Cisco IOS MPLS PE-CE OSPF sham linkの設定方法

スポンサーリンク

MPLS網越しでエリア0を接続するには、OSPF Sham-Linkと呼ばれる設定が必要になります。MPLS網はスーパーバックボーンと呼ばれる特殊な構成になるので、type 1, 2 LSAを伝播させる特殊設定が必要になります。

概要

OSPF Sham-Linkについてまとめます。OSPF Sham-LinkとはMP BGP間で仮想的なリンクを作成する事です。おそらくvirtual-linkという言葉が既に存在するので、sham(見せかけの)linkという命名をしたものと推測されます。

Sham-Link 使いどころ

構成概要

Sham-LinkはMP BGPをメイン回線として使いたい時に使用します。まずはSham-Linkが存在しないと、どのような不都合が生じるのかについて理解しましょう。MP BGPをメイン回線として使用し、CE1, CE4間のリンクをバックアップ回線として使用する構成を例に挙げて説明します。

                         backup link (cost : 1000)
                        192.168.14.0/24 OSPF area 1
     ┌------------------------------------------------------┐
     │                                                      │
     │             VPN                      VPN             │
 e0/1│  e0/0      e0/1    e0/0      e0/1    e0/0      e0/1  │e0/0  
 .1+-+----+.1      .2+------+.2      .3+------+.3      .4+---+--+.4  
   | CE1  +----------+ PE2  +----------+ PE3  +----------+ CE4 |     
   +------+          +------+          +------+          +------+    
        192.168.12.0/24    200.0.23.0/24     200.0.34.0/24 
          OSPF area 1         MP BGP          OSPF area 1  
                                                                     
CE1 Loopback0      PE2 Loopback0      P3 Loopback0      PE4 Loopback0
10.1.1.1/24        200.2.2.2/24       200.3.3.3/24      200.4.4.4/24
 [CE1]
interface Loopback0
 ip address 10.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.14.1 255.255.255.0
 ip ospf cost 1000
!
router ospf 1
 network 10.1.1.1 0.0.0.0 area 1
 network 192.168.12.1 0.0.0.0 area 1
 network 192.168.14.1 0.0.0.0 area 1

 [PE2]
ip vrf VPN
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
interface Loopback0
 ip address 200.2.2.2 255.255.255.0
!
interface Ethernet0/0
 ip address 200.0.23.2 255.255.255.0
 mpls ip
!
interface Ethernet0/1
 ip vrf forwarding VPN
 ip address 192.168.12.2 255.255.255.0
!
router eigrp 10
 network 200.0.23.0
 network 200.2.2.0
 no auto-summary
!
router ospf 1 vrf VPN
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 192.168.12.2 0.0.0.0 area 1
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 200.3.3.3 remote-as 100
 neighbor 200.3.3.3 update-source Loopback0
 !
 address-family vpnv4
  neighbor 200.3.3.3 activate
  neighbor 200.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN
  redistribute ospf 1 vrf VPN
  no synchronization
 exit-address-family

 [PE3]
ip vrf VPN
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
interface Loopback0
 ip address 200.3.3.3 255.255.255.0
!
interface Ethernet0/0
 ip vrf forwarding VPN
 ip address 192.168.34.3 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 200.0.23.3 255.255.255.0
 mpls ip
!
router eigrp 10
 network 200.0.23.3 0.0.0.0
 network 200.3.3.3 0.0.0.0
 no auto-summary
!
router ospf 1 vrf VPN
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 192.168.34.3 0.0.0.0 area 1
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 200.2.2.2 remote-as 100
 neighbor 200.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 200.2.2.2 activate
  neighbor 200.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN
  redistribute ospf 1 vrf VPN
  no synchronization
 exit-address-family

