Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (13)
Ähnlich wie Mpls Presentation Ine
Ähnlich wie Mpls Presentation Ine (20)
Mpls Presentation Ine
- 1. Mpls basics Alp
- 2. 14.1 VRF Lite vl67 VPN_A routing table Lo101 172.16.7.7/24 vl76 Vlan 67 155.1.67.0/24 VPN_B routing table Lo101 192.168.7.7/24 Vlan 67 155.1.76.0/24 VPN_A rd 100:1 VPN_B rd 100:2
- 3. 14.1 VRF Lite • AtR6 interface Ethernet1/0.67 encapsulation dot1Q 67 ip vrf forwarding VNP_A ip address 155.1.67.6 255.255.255.0 interface Ethernet1/0.76 encapsulation dot1Q 76 ip vrf forwarding VNP_B ip address 155.1.76.6 255.255.255.0 ip route vrf VNP_A 192.168.7.0 255.255.255.0 Ethernet1/0.76 155.1.76.7 ip route vrf VNP_B 172.16.7.0 255.255.255.0 Ethernet1/0.67 155.1.67.7 ip vrf VNP_A rd 100:1 ip vrf VNP_B rd 100:2
- 4. • At SW1 ip vrf VPN_A rd 100:1 ip vrf VPN_B rd 100:2 interface Loopback101 ip vrf forwarding VPN_A ip address 172.16.7.7 255.255.255.0 interface Loopback102 ip vrf forwarding VPN_B ip address 192.168.7.7 255.255.255.0 interface Ethernet1/0.67 encapsulation dot1Q 67 ip vrf forwarding VPN_A ip address 155.1.67.7 255.255.255.0 interface Ethernet1/0.76 encapsulation dot1Q 76 ip vrf forwarding VPN_B ip address 155.1.76.7 255.255.255.0 ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.1.67.6 ip route vrf VPN_B 0.0.0.0 0.0.0.0 155.1.76.6
- 5. 14.2 MPLS LDP • At R4 mpls ip mpls ldp router-id lo0 force int e0/1 mpls ldp discovery transport-address interface router ospf 1 mpls ldp autoconf mpls ldp password required mpls ldp neighbor 150.1.5.5 password CISCO mpls ldp neighbor 150.1.6.6 password CISCO
- 6. • At R6 mpls ip mpls ldp router-id lo0 force int e0/0.146 mpls ldp discovery transport-address interface mpls ip mpls ldp password required mpls ldp neighbor 150.1.4.4 password CISCO • At R5 mpls ip mpls ldp router-id lo0 force int s2/1 mpls ip int s2/0 mpls ip mpls ldp password required mpls ldp neighbor 150.1.4.4 password CISCO
- 7. 14.3 MPLS Label Filtering • At R4, R5, R6 access-list 10 permit 150.1.0.0 0.0.255.255 no mpls ldp advertise-labels mpls ldp advertise-labels for 10
- 8. 14.4 MP-BGP VPNv4 Redistribute connected Static into bgp Vpn_b vl76 R6 vl67 Vpn_a R5 Vrf VPN_A bgp table 155.1.58.0/24 155.1.67.0/24 Bgp vpnv4 Redistribute connected Static into bgp R4 R5 RR Vl58 Vlan5 R5 Vrf VPN_B bgp table Vpn_b 155.1.5.0/24 Vpn_a 155.1.76.0/24
- 9. 14.4 MP-BGP VPNv4 • At R4 router bgp 100 no bgp default ipv4-unicast neighbor 150.1.5.5 remote-as 100 neighbor 150.1.5.5 update-source lo0 neighbor 150.1.6.6 remote-as 100 neighbor 150.1.6.6 update-source lo0 address-family vpnv4 unicast neighbor 150.1.5.5 activate neighbor 150.1.6.6 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.6.6 send-community extended neighbor 150.1.5.5 route-reflector-client neighbor 150.1.6.6 route-reflector-client
- 10. • At R5 ip vrf VPN_A rd 100:1 route-target both 100:1 ip vrf VPN_B rd 100:2 route-target both 100:2 int e0/0 ip vrf forwarding VPN_A ip add 155.1.58.5 255.255.255.0 int e0/1 ip vrf forwarding VPN_B ip address 155.1.5.5 255.255.255.0 • At R6 ip vrf VNP_A rd 100:1 route-target both 100:1 ip vrf VNP_B rd 100:2 route-target both 100:2
