組網(wǎng)需求:
1.各路由器基本信息配置
2.OSPF規(guī)范配置��,修改網(wǎng)絡(luò)類型為點(diǎn)對(duì)點(diǎn)
3.所有路由器運(yùn)行OSPF,RT4 E3/0�、RT5 E3/0 network至OSPF中,RT1E3/0重發(fā)布直連到OSPF中
4.所有路由器運(yùn)行MPLS�����,標(biāo)簽分發(fā)協(xié)議為LDP
5.RT4和RT5運(yùn)行IBGP��,并將E3/1發(fā)布至BGP中
前面配置略
IGP配置如下:
RT1:
router ospf 1
router-id 1.1.1.1
passive-interface default
no passive-interface Serial0/1
no passive-interface Serial0/2
redistribute connected metric 1000 subnets
network 1.1.1.1 0.0.0.0 area 0
network 10.0.12.0 0.0.0.3 area 0
network 10.0.13.0 0.0.0.3 area 0
RT2:
router ospf 1
router-id 2.2.2.2
passive-interface default
no passive-interface Serial0/0
no passive-interface Serial0/1
no passive-interface FastEthernet1/0
network 2.2.2.2 0.0.0.0 area 0
network 10.0.12.0 0.0.0.3 area 0
network 10.0.23.0 0.0.0.3 area 0
network 10.0.24.0 0.0.0.3 area 0
interface f1/0
ip ospf network point-to-point
RT3:
router ospf 1
router-id 3.3.3.3
passive-interface default
no passive-interface Serial0/0
no passive-interface Serial0/1
no passive-interface FastEthernet1/0
network 3.3.3.3 0.0.0.0 area 0
network 10.0.13.0 0.0.0.3 area 0
network 10.0.23.0 0.0.0.3 area 0
network 10.0.35.0 0.0.0.3 area 0
interface f1/0
ip ospf network point-to-point
RT4:
router ospf 1
router-id 4.4.4.4
passive-interface default
no passive-interface Serial0/0
network 4.4.4.4 0.0.0.0 area 0
network 10.0.24.0 0.0.0.3 area 0
network 172.16.4.0 0.0.0.255 area 0
RT5:
router ospf 1
router-id 5.5.5.5
passive-interface default
no passive-interface Serial0/0
network 5.5.5.5 0.0.0.0 area 0
network 10.0.35.0 0.0.0.3 area 0
network 172.16.5.0 0.0.0.255 area 0
MPLS配置:
RT1�、RT2�����、RT3��、RT4、RT5如下配置:
全局配置模式:
ip cef //運(yùn)行MPLS必須開啟CEF
mpls ip //開啟MPLS
mpls label protocol ldp //選擇MPLS標(biāo)簽分發(fā)協(xié)議為LDP(默認(rèn)是TDP���,CISCO私有)
再在所有MPLS網(wǎng)絡(luò)中的接口開啟MPLS
RT1:
int s0/1
mpls ip
int s0/2
mpls ip
RT2的S0/0��、F1/0�����、S0/1,RT3的S0/0�、F1/0、S0/1��,RT4��、RT5的S0/1做以上配置
IBGP的配置:
RT4:
router bgp 65000
no synchronization
network 172.17.4.0 mask 255.255.255.0
neighbor 5.5.5.5 remote-as 65000
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
RT5:
router bgp 65000
no synchronization
network 172.17.5.0 mask 255.255.255.0
neighbor 4.4.4.4 remote-as 65000
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
no auto-summary
RT1#show ip cef detail //查看CEF的詳細(xì)信息
