mpls- tieng viet
TRANSCRIPT
CHUY N M CH NHN A GIAO TH C(MPLS MultiProtocol Label Switching)
Tc gi : Tr n Th T Uyn
Tr n Th T Uyn
1
M cl c Chng 1: T NG QUAN V MPLS ........................................................................ 3 Chng 2: C U HNH MPLS C B N ................................................................. 13 LAB 2-1: C u hnh MPLS frame-mode c b n .................................................... 16 Chng 3: T NG QUAN V MPLS VPN.............................................................. 28 Chng 4: GIAO TH C NH TUY N EIGRP PE-CE......................................... 43 LAB 4-1: C u hnh nh tuy n EIGRP PE-CE c b n.......................................... 46 LAB 4-2: C u hnh m ng s d ng BGP CC v EIGRP SoO ................................ 62 Chng 5: GIAO TH C NH TUY N OSPF PE-CE........................................... 75 LAB 5-1 C u hnh nh tuy n OSPF PE-CE ..................................................... 86 LAB 5-2OSPF Sham-Links ............................................................................101 Chng 6: K THU T LU L NG TRONG MPLS.........................................112
Tr n Th T Uyn
2
Chng 1: T NG QUAN V MPLSGi i thi u v chuy n m ch nhn a giao th c (MPLS): MPLS l m t cng ngh k t h p c i m t t nh t gi a nh tuy n l p ba v chuy n m ch l p hai cho php chuy n t i cc gi r t nhanh trong m ng li (core) v nh tuy n t t m ng bin (edge) b ng cch d a vo nhn (label). MPLS l m t phng php c i ti n vi c chuy n ti p gi trn m ng b ng cc nhn c g n v i m i gi IP, t bo ATM, ho c frame l p hai. Phng php chuy n m ch nhn gip cc Router v MPLS-enable ATM switch ra quy t nh theo n i dung nhn t t hn vi c nh tuy n ph c t p theo a ch IP ch. MPLS k t n i tnh th c thi v kh nng chuy n m ch l p hai v i nh tuy n l p ba. Cho php cc ISP cung c p nhi u d ch v khc nhau m khng c n ph i b i c s h t ng s n c. C u trc MPLS c tnh m m d o trong b t k s ph i h p v i cng ngh l p hai no. MPLS h tr m i giao th c l p hai, tri n khai hi u qu cc d ch c IP trn m t m ng chuy n m ch IP. MPLS h tr vi c t o ra cc tuy n khc nhau gi a ngu n v ch trn m t ng tr c Internet. B ng vi c tch h p MPLS vo ki n trc m ng, Cc ISP c th gi m chi ph, tng l i nhu n, cung c p nhi u hi u qu khc nhau v t c hi u qu c nh tranh cao. c i m m ng MPLS: - Khng c MPLS API, cng khng c thnh ph n giao th c pha host. - MPLS ch n m trn cc router. - MPLS l giao th c c l p nn c th ho t ng cng v i giao th c khc IP nh IPX, ATM, Frame Relay, - MPLS gip n gi n ho qu trnh nh tuy n v lm tng tnh linh ng c a cc t ng trung gian. Phng th c ho t ng: Thay th c ch nh tuy n l p ba b ng c ch chuy n m ch l p hai. MPLS ho t ng trong li c a m ng IP. Cc Router trong li ph i enable MPLS trn t ng giao ti p. Nhn c g n thm vo gi IP khi gi i vo m ng MPLS. Nhn c tch ra khi gi ra kh i m ng MPLS. Nhn (Label) c chn vo gi a header l p ba v header l p hai. S d ng nhn trong qu trnh g i gi sau khi thi t l p ng i. MPLS t p trung vo qu trnh hon i nhn (Label Swapping). M t trong nh ng th m nh c a khi n trc MPLS l t nh ngha ch ng nhn (Label Stack). Cng th c gn nhn gi tin l: Network Layer Packet + MPLS Label Stack Khng gian nhn (Label Space): c hai lo i. M t l, cc giao ti p dng chung gi tr nhn (per-platform label space). Hai l, m i giao ti p mang gi tr nhn ring, (Perinterface Label Space). Con ng chuy n nhn (LSP Label Switch Path): xc nh ng i c a gi tin MPLS. G m hai lo i: Hop by hop signal LSP - xc nh ng i kh thi nh t theo ki u best effort v Explicit route signal LSP - xc nh ng i t nt g c. M ts ng d ng c a MPLS B nh tuy n chuy n nhn (LSR Label Switch Router): ra quy t nh ch ng k ti p d a trn n i dung c a nhn, cc LSP lm vi c t v ho t ng g n gi ng nh Switch.
Tr n Th T Uyn
3
M t s ng d ng ang c tri n khai l: MPLS VPN: Nh cung c p d ch c c th t o VPN l p 3 d c theo m ng ng tr c cho nhi u khch hng, ch dng m t c s h t ng cng c ng s n c, khng c n cc ng d ng encrytion ho c end-user. MPLS Traggic Engineer: Cung c p kh nng thi t l p m t ho c nhi u ng i i u khi n lu l ng m ng v cc c trng th c thi cho m t lo i lu l ng. MPLS QoS (Quality of service): Dng QoS cc nh cung c p d ch v c th cung c p nhi u lo i d ch v v i s m b o t i a v QoS cho khch hng. MPLS Unicast/Multicast IP routing.
Internet c ba nhm ng d ng chnh: voice, data, video v i cc yu c u khc nhau. Voice yu c u tr th p, cho php th t thot d li u tng hi u qu . Video cho php th t thot d li u m c ch p nh n c, mang tnh th i gian th c (realtime). Data yu c u b o m t v chnh xc cao. MPLS gip khai thc ti nguyn m ng t hi u qu cao.
i m v t tr i c a MPLS so v i m hnh IP over ATM Khi h p nh t v i chuy n m ch ATM, chuy n m ch nhn t n d ng nh ng thu n l i c a cc t bo ATM - chi u di thch h p v chuy n v i t c cao. Trong m ng a d ch v chuy n m ch nhn cho php chuy n m ch BPX/MGX nh m cung c p d ch v ATM, Frame, Replay v IP Internet trn m t m t ph ng n trong m t ng i t c cao. Cc m t ph ng (Platform) cng c ng h tr cc d ch v ny ti t ki m chi ph v n gi n ha ho t ng cho nh cung c p a d ch v . ISP s d ng chuy n m ch ATM trong m ng li, chuy n m ch nhn gip cc cc dng Cisco, BPX8600, MGX8800, Router chuy n m ch a d ch v 8540 v cc chuy n m ch Cisco ATM gip qu n l m ng hi u qu hn x p ch ng (overlay) l p IP trn m ng ATM. Chuy n m ch nhn trnh nh ng r c r i gy ra do c nhi u router ngang hng v h tr c u trc phn c p (hierarchical structure) trong m t m ng c a ISP. S tch h p: MPLS xc nh p tnh nng c a IP v ATM ch khng x p ch ng l p IP trn ATM. MPLS gip cho c s h t ng ATM th y c nh tuy n IP v lo i b cc yu c u nh x gi a cc c tnh IP v ATM. MPLS khng c n a ch ATM v k thu t nh tuy n (nh PNNI). tin c y cao hn: V i c s h t ng ATM, MPLS c th k t h p hi u qu v i nhi u giao th c nh tuy n IP over ATM thi t l p m t m ng l i (mesh) d ch v cng c ng gi cc router xung quanh m t m my ATM. Tuy nhin c nhi u v n x y ra do cc PCV link gi a cc router x p ch ng trn m ng ATM. C u trc m ng ATM khng th th y b nh tuy n. M t link ATM b h ng lm h ng nhi u router-to-router link, gy kh khn cho l ng c p nh t thng tin nh tuy n v nhi u ti n trnh x l ko theo. Tr c ti p th c thi cc lo i d ch v : MPLS s d ng hng i v b m c a ATM cung c p nhi u lo i d ch v khc nhau. N h tr quy n u tin IP v lo i d ch v (class of service cos) trn chuy n m ch ATM m khng c n chuy n i ph c t p sang cc l p ATM Forum Service. H tr hi u qu cho Mulicast v RSVP: Khc v i MPLS, x p l p IP trn ATM n y sinh nhi u b t l i, c bi t trong vi c h tr cc d ch v IP nh IP muticast v RSVP( Resource Reservation Protocol - RSVP).
Tr n Th T Uyn
4
MPLS h tr cc d ch v ny, k th a th i gian v cng vi c theo cc chu n v khuy n khch t o nn nh x x p x c a cc c trng IP&ATM S o l ng v qu n l VPN: MPLS c th tnh c cc d ch v IP VPN v r t d qu n l cc d ch v VPN quan tr ng cung c p cc m ng IP ring trong c s h t ng c a n. Khi m t ISP cung c p d ch v VPN h tr nhi u VPN ring trn m t c s h t ng n.V i m t ng tr c MPLS, thng tin VPN ch c x l t i m t i m ra vo. Cc gi mang nhn MPLS i qua m t ng tr c v n i m ra ng c a n. K t h p MPLS v i MPBGP (Mutiprotocol Broder Gateway Protocol) t o ra cc d ch v VNP d a trn n n MPLS (MPLS-based VNP) d qu n l hn v i s i u hnh chuy n ti p qu n l pha VNP v cc thnh vin VNP, d ch v MPSL-based VNP cn c th m r ng h tr hng trm nghn VPN. Gi m t i trn m ng li Cc d ch v VPN h ng d n cch MPLS h tr m i thng tin nh tuy n phn c p. Hn n a,c th tch r i cc nh tuy n Internet kh i li m ng cung c p d ch v . Gi ng nh d li u VPN, MPSL ch cho php truy su t b ng nh tuy n Internet t i i m ra vo c a m ng. V i MPSL, k thu t lu l ng truy n bin c a AS c g n nhn lin k t v i i m tng ng. S tch r i c a nh tuy n n i kh i nh tuy n Internet y cng gip h n ch l i, n nh v tng tnh b o m t Kh nng i u khi n lu l ng: MPLS cung c p cc kh nng i u khi n lu l ng s ng d ng hi u qu ti nguyn m ng. K thu t lu l ng gip chuy n t i t cc ph n qu t i sang cc ph n cn r i c a m ng d a vo i m ch, lo i lu l ng, t i, th i gian, Cc hnh th c ho t ng c a MPLS M ng MPLS dng cc nhn chuy n ti p cc gi. Khi m t gi i vo m ng, Node MPLS l i vo nh d u m t gi n l p chuy n ti p tng ng (FEC Forwarding Equivalence Class) c th . Trong m ng MPLS nhn i u khi n m i ho t ng chuy n ti p. i u ny c nhi u thu n l i hn s chuy n ti p thng th ng: - S chuy n ti p MPLS c th th c hi n b ng cc b chuy n m ch (switch), c th tra c u (lookup) thay th nhn m khng nh h ng n header l p m ng. Cc b chuy n ATM th c hi c cc ch c nng chuy n cc t bo d a trn gi tr nhn. ATM-switch c n c i u khi n b i m t thnh ph n i u khi n MPLS d a vo IP (IP-base MPLS control element) nh b i u khi n chuy n m ch nhn (LSC Label Switch Controller). y l d ng c b n c a s k t h p IP v i ATM. - Khi m t gi vo m ng n c chuy n n l p chuy n ti p tng ng (FEC Forwarding Equivalence Class). Router c th s d ng thng tin gi, nh c ng vo (ingress) hay giao ti p (interface). Cc gi i vo m ng c gn cc nhn khc nhau. Quy t nh chuy n ti p c th c hi n d dng b i router ng vo. i u ny khng c trong s chuy n ti p thng th ng, v s xc nh l trnh c a router khc v i thng tin l trnh trn gi. - M ng c qu n l lu l ng bu c gi i theo m t con ng c th , m t con ng cha c s d ng. Con ng c ch n tr c ho c ngay khi gi i vo m ng t t hn s l a ch n b i cc thu t ton nh tuy n thng th ng. Trong MPLS, m t nhn c th c dng i di n cho tuy n, khng c n km trong gi. y l d ng c b n c a MPLS Traffic Engineering.
Tr n Th T Uyn
5
-
"L p d ch v (Class of service)" c a gi c xc nh b i nt MPLS vo (ingress MPLS node). M t nt MPLS vo c th hu tuy n hay s a i l ch trnh i u khi n cc gi khc nhau. Cc tr m sau c th nh l i rng bu c d ch v b ng cch thi t l p PBH (per-hop behavior). MPLS cho php (khng yu c u) u tin m t ph n ho c hon ton c a l p d ch v t nhn. Tr ng l p ny nhn i di n cho s k t h p c a m t FEC v i u tin ho c l p d ch v . y l d ng c b n c a MPLS QoS.
