在51cto博客https://blog.51cto.com/dashu666/2163481 看到达叔的这份MPLS排错练习题分享文章,心痒痒决定手搓玩一玩
MPLS 环境如下图,现由于前面负责实施的工程师离职,留下烂尾工程,请按下面截图找出目前配置存在的错误并修复,要求项目部署完毕之后所有检查命令输出要和下面截图一致。
要求R7 和R8两个站点通信必须经过R6的全局处理、要求R6 的 vrfA 和 R7、R8能够直接通信
同时要求交一份排除故障的文档。
要求在文档中指出配置错误的地方,以及产生的影响,解决的方案。
不能使用任何静态路由、不允许修改 R4、R5 的 VRF 配置、不允许修改 R6的BGP配置
排查R1到10.1.1.2/32的MPLS标签转发问题
在R1上输入命令ping mpls ipv4 10.1.1.2/32 source 10.1.1.1,验证R1到10.1.1.2/32的MPLS标签转发过程问题存在
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R1#ping mpls ipv4 10.1.1.2/32 source 10.1.1.1
Sending 5, 100-byte MPLS Echos to 10.1.1.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
.....
Success rate is 0 percent (0/5)
R1#在R1上使用命令show mpls forwarding-table 查看LFIB
1
2
3
4
5
6
7
8
9
10
11R1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
102 Pop Label 10.1.1.3/32 0 Et0/0 13.1.1.3
103 304 10.1.1.2/32 0 Et0/0 13.1.1.3
104 307 10.1.1.5/32 0 Et0/0 13.1.1.3
105 306 10.1.1.4/32 0 Et0/0 13.1.1.3
106 No Label 10.6.6.6/32[V] 0 Et0/1.1 16.1.1.6
107 No Label 0.0.0.0/0[V] 0 Et0/1.2 16.1.2.6
108 No Label 10.6.6.6/32[V] 0 Et0/1.2 16.1.2.6
R1#结果显示R1去往R2的10.1.1.2有出方向标签,下一步检查R3设备的LFIB
在R3上使用命令show mpls forwarding-table 查看LFIB
1
2
3
4
5
6
7
8
9
10
11
12R3#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
300 No Label 13.1.1.0/24 0 drop
301 No Label 23.1.1.0/24 0 drop
302 No Label 34.1.1.0/24 0 drop
303 No Label 35.1.1.0/24 0 drop
304 No Label 10.1.1.2/32 0 drop
305 No Label 10.1.1.1/32 0 drop
306 No Label 10.1.1.4/32 0 drop
307 No Label 10.1.1.5/32 0 drop
R3#结果显示R3没有去往10.1.1.1/32和10.1.1.2/32的出方向标签,下一步检查R3上的LDP邻居关系
在R3上使用命令show mpls ldp neighbor 查看LDP邻居
1
2
3
4
5
6
7
8
9R3#show mpls ldp neighbor
Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.3:0
TCP connection: 10.1.1.1.646 - 10.1.1.3.59329
State: Oper; Msgs sent/rcvd: 56/52; Downstream
Up time: 00:37:37
LDP discovery sources:
Ethernet0/0, Src IP addr: 13.1.1.1
Addresses bound to peer LDP Ident:
13.1.1.1 10.1.1.1 16.1.3.1结果显示R3上有与R1的LDP邻居,没有与R2建立LDP邻居,下一步检查R3上LDP进程
在R3上使用命令show mpls ldp discovery 查看LDP进程信息
1
2
3
4
5
6
7
8
9
10
11R3#show mpls ldp discovery
Local LDP Identifier:
10.1.1.3:0
Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.1.1.1:0
Ethernet0/1 (ldp): xmit/recv
LDP Id: 10.22.22.22:0; no route
Ethernet0/2 (ldp): xmit
Ethernet0/3 (ldp): xmit结果显示R3使用10.1.1.3为LDP router-id与对端建立LDP邻居,在Ethernet0/1收到 LDP ID为10.22.22.22的LDP报文且提示没有路由到达,而Ethernet0/1连接的是R2,怀疑R2上手动指定了10.22.22.22为LDP的router-id或LDP自动选举了该地址作为router-id,且该地址没有宣告底层IGP协议;R3与R1能建立LDP邻居,下一步检查R3的cef特性是否启用
在R3上使用用命令show ip cef 查看cef是否启用
1
2
3R3#show ip cef
%IPv4 CEF not running
R3#结果显示R3没有启用cef特性,而FIB的形成依赖cef特性,因此需要启用设备的cef特性
在R3上使用命令ip cef 启用cef
1
R3(config)#ip cef
在R3上使用命令show mpls forwarding-table 查看LFIB
1
2
3
4
5
6
7
8R3#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
304 No Label 10.1.1.2/32 0 Et0/1 23.1.1.2
305 Pop Label 10.1.1.1/32 0 Et0/0 13.1.1.1
306 No Label 10.1.1.5/32 0 Et0/3 35.1.1.5
307 No Label 10.1.1.4/32 0 Et0/2 34.1.1.4
R3#结果显示R3上已经有去往10.1.1.1/32的出方向标签,下一步检查R2的LDP配置
在R上使用命令show mpls ldp discovery 查看LDP进程信息
1
2
3
4
5
6
7
8R2#show mpls ldp discovery
Local LDP Identifier:
10.22.22.22:0
Discovery Sources:
Interfaces:
Ethernet0/1 (ldp): xmit/recv
LDP Id: 10.1.1.3:0
R2#结果显示R2使用10.22.22.22作为LDP的router-id,下一步检查R2上是否手动指定了10.22.22.22为LDP的router-id或LDP自动选举了该地址作为router-id
在R2上使用命令show run | include router-id查看是否手动指定了LDP的router-id
1
2
3R2#show run | include router-id
mpls ldp router-id Loopback1 force
R2#结果显示R2上手动指定了Loopback1接口地址为router-id,下一步查看R2的所有环回接口地址配置
在R2上使用命令show ip interface brief | include Loopback 查看环回接口地址配置
1
2
3
4R2#show ip interface brief | include Loopback
Loopback0 10.1.1.2 YES TFTP up up
Loopback1 10.22.22.22 YES TFTP up up
R2#继续使用命令show running-config interface loopback 0 和 show running-config interface loopback 1 查看两个环回接口的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20R2#show running-config interface loopback 0
Building configuration...