 [CE4]
interface Loopback0
 ip address 10.4.4.4 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.14.4 255.255.255.0
 ip ospf cost 1000
!
interface Ethernet0/1
 ip address 192.168.34.4 255.255.255.0
!
router ospf 1
 network 10.4.4.4 0.0.0.0 area 1
 network 192.168.14.4 0.0.0.0 area 1
 network 192.168.34.4 0.0.0.0 area 1

動作確認

CE4のルーティングテーブルを確認します。10.1.1.0./24へのルートに着目すると、コストの高いバックアップ回線経由になっている事が分かります。

CE4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O    192.168.12.0/24 [110/1010] via 192.168.14.1, 00:00:05, Ethernet0/0
C    192.168.14.0/24 is directly connected, Ethernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.4.4.0 is directly connected, Loopback0
O       10.1.1.0 [110/1001] via 192.168.14.1, 00:00:05, Ethernet0/0
C    192.168.34.0/24 is directly connected, Ethernet0/1
CE4#

コストの高いバックアップ回線になっている原因を考察するために、一時的にバックアップ回線をshutdownします。shutdown後のルーティングテーブルは以下の通りです。着目すべきポイントは、10.1.1.0/24がIAと表記されている事です。

CE4(config)#interface Ethernet 0/0
CE4(config-if)#shutdown
CE4(config-if)#^Z
CE4#
CE4#
*Mar  1 00:18:10.759: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar  1 00:18:10.919: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:18:12.743: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
*Mar  1 00:18:13.743: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
CE4#
CE4#
CE4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O IA 192.168.12.0/24 [110/11] via 192.168.34.3, 00:00:09, Ethernet0/1
O IA 192.168.14.0/24 [110/1020] via 192.168.34.3, 00:00:09, Ethernet0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.4.4.0 is directly connected, Loopback0
O IA    10.1.1.0 [110/21] via 192.168.34.3, 00:00:09, Ethernet0/1
C    192.168.34.0/24 is directly connected, Ethernet0/1
CE4#

MP BGPが伝えるのはSummary LSAです。トポロジを定義するRouter LSA, Network LSAはMP BGP経由では伝搬しません。従って、MP BGP経由で伝わったルートはInter Area(O IA)としてルーティングテーブルに載ります(但し、domain idが異なる場合はInner Area(O IA)からExternal Area(O E2)に変換されます)。Inter Area(O IA)よりもIntra Area(O)の方が優先されるので、コストの大きいバックアップ回線経由になってしまいます。

このような現象を回避しメイン回線経由にするには、MP BGP間でSham-Linkを定義し、Router LSA, Network LSAが伝わるようにする必要があります。

Sham-Link 設定

設定概要

Sham-Linkの設定の前に、neighborを確立するのに適当なinterfaceを定義します。

Router(config)# interface Loopback <num>
Router(config-if)# ip address <address> <mask>

上記アドレスをMP BGP 経由で疎通可能になるようvpnv4アドレスとしてadvertiseします。(なお、このアドレスをOSPFでadvertiseしないよう注意して下さい)

Router(config)# router bgp <as>
Router(config-router)# address-family ipv4 vrf <vrf>
Router(config-router-af)# network <addr> mask <mask>

以下の要領でOSPF Sham-Linkを定義します。

Router(config)# router ospf <proc> vrf <vrf>
Router(config-router)#area <id> sham-link <source> <target> [ cost <cost> ]

Sham-Link用のinterfaceをCEルータにAdvertiseしてしまうのはあまり望ましくないので、必須設定ではありませんが、マナーとしてroute-mapなどでフィルタするのが良いと思います。

Router(config)# router ospf <proc> vrf <vrf>
Router(config-router)#  redistribute bgp <as> subnets route-map <route-map>

構成概要

PE2, PE3のそれぞれにSham-Link確立用のinterfaceとして、Loopback1を定義します。なお、Sham-Link用のLoopback1はvrf VPNに所属させて下さい。

