/1] via 14.1.1.1, 00:09:31, FastEthernet0/0

36.0.0.0/30 is subnetted, 1 subnets

O 36.1.1.0 [110/2] via 46.1.1.2, 00:13:09, FastEthernet0/1

46.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 46.1.1.0/30 is directly connected, FastEthernet0/1

L 46.1.1.1/32 is directly connected, FastEthernet0/1

查看R1上的bgp vpnv4 6.6.6.6的路由情况

R1#show ip bgp vpnv4 all 6.6.6.6

BGP routing table entry for 100:10:6.6.6.6/32, version 43

Paths: (2 available, best #1, table Mao)

Advertised to update-groups:

Refresh Epoch 1

Local

14.1.1.2 from 0.0.0.0 (1.1.1.1) //来至CE-R4，并且是最优

Origin incomplete, metric 3, localpref 100, weight 32768, valid, sourced, best

Extended Community: RT:100:10 OSPF DOMAIN ID:0x0005:0x000000020200

OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:14.1.1.1:0

mpls labels in/out 108/nolabel

rx pathid: 0, tx pathid: 0x0

Refresh Epoch 1

Local

3.3.3.3 (metric 3) from 3.3.3.3 (3.3.3.3) //来至PE-R3，不是最优的

Origin incomplete, metric 2, localpref 100, valid, internal //metric 为2

Extended Community: RT:100:11 OSPF DOMAIN ID:0x0005:0x000000020200

OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:36.1.1.1:0

mpls labels in/out 108/307

rx pathid: 0, tx pathid: 0

从上述路由输出分析可知，R6直接传给R4（之间互联线路）的6.6.6.6的路由，其OSPF开销值为2；而从MPLS VPN网络经PE-R3传至PE-R1的6.6.6.6路由的开销值为2，如果传递至R4，那么开销值为8（5+2+1），其值大于R6直接传给R4的开销值，因此R6直接传给R4的6.6.6.6的路由将会加入路由表项，因此在R4的路由表中将会看到6.6.6.6的下一跳还是指向46.1.1.2。

要想实现两CE端互访通过MPLS VPN网络，可以修改COST值来实现，现修改R4与R6互联接口的ospf cost值；

R4(config)#int fa0/1

R4(config-if)#ip ospf cost 10 将其cost值设置大于通过MPLS VPN的cost值

R6(config)#int fa0/1

R6(config-if)#ip ospf cost 10

现在R4上查看路由表情况

R4#show ip route

4.0.0.0/32 is subnetted, 1 subnets

C 4.4.4.4 is directly connected, Loopback0

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/8] via 14.1.1.1, 00:25:30, FastEthernet0/0 //下一跳指向PE-R1

11.0.0.0/32 is subnetted, 1 subnets