Vrf (Rip ,Ospf,Eigrp)
VRF-lite is normally VRF without MPLS.
VRF-lite is normally VRF without MPLS.
Topolijide R2 routeri R3 ve R4 networkleri biliyor ancak R4 ve R3 router sadece aralarındaki networkleri biliyor import export lardan dolayı.
R1:
ip vrf forwarding red
ip address 10.0.0.1 255.255.255.0
!
interface GigabitEthernet1/0
ip vrf forwarding blue
ip address 10.0.1.1 255.255.255.0
!
interface GigabitEthernet2/0
ip vrf forwarding green
ip address 10.0.2.1 255.255.255.0
!
interface GigabitEthernet3/0
ip vrf forwarding pink
ip address 10.0.3.1 255.255.255.0
!
rd 1:1
route-target export 100:100
route-target import 200:200
route-target import 300:300
!
ip vrf blue
rd 2:2
route-target export 200:200
route-target import 300:300
!
ip vrf green
rd 3:3
route-target export 300:300
route-target import 200:200
Rıp:
Router rip
version 2
no auto
address-family ipv4 vrf red
network 10.0.0.0
redistribute bgp 100 metric 5
Eigrp:
router eigrp 1
address-family ipv4 vrf blue autonomous-system 1
network 10.0.0.0
redistribute bgp 100 metric 1 1 1 1 1
Ospf:
router ospf 1 vrf green
network 10.0.2.0 0.0.0.255 area 0
redistribute bgp 100 subnets
BGP;
Router bgp 100
address-family ipv4 vrf red
redistribute rip
address-family ipv4 vrf blue
redistribute eigrp 1 metric 1
address-family ipv4 vrf green
redistribute ospf 1 vrf green
---
ip vrf forwarding red
ip address 10.0.0.1 255.255.255.0
media-type gbic
speed 1000
duplex full
negotiation auto
!
interface GigabitEthernet1/0
ip vrf forwarding blue
ip address 10.0.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet2/0
ip vrf forwarding green
ip address 10.0.2.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet3/0
ip vrf forwarding pink
ip address 10.0.3.1 255.255.255.0
negotiation auto
RD: Route distinguisher network basına bir etiket ekler 1:1 10.0.0.0/8. Route tablolarını ayırır. vpn ipv4 ip addresi(vpnv4 address) 1:1 10.0.0.0/8 olmuştur.
RT: Route Target bazı networkleri gonder (Export), Bazı networkler iceri al (İmport) üsteki rd 1:1 için 2 ye bolecek.
show ip bgp vpn4 all
Vrf ile router üzerinde birden fazla farklı routing table oluşturarak bunların aynı anda çalışması sağlanır. Böylece daha fazla router yerine tek bir cihaz kullanarak farklı routing örneklemleriyle bu işi yapabilir hale online casino getiririz.
Bir diğer kolaylıksa farklı interfacelere aynı ipleri atayabiliyoruz. Nasıl oluyor demeyin. Routing örneklemleri farklı olduğu için aynı ipler çakışmadan yol alabiliyor. Bu routing örneklemleri, mBGP kullanılarak trafikte iletilir.
iki vrf örneklem konfigürasyon:
64bitlik RDnin, ilk 16bit i BGP extended commmunity tipini belirtmek için ayrılmıştır, bu yüzden rd tanımlamak için elimizde 48bit vardır. RD değeri iki farkı şekilde girilebilir.
16bit:32bit (AutonomSistemNumarası:XXX)
32bit:16bit (IpAdresi:XXX)
ip vrf ITUrd 12641:1004289 [rd: Route Distinguisher AS:VPN örneklemi (rd farklı vpn müşterileri tanımlamak için kullanılır.)]
export map itu_vpn
route-target export 12641:1000537 [karşı taraf AS numarası]
route-target import 12641:1000537
vrf”i interface altına uygulama:
interface Loopback1004289
ip vrf forwarding ITU
ip address 192.168.1.1 255.255.255.255
no clns route-cache
ip vrf forwarding ITU
ip address 192.168.1.1 255.255.255.255
no clns route-cache
2. vrf
ip vrf ODTU
rd 12641:1005907
route-target export 12641:1000690
route-target import 12641:1000690
rd 12641:1005907
route-target export 12641:1000690
route-target import 12641:1000690
interface Loopback1005907
ip vrf forwarding ODTU
ip address 192.168.1.1 255.255.255.255
no clns route-cache
ip vrf forwarding ODTU
ip address 192.168.1.1 255.255.255.255
no clns route-cache
Router içinde router anlamına gelir . Bazı interfaceleri sadece vrf name lerine göre izole eder.