- 11. • At R5 & R6 router bgp 100 no bgp default ipv4 neighbor 150.1.4.4 remote-as 100 neighbor 150.1.4.4 update-source lo0 address-family vpnv4 unicast neighbor 150.1.4.4 activate neighbor 150.1.4.4 send-community extended // RT valuesunu bununla taşırız. address-family ipv4 vrf VPN_A redistribute connected redistribute static address-family ipv4 vrf VPN_B redistribute connected redistribute static
- 12. 14.5 MP-BGP Prefix Filtering Lo1 192.16.6.6/24 vl76 R6 vl67 Vpn_b Vpn_a Bgp vpnv4 R4 Lo1 RR R5 172.16.5.5/24 Vl58 Vlan5 Vpn_b Vpn_a
- 13. 14.5 MP-BGP Prefix Filtering • At R5 int lo 101 ip vrf forvarding VPN_A ip address 172.16.5.5 255.255.255.0 ip prefix-list LO101 permit 172.16.5.0/24 route-map VPN-A_EXPORT permit 10 match ip address prefix-list LO101 set extcommunity rt 100:55 route-map VPN-A_EXPORT permit 20 set extcommunity rt 100:1 ip vrf VPN_A export map VPN-A_EXPORT route-target import 100:66
- 14. • At R6 int lo102 ip vrf forwarding VNP_B ip address 192.168.6.6 255.255.255.0 ip prefix-list LO202 permit 192.168.6.0/24 route-map VNP-B-EXPORT permit 10 match ip address prefix-list LO102 set extcommunity rt 100:66 route-map VNP-B-EXPORT permit 20 set extcommunity rt 100:2 ip vrf VNP_B export map VNP-B-EXPORT route-target import 100:55
- 15. 14.6 PE – CE Routing Lo1 with RIP RIP vrf vpn_b 192.16.6.6/24 Rip to bgp vl76 redistribution R6 Vpn_b Bgp vpnv4 Bgp to rip R4 Rip to bgp redistribution Lo1 RR R5 RIP vrf vpn_b 172.16.5.5 /24 vlan43 Vl58 Vlan5 204.12.1.0/24 Vpn_b Vpn_b Vpn_a
- 16. 14.6 PE – CE Routing with RIP • At R4 ip vrf VPN_B rd 100:2 route-target export 100:2 route-target import 100:2 router rip version 2 no auto-summary address-family ipv4 vrf VPN_B redistribute bgp 100 metric transparent ///// metriğin korunmasını sağlıyor network 204.12.1.0 no auto-summary exit-address-family router bgp 100 no bgp default ipv4-unicast address-family vpnv4 neighbor 150.1.5.5 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.5.5 route-reflector-client neighbor 150.1.6.6 activate neighbor 150.1.6.6 send-community extended neighbor 150.1.6.6 route-reflector-client exit-address-family address-family ipv4 vrf VPN_B redistribute rip
- 17. • At R6 router rip ver 2 no auto-sum address-family ipv4 vrf VNP_B redistribute bgp 100 metric transparent //metriğin korunmasını sağlıyor network 155.1.0.0 no ip route vrf VNP_B 172.16.7.0 255.255.255.0 e1/0.67 155.1.67.7
- 18. • At SW1 no ip route vrf VNP_A 0.0.0.0 0.0.0.0 155.1.76.6 router rip ver 2 no auto-sum address-family ipv4 vrf VPN_B network 155.1.0.0 network 192.168.7.0
- 19. 14.7 PE- CE Routing with OSPF Ospf area 1 Redistribute vrf VNP_A ospf Lo 172.16.7.7 into vrf VPN_A bgp SW1 R6 vl67 Vpn_a Vrf VPN_A Redistribute bgp into vrf VPN_A ospf Redistribute bgp into Bgp vpnv4 vrf VPN_A ospf Ospf area1 R4 Lo1 RR R5 172.16.5.5/24 SW2 Vl58 Redistribute vrf VNP_A ospf into vrf VPN_A bgp Vpn_a Lo 172.16.8.8/24
- 20. 14.7 PE- CE Routing with OSPF • MP-BGP’nin olduğu cloud’a super area 0 (super backbone) denir. • OSPF iki yeni attribute’e sahip 1- domain-id : farklı vpn’lerdeki ospf process’leri ayırt etmeye yarar. 2- OSPF route-type: 3 bileşen içerir: source- area, route-type (lsa type) ve option (E1 – E2[external]) metric değeri biz değiştirmediğimiz sürece aynı şekilde taşınır.
