miércoles, 21 de julio de 2010

Lab MPLS 1.6b MPLS VPN

Configuración SHAM-LINK

Configuración de Sham-Link. Hemos creado los ID SLO, asociamos a la vrf A, los publicamos en BGP vrf A, ahora debemos definir el area sham-link, ID local ID remoto y el costo (por defecto 10).


Ejemplo 5-11
─────────────────────────────────────────────────────────────────

R2
router ospf 100 vrf A
area 0 sham-link 20.0.0.2 30.0.0.3 cost 2

R3
router ospf 100 vrf A
area 0 sham-link 30.0.0.3 20.0.0.2 cost 2

R2#
%OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on OSPF_SL0 from LOADING to FULL, Loading Done

R3#
%OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on OSPF_SL0 from LOADING to FULL, Loading Done

R2#show ip ospf sham-links
Sham Link OSPF_SL0 to address 30.0.0.3 is up
Area 0 source address 20.0.0.2
Run as demand circuit
DoNotAge LSA allowed. Cost of using 2 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:04
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

R3#show ip ospf sham-links
Sham Link OSPF_SL0 to address 20.0.0.2 is up
Area 0 source address 30.0.0.3
Run as demand circuit
DoNotAge LSA allowed. Cost of using 2 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

─────────────────────────────────────────────────────────────────

En OSPF un costo menor tiene preferencia. Para que los routers R8 y R9 utilicen la red del proveedor, el enlace backdoor R8/R9 debe tener un costo OSPF mayor.

Por ejemplo el costo actual para alcanzar el prefijo de R9 desde R8 es:

Costo enlace FastEthernet0/1 1 + el costo de la loopback 1 = 2

El costo a través del backbone es:

Costo enlace FastEthernet0/1 1 + Costo sham-link 2 + Costo FastEnternet 0/0 1 + Costo loopback 1 = 5

Finalmente cambiamos el costo del enlace backdoor a un valor mayor que 5.


Ejemplo 5-12
─────────────────────────────────────────────────────────────────

R8
interface FastEthernet0/1
ip ospf cost 6

R9
interface FastEthernet0/1
ip ospf cost 6


R8#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.9 [110/5] via 172.16.28.2, 00:29:36, FastEthernet0/0
20.0.0.0/32 is subnetted, 1 subnets
O E2 20.0.0.2 [110/1] via 172.16.28.2, 00:31:26, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.39.0 [110/4] via 172.16.28.2, 00:29:36, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.0.0.3 [110/1] via 172.16.28.2, 00:29:51, FastEthernet0/0


R9#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.8 [110/5] via 172.16.39.3, 00:04:11, FastEthernet0/0
20.0.0.0/32 is subnetted, 1 subnets
O E2 20.0.0.2 [110/1] via 172.16.39.3, 00:04:11, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.28.0 [110/4] via 172.16.39.3, 00:04:11, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.0.0.3 [110/1] via 172.16.39.3, 00:04:11, FastEthernet0/0


R8#traceroute 100.0.0.9
1 172.16.28.2 52 msec 36 msec 76 msec
2 10.1.12.1 [MPLS: Labels 1001/3011 Exp 0] 128 msec 128 msec 128 msec
3 172.16.39.3 [MPLS: Label 3011 Exp 0] 152 msec 96 msec 144 msec
4 172.16.39.9 136 msec * 152 msec

R9#traceroute 100.0.0.8
1 172.16.39.3 68 msec 40 msec 32 msec
2 10.1.13.1 [MPLS: Labels 1000/2007 Exp 0] 108 msec 116 msec 204 msec
3 172.16.28.2 [MPLS: Label 2007 Exp 0] 116 msec 88 msec 88 msec
4 172.16.28.8 128 msec * 192 msec

─────────────────────────────────────────────────────────────────

¿Qué pasa si publicamos los prefijos sham-link en OSPF?

Supongamos que en lugar de publicar los ID sham-link en BGP vrf A lo hacemos en el proceso OSPF vrf A. La AD de OSPF es 110 tiene prioridad sobre la AD 200 de iBGP y los ID se insertan en la tabla RIB vrf A proceso OSPF. Como se trata de un “on demand circuit” y los mensajes hellos se suprimen, los PEs pierden rápidamente conectividad OSPF y la adyacencia OSPF vrf A entre PEs no existe. Como los prefijos están siendo redistribuidos, son aprendidos nuevamente a través de iBGP (UP/DOWN/UP). Esta situación se repite constantemente (flaping).

El ejemplo 5-13 muestra el comportamiento cuando publicamos los ID SL en OSPF vrf.


El ejemplo 5-13
─────────────────────────────────────────────────────────────────

R3

router ospf 100 vrf A

network 30.0.0.3 0.0.0.0 area 0

area 0 sham-link 30.0.0.3 20.0.0.2 cost 2

R2

router ospf 100 vrf A

network 20.0.0.2 0.0.0.0 area 0

area 0 sham-link 20.0.0.2 30.0.0.3 cost 2

%OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on OSPF_SL0 from FULL to DOWN, Neighbor Down: Interface down or detached

%OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on OSPF_SL0 from LOADING to FULL, Loading Done

%OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on OSPF_SL0 from FULL to DOWN, Neighbor Down: Interface down or detached

%OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on OSPF_SL0 from LOADING to FULL, Loading Done

%OSPF-5-ADJCHG: Process 100, Nbr 3.3.3.3 on OSPF_SL0 from FULL to DOWN, Neighbor Down: Interface down or detached

R3#sh ip route vrf A 20.0.0.2

Routing entry for 20.0.0.2/32

Known via "ospf 100", distance 110, metric 3, type intra area

Redistributing via bgp 1

Last update from 10.0.0.2 00:00:03 ago

Routing Descriptor Blocks:

* 10.0.0.2 (Default-IP-Routing-Table), from 2.2.2.2, 00:00:03 ago

Route metric is 3, traffic share count is 1

R3#sh ip route vrf A 20.0.0.2

Routing entry for 20.0.0.2/32

Known via "bgp 1", distance 200, metric 0, type internal

Redistributing via ospf 100

Advertised by ospf 100 subnets

Last update from 10.0.0.2 00:00:05 ago

Routing Descriptor Blocks:

* 10.0.0.2 (Default-IP-Routing-Table), from 10.0.0.2, 00:00:05 ago

Route metric is 0, traffic share count is 1

AS Hops 0

R2#sh ip route vrf A 30.0.0.3

Routing entry for 30.0.0.3/32

Known via "ospf 100", distance 110, metric 3, type intra area

Redistributing via bgp 1

Last update from 10.0.0.3 00:00:00 ago

Routing Descriptor Blocks:

* 10.0.0.3 (Default-IP-Routing-Table), from 3.3.3.3, 00:00:00 ago

Route metric is 3, traffic share count is 1

R2#sh ip route vrf A 30.0.0.3

Routing entry for 30.0.0.3/32

Known via "bgp 1", distance 200, metric 0, type internal

Redistributing via ospf 100

Advertised by ospf 100 subnets

Last update from 10.0.0.3 00:00:05 ago

Routing Descriptor Blocks:

* 10.0.0.3 (Default-IP-Routing-Table), from 10.0.0.3, 00:00:05 ago

Route metric is 0, traffic share count is 1

AS Hops 0

─────────────────────────────────────────────────────────────────


Los prefijos SLO tienen utilidad entre los PEs R2 y R3. R8 y R9 no necesitan estos prefijos y podemos filtrarlos de dos maneras:

· Utilizando distribute-list, lo que impide que se instalen las actualizaciones de entrada para los prefijos definidos en una lista de acceso en el CE(ejemplo 5-14)

· Utilizando un route-map en la redistribución de BGP dentro de OSPF en el PE (Ejemplo 5-15)


El primer método es utilizado no escala bien. La actualización para los prefijos SLO debe alcanzar a los CEs. Si escojemos este método es para mantener una tabla homogenea pero el trafico adicional de la actualizacion llegará hasta los routers del cliente y será procesada y almacenada en la base de datos OSPF (ver ejemplo 5-14).