BGP protokolün de routerler da prefix yönetiminde attributelar kullanır, bunlardan biriside community attribute dur. extended community mplsvpn için kullanılan sayısal ifadelerdir 4 byte yer tutar diye hatırlıyorum.
Sen bir SP ol ve A adında bir müşterin olsun. bu müşterinin fiziksel anlamda farklı lokasyonlarda 2 şubesi olsun. lokasyon isimleri de X ve Y olsun.
senin X lokasyonun da bulunan routerin RX , Y lokasyonundaki de RY olsun. müşteri için oluşturacağın vrf adı VRFA.
NOT:RX ve RY Provider Edge pozisyonundadır
RX te vrf oluşturuyoruz
vrf adı: VRFA
RD = 100:100( lokal değerdir)
RT import = 200:200 export 300:300
RY de vrf oluşturuyoruz
vrf adı: VRFA
RD = 150:100 ( lokal değerdir)
RT import =300:300 export= 200:200
bu şu anlama geliyor diyorsunki RX senin VRFA daki route ların varya ( tabi bu arada bgp üzerinden PE ler arası vpn kurmuş var sayıyoruz) bunları BGP ile vpn kurduğum RY ye gönderirken 300:300 extended community ile gönder.
sonra RY ye de şunu demiş oluyoruz. Bak sevgili RY sana 300:300 ile gelen prefixleri VRFA tablosuna al ! aynısı tam tersi içinde geçerlidir, fakat, RY 200:200 ile gönderirken RX 200:200 ile VRFA ya aktaracak.
Mpls vpn aglarda ayni private subnetler kullanilabilir. Bunlari birbirinden ayirt etmek icin rd'yi kullanirsin.
192.168.1.0/24
Rd 192.168.1.0:10 = 96bit vpnv4 ip adresi gibi.
Rt ise Pe routerlar uzerinde export import islemleri icin kullanilir.
Rd değeri ile aynı subnetler ayrışabiliyor
.
MPLS RTyi IBGP ile öğrendiği rotları PE üzerindeki hangi VRF üzerine aktaracağını belirlemek için kullanır. Export edilen rotaları import ile öğrenebiliriz.
Örnek topolojide
vrf ler oluşturulur.
ip vrf blue
!
ip vrf red
interface Loopback10
ip vrf forwarding red
ip address 10.10.10.10 255.255.255.0
!
interface Loopback20
ip vrf forwarding blue
ip address 20.20.20.20 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding red
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding blue
ip address 192.168.1.1 255.255.255.0
---
ip vrf blue
!
ip vrf red
!
!
interface FastEthernet0/0
ip vrf forwarding red
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf forwarding red
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding blue
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet2/0
ip vrf forwarding blue
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip vrf red
!
!
interface FastEthernet0/0
ip vrf forwarding red
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf forwarding red
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding blue
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet2/0
ip vrf forwarding blue
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
In this lab I’m going to create three VRF’s; one for each site. London is going to be the HQ for each of the branches. The requirement is that London must be able to talk to each of the other branches using OSPF. However, each branch should not be able to talk to each other. So in effect we have a hub and spoke design, with London as the hub, and the other two sites as spokes.
Topology Notes
- Red = Logical connections in terms of VRF connectivity
- Black = Physical connections
Each site just advertises everything into OSPF and connects to the PE switch. The configs for each branch router are provided below.
London# interface Loopback0 ip address 192.168.0.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.2 255.255.255.252 ! router ospf 1 network 0.0.0.0 255.255.255.255 area 0 Newcastle# interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface FastEthernet0/1 ip address 10.0.0.6 255.255.255.252 ! router ospf 1 network 0.0.0.0 255.255.255.255 area 0 Manchester# interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.0.0.10 255.255.255.252 ! router ospf 1 network 0.0.0.0 255.255.255.255 area 0
Now let’s look at the good stuff on PE1. I started off by configuring each of the VRF’s & setting a route distinguisher. I then leaked routes between VRFs as shown below.
ip vrf london rd 65001:1 route-target export 65001:1 route-target import 65001:3 route-target import 65001:2 ! ip vrf manchester rd 65001:3 route-target export 65001:3 route-target import 65001:1 ! ip vrf newcastle rd 65001:2 route-target export 65001:2 route-target import 65001:1
Route Distinguisher’s & Targets
I wanted to start by talking about the Route Distinguisher (RD), and route-target. The RD is a value we use purely for identifying a particular VRF. So if we look at London, I’ve created a VRF RD of 65001:1. The RD is a way to keep routes globally unique (i.e. if the subnets from London were used at Manchester, the router will still be able to distinguish whether the traffic was destined for Manchester or London because of the RD).
The route-target is a way of leaking routes between VRFs. On the London VRF I have exported a route-target with the value of 65001:1. If I want London routes to then be leaked into another VRF, all I have to do is import this route target on the VRF; like I did on Manchester and Newcastle.
There are two ways to name your RD:
rd [ASN]:[Number]
rd [IP Address]:[Number]
rd [IP Address]:[Number]
Either way, it doesn’t matter, just keep them unique per VRF. I usually just use a number from the private bgp ASN range (64512-65535) followed by a number that I make up.
The syntax for writing a route-target is same format as the RD syntax. Note that the route-target does not have to have the same name as the RD.
Next, we need to apply the VRF’s to the relevant interfaces.
interface Loopback100 ip address 7.7.7.7 255.255.255.255 ! interface FastEthernet0/0 ip vrf forwarding london ip address 10.0.0.1 255.255.255.252 ! interface FastEthernet0/1 ip vrf forwarding newcastle ip address 10.0.0.5 255.255.255.252 ! interface FastEthernet1/0 no switchport ip vrf forwarding manchester ip address 10.0.0.9 255.255.255.252
The loopback was created because I’m going enable BGP in just a moment & I’m going to use it for the router-id.
Because the sites want to talk to each other using OSPF, the next step is to enable OSPF on our PE1 interfaces & redistribute OSPF into BGP.
router ospf 1 vrf london network 10.0.0.1 0.0.0.0 area 0 ! router ospf 2 vrf newcastle network 10.0.0.5 0.0.0.0 area 0 ! router ospf 3 vrf manchester network 10.0.0.9 0.0.0.0 area 0 ! router bgp 1 no synchronization no auto-summary ! address-family ipv4 vrf newcastle redistribute connected redistribute ospf 2 vrf newcastle match internal no synchronization exit-address-family ! address-family ipv4 vrf manchester redistribute connected redistribute ospf 3 vrf manchester match internal no synchronization exit-address-family ! address-family ipv4 vrf london redistribute connected redistribute ospf 1 vrf london match internal no synchronization exit-address-family
Note the command: #redistribute ospf 1 vrf london match internal. The command I actually typed was:#redistribute ospf 1 vrf london. The “match internal” was added by default. You may need to include the other parameters if you have external OSPF routes, at some of your sites (maybe you are redistributing EIGRP somewhere in your internal network).
The final stage is to just redistribute BGP into each of the OSPF instances
router ospf 1 vrf london redistribute bgp 1 subnets ! router ospf 2 vrf newcastle redistribute bgp 1 subnets ! router ospf 3 vrf manchester redistribute bgp 1 subnets
Now let’s see how were doing on the old redistribution. I expect London to now learn routes from all three VRFs. So let’s have a look at London’s routing table:
LondonCE#sh ip route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 3 subnets
O E2 10.0.0.8 [110/1] via 10.0.0.1, 02:27:10, FastEthernet0/0
C 10.0.0.0 is directly connected, FastEthernet0/0
O E2 10.0.0.4 [110/1] via 10.0.0.1, 02:27:10, FastEthernet0/0
C 192.168.0.0/24 is directly connected, Loopback0
192.168.1.0/32 is subnetted, 1 subnets
O E2 192.168.1.1 [110/2] via 10.0.0.1, 02:27:10, FastEthernet0/0
192.168.2.0/32 is subnetted, 1 subnets
O E2 192.168.2.1 [110/2] via 10.0.0.1, 02:27:10, FastEthernet0/0
Cool, so we got what we were expecting. Lets just do a quick ping to the LAN IP of each site with a source of lo0 to check they learnt routes back
LondonCE#ping 192.168.2.1 so lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: Packet sent with a source address of 192.168.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/34/44 ms LondonCE#ping 192.168.1.1 so lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Packet sent with a source address of 192.168.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/52 ms
Wikid, the last thing is to just check we didn’t provide connectivity between Newcastle and Manchester.
