lunes, 4 de julio de 2011

Cliente en un VRF hablando OSPF

19:26  Carlos Leonardo  No comments

Este escenario es un poco complejo pero vamos a explicarlo. Imaginemos que tenemos 2 routers (R1 y R2) que brindan transporte a R3 y R4. Para que ambos routers se comuniquen deben hacerlo a traves del protocolo de enrrutamiento OSPF. Pero hay un problema, R3 esta configurado en la interfaz que habla con R1 en el VRF okidoki. Y de igual modo R1 recibe el trafico de R3 en el VRF good para posteriormente pasar el trafico en el mismo VRF a R4.

El problema esta en que si R3 esta en un VRF y configuramos L3VPN normal con OSPF, por default R3 no va a recibir las rutas de okidoki porque el trafico esta siendo recibido en R3 en un VRF y el bloqueado porque el down-bit y domain-tag estan filtrados.

Por esa razon, la forma de resolver esto es de 2 maneras:
  • Sham-Link
  • Capability vrf-lite
En este ejemplo mostramos como hacerlo con Sham-link pero para aplicar la misma configuracion en el router R3 sin sham-link, y asi recibir las rutas solamente debemos escribir el siguiente comando dentro del
proceso de configuracion de OSPF capability VRF-Lite.

Configuración Router R1
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
ip vrf good
 rd 28118:1
 route-target export 28118:1
 route-target import 28118:1
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback1
 ip vrf forwarding good
 ip address 10.0.0.13 255.255.255.255
!
interface Ethernet0/0
 no ip address
 shutdown
 duplex auto
!
interface GigabitEthernet0/0
 ip address 10.0.0.5 255.255.255.252
 ip ospf 1 area 0
 media-type gbic
 speed 1000
 duplex full
 negotiation auto
 mpls ip
!
interface GigabitEthernet1/0
 ip vrf forwarding good
 ip address 10.0.0.1 255.255.255.252
 ip ospf 100 area 0
 negotiation auto
!
router ospf 100 vrf good
 log-adjacency-changes
 area 0 sham-link 10.0.0.13 10.0.0.14
 redistribute bgp 28118 subnets
 network 10.0.0.0 0.0.0.3 area 0
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.4 0.0.0.3 area 0
!
router bgp 28118
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.2 remote-as 28118
 neighbor 10.10.10.2 description To_R2
 neighbor 10.10.10.2 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf good
  no synchronization
  redistribute connected
  redistribute ospf 100 vrf good
 exit-address-family
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!
end
Configuración Router R2

version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
ip vrf good
 rd 28118:1
 route-target export 28118:1
 route-target import 28118:1
!
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.10.2 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback1
 ip vrf forwarding good
 ip address 10.0.0.14 255.255.255.255
!
interface Ethernet0/0
 no ip address
 shutdown
 duplex auto
!
interface GigabitEthernet0/0
 ip address 10.0.0.6 255.255.255.252
 ip ospf 1 area 0
 media-type gbic
 speed 1000
 duplex full
 negotiation auto
 mpls ip
!
interface GigabitEthernet1/0
 ip vrf forwarding good
 ip address 10.0.0.9 255.255.255.252
 ip ospf 100 area 0
 negotiation auto
!
router ospf 100 vrf good
 log-adjacency-changes
 area 0 sham-link 10.0.0.14 10.0.0.13
 redistribute bgp 28118 subnets
 network 10.0.0.8 0.0.0.3 area 0
!
router ospf 1
 log-adjacency-changes
!
router bgp 28118
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.1 remote-as 28118
 neighbor 10.10.10.1 description To_R1
 neighbor 10.10.10.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.1 activate
  neighbor 10.10.10.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf good
  no synchronization
  redistribute connected
  redistribute ospf 100 vrf good
 exit-address-family
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!
end


Configuración Router R3 

version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
ip vrf doki
 rd 11:11
 route-target export 9:9
 route-target import 9:9
!
ip vrf oki
 rd 10:10
 route-target export 10:10
 route-target import 10:10
!
ip vrf okidoki
 rd 9:9
 route-target export 9:9
 route-target import 9:9
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip vrf forwarding oki
 ip address 172.16.0.1 255.255.255.0
!
interface Loopback1
 ip vrf forwarding doki
 ip address 172.17.0.1 255.255.255.0
!
interface Loopback2
 ip address 172.18.0.1 255.255.255.255
!
interface Loopback3
 ip address 172.19.0.1 255.255.255.255
!
interface Ethernet0/0
 no ip address
 shutdown
 duplex auto
!
interface GigabitEthernet0/0
 ip vrf forwarding okidoki
 ip address 10.0.0.2 255.255.255.252
 ip ospf 100 area 0
 media-type gbic
 speed 1000
 duplex full
 negotiation auto
!
router ospf 100 vrf okidoki
 log-adjacency-changes
 network 10.0.0.0 0.0.0.3 area 0
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!
end
Configuración Router R4
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
ip vrf okidoki
 rd 9:9
 route-target export 9:9
 route-target import 9:9
!
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 no ip address
 shutdown
 duplex auto
!
interface GigabitEthernet0/0
 ip vrf forwarding okidoki
 ip address 10.0.0.10 255.255.255.252
 ip ospf 100 area 0
 media-type gbic
 speed 1000
 duplex full
 negotiation auto
!
router ospf 100 vrf okidoki
 log-adjacency-changes
 network 10.0.0.8 0.0.0.3 area 0
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!
end

Posted in: ,,,,



0 comentarios:

Publicar un comentario

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites