CCIE lab対策(2.2.a Unified MPLS)その1
Unified MPLS が理解できたので自分のメモ用にアウトプットします。
- 1. BGP-LU
- 2. Unified MPLS
- 3. Topology
- 4. 初期Config
- 5. 検証(現状把握)
- 6. 検証(Unified MPLSの定義)
- 7. 最終Config
- 8. 参考URL
1. BGP-LU
IP prefix が OSPF や IS-IS などの IGP を介して学習する場合、LDP、RSVP、およびSR がMPLS ラベルを割り当てます。 ただし、IP prefix が BGP を介して学習される場合、BGP のみが MPLS ラベルを割り当てることができます。 IPv4 または IPv6 unicast prefix の BGPによるラベルの割り当てのことを、BGP-LUと言います。
雑に言うと、BGPでIP(IPv4 or IPv6)をMPLSで使えるようにlabel付をしてSP網内の転送に使う。
2. Unified MPLS
Seamless MPLS とも呼ばれます。
juniperのホワイトペーパーも分かりやすかったです。
Access Node(AN) , Transport Node (TN), Border Node (BN)の略です。
何が良いのかと言うと、IGPのスケールを小さくしつつ収容するノードの拡張性があることです。
最初この類の図を見た時に拡張性があると言われてもいまいちピンときませんでしたが、Cisco-live資料を読むと理解できました。
3. Topology
CE-PE-P-PE-CE を含めた2面の最小構成としました。
Route Distinguisher (RD)は、運用管理上はローカルサイトとリモートサイトで統一した方が分かりやすくて良いのですが、 ここでは敢えて分けました。RD は『ローカルルータ内での VRF を識別するため』にそのルータだけで使われる情報である というのを強調したかったからです。
また、Route-Target (RT)はimportするRTとexportするRTの関連性が分かるようにしました。
4. 初期Config
a_N1のconfig
hostname a_N1
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
address-family ipv6 unicast
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface 'Loopback.*'
passive
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
!
end-group
!
vrf A
rd 1.1.1.1:100
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
address-family ipv6 unicast
import route-target
400:2
!
export route-target
300:2
!
!
!
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
ipv6 address 1125:1:1:1::1/128
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.2.1 255.255.255.0
ipv6 address 1125:1:2::1/64
!
interface GigabitEthernet0/0/0/1
vrf A
ipv4 address 10.10.20.1 255.255.255.0
ipv6 address 1125:1010:20::1/64
!
route-policy PASS
pass
end-policy
!
router isis AGG
apply-group CCIE-ISIS
net 49.0001.0000.0000.0001.00
instance-id 1001
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
address-family ipv6 unicast
prefix-sid index 1001
!
!
interface GigabitEthernet0/0/0/0
!
!
router bgp 65001
bgp router-id 1.1.1.1
address-family ipv4 unicast
network 1.1.1.1/32
allocate-label all
!
address-family vpnv4 unicast
!
address-family ipv6 unicast
network 1125:1:1:1::1/128
allocate-label all
!
address-family vpnv6 unicast
!
neighbor 2.2.2.2
remote-as 65001
update-source Loopback0
address-family ipv4 labeled-unicast
!
address-family vpnv4 unicast
!
!
neighbor 1125:2:2:2::2
remote-as 65001
update-source Loopback0
address-family ipv6 labeled-unicast
!
address-family vpnv6 unicast
!
!
vrf A
rd 1.1.1.1:100
address-family ipv4 unicast
redistribute connected
!
address-family ipv6 unicast
redistribute connected
!