NewcastleCE# sh ip route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
O E2 10.0.0.0 [110/1] via 10.0.0.5, 02:44:31, FastEthernet0/1
C 10.0.0.4 is directly connected, FastEthernet0/1
192.168.0.0/32 is subnetted, 1 subnets
O E2 192.168.0.1 [110/2] via 10.0.0.5, 02:44:31, FastEthernet0/1
C 192.168.1.0/24 is directly connected, Loopback0
interface Tunnel20
ip vrf forwarding Tapcor
ip address 5.5.5.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 34616
ip nhrp holdtime 300
ip nhrp redirect
no ip split-horizon
tunnel source 1.1.1.2
tunnel mode gre multipoint
tunnel key 34616
!
interface Tunnel30
ip vrf forwarding Tapcor
ip address 6.6.6.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 34617
ip nhrp holdtime 300
ip nhrp redirect
no ip split-horizon
tunnel source 2.2.2.2
tunnel mode gre multipoint
tunnel key 34617
!
interface FastEthernet0/0
ip vrf forwarding Tapcor
ip address 192.168.1.1 255.255.255.0
duplex full
!
interface GigabitEthernet1/0
ip address 2.2.2.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet2/0
ip address 1.1.1.2 255.255.255.0
shutdown
negotiation auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
!
router eigrp 20
!
address-family ipv4 vrf Tapcor
redistribute bgp 65500
network 5.0.0.0
network 6.0.0.0
network 192.168.1.0
network 192.168.3.0
auto-summary
autonomous-system 20
exit-address-family
network 192.168.3.0
auto-summary
!
ip route 3.3.3.2 255.255.255.255 1.1.1.1
ip route 3.3.3.2 255.255.255.255 2.2.2.1 2
ip route 5.5.5.2 255.255.255.255 1.1.1.1
ip route 5.5.5.2 255.255.255.255 2.2.2.1 2
ip route 10.1.1.254 255.255.255.255 7.7.7.2
R2:
!
interface Tunnel20
ip address 5.5.5.2 255.255.255.0
no ip redirects
ip nhrp map multicast 1.1.1.2
ip nhrp map 5.5.5.1 1.1.1.2
ip nhrp network-id 34616
ip nhrp holdtime 300
ip nhrp nhs 5.5.5.1
ip nhrp shortcut
ip nhrp redirect
tunnel source 3.3.3.2
tunnel mode gre multipoint
tunnel key 34616
!
interface Tunnel30
ip address 6.6.6.2 255.255.255.0
no ip redirects
ip nhrp map multicast 2.2.2.2
ip nhrp map 6.6.6.1 2.2.2.2
ip nhrp network-id 34617
ip nhrp holdtime 300
ip nhrp nhs 6.6.6.1
ip nhrp shortcut
ip nhrp redirect
tunnel source 3.3.3.2
tunnel mode gre multipoint
tunnel key 34617
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex full
!
interface GigabitEthernet1/0
ip address 3.3.3.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet2/0
ip address 4.4.4.2 255.255.255.0
negotiation auto
!
!
router eigrp 20
network 5.0.0.0
network 6.0.0.0
network 192.168.2.0
!
ip route 0.0.0.0 0.0.0.0 3.3.3.1
Using some the features of PE routers, you can overcome this limitation by using BGP to redistribute between them.
Below is the diagram that we will be using for this config. What we will do is configure R3 to redistribute routes between VRF RED and VRF BLUE to enable connectivity.
R7 and R8 are just basic configs like you would do on an ordinary router
Basic R7 Configuration:
!
interface Loopback0
ip address 10.1.7.7 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.37.7 255.255.255.0
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
!
interface Loopback0
ip address 10.1.7.7 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.37.7 255.255.255.0
!
router eigrp 100
network 10.0.0.0
no auto-summary
!
Basic R8 Configuration:
!
interface Loopback0
ip address 10.1.8.8 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.38.8 255.255.255.0
!
router eigrp 200
network 10.0.0.0
no auto-summary
!
