赞
踩
VRF:虚拟路由转发空间
流程:
详细原理参考文章:
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.
"ENSP"是华为企业级网络设备模拟器(Enterprise Network Simulation Platform)的缩写。它是华为公司提供的一款网络仿真软件,旨在帮助网络管理员和工程师在虚拟环境中规划、配置和测试企业级网络设备和拓扑。
以下是ENSP的一些主要介绍和功能:
依次安装VirtualBox(版本5.2.26)、WinPcap(版本4.1.3)、Wireshark(版本:1.12.4)、ensp(版本:1.3.00.100)
除了R2的g0/0/0和g0/0/2以及R4的g0/0/1和g0/0/2不配IP地址以外,因为这两个接口一旦配了IP地址,192.168.2.0/24这样的网段就会进入R2的公有路由表,我们的目的是将该网段放入VRF空间中
配置位置:在标签号经过的所有接口上配置
- [r2]mpls lsr-id 2.2.2.2 #分配lsr-id,这个id也必须同时是建邻环回的IP地址
- [r2]mpls #启动mpls进程
- Info: Mpls starting, please wait... OK!
- [r2-mpls]mpls ldp #启用mpls中的ldp协议
- [r2-mpls-ldp]qui
- [r2]inter g0/0/1 #在接口上也要启用mpls以及ldp
- [r2-GigabitEthernet0/0/1]mpls
- [r2-GigabitEthernet0/0/1]mpls ldp
- [r3]mpls lsr-id 3.3.3.3
- [r3]mpls
- Info: Mpls starting, please wait... OK!
- [r3-mpls]mpls ldp
- [r3-mpls-ldp]qui
- [r3]inter g0/0/0
- [r3-GigabitEthernet0/0/0]mpls
- [r3-GigabitEthernet0/0/0]mpls ldp
- [r3-GigabitEthernet0/0/0]qui
- [r3]inter g0/0/1
- [r3-GigabitEthernet0/0/1]mpls
- [r3-GigabitEthernet0/0/1]mpls ldp
- [r4]mpls lsr-id 4.4.4.4
- [r4]mpls
- Info: Mpls starting, please wait... OK!
- [r4-mpls]mpls ldp
- [r4-mpls-ldp]qui
- [r4]inter g0/0/0
- [r4-GigabitEthernet0/0/0]mpls
- [r4-GigabitEthernet0/0/0]mpls ldp
- [r2]ip vpn-instance a1#创建VRF空间,名字叫a1
- [r2-vpn-instance-a1]ipv4-family#因为MPLS VPN不止可以给IPV4配还可以给其他网络层协议配,因此这里要指明给哪一个网络层协议配置
- [r2-vpn-instance-a1-af-ipv4]route-distinguisher 1:1#设定RD值,RD值必须先设定
- [r2-vpn-instance-a1-af-ipv4]vpn-target 1:1#设定RT值
- IVT Assignment result:
- Info: VPN-Target assignment is successful.
- EVT Assignment result:
- Info: VPN-Target assignment is successful.
- [r2-vpn-instance-a1-af-ipv4]qui
- [r2-vpn-instance-a1]qui
- [r2]inter g0/0/2
- [r2-GigabitEthernet0/0/2]ip binding vpn-instance a1#将当前物理接口绑定到VRF空间a1
- Info: All IPv4 related configurations on this interface are removed!
- Info: All IPv6 related configurations on this interface are removed!
- [r2-GigabitEthernet0/0/2]ip add 192.168.2.1 24 #为绑定之后的接口分配IP地址,这样该网段不会出现在公有路由表中
- [r2]ip vpn-instance b1
- [r2-vpn-instance-b1]ipv4-family
- [r2-vpn-instance-b1-af-ipv4]route-distinguisher 2:2
- [r2-vpn-instance-b1-af-ipv4]vpn-target 2:2
- IVT Assignment result:
- Info: VPN-Target assignment is successful.
- EVT Assignment result:
- Info: VPN-Target assignment is successful.
- [r2-vpn-instance-b1-af-ipv4]qui
- [r2-vpn-instance-b1]qui
- [r2]inter g0/0/0
- [r2-GigabitEthernet0/0/0]ip binding vpn-instance b1
- Info: All IPv4 related configurations on this interface are removed!
