MPLS Tieng Viet

CHUY N M CH NHN A GIAO TH C
(MPLS MultiProtocol Label Switching)
Tc gi : Tr n Th T Uyn
Tr n Th T Uyn
M cl c Chng 1: T NG QUAN V MPLS ........................................................................ 3 Chng 2: C U HNH MPLS C B N ................................................................. 13 LAB 2-1: C u hnh MPLS frame-mode c b n .................................................... 16 Chng 3: T NG QUAN V MPLS VPN.............................................................. 28 Chng 4: GIAO TH C NH TUY N EIGRP PE-CE......................................... 43 LAB 4-1: C u hnh nh tuy n EIGRP PE-CE c b n.......................................... 46 LAB 4-2: C u hnh m ng s d ng BGP CC v EIGRP SoO ................................ 62 Chng 5: GIAO TH C NH TUY N OSPF PE-CE........................................... 75 LAB 5-1 C u hnh nh tuy n OSPF PE-CE ..................................................... 86 LAB 5-2OSPF Sham-Links ............................................................................101 Chng 6: K THU T LU L NG TRONG MPLS.........................................112
Tr n Th T Uyn
Chng 1: T NG QUAN V MPLS

Gi i thi u v chuy n m ch nhn a giao th c (MPLS): MPLS l m t cng ngh k t h p c i m t t nh t gi a nh tuy n l p ba v chuy n m ch l p hai cho php chuy n t i cc gi r t nhanh trong m ng li (core) v nh tuy n t t m ng bin (edge) b ng cch d a vo nhn (label). MPLS l m t phng php c i ti n vi c chuy n ti p gi trn m ng b ng cc nhn c g n v i m i gi IP, t bo ATM, ho c frame l p hai. Phng php chuy n m ch nhn gip cc Router v MPLS-enable ATM switch ra quy t nh theo n i dung nhn t t hn vi c nh tuy n ph c t p theo a ch IP ch. MPLS k t n i tnh th c thi v kh nng chuy n m ch l p hai v i nh tuy n l p ba. Cho php cc ISP cung c p nhi u d ch v khc nhau m khng c n ph i b i c s h t ng s n c. C u trc MPLS c tnh m m d o trong b t k s ph i h p v i cng ngh l p hai no. MPLS h tr m i giao th c l p hai, tri n khai hi u qu cc d ch c IP trn m t m ng chuy n m ch IP. MPLS h tr vi c t o ra cc tuy n khc nhau gi a ngu n v ch trn m t ng tr c Internet. B ng vi c tch h p MPLS vo ki n trc m ng, Cc ISP c th gi m chi ph, tng l i nhu n, cung c p nhi u hi u qu khc nhau v t c hi u qu c nh tranh cao. c i m m ng MPLS: - Khng c MPLS API, cng khng c thnh ph n giao th c pha host. - MPLS ch n m trn cc router. - MPLS l giao th c c l p nn c th ho t ng cng v i giao th c khc IP nh IPX, ATM, Frame Relay, - MPLS gip n gi n ho qu trnh nh tuy n v lm tng tnh linh ng c a cc t ng trung gian. Phng th c ho t ng: Thay th c ch nh tuy n l p ba b ng c ch chuy n m ch l p hai. MPLS ho t ng trong li c a m ng IP. Cc Router trong li ph i enable MPLS trn t ng giao ti p. Nhn c g n thm vo gi IP khi gi i vo m ng MPLS. Nhn c tch ra khi gi ra kh i m ng MPLS. Nhn (Label) c chn vo gi a header l p ba v header l p hai. S d ng nhn trong qu trnh g i gi sau khi thi t l p ng i. MPLS t p trung vo qu trnh hon i nhn (Label Swapping). M t trong nh ng th m nh c a khi n trc MPLS l t nh ngha ch ng nhn (Label Stack). Cng th c gn nhn gi tin l: Network Layer Packet + MPLS Label Stack Khng gian nhn (Label Space): c hai lo i. M t l, cc giao ti p dng chung gi tr nhn (per-platform label space). Hai l, m i giao ti p mang gi tr nhn ring, (Perinterface Label Space). Con ng chuy n nhn (LSP Label Switch Path): xc nh ng i c a gi tin MPLS. G m hai lo i: Hop by hop signal LSP - xc nh ng i kh thi nh t theo ki u best effort v Explicit route signal LSP - xc nh ng i t nt g c. M ts ng d ng c a MPLS B nh tuy n chuy n nhn (LSR Label Switch Router): ra quy t nh ch ng k ti p d a trn n i dung c a nhn, cc LSP lm vi c t v ho t ng g n gi ng nh Switch.
Tr n Th T Uyn
M t s ng d ng ang c tri n khai l: MPLS VPN: Nh cung c p d ch c c th t o VPN l p 3 d c theo m ng ng tr c cho nhi u khch hng, ch dng m t c s h t ng cng c ng s n c, khng c n cc ng d ng encrytion ho c end-user. MPLS Traggic Engineer: Cung c p kh nng thi t l p m t ho c nhi u ng i i u khi n lu l ng m ng v cc c trng th c thi cho m t lo i lu l ng. MPLS QoS (Quality of service): Dng QoS cc nh cung c p d ch v c th cung c p nhi u lo i d ch v v i s m b o t i a v QoS cho khch hng. MPLS Unicast/Multicast IP routing.
Internet c ba nhm ng d ng chnh: voice, data, video v i cc yu c u khc nhau. Voice yu c u tr th p, cho php th t thot d li u tng hi u qu . Video cho php th t thot d li u m c ch p nh n c, mang tnh th i gian th c (realtime). Data yu c u b o m t v chnh xc cao. MPLS gip khai thc ti nguyn m ng t hi u qu cao.
i m v t tr i c a MPLS so v i m hnh IP over ATM Khi h p nh t v i chuy n m ch ATM, chuy n m ch nhn t n d ng nh ng thu n l i c a cc t bo ATM - chi u di thch h p v chuy n v i t c cao. Trong m ng a d ch v chuy n m ch nhn cho php chuy n m ch BPX/MGX nh m cung c p d ch v ATM, Frame, Replay v IP Internet trn m t m t ph ng n trong m t ng i t c cao. Cc m t ph ng (Platform) cng c ng h tr cc d ch v ny ti t ki m chi ph v n gi n ha ho t ng cho nh cung c p a d ch v . ISP s d ng chuy n m ch ATM trong m ng li, chuy n m ch nhn gip cc cc dng Cisco, BPX8600, MGX8800, Router chuy n m ch a d ch v 8540 v cc chuy n m ch Cisco ATM gip qu n l m ng hi u qu hn x p ch ng (overlay) l p IP trn m ng ATM. Chuy n m ch nhn trnh nh ng r c r i gy ra do c nhi u router ngang hng v h tr c u trc phn c p (hierarchical structure) trong m t m ng c a ISP. S tch h p: MPLS xc nh p tnh nng c a IP v ATM ch khng x p ch ng l p IP trn ATM. MPLS gip cho c s h t ng ATM th y c nh tuy n IP v lo i b cc yu c u nh x gi a cc c tnh IP v ATM. MPLS khng c n a ch ATM v k thu t nh tuy n (nh PNNI). tin c y cao hn: V i c s h t ng ATM, MPLS c th k t h p hi u qu v i nhi u giao th c nh tuy n IP over ATM thi t l p m t m ng l i (mesh) d ch v cng c ng gi cc router xung quanh m t m my ATM. Tuy nhin c nhi u v n x y ra do cc PCV link gi a cc router x p ch ng trn m ng ATM. C u trc m ng ATM khng th th y b nh tuy n. M t link ATM b h ng lm h ng nhi u router-to-router link, gy kh khn cho l ng c p nh t thng tin nh tuy n v nhi u ti n trnh x l ko theo. Tr c ti p th c thi cc lo i d ch v : MPLS s d ng hng i v b m c a ATM cung c p nhi u lo i d ch v khc nhau. N h tr quy n u tin IP v lo i d ch v (class of service cos) trn chuy n m ch ATM m khng c n chuy n i ph c t p sang cc l p ATM Forum Service. H tr hi u qu cho Mulicast v RSVP: Khc v i MPLS, x p l p IP trn ATM n y sinh nhi u b t l i, c bi t trong vi c h tr cc d ch v IP nh IP muticast v RSVP( Resource Reservation Protocol - RSVP).
Tr n Th T Uyn
MPLS h tr cc d ch v ny, k th a th i gian v cng vi c theo cc chu n v khuy n khch t o nn nh x x p x c a cc c trng IP&ATM S o l ng v qu n l VPN: MPLS c th tnh c cc d ch v IP VPN v r t d qu n l cc d ch v VPN quan tr ng cung c p cc m ng IP ring trong c s h t ng c a n. Khi m t ISP cung c p d ch v VPN h tr nhi u VPN ring trn m t c s h t ng n.V i m t ng tr c MPLS, thng tin VPN ch c x l t i m t i m ra vo. Cc gi mang nhn MPLS i qua m t ng tr c v n i m ra ng c a n. K t h p MPLS v i MPBGP (Mutiprotocol Broder Gateway Protocol) t o ra cc d ch v VNP d a trn n n MPLS (MPLS-based VNP) d qu n l hn v i s i u hnh chuy n ti p qu n l pha VNP v cc thnh vin VNP, d ch v MPSL-based VNP cn c th m r ng h tr hng trm nghn VPN. Gi m t i trn m ng li Cc d ch v VPN h ng d n cch MPLS h tr m i thng tin nh tuy n phn c p. Hn n a,c th tch r i cc nh tuy n Internet kh i li m ng cung c p d ch v . Gi ng nh d li u VPN, MPSL ch cho php truy su t b ng nh tuy n Internet t i i m ra vo c a m ng. V i MPSL, k thu t lu l ng truy n bin c a AS c g n nhn lin k t v i i m tng ng. S tch r i c a nh tuy n n i kh i nh tuy n Internet y cng gip h n ch l i, n nh v tng tnh b o m t Kh nng i u khi n lu l ng: MPLS cung c p cc kh nng i u khi n lu l ng s ng d ng hi u qu ti nguyn m ng. K thu t lu l ng gip chuy n t i t cc ph n qu t i sang cc ph n cn r i c a m ng d a vo i m ch, lo i lu l ng, t i, th i gian, Cc hnh th c ho t ng c a MPLS M ng MPLS dng cc nhn chuy n ti p cc gi. Khi m t gi i vo m ng, Node MPLS l i vo nh d u m t gi n l p chuy n ti p tng ng (FEC Forwarding Equivalence Class) c th . Trong m ng MPLS nhn i u khi n m i ho t ng chuy n ti p. i u ny c nhi u thu n l i hn s chuy n ti p thng th ng: - S chuy n ti p MPLS c th th c hi n b ng cc b chuy n m ch (switch), c th tra c u (lookup) thay th nhn m khng nh h ng n header l p m ng. Cc b chuy n ATM th c hi c cc ch c nng chuy n cc t bo d a trn gi tr nhn. ATM-switch c n c i u khi n b i m t thnh ph n i u khi n MPLS d a vo IP (IP-base MPLS control element) nh b i u khi n chuy n m ch nhn (LSC Label Switch Controller). y l d ng c b n c a s k t h p IP v i ATM. - Khi m t gi vo m ng n c chuy n n l p chuy n ti p tng ng (FEC Forwarding Equivalence Class). Router c th s d ng thng tin gi, nh c ng vo (ingress) hay giao ti p (interface). Cc gi i vo m ng c gn cc nhn khc nhau. Quy t nh chuy n ti p c th c hi n d dng b i router ng vo. i u ny khng c trong s chuy n ti p thng th ng, v s xc nh l trnh c a router khc v i thng tin l trnh trn gi. - M ng c qu n l lu l ng bu c gi i theo m t con ng c th , m t con ng cha c s d ng. Con ng c ch n tr c ho c ngay khi gi i vo m ng t t hn s l a ch n b i cc thu t ton nh tuy n thng th ng. Trong MPLS, m t nhn c th c dng i di n cho tuy n, khng c n km trong gi. y l d ng c b n c a MPLS Traffic Engineering.
Tr n Th T Uyn
"L p d ch v (Class of service)" c a gi c xc nh b i nt MPLS vo (ingress MPLS node). M t nt MPLS vo c th hu tuy n hay s a i l ch trnh i u khi n cc gi khc nhau. Cc tr m sau c th nh l i rng bu c d ch v b ng cch thi t l p PBH (per-hop behavior). MPLS cho php (khng yu c u) u tin m t ph n ho c hon ton c a l p d ch v t nhn. Tr ng l p ny nhn i di n cho s k t h p c a m t FEC v i u tin ho c l p d ch v . y l d ng c b n c a MPLS QoS.
Nhn (Label) trong MPLS Ki u khung (Frame mode): Ki u khung l thu t ng khi chuy n ti p m t gi v i nhn g n tr c tiu l p ba. M t nhn c m ho v i 20bit, ngha l c th c 220 gi tr khc nhau. M t gi c nhi u nhn, g i l ch ng nhn (label stack). m i ch ng trong m ng ch c m t nhn bn ngoi c xem xt. Hnh 2 m t nh d ng tiu c a MPLS
Trong : - EXP=Experimental (3 bit): dnh cho th c nghi m. Cisco IOS s d ng cc bit ny gi cc thng bo cho QoS; khi cc gi MPLS x p hng c th dng cc bit EXP tng t nh cc bit IP u tin (IP Precedence). - S=Bottom of stack (1 bit): l bt cu i ch ng. Nhn cu i ch ng bit ny c thi t l p ln 1, cc nhn khc c bt ny l 0. - TTL=Time To Live (8 bit): th i gian s ng l b n sao c a IP TTL. Gi tr c a n c gi m t i m i ch ng trnh l p (gi ng nh trong IP). Th ng dng khi ng i i u hnh m ng mu n che d u c u hnh m ng bn d i khi tm ng t m ng bn ngoi. Ki u t bo (Cell mode): Thu t ng ny dng khi c m t m ng g m cc ATM LSR dng MPLS trong m t ph ng i u khi n trao i thng tin VPI/VCI thay v dng bo hi u ATM. Trong ki u t bo, nhn l tr ng VPI/VCI c a t bo. Sau khi trao i nhn trong m t ph ng i u khi n, m t ph ng chuy n ti p, router ng vo (ingress router) phn tch gi thnh cc t bo ATM, dng gi tr VCI/CPI tng ng trao i trong m t ph ng i u khi n v truy n t bo i. Cc ATM LSR pha trong ho t ng nh chuy n m ch ATM chng chuy n ti p m t t bo d a trn VPI/VCI vo v thng tin c ng ra tng ng. Cu i cng, router ng ra (egress router) s p x p l i cc t bo thnh m t gi.
Tr n Th T Uyn
ATM Cell header
GFC
VPI
VCI
PT
CLP
HEC
Header l p 3
D li u
Nhn Gi qua SONET/SDH PPP Header Nhn Header l p 3 Shim header D li u
Ethernet
Ethernet Header
Nhn
Header l p 3
D li u
Trong : GFC (Generic Flow Control): i u khi n lu ng chung VPI (Virtual Path Identifier): nh n d ng ng o VCI (Virtual Channel Identifier): nh n d ng knh o PT (Payload Type): Ch th ki u tr ng tin CLP (Cell Loss Priority): Ch c nng ch th u tin hu b t bo HEC (Header error check): Ki m tra l i tiu . C u trc nt c a MPLS M t nt c a MPLS c hai m t ph ng: m t ph ng chuy n ti p MPLS v m t ph ng i u khi n MPLS. Nt MPLS c th th c hi n nh tuy n l p ba ho c chuy n m ch l p hai. Ki n trc c b n c a m t nt MPLS nh sau: M t ph ng i u khi n
Giao th c
nh tuy n IP
Chuy n i thng tin nh tuy n
Giao th c phn ph i nhn
Chuy n i thng tin lin k t nhn
M t ph ng chuy n ti p
Cc gi IP v a n
B ng nh tuy n IP (ECF FIB)
Cc gi IP ra
Cc gi c g n nhn v a n
C s nh tuy n chuy n ti p nhn (LFIB)
Cc gi IP c g n nhn ra
M t ph ng chuy n ti p (Forwarding plane) M t ph ng chuy n ti p s d ng m t c s thng tin chuy n ti p nhn (LFIB - Label Forwarding Information Base) chuy n ti p cc gi. M i nt MPLS c hai b ng lin quan n vi c chuy n ti p l: c s thng tin nhn (LIB - Label Information Base) v LFIB. LIB ch a t t c cc nhn c nt MPLS c c b nh d u v nh x c a cc
Tr n Th T Uyn 7
nhn ny n cc nhn c nh n t lng gi ng (MPLS neighbor) c a n. LFIB s d ng m t t p con cc nhn ch a trong LIB th c hi n chuy n ti p gi. M t ph ng i u khi n (Control Plane) M t ph ng i u khi n MPLS ch u trch nhi m t o ra v lu tr LFIB. T t c cc nt MPLS ph i ch y m t giao th c nh tuy n IP trao i thng tin nh tuy n n cc nt MPLS khc trong m ng. Cc nt MPLS enable ATM s dng m t b i u khi n nhn (LSC Label Switch Controller) nh router 7200, 7500 ho c dng m t m un x l tuy n (RMP Route Processor Module) tham gia x l nh tuy n IP.
Cc nhn c trao i gi a cc nt MPLS k c n xy d ng nn LFIB. MPLS dng m t m u chuy n ti p d a trn s hon i nhn k t n i v i cc m un i u khi n khc nhau. M i m un i u khi n ch u trch nhi m nh d u v phn ph i m t t p cc nhn cng nh lu tr cc thng tin i u khi n c lin quan khc. Cc giao th c c ng n i (IGP Interior Gateway Potocols) c dng xc nh n kh nng n c, s lin k t, v nh x gi a FEC v a ch tr m k (next-hop address). Cc m un i u khi n MPLS g m: nh tuy n Unicast (Unicast Routing) nh tuy n Multicast (Multicast Routing) K thu t lu l ng (Traffic engineering) M ng ring o (VPN Virtual private Network) Ch t l ng d ch v (QoS Quality of service)
M t ph ng i u khi n m t nt m ng
i u khi n nh tuy n MPLS IP
Cc giao th c nh tuy n Link-state nh OSPF v IS-IS l cc giao th c c ch n v chng cung c p cho m i nt MPLS thng tin c a ton m ng. Trong cc b nh tuy n thng th ng, b n nh tuy n IP dng xy d ng b lu tr chuy n m ch nhanh (Fast switching cache) ho c FIB (dng b i CEF - Cisco Express Forwarding). Tuy nhin v i MPLS, b n nh tuy n IP cung c p thng tin c a m ng ch v subnet prefix. Cc giao th c nh tuy n link-state g i thng tin nh tuy n (flood) gi a m t t p cc router n i tr c ti p (adjacent), thng tin lin k t nhn ch c phn ph i gi a cc router n i tr c ti p v i nhau b ng cch dng giao th c phn ph i (LDP Label Distribution Protocol) ho c TDP (Cisco s proproetary Tag Distribution protocol).
i u khi n nh tuy n MPLS Multicast IP
i u khi n nh tuy n MPLS/VPN
i u khi n Lu l ng (MPLS TE)
Ch t l ng d ch v (QoS)
C s thng tin chuy n ti p nhn LFIB
M t ph ng d li u t i m t nt m ng
Cc thnh ph n m t ph ng d li u v m t ph ng i u khi n c a MPLS
Tr n Th T Uyn
Cisco Express Forwarding (CEF) l n n t ng cho MPLS v ho t ng trn cc router c a Cisco. Do , CEF l i u ki n tin quy t trong th c thi MPLS trn m i thi t b c a Cisco ngo i tr cc ATM switch ch h tr ch c nng c a m t ph ng chuy n ti p d li u. CEF l m t c ch chuy n m ch thu c s h u c a Cisco nh m lm tng tnh n gi n v kh nng chuy n ti p gi IP. CEF trnh vi c vi t l i overhead c a cache trong mi tr ng li IP b ng cch s d ng m t c s thng tin chuy n ti p (FIB Forwarding Information Base) quy t nh chuy n m ch. N ph n nh ton b n i dung c a b ng nh tuy n IP (IP routing table), nh x 1-1 gi a FIB v b ng nh tuy n. Khi router s d ng CEF, n duy tr t i thi u 1 FIB, ch a m t nh x cc m ng ch trong b ng nh tuy n v i cc tr m k ti p (next-hop adjacencies) tng ng. FIB trong m t ph ng d li u, ni router th c hi n c ch chuy n ti p v x l cc gi tin. Trn router cn duy tr hai c u trc khc l c s thng tin nhn (LIB Label Information Base) v c s thng tin chuy n ti p nhn (LFIB Label Forwarding Information Base). Giao th c phn ph i s d ng gi a cc lng gi ng MPLS c nhi m v t o ra cc ch m c (entry) trong hai b ng ny. LIB thu c m t ph ng i u khi n v c giao th c phn ph i nhn s d ng khi a ch m ng ch trong b ng nh tuy n c nh x v i nhn nh n c t router xui dng. LFIB thu c m t ph ng d li u v ch a nhn c c b (local label) n nhn tr m k nh x v i giao ti p ng ra (outgoing interface), c dng chuy n ti p cc gi c gn nhn. Nh v y, thng tin v cc m ng n c do cc giao th c nh tuy n cung c p dng xy d ng b ng nh tuy n (RIB - Routing Information Base). RIB cung c p thng tin cho FIB. LIB c t o nn d a vo giao th c phn ph i nhn v t LIB k t h p v i FIB t o ra LFIB.
Thu t ton chuy n ti p nhn (Label Forwarding Algorithm) B chuy n nhn s d ng m t thu t ton chuy n ti p d a vo vi c hon i nhn. Nt MPLS l y gi tr trong nhn c a gi v a n lm ch m c n LFIB. Khi gi tr nhn tng ng c tm th y, MPLS s thay th nhn trong gi b ng nhn ra (outgoing label) t m c con (subentry) v g i gi qua giao ti p ng ra tng ng n tr m k c xc nh. N u nt MPLS ch a nhi u LFIB trn m i giao ti p, n s d ng giao ti p v t l ni gi n ch n m t LFIB c th ph c v chuy n ti p gi. Cc thu t
Tr n Th T Uyn
ton chuy n ti p thng th ng s d ng nhi u thu t ton nh unicast, multicast v cc gi unicast c thi t l p bit ToS. Tuy nhin, MPLS ch dng m t thu t ton chuy n ti p d a trn s hon i nhn (Label swapping). M t nt MPLS truy xu t b nh n l y ra cc thng tin nh quy t nh dnh ra ti nguyn c n thi t chuy n ti p gi. Kh nng chuy n ti p v tra c u t c nhanh gip chuy n nhn (label switching) tr thnh cng ngh chuy n m ch c tnh th c thi cao. MPLS cn c th dng chuy n v n cc giao th c l p ba khc nh IPv6, IPX, ho c Apple Talk. Cc thu c tnh ny gip MPLS c th tng thch t t v i vi c chuy n i cc m ng t IPv4 ln IPv6. Ho t ng chuy n ti p c a MPLS Th c hi n chuy n ti p d li u v i MPLS g m cc b c sau: - Gn nhn MPLS (trn LSR). - Giao th c phn ph i nhn (LDP - label distribution protocol hay TDP - tag distribution protocol ) th c hi n gn nhn v trao i nhn gi a cc LSR trong mi n MPLS thi t l p cc phin lm vi c (session). Vi c gn nhn c th gn c c b trn router ho c trn giao ti p c a router. - Thi t l p LDP/TDP gi a LSR/ELSR. - M c nh trn router s d ng LDP. C u hnh: Router(config)#mpls label protocol {ldp | tdp} Th c hi n l nh khi router khng mc nh dng LDP ho c mu n chuy n t LDP sang TDP. L nh ny c th c c u hnh ton c c ho c trn giao ti p: Router(config-if)#mpls label protocol {ldp | tdp} N u c u hnh trn giao ti p th n s ghi ln l nh ton c c. TDP dng c ng TCP 711. LDP dng c ng TCP 646. C 4 lo i thng i p LDP: Discovery: qu ng co v ch p nh n s c m t c a LSR trong m ng. Session: Thi t l p, b o d ng v h y phin lm vi c gi a cc LSR. Advertisement: qu ng co nh x nhn t i FEC Notification: bo hi u l i.
Tr n Th T Uyn
10
Phn ph i nhn b ng giao th c phn ph i nhn LDP Trong m t mi n MPLS, m t nhn gn t i m t a ch (FIB) ch c phn ph i t i cc lng gi ng ng c dng sau khi thi t l p session. Vi c k t n i gi a m ng c th v i nhn c c b v m t nhn tr m k (nh n t router xui dng) c lu tr trong LFIB v LIB. MPLS dng cc phng th c phn ph i nhn nh sau: - Yu c u xui dng (Downstream on demand). - T nguy n xui dng (Unsolicited downstream).
S duy tr nhn MPLS
Tr n Th T Uyn
11
C hai ch
duy tr nhn:
Ch duy tr nhn t do (liberal label retention mode): duy tr k t n i gi a nhn v m ng ch nhng khng lu gi tr m k cho ch n . LSR c th chuy n ti p gi ngay khi IGP h i t v s l ng nhn lu gi r t l n cho t ng ch n c th nn t n b nh . Ch duy tr nhn th ng xuyn (conservative label retention mode): duy tr nhn d a vo h i p LDP hay TDP c a tr m k . N h y cc k t n i t LSR xui dng m khng ph i tr m k c a ch n ch nh nn gi m thi u c b nh . Cc lo i nhn Untagged: gi MPLS n c chuy n thnh m t gi IP v chuy n ti p c dng trong th c thi MPLS VPN. c bi t n ch. N
Nhn Implicit-null hay POP: Nhn ny c gn khi nhn trn (top label) c a gi MPLS n b bc ra v gi MPLS hay IP c chuy n ti p t i tr m k xui dng. Gi tr c a nhn ny l 3 (tr ng nhn 20 bit). Nhn ny c dng trong m ng MPLS cho nh ng tr m k cu i. Nhn Explicit-null: c gn gi gi tr EXP cho nhn trn (top label) c a gi n. Nhn trn c hon i v i gi tr 0 v chuy n ti p nh m t gi MPLS t i tr m k xui dng. Nhn ny s d ng khi th c hi n QoS v i MPLS.
Nhn Aggregate: v i nhn ny, khi gi MPLS n n b bc t t c nhn trong ch ng nhn ra tr thnh m t gi IP v th c hi n tra c u trong FIB xc nh giao ti p ng ra cho n.
Tr n Th T Uyn
12
Chng 2: C U HNH MPLS C B N