!
interface Loopback0
ip address 10.1.8.8 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.38.8 255.255.255.0
!
router eigrp 200
network 10.0.0.0
no auto-summary
!
Now when it comes to R3, we need to be a little creative. Here we will place the interfaces in the appropriate VRFs and configure EIGRP and BGP.
Note: Fa0/0 will be in VRF BLUE and Fa0/1 will be in VRF RED
Note: Fa0/0 will be in VRF BLUE and Fa0/1 will be in VRF RED
R3 Configuration items:
We will define VRF RED and BLUE here and also assign it an RD (route distinguisher) to ID these routes
Link – http://en.wikipedia.org/wiki/Route_distinguisher
Link – http://en.wikipedia.org/wiki/Route_distinguisher
VRF BLUE will have a RD of 1:1 and VRF RED will have a RD of 1:2.
The command route-target will allow us to import and export based on the RD assigned to a given network.
The command route-target will allow us to import and export based on the RD assigned to a given network.
ip vrf BLUE
rd 1:1
route-target export 1:1
route-target import 1:1
route-target import 1:2
rd 1:1
route-target export 1:1
route-target import 1:1
route-target import 1:2
ip vrf RED
rd 1:2
route-target export 1:2
route-target import 1:2
route-target import 1:1
rd 1:2
route-target export 1:2
route-target import 1:2
route-target import 1:1
Next step is to configure the interfaces in the appropriate VRFs
interface FastEthernet0/0
ip vrf forwarding BLUE
ip address 10.1.37.3 255.255.255.0
interface FastEthernet0/1
ip vrf forwarding RED
ip address 10.1.38.3 255.255.255.0
ip vrf forwarding BLUE
ip address 10.1.37.3 255.255.255.0
interface FastEthernet0/1
ip vrf forwarding RED
ip address 10.1.38.3 255.255.255.0
Since this router will be running EIGRP under different VRFs, we will need to great a top-level AS and then get into the address-family commands to configure the VRF EIGRP AS
router eigrp 1
no auto-summary
!
address-family ipv4 vrf RED ! <- This will allow us to configure EIGRP for VRF RED
network 10.1.38.3 0.0.0.0
no auto-summary
autonomous-system 200 !<- This is the EIGRP AS number for VRF RED
exit-address-family
!
address-family ipv4 vrf BLUE !<- This will allow us to configure EIGRP for VRF BLUE
network 10.1.37.3 0.0.0.0
no auto-summary
autonomous-system 100 !<- This is the EIGRP AS number for VRF BLUE
exit-address-family
!
no auto-summary
!
address-family ipv4 vrf RED ! <- This will allow us to configure EIGRP for VRF RED
network 10.1.38.3 0.0.0.0
no auto-summary
autonomous-system 200 !<- This is the EIGRP AS number for VRF RED
exit-address-family
!
address-family ipv4 vrf BLUE !<- This will allow us to configure EIGRP for VRF BLUE
network 10.1.37.3 0.0.0.0
no auto-summary
autonomous-system 100 !<- This is the EIGRP AS number for VRF BLUE
exit-address-family
!
The next step is going to be to configure a lone BGP session where we can redistribute and place the routes in a VPNV4 environment. Basically we are creating a lone SP network where VPNV4 routes are “exchanged”. You do not need a neighbor for this, just a BGP session configured and IPV4 VRF families.
router bgp 1
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf RED !<- Here we will configure BGP for VRF RED and redistribute routes learned from EIGRP in
redistribute eigrp 200
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf BLUE !<- Here we configure BGP for VRF BLUE and then redistribute routes learned from EIGRP in
redistribute connected
redistribute eigrp 100
no auto-summary
no synchronization
exit-address-family
!
router bgp 1
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf RED !<- Here we will configure BGP for VRF RED and redistribute routes learned from EIGRP in
redistribute eigrp 200
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf BLUE !<- Here we configure BGP for VRF BLUE and then redistribute routes learned from EIGRP in
redistribute connected
redistribute eigrp 100
no auto-summary
no synchronization
exit-address-family
!