- Info: All IPv6 related configurations on this interface are removed!
- [r2-GigabitEthernet0/0/0]ip add 192.168.2.1 24
- [r2-GigabitEthernet0/0/0]
- Aug 15 2023 19:39:14-08:00 r2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
- on the interface GigabitEthernet0/0/0 has entered the UP state.
- [r4]ip vpn-instance a2
- [r4-vpn-instance-a2]ipv4-family
- [r4-vpn-instance-a2-af-ipv4]route-distinguisher 1:1
- [r4-vpn-instance-a2-af-ipv4]vpn-target 1:1
- IVT Assignment result:
- Info: VPN-Target assignment is successful.
- EVT Assignment result:
- Info: VPN-Target assignment is successful.
- [r4-vpn-instance-a2-af-ipv4]qui
- [r4-vpn-instance-a2]qui
- [r4]inter g0/0/2
- [r4-GigabitEthernet0/0/2]ip binding vpn-instance a2
- Info: All IPv4 related configurations on this interface are removed!
- Info: All IPv6 related configurations on this interface are removed!
- [r4-GigabitEthernet0/0/2]ip add 192.168.3.1 24
- Aug 15 2023 19:42:00-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
- on the interface GigabitEthernet0/0/2 has entered the UP state.
- [r4]ip vpn-instance b2
- [r4-vpn-instance-b2]ipv4-family
- [r4-vpn-instance-b2-af-ipv4]route-distinguisher 2:2
- [r4-vpn-instance-b2-af-ipv4]vpn-target 2:2
- IVT Assignment result:
- Info: VPN-Target assignment is successful.
- EVT Assignment result:
- Info: VPN-Target assignment is successful.
- [r4-vpn-instance-b2-af-ipv4]qui
- [r4-vpn-instance-b2]qui
- [r4]inter g0/0/1
- [r4-GigabitEthernet0/0/1]ip binding vpn-instance b2
- Info: All IPv4 related configurations on this interface are removed!
- Info: All IPv6 related configurations on this interface are removed!
- [r4-GigabitEthernet0/0/1]ip add 192.168.3.1 24
- [r4-GigabitEthernet0/0/1]
- Aug 15 2023 19:43:58-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
- on the interface GigabitEthernet0/0/1 has entered the UP state.
由于要传递VRF虚拟空间中的路由条目,需要MP-BGP(BGPV4+)来进行传递,对端基于RT值将路由装载到对应的VRF空间中,再共享给对应的CE
- [r2]bgp 1
- [r2-bgp]router-id 2.2.2.2
- [r2-bgp]peer 4.4.4.4 as-number 1
- [r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
- [r2-bgp]ipv4-family vpnv4
- [r2-bgp-af-vpnv4]peer 4.4.4.4 enable
- [r4]bgp 1
- [r4-bgp]router-id 4.4.4.4
- [r4-bgp]peer 2.2.2.2 as-number 1
- [r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
- [r4-bgp]ipv4-family vpnv4
- [r4-bgp-af-vpnv4]peer 2.2.2.2 enable
此时R2和R4之间建立的不是普通的IBGP邻居关系,他们之间传递的路由将会是VRF空间中的路由表中的路由条目
R3不需要运行BGP协议,MPLS将解决路由黑洞问题
- [r6]rip 1
- [r6-rip-1]version 2
- [r6-rip-1]network 192.168.1.0
- [r6-rip-1]network 192.168.2.0
由于R6的所有直连网段都在私网内部,所以直接使用RIP即可
- [r2]rip 1 vpn-instance a1
- [r2-rip-1]network 192.168.2.0
在R2上启用RIP进程的时候要注意要让RIP工作在VRF空间中,即让rip去携带VRF空间中的路由表中的路由
- [r2]disp ip routing-table vpn-instance a1
- Route Flags: R - relay, D - download to fib
- ------------------------------------------------------------------------------
- Routing Tables: a1
- Destinations : 5 Routes : 5
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 192.168.1.0/24 RIP 100 1 D 192.168.2.2 GigabitEthernet
- 0/0/2