Nhn (Label) trong MPLS Ki u khung (Frame mode): Ki u khung l thu t ng khi chuy n ti p m t gi v i nhn g n tr c tiu l p ba. M t nhn c m ho v i 20bit, ngha l c th c 220 gi tr khc nhau. M t gi c nhi u nhn, g i l ch ng nhn (label stack). m i ch ng trong m ng ch c m t nhn bn ngoi c xem xt. Hnh 2 m t nh d ng tiu c a MPLS
Trong : - EXP=Experimental (3 bit): dnh cho th c nghi m. Cisco IOS s d ng cc bit ny gi cc thng bo cho QoS; khi cc gi MPLS x p hng c th dng cc bit EXP tng t nh cc bit IP u tin (IP Precedence). - S=Bottom of stack (1 bit): l bt cu i ch ng. Nhn cu i ch ng bit ny c thi t l p ln 1, cc nhn khc c bt ny l 0. - TTL=Time To Live (8 bit): th i gian s ng l b n sao c a IP TTL. Gi tr c a n c gi m t i m i ch ng trnh l p (gi ng nh trong IP). Th ng dng khi ng i i u hnh m ng mu n che d u c u hnh m ng bn d i khi tm ng t m ng bn ngoi. Ki u t bo (Cell mode): Thu t ng ny dng khi c m t m ng g m cc ATM LSR dng MPLS trong m t ph ng i u khi n trao i thng tin VPI/VCI thay v dng bo hi u ATM. Trong ki u t bo, nhn l tr ng VPI/VCI c a t bo. Sau khi trao i nhn trong m t ph ng i u khi n, m t ph ng chuy n ti p, router ng vo (ingress router) phn tch gi thnh cc t bo ATM, dng gi tr VCI/CPI tng ng trao i trong m t ph ng i u khi n v truy n t bo i. Cc ATM LSR pha trong ho t ng nh chuy n m ch ATM chng chuy n ti p m t t bo d a trn VPI/VCI vo v thng tin c ng ra tng ng. Cu i cng, router ng ra (egress router) s p x p l i cc t bo thnh m t gi.
Tr n Th T Uyn
6
ATM Cell header
GFC
VPI
VCI
PT
CLP
HEC
Header l p 3
D li u
Nhn Gi qua SONET/SDH PPP Header Nhn Header l p 3 Shim header D li u
Ethernet
Ethernet Header
Nhn
Header l p 3
D li u
Trong : GFC (Generic Flow Control): i u khi n lu ng chung VPI (Virtual Path Identifier): nh n d ng ng o VCI (Virtual Channel Identifier): nh n d ng knh o PT (Payload Type): Ch th ki u tr ng tin CLP (Cell Loss Priority): Ch c nng ch th u tin hu b t bo HEC (Header error check): Ki m tra l i tiu . C u trc nt c a MPLS M t nt c a MPLS c hai m t ph ng: m t ph ng chuy n ti p MPLS v m t ph ng i u khi n MPLS. Nt MPLS c th th c hi n nh tuy n l p ba ho c chuy n m ch l p hai. Ki n trc c b n c a m t nt MPLS nh sau: M t ph ng i u khi n
Giao th c
nh tuy n IP
Chuy n i thng tin nh tuy n
Giao th c phn ph i nhn
Chuy n i thng tin lin k t nhn
M t ph ng chuy n ti p
Cc gi IP v a n
B ng nh tuy n IP (ECF FIB)
Cc gi IP ra
Cc gi c g n nhn v a n
C s nh tuy n chuy n ti p nhn (LFIB)
Cc gi IP c g n nhn ra
M t ph ng chuy n ti p (Forwarding plane) M t ph ng chuy n ti p s d ng m t c s thng tin chuy n ti p nhn (LFIB - Label Forwarding Information Base) chuy n ti p cc gi. M i nt MPLS c hai b ng lin quan n vi c chuy n ti p l: c s thng tin nhn (LIB - Label Information Base) v LFIB. LIB ch a t t c cc nhn c nt MPLS c c b nh d u v nh x c a ccTr n Th T Uyn 7
nhn ny n cc nhn c nh n t lng gi ng (MPLS neighbor) c a n. LFIB s d ng m t t p con cc nhn ch a trong LIB th c hi n chuy n ti p gi. M t ph ng i u khi n (Control Plane) M t ph ng i u khi n MPLS ch u trch nhi m t o ra v lu tr LFIB. T t c cc nt MPLS ph i ch y m t giao th c nh tuy n IP trao i thng tin nh tuy n n cc nt MPLS khc trong m ng. Cc nt MPLS enable ATM s dng m t b i u khi n nhn (LSC Label Switch Controller) nh router 7200, 7500 ho c dng m t m un x l tuy n (RMP Route Processor Module) tham gia x l nh tuy n IP.
Cc nhn c trao i gi a cc nt MPLS k c n xy d ng nn LFIB. MPLS dng m t m u chuy n ti p d a trn s hon i nhn k t n i v i cc m un i u khi n khc nhau. M i m un i u khi n ch u trch nhi m nh d u v phn ph i m t t p cc nhn cng nh lu tr cc thng tin i u khi n c lin quan khc. Cc giao th c c ng n i (IGP Interior Gateway Potocols) c dng xc nh n kh nng n c, s lin k t, v nh x gi a FEC v a ch tr m k (next-hop address). Cc m un i u khi n MPLS g m: nh tuy n Unicast (Unicast Routing) nh tuy n Multicast (Multicast Routing) K thu t lu l ng (Traffic engineering) M ng ring o (VPN Virtual private Network) Ch t l ng d ch v (QoS Quality of service)M t ph ng i u khi n m t nt m ngi u khi n nh tuy n MPLS IP
Cc giao th c nh tuy n Link-state nh OSPF v IS-IS l cc giao th c c ch n v chng cung c p cho m i nt MPLS thng tin c a ton m ng. Trong cc b nh tuy n thng th ng, b n nh tuy n IP dng xy d ng b lu tr chuy n m ch nhanh (Fast switching cache) ho c FIB (dng b i CEF - Cisco Express Forwarding). Tuy nhin v i MPLS, b n nh tuy n IP cung c p thng tin c a m ng ch v subnet prefix. Cc giao th c nh tuy n link-state g i thng tin nh tuy n (flood) gi a m t t p cc router n i tr c ti p (adjacent), thng tin lin k t nhn ch c phn ph i gi a cc router n i tr c ti p v i nhau b ng cch dng giao th c phn ph i (LDP Label Distribution Protocol) ho c TDP (Cisco s proproetary Tag Distribution protocol).
i u khi n nh tuy n MPLS Multicast IP
i u khi n nh tuy n MPLS/VPN
i u khi n Lu l ng (MPLS TE)
Ch t l ng d ch v (QoS)
C s thng tin chuy n ti p nhn LFIB
M t ph ng d li u t i m t nt m ng
Cc thnh ph n m t ph ng d li u v m t ph ng i u khi n c a MPLS
Tr n Th T Uyn
8
Cisco Express Forwarding (CEF) l n n t ng cho MPLS v ho t ng trn cc router c a Cisco. Do , CEF l i u ki n tin quy t trong th c thi MPLS trn m i thi t b c a Cisco ngo i tr cc ATM switch ch h tr ch c nng c a m t ph ng chuy n ti p d li u. CEF l m t c ch chuy n m ch thu c s h u c a Cisco nh m lm tng tnh n gi n v kh nng chuy n ti p gi IP. CEF trnh vi c vi t l i overhead c a cache trong mi tr ng li IP b ng cch s d ng m t c s thng tin chuy n ti p (FIB Forwarding Information Base) quy t nh chuy n m ch. N ph n nh ton b n i dung c a b ng nh tuy n IP (IP routing table), nh x 1-1 gi a FIB v b ng nh tuy n. Khi router s d ng CEF, n duy tr t i thi u 1 FIB, ch a m t nh x cc m ng ch trong b ng nh tuy n v i cc tr m k ti p (next-hop adjacencies) tng ng. FIB trong m t ph ng d li u, ni router th c hi n c ch chuy n ti p v x l cc gi tin. Trn router cn duy tr hai c u trc khc l c s thng tin nhn (LIB Label Information Base) v c s thng tin chuy n ti p nhn (LFIB Label Forwarding Information Base). Giao th c phn ph i s d ng gi a cc lng gi ng MPLS c nhi m v t o ra cc ch m c (entry) trong hai b ng ny. LIB thu c m t ph ng i u khi n v c giao th c phn ph i nhn s d ng khi a ch m ng ch trong b ng nh tuy n c nh x v i nhn nh n c t router xui dng. LFIB thu c m t ph ng d li u v ch a nhn c c b (local label) n nhn tr m k nh x v i giao ti p ng ra (outgoing interface), c dng chuy n ti p cc gi c gn nhn. Nh v y, thng tin v cc m ng n c do cc giao th c nh tuy n cung c p dng xy d ng b ng nh tuy n (RIB - Routing Information Base). RIB cung c p thng tin cho FIB. LIB c t o nn d a vo giao th c phn ph i nhn v t LIB k t h p v i FIB t o ra LFIB.
Thu t ton chuy n ti p nhn (Label Forwarding Algorithm) B chuy n nhn s d ng m t thu t ton chuy n ti p d a vo vi c hon i nhn. Nt MPLS l y gi tr trong nhn c a gi v a n lm ch m c n LFIB. Khi gi tr nhn tng ng c tm th y, MPLS s thay th nhn trong gi b ng nhn ra (outgoing label) t m c con (subentry) v g i gi qua giao ti p ng ra tng ng n tr m k c xc nh. N u nt MPLS ch a nhi u LFIB trn m i giao ti p, n s d ng giao ti p v t l ni gi n ch n m t LFIB c th ph c v chuy n ti p gi. Cc thu t
Tr n Th T Uyn
9
ton chuy n ti p thng th ng s d ng nhi u thu t ton nh unicast, multicast v cc gi unicast c thi t l p bit ToS. Tuy nhin, MPLS ch dng m t thu t ton chuy n ti p d a trn s hon i nhn (Label swapping). M t nt MPLS truy xu t b nh n l y ra cc thng tin nh quy t nh dnh ra ti nguyn c n thi t chuy n ti p gi. Kh nng chuy n ti p v tra c u t c nhanh gip chuy n nhn (label switching) tr thnh cng ngh chuy n m ch c tnh th c thi cao. MPLS cn c th dng chuy n v n cc giao th c l p ba khc nh IPv6, IPX, ho c Apple Talk. Cc thu c tnh ny gip MPLS c th tng thch t t v i vi c chuy n i cc m ng t IPv4 ln IPv6. Ho t ng chuy n ti p c a MPLS Th c hi n chuy n ti p d li u v i MPLS g m cc b c sau: - Gn nhn MPLS (trn LSR). - Giao th c phn ph i nhn (LDP - label distribution protocol hay TDP - tag distribution protocol ) th c hi n gn nhn v trao i nhn gi a cc LSR trong mi n MPLS thi t l p cc phin lm vi c (session). Vi c gn nhn c th gn c c b trn router ho c trn giao ti p c a router. - Thi t l p LDP/TDP gi a LSR/ELSR. - M c nh trn router s d ng LDP. C u hnh: Router(config)#mpls label protocol {ldp | tdp} Th c hi n l nh khi router khng mc nh dng LDP ho c mu n chuy n t LDP sang TDP. L nh ny c th c c u hnh ton c c ho c trn giao ti p: Router(config-if)#mpls label protocol {ldp | tdp} N u c u hnh trn giao ti p th n s ghi ln l nh ton c c. TDP dng c ng TCP 711. LDP dng c ng TCP 646. C 4 lo i thng i p LDP: Discovery: qu ng co v ch p nh n s c m t c a LSR trong m ng. Session: Thi t l p, b o d ng v h y phin lm vi c gi a cc LSR. Advertisement: qu ng co nh x nhn t i FEC Notification: bo hi u l i.
Tr n Th T Uyn
10
Phn ph i nhn b ng giao th c phn ph i nhn LDP Trong m t mi n MPLS, m t nhn gn t i m t a ch (FIB) ch c phn ph i t i cc lng gi ng ng c dng sau khi thi t l p session. Vi c k t n i gi a m ng c th v i nhn c c b v m t nhn tr m k (nh n t router xui dng) c lu tr trong LFIB v LIB. MPLS dng cc phng th c phn ph i nhn nh sau: - Yu c u xui dng (Downstream on demand). - T nguy n xui dng (Unsolicited downstream).
S duy tr nhn MPLS
Tr n Th T Uyn
11
C hai ch
duy tr nhn:
Ch duy tr nhn t do (liberal label retention mode): duy tr k t n i gi a nhn v m ng ch nhng khng lu gi tr m k cho ch n . LSR c th chuy n ti p gi ngay khi IGP h i t v s l ng nhn lu gi r t l n cho t ng ch n c th nn t n b nh . Ch duy tr nhn th ng xuyn (conservative label retention mode): duy tr nhn d a vo h i p LDP hay TDP c a tr m k . N h y cc k t n i t LSR xui dng m khng ph i tr m k c a ch n ch nh nn gi m thi u c b nh . Cc lo i nhn Untagged: gi MPLS n c chuy n thnh m t gi IP v chuy n ti p c dng trong th c thi MPLS VPN. c bi t n ch. N
Nhn Implicit-null hay POP: Nhn ny c gn khi nhn trn (top label) c a gi MPLS n b bc ra v gi MPLS hay IP c chuy n ti p t i tr m k xui dng. Gi tr c a nhn ny l 3 (tr ng nhn 20 bit). Nhn ny c dng trong m ng MPLS cho nh ng tr m k cu i. Nhn Explicit-null: c gn gi gi tr EXP cho nhn trn (top label) c a gi n. Nhn trn c hon i v i gi tr 0 v chuy n ti p nh m t gi MPLS t i tr m k xui dng. Nhn ny s d ng khi th c hi n QoS v i MPLS.