Lastly we will need to configure EIGRP to redistribute BGP learned routes:
router eigrp 1
!
address-family ipv4 vrf VRF2
redistribute bgp 1 metric 1 1 1 1 1500
exit-address-family
!
address-family ipv4 vrf VRF1
redistribute bgp 1 metric 1 1 1 1 1500
exit-address-family
!
address-family ipv4 vrf VRF2
redistribute bgp 1 metric 1 1 1 1 1500
exit-address-family
!
address-family ipv4 vrf VRF1
redistribute bgp 1 metric 1 1 1 1 1500
exit-address-family
Once you have done that, R7 can now ping R8
R7#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 4 subnets D EX 10.1.8.0 [170/2560002816] via 10.1.37.3, 02:26:05, FastEthernet0/3 C 10.1.7.0 is directly connected, Loopback0 D EX 10.1.38.0 [170/2560002816] via 10.1.37.3, 02:26:05, FastEthernet0/3 C 10.1.37.0 is directly connected, FastEthernet0/3 R7-#p 10.1.8.8 so l0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.8.8, timeout is 2 seconds: Packet sent with a source address of 10.1.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
https://supportforums.cisco.com/t5/network-infrastructure-documents/eigrp-inter-vrf-redistribution/ta-p/3136798
Vrfler ile eigrp routeları ayrıldı , Farklı vrf leri konuşturmak için route target ve bgp'ye ihtiyacımız var.
R1;
Vrf isimleri oluşturduk ve import yani öğren mi yoksa export yani öğret mi kısmını yazıyoruz.
ip vrf EIGRP100
rd 100:100
route-target export 100:100
route-target import 200:200
!
ip vrf EIGRP200
rd 200:200
route-target export 200:200
route-target import 100:100
route-target import 50:50
!
ip vrf EIGRP50
rd 50:50
route-target export 50:50
route-target import 200:200
Interface lerini belirledik.
interface Loopback100
ip vrf forwarding EIGRP100
ip address 10.100.0.1 255.255.255.0
!
interface Loopback200
ip vrf forwarding EIGRP200
ip address 10.200.0.1 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding EIGRP100
ip address 10.100.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding EIGRP200
ip address 10.200.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet2/0
ip vrf forwarding EIGRP50
ip address 10.50.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet3/0
no switchport
ip vrf forwarding EIGRP50
no ip address
!
interface FastEthernet3/15
no switchport
ip vrf forwarding EIGRP50
ip address 10.50.2.1 255.255.255.0
!
Eigrp ayarları yapılır.
router eigrp 6000
no auto-summary
!
address-family ipv4 vrf EIGRP50
redistribute bgp 6000 metric 1000 100 255 1 1500
network 10.0.0.0
no auto-summary
autonomous-system 50
exit-address-family
!
address-family ipv4 vrf EIGRP200
redistribute bgp 6000 metric 1000 100 255 1 1500
network 10.0.0.0
no auto-summary
autonomous-system 200
exit-address-family
!
address-family ipv4 vrf EIGRP100
redistribute bgp 6000 metric 1000 100 255 1 1500
network 10.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
Vrfler ile eigrp routeları ayrıldı , Farklı vrf leri konuşturmak için route target ve bgp'ye ihtiyacımız var.
R1;
Vrf isimleri oluşturduk ve import yani öğren mi yoksa export yani öğret mi kısmını yazıyoruz.
ip vrf EIGRP100
rd 100:100
route-target export 100:100
route-target import 200:200
!
ip vrf EIGRP200
rd 200:200
route-target export 200:200
route-target import 100:100
route-target import 50:50
!
ip vrf EIGRP50
rd 50:50
route-target export 50:50
route-target import 200:200
Interface lerini belirledik.
interface Loopback100
ip vrf forwarding EIGRP100
ip address 10.100.0.1 255.255.255.0
!
interface Loopback200
ip vrf forwarding EIGRP200
ip address 10.200.0.1 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding EIGRP100
ip address 10.100.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip vrf forwarding EIGRP200
ip address 10.200.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet2/0
ip vrf forwarding EIGRP50
ip address 10.50.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet3/0
no switchport
ip vrf forwarding EIGRP50
no ip address
!
interface FastEthernet3/15
no switchport
ip vrf forwarding EIGRP50
ip address 10.50.2.1 255.255.255.0
!
router eigrp 6000
no auto-summary
!
