miércoles, 21 de julio de 2010

Lab MPLS 1.6c MPLS VPN

Sitio 2

· Crear la VPN B en Sitio 2 (ver figura). Utilizar RD/RT 1:2.

· Configurar OSPF 100 area 1

· R6 debe ser DR. R7 BDR para el segmento 192.168.100.0/24

· Redistribuir mutuamente OSPF/BGP en R5 (PE).

· Configurar Area 2 R6/R7 sin elección de DR.

· Sitio 1 y Sitio 2 deben deben tener conexión.

· R5 debe distribuir la carga en proporción 1:1 para el destino 192.168.67.0/24



Ejemplo 5-16
─────────────────────────────────────────────────────────────────

R5
ip vrf B
rd 1:2
route-target export 1:2

interface FastEthernet0/0
ip vrf forwarding B
ip address 192.168.100.5 255.255.255.0

R5#ping vrf B 192.168.100.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/59/76 ms

R5#ping vrf B 192.168.100.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/48/108 ms

─────────────────────────────────────────────────────────────────

· Configurar OSPF 100 area 1

· R6 debe ser DR. R7 BDR. R5 nunca puede ser DR/BDR.

· Redistribuir mutuamente OSPF/BGP en R5 (PE).

Para que R5 no sea elegido DR o BDR debemos configurar la interface física con prioridad OSPF 0.

Normalmente no necesitamos configurar adyacencia entre un DR y DROTHER (si soloamente existen dos routers en un segmento Ethernet) sin embargo es perfectamente legal para OSPF como muestra el ejemplo 5-14



Ejemplo 5-14
─────────────────────────────────────────────────────────────────

R5
router ospf 100 vrf B
router-id 5.5.5.5
redistribute bgp 1 subnets
network 192.168.100.5 0.0.0.0 area 0

router bgp 1
address-family ipv4 vrf B
redistribute ospf 100 vrf B match internal external 1 external 2

interface FastEthernet0/0
ip ospf priority 0

R6
interface Loopback0
ip address 100.0.0.6 255.255.255.255

interface FastEthernet0/0
ip ospf priority 100

router ospf 100
router-id 100.0.0.6
network 100.0.0.6 0.0.0.0 area 0
network 192.168.100.6 0.0.0.0 area 0

R6#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
5.5.5.5 0 FULL/DROTHER 00:00:30 192.168.100.5 FastEthernet0/0

R5#show ip ospf 100 neighbor
Neighbor ID Pri State Dead Time Address Interface
100.0.0.6 100 FULL/DR 00:00:35 192.168.100.6 FastEthernet0/0

─────────────────────────────────────────────────────────────────

Configuración BDR segmento 192.168.100.0/24.

R6 y R7 ahora compiten por ser elegidos DR. Como podemos ver (Figura 5-15), el proceso de negociación OSPF pasa por varios estados antes de converger.


Ejemplo 5-15
─────────────────────────────────────────────────────────────────

R7
interface Loopback0
ip address 100.0.0.7 255.255.255.255

interface FastEthernet0/0
ip ospf priority 50

router ospf 100
router-id 100.0.0.7
network 100.0.0.7 0.0.0.0 area 0
network 192.168.100.7 0.0.0.0 area 0


