GRE与MPLS你懂多少.doc

MPLS/MBGP/VPN 与GRE/MBPG/VPN 注： (,此文档只适合对MPLS/MBGP/VPN有一定认识的人阅读）MPLS/mBGP/vpn所实现的方式。是依靠MBGP对等体传递vpnv4 私网路由，然后由MPLS负责转发数据流。MBGP在mpls的VPN中。主要执行。VRF映射和打上私网的MPLS标签。然后由MPLS的天然标签嵌套隧道生成的LSP转发给对端的PE设备。然后对端的PE设备根据IMPORT信息。把一些相应的VPN 实例映射的路由信息添加到VRF中。他最大的特点就是。结合VRF的实例映射解决私网的地址冲突。然后再结合RD，解决P节点的地址冲突。使用RT灵活控制VPN。如果说。MPLS/BGP/VPN中最大的亮点是MPLS的标签嵌套。哪如果取而代之是GRE的话。会出现哪些效果?从理论上来说.GRE也可以嵌套。(这里简单的介绍一下GRE嵌套,大家对GRE嵌套这个概念或许不是很清楚，因为在教材上，基本没有提到，GRE也是天然的嵌套。我们使用ip作为承载协议。在网络层用协议号47标示后面跟着的是GRE头。而GRE用0800标示后面载荷的是IP数据?既然后面可以载荷IP，那么在载荷的IP里面的网络层继续用47标示GRE，依次类推。GRE也同样可以嵌套GRE，）使用ip来承载GRE ,GRE再载荷GRE然后载荷的GRE负责传递VPNV4的路由信息。（GRE OVER GRE )如果照这样说。GRE/BGP/VPN还是可行的。NO.为啥不行。我之前在上面提到过。MBGP负责为私网打上MPLS标签。从而让MPLS标签嵌套。实现隧道原理。那么在GRE/MPLS/VPN中还是这样吗?如果要使用GRE嵌套。哪必须要有两个GRE存在。也就说。GRE要面对N2的经典问题。哪就算抛开传统的GRE。把GRE封装丢给MBGP，让MBGP实现像封装MPLS内网标签一样。这样可行么?GRE结合MBGP实现的VPN效果能跟MPLS所实现的还是一样吗?还能使用RT灵活控制VPN实例吗?这样做完全不行。 因为在GRE当中。MPLS都不存在了。MBGP拿啥给他打标签?如何让mbgp的VPNV4路由信息封装到GRE中？这个问题值得我们去思考、！如果思考出来了。那么我想GRE将可以小规模取代MPLS。最起码在一些简单的应用上取代。从而实现跟他一样的功能。（原因很简单。GRE比MPLS普遍。配置起来也没mpls繁琐并且加密部分也可以丢给MBGP）从现在的网络解决方案中。如果想让GRE/MPLS/VPN所实现MPLS/MBGP/VPN一样的效果哪归根结底。还得需要MPLS。不然。MBGP依旧没有办法去像封装MPLS内网标签那样去完成GRE的封装动作，除非是修改GRE或MBGP，如果是这样。那么MBGP还是需要修改报文结构。让MBGP支持GRE。这还得折腾GRE和MBGP。这样做也没有太大的意义。目前的网络解决方案。已经足够了。并且GRE。RFC早就停止更新了。哪GRE/MPLS/VPN到底存在不存在?。答案是不存在的。最少现在是不存在。就算存在那么实现的效果跟MPLS/MBGP/VPN中的截然不同。当然。如果哪位兄弟找到了让MBGP的VPNV4封装到GRE中的方法。哪将打破我以上全部所说的。当然。还有一种方法。就是MPLS/BGP over GRE /vpn 这种方式。是使用ip做承载协议。GRE载荷MPLS。这样做的好处是。让P节点那台路由可以不运行MPLS.其他的跟MPLS/mbgp/vpn所实现的都没什么两样。但这样做有意义吗?这样做除非是在特殊环境下。（我想很少碰到中间那台路由器没MPLS的情况吧)。那么我现在就敲个实验。抓下包。看他们两实现的有哪些差别?上面这张图。是MPLS/mbgp/vpn中最经典的图。CE1和CE4建立VPN。CE2和CE3建立VPNPE和CE之间运行OSPF协议。PEA P PEB 运行基本MPLS PEA PEB 运行MBGP。CE3的路由信息RT5dis ip rou Routing Tables: Public Destinations : 9 Routes : 9Destination/Mask Proto Pre Cost NextHop Interface2.2.2.0/30 O_ASE 150 1 6.6.6.2 S0/2/22.2.2.2/32 O_ASE 150 1 6.6.6.2 S0/2/26.6.6.0/30 Direct 0 0 6.6.6.1 S0/2/26.6.6.1/32 Direct 0 0 127.0.0.1 InLoop06.6.6.2/32 Direct 0 0 6.6.6.2 S0/2/2127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.3.1.1/32 OSPF 10 3125 6.6.6.2 S0/2/2192.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0CE4的路由信息RT11dis ip rou Routing Tables: Public Destinations : 9 Routes : 9Destination/Mask Proto Pre Cost NextHop Interface1.1.1.0/30 O_ASE 150 1 5.5.5.1 S0/2/01.1.1.2/32 O_ASE 150 1 5.5.5.1 S0/2/05.5.5.0/30 Direct 0 0 5.5.5.2 S0/2/05.5.5.1/32 Direct 0 0 5.5.5.1 S0/2/05.5.5.2/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.1.1.1/32 OSPF 10 3125 5.5.5.1 S0/2/0192.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0CE2的路由信息RT8dis ip rou Routing Tables: Public Destinations : 9 Routes : 9Destination/Mask Proto Pre Cost NextHop Interface2.2.2.0/30 Direct 0 0 2.2.2.2 S0/2/22.2.2.1/32 Direct 0 0 2.2.2.1 S0/2/22.2.2.2/32 Direct 0 0 127.0.0.1 InLoop06.6.6.0/30 O_ASE 150 1 2.2.2.1 S0/2/26.6.6.1/32 O_ASE 150 1 2.2.2.1 S0/2/2127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0192.4.1.1/32 OSPF 10 3125 2.2.2.1 S0/2/2CE1的路由信息RT9dis ip rou Routing Tables: Public Destinations : 9 Routes : 9Destination/Mask Proto Pre Cost NextHop Interface1.1.1.0/30 Direct 0 0 1.1.1.2 S0/2/01.1.1.1/32 Direct 0 0 1.1.1.1 