在51cto博客https://blog.51cto.com/dashu666/2163481 看到达叔的这份MPLS排错练习题分享文章,心痒痒决定手搓玩一玩
MPLS 环境如下图,现由于前面负责实施的工程师离职,留下烂尾工程,请按下面截图找出目前配置存在的错误并修复,要求项目部署完毕之后所有检查命令输出要和下面截图一致。 要求R7 和R8两个站点通信必须经过R6的全局处理、要求R6 的 vrfA 和 R7、R8能够直接通信
同时要求交一份排除故障的文档。 要求在文档中指出配置错误的地方,以及产生的影响,解决的方案。 不能使用任何静态路由、不允许修改 R4、R5 的 VRF 配置、不允许修改 R6的BGP配置
排查R1到10.1.1.2/32的MPLS标签转发问题
在R1上输入命令ping mpls ipv4 10.1.1.2/32 source 10.1.1.1,验证R1到10.1.1.2/32的MPLS标签转发过程问题存在
R1#ping mpls ipv4 10.1.1.2/32 source 10.1.1.1 Sending 5, 100-byte MPLS Echos to 10.1.1.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. ..... Success rate is 0 percent (0/5) R1#在R1上使用命令show mpls forwarding-table 查看LFIB
R1#show mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 102 Pop Label 10.1.1.3/32 0 Et0/0 13.1.1.3 103 304 10.1.1.2/32 0 Et0/0 13.1.1.3 104 307 10.1.1.5/32 0 Et0/0 13.1.1.3 105 306 10.1.1.4/32 0 Et0/0 13.1.1.3 106 No Label 10.6.6.6/32[V] 0 Et0/1.1 16.1.1.6 107 No Label 0.0.0.0/0[V] 0 Et0/1.2 16.1.2.6 108 No Label 10.6.6.6/32[V] 0 Et0/1.2 16.1.2.6 R1#结果显示R1去往R2的10.1.1.2有出方向标签,下一步检查R3设备的LFIB
在R3上使用命令show mpls forwarding-table 查看LFIB
R3#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 300 No Label 13.1.1.0/24 0 drop 301 No Label 23.1.1.0/24 0 drop 302 No Label 34.1.1.0/24 0 drop 303 No Label 35.1.1.0/24 0 drop 304 No Label 10.1.1.2/32 0 drop 305 No Label 10.1.1.1/32 0 drop 306 No Label 10.1.1.4/32 0 drop 307 No Label 10.1.1.5/32 0 drop R3#结果显示R3没有去往10.1.1.1/32和10.1.1.2/32的出方向标签,下一步检查R3上的LDP邻居关系
在R3上使用命令show mpls ldp neighbor 查看LDP邻居
R3#show mpls ldp neighbor Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.3:0 TCP connection: 10.1.1.1.646 - 10.1.1.3.59329 State: Oper; Msgs sent/rcvd: 56/52; Downstream Up time: 00:37:37 LDP discovery sources: Ethernet0/0, Src IP addr: 13.1.1.1 Addresses bound to peer LDP Ident: 13.1.1.1 10.1.1.1 16.1.3.1结果显示R3上有与R1的LDP邻居,没有与R2建立LDP邻居,下一步检查R3上LDP进程
在R3上使用命令show mpls ldp discovery 查看LDP进程信息
R3#show mpls ldp discovery Local LDP Identifier: 10.1.1.3:0 Discovery Sources: Interfaces: Ethernet0/0 (ldp): xmit/recv LDP Id: 10.1.1.1:0 Ethernet0/1 (ldp): xmit/recv LDP Id: 10.22.22.22:0; no route Ethernet0/2 (ldp): xmit Ethernet0/3 (ldp): xmit结果显示R3使用10.1.1.3为LDP router-id与对端建立LDP邻居,在Ethernet0/1收到 LDP ID为10.22.22.22的LDP报文且提示没有路由到达,而Ethernet0/1连接的是R2,怀疑R2上手动指定了10.22.22.22为LDP的router-id或LDP自动选举了该地址作为router-id,且该地址没有宣告底层IGP协议;R3与R1能建立LDP邻居,下一步检查R3的cef特性是否启用
在R3上使用用命令show ip cef 查看cef是否启用
R3#show ip cef %IPv4 CEF not running R3#结果显示R3没有启用cef特性,而FIB的形成依赖cef特性,因此需要启用设备的cef特性
在R3上使用命令ip cef 启用cef
R3(config)#ip cef在R3上使用命令show mpls forwarding-table 查看LFIB
R3#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 304 No Label 10.1.1.2/32 0 Et0/1 23.1.1.2 305 Pop Label 10.1.1.1/32 0 Et0/0 13.1.1.1 306 No Label 10.1.1.5/32 0 Et0/3 35.1.1.5 307 No Label 10.1.1.4/32 0 Et0/2 34.1.1.4 R3#结果显示R3上已经有去往10.1.1.1/32的出方向标签,下一步检查R2的LDP配置
在R上使用命令show mpls ldp discovery 查看LDP进程信息
R2#show mpls ldp discovery Local LDP Identifier: 10.22.22.22:0 Discovery Sources: Interfaces: Ethernet0/1 (ldp): xmit/recv LDP Id: 10.1.1.3:0 R2#结果显示R2使用10.22.22.22作为LDP的router-id,下一步检查R2上是否手动指定了10.22.22.22为LDP的router-id或LDP自动选举了该地址作为router-id
在R2上使用命令show run | include router-id查看是否手动指定了LDP的router-id
R2#show run | include router-id mpls ldp router-id Loopback1 force R2#结果显示R2上手动指定了Loopback1接口地址为router-id,下一步查看R2的所有环回接口地址配置
在R2上使用命令show ip interface brief | include Loopback 查看环回接口地址配置
R2#show ip interface brief | include Loopback Loopback0 10.1.1.2 YES TFTP up up Loopback1 10.22.22.22 YES TFTP up up R2#继续使用命令show running-config interface loopback 0 和 show running-config interface loopback 1 查看两个环回接口的配置