neighbor 10.10.20.2
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
neighbor 1125:1010:20::2
remote-as 100
address-family ipv6 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
end
a_N2のconfig
hostname a_N2 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! address-family ipv6 unicast segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! address-family ipv6 unicast ! ! interface 'Loopback.*' passive address-family ipv4 unicast ! address-family ipv6 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 2.2.2.2 255.255.255.255 ipv6 address 1125:2:2:2::2/128 ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.2.2 255.255.255.0 ipv6 address 1125:1:2::2/64 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.2 255.255.255.0 ipv6 address 1125:2:3::2/64 ! router isis AGG apply-group CCIE-ISIS net 49.0001.0000.0000.0002.00 instance-id 1001 interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! address-family ipv6 unicast prefix-sid index 1002 ! ! interface GigabitEthernet0/0/0/0 ! ! router isis CORE apply-group CCIE-ISIS net 49.0002.0000.0000.0002.00 instance-id 1000 interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! address-family ipv6 unicast prefix-sid index 1002 ! ! interface GigabitEthernet0/0/0/1 ! ! router bgp 65001 bgp router-id 2.2.2.2 address-family ipv4 unicast network 2.2.2.2/32 allocate-label all ! address-family vpnv4 unicast ! address-family ipv6 unicast network 1125:2:2:2::2/128 allocate-label all ! address-family vpnv6 unicast ! neighbor-group RRC_AGG remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast route-reflector-client ! address-family vpnv4 unicast route-reflector-client ! ! neighbor-group RRC_CORE remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast route-reflector-client ! address-family vpnv4 unicast route-reflector-client ! ! neighbor-group RRCV6_AGG remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast route-reflector-client ! address-family vpnv6 unicast route-reflector-client ! ! neighbor-group RRCV6_CORE remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast route-reflector-client ! address-family vpnv6 unicast route-reflector-client ! ! neighbor 1.1.1.1 use neighbor-group RRC_AGG ! neighbor 3.3.3.3 use neighbor-group RRC_CORE ! neighbor 1125:1:1:1::1 use neighbor-group RRCV6_AGG ! neighbor 1125:3:3:3::3 use neighbor-group RRCV6_CORE ! ! end
a_N3のconfig
hostname a_N3
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
address-family ipv6 unicast
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface 'Loopback.*'
passive
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
!
end-group
!
vrf B
rd 3.3.3.3:200
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
address-family ipv6 unicast
import route-target
300:2
!
export route-target
400:2
!
!
!
interface Loopback0
ipv4 address 3.3.3.3 255.255.255.255
ipv6 address 1125:3:3:3::3/128
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.2.3.3 255.255.255.0
ipv6 address 1125:2:3::3/64
!
interface GigabitEthernet0/0/0/1
vrf B
ipv4 address 10.10.80.1 255.255.255.0
ipv6 address 1125:1010:80::1/64
!
route-policy PASS
pass
end-policy
!
router isis CORE
apply-group CCIE-ISIS
net 49.0002.0000.0000.0003.00
instance-id 1000
interface Loopback0
address-family ipv4 unicast
prefix-sid index 3
!
address-family ipv6 unicast
prefix-sid index 1003
!
!
interface GigabitEthernet0/0/0/0
!
!
router bgp 65001
bgp router-id 3.3.3.3
address-family ipv4 unicast
network 3.3.3.3/32
allocate-label all
!
address-family vpnv4 unicast
!
address-family ipv6 unicast
network 1125:3:3:3::3/128
allocate-label all
!
address-family vpnv6 unicast
!
neighbor 2.2.2.2
remote-as 65001
update-source Loopback0
address-family ipv4 labeled-unicast
!
address-family vpnv4 unicast
!
!
neighbor 1125:2:2:2::2
remote-as 65001
update-source Loopback0
address-family ipv6 labeled-unicast
!
address-family vpnv6 unicast
!
!
vrf B
rd 3.3.3.3:200
address-family ipv4 unicast
redistribute connected
!
address-family ipv6 unicast
redistribute connected
!
neighbor 10.10.80.2
remote-as 200
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
neighbor 1125:1010:80::2
remote-as 200
address-family ipv6 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
end
a_CE1のconfig
hostname a_CE1 ! ipv6 unicast-routing ! interface Loopback0 ip address 100.100.100.100 255.255.255.255 ipv6 address 1125:100:100:100::100/128 ! interface GigabitEthernet1 ip address 10.10.20.2 255.255.255.0 ipv6 address 1125:1010:20::2/64 ! router bgp 100 bgp router-id 100.100.100.100 bgp log-neighbor-changes neighbor 10.10.20.1 remote-as 65001 neighbor 1125:1010:20::1 remote-as 65001 ! address-family ipv4 network 100.100.100.100 mask 255.255.255.255 neighbor 10.10.20.1 activate exit-address-family ! address-family ipv6 network 1125:100:100:100::100/128 neighbor 1125:1010:20::1 activate exit-address-family ! end
a_CE2のconfig
hostname a_CE2 ! ipv6 unicast-routing ! interface Loopback0 ip address 200.200.200.200 255.255.255.255 ipv6 address 1125:200:200:200::200/128 ! interface GigabitEthernet1 ip address 10.10.80.2 255.255.255.0 ipv6 address 1125:1010:80::2/64 ! router bgp 200 bgp router-id 200.200.200.200 bgp log-neighbor-changes neighbor 10.10.80.1 remote-as 65001 neighbor 1125:1010:80::1 remote-as 65001 ! address-family ipv4 network 200.200.200.200 mask 255.255.255.255 neighbor 10.10.80.1 activate exit-address-family ! address-family ipv6 network 1125:200:200:200::200/128 neighbor 1125:1010:80::1 activate exit-address-family !
