Use SR instead of LDP to configure ospf sham-link 01/28 Update SLTechnology News&Howtos

Use SR instead of LDP to configure ospf sham-link

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Disclaimer: 1. The software used in this paper comes from the Internet. The author only uses the software for learning purposes without any software distribution behavior. two。 The configuration shown in this article is only applicable to the experimental environment, and it is not recommended to use the exact same configuration in the production environment; the author is not responsible for any problems caused by it. Experimental topology

IP address planning equipment Loopback 0Loopback 1G1G2CSR111.1.1.1/3211.1.1.2/32172.16.0.1/3014.1.1.1/30CSS222.1.1.1/32--172.16.0.2/30172.16.0.6/30xrv33.1.1.1/3233.1.1.2/32G0/0/0/2 172.16.0.5/30G0/0/0/0 35.1.1.1/30vIOS444.1.1. 1/32--G0/0 14.1.1.2/30G0/1 45.1.1.1/30vIOS555.1.1.1/32--G0/0 35.1.1.2/30G0/1 45.1.1.2 hand 30 device model and software version device platform software version vIOS4, VIOS5VIOS-ADVENTERPRISEK9-M15.6 (2) TCSR1 CSR2X86_64_LINUX_IOSD-UNIVERSALK9-M16.6.2XRvASR9000 IOS-XR6.0.1 goal 1. CSR1, CSR2 and xrv configure the IS-IS protocol as the underlying IGP On this basis, configure segment-routing. 2. CSR1 and xrv, as PE devices, configure × × v4 BGP neighbor with AS number 64512. 3. CSR1 and vIOS4 are configured with single-area OSPFv2, process ID 2019 with XRV and vIOS5 with single-area OSPFv2, process ID 2019 with PE device with OSPFv2 and MP-BGP two-way redistribution. 4. CSR1 and xrv configure the loopback 1 interface, divide the interface into customer VRF, and announce the host route under the MP-BGP process and customer VRF. 5. OSPFv2 configuration of CSR1 and xrv sham-link configuration steps MPLS × × basic configuration steps: 1. Configure IGP,2. Configure MPLS (segment-routing), 3. Configure MP-BGP,4. Configure VRF,5. Configure PE-CE routing protocol, 6.PE configure MP-BGP and VRF route redistribution. IOS-XE and IOS-XR configure IGP (IS-IS)

Device interface IP address configuration (abbreviated)

XEv3

Router isis igp

Is-type level-2-only!-configure ISIS as the backbone area

Net 49.2019.0519.0001.00

Log-adjacency-changes!-record adjacency log information

Metric-style wide!-enable isis width metric

Exit

Interface Loopback0

Ip router isis igp

Interface GigabitEthernet1

Ip router isis igp

Isis circuit-type level-2-only!-modify the link to level-2

Isis network point-to-point!-modify ISIS network type

XRv4

Router isis igp

Is-type level-2-only

Net 49.2019.0519.0003.00

Log adjacency changes

Address-family ipv4 unicast

Metric-style wide

Interface Loopback0

Address-family ipv4 unicast

Interface GigabitEthernet0/0/0/0

Address-family ipv4 unicast

Circuit-type level-2-only

Point-to-point

Commit

2 verify IS-IS

CSR2#show ip route isis | b bn

11.0.0.0/32 is subnetted, 1 subnets

I L2 11.1.1.1 [115/20] via 172.16.0.1, 1d00h, GigabitEthernet1

33.0.0.0/32 is subnetted, 1 subnets

I L2 33.1.1.1 [115/20] via 172.16.0.5,19:06:28, GigabitEthernet2

RP/0/0/CPU0:xrv#show route ipv4 isis

I L2 11.1.1.1/32 [115/30] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2

I L2 22.1.1.1/32 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2

I L2 172.16.0.0/30 [115/20] via 172.16.0.6, 19:11:15, GigabitEthernet0/0/0/2

3 configure MPLS (segment-routing)