address-family ipv4 vrf EIGRP50
redistribute bgp 6000 metric 1000 100 255 1 1500
network 10.0.0.0
no auto-summary
autonomous-system 50
exit-address-family
!
address-family ipv4 vrf EIGRP200
redistribute bgp 6000 metric 1000 100 255 1 1500
network 10.0.0.0
no auto-summary
autonomous-system 200
exit-address-family
!
address-family ipv4 vrf EIGRP100
redistribute bgp 6000 metric 1000 100 255 1 1500
network 10.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
Bgp ayarları yapılır
router bgp 6000
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf EIGRP50
redistribute eigrp 50
no synchronization
exit-address-family
!
address-family ipv4 vrf EIGRP200
redistribute eigrp 200
no synchronization
exit-address-family
!
address-family ipv4 vrf EIGRP100
redistribute eigrp 100
no synchronization
exit-address-family
R2;
router eigrp 100
network 0.0.0.0
no auto-summary
interface Loopback100
ip address 10.100.3.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.100.1.2 255.255.255.0
R3;
interface Loopback200
ip address 10.200.3.3 255.255.255.0
!
interface FastEthernet1/0
ip address 10.200.1.3 255.255.255.0
!
router eigrp 200
network 10.0.0.0
no auto-summary
R4;
interface Loopback50
ip address 10.50.5.4 255.255.255.0
!
interface FastEthernet2/0
ip address 10.50.1.4 255.255.255.0
router eigrp 50
network 0.0.0.0
no auto-summary
R1#show ip eigrp vrf EIGRP50 neighbor
R1#show bgp vpnv4 unicast all
R1#show ip eigrp vrf EIGRP100 topology
BGP as-override vs allow-as-in
These two functions are pretty similar, just with subtle differences. They can be used in an environment where a customer is using one AS number for many sites that are connected to an ISP. This is shown in the example below.
You can see that AS 65001 connects to the ISP at two locations. So when R2 receives the prefix 99.99.99.99/32, he will see that the AS path is via 1, 65001. Because of the loop prevention mechanism, R2 will have to reject this prefix because it can see its own AS in the AS_PATH attribute. I’ll demonstrate that now. But first, I’m going to post the full configurations because this can be pretty confusing to configure.
PE1#
ip vrf google
rd 100:1
route-target export 100:1
route-target import 100:1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding google
ip address 10.10.10.10 255.255.255.0
!
interface FastEthernet0/1
ip address 15.15.15.1 255.255.255.0
mpls ip
!
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 15.15.15.0 0.0.0.255 area 0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf google
neighbor 10.10.10.11 remote-as 65001
neighbor 10.10.10.11 activate
no synchronization
exit-address-family
PE2#
ip vrf google
rd 100:1
route-target export 100:1
route-target import 100:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding google
ip address 20.20.20.20 255.255.255.0
!
interface FastEthernet0/1
ip address 25.25.25.2 255.255.255.0
mpls ip
!
router ospf 1
network 2.2.2.2 0.0.0.0 area 0
network 25.25.25.0 0.0.0.255 area 0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf google
neighbor 20.20.20.21 remote-as 65001
neighbor 20.20.20.21 activate
no synchronization
exit-address-family
R1#
interface Loopback0
ip address 99.99.99.99 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.10.11 255.255.255.0
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 10.10.10.0 mask 255.255.255.0
network 99.99.99.99 mask 255.255.255.255
neighbor 10.10.10.10 remote-as 1
no auto-summary
R2#
interface FastEthernet0/0
ip address 20.20.20.21 255.255.255.0
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 20.20.20.0 mask 255.255.255.0
neighbor 20.20.20.20 remote-as 1
no auto-summary
P1#
interface FastEthernet0/0
ip address 15.15.15.2 255.255.255.0
mpls ip
!
interface FastEthernet0/1
ip address 25.25.25.1 255.255.255.0
mpls ip
!
router ospf 1
network 15.15.15.0 0.0.0.255 area 0
network 25.25.25.0 0.0.0.255 area 0
network 35.35.35.0 0.0.0.255 area 0
So currently, on R2, he is not accepting any prefixes from R1 in the other site; as shown below (we would expect the 10.10.10.0/24 and 99.99.99.99/32 networks to be in the BGP table).
