среда, 26 ноября 2014 г.

sham link между junos и ios



Конфигурация.

Cisco:

ip vrf clientOSPF

 rd 65500:308

 route-target export 65500:308

 route-target import 65500:308

!

interface Loopback308

 ip vrf forwarding clientOSPF

 ip address 192.168.253.103 255.255.255.255

 no ip redirects

 no ip proxy-arp

 ip mtu 1500

 ip ospf 308 area 0

!

interface TenGigabitEthernet3/4.308

 description "[client-id]"

 encapsulation dot1Q 308

 ip vrf forwarding clientOSPF

 ip address 192.168.2.246 255.255.255.248

 no ip redirects

 no ip proxy-arp

 ip mtu 1500

 ip ospf authentication message-digest

 ip ospf message-digest-key 1 md5 7 XXXXXXXXXX

 ip ospf priority 250

 ip ospf lls disable

 ip ospf 308 area 0

 no cdp enable

!

router ospf 308 vrf clientOSPF

 router-id 192.168.253.103

 event-log size 1000

 log-adjacency-changes

 area 0 sham-link 192.168.253.103 192.168.253.109

 redistribute connected

 redistribute bgp 65500 metric-type 1 subnets route-map RM-clientOSPF-bgp2ospf

 default-information originate

!

router bgp 65500

 bgp router-id 172.16.128.103

 bgp log-neighbor-changes

!

 address-family ipv4 vrf clientOSPF

  no synchronization

  redistribute static

  redistribute connected

  redistribute ospf 308 vrf clientOSPF match internal external 1 external 2

 exit-address-family

 !

route-map RM-clientOSPF-bgp2ospf permit 10

 match ip address 12

 set tag 65500

!

access-list 12 deny   192.168.253.103

access-list 12 deny   192.168.253.109

access-list 12 permit any

!

 Juniper MX:

set interfaces lo0 unit 308 description "[CLIENTOSPF]"

set interfaces lo0 unit 308 family inet no-redirects

set interfaces lo0 unit 308 family inet address 192.168.253.109/32



set interfaces xe-2/0/1 unit 308 vlan-id 308

set interfaces xe-2/0/1 unit 308 family inet mtu 1500

set interfaces xe-2/0/1 unit 308 family inet no-redirects

set interfaces xe-2/0/1 unit 308 family inet policer arp POL-ARP

set interfaces xe-2/0/1 unit 308 family inet address 192.168.2.237/30



set routing-instances CLIENTOSPF instance-type vrf

set routing-instances CLIENTOSPF interface xe-2/0/1.308

set routing-instances CLIENTOSPF interface lo0.308

set routing-instances CLIENTOSPF route-distinguisher 65500:308

set routing-instances CLIENTOSPF vrf-import IMP-CLIENTOSPF-VRF

set routing-instances CLIENTOSPF vrf-export EXP-CLIENTOSPF-VRF

set routing-instances CLIENTOSPF vrf-target target:65500:308

set routing-instances CLIENTOSPF vrf-table-label

set routing-instances CLIENTOSPF protocols ospf export CLIENTOSPF-BGP->OSPF

set routing-instances CLIENTOSPF protocols ospf sham-link local 192.168.253.109

set routing-instances CLIENTOSPF protocols ospf area 0.0.0.0 sham-link-remote 192.168.253.103 metric 1

set routing-instances CLIENTOSPF protocols ospf area 0.0.0.0 interface xe-2/0/1.308 metric 10

set routing-instances CLIENTOSPF protocols ospf area 0.0.0.0 interface xe-2/0/1.308 authentication md5 1 key "$9$-XXXXXXXXXX"

set routing-instances CLIENTOSPF protocols ospf area 0.0.0.0 interface lo0.308 passive



set policy-options policy-statement CLIENTOSPF-BGP->OSPF term loopbacks from route-filter 192.168.253.0/24 upto /32

set policy-options policy-statement CLIENTOSPF-BGP->OSPF term loopbacks then reject

