基於Cisco技術的MPLS ××× 實現[一]
MPLS的出現是因爲現有的路由選擇以及轉發技術無法應對越來越大的internet路由表. ATM技術相對於IP技術的優勢在於ATM信元轉發的快速性, IP技術相對於ATM技術的優勢在於IP技術的實現容易性和靈活性. 雖然IP是可以承載在ATM之上的, 但是由於大容量的ATM交互矩陣的高成本以及每個53字節的ATM信元都會有8字節的ATM頭帶來的轉發低效率, 標籤轉發技術適時的出現了.
下圖是MPLS(多協議標籤轉發)技術的一個應用圖表.
在這個連載中, 我會依次講解這些基於標籤轉發技術的應用細節和CISCO實現.
MPLS是一個2.5層技術, 可以參考下面的基於幀模式的一個協議字段圖. MPLS的lable是加在幀頭和IP頭之間的. 也可以插入多標籤針對不同的MPLS應用(比如MPLS-×××應用, 流量工程, 基於MPLS-×××的流量工程等).
多標籤情況如下圖.
由於標籤的引入帶來的MTU擴大問題. 標籤的長度是4字節, 根據CISCO建議, 系統MTU設置爲1524如果是以太網封裝的話, 多的24字節可以承載6個標籤的插入, 一般情況下6個標籤適應於幾乎所有的應用了.
下面6臺路由器組成的一個拓撲環境就是這一部分的實驗圖.
R1(IPS1)和R2(Border1)之間是EBGP鄰居, R2(Border1)和R5(Border2)之間是IBGP鄰居, R5(Border2)和R6(IPS2)之間是EBGP鄰居. R2(Border1), R3(Core1), R4(Core2), R5(Border2)之間跑IGP協議, 圖中是RIP, 後面的詳細配置是OSPF. R2(Border1), R3(Core1), R4(Core2), R5(Border2)的相鄰接口都啓用MPLS並建立MPLS鄰居.
R1(IPS1)宣告(network)一條R1的32環迴路由給R2(Border1). R6(IPS2)宣告(network)一條R6的32環迴路由給R5(Border2). Core1和Core2並沒有跑BGP協議. 根據BGP原理, R2會從R1學習到一條EBGP路由,並且傳遞給IBGP鄰居R5. R5會將這條IBGP路由傳遞給EBGP鄰居R6. 反之亦然.
根據BGP原理, Core1和Core2並沒有跑BGP,也沒有將BGP重分發到IGP中, 因此如果從R1 ping 學習到的R6的環回口地址(BGP 路由), 是不會通的, 因爲BGP路由黑洞. Core1會丟棄去往R6的包因爲路由不可達.
但是, 我們卻可以在R1上(通過以宣告的環回口做源地址)traceroute或者ping學習到的EBGP路由(及是R6的環回口地址), 發現是可以通的. 這個就是MPLS轉發起的作用了.
首先我們看一下LDP/TDP協議也就是標籤分發協議. TDP是CISCO的私有協議,但是原理基本一致.
LDP/TDP的工作主要分下面幾個部分: (1) 鄰居發現階段, 這一階段通過基於UDP的Hello包發往組播地址224.0.0.2來發現鏈路上的鄰居, 如果丟失三個hello包宣告鄰居失效. 也可以通過配置peer來發送單播hello來建立鄰居, 由於ldp session是基於TCP的, 所以ldp可以跨越網絡建立session, 並不需要直連.
(2) TCP連接的建立 (3) LDP Session的建立 (4) 標籤的分發
同一臺路由器上不同接口可以分別啓用ldp或者tdp協議, 同一接口上也可以啓用ldp和tdp雙協議.
下面, 用一個實際的實現例子來解析MPLS的原理. 拓撲使用上面IPS1,IPS2,Border1,Border2,Core1,Core2組成的實驗圖.
路由器連接如下:
Router1 E1/0 <----> Router2 E1/0
Router2 E1/1 <----> Router3 E1/1
Router3 E1/2 <----> Router4 E1/2
Router4 E1/3 <----> Router5 E1/3
Router5 E1/0 <----> Router6 E1/0
路由器配置如下:
Router2 E1/1 <----> Router3 E1/1
Router3 E1/2 <----> Router4 E1/2
Router4 E1/3 <----> Router5 E1/3
Router5 E1/0 <----> Router6 E1/0
路由器配置如下:
r1#sh run
Building configuration...
Building configuration...
Current configuration : 1061 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 172.16.1.1 255.255.0.0
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
duplex half
tag-switching ip
!
router bgp 200
no synchronization
bgp router-id 10.10.10.10
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 172.16.2.2 remote-as 100
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 172.16.1.1 255.255.0.0
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
duplex half
tag-switching ip
!
router bgp 200
no synchronization
bgp router-id 10.10.10.10
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 172.16.2.2 remote-as 100
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
r1#
r1#
r1#
r2#sh run
Building configuration...
Building configuration...
Current configuration : 1374 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 200 299
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 172.16.2.2 255.255.0.0
duplex half
!
interface Ethernet1/1
ip address 10.2.2.2 255.255.255.0
duplex half
mpls label protocol ldp
tag-switching ip
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
router ospf 2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.2.2.0 0.0.0.255 area 0
network 172.16.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp router-id 20.20.20.20
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback0
neighbor 172.16.1.1 remote-as 200
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 200 299
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 172.16.2.2 255.255.0.0
duplex half
!
interface Ethernet1/1
ip address 10.2.2.2 255.255.255.0
duplex half
mpls label protocol ldp
tag-switching ip
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
router ospf 2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.2.2.0 0.0.0.255 area 0
network 172.16.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp router-id 20.20.20.20
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback0
neighbor 172.16.1.1 remote-as 200
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
r2#
r3#sh run
Building configuration...