                         backup link (cost : 1000)
                        192.168.14.0/24 OSPF area 1
     ┌------------------------------------------------------┐
     │                                                      │
     │             VPN                      VPN             │
 e0/1│  e0/0      e0/1    e0/0      e0/1    e0/0      e0/1  │e0/0  
 .1+-+----+.1      .2+------+.2      .3+------+.3      .4+---+--+.4  
   | CE1  +----------+ PE2  +----------+ PE3  +----------+ CE4 |     
   +------+          +------+          +------+          +------+    
        192.168.12.0/24    200.0.23.0/24     200.0.34.0/24 
          OSPF area 1         MP BGP          OSPF area 1  
                                                                     
CE1 Loopback0      PE2 Loopback0      P3 Loopback0      PE4 Loopback0
10.1.1.1/24        200.2.2.2/24       200.3.3.3/24      200.4.4.4/24

                   PE2 Loopback1      P3 Loopback1
                    10.2.2.2/24        10.3.3.3/24
                      vrf VPN            vrf VPN
 [PE2]
interface Loopback1
 ip vrf forwarding VPN
 ip address 10.2.2.2 255.255.255.255
!
router bgp 100
 address-family ipv4 vrf VPN
  network 10.2.2.2 mask 255.255.255.255
!
router ospf 1 vrf VPN
 area 1 sham-link 10.2.2.2 10.3.3.3
 redistribute bgp 100 subnets route-map RMAP_BGP_TO_OSPF
!
ip prefix-list PREFIX_LOOPBACK seq 10 permit 10.2.2.2/32
ip prefix-list PREFIX_LOOPBACK seq 20 permit 10.3.3.3/32
!
route-map RMAP_BGP_TO_OSPF deny 10
 match ip address prefix-list PREFIX_LOOPBACK
!
route-map RMAP_BGP_TO_OSPF permit 99

 [PE3]
interface Loopback1
 ip vrf forwarding VPN
 ip address 10.3.3.3 255.255.255.255
!
router bgp 100
 address-family ipv4 vrf VPN
  network 10.3.3.3 mask 255.255.255.255
!
router ospf 1 vrf VPN
 area 1 sham-link 10.3.3.3 10.2.2.2
 redistribute bgp 100 subnets route-map RMAP_BGP_TO_OSPF
!
ip prefix-list PREFIX_LOOPBACK seq 10 permit 10.2.2.2/32
ip prefix-list PREFIX_LOOPBACK seq 20 permit 10.3.3.3/32
!
route-map RMAP_BGP_TO_OSPF deny 10
 match ip address prefix-list PREFIX_LOOPBACK
!
route-map RMAP_BGP_TO_OSPF permit 99

動作確認

Sham-Linkが確立した時点で以下のようなメッセージがコンソールに出力されます。

PE3(config)#router ospf 1 vrf VPN
PE3(config-router)#area 1 sham-link 10.3.3.3 10.2.2.2 cost 1
*Mar  1 00:08:37.295: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.12.2 on OSPF_SL0 from LOADING to FULL, Loading Donevop
PE3(config-router)#

sham-linkが確立したかどうかは以下のコマンドで確認する事ができます(show ip ospf interface, show ip ospf neighborでも可能)。

PE2#show ip ospf sham-links
Sham Link OSPF_SL0 to address 10.3.3.3 is up
Area 1 source address 10.2.2.2
  Run as demand circuit
  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40,
    Hello due in 00:00:08
    Adjacency State FULL (Hello suppressed)
    Index 1/1, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
PE2#

PE4のルーティングテーブルを確認します。先ほどの10.1.1.0/24はバックアップ回線経由でしたが、Sham-Linkの確立によりメイン回線経由に変わった事が読み取れます。

CE4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O    192.168.12.0/24 [110/21] via 192.168.34.3, 00:03:03, Ethernet0/1
C    192.168.14.0/24 is directly connected, Ethernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.4.4.0 is directly connected, Loopback0
O       10.1.1.0 [110/22] via 192.168.34.3, 00:03:03, Ethernet0/1
C    192.168.34.0/24 is directly connected, Ethernet0/1
CE4#

