Vamos a coger el mismo ejemplo que tenemos un L3VPN y le añadimos un equipo que va a ser el que haga de RouTer Reflector. La idea es que tanto PE1 como PE2 formen la vencindad con RR y este les refleje las rutas.
Configuraciones
PE1
ip vrf L3VPN
rd 65500:100
rd 65500:100
route-target both 567:89
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.1.1 255.255.255.252
!
ip address 172.16.1.1 255.255.255.252
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.0 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 1.1.1.1 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.0 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 1.1.1.1 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65500
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
!
address-family ipv4 vrf L3VPN
neighbor 172.16.1.2 remote-as 65501
PE2
ip vrf L3VPN
rd 65500:100
rd 65500:100
route-target both 567:89
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.2.1 255.255.255.252
!
ip address 172.16.2.1 255.255.255.252
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 2.2.2.2 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
router bgp 65500ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 2.2.2.2 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65500
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
!
address-family ipv4 vrf L3VPN
neighbor 172.16.2.2 remote-as 65502
P3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.1 255.255.255.254
!
interface Ethernet0/1
ip address 10.0.0.4 255.255.255.254
!
interface Ethernet1/0
ip address 10.0.0.6 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 3.3.3.3 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
P4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.3 255.255.255.254
!
interface Ethernet0/1
ip address 10.0.0.5 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 4.4.4.4 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
ip address 10.0.0.6 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 3.3.3.3 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
P4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.3 255.255.255.254
!
interface Ethernet0/1
ip address 10.0.0.5 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 4.4.4.4 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
CE1
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet1/0
ip address 172.16.1.2 255.255.255.252
!
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet1/0
ip address 172.16.1.2 255.255.255.252
!
router bgp 65501
redistribute connected
neighbor 172.16.1.1 remote-as 65500
redistribute connected
neighbor 172.16.1.1 remote-as 65500
CE2
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Ethernet1/0
ip address 172.16.2.2 255.255.255.252
!
router bgp 65502
redistribute connected
neighbor 172.16.2.1 remote-as 65500
redistribute connected
neighbor 172.16.2.1 remote-as 65500
RR
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet1/0
ip address 10.0.0.7 255.255.255.254
!
router ospf 1
mpls ldp autoconfig
network 7.7.7.7 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
router bgp 65500
template peer-policy PEPOL
route-reflector-client
send-community extended
exit-peer-policy
!
template peer-session PE
remote-as 65500
update-source Loopback0
exit-peer-session
!
bgp log-neighbor-changes
no bgp default route-target filter
neighbor 1.1.1.1 inherit peer-session PE
neighbor 2.2.2.2 inherit peer-session PE
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 inherit peer-policy PEPOL
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 inherit peer-policy PEPOL
exit-address-family
!
En negrita en los PE's podemos ver que ahora apunta ambos al RR (7.7.7.7). En el RR, tenemos que copnfigurar una sesión con cada uno. Para ahorrarnos comandos, configuramos unas "Templates" que luego aplicamos.
Ahora las vecindades están formadas con el RR y este refleja las rutas.
Observad que el RR no tiene porque tener configurada la VRF, no tiene por qué participar en ella para reflejar las rutas.
Si hacemos un ping/traceroute de un CE a otro veremos la conectividad y saltos.
Vale. Ahora este mismo cliente nos pide tener un doble acceso en sus oficinas centrales para tener redundancia. Le añadimos otro acceso:
Configuramos:
P3
interface Ethernet0/2
ip address 10.0.0.8 255.255.255.254
!
ip address 10.0.0.8 255.255.255.254
!
PE8
ip vrf L3VPN
rd 65500:100
route-target export 567:89
route-target import 567:89
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.9 255.255.255.254
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.4.1 255.255.255.252
!
router ospf 1
mpls ldp autoconfig
network 8.8.8.8 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
router bgp 65500
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65500
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
!
address-family ipv4 vrf L3VPN
neighbor 172.16.4.2 remote-as 65501
neighbor 172.16.4.2 activate
exit-address-family
!
rd 65500:100
route-target export 567:89
route-target import 567:89
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.9 255.255.255.254
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.4.1 255.255.255.252
!
router ospf 1
mpls ldp autoconfig
network 8.8.8.8 0.0.0.0 area 0
network 10.0.0.0 0.0.0.255 area 0
!
router bgp 65500
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65500
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
!
address-family ipv4 vrf L3VPN
neighbor 172.16.4.2 remote-as 65501
neighbor 172.16.4.2 activate
exit-address-family
!