Current configuration : 82 bytes
!
interface Loopback0
ip address 10.1.1.2 255.255.255.0
ip ospf 110 area 0
end
R2#show running-config interface loopback 1
Building configuration...
Current configuration : 67 bytes
!
interface Loopback1
ip address 10.22.22.22 255.255.255.255
end
R2#综合以上结果显示,R2使用了手动设置LDP的router-id,这样手动指定router-id的配置本身没有问题,然而Loopback1并没有宣告进OSPF 110 进程,导致R3上没有10.22.22.22/32的路由,双方不能形成LDP邻居关系;
LDP邻居关系的建立是标签相互学习的的前提,需要解决R2和R3的LDP邻居建立问题
解决方案:
在R3使用命令手动指定Loopback0接口为LDP的router-id
1
R2(config)#mpls ldp router-id Loopback0 force
从命令show running-config interface loopback 0查看到的结果显示Loopback0配置24位掩码的地址,在ospf网络中思科路由器会默认认为环回接口的ospf网络类型为LOOPBACK,无论环回接口是否配置32位掩码地址都会以32位掩码地址宣告进ospf进程中
R2本地LDP标签分配会为10.1.1.0/24分配标签,并不会为R2上不存在的10.1.1.2/32分配标签,R3虽然本地为10.1.1.2/32分配的本地标签,但是没有从R2上学习到10.1.1.2/32的标签
解决方案如下
R2上修改Loopback0的地址掩码为32位掩码
1
2
3R2(config)#interface loopback 0
R2(config-if)# ip address 10.1.1.2 255.255.255.255
R2(config-if)#在R1上输入命令ping mpls ipv4 10.1.1.2/32 source 10.1.1.1,验证R1到10.1.1.2/32的MPLS标签转发过程问题是否存在
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R1#ping mpls ipv4 10.1.1.2/32 source 10.1.1.1
Sending 5, 100-byte MPLS Echos to 10.1.1.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 38/138/181 ms
R1#结果显示R1到10.1.1.2/32的MPLS标签转发过程问题已经解决
排查MPLS网络中其他设备标签转发问题
在上一步骤中在R3查看到没有R4和R5的LDP邻居,MPLS网络中IGP网络的标签转发出现问题,客户CE设备流量进入MPLS网络将不能转发到远端目的地。
检查R4的LDP配置
R4上使用show mpls ldp discovery 检查LDP进程
1
2R4#show mpls ldp discovery
R4#结果显示没有信息,下一步检查接口是否启用mpls ip和是否全局启用mpls ip
R4上使用show mpls interfaces 检查LDP接口信息
1
2
3R4#show mpls interfaces
Interface IP Tunnel BGP Static Operational
R4#结果显示R4的Ethernet0/2接口没有启用mpls ip,下一步在R4将接口启用mpls ip
在R4上使用命令mpls ip将ethernet 0/2启用LDP
1
2
3
4
5R4(config)#interface ethernet 0/2
R4(config-if)#mpls ip
R4(config-if)#
*Jan 30 17:52:31.200: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (1) is UP
R4(config-if)#结果显示R4与10.1.1.3建立LDP邻居,下一步检查R4是否学习到MPLS网络中其他设备的出接口标签
在R4上使用命令show mpls forwarding-table 查看FLIB
1
2
3
4
5
6
7
8R4#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
400 305 10.1.1.1/32 0 Et0/2 34.1.1.3
401 302 10.1.1.2/32 0 Et0/2 34.1.1.3
402 Pop Label 10.1.1.3/32 0 Et0/2 34.1.1.3
403 306 10.1.1.5/32 0 Et0/2 34.1.1.3
R4#结果显示R4上有到MPLS网络中其他设备的出接口标签
检查R5的LDP配置
在R5上使用命令show mpls ldp discovery 检查LDP进程
1
2
3
4
5
6
7R5#show mpls ldp discovery
Local LDP Identifier:
10.1.1.5:0
Discovery Sources:
Interfaces:
Ethernet0/3 (tdp): xmit
R5#结果显示R5的Ethernet0/3使用标签协议为tdp,而R3上使用的是LDP协议,下一步修改R5使用LDP协议
在R5上使用命令mpls label protocol ldp 修改标签协议为LDP
1
2
3
4R5(config)#mpls label protocol ldp
R5(config)#
*Jan 30 18:07:49.748: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (1) is UP
R5(config)#结果显示在R5上修改标签协议后已经和10.1.1.3建立了邻居,下一步检查R5是否学习到MPLS网络中其他设备的出接口标签
在R5上使用命令show mpls forwarding-table 查看LFIB
1
2
3
4
5
6
7
8R5#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
501 307 10.1.1.4/32 0 Et0/3 35.1.1.3
502 Pop Label 10.1.1.3/32 0 Et0/3 35.1.1.3
503 302 10.1.1.2/32 0 Et0/3 35.1.1.3
504 305 10.1.1.1/32 0 Et0/3 35.1.1.3
R5#结果显示R5上有到MPLS网络中其他设备的出接口标签
检查各PE设备环回接口之间的标签转发是否正常
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61R1#ping mpls ipv4 10.1.1.2/32 source 10.1.1.1
Sending 5, 100-byte MPLS Echos to 10.1.1.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 113/170/211 ms
R1#ping mpls ipv4 10.1.1.3/32 source 10.1.1.1
Sending 5, 100-byte MPLS Echos to 10.1.1.3/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 53/214/497 ms
R1#ping mpls ipv4 10.1.1.4/32 source 10.1.1.1
Sending 5, 100-byte MPLS Echos to 10.1.1.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/193/312 ms
