OK,實驗的拓撲和配置已經提前CTRL+C/V,現在讓我們看看他到底是怎麼工作的(手動滑稽)。
拓撲:
CE1---PE1---P---PE2---CE2
分支CE1和CE2的設備上已經學習到了彼此的MAC地址,二層互通;也學習到了PE設備上的IRB網關地址,三層互通,可以看到所有PE設備的IRB mac地址是一致的:
root@CE1# run show arp
MAC Address Address Name Interface Flags
00:05:86:71:18:c0 192.168.10.20 192.168.10.20 ae0.2100 none
00:00:00:00:00:01 192.168.10.254 192.168.10.254 ae0.2100 none
00:05:86:71:18:c0 192.168.20.20 192.168.20.20 ae0.2200 none
00:00:00:00:00:02 192.168.20.254 192.168.20.254 ae0.2200 none
00:05:86:71:18:c0 192.168.30.20 192.168.30.20 ae0.2300 none
00:00:00:00:00:03 192.168.30.254 192.168.30.254 ae0.2300 none
root@CE2# run show arp
MAC Address Address Name Interface Flags
00:05:86:71:a0:c0 192.168.10.10 192.168.10.10 ae0.2100 none
00:00:00:00:00:01 192.168.10.254 192.168.10.254 ae0.2100 none
00:05:86:71:a0:c0 192.168.20.10 192.168.20.10 ae0.2200 none
00:00:00:00:00:02 192.168.20.254 192.168.20.254 ae0.2200 none
00:05:86:71:a0:c0 192.168.30.10 192.168.30.10 ae0.2300 none
00:00:00:00:00:03 192.168.30.254 192.168.30.254 ae0.2300 none
測試下ping:
root@CE1# run ping 192.168.10.20 routing-instance ce1_vlan2100
PING 192.168.10.20 (192.168.10.20): 56 data bytes
64 bytes from 192.168.10.20: icmp_seq=0 ttl=64 time=186.833 ms
64 bytes from 192.168.10.20: icmp_seq=1 ttl=64 time=14.576 ms
64 bytes from 192.168.10.20: icmp_seq=2 ttl=64 time=20.534 ms
64 bytes from 192.168.10.20: icmp_seq=3 ttl=64 time=22.830 ms
64 bytes from 192.168.10.20: icmp_seq=4 ttl=64 time=27.790 ms
^C
--- 192.168.10.20 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 14.576/54.513/186.833/66.296 ms
[edit]
root@CE1# run ping 192.168.10.254 routing-instance ce1_vlan2100
PING 192.168.10.254 (192.168.10.254): 56 data bytes
64 bytes from 192.168.10.254: icmp_seq=0 ttl=64 time=31.226 ms
64 bytes from 192.168.10.254: icmp_seq=1 ttl=64 time=305.800 ms
64 bytes from 192.168.10.254: icmp_seq=2 ttl=64 time=10.599 ms
64 bytes from 192.168.10.254: icmp_seq=3 ttl=64 time=12.904 ms
^C
--- 192.168.10.254 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 10.599/90.132/305.800/124.772 ms
root@CE2# run ping 192.168.10.10
PING 192.168.10.10 (192.168.10.10): 56 data bytes
64 bytes from 192.168.10.10: icmp_seq=0 ttl=64 time=205.853 ms
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=16.703 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=28.356 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=75.543 ms
64 bytes from 192.168.10.10: icmp_seq=4 ttl=64 time=25.344 ms
^C
--- 192.168.10.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 16.703/70.360/205.853/70.789 ms
[edit]
root@CE2# run ping 192.168.10.254
PING 192.168.10.254 (192.168.10.254): 56 data bytes
64 bytes from 192.168.10.254: icmp_seq=0 ttl=64 time=12.648 ms
64 bytes from 192.168.10.254: icmp_seq=1 ttl=64 time=5.729 ms
64 bytes from 192.168.10.254: icmp_seq=2 ttl=64 time=8.551 ms
64 bytes from 192.168.10.254: icmp_seq=3 ttl=64 time=136.645 ms
^C
--- 192.168.10.254 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.729/40.893/136.645/55.337 ms
所以我們的CE1已經可以ping通的CE2同VLAN,也實現了CE1上不同VLAN之間的三層互訪。
E×××到底是如何實現的呢?
CE1-PE1
CE-PE之間還是通過數據層學習MAC地址,PE1收到CE1的數據包 比如DHCP或者ARP,讀取源MAC,記錄在了MAC表裏面,哪個MAC表呢?
root@PE1# run show bridge mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : E×××-A
Bridging domain : BR-2100, VLAN : 2100
MAC MAC Logical NH MAC active
address flags interface Index property source
00:05:86:71:18:c0 DC 1048584 2.2.2.2
00:05:86:71:a0:c0 D ae0.2100
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : E×××-A
Bridging domain : BR-2200, VLAN : 2200
MAC MAC Logical NH MAC active
address flags interface Index property source
00:05:86:71:18:c0 DC 1048584 2.2.2.2
00:05:86:71:a0:c0 D ae0.2200
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : E×××-A
Bridging domain : BR-2300, VLAN : 2300
MAC MAC Logical NH MAC active
address flags interface Index property source
00:05:86:71:18:c0 DC 1048584 2.2.2.2
00:05:86:71:a0:c0 D ae0.2300
記錄在MAC-VRF中的MAC轉發表.什麼是MAC-VRF呢?什麼是VRF呢?
