多宿主MPLSVPN中-应用AS-override注意的问题

多宿主MPLSVPN中-应用AS-override注意的问题
多宿主MPLS/VPN中，应用AS-override注意的问题
由 admin 于星期二, 04/01/2008 - 16:25 发表
目的
研究PE与CE间使用BGP时，可能出现的次优路径及其环路
拓扑图在下面
当PE与CE之间使用BGP时，在多宿主网络中，使用AS-override 有可能形成次优路径或环路，如上图所示。

配置如下
R1
ip vrf vpn-a
rd 1:10
route-target export 1:10
route-target import 1:10
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255 !
interface FastEthernet0/0
no ip address
interface FastEthernet0/0.12 encapsulation dot1Q 12
ip address 12.1.1.1 255.255.255.0 tag-switching ip
!
interface FastEthernet0/0.13 encapsulation dot1Q 13
ip address 13.1.1.1 255.255.255.0 tag-switching ip
!
interface FastEthernet0/0.14 encapsulation dot1Q 14
ip vrf forwarding vpn-a
ip address 14.1.1.1 255.255.255.0
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 !
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0 neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 update-source Loopback0 no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended exit-address-family
!
address-family ipv4 vrf vpn-a
neighbor 14.1.1.4 remote-as 2
neighbor 14.1.1.4 activate neighbor 14.1.1.4 as-override
no auto-summary
no synchronization
exit-address-family
R2
ip vrf vpn-a
rd 1:10
route-target export 1:10
route-target import 1:10
!
ip cef
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255 !
interface FastEthernet0/0
no ip address
!
interface FastEthernet0/0.12 encapsulation dot1Q 12
ip address 12.1.1.2 255.255.255.0
tag-switching ip
!
interface FastEthernet0/0.23 encapsulation dot1Q 23
ip address 23.1.1.2 255.255.255.0
tag-switching ip
!
interface FastEthernet0/0.25 encapsulation dot1Q 25
ip vrf forwarding vpn-a
ip address 25.1.1.2 255.255.255.0
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 !
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0 neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 update-source Loopback0 no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended exit-address-family
!
address-family ipv4 vrf vpn-a
neighbor 25.1.1.5 remote-as 2
neighbor 25.1.1.5 activate
neighbor 25.1.1.5 as-override
no auto-summary
no synchronization
exit-address-family
R3
ip vrf vpn-a
rd 1:10
route-target export 1:10
route-target import 1:10
!
ip cef
interface Loopback0
ip address 3.3.3.3 255.255.255.255 !
interface FastEthernet0/0
no ip address
duplex half
!
interface FastEthernet0/0.13 encapsulation dot1Q 13
ip address 13.1.1.3 255.255.255.0 tag-switching ip
!
interface FastEthernet0/0.23 encapsulation dot1Q 23
ip address 23.1.1.3 255.255.255.0 tag-switching ip
!
interface FastEthernet0/0.36 encapsulation dot1Q 36
ip vrf forwarding vpn-a
ip address 36.1.1.3 255.255.255.0
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 !
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0 neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0 no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended exit-address-family
!
address-family ipv4 vrf vpn-a neighbor 36.1.1.6 remote-as 2 neighbor 36.1.1.6 activate
neighbor 36.1.1.6 as-override
no auto-summary
no synchronization
exit-address-family
R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255 !
interface FastEthernet0/0
no ip address
interface FastEthernet0/0.14 encapsulation dot1Q 14
ip address 14.1.1.4 255.255.255.0
!router bgp 2
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255 redistribute connected
neighbor 14.1.1.1 remote-as 1
no auto-summary
R5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
no ip address
interface FastEthernet0/0.25 encapsulation dot1Q 25
ip address 25.1.1.5 255.255.255.0
!
interface FastEthernet0/0.56 encapsulation dot1Q 56
ip address 56.1.1.5 255.255.255.0 serial restart-delay 0
!
router ospf 100
router-id 5.5.5.5
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255 redistribute connected
neighbor 25.1.1.2 remote-as 1
no auto-summary
R6
interface Loopback0
ip address 6.6.6.6 255.255.255.255 !
interface FastEthernet0/0
no ip address
interface FastEthernet0/0.36 encapsulation dot1Q 36
ip address 36.1.1.6 255.255.255.0 interface FastEthernet0/0.56 encapsulation dot1Q 56
ip address 56.1.1.6 255.255.255.0 router ospf 100
router-id 6.6.6.6
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 router ospf 10
log-adjacency-changes
router bgp 2
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 36.1.1.3 remote-as 1
no auto-summary
!
在R2上看，BGP VPN表
r2#sh ip bg vp all
BGP table version is 18, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:10 (default for vrf vpn-a)
*>i4.4.4.4/32 1.1.1.1 0 100 0 2 ?
*> 5.5.5.5/32 25.1.1.5 0 0 2 i
*>i6.6.6.6/32 3.3.3.3 0 100 0 2 ?
*>i14.1.1.0/24 1.1.1.1 0 100 0 2 ?
r> 25.1.1.0/24 25.1.1.5 0 0 2 ?
*>i36.1.1.0/24 3.3.3.3 0 100 0 2 ?
* i56.1.1.0/24 3.3.3.3 0 100 0 2 ?
*> 25.1.1.5 0 0 2 ?
在R5上，
r5#sh ip rou
36.0.0.0/24 is subnetted, 1 subnets
B 36.1.1.0 [20/0] via 25.1.1.2, 00:27:04
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 25.1.1.2, 00:27:04
可以看到原本红色部分是从OSPF学来，现在变成从EBGP学来，下一条变为R2，
r5#trace 6.6.6.6
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 25.1.1.
2 56 msec 112 msec 140 msec
2 36.1.1.
3 [AS 1] 312 msec 10
4 msec 320 msec
3 36.1.1.6 [AS 1] 316 msec 212 msec * //运营商中路由
前缀6.6.6.6/32，在CE3上生成被发往PE3，当PE3把这条前缀通回给CE2时，由于AS-override 作用，AS-PATH变成 1 1 ，故形成了环路。

解决方案：
AS-override同SOO （site of origin）一起使用,在多宿主MPLS VPN中，SOO用来标识客户站点，防止从某一点离开该站点的流量从另外一点被发送回同一站点。

SOO检测环路是自动的，需做在in 的方向上。

R2上配置
address-family ipv4 vrf vpn-a
neighbor 25.1.1.5 route-map dog in
route-map dog permit 10
set extcommunity soo 2:2
// 当前缀从PE2通告给PE3时，会被附上
SOO值，当PE3检测到相同的SOO时，
该前缀便不发给站点2中CE3
R3上配置
address-family ipv4 vrf vpn-a
neighbor 36.1.1.6 route-map boy in
route-map boy permit 10
set extcommunity soo 2:2
//SOO值要相同
在R5，
r5#sh ip rou
36.0.0.0/24 is subnetted, 1 subnets
O 36.1.1.0 [110/2] via 56.1.1.6, 00:05:23, FastEthernet0/0.56
6.0.0.0/32 is subnetted, 1 subnets
O 6.6.6.6 [110/2] via 56.1.1.6, 00:05:23, FastEthernet0/0.56
r5#trac 6.6.6.6
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 56.1.1.6 84 msec 240 msec *
附件大小
附件大小
附件大小
24.8
2 KB ‹ MPLS技术的应用与发展。