R1#ping mpls ipv4 10.1.1.5/32 source 10.1.1.1
Sending 5, 100-byte MPLS Echos to 10.1.1.5/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 166/227/293 ms
R1#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61R2#ping mpls ipv4 10.1.1.1/32 source 10.1.1.2
Sending 5, 100-byte MPLS Echos to 10.1.1.1/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 81/167/201 ms
R2#ping mpls ipv4 10.1.1.3/32 source 10.1.1.2
Sending 5, 100-byte MPLS Echos to 10.1.1.3/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 69/144/169 ms
R2#ping mpls ipv4 10.1.1.4/32 source 10.1.1.2
Sending 5, 100-byte MPLS Echos to 10.1.1.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 47/205/442 ms
R2#ping mpls ipv4 10.1.1.5/32 source 10.1.1.2
Sending 5, 100-byte MPLS Echos to 10.1.1.5/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 26/146/196 ms
R2#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61R3#ping mpls ipv4 10.1.1.1/32 source 10.1.1.3
Sending 5, 100-byte MPLS Echos to 10.1.1.1/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 186/201/231 ms
R3#ping mpls ipv4 10.1.1.2/32 source 10.1.1.3
Sending 5, 100-byte MPLS Echos to 10.1.1.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 191/218/281 ms
R3#ping mpls ipv4 10.1.1.4/32 source 10.1.1.3
Sending 5, 100-byte MPLS Echos to 10.1.1.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/201/213 ms
R3#ping mpls ipv4 10.1.1.5/32 source 10.1.1.3
Sending 5, 100-byte MPLS Echos to 10.1.1.5/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 189/224/314 ms
R3#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61R4#ping mpls ip 10.1.1.1/32 source 10.1.1.4
Sending 5, 100-byte MPLS Echos to 10.1.1.1/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 187/221/309 ms
R4#ping mpls ip 10.1.1.2/32 source 10.1.1.4
Sending 5, 100-byte MPLS Echos to 10.1.1.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 187/224/273 ms
R4#ping mpls ip 10.1.1.3/32 source 10.1.1.4
Sending 5, 100-byte MPLS Echos to 10.1.1.3/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 193/201/210 ms
R4#ping mpls ip 10.1.1.5/32 source 10.1.1.4
Sending 5, 100-byte MPLS Echos to 10.1.1.5/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 193/216/230 ms
R4#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61R5#ping mpls ip 10.1.1.1/32 source 10.1.1.5
Sending 5, 100-byte MPLS Echos to 10.1.1.1/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/177/230 ms
R5#ping mpls ip 10.1.1.2/32 source 10.1.1.5
Sending 5, 100-byte MPLS Echos to 10.1.1.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 103/213/464 ms
R5#ping mpls ip 10.1.1.3/32 source 10.1.1.5
Sending 5, 100-byte MPLS Echos to 10.1.1.3/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 62/154/187 ms
R5#ping mpls ip 10.1.1.4/32 source 10.1.1.5
Sending 5, 100-byte MPLS Echos to 10.1.1.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 173/278/642 ms
R5#结果显示R1,R2,R3,R4,R5的标签转发为正常状态
MPLS优化
手动指定LDP的router-id
R1,R3,R4,R5的LDP router-id为自动选举,当后续在这些路由器上创建的IP地址比loopback 0地址大时,LDP进程重启或设备重启,这些设备将自动选举地址大的环回接口为router-id,而这些环回接口地址很可能没有宣告进OSPF 100 ,这会导致LDP邻居不能建立从而产生MPLS标签断裂问题
在R1,R3,R4,R5上使用命令mpls ldp router-id Loopback0 force手动指定LDP的router-id
1
R1(config)#mpls ldp router-id loopback 0 force
1
R3(config)#mpls ldp router-id loopback 0 force
1
R4(config)#mpls ldp router-id loopback 0 force
1
R5(config)#mpls ldp router-id loopback 0 force
R5上使用命令show running-config interface e 0/3查看Ethernet0/3接口配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R5#show running-config interface e 0/3
Building configuration...