R2#sh ip bgp | b Network Network Next Hop Metric LocPrf Weight Path *> 20.20.20.0/24 0.0.0.0 0 32768 i
The debug below shows why he’s not accepting these prefixes.
*Mar 1 02:28:03.515: %BGP-5-ADJCHANGE: neighbor 20.20.20.20 Up *Mar 1 02:28:03.559: BGP(0): 20.20.20.20 rcv UPDATE w/ attr: nexthop 20.20.20.20, origin i, originator 0.0.0.0, path 1 65001, community , extended community *Mar 1 02:28:03.559: BGP(0): 20.20.20.20 rcv UPDATE about 10.10.10.0/24 -- DENIED due to: AS-PATH contains our own AS; *Mar 1 02:28:03.559: BGP(0): 20.20.20.20 rcv UPDATE about 99.99.99.99/32 -- DENIED due to: AS-PATH contains our own AS;
One way to fix this is to use the allow-as-in command. This allows R2 to override the loop prevention mechanism by allowing an instance of AS 65001 to be in the AS_PATH. Let’s do that now.
R2(config-router)#neighbor 20.20.20.20 allowas-in 1 R2(config-router)# *Mar 1 02:34:34.927: BGP: 20.20.20.20 sending REFRESH_REQ(5) for afi/safi: 1/1 *Mar 1 02:34:34.927: BGP: 20.20.20.20 send message type 5, length (incl. header) 23 *Mar 1 02:34:35.015: BGP(0): 20.20.20.20 rcvd UPDATE w/ attr: nexthop 20.20.20.20, origin i, path 1 65001 *Mar 1 02:34:35.015: BGP(0): 20.20.20.20 rcvd 10.10.10.0/24 *Mar 1 02:34:35.015: BGP(0): 20.20.20.20 rcvd 99.99.99.99/32 *Mar 1 02:34:35.019: BGP(0): Revise route installing 1 of 1 routes for 10.10.10.0/24 -> 20.20.20.20(main) to main IP table *Mar 1 02:34:35.019: BGP(0): Revise route installing 1 of 1 routes for 99.99.99.99/32 -> 20.20.20.20(main) to main IP table R2(config-router)#do sh ip bgp BGP table version is 4, local router ID is 20.20.20.21 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.10.10.0/24 20.20.20.20 0 1 65001 i *> 20.20.20.0/24 0.0.0.0 0 32768 i *> 99.99.99.99/32 20.20.20.20 0 1 65001 i
So you can see (on R2) that the AS_PATH is 1, 65001 for these prefixes. It keeps all the AS_PATH information and simply just allows 1 occurance of 65001 to be in the AS_PATH; thus overriding the loop prevention mechanism. We would obviously need to do this on R1 in order for R1 to have reachability to the 20.20.20.0/24 prefix (sitting between PE2 and R2) so that he can have a route back to R2.
R1(config)#router bgp 65001 R1(config-router)#neighbor 10.10.10.10 allowas-in 1
R2#ping 99.99.99.99
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 99.99.99.99, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/83/116 ms
The other way you can complete this task is by getting PE1 & PE2 to just strip AS 65001 from the BGP UPDATE before sending it to the customer edge routers. Let’s do that now.
R1(config-router)#no neighbor 10.10.10.10 allowas-in 1 R2(config-router)#no neighbor 20.20.20.20 allowas-in 1
pe2(config)#router bgp 1 pe2(config-router)#address-family ipv4 unicast vrf google pe2(config-router-af)#neighbor 20.20.20.21 as-override pe1(config)#router bgp 1 pe1(config-router)#address-family ipv4 unicast vrf google pe1(config-router-af)#neighbor 10.10.10.11 as-override
By configuring this command it actually resets the peer, so there’s no need to clear any neighbors. The result of this is shown on R2 below.
R2#sh ip bgp | b Network Network Next Hop Metric LocPrf Weight Path *> 10.10.10.0/24 20.20.20.20 0 1 1 i *> 20.20.20.0/24 0.0.0.0 0 32768 i *> 99.99.99.99/32 20.20.20.20 0 1 1 i
So the AS_PATH has been overridden by the PE routers to their AS number instead. This is the key difference between the two commands. Allow-as-in allowed the loop prevention to be ignored for the configured amount of instances, and the as-override caused the PE routers to modify the AS_PATH.
Hiç yorum yok:
Yorum Gönder