Данная схема работает начиная с версии ПО 1.28.1 |
Задача: построить L3VPN между ESR и ESR1-2 в кластере в рамках единой vrf. Для примера будем анонсировать адреса loopback 2 vrf TEST каждого юнита в кластере соседу ESR.Neiborg
Пример настройки юнитов в кластере (предварительно необходимо указать на каждом из юнитов номер id, set unit id 1 и 2 соответственно):
cluster
cluster-interface bridge 100
unit 1
mac-address xx:xx:xx:xx:xx:xx
exit
unit 2
mac-address yy:yy:yy:yy:yy:yy
exit
enable
exit
hostname ESR.1
hostname ESR.1 unit 1
hostname ESR.2 unit 2
vlan 100
exit
bridge 100
description "cluster"
vlan 100
ip firewall disable
ip address 192.168.123.226/29 unit 1
ip address 192.168.123.227/29 unit 2
vrrp id 100
vrrp ip 192.168.123.225/29
vrrp group 1
vrrp preempt disable
vrrp
enable
exit
interface port-channel 2
description "cluster_link"
mode switchport
switchport access vlan 100
exit
interface gigabitethernet 1/0/1
mode switchport
channel-group 2 mode auto
exit
interface gigabitethernet 1/0/5
mode switchport
channel-group 2 mode auto
exit
interface gigabitethernet 2/0/1
mode switchport
channel-group 2 mode auto
exit
interface gigabitethernet 2/0/5
mode switchport
channel-group 2 mode auto
exit
|
2. Настраиваем протокол ospf для анонсирования адресов loopback1 каждого юнита, через данные адреса будут строиться BGP соседства:
На ESR.unit1:
router ospf 65005
router-id loopback 1
area 0.0.0.0
network 192.168.0.208/32
network 192.168.0.209/32
enable
exit
enable
exit
interface loopback 1
description "router-id"
ip address 192.168.0.208/32 unit 1
ip address 192.168.0.209/32 unit 2
ip ospf instance 65005
ip ospf
exit
Если router-id loopback1, с указанием ip адресов unit1 и unit2, изменялся в процессе ospf,
тогда необходимо перезапустить процесс ospf на двух юнитах, иначе будет "ругаться" на одинаковый route-id. |
На ESR.Neiborg:
router ospf 1
router-id 10.100.24.1
area 0.0.0.0
network 10.100.24.1/32
enable
exit
enable
exit
interface gigabitethernet 1/0/1
ip firewall disable
ip address 192.168.96.156/29
ip ospf instance 1
ip ospf network point-to-point
ip ospf
exit
interface loopback 1
ip address 10.100.24.1/32
exit |
3. Создаем интерфейс port-channel (каждый на своем юните в кластере), через который будет строиться LDP соседство:
interface port-channel 1 description "p2P_test" load-average 60 ip firewall disable ip address 192.168.96.154/29 unit 1 ip address 192.168.96.155/29 unit 2 ip ospf instance 65005 ip ospf mtu-ignore ip ospf cost 1000 ip ospf network point-to-point ip ospf vrrp id 6 vrrp ip 192.168.96.153/29 vrrp exit interface gigabitethernet 1/0/7 mode switchport channel-group 1 mode auto exit interface gigabitethernet 2/0/7 mode switchport channel-group 1 mode auto exit |
4. Настраиваем MPLS для обмена LDP метками, для организации связанности узлов подключенных к VRF
На ESR.unit1:
mpls
forwarding interface port-channel 1
ldp
router-id loopback 1
address-family ipv4
interface port-channel 1
exit
exit
enable
exit
exit |
На ESR.Neiborg:
mpls
forwarding interface gigabitethernet 1/0/1
ldp
router-id 10.100.24.1
address-family ipv4
interface gigabitethernet 1/0/1
exit
exit
enable
exit
exit |
5. Настраиваем протокол BGP в отдельном vrf для каждого юнита
На ESR.unit1:
ip vrf TEST
rd 65005:78002
route-target export 65005:78002
route-target import 65005:78002
exit
В route-map запрещаем анонсировать подсеть для кластера между юнитами, а также настроим as-path prepend для управлениями анонсами bgp
route-map bgp-out
rule 1
match ip address 192.168.123.224/29
action deny
exit
rule 2
action set as-path prepend 65005 track 1
exit
exit
interface loopback 2
ip vrf forwarding TEST
ip address 192.168.100.208/32 unit 1