R2#show running-config interface loopback 0 Building configuration... Current configuration : 82 bytes ! interface Loopback0 ip address 10.1.1.2 255.255.255.0 ip ospf 110 area 0 end R2#show running-config interface loopback 1 Building configuration... Current configuration : 67 bytes ! interface Loopback1 ip address 10.22.22.22 255.255.255.255 end R2#综合以上结果显示,R2使用了手动设置LDP的router-id,这样手动指定router-id的配置本身没有问题,然而Loopback1并没有宣告进OSPF 110 进程,导致R3上没有10.22.22.22/32的路由,双方不能形成LDP邻居关系;
LDP邻居关系的建立是标签相互学习的的前提,需要解决R2和R3的LDP邻居建立问题
解决方案:
在R3使用命令手动指定Loopback0接口为LDP的router-id
R2(config)#mpls ldp router-id Loopback0 force从命令show running-config interface loopback 0查看到的结果显示Loopback0配置24位掩码的地址,在ospf网络中思科路由器会默认认为环回接口的ospf网络类型为LOOPBACK,无论环回接口是否配置32位掩码地址都会以32位掩码地址宣告进ospf进程中
R2本地LDP标签分配会为10.1.1.0/24分配标签,并不会为R2上不存在的10.1.1.2/32分配标签,R3虽然本地为10.1.1.2/32分配的本地标签,但是没有从R2上学习到10.1.1.2/32的标签
解决方案如下
R2上修改Loopback0的地址掩码为32位掩码
R2(config)#interface loopback 0 R2(config-if)# ip address 10.1.1.2 255.255.255.255 R2(config-if)#在R1上输入命令ping mpls ipv4 10.1.1.2/32 source 10.1.1.1,验证R1到10.1.1.2/32的MPLS标签转发过程问题是否存在
R1#ping mpls ipv4 10.1.1.2/32 source 10.1.1.1 Sending 5, 100-byte MPLS Echos to 10.1.1.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 38/138/181 ms R1#结果显示R1到10.1.1.2/32的MPLS标签转发过程问题已经解决
排查MPLS网络中其他设备标签转发问题
在上一步骤中在R3查看到没有R4和R5的LDP邻居,MPLS网络中IGP网络的标签转发出现问题,客户CE设备流量进入MPLS网络将不能转发到远端目的地。
检查R4的LDP配置
R4上使用show mpls ldp discovery 检查LDP进程
R4#show mpls ldp discovery R4#结果显示没有信息,下一步检查接口是否启用mpls ip和是否全局启用mpls ip
R4上使用show mpls interfaces 检查LDP接口信息
R4#show mpls interfaces Interface IP Tunnel BGP Static Operational R4#结果显示R4的Ethernet0/2接口没有启用mpls ip,下一步在R4将接口启用mpls ip
在R4上使用命令mpls ip将ethernet 0/2启用LDP
R4(config)#interface ethernet 0/2 R4(config-if)#mpls ip R4(config-if)# *Jan 30 17:52:31.200: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (1) is UP R4(config-if)#结果显示R4与10.1.1.3建立LDP邻居,下一步检查R4是否学习到MPLS网络中其他设备的出接口标签
在R4上使用命令show mpls forwarding-table 查看FLIB
R4#show mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 400 305 10.1.1.1/32 0 Et0/2 34.1.1.3 401 302 10.1.1.2/32 0 Et0/2 34.1.1.3 402 Pop Label 10.1.1.3/32 0 Et0/2 34.1.1.3 403 306 10.1.1.5/32 0 Et0/2 34.1.1.3 R4#结果显示R4上有到MPLS网络中其他设备的出接口标签
检查R5的LDP配置
在R5上使用命令show mpls ldp discovery 检查LDP进程
R5#show mpls ldp discovery Local LDP Identifier: 10.1.1.5:0 Discovery Sources: Interfaces: Ethernet0/3 (tdp): xmit R5#结果显示R5的Ethernet0/3使用标签协议为tdp,而R3上使用的是LDP协议,下一步修改R5使用LDP协议
在R5上使用命令mpls label protocol ldp 修改标签协议为LDP
R5(config)#mpls label protocol ldp R5(config)# *Jan 30 18:07:49.748: %LDP-5-NBRCHG: LDP Neighbor 10.1.1.3:0 (1) is UP R5(config)#结果显示在R5上修改标签协议后已经和10.1.1.3建立了邻居,下一步检查R5是否学习到MPLS网络中其他设备的出接口标签
在R5上使用命令show mpls forwarding-table 查看LFIB
R5#show mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 501 307 10.1.1.4/32 0 Et0/3 35.1.1.3 502 Pop Label 10.1.1.3/32 0 Et0/3 35.1.1.3 503 302 10.1.1.2/32 0 Et0/3 35.1.1.3 504 305 10.1.1.1/32 0 Et0/3 35.1.1.3 R5#结果显示R5上有到MPLS网络中其他设备的出接口标签
检查各PE设备环回接口之间的标签转发是否正常
R1#ping mpls ipv4 10.1.1.2/32 source 10.1.1.1 Sending 5, 100-byte MPLS Echos to 10.1.1.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 113/170/211 ms R1#ping mpls ipv4 10.1.1.3/32 source 10.1.1.1 Sending 5, 100-byte MPLS Echos to 10.1.1.3/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 53/214/497 ms R1#ping mpls ipv4 10.1.1.4/32 source 10.1.1.1 Sending 5, 100-byte MPLS Echos to 10.1.1.4/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 144/193/312 ms R1#ping mpls ipv4 10.1.1.5/32 source 10.1.1.1 Sending 5, 100-byte MPLS Echos to 10.1.1.5/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 166/227/293 ms R1#R2#ping mpls ipv4 10.1.1.1/32 source 10.1.1.2 Sending 5, 100-byte MPLS Echos to 10.1.1.1/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 81/167/201 ms R2#ping mpls ipv4 10.1.1.3/32 source 10.1.1.2 Sending 5, 100-byte MPLS Echos to 10.1.1.3/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 69/144/169 ms R2#ping mpls ipv4 10.1.1.4/32 source 10.1.1.2 Sending 5, 100-byte MPLS Echos to 10.1.1.4/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 47/205/442 ms R2#ping mpls ipv4 10.1.1.5/32 source 10.1.1.2 Sending 5, 100-byte MPLS Echos to 10.1.1.5/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 26/146/196 ms R2#R3#ping mpls ipv4 10.1.1.1/32 source 10.1.1.3 Sending 5, 100-byte MPLS Echos to 10.1.1.1/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 186/201/231 ms R3#ping mpls ipv4 10.1.1.2/32 source 10.1.1.3 Sending 5, 100-byte MPLS Echos to 10.1.1.