- 21. • At R5 router ospf 100 vrf VPN_A domain-id 0.0.0.5 log-adjacency-changes redistribute bgp 100 subnets network 0.0.0.0 255.255.255.255 area 1 router bgp 100 address-family ipv4 vrf VPN_A redistribute ospf 100 vrf VPN_A • At R6 router ospf 100 vrf VNP_A domain-id 0.0.0.6 log-adjacency-changes redistribute bgp 100 subnets network 0.0.0.0 255.255.255.255 area 1 summary-address 172.16.0.0 255.255.0.0 router bgp 100 address-family ipv4 vrf VNP_A redistribute ospf 100 vrf VNP_A
- 22. • SW1 no ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.14.76.6 router ospf 1 vrf VPN_A netw 0.0.0.0 255.255.255.255 area 1 • SW2 ip routing router ospf 1 network 0.0.0.0 255.255.255.255 area 1 int lo100 ip add 172.16.8.8 255.255.255.0
- 23. 14.8 OSPF Sham-link Ospf area 1 Backdoor link Redistribute vrf VNP_A ospf Lo 172.16.7.7 into vrf VPN_A bgp SW1 lo100 R6 vl67 Vpn_a Vrf A Redistribute bgp into vrf VPN_A ospf Redistribute bgp into Bgp vpnv4 vrf VPN_A ospf Ospf area1 lo100 R4 Lo1 RR R5 172.16.5.5/24 SW2 Vl58 Redistribute vrf VNP_A ospf into vrf VPN_A bgp Vpn_a Lo 172.16.8.8/24
- 24. 14.8 OSPF Sham-link • At R5 router ospf 100 vrf VPN_A no domain-id 0.0.0.5 area 1 sham-link 150.1.55.55 150.1.66.66 cost 1 no network 0.0.0.0 255.255.255.255 area 1 network 155.1.58.5 0.0.0.0 area 1 int lo 200 ip vrf forwarding VPN_A ip address 150.1.55.55 255.255.255.255 router bgp 100 address-family ipv4 vrf VPN_A network 150.1.55.55 mask 255.255.255.255
- 25. • At R6 router ospf 100 vrf VNP_A no domain-id 0.0.0.5 area 1 sham-link 150.1.66.66 150.1.55.55 cost 1 no network 0.0.0.0 255.255.255.255 area 1 network 155.1.67.6 0.0.0.0 area 1 int lo 200 ip vrf forwarding VNP_A ip address 150.1.66.66 255.255.255.255 router bgp 100 address-family ipv4 vrf VNP_A network 150.1.66.66 mask 255.255.255.255
- 26. • At SW1 int e0/3 no sw ip address 155.1.78.7 255.255.255.0 ip ospf cost 9999 int e1/0.67 no ip vrf forwarding VPN_A ip address 155.1.67.7 255.255.255.0 int lo101 ip add 172.16.7.7 255.255.255.0 no router ospf 1 router ospf 1 network 0.0.0.0 255.255.255.255 area 1 • At SW2 int e0/3 no sw ip address 155.1.78.8 255.255.255.0 ip ospf cost 9999
- 27. 14.9 PE- CE Routing with EIGRP EIGRP Redistribute vrf VNP_A eigrp Lo 172.16.7.7 Delay 1000 into vrf VPN_A bgp SW1 Backdoor link R6 vl67 Vpn_a Vrf VPN_A Redistribute bgp into vrf VPN_A eigrp Bgp vpnv4 Redistribute bgp into vrf VPN_A eigrp Redistribute bgp into vrf VPN_A eigrp EIGRP R4 EIGRP Lo1 RR VPN_A R5 172.16.5.5/24 Vlan 43 Redistribute vrf VPN_A EIGRP SW2 Vl58 204.12.1.0/24 into BGP Redistribute vrf VNP_A eigrp into vrf VPN_A bgp Vpn_a Lo 172.16.8.8/24
- 28. 14.9 PE- CE Routing with EIGRP • At R4 ip vrf VPN_A rd 100:1 route-target both 100:1 router eigrp 100 no auto address-family ipv4 vrf VPN_A autonomous-system 100 network 204.12.1.0 0.0.0.255 redistribute bgp 100 metric 1 1 1 1 1 router bgp 100 address-family ipv4 vrf VPN_A redistribute eigrp 100 int e0/0 ip vrf forwarding VPN_A ip address 204.12.1.4 255.255.255.0
- 29. • At R5 no router ospf 100 router eigrp 100 no auto address-family ipv4 vrf VPN_A autonomous-system 100 network 155.1.58.5 0.0.0.0 redistribute bgp 100 metric 1 1 1 1 1 router bgp 100 address-family ipv4 vrf VPN_A redistribute eigrp 100
- 30. • At R6 no router ospf 100 router eigrp 100 no auto address-family ipv4 vrf VNP_A autononous-system 100 network 155.1.67.6 0.0.0.0 router bgp 100 address-family ipv4 vrf VNP_A redistribute eigrp 100
- 31. • At SW1 – SW2 no router ospf 1 router eigrp 100 no autosumm network 0.0.0.0 255.255.255.255 int e0/3 delay 1000 /// to be sure it will be backdoor.
