使用SR替代LDP,配置ospfsham-link

免责声明:

1.本文所使用的软件均来自互联网,作者只为学习目的使用该软件,没有任何软件分发行为。
2.本文所展示的配置只适用于实验环境,不建议在生产环境使用完全相同的配置;由此导致的任何问题,作者不负任何责任。

实验拓扑

使用SR替代LDP,配置ospf sham-link

让客户满意是我们工作的目标,不断超越客户的期望值来自于我们对这个行业的热爱。我们立志把好的技术通过有效、简单的方式提供给客户,将通过不懈努力成为客户在信息化领域值得信任、有价值的长期合作伙伴,公司提供的服务项目有:申请域名虚拟主机、营销软件、网站建设、黔西南州网站维护、网站推广。

IP地址规划

设备Loopback 0Loopback 1G1G2
CSR1 11.1.1.1/32 11.1.1.2/32 172.16.0.1/30 14.1.1.1/30
CSS2 22.1.1.1/32 -- 172.16.0.2/30 172.16.0.6/30
xrv 33.1.1.1/32 33.1.1.2/32 G0/0/0/2 172.16.0.5/30 G0/0/0/0 35.1.1.1/30
vIOS4 44.1.1.1/32 -- G0/0 14.1.1.2/30 G0/1 45.1.1.1/30
vIOS5 55.1.1.1/32 -- G0/0 35.1.1.2/30 G0/1 45.1.1.2/30

设备型号及软件版本

设备平台软件版本
vIOS4、vIOS5 VIOS-ADVENTERPRISEK9-M 15.6(2)T
CSR1, CSR2 X86_64_LINUX_IOSD-UNIVERSALK9-M 16.6.2
XRv ASR9000 IOS-XR 6.0.1

目标

1. CSR1, CSR2和xrv配置 IS-IS协议作为底层IGP,在此基础上配置segment-routing。
2. CSR1和xrv作为PE设备,配置×××v4 BGP邻居,AS号64512。
3. CSR1和vIOS4配置单区域OSPFv2,进程ID 2019;xrv与vIOS5配置单区域OSPFv2,进程ID 2019;PE设备配置OSPFv2和MP-BGP双向重分布。
4. CSR1和xrv配置loopback 1接口,将该接口划分为客户VRF下,并在MP-BGP进程,客户VRF下宣告主机路由。
5. CSR1和xrv的OSPFv2配置sham-link

配置步骤

MPLS ×××基本配置步骤:

1.配置IGP,
2.配置MPLS(segment-routing),
3.配置MP-BGP,
4.配置VRF,
5.配置PE-CE路由协议,
6.PE 配置MP-BGP和VRF路由重分布。

IOS-XE和IOS-XR配置IGP(IS-IS)

设备接口IP地址配置(略)

  • XEv3

router isis igp
is-type level-2-only !---配置ISIS为骨干区域
net 49.2019.0519.0001.00
log-adjacency-changes !---记录邻接log信息
metric-style wide !---使能isis宽度量
exit
interface Loopback0
ip router isis igp
interface GigabitEthernet1
ip router isis igp
isis circuit-type level-2-only !---修改链路为level-2
isis network point-to-point !---修改ISIS网络类型

  • XRv4

router isis igp
is-type level-2-only
net 49.2019.0519.0003.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
interface Loopback0
address-family ipv4 unicast
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
circuit-type level-2-only
point-to-point
commit

2 验证IS-IS

CSR2#show ip route isis | b bn
11.0.0.0/32 is subnetted, 1 subnets
i L2 11.1.1.1 [115/20] via 172.16.0.1, 1d00h, GigabitEthernet1
33.0.0.0/32 is subnetted, 1 subnets
i L2 33.1.1.1 [115/20] via 172.16.0.5,19:06:28, GigabitEthernet2
RP/0/0/CPU0:xrv#show route ipv4 isis
i L2 11.1.1.1/32 [115/30] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2
i L2 22.1.1.1/32 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2
i L2 172.16.0.0/30 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2

