Inter-Provider MPLS Solutions 之 option B - MP-eBGP between RRs for VPN routes

UID: 52215

MP-eBGP between RRs for VPN routes

-- RR（Route Reflector）-路由反射器也可以被用于VPNv4。在AS之间的VPN环境下，路由反射器已经在为AS维护所有的VPNv4信息了。因此，逻辑上应该直接在RR之间交换AS间的VPN信息，而不给ASBR添加负担。这样减少了ASBR上的资源使用。
在每一个AS中，PE只与本AS内的RR建立对等体关系并通过多协议iBGP交换VPNv4前缀。两台RR        通过多跳多协议eBGP交换VPNv4信息。
两台ASBR只交换IPv4信息，而不是VPNv4信息。
-- 值得注意的是，任何BGP下一跳的改变将重置标签栈。要在两台PE设备之间建立端到端的LSP，必须要使用远端PE的BGP下一跳在穿越AS边界时不被改变。如果在RR上重置了BGP下一跳，新的标签栈就不得不被创建。解决此问题的办法就是使用命令“neighbor
next-hop-unchanged”来搞定。
-- 要让两台RR建立BGP会话，它们之间必须存在IPv4的可达性。在各自的AS中，PE与ASBR之间和RR之间已经存在了一条IGP LSP了。因此需要在两个自制系统间连接这两条LSP。
-- IPv4的eBGP已经在两个自制系统之间运行了，所以一个明显的解决办法就是让BGP为IPv4前缀运载标签。BGP多协议能力提供了为IPv4前缀运载标签的一个选项。要发送标签，可以在IPv4地址簇下配置BGP命令“neighbor send-label”。
-- 让端到端的LSP运载VPN流量，必须要使远端RR和PE的环回地址携带正确的标签，并能被本地RR和PE抵达。
● ASBR把存在于eBGP中的RR和PE的环回地址重分发进本地AS的IGP中。这种方法易于实现，但如果被分发的地址众多其不稳定，也行就不合适了。



● ASBR在IPv4 iBGP中给远端RR和远端PE的环回地址分配标签，并把他们通告给本地RR和本地PE。这种方法把来自于另一个AS的地址和本地IGP隔离开来。由于涉及更多的标签，因此这种方法更复杂。





保持标签的一致性（LSP中途不改变标签）

实验拓扑



需求
1）网段以及IP地址如拓扑所示
2）各AS中执行的协议如拓扑所示
3）配置RR设备完成VPN

配置
*************************Y-PE1***********************
！
hostname Y-PE1
!
mpls label range 100 199
mpls ldp router-id Loopback0 force
!
ip vrf A
rd 100:7
route-target export 1007:2008
route-target import 2008:1007
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.12.1 255.255.255.0
mpls ip
!
interface Ethernet0/1
ip vrf forwarding A
ip address 17.1.1.1 255.255.255.0
!
router ospf 110
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.12.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf A
  redistribute bgp 100 metric transparent
  network 17.0.0.0
  no auto-summary
  version 2
exit-address-family
!
router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
  network 1.1.1.1 mask 255.255.255.255 ---在BGP的ipv4地址簇中通告1.1.1.1/32（方便压标签--路由的下一跳）
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-label ---AS100内，iBGP邻居间发送标签（默认不发）
exit-address-family
!
address-family vpnv4 ---和RR建立VPNv4邻居
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
  redistribute rip
exit-address-family
！

*************************Y-RR1***********************
！
hostname Y-RR1
!
mpls ldp
router-id 2.2.2.2
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
!
mpls label range table 0 16200 16299
！
interface Loopback0
ipv4 address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.12.2 255.255.255.0
!
interface GigabitEthernet0/0/0/1
ipv4 address 10.0.23.2 255.255.255.0
!
route-policy eBGP
  pass
end-policy
!
router ospf 110
router-id 2.2.2.2
address-family ipv4 unicast
area 0
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0
  !
  interface GigabitEthernet0/0/0/1
  !
!
!
router bgp 100
bgp router-id 2.2.2.2
address-family ipv4 unicast
  network 2.2.2.2/32 ---通告2.2.2.2/32路由（方便和G-RR之间5.5.5.5/32建立eBGP的vpnv4邻居）
!
address-family vpnv4 unicast
!
neighbor 1.1.1.1
  remote-as 100
  update-source Loopback0
  address-family ipv4 labeled-unicast --BGP邻居间分发标签
   route-reflector-client
  !
  address-family vpnv4 unicast
   route-reflector-client
  !
!
neighbor 3.3.3.3
  remote-as 100
  update-source Loopback0
  address-family ipv4 labeled-unicast
   route-reflector-client
  !
!
neighbor 5.5.5.5  ---和G-RR建立eBGP的VPNv4邻居
  remote-as 200
  ebgp-multihop 255
  update-source Loopback0
  address-family vpnv4 unicast
   route-policy eBGP in
   route-policy eBGP out
   next-hop-unchanged ---标签的分发过程中不改变标签
  !
!
!