Nhn Aggregate: v i nhn ny, khi gi MPLS n n b bc t t c nhn trong ch ng nhn ra tr thnh m t gi IP v th c hi n tra c u trong FIB xc nh giao ti p ng ra cho n.
Tr n Th T Uyn
12
Chng 2: C U HNH MPLS C B NC u hnh v ki m ch ng MPLS ch khung (Frame-mode MPLS)
ch khung, MPLS s d ng m t nhn 32 bit chn vo gi a tiu l p 2 v l p 3. Cc d ng ng gi l p 2 nh HDLC, PPP, Frame Relay, v Ethernet d a trn ki u khung (frame) nn c th ho t ng ch khung (frame mode) ho c ch t bo (cell mode), ngo i tr ATM ch ho t ng ch t bo. Basic frame-mode MPLS
Bi u
ti n trnh c u hnh Frame-Mode MPLS
Tr n Th T Uyn
13
Cc b c c u hnh frame-mode MPLS c b n Cc b c c u hnh d a trn s trn.
B c 1: Cho php CEF CEF l m t thnh ph n thi t y u cho chuy n m ch nhn (label switching) v ch u trch nhi m s p x p v ci t nhn trong m t m ng MPLS. C u hnh CEF ton c c trn cc router R1, R2, R3 v R4 b ng l nh: Router(config)#ip cef [distributed]. Ch c ch n r ng CEF c cho php trn giao ti p. N u khng c th c th cho php CEF trn giao ti p b ng cch dng l nh: Router(config-if)#ip route-cache cef. Dng t kha [distribute] th hi n kh nng c a chuy n m ch CEF c chia s .
B c 2: C u hnh giao th c nh tuy n IGP y ta xt giao th c OSPF. Cho php cc giao ti p trn cc router tham gia vo m ng c a nh cung c p b ng l nh : Router(config)#router ospf process-id Router(config-router)#network ip-address wild-card mask area area-id
Cho php giao th c phn ph i nhn l m t b c ty ch n. Ng m nh, LDP l giao th c phn ph i nhn. L nh mpls label protocol {ldp | tdp} ch c dng n u LDP khng ph i l giao th c ng m nh ho c n u mu n chuy n i qua l i gi a LDP v TDP. L nh ny nn c u hnh trong ch ton c c ( Router(config)# ) t t hn trn giao ti p ( Router(config-if)# ). Tuy nhin l nh c u hnh trn giao ti p s ghi ln l nh c u hnh ton c c. B c 3: Gn LDP router ID
Tr n Th T Uyn
14
LDP s d ng a ch IP cao nh t trn m t giao ti p loopback nh l m t LDP router ID. N u khng c a ch loopback th a ch IP cao nh t trn router s tr thnh LDP router ID. Mu n bu c m t giao ti p tr thnh LDP router ID dng l nh: Router(config)#mpls ldp router-id {interface | ip-address} [force] Giao ti p loopback c khuy n khch v chng lun ho t ng. B c 4: Cho php Ipv4 MPLS hay chuy n ti p nhn trn giao ti p Router(config-if)#mpls ip
Ki m tra ho t
ng c a frame-mode MPLS c b n:
Ki m tra s cho php CEF trn router: Router#show ip cef Xc nh chuy n ti p MPLS c cho php trn giao ti p : Router#show mpls interfaces Xem tr ng thi c a ti n trnh khm ph LDP. Hi n th thng tin khm ph LDP c a lng gi ng v cc giao ti p m ti n trnh khm ph LDP ang ch y. Router#show mpls ldp discovery Tr ng xmit/recv th hi n giao ti p ang truy n v nh n cc gi LDP discovery Hello. Xc nh tr ng thi cc phin lm vi c v i lng gi ng LDP: Router#show mpls ldp neighbor S chuy n ti p m t ph ng i u khi n v m t ph ng d li u
M t ph ng i u khi n
Hnh trn th hi n ho t ng c a m p ph ng i u khi n cho prefix 10.10.10.101/32 t R1 n R4. Cc b c sau th hi n ti n trnh qu ng b nhn cho prefix 10.10.10.101/32:
Tr n Th T Uyn
15
B c 1: R1 g i m t implicit null hay POP label t i R2. Gi tr 3 i di n cho nhn implicit-null. R1 qu ng b (propagates) implicit-null n R2, R2 th c hi n ch c nng POP d li u chuy n ti p t R4 t i 10.10.10.101/32. N u R1 qu ng b m t nhn explicit-null, LSR R2 ng c dng khng POP nhn nhng gn m t gi tr nhn l 0 v g i m t gi c gn nhn t i R2. V d : R1#show mpls ldp bindings
B c 3 : trn R3, prefix 10.10.10.101/32 c gn m t nhn c c b l 17 v m t nhn ra 16. Nhn ra c nh n t R2. Nhn c c b 17 c qu ng b b ng s chia s nhn n R4. Nhn 17 c R4 dng chuy n ti p d li u n 10.10.10.101/32. Ho t
B c 2 : R2 gn m t LSP label t i 10.10.10.101/32. Gi tr nhn ny c qu ng b t i R3. Gi tr ny c R3 p t trn ng chuy n ti p d li u.
tib entry: 10.10.10.101/32, rev 4 local binding: tag: imp-null remote binding: tsr: 10.10.10.102:0, tag: 16
Cc b c sau bi u di n ng chuy n ti p d li u t R4 t i 10.10.10.101/32
ng chuy n ti p d li u
R4 p t nhn 17 ln gi d li u t R4 t i 10.10.10.101/32. R3 th c hi n tra c u LFIB (LFIB lookup) v hon i nhn 17 thnh 16 v chuy n ti p gi d li i t i R2. R2 nh n gi d li u t R3, th c hi n ch c nng pop c a tr m k cu i, bc nhn 16 v chuy n ti p gi d li u t i R1. LAB 2-1: C u hnh MPLS frame-mode c b n
M t
C u hnh v ki m tra LSR1#show run Building configuration...
Tr n Th T Uyn
16
Current configuration : 912 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LSR1 ! logging queue-limit 100 ! ip subnet-zero ! ip cef mpls ldp logging neighbor-changes tag-switching tdp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/1 ip address 10.10.10.1 255.255.255.252 tag-switching ip clockrate 72000 ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! ip http server ip classless end LSR1#show ip route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 [110/192] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.0/30 is directly connected, Serial0/1 10.10.10.4/30 [110/128] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.104/32 [110/193] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.102/32 [110/65] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.103/32 [110/129] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.101/32 is directly connected, Loopback0
O C O O O O C
LSR1#show ip cef Prefix Next Hop 0.0.0.0/0 drop 0.0.0.0/32 receive
Interface Null0 (default route handler entry)
Tr n Th T Uyn
17
10.10.10.0/30 attached 10.10.10.0/32 receive 10.10.10.1/32 receive 10.10.10.3/32 receive 10.10.10.4/30 10.10.10.2 10.10.10.8/30 10.10.10.2 10.10.10.101/32 receive 10.10.10.102/32 10.10.10.2 10.10.10.103/32 10.10.10.2 10.10.10.104/32 10.10.10.2 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive LSR1#show cef int s0/1
Serial0/1
Serial0/1 Serial0/1 Serial0/1 Serial0/1 Serial0/1
Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.1/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR1#show mpls interfaces Interface IP Tunnel Operational Serial0/1 Yes (tdp) No Yes LSR1#show mpls ldp discovery Local LDP Identifier: 10.10.10.101:0 Discovery Sources: Interfaces: Serial0/1 (tdp): xmit LSR2#show run !
Tr n Th T Uyn
18
hostname LSR2 ! logging queue-limit 100 ! memory-size iomem 10 ip subnet-zero ! ! ! ip cef mpls ldp logging neighbor-changes tag-switching tdp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.2 255.255.255.252 mpls label protocol ldp tag-switching ip ! interface Serial0/1 ip address 10.10.10.5 255.255.255.252 mpls label protocol ldp tag-switching ip ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! end LSR2#show cdp nei .. Device ID Local Intrfce Holdtme Capability Platform Port ID LSR1 Ser 0/0 173 R 2610 Ser 0/1 LSR3 Ser 0/1 125 R 2610 Ser 0/1 LSR2#show ip route .. Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 [110/128] via 10.10.10.6, 00:23:26, Serial0/1 10.10.10.0/30 is directly connected, Serial0/0 10.10.10.4/30 is directly connected, Serial0/1 10.10.10.104/32 [110/129] via 10.10.10.6, 00:23:26, Serial0/1 10.10.10.102/32 is directly connected, Loopback0 10.10.10.103/32 [110/65] via 10.10.10.6, 00:23:26, Serial0/1 10.10.10.101/32 [110/65] via 10.10.10.1, 00:23:26, Serial0/0
O C C O C O O
Tr n Th T Uyn
19
LSR2#show ip cef Prefix Next Hop Interface 0.0.0.0/0 drop Null0 (default route handler entry) 0.0.0.0/32 receive 10.10.10.0/30 attached Serial0/0 10.10.10.0/32 receive 10.10.10.2/32 receive 10.10.10.3/32 receive 10.10.10.4/30 attached Serial0/1 10.10.10.4/32 receive 10.10.10.5/32 receive 10.10.10.7/32 receive 10.10.10.8/30 10.10.10.6 Serial0/1 10.10.10.101/32 10.10.10.1 Serial0/0 10.10.10.102/32 receive 10.10.10.103/32 10.10.10.6 Serial0/1 10.10.10.104/32 10.10.10.6 Serial0/1 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive LSR2#show cef int s0/0 Serial0/0 is up (if_number 4) Corresponding hwidb fast_if_number 4 Corresponding hwidb firstsw->if_number 4 Internet address is 10.10.10.2/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/0 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 3(3) Slot 0 Slot unit 0 Unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR2#show cef int s0/1 Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.5/30
Tr n Th T Uyn
20
ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR2#show mpls int Interface IP Tunnel Operational Serial0/0 Yes (ldp) No Yes Serial0/1 Yes (ldp) No Yes LSR2#show mpls ldp dis Local LDP Identifier: 10.10.10.102:0 Discovery Sources: Interfaces: Serial0/0 (ldp): xmit Serial0/1 (ldp): xmit/recv LDP Id: 10.10.10.103:0 LSR2#show mpls ldp nei Peer LDP Ident: 10.10.10.103:0; Local LDP Ident 10.10.10.102:0 TCP connection: 10.10.10.103.11010 - 10.10.10.102.646 State: Oper; Ms LSR3#show run Building configuration... Current configuration : 947 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LSR3 ! logging queue-limit 100
Tr n Th T Uyn
21
! ip subnet-zero ! ! ! ip cef mpls label protocol ldp mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.103 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.9 255.255.255.252 tag-switching ip clockrate 72000 no fair-queue ! interface Serial0/1 ip address 10.10.10.6 255.255.255.252 tag-switching ip clockrate 72000 ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! end LSR3#show ip route . Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 is directly connected, Serial0/0 10.10.10.0/30 [110/128] via 10.10.10.5, 00:11:19, Serial0/1 10.10.10.4/30 is directly connected, Serial0/1 10.10.10.104/32 [110/65] via 10.10.10.10, 00:11:19, Serial0/0 10.10.10.102/32 [110/65] via 10.10.10.5, 00:11:19, Serial0/1 10.10.10.103/32 is directly connected, Loopback0 10.10.10.101/32 [110/129] via 10.10.10.5, 00:11:19, Serial0/1
C O C O O C O
LSR3# show cdp nei Device ID Local Intrfce Holdtme Capability Platform Port ID LSR4 Ser 0/0 131 R 2610 Ser 0/1 LSR2 Ser 0/1 178 R 2610 Ser 0/1 LSR3#show ip cef Prefix Next Hop
Interface
Tr n Th T Uyn
22
0.0.0.0/0 drop Null0 (default route handler entry) 0.0.0.0/32 receive 10.10.10.0/30 10.10.10.5 Serial0/1 10.10.10.4/30 attached Serial0/1 10.10.10.4/32 receive 10.10.10.6/32 receive 10.10.10.7/32 receive 10.10.10.8/30 attached Serial0/0 10.10.10.8/32 receive 10.10.10.9/32 receive 10.10.10.11/32 receive 10.10.10.101/32 10.10.10.5 Serial0/1 10.10.10.102/32 10.10.10.5 Serial0/1 10.10.10.103/32 receive 10.10.10.104/32 10.10.10.10 Serial0/0 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive LSR3#show cef int s0/0 Serial0/0 is up (if_number 4) Corresponding hwidb fast_if_number 4 Corresponding hwidb firstsw->if_number 4 Internet address is 10.10.10.9/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/0 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 3(3) Slot 0 Slot unit 0 Unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR3#show cef int s0/1 Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.6/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled
Tr n Th T Uyn
23
Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR3#show mpls interfaces Interface IP Tunnel Operational Serial0/0 Yes (ldp) No Yes Serial0/1 Yes (ldp) No Yes LSR3#show mpls ldp dis Local LDP Identifier: 10.10.10.103:0 Discovery Sources: Interfaces: Serial0/0 (ldp): xmit/recv LDP Id: 10.10.10.104:0 Serial0/1 (ldp): xmit/recv LDP Id: 10.10.10.102:0 LSR3#show mpls ldp nei Peer LDP Ident: 10.10.10.102:0; Local LDP Ident 10.10.10.103:0 TCP connection: 10.10.10.102.646 - 10.10.10.103.11010 State: Oper; Msgs sent/rcvd: 53/49; Downstream Up time: 00:32:45 LDP discovery sources: Serial0/1, Src IP addr: 10.10.10.5 Addresses bound to peer LDP Ident: 10.10.10.102 10.10.10.2 10.10.10.5 Peer LDP Ident: 10.10.10.104:0; Local LDP Ident 10.10.10.103:0 TCP connection: 10.10.10.104.11004 - 10.10.10.103.646 State: Oper; Msgs sent/rcvd: 24/24; Downstream Up time: 00:12:43 LDP discovery sources: Serial0/0, Src IP addr: 10.10.10.10 Addresses bound to peer LDP Ident: 10.10.10.104 10.10.10.10 LSR4#show run Building configuration... !
Tr n Th T Uyn
24
version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LSR4 ! logging queue-limit 100 ! memory-size iomem 10 ip subnet-zero ! ip cef mpls label protocol ldp mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.104 255.255.255.255 ! interface Serial0/1 ip address 10.10.10.10 255.255.255.252 tag-switching ip ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! end LSR4#show cdp nei Device ID Local Intrfce Holdtme Capability Platform Port ID LSR3 Ser 0/1 159 R 2610 Ser 0/0 LSR4#show ip route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 is directly connected, Serial0/1 10.10.10.0/30 [110/192] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.4/30 [110/128] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.104/32 is directly connected, Loopback0 10.10.10.102/32 [110/129] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.103/32 [110/65] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.101/32 [110/193] via 10.10.10.9, 00:13:46, Serial0/1
C O O C O O O
LSR4#show ip cef Prefix Next Hop 0.0.0.0/0 drop 0.0.0.0/32 receive
Interface Null0 (default route handler entry)
Tr n Th T Uyn
25
10.10.10.0/30 10.10.10.9 10.10.10.4/30 10.10.10.9 10.10.10.8/30 attached 10.10.10.8/32 receive 10.10.10.10/32 receive 10.10.10.11/32 receive 10.10.10.101/32 10.10.10.9 10.10.10.102/32 10.10.10.9 10.10.10.103/32 10.10.10.9 10.10.10.104/32 receive 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive
Serial0/1 Serial0/1 Serial0/1
Serial0/1 Serial0/1 Serial0/1
LSR4#show cef int s0/1 Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.10/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR4#show mpls int Interface IP Tunnel Operational Serial0/1 Yes (ldp) No Yes LSR4#show mpls ldp dis Local LDP Identifier: 10.10.10.104:0 Discovery Sources: Interfaces: Serial0/1 (ldp): xmit/recv LDP Id: 10.10.10.103:0 LSR4#show mpls ldp nei Peer LDP Ident: 10.10.10.103:0; Local LDP Ident 10.10.10.104:0 TCP connection: 10.10.10.103.646 - 10.10.10.104.11004
Tr n Th T Uyn
26
State: Oper; Msgs sent/rcvd: 26/26; Downstream Up time: 00:14:34 LDP discovery sources: Serial0/1, Src IP addr: 10.10.10.9 Addresses bound to peer LDP Ident: 10.10.10.103 10.10.10.6 10.10.10.9
Tr n Th T Uyn
27
Chng 3: T NG QUAN V MPLS VPNVPN c gi i thi u cho php cc nh cung c p d ch v s d ng c s h t ng cng c ng c s n th c thi cc k t n i point-to-point gi a cc site khch hng. M t m ng khch hng th c thi v i b t k cng ngh VPN no s n m trong vng i u khi n c a khch hng c g i l cc site khch hng, cc site ny c k t n i v i nhau thng qua m ng c a nh cung c p d ch v (SP service provider). Trong cc m ng d a trn b nh tuy n truy n th ng (traditional router-based network), cc site khc nhau c a cng khch hng c k t n i v i nhau b ng cc k t n i point-to-point chuyn d ng (lease line, Frame Relay,). Chi ph th c hi n ph thu c vo s l ng site khch hng. Cc site k t n i d ng full mesh s lm gia tng chi ph theo c p s m. Frame Relay v ATM l nh ng cng ngh i u thch h p th c thi VPN. Cc m ng ny bao g m cc thi t b khc nhau thu c v khch hng ho c nh cung c p d ch v , l cc thnh ph n c a gi i php VPN. Nhn chung, VPN g m cc vng sau: M ng khch hng (Customer network) g m cc router t i cc site khch hng khc nhau. Cc router k t n i cc site c nhn v i m ng c a nh cung c p c g i l cc router bin pha khch hng (CE customer edge). T ng quan v VPN
-
M ng nh cung c p (Provider network) c dng cung c p cc k t n i point-to-point qua h t ng m ng c a nh cung c p d ch v . Cc thi t b c a nh cung c p d ch v m n i tr c ti p v i CE router c g i l router bin pha nh cung c p (PE Provifer edge). M ng c a nh cung c p cn c cc thi t b dng chuy n ti p d li u trong m ng tr c (SP backbone) c g i l cc rouer nh cung c p (P - Provider). D a trn s tham gia c a nh cung c p d ch v trong vi c nh tuy n cho khch hng, VPN c th chia thnh hai lo i m hnh: Overlay v Peer-to-peer.
Ban u Overlay VPN c th c thi b i SP cung c p cc k t n i l p 1 (physical layer) hay m ch chuy n v n l p 2 (d li u d ng frame ho c cell) gi a cc site khch hng b ng cch s d ng cc thi t b Frame Relay hay ATM switch lm PE. Do nh cung c p d ch v khng th nh n bi t c vi c nh tuy n pha khch hng. Sau , Overlay VPN th c thi cc d ch v qua IP (l p 3) v i cc giao th c nh ng h m nh L2TP, GRE, v IPSec. Tuy nhin, d trong tr ng h p no th m ng c a nh cung c p v n trong su t i v i khch hng, v cc giao th c nh tuy n ch y tr c ti p gi a cc router c a khch hng.
Khi Frame Relay v ATM cung c p cho khch hng cc m ng ring, nh cung c p khng th tham gia vo vi c nh tuy n khch hng. Cc nh cung c p d ch v ch v n chuy n d li u qua cc k t n i point-to-point o. Nh v y nh cung c p ch cung c p cho khch hng k t n i o t i l p 2; l m hnh Overlay. N u m ch o l c nh, s n sng cho khch hng s d ng m i lc th c g i l m ch o c nh (PVC permanent virtual circuit). N u m ch o c thi t l p theo yu c u (on-demand) th c g i l m ch o chuy n i (SVC switch virtual circuit). H n ch chnh c a m hnh Overlay l cc m ch o c a cc site khch hng k t n i d ng full mesh (ngo i tr tri n khai d ng hub-and-spoke hay partial hub-and-spoke). N u c N site khch hng th t ng s l ng m ch o c n thi t cho vi c t i u nh tuy n l N(N-1)/2.
Tr n Th T Uyn
28
M hnh ngang c p (peer-to-peer) c pht tri n kh c ph c nh c i m c a m hnh Overlay v cung c p cho khch hng c ch v n chuy n t i u qua SP backbone. Do nh cung c p d ch v c th tham gia vo vi c nh tuy n c a khch hng. Trong m hnh peer-to-peer, thng tin nh tuy n c trao i gi a cc router khch hng v cc router c a nh cung c p d ch v , d li u c a khch hng c v n chuy n qua m ng li c a nh cung c p. Thng tin nh tuy n c a khch hng c mang gi a cc router trong m ng c a nh cung c p (P v PE), v m ng khch hng (cc CE router). M hnh ny khng yu c u t o ra m ch o. Quan st hnh trn ta th y, cc CE router trao i tuy n v i cc router PE trong SP domain. Thng tin nh tuy n c a khch hng c qu ng b qua SP backbone gi a cc PE v P v xc nh c ng i t i u t m t site khch hng n m t site khc. Vi c pht hi n cc thng tin nh tuy n ring c a khc hng t c b ng cch th c hi n l c gi t i cc router k t n i v i m ng khch hng. a ch IP c a khch hng do nh cung c p ki m sot. Ti n trnh ny xem nh l th c thi cc PE peer-topeer chia s (shared PE peer-to-peer). Hnh sau m t nh ng vi c tri n khai m hnh peer-to-peer.
Tr n Th T Uyn
29
Ki n trc v thu t ng trong MPLS VPN Trong ki n trc m ng MPLS VPN, cc router bin mang thng tin nh tuy n khch hng, cung c p nh tuy n t i u cho lu l ng gi a cc site c a khch hng. M hnh MPLS-based VPN cng gip cho khch hng s d ng khng gian a ch trng l p (overlapping address spaces), khng gi ng nh m hnh peer-to-peer truy n th ng trong vi c nh tuy n lu l ng khch hng yu c u nh cung c p ph i gn a ch IP ring cho m i khch hng (ho c khch hng ph i th c hin NAT) trnh trng l p khng gian a ch . MPLS VPN l m t d ng th c thi y c a m hnh peer-to-peer; MPLS VPN backbone v cc site khch hng trao i thng tin nh tuy n l p 3, v d li u c chuy n ti p gi a cc site khch hng s d ng MPLS-enable SP IP backbone. Mi n (domain) MPLS VPN, gi ng nh VPN truy n th ng, g m m ng c a khch hng v m ng c a nh cung c p. M hnh MPLS VPN gi ng v i m hnh router PE dnh ring (dedicated PE router model) trong cc d ng th c thi VPN ngang c p peer-to-peer VPN. Tuy nhin, thay v tri n khai cc router PE khc nhau cho t ng khch hng, lu l ng khch hng c tch ring trn cng router PE nh m cung c p kh nng k t n i vo m ng c a nh cung c p cho nhi u khch hng. Cc thnh ph n c a m t MPLS VPN c trnh by trong hnh sau:
Cc thnh ph n chnh c a ki n trc MPLS VPN:
M ng khch hng th ng l mi n i u khi n c a khch hng g m cc thi t b hay cc router tr i r ng trn nhi u site c a cng m t khch hng. Cc router CE l nh ng router trong m ng khch hng giao ti p v i m ng c a nh cung c p. hnh trn, m ng khch hng c a CustomerA g m cc router CE1-A, CE2-A v cc thi t b trong Site 1 v Site 2 c a CustomerA. Cc router CE c a Customer A l CE1-A v CE2-A, v router CE c a Customer B l CE1-B v CE2-B.Tr n Th T Uyn 30
M ng c a nh cung c p mi n thu c i u khi n c a nh cung c p g m cc router bin (edge) v li (core) k t n i cc site thu c vo cc khch hng trong m t h t ng m ng chia s . Cc router PE l cc router trong m ng c a nh cung c p giao ti p v i router bin c a khch hng. Cc router P router trong li c a m ng, giao ti p v i cc router li khc ho c router bin c a nh cung c p. Trong hnh trn, m ng c a nh cung c p g m cc router PE1, PE2, P1, P2, P3, v P4. PE1 v PE2 l router bin c a nh cung c p trong mi n MPLS VPN cho khch hng A v B. Router P1, P2, P3 v P4 l cc router nh cung c p (provider router). M hnh nh tuy n MPLS VPN MPLS VPN gi ng nh m hnh m ng ngang c p v i router dnh ring. T m t router CE, ch c p nh t IPv4, d li u c chuy n ti p n router PE. CE khng c n b t k m t c u hnh ring bi t no cho php n tham gia vo mi n MPLS VPN. Yu c u duy nh t trn CE l m t giao th c nh tuy n (hay tuy n tnh(static)/tuy n ng m nh (default)) cho php n trao i thng tin nh tuy n IPv4 v i cc router PE. Trong m hnh MPLS VPN, router PE th c hi n r t nhi u ch c nng. Tr c tin n ph i phn tch lu l ng khch hng n u c nhi u hn m t khch hng k t n i t i n. V th , m i khch hng c g n v i m t b ng nh tuy n c l p. nh tuy n qua SP backbone th c hi n b ng m t ti n trnh nh tuy n trong b ng nh tuy n ton c c. Router P cung c p chuy n m ch nhn gi a cc router bin c a nh cung c p v khng bi t n cc tuy n VPN. Cc router CE trong m ng khch hng khng nh n bi t c cc router P v do c u trc m ng n i b c a m ng SP trong su t i v i khch hng. Hnh sau m t ch c nng c a router PE.
Khch hng c phn bi t trn router PE b ng cc b ng nh tuy n o (virtual routing tables) ho c cc instance, cn c g i l VRF (virtual routing and forwarding tables/instances). Th c ch t n gi ng nh duy tr nhi u router ring bi t cho cc khch hng k t n i vo m ng c a nh cung c p. ch c nng c a VRF gi ng nh m t b n nh tuy n ton c c, ngo i tr vi c n ch a m i tuy n lin quan n m t VPN c th . VRF cng ch a m t b ng chuy n ti p CEF cho VRF ring bi t (VRFspecific CEF forwarding table) tng ng v i b ng CEF ton c c xc nh cc yu c u k t n i v cc giao th c cho m i site khch hng k t n i trn m t router PE. VRF xc nh b i c nh (context) giao th c nh tuy n tham gia vo m t VPN c th cng nh giao ti p trn router PE c c b tham gia vo VPN, ngha l s d ng VRF. Giao ti p tham gia vo VRF ph i h tr chuy n m ch CEF. M t VRF c th g m m t giao ti p (logical hay physical) ho c nhi u giao ti p trn m t router.
