VPN MPLS-VPN as-override

SHARE

TASK

as-overrideってBGPネイバ以外(直前のAS番号以外)も書き換えるんだっけ?という疑問から確認してみた。

DIAGRAM

CONFIG

hostname R1
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.2.1 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
interface FastEthernet0/1
 ip address 10.1.3.1 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
router ospf 1
 mpls ldp autoconfig
!
end

hostname R2
!
vrf definition VPN-USER-A
 rd 65000:65099
 route-target export 65000:65099
 route-target import 65000:65099
!
 address-family ipv4
 exit-address-family
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.2.2 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
interface FastEthernet0/1
 vrf forwarding VPN-USER-A
 ip address 10.2.4.2 255.255.255.0
 no shutdown
!
router ospf 1
 mpls ldp autoconfig
!
router bgp 65000
 no bgp default ipv4-unicast
 neighbor 10.0.0.3 remote-as 65000
 neighbor 10.0.0.3 update-source Loopback0
!
 address-family vpnv4
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.3 send-community extended
 exit-address-family
!
 address-family ipv4 vrf VPN-USER-A
  neighbor 10.2.4.4 remote-as 65099
  neighbor 10.2.4.4 activate
  neighbor 10.2.4.4 as-override
 exit-address-family
!
end

hostname R3
!
vrf definition VPN-USER-A
 rd 65000:65099
 route-target export 65000:65099
 route-target import 65000:65099
!
 address-family ipv4
 exit-address-family
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.3.3 255.255.255.0
 ip ospf 1 area 0
 no shutdown
!
interface FastEthernet0/1
 vrf forwarding VPN-USER-A
 ip address 10.3.5.3 255.255.255.0
 no shutdown
!
router ospf 1
 mpls ldp autoconfig
!
router bgp 65000
 no bgp default ipv4-unicast
 neighbor 10.0.0.2 remote-as 65000
 neighbor 10.0.0.2 update-source Loopback0
!
 address-family vpnv4
  neighbor 10.0.0.2 activate
  neighbor 10.0.0.2 send-community extended
 exit-address-family
!
 address-family ipv4 vrf VPN-USER-A
  neighbor 10.3.5.5 remote-as 65099
  neighbor 10.3.5.5 activate
  neighbor 10.3.5.5 as-override
 exit-address-family
!
end

hostname R4
!
interface FastEthernet0/0
 ip address 10.2.4.4 255.255.255.0
 no shutdown
!
interface FastEthernet0/1
 ip address 10.4.6.4 255.255.255.0
 no shutdown
!
router bgp 65099
 no bgp default ipv4-unicast
 neighbor 10.2.4.2 remote-as 65000
 neighbor 10.4.6.6 remote-as 65006
!
 address-family ipv4
  neighbor 10.2.4.2 activate
  neighbor 10.4.6.6 activate
 exit-address-family
!
router bgp 65099
 address-family ipv4
  neighbor 10.4.6.6 allowas-in
!
end

hostname R5
!
interface FastEthernet0/0
 ip address 10.3.5.5 255.255.255.0
 no shutdown
!
router bgp 65099
 no bgp default ipv4-unicast
 neighbor 10.3.5.3 remote-as 65000
!
 address-family ipv4
  neighbor 10.3.5.3 activate
 exit-address-family
!
end

hostname R6
!
interface FastEthernet0/0
 ip address 10.4.6.6 255.255.255.0
 no shutdown
!
interface FastEthernet0/1
 ip address 10.6.8.6 255.255.255.0
 no shutdown
!
router bgp 65006
 no bgp default ipv4-unicast
 neighbor 10.4.6.4 remote-as 65099
 neighbor 10.6.8.8 remote-as 65099
!
 address-family ipv4
  neighbor 10.4.6.4 activate
  neighbor 10.6.8.8 activate
 exit-address-family
!
end

hostname R8
!
interface Loopback0
 ip address 10.0.0.8 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.6.8.8 255.255.255.0
 no shutdown
!
router bgp 65099
 no bgp default ipv4-unicast
 neighbor 10.6.8.6 remote-as 65006
!
 address-family ipv4
  network 10.0.0.8 mask 255.255.255.255
  neighbor 10.6.8.6 activate
 exit-address-family
!
end

VERIFY

・R8のloopback を広報し、その見え方を確認

R8#sh ip bgp | b Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.8/32      0.0.0.0                  0         32768 i
R8#

R6#sh ip bgp | b Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.8/32      10.6.8.8                 0             0 65099 i
R6#
R6#sh ip bgp nei 10.4.6.4 adv | b Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.8/32      10.6.8.8                 0             0 65099 i

Total number of prefixes 1
R6#

R4#sh ip bgp | b Network
R4#

R4が同じAS番号なので破棄する。ここで無理やり受信させるためにallowas-in

R4(config)#router bgp 65099
R4(config-router)# address-family ipv4
R4(config-router-af)#  neighbor 10.4.6.6 allowas-in
R4(config-router-af)#end
R4#clear
R4#cle ip bgp * soft
R4#
R4#sh ip bgp | b Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.8/32      10.4.6.6                               0 65006 65099 i
R4#

R2#sh bgp vpnv4 uni all | b Network
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65000:65099 (default for vrf VPN-USER-A)
*> 10.0.0.8/32      10.2.4.4                               0 65099 65006 65099 i
R2#

R3#sh bgp vpnv4 uni all | b Network
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65000:65099 (default for vrf VPN-USER-A)
*>i10.0.0.8/32      10.0.0.2                 0    100      0 65099 65006 65099 i
R3#

さて、結果は・・・

R5#sh ip bgp | b Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.8/32      10.3.5.3                               0 65000 65000 65006 65000 i
R5#

非BGPネイバからの経路もASが上書きされてました。

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

前の記事

VPN no bgp default ipv4-unicast

次の記事

IPsec LAN-to-LAN ISAKMP Policie…