Задача: построить L3VPN между ESR и Cisco
Для простоты примера L3VPN будет строится между интерфейсами Loopback 2 на ESR и Cisco находящихся в vrf test.
Пример конфигурации ESR:
ip vrf test rd 100:1 route-target export 100:1 route-target import 100:1 exit router bgp 100 router-id 172.16.0.1 neighbor 172.16.0.2 remote-as 100 update-source 172.16.0.1 address-family ipv4 unicast enable exit address-family vpnv4 unicast send-community extended enable exit enable exit enable vrf test address-family ipv4 unicast redistribute connected exit exit exit router ospf 1 router-id 172.16.0.1 area 0.0.0.0 enable exit enable exit interface gigabitethernet 1/0/1 ip firewall disable ip address 192.168.5.11/24 ip ospf instance 1 ip ospf exit interface loopback 1 ip address 172.16.0.1/32 ip ospf instance 1 ip ospf exit interface loopback 2 ip vrf forwarding test ip address 192.168.1.1/32 exit mpls ldp router-id 172.16.0.1 address-family ipv4 transport-address 172.16.0.1 interface gigabitethernet 1/0/1 exit exit enable exit forwarding interface gigabitethernet 1/0/1 exit
Пример конфигурации Cisco:
! ip vrf test rd 100:1 route-target export 100:1 route-target import 100:1 ! interface Loopback1 ip address 172.16.0.2 255.255.255.255 ! interface Loopback2 ip vrf forwarding test ip address 192.168.2.1 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.5.10 255.255.255.0 duplex full ! router ospf 1 router-id 172.16.0.2 network 172.16.0.2 0.0.0.0 area 0 network 192.168.5.0 0.0.0.255 area 0 mpls ldp autoconfig area 0.0.0.0 ! router bgp 100 bgp router-id 172.16.0.2 bgp log-neighbor-changes neighbor 172.16.0.1 remote-as 100 neighbor 172.16.0.1 update-source Loopback1 ! address-family ipv4 neighbor 172.16.0.1 activate exit-address-family ! address-family vpnv4 neighbor 172.16.0.1 activate neighbor 172.16.0.1 send-community extended exit-address-family ! address-family ipv4 vrf test redistribute connected exit-address-family ! mpls ldp router-id Loopback0 force
Выводы команд show для проверки установления OSPF и LDP соседств на ESR:
esr# show ip ospf neighbors Router ID Pri State DTime Interface Router IP --------- --- ----- ----- ----------------- --------- 172.16.0.2 1 Full/BDR 00:39 gi1/0/1 192.168.5.10 esr# show mpls ldp neighbor Peer LDP ID: 172.16.0.2; Local LDP ID 172.16.0.1 State: Operational TCP connection: 172.16.0.2:37497 - 172.16.0.1:646 Messages sent/received: 42/47 Uptime: 00:36:58 LDP discovery sources: gigabitethernet 1/0/1
Выводы команд show для проверки установления OSPF и LDP соседств на Cisco:
Cisco#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172.16.0.1 128 FULL/DR 00:00:31 192.168.5.11 FastEthernet0/0 Cisco#show mpls ldp neighbor Peer LDP Ident: 172.16.0.1:0; Local LDP Ident 172.16.0.2:0 TCP connection: 172.16.0.1.646 - 172.16.0.2.37497 State: Oper; Msgs sent/rcvd: 49/44; Downstream Up time: 00:38:23 LDP discovery sources: FastEthernet0/0, Src IP addr: 192.168.5.11 Addresses bound to peer LDP Ident: 172.16.0.1 192.168.5.11
Из выводов видно, что соседства установились.
Проверка установки BGP соседства на Cisco и ESR. Для ESR:
esr# show bgp neighbors BGP neighbor is 172.16.0.2 BGP state: Established Type: Static neighbor Neighbor address: 172.16.0.2 Neighbor AS: 100 Neighbor ID: 172.16.0.2 Neighbor caps: refresh enhanced-refresh AS4 Session: internal multihop AS4 Source address: 172.16.0.1 Weight: 0 Hold timer: 121/180 Keepalive timer: 45/60 Address family ipv4 unicast: Send-label: No Default originate: No Default information originate: No Address family vpnv4 unicast: Uptime: 1468 s esr# show ip route vrf test Codes: C - connected, S - static, R - RIP derived, O - OSPF derived, IA - OSPF inter area route, E1 - OSPF external type 1 route, E2 - OSPF external type 2 route B - BGP derived, D - DHCP derived, K - kernel route, V - VRRP route i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - FIB route C * 192.168.1.1/32 [0/0] dev lo2 [direct 11:58:41] B * 192.168.2.1/32 [170] via 172.16.0.2 on gi1/0/1 [bgp100 12:16:24]
Для Cisco:
Cisco#show bgp all neighbors For address family: IPv4 Unicast BGP neighbor is 172.16.0.1, remote AS 100, internal link BGP version 4, remote router ID 172.16.0.1 BGP state = Established, up for 00:26:38 Last read 00:00:38, last write 00:00:38, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable (disabled) Neighbor capabilities: Route refresh: advertised and received(new) Four-octets ASN Capability: advertised and received Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Graceful Restart Capability: received Remote Restart timer is 120 seconds Address families advertised by peer: none Enhanced Refresh Capability: advertised and received Multisession Capability: Stateful switchover support enabled: NO for session 1 Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 7 3 Keepalives: 28 32 Route Refresh: 0 0 Total: 36 36 Default minimum time between advertisement runs is 0 seconds Cisco#show ip route vrf test Routing Table: test Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 192.168.1.0/32 is subnetted, 1 subnets B 192.168.1.1 [200/0] via 172.16.0.1, 00:27:35 192.168.2.0/32 is subnetted, 1 subnets C 192.168.2.1 is directly connected, Loopback2
Из выводов видно, что соседство установилось и маршрутизаторы обменялись необходимыми маршрутами из VRF.
Далее с помощью утилиты ping можно проверить прохождение трафика:
200# ping vrf test 192.168.2.1 PING 192.168.2.1 (192.168.2.1) 56 bytes of data. !!!!! --- 192.168.2.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4004ms rtt min/avg/max/mdev = 1.419/5.377/10.249/3.159 ms Cisco#ping vrf test 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms