ปกติในเครือข่ายขนาดใหญ่ จะแบ่งเครือข่ายออกเป็น Hierarchy เช่น Core, Aggregation หรือ Access โดยอาจแบ่งโดยใช้ IGP (Interior Gateway Protocol) process-id, area หรือแบ่งโดย isis-level. แล้วแต่การออกแบบ จากนั้นก็ Enable MPLS เพื่อให้บริการ MPLS L2VPN, L3VPN เนื่องจากเครือข่ายถูกแบ่งส่วนๆ จึงทำให้ MPLS แบ่งเป็นส่วนๆ ด้วยหรือเรียกว่า MPLS Domain จึงยังไม่สามารถให้บริการ L2VPN หรือ L3VPN แบบ End-to-End ได้ในทันที โดยในบล๊อกนี้ยกตัวอย่างการใช้ BGP LU เข้าช่วย ส่วนจะคอนฟิกอย่างไรนั้น เลื่อนอ่านด้านล่างได้เลยครับ
EVE-NG Network Diagram
ในที่นี้เครือข่ายแบ่งออกเป็น 3 โดเมน โดยใช้ ISIS Level-1, OSPF และ ISIS Level-2 โดย Core อยู่ตรงกลางและ Aggregation อยู่ด้านข้าง ใช้ BGP เพื่อ Advertise Loopback พร้อมกับ Label ของ PE router ข้ามทั้งเครือข่าย พร้อมทั้งให้บริการ L2VPN และ L3VPN
โดยทั่วไปแล้วกรณีที่ไม่ทำ Seamless MPLS เพื่อที่จะให้บริการ end-to-end จาก PE จนถึง PE
L2VPN แบบ VPWS (Virtual Private Wire Service ) หรือบางทีก็เรียกว่า VLL ( Vitual Lease Line ) จะทำ MS-PW (Multi Segment PseudoWire) ที่ P router ที่เป็น boundary mpls domain
L2VPN แบบ VPWS (Virtual Private Wire Service ) หรือบางทีก็เรียกว่า VLL ( Vitual Lease Line ) จะทำ MS-PW (Multi Segment PseudoWire) ที่ P router ที่เป็น boundary mpls domain
L3VPN ก็จะทำ Route Reflector ที่ P router
กรณีที่ใช้ ฺBGP-LU เพื่อทำ Seamless MPLS เพื่อที่จะให้บริการแบบ end-to-end จาก PE จนถึง PE
L2VPN แบบ VPWS หรือ VLL สามารถทำ PW จาก PE ถึง PE อีกฝั่งได้เลย
L3VPN ก็สามารคอนฟิก BGP Neighbor ไปหา PE อีกฝั่งได้เลยเหมือนกัน
ประโยชน์คือ L2VPN VPWS ไม่ต้องทำ MS-PW หรือ Stitching ที่ตรงกลาง ส่วน L3VPN ยังไม่ค่อยเห็นประโยชน์เท่าไหร่เพราะ ยังไงก็ต้องคอนฟิก RR ที่ P Router อาจจะทำให้ยุ่งยากขึ้นด้วยซ้ำ แต่ก็ขอยกตัวอย่างคอนฟิกเพื่อเป็นอีกทางเลือกนึงไว้ละกันครับ
เปรียบเทียบความแต่ต่างได้จากรูปด้านล่าง
SEAMLESS MPLS with BGP-LU Configuration
ดาวน์โหลดคอนฟิกไฟล์เต็มๆ จากลิ้งนี้ https://drive.google.com/drive/folders/1byPucYTe3rVmfj2j1GCfR8B3rKaGr6Dn?usp=sharing
PE1 Nokia 10.10.10.1 คอนฟิกพื้นฐาน ISIS Level-1, Enable LDP ที่ Interface
และคอนฟิก BGP family label-ipv4 โดยประกาศ system-ip (10.10.10.1) พร้อมกับ
Label
A:PE1# admin display-config
configure
#--------------------------------------------------
echo "Connector Configuration"
#--------------------------------------------------
port 1/1/c1
description "To_Nokia_P2"
connector
breakout c1-10g
exit
no shutdown
exit
#--------------------------------------------------
echo "Port Configuration"
#--------------------------------------------------
port 1/1/c1/1
description "To_Nokia_P2"
ethernet
exit
no shutdown
exit
#--------------------------------------------------
echo "Router (Network Side) Configuration"
#--------------------------------------------------
router Base
interface "system"
address 10.10.10.1/32
no shutdown
exit
interface "to_P2"
address 192.168.12.1/24
port 1/1/c1/1
no shutdown
exit
autonomous-system 65000
router-id 10.10.10.1
#--------------------------------------------------
echo "ISIS Configuration"
#--------------------------------------------------
isis 0
level-capability level-2
area-id 49.0200
interface "system"
level-capability level-2
passive
no shutdown
exit
interface "to_P2"
level-capability level-2
interface-type point-to-point
no shutdown
exit
no shutdown
exit
#--------------------------------------------------
echo "Policy Configuration"
#--------------------------------------------------
policy-options
begin
prefix-list "system-ip"
prefix 10.10.10.1/32 exact
exit
policy-statement "BGP-LU-EXPORT"
entry 10
from
prefix-list "system-ip"
exit
action accept
exit
exit
exit
commit
exit
#--------------------------------------------------
echo "LDP Configuration"
#--------------------------------------------------
ldp
import-pmsi-routes