Current configuration : 182 bytes
!
interface Ethernet0/3
ip address 35.1.1.5 255.255.255.0
ip ospf network point-to-point
ip ospf demand-circuit
ip ospf 110 area 0
duplex auto
mpls propagate-cos
mpls ip
end
R5#结果显示该接口下配置了mpls propagate-cos,该命令用于在PE-CE接口的出口处启用,此命令从MPLS报头中的EXP值派生IP DSCP值,然后在IP报头中重写此值。由于拓扑中的MPLS网络没有配置QoS内容,删除该命令不会对现有网络造成影响
在R5上使用命令no mpls propagate-cos 删除该配置
1
2
3R5(config)#interface ethernet 0/3
R5(config-if)#no mpls propagate-cos
R5(config-if)#
排查R6,R7和R8的路由问题
要求R7 和R8两个站点通信必须经过R6的全局处理、要求R6 的 vrfA 和 R7、R8能够直接通信
不能使用任何静态路由、不允许修改 R4、R5 的 VRF 配置、不允许修改 R6的BGP配置
流量模型分析
要求R7 和R8两个站点通信必须经过R6的全局处理
- 根据需求可以判断出这是一个HUB-SPOKE组网结构,R6为HUB,R7和R8为SPOKE
- PE学习到总部CE和分支CE的路由,然后通过MPLS VPNV4传递到对端PE,总部CE和分支CE再从PE学习路由
- 总部和分支同时使用BGP 200 AS号码,根据as-path防环原则,总部不会学习到分支路由,分支也不会学习到总部路由,需要在PE上设置as-override或在CE设备配置 allowas-in
- R7和R8处于BGP 200,且同时接入相同BGP 100 的不同PE,需要考虑R7和R8之间的不合理次优路径问题
排查步骤
- 排查R1,R4和R5是否学习到客户CE上的路由
- 排查R1,R4和R5是否能学习对应PE的路由
- 排查R7和R8是否存在次优路径
排查R1,R4和R5是否学习到客户CE上的路由
在R1上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R1#show bgp vpnv4 unicast all
BGP table version is 4, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf SPOKE)
*> 0.0.0.0 16.1.2.6 0 200 i
*> 10.6.6.6/32 16.1.2.6 0 0 200 i
Route Distinguisher: 200:100 (default for vrf HUB)
*> 10.6.6.6/32 16.1.1.6 0 0 200 i
R1#结果显示R1学习到了R6上的10.6.6.6/32路由,下一步检查R4和R5
在R4上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14R4#show bgp vpnv4 unicast all
BGP table version is 4, local router ID is 10.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*> 10.7.7.7/32 47.1.1.7 0 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
R4#结果显示R4上学习到R7和R8上的路由,下一步检查R3上的VPNV4路由
在R3上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18R3#show bgp vpnv4 unicast all
BGP table version is 18, local router ID is 10.1.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
Route Distinguisher: 200:100
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
R3#结果显示R3上能学习到R6,R7和R8的路由,这说明R3与R1,R4和R5的VPNV4邻居关系正常,怀疑是R1,R4和R5上的VRF RT配置有问题,下一步检查R1,R4和R5上的VRF RT配置
在R1上使用命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14R1#show running-config | section vrf
ip vrf HUB
rd 200:100
ip vrf SPOKE
rd 100:200
ip vrf forwarding HUB
ip vrf forwarding SPOKE
address-family ipv4 vrf HUB
neighbor 16.1.1.6 remote-as 200
neighbor 16.1.1.6 activate
address-family ipv4 vrf SPOKE
neighbor 16.1.2.6 remote-as 200
neighbor 16.1.2.6 activate
R1#结果显示R1上没有没有配置export RT和import RT,下一步查看R4和R5上的RT,然后在R1上配置RT
在R4和R5上分别使用命令show running-config | section vrf 查看VRF配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15R4#show running-config | section vrf
vrf definition A
rd 100:200
!
address-family ipv4
route-target export 47:47
route-target import 16:16
route-target import 26:26
route-target import 58:58
exit-address-family
vrf forwarding A
address-family ipv4 vrf A
neighbor 47.1.1.7 remote-as 200
neighbor 47.1.1.7 activate
R4#1
2
3
4
5
6
7
8
9
10
11
12R5#show running-config | section vrf
ip vrf A
rd 100:200
route-target export 58:58
route-target import 16:16
route-target import 26:26
route-target import 47:47
ip vrf forwarding A
address-family ipv4 vrf A
neighbor 58.1.1.8 remote-as 200
neighbor 58.1.1.8 activate
R5#结果显示R4和R5上配置了RT,下一步需要在R1上添加RT配置
在R1上使用命令route-target export/import ASN:nn配置RT
1
2
3
4
5
6
7R1(config)#ip vrf HUB
R1(config-vrf)#route-target import 47:47
R1(config-vrf)#route-target import 58:58
R1(config)#ip vrf SPOKE
R1(config-vrf)#route-target export 16:16
R1(config-vrf)#在R1上使用命令show bgp vpnv4 unicast all查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20R1#show bgp vpnv4 unicast all
BGP table version is 10, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf SPOKE)
*> 0.0.0.0 16.1.2.6 0 200 i
*> 10.6.6.6/32 16.1.2.6 0 0 200 i
*>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
Route Distinguisher: 200:100 (default for vrf HUB)
*> 10.6.6.6/32 16.1.1.6 0 0 200 i
*>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
R1#结果显示在配置RT后,R1可以学习到R4和R5传递过来的路由
在R4和R5上分别使用命令show bgp vpnv4 unicast all查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R4#show bgp vpnv4 unicast all
BGP table version is 8, local router ID is 10.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*> 10.7.7.7/32 47.1.1.7 0 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
R4#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R5#show bgp vpnv4 unicast all
BGP table version is 8, local router ID is 10.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i
