使用SR替代LDP，配置ospf sham-link

免責(zé)聲明：

1.本文所使用的軟件均來自互聯(lián)網(wǎng)，作者只為學(xué)習(xí)目的使用該軟件，沒有任何軟件分發(fā)行為。

2.本文所展示的配置只適用于實(shí)驗(yàn)環(huán)境，不建議在生產(chǎn)環(huán)境使用完全相同的配置；由此導(dǎo)致的任何問題，作者不負(fù)任何責(zé)任。

實(shí)驗(yàn)拓?fù)?/h3>

IP地址規(guī)劃

設(shè)備型號及軟件版本

目標(biāo)

1. CSR1, CSR2和xrv配置 IS-IS協(xié)議作為底層IGP，在此基礎(chǔ)上配置segment-routing。

2. CSR1和xrv作為PE設(shè)備，配置×××v4 BGP鄰居，AS號64512。

3. CSR1和vIOS4配置單區(qū)域OSPFv2，進(jìn)程ID 2019；xrv與vIOS5配置單區(qū)域OSPFv2，進(jìn)程ID 2019；PE設(shè)備配置OSPFv2和MP-BGP雙向重分布。

4. CSR1和xrv配置loopback 1接口，將該接口劃分為客戶VRF下，并在MP-BGP進(jìn)程，客戶VRF下宣告主機(jī)路由。

5. CSR1和xrv的OSPFv2配置sham-link

配置步驟

MPLS ×××基本配置步驟：

1.配置IGP，

2.配置MPLS（segment-routing），

3.配置MP-BGP，

4.配置VRF，

5.配置PE-CE路由協(xié)議，

6.PE 配置MP-BGP和VRF路由重分布。

IOS-XE和IOS-XR配置IGP(IS-IS)

設(shè)備接口IP地址配置（略）

• XEv3

router isis igp
is-type level-2-only !---配置ISIS為骨干區(qū)域
net 49.2019.0519.0001.00
log-adjacency-changes !---記錄鄰接log信息
metric-style wide !---使能isis寬度量
exit
interface Loopback0
ip router isis igp
interface GigabitEthernet1
ip router isis igp
isis circuit-type level-2-only !---修改鏈路為level-2
isis network point-to-point !---修改ISIS網(wǎng)絡(luò)類型

• XRv4

router isis igp
is-type level-2-only
net 49.2019.0519.0003.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
interface Loopback0
address-family ipv4 unicast
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
circuit-type level-2-only
point-to-point
commit

2 驗(yàn)證IS-IS

CSR2#show ip route isis | b bn
11.0.0.0/32 is subnetted, 1 subnets
i L2 11.1.1.1 [115/20] via 172.16.0.1, 1d00h, GigabitEthernet1
33.0.0.0/32 is subnetted, 1 subnets
i L2 33.1.1.1 [115/20] via 172.16.0.5,19:06:28, GigabitEthernet2
RP/0/0/CPU0:xrv#show route ipv4 isis
i L2 11.1.1.1/32 [115/30] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2
i L2 22.1.1.1/32 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2
i L2 172.16.0.0/30 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2

3 配置MPLS(segment-routing)

• XEv3

  segment-routing mpls
  connected-prefix-sid-map
  address-family ipv4
  11.1.1.1/32 index 1 range 1
  exit-address-family
  router isis igp
  segment-routing mpls

• XRv4

  segment-routing
  router isis igp
  address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
  interface Loopback0
  address-family ipv4 unicast
  prefix-sid index 33
  commit

4 驗(yàn)證MPLS

CSR1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 172.16.0.2-A 0 Gi1 172.16.0.2
21 Pop Label 11.1.1.2/32[V] 0 aggregate/ospf
16022 Pop Label 22.1.1.1/32 0 Gi1 172.16.0.2
16033 16033 33.1.1.1/32 0 Gi1 172.16.0.2

RP/0/0/CPU0:xrv#show mpls forwarding
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched

---

16011 16011 SR Pfx (idx 11) Gi0/0/0/2 172.16.0.6 208166
16022 Pop SR Pfx (idx 22) Gi0/0/0/2 172.16.0.6 0
24006 Pop SR Adj (idx 1) Gi0/0/0/2 172.16.0.6 0
24007 Pop SR Adj (idx 3) Gi0/0/0/2 172.16.0.6 0

5 配置MP-BGP

• CSR1

  router bgp 64512
  bgp router-id 11.1.1.1
  no bgp default ipv4-unicast
  neighbor 33.1.1.1 remote-as 64512
  neighbor 33.1.1.1 update-source Loopback0
  address-family ***v4
  　neighbor 33.1.1.1 activate