S0/2/01.1.1.2/32 Direct 0 0 127.0.0.1 InLoop05.5.5.0/30 O_ASE 150 1 1.1.1.1 S0/2/05.5.5.2/32 O_ASE 150 1 1.1.1.1 S0/2/0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0192.2.1.1/32 OSPF 10 3125 1.1.1.1 S0/2/0Mpls封装包信息*Nov 28 16:21:08:250 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=3PKTTYPE_IP :Sending to S0/2/1, Dest=22.22.22.22, Nexthop=3.3.3.2*Nov 28 16:21:08:250 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed!.33.33 PING 33.33.33.33: 56 data bytes, press CTRL_C to break*Nov 28 16:21:09:625 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1024, EXP=0, TTL=255PKTTYPE_MPLS :Sending to S0/2/1, PktLen=88, Label(s)=1024, EXP=0, TTL=255*Nov 28 16:21:09:625 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed! Reply from 33.33.33.33: bytes=56 Sequence=1 ttl=254 time=34 ms*Nov 28 16:21:09:844 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1024, EXP=0, TTL=255PKTTYPE_MPLS :Sending to S0/2/1, PktLen=88, Label(s)=1024, EXP=0, TTL=255*Nov 28 16:21:09:844 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed! Reply from 33.33.33.33: bytes=56 Sequence=2 ttl=254 time=10 ms*Nov 28 16:21:10:47 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1024, EXP=0, TTL=255PKTTYPE_MPLS :Sending to S0/2/1, PktLen=88, Label(s)=1024, EXP=0, TTL=255*Nov 28 16:21:10:47 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed! Request time out*Nov 28 16:21:10:250 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1024, EXP=0, TTL=255PKTTYPE_MPLS :Sending to S0/2/1, PktLen=88, Label(s)=1024, EXP=0, TTL=255*Nov 28 16:21:10:250 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed! Reply from 33.33.33.33: bytes=56 Sequence=4 ttl=254 time=10 ms*Nov 28 16:21:10:453 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1024, EXP=0, TTL=255PKTTYPE_MPLS :Sending to S0/2/1, PktLen=88, Label(s)=1024, EXP=0, TTL=255*Nov 28 16:21:10:453 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed! Reply from 33.33.33.33: bytes=56 Sequence=5 ttl=254 time=10 ms*Nov 28 16:21:10:469 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=3PKTTYPE_IP :Sending to S0/2/1, Dest=22.22.22.22, Nexthop=3.3.3.2*Nov 28 16:21:10:469 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Serial0/2/1 succeed!PEA的RD信息dis ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpnA 100:1 2010/11/28 15:58:05 vpnB 200:1 2010/11/28 16:00:00PEB的RD信息RT4dis ip vpn Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpnA 300:1 2010/11/28 16:08:36 vpnB 400:1 2010/11/28 16:12:25PEA中VPNA中的RT信息r1-vpn-instance-vpnAdis this#ip vpn-instance vpnA route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 300:1 import-extcommunity# ip vpn-instance vpnB route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 400:1 import-extcommunity#PEA的ospf VPN实例的进程ospf 10 vpn-instance vpnA import-route bgp area 0.0.0.0 network 1.1.1.0 0.0.0.3 #ospf 20 vpn-instance vpnB import-route bgp area 0.0.0.0 network 2.2.2.0 0.0.0.3PEA的接口信息interface Serial0/2/3 link-protocol ppp ip binding vpn-instance vpnA ip address 1.1.1.1 255.255.255.252interface Serial0/2/2 link-protocol ppp ip binding vpn-instance vpnB ip address 2.2.2.1 255.255.255.252PEA的MBGP信息bgp 