Sharing & Linking

Bài 5: MPLS Layer 3 VPN PE_CE BGP_EIGRP

Giới thiệu:

đang cập nhật ...

Sơ đồ lab:

Yêu cầu:

1. Cấu hình MPLS Layer 3 VPN core

2. Kiểm tra các kết nối đảm bảo:
- R1A, R1B có thể ping đến R2 và ngược lại
- R6A, R6B có thể ping đến R5 và ngược lại
- Loopback 0 của R2 và R5 có thể giao tiếp được với nhau

3. Cấu hình route giữa các router CE và PE:

BGP: Customer_A (R1A và R2 với AS 12; R6A và R5 với AS 56) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.

BGP AS - override: Customer_A (R1A và R2 với AS 12; R6A và R5 với AS 12) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.

EIGRP: Customer_B (R1B và R2; R6B và R5) đảm bảo loopback 0 của R1B và R6B có thể giao tiếp được với nhau.

Các kiến thức sử dụng trong bài: Static route, OSPF, Redistribute, MPLS, VRF, BGP

Cấu hình:

1. Cấu hình MPLS Layer 3 VPN core (thừa kế bài 3, tham khảo tại đây)

2. Kiểm tra các kết nối đảm bảo:

- R1A, R1B có thể ping đến R2 và ngược lại
- R6A, R6B có thể ping đến R5 và ngược lại
- Loopback 0 của R2 và R5 có thể giao tiếp được với nhau
Tương tự yêu cầu 2 của bài 4:

- R1A, R1B có thể ping đến R2 và ngược lại

R1A#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1B#ping 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms

R2#ping vrf Customer_A 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R2#ping vrf Customer_B 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

- R6A, R6B có thể ping đến R5 và ngược lại

R6A#ping 192.168.56.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R6B#ping 192.168.56.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_A 192.168.56.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_B 192.168.56.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

- Loopback 0 của R2 và R5 có thể giao tiếp được với nhau

R2#ping 5.5.5.5 source 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R5#ping 2.2.2.2 source 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

3. Cấu hình route giữa các router CE và PE:

BGP: Customer_A (R1A và R2 với AS 12; R6A và R5 với AS 56) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.

* Cấu hình:

R1A:

router bgp 12
neighbor 192.168.12.2 remote-as 2345
network 1.1.1.0 mask 255.255.255.0

R2:

router bgp 2345
address-family ipv4 vrf Customer_A
neighbor 192.168.12.1 remote-as 12
neighbor 192.168.12.1 activate

R6A:

router bgp 56
neighbor 192.168.56.5 remote-as 2345
network 6.6.6.0 mask 255.255.255.0

R5:

router bgp 2345
address-family ipv4 vrf Customer_A
neighbor 192.168.56.6 remote-as 56
neighbor 192.168.56.6 activate

* Kiểm tra:

R1A#show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 12
BGP table version is 3, main routing table version 3
2 network entries using 296 bytes of memory
2 path entries using 128 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 720 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.2 4 2345 28 29 3 0 0 00:21:51 1

R2#show ip bgp vpnv4 vrf Customer_A summary

BGP router identifier 2.2.2.2, local AS number 2345
BGP table version is 4, main routing table version 4
2 network entries using 336 bytes of memory
2 path entries using 128 bytes of memory
3/2 BGP path/bestpath attribute entries using 432 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
2 BGP extended community entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 992 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.1 4 12 32 32 4 0 0 00:25:23 1

R2#show ip bgp vpnv4 vrf Customer_A

BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*> 1.1.1.0/24 192.168.12.1 0 0 12 i
*>i 6.6.6.0/24 5.5.5.5 0 100 0 56 i

R5#show ip bgp vpnv4 vrf Customer_A summary

BGP router identifier 5.5.5.5, local AS number 2345
BGP table version is 4, main routing table version 4
2 network entries using 336 bytes of memory
2 path entries using 128 bytes of memory
3/2 BGP path/bestpath attribute entries using 432 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
2 BGP extended community entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 992 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.56.6 4 56 19 19 4 0 0 00:13:11 1

R6A#show ip bgp summary

BGP router identifier 6.6.6.6, local AS number 56
BGP table version is 3, main routing table version 3
2 network entries using 296 bytes of memory
2 path entries using 128 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 720 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.56.5 4 2345 14 13 3 0 0 00:08:29 1

R5#show ip bgp vpnv4 vrf Customer_A

BGP table version is 4, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*>i 1.1.1.0/24 2.2.2.2 0 100 0 12 i
*> 6.6.6.0/24 192.168.56.6 0 0 56 i

R1A#show ip route bgp

(...)
6.0.0.0/24 is subnetted, 1 subnets
B 6.6.6.0 [20/0] via 192.168.12.2, 00:10:26

R6A#show ip route bgp

(...)
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 192.168.56.5, 00:15:00

R1A#ping 6.6.6.6 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

R6A#ping 1.1.1.1 source 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Đã đáp ứng yêu cầu loopback 0 của R1A và R6A có thể giao tiếp được với nhau

BGP AS - override: Customer_A (R1A và R2 với AS 12; R6A và R5 với AS 12) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.

Cấu hình lại BGP trên R5 và R6A

R6A:

no router bgp 56
router bgp 12
neighbor 192.168.56.5 remote-as 2345
network 6.6.6.0 mask 255.255.255.0

R5:

router bgp 2345
address-family ipv4 vrf Customer_A
no neighbor 192.168.56.6 remote-as 56
neighbor 192.168.56.6 remote-as 12

Kiểm tra

R6A#show ip bgp summary

BGP router identifier 6.6.6.6, local AS number 12
BGP table version is 2, main routing table version 2
1 network entries using 148 bytes of memory
1 path entries using 64 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 348 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.56.5 4 2345 11 10 2 0 0 00:05:25 0

R5#show ip bgp vpnv4 vrf Customer_A summary

BGP router identifier 5.5.5.5, local AS number 2345
BGP table version is 6, main routing table version 6
2 network entries using 336 bytes of memory
2 path entries using 128 bytes of memory
3/2 BGP path/bestpath attribute entries using 432 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
2 BGP extended community entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 968 total bytes of memory
BGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.56.6 4 12 12 12 6 0 0 00:06:35 1