exit
interface-parameters
interface "to_P2" dual-stack
ipv4
no shutdown
exit
no shutdown
exit
exit
no shutdown
exit
exit
#--------------------------------------------------
echo "BGP Configuration"
#--------------------------------------------------
bgp
group "Internal"
family label-ipv4
export "BGP-LU-EXPORT"
peer-as 65000
neighbor 10.10.10.2
exit
exit
no shutdown
exit
exit
exit all
P2 Nokia 10.10.10.2 คอนฟิกพื้นฐาน ISIS Level-1, OSPF, System IP Address จะถูก Enable ทั้ง ISIS Level-1 และ OSPF เพื่อ Estrablish BGP, Enable LDP ที่ Interface
และคอนฟิก BGP family label-ipv4, เป็น Route Reflector ประกาศ prefix
ที่เป็น /32 พร้อมกับ Label
A:P2# admin display-config
configure
#--------------------------------------------------
echo "Connector Configuration"
#--------------------------------------------------
port 1/1/c1
description "To_Nokia_PE1"
connector
breakout c1-10g
exit
no shutdown
exit
port 1/1/c2
description "To_Cisco_P3"
connector
breakout c1-10g
exit
no shutdown
exit
#--------------------------------------------------
echo "Port Configuration"
#--------------------------------------------------
port 1/1/c1/1
description "To_Nokia_PE1"
ethernet
exit
no shutdown
exit
port 1/1/c2/1
description "To_Cisco_P3"
ethernet
exit
no shutdown
exit
#--------------------------------------------------
echo "Router (Network Side) Configuration"
#--------------------------------------------------
router Base
interface "system"
address 10.10.10.2/32
no shutdown
exit
interface "to_P3"
address 192.168.23.2/24
port 1/1/c2/1
no shutdown
exit
interface "to_PE1"
address 192.168.12.2/24
port 1/1/c1/1
no shutdown
exit
autonomous-system 65000
router-id 10.10.10.2
#--------------------------------------------------
echo "OSPFv2 Configuration"
#--------------------------------------------------
ospf 0
area 0.0.0.0
interface "system"
no shutdown
exit
interface "to_P3"
interface-type point-to-point
mtu 1500
authentication-type password
authentication-key abc1234
no shutdown
exit
exit
no shutdown
exit
#--------------------------------------------------
echo "ISIS Configuration"
#--------------------------------------------------
isis 0
level-capability level-2
area-id 49.0200
interface "system"
level-capability level-2
passive
no shutdown
exit
interface "to_PE1"
level-capability level-2
interface-type point-to-point
no shutdown
exit
no shutdown
exit
#--------------------------------------------------
echo "LDP Configuration"
#--------------------------------------------------
ldp
import-pmsi-routes
exit
interface-parameters
interface "to_P3" dual-stack
ipv4
no shutdown
exit
no shutdown
exit
interface "to_PE1" dual-stack
ipv4
no shutdown
exit
no shutdown
exit
exit
targeted-session
exit
no shutdown
exit
exit
#--------------------------------------------------
echo "Policy Configuration"
#--------------------------------------------------
policy-options
begin
prefix-list "Loopback"
prefix 10.10.10.0/24 prefix-length-range 32-32
exit
policy-statement "BGP-LU-EXPORT"
entry 10
from
prefix-list "Loopback"
exit
action accept
exit
exit
exit
commit
exit
#--------------------------------------------------
echo "BGP Configuration"
#--------------------------------------------------
bgp
group "Internal"
family label-ipv4
next-hop-self
cluster 10.10.10.2
export "BGP-LU-EXPORT"
peer-as 65000
neighbor 10.10.10.1
exit
neighbor 10.10.10.3
exit
exit
no shutdown
exit
exit
exit all
P3 Cisco 10.10.10.3 คอนฟิกพื้นฐาน ISIS Level-1, OSPF, โดย ISIS Level-1 redistribute Loopback เพื่อ Estrablish BGP peer. Enable LDP ที่ Interface คอนฟิก ldp explicit-null เพื่อให้ tag label ให้ hop สุดท้าย (โดย Default Cisco จะ enable PHP Penultimate Hop Popping ไว้ LDP จะไม่ Tag Label ให้ Hop สุดท้าย ) และคอนฟิก BGP เป็น Route Reflector ประกาศ prefix ที่เป็น /32 พร้อมกับ Label
