CCIE Routing Protocol Part3MPLS VPN.docx
- 文档编号:8776612
- 上传时间:2023-02-01
- 格式:DOCX
- 页数:11
- 大小:291.45KB
CCIE Routing Protocol Part3MPLS VPN.docx
《CCIE Routing Protocol Part3MPLS VPN.docx》由会员分享,可在线阅读,更多相关《CCIE Routing Protocol Part3MPLS VPN.docx(11页珍藏版)》请在冰豆网上搜索。
CCIERoutingProtocolPart3MPLSVPN
►6MPLSVPN/TE
ThepacketsareforwardedbylabelswitchinginsteadofbyIPswitching.TheselabelsareattachedtotheIPpackets,enablingtherouterstoforwardthetrafficbylookingatthelabelandnotthedestinationIPaddress.
TheMPLSlabelsareadvertisedbetweenrouterssothattheycanbuildalabel-to-labelmapping.usingLDP,MP-BGP,RSVP,TDP(cisco,Tagdistributeprotocol),Constraint-basedroutedLDP.
MPLSnetworkcomponentsincludes:
ELSR(PE)andLSR(P),PEdoesinsert/poplabelsandPnodesdoswaplabelsandforwardingbasedonlabeltable.
withMPLS,tosetupaunifiednetworkinfrastructure,whichisBetterIPoverATMintegrationandCoreisaBorderGatewayProtocol(BGP)-freecore,withtheMPLSlabeldefine,itcanprovidemorefeatures,suchaspeertopeerVPNandTrafficEngine.LabelswitchingismoreefficientthanIPswitching.
TherearetwoPlanes:
ThecontrolplaneandTheDataPlane
TheControlPlaneistosetupthedataorforwardingtable(ospf,ISIS,BGP,EIGRP),thelabeltable(LDP.RSVP,MP-BGP,TDP).Themaincomponentsofthecontrolplanearetheroutingprotocols,theroutingtable,andothercontrolorsignalingprotocolsusedtoprovisionthedataplane.
ThedataplaneisthepacketforwardingpaththrougharouterorswitchusingASIC(application-specificintegratedcircuits).
MPLSLabel:
32bits[label(20)+Exp(3)+S
(1)+TTL(8)
ForEthernet,newether-types:
0x8847(IPUnicast)0x8848(IPMulticast)like0x8000foripv4
MPLSLabelDistribution:
ForCell-mode:
LabelSpace(Per-interface),LabelGenerate/Distribute/Allocation(DownStream-on-demand/OrderedControlmode)andLabelretention(Conservativelabelretentionmode-onlykeeprequestedlabel)
ForFrame-Mode:
LabelSpace(Per-platform),LabelGenerate/Distribute/Allocation(UnsolicitedDownStream/Independentcontrolmode)andLabelretention(liberallabelretentionmode-keepallreceivedbutonlyonebeused)
ForCiscoRouter:
Per-platform/UnsolicitedDownStream/independentControl/Liberallabelretention
ForCiscoATM:
per-interface/Downstream-on-demenddistribute/independentcontrol/conservationlabelretention/orderedcontrol
ForRouterwithATMinterface:
likeATM,justuseconservativeorliberallabelretention.
LDP:
usesUDP/TCP646,TDPusesTCP711
LDPHellousingUDPpacketto224.0.0.2(allRouterMulticastaddress)withTTL=1tofindneighbor.thenuseTCPtoestablishthesessionfromHigherIP@tolowerip@andtheninitializationsessionformessageexchangethenexchangemessageafterthis,keepalive,andRouterbuildupLabelmaptable.
LabelTables:
FEC:
FECisusedtodescribethepacketsthatareforwardedbasedonacommoncharateristicsuchasDestinationaddress/subnet,Qosclass...,LabelisassignedtoaFEC.
LSP:
LabelSwitchedPath,ThatisasequenceofLSRsthatforwardlabeledpacketsthroughacertainFEC.itisuni-directional.
FIB/RIB:
DestinationsubnetandNext-hop
LIB:
Learnfromdownstreamneighborabout"ipprefixwithitslabel",basedonthismapping,generatealocalsignificantlabelandannouncethislabelandipprefixtoupstreamneighborviaLDP
LFIB:
Itisatableinculdes:
locallabel(whichbeadvertisedtoupstream)mapwithlearnlabel(whichislearnfromdownstream).iflearnFECfromtwoLSRs,localLSRselectoneofthembasedonFIB.