R5 và R6A đã thiết lập được neighbor

R2#show ip bgp vpnv4 vrf Customer_A

BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*> 1.1.1.0/24 192.168.12.1 0 0 12 i
*>i 6.6.6.0/24 5.5.5.5 0 100 0 12 i

R5#show ip bgp vpnv4 vrf Customer_A

BGP table version is 6, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*>i 1.1.1.0/24 2.2.2.2 0 100 0 12 i
*> 6.6.6.0/24 192.168.56.6 0 0 12 i

R2 và R6 đã học được loopback 0 của R1A và R6A

R1A#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
L 1.1.1.1/32 is directly connected, Loopback0
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Ethernet0/2
L 192.168.12.1/32 is directly connected, Ethernet0/2

R6A#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 6.6.6.0/24 is directly connected, Loopback0
L 6.6.6.6/32 is directly connected, Loopback0
192.168.56.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.56.0/24 is directly connected, Ethernet0/2
L 192.168.56.6/32 is directly connected, Ethernet0/2

Tuy nhiên R1A và R6A không thể học được route 1.1.1.0/24 và 6.6.6.0/24 mặt dù đã quảng bá.

R6A:

debug ip bgp updates
clear ip bgp * soft

*Oct 18 06:46:47.149: BGP(0): (base) 192.168.56.5 send UPDATE (format) 6.6.6.0/24, next 192.168.56.6, metric 0, path Local
*Oct 18 06:46:48.086: BGP: nbr_topo global 192.168.56.5 IPv4 Unicast:base (0xC295FD10:1) rcvd Refresh Start-of-RIB
*Oct 18 06:46:48.086: BGP: nbr_topo global 192.168.56.5 IPv4 Unicast:base (0xC295FD10:1) refresh_epoch is 6
*Oct 18 06:46:48.091: BGP(0): 192.168.56.5 rcv UPDATE w/ attr: nexthop 192.168.56.5, origin i, originator 0.0.0.0, merged path 2345 12, AS_PATH , community , extended community , SSA attribute
*Oct 18 06:46:48.091: BGPSSA ssacount is 0
*Oct 18 06:46:48.091: BGP(0): 192.168.56.5 rcv UPDATE about 1.1.1.0/24 -- DENIED due to:AS-PATH contains our own AS;
*Oct 18 06:46:48.091: BGP: nbr_topo global 192.168.56.5 IPv4 Unicast:base (0xC295FD10:1) rcvd Refresh End-of-RIB

Ta thấy R6A nhận update từ R5 với AS_PATH 12 và R6A cũng thuộc về AS 12 nên nó không tiếp nhận mọi route BGP (hiện tại là 1.1.1.0/24) có thuộc tính AS-PATH = 12 (theo cơ chế chống loop). Và cũng tương tự trên R1A sẽ không học được routing 6.6.6.0/24. Đó là lý do cả 2 site của Customer_A không thấy được subnet của nhau.

Để giải quyết vấn đề này có thể:

Dùng câu lệnh neighbor 192.168.56.5 allow-as-in x (x từ 1 - 10) trên các router CE (R1A, R6A) để override AS_PATH (lúc này AS_PATH trên R6A sẽ là x 12).
Hoặc có thể dùng neighbor 192.168.x.x as-override trên router PE (R2, R5), bài lab này ta chọn AS-OVERRIDE

* Cấu hình:

R2:

router bgp 2345
address-family ipv4 vrf Customer_A
neighbor 192.168.12.1 as-override

R5:

router bgp 2345
address-family ipv4 vrf Customer_A
neighbor 192.168.56.6 as-override

R6A#

*Oct 18 08:10:17.309: BGP(0): 192.168.56.5 rcvd UPDATE w/ attr: nexthop 192.168.56.5, origin i, merged path 2345 2345, AS_PATH
*Oct 18 08:10:17.309: BGP(0): 192.168.56.5 rcvd 1.1.1.0/24
*Oct 18 08:10:17.309: BGP(0): 192.168.56.5 rcv UPDATE about 6.6.6.0/24 -- withdrawn
*Oct 18 08:10:17.309: BGP(0): Revise route installing 1 of 1 routes for 1.1.1.0/24 -> 192.168.56.5(global) to main IP table

Lúc này cả R1A và R6A đã nhận được subnet của nhau. Vì khi các PE khi quảng bá route của có học học cho neighbor và thấy AS Number của neighbor trùng với AS của mình quảng bá thì nó sẽ thực hiện thay thế AS của nó trước khi quảng bá (thay thế 12 thành 2345).

* Kiểm tra:

R1A#show ip bgp

BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 6.6.6.0/24 192.168.12.2 0 2345 2345 i

R6A#show ip bgp

BGP table version is 3, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 192.168.56.5 0 2345 2345 i
*> 6.6.6.0/24 0.0.0.0 0 32768 i

R1A#ping 6.6.6.6 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6A#ping 1.1.1.1 source 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

EIGRP Customer_B (R1B và R2; R6B và R5) đảm bảo loopback 0 của R1B và R6B có thể giao tiếp được với nhau.

R1B:

router eigrp 100
network 1.0.0.0
network 192.168.12.0

R2:

router eigrp 1
address-family ipv4 vrf Customer_B autonomous-system 100
network 192.168.12.0
exit-address-family

Noted: autonomous-system 100 là số AS của CE router neighbor

R6B:

router eigrp 100
network 6.0.0.0
network 192.168.56.0

R5:

router eigrp 1
address-family ipv4 vrf Customer_B autonomous-system 100
network 192.168.56.0
exit-address-family

Kiểm tra:

R1B#show ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.12.2 Et0/2 12 00:07:46 6 100 0 3

R6B#show ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.56.5 Et0/2 10 00:12:32 10 100 0 3

Đã thấy được neighbor là các PE router

R2#show ip route vrf Customer_B eigrp

(...)
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/409600] via 192.168.12.1, 00:02:33, Ethernet0/1

R5#show ip route vrf Customer_B eigrp

(...)
Gateway of last resort is not set
6.0.0.0/24 is subnetted, 1 subnets
D 6.6.6.0 [90/409600] via 192.168.56.6, 00:08:03, Ethernet0/1

Các PE đã học được route do CE láng giềng quảng bá vào.