- 32. 14.10 EIGRP SITE OF ORIGIN BGP AS 78 Backdoor link Lo 172.16.7.7 SW1 R6 vl67 Vpn_a Vrf VPN_A AS100 Bgp vpnv4 BGP AS 78 R4 Lo1 RR R5 172.16.5.5/24 R5 R6 100:15 100:16 SW2 Vl58 SW2 SW1 Vpn_a Lo 172.16.8.8/24 100:15 100:16
- 33. 14.10 EIGRP Site-of-Origin • At R5 • At SW2 route-map EIGRP-SOO route-map EIGRP-SOO set extcommunity soo 100:15 set extcommunity soo 100:15 int e0/0 int e0/2 ip vrf sitemap EIGRP-SOO ip vrf sitemap EIGRP-SOO • At R6 • At SW1 route-map EIGRP-SOO route-map EIGRP-SOO set extcommunity soo 100:16 set extcommunity soo 100:16 int e0/0.67 int e0/2 ip vrf sitemap EIGRP-SOO ip vrf sitemap EIGRP-SOO
- 34. 14.11 PE- CE Routing with BGP BGP AS 78 Lo 172.16.7.7 SW1 R6 AS78 overrided vl67 AS100 Vpn_a Vrf VPN_A AS100 Bgp vpnv4 AS78 overrided R4 BGP AS 78 AS100 Lo1 RR R5 172.16.5.5/24 SW2 Vl58 Vpn_a Lo 172.16.8.8/24
- 35. 14.11 PE- CE Routing with BGP • Farklı yerlerde aynı AS’in kullanılması; aynı AS ile gelen bilginin alınmayacağından prefix’in filtrelenmesine yol açar. Bunu çözmek için allowas-in ile as-override yapabliriz.
- 36. • At R5 no router eigrp 100 router bgp 100 address-family ipv4 vrf VPN_A neighbor 155.1.58.8 remote-as 78 neighbor 155.1.58.8 as-override • At R6 no router eigrp 100 router bgp 100 address-family ipv4 vrf VNP_A neighbor 155.1.67.7 remote-as 78 neighbor 155.1.67.7 as-override
- 37. • At SW1 no router eigrp 100 router bgp 78 neighbor 155.1.67.6 remote-as 100 network 150.1.7.0 mask 255.255.255.0 • At SW2 no router eigrp 100 router bgp 78 neighbor 155.1.58.5 remote-as 100 network 150.1.8.0 mask 255.255.255.0
- 38. 14.12 BGP SoO Attribute BGP AS 78 Lo 172.16.7.7 Backdoor link SW1 R6 vl67 Vpn_a Soo 100:1 Vrf VPN_A AS100 Bgp vpnv4 BGP AS 78 R4 Lo1 RR R5 172.16.5.5/24 SW2 Vl58 Soo 100:1 Vpn_a Lo 172.16.8.8/24
- 39. 14.12 BGP SoO Attribute • At R5 router bgp 100 address-family ipv4 vrf VPN_A neighbor 155.1.58.8 soo 100:1 • At R6 router bgp 100 address-family ipv4 vrf VNP_A Bgp vpn neighbor 155.1.67.7 soo 100:1 R5 R6 ebgp ebgp Soo 100:1 Soo 100:1 ibgp SW2 SW1
- 40. • At SW1 router bgp 78 neighbor 155.1.78.8 remote-as 78 • At SW2 router bgp 78 neighbor 155.1.78.7 remote-as 78 ///CE’lerde backdoor komşuluğunu ekledik.
- 41. 14.13 Internet Access • At R6 router rip vers 2 no auto-sum network 54.0.0.0 ip route vrf VNP_A 0.0.0.0 0.0.0.0 54.1.1.254 global router bgp 100 address-family ipv4 vrf VNP_A default-information originate redistribute static int s2/0 ip nat outside int e0/0.146 ip nat inside int e0/0.67 ip nat inside ip access-list standard VPN-PREFIXES permit 150.1.0.0 0.0.255.255 ip nat inside source list VPN-PREFIXES interface s2/0 vrf VNP_A overload
- 42. 14.14 AToM E0/1 R6 vl67 Vpn_a AS100 Bgp vpnv4 Vl 5 (e0/1) R4 R5 RR Vl58 Vpn_a
- 43. 14.14 AToM • At R5 default interface e0/1 int e0/1 xconnect 150.1.6.6 100 encapsulation mpls mpls ldp neighbor 150.1.6.6 password CISCO • At R6 int e0/1 no sh xconnect 150.1.5.5 100 encapsulation mpls mpls ldp neighbor 150.1.5.5 password CISCO
- 44. • R5 ve R6 ya bağlı olan sw3 ve sw4 interfacelerine ip verip birbirlerini pingleyebiliriz.