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 191/218/281 ms R3#ping mpls ipv4 10.1.1.4/32 source 10.1.1.3 Sending 5, 100-byte MPLS Echos to 10.1.1.4/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 192/201/213 ms R3#ping mpls ipv4 10.1.1.5/32 source 10.1.1.3 Sending 5, 100-byte MPLS Echos to 10.1.1.5/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 189/224/314 ms R3#R4#ping mpls ip 10.1.1.1/32 source 10.1.1.4 Sending 5, 100-byte MPLS Echos to 10.1.1.1/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 187/221/309 ms R4#ping mpls ip 10.1.1.2/32 source 10.1.1.4 Sending 5, 100-byte MPLS Echos to 10.1.1.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 187/224/273 ms R4#ping mpls ip 10.1.1.3/32 source 10.1.1.4 Sending 5, 100-byte MPLS Echos to 10.1.1.3/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 193/201/210 ms R4#ping mpls ip 10.1.1.5/32 source 10.1.1.4 Sending 5, 100-byte MPLS Echos to 10.1.1.5/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 193/216/230 ms R4#R5#ping mpls ip 10.1.1.1/32 source 10.1.1.5 Sending 5, 100-byte MPLS Echos to 10.1.1.1/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/177/230 ms R5#ping mpls ip 10.1.1.2/32 source 10.1.1.5 Sending 5, 100-byte MPLS Echos to 10.1.1.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 103/213/464 ms R5#ping mpls ip 10.1.1.3/32 source 10.1.1.5 Sending 5, 100-byte MPLS Echos to 10.1.1.3/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 62/154/187 ms R5#ping mpls ip 10.1.1.4/32 source 10.1.1.5 Sending 5, 100-byte MPLS Echos to 10.1.1.4/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 173/278/642 ms R5#结果显示R1,R2,R3,R4,R5的标签转发为正常状态
MPLS优化
手动指定LDP的router-id
R1,R3,R4,R5的LDP router-id为自动选举,当后续在这些路由器上创建的IP地址比loopback 0地址大时,LDP进程重启或设备重启,这些设备将自动选举地址大的环回接口为router-id,而这些环回接口地址很可能没有宣告进OSPF 100 ,这会导致LDP邻居不能建立从而产生MPLS标签断裂问题
在R1,R3,R4,R5上使用命令mpls ldp router-id Loopback0 force手动指定LDP的router-id
R1(config)#mpls ldp router-id loopback 0 forceR3(config)#mpls ldp router-id loopback 0 forceR4(config)#mpls ldp router-id loopback 0 forceR5(config)#mpls ldp router-id loopback 0 forceR5上使用命令show running-config interface e 0/3查看Ethernet0/3接口配置
R5#show running-config interface e 0/3 Building configuration... Current configuration : 182 bytes ! interface Ethernet0/3 ip address 35.1.1.5 255.255.255.0 ip ospf network point-to-point ip ospf demand-circuit ip ospf 110 area 0 duplex auto mpls propagate-cos mpls ip end R5#结果显示该接口下配置了mpls propagate-cos,该命令用于在PE-CE接口的出口处启用,此命令从MPLS报头中的EXP值派生IP DSCP值,然后在IP报头中重写此值。由于拓扑中的MPLS网络没有配置QoS内容,删除该命令不会对现有网络造成影响
在R5上使用命令no mpls propagate-cos 删除该配置
R5(config)#interface ethernet 0/3 R5(config-if)#no mpls propagate-cos R5(config-if)#
排查R6,R7和R8的路由问题
要求R7 和R8两个站点通信必须经过R6的全局处理、要求R6 的 vrfA 和 R7、R8能够直接通信
不能使用任何静态路由、不允许修改 R4、R5 的 VRF 配置、不允许修改 R6的BGP配置
流量模型分析
要求R7 和R8两个站点通信必须经过R6的全局处理
- 根据需求可以判断出这是一个HUB-SPOKE组网结构,R6为HUB,R7和R8为SPOKE
- PE学习到总部CE和分支CE的路由,然后通过MPLS VPNV4传递到对端PE,总部CE和分支CE再从PE学习路由
- 总部和分支同时使用BGP 200 AS号码,根据as-path防环原则,总部不会学习到分支路由,分支也不会学习到总部路由,需要在PE上设置as-override或在CE设备配置 allowas-in
- R7和R8处于BGP 200,且同时接入相同BGP 100 的不同PE,需要考虑R7和R8之间的不合理次优路径问题
排查步骤
- 排查R1,R4和R5是否学习到客户CE上的路由
- 排查R1,R4和R5是否能学习对应PE的路由
- 排查R7和R8是否存在次优路径
排查R1,R4和R5是否学习到客户CE上的路由
在R1上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