C u hnh v ki m ch ng MPLS ch khung (Frame-mode MPLS)
ch khung, MPLS s d ng m t nhn 32 bit chn vo gi a tiu l p 2 v l p 3. Cc d ng ng gi l p 2 nh HDLC, PPP, Frame Relay, v Ethernet d a trn ki u khung (frame) nn c th ho t ng ch khung (frame mode) ho c ch t bo (cell mode), ngo i tr ATM ch ho t ng ch t bo. Basic frame-mode MPLS
Bi u
ti n trnh c u hnh Frame-Mode MPLS
Tr n Th T Uyn
13
Cc b c c u hnh frame-mode MPLS c b n Cc b c c u hnh d a trn s trn.
B c 1: Cho php CEF CEF l m t thnh ph n thi t y u cho chuy n m ch nhn (label switching) v ch u trch nhi m s p x p v ci t nhn trong m t m ng MPLS. C u hnh CEF ton c c trn cc router R1, R2, R3 v R4 b ng l nh: Router(config)#ip cef [distributed]. Ch c ch n r ng CEF c cho php trn giao ti p. N u khng c th c th cho php CEF trn giao ti p b ng cch dng l nh: Router(config-if)#ip route-cache cef. Dng t kha [distribute] th hi n kh nng c a chuy n m ch CEF c chia s .
B c 2: C u hnh giao th c nh tuy n IGP y ta xt giao th c OSPF. Cho php cc giao ti p trn cc router tham gia vo m ng c a nh cung c p b ng l nh : Router(config)#router ospf process-id Router(config-router)#network ip-address wild-card mask area area-id
Cho php giao th c phn ph i nhn l m t b c ty ch n. Ng m nh, LDP l giao th c phn ph i nhn. L nh mpls label protocol {ldp | tdp} ch c dng n u LDP khng ph i l giao th c ng m nh ho c n u mu n chuy n i qua l i gi a LDP v TDP. L nh ny nn c u hnh trong ch ton c c ( Router(config)# ) t t hn trn giao ti p ( Router(config-if)# ). Tuy nhin l nh c u hnh trn giao ti p s ghi ln l nh c u hnh ton c c. B c 3: Gn LDP router ID
Tr n Th T Uyn
14
LDP s d ng a ch IP cao nh t trn m t giao ti p loopback nh l m t LDP router ID. N u khng c a ch loopback th a ch IP cao nh t trn router s tr thnh LDP router ID. Mu n bu c m t giao ti p tr thnh LDP router ID dng l nh: Router(config)#mpls ldp router-id {interface | ip-address} [force] Giao ti p loopback c khuy n khch v chng lun ho t ng. B c 4: Cho php Ipv4 MPLS hay chuy n ti p nhn trn giao ti p Router(config-if)#mpls ip
Ki m tra ho t
ng c a frame-mode MPLS c b n:
Ki m tra s cho php CEF trn router: Router#show ip cef Xc nh chuy n ti p MPLS c cho php trn giao ti p : Router#show mpls interfaces Xem tr ng thi c a ti n trnh khm ph LDP. Hi n th thng tin khm ph LDP c a lng gi ng v cc giao ti p m ti n trnh khm ph LDP ang ch y. Router#show mpls ldp discovery Tr ng xmit/recv th hi n giao ti p ang truy n v nh n cc gi LDP discovery Hello. Xc nh tr ng thi cc phin lm vi c v i lng gi ng LDP: Router#show mpls ldp neighbor S chuy n ti p m t ph ng i u khi n v m t ph ng d li u
M t ph ng i u khi n
Hnh trn th hi n ho t ng c a m p ph ng i u khi n cho prefix 10.10.10.101/32 t R1 n R4. Cc b c sau th hi n ti n trnh qu ng b nhn cho prefix 10.10.10.101/32:
Tr n Th T Uyn
15
B c 1: R1 g i m t implicit null hay POP label t i R2. Gi tr 3 i di n cho nhn implicit-null. R1 qu ng b (propagates) implicit-null n R2, R2 th c hi n ch c nng POP d li u chuy n ti p t R4 t i 10.10.10.101/32. N u R1 qu ng b m t nhn explicit-null, LSR R2 ng c dng khng POP nhn nhng gn m t gi tr nhn l 0 v g i m t gi c gn nhn t i R2. V d : R1#show mpls ldp bindings <output truncated>
B c 3 : trn R3, prefix 10.10.10.101/32 c gn m t nhn c c b l 17 v m t nhn ra 16. Nhn ra c nh n t R2. Nhn c c b 17 c qu ng b b ng s chia s nhn n R4. Nhn 17 c R4 dng chuy n ti p d li u n 10.10.10.101/32. Ho t
B c 2 : R2 gn m t LSP label t i 10.10.10.101/32. Gi tr nhn ny c qu ng b t i R3. Gi tr ny c R3 p t trn ng chuy n ti p d li u.
tib entry: 10.10.10.101/32, rev 4 local binding: tag: imp-null remote binding: tsr: 10.10.10.102:0, tag: 16
Cc b c sau bi u di n ng chuy n ti p d li u t R4 t i 10.10.10.101/32
ng chuy n ti p d li u
R4 p t nhn 17 ln gi d li u t R4 t i 10.10.10.101/32. R3 th c hi n tra c u LFIB (LFIB lookup) v hon i nhn 17 thnh 16 v chuy n ti p gi d li i t i R2. R2 nh n gi d li u t R3, th c hi n ch c nng pop c a tr m k cu i, bc nhn 16 v chuy n ti p gi d li u t i R1. LAB 2-1: C u hnh MPLS frame-mode c b n
M t
C u hnh v ki m tra LSR1#show run Building configuration...
Tr n Th T Uyn
16
Current configuration : 912 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LSR1 ! logging queue-limit 100 ! ip subnet-zero ! ip cef mpls ldp logging neighbor-changes tag-switching tdp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/1 ip address 10.10.10.1 255.255.255.252 tag-switching ip clockrate 72000 ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! ip http server ip classless end LSR1#show ip route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 [110/192] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.0/30 is directly connected, Serial0/1 10.10.10.4/30 [110/128] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.104/32 [110/193] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.102/32 [110/65] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.103/32 [110/129] via 10.10.10.2, 00:02:58, Serial0/1 10.10.10.101/32 is directly connected, Loopback0
O C O O O O C
LSR1#show ip cef Prefix Next Hop 0.0.0.0/0 drop 0.0.0.0/32 receive
Interface Null0 (default route handler entry)
Tr n Th T Uyn
17
10.10.10.0/30 attached 10.10.10.0/32 receive 10.10.10.1/32 receive 10.10.10.3/32 receive 10.10.10.4/30 10.10.10.2 10.10.10.8/30 10.10.10.2 10.10.10.101/32 receive 10.10.10.102/32 10.10.10.2 10.10.10.103/32 10.10.10.2 10.10.10.104/32 10.10.10.2 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive LSR1#show cef int s0/1
Serial0/1
Serial0/1 Serial0/1 Serial0/1 Serial0/1 Serial0/1
Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.1/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR1#show mpls interfaces Interface IP Tunnel Operational Serial0/1 Yes (tdp) No Yes LSR1#show mpls ldp discovery Local LDP Identifier: 10.10.10.101:0 Discovery Sources: Interfaces: Serial0/1 (tdp): xmit LSR2#show run !
Tr n Th T Uyn
18
hostname LSR2 ! logging queue-limit 100 ! memory-size iomem 10 ip subnet-zero ! ! ! ip cef mpls ldp logging neighbor-changes tag-switching tdp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.2 255.255.255.252 mpls label protocol ldp tag-switching ip ! interface Serial0/1 ip address 10.10.10.5 255.255.255.252 mpls label protocol ldp tag-switching ip ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! end LSR2#show cdp nei .. Device ID Local Intrfce Holdtme Capability Platform Port ID LSR1 Ser 0/0 173 R 2610 Ser 0/1 LSR3 Ser 0/1 125 R 2610 Ser 0/1 LSR2#show ip route .. Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 [110/128] via 10.10.10.6, 00:23:26, Serial0/1 10.10.10.0/30 is directly connected, Serial0/0 10.10.10.4/30 is directly connected, Serial0/1 10.10.10.104/32 [110/129] via 10.10.10.6, 00:23:26, Serial0/1 10.10.10.102/32 is directly connected, Loopback0 10.10.10.103/32 [110/65] via 10.10.10.6, 00:23:26, Serial0/1 10.10.10.101/32 [110/65] via 10.10.10.1, 00:23:26, Serial0/0
O C C O C O O
Tr n Th T Uyn
19
LSR2#show ip cef Prefix Next Hop Interface 0.0.0.0/0 drop Null0 (default route handler entry) 0.0.0.0/32 receive 10.10.10.0/30 attached Serial0/0 10.10.10.0/32 receive 10.10.10.2/32 receive 10.10.10.3/32 receive 10.10.10.4/30 attached Serial0/1 10.10.10.4/32 receive 10.10.10.5/32 receive 10.10.10.7/32 receive 10.10.10.8/30 10.10.10.6 Serial0/1 10.10.10.101/32 10.10.10.1 Serial0/0 10.10.10.102/32 receive 10.10.10.103/32 10.10.10.6 Serial0/1 10.10.10.104/32 10.10.10.6 Serial0/1 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive LSR2#show cef int s0/0 Serial0/0 is up (if_number 4) Corresponding hwidb fast_if_number 4 Corresponding hwidb firstsw->if_number 4 Internet address is 10.10.10.2/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/0 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 3(3) Slot 0 Slot unit 0 Unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR2#show cef int s0/1 Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.5/30
Tr n Th T Uyn
20
ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR2#show mpls int Interface IP Tunnel Operational Serial0/0 Yes (ldp) No Yes Serial0/1 Yes (ldp) No Yes LSR2#show mpls ldp dis Local LDP Identifier: 10.10.10.102:0 Discovery Sources: Interfaces: Serial0/0 (ldp): xmit Serial0/1 (ldp): xmit/recv LDP Id: 10.10.10.103:0 LSR2#show mpls ldp nei Peer LDP Ident: 10.10.10.103:0; Local LDP Ident 10.10.10.102:0 TCP connection: 10.10.10.103.11010 - 10.10.10.102.646 State: Oper; Ms LSR3#show run Building configuration... Current configuration : 947 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LSR3 ! logging queue-limit 100
Tr n Th T Uyn
21
! ip subnet-zero ! ! ! ip cef mpls label protocol ldp mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.103 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.9 255.255.255.252 tag-switching ip clockrate 72000 no fair-queue ! interface Serial0/1 ip address 10.10.10.6 255.255.255.252 tag-switching ip clockrate 72000 ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! end LSR3#show ip route . Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 is directly connected, Serial0/0 10.10.10.0/30 [110/128] via 10.10.10.5, 00:11:19, Serial0/1 10.10.10.4/30 is directly connected, Serial0/1 10.10.10.104/32 [110/65] via 10.10.10.10, 00:11:19, Serial0/0 10.10.10.102/32 [110/65] via 10.10.10.5, 00:11:19, Serial0/1 10.10.10.103/32 is directly connected, Loopback0 10.10.10.101/32 [110/129] via 10.10.10.5, 00:11:19, Serial0/1
C O C O O C O
LSR3# show cdp nei Device ID Local Intrfce Holdtme Capability Platform Port ID LSR4 Ser 0/0 131 R 2610 Ser 0/1 LSR2 Ser 0/1 178 R 2610 Ser 0/1 LSR3#show ip cef Prefix Next Hop
Interface
Tr n Th T Uyn
22
0.0.0.0/0 drop Null0 (default route handler entry) 0.0.0.0/32 receive 10.10.10.0/30 10.10.10.5 Serial0/1 10.10.10.4/30 attached Serial0/1 10.10.10.4/32 receive 10.10.10.6/32 receive 10.10.10.7/32 receive 10.10.10.8/30 attached Serial0/0 10.10.10.8/32 receive 10.10.10.9/32 receive 10.10.10.11/32 receive 10.10.10.101/32 10.10.10.5 Serial0/1 10.10.10.102/32 10.10.10.5 Serial0/1 10.10.10.103/32 receive 10.10.10.104/32 10.10.10.10 Serial0/0 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive LSR3#show cef int s0/0 Serial0/0 is up (if_number 4) Corresponding hwidb fast_if_number 4 Corresponding hwidb firstsw->if_number 4 Internet address is 10.10.10.9/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/0 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 3(3) Slot 0 Slot unit 0 Unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR3#show cef int s0/1 Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.6/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled
Tr n Th T Uyn
23
Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR3#show mpls interfaces Interface IP Tunnel Operational Serial0/0 Yes (ldp) No Yes Serial0/1 Yes (ldp) No Yes LSR3#show mpls ldp dis Local LDP Identifier: 10.10.10.103:0 Discovery Sources: Interfaces: Serial0/0 (ldp): xmit/recv LDP Id: 10.10.10.104:0 Serial0/1 (ldp): xmit/recv LDP Id: 10.10.10.102:0 LSR3#show mpls ldp nei Peer LDP Ident: 10.10.10.102:0; Local LDP Ident 10.10.10.103:0 TCP connection: 10.10.10.102.646 - 10.10.10.103.11010 State: Oper; Msgs sent/rcvd: 53/49; Downstream Up time: 00:32:45 LDP discovery sources: Serial0/1, Src IP addr: 10.10.10.5 Addresses bound to peer LDP Ident: 10.10.10.102 10.10.10.2 10.10.10.5 Peer LDP Ident: 10.10.10.104:0; Local LDP Ident 10.10.10.103:0 TCP connection: 10.10.10.104.11004 - 10.10.10.103.646 State: Oper; Msgs sent/rcvd: 24/24; Downstream Up time: 00:12:43 LDP discovery sources: Serial0/0, Src IP addr: 10.10.10.10 Addresses bound to peer LDP Ident: 10.10.10.104 10.10.10.10 LSR4#show run Building configuration... !
Tr n Th T Uyn
24
version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LSR4 ! logging queue-limit 100 ! memory-size iomem 10 ip subnet-zero ! ip cef mpls label protocol ldp mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.104 255.255.255.255 ! interface Serial0/1 ip address 10.10.10.10 255.255.255.252 tag-switching ip ! router ospf 100 log-adjacency-changes network 10.10.10.0 0.0.0.255 area 0 ! end LSR4#show cdp nei Device ID Local Intrfce Holdtme Capability Platform Port ID LSR3 Ser 0/1 159 R 2610 Ser 0/0 LSR4#show ip route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks 10.10.10.8/30 is directly connected, Serial0/1 10.10.10.0/30 [110/192] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.4/30 [110/128] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.104/32 is directly connected, Loopback0 10.10.10.102/32 [110/129] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.103/32 [110/65] via 10.10.10.9, 00:13:46, Serial0/1 10.10.10.101/32 [110/193] via 10.10.10.9, 00:13:46, Serial0/1
C O O C O O O
LSR4#show ip cef Prefix Next Hop 0.0.0.0/0 drop 0.0.0.0/32 receive
Interface Null0 (default route handler entry)
Tr n Th T Uyn
25
10.10.10.0/30 10.10.10.9 10.10.10.4/30 10.10.10.9 10.10.10.8/30 attached 10.10.10.8/32 receive 10.10.10.10/32 receive 10.10.10.11/32 receive 10.10.10.101/32 10.10.10.9 10.10.10.102/32 10.10.10.9 10.10.10.103/32 10.10.10.9 10.10.10.104/32 receive 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive
Serial0/1 Serial0/1 Serial0/1
Serial0/1 Serial0/1 Serial0/1
LSR4#show cef int s0/1 Serial0/1 is up (if_number 5) Corresponding hwidb fast_if_number 5 Corresponding hwidb firstsw->if_number 5 Internet address is 10.10.10.10/30 ICMP redirects are always sent Per packet load-sharing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled BGP based policy accounting is disabled Interface is marked as point to point interface Hardware idb is Serial0/1 Fast switching type 4, interface type 60 IP CEF switching enabled IP CEF Fast switching turbo vector Input fast flags 0x0, Output fast flags 0x0 ifindex 4(4) Slot 0 Slot unit 1 Unit 1 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500 LSR4#show mpls int Interface IP Tunnel Operational Serial0/1 Yes (ldp) No Yes LSR4#show mpls ldp dis Local LDP Identifier: 10.10.10.104:0 Discovery Sources: Interfaces: Serial0/1 (ldp): xmit/recv LDP Id: 10.10.10.103:0 LSR4#show mpls ldp nei Peer LDP Ident: 10.10.10.103:0; Local LDP Ident 10.10.10.104:0 TCP connection: 10.10.10.103.646 - 10.10.10.104.11004
Tr n Th T Uyn
26
State: Oper; Msgs sent/rcvd: 26/26; Downstream Up time: 00:14:34 LDP discovery sources: Serial0/1, Src IP addr: 10.10.10.9 Addresses bound to peer LDP Ident: 10.10.10.103 10.10.10.6 10.10.10.9
Tr n Th T Uyn
27
Chng 3: T NG QUAN V MPLS VPN

VPN c gi i thi u cho php cc nh cung c p d ch v s d ng c s h t ng cng c ng c s n th c thi cc k t n i point-to-point gi a cc site khch hng. M t m ng khch hng th c thi v i b t k cng ngh VPN no s n m trong vng i u khi n c a khch hng c g i l cc site khch hng, cc site ny c k t n i v i nhau thng qua m ng c a nh cung c p d ch v (SP service provider). Trong cc m ng d a trn b nh tuy n truy n th ng (traditional router-based network), cc site khc nhau c a cng khch hng c k t n i v i nhau b ng cc k t n i point-to-point chuyn d ng (lease line, Frame Relay,). Chi ph th c hi n ph thu c vo s l ng site khch hng. Cc site k t n i d ng full mesh s lm gia tng chi ph theo c p s m. Frame Relay v ATM l nh ng cng ngh i u thch h p th c thi VPN. Cc m ng ny bao g m cc thi t b khc nhau thu c v khch hng ho c nh cung c p d ch v , l cc thnh ph n c a gi i php VPN. Nhn chung, VPN g m cc vng sau: M ng khch hng (Customer network) g m cc router t i cc site khch hng khc nhau. Cc router k t n i cc site c nhn v i m ng c a nh cung c p c g i l cc router bin pha khch hng (CE customer edge). T ng quan v VPN
M ng nh cung c p (Provider network) c dng cung c p cc k t n i point-to-point qua h t ng m ng c a nh cung c p d ch v . Cc thi t b c a nh cung c p d ch v m n i tr c ti p v i CE router c g i l router bin pha nh cung c p (PE Provifer edge). M ng c a nh cung c p cn c cc thi t b dng chuy n ti p d li u trong m ng tr c (SP backbone) c g i l cc rouer nh cung c p (P - Provider). D a trn s tham gia c a nh cung c p d ch v trong vi c nh tuy n cho khch hng, VPN c th chia thnh hai lo i m hnh: Overlay v Peer-to-peer.
Ban u Overlay VPN c th c thi b i SP cung c p cc k t n i l p 1 (physical layer) hay m ch chuy n v n l p 2 (d li u d ng frame ho c cell) gi a cc site khch hng b ng cch s d ng cc thi t b Frame Relay hay ATM switch lm PE. Do nh cung c p d ch v khng th nh n bi t c vi c nh tuy n pha khch hng. Sau , Overlay VPN th c thi cc d ch v qua IP (l p 3) v i cc giao th c nh ng h m nh L2TP, GRE, v IPSec. Tuy nhin, d trong tr ng h p no th m ng c a nh cung c p v n trong su t i v i khch hng, v cc giao th c nh tuy n ch y tr c ti p gi a cc router c a khch hng.
Khi Frame Relay v ATM cung c p cho khch hng cc m ng ring, nh cung c p khng th tham gia vo vi c nh tuy n khch hng. Cc nh cung c p d ch v ch v n chuy n d li u qua cc k t n i point-to-point o. Nh v y nh cung c p ch cung c p cho khch hng k t n i o t i l p 2; l m hnh Overlay. N u m ch o l c nh, s n sng cho khch hng s d ng m i lc th c g i l m ch o c nh (PVC permanent virtual circuit). N u m ch o c thi t l p theo yu c u (on-demand) th c g i l m ch o chuy n i (SVC switch virtual circuit). H n ch chnh c a m hnh Overlay l cc m ch o c a cc site khch hng k t n i d ng full mesh (ngo i tr tri n khai d ng hub-and-spoke hay partial hub-and-spoke). N u c N site khch hng th t ng s l ng m ch o c n thi t cho vi c t i u nh tuy n l N(N-1)/2.
Tr n Th T Uyn
28
M hnh ngang c p (peer-to-peer) c pht tri n kh c ph c nh c i m c a m hnh Overlay v cung c p cho khch hng c ch v n chuy n t i u qua SP backbone. Do nh cung c p d ch v c th tham gia vo vi c nh tuy n c a khch hng. Trong m hnh peer-to-peer, thng tin nh tuy n c trao i gi a cc router khch hng v cc router c a nh cung c p d ch v , d li u c a khch hng c v n chuy n qua m ng li c a nh cung c p. Thng tin nh tuy n c a khch hng c mang gi a cc router trong m ng c a nh cung c p (P v PE), v m ng khch hng (cc CE router). M hnh ny khng yu c u t o ra m ch o. Quan st hnh trn ta th y, cc CE router trao i tuy n v i cc router PE trong SP domain. Thng tin nh tuy n c a khch hng c qu ng b qua SP backbone gi a cc PE v P v xc nh c ng i t i u t m t site khch hng n m t site khc. Vi c pht hi n cc thng tin nh tuy n ring c a khc hng t c b ng cch th c hi n l c gi t i cc router k t n i v i m ng khch hng. a ch IP c a khch hng do nh cung c p ki m sot. Ti n trnh ny xem nh l th c thi cc PE peer-topeer chia s (shared PE peer-to-peer). Hnh sau m t nh ng vi c tri n khai m hnh peer-to-peer.
Tr n Th T Uyn
29
Ki n trc v thu t ng trong MPLS VPN Trong ki n trc m ng MPLS VPN, cc router bin mang thng tin nh tuy n khch hng, cung c p nh tuy n t i u cho lu l ng gi a cc site c a khch hng. M hnh MPLS-based VPN cng gip cho khch hng s d ng khng gian a ch trng l p (overlapping address spaces), khng gi ng nh m hnh peer-to-peer truy n th ng trong vi c nh tuy n lu l ng khch hng yu c u nh cung c p ph i gn a ch IP ring cho m i khch hng (ho c khch hng ph i th c hin NAT) trnh trng l p khng gian a ch . MPLS VPN l m t d ng th c thi y c a m hnh peer-to-peer; MPLS VPN backbone v cc site khch hng trao i thng tin nh tuy n l p 3, v d li u c chuy n ti p gi a cc site khch hng s d ng MPLS-enable SP IP backbone. Mi n (domain) MPLS VPN, gi ng nh VPN truy n th ng, g m m ng c a khch hng v m ng c a nh cung c p. M hnh MPLS VPN gi ng v i m hnh router PE dnh ring (dedicated PE router model) trong cc d ng th c thi VPN ngang c p peer-to-peer VPN. Tuy nhin, thay v tri n khai cc router PE khc nhau cho t ng khch hng, lu l ng khch hng c tch ring trn cng router PE nh m cung c p kh nng k t n i vo m ng c a nh cung c p cho nhi u khch hng. Cc thnh ph n c a m t MPLS VPN c trnh by trong hnh sau:
Cc thnh ph n chnh c a ki n trc MPLS VPN:
M ng khch hng th ng l mi n i u khi n c a khch hng g m cc thi t b hay cc router tr i r ng trn nhi u site c a cng m t khch hng. Cc router CE l nh ng router trong m ng khch hng giao ti p v i m ng c a nh cung c p. hnh trn, m ng khch hng c a CustomerA g m cc router CE1-A, CE2-A v cc thi t b trong Site 1 v Site 2 c a CustomerA. Cc router CE c a Customer A l CE1-A v CE2-A, v router CE c a Customer B l CE1-B v CE2-B.
Tr n Th T Uyn 30
M ng c a nh cung c p mi n thu c i u khi n c a nh cung c p g m cc router bin (edge) v li (core) k t n i cc site thu c vo cc khch hng trong m t h t ng m ng chia s . Cc router PE l cc router trong m ng c a nh cung c p giao ti p v i router bin c a khch hng. Cc router P router trong li c a m ng, giao ti p v i cc router li khc ho c router bin c a nh cung c p. Trong hnh trn, m ng c a nh cung c p g m cc router PE1, PE2, P1, P2, P3, v P4. PE1 v PE2 l router bin c a nh cung c p trong mi n MPLS VPN cho khch hng A v B. Router P1, P2, P3 v P4 l cc router nh cung c p (provider router). M hnh nh tuy n MPLS VPN MPLS VPN gi ng nh m hnh m ng ngang c p v i router dnh ring. T m t router CE, ch c p nh t IPv4, d li u c chuy n ti p n router PE. CE khng c n b t k m t c u hnh ring bi t no cho php n tham gia vo mi n MPLS VPN. Yu c u duy nh t trn CE l m t giao th c nh tuy n (hay tuy n tnh(static)/tuy n ng m nh (default)) cho php n trao i thng tin nh tuy n IPv4 v i cc router PE. Trong m hnh MPLS VPN, router PE th c hi n r t nhi u ch c nng. Tr c tin n ph i phn tch lu l ng khch hng n u c nhi u hn m t khch hng k t n i t i n. V th , m i khch hng c g n v i m t b ng nh tuy n c l p. nh tuy n qua SP backbone th c hi n b ng m t ti n trnh nh tuy n trong b ng nh tuy n ton c c. Router P cung c p chuy n m ch nhn gi a cc router bin c a nh cung c p v khng bi t n cc tuy n VPN. Cc router CE trong m ng khch hng khng nh n bi t c cc router P v do c u trc m ng n i b c a m ng SP trong su t i v i khch hng. Hnh sau m t ch c nng c a router PE.
Khch hng c phn bi t trn router PE b ng cc b ng nh tuy n o (virtual routing tables) ho c cc instance, cn c g i l VRF (virtual routing and forwarding tables/instances). Th c ch t n gi ng nh duy tr nhi u router ring bi t cho cc khch hng k t n i vo m ng c a nh cung c p. ch c nng c a VRF gi ng nh m t b n nh tuy n ton c c, ngo i tr vi c n ch a m i tuy n lin quan n m t VPN c th . VRF cng ch a m t b ng chuy n ti p CEF cho VRF ring bi t (VRFspecific CEF forwarding table) tng ng v i b ng CEF ton c c xc nh cc yu c u k t n i v cc giao th c cho m i site khch hng k t n i trn m t router PE. VRF xc nh b i c nh (context) giao th c nh tuy n tham gia vo m t VPN c th cng nh giao ti p trn router PE c c b tham gia vo VPN, ngha l s d ng VRF. Giao ti p tham gia vo VRF ph i h tr chuy n m ch CEF. M t VRF c th g m m t giao ti p (logical hay physical) ho c nhi u giao ti p trn m t router.
VRF - Virtual Routing and Forwarding Table
Tr n Th T Uyn
31
VRF ch a m t b ng nh tuy n IP tng ng v i b ng nh tuy n IP ton c c, m t b ng CEF, li t k cc giao ti p tham gia vo VRF, v m t t p h p cc nguyn t c xc nh giao th c nh tuy n trao i v i cc router CE (routing protocol contexts). VRF cn ch a cc nh danh VPN (VPN identifier) nh thng tin thnh vin VPN (RD v RT). Hnh sau cho th y ch c nng c a VRF trn m t touter PE th c hi n tch tuy n khch hng.
Cisco IOS h tr cc giao th c nh tuy n khc nhau nh nh ng ti n trnh nh tuy n ring bi t (OSPF, EIGRP,) trn router. Tuy nhin, m t s giao th c nh RIP v BGP, IOS ch h tr m t instance c a giao th c nh tuy n. Do , th c thi nh tuy n VRF b ng cc giao th c ny ph i tch ring hon ton cc VRF v i nhau. B i c nh nh tuy n (routing context) c thi t k h tr cc b n sao c a cng giao th c nh tuy n VPN PE-CE. Cc b i c nh nh tuy n ny c th c th c thi nh cc ti n trnh ring bi t (OSPF), hay nh nhi u instance c a cng m t giao th c nh tuy n (BGP, RIP, ). N u nhi u instance c a cng m t giao th c nh tuy n c s d ng th m i instance c m t t p cc tham s c a ring n. Hi n t i, Cisco IOS h tr RIPv2, EIGRP, BGPv4 (nhi u instance), v OSPFv2 (nhi u ti n trnh) c dng cho VRF trao i thng tin nh tuy n gi a CE v PE. Ch : cc giao ti p VRF c th l lu n l (logical) ho c v t l (physical) nhng m i giao ti p ch c gn v i m t VRF.
Route Distinguisher, Route Targets, MP-BGP, v Address Families Trong m hnh MPLS VPN, router PE phn bi t cc khch hng b ng VRF. Tuy nhin, thng tin ny c n c mang theo gi a cc router PE cho php truy n d li u gi a cc site khch hng qua MPLS VPN backbone. Router PE ph i c kh nng th c thi cc ti n trnh cho php cc m ng khch hng k t n i vo c khng gian a ch trng l p (overlapping address spaces). Router PE h c cc tuy n ny t cc m ng khch hng v qu ng b thng tin ny b ng m ng tr c chia s c a nh cung c p (shared provider backbone). i u ny th c hi n b ng vi c k t h p v i RD (route distinguisher) trong b ng nh tuy n o (virtual routing table) trn m t router PE. RD l m t nh danh 64-bit duy nh t, thm vo tr c 32-bit a ch tuy n c h c t router CE t o thnh a ch 96-bit duy nh t c th c chuy n v n gi a cc router PE trong mi n MPLS. Do ch duy nh t m t RD c c u hnh cho 1 VRF trn router
Tr n Th T Uyn 32
PE. a ch 96-bit cu i cng (t ng h p c a 32-bit c g i l m t a ch VPNv4.
a ch khch hng v 64-bit RD)
a ch VPNv4 trao i gi a cc router PE trong m ng nh cung c p. RD c th c hai nh d ng: d ng a ch IP ho c ch s AS. Hnh bn d i cho th y hai khch hng c a ch m ng gi ng nhau, 172.16.10.0/24, c phn bi t nh vo cc gi tr RD khc nhau, 1:100 v 1:101, u tin qu ng b a ch VPNv4 trn router PE.
M t phin lm vi c MP-BGP gi a cc PE trong m t BGP AS c g i l MP-iBGP session v km theo cc nguyn t c th c thi c a iBGP lin quan n thu c tnh c a BGP (BGP attributes). N u VPN m r ng ra kh i ph m vi m t AS, cc VPNv4 s trao i gi a cc AS t i bin b ng MP-eBGP session.
Giao th c dng trao i cc tuy n VPNv4 gi a cc PE l multiprotocol BGP (MPBGP). IGP yu c u duy tr iBGP (internal BGP) khi th c thi MPLS VPN. Do , PE ph i ch y m t IGP cung c p thng tin NLRI cho iBGP n u c hai PE cng trong m t AS. Hi n t i, Cisco h tr c OSPFv2 v ISIS trong m ng nh cung c p nh l IGP. MP-BGP cng ch u trch nhi m ch nh nhn VPN. Kh nng m r ng l l do chnh ch n BGP lm giao th c mang thng tin nh tuy n khch hng. Hn n a, BGP cho php s d ng a ch VPNv4 trong mi tr ng MPLS VPN v i dy a ch trng l p cho nhi u khch hng.
Route targets (RT) l nh ng nh danh dng trong MPLS VPN domain khi tri n khai MPLS VPN nh m xc nh thnh vin VPN c a cc tuy n c h c t cc site c th . RT c th c thi b i cc BGP community m r ng s d ng 16 bit cao c a BGP ecxtended community (64 bit) m ha v i m t ga tr tng ng v i thnh vin VPN c a site c th . Khi m t tuy n VPN h c t m t CE chn vo VPNv4 BGP, m t danh sch cc thu c tnh community m r ng cho VPN router target c k t h p v i n. Export RT dng xc nh thnh vin VPN v c k t l p v i m i VRF. Export RT c n i thm vo a ch khch hng khi chuy n thnh a ch VPNv4 b i PE v qu ng b trong cc c p nh t MP-BGP. Import RT k t h p v i m i VRF v xc nh cc tuy n VPNv4 c thm vo VRF cho khch hng c th . nh d ng c a RT
Tr n Th T Uyn 33
gi ng nh gi tr RD. S tng tc c a RT v gi tr RD trong MPLS VPN domain khi c p nh t c chuy n thnh c p nh t MP-BGP nh hnh sau.
Khi th c thi cc c u trc m ng VPN ph c t p (nh: extranet VPN, Internet access VPNs, network management VPN,) s d ng cng ngh MPLS VPN th RT gi vai tr n ng c t. M t a ch m ng c th c k t h p v i m t ho c nhi u export RT khi qu ng b qua m ng MPLS VPN. Nh v y, RT c th k t h p v i nhi u site thnh vin c a nhi u VPN. M ng 172.16.10.0/24 c nh n t CE1-A, tham gia vo VRF CustomerA trn PE1AS1. PE1 k t h p m t gi tr RD 1:100 v m t gi tr export RT 1:100 khi c u hnh cho VRF trn router PE1-AS1. Cc tuy n h c t CE1-A c phn ph i vo ti n trnh MP-BGP trn PE1-AS1 v i prefix 172.16.10.0/24 v thm vo u gi tr RD 1:100 v n i thm export RT 1:100 g i i a ch VPNv4 khi tham gia c p nh t MPiBGP gi a cc PE. Nhn VPN (3 byte) c gn cho m i a ch h c t cc ti n trnh c a CE k t n i trong m t VRF t ti n trnh MP-BGP c a PE. MP-BGP ch y trong mi n MPLS c a nh cung c p d ch v nn mang theo a ch VPNv4 (Ipv4 + RD) v BGP RT. Lu : RT l c u hnh b t bu c trong m t MPLS VPN cho m i VRF trn m t router, gi tr RT c th c dng th c thi trn c u trc m ng VPN ph c t p, trong m t site c th tham gia vo nhi u VPN. Gi tr RT cn c th dng ch n tuy n nh p vo VRF khi cc tuy n VPNv4 c h c trong cc c p nh t MP-iBGP. Nhn VPN ch c hi u b i egress PE (m t ph ng d li u) k t n i tr c ti p v i CE qu ng b m ng . Cc tr m k (next hop) ph i c h c t IGP khi th c thi MPLS VPN ch khng ph i qu ng co t ti n trnh BGP. Trong hnh trn nhn VPN c m t b ng tr ng V1 v V2. Cc ti n trnh x y ra trong su t qu trnh qu ng b tuy n hnh trn nh sau:
Tr n Th T Uyn
34
C p nh t MP-BGP c nh n b i PE2 v tuy n c lu tr trong b ng VRF tng ng cho Customer A d a trn nhn VPN. Cc tuy n MP-BGP nh n c c phn ph i vo cc ti n trnh nh tuy n VRF PE-CE, v tuy n c qu ng b t i CE2-A. Cc thu c tnh commynity BGP m r ng khc nh SoO (site of origin) c th dng ch y u trong qu ng b c p nh t MP-iBGP. Thu c tnh SoO c dng xc nh site c th t tuy n h c c c a PE v ng d ng trong vi c ch ng vng l p tuy n (routing loop) v n xc nh c ngu n c a site nn c th ngn vi c qu ng co l i m ng cho site g i qu ng co . SoO xc nh duy nh t m t site t m t tuy n m PE h c c. SoO cho php l c lu l ng d a trn site m lu l ng xu t pht. Kh nng l c c a SoO gip qu n tr lu l ng MPLS VPN v ch ng vng l p tuy n x y ra trong c u trc m ng h n h p v ph c t p, cc site khch hng trong c th x l cc k t n i qua MPLS VPN backbone nh cc k t n i c a sau (backdoor link) gi a cc site. Khi th c thi m t MPLS VPN, m i VPN site thu c vo m t khch hng c th lin l c v i m i site trong cng mi n c a khch hng c g i l VPN n gi n hay intranet VPN. RT c th c s d ng th c hi n c u trc VPN ph c t p, cc site c a m t khch hng c th truy c p n site c a cc khch hng khc. D ng th c thi ny c g i l extranet VPN. Cc bi n th c a extranet VPN nh network management VPN, central services VPN v Internet access VPN c th c tri n khai. Address family l m t khi ni m quan tr ng trong ho t ng c a MP-BGP cho php chuy n v n cc tuy n VPNv4 v i cc thu c tnh community m r ng. Theo RFC 2283 Multiprotocol Extensions for BGP-4, BGPv4 ch c kh nng mang thng tin nh tuy n thu c vo IPv4. BGP-4 c th mang thng tin c a nhi u giao th c l p m ng. BGP-4 h tr nh tuy n cho nhi u giao th c l p m ng, BGP-4 ph i ng k (account) m t giao th c l p m ng c th lin quan m t tr m k (next hop) nh NLRI (network layer reachability information). Hai thu c tnh m i c thm vo c a BGP l MP_REACH_NLRI (Multiprotocol Reachable NLRI ) v MP_UNREACH_NLRI (Multiprotocol Unreachable NLRI). MP_REACH_NLRI mang m t t p cc ch n c (reachable destination) v i thng tin tr m k c dng chuy n ti p cho cc ch n ny. MP_UNEACH_NLRI mang m t t p cc ch khng n c. C hai thu c tnh ny l optional v nontransitive. V th , m t BGP speaker khng h tr tnh nng a giao th c ny s b qua thng tin c mang trong cc thu c tnh ny v s khng chuy n n n cc BGP speaker khc.
M t address family l m t giao th c l p m ng c nh ngha. M t nh danh h a ch (AFI address family identifier) mang m t nh danh c a giao th c l p m ng k t h p v i a ch m ng trong thu c tnh a giao th c c a BGP. AFI cho cc giao th c l p m ng c xc nh trong RFC 1700, Assigned Numbers.
PE th c ch t l m t LER bin (Edge LSR) v th c hi n t t c ch c nng c a m t Edge LSR. PE yu c u LDP cho vi c gn v phn ph i nhn cng nh chuy n ti p cc gi c g n nhn. C ng thm cc ch c nng c a m t Edge LSR, PE th c thi m t giao th c nh tuy n (hay nh tuy n tnh) v i cc EC trong m t b ng nh tuy n o (virtual routing table) v yu c u MP-BGP qu ng b cc m ng h c c t CE nh cc VPNv4 trong MP-iBGP n cc PE khc b ng nhn VPN. Router P c n ch y m t IGP (OSPF ho c ISIS) khi MPLS cho php chuy n ti p cc gi c gn nhn (m t ph ng d li u data plane) gi a cc PE. IGP qu ng b cc NLRI n cc P v PE th c thi m t MPiBGP session gi a cc PE (m t ph ng i u khi n control plane). LDP ch y trn cc router P gn v phn ph i nhn.
Tr n Th T Uyn
35
Ho t
ng c a m t ph ng i u khi n MPLS VPN
M t ph ng i u khi n trong MPLS VPN ch a m i thng tin nh tuy n l p 3 v cc ti n trnh trao i thng tin c a cc IP prefix c gn v phn ph i nhn b ng LDP. M t ph ng d li u th c hi n ch c nng chuy n ti p cc gi IP c gn nhn n tr m k v ch. Hnh sau cho th y s tng tc c a cc giao th c trong m t ph ng i u khi n c a MPLS VPN.
Cc router CE c k t n i v i cc PE, v m t IGP, BGP, hay tuy n tnh (static route) c yu c u trn cc CE cng v i cc PE thu th p v qu ng co thng tin NLRI. Trong MPLS VPN backbone g m cc router P v PE, m t IGP k t h p v i LDP c s d ng gi a cc PE v P. LDP dng phn ph i nhn trong m t MPLS domain. IGP dng trao i thng tin NLRI, nh x (map) cc NLRI ny vo MPBGP. MP-BGP c duy tr gi a cc PE trong m t mi n MPLS VPN v trao i c p nh t MP-BGP. Cc gi t CE n PE lun c qu ng b nh cc gi Ipv4. Ho t ph ng i u khi n MPLS VPN nh hnh sau: ng c a m t
Tr n Th T Uyn
36
Sau y l cc b c ho t ng c a m t ph ng i u khi n MPLS VPN (minh h a b ng hnh trn): C p nh t Ipv4 cho m ng 172.16.10.0 c nh n b i egress PE (m t ph ng d li u). PE1-AS1 nh n v v n chuy n tuy n Ipv4, 172.16.10.0/24, n m t tuy n VPNv4 g n v i RD 1:100, SoO, v RT 1:100 d a trn c u hnh VRF trn PE1-AS1. N nh v m t nhn VPNv4 V1 t i c p nh t 172.16.10.0/24 v vi t l i thu c tnh tr m k cho a ch 10.10.10.101 c a loopback0 trn PE1-AS1. S qu ng b nhn cho 10.10.10.101/32 t PE1-AS1 t i PE2-AS2 nhanh chng c thay th ngay khi m ng MPLS VPN c a nh cung c p c thi t l p v th c hi n qu ng b VPNv4 trong m ng. Cc b c sau th c hi n ti n trnh qu ng b nhn cho 10.10.10.101/32: 2a: Router PE2-AS1 yu c u m t nhn cho 10.10.10.101/32 s d ng LDP nh x nhn yu c u t lng gi ng xui dng (downstream neighbor) c a n, P1AS1. PE1-AS1 xc nh m t nhn implicit-null cho 10.10.10.101/32, ch nh s a m c trong LFIB lin quan n 10.10.10.101/32, v g i n P1-AS1 b ng LDP reply.
2b: P1-AS1 s d ng nhn implicit-null nh n c t PE1-AS1 lm gi tr nhn xu t (outbound label) c a n, xc nh m t nhn (L1) cho 10.10.10.101/32, v s a m c trong LFIB cho 10.10.10.101/32. Sau P1-AS1 g i gi tr nhn ny n P2-AS1 b ng LDP reply.
2c: P2-AS1 dng nhn L1 lm gi tr nhn xu t, xc nh nhn L2 cho 10.10.10.101/32, v s a m c trong LFIB cho 10.10.10.101/32. Sau P2-AS1 g i gi tr nhn ny n PE2-AS1 b ng LDP reply. PE1-AS1 c c u hnh VRF nh n cc tuy n v i RT 1:100 nn chuy n c p nh t VPNv4 thnh Ipv4 v chn tuy n trong VRF cho Customer A. Sau n qu ng b tuy n ny t i CE2-A. Ho t ng c a m t ph ng d li u MPLS VPN Vi c chuy n ti p trong m ng MPLS VPN i h i ph i dng ch ng nhn (label stack).
Nhn trn (top lable) c gn v hon i (swap) chuy n ti p gi d li u i trong li MPLS. Nhn th hai (nhn VPN) c k t h p v i VRF router PE chuy n ti p gi n cc CE. Hnh sau m t cc b c trong chuy n ti p d li u khch hng c a m t ph ng d li u t m t site khch hng CE2-A t i CE1-A trong h t ng m ng c a SP.
Tr n Th T Uyn
37
Khi d li u c chuy n ti p t i m t m ng c th d c theo m ng VPN qua li MPLS, ch c nhn trn (top lable) trong ch ng nhn b hon i (swap) khi gi i qua backbone. Nhn VPN v n gi nguyn v c bc ra khi n router PE ng ra (egress)/xui dng(downstream). M ng g n v i m t giao ti p ng ra thu c vo m t VRF c th trn router ph thu c vo gi tr c a nhn VPN. Sau y l nh ng b c trong v c chuy n ti p c a m t ph ng d li u minh h a cho hnh trn: CE2-A t o ra m t gi d li u v i a ch ngu n 172.16.20.1 v ch l 172.16.10.1. PE2-AS1 nh n gi d li u, thm vo nhn VPN V1 v nhn LDP L2 r i chuy n ti p gi n P2-AS1. P2-AS1 nh n gi d li u v chuy n i (swap) nhn LDP L2 thnh L1. P1-AS1 nh n gi d li u v bc (pop) nhn trn (top label) ra v n nh n m t nh x nhn implicit-null cho 10.10.10.101/32 t PE1-AS1. K t qu , gi c gn nhn (nhn VPN l V1) c chuy n ti p n PE1-AS1. PE1-AS1 bc nhn VPN V1 ra v chuy n ti p gi d li u n CE1-A ni c a ch m ng 172.16.10.0 c nh v . C u hnh MPLS VPN c b n M t
C u hnh cho router CE C u hnh trao i tuy n gi a PE v CE bao g m vi c th c thi m t giao th c nh tuy n (hay tuy n tnh (static)/ng m nh (default)) trn cc router CE. C u hnh theo cch c a m t giao th c nh tuy n thng th ng. Trn PE, b i c nh nh tuy n (routing context) VRF (hay cc b i c nh h a ch (address family context)) c yu c u trao i tuy n gi a PE v CE. Cc tuy n ny sau c phn ph i l n nhau nh co ti n trnh MP-BGP trn VRF. C u hnh chuy n ti p MPLS v nh danh VRF trn PE: C u hnh chuy n ti p MPLS l b c u tin xy d ng MPLS VPN backbone c a nh cung c p. Cc b c t i thi u c u hnh chuy n ti p MPLS trn PE nh sau: 1. Cho php CEF. 2. C u hnh giao th c nh tuy n IGP trn PE. 3. C u hnh MPLS hay chuy n ti p nhn trn giao ti p PE k t n i v i P. nh ng chng tr c nn y ta ch quan tm
Cc b c ny c gi i quy t n c u hnh nh danh VRF.