P3#show running-config ! mpls label protocol ldp ! mpls ldp explicit-null ! interface Loopback0 ip address 10.10.10.3 255.255.255.255 ip ospf 1 area 0 ! interface GigabitEthernet1 description "To_P3" ip address 192.168.34.3 255.255.255.0 ip router isis negotiation auto mpls ip mpls label protocol ldp mpls ldp discovery transport-address 10.10.10.3 isis circuit-type level-1 isis network point-to-point ! interface GigabitEthernet2 description "To_Nokia_P2" ip address 192.168.23.3 255.255.255.0 ip ospf authentication-key abc1234 ip ospf network point-to-point ip ospf 1 area 0 negotiation auto mpls ip mpls label protocol ldp mpls ldp discovery transport-address 10.10.10.3 ! router ospf 1 area 0 authentication passive-interface Loopback0 ! router isis net 49.0100.0100.1001.0003.00 is-type level-1 redistribute connected level-1 ! router bgp 65000 bgp router-id 10.10.10.3 bgp log-neighbor-changes neighbor 10.10.10.2 remote-as 65000 neighbor 10.10.10.2 update-source Loopback0 neighbor 10.10.10.4 remote-as 65000 neighbor 10.10.10.4 update-source Loopback0 ! address-family ipv4 redistribute connected route-map BGP-LU-EXPORT neighbor 10.10.10.2 activate neighbor 10.10.10.2 send-community neighbor 10.10.10.2 route-reflector-client neighbor 10.10.10.2 next-hop-self all neighbor 10.10.10.2 send-label neighbor 10.10.10.4 activate neighbor 10.10.10.4 send-community neighbor 10.10.10.4 route-reflector-client neighbor 10.10.10.4 next-hop-self all neighbor 10.10.10.4 send-label exit-address-family ! route-map BGP-LU-EXPORT permit 10 match interface Loopback0 ! mpls ldp router-id Loopback0 force ! end
PE4 Cisco 10.10.10.4 คอนฟิกพื้นฐาน ISIS Level-1, Enable LDP ที่ Interface และคอนฟิก BGP โดยประกาศ Looopback0 พร้อมกับ Label
PE4#show running-config ! mpls label protocol ldp ! mpls ldp explicit-null ! interface Loopback0 ip address 10.10.10.4 255.255.255.255 ip router isis isis circuit-type level-1 ! interface GigabitEthernet1 description "To_P3" ip address 192.168.34.4 255.255.255.0 ip router isis negotiation auto mpls ip mpls label protocol ldp mpls ldp discovery transport-address 10.10.10.4 isis circuit-type level-1 isis network point-to-point ! router isis net 49.0100.0100.1001.0004.00 is-type level-1 ! router bgp 65000 bgp router-id 10.10.10.4 bgp log-neighbor-changes neighbor 10.10.10.3 remote-as 65000 neighbor 10.10.10.3 update-source Loopback0 ! address-family ipv4 redistribute connected route-map BGP-LU-EXPORT neighbor 10.10.10.3 activate neighbor 10.10.10.3 send-community neighbor 10.10.10.3 send-label exit-address-family ! route-map BGP-LU-EXPORT permit 10 match interface Loopback0 ! mpls ldp router-id Loopback0 force ! end
Show Router Status
ผลการแสดงสถานะขอตัดมาบางส่วน หากอยากดูเต็มๆ ดาวน์โหลดจากลิ้งค์นี้ครับ https://drive.google.com/drive/folders/112grZQHy6dmeDgOBNj73NkJ8iFNN3XHl?usp=sharing
PE1 Nokia 10.10.10.1 สถานะ route-table, LDP binding และ BGP Label
A:PE1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.10.10.1/32 Local Local 17h23m33s 0
system 0
10.10.10.2/32 Remote ISIS 17h22m50s 18
192.168.12.2 10
10.10.10.3/32 Remote BGP_LABEL 02h11m42s 170
10.10.10.2 (tunneled) 10
10.10.10.4/32 Remote BGP_LABEL 02h11m42s 170
10.10.10.2 (tunneled) 10
192.168.12.0/24 Local Local 17h23m23s 0
to_P2 0
-------------------------------------------------------------------------------
No. of Routes: 5
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
A:PE1#
A:PE1# show router ldp bindings ipv4
#--- snip some output ----
===============================================================================
Prefix
Peer FEC-Flags
IgrLbl EgrLbl