R1#show bgp vpnv4 unicast all BGP table version is 4, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf SPOKE) *> 0.0.0.0 16.1.2.6 0 200 i *> 10.6.6.6/32 16.1.2.6 0 0 200 i Route Distinguisher: 200:100 (default for vrf HUB) *> 10.6.6.6/32 16.1.1.6 0 0 200 i R1#结果显示R1学习到了R6上的10.6.6.6/32路由,下一步检查R4和R5
在R4上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
R4#show bgp vpnv4 unicast all BGP table version is 4, local router ID is 10.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *> 10.7.7.7/32 47.1.1.7 0 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i R4#结果显示R4上学习到R7和R8上的路由,下一步检查R3上的VPNV4路由
在R3上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
R3#show bgp vpnv4 unicast all BGP table version is 18, local router ID is 10.1.1.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i Route Distinguisher: 200:100 *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i R3#结果显示R3上能学习到R6,R7和R8的路由,这说明R3与R1,R4和R5的VPNV4邻居关系正常,怀疑是R1,R4和R5上的VRF RT配置有问题,下一步检查R1,R4和R5上的VRF RT配置
在R1上使用命令
R1#show running-config | section vrf ip vrf HUB rd 200:100 ip vrf SPOKE rd 100:200 ip vrf forwarding HUB ip vrf forwarding SPOKE address-family ipv4 vrf HUB neighbor 16.1.1.6 remote-as 200 neighbor 16.1.1.6 activate address-family ipv4 vrf SPOKE neighbor 16.1.2.6 remote-as 200 neighbor 16.1.2.6 activate R1#结果显示R1上没有没有配置export RT和import RT,下一步查看R4和R5上的RT,然后在R1上配置RT
在R4和R5上分别使用命令show running-config | section vrf 查看VRF配置
R4#show running-config | section vrf vrf definition A rd 100:200 ! address-family ipv4 route-target export 47:47 route-target import 16:16 route-target import 26:26 route-target import 58:58 exit-address-family vrf forwarding A address-family ipv4 vrf A neighbor 47.1.1.7 remote-as 200 neighbor 47.1.1.7 activate R4#R5#show running-config | section vrf ip vrf A rd 100:200 route-target export 58:58 route-target import 16:16 route-target import 26:26 route-target import 47:47 ip vrf forwarding A address-family ipv4 vrf A neighbor 58.1.1.8 remote-as 200 neighbor 58.1.1.8 activate R5#结果显示R4和R5上配置了RT,下一步需要在R1上添加RT配置
在R1上使用命令route-target export/import ASN:nn配置RT
R1(config)#ip vrf HUB R1(config-vrf)#route-target import 47:47 R1(config-vrf)#route-target import 58:58 R1(config)#ip vrf SPOKE R1(config-vrf)#route-target export 16:16 R1(config-vrf)#在R1上使用命令show bgp vpnv4 unicast all查看VPNV4路由
R1#show bgp vpnv4 unicast all BGP table version is 10, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf SPOKE) *> 0.0.0.0 16.1.2.6 0 200 i *> 10.6.6.6/32 16.1.2.6 0 0 200 i *>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i Route Distinguisher: 200:100 (default for vrf HUB) *> 10.6.6.6/32 16.1.1.6 0 0 200 i *>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i R1#结果显示在配置RT后,R1可以学习到R4和R5传递过来的路由
在R4和R5上分别使用命令show bgp vpnv4 unicast all查看VPNV4路由
R4#show bgp vpnv4 unicast all BGP table version is 8, local router ID is 10.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *> 10.7.7.7/32 47.1.1.7 0 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i R4#R5#show bgp vpnv4 unicast all BGP table version is 8, local router ID is 10.1.1.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i *> 10.8.8.8/32 58.1.1.8 0 0 200 i R5#结果显示R1,R4和R5上都学习到了PE传递过来的VPNV4路由,下一步检查R6,R7和R8上的路由学习情况
在R6,R7和R8上分布使用命令show ip route bgp 查看bgp路由学习情况
R6#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 16.1.3.1, 00:31:13 R6#R7#sh ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set R7#R8#sh ip route b Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set R8#结果显示,R6,R7和R8上没有从PE上学习的路由不符合要求,下一步检查PE和CE上是否配置as-override和 allowas-in
在PE和CE设备上使用命令show running-config | include as-override和show running-config | include allowas-in 检查设备是否设置了as-override和 allowas-in
R1#show running-config | include as-override R1#show running-config | include allowas-in R1#结果显示R上没有配置as-override和 allowas-in,经检查R1,R4,R5,R7,R8均没有设置这两项参数