VRF - Virtual Routing and Forwarding Table
Tr n Th T Uyn
31
VRF ch a m t b ng nh tuy n IP tng ng v i b ng nh tuy n IP ton c c, m t b ng CEF, li t k cc giao ti p tham gia vo VRF, v m t t p h p cc nguyn t c xc nh giao th c nh tuy n trao i v i cc router CE (routing protocol contexts). VRF cn ch a cc nh danh VPN (VPN identifier) nh thng tin thnh vin VPN (RD v RT). Hnh sau cho th y ch c nng c a VRF trn m t touter PE th c hi n tch tuy n khch hng.
Cisco IOS h tr cc giao th c nh tuy n khc nhau nh nh ng ti n trnh nh tuy n ring bi t (OSPF, EIGRP,) trn router. Tuy nhin, m t s giao th c nh RIP v BGP, IOS ch h tr m t instance c a giao th c nh tuy n. Do , th c thi nh tuy n VRF b ng cc giao th c ny ph i tch ring hon ton cc VRF v i nhau. B i c nh nh tuy n (routing context) c thi t k h tr cc b n sao c a cng giao th c nh tuy n VPN PE-CE. Cc b i c nh nh tuy n ny c th c th c thi nh cc ti n trnh ring bi t (OSPF), hay nh nhi u instance c a cng m t giao th c nh tuy n (BGP, RIP, ). N u nhi u instance c a cng m t giao th c nh tuy n c s d ng th m i instance c m t t p cc tham s c a ring n. Hi n t i, Cisco IOS h tr RIPv2, EIGRP, BGPv4 (nhi u instance), v OSPFv2 (nhi u ti n trnh) c dng cho VRF trao i thng tin nh tuy n gi a CE v PE. Ch : cc giao ti p VRF c th l lu n l (logical) ho c v t l (physical) nhng m i giao ti p ch c gn v i m t VRF.
Route Distinguisher, Route Targets, MP-BGP, v Address Families Trong m hnh MPLS VPN, router PE phn bi t cc khch hng b ng VRF. Tuy nhin, thng tin ny c n c mang theo gi a cc router PE cho php truy n d li u gi a cc site khch hng qua MPLS VPN backbone. Router PE ph i c kh nng th c thi cc ti n trnh cho php cc m ng khch hng k t n i vo c khng gian a ch trng l p (overlapping address spaces). Router PE h c cc tuy n ny t cc m ng khch hng v qu ng b thng tin ny b ng m ng tr c chia s c a nh cung c p (shared provider backbone). i u ny th c hi n b ng vi c k t h p v i RD (route distinguisher) trong b ng nh tuy n o (virtual routing table) trn m t router PE. RD l m t nh danh 64-bit duy nh t, thm vo tr c 32-bit a ch tuy n c h c t router CE t o thnh a ch 96-bit duy nh t c th c chuy n v n gi a cc router PE trong mi n MPLS. Do ch duy nh t m t RD c c u hnh cho 1 VRF trn routerTr n Th T Uyn 32
PE. a ch 96-bit cu i cng (t ng h p c a 32-bit c g i l m t a ch VPNv4.
a ch khch hng v 64-bit RD)
a ch VPNv4 trao i gi a cc router PE trong m ng nh cung c p. RD c th c hai nh d ng: d ng a ch IP ho c ch s AS. Hnh bn d i cho th y hai khch hng c a ch m ng gi ng nhau, 172.16.10.0/24, c phn bi t nh vo cc gi tr RD khc nhau, 1:100 v 1:101, u tin qu ng b a ch VPNv4 trn router PE.
M t phin lm vi c MP-BGP gi a cc PE trong m t BGP AS c g i l MP-iBGP session v km theo cc nguyn t c th c thi c a iBGP lin quan n thu c tnh c a BGP (BGP attributes). N u VPN m r ng ra kh i ph m vi m t AS, cc VPNv4 s trao i gi a cc AS t i bin b ng MP-eBGP session.
Giao th c dng trao i cc tuy n VPNv4 gi a cc PE l multiprotocol BGP (MPBGP). IGP yu c u duy tr iBGP (internal BGP) khi th c thi MPLS VPN. Do , PE ph i ch y m t IGP cung c p thng tin NLRI cho iBGP n u c hai PE cng trong m t AS. Hi n t i, Cisco h tr c OSPFv2 v ISIS trong m ng nh cung c p nh l IGP. MP-BGP cng ch u trch nhi m ch nh nhn VPN. Kh nng m r ng l l do chnh ch n BGP lm giao th c mang thng tin nh tuy n khch hng. Hn n a, BGP cho php s d ng a ch VPNv4 trong mi tr ng MPLS VPN v i dy a ch trng l p cho nhi u khch hng.
Route targets (RT) l nh ng nh danh dng trong MPLS VPN domain khi tri n khai MPLS VPN nh m xc nh thnh vin VPN c a cc tuy n c h c t cc site c th . RT c th c thi b i cc BGP community m r ng s d ng 16 bit cao c a BGP ecxtended community (64 bit) m ha v i m t ga tr tng ng v i thnh vin VPN c a site c th . Khi m t tuy n VPN h c t m t CE chn vo VPNv4 BGP, m t danh sch cc thu c tnh community m r ng cho VPN router target c k t h p v i n. Export RT dng xc nh thnh vin VPN v c k t l p v i m i VRF. Export RT c n i thm vo a ch khch hng khi chuy n thnh a ch VPNv4 b i PE v qu ng b trong cc c p nh t MP-BGP. Import RT k t h p v i m i VRF v xc nh cc tuy n VPNv4 c thm vo VRF cho khch hng c th . nh d ng c a RTTr n Th T Uyn 33
gi ng nh gi tr RD. S tng tc c a RT v gi tr RD trong MPLS VPN domain khi c p nh t c chuy n thnh c p nh t MP-BGP nh hnh sau.
Khi th c thi cc c u trc m ng VPN ph c t p (nh: extranet VPN, Internet access VPNs, network management VPN,) s d ng cng ngh MPLS VPN th RT gi vai tr n ng c t. M t a ch m ng c th c k t h p v i m t ho c nhi u export RT khi qu ng b qua m ng MPLS VPN. Nh v y, RT c th k t h p v i nhi u site thnh vin c a nhi u VPN. M ng 172.16.10.0/24 c nh n t CE1-A, tham gia vo VRF CustomerA trn PE1AS1. PE1 k t h p m t gi tr RD 1:100 v m t gi tr export RT 1:100 khi c u hnh cho VRF trn router PE1-AS1. Cc tuy n h c t CE1-A c phn ph i vo ti n trnh MP-BGP trn PE1-AS1 v i prefix 172.16.10.0/24 v thm vo u gi tr RD 1:100 v n i thm export RT 1:100 g i i a ch VPNv4 khi tham gia c p nh t MPiBGP gi a cc PE. Nhn VPN (3 byte) c gn cho m i a ch h c t cc ti n trnh c a CE k t n i trong m t VRF t ti n trnh MP-BGP c a PE. MP-BGP ch y trong mi n MPLS c a nh cung c p d ch v nn mang theo a ch VPNv4 (Ipv4 + RD) v BGP RT. Lu : RT l c u hnh b t bu c trong m t MPLS VPN cho m i VRF trn m t router, gi tr RT c th c dng th c thi trn c u trc m ng VPN ph c t p, trong m t site c th tham gia vo nhi u VPN. Gi tr RT cn c th dng ch n tuy n nh p vo VRF khi cc tuy n VPNv4 c h c trong cc c p nh t MP-iBGP. Nhn VPN ch c hi u b i egress PE (m t ph ng d li u) k t n i tr c ti p v i CE qu ng b m ng . Cc tr m k (next hop) ph i c h c t IGP khi th c thi MPLS VPN ch khng ph i qu ng co t ti n trnh BGP. Trong hnh trn nhn VPN c m t b ng tr ng V1 v V2. Cc ti n trnh x y ra trong su t qu trnh qu ng b tuy n hnh trn nh sau:
Tr n Th T Uyn
34
C p nh t MP-BGP c nh n b i PE2 v tuy n c lu tr trong b ng VRF tng ng cho Customer A d a trn nhn VPN. Cc tuy n MP-BGP nh n c c phn ph i vo cc ti n trnh nh tuy n VRF PE-CE, v tuy n c qu ng b t i CE2-A. Cc thu c tnh commynity BGP m r ng khc nh SoO (site of origin) c th dng ch y u trong qu ng b c p nh t MP-iBGP. Thu c tnh SoO c dng xc nh site c th t tuy n h c c c a PE v ng d ng trong vi c ch ng vng l p tuy n (routing loop) v n xc nh c ngu n c a site nn c th ngn vi c qu ng co l i m ng cho site g i qu ng co . SoO xc nh duy nh t m t site t m t tuy n m PE h c c. SoO cho php l c lu l ng d a trn site m lu l ng xu t pht. Kh nng l c c a SoO gip qu n tr lu l ng MPLS VPN v ch ng vng l p tuy n x y ra trong c u trc m ng h n h p v ph c t p, cc site khch hng trong c th x l cc k t n i qua MPLS VPN backbone nh cc k t n i c a sau (backdoor link) gi a cc site. Khi th c thi m t MPLS VPN, m i VPN site thu c vo m t khch hng c th lin l c v i m i site trong cng mi n c a khch hng c g i l VPN n gi n hay intranet VPN. RT c th c s d ng th c hi n c u trc VPN ph c t p, cc site c a m t khch hng c th truy c p n site c a cc khch hng khc. D ng th c thi ny c g i l extranet VPN. Cc bi n th c a extranet VPN nh network management VPN, central services VPN v Internet access VPN c th c tri n khai. Address family l m t khi ni m quan tr ng trong ho t ng c a MP-BGP cho php chuy n v n cc tuy n VPNv4 v i cc thu c tnh community m r ng. Theo RFC 2283 Multiprotocol Extensions for BGP-4, BGPv4 ch c kh nng mang thng tin nh tuy n thu c vo IPv4. BGP-4 c th mang thng tin c a nhi u giao th c l p m ng. BGP-4 h tr nh tuy n cho nhi u giao th c l p m ng, BGP-4 ph i ng k (account) m t giao th c l p m ng c th lin quan m t tr m k (next hop) nh NLRI (network layer reachability information). Hai thu c tnh m i c thm vo c a BGP l MP_REACH_NLRI (Multiprotocol Reachable NLRI ) v MP_UNREACH_NLRI (Multiprotocol Unreachable NLRI). MP_REACH_NLRI mang m t t p cc ch n c (reachable destination) v i thng tin tr m k c dng chuy n ti p cho cc ch n ny. MP_UNEACH_NLRI mang m t t p cc ch khng n c. C hai thu c tnh ny l optional v nontransitive. V th , m t BGP speaker khng h tr tnh nng a giao th c ny s b qua thng tin c mang trong cc thu c tnh ny v s khng chuy n n n cc BGP speaker khc.
M t address family l m t giao th c l p m ng c nh ngha. M t nh danh h a ch (AFI address family identifier) mang m t nh danh c a giao th c l p m ng k t h p v i a ch m ng trong thu c tnh a giao th c c a BGP. AFI cho cc giao th c l p m ng c xc nh trong RFC 1700, Assigned Numbers.
PE th c ch t l m t LER bin (Edge LSR) v th c hi n t t c ch c nng c a m t Edge LSR. PE yu c u LDP cho vi c gn v phn ph i nhn cng nh chuy n ti p cc gi c g n nhn. C ng thm cc ch c nng c a m t Edge LSR, PE th c thi m t giao th c nh tuy n (hay nh tuy n tnh) v i cc EC trong m t b ng nh tuy n o (virtual routing table) v yu c u MP-BGP qu ng b cc m ng h c c t CE nh cc VPNv4 trong MP-iBGP n cc PE khc b ng nhn VPN. Router P c n ch y m t IGP (OSPF ho c ISIS) khi MPLS cho php chuy n ti p cc gi c gn nhn (m t ph ng d li u data plane) gi a cc PE. IGP qu ng b cc NLRI n cc P v PE th c thi m t MPiBGP session gi a cc PE (m t ph ng i u khi n control plane). LDP ch y trn cc router P gn v phn ph i nhn.
Tr n Th T Uyn
35
Ho t
ng c a m t ph ng i u khi n MPLS VPN
M t ph ng i u khi n trong MPLS VPN ch a m i thng tin nh tuy n l p 3 v cc ti n trnh trao i thng tin c a cc IP prefix c gn v phn ph i nhn b ng LDP. M t ph ng d li u th c hi n ch c nng chuy n ti p cc gi IP c gn nhn n tr m k v ch. Hnh sau cho th y s tng tc c a cc giao th c trong m t ph ng i u khi n c a MPLS VPN.