MPLSloopdetection:
LDPloopdetectionbuildintoIGPloopdetectandTTL.bydefault,oningress,TTLcopyfromIPpacket'sTTL,ategress,LabelTTLcopiedtoIPheaderTTLfield.ifTTL=0,droppacket.
MPLSconvergence:
whenalinkfailure,IGPconvergenceandthenMPLSconvergence
whenthelinkrecovery,RoutingprotocolrebuildRTandatthistime,labelswitchingshouldbebrokenuntilLFIBandFIBrebuild.
MPLSMTU:
becauseaddlabels,theframesizeisbiggerthannormal,1500Bippacket+3labels(4timesof3is12B)
SotheMTUshouldbe1512BorforethernetswitchsupportsJumboFrame(GiantFrame).
MPLSTE:
requirement:
1:
everyLSRhavetoseetheentiretopologyoftheNetwork,
2:
Inthistopology,LSRneedsadditionalresourceinformationforlinks,suchasavailableresourceandconstrains
So,onlyextensionOSPFandISISfitfortheserequirements.
Then.LSRusesRSVP-TEandCR-LDPtoestablishtrafficengineeringtunnelsandpropagatelabels,eachELSRmustbeabletocreateanLSPtunnelondemand.
RSVP-TE:
Therearetwomessagetypes:
PATH(Tear/Error)andRESV(Tear/Error)
ERO/RRO:
EROExplicitRoutingObject,Downstreamdirection(likeAS_PATH,thatisLSPhopbyhoplist)toinfoeachLSRtocheckandreserveresource,therearetwoERO,oneisstrictandotherisloose.strictmeansthisHopmustbypassandthisHopandit'slastHopmustconnectdirectly.
RROisRecordRouteObject,itisupstream
ResourceInformationDataBase,itisaextendnetworktopologywithresource,byCSPF(useLSA9,10tocarryTE-releventlinkattribute)andISIS-TE(newTLVs,TLV22,TLV134,TLV135)
PriorityandPreemption(Setuppriorityandholdingpriority):
MultipleLSPtunnelswillbeestablished,setupbasedonhigherpriorityfirst,Ifthelinkresourceisnotinsufficient,existingLSPtunnelwithlowerholdingprioritycouldbereleasedresourceforhighersetupprioritytunnelmeanspreemption.
MPLSTEhavetwolabels:
toplabelpointstotheendpointoftrafficengineeringtunnel,thesecondlablepointstodestination.
MPLSVPN(peertopeerVPN):
TherearetwotypesVPN,
oneisOverlayVPN,SPprovidesVirtualPoint-to-pointlinksbetweenCEs,
suchas(layer-1:
T1/ISDN/SONET;Layer-2:
FR/ATM/X.25;layer-3:
GRE,IPSec)
oneisPeer2PeerVPN:
SPparticipatesinCustomerroutingandseparateforwardingtableforeachcustomer.
ControlPlane:
(GlobalRoutingTable/BackBoneIGPTable/VRFtable/VPNv4RoutingTable/RD/RT)
VRFtable:
IPv4prefix,VRFroutingtableisisolatedbetweeneachother,setupVRFatPEconnectingtoCE
VPNv4RoutingTable:
VPNv4prefixarepropagatedacrosstheMPLS-VPNNetworktopeerPEbyMP-iBGP,soVPNv4prefixmustbeuniqueinthewholeMPLSnetwork.
RD(routedistinguisher):
64bits,MPLSVPNuseaddRDtomakeeachIPv4prefixtobecomeauniqueVNPv4prefix.SoallowCERoutesaddressoverlap.RDisnottheidentifieroftheVPN,SosameVPN,allowtohavedifferentRDs.
forexample:
RDtypeisASN:
nnorIP@:
nn,thefirstoneisprefer.ifaVRFipv4prefixis10.1.1.0/24,RDis65001:
11,soVPNv4prefixis65001:
11:
10.1.1.0/24
RT(Routertargets):
usingBGPextendedattribute(Community),itwillbepropagatedbyMP-iBGPupdate.
whentherouteprefixisredistributedfromVRFroutingtableintoMP-iBGP,addexportRT,toidentifythisroutebelongtowhichofVPN.AtthereceiverPE,comparevpnv4prefix'scommunity(ExportRT/ImportRT)withlocalsettingwhichisImportRT,ifmatch,receivethevpnv4prefixandconverttoVRFipv4prefix,ifnotmatch,rejectit.