在当前组网情况下,有两种解决方案
方案一:在R1,R4和R5上针对CE的BGP邻居设置as-override
方案二:在R1上针对CE的BGP邻居设置as-override,在R7和R8上针对PE的BGP邻居设置allowas-in
结合组网情况,本次使用方案一,下一步在R1,R4和R5上针对CE的BGP邻居设置as-override
在R1,R4和R5上使用命令neighbor x.x.x.x as-override
R1(config)#router bgp 100 R1(config-router)# address-family ipv4 vrf HUB R1(config-router-af)# neighbor 16.1.1.6 as-override R1(config-router-af)#exit R1(config-router)# address-family ipv4 vrf SPOKE R1(config-router-af)# neighbor 16.1.2.6 as-override R1(config-router-af)#R4(config)#router bgp 100 R4(config-router)# address-family ipv4 vrf A R4(config-router-af)# neighbor 47.1.1.7 as-override R4(config-router-af)#R5(config)#router bgp 100 R5(config-router)# address-family ipv4 vrf A R5(config-router-af)# neighbor 58.1.1.8 as-override R5(config-router-af)#在R6,R7和R8上分布使用命令show ip route bgp 查看bgp路由学习情况
R6#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 16.1.3.1, 00:47:49 10.0.0.0/32 is subnetted, 3 subnets B 10.7.7.7 [20/0] via 16.1.1.1, 00:02:31 B 10.8.8.8 [20/0] via 16.1.1.1, 00:02:31 R6#R7#sh ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 47.1.1.4 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 47.1.1.4, 00:00:54 10.0.0.0/32 is subnetted, 3 subnets B 10.6.6.6 [20/0] via 47.1.1.4, 00:00:54 B 10.8.8.8 [20/0] via 47.1.1.4, 00:00:54 R7#R8#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 58.1.1.5 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 58.1.1.5, 00:00:51 10.0.0.0/32 is subnetted, 3 subnets B 10.6.6.6 [20/0] via 58.1.1.5, 00:00:51 B 10.7.7.7 [20/0] via 58.1.1.5, 00:00:51 R8#结果显示R6,R7和R8已经从对应PE学习到路由,下一步traceroute测试R7到R8的10.8.8.8
R7#traceroute 10.8.8.8 source loopback 0 numeric Type escape sequence to abort. Tracing the route to 10.8.8.8 VRF info: (vrf in name/id, vrf out name/id) 1 47.1.1.4 [AS 100] 1 msec 3 msec 1 msec 2 34.1.1.3 [AS 100] [MPLS: Labels 307/500 Exp 0] 5 msec 5 msec 6 msec 3 58.1.1.5 [AS 100] [MPLS: Label 500 Exp 0] 3 msec 3 msec 3 msec 4 58.1.1.8 [AS 100] 5 msec * 11 msec R7#结果显示R7到R8的10.8.8.8连通性正常,但是不符合R7 和R8两个站点通信必须经过R6的全局处理设计要求
按照拓扑图显示R7和R8应该建立IBGP邻居关系,给出的预配缺少配置,我猜这里考察的客户双CE接入同一AS不同PE的SOO防环知识点
而添加IBGP配置后R7和R8互相通信又会走IBGP或IGP,又要配置策略阻止R7和R8的互相学习,我就不自己加戏了
如果按照提供的预配来解决方案,只能在R4和R5编写route-map将R7和R8上的路由进行过滤,经过过滤后R4上不能学习到R8上的路由,R5上不能学习到R7的路由,最后结果符合设计要求
下一步在R4和R5上配置route-map对路由进行过滤的解决方案
在R4和R5上配置route-map对路由进行过滤
R4(config)#ip prefix-list DENY-R8 permit 10.8.8.8/32 R4(config)#route-map DENY-R8 deny 10 R4(config-route-map)#match ip address prefix-list DENY-R8 R4(config-route-map)#route-map DENY-R8 permit 20 R4(config-route-map)#exit R4(config)#router bgp 100 R4(config-router)#address-family vpnv4 unicast R4(config-router-af)#neighbor 10.1.1.3 route-map DENY-R8 in R4(config-router-af)#R5(config)#ip prefix-list DENY-R7 permit 10.7.7.7/32 R5(config)#route-map DENY-R7 deny 10 R5(config-route-map)#match ip address prefix-list DENY-R7 R5(config-route-map)#route-map DENY-R7 permit 20 R5(config-route-map)#exit R5(config)#router bgp 100 R5(config-router)#address-family vpnv4 unicast R5(config-router-af)#nei 10.1.1.3 route-map DENY-R7 in R5(config-router-af)#在R4和R5上分别使用命令show bgp vpnv4 unicast all查看VPNV4路由
R4#show bgp vpnv4 unicast all BGP table version is 10, local router ID is 10.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *> 10.7.7.7/32 47.1.1.7 0 0 200 i R4#R5#sh run | s route-m neighbor 10.1.1.3 route-map DENY-R7 in route-map DENY-R7 deny 10 match ip address prefix-list DENY-R7 route-map DENY-R7 permit 20 R5#show bgp vpnv4 unicast all BGP table version is 10, local router ID is 10.1.1.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *> 10.8.8.8/32 58.1.1.8 0 0 200 i R5#结果显示经过过滤后R4上不能学习到R8上的路由,R5上不能学习到R7的路由
在R7和R8上分布使用命令show ip route bgp 查看bgp路由学习情况
