eibgp maximum-paths + label mode per-vrf 环路

2023-11-06 | No comments

环境介绍

一个简单的CE双上连的VPN环境,客户路由8.8.8.8/32 将送到r1。

r1 配置maximum-path,使去往ce的流量可以在r2/r3 之间负载。

r2/r3 我们都配置了eibgp maximum-paths,那么r2/r3 都会存在两条路由负载(一条是从ibgp学了vpn路由, 一条是从vrf下的ebgp学来的路由)。

RP/0/0/CPU0:R2-AS56704#show route vrf 1

B    8.8.8.8/32 [20/0] via 10.1.3.3 (nexthop in vrf default), 00:21:10 
                [20/0] via 10.1.24.4, 00:21:10

label mode per-prefix (default)

默认情况r2/r3 都是default的标签分配方式, 即不同的vpn路由分配的标签都不一样。

RP/0/0/CPU0:R1-AS56704#show cef vrf 1 8.8.8.8/32 | in label
Sun Nov  5 16:07:25.162 UTC
     next hop 10.1.12.2/32 Gi0/0/0/0    labels imposed {ImplNull 24003}
     next hop 10.1.13.3/32 Gi0/0/0/1    labels imposed {ImplNull 24003}

以去往r2的流量为例,其vpn标签为24003。数据包到达r2 后会查询标签转发表,如下:

RP/0/0/CPU0:R2-AS56704#show mpls  forwarding  labels 24003
Sun Nov  5 16:08:40.506 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24003  Unlabelled  8.8.8.8/32[V]      Gi0/0/0/1    10.1.24.4       0           
       24003       8.8.8.8/32[V]                   10.1.3.3        0            (!)


RP/0/0/CPU0:R2-AS56704#show mpls  forwarding  labels 24003 detail 
Sun Nov  5 16:18:55.223 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24003  Unlabelled  8.8.8.8/32[V]      Gi0/0/0/1    10.1.24.4       0           
     Updated: Nov  5 16:18:48.293
     Path Flags: 0x60a0 [  EXT MULT ]
     Version: 38, Priority: 3
     Label Stack (Top -> Bottom): { Unlabelled }
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
     MAC/Encaps: 14/14, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x00000060)
     Packets Switched: 0

       24004       8.8.8.8/32[V]                   10.1.3.3        0            (!)
     Updated: Nov  5 16:18:48.293
     Path Flags: 0x6180 [  BKUP, NoFwd MULT ]    <<<<<<<<
     Version: 38, Priority: 3
     Label Stack (Top -> Bottom): { 24004 }
     NHID: 0x0, Encap-ID: N/A, Path idx: 0, Backup path idx: 0, Weight: 0
     MAC/Encaps: 0/4, MTU: 0
     Packets Switched: 0
     (!): FRR pure backup    <<<<<<<<

(!)为备份路径,流量只会走第一条,剥离标签,直接从出接口Gi0/0/0/1 送出。

同理r3上的标签转发表也类似也是剥离标签从出接口Gi0/0/0/0 送出。

RP/0/0/CPU0:R3-AS56704#show mpls  forwarding  labels 24003
Sun Nov  5 16:11:25.436 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24003  Unlabelled  8.8.8.8/32[V]      Gi0/0/0/0    10.1.34.4       0           
       24003       8.8.8.8/32[V]                   10.1.2.2        0            (!)

label mode per-vrf

RP/0/0/CPU0:R2-AS56704#show configuration  commit  changes last 1 
Mon Nov  6 13:47:02.326 UTC
Building configuration...
!! IOS XR Configuration 6.3.1
router bgp 56704
 vrf 1
  address-family ipv4 unicast
   label mode per-vrf

将r2/r3 的标签分配方式 改为per-vrf, 这个时候我们看下r1 上显示的标签如下:

RP/0/0/CPU0:R1-AS56704#show cef vrf 1 8.8.8.8/32 | in label
Sun Nov  5 16:28:56.814 UTC
     next hop 10.1.12.2/32 Gi0/0/0/0    labels imposed {ImplNull 24004}
     next hop 10.1.13.3/32 Gi0/0/0/1    labels imposed {ImplNull 24004}

流量如果到了r2 上, 会先查mpls 标签表24004,如下; 它会剥离标签, 最后再查找下cef表,看看究竟该从哪个接口送出。

RP/0/0/CPU0:R2-AS56704#show mpls  forwarding  labels 24004        
Sun Nov  5 16:29:43.769 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24004  Aggregate   1: Per-VRF Aggr[V] 1                            0

当你查看cef表就会发现, 由于eibgp maximum-paths的配置, 我们将有两个路由负载,也就是说部分流量不会直接送往ce,将会带标签送到r3.