SoMPLS-VPNusingRDandRTtocompletetherouteprefixuniquenessandidentifierofVPNandpropagatetheseprefixusingMP-iBGPbetweentwoPEs.
aVPNv4prefixallowtocarrymultipleRTs(ImportRTsandExportRTs).ImportRTmeanswhichVPNv4prefixwillbeaccepted;ExportRTmeanstowhomwillthisVPNv4prefixbeallowedtosend.
DataPlane:
TheCoreisBGPfree,SoonlyPEsrunMP-iBGP,OnlyPEsknowtheVPNv4prefix,Pdonotknowthem.Sotherearetwolabels,ToplabelusedtoforwardpackettoPeerPE,andtheBottomlabelusedtoidentifyVPN.
FortheToplabels,AllPEsandPsrunIGPandLDPorRSVP-TE.CoreIGPcreateaglobalroutingtable(ipv4prefix)andgenerateLFIBatallPsandPEs.ThisisToplabeltoensurepacketwillbeswitchingfromingressPEtoegressPE.
TheBottomLabel:
itisvpnlabel,beadvertisedbyMP-iBGP,WhenVPNv4prefixbepropagatedfromonePEtopeerPE,PeerPEdecidewhichVRFtheseprefixbelongto.
AtIngressPE,itaddtwolabels(GlobalIGPlabelasthetoplabel;VPNlabelasthebottomlabel)
attheegressPE,ItcanmaplabeltoVPNv4prefix,thislabelisVPNlabel,andthisPEadvertisedthelabelalongwiththeVPNv4prefixtoallpossibleingressPEs,ThislabelcontainedintheNLRIfieldofBGP.
MP-iBGP:
allPEsrunMP-iBGP.soiftherearemanyPEs,youshouldsetupRRanduseRTtoletRRknowallVPNv4prefix.thatmeansRRwillreceiveallVPNv4prefix.
OryoucansubdividetheVPNv4prefixintogroupsandsetupseveralRRsorRRgroupstocarryoneofthosesubsets.
WhenaPEredistributeVRFipv4prefixintoMP-iBGP:
1:
AddRD
2:
Modifythenext-hoptoRE'sRID
3:
AddVPNlabelbasedonVPNv4prefix
4:
AddRTs
MPLS-VPNPE-CERouting:
1:
StaticRouting/connectedbetweenPEandCE
redistributeConnectedroutesintoBGP,LetremotePEknowtheseconnectedIP@,whenpingfromCEtoCE,pingsuccessfully.Soifpingwithaspecifiedip@assource,youmustmakesureRemotedevice(PEorCE)knowittoguaranteereplypacketsuccessfully.
Routerbgp65001
........
address-familyipv4vrfCus_A
redistributeconnected
neighbor10.10.10.2remoteas65001
neighbor10.10.10.2active
Forstatic:
iproutevrfCus_A10.100.0.0255.255.0.010.10.10.25
routerbgp65001
address-familyipv4vrfCus_A
redistributestatic
RIPv2BetweenPEandCE
ipvrfCus_A
rd1:
1
route-tragetexport1:
1
import1:
1
routerrip
noauto-summary
address-familyipv4vrfCus_A
version2
network10.0.0.0
redistributebgp65001
default-metric2
routerbgp65001
address-familyipv4vrfCus_A
redistributerip
OSPFbetweenPEandCE
Q1:
usually,theMPLS-VPNasaSuper-BackBonearea,soCEsendOSPFLSA3toPE,whichisaintra-summaryrouteatPE,thenPEredistributetheseroutesintoBGP,thenremotePEredistributeBGPintoOSPFagain.atRemotePE,theseformerLSA3hadbeenchangedtoLSA5becausered
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CCIE Routing Protocol Part3MPLS VPN