- 45. 14.15 L2TPV3 • At R5, similiar at R6 pseudowire-class L2TPV3 encapsulation l2tpv3 ip local interface lo0 ip pmtu ip dfbit set ip tos reflect default int e0/1 int e0/1 xconnect 150.1.6.6 100 encapsulation l2tpv3 pw-class L2TPV3
- 46. 14.16 MPLS VPN Performance Tuning • At R4 router bgp 100 address-family vpnv4 unicast neighbor 150.1.5.5 advertisement-interval 0 neighbor 150.1.6.6 advertisement-interval 0 • At R5; R6 router bgp 100 address-family vpnv4 unicast neighbor 150.1.4.4 advertisement-internal 0 bgp scan import 5
Hinweis der Redaktion
- R6 ile SW1 arasında yeni bir VLAN 76 oluşturalım, ip adresi 155.1.76.0/24 olsun.Vlan67 vrf group VPN_A’ya, Vlan76 VPN_B’ye ait olsun.SW1’de lo101 ve lo102 VPN_A ve VPN_B’de olsun.172.16.7.7/24 ve 192.168.7.7/24.SW1’deki her iki vrf’in de default route’u R6 olsun.R6 da yapacağımız config ile lo101 lo102yi; lo102 lo101’i pingleyebilsin.
- Rack1R6#sh ip vrf Name Default RD Interfaces VNP_A 100:1 Et1/0.67 VNP_B 100:2 Et1/0.76Rack1SW1#sh ip vrf Name Default RD Interfaces VPN_A 100:1 Et1/0.67 Lo101 VPN_B 100:2 Et1/0.76 Lo102Rack1R6#pingvrfVNP_A 155.1.67.7Type escape sequence to abort.Sending 5, 100-byte ICMPEchos to 155.1.67.7, timeout is 2 seconds:!!!!!ack1R6#pingvrfVNP_B 155.1.76.7Type escape sequence to abort.Sending 5, 100-byte ICMPEchos to 155.1.76.7, timeout is 2 seconds:!!!!!Rack1R6#show ip route vrf VNP_ARouting Table: VNP_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 155.1.0.0/24 is subnetted, 1 subnetsC 155.1.67.0 is directly connected, Ethernet1/0.67S 192.168.7.0/24 [1/0] via 155.1.76.7, Ethernet1/0.76
- R4, R5, R6; IETF standart protocol’u ile mpls labellerini değiş tokuş etsinler.LDP’yi md5 ile authenticate et; password CISCO olsun.Ldp’yi ospf enabled interfacelerde enable etmek için tek komut kullan.
- Rack1R4#sh mpls ldp nei Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0 TCP connection: 150.1.5.5.14089 - 150.1.4.4.646 State: Oper; Msgs sent/rcvd: 13/13; Downstream Up time: 00:00:37 LDP discovery sources: Serial2/1, Src IP addr: 155.1.45.5 Addresses bound to peer LDP Ident: 155.1.58.5 155.1.5.5 155.1.0.5 155.1.45.5 150.1.5.5 Rack1R4#sh mpls ldp neighb passw Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0 TCP connection: 150.1.5.5.14089 - 150.1.4.4.646 Password: required, neighbor, in use State: Oper; Msgs sent/rcvd: 14/14Rack1R5#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 16 54.1.1.0/24 0 Se2/1 point2point 17 Pop Label 150.1.4.4/32 0 Se2/1 point2point 18 18 150.1.6.6/32 0 Se2/1 point2point 19 Pop Label 155.1.146.0/24 0 Se2/1 point2point 20 Pop Label 204.12.1.0/24 0 Se2/1 point2point
- R4, R5, R6 da sadece lo0 interface’i için olan label advertisement’lar alınsın.Default davranış olarak routing tablo’sunda olan bütün prefix’ler için ldp üretir.Rack1R4#sh mpls forwLocal Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 No Label 54.1.1.0/24 0 Et0/1 155.1.146.6 17 Pop Label 150.1.5.5/32 0 Se2/1 point2point 18 No Label 150.1.6.6/32 0 Et0/1 155.1.146.6 19 No Label 155.1.5.0/24 0 Se2/1 point2point 20 No Label 155.1.58.0/24 0 Se2/1 point2point
- R5’te iki yeni VRF yapalım VPN_A ve VPN_B; bunlara vlan 58 ve vlan 5’i assign edelim.R4 bgp route-reflector olacak şekilde; R5 ve R6 arasında vpn route’larını exchange edelim.IPv4 default olarak active edilmesin
- ------------------------------------------------------------------------------Vpnv4 prefix exchange için source lo0 olmalı bu lo0 /32 olmalı.Bir vrf prefix’ini bgp’ye inject etmek için önce vpnv4’u active etmelisin; sonra bu route’ları bgp’ye redistribute etmelisin. İnject edilen routelar RD’leri ile birlikte edilir ve vpn label’ları oluşturulur.