Redistribute EIGRP 100 vào MP-BGP để các PE có thể học route EIGRP từ đầu bên kia

* Cấu hình:

R2, R5:

router bgp 2345
address-family ipv4 vrf Customer_B
redistribute eigrp 100

* Kiểm tra:

R2#show ip bgp vpnv4 vrf Customer_B

BGP table version is 16, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11:66 (default for vrf Customer_B)
*> 1.1.1.0/24 192.168.12.1 409600 32768 ?
*>i 6.6.6.0/24 5.5.5.5 409600 100 0 ?
*> 192.168.12.0 0.0.0.0 0 32768 ?
*>i 192.168.56.0 5.5.5.5 0 100 0 ?

R5#show ip bgp vpnv4 vrf Customer_B

BGP table version is 14, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11:66 (default for vrf Customer_B)
*>i 1.1.1.0/24 2.2.2.2 409600 100 0 ?
*> 6.6.6.0/24 192.168.56.6 409600 32768 ?
*>i 192.168.12.0 2.2.2.2 0 100 0 ?
*> 192.168.56.0 0.0.0.0 0 32768 ?

Redistribute BGP vào EIGRP 1 trên PE để đảm bảo rằng các router CE (R1B, R6B) có thể học được route của nhau

* Cấu hình:

R2, R5:

router eigrp 1
address-family ipv4 vrf Customer_B
redistribute bgp 2345 metric 1 1 1 1 1

* Kiểm tra:

R1B#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
6.0.0.0/24 is subnetted, 1 subnets
D 6.6.6.0 [90/435200] via 192.168.12.2, 00:03:36, Ethernet0/2
D 192.168.56.0/24 [90/307200] via 192.168.12.2, 00:03:36, Ethernet0/2

R6B#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/435200] via 192.168.56.5, 00:02:20, Ethernet0/2
D 192.168.12.0/24 [90/307200] via 192.168.56.5, 00:02:20, Ethernet0/2

R1B#ping 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6B#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Vậy là hai mạng 1.1.1.1 và 6.6.6.6 có thể liên lạc được với nhau.

Xong!

Bài 4: MPLS Layer 3 VPN PE_CE Static_OSPF

Giới thiệu:

đang cập nhật ...

Sơ đồ lab:

Static route: Customer_A (R1A và R2; R6A và R5) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.
OSPF area 0: Customer_B (R1B và R2; R6B và R5) đảm bảo loopback 0 của R1B và R6B có thể giao tiếp được với nhau.

2. Kiểm tra các kết nối đảm bảo:

- R1A, R1B có thể ping đến R2 và ngược lại

R1A#ping 192.168.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1B#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms

R2#ping vrf Customer_A 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R2#ping vrf Customer_B 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

- R6A, R6B có thể ping đến R5 và ngược lại

R6A#ping 192.168.56.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R6B#ping 192.168.56.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_A 192.168.56.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_B 192.168.56.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

- Loopback 0 của R2 và R5 có thể giao tiếp được với nhau

R2#ping 5.5.5.5 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R5#ping 2.2.2.2 source 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

3. Cấu hình route giữa các router CE và PE:

- Static route: Customer_A (R1A và R2; R6A và R5) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.

Cấu hình Static route:

R1A:

ip route 6.6.6.0 255.255.255.0 192.168.12.2

R2:

ip route vrf Customer_A 1.1.1.0 255.255.255.0 192.168.12.1

R5:

ip route vrf Customer_A 6.6.6.0 255.255.255.0 192.168.56.6

R6A:

ip route 1.1.1.0 255.255.255.0 192.168.56.5

Kiểm tra:

R1A#show ip route static
(...)
Gateway of last resort is not set
6.0.0.0/24 is subnetted, 1 subnets
S 6.6.6.0 [1/0] via 192.168.12.2

R6A#show ip route static
(...)
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 192.168.56.5

Router CE của Customer_A đã biết đường đến loopback 0 của nhau thông qua các router PE (R2, R5)

R2#show ip route vrf Customer_A 6.6.6.6
Routing Table: Customer_A
% Network not in table

R5#show ip route vrf Customer_A 1.1.1.1
Routing Table: Customer_A
% Network not in table

Tuy nhiên:
- R2 không biết đường đi đến loopback 0 của R6A
- R5 không biết đường đi đến loopback 0 của R1A

Để giải quyết vấn đề này ta phải redistribute các route static vào BGP, thông qua MP-BGP các router PE 2 bên sẽ học được route của các router CE.

Cấu hình:

R2, R5:

router bgp 2345
address-family ipv4 vrf Customer_A
redistribute static
do write

Kiểm tra:

R2#show ip route vrf Customer_A 6.6.6.6
Routing Table: Customer_A
Routing entry for 6.6.6.0/24
Known via "bgp 2345", distance 200, metric 0, type internal
Last update from 5.5.5.5 00:01:06 ago
Routing Descriptor Blocks:
* 5.5.5.5 (default), from 5.5.5.5, 00:01:06 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: 21
MPLS Flags: MPLS Required

R5#show ip route vrf Customer_A 1.1.1.1
Routing Table: Customer_A
Routing entry for 1.1.1.0/24
Known via "bgp 2345", distance 200, metric 0, type internal
Last update from 2.2.2.2 00:01:16 ago
Routing Descriptor Blocks:
* 2.2.2.2 (default), from 2.2.2.2, 00:01:16 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: 21
MPLS Flags: MPLS Required

R2#show ip bgp vpnv4 vrf Customer_A
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*> 1.1.1.0/24 192.168.12.1 0 32768 ?
*>i 6.6.6.0/24 5.5.5.5 0 100 0 ?

R5#show ip bgp vpnv4 vrf Customer_A
BGP table version is 7, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*>i 1.1.1.0/24 2.2.2.2 0 100 0 ?
*> 6.6.6.0/24 192.168.56.6 0 32768 ?

