多宿主MPLSVPN中-應(yīng)用AS-override注意的問題

多宿主MPLS/VPN中，應(yīng)用AS-override注意的問題由admin于星期二,04/01/2008-16:25發(fā)表目的

研究PE與CE間使用BGP時(shí)，可能出現(xiàn)的次優(yōu)路徑及其環(huán)路

拓?fù)鋱D在下面

當(dāng)PE與CE之間使用BGP時(shí)，在多宿主網(wǎng)絡(luò)中，使用AS-override有可能形成次優(yōu)路徑或環(huán)路，如上圖所示。

配置如下

R1

ipvrfvpn-a

rd1:10

route-targetexport1:10

route-targetimport1:10

!

ipcef

!

interfaceLoopback0

ipaddress55

!

interfaceFastEthernet0/0

noipaddress

interfaceFastEthernet0/0.12

encapsulationdot1Q12

ipaddress

tag-switchingip

!

interfaceFastEthernet0/0.13

encapsulationdot1Q13

ipaddress

tag-switchingip

!

interfaceFastEthernet0/0.14

encapsulationdot1Q14

ipvrfforwardingvpn-a

ipaddress

routerospf10

log-adjacency-changes

network55area0

!

routerbgp1

nosynchronization

bgplog-neighbor-changes

neighborremote-as1

neighborupdate-sourceLoopback0

neighborremote-as1

neighborupdate-sourceLoopback0

noauto-summary

!

address-familyvpnv4

neighboractivate

neighborsend-communityextended

neighboractivate

neighborsend-communityextended

exit-address-family

!

address-familyipv4vrfvpn-a

neighborremote-as2

neighboractivate

neighboras-override

noauto-summary

nosynchronization

exit-address-family

R2

ipvrfvpn-a

rd1:10

route-targetexport1:10

route-targetimport1:10

!

ipcef

!

interfaceLoopback0

ipaddress55

!

interfaceFastEthernet0/0

noipaddress

!

interfaceFastEthernet0/0.12

encapsulationdot1Q12

ipaddress

routerbgp2

nosynchronization

bgplog-neighbor-changes

networkmask55

redistributeconnected

neighborremote-as1

noauto-summary

R6

interfaceLoopback0

ipaddress55

!

interfaceFastEthernet0/0

noipaddress

interfaceFastEthernet0/0.36

encapsulationdot1Q36

ipaddress

interfaceFastEthernet0/0.56

encapsulationdot1Q56

ipaddress

routerospf100

router-id

log-adjacency-changes

network55area0

routerospf10

log-adjacency-changes

routerbgp2

nosynchronization

bgplog-neighbor-changes

redistributeconnected

neighborremote-as1

noauto-summary

!

在R2上看，BGPVPN表

r2#shipbgvpall

BGPtableversionis18,localrouterIDis

Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,i-internal,

rRIB-failure,SStale

Origincodes:i-IGP,e-EGP,?-incomplete

NetworkNextHopMetricLocPrfWeightPath

RouteDistinguisher:1:10(defaultforvrfvpn-a)

*>i/32010002?

*>/32002i

*>i/32010002?

*>i/24010002?

r>/24002?

*>i/24010002?

*i/24010002?

*>002?

在R5上，

r5#shiprou

/24issubnetted,1subnets

B[20/0]via,00:27:04

/32issubnetted,1subnets

B[20/0]via,00:27:04

可以看到原本紅色部分是從OSPF學(xué)來，現(xiàn)在變成從EBGP學(xué)來，下一條變?yōu)镽2，

r5#trace

Typeescapesequencetoabort.

Tracingtherouteto

156msec112msec140msec

2[AS1]312msec104msec320msec

3[AS1]316msec212msec*//運(yùn)營商中路由

前綴/32，在CE3上生成被發(fā)往PE3，當(dāng)PE3把這條前綴通回給CE2時(shí)，由于AS-override作用，AS-PATH變成11，故形成了環(huán)路。

解決方案：

AS-override同SOO（siteoforigin）一起使用,在多宿主MPLSVPN中，SOO用來標(biāo)識(shí)客戶站點(diǎn)，防止從某一點(diǎn)離開該站點(diǎn)的流量從另外一點(diǎn)被發(fā)送回同一站點(diǎn)。SOO檢測(cè)環(huán)路是自動(dòng)的，需做在in的方向上。

R2上配置

address-familyipv4vrfvpn-a

neighborroute-mapdogin

route-mapdogpermit10

setextcommunitysoo2:2

//當(dāng)前綴從PE2通告給PE3時(shí)，會(huì)被附上

SOO值，當(dāng)PE3檢測(cè)到相同的SOO時(shí)，

該前綴便不發(fā)給站點(diǎn)2中CE3

R3上配置

address-familyipv4vrfvpn-a

neighborroute-mapboyin

route-mapboypermit10

setextcommunitysoo2:2

//SOO值要相同

在R5，

r5#shiprou

/24issubnetted,1subnets

O[110/2]via,00:05:23,FastEthernet0/0.56

/32issubnetted,1subnets