XEv3

Segment-routing mpls

Connected-prefix-sid-map

Address-family ipv4

11.1.1.1/32 index 1 range 1

Exit-address-family

Router isis igp

Segment-routing mpls

XRv4

Segment-routing

Router isis igp

Address-family ipv4 unicast

Metric-style wide

Segment-routing mpls

Interface Loopback0

Address-family ipv4 unicast

Prefix-sid index 33

Commit

4 verify MPLS

CSR1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 Pop Label 172.16.0.2Mui A 0 Gi1 172.16.0.2

21 Pop Label 11.1.1.2/32 [V] 0 aggregate/ospf

16022 Pop Label 22.1.1.1/32 0 Gi1 172.16.0.2

16033 16033 33.1.1.1/32 0 Gi1 172.16.0.2

RP/0/0/CPU0:xrv#show mpls forwarding

Local Outgoing Prefix Outgoing Next Hop Bytes

Label Label or ID Interface Switched

16011 16011 SR Pfx (idx 11) Gi0/0/0/2 172.16.0.6 208166

16022 Pop SR Pfx (idx 22) Gi0/0/0/2 172.16.0.6 0

24006 Pop SR Adj (idx 1) Gi0/0/0/2 172.16.0.6 0

24007 Pop SR Adj (idx 3) Gi0/0/0/2 172.16.0.6 0

5 configure MP-BGP

CSR1

Router bgp 64512

Bgp router-id 11.1.1.1

No bgp default ipv4-unicast

Neighbor 33.1.1.1 remote-as 64512

Neighbor 33.1.1.1 update-source Loopback0

Address-family * * v4

Neighbor 33.1.1.1 activate

Xrv

Router bgp 64512

Bgp router-id 33.1.1.1

Address-family v4 unicast

Neighbor 11.1.1.1

Remote-as 64512

Update-source Loopback0

Address-family v4 unicast

Commit

Verify as follows:

CSR1#show bgp * v4 unicast all sum | b gh

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

33.1.1.1 4 64512 1254 1429 315 0 0 20:17:43 4

RP/0/0/CPU0:xrv#show bgp * v4 unicast summary | b gh

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

11.1.1.1 0 64512 1890 1674 249 0 0 20:18:04 4

6 configure VRF and PE-CE routing protocol6.1 definition VRF

CSR1

Vrf definition AAA

Rd 64512:4

Address-family ipv4

Route-target export 64512:45

Route-target import 64512:45

Exit-address-family

Xrv

Vrf AAA

Address-family ipv4 unicast

Import route-target

64512:45

Export route-target

64512:45

6.2 PE to CE Interface config

CSR1

Interface GigabitEthernet2

Vrf forwarding AAA

Ip address 14.1.1.1 255.255.255.252

No shutdown

Xrv

Interface GigabitEthernet0/0/0/0

Vrf AAA

Ipv4 address 35.1.1.1 255.255.255.252

No shutdown

6.3 PE OSPFv2 config

CSR1

Router ospf 2019 vrf AAA

Router-id 14.1.1.1

Interface GigabitEthernet2

Ip ospf network point-to-point

Ip ospf 14 area 0

Xrv

Router ospf 35

Address-family ipv4 unicast

Vrf AAA

Router-id 35.1.1.1

Address-family ipv4 unicast

Area 0

Interface GigabitEthernet0/0/0/0

Network point-to-point

6.4 CE OSPFv2 config

VIOS4

Interface GigabitEthernet0/0

Ip address 14.1.1.2 255.255.255.252

No shutdown

Ip ospf 2019 area 0

Ip ospf network point-to-point

Router ospf 2019

Router-id 44.1.1.1

VIOS5

Interface GigabitEthernet0/0

Ipv4 address 35.1.1.2 255.255.255.252

No shutdown

Ip ospf 2019 area 0

Ip ospf network point-to-point

Router ospf 2019

Router-id 55.1.1.1

6.5 PE OSPFv2 and MP-BGP redistribute

CSR1

Router ospf 14 vrf AAA

Redistribute bgp 64512 metric-type 1 subnets

Interface GigabitEthernet2

Router bgp 64512

Address-family ipv4 vrf AAA

Redistribute ospf 14 match internal external 1 external 2

Xrv

Router ospf 35

Vrf AAA

Redistribute bgp 64512 metric-type 1

Router bgp 64512

Vrf AAA

Rd 64512:5

Address-family ipv4 unicast

Redistribute ospf 35 match internal external

6.6 verify the PE-CE OSPFv2 configuration

CSR1#show ip route vrf AAA ospf | b bn

35.0.0.0/30 is subnetted, 1 subnets

O 35.1.1.0 [110/2] via 33.1.1.1, 00:00:32

44.0.0.0/32 is subnetted, 1 subnets

O 44.1.1.1 [110/2] via 14.1.1.2, 00:00:34, GigabitEthernet2

45.0.0.0/29 is subnetted, 1 subnets

O IA 45.1.1.0 [110/20001] via 14.1.1.2, 00:00:34, GigabitEthernet2

VIOS4#sho ip route ospf | b bn

35.0.0.0/30 is subnetted, 1 subnets

O E1 35.1.1.0 [110/2] via 14.1.1.1, 00:23:54, GigabitEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

O E1 55.1.1.1 [110/3] via 14.1.1.1, 00:23:54, GigabitEthernet0/0

VIOS4#ping 55.1.1.1 sour lo 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 44.1.1.1

Success rate is 100 percent (5amp 5), round-trip min/avg/max = 11-15-33 ms

VIOS4#traceroute 55.1.1.1 sour lo 0

Type escape sequence to abort.

Tracing the route to 55.1.1.1

VRF info: (vrf in name/id, vrf out name/id)

1 14.1.1.1 8 msec 5 msec 3 msec

2 172.16.0.2 [MPLS: Labels 16033/24003 Exp 0] 19 msec 25 msec 10 msec

3 172.16.0.5 [MPLS: Label 24003 Exp 0] 13 msec 12 msec 8 msec

4 35.1.1.2 12 msec 19 msec *

VIOS4#

CSR1#sho bgp * v4 uni all 44.1.1.1

BGP routing table entry for 64512:4:44.1.1.1/32, version 383

Paths: (1 available, best # 1, table AAA)

Advertised to update-groups:

five

Refresh Epoch 1

Local

14.1.1.2 (via vrf ospf) from 0.0.0.0 (11.1.1.1)

Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best

Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x0000000E0200

OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:14.1.1.1:0

Mpls labels in/out 23/nolabel

Rx pathid: 0, tx pathid: 0x0

!-DOMAIN ID:0x0005:0x0000000E0200 hexadecimal Etalon 10 binary 14 * (CSR1 ospfv2 process ID)

6.7 modify / add ospfv2 DOMAIN ID

IOS-XR does not carry a DOMAIN ID value by default

RP/0/0/CPU0:xrv#show bgp * v4 uni vrf ospf 55.1.1.1 Universe 32

BGP routing table entry for 55.1.1.1/32, Route Distinguisher: 64512:5

Versions:

Process bRIB/RIB SendTblVer

Speaker 345 345

Local Label: 24003

Last Modified: May 22 02:21:42.463 for 06:05:44

Paths: (1 available, best # 1)

Advertised to peers (in unique update groups):

11.1.1.1

Path # 1: Received by speaker 0

Advertised to peers (in unique update groups):

11.1.1.1

Local

35.1.1.2 from 0.0.0.0 (33.1.1.1)

Origin incomplete, metric 2, localpref 100, weight 32768, valid, redistributed, best, group-best, import-candidate

Received Path ID 0, Local Path ID 1, version 345

Extended community: OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45

CSR1#show bgp * v4 uni vrf AAA 55.1.1.1 Universe 32

BGP routing table entry for 64512:4:55.1.1.1/32, version 417

Paths: (1 available, best # 1, table ospf, RIB-failure (17))

Not advertised to any peer

Refresh Epoch 1

Local, imported path from 64512 global 515 55.1.1.1 Unix 32

33.1.1.1 (metric 30) (via default) from 33.1.1.1 (33.1.1.1)