R6#debug ip ospf adj
OSPF adjacency events debugging is on


OSPF: Rcv DBD from 100.0.0.7 on FastEthernet0/0 seq 0xCF2 opt 0x52 flag 0x7 len 32 mtu 1500 state INIT
OSPF: 2 Way Communication to 100.0.0.7 on FastEthernet0/0, state 2WAY
OSPF: Neighbor change Event on interface FastEthernet0/0
OSPF: DR/BDR election on FastEthernet0/0
OSPF: Elect BDR 100.0.0.7
OSPF: Elect DR 100.0.0.6
DR: 100.0.0.6 (Id) BDR: 100.0.0.7 (Id)
OSPF: FastEthernet0/0 Nbr 100.0.0.7: Prepare dbase exchange
OSPF: Send DBD to 100.0.0.7 on FastEthernet0/0 seq 0x1942 opt 0x52 flag 0x7 len 32
OSPF: NBR Negotiation Done. We are the SLAVE
OSPF: FastEthernet0/0 Nbr 100.0.0.7: Summary list built, size 3
OSPF: Send DBD to 100.0.0.7 on FastEthernet0/0 seq 0xCF2 opt 0x52 flag 0x2 len 92
OSPF: Neighbor change Event on interface FastEthernet0/0
OSPF: DR/BDR election on FastEthernet0/0
OSPF: Elect BDR 100.0.0.7
OSPF: Elect DR 100.0.0.6
DR: 100.0.0.6 (Id) BDR: 100.0.0.7 (Id)
OSPF: Neighbor change Event on interface FastEthernet0/0
OSPF: DR/BDR elect
R6#ion on FastEthernet0/0
OSPF: Elect BDR 100.0.0.7
OSPF: Elect DR 100.0.0.6
DR: 100.0.0.6 (Id) BDR: 100.0.0.7 (Id)
OSPF: Rcv DBD from 100.0.0.7 on FastEthernet0/0 seq 0xCF3 opt 0x52 flag 0x1 len 52 mtu 1500 state EXCHANGE
OSPF: Exchange Done with 100.0.0.7 on FastEthernet0/0
OSPF: Send LS REQ to 100.0.0.7 length 12 LSA count 1
OSPF: Send DBD to 100.0.0.7 on FastEthernet0/0 seq 0xCF3 opt 0x52 flag 0x0 len 32
OSPF: Rcv LS UPD from 100.0.0.7 on FastEthernet0/0 length 76 LSA count 1
OSPF: Synchronized with 100.0.0.7 on FastEthernet0/0, state FULL
%OSPF-5-ADJCHG: Process 100, Nbr 100.0.0.7 on FastEthernet0/0 from LOADING to FULL, Loading Done
OSPF: Rcv LS REQ from 100.0.0.7 on FastEthernet0/0 length 60 LSA count 3
OSPF: Build network LSA for FastEthernet0/0, router ID 100.0.0.6
OSPF: Build network LSA for FastEthernet0/0, router ID 100.0.0.6


R5#show ip ospf 100 neighbor
Neighbor ID Pri State Dead Time Address Interface
100.0.0.6 100 FULL/DR 00:00:39 192.168.100.6 FastEthernet0/0
100.0.0.7 50 FULL/BDR 00:00:36 192.168.100.7 FastEthernet0/0

R6#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
5.5.5.5 0 FULL/DROTHER 00:00:39 192.168.100.5 FastEthernet0/0
100.0.0.7 50 FULL/BDR 00:00:32 192.168.100.7 FastEthernet0/0

R7#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
5.5.5.5 0 FULL/DROTHER 00:00:37 192.168.100.5 FastEthernet0/0
100.0.0.6 100 FULL/DR 00:00:32 192.168.100.6 FastEthernet0/0
─────────────────────────────────────────────────────────────────


· Configurar Area 2 R6/R7 sin elección de DR.


Como en los casos anteriores, la intereface física del segmente debe ser tratada como red OSPF punto a punto.


Ejemplo 5-16
─────────────────────────────────────────────────────────────────

R6
interface FastEthernet0/1
ip ospf network point-to-point

router ospf 100
network 192.168.67.6 0.0.0.0 area 2

R7
interface FastEthernet0/1
ip ospf network point-to-point

router ospf 100
network 192.168.67.7 0.0.0.0 area 2


R6#show ip ospf neighbor fastEthernet 0/1
Neighbor ID Pri State Dead Time Address Interface
100.0.0.7 0 FULL/ - 00:00:36 192.168.67.7 FastEthernet0/1

R7#show ip ospf neighbor fastEthernet 0/1
Neighbor ID Pri State Dead Time Address Interface
100.0.0.6 0 FULL/ - 00:00:35 192.168.67.6 FastEthernet0/1