100 undo synchronization group in internal peer in connect-interface LoopBack100 peer 33.33.33.33 group in # ipv4-family vpnv4 peer 33.33.33.33 enable # ipv4-family vpn-instance vpnA import-route direct import-route ospf 10 # ipv4-family vpn-instance vpnB import-route direct import-route ospf 20#PEB的RD信息RT4dis ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpnA 300:1 2010/11/28 16:08:36 vpnB 400:1 2010/11/28 16:12:25PEB的RT信息ip vpn-instance vpnA route-distinguisher 300:1 vpn-target 300:1 export-extcommunity vpn-target 100:1 import-extcommunityip vpn-instance vpnB route-distinguisher 400:1 vpn-target 400:1 export-extcommunity vpn-target 200:1 import-extcommunitPEB的ospf映射信息ospf 10 vpn-instance vpnA import-route bgp area 0.0.0.0 network 5.5.5.0 0.0.0.3ospf 20 vpn-instance vpnB import-route bgp area 0.0.0.0 network 6.6.6.0 0.0.0.3 #PEB的接口映射信息RT4dis cu int s0/2/3#interface Serial0/2/3 link-protocol ppp ip binding vpn-instance vpnA ip address 5.5.5.1 255.255.255.252interface Serial0/2/2 link-protocol ppp ip binding vpn-instance vpnB ip address 6.6.6.2 255.255.255.252#PEB的MBGP信息bgp 100 undo synchronization group in internal peer in connect-interface LoopBack100 peer 11.11.11.11 group in # ipv4-family vpnv4 peer 11.11.11.11 enable # ipv4-family vpn-instance vpnA import-route direct import-route ospf 10 # ipv4-family vpn-instance vpnB import-route direct import-route ospf 20#MBGP的映射信息RT4dis bgp vpnv4 vpn-instance vpnA routing-table Total Number of Routes: 7 BGP Local router ID is 33.33.33.33 Status codes: * - valid, - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *i 1.1.1.0/30 11.11.11.11 0 100 0 ? *i 1.1.1.2/32 11.11.11.11 0 100 0 ? * 5.5.5.0/30 0.0.0.0 0 0 ? * 5.5.5.1/32 0.0.0.0 0 0 ? * 5.5.5.2/32 0.0.0.0 0 0 ? *i 192.1.1.1/32 11.11.11.11 1563 100 0 ? * 192.2.1.1/32 0.0.0.0 1563 0 ?P节点的MPLS基本信息R10dis mpls ldp lsp LDP LSP Information - SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -*1 4.4.4.4/32 Liberal(3) 2 11.11.11.11/32 NULL/3 3.3.3.1 -/S0/2/1 3 11.11.11.11/32 1025/3 3.3.3.1 S0/2/4/S0/2/1 4 22.22.22.22/32 3/NULL 127.0.0.1 S0/2/1/InLoop0 5 22.22.22.22/32 3/NULL 127.0.0.1 S0/2/4/InLoop0 6 33.33.33.33/32 1024/3 4.4.4.2 S0/2/1/S0/2/4 7 33.33.33.33/32 NULL/3 4.4.4.2 -/S0/2/4 -OK，接下来，我们切换到MPLS/MBGP OVER gre /VPN。故名思议，使用GRE承载MPLS，从而实现MPLS 的LSP转发VPNV4信息。这样做的好处。我在这就不描述。（刚在上面讲了）那么既然要实现让GRE承载MPLS，那么前提条件是，GRE必须成功建立。CE3的路由信息RT11dis ip rou Routing Tables: Public Destinations : 9 Routes : 9Destination/Mask Proto Pre Cost NextHop Interface1.1.1.0/30 O_ASE 150 1 5.5.5.1 S0/2/01.1.1.1/32 O_ASE 150 1 5.5.5.1 S0/2/05.5.5.0/30 Direct 0 0 5.5.5.2 S0/2/05.5.5.1/32 Direct 0 0 5.5.5.1 S0/2/05.5.5.2/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.3.1.1/32 OSPF 10 3125 5.5.5.1 S0/2/0192.