EgrNextHop EgrIntf/LspId
-------------------------------------------------------------------------------
10.10.10.2/32
10.10.10.2:0
-- 524287
192.168.12.2 1/1/c1/1
===============================================================================
A:PE1#
A:PE1# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:10.10.10.1 AS:65000 Local AS:65000
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
*i 10.10.10.1/32 100 10
10.10.10.2 None 10
No As-Path 524278
*i 10.10.10.2/32 100 None
10.10.10.2 None 10
No As-Path 524281
u*>i 10.10.10.3/32 100 11
10.10.10.2 None 10
No As-Path 524279
u*>? 10.10.10.4/32 100 0
10.10.10.2 None 10
No As-Path 524280
-------------------------------------------------------------------------------
Routes : 4
===============================================================================
P2 NOKIA 10.10.10.2 สถานะ route-table, LDP binding และ BGP Label
A:P2# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.10.10.1/32 Remote ISIS 23h06m03s 18
192.168.12.1 10
10.10.10.2/32 Local Local 23h06m28s 0
system 0
10.10.10.3/32 Remote OSPF 23h06m10s 10
192.168.23.3 11
10.10.10.4/32 Remote BGP_LABEL 23h06m04s 170
10.10.10.3 (tunneled) 11
192.168.12.0/24 Local Local 23h06m18s 0
to_PE1 0
192.168.23.0/24 Local Local 23h06m18s 0
to_P3 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
A:P2#
A:P2# show router ldp bindings ipv4
#--- snip some output ----
===============================================================================
Prefix
Peer FEC-Flags
IgrLbl EgrLbl
EgrNextHop EgrIntf/LspId
-------------------------------------------------------------------------------
10.10.10.1/32
10.10.10.1:0
-- 524287
192.168.12.1 1/1/c1/1
10.10.10.3/32
10.10.10.3:0
-- 0
192.168.23.3 1/1/c2/1
===============================================================================
A:P2#
A:P2# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:10.10.10.2 AS:65000 Local AS:65000
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
*i 10.10.10.1/32 100 None
10.10.10.1 None 10
No As-Path 524279
*? 10.10.10.3/32 100 0
10.10.10.3 None 11
No As-Path 3
u*>? 10.10.10.4/32 100 0
10.10.10.3 None 11
No As-Path 16
-------------------------------------------------------------------------------
Routes : 3
===============================================================================P3 Cisco 10.10.10.3 สถานะ route-table, MPLS forwarding table และ BGP Label
P3#show ip route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 4 subnets
B 10.10.10.1 [200/10] via 10.10.10.2, 08:11:41
O 10.10.10.2 [110/1] via 192.168.23.2, 23:22:59, GigabitEthernet2
C 10.10.10.3 is directly connected, Loopback0
i L1 10.10.10.4 [115/20] via 192.168.34.4, 2d06h, GigabitEthernet1
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, GigabitEthernet2
L 192.168.23.3/32 is directly connected, GigabitEthernet2
192.168.34.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.34.0/24 is directly connected, GigabitEthernet1
L 192.168.34.3/32 is directly connected, GigabitEthernet1
P3#
P3#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 explicit-n 10.10.10.4/32 4631745 Gi1 192.168.34.4
18 524278 10.10.10.1/32 1088878 Gi2 192.168.23.2
19 524287 10.10.10.2/32 0 Gi2 192.168.23.2
P3#
P3#show ip bgp ipv4 unicast labels
Network Next Hop In label/Out label
10.10.10.1/32 10.10.10.2 18/524278
10.10.10.2/32 10.10.10.2 19/524281
10.10.10.3/32 10.10.10.2 imp-null/524279
0.0.0.0 imp-null/nolabel
10.10.10.4/32 10.10.10.4 16/imp-null
P3#PE4 Cisco 10.10.10.4 สถานะ route-table, MPLS forwarding table และ BGP Label
PE4#show ip route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 4 subnets
B 10.10.10.1 [200/10] via 10.10.10.3, 08:17:51
B 10.10.10.2 [200/0] via 10.10.10.3, 23:28:31