R7#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 47.1.1.4 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 47.1.1.4, 00:19:47 10.0.0.0/32 is subnetted, 2 subnets B 10.6.6.6 [20/0] via 47.1.1.4, 00:19:47 R7#R8#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 58.1.1.5 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 58.1.1.5, 00:19:20 10.0.0.0/32 is subnetted, 2 subnets B 10.6.6.6 [20/0] via 58.1.1.5, 00:19:20 R8#结果显示R7和R8不再通过PE学习到对端的路由,下一步traceroute测试R7到R8的10.8.8.8
在R7上使用命令traceroute 10.8.8.8 source loopback 0 numeric 进行traceroute测试
R7#traceroute 10.8.8.8 source loopback 0 numeric Type escape sequence to abort. Tracing the route to 10.8.8.8 VRF info: (vrf in name/id, vrf out name/id) 1 47.1.1.4 [AS 100] 1 msec 2 msec 1 msec 2 34.1.1.3 [AS 100] [MPLS: Labels 306/106 Exp 0] 18 msec 5 msec 5 msec 3 16.1.2.1 [AS 100] [MPLS: Label 106 Exp 0] 5 msec 6 msec 5 msec 4 16.1.2.6 [AS 100] 6 msec 5 msec 5 msec 5 16.1.1.1 [AS 100] 5 msec 5 msec 6 msec 6 13.1.1.3 [AS 100] [MPLS: Labels 307/500 Exp 0] 10 msec 14 msec 11 msec 7 58.1.1.5 [AS 100] [MPLS: Label 500 Exp 0] 10 msec 9 msec 10 msec 8 58.1.1.8 [AS 100] 10 msec * 14 msec R7#结果显示符合设计要求,R7以loopback 0 测试到10.8.8.8 的路径从R4进入MPLS网络到达R6再穿过MPLS网络到底R8,数据流量穿越MPLS网络中的标签值不符合截图输出没有影响,这是由于设备本地自主分配然后LDP邻居学习到的
排查CE路由表未完全学习R6上路由
经过前面步骤的排查,R1,R3,R4,R5,R6,R7和R8并没有学习到10.66.66.66和26.1.1.0的路由,下一步在R2上检查是否通过S1/1接口学习到R6的路由条目
在R2上使用命令show ip route vrf A查看路由表
R2#show ip route vrf A Routing Table: A Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set R2#结果显示R2上没有学习到R6的路由,且连直连接口路由都没有,下一步检查R2的S1/1接口配置
在R2上使用命令show running-config interface serial 1/1查看接口配置
R2#show running-config interface serial 1/1 Building configuration... Current configuration : 169 bytes ! interface Serial1/1 ip vrf forwarding A ip address 26.1.1.2 255.255.255.0 encapsulation ppp ip ospf 1 area 0 ppp authentication chap serial restart-delay 0 end R2#结果显示该接口已经划入VRF A,启用了OSPF 1,并且配置了chap认证,下一步检查S1/1接口状态
在R2上使用命令show interfaces serial 1/1检查S1/1接口状态
R2#show interfaces serial 1/1 Serial1/1 is up, line protocol is down Hardware is M4T Internet address is 26.1.1.2/24 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Closed, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 00:15:24 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1689 packets input, 33540 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 2102 packets output, 45387 bytes, 0 underruns 0 output errors, 0 collisions, 410 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 410 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R2#结果显示line protocol is down ,该结果显示链路层故障,联系到上一步骤中查看到ppp封装和chap认证,怀疑是认证出现了问题,下一步检查R6和R1之间的串口链路认证
在R2上使用debug ppp authentication 查看ppp认证交互信息,同时准备命令no debug all 随时终止debug消息
R2#debug ppp authentication PPP authentication debugging is on R2# *Jan 31 14:21:10.131: Se1/1 PPP: Using default call direction *Jan 31 14:21:10.131: Se1/1 PPP: Treating connection as a dedicated line *Jan 31 14:21:10.131: Se1/1 PPP: Session handle[B200026C] Session id[620] *Jan 31 14:21:10.168: Se1/1 CHAP: O CHALLENGE id 1 len 23 from "R2" *Jan 31 14:21:10.183: Se1/1 CHAP: I RESPONSE id 1 len 23 from "R6" *Jan 31 14:21:10.183: Se1/1 PPP: Sent CHAP LOGIN Request *Jan 31 14:21:10.183: Se1/1 PPP: Received LOGIN Response FAIL *Jan 31 14:21:10.183: Se1/1 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed" R2# *Jan 31 14:21:12.223: Se1/1 PPP: Using default call direction *Jan 31 14:21:12.223: Se1/1 PPP: Treating connection as a dedicated line *Jan 31 14:21:12.223: Se1/1 PPP: Session handle[FD00026D] Session id[621] *Jan 31 14:21:12.251: Se1/1 CHAP: O CHALLENGE id 1 len 23 from "R2" *Jan 31 14:21:12.268: Se1/1 CHAP: I RESPONSE id 1 len 23 from "R6" *Jan 31 14:21:12.268: Se1/1 PPP: Sent CHAP LOGIN Request *Jan 31 14:21:12.268: Se1/1 PPP: Received LOGIN Response FAIL *Jan 31 14:21:12.268: Se1/1 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed" R2#no debu *Jan 31 14:21:14.329: Se1/1 PPP: Using default call direction *Jan 31 14:21:14.329: Se1/1 PPP: Treating connection as a dedicated line *Jan 31 14:21:14.329: Se1/1 PPP: Session handle[E600026E] Session id[622] *Jan 31 14:21:14.367: Se1/1 CHAP: O CHALLENGE id 1 len 23 from "R2" *Jan 31 14:21:14.385: Se1/1 CHAP: I RESPONSE id 1 len 23 from "R6" *Jan 31 14:21:14.385: Se1/1 PPP: Sent CHAP LOGIN Request *Jan 31 14:21:14.385: Se1/1 PPP: Received LOGIN Response FAIL *Jan 31 14:21:14.385: Se1/1 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed" R2#no debu R2#no debug all All possible debugging has been turned off R2#结果显示S1/1接口Authentication failed,下一步检查R2和R6上的chap认证密码配置
在R2和R6上使用命令show running-config | section user 检查用户名密码配置
R2#show running-config | section user username R6 password 0 cisco R2#R6#show running-config | section user username R2 password 0 cisc0 R6#结果显示两端密码不一致,虽然R6的S1/1接口配置了与R2相同的密码,但是思科路由器会优先使用全局配置的密码进行认证流程
处理该认证失败故障有如下两种解决方案
方案一:在R2上修改密码为cisc0
方案二:在R6上修改密码为cisco
本次故障排除采用方案一,在R2上使用命令username R6 password 0 cisc0修改密码
R2(config)#username R6 password 0 cisc0 *Jan 31 15:08:27.909: %SYS-5-CONFIG_I: Configured from console by console *Jan 31 15:08:27.926: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up *Jan 31 15:08:28.024: %OSPF-5-ADJCHG: Process 1, Nbr 10.66.66.66 on Serial1/1 from LOADING to FULL, Loading Done R2(config)#结果显示修改密码后,S1/1的链路层协议UP,且R2与R6的OSPF邻居已经建立,下一步检查R2的路由学习情况
在R2上使用命令show bgp vpnv4 unicast all 查看VPNV4路由标
R2#show bgp vpnv4 unicast all BGP table version is 11, local router ID is 10.22.22.22 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *> 10.66.66.66/32 26.1.1.6 65 32768 ? *> 26.1.1.0/24 0.0.0.0 0 32768 ? R2#结果显示R2已经学习到R6的路由,且VRF A的路由已经重分布进BGP,下一步检查其他PE是否学习到R2的VPNV4路由
在R4上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
R4#show bgp vpnv4 unicast all BGP table version is 10, local router ID is 10.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *> 10.7.7.7/32 47.1.1.7 0 0 200 i R4#结果显示R4没有学习到R2上的VPNV4路由,下一步检查R2的VRF RT配置
在R2上使用命令show running-config | section vrf查看VRF配置
R2#show running-config | section vrf ip vrf A rd 100:200 ip vrf forwarding A router ospf 1 vrf A redistribute bgp 100 subnets address-family ipv4 vrf A redistribute ospf 1 R2#结果显示VRF A没有配置RT,下一步配置R2的RT
在R2上使用命令route-target export/import ASN:nn配置RT
R2(config)#ip vrf A R2(config-vrf)#route-target export 26:26 R2(config-vrf)#route-target import 16:16 R2(config-vrf)#route-target import 47:47 R2(config-vrf)#route-target import 58:58 R2(config-vrf)#在R4上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
R4#show bgp vpnv4 unicast all BGP table version is 14, local router ID is 10.1.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf A) *>i 0.0.0.0 10.1.1.1 0 100 0 200 i *>i 10.6.6.6/32 10.1.1.1 0 100 0 200 i *> 10.7.7.7/32 47.1.1.7 0 0 200 i *>i 10.66.66.66/32 10.1.1.2 65 100 0 ? *>i 26.1.1.0/24 10.1.1.2 0 100 0 ? R4#结果显示R4已经学习到R2上的VPNV4路由,下一步检查R6,R7和R8上的路由学习情况
在R7和R8上使用命令show ip route bgp查看路由学习
R7#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 47.1.1.4 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 47.1.1.4, 01:53:22 10.0.0.0/32 is subnetted, 3 subnets B 10.6.6.6 [20/0] via 47.1.1.4, 01:53:22 B 10.66.66.66 [20/0] via 47.1.1.4, 00:04:31 26.0.0.0/24 is subnetted, 1 subnets B 26.1.1.0 [20/0] via 47.1.1.4, 00:04:31 R7#R8#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 58.1.1.5 to network 0.0.0.0 B* 0.0.0.0/0 [20/0] via 58.1.1.5, 01:53:11 10.0.0.0/32 is subnetted, 3 subnets B 10.6.6.6 [20/0] via 58.1.1.5, 01:53:11 B 10.66.66.66 [20/0] via 58.1.1.5, 00:04:51 26.0.0.0/24 is subnetted, 1 subnets B 26.1.1.0 [20/0] via 58.1.1.5, 00:04:51 R8#结果显示R7和R8学习到了对应的路由条目,且符合要求