5. 検証(現状把握)
2domain構成(CORE:Instance-ID 1000、AGG:Instance-ID 1001)とします。
IGPのスケールを小さくしたいので各domain同士のredistributeはしません。
a_N1には他ドメインであるa_N3のRouting情報は存在しません。逆もまた然り。
RP/0/RP0/CPU0:a_N1#show route
Sun Jan 8 12:42:50.023 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path
Gateway of last resort is not set
L 1.1.1.1/32 is directly connected, 1d03h, Loopback0
i L2 2.2.2.2/32 [115/10] via 10.1.2.2, 10:53:47, GigabitEthernet0/0/0/0
C 10.1.2.0/24 is directly connected, 1d03h, GigabitEthernet0/0/0/0
L 10.1.2.1/32 is directly connected, 1d03h, GigabitEthernet0/0/0/0
RP/0/RP0/CPU0:a_N1#
無論、LFIBにもa_N3のラベル情報は存在しません。逆もまた然り。
両domainに所属のa_N2のみが両方のRouting情報を持っています。
RP/0/RP0/CPU0:a_N2#show route
Sun Jan 8 12:49:21.909 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path
Gateway of last resort is not set
i L2 1.1.1.1/32 [115/10] via 10.1.2.1, 11:00:14, GigabitEthernet0/0/0/0
L 2.2.2.2/32 is directly connected, 1d03h, Loopback0
i L2 3.3.3.3/32 [115/10] via 10.2.3.3, 10:53:23, GigabitEthernet0/0/0/1
C 10.1.2.0/24 is directly connected, 1d02h, GigabitEthernet0/0/0/0
L 10.1.2.2/32 is directly connected, 1d02h, GigabitEthernet0/0/0/0
C 10.2.3.0/24 is directly connected, 1d02h, GigabitEthernet0/0/0/1
L 10.2.3.2/32 is directly connected, 1d02h, GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:a_N2#
無論、LFIBにも両方のラベル情報を持っています。
RP/0/RP0/CPU0:a_N2#show mpls forwarding
Sun Jan 8 12:50:21.608 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16001 Pop SR Pfx (idx 1) Gi0/0/0/0 10.1.2.1 66100
16003 Pop SR Pfx (idx 3) Gi0/0/0/1 10.2.3.3 72783
17001 Pop SR Pfx (idx 1001) Gi0/0/0/0 fe80::5200:ff:fe19:3 \
87266
17003 Pop SR Pfx (idx 1003) Gi0/0/0/1 fe80::5200:ff:fe1b:3 \
98683
24000 Pop SR Adj (idx 1) Gi0/0/0/0 10.1.2.1 0
24001 Pop SR Adj (idx 3) Gi0/0/0/0 10.1.2.1 0
24002 Pop SR Adj (idx 1) Gi0/0/0/0 fe80::5200:ff:fe19:3 \
0
24003 Pop SR Adj (idx 3) Gi0/0/0/0 fe80::5200:ff:fe19:3 \
0
24004 Pop SR Adj (idx 1) Gi0/0/0/1 10.2.3.3 0
24005 Pop SR Adj (idx 3) Gi0/0/0/1 10.2.3.3 0
24006 Pop SR Adj (idx 1) Gi0/0/0/1 fe80::5200:ff:fe1b:3 \
0
24007 Pop SR Adj (idx 3) Gi0/0/0/1 fe80::5200:ff:fe1b:3 \
0
24008 Aggregate default: Per-VRF Aggr[V] \
default 0
RP/0/RP0/CPU0:a_N2#
BGPの状態を確認します。 CE-PE間はeBGPがEstablishしています。
a_CE1#show bgp all neighbors | i BGP BGP neighbor is 10.10.20.1, remote AS 65001, external link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) BGP neighbor is 1125:1010:20::1, remote AS 65001, external link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) BGP neighbor is 10.10.20.1, remote AS 65001, external link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) BGP neighbor is 1125:1010:20::1, remote AS 65001, external link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) a_CE1#
PE(a_N1)からCEを見るとeBGPがEstablishしています。
RP/0/RP0/CPU0:a_N1#show bgp vrf A neighbors | i BGP Mon Jan 9 02:44:51.750 UTC BGP neighbor is 10.10.20.2, vrf A BGP state = Established, up for 1d00h BGP neighbor version 61 BGP neighbor is 1125:1010:20::2, vrf A BGP state = Established, up for 1d00h BGP neighbor version 57 RP/0/RP0/CPU0:a_N1#
逆サイドのCE-PE間もeBGPがEstablishしています。
a_CE2#show bgp all neighbors | i BGP BGP neighbor is 10.10.80.1, remote AS 65001, external link BGP version 4, remote router ID 3.3.3.3 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) BGP neighbor is 1125:1010:80::1, remote AS 65001, external link BGP version 4, remote router ID 3.3.3.3 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) BGP neighbor is 10.10.80.1, remote AS 65001, external link BGP version 4, remote router ID 3.3.3.3 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) BGP neighbor is 1125:1010:80::1, remote AS 65001, external link BGP version 4, remote router ID 3.3.3.3 BGP state = Established, up for 1d00h External BGP neighbor configured for connected checks (single-hop no-disable-connected-check) a_CE2#