以上の設定の最終的なconfigは以下のようになります。

CE1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.14.1 255.255.255.0
 ip ospf cost 1000
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router ospf 1
 log-adjacency-changes
 network 10.1.1.1 0.0.0.0 area 1
 network 192.168.12.1 0.0.0.0 area 1
 network 192.168.14.1 0.0.0.0 area 1
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
PE2
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ip vrf VPN
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 200.2.2.2 255.255.255.0
!
interface Loopback1
 ip vrf forwarding VPN
 ip address 10.2.2.2 255.255.255.255
!
interface Ethernet0/0
 ip address 200.0.23.2 255.255.255.0
 half-duplex
 mpls ip
!
interface Ethernet0/1
 ip vrf forwarding VPN
 ip address 192.168.12.2 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router eigrp 10
 network 200.0.23.0
 network 200.2.2.0
 no auto-summary
!
router ospf 1 vrf VPN
 log-adjacency-changes
 area 1 sham-link 10.2.2.2 10.3.3.3
 redistribute bgp 100 subnets route-map RMAP_BGP_TO_OSPF
 network 192.168.12.2 0.0.0.0 area 1
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 200.3.3.3 remote-as 100
 neighbor 200.3.3.3 update-source Loopback0
 !
 address-family vpnv4
  neighbor 200.3.3.3 activate
  neighbor 200.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN
  redistribute ospf 1 vrf VPN
  no synchronization
  network 10.2.2.2 mask 255.255.255.255
 exit-address-family
!
ip http server
ip forward-protocol nd
!
!
!
!
ip prefix-list PREFIX_LOOPBACK seq 10 permit 10.2.2.2/32
ip prefix-list PREFIX_LOOPBACK seq 20 permit 10.3.3.3/32
!
route-map RMAP_BGP_TO_OSPF deny 10
 match ip address prefix-list PREFIX_LOOPBACK
!
route-map RMAP_BGP_TO_OSPF permit 99
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
PE3
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ip vrf VPN
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 200.3.3.3 255.255.255.0
!
interface Loopback1
 ip vrf forwarding VPN
 ip address 10.3.3.3 255.255.255.255
!
interface Ethernet0/0
 ip vrf forwarding VPN
 ip address 192.168.34.3 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 200.0.23.3 255.255.255.0
 half-duplex
 mpls ip
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router eigrp 10
 network 200.0.23.3 0.0.0.0
 network 200.3.3.3 0.0.0.0
 no auto-summary
!
router ospf 1 vrf VPN
 log-adjacency-changes
 area 1 sham-link 10.3.3.3 10.2.2.2
 redistribute bgp 100 subnets route-map RMAP_BGP_TO_OSPF
 network 192.168.34.3 0.0.0.0 area 1
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 200.2.2.2 remote-as 100
 neighbor 200.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 200.2.2.2 activate
  neighbor 200.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN
  redistribute ospf 1 vrf VPN
  no synchronization
  network 10.3.3.3 mask 255.255.255.255
 exit-address-family
!
ip http server
ip forward-protocol nd
!
!
!
!
ip prefix-list PREFIX_LOOPBACK seq 10 permit 10.2.2.2/32
ip prefix-list PREFIX_LOOPBACK seq 20 permit 10.3.3.3/32
!
route-map RMAP_BGP_TO_OSPF deny 10
 match ip address prefix-list PREFIX_LOOPBACK
!
route-map RMAP_BGP_TO_OSPF permit 99
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
CE4
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.4.4.4 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0/0
 ip address 192.168.14.4 255.255.255.0
 ip ospf cost 1000
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.34.4 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router ospf 1
 log-adjacency-changes
 network 10.4.4.4 0.0.0.0 area 1
 network 192.168.14.4 0.0.0.0 area 1
 network 192.168.34.4 0.0.0.0 area 1
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
タイトルとURLをコピーしました