Building configuration...
Current configuration : 1147 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 300 399
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
no ip address
shutdown
duplex half
!
interface Ethernet1/1
ip address 10.2.2.3 255.255.255.0
duplex half
tag-switching ip
!
interface Ethernet1/2
ip address 10.3.3.3 255.255.255.0
duplex half
tag-switching ip
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
router ospf 3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 10.2.2.0 0.0.0.255 area 0
network 10.3.3.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 300 399
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
no ip address
shutdown
duplex half
!
interface Ethernet1/1
ip address 10.2.2.3 255.255.255.0
duplex half
tag-switching ip
!
interface Ethernet1/2
ip address 10.3.3.3 255.255.255.0
duplex half
tag-switching ip
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
router ospf 3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 10.2.2.0 0.0.0.255 area 0
network 10.3.3.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
r3#
r4#sh run
Building configuration...
Building configuration...
Current configuration : 1173 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 400 499
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
no ip address
shutdown
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
ip address 10.3.3.4 255.255.255.0
duplex half
mpls label protocol ldp
tag-switching ip
!
interface Ethernet1/3
ip address 10.4.4.4 255.255.255.0
duplex half
mpls label protocol tdp
tag-switching ip
!
router ospf 4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 10.3.3.0 0.0.0.255 area 0
network 10.4.4.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 400 499
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
no ip address
shutdown
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
ip address 10.3.3.4 255.255.255.0
duplex half
mpls label protocol ldp
tag-switching ip
!
interface Ethernet1/3
ip address 10.4.4.4 255.255.255.0
duplex half
mpls label protocol tdp
tag-switching ip
!
router ospf 4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 10.3.3.0 0.0.0.255 area 0
network 10.4.4.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
r4#
r5#sh run
Building configuration...
Building configuration...
Current configuration : 1353 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 500 599
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 192.168.5.5 255.255.0.0
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
ip address 10.4.4.5 255.255.255.0
duplex half
mpls label protocol tdp
tag-switching ip
!
router ospf 5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 10.4.4.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp router-id 50.50.50.50
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 192.168.6.6 remote-as 300
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
mpls label range 500 599
tag-switching tdp router-id Loopback0
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 192.168.5.5 255.255.0.0
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
ip address 10.4.4.5 255.255.255.0
duplex half
mpls label protocol tdp
tag-switching ip
!
router ospf 5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 10.4.4.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp router-id 50.50.50.50
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 192.168.6.6 remote-as 300
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
r5#
r6#sh run
Building configuration...
Building configuration...
Current configuration : 1055 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 192.168.6.6 255.255.0.0
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
router bgp 300
no synchronization
bgp router-id 60.60.60.60
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 192.168.5.5 remote-as 100
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
ip address 192.168.6.6 255.255.0.0
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
router bgp 300
no synchronization
bgp router-id 60.60.60.60
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 192.168.5.5 remote-as 100
no auto-summary
!
ip classless
no ip http server
no ip http secure-server
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
r6#
MPLS技術領域中需要熟記於心的控制層面,轉發層面結構圖如下所示.
上圖描述的還不是很全面. 控制層面中的routing protocol指的是IP層面的路由控制交互協議,比如RIP,OSPF等等. LDP指的是標籤分發協議LDP或者TDP. IP Forwarding Table及是Cisco IOS中的cef table(FIB) 有ip routing table 和LIB 共同作用生成. 所有存在Label Forwarding Table(LFIB) 向IP Forwarding Table做的一個標籤回灌動作. 同時, LFIB需要LIB和FIB信息產生, 所以通常可以認爲LFIB = LIB + FIB
進入MPLS路由器的報文是查詢FIB表還是LFIB表是根據報文是否帶有標籤決定的. 帶有標籤的報文,以太幀頭中的類型字段是不一樣的.
同理, 出MPLS路由器的報文既有可能是IP包(pop或者untag動作後)也有可能是標籤包.
[常用命令]
(1) show mpls ldp bindings (查看LIB標籤表)
(2) show mpls forwarding-table detail (查看LFIB的標籤轉發表)
(3) show ip cef detail (查看FIB IP轉發表)
[注!!!]
(1) CISCO的MPLS實現, ip cef 必須啓用
(2) mpls ldp route-id 必須ip層面可達
(3) 次末跳彈出原則, ldp協議給本路由器直連網段分配空標籤, 下一跳爲空標籤的情況下, 執行標籤pop動作
(4) ldp協議不爲BGP路由分配標籤(在MPLS ×××的應用中爲頂層標籤), 該標籤取自BGP路由下一跳地址所分配的標籤
(5) 以上的實現中, R2與IPS1的網段和R5與IPS2的網段宣告進了OSPF. 如果這兩個網段不宣告進OSPF, R2和R5互爲IBGP鄰居的配置中, 配置neighbour xx.xx.xx.xx next-hop-self, 從R1以lo0爲源訪問R6的lo0仍然是通的. !!!但是如果R2和R5的BGP router id 不取環回口lo0, 而取與Core1和Core2的直連接口做router id, 這樣會有路由黑洞產生. (因爲次末跳彈出原則, 從R1到R6的包, 在Core2處就會pop標籤而查詢FIB表,這個時候Core2並沒有BGP路由,導致黑洞.) 所以在設計好的MPLS網絡時候, 要仔細考慮協議.