i L1 10.10.10.3 [115/10] via 192.168.34.3, 2d06h, GigabitEthernet1
C 10.10.10.4 is directly connected, Loopback0
i L1 192.168.23.0/24 [115/10] via 192.168.34.3, 2d06h, GigabitEthernet1
192.168.34.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.34.0/24 is directly connected, GigabitEthernet1
L 192.168.34.4/32 is directly connected, GigabitEthernet1
PE4#
PE4#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label l2ckt(1) 75322 Gi2 point2point
17 explicit-n 192.168.23.0/24 0 Gi1 192.168.34.3
18 No Label 192.168.104.0/24[V] \
3306 aggregate/COTTON
19 explicit-n 10.10.10.3/32 0 Gi1 192.168.34.3
PE4#
PE4#show ip bgp ipv4 unicast labels
Network Next Hop In label/Out label
10.10.10.1/32 10.10.10.3 nolabel/18
10.10.10.2/32 10.10.10.3 nolabel/19
10.10.10.3/32 10.10.10.3 nolabel/imp-null
10.10.10.4/32 0.0.0.0 imp-null/nolabel
PE4#MPLS L2VPN Configuration
เมื่อเตรียมเครือข่ายเสร็จแล้ว ต่อไปจะเป็นการคอนฟิกเพื่อให้บริการ MPLS L2VPN แบบ end-to-end
PE1 NOKIA 10.10.10.1 L2VPN Configuration
คอนฟิกพอร์ทที่จะต่อกับ CE5. คอนฟิก Targeted-LDP เพื่อเป็น signalling ของ EPIPE. SDP เพื่อ forwarding traffic. คอนฟิก EPIPE และแสดงสถานะ LDP และ Service SDP.
A:PE1# admin display-config
#--------------------------------------------------
echo "Port Configuration"
#--------------------------------------------------
port 1/1/c2
description "To_Cisco_CE5_fa0/0_L2VPN"
connector
breakout c1-10g
exit
no shutdown
exit
port 1/1/c2/1
description "To_Cisco_CE5_fa0/0_L2VPN"
ethernet
mode access
exit
no shutdown
exit
#--------------------------------------------------
echo "LDP Configuration"
#--------------------------------------------------
router
ldp
targeted-session
peer 10.10.10.4
no shutdown
exit
exit
no shutdown
exit
exit
#--------------------------------------------------
echo "Service Configuration"
#--------------------------------------------------
service
sdp 14 mpls create
far-end 10.10.10.4
bgp-tunnel
keep-alive
shutdown
exit
no shutdown
exit
epipe 1001 name "L2VPN" customer 1 create
description "L2VPN"
sap 1/1/c2/1 create
description "To_Cisco_CE5_fa0/0_L2VPN"
no shutdown
exit
spoke-sdp 14:1001 create
description "To_Cisco_PE4_xconnect"
no shutdown
exit
no shutdown
exit
A:PE1#
#=========== Show MPLS L2VPN Status ==============
A:PE1# show router ldp session
==============================================================================
LDP IPv4 Sessions
==============================================================================
Peer LDP Id Adj Type State Msg Sent Msg Recv Up Time
------------------------------------------------------------------------------
10.10.10.2:0 Link Established 3368 3371 0d 02:29:36
10.10.10.4:0 Targeted Established 1673 1811 0d 02:29:25
------------------------------------------------------------------------------
No. of IPv4 Sessions: 2
==============================================================================
A:PE1# show service sdp-using
===============================================================================
SDP Using
===============================================================================
SvcId SdpId Type Far End Opr I.Label E.Label
State
-------------------------------------------------------------------------------
1001 14:1001 Spok 10.10.10.4 Up 524283 16
-------------------------------------------------------------------------------
Number of SDPs : 1
-------------------------------------------------------------------------------
===============================================================================
A:PE1# PE4 Cisco 10.10.10.4 L2VPN Configuration
คอนฟิกพอร์ทที่จะต่อกับ CE6. คอนฟิก Targeted-LDP เพื่อเป็น signalling ของ exconnect. คอนฟิก exconnect และแสดงสถานะ LDP และ MPLS l2transport.