set policy-options policy-statement CLIENTOSPF-BGP->OSPF term vrf then tag 65500

set policy-options policy-statement CLIENTOSPF-BGP->OSPF term vrf then external type 1

set policy-options policy-statement CLIENTOSPF-BGP->OSPF term vrf then accept



set policy-options policy-statement IMP-CLIENTOSPF-VRF term vrf from protocol bgp

set policy-options policy-statement IMP-CLIENTOSPF-VRF term vrf from community COMMUNITY_CLIENTOSPF_TARGET

set policy-options policy-statement IMP-CLIENTOSPF-VRF term vrf then accept

set policy-options policy-statement IMP-CLIENTOSPF-VRF term last then reject



set policy-options policy-statement EXP-CLIENTOSPF-VRF term vrf from protocol direct

set policy-options policy-statement EXP-CLIENTOSPF-VRF term vrf from protocol ospf

set policy-options policy-statement EXP-CLIENTOSPF-VRF term vrf then community add COMMUNITY_CLIENTOSPF_TARGET

set policy-options policy-statement EXP-CLIENTOSPF-VRF term vrf then accept

set policy-options policy-statement EXP-CLIENTOSPF-VRF term last then reject



set policy-options community COMMUNITY_CLIENTOSPF_TARGET members target:65500:308


Проверка.

На cisco:

c7604-jas#sh ip ospf 308 sham-links

Sham Link OSPF_SL6 to address 192.168.253.109 is up

Area 0 source address 192.168.253.103

  Run as demand circuit

  DoNotAge LSA not allowed (Number of DCbitless LSA is 7). Cost of using 1 State POINT_TO_POINT,

  Timer intervals configured, Hello 10, Dead 40, Wait 40,

    Hello due in 00:00:07

    Adjacency State FULL (Hello suppressed)

    Index 1/1, retransmission queue length 0, number of retransmission 2

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 1, maximum is 1

    Last retransmission scan time is 0 msec, maximum is 0 msec


Маршрут на loopback не должен быть "виден" в OSPF: 

c7604-jas#sh ip ro vrf clientOSPF 192.168.253.109

 Routing Table: clientOSPF

Routing entry for 192.168.253.109/32

  Known via "bgp 65500", distance 200, metric 0, type internal

  Redistributing via ospf 308

  Last update from 172.16.128.109 11:25:15 ago

  Routing Descriptor Blocks:

  * 172.16.128.109 (default), from 172.16.128.106, 11:25:15 ago

      Route metric is 0, traffic share count is 1

      AS Hops 0

      MPLS label: 35

      MPLS Flags: MPLS Required


А вот клиентский маршрут наоборот, должен быть "виден" через OSPF:

c7604-jas#sh ip ro vrf clientOSPF 192.168.2.237

 Routing Table: clientOSPF

Routing entry for 192.168.2.236/30

  Known via "ospf 308", distance 110, metric 11, type intra area

  Redistributing via bgp 65500

  Advertised by bgp 65500 match internal external 1 & 2

  Last update from 172.16.128.109 11:24:53 ago

  Routing Descriptor Blocks:

  * 172.16.128.109 (default), from 192.168.2.253, 11:24:53 ago

      Route metric is 11, traffic share count is 1

      MPLS label: 35

      MPLS Flags: MPLS Required


На juniper:


user@mx240> show ospf interface instance CLIENTOSPF

Interface           State   Area            DR ID           BDR ID          Nbrs

lo0.308             DRother 0.0.0.0         0.0.0.0         0.0.0.0            0

shamlink.0          PtToPt  0.0.0.0         0.0.0.0         0.0.0.0            1

xe-2/0/1.308        BDR     0.0.0.0         192.168.2.253   192.168.253.109    1



user@mx240> show ospf neighbor instance CLIENTOSPF

Address          Interface              State     ID               Pri  Dead

192.168.253.103  shamlink.0             Full      192.168.253.103    1     -

192.168.2.238    xe-2/0/1.308           Full      192.168.2.253      1    34


Важное замечание:

Note: In Junos OS Release 9.6 and later, an OSPFv2 sham link is installed in the routing table as a hidden route. Additionally, a BGP route is not exported to OSPFv2 if a corresponding OSPF sham link is available.