R5#sh ip route vrf B ospf
Routing Table: B
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.6 [110/2] via 192.168.100.6, 00:52:18, FastEthernet0/0
O 100.0.0.7 [110/2] via 192.168.100.7, 00:13:31, FastEthernet0/0
O IA 192.168.67.0/24 [110/2] via 192.168.100.7, 00:00:26, FastEthernet0/0
[110/2] via 192.168.100.6, 00:01:49, FastEthernet0/0
R6#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.7 [110/2] via 192.168.100.7, 00:23:58, FastEthernet0/0

R7#sh ip route ospf
100.0.0.0/32 is subnetted, 2 subnets
O 100.0.0.6 [110/2] via 192.168.100.6, 00:22:45, FastEthernet0/0

─────────────────────────────────────────────────────────────────



· Sitio 1 y Sitio 2 deben deben tener conexión.


Este punto es directo. Debemos importar RT del sitio al que deseamos conectarnos. R2 necesita importar el RT 1:2. Sitio 2, Sitio 2 por R5 exporta el RT 1:2, Antes de poder comunicar Sitio 1 y Sitio 2 comprobamos los prefijos vpnv4 instalados en la tabla BGP de los PEs.


Ejemplo 5-17
─────────────────────────────────────────────────────────────────

R2#show bgp vpnv4 unicast all
BGP table version is 712, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf A)
*> 20.0.0.2/32 0.0.0.0 0 32768 i
*>i30.0.0.3/32 10.0.0.3 0 100 0 i
*> 100.0.0.8/32 172.16.28.8 2 32768 ?
r>i100.0.0.9/32 10.0.0.3 2 100 0 ?
*> 172.16.28.0/24 0.0.0.0 0 32768 ?
r>i172.16.39.0/24 10.0.0.3 0 100 0 ?
*> 172.16.89.0/24 172.16.28.8 7 32768 ?
* i 10.0.0.3 7 100 0 ?

R3#show bgp vpnv4 unicast all
BGP table version is 649, local router ID is 10.0.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf A)
*>i20.0.0.2/32 10.0.0.2 0 100 0 i
*> 30.0.0.3/32 0.0.0.0 0 32768 i
r>i100.0.0.8/32 10.0.0.2 2 100 0 ?
*> 100.0.0.9/32 172.16.39.9 2 32768 ?
r>i172.16.28.0/24 10.0.0.2 0 100 0 ?
*> 172.16.39.0/24 0.0.0.0 0 32768 ?
* i172.16.89.0/24 10.0.0.2 7 100 0 ?
*> 172.16.39.9 7 32768 ?

R5#show bgp vpnv4 unicast all
BGP table version is 21, local router ID is 10.0.0.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:2 (default for vrf B)
*> 100.0.0.6/32 192.168.100.6 2 32768 ?
*> 100.0.0.7/32 192.168.100.7 2 32768 ?
*> 192.168.67.0 192.168.100.6 2 32768 ?
*> 192.168.100.0 0.0.0.0 0 32768 ?
─────────────────────────────────────────────────────────────────



Ejemplo 5-18
─────────────────────────────────────────────────────────────────

R2
ip vrf A
route-target import 1:2


R3
ip vrf A
route-target import 1:2


R5
ip vrf B
route-target import 1:1

Antes de comprobar conexión entre sitios debemos verificar que los prefijos vpnv4 se hayan instalado en la tabla de los PEs de Sitio 1 (RT 1:2).

Ejemplo 5-19
─────────────────────────────────────────────────────────────────

R2#show bgp vpnv4 unicast rd 1:2
BGP table version is 720, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:2
*>i100.0.0.6/32 10.0.0.5 2 100 0 ?
*>i100.0.0.7/32 10.0.0.5 2 100 0 ?
*>i192.168.67.0 10.0.0.5 2 100 0 ?
*>i192.168.100.0 10.0.0.5 0 100 0 ?