4.4.4.4/32, version 23, epoch 0, cached adjacency to Serial0/1
0 packets, 0 bytes
tag information set
local tag: 23 //本地標(biāo)簽18 也就是進(jìn)來的標(biāo)簽���,交換標(biāo)簽(SWAP)
fast tag rewrite with Se0/1, point2point, tags imposed: {22}//壓入標(biāo)簽PUSH 22
via 10.0.12.2, Serial0/1, 0 dependencies
next hop 10.0.12.2, Serial0/1
valid cached adjacency
tag rewrite with Se0/1, point2point, tags imposed: {22}
RT1#show mpls ldp discovery //查看LDP發(fā)現(xiàn)消息
Local LDP Identifier:
1.1.1.1:0 //本地LDP標(biāo)識(shí)為1.1.1.1
Discovery Sources:
Interfaces: //LDP發(fā)現(xiàn)消息的來源
Serial0/1 (ldp): xmit/recv //從S0/1接口發(fā)送或接收到LDP發(fā)現(xiàn)消息
LDP Id: 2.2.2.2:0 //LDP ID為2.2.2.2
Serial0/2 (ldp): xmit/recv//從S0/2接口發(fā)送或接收到LDP發(fā)現(xiàn)消息
LDP Id: 3.3.3.3:0 //LDP ID為3.3.3.3
RT1#show mpls ldp neighbor //查看LDP的鄰居信息
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0 //對(duì)端LDP ID3.3.3.3和本地LDP ID 1.1.1.1
TCP connection: 3.3.3.3.37601 - 1.1.1.1.646 //TCP連接 IP+端口號(hào)
State: Oper; Msgs sent/rcvd: 30/31; Downstream //狀態(tài):運(yùn)行中
Up time: 00:14:16
LDP discovery sources:
Serial0/2, Src IP addr: 10.0.13.2 //LDP發(fā)現(xiàn)消息的來源和IP
Addresses bound to peer LDP Ident: //對(duì)端LDP需要彈出MPLS標(biāo)簽的地址
10.0.13.2 3.3.3.3 10.0.23.2 10.0.35.1
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1.1.1:0
TCP connection: 2.2.2.2.54420 - 1.1.1.1.646
State: Oper; Msgs sent/rcvd: 20/20; Downstream
Up time: 00:04:34
LDP discovery sources:
Serial0/1, Src IP addr: 10.0.12.2
Addresses bound to peer LDP Ident:
10.0.12.2 2.2.2.2 10.0.23.1 10.0.24.1
注意:MPLS的標(biāo)簽分發(fā)是隨機(jī)的(從16往上遞增,0-15為公認(rèn)系統(tǒng)標(biāo)簽)�����,你們有可能分得的標(biāo)簽跟我不一樣!
我們來分析一下RT4的172.16.4.0這條路由在MPLS網(wǎng)絡(luò)的傳播:
首先RT4上運(yùn)行了MPLS����,會(huì)為所有的IGP路由表分發(fā)標(biāo)簽(BGP路由不發(fā)標(biāo)簽),RT2收到RT4分發(fā)的標(biāo)簽
RT2#show mpls ldp bindings //顯示標(biāo)簽信息庫
tib entry: 172.16.4.0/24, rev 18 //路由條目
local binding: tag: 20 //本地分發(fā)標(biāo)簽是20(發(fā)給所有LDP鄰居)
remote binding: tsr: 4.4.4.4:0, tag: imp-null //4.4.4.4分發(fā)的特殊標(biāo)簽3(用來作倒數(shù)第二跳彈出)
remote binding: tsr: 3.3.3.3:0, tag: 20 //3.3.3.3分發(fā)的標(biāo)簽20
remote binding: tsr: 1.1.1.1:0, tag: 24 //1.1.1.1分發(fā)的標(biāo)簽是24
RT2#show mpls forwarding-table //查看MPLS的轉(zhuǎn)發(fā)表
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 Pop tag 172.16.4.0/24 0 Se0/1 point2point
本地標(biāo)簽20 出標(biāo)簽3 網(wǎng)絡(luò)前綴 0表示是IPV4 出接口 下一跳(點(diǎn)對(duì)點(diǎn))