Tr n Th T Uyn
38
C u hnh VRF trn PE
C u hnh VRF CustomerA trn PE1-AS1 v PE2-AS1 t o b ng nh tuy n VRF v b ng CEF cho CustomerA. RouterPE(config)#ip vrf CustomerA Xa m t VRF : RouterPE(config-vrf)#no ip vrf CustomerA Ch : khi t o ho c xa m t VRF s lm m t i a ch ip trn giao ti p. Khi xu t hi n thng i p : % IP addresses from all interfaces in VRF CustomerA have been removed
C u hnh RD
RD t o b ng chuy n ti p v nh tuy n. RD c thm vo u a ch Ipv4 c a khch hng chuy n chng thnh a ch VPNv4 duy nh t. C u hnh thng s RD c a VRF: RouterPE(config-vrf)#rd route-distinguisher RD c th c dng theo cc d ng sau: Ch s AS-16 bit : ch s 32 bit (v d : 1:100) a ch IP 32 bit : ch s 16 bit (v d : 10.10.10.101:1) RD ch thay i khi xa VRF i. RD l duy nh t cho m t VRF c th . Khng c hai VRF trn m t router m cng gi tr RD. N u thi t l p cng RD cho nhi u VRF trn m t router s c thng i p c nh bo sau: % Cannot set RD, check if it's unique C u hnh chnh sch nh p (import) v xu t (export)
Tr n Th T Uyn
39
C u hnh chnh sch nh p v xu t cho cc community m r ng c a MP-BGP. Chnh sch ny dng l c tuy n cho RT c th . Router(config-vrf)#route-target {import | export | both} route-target-ext-community K t h p VRF v i giao ti p. N u trn giao ti p c u hnh s n a ch IP th vi c k t h p ny s lm m t trn giao ti p nn ph i c u hnh l i. V d : PE1-AS1(config)#interface serial4/0 PE1-AS1(config-if)#ip add 172.16.1.1 255.255.255.252 PE1-AS1(config-if)# ip vrf forwarding CustomerA
a ch IP
% Interface Serial4/0 IP address 172.16.1.1 removed due to enabling VRF CustomerA PE1-AS1(config-if)#ip add 172.16.1.1 255.255.255.252 Ki m ch ng c u hnh VRF trn PE: Ki m tra s t n t i c a VRF trn giao ti p Router#show ip vrf Li t k cc giao ti p ho t ng trong m t VRF c th Router#show ip vrf interfaces C u hnh nh tuy n BGP PE-PE trn router PE: C u hnh nh tuy n BGP PE-PE l b c k ti p trong vi c tri n khai m t MPLS VPN. M c ch c a b c ny l ch c r ng cc tuy n VPNv4 c th c chuy n v n qua m ng tr c c a nh cung c p b ng MP-iBGP. Router P l trong su t i v i ti n trnh ny nn n khng mang b t k tuy n no c a khch hng. Cc b c c u hnh tuy n BGP PE-PE gi a cc PE nh s sau.
Tr n Th T Uyn
40
C u hnh nh tuy n BGP trn PE. Cho php BGP v xc AS1 v PE2-AS1. Router(config)#router bgp as-number
nh AS trn router PE1-
C u hnh lng gi ng cho MP-iBGP: Router(config-router)#neighbor {ip-address | peer-group-name} remote-as as-number C u hnh h a ch VPNv4 (VPNv4 address family): C u hnh trong ti n trnh c a BGP, cho php a ch VPNv4 ho t ng tn cc lng gi ng. Kch ho t cc lng gi ng iBGP chuy n v n a ch VPNv4 qua m ng tr c c a nh cung c p d ch v . Router(config-router)#address-family vpnv4 Router(config-router-af)#neighbor {ip-address | peer-group-name | ipv6address} activate Router(config-router-af)#neighbor {ip-address | peer-group-name | ipv6address} send-community extended C u hnh h a ch Ipv4: PE1-AS1(config-router)#address-family ipv4 vrf CustomerA PE1-AS1(config-router-af)# redistribute connected PE1-AS1(config-router-af)# exit-address-family Ki m ch ng v gim st nh tuy n BGP PE-PE trn router PE: S d ng cc l nh sau: show ip bgp vpnv4 * summary show IP bgp vpnv4 all show ip bgp summary show ip bgp neighbor ip-address
Tr n Th T Uyn
41
C u hnh trn router P: Router P l m t LSR c a m ng MPLS, nn ch c n c u hnh cc ch c nng sau : Cho php m t giao th c IGP. Cho php CEF trn m i giao ti p chuy n ti p MPLS. C u hnh LDP gn v phn ph i nhn.
Tr n Th T Uyn
42
Chng 4: GIAO TH C
Giao th c nh tuy n EIGRP PE-CE
NH TUY N EIGRP PE-CE
Giao th c nh tuy n EIGRP PE-CE c nh cung c p d ch v s d ng i v i cc khch hng s d ng EIGRP lm giao th c nh tuy n IGP, v th nn dng EIGRP trao i thng tin nh tuy n gi a cc site c a khch hng qua m t MPLS VPN backbone. Trong mi tr ng MPLS VPN EIGRP metric ph i c mang vo cc c p nh t MP-BGP (MP-BGP update). Cc thu c tnh BGP extended community gi nhi m v mang v gi nguyn metric EIGRP khi i qua MP-iBGP domain. Cc community ny xc nh cc c tnh b n ch t lin quan n EIGRP nh ch s AS hay EIGRP cost nh bng thng (bandwidth), tr (delay), t i (load), tin c y (reliability), v MTU. B ng sau m t su lo i extended BGP community c nh ngha mang theo cc tuy n EIGRP qua MPLS backbone b ng MP-BGP. EIGRP Attribute Type Usage Value
General
0x8800 EIGRP General Route Information
Route Flag and Tag
Metric
0x8801 EIGRP Route Metric Information and AS
AS and Delay
0x8802 EIGRP Route Metric Information
Reliability, Next Hop, and Bandwidth
0x8803 EIGRP Route Metric Information
Reserve, Load, and Maximum Transmission Unit (MTU)
0x8804 EIGRP External Route Information
Remote AS and Remote ID
External
0x8805 EIGRP External Route Information
Remote Protocol and Remote Metric
Hnh sau m t chi ti t cc thu c tnh extended BGP community g n v i cc tuy n 192.168.20.0 v 192.168.99.0.
Tr n Th T Uyn
43
Qu ng b tuy n EIGRP Vi c qu ng b tuy n trong m ng MPLS VPN s d ng nh tuy n EIGRP PE-CE d a trn EIGRP AS c c u hnh trn router PE. Trong mi tr ng MPLS VPN, EIGRP AS c th gi ng ho c khc nhau trn m i router PE. Qu ng b tuy n khi EIGRP AS gi ng nhau trn m i PE:
Hnh bn d i m t m t m ng MPLS VPN cung c p cc d ch v MPLS VPN cho Customer A. PE1-AS1 v PE2-AS1 c c u hnh v i EIGRP AS 101.
Trnh t th c hi n khi CE2-A g i 172.16.20.0 v 209.165.201.0 t i CE1-A: (1) CE2-A redistribute m ng OSPF 209.165.127.0/27 (D EX) v 172.16.20.0/24 (D) cho PE2-AS1.
Tr n Th T Uyn
44
(2) B ng nh tuy n VRF Cust_A trn PE2-AS1 nh n 172.16.20.0/24 v i EIGRP metric 2195456 v 209.165.127.0/27 v i EIGRP metric 3097600. (3) EIGRP metric cho 172.16.20.0 v 209.165.127.0 c sao chp vo extended BGP attribute nh BGP MED, cc communitie ny ch a thng tin EIGRP nh AS, MTU, route type, km theo cc tuy n EIGRP c redistribute vo MP-BGP. Sau cc tuy n 172.16.20.0 v 209.165.127.0 c qu ng b t i PE1-AS1 b ng MP-iBGP session. (4) PE1-AS1 nh n cc tuy n BGP VPNv4 172.16.20.0/24 v 209.165.127.0/27 t PE2-AS1. EIGRP metric c a cc tuy n ny khng b thay i khi i qua MPBGP backbone. (5) PE2-AS1 ki m tra cc thu c tnh nh n c trong tuy n v n u route type l internal (n u bit MSB trong BGP extended community c thi t l p b ng 0x8800) v AS ngu n trng kh p v i AS trn router nh n th tuy n c qu ng b nh m t tuy n n i EIGRP (EIGRP internal route). N u route type l external (bit MSB c thi t l p b ng 0x8800) th tuy n c qu ng b t i CE l m t tuy n ngo i EIGRP (external EIGRP route). PE1-AS1 s d ng thng tin thu c tnh extended community c u trc l i c p nh t tuy n EIGRP g c khi redistribute t MP-BGP vo EIGRP. D ng ny ch c th c hi n EIGRP AS c a PE2-AS1 v PE1-AS1 b ng nhau. Cc PE ho t ng nh l cc EIGRP query boundary. Trong tr ng h p ny, AS 101 trng kh p v i AS c a PE1-AS1 nn 172.16.20.0/24 c qu ng b l EIGRP internal route v 209.165.127.0/27 c qu ng b l m t external route t i CE1-A. (6) CE1-A nh n 172.16.20.0 v 209.165.127.0.
N u hai EIGRP AS khc nhau, cc nguyn t c redistribute bnh th ng c p d ng. Ngha l, cc external EIGRP route c t o ra khi cc tuy n c a khch hng c redistribute vo EIGRP t cc c p nh t MP-BGP. Hnh sau m t m t m ng MPLS VPN s d ng cc EIGRP AS khc nhau trn cc PE. V MPLS backbone l trong su t i v i giao th c nh tuy n CE nn khng c EIGRP adjacency hay c p nh t EIGRP (EIGRP update) v cc query g i qua cc PE.
Qu ng b tuy n khi EIGRP AS khc nhau trn cc router PE:
Trnh t th c hi n t b c (1) t i (4) gi ng nh ph n Qu ng b tuy n khi EIGRP AS gi ng nhau trn m i PE ngo i tr cc m ng 192.168.99.0 v 192.168.20.0 v metric:
Tr n Th T Uyn
45
(1) PE2-AS1 ki m tra cc thu c tnh nh n c trong tuy n v n u route type l internal v AS ngu n khng trng kh p hay n u route type l external, tuy n c qu ng b t i CE thnh m t external EIGRP route. Tuy n s khng s d ng thng tin extended community v khng xu t pht cng AS. Route type cho 192.168.20.0 l internal v AS ngu n l 202 khng trng kh p v i c u hnh trn PE1-AS1 (201). Do , PE1-AS1 qu ng b thnh m t external route t i CE1-A. Route type c a 192.168.99.0 l external nn v th c hai tuy n c qu ng b l external route t i CE1-A. (2) CE1-A nh n cc tuy n 192.168.20.0/24 v 192.168.99.0/24 l cc external route. S c u hnh nh tuy n EIGRP PE-CE
C n lu cc i m sau:
Ch VRF.
c u hnh address family c s d ng khi c u hnh EIGRP AS cho
cho php s d ng m t ti n trnh EIGRP n (single EIGRP process), EIGRP AS ph i c c u hnh trong ch EIGRP address family. nh s
Cc b c c u hnh khc gi ng nh c u hnh EIGRP bnh th ng, metric m c c gn khi redistribute cc tuy n khng ph i l EIGRP (non-EIGRP route). LAB 4-1: C u hnh
nh tuy n EIGRP PE-CE c b n
M t M c tiu c a bi lab ny l minh h a c u hnh EIGRP PE-CE, vi c qu ng b tuy n EIGRP khi cc PE thu c vo cng EIGRP AS v khc EIGRP AS v i m t VRF. Hnh
Tr n Th T Uyn
46
sau cho th y m t MPLS VPN cung c p cc d ch v MPLS VPN cho cc site c a Customer A v Customer B. M ng c a Customer A Customer A c CE1-A v CE2-A trong cng VPN-A v cng thu c EIGRP AS 101. EIGRP AS 101 c c u hnh cho VRF CustomerA trn PE1-AS1 v PE2-AS1. M ng c a Customer B Customer B c CE1-B v CE2-B trong cng VPN-B v thu c hai EIGRP AS khc nhau, 201 v 202. PE1-AS1 v PE2-AS1 c u hnh hai EIGRP AS, 201 v 202, cho VRF CustomerB.
Th c hi n Cc b c c u hnh nh tuy n EIGRP PE-CE nh sau: nh tuy n EIGRP ton c c. (1) Cho php ti n trnh
Cho php ti n trnh nh tuy n EIGRP ton c c (global EIGRP routing process) trn cc router PE, PE1-AS1 v PE2-AS1.
Tr n Th T Uyn
47
(2)
nh ng c nh (context) v cc thng s (parameter) cho EIGRP. Cho php cc m ng c
nh tuy n VRF
nh ng c nh nh tuy n cho VRF CustomerA v CustomerB trong ti n trnh EIGRP b c 1. nh tuy n EIGRP
Cho php m t ti n trnh EIGRP c s d ng, EIGRP AS ph i c c u hnh trong ch c u hnh EIGRP address family. Nhi u VRF c th s d ng cng m t gi tr EIGRP AS.
C u hnh no auto-summary.
Th c hi n c u hnh cho hai b c (1) v (2): PE1-AS1(config)#router eigrp 1 PE1-AS1(config-router)#address-family ipv4 vrf CustomerB PE1-AS1(config-router-af)# network 172.16.0.0 PE1-AS1(config-router-af)# no auto-summary PE1-AS1(config-router-af)# autonomous-system 201 PE1-AS1(config-router-af)# exit-address-family PE2-AS1(config)#router eigrp 1 PE2-AS1(config-router)# address-family ipv4 vrf CustomerB PE2-AS1(config-router-af)# network 172.16.0.0 PE2-AS1(config-router-af)# no auto-summary PE2-AS1(config-router-af)# autonomous-system 202 PE2-AS1(config-router-af)# exit-address-family Th c hi n tng t cho CustomerA. (3) Redistribute cc tuy n BGP VPNv4 vo EIGRP. PE1-AS1(config)#router eigrp 1 PE1-AS1(config-router)# address-family ipv4 vrf Cust_A PE1-AS1(config-router-af)# redistribute bgp 1 metric 1000 100 255 1 1500 (4) Redistribute cc tuy n EIGRP vo BGP. PE1-AS1(config)#router bgp 1 PE1-AS1(config-router)#address-family ipv4 vrf Cust_A PE1-AS1(config-router-af)#redistribute eigrp 101 PE2-AS1(config)#router bgp 1 PE2-AS1(config-router)# address-family ipv4 vrf Cust_A PE2-AS1(config-router-af)# redistribute eigrp 101 Th c hi n tng t hon thnh c u hnh cho VRF CustomerA v CustomerB trn cc router PE. C u hnh Router P1-AS1
! hostname P1-AS1 ! ip subnet-zero !