Vậy là các PE router đã học các route static từ đầu bên kia redistribute vào và dùng lable 21 để forward gói tin

R1A#ping 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6A#ping 1.1.1.1 source 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Loopback 0 của R1A và R6A đã giao tiếp được với nhau và cụ thể là dùng lable 21 để forward gói tin.

Phân tích kết quả bắt gói (dùng wireshark) trên các router PE ta thấy lúc này MPLS có đến 2 nhãn (đại khái là 1 nhãn tránh blackhole, 1 nhãn cho vpnv4. Tìm đọc bài Quá trình trao đổi nhãn)

- OSPF area 0: Customer_B (R1B và R2; R6B và R5) đảm bảo loopback 0 của R1B và R6B có thể giao tiếp được với nhau.

Cấu hình:

Cấu hình ospf

Vì đã có ospf 1 chạy cho vùng MPLS core rồi nên ta dùng proccess 16 trong trường hợp này

R1B, R6B:

router ospf 16
exit
interface range ethernet 0/2, loopback 0
ip ospf 16 area 0
do write

R2:

router ospf 16 vrf Customer_B
network 192.168.12.2 0.0.0.0 area 0

R5:

router ospf 16 vrf Customer_B
network 192.168.56.5 0.0.0.0 area 0

Redistribute ospf vào MP-BGP để các PE (R2, R5) học được route của router CE (trong trường hợp này là học loopback 0 của R1B và R6B)

R2, R5:

router bgp 2345
address-family ipv4 vrf Customer_B
redistribute ospf 16

Kiểm tra:

R2# show ip route vrf Customer_B ospf
(...)
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 192.168.12.1, 00:32:09, Ethernet0/1

R2# show ip route vrf Customer_B 6.6.6.6
Routing Table: Customer_B
Routing entry for 6.6.6.6/32
Known via "bgp 2345", distance 200, metric 11, type internal
Last update from 5.5.5.5 00:12:18 ago
Routing Descriptor Blocks:
* 5.5.5.5 (default), from 5.5.5.5, 00:12:18 ago
Route metric is 11, traffic share count is 1
AS Hops 0
MPLS label: 22
MPLS Flags: MPLS Required

R2#show ip bgp vpnv4 vrf Customer_B
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11:66 (default for vrf Customer_B)
*> 1.1.1.1/32 192.168.12.1 11 32768 ?
*>i 6.6.6.6/32 5.5.5.5 11 100 0 ?
*> 192.168.12.0 0.0.0.0 0 32768 ?
*>i 192.168.56.0 5.5.5.5 0 100 0 ?

Có thể dùng lệnh show bgp vpnv4 unicast vrf Customer_B

R5#show ip route vrf Customer_B ospf
(...)
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/11] via 192.168.56.6, 00:39:28, Ethernet0/1

R5#show ip route vrf Customer_B 1.1.1.1
Routing Table: Customer_B
Routing entry for 1.1.1.1/32
Known via "bgp 2345", distance 200, metric 11, type internal
Last update from 2.2.2.2 00:20:20 ago
Routing Descriptor Blocks:
* 2.2.2.2 (default), from 2.2.2.2, 00:20:20 ago
Route metric is 11, traffic share count is 1
AS Hops 0
MPLS label: 22
MPLS Flags: MPLS Required

R5#show ip bgp vpnv4 vrf Customer_B
BGP table version is 13, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11:66 (default for vrf Customer_B)
*>i 1.1.1.1/32 2.2.2.2 11 100 0 ?
*> 6.6.6.6/32 192.168.56.6 11 32768 ?
*>i 192.168.12.0 2.2.2.2 0 100 0 ?
*> 192.168.56.0 0.0.0.0 0 32768 ?

Ta thấy R2, R5 đã được được route theo yêu cầu.

R1B#show ip route 6.6.6.6
% Network not in table

R6B#show ip route 1.1.1.1
% Network not in table

Mục đích của chúng ta là:
- R1B phải học được route 6.6.6.6
- R6B phải học được route 1.1.1.1

Để giải quyết vấn đề cần phải redistribute bgp vào ospf trên các con router PE

R2, R5:

router ospf 16 vrf Customer_B
redistribute bgp 2345 subnets
do write

Kiểm tra

R1B#show ip route 6.6.6.6
Routing entry for 6.6.6.6/32
Known via "ospf 16", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/2, 00:04:25 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 192.168.12.2, 00:04:25 ago, via Ethernet0/2
Route metric is 21, traffic share count is 1

R1B#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
L 1.1.1.1/32 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
O IA 6.6.6.6 [110/21] via 192.168.12.2, 00:06:06, Ethernet0/2
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Ethernet0/2
L 192.168.12.1/32 is directly connected, Ethernet0/2
O IA 192.168.56.0/24 [110/11] via 192.168.12.2, 00:06:06, Ethernet0/2

R6B#show ip route 1.1.1.1
Routing entry for 1.1.1.1/32
Known via "ospf 16", distance 110, metric 21, type inter area
Last update from 192.168.56.5 on Ethernet0/2, 00:04:05 ago
Routing Descriptor Blocks:
* 192.168.56.5, from 192.168.56.5, 00:04:05 ago, via Ethernet0/2
Route metric is 21, traffic share count is 1

R6B#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/21] via 192.168.56.5, 00:04:20, Ethernet0/2
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 6.6.6.0/24 is directly connected, Loopback0
L 6.6.6.6/32 is directly connected, Loopback0
O IA 192.168.12.0/24 [110/11] via 192.168.56.5, 00:04:20, Ethernet0/2
192.168.56.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.56.0/24 is directly connected, Ethernet0/2
L 192.168.56.6/32 is directly connected, Ethernet0/2

R1B#ping 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6B#ping 1.1.1.1 source 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

R1B#traceroute 6.6.6.6 source 1.1.1.1 numeric
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 1 msec 1 msec 0 msec
2 192.168.23.3 [MPLS: Labels 16/22 Exp 0] 2 msec 1 msec 1 msec
3 192.168.34.4 [MPLS: Labels 16/22 Exp 0] 1 msec 2 msec 1 msec
4 192.168.56.5 [MPLS: Label 22 Exp 0] 1 msec 2 msec 1 msec
5 192.168.56.6 1 msec * 2 msec

Noted:

Ta thấy IP của các router P hiển thị khi sử dụng traceroute, đó là điều không cần thiết đối với khách hàng nên ta có thể không cho hiển thị các IP này bằng câu lệnh no mpls ip propagate-ttl trên tất cả các router PE

R2, R5:

no mpls ip propagate-ttl

R1B#traceroute 6.6.6.6 source 1.1.1.1 numeric
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 0 msec 0 msec 1 msec
2 192.168.56.5 [MPLS: Label 22 Exp 0] 1 msec 1 msec 1 msec
3 192.168.56.6 2 msec * 2 msec

IP của R3 (192.168.23.3) và R4 (192.168.34.4) đã không xuất hiện trong bảng traceroute sau khi sử dụng dòng lệnh no mpls ip propagate-ttl.