RT2#show ip route
O 172.16.4.0 [110/110] via 10.0.24.2, 00:09:31, Serial0/1
從上面可以看出����,MPLS路由器收到同條路由的多個(gè)標(biāo)簽�,會(huì)進(jìn)行優(yōu)先,主要是根據(jù)IGP路由表中的下一跳來進(jìn)行選擇��,如上MPLS選擇的下一跳是跟IGP路由表是一樣的
RT3#show mpls ldp bindings
tib entry: 172.16.4.0/24, rev 18
local binding: tag: 20 //本地分發(fā)標(biāo)簽是20(發(fā)給所有LDP鄰居)
remote binding: tsr: 5.5.5.5:0, tag: 23
remote binding: tsr: 2.2.2.2:0, tag: 20 //從RT2上可以看出它為這條路由分發(fā)的標(biāo)簽是20
remote binding: tsr: 1.1.1.1:0, tag: 24
RT3#show mpls forwarding-table //查看MPLS的轉(zhuǎn)發(fā)表
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 20 172.16.4.0/24 0 Fa1/0 10.0.23.1
172.16.4.0進(jìn)標(biāo)簽是20(本地標(biāo)簽)出標(biāo)簽是20,下一跳為10.0.23.1,下一跳為F1/0
RT3#show ip route
O 172.16.4.0 [110/210] via 10.0.23.1, 00:11:23, FastEthernet1/0
可以看出MPLS選擇優(yōu)先選一跳是根據(jù)IGP路由表來的�,如果IGP路由表中沒有此路由,將不會(huì)進(jìn)入MPLS轉(zhuǎn)發(fā)表中
RT5:
RT5#show mpls ldp bindings
tib entry: 172.16.4.0/24, rev 24
local binding: tag: 23
remote binding: tsr: 3.3.3.3:0, tag: 20 //收到RT3發(fā)來的標(biāo)簽
RT5:show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
23 20 172.16.4.0/24 0 Se0/0 point2point
RT5#show ip route
O 172.16.4.0 [110/310] via 10.0.35.1, 02:00:34, Serial0/0
與上面類似�,這里不再敘述��!
MPLS是不會(huì)為BGP路由分發(fā)標(biāo)簽的�,同時(shí)收到的路由如果在IGP中沒有,也是不會(huì)進(jìn)行MPLS的轉(zhuǎn)發(fā)表的�!
如RT5中有兩條BGP路由�,一條是自己產(chǎn)生的,另一條是學(xué)習(xí)到的:
RT5(config-if)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i172.17.4.0/24 4.4.4.4 0 100 0 i
*> 172.17.5.0/24 0.0.0.0 0 32768 i
我們在RT4上查看標(biāo)簽信息庫
RT3#show mpls ldp bindings
tib entry: 172.17.5.0/24, rev 34
remote binding: tsr: 5.5.5.5:0, tag: imp-null //我們可以看到RT5為這條路由分發(fā)了一個(gè)標(biāo)簽3(這里會(huì)分發(fā)標(biāo)簽是因?yàn)槭侵边B路由�����,)在這里并沒有看到為172.17.4.0/24分發(fā)標(biāo)簽���,因?yàn)樗荁GP路由,MPLS不為BGP路由分發(fā)標(biāo)簽
RT3#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 1.1.1.1/32 0 Se0/0 point2point
17 Pop tag 2.2.2.2/32 0 Fa1/0 10.0.23.1
18 Pop tag 10.0.12.0/30 0 Fa1/0 10.0.23.1
Pop tag 10.0.12.0/30 0 Se0/0 point2point
19 Pop tag 10.0.24.0/30 0 Fa1/0 10.0.23.1
20 22 4.4.4.4/32 30679 Fa1/0 10.0.23.1
21 Pop tag 5.5.5.5/32 5459 Se0/1 point2point
22 23 172.16.4.0/24 31211 Fa1/0 10.0.23.1
23 Pop tag 172.16.5.0/24 0 Se0/1 point2point
我們在RT3的MPLS轉(zhuǎn)發(fā)中并沒有看到172.17.5.0/24網(wǎng)段�����,因?yàn)樵赗T3中的路由表中沒有���,所以不會(huì)進(jìn)入MPLS的轉(zhuǎn)發(fā)表中�����!