Именно поэтому:


user@mx240> show route table CLIENTOSPF.inet.0



CLIENTOSPF.inet.0: 41 destinations, 68 routes (41 active, 0 holddown, 27 hidden)

+ = Active Route, - = Last Active, * = Both



0.0.0.0/0          *[OSPF/150] 11:34:35, metric 61, tag 0

                    > to 192.168.2.238 via xe-2/0/1.308

10.35.17.0/24      *[OSPF/10] 11:34:35, metric 11

                    > to 192.168.2.238 via xe-2/0/1.308

169.254.8.0/24     *[OSPF/10] 11:34:35, metric 11

                    > to 192.168.2.238 via xe-2/0/1.308

192.168.2.128/29   *[BGP/170] 11:23:58, MED 102, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 44

192.168.2.136/29   *[BGP/170] 11:23:58, MED 101, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 306

192.168.2.140/30   *[BGP/170] 11:23:58, MED 0, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 16, Push 209(top)

192.168.2.144/30   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                      to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                    > to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.2.148/30   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 583, Push 209(top)

192.168.2.152/30   *[BGP/170] 11:23:58, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.2.156/30   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.2.160/30   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                      to 172.16.128.69 via xe-2/1/1.0, Push 516, Push 202(top)

                    > to 172.16.128.65 via xe-2/2/0.0, Push 516, Push 155(top)

192.168.2.164/30   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 146, Push 209(top)

192.168.2.168/30   *[BGP/170] 11:23:58, MED 0, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 16, Push 209(top)

192.168.2.172/30   *[BGP/170] 11:23:58, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.2.176/28   *[BGP/170] 11:23:58, MED 0, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 16, Push 209(top)

192.168.2.192/28   *[BGP/170] 11:23:58, MED 0, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                      to 172.16.128.69 via xe-2/1/1.0, Push 16, Push 202(top)

                    > to 172.16.128.65 via xe-2/2/0.0, Push 16, Push 155(top)

192.168.2.232/30   *[BGP/170] 11:23:58, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 23, Push 206(top)

192.168.2.236/30   *[Direct/0] 11:34:55

                    > via xe-2/0/1.308

192.168.2.237/32   *[Local/0] 11:34:55

                      Local via xe-2/0/1.308

192.168.2.240/29   *[BGP/170] 11:23:58, MED 0, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 38

192.168.2.252/30   *[OSPF/10] 11:34:35, metric 11

                    > to 192.168.2.238 via xe-2/0/1.308

192.168.3.192/26   *[BGP/170] 11:23:58, MED 51, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 146

192.168.4.224/27   *[BGP/170] 11:23:58, MED 51, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 23, Push 206(top)

192.168.6.224/27   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                      to 172.16.128.69 via xe-2/1/1.0, Push 537, Push 202(top)

                    > to 172.16.128.65 via xe-2/2/0.0, Push 537, Push 155(top)

192.168.7.224/27   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 794, Push 209(top)

192.168.8.224/27   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 361, Push 209(top)

192.168.9.224/27   *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.10.224/27  *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.12.224/27  *[BGP/170] 11:23:58, MED 51, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 375, Push 209(top)

192.168.21.224/27  *[BGP/170] 11:23:58, MED 51, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 23, Push 206(top)

192.168.22.224/27  *[BGP/170] 11:23:58, MED 51, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 247

192.168.24.224/27  *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 160, Push 202(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 160, Push 155(top)

192.168.25.224/27  *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 598, Push 209(top)

192.168.26.224/27  *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 437, Push 209(top)

192.168.27.224/27  *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.28.224/27  *[BGP/170] 11:23:58, MED 21, localpref 100, from 172.16.128.106

                      AS path: I, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 24, Push 207(top)

                      to 172.16.128.65 via xe-2/2/0.0, Push 24, Push 160(top)