Tr n Th T Uyn 48
ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 description Connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252 tag-switching ip ! interface Serial0/1 description Connected to PE2-AS1 ip address 10.10.10.6 255.255.255.252 tag-switching ip ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip http server ip classless ! end Router PE1-AS1
! hostname PE1-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf CustomerB rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/0 description Connected to P1-AS1 ip address 10.10.10.1 255.255.255.252
Tr n Th T Uyn
49
tag-switching ip clockrate 64000 no fair-queue ! interface Serial1/1 description Connected to CE1-A ip vrf forwarding CustomerA ip address 172.16.1.1 255.255.255.252 clockrate 64000 ! interface Serial1/3 description Connected to CE1-B ip vrf forwarding CustomerB ip address 192.168.1.1 255.255.255.252 tag-switching ip ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerB redistribute bgp 1 metric 1000 100 255 1 1500 network 192.168.1.0 no auto-summary autonomous-system 201 exit-address-family ! address-family ipv4 vrf CustomerA redistribute bgp 1 metric 1000 100 255 1 1500 network 172.16.0.0 no auto-summary autonomous-system 101 exit-address-family ! router ospf 1 router-id 10.10.10.101 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community extended no auto-summary exit-address-family
Tr n Th T Uyn
50
! address-family ipv4 vrf CustomerB redistribute eigrp 201 no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf CustomerA redistribute eigrp 101 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router PE2-AS1
! hostname PE2-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf CustomerB rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Serial0/0 no ip address shutdown no fair-queue !
Tr n Th T Uyn
51
interface Serial0/1 description Connected to P1-AS1 ip address 10.10.10.5 255.255.255.252 tag-switching ip clockrate 64000 ! interface Serial1/2 description Connected to CE2-A ip vrf forwarding CustomerA ip address 172.16.2.1 255.255.255.252 ! interface Serial1/4 description Connected to CE2-B ip vrf forwarding CustomerB ip address 192.168.2.1 255.255.255.252 clockrate 64000 ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerB redistribute bgp 1 metric 1000 100 255 1 1500 network 192.168.2.0 no auto-summary autonomous-system 202 exit-address-family ! address-family ipv4 vrf CustomerA redistribute bgp 1 metric 1000 100 255 1 1500 network 172.16.0.0 no auto-summary autonomous-system 101 exit-address-family ! router ospf 1 router-id 10.10.10.102 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community extended no auto-summary
Tr n Th T Uyn
52
exit-address-family ! address-family ipv4 vrf CustomerB redistribute eigrp 202 no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf CustomerA redistribute eigrp 101 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router CE1-A
! hostname CE1-A ! ip subnet-zero ! interface Ethernet0/0 description VPN-A Site 1 network ip address 172.16.10.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 no fair-queue ! router eigrp 101 network 172.16.0.0 no auto-summary ! ip http server ip classless ! end Router CE2-A
! hostname CE2-A ! interface Ethernet0/0
Tr n Th T Uyn
53
description VPN-A Site 2 network ip address 172.16.20.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.2.2 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue clockrate 64000 ! router eigrp 101 network 172.16.0.0 no auto-summary ! ip classless ! end Router CE1-B
! hostname CE1-B ! ip subnet-zero ! interface Ethernet0/0 description VPN-B Site 1 network ip address 192.168.10.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 192.168.1.2 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue clockrate 64000 ! router eigrp 201 network 192.168.1.0 network 192.168.10.0 no auto-summary ! ip classless ! end Router CE2-B
Tr n Th T Uyn 54
! hostname CE2-B ! ip subnet-zero ! interface Ethernet0/0 description VPN-B Site 2 network ip address 192.168.20.1 255.255.255.0 no ip directed-broadcast no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 192.168.2.2 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue ! router eigrp 202 network 192.168.2.0 network 192.168.20.0 no auto-summary ! ip classless ! end Ki m tra Cc b c ki m tra nh tuy n EIGRP PE-CE nh sau: (1) Ki m tra quan h lng gi ng (neighbor) EIGRP trn cc router PE. PE1-AS1#show ip eigrp vrf CustomerA neighbors IP-EIGRP neighbors for process 201 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 192.168.1.2 Se1/3 12 05:27:05 214 1284 0 2 PE2-AS1#show ip eigrp vrf CustomerA neighbors IP-EIGRP neighbors for process 202 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 192.168.2.2 Se1/4 11 05:19:21 903 5000 0 2 (2) Ki m tra cc thu c tnh BGP m r ng g n v i tuy n 192.168.20.0 PE2-AS1#show ip bgp vpnv4 vrf CustomerB 192.168.20.1 BGP routing table entry for 1:200:192.168.20.0/24, version 9 Paths: (1 available, best #1, table CustomerB) Advertised to non peer-group peers: 10.10.10.101 Local
Tr n Th T Uyn 55
192.168.2.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:200 0x8800:32768:0 0x8801:202:537600 0x8802:62209:20000000 0x8803:62209:1500
PE1-AS1#show ip bgp vpnv4 vrf CustomerB 192.168.20.1 BGP routing table entry for 1:200:192.168.20.0/24, version 17 Paths: (1 available, best #1, table CustomerB) Not advertised to any peer Local 10.10.10.102 (metric 129) from 10.10.10.102 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, valid, internal, best Extended Community: RT:1:200 0x8800:32768:0 0x8801:202:537600 0x8802:62209:20000000 0x8803:62209:1500
Ta th y EIGRP metric khng domain.
i (metric 20537600) khi i qua MP-BGP
(3) Ki m vi c qu ng b tuy n EIGRP cho CustomerA. PE2-AS1#show ip route vrf CustomerA eigrp D 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks 172.16.20.0/24 [90/20537600] via 172.16.2.2, 05:18:44, Serial1/2
PE2-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.20.1 BGP routing table entry for 1:100:172.16.20.0/24, version 7 Paths: (1 available, best #1, table CustomerA) Advertised to non peer-group peers: 10.10.10.101 Local 172.16.2.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:62209:20000000 0x8803:62209:1500 PE1-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.20.1 BGP routing table entry for 1:100:172.16.10.0/24, version 7 Paths: (1 available, best #1, table CustomerA) Advertised to non peer-group peers: 10.10.10.102 Local 172.16.2.2 from 0.0.0.0 (10.10.10.101) Origin incomplete, metric 20537600, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:62209:20000000 0x8803:62209:1500 (4) Ki m tra cc tuy n EIGRP trn cc router CE CE1-A#show ip route eigrp
Tr n Th T Uyn
56
D D
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks 172.16.20.0/24 [90/21049600] via 172.16.1.1, 04:40:11, Serial0/0 172.16.2.0/30 [90/21024000] via 172.16.1.1, 04:40:11, Serial0/0
CE1-B#show ip route eigrp
D EX 192.168.20.0/24 [170/3097600] via 192.168.1.1, 04:38:14, Serial0/0 192.168.2.0/30 is subnetted, 1 subnets D EX 192.168.2.0 [170/3097600] via 192.168.1.1, 04:38:14, Serial0/0
(5) Ki m tra k t n i gi a cc site CE1-A#ping 172.16.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/117 ms CE1-B#ping 192.168.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/117 ms Vng l p tuy n (Routing loop) Routing loop c th x y ra trong cc tr ng h p sau: M t tuy n nh n c b i m t multihomed site t backbone qua m t k t n i m c th chuy n ti p ng c l i backbone qua k t n i khc. M t tuy n xu t pht t m t multihomed site v c g i t i backbone qua m t k t n i c th tr v t m t k t n i khc.
Multihomed Site g i l i cc tuy n cho Backbone
Hnh sau m t m t m ng MPLS VPN cho Customer A c 3 site, Site 1, Site 2 v Site 3. Site 3 l multihomed. Site 3 nh n c tuy n EIGRP 172.16.20.0/24 v redistribute l i vo backbone t i PE1-AS1.
Tr n Th T Uyn
57
Th t th c hi n khi tuy n EIGRP c g i l i vo backbone nh sau: (1) 172.16.20.0/24 c qu ng b l internal route t i PE2-AS1. (2) PE2-AS1 qu ng b 172.16.20.0/24 t i CE4-A qua EIGRP v g i 172.16.20.0/24 b ng MP-iBGP session t i PE1-AS1. (3) CE4-A qu ng b 172.16.20.0/24 l m t EIGRP internal route t i CE3-A (4) CE3-A qu ng b 172.16.20.0/24 l m t EIGRP internal route t i PE1-AS1 PE1-AS1 ph i ra quy t nh ch n ng i: N u c p nh t BGP cho 172.16.20.0/24 t i tr c, n s redistribute vo EIGRP v g i t i CE3-A. V composite metric t t hn nn n ch n ng ny v MPLS VPN khng thm vo gi i h n tr (delay) v bng thng (bandwidth). Ngha l PE1-AS1 s khng bao gi nh n c m t c p nh t th hai v ch c m t ng i. N u tuy n EIGRP t i tr c, n s redistribute vo BGP v g i l i cho PE2AS1. PE2-AS1 v n ch n ng c c p nh t t EIGRP.
Hn n a, B ng nh tuy n s ch n ng c ch s AD (administrative distance) th p hn (EIGRP l 90 ho c 170; iBGP l 200). Backbone g i l i tuy n vo Multihomed Site
Tr ng h p truy n 172.16.50.0/24 xu t pht t multihomed site c g i ng c l i qua k t n i v i PE.
Tnh tr ng ny khng x y ra n u m ng gi nguyn AD m c cc tuy n h c t EIGRP hn. m ra v c c (Count to Infinity)
nh v PE u tin cho
Hnh trn cho th y PE1-AS1 v/ho c PE2-AS1 c hai ng i cho 172.16.50.0/24: m t h c t MP-iBGP v m t h c tr c ti p b ng EIGRP. N u 172.16.50.0/24 g p s c (down), trnh t x l x y ra nh sau: (1) CE3-A v CE4-A g i ra cc thng i p truy v n (query message).
Tr n Th T Uyn 58
(2) Gi s PE1-AS1 c hai ng i nh trn, khi nh n 1 query message n s tr l i v i m t ng i lin quan v v n cn ho t ng qua MP-iBGP. (3) CE3-A s nh n c m t ng i t i 172.16.50.0/24 qua PE1-AS1. (4) PE1-AS1 nh n c m t thng i p h y tuy n (withdrawal message) t PE2AS1. (5) PE1-AS1 s h y tuy n m n qu ng b t i CE3-A, router ny qu ng b thng tin n cho CE4-A, v CE4-A qu ng b l i cho PE3-AS1. (6) Query message b t ngu n t PE1-AS1 tm m ng 172.16.50.0/24. Khi query message n c PE2-AS1, PE2-AS1 v a qu ng b m t c p nh t tuy n m i n c cho m ng 172.16.50.0/24 qua MP-iBGP t i PE1-AS1, PE1-AS1 s t o l i m t c p nh t EIGRP tr l i cho cc query tr c . Hi n t ng ny c g i l count to infinity. (7) Ti n trnh l p c a cc thng i p reachable/unreachable ti p t c m t l ng t i a cc hop. n khi qua
nh tuy n km t i u (Suboptimal Routing)
Hi n t ng ny x y ra do AD c a EIGRP t t hn c a iBGP. M t b ng nh tuy n lun lun u tin cho cc tuy n h c c t IGP v c AD nh hn iBGP. Hnh bn d i cho th y cc gi d li u t CE1-A t i CE2-A s c chuy n ti p b i PE1-AS1 t i cho CE3-A t o nn nh tuy n km t i u.
L p tuy n v -
nh tuy n km t i u c th trnh c b ng cch s d ng:
BGP cost community c th dng p BGP so snh cc tuy n xu t pht t EIGRP v cc tuy n MP-iBGP d a trn EIGRP metric. EIGRP Site of Origin (SoO) trn cc router PE v CE c th dng l p tuy n. ch ng
BGP Cost Community
Tr n Th T Uyn
59
BGP cost community (BGP CC) l m t thu c tnh community m r ng m i c a BGP. BGP CC l m t thu c tnh non-transitive extended community, n ch qua iBGP v cc confederation peer nhng khng n c external BGP peer. BGP CC cho php PE so snh cc tuy n n t cc giao th c khc nhau s d ng gi tr AD khc nhau d a trn metric c a chng. Cc tuy n BGP mang thu c tnh BGP cost community s dng EIGRP AD thay v iBGP AD so snh m khng c n c u hnh tnh gi tr AD.
Cc tuy n c redistribute t EIGRP vo MP-BGP, chng s c nh d u (tag) v i thu c tnh BGP cost community mang composite EIGRP metric thm vo cc thu c tnh EIGRP ring. Thu c tnh BGP CC c m t trong hnh sau:
Gi tr i m chn (POI point of insertion) ch c r ng tuy n BGP c ch n s d ng BGP CC. i u ny cho php so snh cc tuy n iBGP v i cc tuy n EIGRP. BGP CC c th phn bi t gi a cc tuy n EIGRP internal v external b ng tr ng ID: internal c ID l 128, external c ID l 129. Tuy n c BGP CC ID nh nh t s c ch n. Tuy n internal EIGRP c ID th p hn tuy n external. S l a ch n tuy n th ng d a trn gi tr trong tr ng Cost c a BGP CC v n mang composite EIGRP metric.
Trnh t x y ra v i PE1-AS1 ch n ng i t t nh t d a trn EIGRP metric v khng d a trn AD gi a EIGRP v iBGP (hnh trn): (1) CE2-A xu t pht tuy n 172.16.20.0/24 t i PE2-AS1. (2) PE2-AS1 chuy n ti p tuy n t i CE4-A qua EIGRP v t i PE1-AS1 qua MPiBGP.
Tr n Th T Uyn
60
(3) PE1-AS1 nh n hai c p nh t cho 172.16.20.0/24, m t qua EIGRP t CE3-A v m t qua MP-iBGP t PE2-AS1. PE1-AS1 s dng tuy n h c t MP-iBGP nh vo thu c tnh BGP CC. (4) Cc gi t CE1-A t i CE2-A s c chuy n ti p b i PE1-AS1 t i PE2-AS1 v b ng nh tuy n c a VRF A ch a tuy n MP-iBGP, tuy n ny mang composite EIGRP metric nh hn.
EIGRP SoO c thm vo g n v i cc cc tuy n internal v external EIGRP. Thu c tnh ny c trao i t ng gi a cc giao th c nh tuy n (SoO-cho php EIGRP v MP-BGP) ch ng l p tuy n trong mi tr ng multihome ni c s d ng redistribute hai chi u. T t c cc router CE, hay t nh t t i cc multihomed site, ph i h tr c tnh ny cho php qu ng b qua VPN. EIGRP SoO c dng trn PE v CE ch ng l p tuy n hi u qu nh t. Cc tuy n backdoor c c u hnh v i EIGRP SoO h i t nhanh nh t cho vi c m t tuy n.
EIGRP SoO
Cc tuy n c y vo m t multihomed site v b tag v i m t gi tr EIGRP SoO 1:101. Router PE nh n c s ki m tra m i c p nh t gi tr SoO c c u hnh trn giao ti p nh n c p nh t . N u gi tr b ng nhau, c p nh t s b h y, gip ch ng l p tuy n v t i u vi c nh tuy n.
Multihomed Site v EIGRP SoO
Trnh t x y ra khi 172.16.20.0/24 c qu ng b t i CE1-A: (1) CE2-A xu t pht m t tuy n 172.16.20.0/24. (2) PE2-AS1 chuy n ti p tuy n t i CE4-A qua EIGRP v t i PE1-AS1 qua MPiBGP. Tuy n EIGRP s c tag v i thu c tnh EIGRP SoO 1:101 cc nh tuy n ny n t backbone. (3) CE4-A chuy n ti p c p nh t 172.16.20.0/24 t i CE3-A. (4) PE1-AS1 nh n hai c p nh t cho 172.16.20.0/24, m t qua EIGRP t CE3-A v m t qua MP-iBGP t PE2-AS1. PE1-AS1 s s d ng tuy n h c t BGP; tuy n EIGRP t CE3-A b l c i v c cng gi tr SoO v i giao ti p nh n n. Backdoor Link v EIGRP SoO
Tr n Th T Uyn 61
Ti n trnh ch n tuy n nh sau: (1) CE2-A qu ng b 172.16.20.0/24 t i PE2-AS1. (2) PE2-AS1 chuy n ti p 172.16.20.0/24, tuy n ny t i CE4-A qua EIGRP v t i PE1-AS1 qua MP-iBGP. Tuy n EIGRP s b tag v i gi tr EIGRP SoO l 1:20 xc nh n n t MPLS backbone v c g i vo Site 4 v i gi tr 1:20. (3) PE1-AS1 nh n hai c p nh t cho 172.16.20.0, m t qua EIGRP t CE2 v m t qua MP-iBGP t PE2. C p nh t khi i qua backdoor link s mang EIGRP SoO gi tr 1:20 khi qu ng b t i CE3-A, v CE3-A s d ng 1:10 qu ng b tuy n ny t i PE1-AS1. (4) PE1-AS1 nh n hai c p nh t cho 172.16.20.0/24, m t qua EIGRP t CE3-A v i SoO 1:10, tuy n ny b l c v ch a trng gi tr SoO v i giao ti p nh n n v ch nh n tuy n qua MP-iBGP t PE2-AS1. LAB 4-2: C u hnh m ng s d ng BGP CC v EIGRP SoO
M t
Tr n Th T Uyn
62
C u hnh Router P1-AS1
P1-AS1#show run Building configuration... Current configuration : 970 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P1-AS1 ! logging queue-limit 100 ! ip subnet-zero ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 description Connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252
Tr n Th T Uyn
63
tag-switching ip clockrate 64000 ! interface Serial0/1 description Connected to PE2-AS1 ip address 10.10.10.6 255.255.255.252 tag-switching ip ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip http server ip classless ! end Router PE1-AS1 PE1-AS1#show run Building configuration...
Current configuration : 2084 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE1-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Serial0/0 description Connected to P1-AS1 ip address 10.10.10.1 255.255.255.252 tag-switching ip no fair-queue ! interface Serial1/1
Tr n Th T Uyn
64
description Connected to CE1-A ip vrf forwarding CustomerA ip address 172.16.1.1 255.255.255.252 clockrate 64000 ! interface Serial1/3 description Connected to CE3-A ip vrf forwarding CustomerA ip vrf sitemap SOO-VPNA ip address 172.16.3.1 255.255.255.252 clockrate 64000 ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerA redistribute bgp 1 metric 1000 100 255 1 1500 network 172.16.0.0 no auto-summary autonomous-system 101 exit-address-family ! router ospf 1 router-id 10.10.10.101 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community both no auto-summary exit-address-family ! address-family ipv4 vrf CustomerA redistribute eigrp 101 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! route-map SOO-VPNA permit 10
Tr n Th T Uyn
65
set extcommunity soo 1:10 ! call rsvp-sync ! ! end Router PE2-AS1
PE2-AS1#show run Building configuration... Current configuration : 2255 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE2-AS1 ! logging queue-limit 100 ! memory-size iomem 10 ip subnet-zero ! ! ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip cef mpls ldp logging neighbor-changes ! ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface Serial0/1 description Connected to P1-AS1 ip address 10.10.10.5 255.255.255.252 tag-switching ip clockrate 64000 !
Tr n Th T Uyn
66
interface Serial1/2 description Connected to CE2-A ip vrf forwarding CustomerA ip address 172.16.2.1 255.255.255.252 ! interface Serial1/4 description Connected to CE4-A ip vrf forwarding CustomerA ip vrf sitemap SOO-VPNA ip address 172.16.4.1 255.255.255.252 ! ! router eigrp 1 auto-summary ! address-family ipv4 vrf CustomerA redistribute bgp 1 metric 1000 100 255 1 1500 network 172.16.0.0 no auto-summary autonomous-system 101 exit-address-family ! router ospf 1 router-id 10.10.10.102 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community both no auto-summary exit-address-family ! address-family ipv4 vrf CustomerA redistribute eigrp 101 no auto-summary no synchronization exit-address-family ! ip http server ip classless !
Tr n Th T Uyn
67
route-map SOO-VPNA permit 10 set extcommunity soo 1:20 ! call rsvp-sync ! ! end Router CE1-A
CE1-A#show run Building configuration... Current configuration : 817 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CE1-A ! logging queue-limit 100 ! ip subnet-zero ! ! ! mpls ldp logging neighbor-changes ! interface Ethernet0/0 description VPN-A Site 1 network ip address 172.16.10.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 ! router eigrp 101 network 172.16.0.0 no auto-summary ! no ip http server ip classless ! call rsvp-sync ! ! end
Tr n Th T Uyn
68
Router CE2-A
! hostname CE2-A ! ! memory-size iomem 10 ip subnet-zero ! interface Ethernet0/0 description VPN-A Site 2 network ip address 172.16.20.1 255.255.255.0 no keepalive half-duplex ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.2.2 255.255.255.252 clockrate 64000 ! router eigrp 101 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip http server ! call rsvp-sync ! end Router CE3-A
CE3-A#show run Building configuration... Current configuration : 1034 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CE3-A ! logging queue-limit 100 ! ip subnet-zero ! ! no ip domain lookup
Tr n Th T Uyn 69
! mpls ldp logging neighbor-changes ! interface Ethernet0/0 description VPN-A Site 3 network ip address 172.16.30.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.3.2 255.255.255.252 no ip mroute-cache no fair-queue ! interface Serial0/1 description Connected to CE4-A bandwidth 1000 ip vrf sitemap SOO-VPNA ip address 172.16.5.1 255.255.255.252 clockrate 64000 ! router eigrp 101 network 172.16.0.0 no auto-summary ! no ip http server ip classless ! route-map SOO-VPNA permit 10 set extcommunity soo 1:10 ! ! call rsvp-sync ! end Router CE4-A
CE4-A#show running-config Building configuration... Current configuration : 1061 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CE4-A !
Tr n Th T Uyn 70
logging queue-limit 100 ! ip subnet-zero ! ! ! mpls ldp logging neighbor-changes ! interface Ethernet0/0 description VPN-A Site 4 network ip address 172.16.40.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.4.2 255.255.255.252 clockrate 64000 no fair-queue ! interface Serial0/1 description Connected to CE3-A bandwidth 1000 ip vrf sitemap SOO-VPNA ip address 172.16.5.2 255.255.255.252 ! router eigrp 101 network 172.16.0.0 no auto-summary ! ip http server ip classless ! route-map SOO-VPNA permit 10 set extcommunity soo 1:200 ! ! call rsvp-sync ! end Ki m tra (1) Ki m tra ng i CE1-A#traceroute 172.16.20.1 Type escape sequence to abort. Tracing the route to 172.16.20.1 1 172.16.1.1 16 msec 16 msec 16 msec 2 172.16.3.2 28 msec 28 msec 28 msec
Tr n Th T Uyn
71
3 172.16.5.2 44 msec 40 msec 44 msec 4 172.16.4.1 56 msec 56 msec 56 msec 5 172.16.2.2 68 msec 68 msec * CE1-A#traceroute 172.16.40.1 Type escape sequence to abort. Tracing the route to 172.16.40.1 1 172.16.1.1 16 msec 16 msec 16 msec 2 172.16.3.2 28 msec 28 msec 28 msec 3 172.16.5.2 80 msec 40 msec * CE3-A#traceroute 172.16.20.1 Type escape sequence to abort. Tracing the route to 172.16.20.1 1 172.16.5.2 16 msec 16 msec 16 msec 2 172.16.4.1 28 msec 28 msec 28 msec 3 172.16.2.2 45 msec * 41 msec CE3-A#traceroute 172.16.40.1 Type escape sequence to abort. Tracing the route to 172.16.40.1 1 172.16.5.2 16 msec * 13 msec (2) Ki m tra cc thu c tnh BGP extended community PE1-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.20.1 BGP routing table entry for 1:100:172.16.20.0/24, version 19 Paths: (2 available, best #2, table CustomerA) Advertised to non peer-group peers: 10.10.10.102 Local 10.10.10.102 (metric 129) from 10.10.10.102 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, valid, internal Extended Community: RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:32769:20000000 0x8803:32769:1500 Local 172.16.3.2 from 0.0.0.0 (10.10.10.101) Origin incomplete, metric 22073600, localpref 100, weight 32768, valid, sourced, best Extended Community: SoO:1:10 RT:1:100 0x8800:32768:0 0x8801:101:2073600 0x8802:32772:20000000 0x8803:32769:1500 PE1-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.40.1 BGP routing table entry for 1:100:172.16.40.0/24, version 13 Paths: (2 available, best #2, table CustomerA) Advertised to non peer-group peers: 10.10.10.102 Local
Tr n Th T Uyn
72
10.10.10.102 (metric 129) from 10.10.10.102 (10.10.10.102) Origin incomplete, metric 20537600, localpref 100, valid, internal Extended Community: SoO:1:20 RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:61697:20000000 0x8803:61697:1500 Local 172.16.3.2 from 0.0.0.0 (10.10.10.101) Origin incomplete, metric 21049600, localpref 100, weight 32768, valid, sourced, best Extended Community: SoO:1:10 RT:1:100 0x8800:32768:0 0x8801:101:1049600 0x8802:61698:20000000 0x8803:61697:1500 PE2-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.10.0 BGP routing table entry for 1:100:172.16.10.0/24, version 16 Paths: (2 available, best #2, table CustomerA) Advertised to non peer-group peers: 10.10.10.101 Local 10.10.10.101 (metric 129) from 10.10.10.101 (10.10.10.101) Origin incomplete, metric 20537600, localpref 100, valid, internal Extended Community: RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:32769:20000000 0x8803:32769:1500 Local 172.16.4.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 22073600, localpref 100, weight 32768, valid, sourced, best Extended Community: SoO:1:20 RT:1:100 0x8800:32768:0 0x8801:101:2073600 0x8802:32772:20000000 0x8803:32769:1500 PE2-AS1#show ip bgp vpnv4 vrf CustomerA 172.16.30.0 BGP routing table entry for 1:100:172.16.30.0/24, version 18 Paths: (2 available, best #2, table CustomerA) Advertised to non peer-group peers: 10.10.10.101 Local 10.10.10.101 (metric 129) from 10.10.10.101 (10.10.10.101) Origin incomplete, metric 20537600, localpref 100, valid, internal Extended Community: SoO:1:10 RT:1:100 0x8800:32768:0 0x8801:101:537600 0x8802:32769:20000000 0x8803:32769:1500 Local 172.16.4.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 21049600, localpref 100, weight 32768, valid, sourced, best Extended Community: SoO:1:20 RT:1:100 0x8800:32768:0 0x8801:101:1049600 0x8802:32770:20000000 0x8803:32769:1500 (3) Ki m tra b ng nh tuy n CE3-A#show ip route eigrp D D 172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks 172.16.40.0/24 [90/3097600] via 172.16.5.2, 00:45:57, Serial0/1 172.16.20.0/24 [90/21561600] via 172.16.5.2, 00:28:44, Serial0/1
Tr n Th T Uyn
73
D D D D
172.16.10.0/24 [90/21049600] via 172.16.3.1, 00:37:54, Serial0/0 172.16.4.0/30 [90/3584000] via 172.16.5.2, 00:29:46, Serial0/1 172.16.1.0/30 [90/21024000] via 172.16.3.1, 00:37:56, Serial0/0 172.16.2.0/30 [90/21536000] via 172.16.5.2, 00:28:47, Serial0/1
CE4-A#show ip route eigrp D D D D D D 172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks 172.16.30.0/24 [90/3097600] via 172.16.5.1, 00:49:26, Serial0/1 172.16.20.0/24 [90/21049600] via 172.16.4.1, 00:32:12, Serial0/0 172.16.10.0/24 [90/21561600] via 172.16.5.1, 00:41:22, Serial0/1 172.16.1.0/30 [90/21536000] via 172.16.5.1, 00:41:25, Serial0/1 172.16.2.0/30 [90/21024000] via 172.16.4.1, 00:32:15, Serial0/0 172.16.3.0/30 [90/3584000] via 172.16.5.1, 00:42:40, Serial0/1
Tr n Th T Uyn
74
Chng 5: GIAO TH C
NH TUY N OSPF PE-CE
OSPF PE-CE c pht tri n h tr cc ISP cung c p cc d ch v MPLS VPN cho khch hng khi khch hng tri n khai OSPF nh tuy n bn trong site c a h , khi OSPF c s d ng nh giao th c nh tuy n gi a cc site khch hng (inter-site routing protocol) trong m t mi tr ng MPLS VPN. M hnh nh tuy n OSPF truy n th ng:
Mi n OSPF truy n th ng chia thnh m t backbone (area 0) v cc non-backbone v cc non-backbone k t n i v i area 0.
Customer A th c hi n m hnh OSPF truy n th ng, trong cc non-backbone area (Area 1 v Area 2) thu c Site 1 v Site 2 v c k t n i vo backbone area (Area 0)
Trong m t mi tr ng MPLS VPN, cc m ng c a khch hng c k t n i vo m t backbone c a nh cung c p. Trong hnh trn, cc area c a Customer A (Area 1 v 2) k t n i vo m ng MPLS VPN c a nh cung c p. Area 1 v Area 2 c router CE1-A v CE2-A ch y giao th c nh tuy n OSPF. MP-iBGP c s d ng gi a PE1 v PE2 qu ng b cc tuy n gi a Site 1 (Area 1) v Site 2 (Area 2). Th c hi n phn ph i (redistribute) OSPF-BGP t i cc router PE, PE1 v PE2. Qu trnh th c hi n nh sau: (1) M ng 172.16.10.0/24 c CE1-A qu ng b t i PE1 b ng LSA (link-state advertisement) Type 1 v Type 2.
Tr n Th T Uyn
75
Do , lo i tuy n OSPF (LSA Type) khng c duy tr khi tuy n OSPF c redistribute vo BGP. Trong mi tr ng MPLS VPN, cc nguyn t c d nh tuy n OSPF truy n th ng v n c s d ng. Tuy nhin, m t s c tnh sau y c a tuy n OSPF external b thay i khi khch hng chuy n t nh tuy n OSPF truy n th ng sang m hnh MPLS VPN: -
(2) T i PE1, tuy n 172.16.10.0/24 c redistribute vo BGP. Sau tuy n ny c qu ng b nh l m t tuy n VPNv4 t i PE2. (3) T i PE2 a ch BGP VPNv4 172.16.10.0/24 c redistribute vo OSPF. (4) Sau tuy n 172.16.10.0/24 c qu ng b nh m t tuy n OSPF v i LSA Type 5.
Cc tuy n internal, khng quan tm n cost c a chng, lun c u tin hn tuy n external. Cc tuy n external khng c tm t t (summary). Cc tuy n external c flood ra m i OSPF area. Cc tuy n External c th dng m t lo i metric khc, khng th so snh v i OSPF cost. Cc tuy n External LSA Type 5 khng c thm vo m t stub area hay not-so-stubby area (NSSA).
Khi th c thi OSPF v i MPLS VPN, khch hng c th c nhi u site trong Area 0. Do hi khc v i c u trc OSPF truy n th ng - m t backbone Area 0 v nhi u nonbackbone area cn n i vo Area 0 ny.
Ki n trc MPLS VPN cho nh tuy n OSPF PE-CE c m r ng cho php s chuy n i khch hng m t cch trong su t t nh tuy n OSPF truy n th ng sang m hnh nh tuy n MPLS VPN b ng cch gi i thi u m t backbone khc v i OSPF Area 0. Backbone ny c g i l OSPF hay MPLS VPN superbackbone.
MPLS VPN hay khi ni m OSPF Superbackbone
Tr n Th T Uyn
76
Cc non-backbne area, Area 1 v Area 2, k t n i tr c ti p vo MPLS VPN superbackbone c ch c nng nh m t OSPF Area 0. Do , khng yu c u m t Area 0 nh mi n OSPF truy n th ng. Area 0 ch c yu c u khi router PE k t n i vo hai non-backbone area khc nhau cng thu c vo m t OSPF domain trn m t PE router. Cc router PE, PE1 v PE2, k t n i cc OSPF area trong mi n khch hng vo superbackbone, gi vai tr l ABR (OSPF Area Border Router) cho cc thi t b trong mi n OSPF c a khch hng. Cc router CE, CE1 v CE2, khng nh n bi t c b t k mi n OSPF no khc trong MPLS VPN superbackbone. MPLS VPN superbackbone s d ng MP-iBGP gi a cc PE. Thng tin OSPF c mang i trong MPLS VPN backbone b ng cc BGP extended community. Cc extended community ny c thi t l p v s d ng b i cc router PE. Khng c cc ln c n OSPF (OSPF adjacencies) hay s flooding trong MPLS VPN superbackbone cho cc site khch hng k t n i vo superbackbone, tr khi s d ng OSPF sham-link. nh tuy n OSPF PE-CE
Cc BGP Extended Community cho
Trong MPLS VPN superbackbone, cc thu c tnh m r ng c a BGP (BGP extended attribute) sau c mang theo: OSPF Route Type qu ng b thng tin lo i tuy n OSPF qua MP-iBGP backbone. Hnh bn d i cho th y thu c tnh community m r ng OSPF route type v chi ti t OSPF route type cho m ng 172.16.20.0, 192.168.99.0 v 192.168.199.0. OSPF router ID xc nh router ID c a PE trong VRF instance c a OSPF c lin quan. a ch ny khng tham gia vo khng gian a ch c a nh cung c p v l duy nh t trong m ng OSPF. OSPF domain ID xc nh mi n c a m t a ch m ng OSPF c th trong MPLS VPN backbone. M c nh, gi tr ny b ng v i gi tr c a OSPF process ID v c th thi t l p l i b ng l nh: Router(config-router)#domain ID ip-address. N u domain ID c a tuy n khng trng kh p domain ID c a PE nh n, tuy n c chuy n thnh tuy n OSPF ngoi (LSA Type 5) v i
Tr n Th T Uyn
77
metric-type E2 trong b ng VRF. M i tuy n gi a cc mi n OSPF c nh n bi t l LSA Type 5.
Tr n Th T Uyn
78
Qu ng b tuy n OSPF qua MPLS VPN Superbackbone Qu ng b tuy n OSPF trong mi tr ng MPLS VPN khng gi ng nh trong m hnh nh tuy n OSPF v ph thu c vo OSPF domain ID. M c nh, OSPF domain ID b ng v i process ID trn PE router. Domain ID c thi t l p trong c p nh t VPNv4 khi tuy n OSPF c redistribute vo MP-iBGP. OSPF Domain ID gi ng nhau trn cc router PE.
Hnh sau m t m t m ng MPLS cung c p d ch v MPLS VPN cho CustomerA. Cc router CE1-A v CE2-A cc m ng 172.16.10.0/24 v 172.16.20.0/24 t i site khch hng thu c vo Area 1 v Area 2 trong khi k t n i PE-CE c hai site thu c vo Area 0. OSPF process ID trn c hai router PE l 101. CE2-A l m t ASBR gi a mi n OSPF v hai mi n RIPv2 v EIGRP (AS 101).
Tr n Th T Uyn 79
Qu trnh th c hi n khi CE2-A g i 172.16.20.0/24, 209.165.201.0/27 v 209.165.202.128/27 t i CE1-A: (1) CE2-A redistribute m ng RIPv2 209.165.201.0 vo OSPF v qu ng b v i LSA Type 5 c metric-type lo i 1 (O E1) cho PE2-AS1. M ng EIGRP 209.165.202.128/27 c redistribute t i CE2-A v qu ng b t i PE2-AS1 v i LSA Type 5 (O E2). CE2-A cng g i 172.16.20.0/24 v i LSA Type 3 (O IA) t i PE2-AS1. (2) B ng nh tuy n VRF CustomerA trn PE2-AS1 nh n c tuy n 172.16.20.0/24 nh l m t tuy n lin vng (O IA- OSPF Inter-Area route) v i OSPF metric (cost) 74, 209.165.201.0/27 l tuy n ngoi mi n lo i 1 (O E1) metric 84 v tuy n 209.165.202.128/27 v i metric 20.
(3) OSPF cost cho 172.16.20.0/24, 209.165.201.0/27, v 209.165.202.128/27 c sao chp vo cc thu c tnh m r ng c a BGP (extended BGP attributes) nh BGP MED khi OSPF c redistribute vo MP-BGP. Cc tuy n 172.16.20.0, 209.165.201.0/27, v 209.165.202.128/27 c qu ng b t i PE1-AS1 qua MP-iBGP session. (4) PE1-AS1 nh n cc tuy n BGP VPNv4 172.16.20.0/24, 209.165.201.0/27 v 209.165.202.128/27 t PE2-AS1 v thm vo b ng BGP. OSPF metric cho cc tuy n v n c gi nguyn khi qu ng b qu MP-BGP backbone. (5) Router PE nh n, PE1-AS1 redistribute cc tuy n MP-BGP vo OSPF, ki m tra domain ID, v n u domain ID c a tuy n trng kh p domain ID trn router nh n, PE1-AS1, n dng LSA g c v thu c tnh MED pht sinh m t LSA Type 3. y, domain ID trng kh p v i domain ID c a PE1-AS1 nn PE1AS1 c u trc l i c p nh t g c v c p nh t metric d a trn giao ti p ng ra v qu ng b 172.126.20.0/24 l m t tuy n lin vng (O IA) t i CE1-A. 209.165.201.0/27 v 209.165.202.128/27 c qu ng b l tuy n lin mi n (O E1 v O E2) t i CE1-A.
Tr n Th T Uyn
80
(6) CE1-A nh n 172.16.20.0 209.165.202.128/27 (O E2).
(O
IA),
209.165.201.0/27
(O
E1)
SPF Domain ID khc nhau trn cc router PE
N u process ID khc nhau trn cc router PE cho cc site thu c cng VPN, cc tuy n OSPF c xem nh cc tuy n OSPF ngoi (OSPF LSA Type 5). Khi PE1-AS1 trong OSPF Area 1 s d ng OSPF process ID 201 cho Site 1 thu c VPN VPN-A, v PE2AS1 trong OSPF Area 2 s d ng OSPF process ID 202 cho Site 2 thu c VPN VPN-A th t i Site 1 v Site 2 s th y cc tuy n bn ngoi (O E).
Th t th c hi n khi CE2-A g i 192.168.20.0, 192.168.99.0 v 192.168.199.0 t i CE1-A: (1) CE2-A redistribute m ng RIPv2 192.168.99.0 vo OSPF v qu ng b n v i m t LSA type 5 (O E1) t i PE2-AS1. M ng EIGRP 192.168.199.0/24 c redistribute v qu ng b v i OSPF LSA Type 5 (O E2). CE2-A cng g i 192.168.20.0/24 t i PE2-AS1. (2) B ng nh tuy n VRF CustomerA trn PE2-AS1 th y cc tuy n nh n c: 192.168.20.0 v i metric 74, 192.168.99.0/24 (O E2) c metric 84 v 192.168.199.0/24 c metric 20.
(3) PE2-AS1 redistribute cc tuy n OSPF 192.168.20.0, 192.168.99.0, 192.168.199.0 vo MP-BGP, sao chp OSPF cost cho cc tuy n ny vo thu c tnh MED (multi-exit discriminator), v thi t l p community m r ng c a BGP l RT (route type) ch nh lo i LSA t ngu n c a tuy n, cng nh thu c tnh OSPF domain ID ch nh ch s ti n trnh (process number) c a ti n trnh OSPF ngu n (source OSPF process). OSPF RT mang thng tin vng g c (original area), lo i LSA v metric-type c a LSA lo i 5. (4) PE1-AS1 nh n cc tuy n BGP VPNv4 192.168.20.0, 192.168.99.0, v 192.168.199.0 v i cng thng tin metric t PE2-AS1. Thm thng tin nh n c vo b ng BGP.
Tr n Th T Uyn
81
(5) PE2-AS1 ki m tra thu c tnh nh n c trong tuy n, v v domain ID c a tuy n khng trng kh p v i domain ID trn router nh n nn tuy n c chuy n i thnh tuy n ngoi (LSA Type 5). Trong tr ng h p ny, domain ID trng kh p v i domain ID trn PE1-AS1 nn PE1-AS1 s ti c u trc l i c p nh t g c v c p nh t metric d a trn cc giao ti p ng ra v qu ng b l i cho CE1-A. (6) CE1-A nh n cc tuy n qu ng b t i. nh h ng c a vi c c u hnh OSPF Domain ID trn router PE C u hnh OSPF domain ID lm thay i hnh vi (behavior) c a tuy n cho cc k t n i VPN v i nhi u OSPF domain. C u hnh domain ID gip ki m sot vi c chuy n i LSA (cho LSA Type 3 v Type 5) gi a cc OSPF domain v ng backdoor. Domain ID ng m nh l 0.0.0.0. M i b ng nh tuy n VPN trn m t router PE tng ng v i m t OSPF routing instance c c u hnh v i cng OSPF domain ID. V th , Domain ID c dng cc nh cc tuy n c ngu n g c t OSPF domain hay t cc giao th c nh tuy n bn ngoi d a trn LSA. Trong hnh trn, th t kh xc nh tuy n no thu c OSPF domian, tuy n no thu c mi n nh tuy n bn ngoi. Trong hnh sau, c u hnh domain ID gi ng nhau trn PE1-AS1 v PE2-AS1, chng ta c th xc nh chnh xc ngu n g c c a cc tuy n.
OSPF Down Bit L p tuy n (routing loop) c th x y ra trong mi tr ng MPLS VPN khi cc router bin pha khch hng k t n i d ng dual-home t i m ng c a nh cung c p. Hnh bn d i cho th y m t m ng MPLS th c thi nh tuy n OSPF PE-CE cho nhi u site c a Customer A VPN-A, Stie 1 v Site 2. Site 2 n m trong OSPF Area 2 v c nhi u k t n i t i backbone c a nh cung c p.
Tr n Th T Uyn
82
Vi c qu ng b tuy n
y khng thi t l p OSPF Down Bit:
(1) CE1-A g i m t LSA Type 1 ho c LSA Type 2 t i router bin c a nh cung c p (PE1). (3) PE2 nh n c v redistribute tuy n MP-BGP vo OSPF Area 2 nh l m t tuy n lin vng (inter-area summary route) LSA Type 3. (2) PE1 nh n tuy n OSPF n i vng (intra-areaa) t CE1-A v redistribute vo MP-BGP.
(4) Tuy n tm t t c qu ng b qua vng OSPF v c nh n b i PE3, trong cng Area 2. (5) PE3 ch n tuy n OSPF, v AD (administrative distance) c a OSPF t t hn c a MP-iBGP. PE3 redistribute tuy n OSPF ng c vo MP-BGP nn x y ra routing loop. C th ngn routing loop b ng cch s d ng OSPF Down Bit, m t ph n c a tr ng option trong OSPF header.
Tr n Th T Uyn
83
OSPF Down Bit c s d ng
ch ng routing loop:
Qu trnh qu ng b tuy n khi OSPF Down Bit c thi t l p: (1) CE1-A g i LSA Type 1 ho c Type 2 t i PE1. (2) PE1 nh n tuy n OSPF n i vng (intra-area OSPF route) t redistribute vo MP-BGP. (4) Tuy n ny c qu ng b qua OSPF area v PE3 nh n c. CE1-A v (3) PE2 nh n c v redistribute tuy n MP-BGP vo OSPF Area 2 v i LSA Type 3 v thi t l p OSPF Down Bit. (5) Khi PE3 nh n LSA Type 3 v i Down Bit redistribute l i vo MP-BGP. OSPF Route Tag hay VPN Route Tag c thi t l p th PE3 khng
Tr n Th T Uyn
84
Down Bit gip ngn l p tuy n gi a MP-BGP v OSPF, nhng khng hi u qu v i cc tuy n ngoi (external route), nh khi redistribute gi a nhi u OSPF domain hay xen external route vo m t vng c k t n i dual-homed t i m ng c a nh cung c p. PE redistribute m t tuy n OSPF t cc mi n OSPF khc nhau vo m t mi n OSPF thnh cc external route. Down Bit khng c thi t l p v LSA Type 5 khng h tr Down Bit. Tuy n c redistribute c qu ng b qua OSPF domain. M t router khng ch y MPLS (non-MPLS router) c th redistribute tuy n OSPF vo mi n OSPF khc. Tuy n OSPF c qu ng b qua mi n OSPF khc m khng c Down Bit. M t router PE nh n c tuy n OSPF. Khi khng c Down Bit, tuy n l i c redistribute vo MP-BGP backbone v gy ra routing loop. i u ny c th hi n trong hnh sau v i cc tuy n ngoi c qu ng b vo cc VPN site.
Cc b c th c hi n nh sau: (2) PE2-AS1 nh n tuy n OSPF ngoi (O E1) t CE2-A v i OSPF Down Bit c thi t l p v redistribute n vo MP-BGP. (3) Gi s router nh n c l PE1-AS1, v n c redistribute t i m t mi n OSPF khc (201) nn PE1-AS1 xa OSPF Down Bit v qu ng b tuy n t i CE1-A nh l m t tuy n ngoi (O E1), LSA Type 5. (1) CE2-A g i m t LSA Type 5 cho 209.165.201.0/27 t i PE2-AS1.
(5) PE3-AS1 nh n c tuy n ny v redistribute tr vo MP-BGP.
(4) CE1-A nh n tuy n khng c thi t l p OSPF Down Bit v qu ng b external route t i PE3-AS1.
Routing loop x y ra cho cc tuy n redistribute gi a cc mi n OSPF c th c gi i quy t b ng tr ng Tag, s d ng cc nguyn t c redistribute BGP-OSPF chu n. M t tuy n khng ph i OSPF (non-OSPF route) c redistribute nh l m t external OSPF route b i cc router PE. M c nh, tr ng Tag c thi t l p theo gi tr c a BGP-AS. Tuy n c redistibute s c qu ng b qua OSPF domain m khng c Down Bit nhng c thi t l p tr ng Tag. Khi route c redistibute vo mi n OSPF domain th tr ng Tag cng c qu ng b. Cc router PE khc nh n c th c hi n l c tuy n d a trn tr ng Tag. N u tr ng Tag trng kh p v i ch s AS th tuy n khng c redistribute l i vo MP-BGP.
(6) PE3-AS1 qu ng b tuy n ny t i cho PE1-AS1 v PE2-AS1 nn c th x y ra routing loop.
Tr n Th T Uyn
85
C u hnh v ki m ch ng C c u hnh th c thi
nh tuy n OSPF PE-CE nh tuy n OSPF PE-CE nh sau:
Ch :
Cc phin b n Cisco IOS tr c 12.3(4)T, 12.0(27)S v 12.2(25)S c gi i h n 32 ti n trnh ring bi t t o ra cho m i VRF cc PE c th xc nh ng cc tuy n OSPF thu c vo ti n trnh no. Trong mi tr ng MPLS VPN, m t ti n trnh c s d ng b i MP-iBGP, m t cho giao th c nh tuy n IGP (v d : OSPF), m t ti n trnh cho cc tuy n n i tr c ti p (connected route) v m t tuy n cho tuy n tnh (static route). Do , ch cn l i 28 ti n trnh c th c t o cho cc VRF s d ng nh tuy n OSPF PE-CE. LAB 5-1 C u hnh
nh tuy n OSPF PE-CE Customer A v khc nhau Customer B nh lo i
OSPF process ID gi ng nhau M t :
M c tiu c a bi ny l hi u c cch OSPF process ID tham gia quy t tuy n th y c pha router bin c a khch hng ch y OSPF nh th no. -
M ng Customer A Customer A c CE2-A v CE2-A trong cng VPN-A v cng OSPF domain. PE1-AS1 v PE2-AS1 c OSPF process ID 101 c c u hnh cho VRF CustomerA trn PE1-AS1 v PE2-AS1. M ng Customer B Customer B c CE1-B v CE2-B trong VPN-B. PE1-AS1 v PE2-AS1 c OSPF process ID l 201 v 202 cho hai CustomerB VRF.
Tr n Th T Uyn
86
Th c hi n: Tr c khi c u hnh, ch c ch n r ng m ng nh cung c p cung c p cc d ch v MPLS VPN cho cc Site CustomerA v B. C u hnh a ch IP v xc nh cc VRF trn cc router PE. V d : C u hnh VRF v cc thu c tnh c a n trn router PE1-AS1 PE-CE cho VRF CustomerA:
nh tuy n OSPF
PE1-AS1(config)#ip vrf CustomerA PE1-AS1(config-vrf)# rd 1:100 PE1-AS1(config-vrf)# route-target both 1:100 PE1-AS1(config)#interface Serial1/0 PE1-AS1(config-if)# description connected to CE1-A PE1-AS1(config-if)# ip vrf forwarding CustomerA PE1-AS1(config-if)# ip address 172.16.1.1 255.255.255.252
Tr n Th T Uyn
87
Cc b c c u hnh OSPF PE-CE trn cc router PE:
(1) Cho php d nh tuy n trn VRF OSPF Cho php AS1: nh tuy n trn VRF OSPF cho CustomerA trn PE1-AS1 v PE2-
PE1-AS1(config)#router ospf 101 vrf CustomerA PE1-AS1(config-router)# router-id 172.16.101.1 PE1-AS1(config-router)# network 172.16.0.0 0.0.255.255 area 0 PE2-AS1(config)#router ospf 101 vrf CustomerA PE2-AS1(config-router)# router-id 172.16.102.1 PE2-AS1(conig-router)# network 172.16.0.0 0.0.255.255 area 0 (2) Redistribute cc tuy n OSPF vo BGP Cc tuy n OSPF nh n c t cc router CE c redistribute vo MP-iBGP. Ch redistribute nh ng tuy n n i (internal routes). PE1-AS1(config)#router bgp 1 PE1-AS1(config-router)#address-family ipv4 vrf CustomerA PE1-AS1(config-router-af)#redistribute ospf 101 vrf CustomerA match internal external 1 external 2 PE2-AS1(config)#router bgp 1 PE2-AS1(config-router)#address-family ipv4 vrf CustomerA PE2-AS1(config-router-af)#redistribute ospf 101 vrf CustmerA match internal external 1 external 2 (3) Redistribute MP-iBGP vo OSPF Th c hi n redistribute cc tuy n BGP VPNv4 vo l i OSPF trn cc router PE. PE1-AS1(config)#router ospf 100 vrf CustomerA PE1-AS1(config-router)# redistribute bgp 1 subnets PE2-AS1(config)#router ospf 100 vrf CustomerA PE2-AS1(config-router)# redistribute bgp 1 subnets C u hnh tng t v i C u hnh Router P1-AS1 nh tuy n VRF OSPF cho CustomerB
! hostname P1-AS1 ! ip subnet-zero ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0
Tr n Th T Uyn
88
description Connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252 tag-switching ip clockrate 64000 ! interface Serial0/1 description Connected to PE2-AS1 ip address 10.10.10.6 255.255.255.252 tag-switching ip clockrate 64000 ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip classless ! call rsvp-sync ! end Router PE1-AS1
! hostname PE1-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf CustomerB rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Loopback101 description OSPF Router ID for VRF CustomerA ip vrf forwarding CustomerA ip address 172.16.101.1 255.255.255.255 ! interface Loopback201 description OSPF Router ID for VRF CustomerB
Tr n Th T Uyn
89
ip vrf forwarding CustomerB ip address 192.168.201.1 255.255.255.255 ! interface Serial0/0 description Connected to P1-AS1 ip address 10.10.10.1 255.255.255.252 tag-switching ip ! interface Serial1/1 description Connected to CE1-A ip vrf forwarding CustomerA ip address 172.16.1.1 255.255.255.252 clockrate 64000 ! interface Serial1/3 description Connected to CE1-B ip vrf forwarding CustomerB ip address 192.168.1.1 255.255.255.252 ! router ospf 101 vrf CustomerA router-id 172.16.101.1 log-adjacency-changes redistribute bgp 1 subnets network 172.16.0.0 0.0.255.255 area 0 ! router ospf 201 vrf CustomerB router-id 192.168.201.1 log-adjacency-changes redistribute bgp 1 subnets network 192.168.0.0 0.0.255.255 area 1 ! router ospf 1 router-id 10.10.10.101 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community extended no auto-summary exit-address-family ! address-family ipv4 vrf CustomerB
Tr n Th T Uyn
90
redistribute ospf 201 match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf CustomerA redistribute ospf 101 match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router PE2-AS1
! hostname PE2-AS1 ! ip subnet-zero ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf CustomerB rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Loopback101 description OSPF Router ID for VRF CustomerA ip vrf forwarding CustomerA ip address 172.16.102.1 255.255.255.255 ! interface Loopback202 description OSPF Router ID for VRF CustomerB ip vrf forwarding CustomerB ip address 192.168.202.1 255.255.255.255 ! interface Serial0/1
Tr n Th T Uyn
91
description Connected to P1-AS1 ip address 10.10.10.5 255.255.255.252 tag-switching ip ! interface Serial1/0 description Connected to CE2-A ip vrf forwarding CustomerA ip address 172.16.2.1 255.255.255.252 clockrate 64000 ! interface Serial1/2 description Connected to CE2-B ip vrf forwarding CustomerB ip address 192.168.2.1 255.255.255.252 clockrate 64000 ! router ospf 101 vrf CustomerA router-id 172.16.102.1 log-adjacency-changes redistribute bgp 1 subnets network 172.16.0.0 0.0.255.255 area 0 ! router ospf 202 vrf CustomerB router-id 192.168.202.1 log-adjacency-changes redistribute bgp 1 subnets network 192.168.0.0 0.0.255.255 area 2 ! router ospf 1 router-id 10.10.10.102 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community extended no auto-summary exit-address-family ! address-family ipv4 vrf CustomerB redistribute ospf 202 match internal external 1 external 2 no auto-summary no synchronization
Tr n Th T Uyn
92
exit-address-family ! address-family ipv4 vrf CustomerA redistribute ospf 101 match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router CE1-A
! hostname CE1-A ! ip subnet-zero ! interface Ethernet0/0 description VPN-A Site 1 network ip address 172.16.10.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 no fair-queue ! router ospf 101 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 network 172.16.10.0 0.0.0.255 area 1 ! ip classless ! end Router CE2-A
! hostname CE2-A ! ip subnet-zero ! interface Loopback0 description RIPv2 network ip address 209.165.201.1 255.255.255.224 ! interface Loopback1
Tr n Th T Uyn
93
description EIGRP network ip address 209.165.202.129 255.255.255.224 ! interface Ethernet0/0 description VPN-A Site 2 network ip address 172.16.20.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.2.2 255.255.255.252 no fair-queue ! router eigrp 1 network 209.165.202.0 no auto-summary ! router ospf 101 log-adjacency-changes redistribute eigrp 1 subnets redistribute rip metric-type 1 subnets network 172.16.2.0 0.0.0.255 area 0 network 172.16.20.0 0.0.0.255 area 2 ! router rip version 2 redistribute ospf 101 match internal external 1 external 2 network 209.165.201.0 no auto-summary ! ip classless ! end Router CE1-B
! hostname CE1-B ! ip subnet-zero ! interface FastEthernet0/0 description VPN-B Site 1 network ip address 192.168.10.1 255.255.255.0 duplex auto speed auto no keepalive ! interface Serial0/0 description Connected to PE1-AS1
Tr n Th T Uyn
94
ip address 192.168.1.2 255.255.255.252 clockrate 64000 no fair-queue ! router ospf 201 log-adjacency-changes network 192.168.1.0 0.0.0.255 area 1 network 192.168.10.0 0.0.0.255 area 1 ! ip classless ! end Router CE2-B
! hostname CE2-B ! ip subnet-zero ! interface Loopback0 description RIPv2 network ip address 192.168.99.1 255.255.255.0 ! interface Loopback1 description EIGRP network ip address 192.168.199.1 255.255.255.0 ! interface Ethernet0/0 description VPN-B site 2 network ip address 192.168.20.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 192.168.2.2 255.255.255.252 no fair-queue ! router eigrp 1 redistribute ospf 202 metric 1500 1 255 1 1500 match internal external 1 external 2 network 192.168.199.0 no auto-summary ! router ospf 202 log-adjacency-changes redistribute eigrp 1 subnets redistribute rip metric-type 1 subnets network 192.168.2.0 0.0.0.255 area 2 network 192.168.20.0 0.0.0.255 area 2 !
Tr n Th T Uyn
95
router rip version 2 redistribute ospf 202 metric 1 match internal external 1 external 2 network 192.168.99.0 no auto-summary ! ip classless ! end Ki m tra: Cc b c ki m tra nh tuy n OSPF PE-CE nh sau: (1) Ki m tra quan h neighbor v adjacency gi a cc router PE v cc router bin CE: PE1-AS1#show ip ospf neighbor Neighbor ID 10.10.10.200 192.168.10.1 172.16.10.1 Pri 0 0 0 State FULL/ FULL/ FULL/ Dead Time 00:00:37 00:00:35 00:00:30 Address Interface 10.10.10.2 Serial0/0 192.168.1.2 Serial1/3 172.16.1.2 Serial1/1 Interface Serial0/1 Serial1/2 Serial1/0
PE2-AS1#show ip ospf neighbor Neighbor ID 10.10.10.200 192.168.199.1 209.165.202.129 Pri State 0 FULL/ 0 FULL/ 0 FULL/ Dead Time Address 00:00:31 10.10.10.6 00:00:38 192.168.2.2 00:00:35 172.16.2.2
(2) Ki m tra vi c qu ng b tuy n cho CustomerA
B ng nh tuy n VRF cho CustomerA nh n c cc tuy n do CE2-A qu ng b t i. PE2-AS1#show ip route vrf CustomerA ospf 101 172.16.0.0/16 is variably subnetted, 6 subnets, 3 masks O IA 172.16.20.0/24 [110/791] via 172.16.2.2, 00:44:34, Serial1/0 209.165.201.0/27 is subnetted, 1 subnets O E1 209.165.201.0 [110/801] via 172.16.2.2, 00:44:34, Serial1/0 209.165.202.0/27 is subnetted, 1 subnets O E2 209.165.202.128 [110/20] via 172.16.2.2, 00:44:34, Serial1/0
Cc tuy n OSPF ny c redistribute vo MP-iBGP v cc metric c a tuy n OSPF c sao chp vo cc thu c tnh m r ng c a BGP nh cc BGP MED. Sau cc tuy n ny c qu ng b t i PE1-AS1 b ng MP-iBGP session. PE2-AS1#show ip bgp vpn vrf CustomerA BGP table version is 33, local router ID is 10.10.10.102 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Tr n Th T Uyn
96
Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 (default for vrf CustomerA) *>i172.16.1.0/30 10.10.10.101 0 100 0? *> 172.16.2.0/30 0.0.0.0 0 32768 ? *>i172.16.10.0/24 10.10.10.101 791 100 0? *> 172.16.20.0/24 172.16.2.2 791 32768 ? *>i172.16.101.1/32 10.10.10.101 0 100 0? *> 172.16.102.1/32 0.0.0.0 0 32768 ? *> 209.165.201.0/27 172.16.2.2 801 32768 ? *> 209.165.202.128/27 172.16.2.2 20 32768 ? PE2-AS1#show ip bgp vpnv4 all 172.16.20.0 BGP routing table entry for 1:100:172.16.20.0/24, version 13 Paths: (1 available, best #1, table CustomerA) Advertised to non peer-group peers: 10.10.10.101 Local 172.16.2.2 from 0.0.0.0 (10.10.10.102) Origin incomplete, metric 791, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 OSPF DOMAIN ID:0.0.0.101 OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:172.16.102.1:0 PE2-AS1#show ip bgp vpnv4 vrf CustomerA BGP table version is 33, local router ID is 10.10.10.102 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 (default for vrf CustomerA) *>i172.16.1.0/30 10.10.10.101 0 100 0? *> 172.16.2.0/30 0.0.0.0 0 32768 ? *>i172.16.10.0/24 10.10.10.101 791 100 0? *> 172.16.20.0/24 172.16.2.2 791 32768 ? *>i172.16.101.1/32 10.10.10.101 0 100 0? *> 172.16.102.1/32 0.0.0.0 0 32768 ? *> 209.165.201.0/27 172.16.2.2 801 32768 ? *> 209.165.202.128/27 172.16.2.2 20 32768 ? CE1-A#show ip route ospf 172.16.0.0/16 is variably subnetted, 6 subnets, 3 masks O IA 172.16.20.0/24 [110/855] via 172.16.1.1, 00:41:36, Serial0/0 O IA 172.16.2.0/30 [110/65] via 172.16.1.1, 00:41:36, Serial0/0 O 172.16.101.1/32 [110/65] via 172.16.1.1, 01:05:21, Serial0/0 O IA 172.16.102.1/32 [110/65] via 172.16.1.1, 00:41:36, Serial0/0 209.165.201.0/27 is subnetted, 1 subnets
Tr n Th T Uyn
97
O E1 209.165.201.0 [110/865] via 172.16.1.1, 00:41:36, Serial0/0 209.165.202.0/27 is subnetted, 1 subnets O E2 209.165.202.128 [110/20] via 172.16.1.1, 00:41:36, Serial0/0 (3) Ki m tra vi c qu ng b tuy n cho CustomerB PE2-AS1#show ip route vrf CustomerB ospf 202 O E2 192.168.199.0/24 [110/20] via 192.168.2.2, 00:44:06, Serial1/2 O E1 192.168.99.0/24 [110/801] via 192.168.2.2, 00:44:06, Serial1/2 O 192.168.20.0/24 [110/791] via 192.168.2.2, 00:44:06, Serial1/2 PE2-AS1#show ip bgp vpnv4 all | begin 192.168.20.0 *> 192.168.20.0 192.168.2.2 *> 192.168.99.0 192.168.2.2 *> 192.168.199.0 192.168.2.2 *>i192.168.20.0 10.10.10.102 *>i192.168.99.0 10.10.10.102 *>i192.168.199.0 10.10.10.102 CE1-B#show ip route ospf O E2 192.168.199.0/24 [110/20] via 192.168.1.1, 00:12:06, Serial0/0 192.168.201.0/32 is subnetted, 1 subnets O 192.168.201.1 [110/65] via 192.168.1.1, 00:35:15, Serial0/0 O E2 192.168.99.0/24 [110/801] via 192.168.1.1, 00:12:06, Serial0/0 O E2 192.168.20.0/24 [110/791] via 192.168.1.1, 00:12:06, Serial0/0 192.168.202.0/32 is subnetted, 1 subnets O E2 192.168.202.1 [110/1] via 192.168.1.1, 00:12:06, Serial0/0 192.168.2.0/30 is subnetted, 1 subnets O E2 192.168.2.0 [110/1] via 192.168.1.1, 00:12:06, Serial0/0 OSPF Sham-Link Hnh d i m t m ng c a ISP cung c p cc d ch v MPLS VPN cho cc Customer A thu c cng VPN-A c s d ng Backdoor Link. 791 801 20 32768 ? 32768 ? 32768 ? 0? 0? 0?
PE1-AS1#show ip bgp vpnv4 all | begin 192.168.20.0 791 100 801 100 20 100
Tr n Th T Uyn
98
Customer A c 4 Site trong VPN-A. Cc site u thu c Area 0. Site 3 v Site 4 c k t n i v i nhau b ng m t c backdoor link bng thng th p (512 kbps). Backdoor link ny cung c p k t n i gi a Site 3 v Site 4 khi k t n i n backbone c a nh cung c p b s c (down ho c disconnected). Cc site ny cng k t n i t i BGP-based MPLS VPN backbone c a nh cung c p. Ki u tch h p ny c th xem l m t d ng nh tuy n km t i u (suboptimal routing) nh hnh sau:
Trnh t th c hi n khi CE4-A qu ng b 172.16.40.0/24 t i cho CE3-A: (1) CE4-A g i m t LSA Type 1 cho 172.16.40.0/24 t i PE2-AS1 v CE3-A.
Tr n Th T Uyn
99
Trnh t ny cng x y ra v i 172.16.30.0/24 khi n c CE2-A qu ng b i. Do , cc gi d li u xu t pht t 172.16.30.0 (Site 3) t i 172.16.40.0 (Site 4) s qua backdoor link. Tng t cho cc lu ng lu l ng b t ngu n t 172.16.10.0 (Site 1) t i 172.16.20.0 (Site 2) v b t k tuy n lin quan no t MPLS VPN backbone s l cc inter-area route v intra-area route th c u tin hn. V th , vi c chuy n ti p lu l ng d ng ny c g i l suboptimal v backdoor link c bng thng th p v c dng d phng (backup). Bn d i cho th y ng chuy n ti p lu l ng trong m ng MPLS VPN s d ng backdoor link (khng sham link).
(2) PE2-AS1 nh n 172.16.40.0/4 l m t intra-area route, v redistribute vo MPBGP. (3) PE1-AS1 redistribute 172.16.40.0/24 vo OSPF v qu ng b 172.16.40.0/4 l m t intra-area route t i CE3-A. (4) CE3-A nh n c hai inter-area route 172.16.40.0/24 t PE1-AS1 v m t intra-area route t CE4-A. V intra-area route c u tin hn nn c thm vo c s d li u OSPF (OSPF database).
C th trnh tr ng h p ny b ng cch s d ng m t sham-link. M t sham-link l m t k t n i lu n l (logical link) thu c v n i vng (intra-area) nhng khng c mang theo b i BGP-based superbackbone. Hai router PE s l endpoint c a sham-link. Chng s thi t l p m t OSPF adjacency i qua v floot cc intra-area LSA qua k t n i ny. Sham-link c xem l m t m ch o theo yu c u (DC demand circuit) c a OSPF nh m gi m lu ng lu l ng qua sham-link. i u ny gip trnh vi c cc LSA c floot nh k qua sham-link. Hnh sau m t m t sham-link:
Tr n Th T Uyn
100
CE4-A g i 172.16.40.0/24 v LSA Type 1 t i CE3-A, sau LSA ny c qu ng b t i PE1-AS1. PE1-AS1 nh n c OSPF-LSA Type 1 t CE4-A qua CE3-A v t PE2-AS1 qua OSPF sham-link. OSPF sham-link c i x nh m t k t n i n i vng (intra-area link) gi a PE1-AS1 v PE2-AS1. Cost c a sham-link c th c c u hnh sao cho th p hn cost c a backup link gi a CE3-A v CE4-A. Do PE2AS1 redistribute tuy n 172.16.40.0/24 vo MP-BGP v tuy n OSPF ny khng c nh n qua m t sham-link t PE1-AS1. PE1-AS1 cng khng redistribute tuy n ny vo MP-iBGP v n khng c nh n t PE2-AS1 qua OSPF sham-link. PE1-AS1 ci t tuy n OSPF nh n c t sham-link vo b ng nh tuy n VRF c a n. LSA cho tuy n 172.16.40.0/24 c qu ng b n Site 4 cho php Site 3 ch n ng i t t nh t. Khi , cc gi nh n c t Site 4 s c nh tuy n qua MPLS VPN backbone v s d ng k t n i bng thng cao. Nh v y, CE3-A t i Site 3 cng ch n sham-link l ng i t t nh t n 172.16.40.0/24. V th lu ng lu l ng gi a gi a Site 3 v Site 4 c nh tuy n t i u qua sham-link gi a PE1-AS1 v PE2-AS1. S c u hnh cho OSPF Sham-Link
LAB 5-2 OSPF Sham-Links
M t
Tr n Th T Uyn
101
Th c hi n C u hnh a ch ip v nh ngha cc VRF trn cc PE. C u hnh OSPF Sham-link theo cc b c sau: (1) T o cc u cu i (endpoint) c a sham-link T o cc giao ti p loopback trn m i router PE v g n k t n vo VRF CustomerA c a VPN. a ch loopback l m t a ch trong khng gian a ch c a VPN, khng c l khng gian a ch c a nh cung c p d ch v MPLS VPN v sham-link l m t k t n i c a khch hng (CustomerA). T o endpoint th c hi n trn PE1-AS1 v PE2-AS1 nh sau: PE1-AS1(config)#interface Loopback101 PE1-AS1(config-if)# description sham-link Endpoint on PE1-AS1 PE1-AS1(config-if)# ip vrf forwarding Cust_A PE1-AS1(config-if)# ip address 172.16.101.1 255.255.255.255 PE2-AS1(config)#interface Loopback101 PE2-AS1(config-if)# description sham-link Endpoint on PE2-AS1 PE2-AS1(config-if)# ip vrf forwarding Cust_A PE2-AS1(config-if)# ip address 172.16.102.1 255.255.255.255 (2) Redistribute endpoint vo MP-BGP PE1-AS1(config)#router bgp 1 PE1-AS1(config-router)#address-family ipv4 vrf Cust_A PE1-AS1(config-router-af)# redistribute connected PE2-AS1(config)#router bgp 1 PE2-AS1(config-router)#address-family ipv4 vrf Cust_A
Tr n Th T Uyn
102
PE2-AS1(config-router-af)# redistribute connected (3) Cho php sham-link qua ti n trnh OSPF VRF PE1-AS1(config)#router ospf 101 vrf Cust_A PE1-AS1(config-router)#area 0 sham-link 172.16.101.1 172.16.102.1 cost 1 PE2-AS1(config)#router ospf 101 vrf Cust_A PE2-AS1(config-router)#area 0 sham-link 172.16.102.1 172.16.101.1 cost 1 C u hnh Router P1-AS1
! hostname P1-AS1 ! ip subnet-zero ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 description Connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252 tag-switching ip clockrate 64000 ! interface Serial0/1 description Connected to PE2-AS1 ip address 10.10.10.6 255.255.255.252 tag-switching ip clockrate 64000 ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip http server ip classless ! end Router PE1-AS1
! hostname PE1-AS1 ! ip subnet-zero ! !