*> 10.8.8.8/32 58.1.1.8 0 0 200 i
R5#结果显示R1,R4和R5上都学习到了PE传递过来的VPNV4路由,下一步检查R6,R7和R8上的路由学习情况
在R6,R7和R8上分布使用命令show ip route bgp 查看bgp路由学习情况
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R6#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 16.1.3.1, 00:31:13
R6#1
2
3
4
5
6
7
8
9
10
11
12
13
14R7#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
R7#1
2
3
4
5
6
7
8
9
10
11
12
13
14R8#sh ip route b
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
R8#结果显示,R6,R7和R8上没有从PE上学习的路由不符合要求,下一步检查PE和CE上是否配置as-override和 allowas-in
在PE和CE设备上使用命令show running-config | include as-override和show running-config | include allowas-in 检查设备是否设置了as-override和 allowas-in
1
2
3R1#show running-config | include as-override
R1#show running-config | include allowas-in
R1#结果显示R上没有配置as-override和 allowas-in,经检查R1,R4,R5,R7,R8均没有设置这两项参数
在当前组网情况下,有两种解决方案
方案一:在R1,R4和R5上针对CE的BGP邻居设置as-override
方案二:在R1上针对CE的BGP邻居设置as-override,在R7和R8上针对PE的BGP邻居设置allowas-in
结合组网情况,本次使用方案一,下一步在R1,R4和R5上针对CE的BGP邻居设置as-override
在R1,R4和R5上使用命令neighbor x.x.x.x as-override
1
2
3
4
5
6
7R1(config)#router bgp 100
R1(config-router)# address-family ipv4 vrf HUB
R1(config-router-af)# neighbor 16.1.1.6 as-override
R1(config-router-af)#exit
R1(config-router)# address-family ipv4 vrf SPOKE
R1(config-router-af)# neighbor 16.1.2.6 as-override
R1(config-router-af)#1
2
3
4R4(config)#router bgp 100
R4(config-router)# address-family ipv4 vrf A
R4(config-router-af)# neighbor 47.1.1.7 as-override
R4(config-router-af)#1
2
3
4R5(config)#router bgp 100
R5(config-router)# address-family ipv4 vrf A
R5(config-router-af)# neighbor 58.1.1.8 as-override
R5(config-router-af)#在R6,R7和R8上分布使用命令show ip route bgp 查看bgp路由学习情况
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19R6#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 16.1.3.1, 00:47:49
10.0.0.0/32 is subnetted, 3 subnets
B 10.7.7.7 [20/0] via 16.1.1.1, 00:02:31
B 10.8.8.8 [20/0] via 16.1.1.1, 00:02:31
R6#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18R7#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 47.1.1.4 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 47.1.1.4, 00:00:54
10.0.0.0/32 is subnetted, 3 subnets
B 10.6.6.6 [20/0] via 47.1.1.4, 00:00:54
B 10.8.8.8 [20/0] via 47.1.1.4, 00:00:54
R7#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 58.1.1.5 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 58.1.1.5, 00:00:51
10.0.0.0/32 is subnetted, 3 subnets
B 10.6.6.6 [20/0] via 58.1.1.5, 00:00:51
B 10.7.7.7 [20/0] via 58.1.1.5, 00:00:51
R8#结果显示R6,R7和R8已经从对应PE学习到路由,下一步traceroute测试R7到R8的10.8.8.8
1
2
3
4
5
6
7
8
9R7#traceroute 10.8.8.8 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 10.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 47.1.1.4 [AS 100] 1 msec 3 msec 1 msec
2 34.1.1.3 [AS 100] [MPLS: Labels 307/500 Exp 0] 5 msec 5 msec 6 msec
3 58.1.1.5 [AS 100] [MPLS: Label 500 Exp 0] 3 msec 3 msec 3 msec
4 58.1.1.8 [AS 100] 5 msec * 11 msec
R7#结果显示R7到R8的10.8.8.8连通性正常,但是不符合R7 和R8两个站点通信必须经过R6的全局处理设计要求
按照拓扑图显示R7和R8应该建立IBGP邻居关系,给出的预配缺少配置,我猜这里考察的客户双CE接入同一AS不同PE的SOO防环知识点
而添加IBGP配置后R7和R8互相通信又会走IBGP或IGP,又要配置策略阻止R7和R8的互相学习,我就不自己加戏了
如果按照提供的预配来解决方案,只能在R4和R5编写route-map将R7和R8上的路由进行过滤,经过过滤后R4上不能学习到R8上的路由,R5上不能学习到R7的路由,最后结果符合设计要求
下一步在R4和R5上配置route-map对路由进行过滤的解决方案
在R4和R5上配置route-map对路由进行过滤
1
2
3
4
5
6
7
8
9R4(config)#ip prefix-list DENY-R8 permit 10.8.8.8/32
R4(config)#route-map DENY-R8 deny 10
R4(config-route-map)#match ip address prefix-list DENY-R8
R4(config-route-map)#route-map DENY-R8 permit 20
R4(config-route-map)#exit
R4(config)#router bgp 100
R4(config-router)#address-family vpnv4 unicast
R4(config-router-af)#neighbor 10.1.1.3 route-map DENY-R8 in
R4(config-router-af)#1
2
3
4
5
6
7
8
9R5(config)#ip prefix-list DENY-R7 permit 10.7.7.7/32
R5(config)#route-map DENY-R7 deny 10
R5(config-route-map)#match ip address prefix-list DENY-R7
R5(config-route-map)#route-map DENY-R7 permit 20
R5(config-route-map)#exit
R5(config)#router bgp 100
R5(config-router)#address-family vpnv4 unicast
R5(config-router-af)#nei 10.1.1.3 route-map DENY-R7 in
R5(config-router-af)#在R4和R5上分别使用命令show bgp vpnv4 unicast all查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15R4#show bgp vpnv4 unicast all
BGP table version is 10, local router ID is 10.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*> 10.7.7.7/32 47.1.1.7 0 0 200 i
R4#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20R5#sh run | s route-m