CE3
interface Loopback0
ip address 9.9.9.9 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.0.3 255.255.255.0
!
interface Ethernet1/0
ip address 172.16.4.2 255.255.255.252
!
router bgp 65501
bgp log-neighbor-changes
redistribute connected
neighbor 172.16.4.1 remote-as 65500
neighbor 192.168.0.1 remote-as 65501
!
ip address 9.9.9.9 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.0.3 255.255.255.0
!
interface Ethernet1/0
ip address 172.16.4.2 255.255.255.252
!
router bgp 65501
bgp log-neighbor-changes
redistribute connected
neighbor 172.16.4.1 remote-as 65500
neighbor 192.168.0.1 remote-as 65501
!
RR
router bgp 65500
neighbor 8.8.8.8 inherit peer-session PE
!
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 inherit peer-policy PEPOL
neighbor 8.8.8.8 inherit peer-session PE
!
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 inherit peer-policy PEPOL
Después de esto podemos ver que CE1 y CE3 propagan una 192.168.0.0. Desde CE2 deberíamos llegar a cualquiera de las dos 192.168.0.1-3 por ping/traceroute
Pero si os fijáis, desde CE2 hacemos ping a la 192.168.0.3 de CE3 y vemos que va por el camino de PE1-CE1.Siempre elegirá ese camino a no ser que se caiga el enlace o vecindad ya que BGP solo propaga la mejor ruta y, tanto PE1 como PE8 le pasan esta ruta al RR, pero este cuando la propaga a PE2 solo propaga la mejor de estas dos que tiene. Esto hace que nuestro cliente tenga un enlace sin tráfico.
sh bgp vpnv4 unicast all neighbors 7.7.7.7 advertised-routes |
sh bgp vpnv4 unicast all 192.168.0.0 |
sh bgp vpnv4 unicast all 192.168.0.0 - A PE2 solo le llega una ruta |
Para evitar esto podemos configurar diferentes Router Distinguisher en cada equipo. Esto hara que cada ruta de cada equipo de cada VRF sea única.
PE2
no ip vrf L3VPN
ip vrf L3VPN
rd 65500:102
route-target export 567:89
route-target import 567:89
rd 65500:102
route-target export 567:89
route-target import 567:89
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.2.1 255.255.255.252
!
ip address 172.16.2.1 255.255.255.252
!
router bgp 65500
address-family ipv4 vrf L3VPN
neighbor 172.16.2.2 remote-as 65502
neighbor 172.16.2.2 activate
neighbor 172.16.2.2 remote-as 65502
neighbor 172.16.2.2 activate
PE1
no ip vrf L3VPN
ip vrf L3VPN
rd 65500:101
route-target export 567:89
route-target import 567:89
rd 65500:101
route-target export 567:89
route-target import 567:89
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.1.1 255.255.255.252
!
ip address 172.16.1.1 255.255.255.252
!
router bgp 65500
address-family ipv4 vrf L3VPNneighbor 172.16.1.2 remote-as 65501
neighbor 172.16.1.2 activate
PE8
no ip vrf L3VPN
ip vrf L3VPN
rd 65500:108
route-target export 567:89
route-target import 567:89
rd 65500:108
route-target export 567:89
route-target import 567:89
!
interface Ethernet1/0
ip vrf forwarding L3VPN
ip address 172.16.4.1 255.255.255.252
!
ip address 172.16.4.1 255.255.255.252
!
router bgp 65500
address-family ipv4 vrf L3VPNneighbor 172.16.4.2 remote-as 65501
neighbor 172.16.4.2 activate
Ahora desde PE2 tenemos dos rutas hacia la 192.168.0.0
No hay comentarios:
Publicar un comentario