Tr n Th T Uyn 103
! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface Loopback101 description Sham-link Endpoint on PE1-AS1 ip vrf forwarding CustomerA ip address 172.16.101.1 255.255.255.255 ! interface Serial0/0 description Connected to P1-AS1 ip address 10.10.10.1 255.255.255.252 tag-switching ip ! interface Serial1/1 description Connected to CE1-A ip vrf forwarding CustomerA ip address 172.16.1.1 255.255.255.252 clockrate 64000 ! interface Serial1/3 description Connected to CE3-A ip vrf forwarding CustomerA ip address 172.16.3.1 255.255.255.252 ! router ospf 101 vrf CustomerA router-id 172.16.101.1 log-adjacency-changes area 0 sham-link 172.16.101.1 172.16.102.1 redistribute bgp 1 subnets network 172.16.1.0 0.0.0.255 area 0 network 172.16.3.0 0.0.0.255 area 0 ! router ospf 1 router-id 10.10.10.101 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.102 remote-as 1
Tr n Th T Uyn
104
neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community both no auto-summary exit-address-family ! address-family ipv4 vrf CustomerA redistribute connected redistribute ospf 101 match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! ip http server ip classless ! end Router PE2-A
! hostname PE2-AS1 ! ip vrf CustomerA rd 1:100 route-target export 1:100 route-target import 1:100 ! ip cef mpls ldp logging neighbor-changes ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Loopback101 description Sham-link Endpoint on PE2-AS1 ip vrf forwarding CustomerA ip address 172.16.102.1 255.255.255.255 ! interface Serial0/1 description Connected to P1-AS1 ip address 10.10.10.5 255.255.255.252 tag-switching ip ! interface Serial1/0 description Connected to CE2-A ip vrf forwarding CustomerA ip address 172.16.2.1 255.255.255.252
Tr n Th T Uyn
105
clockrate 64000 ! interface Serial1/2 description Connected to CE4-A ip vrf forwarding CustomerA ip address 172.16.4.1 255.255.255.252 clockrate 64000 ! router ospf 101 vrf CustomerA router-id 172.16.102.1 log-adjacency-changes area 0 sham-link 172.16.102.1 172.16.101.1 redistribute bgp 1 subnets network 172.16.2.0 0.0.0.255 area 0 network 172.16.4.0 0.0.0.255 area 0 ! router ospf 1 router-id 10.10.10.102 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community both no auto-summary exit-address-family ! address-family ipv4 vrf CustomerA redistribute connected redistribute ospf 101 match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! ip classless ! end Router CE1-A
! hostname CE1-A ! mpls ldp logging neighbor-changes
Tr n Th T Uyn
106
! interface Ethernet0/0 description VPN-A Site 1 network ip address 172.16.10.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 no fair-queue ! router ospf 101 log-adjacency-changes network 172.16.0.0 0.0.255.255 area 0 ! ip http server ip classless ! end Router CE2-A
! hostname CE2-A ! interface Ethernet0/0 description VPN-A CustomerA Site 2 network ip address 172.16.20.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.2.2 255.255.255.252 ! router ospf 101 log-adjacency-changes network 172.16.0.0 0.0.255.255 area 0 ! ip classless ! end Router CE3-A
! hostname CE3-A ! interface FastEthernet0/0 description VPN-A CustomerA Site 3 network ip address 172.16.30.1 255.255.255.0
Tr n Th T Uyn
107
duplex auto speed auto no keepalive ! interface Serial0/0 description Connected to PE1-AS1 ip address 172.16.3.2 255.255.255.252 clockrate 64000 no fair-queue ! interface Serial0/1 description Sham-link, connected to CE4-A bandwidth 512 ip address 172.16.5.1 255.255.255.252 ! router ospf 101 log-adjacency-changes network 172.16.0.0 0.0.255.255 area 0 ! ip classless ! end Router CE4-A
! hostname CE4-A ! interface Ethernet0/0 description VPN-A CustomerA Site 4 network ip address 172.16.40.1 255.255.255.0 half-duplex no keepalive ! interface Serial0/0 description Connected to PE2-AS1 ip address 172.16.4.2 255.255.255.252 no fair-queue ! interface Serial0/1 description Sham-link, connected to CE3-A bandwidth 512 ip address 172.16.5.2 255.255.255.252 clockrate 64000 ! router ospf 101 log-adjacency-changes network 172.16.0.0 0.0.255.255 area 0 ! ip classless !
Tr n Th T Uyn
108
end Ki m tra ho t ng c a Sham-link PE1-AS1#show ip route vrf CustomerA Routing Table: CustomerA Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 11 subnets, 3 masks 172.16.40.0/24 [110/792] via 10.10.10.102, 00:33:15 172.16.30.0/24 [110/782] via 172.16.3.2, 00:33:59, Serial1/3 172.16.20.0/24 [110/792] via 10.10.10.102, 00:33:15 172.16.10.0/24 [110/791] via 172.16.1.2, 00:33:59, Serial1/1 172.16.4.0/30 [110/782] via 10.10.10.102, 00:33:45 172.16.5.0/30 [110/976] via 172.16.3.2, 00:33:59, Serial1/3 172.16.1.0/30 is directly connected, Serial1/1 172.16.2.0/30 [110/782] via 10.10.10.102, 00:33:46 172.16.3.0/30 is directly connected, Serial1/3 172.16.101.1/32 is directly connected, Loopback101 172.16.102.1/32 [200/0] via 10.10.10.102, 00:34:17 172.16.0.0/16 is variably subnetted, 11 subnets, 3 masks 172.16.40.0/24 [110/791] via 172.16.4.2, 00:42:24, Serial1/2 172.16.30.0/24 [110/783] via 10.10.10.101, 00:42:24 172.16.20.0/24 [110/791] via 172.16.2.2, 00:42:24, Serial1/0 172.16.10.0/24 [110/792] via 10.10.10.101, 00:42:24 172.16.5.0/30 [110/976] via 172.16.4.2, 00:42:24, Serial1/2 172.16.1.0/30 [110/782] via 10.10.10.101, 00:42:24 172.16.3.0/30 [110/782] via 10.10.10.101, 00:42:24 172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks 172.16.40.0/24 [110/205] via 172.16.5.2, 00:17:34, Serial0/1 172.16.20.0/24 [110/856] via 172.16.3.1, 00:17:34, Serial0/0 172.16.10.0/24 [110/855] via 172.16.3.1, 00:17:34, Serial0/0 172.16.4.0/30 [110/259] via 172.16.5.2, 00:17:34, Serial0/1 172.16.1.0/30 [110/845] via 172.16.3.1, 00:17:34, Serial0/0 172.16.2.0/30 [110/846] via 172.16.3.1, 00:17:34, Serial0/0
O O O O O O C O C C B
PE2-AS1#show ip route vrf CustomerA ospf 101 O O O O O O O
CE3-A#show ip route ospf O O O O O O
CE4-A#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
Tr n Th T Uyn
109
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks 172.16.40.0/24 is directly connected, Ethernet0/0 172.16.30.0/24 [110/196] via 172.16.5.1, 00:26:15, Serial0/1 172.16.20.0/24 [110/855] via 172.16.4.1, 00:26:15, Serial0/0 172.16.10.0/24 [110/856] via 172.16.4.1, 00:26:15, Serial0/0 172.16.4.0/30 is directly connected, Serial0/0 172.16.5.0/30 is directly connected, Serial0/1 172.16.1.0/30 [110/846] via 172.16.4.1, 00:26:15, Serial0/0 172.16.2.0/30 [110/845] via 172.16.4.1, 00:26:16, Serial0/0 172.16.3.0/30 [110/259] via 172.16.5.1, 00:26:16, Serial0/1
C O O O C C O O O
CE3-A#traceroute 172.16.40.1 Type escape sequence to abort. Tracing the route to 172.16.40.1 1 172.16.5.2 16 msec 12 msec * CE1-A#traceroute 172.16.20.1 Type escape sequence to abort. Tracing the route to 172.16.20.1 1 172.16.1.1 16 msec 16 msec 16 msec 2 10.10.10.2 [MPLS: Labels 17/23 Exp 0] 153 msec 153 msec 152 msec 3 172.16.2.1 [MPLS: Label 23 Exp 0] 88 msec 88 msec 88 msec 4 172.16.2.2 56 msec 56 msec * CE1-A#traceroute 172.16.40.1 Type escape sequence to abort. Tracing the route to 172.16.40.1 1 172.16.1.1 16 msec 16 msec 16 msec 2 10.10.10.2 [MPLS: Labels 17/22 Exp 0] 152 msec 152 msec 152 msec 3 172.16.4.1 [MPLS: Label 22 Exp 0] 88 msec 88 msec 88 msec 4 172.16.4.2 56 msec 56 msec * PE1-AS1#show ip ospf sham-links Sham Link OSPF_SL0 to address 172.16.102.1 is up Area 0 source address 172.16.101.1 Run as demand circuit DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Hello due in 00:00:03 Adjacency State FULL (Hello suppressed)
Tr n Th T Uyn 110
Index 3/3, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 0 Last retransmission scan time is 0 msec, maximum is 0 msec PE1-AS1#show ip ospf neighbor Neighbor ID 10.10.10.200 172.16.30.1 172.16.10.1 172.16.102.1 Pri State 0 FULL/ 0 FULL/ 0 FULL/ 0 FULL/ Dead Time Address Interface 00:00:34 10.10.10.2 Serial0/0 00:00:39 172.16.3.2 Serial1/3 00:00:30 172.16.1.2 Serial1/1 172.16.102.1 OSPF_SL0
PE1-AS1#show ip route vrf CustomerA ospf 101 O O O O O O O 172.16.0.0/16 is variably subnetted, 11 subnets, 3 masks 172.16.40.0/24 [110/792] via 10.10.10.102, 00:35:18 172.16.30.0/24 [110/782] via 172.16.3.2, 00:36:02, Serial1/3 172.16.20.0/24 [110/792] via 10.10.10.102, 00:35:18 172.16.10.0/24 [110/791] via 172.16.1.2, 00:36:02, Serial1/1 172.16.4.0/30 [110/782] via 10.10.10.102, 00:35:47 172.16.5.0/30 [110/976] via 172.16.3.2, 00:36:02, Serial1/3 172.16.2.0/30 [110/782] via 10.10.10.102, 00:35:47 172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks 172.16.40.0/24 [110/205] via 172.16.5.2, 00:17:34, Serial0/1 172.16.20.0/24 [110/856] via 172.16.3.1, 00:17:34, Serial0/0 172.16.10.0/24 [110/855] via 172.16.3.1, 00:17:34, Serial0/0 172.16.4.0/30 [110/259] via 172.16.5.2, 00:17:34, Serial0/1 172.16.1.0/30 [110/845] via 172.16.3.1, 00:17:34, Serial0/0 172.16.2.0/30 [110/846] via 172.16.3.1, 00:17:34, Serial0/0 172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks 172.16.30.0/24 [110/196] via 172.16.5.1, 00:26:15, Serial0/1 172.16.20.0/24 [110/855] via 172.16.4.1, 00:26:15, Serial0/0 172.16.10.0/24 [110/856] via 172.16.4.1, 00:26:15, Serial0/0 172.16.1.0/30 [110/846] via 172.16.4.1, 00:26:15, Serial0/0 172.16.2.0/30 [110/845] via 172.16.4.1, 00:26:16, Serial0/0 172.16.3.0/30 [110/259] via 172.16.5.1, 00:26:16, Serial0/1
CE3-A#show ip route ospf O O O O O O
CE4-A#show ip route O O O O O O
Tr n Th T Uyn
111
Chng 6: K THU T LU L NG TRONG MPLS

