mpls vpn技术:客户端设备运行ospf - clnchina.com.cn · rs ccie,sp...
TRANSCRIPT
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1
MPLS VPN技术:客户端设备运行OSPF Ender.joe(周亚军) RS CCIE,SP CCIE,思科认证讲师#34708
RS & SP CCIE讲师,Yeslab(上海)
Ender
•OSPF as the Routing Protocol Between PE and CE
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
MPLS
超级区域 0 区域 0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Overview
What Is the Enhanced OSPF Hierarchical Model?
Propagating OSPF Customer Routes
Implementing MPLS VPN as an OSPF Super backbone
Configuring OSPF PE-CE Routing
Using the OSPF Down Bit
Optimizing Packet Forwarding Across the MPLS VPN Backbone
Using the OSPF Tag Field
Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
OSPF divides a network into areas, all of them linked through the backbone (Area 0)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
从客户的观点看,一个MPLS VPN的网络是一个运行BGP的骨干网并且同时和客户网络运行IGP的网络。MPLS区域成为一个super backbone,凌驾于区域0之上
Redistribution between IGP and BGP is performed to propagate customer routes across the MPLS VPN backbone.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
本地子网以一类或者二类LSA通道到PE;ospf的路由被重分布进BGP;MP-BGP将其更新到其他PE;MP-
BGP又被重分布进ospf;OSPF路由以外部路由形式被接收
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
OSPF路由重分布到BGP时,路由类型不能保持,通常会以外部路由形式出现
所有的OSPF路由从一个站点被以外部路由(五类LSA)装载进其他站点
Result:OSPF的汇总和STUB区域难于实现.
Conclusion: MPLS VPN必须扩展OSPF-BGP的路由模型
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• OSPF Area 0 might extend into individual sites.
• MPLS 区域成为了super backbone,超级区域
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
在跨越MPLS VPN骨干网络的时候,OSPF的连续性必须得以保持: OSPF的域间路由保持是域间路由
OSPF的外部路由保持是外部路由
OSPF metrics需要保留
CE 路由器运行标准的OSPF.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
PE成为ABR。客户区域0的O路由经过超级区域之后变成了OIA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
•OSPF superbackbone behaves exactly like Area 0 in regular OSPF:
PE路由器是一个ABR.
从BGP重分布到OSPF的路由,以type3或者type5的路由进入其他区域
从一个站点的area 0路由到另外一个站点的area 0,以区域间的路由(OIA)形式体现
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
BGP的扩展属性被用于承载或者通告OSPF的路由类型
OSPF的COST被拷贝到MED属性.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
• 此处的RT的第一个100代表area 100,第二个1代表LSA类型,通常显示为2,而不是PPT内的1,第三个0现在没有实际意义,但是当第二个数字为5(即五类LSA),0代表OE1,1代表OE2.MED代表COST。PE作为ABR会把LSA转换成类型三
OSPF RT:0.0.0.100:2:0 OSPF ROUTER ID:45.1.1.4:512
前提是domain-ID
相同
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x0000006E0200
OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:12.1.1.2:1281
• 外部路由的路由类型和Metric被保留
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
• 如果是其他类型的路由协议,则ospf超级区域认为不是ospf产生,则保持五类LSA以及外部路由的形式
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
•Follow these steps to configure OSPF as the PE-CE routing protocol:
OSPF进程关联VRF
MP-BGP重分步进OSPF
OSPF重分布进MP-BGP
当有了vrf之后,就会有domain-id的概念,即不同ospf域,默认情况下为ospf的进程号,所以当两端进程号不一致时,会被认为是五类LSA。当然也可以手动配置domain-id
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
router ospf process-id vrf vrf-name
... Standard OSPF parameters ...
router(config)#
• 不再有地址族,直接在ospf进程下操作
• The total number of routing processes per router is limited to 32.
redistribute bgp as-number subnets
router(config-router)#
• 重分布MP-BGP到OSPF,注意关键字subnet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
router bgp as-number
address-family ipv4 vrf vrf-name
redistribute ospf process-id [match [internal] [external-1]
[external-2]]
router(config)#
• 在bgp的address-family ipv4 vrf下重分布OSPF
• 如果没有match关键字,则只有O的路由被重分布
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
其本质是PE设备检查该位,而拒收该路由,阻止环路
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
An additional bit (down bit) has been introduced in the options field of the OSPF LSA header-不用配置,自动行为
PE路由器在把BGP重分布进OSPF时把down bit置位
客户路由器不会检查down bit,PE路由器则从不把置位的ospf路由重分布进MP-BGP。
show ip ospf 1 database summary
LS age: 854
Options: (No TOS-capability, DC, Downward)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
The PE routers ignore OSPF routes with the down bit set for routing purposes- PE路由器拒绝接收携带down bit的OSPF路由:
The routing bit is not set on OSPF routes with the down bit set:
These routes do not enter the IP routing table, even when they are selected as the best routes using the SPF algorithm.被置位的路由不会被装载进路由表,即使是最优的 如果客户端运行vrf,怎么办?capability vrf-lite Do not perform PE specific checks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
在两个不同的ospf域(两个进程)重分布down bit会被移除
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
TAG字段在ospf的外部路由用于检测穿越不同ospf-domain时的环路
当重分布非ospf路由时,PE路由器会把BGP的AS号插入tag字段
The tag field is propagated between OSPF domains when the external OSPF routes are redistributed between OSPF domains.
PE路由器发现BGP AS号码匹配时则不把OSPF重分布回MP-BGP的一种自动行为
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Thank you.