3 配置MPLS(segment-routing)

  • XEv3

    segment-routing mpls
    connected-prefix-sid-map
    address-family ipv4
    11.1.1.1/32 index 1 range 1
    exit-address-family
    router isis igp
    segment-routing mpls

  • XRv4

    segment-routing
    router isis igp
    address-family ipv4 unicast
    metric-style wide
    segment-routing mpls
    interface Loopback0
    address-family ipv4 unicast
    prefix-sid index 33
    commit

4 验证MPLS

CSR1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 172.16.0.2-A 0 Gi1 172.16.0.2
21 Pop Label 11.1.1.2/32[V] 0 aggregate/ospf
16022 Pop Label 22.1.1.1/32 0 Gi1 172.16.0.2
16033 16033 33.1.1.1/32 0 Gi1 172.16.0.2

RP/0/0/CPU0:xrv#show mpls forwarding
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched


16011 16011 SR Pfx (idx 11) Gi0/0/0/2 172.16.0.6 208166
16022 Pop SR Pfx (idx 22) Gi0/0/0/2 172.16.0.6 0
24006 Pop SR Adj (idx 1) Gi0/0/0/2 172.16.0.6 0
24007 Pop SR Adj (idx 3) Gi0/0/0/2 172.16.0.6 0

5 配置MP-BGP

  • CSR1

    router bgp 64512
    bgp router-id 11.1.1.1
    no bgp default ipv4-unicast
    neighbor 33.1.1.1 remote-as 64512
    neighbor 33.1.1.1 update-source Loopback0
    address-family ***v4
    neighbor 33.1.1.1 activate

  • xrv

    router bgp 64512
    bgp router-id 33.1.1.1
    address-family v4 unicast
    neighbor 11.1.1.1
    remote-as 64512
    update-source Loopback0
    address-family
    v4 unicast
    commit

  • 验证如下:

    CSR1#show bgp ***v4 unicast all sum | b gh
    Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
    33.1.1.1 4 64512 1254 1429 315 0 0 20:17:43 4

    RP/0/0/CPU0:xrv#show bgp ***v4 unicast summary | b gh
    Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
    11.1.1.1 0 64512 1890 1674 249 0 0 20:18:04 4

6 配置VRF and PE-CE routing protocol

6.1定义VRF
  • CSR1

    vrf definition AAA
    rd 64512:4
    address-family ipv4
    route-target export 64512:45
    route-target import 64512:45
    exit-address-family

  • xrv

    vrf AAA
    address-family ipv4 unicast
    import route-target
    64512:45
    export route-target
    64512:45

6.2 PE to CE Interface config
  • CSR1

    interface GigabitEthernet2
    vrf forwarding AAA
    ip address 14.1.1.1 255.255.255.252
    no shutdown

  • xrv

    interface GigabitEthernet0/0/0/0
    vrf AAA
    ipv4 address 35.1.1.1 255.255.255.252
    no shutdown

6.3 PE OSPFv2 config

  • CSR1

    router ospf 2019 vrf AAA
    router-id 14.1.1.1
    interface GigabitEthernet2
    ip ospf network point-to-point
    ip ospf 14 area 0

  • xrv

    router ospf 35
    address-family ipv4 unicast
    vrf AAA
    router-id 35.1.1.1
    address-family ipv4 unicast
    area 0
    interface GigabitEthernet0/0/0/0
    network point-to-point

6.4 CE OSPFv2 config

  • vIOS4

    interface GigabitEthernet0/0
    ip address 14.1.1.2 255.255.255.252
    no shutdown
    ip ospf 2019 area 0
    ip ospf network point-to-point
    router ospf 2019
    router-id 44.1.1.1

  • vIOS5

    interface GigabitEthernet0/0
    ipv4 address 35.1.1.2 255.255.255.252
    no shutdown
    ip ospf 2019 area 0
    ip ospf network point-to-point
    router ospf 2019
    router-id 55.1.1.1