Khi ni m v k thu t lu l ng (Traffic Engineering) Khi i m t v i s pht tri n v m r ng m ng c hai v n k thu t c n quan tm: k thu t m ng (network engineering) v k thu t lu l ng (traffic engineering). K thu t m ng l t ch c m ng ph h p v i lu l ng. Ban u ph i c s d on t t nh t v lu l ng trn m ng s d ng cc m ch v cc thi t b m ng (router, switch, ) thch h p. K thu t m ng ph i m b o hi u qu v sau ny v th i gian l p t m ng c th di n ra lu di. K thu t lu l ng l thao tc trn lu l ng ph h p v i m ng. D c c g ng n u th lu l ng m ng cng khng bao gi c p ng hon ton (100%) so v i d tnh. Gi a th p nin 90 s tng tr ng lu l ng v t qu m i d tnh v khng th nng c p m ng k p th i c. i khi m t s ki n n i b t (s ki n th thao, v b b i chnh tr , m t trang web ph bi n,) lm y lu l ng trn m ng, i u ny khng th tnh ton tr c c. Do c th t i m t ni nhu c u bng thng qu nhi u nhng ng th i c cc ng lin k t (link) khc cha c s d ng. K thu t lu l ng l m t ngh thu t chuy n lu l ng t cc lin k tb y sang cc lin k t r i. K thu t lu l ng c th c b sung : IP metric trn giao ti p,ch y m t m c l i ATM PVC v xc nh l i ng PVC d a trn yu c u v lu l ng i qua n. K thu t lu l ng trong MPLS nh m t n k thu t i u khi n lu l ng h ng k t n i t t nh t v k t h p v i nh tuy n IP. K thu t lu l ng tr c MPLS Ta s xem xt cc k thu t lu l ng c a IP v ATM: K thu t lu l ng IP th ph bi n nhng ch t l ng kh km. Cch i u khi n ch y u c a IP l thay i chi ph trn m t lin k t c th . Vi c i u khi n lu l ng ch d a trn m t con ng n s i t i khng h p l. Ng c l i, ATM b n thay th cc PVC trn m ng t ngu n n ch c a s lu thng. Ngha l t c quy n i u khi n t t hn trn cc lu ng lu l ng. Vi nh cung c p d ch v (ISP) l n trn th gi i s d ng ATM qu n l lu l ng trn m ng c a h b ng cch xy d ng m ng l i y cc ATM PVC gi a m t t p cc router, ti nh kch th c v v tr cc ATM PVC m t cch nh k d a trn thng tin lu l ng do cc router cung c p. Bi ton con c Trong m ng IP: Trong hnh c hai con ng i t R2 R2 R5 R6 R2 R3 R4 R6
n R6 :
Tr n Th T Uyn
112
V cc lin k t ny c cng chi ph (cost = 15), theo chuy n ti p ch thng th ng, t t c cc gi n t R1 v R7 c ra cng giao ti p c a R2 t i R5, v chi ph (cost) c a ng pha trn th p hn d i. T t c cc lin k t trong hnh c bng thng 150 Mbps, R1 g i 90 Mbps v R7 g i 100 Mbps. Lc ny n y sinh v n : R2 c g ng chuy n 190 Mbps qua ng (pipe) 150 Mbps. Ngha l R2 ph i hu 40 Mbps cho ph h p v i ng truy n. Vi c chuy n ti p h ng ch (destination base forwarding) khng th gi i quy t v n ny. Ch c th hu b lin k t ho c chuy n chi ph lin k t con ng ng n l n ng di u c cng chi ph nh m gi m nh v n . Nhng ch p d ng c trn m ng nh . Trong m ng ATM:
Xy d ng hai PVC t R2 n R6 v thi t l p cho chng cng chi ph. V R2 c hai con ng n R6 nn s s d ng c hai con ng mang m t l ng d li u h p l. C ch chia t i c th thay i a d ng nhng thng th ng cn b ng t i trn ngu n v ch c a CEF (CEF 's per-source-destination load blancing) s d ng c hai con ng theo cch cn b ng th (roughly). Xy d ng hai con ng c cng chi ph l gi i php m m d o hn thay i chi ph lin k t. Trong m ng ATM cc thi t b khc n i n m ng khng nh h ng n b t k s thay i no c a metric. i u ny cho th y kh nng i u khi n lu l ng c a ATM t t hn c a IP. Gi i quy t bi ton con c b ng MPLS TE:
C ba i m khc bi t v k thu t lu l ng gi a ATM v MPLS: MPLS TE chuy n ti p gi (packet); ATM s d ng t bo (Cell). ATM yu c u m ng l i y cc tuy n ln c n (routing adjacenies); MPLS khng c n.
Tr n Th T Uyn
113
Trong ATM, cng ngh li khng th th y cc router trn bin c a m ng; MPLS th y c nh cc giao th c nh tuy n IP qu ng co (advertise) thng tin c a n.
K thu t lu l ng v i MPLS MPLS TE k t h p kh nng i u khi n lu l ng c a ATM v i s m m d o c a IP v s khc nhau c a cc l p d ch v . MPLS cho php xy d ng cc con ng chuy n nhn (LSP - Label Switch Path) trong m ng gi m lu l ng chuy n ti p. MPLS TE (c th g i l ng h m i u khi n lu l ng - TE Tunnel) dng m t ng h m TE i u khi n lu l ng trn ng n m t ch c th . Phng php ny m m d o hn k thu t lu l ng chuy n ti p ch d a trn a ch ch. MPLS trnh c ng flooding O(N2) v O(N3). MPLS TE s d ng c ch g i l nh tuy n (autoroute) xy d ng b ng nh tuy n b ng MPLS TE LSP m khng c n m ng l i y cc tuy n lng gi ng (neighbor). MPLS TE d tr bng thng khi xy d ng LSP. y gi i thi u khi ni m ti nguyn tiu th (consumable resource). Khi LSP c thm vo m ng chng c th tm ra con ng c bng thng c lu tr s n. MPLS b t bu c c s d tr c a m t ph ng i u khi n, ngha l n u m t LSR d tr 10Mb v g i n n 100Mb trn LSP , m ng s th phn chia 100 Mb tr khi lu l ng ngu n b k thu t QoS rng bu c. Khi nghin c u v k thu t lu l ng ta quan tm n ba v n chnh: (1) S phn ph i thng tin (Information distribution): Cch cc b nh tuy n nh n di n ra m ng v cc ti nguyn no s n sng. (2) Tnh ton v thi t l p tuy n (Path calculation and setup): Cch cc b nh tuy n quy t nh t o cc ng h m TE, v cch xy d ng v duy tr cc ng h m TE ny m t cch chnh xc. (3) Chuy n ti p lu l ng vo m t ng h m (Forwarding traffic down a tunnel): Sau khi ng h m c xy d ng th s d ng n nh th no? C u hnh MPLS TE c th kh i ng k thu t lu l ng MPLS, m ng c n c cc i u ki n sau: Ci t h i u hnh Cisco (Cisco IOS) c h tr K thu t lu l ng MPLS. Trong m ng cho php CEF (Cisco Express Forwarding). M t giao th c nh tuy n tr ng thi lin k t (OSPF ho c IS-IS) cng nh giao th c c ng n i IGP (Interior Gateway Protocol). K thu t lu l ng c php trn ton b router. M t giao di n loopback (m t n 255.255.255.255) s d ng nh MPLS Traffic Engineering router ID (RID). C u hnh ng h m TE c b n. Cc l nh c u hnh quan tr ng cho m t giao ti p ng h m MPLS c s : L nh interface Tunnel0 M t Cc ng h m MPLS TE c c trng l m t giao ti p ng h m trong ph n m m Cisco IOS. N khng khc g i v i cc lo i ng h m khc. ip unnumbered Ph n m m Cisco IOS khng chuy n ti p lu l ng xu ng loopback0 m t giao ti p khng c a ch IP nn ph i gn a ch IP cho ng h m TE v a t o. Tuy nhin cc ng h m TE ch theo m t h ng duy nh t v khng ti p nh n b t c lin k t lng gi ng no nn s lng ph a ch n u g n a ch IP cho giao ti p . tunel mode mpls L nh ny thng bo cho ph n m m Cisco IOS bi t giao ti p
Tr n Th T Uyn
114
traffic-eng ng h m ny l m t ng h m MPLS TE tunnel destination Cho Cisco IOS bi t i m k t thc c a ng h m. a ch destination-ip IP y l MPLS TE RouerID c a b nh tuy n m b n mu n t o ng h m t i. a ch IP ch l giao di n Loopback0. tunnel mpls traffic-eng Cho Cisco IOS bi t cch pht sinh ng i t u n cu i paht-option 10 ng h m. dynamic
M t l, thng tin v bng thng c s n trn giao ti p, cho php m t s ng h m lm vi c tr c nh ng ng h m khc nh vo u tin. Hai l, cc c thu c tnh trn giao ti p. Ba l, tr ng l ng qu n tr trn giao ti p. M i thng tin ny c qu ng b (advertised) trn m t c s lin k t (per-link basis). Ni cch khc, m t router qu ng b bng thng c s n, cc c thu c tnh v tr ng l ng qu n tr trn t t c cc lin k t c lin quan trong MPLS TE. Bng thng c s n (available bandwidth) M t thu c tnh quan tr ng c a MPLS TE l kh nng dnh ring bng thng qua m ng. C u hnh m t l ng bng thng dnh ring trn m t lin k t b ng cch s d ng l nh sau: router(config-if)#ip rsvp bandwidth [<1-10000000 total-reservable-bandwidth>[perflow-bandwidth]] L nh ny c th l y hai tham s . Tham s u l t ng l ng bng thng dnh ring trn giao ti p, tnh b ng Kbps. Tham s th hai l l ng bng thng t i a c th dnh ring trong lu ng lu l ng trn m t giao ti p. N u khng c u hnh l nh th bng thng dnh ring ng m nh qu ng co cho giao ti p b ng 0. N u khng ch nh gi tr cho total-reservable-bandwidth trong l nh ip rsvp bandwidth th gi tr m c nh l 75% c a bng thng lin k t (link bandwidth). Bng thng lin k t c xc nh b i lo i giao ti p ho c l nh v bng thng trn giao ti p. T l trn lu ng lu l ng (perflow) t i a c ng m nh l b ng tham s total-reservable-bandwidth, nhng khng nh t thi t ph i lun lun nh th . Khi cc ng h m MPLS TE dnh ring bng thng lin k t, l ng bng thng c nh ph n (allocated bandwidth) thay i nhng bng thng c s n t i a (maximum available bandwidth) khng thay i. C n c u hnh cho c hai: trn giao ti p (per-interface) v bng thng ng h m (tunnel bandwidth). V hai m c ch. M t l, c u hnh per-interface cho bi t trong m ng c bao nhiu bng thng c s n trn m t giao ti p. Hai l, c u hnh per-tunnel u ng h m cho bi t n c n bao nhiu bng thng s d ng. MPLS TE cung c p c ch u tin cho m t s ng h m lm vi c tr c nh ng ng h m khc. M i ng h m c m t u tin, cc ng h m t quan tr ng hn b y ra kh i ng i v c tnh ton l i ng i, v ti nguyn c a n nh ng l i cho ng h m quan tr ng hn. Cc m c u tin ng h m (Tunnel Priortity)
Cc d ng thng tin chnh c phn ph i
M t ng h m c th c thi t l p u tin v i gi tr trong kho ng t 0 n 7. Gi tr u tin cng l n th s quan tr ng c a ng h m cng th p! V d , ng
u tin (Priority Level):
Tr n Th T Uyn
115
h m c u tin 3 th quan tr ng hn ng h m u tin 5. u tin 0 l quan tr ng nh t. trnh nh m l n ng i ta th ng dng thu t ng t t hn (better) v t hn (worse) hn thu t ng cao hn (higher) v th p hn (lower). Cng c th dng thu t ng quan tr ng hn (more important) v t quan tr ng hn (less important). Nh ng c s c a s chi m quy n(Preemption Basics):
Nh ng ng h m quan tr ng hn c quy n y nh ng ng h m khc ra kh i ng i khi mu n dnh ring bng thng. i u ny c g i l s chi m tr c ng h m (tunnel preemption).
M i ng h m c hai u tin u tin thi t l p (Setup priority) v u tin lu gi (Hold priority). C hai u tin c xc nh chi ti t trong RFC 3209. Khi m t ng h m c thi t l p l n u tin ta quan tm n u tin thi t l p c a n lc quy t nh cng nh n ng h m . Khi c ng h m khc n c nh tranh bng thng trn lin k t v i ng h m u tin ny, u tin thi t l p c a ng h m m i c so snh v i u tin lu gi c a ng h m u tin. u tin thi t l p c th khc v i u tin lu gi cho m t vi ng d ng th c t . V d , m t ng h m c u tin lu gi b ng 0, v u tin thi t l p l 7. ng h m ny c th b b t k m t ng h m khc y ra kh i ng i c a n chi m ti nguyn v ng h m c u tin thi t l p th p nh t (7). Nhng ngay lc n c thi t l p th khng ng h m no khc c th chi m tr c ng i c a n do c u tin lu gi cao nh t (0).
u tin thi t l p v
u tin lu gi (Setup and Holding Priority):
u tin thi t l p khng c t t hn u tin lu Ch : cng m t ng h m th gi . V n u hai ng h m (gi s l Tunnel1 v Tunnel2) ang tranh ch p cng ti nguyn, v c hai u c u tin thi t l p b ng 1 v u tin lu gi b ng 7, i u g x y ra? Tunnel1 n u tin v gi bng thng v i u tin lu gi b ng 7. Tunnel2 n th hai v dng u tin thi t l p c a n (1) y Tunnel1 ra chi m ng lin k t (link). Sau Tunnel2 gi ng lin k t v i u tin lu gi b ng 7. Tunnel1 n v s d ng u tin thi t l p (1) y Tunnel2 i v chi m ng lin k t. Tunnel2 gi lin k t v i u tin lu gi b ng 7. Tunnel2 n v dng u tin thi t l p c a n (1) y Tunnel1 ra chi m ng lin k t . Sau Tunnel2 gi ng lin k t v i u tin lu gi b ng 7. C th v l p l i. Cc phin b n Cisco IOS u khng cho php c u hnh u tin thi t l p th p hn u tin lu gi trn cng m t ng h m nn trong th c t khng x y ra hi n t ng trn. Tuy nhin, trong th c t hi m khi u tin thi t l p v u tin lu gi khc nhau.
Vi c c u hnh th n gi n. C u trc l nh : tunnel mpls traffic-eng priority setup [holding] N u khng ch tin thi t l p. nh m t u tin lu gi th ng m nh b ng v i gi tr c a u u tin ng m nh l 7 (cho c hai u tin thi t l p v lu gi )
C u hnh
u tin cho ng h m
Cc c thu c tnh (Attribute Flags) M t c tnh khc c a MPLS TE l cc c thu c tnh. M t c thu c tnh l m t nh bipmap 32-bit trn m t k t n i c th ch a 32 thu c tnh ring bi t trn m t k t n i. L nh trn k t n i nh sau:
Tr n Th T Uyn 116
router(config-if)#mpls traffic-eng attribute-flags attributes (0x0-0xFFFFFFFF) Cc thu c tnh (attributes) c th t 0x0 n 0xFFFFFFFF. N i di n m t nh bitmap c a 32 thu c tnh (bit), v i gi tr c a m t thu c tnh l 0 ho c 1. Ng m nh l 0x0, hay t t c 32 thu c tnh trong nh bitmap l 0. B n c th t quy t nh cho nh ng bit ny. V d , quy t nh gi tr c thu c tnh l 0x2 ngha l K t n i ny c nh tuy n qua m t ng v tinh v do khng ph h p i qua nh ng ng c tr th p (low-delay). Trong tr ng h p ny b t k k t n i no qua v tinh s c c u hnh nh sau: router(config-if)#mpls traffic-eng attribute-flags 0x2 Tr ng l ng qu n tr (Administrative Weight) Chi ph trn k t n i chia lm hai lo i: chi ph i u khi n lu l ng (TE cost) v chi ph c a giao th c c ng n i (IGP cost). Cho php tnh ton ng i TE thi t l p chi ph k t n i khc v i ng i ng n nh t u tin c a giao th c IGP (IGP SPF).Chi ph TE ng m nh trn m t k t n i b ng v i chi ph IGP. Thay i chi ph TE khc v i chi ph IGP b ng cch s d ng l nh sau: router(config-if)#mpls traffic-eng administrative-weight (0-4294967295) Tr ng h p 1: ghi metric c IGP qu ng co nhng ch trn nh ng thng tin qu ng b c a TE. Tr ng h p 1 c c OSPF v IS-IS quan tm, khi m t k t n i c qu ng b vo IGP n km theo m t metric c a k t n i (link metric). Metric c a k t n i trong ISIS m c nh l 10, v c th c c u hnh l i b ng l nh: per-interface commamd isis metric. Metric k t n t ng m nh c a OSPF b ng bng thng trn k t n i chia 108, v c th c c u hnh b ng l nh per-interface commamd ip ospf cost. N u tr ng l ng qu n tr i u khi n lu l ng mpls (mpls traffic-eng administrative-weight) cha c c u hnh trn m t giao ti p, chi ph c qu ng b trn thng bo i u khi n lu l ng b ng v i chi ph IGP cho k t n i . Tuy nhin c m t tr ng h p b n mu n thay i gi tr chi ph c qu ng b trn k t n i cho TE. i u hy h u d ng trong cc m ng c c hai lo i chuy n ti p lu l ng : IP v MPLS TE. Vi c c u hnh tr ng l ng qu n tr trn lin k t s t o nn s khc bi t v tr nhng khng thay i bng thng. Thng tin c phn ph i khi no? Trong m t m ng khng s d ng k thu t lu l ng MPLS, IGP lm trn (flood) thng tin v m t k t n i (link) trong ba tr ng h p: M t l, khi m t k t n i ho t ng hay khng (up or down). Hai l, khi m t c u hnh c a k t n i thay i (V d : thay i chi ph k t n i,). Ba l, khi n th i gian lm trn thng tin IGP nh k c a router. Cc lo i b nh th i c k t h p v i cc ho t ng ny. S khc bi t c a chng ph thu c vo giao th c IGP c s d ng. K thu t lu l ng MPLS thm vo l do khc lm trn thng tin: khi bng thng c a k t n i thay i. Khi cc ng h m c thi t l p (set up) v c i u khi n (turn down) qua cc giao ti p, l ng bng thng c s n trn giao ti p b thay i dnh ring (reservation) cho m t giao ti p. Khi cc ng h m c thi t l p trn m t giao ti p, chng yu c u bng thng, v Tr ng h p 2: l metric nh y c m (delay-sensitive metric) v i ng h m (per-tunnel basis) tr trn m t c s administrative-weight l l nh dng thi t l p tr ng l ng qu n tr hay metric trn m t giao ti p. L nh ny s d ng cho hai tr ng h p:
Tr n Th T Uyn
117
l ng bng thng c s n (available bandwith) gi m xu ng; khi cc ng h m c i u khi n xu ng qua m t giao ti p c th , l ng bng thng c s n tng ln. Khi no router qu ng b nh ng thay i bng thng ny?
Cu tr l i u tin l Khi no c thay i x y ra. Nhng n c th t o nn s trn ng p r t l n (tremendous amuont of flooding). Trong cc m ng MPLS TE l n c hng nghn ng h m; vi c ti lm trn ng p (reflooding) khi c m t ng h m thay i gi ng nh thm hng nghn k t n i vo IGP. Vi c ti lm trn nh ng thay i TE khng t nh lm trn m t l ng k t n i IGP tng ng khi b n khng ch y SPF m t cch y ngay khi c thng tin tr ng thi lin k t TE m i nhng c th v n c r t nhi u thng tin ang lm trn trn m ng. C kh nng m t l ng r t l n thng tin lm trn ng p chi m h t bng thng trn m ng v cc ti nguyn quan tr ng trong CPU c a router. M c khc, b n mu n ch c r ng thng tin hnh tr ng m ng (topology information) c cc b nh tuy n qu ng co nh m m c ch c p nh t. N u t t c bng thng trn m t k t n i c th c dnh ring, v i u ny khng qu ng b s t m ngng c a m ng, lc m ng ra kh i s ng b ang c nn c th lm cho thi t l p khng thnh cng (setup failures) v nh ng b t l i khc (suboptimalities). V th b n ph i ch khi no lm trn nh ng thng tin thay i. C ba nguyn t c c a ng ng lm trn (flooding threshold): (1) Lm trn ngay nh ng thay (2) Khi cc ng h m n v i, cc ng ng c ki m tra xem n u c b t k s thay i no i v i s dnh ring qua m t ng ng, v thng tin tr ng thi lin k t TE s c lm trn khi c n thi t. Bng thng thay i gy ra b i s dnh ring ng h m nh b ng sau: i Bng thng Bng thng Lm Th i S thay thng cn l i (%) c ch p nh n trn ? i m bng (%) (%) Ng ng, chi u? i quan tr ng.
100
N/A
---
10
90
10
---
89
11
---
87
13
---
85
15
15%, ng c dng
35
50
50
C 30% v 45%, ng c dng
-8
58
42
---
-20
78
22
30%, xui dng
72
94
30%, 40%, ng c dng
Tr n Th T Uyn
118
95
95%, ng c dng
10
97
96%, 97%
11
-3
94
96%, dng
95%,
xui
(3) Ln trn nh ng thay i khng quan tr ng m t cch hn kho ng th i gian lm ti IGP.
nh k, nhng th ng xuyn i b ng cch
Th i gian nh k ng m nh l 180 giy (3 pht). Nhng c th thay c u hnh s d ng l nh ton c c sau:
Nh ng thng tin ny c lm trn n u bng thng c s n thay i v n cha c lm trn. Cng vi c ng m nh l ki m tra qu n tr k t n i TE (TE link manager) m i 3 pht, n u bng thng dnh ring c thay i trn b t k k t n i no th lm trn nh ng thng tin m i v k t n i . Thng tin k thu t lu l ng MPLS khng c n lm trn nh k (3 pht) n u khng c s thay i. Ch khi c nh ng thay i trong vng 3 pht th c lm trn. Ch lm trn nh k nh ng thng tin cha c lm trn (nh m t thay i bng thng khng v t qua ng ng lm trn). Ci t mpls traffic-eng link-management timers periodic-flooding b ng 0 lm v hi u vi c lm trn nh k. Ngha l thng tin bng thng c lm trn ch theo nguyn t c 1 v 3. N u m t thay i cha c lm trn th xem nh gy ra m t l i, ph i lm trn ngay: RSVP g i m t l i khi m t thi t l p ng i khng thnh cng do thi u bng thng. N u m t router nh n m t yu c u dnh ring bng thng nhi u hn bng thng hi n c trn m t k t n i c th , bng thng k t n i c s n c thay i t i th i i m lm trn thng tin g n nh t v th rotuer nh n c s ti p nh n dnh ring b nh tuy n g i s dnh ring ch a nh ng thng tin trong c s d li u c u trc m ng (topology database) c a n v th c hi n ti lm trn (reflood).
lsr1(config)#mpls traffic-eng link-management timers periodic-flooding 0-3600 second interval
Tnh ton v thi t l p tuy n