*************************Y-ASBR1***********************
！
hostname Y-ASBR1
!
mpls label range 300 399
mpls ldp router-id Loopback0 force
！
interface Loopback0
ip address 3.3.3.3 255.255.255.255
！
interface Ethernet0/0  ****Link-to-G-ASBR1
ip address 10.0.34.3 255.255.255.0
mpls bgp forwarding  ---分发传递BGP的标签
！
interface Ethernet0/1
ip address 10.0.23.3 255.255.255.0
mpls ip
！
router ospf 110
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.0.23.0 0.0.0.255 area 0
!
router bgp 100
bgp router-id 3.3.3.3
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 10.0.34.4 remote-as 200
!
address-family ipv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 next-hop-self
  neighbor 2.2.2.2 send-label --向iBGP邻居发送标签
  neighbor 10.0.34.4 activate
  neighbor 10.0.34.4 send-label --向eBGP对等体分发标签
exit-address-family
！

*************************G-ASBR1***********************
！
hostname G-ASBR1
!
mpls label range 400 499
mpls ldp router-id Loopback0 force
！
interface Loopback0
ip address 4.4.4.4 255.255.255.255
！
interface Ethernet0/0  ***Link-to-Y-ASBR1
ip address 10.0.34.4 255.255.255.0
mpls bgp forwarding
！
interface Ethernet0/1
ip address 10.0.45.4 255.255.255.0
mpls ip
！
router ospf 110
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 10.0.45.0 0.0.0.255 area 0
!
router bgp 200
bgp router-id 4.4.4.4
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 10.0.34.3 remote-as 100
!
address-family ipv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 next-hop-self
  neighbor 5.5.5.5 send-label --向iBGP邻居分发标签
  neighbor 10.0.34.3 activate
neighbor 10.0.34.3 send-label  --向eBGP对等体分发标签
exit-address-family
！

*************************G-RR1***********************
！
hostname G-RR1
!
mpls ldp
router-id 5.5.5.5
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
!
interface Loopback0
ipv4 address 5.5.5.5 255.255.255.255
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.45.5 255.255.255.0
!
interface GigabitEthernet0/0/0/1
ipv4 address 10.0.56.5 255.255.255.0
!
route-policy eBGP
  pass
end-policy
!
router ospf 110
router-id 5.5.5.5
address-family ipv4 unicast
area 0
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0
  !
  interface GigabitEthernet0/0/0/1
  !
!
!
router bgp 200
bgp router-id 5.5.5.5
address-family ipv4 unicast
  network 5.5.5.5/32 --在BGP中通告路由（和2.2.2.2/32建立eBGP的VPNv4邻居）
!
address-family vpnv4 unicast
!
neighbor 2.2.2.2
  remote-as 100
  ebgp-multihop 255
  update-source Loopback0
  address-family vpnv4 unicast
   route-policy eBGP in
   route-policy eBGP out
  next-hop-unchanged --标签传递过程中不改变标签
  !
!
neighbor 4.4.4.4
  remote-as 200
  update-source Loopback0
  address-family ipv4 labeled-unicast --向iBGP邻居分发标签
   route-reflector-client
  !
!
neighbor 6.6.6.6
  remote-as 200
  update-source Loopback0
  address-family ipv4 labeled-unicast
   route-reflector-client
  !
  address-family vpnv4 unicast
   route-reflector-client
  !
!
!

*************************G-PE1***********************
！
hostname G-PE1
!
mpls label range 600 699
mpls ldp router-id Loopback0 force
！
ip vrf B
rd 200:8
route-target export 2008:1007
route-target import 1007:2008
！
interface Loopback0
ip address 6.6.6.6 255.255.255.255
！
interface Ethernet0/0
ip address 10.0.56.6 255.255.255.0
mpls ip
！
interface Ethernet0/1
ip vrf forwarding B
ip address 68.1.1.6 255.255.255.0
！
router ospf 110
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 10.0.56.0 0.0.0.255 area 0
！
router rip
!
address-family ipv4 vrf B
  redistribute bgp 200 metric transparent
  network 68.0.0.0
  no auto-summary
  version 2
exit-address-family
！
router bgp 200
bgp router-id 6.6.6.6
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
network 6.6.6.6 mask 255.255.255.255 --在BGP中通告路由（方便压标签）
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-label
exit-address-family
!
address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf B
  redistribute rip
exit-address-family
！

*************************CE1***********************
！
hostname CE1
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
！
interface Ethernet0/1
ip address 17.1.1.7 255.255.255.0
！
router rip
version 2
network 7.0.0.0
network 17.0.0.0
no auto-summary
！

*************************CE2***********************
！
hostname CE2
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
！
interface Ethernet0/1
ip address 68.1.1.8 255.255.255.0
！
router rip
version 2
network 8.0.0.0
network 68.0.0.0
no auto-summary
！

UID: 173247

游客，如果您要查看本帖隐藏内容请登录

UID: 169110

游客，如果您要查看本帖隐藏内容请登录

UID: 370659

游客，如果您要查看本帖隐藏内容请登录

UID: 169110

游客，如果您要查看本帖隐藏内容请登录