Xong!

Bài 4: MPLS Layer 3 VPN PE_CE Static_OSPF

Giới thiệu:

đang cập nhật ...

Sơ đồ lab:

Static route: Customer_A (R1A và R2; R6A và R5) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.
OSPF area 0: Customer_B (R1B và R2; R6B và R5) đảm bảo loopback 0 của R1B và R6B có thể giao tiếp được với nhau.

2. Kiểm tra các kết nối đảm bảo:

- R1A, R1B có thể ping đến R2 và ngược lại

R1A#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1B#ping 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms

R2#ping vrf Customer_A 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R2#ping vrf Customer_B 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

- R6A, R6B có thể ping đến R5 và ngược lại

R6A#ping 192.168.56.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R6B#ping 192.168.56.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_A 192.168.56.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_B 192.168.56.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

- Loopback 0 của R2 và R5 có thể giao tiếp được với nhau

R2#ping 5.5.5.5 source 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R5#ping 2.2.2.2 source 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

3. Cấu hình route giữa các router CE và PE:

- Static route: Customer_A (R1A và R2; R6A và R5) đảm bảo loopback 0 của R1A và R6A có thể giao tiếp được với nhau.

Cấu hình Static route:

R1A:

ip route 6.6.6.0 255.255.255.0 192.168.12.2

R2:

ip route vrf Customer_A 1.1.1.0 255.255.255.0 192.168.12.1

R5:

ip route vrf Customer_A 6.6.6.0 255.255.255.0 192.168.56.6

R6A:

ip route 1.1.1.0 255.255.255.0 192.168.56.5

Kiểm tra:

R1A#show ip route static

(...)
Gateway of last resort is not set
6.0.0.0/24 is subnetted, 1 subnets
S 6.6.6.0 [1/0] via 192.168.12.2

R6A#show ip route static

(...)
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 192.168.56.5

Router CE của Customer_A đã biết đường đến loopback 0 của nhau thông qua các router PE (R2, R5)

R2#show ip route vrf Customer_A 6.6.6.6

Routing Table: Customer_A
% Network not in table

R5#show ip route vrf Customer_A 1.1.1.1

Routing Table: Customer_A
% Network not in table

Cấu hình:

R2, R5:

router bgp 2345
address-family ipv4 vrf Customer_A
redistribute static
do write

Kiểm tra:

R2#show ip route vrf Customer_A 6.6.6.6

Routing Table: Customer_A
Routing entry for 6.6.6.0/24
Known via "bgp 2345", distance 200, metric 0, type internal
Last update from 5.5.5.5 00:01:06 ago
Routing Descriptor Blocks:
* 5.5.5.5 (default), from 5.5.5.5, 00:01:06 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: 21
MPLS Flags: MPLS Required

R5#show ip route vrf Customer_A 1.1.1.1

Routing Table: Customer_A
Routing entry for 1.1.1.0/24
Known via "bgp 2345", distance 200, metric 0, type internal
Last update from 2.2.2.2 00:01:16 ago
Routing Descriptor Blocks:
* 2.2.2.2 (default), from 2.2.2.2, 00:01:16 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: 21
MPLS Flags: MPLS Required

R2#show ip bgp vpnv4 vrf Customer_A

BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*> 1.1.1.0/24 192.168.12.1 0 32768 ?
*>i 6.6.6.0/24 5.5.5.5 0 100 0 ?

R5#show ip bgp vpnv4 vrf Customer_A

BGP table version is 7, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 16:16 (default for vrf Customer_A)
*>i 1.1.1.0/24 2.2.2.2 0 100 0 ?
*> 6.6.6.0/24 192.168.56.6 0 32768 ?

Vậy là các PE router đã học các route static từ đầu bên kia redistribute vào và dùng lable 21 để forward gói tin

R1A#ping 6.6.6.6 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6A#ping 1.1.1.1 source 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Loopback 0 của R1A và R6A đã giao tiếp được với nhau và cụ thể là dùng lable 21 để forward gói tin.

- OSPF area 0: Customer_B (R1B và R2; R6B và R5) đảm bảo loopback 0 của R1B và R6B có thể giao tiếp được với nhau.

Cấu hình:

Cấu hình ospf

Vì đã có ospf 1 chạy cho vùng MPLS core rồi nên ta dùng proccess 16 trong trường hợp này

R1B, R6B:

router ospf 16
exit
interface range ethernet 0/2, loopback 0
ip ospf 16 area 0
do write

R2:

router ospf 16 vrf Customer_B
network 192.168.12.2 0.0.0.0 area 0

R5:

router ospf 16 vrf Customer_B
network 192.168.56.5 0.0.0.0 area 0

Redistribute ospf vào MP-BGP để các PE (R2, R5) học được route của router CE (trong trường hợp này là học loopback 0 của R1B và R6B)

R2, R5:

router bgp 2345
address-family ipv4 vrf Customer_B
redistribute ospf 16

Kiểm tra:

R2# show ip route vrf Customer_B ospf

(...)
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 192.168.12.1, 00:32:09, Ethernet0/1

R2# show ip route vrf Customer_B 6.6.6.6

Routing Table: Customer_B
Routing entry for 6.6.6.6/32
Known via "bgp 2345", distance 200, metric 11, type internal
Last update from 5.5.5.5 00:12:18 ago
Routing Descriptor Blocks:
* 5.5.5.5 (default), from 5.5.5.5, 00:12:18 ago
Route metric is 11, traffic share count is 1
AS Hops 0
MPLS label: 22
MPLS Flags: MPLS Required

R2#show ip bgp vpnv4 vrf Customer_B

BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11:66 (default for vrf Customer_B)
*> 1.1.1.1/32 192.168.12.1 11 32768 ?
*>i 6.6.6.6/32 5.5.5.5 11 100 0 ?
*> 192.168.12.0 0.0.0.0 0 32768 ?
*>i 192.168.56.0 5.5.5.5 0 100 0 ?