Ejemplo 5-14
─────────────────────────────────────────────────────────────────

R9#sh ip route ospf | i E2
O E2 20.0.0.2 [110/1] via 172.16.39.3, 00:38:58, FastEthernet0/0
O E2 30.0.0.3 [110/1] via 172.16.39.3, 00:38:58, FastEthernet0/0

R8#sh ip route ospf | i E2
O E2 20.0.0.2 [110/1] via 172.16.28.2, 01:07:19, FastEthernet0/0
O E2 30.0.0.3 [110/1] via 172.16.28.2, 01:05:45, FastEthernet0/0

R8
access-list 10 deny 20.0.0.2
access-list 10 deny 30.0.0.3

router ospf 100
distribute-list 10 in

R9
access-list 10 deny 20.0.0.2
access-list 10 deny 30.0.0.3

router ospf 100
distribute-list 10 in


R8#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.9 [110/5] via 172.16.28.2, 00:04:50, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.39.0 [110/4] via 172.16.28.2, 00:04:50, FastEthernet0/0

R9#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.8 [110/5] via 172.16.39.3, 00:01:39, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.28.0 [110/4] via 172.16.39.3, 00:01:39, FastEthernet0/0

R8#show ip ospf database
OSPF Router with ID (100.0.0.8) (Process ID 100)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 614 0x80000091 0x00FA3D 3
3.3.3.3 3.3.3.3 634 0x8000008F 0x0041DC 3
100.0.0.8 100.0.0.8 67 0x8000000D 0x000A29 5
100.0.0.9 100.0.0.9 67 0x8000000C 0x00F61F 5

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
20.0.0.2 2.2.2.2 614 0x80000003 0x001EA3 3489660929
20.0.0.2 3.3.3.3 635 0x80000003 0x00FFBD 3489660929
30.0.0.3 2.2.2.2 614 0x80000003 0x009125 3489660929
30.0.0.3 3.3.3.3 635 0x80000003 0x00733F 3489660929
─────────────────────────────────────────────────────────────────

La ventaja del segundo método es evidente. No hay procesamiento adicional en el router del cliente (CE R8/R9) ya que el Provider Edge NO envía actualizaciones de los prefijos SLO (ver ejemplo 5-14)



Ejemplo 5-15 Filtrado en la redistribución
─────────────────────────────────────────────────────────────────

R2
router ospf 100 vrf A
redistribute bgp 1 subnets route-map SHAM-PRE

access-list 10 permit 20.0.0.2
access-list 10 permit 30.0.0.3

route-map SHAM-PRE deny 10
match ip address 10

route-map SHAM-PRE permit 20

R3
access-list 10 permit 20.0.0.2
access-list 10 permit 30.0.0.3

route-map SHAM-PRE deny 10
match ip address 10
!
route-map SHAM-PRE permit 20

router ospf 100 vrf A
redistribute bgp 1 subnets route-map SHAM-PRE

R8#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.9 [110/5] via 172.16.28.2, 00:10:41, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.39.0 [110/4] via 172.16.28.2, 00:10:41, FastEthernet0/0

R9#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.8 [110/5] via 172.16.39.3, 00:18:28, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.28.0 [110/4] via 172.16.39.3, 00:18:28, FastEthernet0/0

R8#sh ip ospf database
OSPF Router with ID (100.0.0.8) (Process ID 100)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 1167 0x80000093 0x00F63F 3
3.3.3.3 3.3.3.3 1247 0x80000091 0x003DDE 3
100.0.0.8 100.0.0.8 1094 0x8000000F 0x00062B 5
100.0.0.9 100.0.0.9 798 0x8000000E 0x00F221 5

R9#show ip ospf database
OSPF Router with ID (100.0.0.9) (Process ID 100)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 1652 0x80000093 0x00F63F 3
3.3.3.3 3.3.3.3 1730 0x80000091 0x003DDE 3
100.0.0.8 100.0.0.8 1579 0x8000000F 0x00062B 5
100.0.0.9 100.0.0.9 1281 0x8000000E 0x00F221 5
─────────────────────────────────────────────────────────────────


No hay comentarios:

Publicar un comentario