- Rack1R5#sh ip route vrf VPN_ARouting Table: VPN_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 155.1.0.0/24 is subnetted, 2 subnetsC 155.1.58.0 is directly connected, Ethernet0/0B 155.1.67.0 [200/0] via 150.1.6.6, 00:01:04B 192.168.7.0/24 [200/0] via 150.1.6.6, 00:01:04Rack1R4#sh bgp vpnv4 unicast allBGP table version is 7, local router ID is 150.1.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1*>i155.1.58.0/24 150.1.5.5 0 100 0 ?*>i155.1.67.0/24 150.1.6.6 0 100 0 ?*>i192.168.7.0 150.1.6.6 0 100 0 ?Route Distinguisher: 100:2*>i155.1.5.0/24 150.1.5.5 0 100 0 ?*>i155.1.76.0/24 150.1.6.6 0 100 0 ?*>i172.16.7.0/24 150.1.6.6 0 100 0 ?
- R5 te VRF VPN_A da yeni lo 101 ip adresi 172.16.5.5/24R6 te VRF VNP_B da yeni lo 101 ip adresi 192.168.6.6/24Bu iki subnet için çift yönlü erişilebilirliği sağla.R6’nın VNP_A’sı 172.16.5.0/24 u ve R5’in VPN_B’si 192.168.6.0/24’u gormesin.
- PE- CE routing protocol’u olarak VPN_B’de RIP kullan. Static route’u kaldır.R4’te VLAN_43’ü VPN_B ‘ye dahil et.CE router’larından öğrenilen RIP metriğini koru.
- Rack1SW1#sh ip route vrf VPN_BRouting Table: VPN_BCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.76.6 to network 0.0.0.0R 204.12.1.0/24 [120/1] via 155.1.76.6, 00:00:06, Ethernet1/0.76 155.1.0.0/24 is subnetted, 2 subnetsR 155.1.5.0 [120/1] via 155.1.76.6, 00:00:06, Ethernet1/0.76C 155.1.76.0 is directly connected, Ethernet1/0.76C 192.168.7.0/24 is directly connected, Loopback102 31.0.0.0/16 is subnetted, 4 subnetsR 31.3.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.2.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.1.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.0.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76 30.0.0.0/16 is subnetted, 4 subnetsR 30.2.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.3.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.0.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.1.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76S* 0.0.0.0/0 [1/0] via 155.1.76.6
- PE-CE routing protocol’u olarak VPN_A side’larında OSPF kullan; area id 1 olsunR6 ve R5’te aynı OSPF process-id’sini kullan, SW1 ve SW2 birbirlerine ulaşabilsinler.SW2 de yeni bir lo 172.16.8.8/24 ile oluştur. R6 bunun sadece /16 summary’sini gorsun.