neighbor 10.1.1.3 route-map DENY-R7 in
route-map DENY-R7 deny 10
match ip address prefix-list DENY-R7
route-map DENY-R7 permit 20
R5#show bgp vpnv4 unicast all
BGP table version is 10, local router ID is 10.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*> 10.8.8.8/32 58.1.1.8 0 0 200 i
R5#结果显示经过过滤后R4上不能学习到R8上的路由,R5上不能学习到R7的路由
在R7和R8上分布使用命令show ip route bgp 查看bgp路由学习情况
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17R7#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 47.1.1.4 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 47.1.1.4, 00:19:47
10.0.0.0/32 is subnetted, 2 subnets
B 10.6.6.6 [20/0] via 47.1.1.4, 00:19:47
R7#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 58.1.1.5 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 58.1.1.5, 00:19:20
10.0.0.0/32 is subnetted, 2 subnets
B 10.6.6.6 [20/0] via 58.1.1.5, 00:19:20
R8#结果显示R7和R8不再通过PE学习到对端的路由,下一步traceroute测试R7到R8的10.8.8.8
在R7上使用命令traceroute 10.8.8.8 source loopback 0 numeric 进行traceroute测试
1
2
3
4
5
6
7
8
9
10
11
12
13R7#traceroute 10.8.8.8 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 10.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 47.1.1.4 [AS 100] 1 msec 2 msec 1 msec
2 34.1.1.3 [AS 100] [MPLS: Labels 306/106 Exp 0] 18 msec 5 msec 5 msec
3 16.1.2.1 [AS 100] [MPLS: Label 106 Exp 0] 5 msec 6 msec 5 msec
4 16.1.2.6 [AS 100] 6 msec 5 msec 5 msec
5 16.1.1.1 [AS 100] 5 msec 5 msec 6 msec
6 13.1.1.3 [AS 100] [MPLS: Labels 307/500 Exp 0] 10 msec 14 msec 11 msec
7 58.1.1.5 [AS 100] [MPLS: Label 500 Exp 0] 10 msec 9 msec 10 msec
8 58.1.1.8 [AS 100] 10 msec * 14 msec
R7#结果显示符合设计要求,R7以loopback 0 测试到10.8.8.8 的路径从R4进入MPLS网络到达R6再穿过MPLS网络到底R8,数据流量穿越MPLS网络中的标签值不符合截图输出没有影响,这是由于设备本地自主分配然后LDP邻居学习到的
排查CE路由表未完全学习R6上路由
经过前面步骤的排查,R1,R3,R4,R5,R6,R7和R8并没有学习到10.66.66.66和26.1.1.0的路由,下一步在R2上检查是否通过S1/1接口学习到R6的路由条目
在R2上使用命令show ip route vrf A查看路由表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R2#show ip route vrf A
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
R2#结果显示R2上没有学习到R6的路由,且连直连接口路由都没有,下一步检查R2的S1/1接口配置
在R2上使用命令show running-config interface serial 1/1查看接口配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15R2#show running-config interface serial 1/1
Building configuration...
Current configuration : 169 bytes
!
interface Serial1/1
ip vrf forwarding A
ip address 26.1.1.2 255.255.255.0
encapsulation ppp
ip ospf 1 area 0
ppp authentication chap
serial restart-delay 0
end
R2#结果显示该接口已经划入VRF A,启用了OSPF 1,并且配置了chap认证,下一步检查S1/1接口状态
在R2上使用命令show interfaces serial 1/1检查S1/1接口状态
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27R2#show interfaces serial 1/1
Serial1/1 is up, line protocol is down
Hardware is M4T
Internet address is 26.1.1.2/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:15:24
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1689 packets input, 33540 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2102 packets output, 45387 bytes, 0 underruns
0 output errors, 0 collisions, 410 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
410 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
R2#结果显示line protocol is down ,该结果显示链路层故障,联系到上一步骤中查看到ppp封装和chap认证,怀疑是认证出现了问题,下一步检查R6和R1之间的串口链路认证
在R2上使用debug ppp authentication 查看ppp认证交互信息,同时准备命令no debug all 随时终止debug消息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33R2#debug ppp authentication
PPP authentication debugging is on
R2#
*Jan 31 14:21:10.131: Se1/1 PPP: Using default call direction
*Jan 31 14:21:10.131: Se1/1 PPP: Treating connection as a dedicated line
*Jan 31 14:21:10.131: Se1/1 PPP: Session handle[B200026C] Session id[620]
*Jan 31 14:21:10.168: Se1/1 CHAP: O CHALLENGE id 1 len 23 from "R2"
*Jan 31 14:21:10.183: Se1/1 CHAP: I RESPONSE id 1 len 23 from "R6"
*Jan 31 14:21:10.183: Se1/1 PPP: Sent CHAP LOGIN Request
*Jan 31 14:21:10.183: Se1/1 PPP: Received LOGIN Response FAIL
*Jan 31 14:21:10.183: Se1/1 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
R2#
*Jan 31 14:21:12.223: Se1/1 PPP: Using default call direction
*Jan 31 14:21:12.223: Se1/1 PPP: Treating connection as a dedicated line
*Jan 31 14:21:12.223: Se1/1 PPP: Session handle[FD00026D] Session id[621]
*Jan 31 14:21:12.251: Se1/1 CHAP: O CHALLENGE id 1 len 23 from "R2"
*Jan 31 14:21:12.268: Se1/1 CHAP: I RESPONSE id 1 len 23 from "R6"
*Jan 31 14:21:12.268: Se1/1 PPP: Sent CHAP LOGIN Request
*Jan 31 14:21:12.268: Se1/1 PPP: Received LOGIN Response FAIL
