네트워크/Security 2015. 5. 8. 16:13
@MPLS 캡처 내용.pcap
@ 다이나밉스 파일
'mpls.net' 파일은 'net' 폴더로 복사
'mpls.com' 파일은 '[CISCO] 실습' 폴더로 복사
[LAB-29] MPLS LDP 실습
@mpls_ldp_실습_preconfig.txt
1. 다음 NET 주소를 이용하여 ISIS 설정을 실시하여라.
|
R1 : 49.0123.0000.0000.0001.00 |
R2 : 49.0123.0000.0000.0002.00 |
R3 : 49.0123.0000.0000.0003.00 |
|
R4 : 49.0004.4444.4444.4444.00 |
R5 : 49.0005.5555.5555.5555.00 |
|
|
@ R2
router isis net 49.0123.0000.0000.0002.00 ! int lo 0 ip router ! int fa0/1 ip router ! int s1/0.12 ip router ! int s1/0.23 ip router
|
@ R1
router isis net 49.0123.0000.0000.0001.00 ! int lo 0 ip router ! int fa0/0 ip router ! int fa0/1 ip router ! int s1/0.12 ip router |
@ R3
router isis net 49.0123.0000.0000.0003.00 ! int lo 0 ip router isis ! int fa0/0 ip router isis ! int fa0/1 ip router isis ! int s1/0.23 ip router isis |
|
@ R4
router isis net 49.0004.4444.4444.4444.00 ! int lo 0 ip router ! int fa0/0 ip router |
@ R5
router isis net 49.0005.5555.5555.5555.00 ! int lo 0 ip router ! int fa0/0 ip router |
|
2. LDP 프로토콜을 이용하여 Label Switching을 실시하여라.
|
@ R2
mpls label protocol ldp mpls label range 2000 2222 mpls ldp router-id lo 0 ! int s1/0.12 mpls ip ! int s1/0.23 mpls ip |
@ R1
mpls label protocol ldp mpls label range 1000 1111 mpls ldp router-id lo 0 ! int s1/0.12 mpls ip ! int fa0/0 mpls ip |
@ R3
mpls label protocol ldp mpls label range 3000 3333 mpls ldp router-id lo 0 ! int s1/0.23 mpls ip ! int fa0/0 mpls ip |
|
@ R4
mpls label protocol ldp mpls label range 4000 4444 mpls ldp router-id lo 0 ! int fa0/0 mpls ip |
@ R5
mpls label protocol ldp mpls label range 5000 5555 mpls ldp router-id lo 0 ! int fa0/0 mpls ip |
|
3. 설정이 완료되었다면, 다음과 같은 정보 확인을 실시하여라.
|
R4#show mpls ldp neighbor Peer LDP Ident: 13.13.1. TCP connection: 13.13.1.1.646 - 13.13.4.4.19648 State: Oper; Msgs sent/rcvd: 20/21; Downstream Up time: LDP discovery sources: FastEthernet0/0, Src IP addr: 150.1.13.1 Addresses bound to peer LDP Ident: 150.1.13.1 13.13.11.1 13.13.9.1 13.13.10.1 13.13.1.1 |
|
R4#show mpls label range Downstream Generic label region: Min/Max label: 4000/4444 R4# R4#show mpls ldp bindings tib entry: 13.13.1.0/24, rev 2 local binding: tag: 4000 remote binding: tsr: 13.13.1. tib entry: 13.13.2.0/24, rev 4 local binding: tag: 4001 remote binding: tsr: 13.13.1. tib entry: 13.13.3.0/24, rev 6 local binding: tag: 4002 remote binding: tsr: 13.13.1. tib entry: 13.13.4.0/24, rev 8 local binding: tag: imp-null remote binding: tsr: 13.13.1. tib entry: 13.13.5.0/24, rev 10 local binding: tag: 4003 remote binding: tsr: 13.13.1. tib entry: 13.13.8.0/24, rev 12 local binding: tag: 4004 remote binding: tsr: 13.13.1. tib entry: 13.13.9.0/24, rev 14 local binding: tag: 4005 remote binding: tsr: 