- Rack1R5#sh ip ospf 100 Routing Process "ospf 100" with ID 155.1.58.5 Domain ID type 0x0005, value 0.0.0.5 Start time: 00:32:00.932, Time elapsed: 00:03:47.320 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Connected to MPLS VPN Superbackbone, VRF VPN_A It is an area border and autonomous system boundary routerRack1R6#sh bgp vpnv4 unicast vrf VNP_A 172.16.8.8BGP routing table entry for 100:1:172.16.8.8/32, version 45Paths: (1 available, best #1, table VNP_A)Flag: 0x820 Not advertised to any peer Local 150.1.5.5 (metric 75) from 150.1.4.4 (150.1.4.4) Origin incomplete, metric 11, localpref 100, valid, internal, best Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000050200 OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:155.1.58.5:512 Originator: 172.16.5.5, Cluster list: 150.1.4.4 mpls labels in/out nolabel/22
- Rack1SW2#*Dec 14 08:45:45.763: %SYS-5-CONFIG_I: Configured from console by consoleRack1SW2#sh ip route ospf 155.1.0.0/24 is subnetted, 5 subnetsO E2 155.1.76.0 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 155.1.67.0 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masksO E2 172.16.7.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 172.16.7.7/32 [110/11] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 172.16.0.0/16 [110/11] via 155.1.58.5, 00:00:15, Ethernet1/0O E2 192.168.6.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 192.168.7.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0
- Rack1SW1#sh ip route vrf VPN_ARouting Table: VPN_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.67.6 to network 0.0.0.0 155.1.0.0/16 is variably subnetted, 4 subnets, 2 masksO E2 155.1.8.8/32 [110/11] via 155.1.67.6, 00:01:06, Ethernet1/0.67O E2 155.1.58.0/24 [110/1] via 155.1.67.6, 00:01:44, Ethernet1/0.67C 155.1.67.0/24 is directly connected, Ethernet1/0.67O E2 155.1.108.0/24 [110/20] via 155.1.67.6, 00:01:06, Ethernet1/0.67 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masksC 172.16.7.0/24 is directly connected, Loopback101O E2 172.16.0.0/16 [110/11] via 155.1.67.6, 00:01:05, Ethernet1/0.67 150.1.0.0/32 is subnetted, 1 subnetsO E2 150.1.8.8 [110/11] via 155.1.67.6, 00:01:06, Ethernet1/0.67S* 0.0.0.0/0 [1/0] via 155.1.67.6
- PE-CE routing protocol’u olarak VPN_A side’larında OSPF kullan; area id 1 olsunR6 ve R5’te aynı OSPF process-id’sini kullan, SW1 ve SW2 birbirlerine ulaşabilsinler.SW2 de yeni bir lo 172.16.8.8/24 ile oluştur. R6 bunun sadece /16 summary’sini gorsun.
- SW1 pure CE router olsun, vrf-lite’ı kaldır.R5 ve R6 VPN_A sideları arasında ospf routing calıssın. SW1 SW2 arasında bir L3 backdoor linki yapalım.R5 ve R6 VPN_A ospf process domain-id’lerini aynı yapalım.SW1 ve SW2 mpls core yolunu tercih etsin.
- Rack1R5#shipospf sham-liSham Link OSPF_SL0 to address 150.1.66.66 is upArea 1 source address 150.1.55.55 Run as demand circuitDoNotAgeLSA allowed. Cost of using 1 State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Hello due in 00:00:09
- VPN_A’da PE-CE arasında EIGRP kullan; backdoor kullanımda olsun; primary path mpls vpn cloud olsun.R4’un vlan 43’u VPN_A’da olsun, bunu da EIGRP’ye advertise et. Butun EIGRP routerları aynı AS’te olsun
- R5 ve R6’da eigrp – mp-bgp redistribution’ından kaynaklanan gecici routing-loop’ları engelleyin.SW1 – SW2 arasında ki primary path, MPLS VPN core’u olsun.PE 1 - CE 1 aynı 100:15; PE2 – CE2 aynı 100:16.
- R5, R6, SW1, SW2 deki eigrp configlerini kaldır.SW1, SW2, R5, R6 da Bgp AS 78 configure et.Lo0’larını SW1 ve SW2’de BGP’ye advertise et.
- Rack1SW2#sh ip route bgpB 204.12.1.0/24 [20/0] via 155.1.58.5, 00:03:30 155.1.0.0/24 is subnetted, 6 subnetsB 155.1.76.0 [20/0] via 155.1.58.5, 00:03:30B 155.1.67.0 [20/0] via 155.1.58.5, 00:03:30 172.16.0.0/24 is subnetted, 2 subnetsB 172.16.7.0 [20/0] via 155.1.58.5, 00:03:30B 192.168.6.0/24 [20/0] via 155.1.58.5, 00:03:30B 192.168.7.0/24 [20/0] via 155.1.58.5, 00:03:30 150.1.0.0/16 is variably subnetted, 4 subnets, 2 masksB 150.1.7.0/24 [20/0] via 155.1.58.5, 00:00:56B 150.1.66.66/32 [20/0] via 155.1.58.5, 00:03:30B 150.1.55.55/32 [20/0] via 155.1.58.5, 00:03:30Rack1SW2#sh ip bgpBGP table version is 13, local router ID is 172.16.8.8Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 150.1.7.0/24 155.1.58.5 0 100 100 i*> 150.1.8.0/24 0.0.0.0 0 32768 i*> 150.1.55.55/32 155.1.58.5 0 0 100 i*> 150.1.66.66/32 155.1.58.5 0 100 ir> 155.1.58.0/24 155.1.58.5 0 0 100 ?*> 155.1.67.0/24 155.1.58.5 0 100 ?*> 155.1.76.0/24 155.1.58.5 0 100 ?*> 172.16.7.0/24 155.1.58.5 0 100 ?*> 192.168.6.0 155.1.58.5 0 100 ?*> 192.168.7.0 155.1.58.5 0 100 ?*> 204.12.1.0 155.1.58.5 0 100 ?