Cc router CE c k t n i v i cc PE, v m t IGP, BGP, hay tuy n tnh (static route) c yu c u trn cc CE cng v i cc PE thu th p v qu ng co thng tin NLRI. Trong MPLS VPN backbone g m cc router P v PE, m t IGP k t h p v i LDP c s d ng gi a cc PE v P. LDP dng phn ph i nhn trong m t MPLS domain. IGP dng trao i thng tin NLRI, nh x (map) cc NLRI ny vo MPBGP. MP-BGP c duy tr gi a cc PE trong m t mi n MPLS VPN v trao i c p nh t MP-BGP. Cc gi t CE n PE lun c qu ng b nh cc gi Ipv4. Ho t ph ng i u khi n MPLS VPN nh hnh sau: ng c a m t
Tr n Th T Uyn
36
Sau y l cc b c ho t ng c a m t ph ng i u khi n MPLS VPN (minh h a b ng hnh trn): C p nh t Ipv4 cho m ng 172.16.10.0 c nh n b i egress PE (m t ph ng d li u). PE1-AS1 nh n v v n chuy n tuy n Ipv4, 172.16.10.0/24, n m t tuy n VPNv4 g n v i RD 1:100, SoO, v RT 1:100 d a trn c u hnh VRF trn PE1-AS1. N nh v m t nhn VPNv4 V1 t i c p nh t 172.16.10.0/24 v vi t l i thu c tnh tr m k cho a ch 10.10.10.101 c a loopback0 trn PE1-AS1. S qu ng b nhn cho 10.10.10.101/32 t PE1-AS1 t i PE2-AS2 nhanh chng c thay th ngay khi m ng MPLS VPN c a nh cung c p c thi t l p v th c hi n qu ng b VPNv4 trong m ng. Cc b c sau th c hi n ti n trnh qu ng b nhn cho 10.10.10.101/32: 2a: Router PE2-AS1 yu c u m t nhn cho 10.10.10.101/32 s d ng LDP nh x nhn yu c u t lng gi ng xui dng (downstream neighbor) c a n, P1AS1. PE1-AS1 xc nh m t nhn implicit-null cho 10.10.10.101/32, ch nh s a m c trong LFIB lin quan n 10.10.10.101/32, v g i n P1-AS1 b ng LDP reply.
2b: P1-AS1 s d ng nhn implicit-null nh n c t PE1-AS1 lm gi tr nhn xu t (outbound label) c a n, xc nh m t nhn (L1) cho 10.10.10.101/32, v s a m c trong LFIB cho 10.10.10.101/32. Sau P1-AS1 g i gi tr nhn ny n P2-AS1 b ng LDP reply.
2c: P2-AS1 dng nhn L1 lm gi tr nhn xu t, xc nh nhn L2 cho 10.10.10.101/32, v s a m c trong LFIB cho 10.10.10.101/32. Sau P2-AS1 g i gi tr nhn ny n PE2-AS1 b ng LDP reply. PE1-AS1 c c u hnh VRF nh n cc tuy n v i RT 1:100 nn chuy n c p nh t VPNv4 thnh Ipv4 v chn tuy n trong VRF cho Customer A. Sau n qu ng b tuy n ny t i CE2-A. Ho t ng c a m t ph ng d li u MPLS VPN Vi c chuy n ti p trong m ng MPLS VPN i h i ph i dng ch ng nhn (label stack).
Nhn trn (top lable) c gn v hon i (swap) chuy n ti p gi d li u i trong li MPLS. Nhn th hai (nhn VPN) c k t h p v i VRF router PE chuy n ti p gi n cc CE. Hnh sau m t cc b c trong chuy n ti p d li u khch hng c a m t ph ng d li u t m t site khch hng CE2-A t i CE1-A trong h t ng m ng c a SP.
Tr n Th T Uyn
37
Khi d li u c chuy n ti p t i m t m ng c th d c theo m ng VPN qua li MPLS, ch c nhn trn (top lable) trong ch ng nhn b hon i (swap) khi gi i qua backbone. Nhn VPN v n gi nguyn v c bc ra khi n router PE ng ra (egress)/xui dng(downstream). M ng g n v i m t giao ti p ng ra thu c vo m t VRF c th trn router ph thu c vo gi tr c a nhn VPN. Sau y l nh ng b c trong v c chuy n ti p c a m t ph ng d li u minh h a cho hnh trn: CE2-A t o ra m t gi d li u v i a ch ngu n 172.16.20.1 v ch l 172.16.10.1. PE2-AS1 nh n gi d li u, thm vo nhn VPN V1 v nhn LDP L2 r i chuy n ti p gi n P2-AS1. P2-AS1 nh n gi d li u v chuy n i (swap) nhn LDP L2 thnh L1. P1-AS1 nh n gi d li u v bc (pop) nhn trn (top label) ra v n nh n m t nh x nhn implicit-null cho 10.10.10.101/32 t PE1-AS1. K t qu , gi c gn nhn (nhn VPN l V1) c chuy n ti p n PE1-AS1. PE1-AS1 bc nhn VPN V1 ra v chuy n ti p gi d li u n CE1-A ni c a ch m ng 172.16.10.0 c nh v . C u hnh MPLS VPN c b n M t
C u hnh cho router CE C u hnh trao i tuy n gi a PE v CE bao g m vi c th c thi m t giao th c nh tuy n (hay tuy n tnh (static)/ng m nh (default)) trn cc router CE. C u hnh theo cch c a m t giao th c nh tuy n thng th ng. Trn PE, b i c nh nh tuy n (routing context) VRF (hay cc b i c nh h a ch (address family context)) c yu c u trao i tuy n gi a PE v CE. Cc tuy n ny sau c phn ph i l n nhau nh co ti n trnh MP-BGP trn VRF. C u hnh chuy n ti p MPLS v nh danh VRF trn PE: C u hnh chuy n ti p MPLS l b c u tin xy d ng MPLS VPN backbone c a nh cung c p. Cc b c t i thi u c u hnh chuy n ti p MPLS trn PE nh sau: 1. Cho php CEF. 2. C u hnh giao th c nh tuy n IGP trn PE. 3. C u hnh MPLS hay chuy n ti p nhn trn giao ti p PE k t n i v i P. nh ng chng tr c nn y ta ch quan tm
Cc b c ny c gi i quy t n c u hnh nh danh VRF.Tr n Th T Uyn
38
C u hnh VRF trn PE
C u hnh VRF CustomerA trn PE1-AS1 v PE2-AS1 t o b ng nh tuy n VRF v b ng CEF cho CustomerA. RouterPE(config)#ip vrf CustomerA Xa m t VRF : RouterPE(config-vrf)#no ip vrf CustomerA Ch : khi t o ho c xa m t VRF s lm m t i a ch ip trn giao ti p. Khi xu t hi n thng i p : % IP addresses from all interfaces in VRF CustomerA have been removed
C u hnh RD
RD t o b ng chuy n ti p v nh tuy n. RD c thm vo u a ch Ipv4 c a khch hng chuy n chng thnh a ch VPNv4 duy nh t. C u hnh thng s RD c a VRF: RouterPE(config-vrf)#rd route-distinguisher RD c th c dng theo cc d ng sau: Ch s AS-16 bit : ch s 32 bit (v d : 1:100) a ch IP 32 bit : ch s 16 bit (v d : 10.10.10.101:1) RD ch thay i khi xa VRF i. RD l duy nh t cho m t VRF c th . Khng c hai VRF trn m t router m cng gi tr RD. N u thi t l p cng RD cho nhi u VRF trn m t router s c thng i p c nh bo sau: % Cannot set RD, check if it's unique C u hnh chnh sch nh p (import) v xu t (export)
Tr n Th T Uyn
39
C u hnh chnh sch nh p v xu t cho cc community m r ng c a MP-BGP. Chnh sch ny dng l c tuy n cho RT c th . Router(config-vrf)#route-target {import | export | both} route-target-ext-community K t h p VRF v i giao ti p. N u trn giao ti p c u hnh s n a ch IP th vi c k t h p ny s lm m t trn giao ti p nn ph i c u hnh l i. V d : PE1-AS1(config)#interface serial4/0 PE1-AS1(config-if)#ip add 172.16.1.1 255.255.255.252 PE1-AS1(config-if)# ip vrf forwarding CustomerA
a ch IP
% Interface Serial4/0 IP address 172.16.1.1 removed due to enabling VRF CustomerA PE1-AS1(config-if)#ip add 172.16.1.1 255.255.255.252 Ki m ch ng c u hnh VRF trn PE: Ki m tra s t n t i c a VRF trn giao ti p Router#show ip vrf Li t k cc giao ti p ho t ng trong m t VRF c th Router#show ip vrf interfaces C u hnh nh tuy n BGP PE-PE trn router PE: C u hnh nh tuy n BGP PE-PE l b c k ti p trong vi c tri n khai m t MPLS VPN. M c ch c a b c ny l ch c r ng cc tuy n VPNv4 c th c chuy n v n qua m ng tr c c a nh cung c p b ng MP-iBGP. Router P l trong su t i v i ti n trnh ny nn n khng mang b t k tuy n no c a khch hng. Cc b c c u hnh tuy n BGP PE-PE gi a cc PE nh s sau.
Tr n Th T Uyn
40
C u hnh nh tuy n BGP trn PE. Cho php BGP v xc AS1 v PE2-AS1. Router(config)#router bgp as-number
nh AS trn router PE1-
C u hnh lng gi ng cho MP-iBGP: Router(config-router)#neighbor {ip-address | peer-group-name} remote-as as-number C u hnh h a ch VPNv4 (VPNv4 address family): C u hnh trong ti n trnh c a BGP, cho php a ch VPNv4 ho t ng tn cc lng gi ng. Kch ho t cc lng gi ng iBGP chuy n v n a ch VPNv4 qua m ng tr c c a nh cung c p d ch v . Router(config-router)#address-family vpnv4 Router(config-router-af)#neighbor {ip-address | peer-group-name | ipv6address} activate Router(config-router-af)#neighbor {ip-address | peer-group-name | ipv6address} send-community extended C u hnh h a ch Ipv4: PE1-AS1(config-router)#address-family ipv4 vrf CustomerA PE1-AS1(config-router-af)# redistribute connected PE1-AS1(config-router-af)# exit-address-family Ki m ch ng v gim st nh tuy n BGP PE-PE trn router PE: S d ng cc l nh sau: show ip bgp vpnv4 * summary show IP bgp vpnv4 all show ip bgp summary show ip bgp neighbor ip-address
Tr n Th T Uyn
41
C u hnh trn router P: Router P l m t LSR c a m ng MPLS, nn ch c n c u hnh cc ch c nng sau : Cho php m t giao th c IGP. Cho php CEF trn m i giao ti p chuy n ti p MPLS. C u hnh LDP gn v phn ph i nhn.
Tr n Th T Uyn
42
Chng 4: GIAO TH CGiao th c nh tuy n EIGRP PE-CE
NH TUY N EIGRP PE-CE
Giao th c nh tuy n EIGRP PE-CE c nh cung c p d ch v s d ng i v i cc khch hng s d ng EIGRP lm giao th c nh tuy n IGP, v th nn dng EIGRP trao i thng tin nh tuy n gi a cc site c a khch hng qua m t MPLS VPN backbone. Trong mi tr ng MPLS VPN EIGRP metric ph i c mang vo cc c p nh t MP-BGP (MP-BGP update). Cc thu c tnh BGP extended community gi nhi m v mang v gi nguyn metric EIGRP khi i qua MP-iBGP domain. Cc community ny xc nh cc c tnh b n ch t lin quan n EIGRP nh ch s AS hay EIGRP cost nh bng thng (bandwidth), tr (delay), t i (load), tin c y (reliability), v MTU. B ng sau m t su lo i extended BGP community c nh ngha mang theo cc tuy n EIGRP qua MPLS backbone b ng MP-BGP. EIGRP Attribute Type Usage Value
General
0x8800 EIGRP General Route Information
Route Flag and Tag
Metric
0x8801 EIGRP Route Metric Information and AS
AS and Delay
0x8802 EIGRP Route Metric Information
Reliability, Next Hop, and Bandwidth
0x8803 EIGRP Route Metric Information
Reserve, Load, and Maximum Transmission Unit (MTU)
0x8804 EIGRP External Route Information
Remote AS and Remote ID
External
0x8805 EIGRP External Route Information
Remote Protocol and Remote Metric
Hnh sau m t chi ti t cc thu c tnh extended BGP community g n v i cc tuy n 192.168.20.0 v 192.168.99.0.
Tr n Th T Uyn
43
Qu ng b tuy n EIGRP Vi c qu ng b tuy n trong m ng MPLS VPN s d ng nh tuy n EIGRP PE-CE d a trn EIGRP AS c c u hnh trn router PE. Trong mi tr ng MPLS VPN, EIGRP AS c th gi ng ho c khc nhau trn m i router PE. Qu ng b tuy n khi EIGRP AS gi ng nhau trn m i PE:
Hnh bn d i m t m t m ng MPLS VPN cung c p cc d ch v MPLS VPN cho Customer A. PE1-AS1 v PE2-AS1 c c u hnh v i EIGRP AS 101.
