Trace Packets in MPLS VPNv4 Network
by Peng Xiao
source https://github.com/xiaopeng163/www.pengxiao.me/blob/master/source/_posts/vpnv4-packets.md
主要想看看数据包是怎么在MPLS VPNv4 Core Network中路由传播的,顺便抓个两层标签的数据包。实验拓扑如上。
AS 100: MPLS VPN主干,通过MP-BGP传递VPNv4路由信息(其中RR反射VPNv4路由)。
PE和CE直接采用EBGP来承载客户路由。CE宣告路由1.1.1.1/32, CE2宣告2.2.2.2/32来模拟客户网络路由。相关配置见本文最后。
操作为在CE1上ping 2.2.2.2 到CE2,看数据包是如何传递,由于CE1到PE1,PE2到CE2是普通的IPv4,所以我们主要看去往2.2.2.2的数据包如何在PE1,RR,PE2直接传递的。
一,VPNv4路由收敛
从PE1的入方向看,PE1收到RR反射PE2过来的VPNv4路由update如下,其中extended community字段是router target信息,标识导入相关的VPN路由表,VPN的NLRI是真正的VPN路由,
其中AFI和SAFI代表了VPNv4;Nexthop属性是此VPN路由的下一跳(里面默认加了RD 0:0,正是为了和VPN路由对应一致RD+IP prefix);
最下面是真正的VPNv4路由:
RD=65002:1
Label Stack = 19 (第二标签的由来)
prefix = 2.2.2.2/32
二,ping 2.2.2.2
PE1:
(1)收到从CE1过来的去往2.2.2.2的数据包,PE1会查看自己的VPN(对应此CE)路由表,得到下一跳是192.168.1.3,并且得到VPN的出站标签是19
(2)查看本地MPLS转发表,得知下一跳192.168.1.3出站标签17
(3)打上以上两个MPLS标签,成ICMP报文发给RR 10.12.1.2
RR:
RR收到PE1发过来的ICMP数据包,直接根据MPLS转发表找到192.168.1.3
出站pop tag(此处应该是MPLS的PHP技术),POP而不是untag,说明RR发现此MPLS数据包里标签并非栈低。
成ICMP报文发给下一跳10.23.1.2,也就是PE2
PE2:
PE2从RR收到的ICMP报文,其实还有一层标签。然后就去标签直接发往相应的下一跳了。
数据包的返回的过程类似。
附:
CE1:
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 12.0.0.2 remote-as 100
neighbor 12.0.0.2 ebgp-multihop 255
no auto-summary
!
PE1:
router bgp 100
bgp router-id 192.168.1.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 100
neighbor 192.168.1.2 update-source Loopback0
!
address-family ipv4
neighbor 192.168.1.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.2 activate
neighbor 192.168.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute connected
neighbor 12.0.0.1 remote-as 65001
neighbor 12.0.0.1 activate
no synchronization
exit-address-family
!
RR:
router bgp 100
bgp router-id 192.168.1.2
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 update-source Loopback0
neighbor 192.168.1.3 remote-as 100
neighbor 192.168.1.3 update-source Loopback0
!
address-family vpnv4
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 send-community both
neighbor 192.168.1.1 route-reflector-client
neighbor 192.168.1.3 activate
neighbor 192.168.1.3 send-community extended
neighbor 192.168.1.3 route-reflector-client
exit-address-family
!
PE2:
router bgp 100
bgp router-id 192.168.1.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 100
neighbor 192.168.1.2 update-source Loopback0
!
address-family ipv4
neighbor 192.168.1.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.2 activate
neighbor 192.168.1.2 send-community both
exit-address-family
!
address-family ipv4 vrf cisco
redistribute connected
neighbor 23.0.0.2 remote-as 65002
neighbor 23.0.0.2 activate
no synchronization
exit-address-family
CE2:
router bgp 65002
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 23.0.0.1 remote-as 100
neighbor 23.0.0.1 ebgp-multihop 255
no auto-summary
!
Subscribe via RSS