Có thể dùng lệnh show bgp vpnv4 unicast vrf Customer_B

R5#show ip route vrf Customer_B ospf

(...)
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/11] via 192.168.56.6, 00:39:28, Ethernet0/1

R5#show ip route vrf Customer_B 1.1.1.1

Routing Table: Customer_B
Routing entry for 1.1.1.1/32
Known via "bgp 2345", distance 200, metric 11, type internal
Last update from 2.2.2.2 00:20:20 ago
Routing Descriptor Blocks:
* 2.2.2.2 (default), from 2.2.2.2, 00:20:20 ago
Route metric is 11, traffic share count is 1
AS Hops 0
MPLS label: 22
MPLS Flags: MPLS Required

R5#show ip bgp vpnv4 vrf Customer_B

BGP table version is 13, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11:66 (default for vrf Customer_B)
*>i 1.1.1.1/32 2.2.2.2 11 100 0 ?
*> 6.6.6.6/32 192.168.56.6 11 32768 ?
*>i 192.168.12.0 2.2.2.2 0 100 0 ?
*> 192.168.56.0 0.0.0.0 0 32768 ?

Ta thấy R2, R5 đã được được route theo yêu cầu.

R1B#show ip route 6.6.6.6

% Network not in table

R6B#show ip route 1.1.1.1

% Network not in table

router ospf 16 vrf Customer_B
redistribute bgp 2345 subnets
do write

Kiểm tra

R1B#show ip route 6.6.6.6

Routing entry for 6.6.6.6/32
Known via "ospf 16", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/2, 00:04:25 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 192.168.12.2, 00:04:25 ago, via Ethernet0/2
Route metric is 21, traffic share count is 1

R1B#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
L 1.1.1.1/32 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
O IA 6.6.6.6 [110/21] via 192.168.12.2, 00:06:06, Ethernet0/2
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Ethernet0/2
L 192.168.12.1/32 is directly connected, Ethernet0/2
O IA 192.168.56.0/24 [110/11] via 192.168.12.2, 00:06:06, Ethernet0/2

R6B#show ip route 1.1.1.1

Routing entry for 1.1.1.1/32
Known via "ospf 16", distance 110, metric 21, type inter area
Last update from 192.168.56.5 on Ethernet0/2, 00:04:05 ago
Routing Descriptor Blocks:
* 192.168.56.5, from 192.168.56.5, 00:04:05 ago, via Ethernet0/2
Route metric is 21, traffic share count is 1

R6B#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/21] via 192.168.56.5, 00:04:20, Ethernet0/2
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 6.6.6.0/24 is directly connected, Loopback0
L 6.6.6.6/32 is directly connected, Loopback0
O IA 192.168.12.0/24 [110/11] via 192.168.56.5, 00:04:20, Ethernet0/2
192.168.56.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.56.0/24 is directly connected, Ethernet0/2
L 192.168.56.6/32 is directly connected, Ethernet0/2

R1B#ping 6.6.6.6 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R6B#ping 1.1.1.1 source 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

R1B#traceroute 6.6.6.6 source 1.1.1.1 numeric

Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 1 msec 1 msec 0 msec
2 192.168.23.3 [MPLS: Labels 16/22 Exp 0] 2 msec 1 msec 1 msec
3 192.168.34.4 [MPLS: Labels 16/22 Exp 0] 1 msec 2 msec 1 msec
4 192.168.56.5 [MPLS: Label 22 Exp 0] 1 msec 2 msec 1 msec
5 192.168.56.6 1 msec * 2 msec

Noted:

R2, R5:

no mpls ip propagate-ttl

R1B#traceroute 6.6.6.6 source 1.1.1.1 numeric

Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 0 msec 0 msec 1 msec
2 192.168.56.5 [MPLS: Label 22 Exp 0] 1 msec 1 msec 1 msec
3 192.168.56.6 2 msec * 2 msec

IP của R3 (192.168.23.3) và R4 (192.168.34.4) đã không xuất hiện trong bảng traceroute sau khi sử dụng dòng lệnh no mpls ip propagate-ttl.

Xong!

Bài 3: MPLS Layer 3 VPN - core

Giới thiệu:

Đang cập nhật ...

Sơ đồ Lab:

Yêu cầu:

1. Đặt IP theo quy hoạch hình vẽ
2. Chạy định tuyến OSPF trong vùng MPLS core (R2, R3, R4, R5)
3. Enable MPLS/Enable LDP trên các cổng đấu nối giữa các router PE và P
4. Cấu hình iBGP cho các router PE (R2, R5)
5. Bật tính năng VPNv4/VPN lable cho vùng iBGP giữa các router PE
6. Tạo VRF cho từng khách hàng

Các kiến thức sử dụng trong bài: OSPF, MPLS, BGP, VRF, VPNv4

Cấu hình:

1. Đặt IP theo quy hoạch hình vẽ

Cấu hình

R1, R2:

interface Loopback0
ip address 1.1.1.1 255.255.255.0
exit
interface Ethernet0/2
ip address 192.168.12.1 255.255.255.0
no shutdown
end
write

R2:

interface Loopback0
ip address 2.2.2.2 255.255.255.0
exit
interface Ethernet0/0
ip address 192.168.23.2 255.255.255.0
no shutdown
end
write

R3:

interface Loopback0
ip address 3.3.3.3 255.255.255.0
exit
interface Ethernet0/0
ip address 192.168.23.3 255.255.255.0
no shutdown
exit
interface Ethernet0/1
ip address 192.168.34.3 255.255.255.0
no shutdown
end
write