Trnh t th c hi n khi CE2-A g i 172.16.20.0 v 209.165.201.0 t i CE1-A: (1) CE2-A redistribute m ng OSPF 209.165.127.0/27 (D EX) v 172.16.20.0/24 (D) cho PE2-AS1.
Tr n Th T Uyn
44
(2) B ng nh tuy n VRF Cust_A trn PE2-AS1 nh n 172.16.20.0/24 v i EIGRP metric 2195456 v 209.165.127.0/27 v i EIGRP metric 3097600. (3) EIGRP metric cho 172.16.20.0 v 209.165.127.0 c sao chp vo extended BGP attribute nh BGP MED, cc communitie ny ch a thng tin EIGRP nh AS, MTU, route type, km theo cc tuy n EIGRP c redistribute vo MP-BGP. Sau cc tuy n 172.16.20.0 v 209.165.127.0 c qu ng b t i PE1-AS1 b ng MP-iBGP session. (4) PE1-AS1 nh n cc tuy n BGP VPNv4 172.16.20.0/24 v 209.165.127.0/27 t PE2-AS1. EIGRP metric c a cc tuy n ny khng b thay i khi i qua MPBGP backbone. (5) PE2-AS1 ki m tra cc thu c tnh nh n c trong tuy n v n u route type l internal (n u bit MSB trong BGP extended community c thi t l p b ng 0x8800) v AS ngu n trng kh p v i AS trn router nh n th tuy n c qu ng b nh m t tuy n n i EIGRP (EIGRP internal route). N u route type l external (bit MSB c thi t l p b ng 0x8800) th tuy n c qu ng b t i CE l m t tuy n ngo i EIGRP (external EIGRP route). PE1-AS1 s d ng thng tin thu c tnh extended community c u trc l i c p nh t tuy n EIGRP g c khi redistribute t MP-BGP vo EIGRP. D ng ny ch c th c hi n EIGRP AS c a PE2-AS1 v PE1-AS1 b ng nhau. Cc PE ho t ng nh l cc EIGRP query boundary. Trong tr ng h p ny, AS 101 trng kh p v i AS c a PE1-AS1 nn 172.16.20.0/24 c qu ng b l EIGRP internal route v 209.165.127.0/27 c qu ng b l m t external route t i CE1-A. (6) CE1-A nh n 172.16.20.0 v 209.165.127.0.
N u hai EIGRP AS khc nhau, cc nguyn t c redistribute bnh th ng c p d ng. Ngha l, cc external EIGRP route c t o ra khi cc tuy n c a khch hng c redistribute vo EIGRP t cc c p nh t MP-BGP. Hnh sau m t m t m ng MPLS VPN s d ng cc EIGRP AS khc nhau trn cc PE. V MPLS backbone l trong su t i v i giao th c nh tuy n CE nn khng c EIGRP adjacency hay c p nh t EIGRP (EIGRP update) v cc query g i qua cc PE.
Qu ng b tuy n khi EIGRP AS khc nhau trn cc router PE:
Trnh t th c hi n t b c (1) t i (4) gi ng nh ph n Qu ng b tuy n khi EIGRP AS gi ng nhau trn m i PE ngo i tr cc m ng 192.168.99.0 v 192.168.20.0 v metric:
Tr n Th T Uyn
45
(1) PE2-AS1 ki m tra cc thu c tnh nh n c trong tuy n v n u route type l internal v AS ngu n khng trng kh p hay n u route type l external, tuy n c qu ng b t i CE thnh m t external EIGRP route. Tuy n s khng s d ng thng tin extended community v khng xu t pht cng AS. Route type cho 192.168.20.0 l internal v AS ngu n l 202 khng trng kh p v i c u hnh trn PE1-AS1 (201). Do , PE1-AS1 qu ng b thnh m t external route t i CE1-A. Route type c a 192.168.99.0 l external nn v th c hai tuy n c qu ng b l external route t i CE1-A. (2) CE1-A nh n cc tuy n 192.168.20.0/24 v 192.168.99.0/24 l cc external route. S c u hnh nh tuy n EIGRP PE-CE
C n lu cc i m sau:
-
Ch VRF.
c u hnh address family c s d ng khi c u hnh EIGRP AS cho
cho php s d ng m t ti n trnh EIGRP n (single EIGRP process), EIGRP AS ph i c c u hnh trong ch EIGRP address family. nh s
Cc b c c u hnh khc gi ng nh c u hnh EIGRP bnh th ng, metric m c c gn khi redistribute cc tuy n khng ph i l EIGRP (non-EIGRP route). LAB 4-1: C u hnh
nh tuy n EIGRP PE-CE c b n
M t M c tiu c a bi lab ny l minh h a c u hnh EIGRP PE-CE, vi c qu ng b tuy n EIGRP khi cc PE thu c vo cng EIGRP AS v khc EIGRP AS v i m t VRF. Hnh
Tr n Th T Uyn
46
sau cho th y m t MPLS VPN cung c p cc d ch v MPLS VPN cho cc site c a Customer A v Customer B. M ng c a Customer A Customer A c CE1-A v CE2-A trong cng VPN-A v cng thu c EIGRP AS 101. EIGRP AS 101 c c u hnh cho VRF CustomerA trn PE1-AS1 v PE2-AS1. M ng c a Customer B Customer B c CE1-B v CE2-B trong cng VPN-B v thu c hai EIGRP AS khc nhau, 201 v 202. PE1-AS1 v PE2-AS1 c u hnh hai EIGRP AS, 201 v 202, cho VRF CustomerB.
-
Th c hi n Cc b c c u hnh nh tuy n EIGRP PE-CE nh sau: nh tuy n EIGRP ton c c. (1) Cho php ti n trnh
Cho php ti n trnh nh tuy n EIGRP ton c c (global EIGRP routing process) trn cc router PE, PE1-AS1 v PE2-AS1.
Tr n Th T Uyn
47
(2)
nh ng c nh (context) v cc thng s (parameter) cho EIGRP. Cho php cc m ng c
nh tuy n VRF
nh ng c nh nh tuy n cho VRF CustomerA v CustomerB trong ti n trnh EIGRP b c 1. nh tuy n EIGRP
Cho php m t ti n trnh EIGRP c s d ng, EIGRP AS ph i c c u hnh trong ch c u hnh EIGRP address family. Nhi u VRF c th s d ng cng m t gi tr EIGRP AS.
C u hnh no auto-summary.
Th c hi n c u hnh cho hai b c (1) v (2): PE1-AS1(config)#router eigrp 1 PE1-AS1(config-router)#address-family ipv4 vrf CustomerB PE1-AS1(config-router-af)# network 172.16.0.0 PE1-AS1(config-router-af)# no auto-summary PE1-AS1(config-router-af)# autonomous-system 201 PE1-AS1(config-router-af)# exit-address-family PE2-AS1(config)#router eigrp 1 PE2-AS1(config-router)# address-family ipv4 vrf CustomerB PE2-AS1(config-router-af)# network 172.16.0.0 PE2-AS1(config-router-af)# no auto-summary PE2-AS1(config-router-af)# autonomous-system 202 PE2-AS1(config-router-af)# exit-address-family Th c hi n tng t cho CustomerA. (3) Redistribute cc tuy n BGP VPNv4 vo EIGRP. PE1-AS1(config)#router eigrp 1 PE1-AS1(config-router)# address-family ipv4 vrf Cust_A PE1-AS1(config-router-af)# redistribute bgp 1 metric 1000 100 255 1 1500 (4) Redistribute cc tuy n EIGRP vo BGP. PE1-AS1(config)#router bgp 1 PE1-AS1(config-router)#address-family ipv4 vrf Cust_A PE1-AS1(config-router-af)#redistribute eigrp 101 PE2-AS1(config)#router bgp 1 PE2-AS1(config-router)# address-family ipv4 vrf Cust_A PE2-AS1(config-router-af)# redistribute eigrp 101 Th c hi n tng t hon thnh c u hnh cho VRF CustomerA v CustomerB trn cc router PE. C u hnh Router P1-AS1
! hostname P1-AS1 ! ip subnet-zero !Tr n Th T Uyn 48
ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 description Connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252 tag-switching ip ! interface Serial0/1 description Connected to PE2-AS1 ip address 10.10.10.6 255.255.255.252 tag-switching ip ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip http server ip classless ! end Router PE1-AS1
! hostname PE1-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf CustomerB rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/0 description Connected to P1-AS1 ip address 10.10.10.1 255.255.255.252
Tr n Th T Uyn
49
tag-switching ip clockrate 64000 no fair-queue ! interface Serial1/1 description Connected to CE1-A ip vrf forwarding CustomerA ip address 172.16.1.1 255.255.255.252 clockrate 64000 ! interface Serial1/3 description Connected to CE1-B ip vrf forwarding CustomerB ip address 192.168.1.1 255.255.255.252 tag-switching ip ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerB redistribute bgp 1 metric 1000 100 255 1 1500 network 192.168.1.0 no auto-summary autonomous-system 201 exit-address-family ! address-family ipv4 vrf CustomerA redistribute bgp 1 metric 1000 100 255 1 1500 network 172.16.0.0 no auto-summary autonomous-system 101 exit-address-family ! router ospf 1 router-id 10.10.10.101 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community extended no auto-summary exit-address-family
Tr n Th T Uyn
50
! address-family ipv4 vrf CustomerB redistribute eigrp 201 no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf CustomerA redistribute eigrp 101 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router PE2-AS1
! hostname PE2-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf CustomerB rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Serial0/0 no ip address shutdown no fair-queue !
Tr n Th T Uyn
51
interface Serial0/1 description Connected to P1-AS1 ip address 10.10.10.5 255.255.255.252 tag-switching ip clockrate 64000 ! interface Serial1/2 description Connected to CE2-A ip vrf forwarding CustomerA ip address 172.16.2.1 255.255.255.252 ! interface Serial1/4 description Connected to CE2-B ip vrf forwarding CustomerB ip address 192.168.2.1 255.255.255.252 clockrate 64000 ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerB redistribute bgp 1 metric 1000 100 255 1 1500 network 192.168.2.0 no auto-summary autonomous-system 202 exit-address-family ! address-family ipv4 vrf CustomerA redistribute bgp 1 metric 1000 100 255 1 1500 network 172.16.0.0 no auto-summary autonomous-system 101 exit-address-family ! router ospf 1 router-id 10.10.10.102 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community extended no auto-summary
Tr n Th T Uyn
52
exit-address-family ! address-family ipv4 vrf CustomerB redistribute eigrp 202 no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf CustomerA redistribute eigrp 101 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router CE1-A
! hostname CE1-A ! ip subnet-zero ! interface Ethernet0/0 description VPN-A Site 1 network ip address 172.16.10.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 no fair-queue ! router eigrp 101 network 172.16.0.0 no auto-summary ! ip http server ip classless ! end Router CE2-A
! hostname CE2-A ! interface Ethernet0/0
Tr n Th T Uyn
53
description VPN-A Site 2 network ip address 172.16.20.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.2.2 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue clockrate 64000 ! router eigrp 101 network 172.16.0.0 no auto-summary ! ip classless ! end Router CE1-B
! hostname CE1-B ! ip subnet-zero ! interface Ethernet0/0 description VPN-B Site 1 network ip address 192.168.10.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 192.168.1.2 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue clockrate 64000 ! router eigrp 201 network 192.168.1.0 network 192.168.10.0 no auto-summary ! ip classless ! end Router CE2-BTr n Th T Uyn 54
! hostname CE2-B ! ip subnet-zero ! interface Ethernet0/0 description VPN-B Site 2 network ip address 192.168.20.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 192.168.2.2 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue ! router eigrp 202 network 192.168.2.0 network 192.168.20.0 no auto-summary ! ip classless ! end Ki m tra Cc b c ki m tra nh tuy n EIGRP PE-CE nh sau: (1) Ki m tra quan h lng gi ng (neighbor) EIGRP trn cc router PE. PE1-AS1#show ip eigrp vrf CustomerA neighbors IP-EIGRP neighbors for process 201 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 192.168.1.2 Se1/3 12 05:27:05 214 1284 0 2 PE2-AS1#show ip eigrp vrf CustomerA neighbors IP-EIGRP neighbors for process 202 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 192.168.2.2 Se1/4 11 05:19:21 903 5000 0 2 (2) Ki m tra cc thu c tnh BGP m r ng g n v i tuy n 192.168.20.0 PE2-AS1#show ip bgp vpnv4 vrf CustomerB 192.168.20.1 BGP routing table entry for 1:200:192.168.20.0/24, version 9 Paths: (1 available, best #1, table CustomerB) Advertised to non peer-group peers: 10.10.10.101 LocalTr n Th T Uyn 55
192.168.2.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:200 0x8800:32768:0 0x8801:202:537600 0x8802:62209:20000000 0x8803:62209:1500
PE1-AS1#show ip bgp vpnv4 vrf CustomerB 192.168.20.1 BGP routing table entry for 1:200:192.168.20.0/24, version 17 Paths: (1 available, best #1, table CustomerB) Not advertised to any peer Local 10.10.10.102 (metric 129) from 10.10.10.102 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, valid, internal, best Extended Community: RT:1:200 0x8800:32768:0 0x8801:202:537600 0x8802:62209:20000000 0x8803:62209:1500
Ta th y EIGRP metric khng domain.
