[MPLS] 실습 2 - RT 조정 없이 vrf 간 통신

A회사와  B회사간 통신을 import를 이용하지 말고 가능하게 해보자.

 

• A회사(vrf A)는 빨간색, B회사(vrf B)는 파란색으로 나타낸다.
• vrf Import 없이 회사간의 통신을 가능하게 하려고 한다. 
• 서로 RT를 import 받지 아니하고 통신을 시키기 위해, GRN이라는 라우터를 생성해주고 eBGP로 연동하였다. 실습에는 없지만 해당 ebgp 구간에 NGFW를 넣어준다면 정책으로 제어가 가능하여 라우팅 전파보다 수월하고 가시성을 높힐 수 있다.

 

GRN

• 10.0.0.0/9를 aggregate 하여 상세 라우팅을 가지고 있지 않으면 GRN으로 통신하도록 설정했다.

interface Loopback0
 ip address 10.255.0.7 255.255.255.255

interface Ethernet0/2
 description # PE34_vrf A #
 ip address 10.255.255.22 255.255.255.252
!
interface Ethernet0/3
 description # PE34_vrf B #
 ip address 10.255.255.26 255.255.255.252
!
router bgp 65001
 bgp router-id 10.255.0.7
 bgp log-neighbor-changes
 aggregate-address 10.0.0.0 255.128.0.0
 neighbor 10.255.255.21 remote-as 65000
 neighbor 10.255.255.25 remote-as 65000
!

 

PE1,2

 ip vrf A
 rd 65000:100001
 route-target export 65000:2100
 route-target import 65000:2100

mpls label protocol ldp
mpls ldp router-id Loopback0

interface Loopback0
 ip address 10.255.0.1 255.255.255.255

interface Ethernet0/0
 description ## P ##
 ip address 10.255.255.1 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/1
 description ## PC1 (10.10.1.1/24) ##
 ip vrf forwarding A
 ip address 10.10.1.254 255.255.255.0

router ospf 1
 mpls ldp sync
 mpls ldp autoconfig
 router-id 10.255.0.1
 network 10.255.0.1 0.0.0.0 area 0
 network 10.255.255.1 0.0.0.0 area 0

router bgp 65000
 bgp router-id 10.255.0.1
 neighbor 10.255.0.6 remote-as 65000
 neighbor 10.255.0.6 update-source Loopback0

 address-family vpnv4
  neighbor 10.255.0.6 activate
  neighbor 10.255.0.6 send-community extended
 exit-address-family
 
 address-family ipv4 vrf A
  redistribute connected
  maximum-paths ibgp 4
 exit-address-family

 

PE3,4

ip vrf A
 rd 65000:100002
 route-target export 65000:2100
 route-target import 65000:2100

ip vrf B
 rd 65000:200002
 route-target export 65000:2200
 route-target import 65000:2200

mpls label protocol ldp

interface Loopback0
 ip address 10.255.0.2 255.255.255.255
 ip ospf network point-to-point

interface Ethernet0/0
 description ## P ##
 ip address 10.255.255.5 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/1
 description ## PC2 (10.10.2.1/24) ##
 ip vrf forwarding B
 ip address 10.10.2.254 255.255.255.0
 
interface Ethernet0/2
 ip vrf forwarding A
 ip address 10.255.255.21 255.255.255.252

interface Ethernet0/3
 ip vrf forwarding B
 ip address 10.255.255.25 255.255.255.252

 router ospf 1
 mpls ldp sync
 mpls ldp autoconfig
 router-id 10.255.0.2
 network 10.255.0.2 0.0.0.0 area 0
 network 10.255.255.5 0.0.0.0 area 0

router bgp 65000
 bgp router-id 10.255.0.2
 neighbor 10.255.0.6 remote-as 65000
 neighbor 10.255.0.6 update-source Loopback0
 
 address-family vpnv4
  neighbor 10.255.0.6 activate
  neighbor 10.255.0.6 send-community extended
 exit-address-family
 
 address-family ipv4 vrf A
  redistribute connected
  neighbor 10.255.255.22 remote-as 65001
  neighbor 10.255.255.22 activate
  maximum-paths ibgp 4
 exit-address-family
 !
 address-family ipv4 vrf B
  redistribute connected
  neighbor 10.255.255.26 remote-as 65001
  neighbor 10.255.255.26 activate
  maximum-paths ibgp 4
 exit-address-family

mpls ldp router-id Loopback0

 

 