PE(a_N3)からCEを見るとeBGPがEstablishしています。
RP/0/RP0/CPU0:a_N3#show bgp vrf B neighbors | i BGP Mon Jan 9 02:51:20.460 UTC BGP neighbor is 10.10.80.2, vrf B BGP state = Established, up for 1d00h BGP neighbor version 76 BGP neighbor is 1125:1010:80::2, vrf B BGP state = Established, up for 1d00h BGP neighbor version 56 RP/0/RP0/CPU0:a_N3#
PE-P-PE間もiBGPがEstablishしています。
RP/0/RP0/CPU0:a_N2#show bgp all all neighbors | i BGP Mon Jan 9 02:54:14.486 UTC BGP neighbor is 1.1.1.1 BGP state = Established, up for 12:54:43 BGP neighbor version 25 BGP neighbor version 65 BGP neighbor is 3.3.3.3 BGP state = Established, up for 12:54:49 BGP neighbor version 25 BGP neighbor version 65 BGP neighbor is 1125:1:1:1::1 BGP state = Established, up for 12:54:49 BGP neighbor version 31 BGP neighbor version 57 BGP neighbor is 1125:3:3:3::3 BGP state = Established, up for 12:54:45 BGP neighbor version 31 BGP neighbor version 57 RP/0/RP0/CPU0:a_N2#
vpnv4とvpnv6もiBGPがEstablishしています。
RP/0/RP0/CPU0:a_N2#show bgp vpnv4 unicast summary Mon Jan 9 03:20:22.434 UTC BGP router identifier 2.2.2.2, local AS number 65001 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 65 BGP NSR Initial initsync version 1 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 65 65 65 65 65 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 1.1.1.1 0 65001 1534 1609 65 0 0 13:20:51 2 3.3.3.3 0 65001 1517 1610 65 0 0 13:20:57 2 RP/0/RP0/CPU0:a_N2# RP/0/RP0/CPU0:a_N2#show bgp vpnv6 unicast summary Mon Jan 9 03:20:27.172 UTC BGP router identifier 2.2.2.2, local AS number 65001 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 57 BGP NSR Initial initsync version 1 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 57 57 57 57 57 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 1125:1:1:1::1 0 65001 1531 1614 57 0 0 13:21:01 2 1125:3:3:3::3 0 65001 1517 1608 57 0 0 13:20:58 2 RP/0/RP0/CPU0:a_N2#
一旦現状のBGPステータスをまとめます。
ここで誤解して欲しくないことは、PE(a_N1)-P(a_N2)がPeering成功、PE(a_N3)-P(a_N2)がPeering成功しているからといって
PE(a_N1)-PE(a_N3)のPeeringが必ずしも成立するとは言えないということです。
何故ならば、今回の構成においてはIGP(IS-IS)が異なるInstanceであるがためにPE(a_N1)-PE(a_N3)間は通信できません。
つまり、a_N1とa_N3は同じAS65001に所属しているにもかかわらず通信することができません。
そこで登場するのが、BGP-LUやUnified MPLS(別名:Seamless MPLS)です。
Unified MPLSを実装するにあたり、SPネットワーク(a_N1、a_N2、a_N3)のインターフェースでLDPを有効にする必要があります。 今回はSegment Routing を使うため、LDPの定義を個別にしたり、IGPで mpls ldp auto-configを定義する必要はありません。 Segment Routing が有効なインターフェースではLDPが有効になるためです。
RP/0/RP0/CPU0:a_N1#show mpls interfaces Mon Jan 9 05:58:52.293 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 No No No Yes RP/0/RP0/CPU0:a_N1#
RP/0/RP0/CPU0:a_N2#show mpls interfaces Mon Jan 9 05:59:30.676 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 No No No Yes GigabitEthernet0/0/0/1 No No No Yes RP/0/RP0/CPU0:a_N2#
RP/0/RP0/CPU0:a_N3#show mpls interfaces Mon Jan 9 05:59:40.929 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 No No No Yes RP/0/RP0/CPU0:a_N3#
6. 検証(Unified MPLSの定義)
冒頭で説明した通り、BGPによるMPLSラベル割り当てを行います。
PE(a_N1)、P(a_N2)、PE(a_N3)でBGP-LUの定義をします。
IPv4/IPv6 unicast SAFIにallocate-label allを定義します。
router bgp 65001 bgp router-id 1.1.1.1 address-family ipv4 unicast network 1.1.1.1/32 allocate-label all ! address-family vpnv4 unicast ! address-family ipv6 unicast network 1125:1:1:1::1/128 allocate-label all ! address-family vpnv6 unicast !