*Jan 31 14:21:12.268: Se1/1 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
R2#no debu
*Jan 31 14:21:14.329: Se1/1 PPP: Using default call direction
*Jan 31 14:21:14.329: Se1/1 PPP: Treating connection as a dedicated line
*Jan 31 14:21:14.329: Se1/1 PPP: Session handle[E600026E] Session id[622]
*Jan 31 14:21:14.367: Se1/1 CHAP: O CHALLENGE id 1 len 23 from "R2"
*Jan 31 14:21:14.385: Se1/1 CHAP: I RESPONSE id 1 len 23 from "R6"
*Jan 31 14:21:14.385: Se1/1 PPP: Sent CHAP LOGIN Request
*Jan 31 14:21:14.385: Se1/1 PPP: Received LOGIN Response FAIL
*Jan 31 14:21:14.385: Se1/1 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
R2#no debu
R2#no debug all
All possible debugging has been turned off
R2#结果显示S1/1接口Authentication failed,下一步检查R2和R6上的chap认证密码配置
在R2和R6上使用命令show running-config | section user 检查用户名密码配置
1
2
3R2#show running-config | section user
username R6 password 0 cisco
R2#1
2
3R6#show running-config | section user
username R2 password 0 cisc0
R6#结果显示两端密码不一致,虽然R6的S1/1接口配置了与R2相同的密码,但是思科路由器会优先使用全局配置的密码进行认证流程
处理该认证失败故障有如下两种解决方案
方案一:在R2上修改密码为cisc0
方案二:在R6上修改密码为cisco
本次故障排除采用方案一,在R2上使用命令username R6 password 0 cisc0修改密码
1
2
3
4
5R2(config)#username R6 password 0 cisc0
*Jan 31 15:08:27.909: %SYS-5-CONFIG_I: Configured from console by console
*Jan 31 15:08:27.926: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
*Jan 31 15:08:28.024: %OSPF-5-ADJCHG: Process 1, Nbr 10.66.66.66 on Serial1/1 from LOADING to FULL, Loading Done
R2(config)#结果显示修改密码后,S1/1的链路层协议UP,且R2与R6的OSPF邻居已经建立,下一步检查R2的路由学习情况
在R2上使用命令show bgp vpnv4 unicast all 查看VPNV4路由标
1
2
3
4
5
6
7
8
9
10
11
12
13
14R2#show bgp vpnv4 unicast all
BGP table version is 11, local router ID is 10.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*> 10.66.66.66/32 26.1.1.6 65 32768 ?
*> 26.1.1.0/24 0.0.0.0 0 32768 ?
R2#结果显示R2已经学习到R6的路由,且VRF A的路由已经重分布进BGP,下一步检查其他PE是否学习到R2的VPNV4路由
在R4上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15R4#show bgp vpnv4 unicast all
BGP table version is 10, local router ID is 10.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*> 10.7.7.7/32 47.1.1.7 0 0 200 i
R4#结果显示R4没有学习到R2上的VPNV4路由,下一步检查R2的VRF RT配置
在R2上使用命令show running-config | section vrf查看VRF配置
1
2
3
4
5
6
7
8
9R2#show running-config | section vrf
ip vrf A
rd 100:200
ip vrf forwarding A
router ospf 1 vrf A
redistribute bgp 100 subnets
address-family ipv4 vrf A
redistribute ospf 1
R2#结果显示VRF A没有配置RT,下一步配置R2的RT
在R2上使用命令route-target export/import ASN:nn配置RT
1
2
3
4
5
6R2(config)#ip vrf A
R2(config-vrf)#route-target export 26:26
R2(config-vrf)#route-target import 16:16
R2(config-vrf)#route-target import 47:47
R2(config-vrf)#route-target import 58:58
R2(config-vrf)#在R4上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17R4#show bgp vpnv4 unicast all
BGP table version is 14, local router ID is 10.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf A)
*>i 0.0.0.0 10.1.1.1 0 100 0 200 i
*>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i
*> 10.7.7.7/32 47.1.1.7 0 0 200 i
*>i 10.66.66.66/32 10.1.1.2 65 100 0 ?
*>i 26.1.1.0/24 10.1.1.2 0 100 0 ?
R4#结果显示R4已经学习到R2上的VPNV4路由,下一步检查R6,R7和R8上的路由学习情况
在R7和R8上使用命令show ip route bgp查看路由学习
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20R7#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 47.1.1.4 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 47.1.1.4, 01:53:22
10.0.0.0/32 is subnetted, 3 subnets
B 10.6.6.6 [20/0] via 47.1.1.4, 01:53:22
B 10.66.66.66 [20/0] via 47.1.1.4, 00:04:31
26.0.0.0/24 is subnetted, 1 subnets
B 26.1.1.0 [20/0] via 47.1.1.4, 00:04:31
R7#1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 58.1.1.5 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 58.1.1.5, 01:53:11
10.0.0.0/32 is subnetted, 3 subnets
B 10.6.6.6 [20/0] via 58.1.1.5, 01:53:11
B 10.66.66.66 [20/0] via 58.1.1.5, 00:04:51
26.0.0.0/24 is subnetted, 1 subnets
B 26.1.1.0 [20/0] via 58.1.1.5, 00:04:51
R8#结果显示R7和R8学习到了对应的路由条目,且符合要求
下一步配置R1上的VRF RT,之前排查PE路由学习的时候没有添加针对R2的 RT import 配置
在R1上使用命令route-target import ASN:nn配置RT
1
2
3R1(config)#ip vrf HUB
R1(config-vrf)# route-target import 26:26
R1(config-vrf)#在R1上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24R1#show bgp vpnv4 unicast all
BGP table version is 20, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf SPOKE)
*> 0.0.0.0 16.1.2.6 0 200 i
*> 10.6.6.6/32 16.1.2.6 0 0 200 i
*>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
*>i 10.66.66.66/32 10.1.1.2 65 100 0 ?