Origin incomplete, metric 2, localpref 100, valid, internal, best

Extended Community: RT:64512:45 OSPF RT:0.0.0.0:1:0

OSPF ROUTER ID:35.1.1.1:0

Mpls labels in/out nolabel/24003

Rx pathid: 0, tx pathid: 0x0

Add DOMAIN ID to IOS-XR Devic

RP/0/0/CPU0:xrv#conf

RP/0/0/CPU0:xrv (config) # router ospf 35

RP/0/0/CPU0:xrv (config-ospf) # vrf AAA

RP/0/0/CPU0:xrv (config-ospf-vrf) # domain-id type 0005 value 000000230200

RP/0/0/CPU0:xrv (config-ospf-vrf) # commit

!-23 (hex) = 35 (dec)

RP/0/0/CPU0:xrv (config-ospf-vrf) # do show bgp * * v4 uni vrf ospf 55.1.1.1On32 | in community

Wed May 22 09:38:03.422 UTC

Extended community: OSPF domain-id:0x5:0x000000230200 OSPF route-type:0:1:0x0 OSPF router-id:35.1.1.1 RT:64512:45

CSR1#show bgp * v4 uni vrf ospf 55.1.1.1 Universe 32 | I unity

Extended Community: RT:64512:45 OSPF DOMAIN ID:0x0005:0x000000230200

6.8 configure backdoor linkvIOS5 between CE

Interface GigabitEthernet0/1

Ip address 45.1.1.5 255.255.255.248

Ip ospf network point-to-point

Ip ospf 2019 area 45

Ip ospf cost 20000

!-simulate × × link failure, and manually shutdown the link on vIOS5

VIOS5 (config-if) # int g0and0

VIOS5 (config-if) # shu

May 20 10 Process 17 Process 09.190:% OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached

May 20 10 Interface GigabitEthernet0/0 17 VR 11.136:% LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down

May 20 10 Line protocol on Interface GigabitEthernet0/0 17 12 137:% LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

VIOS5 (config-if) #

VIOS5 (config-if) # do sho ip route ospf | b bn

14.0.0.0/30 is subnetted, 1 subnets

O IA 14.1.1.0 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1

35.0.0.0/30 is subnetted, 1 subnets

O 35.1.1.0 [110/20003] via 45.1.1.4, 00:00:33, GigabitEthernet0/1

44.0.0.0/32 is subnetted, 1 subnets

O IA 44.1.1.1 [110/20001] via 45.1.1.4, 00:00:33, GigabitEthernet0/1

VIOS5 (config-if) #

!-View ospf routes on vIOS4

VIOS4#sho ip route ospf | b bn

35.0.0.0/30 is subnetted, 1 subnets

O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:09:31, GigabitEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:09:31, GigabitEthernet0/0

VIOS4#sho ip route ospf | b bn

35.0.0.0/30 is subnetted, 1 subnets

O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:11:41, GigabitEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

O IA 55.1.1.1 [110/20001] via 45.1.1.5, 00:00:05, GigabitEthernet0/1

!-restore the link

VIOS5 (config-if) # no shu

May 20 10 18 Interface GigabitEthernet0/0 48.972:% LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up

May 20 10 18 Line protocol on Interface GigabitEthernet0/0 49.971:% LINEPROTO-5-UPDOWN: changed state to up

May 20 10 Process 19V 04.220:% OSPF-5-ADJCHG: Process 2019, Nbr 35.1.1.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done

VIOS4#sho ip route ospf | b bn

35.0.0.0/30 is subnetted, 1 subnets

O IA 35.1.1.0 [110/3] via 14.1.1.1, 00:14:48, GigabitEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

O IA 55.1.1.1 [110/4] via 14.1.1.1, 00:01:18, GigabitEthernet0/0

6.9 configure OSPFv2 sham-link6.9.1 Config loopback 1 and propaganda into BGP VRF address-family IPv4CSR1

