Eltex Knowledge Base
Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

Задача: построить L3VPN между ESR и Cisco

Для простоты примера L3VPN будет строится между интерфейсами Loopback 2 на ESR  и Cisco находящихся в vrf test.

Пример конфигурации ESR:

ip vrf test
  rd 100:1
  route-target export 100:1
  route-target import 100:1
exit

router bgp 100
  router-id 172.16.0.1
  neighbor 172.16.0.2
    remote-as 100
    update-source 172.16.0.1
    address-family ipv4 unicast
      enable
    exit
    address-family vpnv4 unicast
      send-community extended
      enable
    exit
    enable
  exit
  enable
  vrf test
    address-family ipv4 unicast
      redistribute connected
    exit
  exit
exit

router ospf 1
  router-id 172.16.0.1
  area 0.0.0.0
    enable
  exit
  enable
exit

interface gigabitethernet 1/0/1
  ip firewall disable
  ip address 192.168.5.11/24
  ip ospf instance 1
  ip ospf
exit
interface loopback 1
  ip address 172.16.0.1/32
  ip ospf instance 1
  ip ospf
exit
interface loopback 2
  ip vrf forwarding test
  ip address 192.168.1.1/32
exit
mpls
  ldp
    router-id 172.16.0.1
    address-family ipv4
      transport-address 172.16.0.1
      interface gigabitethernet 1/0/1
      exit
    exit
    enable
  exit
  forwarding interface gigabitethernet 1/0/1
exit

Пример конфигурации Cisco:

!
ip vrf test
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
interface Loopback1
 ip address 172.16.0.2 255.255.255.255
!
interface Loopback2
 ip vrf forwarding test
 ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.5.10 255.255.255.0
 duplex full
!
router ospf 1
 router-id 172.16.0.2
 network 172.16.0.2 0.0.0.0 area 0
 network 192.168.5.0 0.0.0.255 area 0
 mpls ldp autoconfig area 0.0.0.0
!
router bgp 100
 bgp router-id 172.16.0.2
 bgp log-neighbor-changes
 neighbor 172.16.0.1 remote-as 100
 neighbor 172.16.0.1 update-source Loopback1
 !
 address-family ipv4
  neighbor 172.16.0.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 172.16.0.1 activate
  neighbor 172.16.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf test
  redistribute connected
 exit-address-family
!
mpls ldp router-id Loopback0 force

Выводы команд show для проверки установления OSPF и LDP соседств на ESR:

esr# show ip ospf neighbors 
Router ID        Pri  State          DTime  Interface          Router IP
---------        ---  -----          -----  -----------------  ---------
172.16.0.2       1    Full/BDR       00:39  gi1/0/1            192.168.5.10


esr# show mpls ldp neighbor 
Peer LDP ID: 172.16.0.2; Local LDP ID 172.16.0.1
    State:                  Operational
    TCP connection:         172.16.0.2:37497 - 172.16.0.1:646
    Messages sent/received: 42/47
    Uptime:                 00:36:58
    LDP discovery sources:
        gigabitethernet 1/0/1

Выводы команд show для проверки установления OSPF и LDP соседств на Cisco:


Cisco#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1      128   FULL/DR         00:00:31    192.168.5.11    FastEthernet0/0


Cisco#show mpls ldp neighbor 
    Peer LDP Ident: 172.16.0.1:0; Local LDP Ident 172.16.0.2:0
	TCP connection: 172.16.0.1.646 - 172.16.0.2.37497
	State: Oper; Msgs sent/rcvd: 49/44; Downstream
	Up time: 00:38:23
	LDP discovery sources:
	  FastEthernet0/0, Src IP addr: 192.168.5.11
        Addresses bound to peer LDP Ident:
          172.16.0.1      192.168.5.11

Из выводов видно, что соседства установились.

Проверка установки BGP соседства на Cisco и ESR.  Для ESR:

esr# show bgp neighbors 
BGP neighbor is 172.16.0.2
    BGP state:                       Established
    Type:                            Static neighbor
    Neighbor address:                172.16.0.2
    Neighbor AS:                     100
    Neighbor ID:                     172.16.0.2
    Neighbor caps:                   refresh enhanced-refresh AS4
    Session:                         internal multihop AS4
    Source address:                  172.16.0.1
    Weight:                          0
    Hold timer:                      121/180
    Keepalive timer:                 45/60
    Address family ipv4 unicast:    
      Send-label:                    No
      Default originate:             No
      Default information originate: No
    Address family vpnv4 unicast:   
    Uptime:                          1468 s


esr# show ip route vrf test 
 Codes: C - connected, S - static, R - RIP derived,
        O - OSPF derived, IA - OSPF inter area route,
        E1 - OSPF external type 1 route, E2 - OSPF external type 2 route
        B - BGP derived, D - DHCP derived, K - kernel route, V - VRRP route
        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
        * - FIB route

C     * 192.168.1.1/32     [0/0]             dev lo2                           [direct 11:58:41] 
B     * 192.168.2.1/32     [170]             via 172.16.0.2 on gi1/0/1         [bgp100 12:16:24]

Для Cisco:

Cisco#show bgp all neighbors 
For address family: IPv4 Unicast
BGP neighbor is 172.16.0.1,  remote AS 100, internal link
  BGP version 4, remote router ID 172.16.0.1
  BGP state = Established, up for 00:26:38
  Last read 00:00:38, last write 00:00:38, hold time is 180, keepalive interval is 60 seconds
  Neighbor sessions:
    1 active, is not multisession capable (disabled)
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Address family VPNv4 Unicast: advertised and received
    Graceful Restart Capability: received
      Remote Restart timer is 120 seconds
      Address families advertised by peer:
        none
    Enhanced Refresh Capability: advertised and received
    Multisession Capability: 
    Stateful switchover support enabled: NO for session 1
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
          
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                7          3
    Keepalives:            28         32
    Route Refresh:          0          0
    Total:                 36         36
  Default minimum time between advertisement runs is 0 seconds


Cisco#show ip route vrf test

Routing Table: test
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.1.0/32 is subnetted, 1 subnets
B        192.168.1.1 [200/0] via 172.16.0.1, 00:27:35
      192.168.2.0/32 is subnetted, 1 subnets
C        192.168.2.1 is directly connected, Loopback2

Из выводов видно, что соседство установилось и маршрутизаторы обменялись необходимыми маршрутами из VRF.

Далее с помощью утилиты ping можно проверить прохождение трафика:

200# ping vrf test 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56 bytes of data.
!!!!!
--- 192.168.2.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 1.419/5.377/10.249/3.159 ms


Cisco#ping vrf test 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
  • Нет меток