6.5 PE OSPFv2 and MP-BGP redistribute

  • CSR1

    router ospf 14 vrf AAA
    redistribute bgp 64512 metric-type 1 subnets
    interface GigabitEthernet2
    router bgp 64512
    address-family ipv4 vrf AAA
    redistribute ospf 14 match internal external 1 external 2

  • xrv

    router ospf 35
    vrf AAA
    redistribute bgp 64512 metric-type 1
    router bgp 64512
    vrf AAA
    rd 64512:5
    address-family ipv4 unicast
    redistribute ospf 35 match internal external

6.6 验证PE-CE OSPFv2配置

CSR1#show ip route vrf AAA ospf | b bn
35.0.0.0/30 is subnetted, 1 subnets
O 35.1.1.0 [110/2] via 33.1.1.1, 00:00:32
44.0.0.0/32 is subnetted, 1 subnets
O 44.1.1.1 [110/2] via 14.1.1.2, 00:00:34, GigabitEthernet2
45.0.0.0/29 is subnetted, 1 subnets
O IA 45.1.1.0 [110/20001] via 14.1.1.2, 00:00:34, GigabitEthernet2

vIOS4#sho ip route ospf | b bn
35.0.0.0/30 is subnetted, 1 subnets
O E1 35.1.1.0 [110/2] via 14.1.1.1, 00:23:54, GigabitEthernet0/0
55.0.0.0/32 is subnetted, 1 subnets
O E1 55.1.1.1 [110/3] via 14.1.1.1, 00:23:54, GigabitEthernet0/0

vIOS4#ping 55.1.1.1 sour lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 44.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/15/33 ms
vIOS4#traceroute 55.1.1.1 sour lo 0
Type escape sequence to abort.
Tracing the route to 55.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 14.1.1.1 8 msec 5 msec 3 msec
2 172.16.0.2 [MPLS: Labels 16033/24003 Exp 0] 19 msec 25 msec 10 msec
3 172.16.0.5 [MPLS: Label 24003 Exp 0] 13 msec 12 msec 8 msec
4 35.1.1.2 12 msec 19 msec *
vIOS4#

CSR1#sho bgp *v4 uni all 44.1.1.1
BGP routing table entry for 64512:4:44.1.1.1/32, version 383
Paths: (1 available, best #1, table AAA)
Advertised to update-groups:
5
Refresh Epoch 1
Local
14.1.1.2 (via vrf ospf) from 0.0.0.0 (11.1.1.1)
Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x0000000
E0200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:14.1.1.1:0
mpls labels in/out 23/nolabel
rx pathid: 0, tx pathid: 0x0
!--- DOMAIN ID:0x0005:0x0000000E0200 16进制
E=10进制14**(CSR1 ospfv2 进程ID)

6.7 修改/添加ospfv2 DOMAIN ID

  • IOS-XR默认不携带DOMAIN ID值

    RP/0/0/CPU0:xrv#show bgp ***v4 uni vrf ospf 55.1.1.1/32
    BGP routing table entry for 55.1.1.1/32, Route Distinguisher: 64512:5
    Versions:
    Process bRIB/RIB SendTblVer
    Speaker 345 345
    Local Label: 24003
    Last Modified: May 22 02:21:42.463 for 06:05:44
    Paths: (1 available, best #1)
    Advertised to peers (in unique update groups):
    11.1.1.1
    Path #1: Received by speaker 0
    Advertised to peers (in unique update groups):
    11.1.1.1
    Local
    35.1.1.2 from 0.0.0.0 (33.1.1.1)
    Origin incomplete, metric 2, localpref 100, weight 32768, valid, redistributed, best, group-best, import-candidate
    Received Path ID 0, Local Path ID 1, version 345
    Extended community: OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45

