以全局 IP 为下一跳的 VRF 路由

网络工程 BGP ospf 虚拟现实
2022-02-15 00:23:01

我有以下拓扑: 在此处输入图像描述

我必须确保在 R2 上学习 R1(1.0.1.1/32) 的环回接口,但有一些限制。

Step1:通过ospf在R2的全局路由表中学习R1的环回

第2 步:R2 和 R3 是地址系列 ipv4 (在接口 f0/2 上——在全局路由表中)和地址系列 ipv4 vrf(在接口 f0/1 上的 ebgp 邻居,它是 R2 和 R2 上 vrf TEST 的一部分) R3)

第 3 步:在 R2,我将 ospf 获知的路由重新分配到 BGP(ipv4 地址系列)。

Step4:R3通过全局路由表中的ebgp(下一跳为192.16.2.9)从R2学习bgp路由。

第 5 步:在 R3,我对 1.0.1.1/32 的 bgp ipv4 地址族进行路由泄漏到 bgp vpnv4 vrf TEST 地址族

因此,R3 在 vrf TEST 中有一条到 1.0.1.1/32 的路由,下一跳为 192.16.2.9(在全局路由表中)

第 6 步:R2 通过 ebgp address-family ipv4 vrf TEST 再次学习 1.0.1.1/32 路由,下一跳为 192.16.1.10

现在我的目标是确保 R2 可以通过 vrf TEST ping 1.0.1.1/32(但正如预期的那样失败)

有关如何使上述方案发挥作用的任何建议。(其中一种方法是在 R2 和 R3 上配置接口 f0/2,如下所示:

int f0/2
ip vrf receive TEST
1个回答

我得到了它的工作(在我同事的指导下),请看一下配置,注意 ip 有一个小的变化(用 172 替换 192),用 100.0.0.1 替换 1.0.1.1;f0/1 被替换为子接口。以下是我在 GNS3 中的实验室的工作配置。

在 R1 上:

R1#ter len 0
R1#
R1#
R1#
R1#
R1#sho run
Building configuration...

Current configuration : 1076 bytes
!
! Last configuration change at 16:46:26 UTC Thu May 25 2017
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 100.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
!
interface FastEthernet1/0
 ip address 172.16.1.14 255.255.255.252
 ip ospf 1 area 0
 speed auto
 duplex auto
!
interface FastEthernet1/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
router ospf 1
 network 100.0.0.1 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.13
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end

R1#

在 R2 上:

R2#sho run
Building configuration...

Current configuration : 1697 bytes
!
! Last configuration change at 16:48:08 UTC Thu May 25 2017
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
vrf definition TEST
 rd 2:1
 !
 address-family ipv4
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
!
interface FastEthernet1/0
 ip address 172.16.2.9 255.255.255.252
 speed auto
 duplex auto
!
interface FastEthernet1/1
 no ip address
 speed auto
 duplex auto
!
interface FastEthernet1/1.2000
 encapsulation dot1Q 2000
 vrf forwarding TEST
 ip address 172.16.1.9 255.255.255.252
!
interface FastEthernet2/0
 ip address 172.16.1.13 255.255.255.252
 ip ospf 1 area 0
 speed auto
 duplex auto
!
interface FastEthernet2/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
router ospf 1
!
router bgp 65002
 bgp log-neighbor-changes
 neighbor 172.16.2.10 remote-as 65003
 !
 address-family ipv4
  redistribute ospf 1
  neighbor 172.16.2.10 activate
 exit-address-family
 !
 address-family ipv4 vrf TEST
  neighbor 172.16.1.10 remote-as 65003
  neighbor 172.16.1.10 activate
  neighbor 172.16.1.10 allowas-in
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 172.16.1.8 255.255.255.252 FastEthernet1/1.2000
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end

R2#

在 R3 上:

R3#ter len 0
R3#sho run
Building configuration...

Current configuration : 1567 bytes
!
! Last configuration change at 16:23:00 UTC Thu May 25 2017
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
vrf definition TEST
 rd 3:1
 !
 address-family ipv4
  import ipv4 unicast map GLOBAL_TO_VRF
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
no ip domain lookup
ip domain name lab.local
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex full
!
interface FastEthernet1/0
 ip address 172.16.2.10 255.255.255.252
 speed auto
 duplex auto
!
interface FastEthernet1/1
 no ip address
 speed auto
 duplex auto
!
interface FastEthernet1/1.2000
 encapsulation dot1Q 2000
 vrf forwarding TEST
 ip address 172.16.1.10 255.255.255.252
!
router bgp 65003
 bgp log-neighbor-changes
 neighbor 172.16.2.9 remote-as 65002
 !
 address-family ipv4
  neighbor 172.16.2.9 activate
 exit-address-family
 !
 address-family ipv4 vrf TEST
  neighbor 172.16.1.9 remote-as 65002
  neighbor 172.16.1.9 activate
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route vrf TEST 172.16.2.8 255.255.255.252 172.16.2.9 global
!
access-list 10 permit any log
!
route-map GLOBAL_TO_VRF permit 10
 match ip address 10
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end

R3#

确认:

R2#ping vrf TEST 100.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/60/68 ms
R2#
其它你可能感兴趣的问题
上一篇如何将多个接口桥接到 Cisco ISR C891F 的单个接口,但使每个接口只能与目标接口通信? 下一篇为什么本地网络通信与 OSI 模型中的网络间通信处理方式不同?