ip address 192.168.100.218/32 unit 2
exit
router bgp 65005 unit 1
router-id loopback 1
neighbor 10.100.24.1
remote-as 65005
update-source loopback 1
address-family ipv4 unicast
route-map bgp-out out
enable
exit
address-family vpnv4 unicast
send-community extended
enable
exit
enable
exit
enable
vrf TEST
address-family ipv4 unicast
redistribute connected
exit
exit
exit
router bgp 65005 unit 2
router-id loopback 1
neighbor 10.100.24.1
remote-as 65005
update-source loopback 1
address-family ipv4 unicast
route-map bgp-out out
enable
exit
address-family vpnv4 unicast
send-community extended
enable
exit
enable
exit
enable
vrf TEST
address-family ipv4 unicast
redistribute connected
exit
exit
exit
track необходим для последующего управления анонсами маршрутов в кластере
track 1
track vrrp id 100 state not master
enable
exit
|
На ESR.Neiborg:
ip vrf TEST
rd 65005:78002
route-target export 65005:78002
route-target import 65005:78002
exit
router bgp 65005
router-id 10.100.24.1
neighbor 192.168.0.208
remote-as 65005
update-source loopback 1
address-family ipv4 unicast
enable
exit
address-family vpnv4 unicast
send-community extended
enable
exit
enable
exit
neighbor 192.168.0.209
remote-as 65005
update-source loopback 1
address-family ipv4 unicast
enable
exit
address-family vpnv4 unicast
send-community extended
enable
exit
enable
exit
enable
vrf TEST
address-family ipv4 unicast
exit
exit
exit
interface loopback 2
ip vrf forwarding TEST
ip address 1.1.1.1/32
exit |
Диагностировать работу bgp, ospf, mpls можно следующими командами:
ESR.Neiborg# show bgp neighbors
BGP neighbor is 192.168.0.208
BGP state: Established
Type: Static neighbor
Neighbor address: 192.168.0.208
Neighbor AS: 65005
Neighbor ID: 192.168.0.208
Neighbor caps: refresh enhanced-refresh restart-aware AS4
Session: internal multihop AS4
Source address: 10.100.24.1
Weight: 0
Hold timer: 124/180
Keepalive timer: 31/60
RR client: No
Address family ipv4 unicast:
Send-label: No
Default originate: No
Default information originate: No
Preference: 170
Remove private AS: No
Next-hop self: No
Next-hop unchanged: No
Address family vpnv4 unicast:
Preference: 170
Remove private AS: No
Next-hop self: No
Next-hop unchanged: No
Uptime (d,h:m:s): 00,00:58:19
BGP neighbor is 192.168.0.209
BGP state: Established
Type: Static neighbor
Neighbor address: 192.168.0.209
Neighbor AS: 65005
Neighbor ID: 192.168.0.209
Neighbor caps: refresh enhanced-refresh restart-aware AS4
Session: internal multihop AS4
Source address: 10.100.24.1
Weight: 0
Hold timer: 114/180
Keepalive timer: 37/60
RR client: No
Address family ipv4 unicast:
Send-label: No
Default originate: No
Default information originate: No
Preference: 170
Remove private AS: No
Next-hop self: No
Next-hop unchanged: No
Address family vpnv4 unicast:
Preference: 170
Remove private AS: No
Next-hop self: No
Next-hop unchanged: No
Uptime (d,h:m:s): 00,00:45:50 |
ESR.Neiborg# show ip ospf neighbors Router ID Pri State DTime Interface Router IP --------- --- ----- ----- ----------------- --------- 192.168.0.208 128 Full/PtP 00:38 gi1/0/1 192.168.96.154 192.168.0.209 128 Full/PtP 00:35 gi1/0/1 192.168.96.155 |
ESR.Neiborg# show mpls ldp neighbor
Peer LDP ID: 192.168.0.208; Local LDP ID 10.100.24.1
State: Operational
TCP connection: 192.168.0.208:57591 - 10.100.24.1:646
Messages sent/received: 66/68
Uptime (d,h:m:s): 00,01:00:45
LDP discovery sources:
gigabitethernet 1/0/1
Peer LDP ID: 192.168.0.209; Local LDP ID 10.100.24.1
State: Operational
TCP connection: 192.168.0.209:50762 - 10.100.24.1:646
Messages sent/received: 66/67
Uptime (d,h:m:s): 00,00:59:45
LDP discovery sources:
gigabitethernet 1/0/1 |