重要更新:
所以我已经确定 PE 实际上正在将更新转发到路由反射器。这个问题似乎与我正在看的东西有关。您看到此场景的一部分是在更改 AS 时重写 rt 和 rd。rt 重写实际上是有效的。正在从 2203:3000 转换为 46202:3000。我做出的错误假设是 rd 也会被翻译。这不会发生。
所以我的问题现在不是路由的重新分配,因为这是有效的,而是 rd 的翻译。我一生都无法在 cisco 上弄清楚如何做到这一点。
取自 BGP 更新的 wireshark 捕获:
Community Transitive Two-Octet AS Route Target: 46202:3000
Label Stack=16 (bottom) RD=2203:3000, IPv4=10.0.0.1/32
关于第一个问题的更新:
除了 XE(也许 XR,我无权访问 XR 设备)以外的任何 IOS 版本都缺少执行此操作的命令。
来自我们生产的 BRAS 之一:
(config-route-map)#set extcommunity ?
cost Cost extended community
rt Route Target extended community
soo Site-of-Origin extended community
vpn-distinguisher VPN Distinguisher
最后一行在 IOS ver 15 上不存在,这是我在实验室环境中运行的。因此,对于该场景的那部分,我所能做的就是平均时间。
该问题的更新结束
因此,除了这个问题之外,我还发现了另一个与 MPLS PHP 相关的问题。从 PE 到外部 AS,它弹出所有标签,从而使其根本不起作用。所以另一个 AS 接收到一个根本没有标签的数据包。
来自我的 AS 内部的所有数据包都发往另一个 AS 下一跳 IP 34.20.43.11:
PE-4#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 34.20.43.11/32 0 Gi0/0 34.20.43.11
正如您所看到的,它在不应该弹出标签时弹出标签,因为另一个 AS 期望标签为 16:
LinkedISP#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.0.0.1/32[V] 0 aggregate/CUSTOMER_3000
也不确定如何解决这个问题。为下一跳关闭 PHP 似乎无法完成。
预先感谢您对此的任何想法。
原始帖子 + 要求显示命令:
我正在研究一个场景,我们将与位于我们的服务提供商不在的位置的另一个服务提供商进行对等。例如另一个国家。我的计划是与该 SP 对等并交换 vpnv4 扩展社区,以便我们的客户可以通过 L3VPN 访问其位于该 SP 网络之外的站点。基本前提如下:
客户<-进入L3VPN->我们的MPLS网络<->与其他SP对等<->他们的MPLS网络<-离开L3VPN->客户
我已经完成了所有配置,并且我成功地通过 eBGP 交换了社区。到目前为止我一直无法解决的问题是,出于某种原因,思科路由器没有通过内部 vpnv4 BGP 会话重新通告外部学习的 vpnv4 路由。输出:
PE-4#show ip bgp vpnv4 rd 46202:3000
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 46202:3000 (default for vrf CUSTOMER_3000_Mapped)
*> 10.0.0.1/32 34.20.43.11 0 0 2203 ?
*> 10.0.0.3/32 0.0.0.0 0 32768 ?
* i10.0.0.200/32 115.40.0.130 0 100 0 ?
*>i 115.40.0.130 0 100 0 ?
您可以看到从其他服务提供商 (AS2203) 接收的路由,并且也被插入到路由表中:
PE-4#show ip route vrf CUSTOMER_3000_Mapped
10.0.0.0/32 is subnetted, 3 subnets
B 10.0.0.1 [20/0] via 34.20.43.11, 00:58:11
C 10.0.0.3 is directly connected, Loopback3001
B 10.0.0.200 [200/0] via 115.40.0.130, 00:58:11
它还成功地从路由反射器(10.0.0.200 路由)接收路由。
路由反射器未获得来自其他服务提供商的路由。
RR1#show ip bgp vpnv4 rd 46202:3000
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 46202:3000
*>i10.0.0.3/32 115.40.0.131 0 100 0 ?