192.168.32.0/24    *[OSPF/150] 11:34:35, metric 60, tag 0

                    > to 192.168.2.238 via xe-2/0/1.308

192.168.33.0/24    *[OSPF/150] 11:34:35, metric 60, tag 0

                    > to 192.168.2.238 via xe-2/0/1.308

192.168.253.103/32 *[BGP/170] 11:23:58, MED 0, localpref 100, from 172.16.128.106

                      AS path: ?, validation-state: unverified

                    > to 172.16.128.69 via xe-2/1/1.0, Push 38

192.168.253.109/32 *[Direct/0] 11:34:55

                    > via lo0.308

224.0.0.5/32       *[OSPF/10] 11:34:55, metric 1

                      MultiRecv

  
А вот эти самые hidden: 


user@mx240> show ospf route instance CLIENTOSPF

Topology default Route Table:



Prefix             Path  Route      NH       Metric NextHop       Nexthop

                   Type  Type       Type            Interface     Address/LSP

10.10.10.9         Intra Area/AS BR IP          102 shamlink.0

192.168.2.243      Intra AS BR      IP            2 shamlink.0

192.168.2.253      Intra AS BR      IP           10 xe-2/0/1.308  192.168.2.238

192.168.253.103    Intra Area/AS BR IP            1 shamlink.0

0.0.0.0/0          Ext1  Network    IP           61 xe-2/0/1.308  192.168.2.238

10.35.17.0/24      Intra Network    IP           11 xe-2/0/1.308  192.168.2.238

169.254.8.0/24     Intra Network    IP           11 xe-2/0/1.308  192.168.2.238

192.168.2.128/29   Intra Network    IP          103 shamlink.0

192.168.2.136/29   Intra Network    IP          102 shamlink.0

192.168.2.144/30   Ext1  Network    IP           22 shamlink.0

192.168.2.148/30   Ext1  Network    IP           22 shamlink.0

192.168.2.152/30   Ext1  Network    IP            2 shamlink.0

192.168.2.156/30   Ext1  Network    IP           22 shamlink.0

192.168.2.160/30   Ext1  Network    IP           22 shamlink.0

192.168.2.164/30   Ext1  Network    IP           22 shamlink.0

192.168.2.172/30   Ext1  Network    IP            2 shamlink.0

192.168.2.232/30   Ext1  Network    IP            2 shamlink.0

192.168.2.236/30   Intra Network    IP           10 xe-2/0/1.308

192.168.2.240/29   Intra Network    IP            2 shamlink.0

192.168.2.252/30   Intra Network    IP           11 xe-2/0/1.308  192.168.2.238

192.168.3.192/26   Ext1  Network    IP           52 shamlink.0

192.168.4.224/27   Ext1  Network    IP           52 shamlink.0

192.168.6.224/27   Ext1  Network    IP           22 shamlink.0

192.168.7.224/27   Ext1  Network    IP           22 shamlink.0

192.168.8.224/27   Ext1  Network    IP           22 shamlink.0

192.168.9.224/27   Ext1  Network    IP           22 shamlink.0

192.168.10.224/27  Ext1  Network    IP           22 shamlink.0

192.168.12.224/27  Ext1  Network    IP           52 shamlink.0

192.168.21.224/27  Ext1  Network    IP           52 shamlink.0

192.168.22.224/27  Ext1  Network    IP           52 shamlink.0

192.168.24.224/27  Ext1  Network    IP           22 shamlink.0

192.168.25.224/27  Ext1  Network    IP           22 shamlink.0

192.168.26.224/27  Ext1  Network    IP           22 shamlink.0

192.168.27.224/27  Ext1  Network    IP           22 shamlink.0

192.168.28.224/27  Ext1  Network    IP           22 shamlink.0

192.168.32.0/24    Ext1  Network    IP           60 xe-2/0/1.308  192.168.2.238

192.168.33.0/24    Ext1  Network    IP           60 xe-2/0/1.308  192.168.2.238

192.168.253.103/32 Intra Network    IP            2 shamlink.0


В этом гаджете обнаружена ошибка