Trace Packets in MPLS VPNv4 Network

主要想看看数据包是怎么在MPLS VPNv4 Core Network中路由传播的,顺便抓个两层标签的数据包。实验拓扑如上。

AS 100MPLS VPN主干,通过MP-BGP传递VPNv4路由信息(其中RR反射VPNv4路由)。
PECE直接采用EBGP来承载客户路由。CE宣告路由1.1.1.1/32CE2宣告2.2.2.2/32来模拟客户网络路由。相关配置见本文最后。
操作为在CE1ping 2.2.2.2CE2,看数据包是如何传递,由于CE1PE1PE2CE2是普通的IPv4,所以我们主要看去往2.2.2.2的数据包如何在PE1,RR,PE2直接传递的。

一,VPNv4路由收敛

PE1的入方向看,PE1收到RR反射PE2过来的VPNv4路由update如下,其中extended community字段是router target信息,标识导入相关的VPN路由表,VPNNLRI是真正的VPN路由,
其中AFISAFI代表了VPNv4Nexthop属性是此VPN路由的下一跳(里面默认加了RD 0:0,正是为了和VPN路由对应一致RD+IP prefix);

最下面是真正的VPNv4路由:

RD=65002:1
Label Stack = 19 (第二标签的由来)
prefix = 2.2.2.2/32

whreshark1.png

二,ping 2.2.2.2

PE1:

(1)收到从CE1过来的去往2.2.2.2的数据包,PE1会查看自己的VPN(对应此CE)路由表,得到下一跳是192.168.1.3,并且得到VPN的出站标签是19

show1.png

(2)查看本地MPLS转发表,得知下一跳192.168.1.3出站标签17

show2.png

(3)打上以上两个MPLS标签,成ICMP报文发给RR 10.12.1.2

wireshark2.png

RR:

RR收到PE1发过来的ICMP数据包,直接根据MPLS转发表找到192.168.1.3

show3.png

出站pop tag(此处应该是MPLS的PHP技术),POP而不是untag,说明RR发现此MPLS数据包里标签并非栈低。
成ICMP报文发给下一跳10.23.1.2,也就是PE2

wireshark3.png

PE2:

PE2从RR收到的ICMP报文,其实还有一层标签。然后就去标签直接发往相应的下一跳了。

show4.png

数据包的返回的过程类似。

附:

CE1:

router bgp 65001
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 12.0.0.2 remote-as 100
neighbor 12.0.0.2 ebgp-multihop 255
no auto-summary
!

PE1:

router bgp 100
bgp router-id 192.168.1.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 100
neighbor 192.168.1.2 update-source Loopback0
!
address-family ipv4
  neighbor 192.168.1.2 activate
  no auto-summary
  no synchronization
exit-address-family
!
address-family vpnv4
  neighbor 192.168.1.2 activate
  neighbor 192.168.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
  redistribute connected
  neighbor 12.0.0.1 remote-as 65001
  neighbor 12.0.0.1 activate
  no synchronization
exit-address-family
!

RR:

router bgp 100
bgp router-id 192.168.1.2
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 update-source Loopback0
neighbor 192.168.1.3 remote-as 100
neighbor 192.168.1.3 update-source Loopback0
!
address-family vpnv4
  neighbor 192.168.1.1 activate
  neighbor 192.168.1.1 send-community both
  neighbor 192.168.1.1 route-reflector-client
  neighbor 192.168.1.3 activate
  neighbor 192.168.1.3 send-community extended
  neighbor 192.168.1.3 route-reflector-client
exit-address-family
!

PE2:

router bgp 100
bgp router-id 192.168.1.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 100
neighbor 192.168.1.2 update-source Loopback0
!
address-family ipv4
  neighbor 192.168.1.2 activate
  no auto-summary
  no synchronization
exit-address-family
!
address-family vpnv4
  neighbor 192.168.1.2 activate
  neighbor 192.168.1.2 send-community both
exit-address-family
!
address-family ipv4 vrf cisco
  redistribute connected
  neighbor 23.0.0.2 remote-as 65002
  neighbor 23.0.0.2 activate
  no synchronization
exit-address-family

CE2:

router bgp 65002
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 23.0.0.1 remote-as 100
neighbor 23.0.0.1 ebgp-multihop 255
no auto-summary
!

Discussion