また、IPv4/IPv6 ラベル付きユニキャストも定義します。address-family ipvX labeled-unicast
neighbor 2.2.2.2 remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast ! address-family vpnv4 unicast ! ! neighbor 1125:2:2:2::2 remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast ! address-family vpnv6 unicast ! !
BGP-LUの定義はこれだけです。
iBGPはnext-hopを変更しないという決まりがあります。先ほど触れたように、a_N1とa_N3は同じAS65001に所属しているにもかかわらず通信することができません。
以下にオンラインヘルプの説明を参考までに載せておきます。
RP/0/RP0/CPU0:a_N2(config-bgp-nbr-af)#? next-hop-self Disable the next hop calculation for this neighbor
ここで、RR(a_N2)に”next-hop-self ”を定義します。
neighbor-group RRC_CORE remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv4 unicast route-reflector-client next-hop-self ! ! neighbor-group RRCV6_CORE remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv6 unicast route-reflector-client next-hop-self ! ! neighbor 3.3.3.3 use neighbor-group RRC_CORE ! neighbor 1125:3:3:3::3 use neighbor-group RRCV6_CORE ! !
(。´・ω・)ん?”next-hop-self ”効かなくない?
BGP の実装として、BGP Router Reflector から iBGP peer に対してアドバタイズしている経路情報に対して Routing Loop を回避するために、iBGP session に対しては attribute の変更が行われません。
また、こんなCCOも見つけました! www.cisco.com
ということで、現在の構成ではRoute-Refrectorで、next-hop-self を機能させるためには、
”ibgp policy out enforce-modificationsコマンド”が必要になります。
router bgp 65001 bgp router-id 2.2.2.2 ibgp policy out enforce-modifications address-family ipv4 unicast network 2.2.2.2/32 allocate-label all
おぉ!きたこれ!
PE(a_N3)のルーティングテーブルにa_N1's Loopbackの情報が入ってきました。
RP/0/RP0/CPU0:a_N3#show route
Sun Jan 8 14:25:44.657 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path
Gateway of last resort is not set
B 1.1.1.1/32 [200/0] via 2.2.2.2, 00:03:21
i L2 2.2.2.2/32 [115/10] via 10.2.3.2, 12:29:39, GigabitEthernet0/0/0/0
L 3.3.3.3/32 is directly connected, 1d05h, Loopback0
C 10.2.3.0/24 is directly connected, 1d03h, GigabitEthernet0/0/0/0
L 10.2.3.3/32 is directly connected, 1d03h, GigabitEthernet0/0/0/0
RP/0/RP0/CPU0:a_N3#
LFIBにも情報が入ってきました。
RP/0/RP0/CPU0:a_N3#show mpls forwarding
Sun Jan 8 14:28:25.626 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16002 Pop SR Pfx (idx 2) Gi0/0/0/0 10.2.3.2 88835
17002 Pop SR Pfx (idx 1002) Gi0/0/0/0 fe80::5200:ff:fe1a:4 \
116370
24000 Aggregate default: Per-VRF Aggr[V] \
default 0
24001 Aggregate B: Per-VRF Aggr[V] B 864
24002 Aggregate B: Per-VRF Aggr[V] B 684
24003 Pop SR Adj (idx 1) Gi0/0/0/0 10.2.3.2 0
24004 Pop SR Adj (idx 3) Gi0/0/0/0 10.2.3.2 0
24005 Pop SR Adj (idx 1) Gi0/0/0/0 fe80::5200:ff:fe1a:4 \
0
24006 Pop SR Adj (idx 3) Gi0/0/0/0 fe80::5200:ff:fe1a:4 \
0
24007 Unlabelled 200.200.200.200/32[V] \
Gi0/0/0/1 10.10.80.2 0
24008 Unlabelled 1125:200:200:200::200/128[V] \
Gi0/0/0/1 fe80::5200:ff:fe1d:0 \
2544
24010 24009 1.1.1.1/32 2.2.2.2 0
RP/0/RP0/CPU0:a_N3#
IS-ISのCOREドメインに対して定義しました。もう一方のAGGドメインに対しても同様に”next-hop-self ”を定義します。
neighbor-group RRC_AGG remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv4 unicast route-reflector-client next-hop-self ! ! neighbor-group RRCV6_AGG remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv6 unicast route-reflector-client next-hop-self ! ! neighbor 1.1.1.1 use neighbor-group RRC_AGG ! neighbor 1125:1:1:1::1 use neighbor-group RRCV6_AGG !