PE4#show running-config
!
mpls ldp neighbor 10.10.10.1 targeted ldp
!
pseudowire-class MPLS
encapsulation mpls
!
interface GigabitEthernet2
description To_Cisco_CE6
no ip address
xconnect 10.10.10.1 1001 encapsulation mpls pw-class MPLS
!
PE4#
#=========== Show MPLS L2VPN Status ==============
PE4#show mpls ldp neighbor brief
Peer LDP id Uptime NSR GR Discovery Address Labels
----------- ------ --- -- --------- ------- ------
10.10.10.3:0 2d06h N N 1 3 11
10.10.10.1:0 08:18:41 N N 1 2 0
PE4#
PE4#show mpls l2transport binding
Destination Address: 10.10.10.1,VC ID: 1001
Local Label: 16
Cbit: 0, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: To_vMX_CE6
VCCV: CC Type: CW [1], RA [2], TTL [3]
CV Type: LSPV [2]
Remote Label: 524283
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: RA [2]
CV Type: LSPV [2], BFD/UDP [3]
PE4#CE5, CE6 คอนฟิก IP Address และทดสอบปิงเทส
CE5#show running-config ! interface FastEthernet0/0 description To_NOKIA_PE1_1/1/2_L2 ip address 192.168.56.5 255.255.255.0 ! CE6#show running-config ! interface FastEthernet0/0 description To_Cisco_PE4_Gi2_L2 ip address 192.168.56.6 255.255.255.0 ! #=========== Ping Test CE5 to CE6 ============== CE5#ping 192.168.56.6 source 192.168.56.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.56.6, timeout is 2 seconds: Packet sent with a source address of 192.168.56.5 !!!!! CE5#
MPLS label stack จะเป็น 3 statck (ปกติ MPLS VPN จะมีแค่ 2 stack คือ Transport Label กับ VPN Label) เมื่อทำ BGP LU ก็จะมี BGP label เพิ่มขึ้น ดูได้จากรูปด้านล่างนี้ หรือดาวน์โหลดไฟล์ Wireshark Capture Traffic ตามลิ้งค์นี้ https://drive.google.com/drive/folders/1bVuC8rEDAMyQALhAKCHfupyLGJxSUo1X?usp=sharing
MPLS L3VPN Configuration
คอนฟิก MPLS L3VPN โดยคอนฟิก BGP family VPNv4 Neighbor ไปที่ PE อีกฝั่งได้เลย
PE1 Nokia 10.10.10.1 L3VPN Configuration
คอนฟิก Port ที่ต่อไปหา CE5. คอนฟิก VPRN และ คอนฟิก BGP family VPN-IPv4 peer ไปหา PE4 และแสดงสถานะ VPRN route-table และ BGP-Route เพื่อแสดง route และ label
A:PE1# admin display-config
configure
#--------------------------------------------------
echo "Port Configuration"
#--------------------------------------------------
port 1/1/c3
description "To_Cisco_CE5_fa0/1_L3VPN"
connector
breakout c1-10g
exit
no shutdown
exit
port 1/1/c3/1
description "To_Cisco_CE5_fa0/1_L3VPN"
ethernet
mode access
exit
no shutdown
exit
#--------------------------------------------------
echo "Service Configuration"
#--------------------------------------------------
service
vprn 100 name "COTTON" customer 1 create
route-distinguisher 65000:100
auto-bind-tunnel
resolution any
exit
vrf-target target:65000:100
interface "to_CE5_l3" create
address 192.168.101.1/24
sap 1/1/c3/1 create
exit
exit
no shutdown
exit
exit
#--------------------------------------------------
echo "BGP Configuration"
#--------------------------------------------------
bgp
group "Seamless"
family vpn-ipv4
peer-as 65000
neighbor 10.10.10.4
exit
exit
no shutdown
exit
exit
A:PE1#
#=========== Show Status MPLS L3VPN ==============
A:PE1# show router 100 route-table