R3#show bgp vpnv4 unicast rd 1:2
BGP table version is 657, local router ID is 10.0.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:2
*>i100.0.0.6/32 10.0.0.5 2 100 0 ?
*>i100.0.0.7/32 10.0.0.5 2 100 0 ?
*>i192.168.67.0 10.0.0.5 2 100 0 ?
*>i192.168.100.0 10.0.0.5 0 100 0 ?

─────────────────────────────────────────────────────────────────

Prefijos desde Sitio 1 en R5. El ejemplo 5-20 muestra que BGP puede alcanzar el segmento R8/R9 172.16.89.0/24 a través de dos next-hops: 10.0.0.2 (R2) y 10.0.0.3 (R3), esto no quiere decir que exista balanceo de carga (Load Sharing).


Ejemplo 5-20
─────────────────────────────────────────────────────────────────

R5#show bgp vpnv4 unicast rd 1:1
BGP table version is 35, local router ID is 10.0.0.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
*>i20.0.0.2/32 10.0.0.2 0 100 0 i
*>i30.0.0.3/32 10.0.0.3 0 100 0 i
*>i100.0.0.8/32 10.0.0.2 2 100 0 ?
*>i100.0.0.9/32 10.0.0.3 2 100 0 ?
*>i172.16.28.0/24 10.0.0.2 0 100 0 ?
*>i172.16.39.0/24 10.0.0.3 0 100 0 ?
* i172.16.89.0/24 10.0.0.3 7 100 0 ?
*>i 10.0.0.2 7 100 0 ?

R5#sh ip route vrf B bgp
100.0.0.0/32 is subnetted, 4 subnets
B 100.0.0.8 [200/2] via 10.0.0.2, 00:03:36
B 100.0.0.9 [200/2] via 10.0.0.3, 00:03:36
20.0.0.0/32 is subnetted, 1 subnets
B 20.0.0.2 [200/0] via 10.0.0.2, 00:03:36
172.16.0.0/24 is subnetted, 3 subnets
B 172.16.39.0 [200/0] via 10.0.0.3, 00:03:36
B 172.16.28.0 [200/0] via 10.0.0.2, 00:03:36
B 172.16.89.0 [200/7] via 10.0.0.2, 00:03:36
30.0.0.0/32 is subnetted, 1 subnets
B 30.0.0.3 [200/0] via 10.0.0.3, 00:03:36

─────────────────────────────────────────────────────────────────


Finalmente hacemos pruebas de conexión sitio a sitio. En Sitio 1 R8 y R9 han instalado las actualizaciones en su tabla RIB. En este escenario podemos distinguir claramente las rutas desde Sitio 2 por el tipo OSPF IA (Intra-Area).

EL dominio MPLS VPN no distingue entre LSA 1, 2 o 3, los PEs redistribuyen las actualizaciones desde el dominio OSPF simulando ser ABRs.


Ejemplo 5-21
─────────────────────────────────────────────────────────────────

R8#sh ip route ospf
100.0.0.0/32 is subnetted, 4 subnets
O IA 100.0.0.6 [110/3] via 172.16.28.2, 00:04:53, FastEthernet0/0
O IA 100.0.0.7 [110/3] via 172.16.28.2, 00:04:53, FastEthernet0/0
O 100.0.0.9 [110/5] via 172.16.28.2, 02:31:34, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.39.0 [110/4] via 172.16.28.2, 02:31:34, FastEthernet0/0
O IA 192.168.67.0/24 [110/3] via 172.16.28.2, 00:04:53, FastEthernet0/0
O IA 192.168.100.0/24 [110/2] via 172.16.28.2, 00:04:53, FastEthernet0/0

R9#sh ip route ospf
100.0.0.0/32 is subnetted, 4 subnets
O IA 100.0.0.6 [110/3] via 172.16.39.3, 00:05:10, FastEthernet0/0
O IA 100.0.0.7 [110/3] via 172.16.39.3, 00:05:10, FastEthernet0/0
O 100.0.0.8 [110/5] via 172.16.39.3, 02:31:38, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.28.0 [110/4] via 172.16.39.3, 02:31:38, FastEthernet0/0
O IA 192.168.67.0/24 [110/3] via 172.16.39.3, 00:05:10, FastEthernet0/0
O IA 192.168.100.0/24 [110/2] via 172.16.39.3, 00:05:10, FastEthernet0/0