    CSR1#show bgp ***v4 uni vrf AAA 55.1.1.1/32
    BGP routing table entry for 64512:4:55.1.1.1/32, version 417
    Paths: (1 available, best #1, table ospf, RIB-failure(17))
    Not advertised to any peer
    Refresh Epoch 1
    Local, imported path from 64512:5:55.1.1.1/32 (global)
    33.1.1.1 (metric 30) (via default) from 33.1.1.1 (33.1.1.1)
    Origin incomplete, metric 2, localpref 100, valid, internal, best
    Extended Community: RT:64512:45 OSPF RT:0.0.0.0:1:0
    OSPF ROUTER ID:35.1.1.1:0
    mpls labels in/out nolabel/24003
    rx pathid: 0, tx pathid: 0x0

  • 在IOS-XR设备添加DOMAIN ID

    RP/0/0/CPU0:xrv#conf
    RP/0/0/CPU0:xrv(config)#router ospf 35
    RP/0/0/CPU0:xrv(config-ospf)#vrf AAA
    RP/0/0/CPU0:xrv(config-ospf-vrf)#domain-id type 0005 value 000000230200
    RP/0/0/CPU0:xrv(config-ospf-vrf)#commit
    !--- 23(hex)=35(dec)
    RP/0/0/CPU0:xrv(config-ospf-vrf)#do show bgp ***v4 uni vrf ospf 55.1.1.1/32 | in community
    Wed May 22 09:38:03.422 UTC
    Extended community: OSPF domain-id:0x5:0x000000230200 OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45

    CSR1#show bgp ***v4 uni vrf ospf 55.1.1.1/32 | i unity
    Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x000000230200

6.8 配置CE之间的backdoor link

  • vIOS5

    interface GigabitEthernet0/1
    ip address 45.1.1.5 255.255.255.248
    ip ospf network point-to-point
    ip ospf 2019 area 45
    ip ospf cost 20000
    !---模拟×××链路故障,在vIOS5上手工shutdown链路
    vIOS5(config-if)#int g0/0
    vIOS5(config-if)#shu
    May 20 10:17:09.190: %OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
    May 20 10:17:11.136: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
    May 20 10:17:12.137: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
    vIOS5(config-if)#
    vIOS5(config-if)#do sho ip route ospf | b bn
    14.0.0.0/30 is subnetted, 1 subnets
    O IA 14.1.1.0 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1
    35.0.0.0/30 is subnetted, 1 subnets
    O 35.1.1.0 [110/20003] via 45.1.1.4, 00:00:33, GigabitEthernet0/1
    44.0.0.0/32 is subnetted, 1 subnets
    O IA 44.1.1.1 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1
    vIOS5(config-if)#
    !---在vIOS4上查看ospf路由
    vIOS4#sho ip route ospf | b bn
    35.0.0.0/30 is subnetted, 1 subnets
    O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:09:31, GigabitEthernet0/0
    55.0.0.0/32 is subnetted, 1 subnets
    O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:09:31, GigabitEthernet0/0
    vIOS4#sho ip route ospf | b bn
    35.0.0.0/30 is subnetted, 1 subnets
    O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:11:41, GigabitEthernet0/0
    55.0.0.0/32 is subnetted, 1 subnets
    O IA 55.1.1.1 [110/20001] via 45.1.1.5, 00:00:05, GigabitEthernet0/1
    !---恢复链路
    vIOS5(config-if)#no shu
    May 20 10:18:48.972: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
    May 20 10:18:49.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
    May 20 10:19:04.220: %OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done

    vIOS4#sho ip route ospf | b bn
    35.0.0.0/30 is subnetted, 1 subnets
    O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:14:48, GigabitEthernet0/0
    55.0.0.0/32 is subnetted, 1 subnets
    O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:01:18, GigabitEthernet0/0

6.9 配置OSPFv2 sham-link

6.9.1 Config loopback 1 and propaganda into BGP VRF address-family IPv4
  • CSR1

    interface Loopback1
    vrf forwarding ospf
    ipv4 address 11.1.1.2 255.255.255.255
    router bgp 64512
    address-family ipv4 vrf AAA
    network 11.1.1.2 mask 255.255.255.255