下一步配置R1上的VRF RT,之前排查PE路由学习的时候没有添加针对R2的 RT import 配置
在R1上使用命令route-target import ASN:nn配置RT
R1(config)#ip vrf HUB R1(config-vrf)# route-target import 26:26 R1(config-vrf)#在R1上使用命令show bgp vpnv4 unicast all 查看VPNV4路由
R1#show bgp vpnv4 unicast all BGP table version is 20, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:200 (default for vrf SPOKE) *> 0.0.0.0 16.1.2.6 0 200 i *> 10.6.6.6/32 16.1.2.6 0 0 200 i *>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i *>i 10.66.66.66/32 10.1.1.2 65 100 0 ? *>i 26.1.1.0/24 10.1.1.2 0 100 0 ? Route Distinguisher: 200:100 (default for vrf HUB) *> 10.6.6.6/32 16.1.1.6 0 0 200 i *>i 10.7.7.7/32 10.1.1.4 0 100 0 200 i *>i 10.8.8.8/32 10.1.1.5 0 100 0 200 i *>i 10.66.66.66/32 10.1.1.2 65 100 0 ? *>i 26.1.1.0/24 10.1.1.2 0 100 0 ? R1#结果显示R1已经学习到R2的VPNV4路由条目,下一步检查R6是否学习到路由条目
在R6上使用命令show ip route bgp查看路由学习
R6#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 16.1.3.1, 02:30:57 10.0.0.0/32 is subnetted, 4 subnets B 10.7.7.7 [20/0] via 16.1.1.1, 02:30:45 B 10.8.8.8 [20/0] via 16.1.1.1, 02:30:45 B 10.66.66.66 [20/0] via 16.1.1.1, 00:01:57 26.0.0.0/24 is subnetted, 1 subnets B 26.1.1.0 [20/0] via 16.1.1.1, 00:01:57 R6#结果显示R6已经学习到对应路由条目,且符合要求
在R6上使用命令show ip route vrf A ospf查看路由
R6#show ip route vrf A ospf Routing Table: A Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set R6#结果显示没有路由条目,下一步在R2上检查是否把BGP路由重分布进VRF A 所在的路由协议
在R2上使用命令sh run | s r o 查看路由重复分布
R2#sh run | s r o router ospf 1 vrf A redistribute bgp 100 subnets router ospf 110 prefix-suppression R2#结果显示已经将BGP路由重分布进OSPF 1进程
能学习到R6的路由说明R2与R6的邻居建立没有问题,且在R2上没有发现针对R6的路由过滤,
在R6和R2上发现使用划入VRF的接口进行互联,且将BGP重分布进ospf进程,这种组网情况要在PE上的ospf进程下启用vrf-lite
思科的OSPF防环机制当绑定到 VRF 的 OSPF 进程在收到邻居的5类LSA或7类LSA会检查Tag,当Tag与VPN-TAG时,这些5类LSA或7类LSA不会参与SFP算法计算路由
在R2使用命令capability vrf-lite 启用vrf-lite
R2(config)# router ospf 1 R2(config-router)#capability vrf-lite R2(config-router)# *Jan 31 15:46:59.140: %OSPF-5-ADJCHG: Process 1, Nbr 10.66.66.66 on Serial1/1 from FULL to DOWN, Neighbor Down: Interface down or detached *Jan 31 15:46:59.204: %OSPF-5-ADJCHG: Process 1, Nbr 10.66.66.66 on Serial1/1 from LOADING to FULL, Loading Done R2(config-router)#结果显示启用vrf-lite 后,R2与R6的ospf邻居重置,下一步检查R6是否学习到路由条目
在R6上使用命令show ip route vrf A ospf查看路由
R6#show ip route vrf A ospf Routing Table: A Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 10.0.0.0/32 is subnetted, 4 subnets O E2 10.6.6.6 [110/1] via 26.1.1.2, 00:24:28, Serial1/1 O E2 10.7.7.7 [110/1] via 26.1.1.2, 00:24:28, Serial1/1 O E2 10.8.8.8 [110/1] via 26.1.1.2, 00:24:28, Serial1/1 R6#结果显示R6与学习到对应路由条目,下一步在R2的OSPF 1 进程下发默认路由
在R2上使用命令default-information originate 下发ospf默认路由
R2(config)# router ospf 1 R2(config-router)#default-information originate R2(config-router)#在R6上使用命令show ip route vrf A ospf查看路由
R6#show ip route vrf A ospf Routing Table: A Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 26.1.1.2 to network 0.0.0.0 O*E2 0.0.0.0/0 [110/1] via 26.1.1.2, 00:01:10, Serial1/1 10.0.0.0/32 is subnetted, 4 subnets O E2 10.6.6.6 [110/1] via 26.1.1.2, 00:29:54, Serial1/1 O E2 10.7.7.7 [110/1] via 26.1.1.2, 00:29:54, Serial1/1 O E2 10.8.8.8 [110/1] via 26.1.1.2, 00:29:54, Serial1/1 R6#结果显示R6已经学习到默认路由,且所以OSPF路由条目符合要求
在R6上使用命令traceroute vrf A 10.7.7.7 source loopback 1 numeric 跟踪路径
R6#traceroute vrf A 10.7.7.7 source loopback 1 numeric Type escape sequence to abort. Tracing the route to 10.7.7.7 VRF info: (vrf in name/id, vrf out name/id) 1 26.1.1.2 [AS 100] 13 msec 16 msec 16 msec 2 23.1.1.3 [MPLS: Labels 304/405 Exp 0] 20 msec 21 msec 16 msec 3 47.1.1.4 [MPLS: Label 405 Exp 0] 14 msec 19 msec 16 msec 4 47.1.1.7 21 msec * 19 msec R6#结果显示符合要求
总结
- 这份拓扑中包含了MP-BGP的大部分知识点
- 完成MPLS网络的vpnv4邻居建立,接下来就靠VRF的RT控制接收和发送路由条目
- 熟悉查看vpnv4的路由表很重要
- 其实早几年我是玩过这个排错拓扑的,奈何脑子不够用学过等于又还回去了
- 不知道大家对这种学习过的技术,而工作中又接触不到这些项目,技术的知识点淡忘如何看待
- 欢迎“
来电”来函探讨。