R4:

interface Loopback0
ip address 4.4.4.4 255.255.255.0
exit
interface Ethernet0/1
ip address 192.168.34.4 255.255.255.0
no shutdown
exit
interface Ethernet0/0
ip address 192.168.45.4 255.255.255.0
no shutdown
end
write

R5:

interface Loopback0
ip address 5.5.5.5 255.255.255.0
exit
interface Ethernet0/0
ip address 192.168.45.5 255.255.255.0
no shutdown
end
write

R6A, R6B:

interface Loopback0
ip address 6.6.6.6 255.255.255.0
exit
interface Ethernet0/2
ip address 192.168.56.6 255.255.255.0
no shutdown
end
write

2. Chạy định tuyến OSPF trong vùng MPLS core (R2, R3, R4, R5)

Cấu hình

R2:

router ospf 1
router-id 2.2.2.2
exit
interface range loopback 0, ethernet 0/0
ip ospf 1 area 0
end
write

R3:

router ospf 1
router-id 3.3.3.3
exit
interface range loopback 0, ethernet 0/0-1
ip ospf 1 area 0
end
write

R4:

router ospf 1
router-id 4.4.4.4
exit
interface range loopback 0, ethernet 0/0-1
ip ospf 1 area 0
end
write

R5:

router ospf 1
router-id 5.5.5.5
exit
interface range loopback 0, ethernet 0/0
ip ospf 1 area 0
end
write

Kiểm tra sau khi chạy định tuyến OSPF, chắc chắn các IP trong vùng MPLS core có thể giao tiếp được với nhau.

R2#show ip route ospf
(...)
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 192.168.23.3, 00:04:19, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/21] via 192.168.23.3, 00:03:34, Ethernet0/0
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/31] via 192.168.23.3, 00:00:55, Ethernet0/0
O 192.168.34.0/24 [110/20] via 192.168.23.3, 00:04:19, Ethernet0/0
O 192.168.45.0/24 [110/30] via 192.168.23.3, 00:03:34, Ethernet0/0

R3#show ip route ospf
(...)
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/11] via 192.168.23.2, 00:04:34, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 192.168.34.4, 00:03:48, Ethernet0/1
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/21] via 192.168.34.4, 00:01:08, Ethernet0/1
O 192.168.45.0/24 [110/20] via 192.168.34.4, 00:03:48, Ethernet0/1

R4#show ip route ospf
(...)
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/21] via 192.168.34.3, 00:03:55, Ethernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 192.168.34.3, 00:03:55, Ethernet0/1
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/11] via 192.168.45.5, 00:01:14, Ethernet0/0
O 192.168.23.0/24 [110/20] via 192.168.34.3, 00:03:55, Ethernet0/1

R5#show ip route ospf
(...)
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/31] via 192.168.45.4, 00:00:45, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/21] via 192.168.45.4, 00:00:45, Ethernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 192.168.45.4, 00:00:45, Ethernet0/0
O 192.168.23.0/24 [110/30] via 192.168.45.4, 00:00:45, Ethernet0/0
O 192.168.34.0/24 [110/20] via 192.168.45.4, 00:00:45, Ethernet0/0

3. Enable MPLS/Enable LDP trên các cổng đấu nối giữa các router PE và P

Cấu hình

R2, R5:

interface ethernet 0/0
mpls ip
end
write

R3, R4:

interface range ethernet 0/0-1
mpls ip
end
write

Tìm hiểu về MPLS LDP tại đây

Kiểm tra MPLS đã được enable trên các router

R2#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes

R3#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes

R4#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes

R5#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes

Kiểm tra quan hệ láng giềng LDP

R2#show mpls ldp neighbor
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.57415 - 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 22/23; Downstream
Up time: 00:11:04
LDP discovery sources:
Ethernet0/0, Src IP addr: 192.168.23.3
Addresses bound to peer LDP Ident:
192.168.23.3 192.168.34.3 3.3.3.3

R3#show mpls ldp neighbor
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
TCP connection: 2.2.2.2.646 - 3.3.3.3.57415
State: Oper; Msgs sent/rcvd: 23/23; Downstream
Up time: 00:11:15
LDP discovery sources:
Ethernet0/0, Src IP addr: 192.168.23.2
Addresses bound to peer LDP Ident:
192.168.23.2 2.2.2.2
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
TCP connection: 4.4.4.4.16247 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 22/22; Downstream
Up time: 00:10:38
LDP discovery sources:
Ethernet0/1, Src IP addr: 192.168.34.4
Addresses bound to peer LDP Ident:
192.168.45.4 192.168.34.4 4.4.4.4

R4#show mpls ldp neighbor
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 4.4.4.4:0
TCP connection: 3.3.3.3.646 - 4.4.4.4.16247
State: Oper; Msgs sent/rcvd: 22/22; Downstream
Up time: 00:10:48
LDP discovery sources:
Ethernet0/1, Src IP addr: 192.168.34.3
Addresses bound to peer LDP Ident:
192.168.23.3 192.168.34.3 3.3.3.3
Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 4.4.4.4:0
TCP connection: 5.5.5.5.53437 - 4.4.4.4.646
State: Oper; Msgs sent/rcvd: 21/22; Downstream
Up time: 00:10:32
LDP discovery sources:
Ethernet0/0, Src IP addr: 192.168.45.5
Addresses bound to peer LDP Ident:
192.168.45.5 5.5.5.5

R5#show mpls ldp neighbor
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 5.5.5.5:0
TCP connection: 4.4.4.4.646 - 5.5.5.5.53437
State: Oper; Msgs sent/rcvd: 22/21; Downstream
Up time: 00:10:39
LDP discovery sources:
Ethernet0/0, Src IP addr: 192.168.45.4
Addresses bound to peer LDP Ident:
192.168.45.4 192.168.34.4 4.4.4.4

Kiểm tra kết nối giữa các router PE (R2, R5)

R2#ping 5.5.5.5 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R2#traceroute 5.5.5.5 source 2.2.2.2 numeric
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.23.3 [MPLS: Label 17 Exp 0] 1 msec 1 msec 1 msec
2 192.168.34.4 [MPLS: Label 16 Exp 0] 1 msec 1 msec 0 msec
3 192.168.45.5 1 msec * 2 msec

R5#ping 2.2.2.2 source 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R5#traceroute 2.2.2.2 source 5.5.5.5 numeric
Type escape sequence to abort.
Tracing the route to 2.2.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.45.4 [MPLS: Label 18 Exp 0] 1 msec 1 msec 1 msec
2 192.168.34.3 [MPLS: Label 16 Exp 0] 1 msec 2 msec 0 msec
3 192.168.23.2 1 msec * 1 msec

Noted: Để đảm bảo hệ thống chuyển mạch label của MPLS đúng nhất chúng ta nên đặt địa chỉ của các loopback0 với prefix-length /32, nhưng ở bài lab này đặt /24 nên bắt buộc phải chuyển network-type trong OSPF là POINT-TO-POINT cho các loopback 0 trong vùng core.