Interface Loopback1

Vrf forwarding ospf

Ipv4 address 11.1.1.2 255.255.255.255

Router bgp 64512

Address-family ipv4 vrf AAA

Network 11.1.1.2 mask 255.255.255.255

Xrv

Interface Loopback1

Vrf AAA

Ipv4 address 33.1.1.2 255.255.255.255

Router bgp 64512

Vrf AAA

Address-family ipv4 unicast

Network 33.1.1.2/32

6.9.2 Under OSPFv2 process config sham-link

CSR1

Router ospf 14 vrf AAA

Area 0 sham-link 11.1.1.2 33.1.1.2 cost 200

Xrv

Router ospf 35

Vrf AAA

Address-family ipv4 unicast

Area 0

Sham-link 33.1.1.2 11.1.1.2

Cost 200

6.10 verify sham-ink

CSR1 (config-router) # area 0 sham-link 11.1.1.2 33.1.1.2 cost 200

CSR1 (config-router) # do sho ip ospf neig

* May 22 08 on OSPF_SL3 from LOADING to FULL 45 Process 02.593:% OSPF-5-ADJCHG: Process 14, Nbr 35.1.1.1 on OSPF_SL3 from LOADING to FULL, Loading Done

Neighbor ID Pri State Dead Time Address Interface

35.1.1.1 0 FULL/-00:00:37 33.1.1.2 OSPF_SL3

44.1.1.1 0 FULL/-00:00:34 14.1.1.2 GigabitEthernet2

CSR1#show ip route vrf AAA ospf | b bn

35.0.0.0/30 is subnetted, 1 subnets

O 35.1.1.0 [110/201] via 33.1.1.1, 01:04:13

44.0.0.0/32 is subnetted, 1 subnets

O 44.1.1.1 [110/2] via 14.1.1.2, 01:05:46, GigabitEthernet2

45.0.0.0/29 is subnetted, 1 subnets

O IA 45.1.1.0 [110/20001] via 14.1.1.2, 01:05:46, GigabitEthernet2

55.0.0.0/32 is subnetted, 1 subnets

O 55.1.1.1 [110/202] via 33.1.1.1, 01:04:13

VIOS4#sho ip route ospf | b bn

11.0.0.0/32 is subnetted, 1 subnets

O E1 11.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0

33.0.0.0/32 is subnetted, 1 subnets

O E1 33.1.1.2 [110/2] via 14.1.1.1, 01:06:20, GigabitEthernet0/0

35.0.0.0/30 is subnetted, 1 subnets

O 35.1.1.0 [110/202] via 14.1.1.1, 01:04:42, GigabitEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

O 55.1.1.1 [110/203] via 14.1.1.1, 01:04:42, GigabitEthernet0/0

6.11Hidden sham-link address

CSR1:

Ip prefix-list conn seq 5 permit 11.1.1.2/32

Ip prefix-list conn seq 10 permit 33.1.1.2/32

Route-map deny-conn deny 10

Match ip address prefix-list conn

Route-map deny-conn permit 20

CSR1 (config-router-af) # router ospf 14 vrf ospf

CSR1 (config-router) # redis bgp 64512 subnets route-map deny-conn

Xrv:

Prefix-set conn

11.1.1.2/32

33.1.1.2/32

End-set

Route-policy deny-conn

If destination in conn then

Drop

Else

Pass

Endif

End-policy

RP/0/0/CPU0:xrv (config) # router ospf 35

RP/0/0/CPU0:xrv (config-ospf) # vrf ospf

RP/0/0/CPU0:xrv (config-ospf-vrf) # redist bgp 64512 route-policy deny-conn

RP/0/0/CPU0:xrv (config-ospf-vrf) # commit

VIOS5#sho ip route ospf | b bn

14.0.0.0/30 is subnetted, 1 subnets

O 14.1.1.0 [110/202] via 35.1.1.1, 00:07:05, GigabitEthernet0/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.1.1.1 [110/203] via 35.1.1.1, 00:07:05, GigabitEthernet0/0

The CE device cannot see the sham-link address

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.