• xrv

  router bgp 64512
  bgp router-id 33.1.1.1
  address-family v4 unicast
  neighbor 11.1.1.1
  　remote-as 64512
  　update-source Loopback0
  　address-family v4 unicast
  commit

• 驗(yàn)證如下：

  CSR1#show bgp ***v4 unicast all sum | b gh
  Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
  33.1.1.1 4 64512 1254 1429 315 0 0 20:17:43 4

  RP/0/0/CPU0:xrv#show bgp ***v4 unicast summary | b gh
  Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
  11.1.1.1 0 64512 1890 1674 249 0 0 20:18:04 4

6 配置VRF and PE-CE routing protocol

6.1定義VRF

• CSR1

  vrf definition AAA
  rd 64512:4
  address-family ipv4
  route-target export 64512:45
  route-target import 64512:45
  exit-address-family

• xrv

  vrf AAA
  address-family ipv4 unicast
  import route-target
  64512:45
  export route-target
  64512:45

6.2 PE to CE Interface config

• CSR1

  interface GigabitEthernet2
  vrf forwarding AAA
  ip address 14.1.1.1 255.255.255.252
  no shutdown

• xrv

  interface GigabitEthernet0/0/0/0
  vrf AAA
  ipv4 address 35.1.1.1 255.255.255.252
  no shutdown

6.3 PE OSPFv2 config

• CSR1

  router ospf 2019 vrf AAA
  router-id 14.1.1.1
  interface GigabitEthernet2
  ip ospf network point-to-point
  ip ospf 14 area 0

• xrv

  router ospf 35
  address-family ipv4 unicast
  vrf AAA
  router-id 35.1.1.1
  address-family ipv4 unicast
  area 0
  interface GigabitEthernet0/0/0/0
  network point-to-point

6.4 CE OSPFv2 config

• vIOS4

  interface GigabitEthernet0/0
  ip address 14.1.1.2 255.255.255.252
  no shutdown
  ip ospf 2019 area 0
  ip ospf network point-to-point
  router ospf 2019
  router-id 44.1.1.1

• vIOS5

  interface GigabitEthernet0/0
  ipv4 address 35.1.1.2 255.255.255.252
  no shutdown
  ip ospf 2019 area 0
  ip ospf network point-to-point
  router ospf 2019
  router-id 55.1.1.1

6.5 PE OSPFv2 and MP-BGP redistribute

• CSR1

  router ospf 14 vrf AAA
  redistribute bgp 64512 metric-type 1 subnets
  interface GigabitEthernet2
  router bgp 64512
  address-family ipv4 vrf AAA
  redistribute ospf 14 match internal external 1 external 2

• xrv

  router ospf 35
  vrf AAA
  redistribute bgp 64512 metric-type 1
  router bgp 64512
  vrf AAA
  rd 64512:5
  address-family ipv4 unicast
  redistribute ospf 35 match internal external

6.6 驗(yàn)證PE-CE OSPFv2配置

CSR1#show ip route vrf AAA ospf | b bn
35.0.0.0/30 is subnetted, 1 subnets
O 35.1.1.0 [110/2] via 33.1.1.1, 00:00:32
44.0.0.0/32 is subnetted, 1 subnets
O 44.1.1.1 [110/2] via 14.1.1.2, 00:00:34, GigabitEthernet2
45.0.0.0/29 is subnetted, 1 subnets
O IA 45.1.1.0 [110/20001] via 14.1.1.2, 00:00:34, GigabitEthernet2

vIOS4#sho ip route ospf | b bn
35.0.0.0/30 is subnetted, 1 subnets
O E1 35.1.1.0 [110/2] via 14.1.1.1, 00:23:54, GigabitEthernet0/0
55.0.0.0/32 is subnetted, 1 subnets
O E1 55.1.1.1 [110/3] via 14.1.1.1, 00:23:54, GigabitEthernet0/0

vIOS4#ping 55.1.1.1 sour lo 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 44.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/15/33 ms
vIOS4#traceroute 55.1.1.1 sour lo 0
Type escape sequence to abort.
Tracing the route to 55.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 14.1.1.1 8 msec 5 msec 3 msec
2 172.16.0.2 [MPLS: Labels 16033/24003 Exp 0] 19 msec 25 msec 10 msec
3 172.16.0.5 [MPLS: Label 24003 Exp 0] 13 msec 12 msec 8 msec
4 35.1.1.2 12 msec 19 msec *
vIOS4#

CSR1#sho bgp *v4 uni all 44.1.1.1
BGP routing table entry for 64512:4:44.1.1.1/32, version 383
Paths: (1 available, best #1, table AAA)
Advertised to update-groups:
5
Refresh Epoch 1
Local
14.1.1.2 (via vrf ospf) from 0.0.0.0 (11.1.1.1)
Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x0000000E0200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:14.1.1.1:0
mpls labels in/out 23/nolabel
rx pathid: 0, tx pathid: 0x0
!--- DOMAIN ID:0x0005:0x0000000E0200 16進(jìn)制E=10進(jìn)制14**（CSR1 ospfv2 進(jìn)程ID）

6.7 修改/添加ospfv2 DOMAIN ID

• IOS-XR默認(rèn)不攜帶DOMAIN ID值

  RP/0/0/CPU0:xrv#show bgp ***v4 uni vrf ospf 55.1.1.1/32
  BGP routing table entry for 55.1.1.1/32, Route Distinguisher: 64512:5
  Versions:
  Process bRIB/RIB SendTblVer
  Speaker 345 345
  Local Label: 24003
  Last Modified: May 22 02:21:42.463 for 06:05:44
  Paths: (1 available, best #1)
  Advertised to peers (in unique update groups):
  11.1.1.1
  Path #1: Received by speaker 0
  Advertised to peers (in unique update groups):
  11.1.1.1
  Local
  35.1.1.2 from 0.0.0.0 (33.1.1.1)
  Origin incomplete, metric 2, localpref 100, weight 32768, valid, redistributed, best, group-best, import-candidate
  Received Path ID 0, Local Path ID 1, version 345
  Extended community: OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45

  CSR1#show bgp ***v4 uni vrf AAA 55.1.1.1/32
  BGP routing table entry for 64512:4:55.1.1.1/32, version 417
  Paths: (1 available, best #1, table ospf, RIB-failure(17))
  Not advertised to any peer
  Refresh Epoch 1
  Local, imported path from 64512:5:55.1.1.1/32 (global)
  33.1.1.1 (metric 30) (via default) from 33.1.1.1 (33.1.1.1)
  Origin incomplete, metric 2, localpref 100, valid, internal, best
  Extended Community: RT:64512:45 OSPF RT:0.0.0.0:1:0
  OSPF ROUTER ID:35.1.1.1:0
  mpls labels in/out nolabel/24003
  rx pathid: 0, tx pathid: 0x0

• 在IOS-XR設(shè)備添加DOMAIN ID

  RP/0/0/CPU0:xrv#conf
  RP/0/0/CPU0:xrv(config)#router ospf 35
  RP/0/0/CPU0:xrv(config-ospf)#vrf AAA
  RP/0/0/CPU0:xrv(config-ospf-vrf)#domain-id type 0005 value 000000230200
  RP/0/0/CPU0:xrv(config-ospf-vrf)#commit
  !--- 23(hex)=35(dec)
  RP/0/0/CPU0:xrv(config-ospf-vrf)#do show bgp ***v4 uni vrf ospf 55.1.1.1/32 | in community
  Wed May 22 09:38:03.422 UTC
  Extended community: OSPF domain-id:0x5:0x000000230200 OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45

  CSR1#show bgp ***v4 uni vrf ospf 55.1.1.1/32 | i unity
  Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x000000230200

6.8 配置CE之間的backdoor link

• vIOS5

  interface GigabitEthernet0/1
  ip address 45.1.1.5 255.255.255.248
  ip ospf network point-to-point
  ip ospf 2019 area 45
  ip ospf cost 20000
  !---模擬×××鏈路故障，在vIOS5上手工shutdown鏈路
  vIOS5(config-if)#int g0/0
  vIOS5(config-if)#shu
  May 20 10:17:09.190: %OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
  May 20 10:17:11.136: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
  May 20 10:17:12.137: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
  vIOS5(config-if)#
  vIOS5(config-if)#do sho ip route ospf | b bn
  14.0.0.0/30 is subnetted, 1 subnets
  O IA 14.1.1.0 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1
  35.0.0.0/30 is subnetted, 1 subnets
  O 35.1.1.0 [110/20003] via 45.1.1.4, 00:00:33, GigabitEthernet0/1
  44.0.0.0/32 is subnetted, 1 subnets
  O IA 44.1.1.1 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1
  vIOS5(config-if)#
  !---在vIOS4上查看ospf路由
  vIOS4#sho ip route ospf | b bn
  35.0.0.0/30 is subnetted, 1 subnets
  O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:09:31, GigabitEthernet0/0
  55.0.0.0/32 is subnetted, 1 subnets
  O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:09:31, GigabitEthernet0/0
  vIOS4#sho ip route ospf | b bn
  35.0.0.0/30 is subnetted, 1 subnets
  O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:11:41, GigabitEthernet0/0
  55.0.0.0/32 is subnetted, 1 subnets
  O IA 55.1.1.1 [110/20001] via 45.1.1.5, 00:00:05, GigabitEthernet0/1
  !---恢復(fù)鏈路
  vIOS5(config-if)#no shu
  May 20 10:18:48.972: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
  May 20 10:18:49.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
  May 20 10:19:04.220: %OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done

  vIOS4#sho ip route ospf | b bn
  35.0.0.0/30 is subnetted, 1 subnets
  O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:14:48, GigabitEthernet0/0
  55.0.0.0/32 is subnetted, 1 subnets
  O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:01:18, GigabitEthernet0/0