*>i 26.1.1.0/24 10.1.1.2 0 100 0 ?
Route Distinguisher: 200:100 (default for vrf HUB)
*> 10.6.6.6/32 16.1.1.6 0 0 200 i
*>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i
*>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i
*>i 10.66.66.66/32 10.1.1.2 65 100 0 ?
*>i 26.1.1.0/24 10.1.1.2 0 100 0 ?
R1#结果显示R1已经学习到R2的VPNV4路由条目,下一步检查R6是否学习到路由条目
在R6上使用命令show ip route bgp查看路由学习
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22R6#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 16.1.3.1, 02:30:57
10.0.0.0/32 is subnetted, 4 subnets
B 10.7.7.7 [20/0] via 16.1.1.1, 02:30:45
B 10.8.8.8 [20/0] via 16.1.1.1, 02:30:45
B 10.66.66.66 [20/0] via 16.1.1.1, 00:01:57
26.0.0.0/24 is subnetted, 1 subnets
B 26.1.1.0 [20/0] via 16.1.1.1, 00:01:57
R6#结果显示R6已经学习到对应路由条目,且符合要求
在R6上使用命令show ip route vrf A ospf查看路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16R6#show ip route vrf A ospf
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
R6#结果显示没有路由条目,下一步在R2上检查是否把BGP路由重分布进VRF A 所在的路由协议
在R2上使用命令sh run | s r o 查看路由重复分布
1
2
3
4
5
6R2#sh run | s r o
router ospf 1 vrf A
redistribute bgp 100 subnets
router ospf 110
prefix-suppression
R2#结果显示已经将BGP路由重分布进OSPF 1进程
能学习到R6的路由说明R2与R6的邻居建立没有问题,且在R2上没有发现针对R6的路由过滤,
在R6和R2上发现使用划入VRF的接口进行互联,且将BGP重分布进ospf进程,这种组网情况要在PE上的ospf进程下启用vrf-lite
思科的OSPF防环机制当绑定到 VRF 的 OSPF 进程在收到邻居的5类LSA或7类LSA会检查Tag,当Tag与VPN-TAG时,这些5类LSA或7类LSA不会参与SFP算法计算路由
在R2使用命令capability vrf-lite 启用vrf-lite
1
2
3
4
5
6R2(config)# router ospf 1
R2(config-router)#capability vrf-lite
R2(config-router)#
*Jan 31 15:46:59.140: %OSPF-5-ADJCHG: Process 1, Nbr 10.66.66.66 on Serial1/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Jan 31 15:46:59.204: %OSPF-5-ADJCHG: Process 1, Nbr 10.66.66.66 on Serial1/1 from LOADING to FULL, Loading Done
R2(config-router)#结果显示启用vrf-lite 后,R2与R6的ospf邻居重置,下一步检查R6是否学习到路由条目
在R6上使用命令show ip route vrf A ospf查看路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20R6#show ip route vrf A ospf
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 4 subnets
O E2 10.6.6.6 [110/1] via 26.1.1.2, 00:24:28, Serial1/1
O E2 10.7.7.7 [110/1] via 26.1.1.2, 00:24:28, Serial1/1
O E2 10.8.8.8 [110/1] via 26.1.1.2, 00:24:28, Serial1/1
R6#结果显示R6与学习到对应路由条目,下一步在R2的OSPF 1 进程下发默认路由
在R2上使用命令default-information originate 下发ospf默认路由
1
2
3R2(config)# router ospf 1
R2(config-router)#default-information originate
R2(config-router)#在R6上使用命令show ip route vrf A ospf查看路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21R6#show ip route vrf A ospf
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 26.1.1.2 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 26.1.1.2, 00:01:10, Serial1/1
10.0.0.0/32 is subnetted, 4 subnets
O E2 10.6.6.6 [110/1] via 26.1.1.2, 00:29:54, Serial1/1
O E2 10.7.7.7 [110/1] via 26.1.1.2, 00:29:54, Serial1/1
O E2 10.8.8.8 [110/1] via 26.1.1.2, 00:29:54, Serial1/1
R6#结果显示R6已经学习到默认路由,且所以OSPF路由条目符合要求
在R6上使用命令traceroute vrf A 10.7.7.7 source loopback 1 numeric 跟踪路径
1
2
3
4
5
6
7
8
9R6#traceroute vrf A 10.7.7.7 source loopback 1 numeric
Type escape sequence to abort.
Tracing the route to 10.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
1 26.1.1.2 [AS 100] 13 msec 16 msec 16 msec
2 23.1.1.3 [MPLS: Labels 304/405 Exp 0] 20 msec 21 msec 16 msec
3 47.1.1.4 [MPLS: Label 405 Exp 0] 14 msec 19 msec 16 msec
4 47.1.1.7 21 msec * 19 msec
R6#结果显示符合要求
总结
- 这份拓扑中包含了MP-BGP的大部分知识点
- 完成MPLS网络的vpnv4邻居建立,接下来就靠VRF的RT控制接收和发送路由条目
- 熟悉查看vpnv4的路由表很重要
- 其实早几年我是玩过这个排错拓扑的,奈何脑子不够用学过等于又还回去了
- 不知道大家对这种学习过的技术,而工作中又接触不到这些项目,技术的知识点淡忘如何看待
- 欢迎“
来电”来函探讨。