─────────────────────────────────────────────────────────────────

· R5 debe distribuir la carga en proporción 1:1 para el destino 192.168.67.0/24


IP CEF ofrece dos esquemas de balanceo de carga, por paquete, y por destino. Este último es por defecto y en la mayoría de los casos es suficiente. Este punto requiere que al momento en que R5 reconozca un paquete con destino a la red 192.168.67.0/24 distribuya los paquetes alternando entre R6 y R7. Una forma rápida de lograr este comportamiento es modifiando el valor por defecto de la inteface a load-sharing per-packet. Debemos tener en cuenta que OSPF considera a R6 y R7 co


Ejemplo 5-22
─────────────────────────────────────────────────────────────────

R5#show cef interface fastEthernet 0/0
FastEthernet0/0 is up (if_number 4)
Corresponding hwidb fast_if_number 4
Corresponding hwidb firstsw->if_number 4
Internet address is 192.168.100.5/24
ICMP redirects are always sent
Per packet load-sharing is disabled
IP unicast RPF check is disabled
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is FastEthernet0/0
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF switching turbo vector
IP CEF turbo switching turbo vector
VPN Forwarding table "B"
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 3(3)
Slot Slot unit 0 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500

R5(config)#interface fastEthernet 0/0
R5(config-if)#ip load-sharing per-?
per-destination per-packet

R5(config-if)#ip load-sharing per-packet

R5#show cef interface fastEthernet 0/0
FastEthernet0/0 is up (if_number 4)
Corresponding hwidb fast_if_number 4
Corresponding hwidb firstsw->if_number 4
Internet address is 192.168.100.5/24
ICMP redirects are always sent
Per packet load-sharing is enabled
IP unicast RPF check is disabled
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is FastEthernet0/0
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF switching turbo vector
IP CEF turbo switching turbo vector
VPN Forwarding table "B"
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 3(3)
Slot Slot unit 0 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500

R8#traceroute 192.168.67.6
1 172.16.28.2 64 msec 88 msec 28 msec
2 10.1.12.1 [MPLS: Labels 1003/5009 Exp 0] 92 msec 208 msec 124 msec
3 192.168.100.5 [MPLS: Label 5009 Exp 0] 148 msec 76 msec 124 msec
4 192.168.100.7 116 msec
192.168.100.6 180 msec
192.168.100.7 128 msec


R8#ping 192.168.67.0 repeat 2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 192.168.67.0, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 168/198/228 ms

R6(config)#access-list 100 permit ip any 192.168.67.0 0.0.0.255
R6#debug ip packet 100
IP packet debugging is on for access list 100

R6#
IP: s=172.16.28.8 (FastEthernet0/0), d=192.168.67.0, len 100, input feature, MCI Check(58), rtype 0, forus FALSE, sendself FALSE, mtu 0
IP: tableid=0, s=172.16.28.8 (FastEthernet0/0), d=192.168.67.0 (FastEthernet0/1), routed via RIB
IP: s=172.16.28.8 (FastEthernet0/0), d=192.168.67.0 (FastEthernet0/1), len 100, rcvd 5

R7(config)#access-list 100 permit ip any 192.168.67.0 0.0.0.255
R7#debug ip packet 100
IP packet debugging is on for access list 100

R7#
IP: s=172.16.28.8 (FastEthernet0/0), d=192.168.67.0, len 100, input feature, MCI Check(58), rtype 0, forus FALSE, sendself FALSE, mtu 0
IP: tableid=0, s=172.16.28.8 (FastEthernet0/0), d=192.168.67.0 (FastEthernet0/1), routed via RIB
IP: s=172.16.28.8 (FastEthernet0/0), d=192.168.67.0 (FastEthernet0/1), len 100, rcvd 5

No hay comentarios:

Publicar un comentario