PE(a_N1)のルーティングテーブルにa_N3's Loopbackの情報が入ってきました。
RP/0/RP0/CPU0:a_N1#show route | b Gate Mon Jan 9 00:04:36.347 UTC Gateway of last resort is not set L 1.1.1.1/32 is directly connected, 1d15h, Loopback0 i L2 2.2.2.2/32 [115/10] via 10.1.2.2, 22:15:33, GigabitEthernet0/0/0/0 B 3.3.3.3/32 [200/0] via 2.2.2.2, 00:02:47 C 10.1.2.0/24 is directly connected, 1d15h, GigabitEthernet0/0/0/0 L 10.1.2.1/32 is directly connected, 1d15h, GigabitEthernet0/0/0/0 RP/0/RP0/CPU0:a_N1#
LFIBにも情報が入ってきました。
RP/0/RP0/CPU0:a_N1#show mpls forwarding
Mon Jan 9 00:04:42.513 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16002 Pop SR Pfx (idx 2) Gi0/0/0/0 10.1.2.2 140834
17002 Pop SR Pfx (idx 1002) Gi0/0/0/0 fe80::5200:ff:fe1a:3 \
198094
24000 Aggregate default: Per-VRF Aggr[V] \
default 0
24001 Aggregate A: Per-VRF Aggr[V] A 1140
24002 Aggregate A: Per-VRF Aggr[V] A 904
24003 Pop SR Adj (idx 1) Gi0/0/0/0 10.1.2.2 0
24004 Pop SR Adj (idx 3) Gi0/0/0/0 10.1.2.2 0
24005 Pop SR Adj (idx 1) Gi0/0/0/0 fe80::5200:ff:fe1a:3 \
0
24006 Pop SR Adj (idx 3) Gi0/0/0/0 fe80::5200:ff:fe1a:3 \
0
24007 Unlabelled 100.100.100.100/32[V] \
Gi0/0/0/1 10.10.20.2 0
24008 Unlabelled 1125:100:100:100::100/128[V] \
Gi0/0/0/1 fe80::5200:ff:fe1c:0 \
2832
24010 24010 3.3.3.3/32 2.2.2.2 0
RP/0/RP0/CPU0:a_N1#
CEのルーティングテーブルにも対向のCE情報が入ってきました。
a_CE1#show ip route | b Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.20.0/24 is directly connected, GigabitEthernet1
L 10.10.20.2/32 is directly connected, GigabitEthernet1
B 10.10.80.0/24 [20/0] via 10.10.20.1, 00:10:14
100.0.0.0/32 is subnetted, 1 subnets
C 100.100.100.100 is directly connected, Loopback0
200.200.200.0/32 is subnetted, 1 subnets
B 200.200.200.200 [20/0] via 10.10.20.1, 00:10:14
a_CE1#
CE-CE間の疎通も確認できました。
a_CE1#ping 200.200.200.200 source 100.100.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds: Packet sent with a source address of 100.100.100.100 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms a_CE1# a_CE1#traceroute 200.200.200.200 source 100.100.100.100 Type escape sequence to abort. Tracing the route to 200.200.200.200 VRF info: (vrf in name/id, vrf out name/id) 1 10.10.20.1 [AS 65001] 6 msec 2 msec 1 msec 2 10.1.2.2 [MPLS: Label 24014 Exp 0] 12 msec 2 msec 2 msec 3 10.2.3.3 [MPLS: Label 24007 Exp 0] 4 msec 3 msec 3 msec 4 10.10.80.2 [AS 65001] 4 msec * 11 msec a_CE1#
7. 最終Config
a_N1のconfig
hostname a_N1
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
address-family ipv6 unicast
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface 'Loopback.*'
passive
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
!
end-group
!
vrf A
rd 1.1.1.1:100
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
address-family ipv6 unicast
import route-target
400:2
!
export route-target
300:2
!
