本文详细记录了三种实现VRF间路由泄露的方法及其测试效果。通过静态泄露、RT相互导入和策略路由的方式,实现了不同VRF间的网络可达性,为多VRF环境下网络通信提供了解决方案。
实验拓扑:
初始配置
R1:
interface Ethernet0/0
ip vrf forwarding vrf1
ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding vrf2
ip address 192.168.2.254 255.255.255.0
!
PC1:
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.254
PC2:
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.2.254
方式一:静态泄漏
R1:
ip route vrf vrf1 192.168.2.0 255.255.255.0 Ethernet0/1 192.168.2.1
ip route vrf vrf2 192.168.1.0 255.255.255.0 Ethernet0/0 192.168.1.1
方式一测试
R1#show ip route vrf vrf1
Routing Table: vrf1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/0
L 192.168.1.254/32 is directly connected, Ethernet0/0
S 192.168.2.0/24 [1/0] via 192.168.2.1, Ethernet0/1
R1#show ip route vrf vrf2
Routing Table: vrf2
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
S 192.168.1.0/24 [1/0] via 192.168.1.1, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.254/32 is directly connected, Ethernet0/1
R1#
PC1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#traceroute 192.168.2.254
Type escape sequence to abort.
Tracing the route to 192.168.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.254 1 msec 0 msec 0 msec
2 192.168.2.1 1 msec 0 msec 0 msec
3 192.168.2.254 1 msec * 1 msec
PC1#
方式二:RT相互导入
R1:
ip vrf vrf1
rd 1:1
route-target export 1:1
route-target import 1:1
route-target import 2:1
!
ip vrf vrf2
rd 2:1
route-target export 2:1
route-target import 2:1
route-target import 1:1
!
router bgp 1
bgp router-id 1.1.1.1
bgp log-neighbor-changes
!
address-family ipv4 vrf vrf1
redistribute connected
exit-address-family
!
address-family ipv4 vrf vrf2
redistribute connected
exit-address-family
!
查看
R1#show ip route vrf vrf1
Routing Table: vrf1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/0
L 192.168.1.254/32 is directly connected, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.2.0/24 is directly connected (vrf2), 00:00:17, Ethernet0/1
L 192.168.2.254/32 is directly connected, Ethernet0/1
R1#show ip route vrf vrf2
Routing Table: vrf2
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.1.0/24 is directly connected (vrf1), 00:00:34, Ethernet0/0
L 192.168.1.254/32 is directly connected, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.254/32 is directly connected, Ethernet0/1
R1#
R1#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf vrf1)
*> 192.168.1.0 0.0.0.0 0 32768 ?
*> 192.168.2.0 0.0.0.0 0 32768 ?
Route Distinguisher: 2:1 (default for vrf vrf2)
*> 192.168.1.0 0.0.0.0 0 32768 ?
*> 192.168.2.0 0.0.0.0 0 32768 ?
R1#
方式二测试
PC1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.254 1 msec 0 msec 0 msec
2 192.168.2.1 1 msec * 1 msec
PC1#traceroute 192.168.2.254
Type escape sequence to abort.
Tracing the route to 192.168.2.254
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.254 0 msec * 1 msec
PC1#
方式三:策略路由
ip access-list extended vrf1-to-vrf2
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended vrf2-to-vrf1
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
route-map vrf1-to-vrf2 permit 10
match ip address vrf1-to-vrf2
set ip vrf vrf2 next-hop 192.168.2.1
!
route-map vrf2-to-vrf1 permit 10
match ip address vrf2-to-vrf1
set ip vrf vrf1 next-hop 192.168.1.1
!
interface Ethernet0/0
ip vrf forwarding vrf1
ip address 192.168.1.254 255.255.255.0
ip policy route-map vrf1-to-vrf2
!
interface Ethernet0/1
ip vrf forwarding vrf2
ip address 192.168.2.254 255.255.255.0
ip policy route-map vrf2-to-vrf1
!
方式三测试
PC1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1#
PC1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.254 0 msec 1 msec 0 msec
2 192.168.2.1 0 msec * 1 msec
PC1#
扫一扫
1201
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