===============================================================================
Route Table (Service: 100)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.168.101.0/24 Local Local 23h01m27s 0
to_CE5_l3 0
192.168.104.0/24 Remote BGP VPN 07h49m42s 170
10.10.10.4 (tunneled:BGP) 1000
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
A:PE1#
A:PE1# show router bgp routes vpn-ipv4
===============================================================================
BGP Router ID:10.10.10.1 AS:65000 Local AS:65000
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>? 65000:100:192.168.104.0/24 100 0
10.10.10.4 None 0
No As-Path 18
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
A:PE1#
PE4 Cisco 10.10.10.4 L3VPN Configuration
คอนฟิก VRF, คอนฟิก Port ที่ต่อไปหา CE6. และ คอนฟิก BGP family VPNv4 peer ไปหา PE1 และแสดงสถานะ VRF route-table และ BGP-Route เพื่อแสดง route และ label
PE4#show running-config
!
ip vrf COTTON
rd 65000:100
route-target export 65000:100
route-target import 65000:100
!
interface GigabitEthernet3
ip vrf forwarding COTTON
ip address 192.168.104.1 255.255.255.0
!
router bgp 65000
bgp router-id 10.10.10.4
neighbor 10.10.10.1 remote-as 65000
neighbor 10.10.10.1 update-source Loopback0
!
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 send-community extended
exit-address-family
!
address-family ipv4 vrf COTTON
redistribute connected
exit-address-family
!
PE4#
#=========== Show Status MPLS L3VPN ==============
PE4#show ip route vrf COTTON
Routing Table: COTTON
Gateway of last resort is not set
B 192.168.101.0/24 [200/0] via 10.10.10.1, 08:20:22
192.168.104.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.104.0/24 is directly connected, GigabitEthernet3
L 192.168.104.1/32 is directly connected, GigabitEthernet3
PE4#
PE4#show ip bgp vpnv4 vrf COTTON labels
Network Next Hop In label/Out label
Route Distinguisher: 65000:100 (COTTON)
192.168.101.0 10.10.10.1 nolabel/524286
192.168.104.0 0.0.0.0 18/nolabel(COTTON)
PE4#
CE5 และ CE6 Configuration
คอนฟิก IP Address และ Static route จากนั้นก็ Ping Test
CE5#show running-config ! interface FastEthernet0/1 description To_NOKIA_PE1_1/1/3_L3 ip address 192.168.101.5 255.255.255.0 duplex auto speed auto ! ip route 192.168.104.0 255.255.255.0 192.168.101.1 ! CE5# CE6#show running-config ! interface FastEthernet0/1 description To_Cisco_PE4_Gi3_L3 ip address 192.168.104.6 255.255.255.0 duplex auto speed auto ! ip route 192.168.101.0 255.255.255.0 192.168.104.1 ! #==== Ping Test CE6 to CE5 =========== CE6#ping 192.168.56.5 source 192.168.56.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.56.5, timeout is 2 seconds: Packet sent with a source address of 192.168.56.6 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/32 ms CE6#
L3VPN Label Stacking ดูได้จากรูปด้านล่าง จะเห็นว่า 2 outer label จะยังคงเหมือนเดิม ต่างกันที่ VPN Label สามารถดาวน์โหลด Wireshark Capture Traffic ได้จากลิ้งค์นี้ครับ https://drive.google.com/drive/folders/1iVOgUM9tPMFeGognU9-wn63zztl-uXsa?usp=sharing
Thank you for sharing useful knowledge.
ReplyDeleteThanks for visit.
Delete