我們來分析一下RT5的172.16.5.1與172.16.4.1的通信過程:
首先RT5查詢MPLS的轉(zhuǎn)發(fā)表����,找到對(duì)應(yīng)路由出標(biāo)簽號(hào)為20(下以所涉及的轉(zhuǎn)發(fā)表可以看上面),所以再數(shù)據(jù)包的IP頭部前面加入4個(gè)字節(jié)的MPLS標(biāo)簽���,標(biāo)簽號(hào)為20����,EXP位為0,棧底位為1�����,同時(shí)將IP中的TTL復(fù)制到MPLS標(biāo)簽中(這里始發(fā)為255)���,再封裝成HDLC的幀發(fā)送��,RT3從S0/1接口收到后,去掉二層幀頭�,查看MPLS標(biāo)簽入標(biāo)簽號(hào)為20,查找MPLS轉(zhuǎn)發(fā)表出標(biāo)簽號(hào)為20,出接口為F1/0,同時(shí)交換MPLS標(biāo)簽號(hào)為20,EXP位為0,棧底位為1�,同時(shí)TTL-1(轉(zhuǎn)發(fā)一次MPLS TTL-1但是IP中的TTL是不變的,它只涉及到二層)��,再封裝成以太網(wǎng)幀發(fā)送����,RT2從F1/0接收到數(shù)據(jù),拆二層封裝�,查MPLS入標(biāo)簽號(hào)為20再查找MPLS轉(zhuǎn)發(fā)表,出標(biāo)簽為 Pop tag (特殊標(biāo)簽3倒數(shù)第二跳彈出)刪除MPLS標(biāo)簽同時(shí)將MPLS標(biāo)簽中的TTL復(fù)制到IP報(bào)文的TTL中���,然后查找IP全局路由表���,TTL-1=253封裝成以太網(wǎng)幀,再轉(zhuǎn)發(fā)給下一跳���,RT4收到數(shù)據(jù)直接轉(zhuǎn)發(fā)給相應(yīng)接口�,然后再向RT5發(fā)送回應(yīng)數(shù)據(jù)包�����,以上過程的逆過程�����!
補(bǔ)充:在做倒數(shù)第二跳彈出時(shí)�,E-LSR可能會(huì)分發(fā)的幾種標(biāo)簽
標(biāo)簽3 隱式空標(biāo)簽 (上游LSR不添加標(biāo)簽����,彈出最外層MPLS標(biāo)簽)
標(biāo)簽0 IPV4顯示空標(biāo)簽 (上游LSR會(huì)添加標(biāo)簽0,E-LSR收到后,直接彈出標(biāo)簽進(jìn)行IVP4轉(zhuǎn)發(fā))
標(biāo)簽2 IPV6顯示空標(biāo)簽(上游LSR會(huì)添加標(biāo)簽0,E-LSR收到后��,直接彈出標(biāo)簽進(jìn)行IVP6轉(zhuǎn)發(fā))
關(guān)于MPLS中的MTU問題:
問題1:
RT5#ping 172.16.4.1 source 172.16.5.1 size 1500 df-bit
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.1
Packet sent with the DF bit set
.....
Success rate is 0 percent (0/5)
這里我PING滿包1500不分片不能通�,再測試�����,
RT5#ping 172.16.4.1 source 172.16.5.1 size 1496 df-bit
Type escape sequence to abort.
Sending 5, 1496-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.1
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/88/132 ms
RT5#ping 172.16.4.1 source 172.16.5.1 size 1497 df-bit
PING包1496不分片卻能通
Type escape sequence to abort.