Thu t ton CSPF (Constrained Shortest Path First) Ho t ng c a CSPF:
C hai i m khc bi t ng quan tm gi a SPF bnh th ng do cc giao th c nh tuy n th c hi n v CSPF c a MPLS TE. Th nh t, ti n trnh thi t l p tuy n khng c thi t k tm ra ng i t t nh t n m i b nh tuy n m ch n i m cu i ng h m (tunnel endpoint). Th hai, thay v ch quan tm n m t lo i chi ph trn k t n i gi a hai lng gi ng cn ph i quan tm n: Bng thng (bandwidth). Cc thu c tnh k t n i (link attributes) Tr ng s qu n tr (Administrative weight) B n thu c tnh c th hi n trong danh sch PATH/TENT: {link, cost, next hop, available bandwidth}
Cc b c th c hi n thu t ton CSPF nh sau:
B c 1: M t nt t a thng tin c a chnh mnh vo danh sch PATH v i cost = 0, next hop l chnh n v thi t l p bng thng = N/A.
Tr n Th T Uyn
119
B c 2: Xem xt nt v a vo danh sch PATH, v g i n l nt PATH. Ki m tra danh sch cc nt lng gi ng c a n. Thm m i lng gi ng vo danh sch TENT v i m t next hop c a nt PATH, tr khi nt lng gi ng c c danh sch TENT ho c PATH v i chi ph th p hn. Khng thm ng i ny vo TENT tr khi n c c u hnh rng bu c cho ng h m bng thng (bandwidth) v quan h (affinity). N u nt v a c thm vo danh sch TENT c trong danh sch, nhng v i m t chi ph cao hn ho c th p hn bng thng t i thi u, thay th ng i c chi ph cao hn b ng ng hi n t i. B c 3: Tm lng gi ng trong danh sch TENT v i chi ph th p hn, thm lng gi ng vo danh sch PATH, v l p l i b c 2. N u TENT r ng ho c trn PATH cn l i nt cu i ng h m th d ng. V d : Minh h a thu t ton CSPF
Quan st hnh trn ta th y, Router A mu n t o m t ng h m TE n router D v i bng thng 60 Mbps. M i k t n i li t k metric v bng thng s n c c a n. D th y, ng i t t nh t t router A n Router D l A->B->C->D, v i t ng chi ph b ng 12. Nhng khng th a bng thng c s n b ng 60 Mbps. CSPF c n tnh l i ng i ng n nh t v i bng thng c s n 60 Mbps. B c 1: = N/A. t chnh n vo PATH v i gi tr PATH
ng i = 0, nexthop = self, bandwidth TENT
{A,0,self,N/A} (empty)
B c 2:
t cc lng gi ng c a router A vo TENT. PATH TENT
{A,0,self,N/A} {B,5,B,100}
{C,10,C,100}
B c 3: Chuy n B t PATH sang TENT, v PATH
t lng gi ng c a B vo TENT. TENT
Tr n Th T Uyn
120
{A,0,self,N/A} {C,10,C,100}
{B,5,B,100}
{D,13,B,90}
B c 4:
t lng gi ng c a B vo TENT, v chuy n C t TENT sang PATH. PATH TENT
{A,0,self,N/A} {D,13,B,90}
{B,5,B,100}
B c 5: L y D kh i TENT. Lc ny, c i t t nh t n D n m trong PATH. Tr ng h p ny TENT r ng; D tr thnh nt cu i cng c xem xt trong SPF. N u tm c ng i t t nh t n D m v n cn nt trong TENT, th v n d ng thu t ton y. PATH TENT
{A,0,self,N/A}
{B,5,B,100}
{C,10,C,100}
{D,13,B,90}
Trong th c t vi c tnh ton ph c t p hn nhi u. CSPF ph i lu gi m i nt trn ng i, khng ch l nt k ti p. Cng nh, khng ch quan tm n bng thng m cn xem xt n cc thu c tnh k t n i v cc phng php quy t nh (tiebreakers). Cc phng php quy t SPF thng th ng (dng trong OSPF, IS-IS) c th s d ng nhi u ng i n ch c cng chi ph. i u ny th nh tho ng c g i l ECMP Equal-Cost MultiPath, v n r t h u d ng trong giao th c nh tuy n n i (IGP Interior Gateway Protocol). Tuy nhin trong CSPF, khng c tnh m i ng i t t nh t n m i ch c th . B n ph i tm m t ng i n m t ch. B n s lm g khi t m t nt vo TENT v nt c trong TENT v i cng chi ph? B n c n tm ra m t cch phn bi t cc ng i v i nhau. y l cc phng php quy t nh ng i c cng chi ph: N u cha c, ch n ng i c hop count th p nh t (s l ng router trong ng i). Ch n ng i c bng thng c s n t i thi u r ng nh t. nh trong CSPF (Tiebreakers in CSPF)
N u v n cha tha, ch n ng i ng u nhin.
Ghi ch:
M i th khng th c s l ng u nhin. Khi xem xt xa hn trong qu trnh quy t nh, b n ch n ng i trn cng (top path) trong PATH. Khng ng u nhin khi m i ng i c th c m t c h i c l a ch n, nhng ch n ng u nhin v i ng i cu i cng (ends up on the top) c a PATH c c u trc c l p v c th c thi c l p. Cc phng php ny a ra cho m t nt trong TENT. T i m t th i i m no ,
Tr n Th T Uyn 121
m t nt ch nn c li t k m t l n trong TENT. y l s khc bi t v i IGP SPF c th ch n nhi u ng cho m t nt v chia t i gi a chng. Gi s , trong m ng hnh bn d i b n mu n t o m t ng h m t RtrA t i RtrZ v i bng thng 10 Mbps. M i ng i trong m ng ny ph h p v i m t . Khi b n ch n ng no?
C 5 ng c th i t A cc thu c tnh ng i.
n Z, g i l P1
n P5 (t trn xu ng d i). B ng 3 li t k Chi ph Bng thng t i thi u
Tn ng Cc router trn ng i
P1
RtrARtrL1RtrR1RtrZ
21
100
P2
RtrARtrL2RtrR2RtrZ
19
81
P3
RtrARtrL3RtrM3RtrR3RtrZ 19
90
P4
RtrARtrL4RtrR4RtrZ
19
90
P5
RtrARtrL5RtrR5RtrZ
19
90
P1 khng c s d ng v c chi ph ng i cao hn cc ng khc. P2 khng c ch n v c bng thng t i thi u l 80 Mbps, th p hn bng thng t i thi u c a nh ng ng khc. P3 khng ch n v c hop count = 5, cc ng khc c hop count = 4. RtrA ch n P4 hay P5 pha trn c a TENT. Nh ng y u t khc nh h ng n CSPF Ph n chia s thng tin cho bi t cch s d ng v c u hnh c a bng thng (bandwidth), cc thu c tnh k t n i (link attributes), v tr ng l ng qu n tr (administrative weight) trong hon c nh lm trn thng tin (information flooding). N cng cho bi t cch c u hnh m t ng h m MPLS TE s d ng cc thu c tnh ny. Bng thng kh quan tr ng. M t ng i khng c ch n s d ng cho m t ng h m MPLS TE c th
Tr n Th T Uyn 122
A l a ch n m t trong nh ng ng sau:
n u n khng c bng thng yu c u. N u cc affinity bits c a m t ng h m khng ph h p v i chu i thu c tnh c c u hnh trn m t k t n i, k t n i khng c l a ch n s d ng cho m t ng h m MPLS TE c th . Tr ng l ng qu n tr c s d ng b i IGP khi n lm ng p l t thng tin i u khi n lu l ng (traffic enfineering information). Ng m nh ch tr ng l ng qu n tr c dng tnh ton ng i c a ng h m. Tuy nhin, n u ch thay i tr ng l ng qu n tr cho m t k t n i c th th kh c th t o nn s m m d o c n thi t. IGP metric th ng c xu t pht t bng thng. Trong OSPF, metric ng m nh c a k t n i l bng thng tham chi u/ bng thng k t n i (reference-bandwidth/link bandwidth). Bng thng tham chi u ng m nh (c th c thay i b ng l nh auto-cost reference-bandwidth) l 10 8, ngha l b t k m t k t n i no 100 Mbps ho c hn c chi ph l 1. Ta cng c th thi t l p trn m t k t n i ring (individual link) v i l nh ip ospf cost cost. Trong IS-IS, chi ph k t n i ng m nh l 10. C th thay i chi ph ny b ng l nh isis metric. OSPF v IS-IS th ng dng metric m ha vi s o c a bng thng k t n i. i u ny ch t t cho cc m ng ch truy n d li u. C ch ki m sot ngh n m ng c a TCP, khi lin k t v i hng i DiffServ, c th gip c i ti n bng thng. Nhng v i tho i th sao? Tho i (voice) i h i t hn v bng thng v tr l n hn. Nhng khng c cch thng bo tr trn m t k t n i? Hay n u? C th v n d ng metric c a k t n i IGP i di n cho tr hn l bng thng. Nhng i u ny c th lm gi m kh nng nh tuy n lu ng d li u m t cch chnh xc lm nh h ng nghim tr ng t i m ng. Xem xt c u trc m ng trong hnh sau:
V tr th p (low-delay), ng i bng thng l n (high-bandwidth path) y, ta c th l a cc u tin v i u khi n lu l ng ng vi n thng OC3 khng b y, nhng khng c c p trong v d ny. N d n n hai cu h i n gi n: ta ch n ng i bng thng cao, tr cao hay ng i bng thng t, tr th p? Tr
Ba ng i gi a RtrA v RtrZ l: P1 l m t ng v tinh OC3 v i 150 Mbps bng thng c s n v tr cao. P2 l ng vi n thng OC3 v i tr th p. Tuy nhin, ng vi n thng OC3 khng c bng thng c s n t t c bng thng c dnh ring. P3 l m t ng vi n thng DS3 v i 45 Mbps bng thng c s n v tr th p.
Tr n Th T Uyn
123
l i: Ty tr ng h p. D li u th v n n v i nh ng ng i c u bng thng t hn.
tr cao, tho i th yu
MPLS TE cho ta kh nng quan tm n c bng thng v tr c a k t n i, v th ta c th xem xt ring bi t chi ph c a cc ng h m tho i v d li u. th c hi n i u ny, ph i th c hi n cc b c sau: B c 2: thay i ti n trnh quy t nh ng h m (tunnel-decision) trn cc ng h m d li u dng IGP metric hn l dng TE metric, v tnh n chi ph k t n i. B n c th th c hi n i u ny b ng l nh ton c c mpls traffic-eng path-selection metric igp, hay l nh trn ng h m tunnel mpls traffic-eng path-selection metric igp. B c 1: C u hnh 0-4294967295 tr c a k t n i b ng l nh mpls traffic-eng administrative-weight
Khng c n v no c h u c k t h p v i c u hnh c a tr ng l ng qu n tr . N u b n c u hnh mpls traffic-eng administrative-weight 10, gi tr 10 c th c gi i thch theo nhi u cch. 10 c ph i l tr hon chuy n t i tnh b ng micro giy? Ph n trm giy? Mili giy? Giy? Tuy nhin nn tnh tr theo mili giy (ms) v:
TE metric l m t l ng 32 bit, ngha l c th tnh tr trong kho ng 0 4.294.967.295 ms (tng ng 7 tu n, m t tr l n cha t ng th y). ng d ng VoIP tnh tr b ng ms nn th t s khng c n xem xt tr k t n i b ng b t c m t n v no khc. Th t kh nh gi c th tr u cu i (end-to-end latency) trn m t m ch (circuit) c th m t cch chi ti t v i m t n v khc ms. C ba cch nh gi Ch nh tr . Xt theo tnh ph c t p tng d n nh sau: nh tuy n (router-miles). Ping t m t router ny t i m t router khc. tr mong mu n d a trn kho ng cch ch nh tr . Dng SAA
CSPF Knobs C 3 m ng l n v tnh ton tuy n c n quan tm l: C u hnh ty ch n ng i B u ng h m
nh th i CSPF bi n thin (Various CSPF timers) i (Various CSPF show commands)
V d : l p l i c u hnh ng h m c b n interface Tunnel0
C u hnh ty ch n ng i (path-option)
Cc l nh hi n th CSPF thay
ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination destination-ip tunnel mpls traffic-eng path-option 10 dynamic path-option ch l nh nh sau : nh m t ho c nhi u ng i c th t o ng h m. Hon t t c php
tunnel mpls traffic-eng path-option preference [dynamic | explicit [identifier identifier | name name]] {lockdown} C php l nh c a tunnel mpls traffic-eng path-option nh sau:
Tr n Th T Uyn 124
L nh
M t
tunnel mpls Xc nh m t ty ch n ng i (path-option) cho ng h m, traffic-eng path- tham bi n l m t gi tr t 1 n 1000. option preference
dynamic
Cho router bi t n tnh ton ng i t t nh t ph h p v i c u hnh cc rng bu c c a ng h m, nh bng thng v cc affinity bits.
explicit
identifier Khi cc ng t ng minh c t o ra, c nh danh ho c ch identifier | name nh. Ty ch n ny ch nh ty ch n ng i no c n quan tm. name
Cho php ch nh m t ng i t ng minh (explicit path) i qua m ng m ng h m c thi t l p. ng t ng minh ny ph i tha cc rng bu c c u hnh, v tunnel headend s ki m tra ng t ng minh ch c r ng cc rng bu c c tha mn tr c khi truy n tn hi u trn ng i.
lockdown
C u hnh lockdown periodically reoptimized.
ngn m t
ng h m TE kh i b
T o m t ng i t ng minh (Explicit Path)
L nh c u hnh th ng dng l tunnel mpls traffic-eng path-option 10 dynamic.
Tnh l i ng h m (tunnel reoptimization)
S d ng ty ch n nhi u ng i (Multiple path option) ng, m t ng i khc t t
i u g x y ra n u trong lc m t ng h m ang ho t hn xu t hi n.
Trong hnh trn: T tc k tn ib t C router A v D

Tr n Th T Uyn
u v i bng thng dnh ring l 100 Mbps u mu n xy d ng ng h m 60 Mbps n router H

125
K t n i gi a router D v router H b Ta th y cc s ki n sau c th x y ra:
t.
Khi m t router tm th y m t ng i t t hn ng h m c l p th c xem l reoptimization. Cc y u t tc ng n reoptimization: Tnh l i nh k (periodic reoptimization). Tnh l i th cng (manual reoptimization). Tnh l i h ng theo s ki n (Event-driven reoptimization)
Router D t o ng h m: D C H Router A t o m t ng h m : A B C E F G H Router D gi m bng thng dnh ring trn ng D C H xu ng 30 Mbps b ng cch c u hnh ho c i u ch nh bng thng t ng.
Reoptimization khng c th c hi n khi ng h m b down. N u m t ng b down th khng c n i b nh th i reoptimization (reoptimization timer) kch ho t tr c khi tm ra ng h m m i m vi c tnh ton s c th c hi n ngay l p t c.
RSVP-TE c m t c ch g i l make-before-break th c hi n t o m t ng h m dnh ring m i m khng lm xo tr n b t k s dnh ring ng h m no ang t n t i. Reoptimization nh k (periodic reoptimization)
Ghi ch: d reoptimization timer ch c c u hnh ton c c nhng c lu theo t ng ng h m. Gi s , c 20 ng h m khc nhau (t T1 n T20), m i ng h m c thi t l p cch nhau 2 pht (T1 thi t l p t i 00:00, T2 l 00:02,T20 lc 00:40). 20 pht sau b nh th i reoptimization ton c c (global reoptimization timer) cho T1 kch ho t v c tm m t ng i t t hn, nhng ch cho T1. T20 khng th c hi n reoptimize n th i i m sau khi n c thi t l p 1 gi (01:40).
Cisco th c thi m t b nh th i reoptimization nh k (periodic reoptimization timer), n c th c c u hnh ton c c. Sau khi m t ng h m i vo ho t ng, ti n hnh m t s c g ng tm ra m t ng i m i cho n, theo cc rng bu c c c u hnh c a ng h m. Ng m nh, vi c ny c th c hi n 1 l n m i gi ; B nh th i ny c c u hnh b ng l nh mpls traffic-eng tunnels reoptimize timers frequency 0-604800. 0-604800 l th i gian tnh b ng giy m Cisco IOS Software tm ki m m t ng i t t nh t cho m t ng h m. Thi t l p b nh th i ny b ng 0 ngha l ng h m khng bao gi reoptimize sau khi chng c thi t l p.
Reoptimization th cng (manual reoptimization)
Khi c m t thay i trong m ng m b n khng mu n i reoptimization timer c a ng h m kch ho t tr c khi tm ra ng i t t hn, b n c th s d ng l nh m c enable: mpls traffic-eng reoptimize [tunnel-name] bu c router th c hi n reoptimize m t ng h m c th t i b t k lc no. Reoptimization h ng theo s ki n (Event-driven reoptimization)
Xem xt k t n i gi a RtrD v RtrH trong hnh trn. N u k t n i ho t ng, RtrD c nn reoptimize ng h m D H c a n ng h m ny i qua ng k t n i tr c ti p ny? C th ! Nhng c m t cch m m t k t n i thi t l p nhng khng c n kch ho t m t reoptimization. C php l nh: mpls traffic-eng reoptimize events link-up
Tr n Th T Uyn
126
C th c m t vi ng h m khng c n reoptimize. C th th c hi n i u ny trong ph n c s c a ng h m s d ng ty ch n lockdown trong cc l nh ty ch n ng i: tunnel mpls traffic-eng path-option preference {dynamic | explicit name name | identifier id>} {lockdown} V d : m i k t n i b t
Lockdown
u v i 100 Mbps bng thng c s n
T i th i i m hai ng h m c thi t l p, k t n i bn d i gi a RtrC v RtrD b down. M t lc sau ho t ng tr l i. M t ng h m 60 Mbps t RtrA n RtrE qua k t n i trn C D v m t ng h m RtrB n RtrE i trn cng k t n i nh hnh sau:
Khi reoptimize x y ra trn cc ng h m ny, gi s xem xt trn ng h m B E, k t qu l ng h m B E c reoptimize.
Tr n Th T Uyn
127
Nhng n u khng mu n ng h m B E reoptimize th c u hnh ng h m v i tunnel mpls traffic-eng path-option lockdown, n s khng reoptimize v chuy n sang k t n i khc. Tuy nhin, n s v 1k tn iCDn uk tn iCD pha trn b t. Sau khi m t ng i c tnh ton theo CSPF, ng i c bo hi u qua m ng nh m: Thi t l p m t chu i cc nhn theo t ng ch n (hop-by-hop chain of labels) i di n cho ng i. s d ng b t k ti nguyn no c th dng c (bng thng) trn ng i. Giao th c dnh ring ti nguyn (RSVP- Resource Reservation Protocol)
Vi c bo hi u hon thnh b ng RSVP, cng v i RSVP m r ng cho MPLS TE. RSVP c xc nh RFC 2205, c m t s m r ng trong RFC 2210. MPLS TE m r ng thm RSVP c xc nh trong RFC 3209. T ng quan v RSVP RSVP l m t c ch bo hi u dng dnh ring ti nguyn trn m t m ng. RSVP khng ph i l m t giao th c nh tuy n. Vi c quy t nh tuy n do IGP (g m c cc m r ng TE) v CSPF. Cng vi c c a RSVP l bo hi u v duy tr ti nguyn dnh ring qua m t m ng. Trong MPLS TE, RSVP d tr bng thng t i m t ph ng i u khi n (control-); khng c chnh sch lu l ng trn m t ph ng chuy n ti p (forwarding-plane). Khi s d ng cho cc m c ch khc (nh VoIP hay DLSW+reservations), RSVP c th c dng dnh ring khng gian hng i cng b ng c tr ng s (WFQ Weighted Fair Queuing) hay xy d ng cc ATM SVC. Ba ch c nng c b n c a RSVP c :
H y ng i (Path teardown). Bo l i (Error signalling).
Thi t l p v duy tr ng i (Path setup and maintenance).
RSVP l m t soft-state protocol. Ngha l c n ti bo hi u trn m ng lm ti nh k cho n. V i RSVP, m t yu c u b h y n u n c ch nh xa kh i m ng b ng RSVP hay h t th i gian dnh ring (reservation times out). Chn lo i thng i p RSVP khc nhau c nh ngha nh sau:
Lo i thng i p Path Resv
PathTear
ResvTear
PathErr
ResvErr
M t Dng thi t l p v duy tr s dnh ring G i h i p cho cc thng i p Path thi t l p v duy tr s dnh ring Tng t cc thng i p Path, nhng c dng h y s dnh ring ra kh i m ng. Tng t nh cc thng i p Resv, nhng dng h y s dnh ring ra kh i m ng. c g i b i pha nh n thng thi p Path bo r ng pht hi n ra m t l i trong thng i p . c g i b i pha nh n thng thi p Resv bo r ng pht hi n ra m t l i trong thng i p .
128
Tr n Th T Uyn
ResvConf
ResvTearConf
Hello
Thi t l p ng i (Path Setup)
Ty ch n g i l i cho pha g i thng i p Resv bo r ng ti nguyn dnh ring a ra c thi t l p. M t thng i p ring c a Cisco tng t nh ResvConf. Bo r ng s dnh ring b h y kh i m ng. M t s m r ng c xc nh trong RFC 3209 cho php k t n i c c b (link-local) c duy tr gi a hai lng gi ng RSVP k t n i tr c ti p.
Sau khi u ng h m (tunnel headend) hon thnh CSPF cho m t ng h m c th , n g i m t thng i p Path n nt k ti p (next-hop) d c theo ng i tnh ton n ch. LSR g i thng i p Path c g i l LSR ng c dng (upstream router), v LSR nh n thng i p c g i l LSR xui dng (down-stream router) hay tr m tr c ( phop previous hop). Sau khi LSR xui dng nh n m t thng i p Path, n ki m tra nh d ng c a thng i p, sau ki m tra l ng bng thng m thng i p yu c u. Ti n trnh ny c g i l i u khi n nh p nh n (admission control).
N u vi c ki m tra ny thnh cng v thng i p Path c php dnh ring bng thng nh n yu c u, LSR xui dng t o m t thng i p Path m i v g i n nt k trong i t ng tuy n t ng minh (ERO Explicit Route Object). Thng i p Path ti p t c c chuy n i n khi no chng n c nt cu i cng trong ERO ui ng h m MPLS TE (tunnel tail).
ui ng h m th c hi n i u khi n ch p nh n trn thng i p Path gi ng nh cc LSR xui dng khc. Khi n nh n ra r ng n l ch n c a thng i p Path n tr l i l i b ng thng i p Resv. Resv ng vai tr nh l m t ACK bo v cho LSR ng c dng. Resv ch a m t thng bo r ng tha mn s dnh ring n cu i ng h m v thng tin nhn n (incoming label) cho LSR ng c dng s d ng g i cc gi d c theo TE LSP n ch. S trao i cc thng i p RSVP Path v Resv trong su t qu trnh thi t l p LSP nh sau:
Gi s r ng R1 th c hi n CSPF xong v bi t r ng n mu n dnh ring bng thng d c theo ng R1 R2 R3 R5 R6 R7: (1) R1 g i m t thng i p Path n R2. R2 nh n thng i p Path , ki m tra c php thng i p v ki m ra b ng b qu n l k t n i TE (TE Link Manager) ch c r ng bng thng m R1 yu c u hi n ang c s n. N u x y ra l i R2 g i thng i p Error l i cho R1. Gi s m i th u t t th chuy n sang b c 2.
Tr n Th T Uyn 129
(2) R2 g i thng i p Path (3) R3 g i thng i p Path (4) R4 g i thng i p Path (5) R5 g i thng i p Path
n R3. R3 th c hi n ki m tra gi ng R2. n R4. R4 th c hi n ki m tra gi ng R3. n R5. R5 th c hi n ki m tra gi ng R4. n R6. R6 th c hi n ki m tra gi ng R5. nh nhn
(6) R7, ui c a ng h m, g i m t thng i p Resv n R6. Resv ch R7 mu n th y trn gi n; v R7 l ui nn n g i implicit-null.
(7) R6 g i m t thng i p Resv cho R5 v ch nh n mu n th y nhn n l 42 cho ng h m ny. Ngha l khi R6 nh n nhn 42, n th c hi n h y nhn (v implicit-null) v g i thng i p v cho R7. (8) R5 g i thng i p Resv cho R3, bo hi u nhn 10921. Khi R5 nh n m t gi v i nhn 10921, n i (swap) nhn thnh nhn 42 v g i gi n R6. (9) R3 g i m t thng i p Resv cho R2, bo hi u nhn 21. Lc ny, R1 nh n m t thng i p Resv cho ng h m n R7 v n bi t nhn ra (outgoing label) no c s d ng. Giao ti p ng h m trn R1 tr thnh up/up (tr c th i i m ny l up/down). Duy tr ng i (Path Maintenance) Tho t nhn, vi c duy tr ng i gi ng nh thi t l p ng i. M ng h m g i m t thng i p Path n lng gi ng xui dng c a n. g i i m t dy 4 thng i p Path v khng th y Resv, n ngh r ng s m t v g i m t thng i p ng c dng (message upstream) bo r ng s m t. i 30 giy u N u m t LSR dnh ring b dnh ring b (10) R2 g i m t thng i p Resv cho R1, bo hi u nhn 18.
N u m t nt (th ng l u ng h m) quy t nh m t s dnh ring khng cn c n thi t trong m ng, n g i m t thng i p PathTear d c theo ng thng i p Path i v m t ResvTear d c theo ng c a Resv. Thng i p ResvTear c g i h i p cho PathTear bo hi u ui ng h m. PathTear v ResvTear cng c g i tr l i m t i u ki n l i trong m ng.
H y ng i (Path Teardown)
Cc thng i p Path v Resv c g i c l p v b t ng b gi a cc lng gi ng v i nhau. M i 30 giy, R1 g i thng i p Path cho m t s dnh ring c a n t i R2. V m i 30 s, R2 g i m t thng i p Resv n R1 v i cng s dnh ring . Tuy nhin hai thng i p ny khng lin h nhau. Thng i p Resv c dng lm ti (refresh) m t s dnh ring dang t n t i ch khng ph i tr l i cho thng i p Path.
Khng gi ng thng i p lm ti, PathTear khng c n i n h t downstream tr c khi nh n c k t qu . Trong hnh trn, n u R1 g i PathTear n R2, ngay l p t c R2 tr l i b ng m t ResvTear, sau g i PathTear xui dng c a n. Th nh tho ng, tn hi u RSVP c th b l i. Cc l i ny c bo hi u b ng thng i p PathErr hay ResvErr. Thng i p l i c g i ng c dng v pha ngu n c a l i; m t PathErr c g i ng c dng t m t nt xui dng v m t ResvErr c g i xui dng t m t nt ng c dng. Cc gi RSVP
Tr n Th T Uyn 130
Bo l i
nh d ng gi RSVP kh n gi n. M i thng i p RSVP g m c m t tiu chung (common header), theo sau l m t ho c nhi u i t ng. S l ng i t ng ph thu c vo thng i p ang c hon thnh. RSVP common header
Cc tr ng trong tiu Tr ng Version Flags Message Type
RSVP Checksum Send TTL Reserved RSVP Length
chung RSVP: M t Phin b n c a giao th c RSVP. Cha c c no c nh ngha. 1 = Path message 2 = Resv message 3 = PathErr message 4 = ResvErr message 5 = PathTear message 6 = ResvTear message 7 = ResvConf message 10 = ResvTearConf message 20 = Hello message Ki m tra l i c a thng i p RSVP. Gi tr TTL trn gi IP. Khng s d ng. Chi u di c a thng i p RSVP tnh b ng byte bao g m c tiu chung, t i thi u l 8 byte.
nh d ng l p Cc
i t ng RSVP nh d ng c b n nh sau:
i t ng RSVP c cng
Cc tr ng trong Tr ng Object Length
nh d ng
i t ng RSVP c b n:
Class-Num C-Type
M t Kch th c c a i t ng RSVP, g m c tiu i t ng (object header), t i thi u l 4. N ph i l b i s c a 4. L p c a i t ng (object's class). Lo i l p c a i t ng. C-Type l m t s duy nh t trong l p.
Tr n Th T Uyn
131
Object Contents
B n thn
i t ng .
M i l p c khng gian ch s C-Type c a ring n. Cc ch s C-Type l duy nh t trong m t l p. V d : l p SESSION c 4 lo i C-Types: IPv4, IPv6, LSP_TUNNEL_IPv4, v LSP_TUNNEL_IPv6. Cc ch s c gn cho C-Types ny l 1, 2, 7, and 8. LABEL_REQUEST c 3 C-Types: Without Label Range, With ATM Label Range, v With Frame Relay Label Range. Cc s c gn l 1, 2, v 3. N u ch c C-Type = 1 th khng xc nh duy nh t n i dung m t thng i p; B n c n ph i xem xt c l p v ch s C-Type.
M t thng i p RSVP ch a m t ho c nhi u ph thu c vo nh ngha c a thng i p. L p i t ng SESSION TIME_VALUES ERROR_SPEC SCOPE STYLE FLOWSPEC FILTER_SPEC SENDER_TEMPLATE SENDER_TSPEC ADSPEC RESV_CONFIRM RSVP_LABEL LABEL_REQUEST EXPLICIT_ROUTE RECORD_ROUTE HELLO HELLO SESSION_ATTRIBUTE
i t ng. S
i t ng trong thng i p
Cc l p v C-Types c dng trong RSVP-TE c a Cisco: C-Type LSP Tunnel IPv4 Refresh Period IPv4 Error Spec List of IPv4 Source Addresses Flags and Option Vector Intserv Flowspec LSP Tunnel IPv4 LSP Tunnel IPv4 Intserv Sender Tspec Intserv Adspec IPv4 RevConfirm Label Without Label Range Explicit Route Record Route Request Acknowledgment LSP Tunnel Gi tr C_type 4 1 1 1 1 2 7 7 2 2 1 1 1 1 1 1 2 7
L p SESSION
i t ng SESSION c xc nh trong RFC 2205. RFC 3209 nh ngha C-Type 7 (LSP_TUNNEL_IPV4), c 4 tr ng c m t trong b ng 4-25.
Tr n Th T Uyn
132
Cc tr ng trong l p SESSION: Tr ng IPv4 Tunnel Endpoint Address Reserved Tunnel ID N i dung Router ID c a ui ng h m.
Extended Tunnel ID
=0 M t 16-bit ID xc nh duy nh t ng h m ny. y l ch s giao ti p u ng h m (v th Tunnel8 c Tunnel ID b ng 8). M t 32-bit ID. Thi t l p t t c b ng 0 ho c m t a ch IP c a giao ti p.
L p TIME_VALUES
RFC 2205 nh ngha i t ng TIME_VALUES nh l chu k lm ti (refresh period) (tnh b ng mili giy - ms g i thng i p Path hay Resv. L p ERROR_SPEC
RFC 2205 nh ngha i t ng ERROR_SPEC v cng xc nh cc m l i t 00 n 23. RFC 3209 nh ngha m l i 24, c t l i cho MPLS TE. Trong MPLS TE, r t d g p m l i 00 ( S xc nh n (Confirmation) g i trong phc p cho m t thng i p ch a i t ng CONFIRMATION) hay m l i 24. Khi m l i (error code) l 00, gi tr l i (error value) cng l 00. Khi m l i l 24 th c th c 10 gi tr . Cng c m t m l i 25 nhng ch th y khi s d ng ti nh tuy n nhanh (Fast Reroute). Thng th ng tr ng Flags b ng 0 khi s d ng MPLS TE. L p SCOPE
Tr n Th T Uyn
133
RFC 2205 xc nh l p SCOPE. L p SCOPE th c hi n ki u dnh ring wildcard (wildcard reservation style) L p STYLE
L p STYLE
c t ki u dnh ring. C th c 3 lo i:
Wildcard Filter Fixed Filter Shared Explicit Cisco IOS Software s d ng Shared Explicit cho s dnh ring MPLS TE. Tr ng Flags khng c s d ng. Option Vector lun b ng 0x12, ch Share Explicit. L p FLOWSPEC nh lo i
Tr n Th T Uyn
134
FLOWSPEC c dng trong cc thng i p Resv - Resv, ResvTear, ResvErr, ResvConf, ResvTearConf. MPLS TE s d ng ph n t c trong bnh c a FLOWSPEC ch nh bng thng mong mu n, tnh b ng byte (khng ph i bit). V th n u b n c u hnh v i tunnel mpls traffic-eng 100000 yu c u 100 Mbps bng thng, n pht tn hi u 12,500,000 bytes trong m t giy (100 Mb = 100,000 Kb = 100,000,000 bits = 12,500,000 bytes). L p FILTER_SPEC
L p FLOWSPEC c xc nh trong RFC 2210. Cisco IOS Software yu c u d ch v t i c i u khi n (Controlled-Load) khi dnh ring cho m t ng h m TE. nh d ng FLOWSPEC ph c t p v c nhi u th trong m RSVP cho MPLS TE khng s d ng.
L p FILTER_SPEC c xc nh trong RFC 2205. RFC 3209 thm vo C-Type 7, LSP Tunnel IPv4. Tr ng IPv4 Tunnel Sender Address cho bi t router ID c a u ng h m TE (TE tunnel headend), v tr ng LSP ID cho bi t tunnel's LSP ID. LSP ID khi cc c tnh c a ng h m (tunnel's properties) thay i (bng thng, ng
Tr n Th T Uyn 135
i thay i). FILTER_SPEC ch dng trong cc thng i p lin quan Resv (ResvTear, ResvErr, ...). L p SENDER_TEMPLATE
L p SENDER_TEMPLATE c xc nh trong RFC 2205, v RFC 3209 xc nh C-Type 7, LSP Tunnel IPv4. C cng nh d ng v m c ch nh l p FILTER_SPEC nhng khc h ng. L p SENDER_TSPEC
Th ng ch th y l p SENDER_TSPEC trong thng i p Path. Gi ng nh FLOWSPEC, MPLS TE ch quan tm t i ph n t c trung bnh (average rate section). L p ADSPEC
Tr n Th T Uyn
136
Xc nh trong RFC 2210. Gi ng SENDER_TSPEC, ADSPEC ch dng trong cc thng i p Path. L p RESV_CONFIRM
RESV_CONFIRM c xc nh trong RFC 2205. N g i tn hi u yu c u m t ch p nh n (confirmation); n xu t hi n trong cc thng i p Resv v ResvTear. L p RESV_CONFIRM th nh tho ng xem nh CONFIRM. L p RSVP_LABEL
L p RSVP_LABEL (th nh tho ng c g i l LABEL) c xc nh trong RFC 3209. kch th c 32-bit, m i i t ng RSVP ph i l b i s c a 4 byte, nhng trong ch khung (frame mode), n mang nhn 20-bit dng cho m t ng h m c th (particular tunnel). L p RSVP_LABEL ch c trong thng i p Resv. L p LABEL_REQUEST
i t ng LABEL_REQUEST yu c u m t nhn. M t i t ng RSVP_LABEL tr l i cho n. i t ng LABEL_REQUEST ch c trong thng i p Path. N ch a, trong 16 bit cao, Layer 3 Protocol Identifier (L3PID) c mang trong nhn. Cisco IOS lun bo hi u 0x800 (IP); s t n t i c a L3PID mang tnh l ch s . S t n t i c a
Tr n Th T Uyn
137
i t ng LABEL_REQUEST ti p nh n nhn a ra. L p EXPLICIT_ROUTE
bo cho nt xui dng (downstream node) l n
i t ng EXPLICIT_ROUTE ng i cho ng h m MPLS TE, th ng c g i l ERO, v c xc nh trong RFC 3209. ERO ch c trong thng i p Path. ERO l m t t p cc i t ng con (8-byte). c h tr b i Cisco IOS. Cc tr ng trong ERO: Tr ng L(Loose) N i dung M t bit xc nh l m t tr m rng bu c ch t (strict) hay l ng (loose) Type Lo i i t ng. IPv4 lo i 1. Cn c lo i khc nh: IPv6, AS Length Chi u di i tng (tnh b ng byte) IPv4 Address a ch IP k ti p trong ERO Prefix Chi u di prefix c a a ch IP Length Reserved Dnh ring (cha dng) i t ng con IPv4 Prefix hi n t i ch
L p RECORD_ROUTE
i t ng RECORD_ROUTE c m t trong RFC 3209. C hai i t ng con RECORD_ROUTE khc nhau; m t lu a ch IP m i tr m (hop) , v m t lu nhn (label) c dng m i tr m. Cc tr ng trong
Tr n Th T Uyn
i t ng RECORD_ROUTE:
138
Tr ng N i dung Type 0x1 cho a ch IPv4. 0x3 cho nhn. Length Chi u di c a i t ng. IPv4 Address M t a ch IP m LSP ny i qua. Prefix Length =32. Flags (trong i t ng 0x1 ch nh s n sng b o v c c b (Local Protection con a ch IP) Available). 0x2 ch nh b o v c c b (Local Protection) ang c dng. Flags (trong i t ng 0x1 xc nh nhn v a c ghi l t khng gian nhn ton con - nhn) c c. C-Type C-Type c a nhn. Gi ng nh C-Type cho i t ng RSVP_LABEL. (Hi n t i gi tr c nh ngha l 1) Contents Nhn c a n, c m ha trong i t ng RSVP_LABEL.
L p HELLO
L p HELLO c hai C-Types: Hello Request (Type 1) v Hello ACK (Type 2). C hai c m ha gi ng nhau. Source Instance v Destination Instance lu tr ng thi lng gi ng RSVP (RSVP neighbor state); xem thng i p HELLO nh l bo hi u t n t i m c RSVP (RSVP-level keepalives). L p SESSION_ATTRIBUTE
L p SESSION_ATTRIBUTE u c nh ngha trong RFC 3209. SESSION_ATTRIBUTE ch c trong thng i p Path. SESSION_ATTRIBUTE c hai lo ic ho c khng c resource affinity (RA). Hi n t i, Cisco IOS ch h tr LSP Tunnel C-Type khng c RA (C-Type 7). Cc tr ng trong i t ng SESSION_ATTRIBUTE: Tr ng N i dung Setup Priority u tin thi t l p Holding Priority u tin chi m gi Flags 0x2 = b n ghi nhn (Label recording) 0x1 = S b o v c c b (Local protection)
Tr n Th T Uyn
139
Ho t
0x4 = Ki u SE. Name Length Chi u di c a chu i Session Name, tnh b ng byte. Session Name Tn c gn cho LSP ny. ng c a RSVP-TE
B n t h i lm th no cc giao th c c th ph i h p v i nhau. Ph n ny s tr l i cu h i: Make-before-break l g? C ch lm ti (refresh mechanism) ho t ng nh th no? Cc thng i p c g i khi no, u v cho ai? Cc i t ng cin ERO ch t (strict) v l ng (loose) l g? Bo hi u Implicit v explicit null tr m cu i l g? Make-Before-Break Make-before-break l m t c ch RSVP-TE cho php thay i m t s c tnh c a ng h m TE (tn, bng thng v ng i) m khng lm m t d li u v khng c n double-booking bandwidth.
Bng thng c ch nh tr c khi b t k bng thng no c c dnh ring t m ng. N u R1 truy n tnh hi u yu c u 35 Mb n m ng, n i trn ng R1 R2 R5. Cn l i bng thng c s n trn R1 R2 10 Mb v trn R2 R5 65 Mb. i u g x y ra n u R1 mu n tng kch th c bng thng dnh ring c a n ln 80 Mb? Bng thng ny ph i i t ng d i v khng c cch no l y c bng thng dnh ring 80 Mb trn ng R1 R2 R5. Cn l i bng thng c s n 20 Mb trn m i k t n i c a ng d i. Trong m t kho ng th i gian ng n, R1 dnh ring bng thng qua c hai ng v v th dnh ring t ng c ng l 115 Mb (35 Mb ng trn v 80 Mb qua ng d i). Tuy nhin, s dnh ring 35 Mb s m c gi i phng sau khi s dnh ring 80 Mb c t o ra. Nguyn t c c a make-before-break lm cho u ng h m (tunnel headend) khng gi i phng s dnh ring c n khi c s dnh ring m i thay th gip gi m t i thi u vi c m t d li u. Ki u dnh ring chia s t ng minh (Shared Explicit Reservation Style)
Tr n Th T Uyn
140
Tng t nh trn, R1 c g ng dnh ring 80 Mb qua R1 R3 R4 R2 R5. Nhng khng th ! V hi n gi bng thng c s n trn R2 R5 ch cn 65 Mb! R1 c th teardown dnh ring trn ng R1 R2 R5 v sau xy d ng s dnh ring trn R1 R3 R4 R2 R5. Khng nn th c hi n nh v y! C cch t t hn kh c ph c hi n t ng ny. RSVP c m t kh nng g i l chia x t ng minh (SE Share Explicit). Chia s t ng minh SE l m t ki u dnh ring cho php m t LSP ang t n t i chia s bng thng v i chnh n trnh x y ra double booking. Ho t ng SE g m hai ph n: Yu c u ki u dnh ring SE t m ng v xc nh s dnh ring yu c u trng v i s dnh ring dang t n t i chia x bng thng. u ng h m yu c u ki u dnh ring SE s d ng m t c (flag) trong i t ng SESSION_ATTTRIBUTE. Cn m t cch gi i quy t khc lin quan n SE c g i l B l c tch h p (FF Fixed Filter) nhng khng c Cisco MPLS TE th c hi n. N khng cho php chia x bng thng nh SE nhng cng c th gi i quy t c hi n t ng trn. M i s dnh ring RSVP c xc nh duy nh t b ng m t b nm thng s fivetuple {Sender Address, LSP ID, Endpoint Address, Tunnel ID, Extended Tunnel ID}. Hai m c u ch a trong i t ng SENDER_TEMPLATE (v FILTER_SPEC). Ba m c sau ch a trong i t ng SESSION. N u hai thng i p Path c 5 m c yu c u ny trng nhau th chng cng quan tm n m t s dnh ring. a ch ng i g i (Sender Address) l RID c a u ng h m. a ch i m cu i (Endpoint Address) l RID c a ui ng h m. Extended Tunnel ID l 0 ho c a ch IP trn b nh tuy n ; n c dng trong m t s k thu t b o v . Tunnel ID l ch s giao ti p ng h m t i u ng h m. LSP ID nh l b m (instantiation counter): m i l n ng h m thay i bng thng yu c u c a n hay ng i, LSP ID tng ln 1. Nguyn t c c a ti n trnh dnh ring ES cho MPLS TE l n u hai s dnh ring c cc ph n trong five-tuple gi ng nhau, ch khc khc LSP ID, nn khc LSP nhng chng c chia x bng thng. R2 Chuy n ti p s dnh ring n R5. nh d u ng i R2 R5 l 35 Mb c dnh ring cho ng h m c cn l i 65 Mb .
Cc b c trong Make-Before-Break: B c R1 1 G i m t s dnh ring cho {SA=1.1.1.1, LSP ID=1, EA=5.5.5.5, TID=8, XTID=0}, yu c u 35 Mb d c ng i R1 R2 R5 . G i l s dnh ring Res1.
Tr n Th T Uyn
141
G i m t yu c u dnh ring cho {SA=1.1.1.1, LSP ID=2, EA=5.5.5.5, TID=8, XTID=0} d c ng i R1R3R4R2R5, yu c u bng thng 80 Mb. G i l Res2.
Theo cch ny c Res1 v Res2 c php cng t n t i n khi Res1 b xa kh i m ng. Sau khi Res2 c chia x bng thng v i Res1, th Res1 s khng c g ng s d ng bng thng cng th i i m v i Res2. C ch lm ti
Ki m tra s dnh ring v th y r ng s dnh ring ny gi ng v i s dnh ring c ngo i tr LSP ID. Cho php s dnh ring m i ng v i bng thng dnh ring c v nh ph n cho ng h m ny l 80 35 = 45 Mbps nhi u hn bng thng trn k t n i R2 R5. R2 R5 dnh d u bng thng dnh ring l 80 Mbps v 20 Mbps cha u c s d ng.
Hai i m chnh c n n m khi ni n c ch lm ti l b nh th i lm ti c kch ho t v thng i p Path v Resv c g i c l p gi a hai b nh tuy n. Cc thng i p Path v Resv c g i m i 30 giy. Tuy nhin khng th t s l m i 30s; chng g i trn m t b nh th i 30s nhng kch ho t 50 %. V th s dnh ring a ra c thng i p Path g i lm ti m i 15 n 45 giy. Tng t v i thng i p Resv. Vi c tnh ton lm ti c xc nh trong RFC 2205. Thng th ng m t lng gi ng g i kho ng th i gian lm ti R (Refresh interval) t i lng gi ng c a n trong i t ng TIME_VALUES trong thng i p Path v Resv. M i b nh tuy n cng bi t c bao nhiu thng i p s c b qua tr c khi tuyn b s dnh ring m t i (g i l K). Cc lng gi ng tnh ton th i gian gi (holdtime) thng i p ny b ng cng th c: L >= (K + 0,5) * 1,5 * R Hi n t i, R = 30s v K = 3. Suy ra L t nh t l 157,5 s. Ngha l b nh tuy n c th i 157,5 s tr c khi tearing down m t lng gi ng. Hnh d i cho th y thng i p Path v Resv c g i m t cch c l p v nh th i lm ti c a thng i p Path l 00:00 v 00:45, v c a thng i p Resv l 00:15 v 00:30.
RSVP l m t giao th c soft-state, s dnh ring c lm ti nh k. S dnh ring c g i b ng thng i p Path v Resv. Vi c lm ti ki m tra xem s dnh ring ang t n t i v i five-tuple c ph l p v i yu c u trong thng i p Path hay Resv khng.
Tr n Th T Uyn
142
Cc thng i p c g i khi no? Cc lo i thng i p RSVP: Thng i p Ch c nng
n u? V cho ai? a ch ch ui (tail) C nh bo router C
H ng
Path
G i tn hi u yu c u ti nguyn ln m ng. Resv Tr l i thng i p Path thnh cng. PathErr G iv u ng h m khi c l i thng i p Path. ResvErr G i v pha ui n u c m t l i trong vi c x l thng i p Path. PathTear G i v ui ng h m h y m t s dnh ring ang t n t i. ResvTear G iv u ng h m h y m t s dnh ring dang t n t i. ResvConf G i phc p cho Resv hay ResvTear yu c u xc nh n thng i p. ResvTearConf G i h i p cho m t ResvTear bao g m m t thng i p Confirm. Hello G i t i m t lng gi ng RSVP trn m t k t n i tr c ti p.
Xui dng
Ng c dng
Ng c dng
Tr m k (next hop) Tr m k
Khng
Khng
Xui dng
Tr m k
Khng
Xui dng
ui
Ng c dng
Tr m k
Khng
Xui dng
ui
Xui dng
Tr m k
Khng
Ng c dng Tr m k / Xui dng
Khng
Tr n Th T Uyn
143
Ch :
RFC 2113 gi i thi u m t ty ch n IP c g i l ty ch n c nh bo router (RA Router Alert). Hi n t i RA c s d ng trong c IGMP v RSVP. N cho php b nh tuy n ki m tra cc gi c truy n v cho b nh tuy n ty ch n s a i gi tr c khi chuy n ti p i. M i thng i p c thi t l p ty ch n RA c g i theo h ng xui dng. M i thng i p c thi t l p ty ch n RA c a ch IP ch l ui ng h m. M i thng i p c thi t l p ty ch n RA hay t tr m k (xui dng ho c ng c dng) a ch giao ti p l a ch ch trn gi. Th c hi n nh th cho php b nh tuy n pht hi n ra cc b nh tuy n khng h tr RSVP (non-RSVP), v khng th xy d ng m t ng h m TE qua m t b nh tuy n khng giao ti p v i RSVP do MPLS TE khng ch c n bng thng dnh ring m cn c n s nh v nhn.
ERO c m ha nh lm m t lo t cc i t ng con c g i l nt tr u t ng (abstrat nodes). M t nt tr u t ng c th l a ch IPv4, IPv6, hay m t AS (autonomous system). i t ng con c th l m t tr m ch t hay l ng. Cisco th ng dng tr m ch t (strict hop). Khi m t b nh tuy n x l m t tr m ch t, a ch IPv4 trong i t ng con ph i l k t n i tr c ti p c a b nh tuy n th c hi n x l. Khi b nh tuy n x l m t tr m l ng (loose hop), n pht sinh m t t p cc tr m ch t l y thng i p Path v ch v thay th tr m l ng b ng m t t p cc tr m ch t m i c pht sinh. Implicit v Explicit Null ui ng h m c hai lo i tn hi u nhnimplicit null v explicit null. Explicit null s d ng gi tr 0 v Implicit null dng gi tr 3 trong tr ng Label c a i t ng LABEL. Ng m nh nt cu i ng h m g i tn hi u implicit null trong thng i p Resv c a n: LABEL type 1 length 8 : 00000000 V i ch t l ng d ch v th c n explicit null. Cch kho ng thng i p RSVP (RSVP spacing) Khi c m t s c trong m ng ( t k t n i, kh i ng l i router, ...). i u ny t o ra m t l ng r t l n s bo hi u. N u t k t n i, c n g i PathErr hay ResvErr cho cc ng h m i qua k t n i. N u c 2000 ng h m TE qua k t n i th c n 2000 PathErr/ResvErr. M i thng i p RSVP n hng i ng vo c a m t router khc. Hng i ny c kch th c ng m nh l 75 gi. N u qu nhi u thng i p v hng i y th c th lm m t gi. M t i m khng may n a, khi thng i p RSVP m t, nt g i i s ph i i n th i gian lm ti m i g i l i thng i p 30 s - 50%. Gi i quy t b ng cch tng b m? Tng bao nhiu cho ? K t qu truy n lo t c th lm m t gi v h i t ch m. Gi i php t t nh t l cch kho ng thng i p RSVP (RSVP Message Pacing), ki m sot t c cc thng i p RSVP c g i hng i u cu i k t n i khng b trn. Th c hi n c u hnh ch c nng ny b ng l nh ip rsvp msg-pacing ? v i cc ty ch n nh sau : Cc ty ch n c a l nh ip rsvp msg-pacing ?: Ty ch n burst Ch c nng M c nh c g i trong 200
Cc
i t ng con ERO strict v loose
S l ng t i a cc thng i p RSVP c th m t lo t truy n
Tr n Th T Uyn
144
maxsize S l ng t i a cc thng i p c vo hng i truy n period Kho ng th i gian m m t lo t thng i p c truy n Chuy n ti p lu l ng xu ng ng h m
500 1
Ph n ny ta s kh o st ba phng php chuy n ti p lu l ng mpls xu ng ng h m. M t l dng cc tuy n tnh (static routes). Hai l dng nh tuy n d a trn chnh sch (policy base routing). Ba l nh tuy n t ng (Autoroute). Cch n gi n nh t nh tuy n m t lu ng lu l ng xu ng m t giao ti p ng h m l s d ng nh tuy n tnh (static route). N ho t ng gi ng nh nh tuy n IP bnh th ng. V d : S d ng nh tuy n tnh (static route)
ip route 10.0.0.0 255.0.0.0 Tunnel0 ip route 10.0.0.0 255.0.0.0 POS0/0 S d ng nh tuy n tnh quy : ip route 192.168.1.1 255.255.255.255 Tunnel0 ip route 10.0.0.0 255.0.0.0 192.168.1.1 (v i: 192.168.1.1 : a ch cu i ng h m) nh tuy n d a trn chnh sch (policy base routing)
PBR (Policy Base Routing) c php s d ng nh x tuy n theo chnh sch p d ng cho giao ti p ng vo. V i PBR b n c th g i lo i lu l ng c th xu ng m t giao ti p ng h m m khng c n s a i b ng nh tuy n c a b nh tuy n. V d :
C hai lo i lu l ng g i n Dst tho i v d li u. N u ch mu n lu l ng tho i qua Tunnel0, b n c th th c hi n b ng PBR. Th c hi n c u hnh trn b nh tuy n A nh sau : interface Ethernet0/0 ip policy route-map foo route-map foo match ip address 101 set interface Tunnel0 access-list 101 permit ip any host 5.5.5.5
Tr n Th T Uyn
145
nh tuy n t
ng
N u c nhi u lo i giao ti p trong Cisco IOS Software (m t giao ti p v t l, giao ti p con, hay ng h m GRE), b n c n cho php giao th c c ng n i (IGP Interior Gateway Protocol) trn giao ti p thi t l p giao th c nh tuy n lng gi ng, h c tuy n, v xy d ng m t b ng nh tuy n cho giao ti p . V d v ho t ng chuy n ti p lu l ng xu ng ng h m
y ta quan tm n b ng nh tuy n c a b nh tuy n A sau khi s d ng nh tuy n tnh, nh tuy n d a trn chnh sch v nh tuy n t ng trong m ng. Cc k t n i u c chi ph l 10. B ng nh tuy n ban u c a A: Tr m ch Tr m k A Chnh n B B C C D C E B F B G B H B I B Chi ph 0 10 10 20 20 30 30 40 40
nh tuy n tnh: Ta c u hnh cho lu l ng
nG
ip route router G's RID B ng
255.255.255.255 Tunnel0 Tr m ch Tr m k A Chnh n B B C C D C E B F B G Tunnel0 H B I B Chi ph 0 10 10 20 20 30 30 40 40
nh tuy n c a A nh sau:
nh tuy n d a trn chnh sch
Khng lm thay i b ng nh tuy n v quy t nh chuy n ti p gi d a trn chnh sch c c u hnh v giao ti p, khng d a trn b ng nh tuy n.
Tr n Th T Uyn 146
Router xy d ng l i b ng nh tuy n b t k ch n ( ui ng h m no cng c nh tuy n xu ng ng h m). Router A th c hi n ti n trnh IGP SPF v i nh tuy n t ng c cho php trn ng h m n router E. B ng nh tuy n c a A sau qu trnh ny nh sau: Tr m ch Tr m k A Chnh n B B C C D C E Tunnel0 F Tunnel0 G Tunnel0 H Tunnel0 I Tunnel0 Chi ph 0 10 10 20 20 30 30 40 40
nh tuy n t
ng
Tr n Th T Uyn
147

MPLS Tieng Viet

Uploaded by

Copyright:

Available Formats

You might also like

MPLS Tieng Viet

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS Tieng Viet

Uploaded by

Copyright:

Available Formats

CHUY N M CH NHN A GIAO TH C

(MPLS MultiProtocol Label Switching)

Chng 1: T NG QUAN V MPLS

ATM Cell header

Nhn Gi qua SONET/SDH PPP Header Nhn Header l p 3 Shim header D li u

Chuy n i thng tin nh tuy n

Giao th c phn ph i nhn

Chuy n i thng tin lin k t nhn

B ng nh tuy n IP (ECF FIB)

C s nh tuy n chuy n ti p nhn (LFIB)

i u khi n nh tuy n MPLS Multicast IP

i u khi n nh tuy n MPLS/VPN

i u khi n Lu l ng (MPLS TE)

C s thng tin chuy n ti p nhn LFIB

Cc thnh ph n m t ph ng d li u v m t ph ng i u khi n c a MPLS

S duy tr nhn MPLS

Chng 2: C U HNH MPLS C B N

ti n trnh c u hnh Frame-Mode MPLS

Cc b c c u hnh frame-mode MPLS c b n Cc b c c u hnh d a trn s trn.

B c 2 : R2 gn m t LSP label t i 10.10.10.101/32. Gi tr nhn ny c qu ng b t i R3. Gi tr ny c R3 p t trn ng chuy n ti p d li u.

Cc b c sau bi u di n ng chuy n ti p d li u t R4 t i 10.10.10.101/32

C u hnh v ki m tra LSR1#show run Building configuration...

LSR1#show ip cef Prefix Next Hop 0.0.0.0/0 drop 0.0.0.0/32 receive

Interface Null0 (default route handler entry)

Serial0/1 Serial0/1 Serial0/1 Serial0/1 Serial0/1

LSR4#show ip cef Prefix Next Hop 0.0.0.0/0 drop 0.0.0.0/32 receive

Interface Null0 (default route handler entry)

Serial0/1 Serial0/1 Serial0/1

Serial0/1 Serial0/1 Serial0/1

Chng 3: T NG QUAN V MPLS VPN

Cc thnh ph n chnh c a ki n trc MPLS VPN:

VRF - Virtual Routing and Forwarding Table

PE. a ch 96-bit cu i cng (t ng h p c a 32-bit c g i l m t a ch VPNv4.

a ch khch hng v 64-bit RD)

ng c a m t ph ng i u khi n MPLS VPN

Cc b c ny c gi i quy t n c u hnh nh danh VRF.

C u hnh VRF trn PE

nh AS trn router PE1-

NH TUY N EIGRP PE-CE

0x8800 EIGRP General Route Information

Route Flag and Tag

0x8801 EIGRP Route Metric Information and AS

0x8802 EIGRP Route Metric Information

Reliability, Next Hop, and Bandwidth

0x8803 EIGRP Route Metric Information

Reserve, Load, and Maximum Transmission Unit (MTU)

0x8804 EIGRP External Route Information

Remote AS and Remote ID

0x8805 EIGRP External Route Information

Remote Protocol and Remote Metric

Qu ng b tuy n khi EIGRP AS khc nhau trn cc router PE:

c u hnh address family c s d ng khi c u hnh EIGRP AS cho

nh tuy n EIGRP PE-CE c b n

nh ng c nh (context) v cc thng s (parameter) cho EIGRP. Cho php cc m ng c

! hostname P1-AS1 ! ip subnet-zero !

! hostname CE2-A ! interface Ethernet0/0

Ta th y EIGRP metric khng domain.

i (metric 20537600) khi i qua MP-BGP