Cấu hình

R2, R3, R4, R5:

interface loopback 0
ip ospf network point-to-point
end
write

4. Cấu hình iBGP cho các router PE (R2, R5)

Cấu hình

R2:

router bgp 2345
neighbor 5.5.5.5 remote-as 2345
neighbor 5.5.5.5 update-source Loopback0

R5:

router bgp 2345
neighbor 2.2.2.2 remote-as 2345
neighbor 2.2.2.2 update-source Loopback0

5. Bật tính năng VPNv4/VPN lable cho vùng iBGP giữa các router PE

Khi thiết lập iBGP cho các router PE thì mặt định các router PE sẽ dùng IPv4 unicast để trao đổi thông tin, chúng cần phải enable vpnv4 route để trao đổi định tuyến. Tại sao enable vpnv4 sẽ được thảo luận ở chủ đề VPNv4/VPN Lable.

Cấu hình

R2:

router bgp 2345
address-family vpnv4
neighbor 5.5.5.5 activate
end
write

R2#show run | section bgp
router bgp 2345
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 2345
neighbor 5.5.5.5 update-source Loopback0
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family

Khi enable VNPv4 router sẽ tự động thêm vào dòng lệnh neighbor 5.5.5.5 send-community extended, dòng này là bắt buộc và không thể xóa vì vpnv4 dùng để giao tiếp và quảng bá source-target giữa các router PE khi đã enable vnpv4.

R5:

router bgp 2345
address-family vpnv4
neighbor 2.2.2.2 activate
end
write

Kiểm tra sau khi thiết lập iBGP

R2#show bgp vpnv4 unicast all summary
BGP router identifier 2.2.2.2, local AS number 2345
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
5.5.5.5 4 2345 93 92 1 0 0 0 1:19:59 0

R5#show bgp vpnv4 unicast all summary
BGP router identifier 5.5.5.5, local AS number 2345
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 2345 93 93 1 0 0 0 1:20:31 0

Đến đây đã xong phần MPLS Layer 3 VPN core.

Để chuẩn bị cho các bài route giữa các khách hàng thông qua MPLS Layer 3 VPN, ta phải tạo VRF, hãy chuyển sang yêu cầu 6

6. Tạo VRF cho từng khách hàng

Để mỗi khách hàng có một bảng route riêng biệt (tham khảo bài VRF lite) ta phải tạo VRF trên con router PE (R2, R5), đặt IP và gán các cổng tương ứng vào VRF như sơ đồ bài lab.

Cấu hình

Customer A
R2:

ip vrf Customer_A
rd 16:16
route-target export 1:6
route-target import 6:1
exit
interface ethernet 0/2
ip vrf forwarding Customer_A
ip address 192.168.12.2 255.255.255.0
no shutdown
end
write

R5:

ip vrf Customer_A
rd 16:16
route-target export 6:1
route-target import 1:6
exit
interface ethernet 0/2
ip vrf forwarding Customer_A
ip address 192.168.56.5 255.255.255.0
no shutdown
end
write

Noted: ASN:nn route-target import của PE bên này là ASN:nn route-target export của PE bên kia và ngược lại (sẽ có bài nói về vấn đề này)

Customer B

R2:

ip vrf Customer_B
route-target both 11:66
exit
interface ethernet 0/1
ip vrf forwarding Customer_B
ip address 192.168.12.2 255.255.255.0
no shutdown
end
write

Khi cấu hình route-target both 11:66 trên router sẽ tự động thay bằng 2 dòng:
- route-target export 11:66 và
- route-target import 11:66

R2#show run | begin ip vrf Customer_B
ip vrf Customer_B
rd 11:66
route-target export 11:66
route-target import 11:66

R5:

ip vrf Customer_B
route-target both 11:66
exit
interface ethernet 0/1
ip vrf forwarding Customer_B
ip address 192.168.56.5 255.255.255.0
no shutdown
end
write

Kiểm tra sau khi tạo vrf

R2#ping vrf Customer_A 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R2#ping vrf Customer_B 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_A 192.168.56.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

R5#ping vrf Customer_B 192.168.56.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

Tóm tắt: Để tạo ra vùng MPLS Layer3 VPN - core cần:

Chạy giao thức định tuyến IGP (ospf, is-is,...) cho vùng core
Thiết lập iBGP giữa các router PE
Enable LDP / MPLS IP trên các cổng đấu nối giữa các router P và PE (nếu không sẽ bị lỗi backhole)
Enable VPN lable / VPNv4 để thêm nhãn RT để tạo định tuyển duy nhất để quảng bá giữa các PE
Tạo VRF trên các router PE và gán các cổng tương ứng vào VRF thích hợp

Các lệnh troubleshooting:

show mpls interfaces
show mpls ldp neighbor
show ip bgp summary
show bgp vpnv4 unicast all summary
show run | begin ip vrf TênVRF
ping vrf TênVRF IP_cần_ping

Xong!

/*header slide*/

Pages

Bài 5: MPLS Layer 3 VPN PE_CE BGP_EIGRP

Bài 4: MPLS Layer 3 VPN PE_CE Static_OSPF

Bài 4: MPLS Layer 3 VPN PE_CE Static_OSPF

Bài 3: MPLS Layer 3 VPN - core