  • xrv

    interface Loopback1
    vrf AAA
    ipv4 address 33.1.1.2 255.255.255.255
    router bgp 64512
    vrf AAA
    address-family ipv4 unicast
    network 33.1.1.2/32

6.9.2 Under OSPFv2 process config sham-link
  • CSR1

    router ospf 14 vrf AAA
    area 0 sham-link 11.1.1.2 33.1.1.2 cost 200

  • xrv

    router ospf 35
    vrf AAA
    address-family ipv4 unicast
    area 0
    sham-link 33.1.1.2 11.1.1.2
    cost 200

6.10 验证sham-ink

CSR1(config-router)#area 0 sham-link 11.1.1.2 33.1.1.2 cost 200
CSR1(config-router)#do sho ip ospf neig
*May 22 08:45:02.593: %OSPF-5-ADJCHG: Process 14, Nbr 35.1.1.1 on OSPF_SL3 from LOADING to FULL, Loading Done
Neighbor ID Pri State Dead Time Address Interface
35.1.1.1 0 FULL/ - 00:00:37 33.1.1.2 OSPF_SL3
44.1.1.1 0 FULL/ - 00:00:34 14.1.1.2 GigabitEthernet2

CSR1#show ip route vrf AAA ospf | b bn
35.0.0.0/30 is subnetted, 1 subnets
O 35.1.1.0 [110/201] via 33.1.1.1, 01:04:13
44.0.0.0/32 is subnetted, 1 subnets
O 44.1.1.1 [110/2] via 14.1.1.2, 01:05:46, GigabitEthernet2
45.0.0.0/29 is subnetted, 1 subnets
O IA 45.1.1.0 [110/20001] via 14.1.1.2, 01:05:46, GigabitEthernet2
55.0.0.0/32 is subnetted, 1 subnets
O 55.1.1.1 [110/202] via 33.1.1.1, 01:04:13
vIOS4#sho ip route ospf | b bn
11.0.0.0/32 is subnetted, 1 subnets
O E1 11.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0
33.0.0.0/32 is subnetted, 1 subnets
O E1 33.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0
35.0.0.0/30 is subnetted, 1 subnets
O 35.1.1.0 [110/202] via 14.1.1.1, 01:04:42, GigabitEthernet0/0
55.0.0.0/32 is subnetted, 1 subnets
O 55.1.1.1 [110/203] via 14.1.1.1, 01:04:42, GigabitEthernet0/0

6.11 隐藏sham-link地址

  • CSR1:

    ip prefix-list conn seq 5 permit 11.1.1.2/32
    ip prefix-list conn seq 10 permit 33.1.1.2/32
    route-map deny-conn deny 10
    match ip address prefix-list conn
    route-map deny-conn permit 20
    CSR1(config-router-af)#router ospf 14 vrf ospf
    CSR1(config-router)#redis bgp 64512 subnets route-map deny-conn

  • xrv:

    prefix-set conn
    11.1.1.2/32,
    33.1.1.2/32
    end-set

    route-policy deny-conn
    if destination in conn then
    drop
    else
    pass
    endif
    end-policy

    RP/0/0/CPU0:xrv(config)#router ospf 35
    RP/0/0/CPU0:xrv(config-ospf)#vrf ospf
    RP/0/0/CPU0:xrv(config-ospf-vrf)#redist bgp 64512 route-policy deny-conn
    RP/0/0/CPU0:xrv(config-ospf-vrf)#commit

    vIOS5#sho ip route ospf | b bn
    14.0.0.0/30 is subnetted, 1 subnets
    O 14.1.1.0 [110/202] via 35.1.1.1, 00:07:05, GigabitEthernet0/0
    44.0.0.0/32 is subnetted, 1 subnets
    O 44.1.1.1 [110/203] via 35.1.1.1, 00:07:05, GigabitEthernet0/0
    CE设备看不到sham-link地址


当前标题:使用SR替代LDP,配置ospfsham-link
本文URL:http://pwwzsj.com/article/jcigos.html