- SW1 ve SW2 arasında (direct-linkten) backdoor bgp peering session kuralım. As-override feature’un bgp loop-prevention mechanism’i disable ettiğini hesaba katarak loop oluşumunu engelleyici config yapalım.
- Rack1R6#sh ip bgp vpnv4 vrf VNP_A 150.1.8.0BGP routing table entry for 100:1:150.1.8.0/24, version 144Paths: (1 available, best #1, table VNP_A)Flag: 0x820 Advertised to update-groups: 1 78 155.1.67.7 from 155.1.67.7 (155.1.7.7) Origin IGP, localpref 100, valid, external, best Extended Community: SoO:100:1 RT:100:1 mpls labels in/out 24/nolabelRack1R6#sh ip bgp vpnv4 vrf VNP_A neighbor 155.1.67.7 advBGP table version is 144, local router ID is 150.1.6.6Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1 (default for vrf VNP_A)*>i150.1.55.55/32 150.1.5.5 0 100 0 i*> 150.1.66.66/32 0.0.0.0 0 32768 i*>i155.1.58.0/24 150.1.5.5 0 100 0 ?*> 155.1.67.0/24 0.0.0.0 0 32768 ?*> 192.168.7.0 0.0.0.0 0 32768 ?*>i204.12.1.0 150.1.4.4 0 100 0 ?Total number of prefixes 6
- R6’nın BB1 interface’inde RIP’ı enable et, boylelikle VNP_A müşterileri bu route’lara erişebilsin. 1 adet static route kullanmaya iznin var.Sadece 150.1.0.0/16 route’larının internete çıkış izni olsun.Rack1SW1#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.67.6 to network 0.0.0.0B 204.12.1.0/24 [20/0] via 155.1.67.6, 00:58:36 155.1.0.0/24 is subnetted, 7 subnetsC 155.1.7.0 is directly connected, Loopback7B 155.1.58.0 [20/0] via 155.1.67.6, 00:58:36C 155.1.37.0 is directly connected, Ethernet0/3C 155.1.78.0 is directly connected, Ethernet0/2C 155.1.79.0 is directly connected, Ethernet0/0B 155.1.76.0 [200/0] via 155.1.58.5, 00:32:20C 155.1.67.0 is directly connected, Ethernet1/0.67 172.16.0.0/24 is subnetted, 1 subnetsB 172.16.7.0 [200/0] via 155.1.58.5, 00:32:20B 192.168.6.0/24 [200/0] via 155.1.58.5, 00:32:20B 192.168.7.0/24 [20/0] via 155.1.67.6, 00:58:36 150.1.0.0/16 is variably subnetted, 4 subnets, 2 masksC 150.1.7.0/24 is directly connected, Loopback0B 150.1.66.66/32 [20/0] via 155.1.67.6, 00:58:37B 150.1.55.55/32 [20/0] via 155.1.67.6, 00:58:37B 150.1.8.0/24 [200/0] via 155.1.78.8, 00:32:21B* 0.0.0.0/0 [20/0] via 155.1.67.6, 00:01:11Rack1R6#sh ip route ripR 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0
- R5 vlan 5 ile R6 nın kullanılmayan bir interface’inde p2p l2vpn kur.Kullanacağın metod minimum overhead getirsin.
- “100” vc id’si.Rack1R6#sh mpls l2transport vc detailLocal interface: Et0/1 up, line protocol up, Ethernet up Destination address: 150.1.5.5, VC ID: 100, VC status: down Output interface: none, imposed label stack {} Preferred path: not configured Default path: no route No adjacency Create time: 00:00:44, last status change time: 00:00:40 Signaling protocol: LDP, peer 150.1.5.5:0 up MPLS VC labels: local 28, remote 24 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 0, send 0 byte totals: receive 0, send 0 packet drops: receive 0, seq error 0, send 0
- Bir önceki örnekte mpls yerine l2tpv3 kullanalım. Pkaetlerin hicbir zaman fragmante olmadığdan emin olalım, automatic mtu detection açık olsun.Rack1R5#sh l2tp session all
- PE ve P router’larında yapacağımız config ile CE side’larında meydana gelen topology change’in iletim süresini minimize edelim.