6.9 配置OSPFv2 sham-link

6.9.1 Config loopback 1 and propaganda into BGP VRF address-family IPv4

• CSR1

  interface Loopback1
  vrf forwarding ospf
  ipv4 address 11.1.1.2 255.255.255.255
  router bgp 64512
  address-family ipv4 vrf AAA
  network 11.1.1.2 mask 255.255.255.255

• xrv

  interface Loopback1
  vrf AAA
  ipv4 address 33.1.1.2 255.255.255.255
  router bgp 64512
  vrf AAA
  address-family ipv4 unicast
  network 33.1.1.2/32

6.9.2 Under OSPFv2 process config sham-link

• CSR1

  router ospf 14 vrf AAA
  area 0 sham-link 11.1.1.2 33.1.1.2 cost 200

• xrv

  router ospf 35
  vrf AAA
  address-family ipv4 unicast
  area 0
  sham-link 33.1.1.2 11.1.1.2
  cost 200

6.10 驗(yàn)證sham-ink

CSR1(config-router)#area 0 sham-link 11.1.1.2 33.1.1.2 cost 200
CSR1(config-router)#do sho ip ospf neig
*May 22 08:45:02.593: %OSPF-5-ADJCHG: Process 14, Nbr 35.1.1.1 on OSPF_SL3 from LOADING to FULL, Loading Done
Neighbor ID Pri State Dead Time Address Interface
35.1.1.1 0 FULL/ - 00:00:37 33.1.1.2 OSPF_SL3
44.1.1.1 0 FULL/ - 00:00:34 14.1.1.2 GigabitEthernet2

CSR1#show ip route vrf AAA ospf | b bn
35.0.0.0/30 is subnetted, 1 subnets
O 35.1.1.0 [110/201] via 33.1.1.1, 01:04:13
44.0.0.0/32 is subnetted, 1 subnets
O 44.1.1.1 [110/2] via 14.1.1.2, 01:05:46, GigabitEthernet2
45.0.0.0/29 is subnetted, 1 subnets
O IA 45.1.1.0 [110/20001] via 14.1.1.2, 01:05:46, GigabitEthernet2
55.0.0.0/32 is subnetted, 1 subnets
O 55.1.1.1 [110/202] via 33.1.1.1, 01:04:13
vIOS4#sho ip route ospf | b bn
11.0.0.0/32 is subnetted, 1 subnets
O E1 11.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0
33.0.0.0/32 is subnetted, 1 subnets
O E1 33.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0
35.0.0.0/30 is subnetted, 1 subnets
O 35.1.1.0 [110/202] via 14.1.1.1, 01:04:42, GigabitEthernet0/0
55.0.0.0/32 is subnetted, 1 subnets
O 55.1.1.1 [110/203] via 14.1.1.1, 01:04:42, GigabitEthernet0/0

6.11 隱藏sham-link地址

• CSR1:

  ip prefix-list conn seq 5 permit 11.1.1.2/32
  ip prefix-list conn seq 10 permit 33.1.1.2/32
  route-map deny-conn deny 10
  match ip address prefix-list conn
  route-map deny-conn permit 20
  CSR1(config-router-af)#router ospf 14 vrf ospf
  CSR1(config-router)#redis bgp 64512 subnets route-map deny-conn

• xrv:

  prefix-set conn
  11.1.1.2/32,
  33.1.1.2/32
  end-set

  route-policy deny-conn
  if destination in conn then
  drop
  else
  pass
  endif
  end-policy

  RP/0/0/CPU0:xrv(config)#router ospf 35
  RP/0/0/CPU0:xrv(config-ospf)#vrf ospf
  RP/0/0/CPU0:xrv(config-ospf-vrf)#redist bgp 64512 route-policy deny-conn
  RP/0/0/CPU0:xrv(config-ospf-vrf)#commit

  vIOS5#sho ip route ospf | b bn
  14.0.0.0/30 is subnetted, 1 subnets
  O 14.1.1.0 [110/202] via 35.1.1.1, 00:07:05, GigabitEthernet0/0
  44.0.0.0/32 is subnetted, 1 subnets
  O 44.1.1.1 [110/203] via 35.1.1.1, 00:07:05, GigabitEthernet0/0
  CE設(shè)備看不到sham-link地址