VRF virtual routing和forwarding,作用就是隔離網絡,每個VRF都有自己的獨立的轉發信息,在一臺設備上
實現多租戶使用。
在E×××裏面,VRF有兩種,MAC-VRF和IP-VRF。MAC-VRF看做L2交換機,IP-VRF看做L3路由器。
MAC-VRF也對應了一個RD和一組RT。
RD,路由識別符,主要用去區別VRF,在去其他的PE路由器交換×××路由時,RD通過MP-BGP與路由一起攜帶,會和IP前綴一起包含在內。例如:65000:20:192.0.2.0/24。
RT是用來過濾MAC路由,可以創建導入和導出的策略來接受和標記具有指定特殊community值得路由。先不管他。
到這一步,我們在PE1上的MAC-VRF上看到了CE1的MAC。
PE1-PE2
PE1有了CE1的MAC轉發信息,如何封裝成BGP數據傳遞給PE2?
隨便show下,選取兩個路由看看。
2:2.2.2.2:2000::2100::00:00:00:00:00:01/304 MAC/IP (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 2.2.2.2:2000
Next hop type: Indirect, Next hop index: 0
Address: 0xc633070
Next-hop reference count: 26
Source: 2.2.2.2
Protocol next hop: 2.2.2.2
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Active Int Ext>
Local AS: 65000 Peer AS: 65000
Age: 1d 4:32:45 Metric2: 1
Validation State: unverified
Task: BGP_65000.2.2.2.2+179
AS path: I
Communities: target:65000:2000 e***-default-gateway
Import Accepted
Route Label: 16
ESI: 00:00:00:00:00:00:00:00:00:00
Localpref: 100
Router ID: 2.2.2.2
Secondary Tables: E×××-A.e***.0
3:2.2.2.2:2000::2100::2.2.2.2/248
開頭的2和3是什麼東東。
E×××定義了多個新的BGP Extended Community。
Type 1 – Ethernet auto-discovery route
Type 2 – MAC/IP advertisement route
Type 3 – Inclusive multicast Ethernet tag route
Type 4 – Ethernet segment (ES) route
Type 5 – IP prefix route
Type 3 路由用於向所有具有相同VLAN的站點的PE發送BUM流量。
格式是:3:<RD>::<VLAN-ID>::<ROUTER-ID>/248
Type 2,是MAC/IP Route,通過BGP/170是通過遠程PE路由過來的,發往這個MAC地址的數據包具有,比如:
Route Label: 16
PE會根據收到的Erhernet Frame發送到相應的MAC-VRF中。
接下來就是CE2-PE2
CE2 ping CE1之前,會發送ARP request,查詢CE1的MAC地址。(PE2上配置ARP proxy)PE2直接在ARP response中放入CE1的MAC地址。
CE2拿到MAC地址之後,組裝Ethernet Header,將ping包發送到PE2。
PE2-PE1
在E×××下,定義了三種數據層。
MPLS PBB VXLAN。
PBB和VXLAN是之後的學習計劃,先看看MPLS。之前看到Route Label: 16,MPLS Lable,它會被加到ping包中到達PE1。
PE1-CE1
PE1知道某個××× Lable對應哪個MAC-VRF,剝離××× Lable,ping包發送到MAC-VRF,讀取MAC轉發表,發到對應的端口。
大致來講,E×××架構與BGP/MPLS L3 ×××是一樣的。但是轉發的是MAC/IP,而L3 ×××中的轉發信息就是IP。E×××提供了一個L2層網絡的控制層,在控制上也可以學習到L2的信息了,用BGP來宣告了MAC地址。
EVI是什麼?
An E××× instance (EVI) is an E××× routing and forwarding instance spanning all the PE routers participating in that ×××. An EVI is configured on the PE routers on a per-customer basis. Each EVI has a unique route distinguisher and one or more route targets.
每個EVI鏈接了一個或者多個用戶網絡,EVI之間彼此獨立。
ET是什麼?
Ethernet tag—An Ethernet tag identifies a particular broadcast domain, such as a VLAN. An E××× instance consists of one or more broadcast domains. Ethernet tags are assigned to the broadcast domains of a given E××× instance by the provider of that E×××. Each PE router in that E××× instance performs a mapping between broadcast domain identifiers understood by each of its attached CE devices and the corresponding Ethernet tag.
如果一個EVI包含多個廣播域,使用ET來區別不同的廣播域。