RP/0/0/CPU0:R2-AS56704#show route vrf 1                    

B    8.8.8.8/32 [20/0] via 10.1.3.3 (nexthop in vrf default), 00:00:43
                [20/0] via 10.1.24.4, 00:00:43

RP/0/0/CPU0:R2-AS56704#show cef vrf 1 8.8.8.8/32 detail 
Sun Nov  5 16:31:23.022 UTC
8.8.8.8/32, version 42, internal 0x1000001 0x0 (ptr 0xa11dd798) [1], 0x0 (0x0), 0x208 (0xa197d0e8)
 Updated Nov  5 16:19:32.900
 Prefix Len 32, traffic index 0, precedence n/a, priority 3
  gateway array (0xa111688c) reference count 1, flags 0x102878, source rib (7), 0 backups
                [1 type 1 flags 0x48441 (0xa15ed298) ext 0x0 (0x0)]
  LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
  gateway array update type-time 1 Nov  5 15:31:29.808
 LDI Update time Nov  5 15:31:29.808
   via 10.1.3.3/32, 3 dependencies, recursive, bgp-multipath, backup [flags 0x6180]
    path-idx 0 NHID 0x0 [0xa1645798 0x0]
    recursion-via-/32
    next hop VRF - 'default', table - 0xe0000000
    next hop 10.1.3.3/32 via 24001/0/21
     next hop 10.1.23.3/32 Gi0/0/0/2    labels imposed {ImplNull 24004}
   via 10.1.24.4/32, 4 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
    path-idx 1 NHID 0x0 [0xa11dd824 0x0]
    next hop 10.1.24.4/32 via 10.1.24.4/32
     next hop 10.1.24.4/32 Gi0/0/0/1    labels imposed {None}


    Load distribution: 0 1 (refcount 1)

    Hash  OK  Interface                 Address
    0     Y   Unknown                   24001/0        
    1     Y   recursive                 10.1.24.4

而如果r3也都配置了eigbp maximum-paths和lable-mode per-vrf, r3上也会先查标签表剥离标签,查cef表有两条路径负载, 环路产生(r2 和 r3之间)。

RP/0/0/CPU0:R3-AS56704#show mpls  forwarding  labels 24004
Sun Nov  5 16:34:00.653 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24004  Aggregate   1: Per-VRF Aggr[V] 1                            0

RP/0/0/CPU0:R3-AS56704#show cef vrf 1 8.8.8.8/32 detail 
Sun Nov  5 16:36:28.863 UTC
8.8.8.8/32, version 35, internal 0x1000001 0x0 (ptr 0xa11e55f4) [1], 0x0 (0x0), 0x208 (0xa197d0b8)
 Updated Nov  5 16:19:33.553
 Prefix Len 32, traffic index 0, precedence n/a, priority 3
  gateway array (0xa111e6e8) reference count 1, flags 0x102878, source rib (7), 0 backups
                [1 type 1 flags 0x48441 (0xa15ed298) ext 0x0 (0x0)]
  LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
  gateway array update type-time 1 Nov  5 15:30:39.934
 LDI Update time Nov  5 15:30:39.934
   via 10.1.2.2/32, 3 dependencies, recursive, bgp-multipath, backup [flags 0x6180]
    path-idx 0 NHID 0x0 [0xa164570c 0x0]
    recursion-via-/32
    next hop VRF - 'default', table - 0xe0000000
    next hop 10.1.2.2/32 via 24000/0/21
     next hop 10.1.23.2/32 Gi0/0/0/2    labels imposed {ImplNull 24004}
   via 10.1.34.4/32, 4 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
    path-idx 1 NHID 0x0 [0xa11e5680 0x0]
    next hop 10.1.34.4/32 via 10.1.34.4/32
     next hop 10.1.34.4/32 Gi0/0/0/0    labels imposed {None}


    Load distribution: 0 1 (refcount 1)

    Hash  OK  Interface                 Address
    0     Y   Unknown                   24000/0        
    1     Y   recursive                 10.1.34.4

而如果你只在r2上修改label 分配方式为per-vrf, r3 上保持默认的标签分配方式per-prefix。

那即使流量在r2上仍然会有一半送到r3, 但由于per-prefix的标签分配方式直接有出接口, 在r3 上会直接转发给ce,这样也不会出环。

label mode per-ce

per-ce的标签分配方式,其实和per-prefix类似, 它是有直接的出接口的, 流量也不需要经过二次查找, 所以没成环的风险。

RP/0/0/CPU0:R2-AS56704#show mpls  forwarding         
Sun Nov  5 16:43:33.192 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------          
24006  Unlabelled  No ID              Gi0/0/0/1    10.1.24.4       0           
       Aggregate   No ID              1                            0            (!)


24006  Unlabelled  No ID              Gi0/0/0/1    10.1.24.4       0           
     Updated: Nov  5 16:39:36.928
     Path Flags: 0x6080 [  MULT ]
     Version: 15, Priority: 3
     Label Stack (Top -> Bottom): { Unlabelled }
     NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
     MAC/Encaps: 14/14, MTU: 1500
     Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x00000060)
     Packets Switched: 0

       Aggregate   No ID              1                            0            (!)
     Updated: Nov  5 16:39:36.928
     Path Flags: 0x100 [  BKUP, NoFwd ]
     Label Stack (Top -> Bottom): { }
     MAC/Encaps: 0/0, MTU: 0
     Packets Switched: 0

标签分配方式的总结

  • per-prefix 默认的标签分配方式, 缺点为如果分配的标签量很大的情况下,标签的收敛上相对于ip的收敛会慢上很多。
  • per-vrf 需要二次查找路由表

eibgp的使用场景

粗略画一个图,siteA有两个CE分别连到一个PE;siteB有两个CE也分别连到一个PE。

对于siteA-CE1而言, 要访问siteB的业务, 默认只会走PE1→ siteB-CE1, 为了充分的利用PE2和siteB-CE2之间的链路我们可以在PE1上开启eibgp maximum-paths;

同理PE2上也可以开启eibgp maximum-paths。

           

No comments

Comments feed for this article

Reply

Your email address will not be published. Required fields are marked *