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0CE3 Ping CE2 的信息RT11ping -a 192.4.1.1 192.3.1.1 PING 192.3.1.1: 56 data bytes, press CTRL_C to break Reply from 192.3.1.1: bytes=56 Sequence=1 ttl=253 time=34 ms Reply from 192.3.1.1: bytes=56 Sequence=2 ttl=253 time=20 ms Reply from 192.3.1.1: bytes=56 Sequence=3 ttl=253 time=15 ms Reply from 192.3.1.1: bytes=56 Sequence=4 ttl=253 time=30 ms Reply from 192.3.1.1: bytes=56 Sequence=5 ttl=253 time=14 ms - 192.3.1.1 ping statistics - 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 14/22/34 msGRE MPLS封装信息*Nov 30 19:38:22:281 2010 r1 GRE/7/debug: gre packet: Decapsulate tunnel packet Outer packet header 4.4.4.2-3.3.3.1(length = 112)*Nov 30 19:38:22:281 2010 r1 GRE/7/debug: Tunnel1 packet: GRE decapsulated MPLS packet(len = 88). IN MBUF is 0,40,11,ffffffff,45*Nov 30 19:38:22:281 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1025, EXP=0, TTL=255PUSH Label=3PKTTYPE_MPLS :Sending to Tun1, PktLen=88, Label(s)=1025, EXP=0, TTL=255*Nov 30 19:38:22:281 2010 r1 GRE/7/debug: gre packet: Encapsulation protocol is MPLS.*Nov 30 19:38:22:281 2010 r1 GRE/7/debug:gre packet: OUT MBUF is 0,40,11,ffffffff,45*Nov 30 19:38:22:281 2010 r1 GRE/7/debug: Tunnel1 packet:After encapsulation, Outgoing packet header 3.3.3.1-4.4.4.2(length = 112)*Nov 30 19:38:22:281 2010 r1 GRE/7/debug:Output: Gre packet has been fast-switched successfully, interface index is 0x2f0000.*Nov 30 19:38:22:281 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Tunnel1 succeed!*Nov 30 19:38:22:422 2010 r1 GRE/7/debug:Gre packet has been sent to ip queue successfully.*Nov 30 19:38:22:484 2010 r1 GRE/7/debug: gre packet: Decapsulate tunnel packet Outer packet header 4.4.4.2-3.3.3.1(length = 112)*Nov 30 19:38:22:484 2010 r1 GRE/7/debug: Tunnel1 packet: GRE decapsulated MPLS packet(len = 88). IN MBUF is 0,40,11,ffffffff,45*Nov 30 19:38:22:484 2010 r1 MFW/7/MPLSFW PACKET:PUSH Label=1025, EXP=0, TTL=255PUSH Label=3PKTTYPE_MPLS :Sending to Tun1, PktLen=88, Label(s)=1025, EXP=0, TTL=255*Nov 30 19:38:22:484 2010 r1 GRE/7/debug: gre packet: Encapsulation protocol is MPLS.*Nov 30 19:38:22:484 2010 r1 GRE/7/debug:gre packet: OUT MBUF is 0,40,11,ffffffff,45*Nov 30 19:38:22:484 2010 r1 GRE/7/debug: Tunnel1 packet:After encapsulation, Outgoing packet header 3.3.3.1-4.4.4.2(length = 112)*Nov 30 19:38:22:484 2010 r1 GRE/7/debug:Output: Gre packet has been fast-switched successfully, interface index is 0x2f0000.*Nov 30 19:38:22:484 2010 r1 MFW/7/MPLSFW PACKET:MPLSFW Packet out from Interface Tunnel1 succeed!以上信息可以明显的看出。先封装MPLS。然后再把MPLS丢给GRE传输。P节点的配置dis cu # version 5.20, Alpha 1011# sysname r10# password-control login-attempt 3 exceed lock-time 120# undo voice vlan mac-address 00e0-bb00-0000# ipsec cpu-backup enable# undo cryptoengine enable# domain default enable system#vlan 1#domain system access-limit disable state active idle-cut disable self-service-url disable#interface Serial0/2/0 link-protocol ppp#interface Serial0/2/1 link-protocol ppp ip address 3.3.3.2 255.255.255.252#interface Serial0/2/2 link-protocol ppp ip address 4.4.4.1 255.255.255.252#ospf 1#ospf 100 area 0.0.0.0 network 3.3.3.0 0.0.0.3 network 4.4.4.0 0.0.0.3# load xml-configuration#user-interface con 0user-interface vty 0 4#ReturnPEA的RD信息r1dis ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpnA 100:1 2010/11/30 19:18:24 vpnB 200:1 2010/11/30 19:19:20PEB的RD信息RT4dis ip vpn-instance Total VPN-Instances configured : 2 VPN-Instance Name RD Create time vpnA 300:1 2010/11/30 19:24:52 vpnB 400:1 2010/11/30 19:25:43PEA的BGP的信息r1