i (metric 20537600) khi i qua MP-BGP
(3) Ki m vi c qu ng b tuy n EIGRP cho CustomerA. PE2-AS1#show ip route vrf CustomerA eigrp D 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks 172.16.20.0/24 [90/20537600] via 172.16.2.2, 05:18:44, Serial1/2
PE2-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.20.1 BGP routing table entry for 1:100:172.16.20.0/24, version 7 Paths: (1 available, best #1, table CustomerA) Advertised to non peer-group peers: 10.10.10.101 Local 172.16.2.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:62209:20000000 0x8803:62209:1500 PE1-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.20.1 BGP routing table entry for 1:100:172.16.10.0/24, version 7 Paths: (1 available, best #1, table CustomerA) Advertised to non peer-group peers: 10.10.10.102 Local 172.16.2.2 from 0.0.0.0 (10.10.10.101) Origin incomplete, metric 20537600, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:62209:20000000 0x8803:62209:1500 (4) Ki m tra cc tuy n EIGRP trn cc router CE CE1-A#show ip route eigrp
Tr n Th T Uyn
56
D D
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks 172.16.20.0/24 [90/21049600] via 172.16.1.1, 04:40:11, Serial0/0 172.16.2.0/30 [90/21024000] via 172.16.1.1, 04:40:11, Serial0/0
CE1-B#show ip route eigrp
D EX 192.168.20.0/24 [170/3097600] via 192.168.1.1, 04:38:14, Serial0/0 192.168.2.0/30 is subnetted, 1 subnets D EX 192.168.2.0 [170/3097600] via 192.168.1.1, 04:38:14, Serial0/0
(5) Ki m tra k t n i gi a cc site CE1-A#ping 172.16.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/117 ms CE1-B#ping 192.168.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/117 ms Vng l p tuy n (Routing loop) Routing loop c th x y ra trong cc tr ng h p sau: M t tuy n nh n c b i m t multihomed site t backbone qua m t k t n i m c th chuy n ti p ng c l i backbone qua k t n i khc. M t tuy n xu t pht t m t multihomed site v c g i t i backbone qua m t k t n i c th tr v t m t k t n i khc.
Multihomed Site g i l i cc tuy n cho Backbone
Hnh sau m t m t m ng MPLS VPN cho Customer A c 3 site, Site 1, Site 2 v Site 3. Site 3 l multihomed. Site 3 nh n c tuy n EIGRP 172.16.20.0/24 v redistribute l i vo backbone t i PE1-AS1.
Tr n Th T Uyn
57
Th t th c hi n khi tuy n EIGRP c g i l i vo backbone nh sau: (1) 172.16.20.0/24 c qu ng b l internal route t i PE2-AS1. (2) PE2-AS1 qu ng b 172.16.20.0/24 t i CE4-A qua EIGRP v g i 172.16.20.0/24 b ng MP-iBGP session t i PE1-AS1. (3) CE4-A qu ng b 172.16.20.0/24 l m t EIGRP internal route t i CE3-A (4) CE3-A qu ng b 172.16.20.0/24 l m t EIGRP internal route t i PE1-AS1 PE1-AS1 ph i ra quy t nh ch n ng i: N u c p nh t BGP cho 172.16.20.0/24 t i tr c, n s redistribute vo EIGRP v g i t i CE3-A. V composite metric t t hn nn n ch n ng ny v MPLS VPN khng thm vo gi i h n tr (delay) v bng thng (bandwidth). Ngha l PE1-AS1 s khng bao gi nh n c m t c p nh t th hai v ch c m t ng i. N u tuy n EIGRP t i tr c, n s redistribute vo BGP v g i l i cho PE2AS1. PE2-AS1 v n ch n ng c c p nh t t EIGRP.
-
Hn n a, B ng nh tuy n s ch n ng c ch s AD (administrative distance) th p hn (EIGRP l 90 ho c 170; iBGP l 200). Backbone g i l i tuy n vo Multihomed Site
Tr ng h p truy n 172.16.50.0/24 xu t pht t multihomed site c g i ng c l i qua k t n i v i PE.
Tnh tr ng ny khng x y ra n u m ng gi nguyn AD m c cc tuy n h c t EIGRP hn. m ra v c c (Count to Infinity)
nh v PE u tin cho
Hnh trn cho th y PE1-AS1 v/ho c PE2-AS1 c hai ng i cho 172.16.50.0/24: m t h c t MP-iBGP v m t h c tr c ti p b ng EIGRP. N u 172.16.50.0/24 g p s c (down), trnh t x l x y ra nh sau: (1) CE3-A v CE4-A g i ra cc thng i p truy v n (query message).Tr n Th T Uyn 58
(2) Gi s PE1-AS1 c hai ng i nh trn, khi nh n 1 query message n s tr l i v i m t ng i lin quan v v n cn ho t ng qua MP-iBGP. (3) CE3-A s nh n c m t ng i t i 172.16.50.0/24 qua PE1-AS1. (4) PE1-AS1 nh n c m t thng i p h y tuy n (withdrawal message) t PE2AS1. (5) PE1-AS1 s h y tuy n m n qu ng b t i CE3-A, router ny qu ng b thng tin n cho CE4-A, v CE4-A qu ng b l i cho PE3-AS1. (6) Query message b t ngu n t PE1-AS1 tm m ng 172.16.50.0/24. Khi query message n c PE2-AS1, PE2-AS1 v a qu ng b m t c p nh t tuy n m i n c cho m ng 172.16.50.0/24 qua MP-iBGP t i PE1-AS1, PE1-AS1 s t o l i m t c p nh t EIGRP tr l i cho cc query tr c . Hi n t ng ny c g i l count to infinity. (7) Ti n trnh l p c a cc thng i p reachable/unreachable ti p t c m t l ng t i a cc hop. n khi qua
nh tuy n km t i u (Suboptimal Routing)
Hi n t ng ny x y ra do AD c a EIGRP t t hn c a iBGP. M t b ng nh tuy n lun lun u tin cho cc tuy n h c c t IGP v c AD nh hn iBGP. Hnh bn d i cho th y cc gi d li u t CE1-A t i CE2-A s c chuy n ti p b i PE1-AS1 t i cho CE3-A t o nn nh tuy n km t i u.
L p tuy n v -
nh tuy n km t i u c th trnh c b ng cch s d ng:
BGP cost community c th dng p BGP so snh cc tuy n xu t pht t EIGRP v cc tuy n MP-iBGP d a trn EIGRP metric. EIGRP Site of Origin (SoO) trn cc router PE v CE c th dng l p tuy n. ch ng
BGP Cost Community
Tr n Th T Uyn
59
BGP cost community (BGP CC) l m t thu c tnh community m r ng m i c a BGP. BGP CC l m t thu c tnh non-transitive extended community, n ch qua iBGP v cc confederation peer nhng khng n c external BGP peer. BGP CC cho php PE so snh cc tuy n n t cc giao th c khc nhau s d ng gi tr AD khc nhau d a trn metric c a chng. Cc tuy n BGP mang thu c tnh BGP cost community s dng EIGRP AD thay v iBGP AD so snh m khng c n c u hnh tnh gi tr AD.
Cc tuy n c redistribute t EIGRP vo MP-BGP, chng s c nh d u (tag) v i thu c tnh BGP cost community mang composite EIGRP metric thm vo cc thu c tnh EIGRP ring. Thu c tnh BGP CC c m t trong hnh sau:
Gi tr i m chn (POI point of insertion) ch c r ng tuy n BGP c ch n s d ng BGP CC. i u ny cho php so snh cc tuy n iBGP v i cc tuy n EIGRP. BGP CC c th phn bi t gi a cc tuy n EIGRP internal v external b ng tr ng ID: internal c ID l 128, external c ID l 129. Tuy n c BGP CC ID nh nh t s c ch n. Tuy n internal EIGRP c ID th p hn tuy n external. S l a ch n tuy n th ng d a trn gi tr trong tr ng Cost c a BGP CC v n mang composite EIGRP metric.
Trnh t x y ra v i PE1-AS1 ch n ng i t t nh t d a trn EIGRP metric v khng d a trn AD gi a EIGRP v iBGP (hnh trn): (1) CE2-A xu t pht tuy n 172.16.20.0/24 t i PE2-AS1. (2) PE2-AS1 chuy n ti p tuy n t i CE4-A qua EIGRP v t i PE1-AS1 qua MPiBGP.
Tr n Th T Uyn
60
(3) PE1-AS1 nh n hai c p nh t cho 172.16.20.0/24, m t qua EIGRP t CE3-A v m t qua MP-iBGP t PE2-AS1. PE1-AS1 s dng tuy n h c t MP-iBGP nh vo thu c tnh BGP CC. (4) Cc gi t CE1-A t i CE2-A s c chuy n ti p b i PE1-AS1 t i PE2-AS1 v b ng nh tuy n c a VRF A ch a tuy n MP-iBGP, tuy n ny mang composite EIGRP metric nh hn.
EIGRP SoO c thm vo g n v i cc cc tuy n internal v external EIGRP. Thu c tnh ny c trao i t ng gi a cc giao th c nh tuy n (SoO-cho php EIGRP v MP-BGP) ch ng l p tuy n trong mi tr ng multihome ni c s d ng redistribute hai chi u. T t c cc router CE, hay t nh t t i cc multihomed site, ph i h tr c tnh ny cho php qu ng b qua VPN. EIGRP SoO c dng trn PE v CE ch ng l p tuy n hi u qu nh t. Cc tuy n backdoor c c u hnh v i EIGRP SoO h i t nhanh nh t cho vi c m t tuy n.
EIGRP SoO
Cc tuy n c y vo m t multihomed site v b tag v i m t gi tr EIGRP SoO 1:101. Router PE nh n c s ki m tra m i c p nh t gi tr SoO c c u hnh trn giao ti p nh n c p nh t . N u gi tr b ng nhau, c p nh t s b h y, gip ch ng l p tuy n v t i u vi c nh tuy n.
Multihomed Site v EIGRP SoO
Trnh t x y ra khi 172.16.20.0/24 c qu ng b t i CE1-A: (1) CE2-A xu t pht m t tuy n 172.16.20.0/24. (2) PE2-AS1 chuy n ti p tuy n t i CE4-A qua EIGRP v t i PE1-AS1 qua MPiBGP. Tuy n EIGRP s c tag v i thu c tnh EIGRP SoO 1:101 cc nh tuy n ny n t backbone. (3) CE4-A chuy n ti p c p nh t 172.16.20.0/24 t i CE3-A. (4) PE1-AS1 nh n hai c p nh t cho 172.16.20.0/24, m t qua EIGRP t CE3-A v m t qua MP-iBGP t PE2-AS1. PE1-AS1 s s d ng tuy n h c t BGP; tuy n EIGRP t CE3-A b l c i v c cng gi tr SoO v i giao ti p nh n n. Backdoor Link v EIGRP SoOTr n Th T Uyn 61
Ti n trnh ch n tuy n nh sau: (1) CE2-A qu ng b 172.16.20.0/24 t i PE2-AS1. (2) PE2-AS1 chuy n ti p 172.16.20.0/24, tuy n ny t i CE4-A qua EIGRP v t i PE1-AS1 qua MP-iBGP. Tuy n EIGRP s b tag v i gi tr EIGRP SoO l 1:20 xc nh n n t MPLS backbone v c g i vo Site 4 v i gi tr 1:20. (3) PE1-AS1 nh n hai c p nh t cho 172.16.20.0, m t qua EIGRP t CE2 v m t qua MP-iBGP t PE2. C p nh t khi i qua backdoor link s mang EIGRP SoO gi tr 1:20 khi qu ng b t i CE3-A, v CE3-A s d ng 1:10 qu ng b tuy n ny t i PE1-AS1. (4) PE1-AS1 nh n hai c p nh t cho 172.16.20.0/24, m t qua EIGRP t CE3-A v i SoO 1:10, tuy n ny b l c v ch a trng gi tr SoO v i giao ti p nh n n v ch nh n tuy n qua MP-iBGP t PE2-AS1. LAB 4-2: C u hnh m ng s d ng BGP CC v EIGRP SoO
M t
Tr n Th T Uyn
62
C u hnh Router P1-AS1
P1-AS1#show run Building configuration... Current configuration : 970 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P1-AS1 ! logging queue-limit 100 ! ip subnet-zero ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 description Connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252
Tr n Th T Uyn
63
tag-switching ip clockrate 64000 ! interface Serial0/1 description Connected to PE2-AS1 ip address 10.10.10.6 255.255.255.252 tag-switching ip ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip http server ip classless ! end Router PE1-AS1 PE1-AS1#show run Building configuration...
Current configuration : 2084 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE1-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/0 description Connected to P1-AS1 ip address 10.10.10.1 255.255.255.252 tag-switching ip no fair-queue ! interface Serial1/1
Tr n Th T Uyn
64
description Connected to CE1-A ip vrf forwarding CustomerA ip address 172.16.1.1 255.255.255.252 clockrate 64000 ! interface Serial1/3 description Connected to CE3-A ip vrf forwarding CustomerA ip vrf sitemap SOO-VPNA ip address 172.16.3.1 255.255.255.252 clockrate 64000 ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerA redistribute