*>i10.0.0.200/32 115.40.0.130 0 100 0 ?
我不知道为什么外部 vpnv4 路由没有在内部重新分配。下面是相关的配置。预先感谢您的任何帮助!
PE-4#
vrf definition CUSTOMER_3000_Mapped
rd 46202:3000
!
address-family ipv4
route-target export 46202:3000
route-target import 46202:3000
exit-address-family
!
interface Loopback3001
vrf forwarding CUSTOMER_3000_Mapped
ip address 10.0.0.3 255.255.255.255
!
interface GigabitEthernet0/0
description ### PE-4 <-> LinkedISP ###
ip address 34.20.43.10 255.255.255.254
duplex full
speed 1000
media-type gbic
negotiation auto
mpls bgp forwarding
router bgp 46202
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor ROUTE-REFLECTORS peer-group
neighbor ROUTE-REFLECTORS remote-as 46202
neighbor 34.20.43.11 remote-as 2203
neighbor 115.40.1.1 peer-group ROUTE-REFLECTORS
neighbor 115.40.1.2 peer-group ROUTE-REFLECTORS
!
address-family ipv4
neighbor ROUTE-REFLECTORS send-community extended
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family vpnv4
neighbor ROUTE-REFLECTORS send-community extended
neighbor 34.20.43.11 activate
neighbor 34.20.43.11 send-community extended
neighbor 34.20.43.11 route-map community-rewrite-46202:3000 out
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family ipv6
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family vpnv6
neighbor ROUTE-REFLECTORS send-community extended
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER_3000_Mapped
redistribute connected
exit-address-family
!
ip extcommunity-list 2 permit rt 46202:3000
ip bgp-community new-format
!
route-map community-rewrite-46202:3000 permit 10
match extcommunity 2
set extcomm-list 2 delete
set extcommunity rt 2203:3000
路由反射器是标准配置,只需将 PE 设置为路由反射器客户端即可。
“其他提供者”基本上设置为上述配置的镜像。
干杯,
更新了请求的输出:
PE-4#show bgp vpnv4 unicast all neighbors 115.40.1.1 advertised-routes
--Output Omitted--
Route Distinguisher: 46202:3000 (default for vrf CUSTOMER_3000_Mapped)
*> 10.0.0.3/32 0.0.0.0 0 32768 ?
PE-4#show bgp vpnv4 unicast rd 46202:3000 10.0.0.1
BGP routing table entry for 46202:3000:10.0.0.1/32, version 37
Paths: (1 available, best #1, table CUSTOMER_3000_Mapped)
Not advertised to any peer
2203, imported path from 2203:3000:10.0.0.1/32
34.20.43.11 from 34.20.43.11 (34.20.43.11)
Origin incomplete, metric 0, localpref 100, valid, external, best
Extended Community: RT:46202:3000
mpls labels in/out nolabel/16
更多更新节目:
PE-4#show ip route vrf CUSTOMER_3000_Mapped 10.0.0.1
Routing Table: CUSTOMER_3000_Mapped
Routing entry for 10.0.0.1/32
Known via "bgp 46202", distance 20, metric 0
Tag 2203, type external
Last update from 34.20.43.11 14:18:17 ago
Routing Descriptor Blocks:
* 34.20.43.11 (default), from 34.20.43.11, 14:18:17 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 2203
MPLS label: 16
MPLS Flags: MPLS Required
PE-4#show ip cef vrf CUSTOMER_3000_Mapped 10.0.0.1
10.0.0.1/32
nexthop 34.20.43.11 GigabitEthernet0/0 label 16
34.20.43.10/31 也在全局路由表中作为 MPLS 的 OSPF 上的连接子网进行通告:
PE-4#show ip ospf 1 0.0.0.8 interface
GigabitEthernet0/0 is up, line protocol is up
Internet Address 34.20.43.10/31, Area 8, Attached via Network Statement
Process ID 1, Router ID 115.40.0.131, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State WAITING, Priority 1
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
Wait time before Designated router selection 00:00:37
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)