CPE1

ip vrf A
 rd 65000:100004
 route-target export 65000:2100
 route-target import 65000:2100
 
 mpls label protocol ldp

interface Loopback0
 ip address 10.255.0.4 255.255.255.255
 ip ospf network point-to-point

interface Ethernet0/0
 description ## P ##
 ip address 10.255.255.9 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/1
 description # PC3 (10.10.3.1/24) #
 ip vrf forwarding A
 ip address 10.10.3.254 255.255.255.0

interface Ethernet0/2
 description # PC4 (10.10.4.1/24) #
 ip vrf forwarding A
 ip address 10.10.4.254 255.255.255.0


router ospf 1
 mpls ldp sync
 mpls ldp autoconfig
 router-id 10.255.0.4
 network 10.255.0.4 0.0.0.0 area 0
 network 10.255.255.9 0.0.0.0 area 0

router bgp 65000
 bgp router-id 10.255.0.4
 neighbor 10.255.0.6 remote-as 65000
 neighbor 10.255.0.6 update-source Loopback0
 
 address-family vpnv4
  neighbor 10.255.0.6 activate
  neighbor 10.255.0.6 send-community extended
 exit-address-family
 
 address-family ipv4 vrf A
  redistribute connected
  maximum-paths ibgp 4
 exit-address-family

mpls ldp router-id Loopback0

 

CPE2

ip vrf B
 rd 65000:200005
 route-target export 65000:2200
 route-target import 65000:2200
 
 mpls label protocol ldp

 interface Loopback0
 ip address 10.255.0.5 255.255.255.255
 ip ospf network point-to-point

interface Ethernet0/0
 description ## P ##
 ip address 10.255.255.13 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/1
 description ## PC5 (10.10.5.1/24) ##
 ip vrf forwarding B
 ip address 10.10.5.254 255.255.255.0

router ospf 1
 mpls ldp sync
 mpls ldp autoconfig
 router-id 10.255.0.5
 network 10.255.0.5 0.0.0.0 area 0
 network 10.255.255.13 0.0.0.0 area 0
 
router bgp 65000
 bgp router-id 10.255.0.5
 bgp log-neighbor-changes
 neighbor 10.255.0.6 remote-as 65000
 neighbor 10.255.0.6 update-source Loopback0
 
 address-family vpnv4
  neighbor 10.255.0.6 activate
  neighbor 10.255.0.6 send-community extended
 exit-address-family
 
 address-family ipv4 vrf B
  redistribute connected
  maximum-paths ibgp 4
 exit-address-family

mpls ldp router-id Loopback0

 

RR

interface Loopback0
 ip address 10.255.0.6 255.255.255.255
 ip ospf network point-to-point

interface Ethernet0/0
 description ## P ##
 ip address 10.255.255.17 255.255.255.252
 ip ospf network point-to-point

router ospf 1
 mpls ldp sync
 mpls ldp autoconfig
 router-id 10.255.0.6
 network 10.255.0.6 0.0.0.0 area 0
 network 10.255.255.17 0.0.0.0 area 0

router bgp 65000
 bgp router-id 10.255.0.6
 neighbor RR-Client peer-group
 neighbor RR-Client remote-as 65000
 neighbor RR-Client update-source Loopback0
 neighbor RR-Client route-reflector-client
 neighbor 10.255.0.1 peer-group RR-Client
 neighbor 10.255.0.2 peer-group RR-Client
 neighbor 10.255.0.4 peer-group RR-Client
 neighbor 10.255.0.5 peer-group RR-Client
 
 address-family vpnv4
  neighbor RR-Client send-community extended
  neighbor RR-Client route-reflector-client
  neighbor 10.255.0.1 activate
  neighbor 10.255.0.2 activate
  neighbor 10.255.0.4 activate
  neighbor 10.255.0.5 activate
 exit-address-family

P 

mpls label protocol ldp
mpls ldp router-id Loopback0

interface Loopback0
 ip address 10.255.0.3 255.255.255.255

interface Ethernet0/0
 description ## PE1/2 ##
 ip address 10.255.255.2 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/1
 description ## PE3/4 ##
 ip address 10.255.255.6 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/2
 description ## CPE1 ##
 ip address 10.255.255.10 255.255.255.252
 ip ospf network point-to-point

interface Ethernet0/3
 description ## CPE2 ##
 ip address 10.255.255.14 255.255.255.252
 ip ospf network point-to-point

interface Ethernet1/3
 description ## RR ##
 ip address 10.255.255.18 255.255.255.252
 ip ospf network point-to-point

router ospf 1
 mpls ldp sync
 mpls ldp autoconfig
 router-id 10.255.0.3
 network 10.255.0.3 0.0.0.0 area 0
 network 10.255.255.0 0.0.0.255 area 0

 

[결과]
PC1(10.10.1.1/24)에서 PC5(10.10.5.1/24)로 통신한다고 가정해보자.

 

 

• Custormer PE1에서 상세 라우팅이 없으면 롱기스트 매치 룰에 의해 10.0.0.0/9 라우팅을 보고 넥스트 홉인 PE34(10.255.0.2)로 포워딩 한다.

 

• PE34에서도 롱기스트 매치룰에 적용받아  GRN 라우터로 통신하게 된다.

 

• GRN 라우터는 vrf A와 vrf B의 라우팅을 모두 받고 있어서 10.10.5.0/24 라우팅을 가지고 있다. PE34의 vrf B로 포워딩 된다.

 

 

• 10.10.5.0/24의 라우팅을 보고 CPE2로 포워딩 한다.

 

 

• Custormer PE2에서 Connected로 10.10.5.0/24 대역을 가지고 있어 목적지까지 통신한다. 응답 패킷 또한 역순으로 동작하게 된다.