!
!
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
ipv6 address 1125:1:1:1::1/128
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.2.1 255.255.255.0
ipv6 address 1125:1:2::1/64
!
interface GigabitEthernet0/0/0/1
vrf A
ipv4 address 10.10.20.1 255.255.255.0
ipv6 address 1125:1010:20::1/64
!
route-policy PASS
pass
end-policy
!
router isis AGG
apply-group CCIE-ISIS
net 49.0001.0000.0000.0001.00
instance-id 1001
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
address-family ipv6 unicast
prefix-sid index 1001
!
!
interface GigabitEthernet0/0/0/0
!
!
router bgp 65001
bgp router-id 1.1.1.1
address-family ipv4 unicast
network 1.1.1.1/32
allocate-label all
!
address-family vpnv4 unicast
!
address-family ipv6 unicast
network 1125:1:1:1::1/128
allocate-label all
!
address-family vpnv6 unicast
!
neighbor 2.2.2.2
remote-as 65001
update-source Loopback0
address-family ipv4 labeled-unicast
!
address-family vpnv4 unicast
!
!
neighbor 1125:2:2:2::2
remote-as 65001
update-source Loopback0
address-family ipv6 labeled-unicast
!
address-family vpnv6 unicast
!
!
vrf A
rd 1.1.1.1:100
address-family ipv4 unicast
redistribute connected
!
address-family ipv6 unicast
redistribute connected
!
neighbor 10.10.20.2
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
neighbor 1125:1010:20::2
remote-as 100
address-family ipv6 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
end
a_N2のconfig
hostname a_N2 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! address-family ipv6 unicast segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! address-family ipv6 unicast ! ! interface 'Loopback.*' passive address-family ipv4 unicast ! address-family ipv6 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 2.2.2.2 255.255.255.255 ipv6 address 1125:2:2:2::2/128 ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.2.2 255.255.255.0 ipv6 address 1125:1:2::2/64 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.2 255.255.255.0 ipv6 address 1125:2:3::2/64 ! router isis AGG apply-group CCIE-ISIS net 49.0001.0000.0000.0002.00 instance-id 1001 interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! address-family ipv6 unicast prefix-sid index 1002 ! ! interface GigabitEthernet0/0/0/0 ! ! router isis CORE apply-group CCIE-ISIS net 49.0002.0000.0000.0002.00 instance-id 1000 interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! address-family ipv6 unicast prefix-sid index 1002 ! ! interface GigabitEthernet0/0/0/1 ! ! router bgp 65001 bgp router-id 2.2.2.2 ibgp policy out enforce-modifications address-family ipv4 unicast network 2.2.2.2/32 allocate-label all ! address-family vpnv4 unicast ! address-family ipv6 unicast network 1125:2:2:2::2/128 allocate-label all ! address-family vpnv6 unicast ! neighbor-group RRC_AGG remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv4 unicast route-reflector-client next-hop-self ! ! neighbor-group RRC_CORE remote-as 65001 update-source Loopback0 address-family ipv4 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv4 unicast route-reflector-client next-hop-self ! ! neighbor-group RRCV6_AGG remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv6 unicast route-reflector-client next-hop-self ! ! neighbor-group RRCV6_CORE remote-as 65001 update-source Loopback0 address-family ipv6 labeled-unicast route-reflector-client next-hop-self ! address-family vpnv6 unicast route-reflector-client next-hop-self ! ! neighbor 1.1.1.1 use neighbor-group RRC_AGG ! neighbor 3.3.3.3 use neighbor-group RRC_CORE ! neighbor 1125:1:1:1::1 use neighbor-group RRCV6_AGG ! neighbor 1125:3:3:3::3 use neighbor-group RRCV6_CORE ! ! end
a_N3のconfig
hostname a_N3
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
address-family ipv6 unicast
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface 'Loopback.*'
passive
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
!
end-group
!
vrf B
rd 3.3.3.3:200
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
address-family ipv6 unicast
import route-target
300:2
!
export route-target
400:2
!
!