Sending 5, 1497-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.1
Packet sent with the DF bit set
.....
Success rate is 0 percent (0/5)
PING包1497不分片卻不能通
分析:IP報(bào)文在MPLS鏈路上轉(zhuǎn)發(fā)時(shí)�,由于壓入了MPLS標(biāo)簽����,故報(bào)文長度增加了,原來的1500字節(jié)變成了1504(1497+4=1501)都超過了MPLS的默認(rèn)MTU1500字節(jié)���,所以不通��,然而1496+4=1500不分片剛好通過��,所以能通�!
問題2:
修改鏈路上所有接口的MPLS MTU為1600
R5S0/0�����、RT3S0/1����、F1/0、RT2S0/1�、F1/0����、R4S0/0都做修改配置如下:
int s0/0
mpls mtu 1600
其它類似
RT5#ping 172.16.4.1 source 172.16.5.1 size 1500 df-bit
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.1
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/104/164 ms
現(xiàn)在能PING了!
RT5#ping 172.16.4.1 source 172.16.5.1 size 1501 df-bit
Type escape sequence to abort.
Sending 5, 1501-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.1
Packet sent with the DF bit set
M.M.M
Success rate is 0 percent (0/5)
如果我PING包1501不分片為什么不能通�!
分析:照理說1501+4=1505要小于1600啊,應(yīng)該能通啊!我開始就范了這樣的錯(cuò)誤����,大家注意下這里還有個(gè)接口MTU默認(rèn)是1500字節(jié)����,也就是在不分片的情況下網(wǎng)絡(luò)層的包大小為1500字節(jié),1501不分片大于1500,所以它再封裝成二層的時(shí)候會(huì)提示包過大����,導(dǎo)致封裝失?��?�!如果是1500它剛好能封裝�,然后再加MPLS標(biāo)簽大于了1500���,這里已經(jīng)跟這個(gè)接口MTU沒什么關(guān)系了��,它只管三層的�����,再多加幾個(gè)MPLS標(biāo)簽都沒關(guān)系�����,只要MPLS MTU大于或等于它就行�!
問題3:
如果我不改這條鏈路上所有接口的MPLS MTU,只修改R5S0/0�、RT3S0/1、RT2S0/1�、R4S0/0
的接口MTU為1600,修改RT3的F1/0、RT2F1/0的MPLS MTU為1600,ping包500不分片能通嗎�?
配置如下:
RT4�、RT5配置如下:
int s0/0
mtu 1600
RT2、RT3配置如下:
int s0/1
mtu 1600
int f1/0
mpls mtu 1600
RT5#ping 172.16.4.1 source 172.16.5.1 size 1500 df-bit
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 172.16.4.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.1
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/88/136 ms
顯然也是能通的�!原因是修改接口的MTU同時(shí)也就修改了MPLS MTU。因?yàn)槲矣媚M器做實(shí)驗(yàn)����,也許是IOS過低不能修改以太網(wǎng)接口的MTU�,所以就不能演示PNG超過1500不分片的包了.
RT2#show mpls int s0/1 detail //查看MPLS接口的詳細(xì)信息
Interface Serial0/1:
IP labeling enabled (ldp):
Interface config
LSP Tunnel labeling not enabled
BGP tagging not enabled
Tagging operational
Fast Switching Vectors:
IP to MPLS Fast Switching Vector
MPLS Turbo Vector
MTU = 1600 //我只修改了接口的MTU
問題4:
RT5pingRT1的S0/2
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 10.0.13.1, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/63/92 ms
不做任何修改為什么能通!因?yàn)樗鼈兌甲隽说箶?shù)第二跳彈出����,根本就沒做MPLS轉(zhuǎn)發(fā)是IP轉(zhuǎn)發(fā)����!大家可以抓包看看!
作者“凡人世界”
我要投稿