- 192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet
- 0/0/2
- 192.168.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
通过查看VRF空间a1中的路由表,发现192.168.1.0/24路由已经被学习到了
在R7上直接运行OSPF
- [r7]ospf 1 router-id 7.7.7.7
- [r7-ospf-1]area 0
- [r7-ospf-1-area-0.0.0.0]network 0.0.0.0 255.255.255.255
在R4的VRF空间a2上也运行OSPF
- [r4]ospf 2 router-id 4.4.4.4 v
- [r4]ospf 2 router-id 4.4.4.4 vpn-instance a2
- [r4-ospf-2]area 0
- [r4-ospf-2-area-0.0.0.0]network 192.168.3.1 0.0.0.0
在R4上查看VRF空间a2的路由表:
- [r4]display ip routing-table vpn-instance a2
- Route Flags: R - relay, D - download to fib
- ------------------------------------------------------------------------------
- Routing Tables: a2
- Destinations : 5 Routes : 5
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 192.168.3.0/24 Direct 0 0 D 192.168.3.1 GigabitEthernet
- 0/0/2
- 192.168.3.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 192.168.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 192.168.4.2/32 OSPF 10 1 D 192.168.3.2 GigabitEthernet
- 0/0/2
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以发现R7的环回192.168.4.2/32也学习到了
将R2上的VRF空间a1上的路由表上的路由导入vpn专用的bgp进程中
- [r2]bgp 1
- [r2-bgp]ipv4-family vpn-instance a1
- [r2-bgp-a1]import-route rip 1
查看指定VPN实例(VPN Instance)中的BGP VPNv4(Border Gateway Protocol Virtual Private Network version 4)的路由表信息。用于显示名为 "a1" 的VPN实例中的BGP VPNv4路由表内容
- [r2]display bgp vpnv4 vpn-instance a1 routing-table
-
- BGP Local router ID is 2.2.2.2
- Status codes: * - valid, > - best, d - damped,
- h - history, i - internal, s - suppressed, S - Stale
- Origin : i - IGP, e - EGP, ? - incomplete
-
- VPN-Instance a1, Router ID 2.2.2.2:
-
- Total Number of Routes: 2
- Network NextHop MED LocPrf PrefVal Path/Ogn
-
- *> 192.168.1.0 0.0.0.0 1 0 ?
- *> 192.168.2.0 0.0.0.0 0 0 ?
将R4上的vpn专用的bgp进程中路由导入VRF空间a2中
- [r4]ospf 2 vpn-instance a2
- [r4-ospf-2]import-route bgp
在R4上将OSPF 2中的路由引入bgp中
- [r4]bgp 1
- [r4-bgp]ipv4-family vpn-instance a2
- [r4-bgp-a2]import-route ospf 2
在R2上进入VRF空间a1的rip将bgp中的路由导入
- [r2]rip 1 vpn-instance a1
- [r2-rip-1]impo
- [r2-rip-1]import-route bgp
根据题目要求,b1和b2不能使用动态路由协议,所以要使用静态路由
在R1上写一条到192.168.3.0和192.168.4.0的静态路由到边界路由器R2上
- [r1]ip route-static 192.168.3.0 24 192.168.2.1
- [r1]ip route-static 192.168.4.0 24 192.168.2.1
在R5上写一条到192.168.1.0和192.168.2.0的静态路由到边界路由器R4上
- [r5]ip route-static 192.168.1.0 24 192.168.3.1
- [r5]ip route-static 192.168.2.0 24 192.168.3.1
在R2上没法写到192.168.3.0和192.168.4.0的静态路由,因为写静态路由要写下一跳,下一跳不可能写到R3,因为这样就走的是常规的路由转发,我们要通过MPLS多协议标签转发,所以要通过重发布技术实现
所以R2要知道3.0和4.0只能靠BGP发过来,R2要知道如何到1.0要靠向VRF空间中写一条静态路由
- [r2]ip route-static vpn-instance b1 192.168.1.0 24 192.168.2.2
- #在R4上也是相同的道理
- [r4]ip route-static vpn-instance b2 192.168.4.0 24 192.168.3.2
在R2和R4上执行重发布,将直连的和静态路由重发布到BGP中
- [r2]bgp 1
- [r2-bgp]ipv4-family vpn-instance b1
- [r2-bgp-b1]import-route direct
- [r2-bgp-b1]import-route static
- [r4]bgp 1
- [r4-bgp]ipv4 vpn-instance b2
- [r4-bgp-b2]import-route direct
- [r4-bgp-b2]import-route static
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。