!
interface Loopback0
ipv4 address 3.3.3.3 255.255.255.255
ipv6 address 1125:3:3:3::3/128
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.2.3.3 255.255.255.0
ipv6 address 1125:2:3::3/64
!
interface GigabitEthernet0/0/0/1
vrf B
ipv4 address 10.10.80.1 255.255.255.0
ipv6 address 1125:1010:80::1/64
!
route-policy PASS
pass
end-policy
!
router isis CORE
apply-group CCIE-ISIS
net 49.0002.0000.0000.0003.00
instance-id 1000
interface Loopback0
address-family ipv4 unicast
prefix-sid index 3
!
address-family ipv6 unicast
prefix-sid index 1003
!
!
interface GigabitEthernet0/0/0/0
!
!
router bgp 65001
bgp router-id 3.3.3.3
address-family ipv4 unicast
network 3.3.3.3/32
allocate-label all
!
address-family vpnv4 unicast
!
address-family ipv6 unicast
network 1125:3:3:3::3/128
allocate-label all
!
address-family vpnv6 unicast
!
neighbor 2.2.2.2
remote-as 65001
update-source Loopback0
address-family ipv4 labeled-unicast
!
address-family vpnv4 unicast
!
!
neighbor 1125:2:2:2::2
remote-as 65001
update-source Loopback0
address-family ipv6 labeled-unicast
!
address-family vpnv6 unicast
!
!
vrf B
rd 3.3.3.3:200
address-family ipv4 unicast
redistribute connected
!
address-family ipv6 unicast
redistribute connected
!
neighbor 10.10.80.2
remote-as 200
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
neighbor 1125:1010:80::2
remote-as 200
address-family ipv6 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
end
a_CE1のconfig
hostname a_CE1 ! ipv6 unicast-routing ! interface Loopback0 ip address 100.100.100.100 255.255.255.255 ipv6 address 1125:100:100:100::100/128 ! interface GigabitEthernet1 ip address 10.10.20.2 255.255.255.0 ipv6 address 1125:1010:20::2/64 ! router bgp 100 bgp router-id 100.100.100.100 bgp log-neighbor-changes neighbor 10.10.20.1 remote-as 65001 neighbor 1125:1010:20::1 remote-as 65001 ! address-family ipv4 network 100.100.100.100 mask 255.255.255.255 neighbor 10.10.20.1 activate no neighbor 1125:1010:20::1 activate exit-address-family ! address-family ipv6 network 1125:100:100:100::100/128 neighbor 1125:1010:20::1 activate exit-address-family ! end
a_CE2のconfig
hostname a_CE2 ! ipv6 unicast-routing ! interface Loopback0 ip address 200.200.200.200 255.255.255.255 ipv6 address 1125:200:200:200::200/128 ! interface GigabitEthernet1 ip address 10.10.80.2 255.255.255.0 ipv6 address 1125:1010:80::2/64 ! router bgp 200 bgp router-id 200.200.200.200 bgp log-neighbor-changes neighbor 10.10.80.1 remote-as 65001 neighbor 1125:1010:80::1 remote-as 65001 ! address-family ipv4 network 200.200.200.200 mask 255.255.255.255 neighbor 10.10.80.1 activate no neighbor 1125:1010:80::1 activate exit-address-family ! address-family ipv6 network 1125:200:200:200::200/128 neighbor 1125:1010:80::1 activate exit-address-family !
8. 参考URL
① Unified MPLS Functionality, Features, and Configuration Example
www.cisco.com
② Labeled and Unlabeled Together on one BGP Neighbor on IOS-XR
www.cisco.com
③ IOS-XR: ibgp policy out enforce-modifications コマンドについて
community.cisco.com
④ Configure Unified MPLS in Cisco IOS XR
www.cisco.com
⑤ Unified MPLS
zartmann.dk
⑥ Unified BGP/MPLS
Unified BGP/MPLSjourney2theccie.wordpress.com
⑦ Unified MPLS with Segment Routing Part1
techblog.deragis.ch
⑧ BGP LU - Labeled Unicast - RFC 3107
orhanergun.net
⑨ Segment Routing BGP
y-network.jp
⑩ BUILDING MULTI-GENERATION SCALABLE NETWORKS WITH END-TO-END MPLS https://www.juniper.net/content/dam/www/assets/white-papers/us/en/building-multi-generation-scalable-networks-with-end-to-end.pdf
今回は、AggregationドメインとCoreドメインの2面でしたが、次回はUnified MPLS 3面の検証をします。
最後までお読みいただきありがとうございました!