13.13.1. tib entry: 13.13.11.0/24, rev 16 local binding: tag: 4006 remote binding: tsr: 13.13.1. tib entry: 13.13.12.0/24, rev 18 local binding: tag: 4007 remote binding: tsr: 13.13.1. tib entry: 13.13.13.0/24, rev 20 local binding: tag: 4008 remote binding: tsr: 13.13.1. tib entry: 150.1.13.0/24, rev 22 local binding: tag: imp-null remote binding: tsr: 13.13.1. tib entry: 150.3.13.0/24, rev 24 local binding: tag: 4009 remote binding: tsr: 13.13.1. R4#traceroute 13.13.5.5 source 13.13.4.4
Type escape sequence to abort. Tracing the route to 13.13.5.5
1 150.1.13.1 [MPLS: Label 1003 Exp 0] 80 msec 68 msec 64 msec 2 13.13.9.2 [MPLS: Label 2003 Exp 0] 76 msec 80 msec 80 msec 3 13.13.8.3 [MPLS: Label 3003 Exp 0] 52 msec 48 msec 56 msec 4 150.3.13.254 56 msec * 60 msec R4# R4#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 4000 Pop tag 13.13.1.0/24 0 Fa0/0 150.1.13.1 4001 1000 13.13.2.0/24 0 Fa0/0 150.1.13.1 4002 1001 13.13.3.0/24 0 Fa0/0 150.1.13.1 4003 1003 13.13.5.0/24 0 Fa0/0 150.1.13.1 4004 1004 13.13.8.0/24 0 Fa0/0 150.1.13.1 4005 Pop tag 13.13.9.0/24 0 Fa0/0 150.1.13.1 4007 Pop tag 13.13.11.0/24 0 Fa0/0 150.1.13.1 4008 1005 13.13.12.0/24 0 Fa0/0 150.1.13.1 4009 1006 13.13.13.0/24 0 Fa0/0 150.1.13.1 4010 1007 150.3.13.0/24 0 Fa0/0 150.1.13.1 |
|
R1#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 1000 Pop tag 13.13.2.0/24 0 Se1/0.12 point2point 1001 2001 13.13.3.0/24 0 Se1/0.12 point2point 1002 Pop tag 13.13.4.0/24 5334 Fa0/0 150.1.13.254 1003 2003 13.13.5.0/24 1350 Se1/0.12 point2point 1004 Pop tag 13.13.8.0/24 0 Se1/0.12 point2point 1005 Pop tag 13.13.12.0/24 0 Se1/0.12 point2point 1006 2006 13.13.13.0/24 0 Se1/0.12 point2point 1007 2008 150.3.13.0/24 0 Se1/0.12 point2point |
|
R2#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 2000 Pop tag 13.13.1.0/24 0 Se1/0.12 point2point 2001 Pop tag 13.13.3.0/24 0 Se1/0.23 point2point 2002 1002 13.13.4.0/24 5136 Se1/0.12 point2point 2003 3003 13.13.5.0/24 2484 Se1/0.23 point2point 2005 Pop tag 13.13.11.0/24 0 Se1/0.12 point2point 2006 Pop tag 13.13.13.0/24 0 Se1/0.23 point2point 2007 Pop tag 150.1.13.0/24 0 Se1/0.12 point2point 2008 Pop tag 150.3.13.0/24 0 Se1/0.23 point2point |
|
R3#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 3000 2000 13.13.1.0/24 0 Se1/0.23 point2point 3001 Pop tag 13.13.2.0/24 0 Se1/0.23 point2point 3002 2002 13.13.4.0/24 5136 Se1/0.23 point2point 3003 Pop tag 13.13.5.0/24 3654 Fa0/0 150.3.13.254 3004 Pop tag 13.13.9.0/24 0 Se1/0.23 point2point 3005 2005 13.13.11.0/24 0 Se1/0.23 point2point 3006 Pop tag 13.13.12.0/24 0 Se1/0.23 point2point 3007 2007 150.1.13.0/24 0 Se1/0.23 point2point |
@ [LAB-30] MPLS VPN 실습
1. 다음 조건에 맞게 R1, R2, R3에서 MPLS Switching 환경을 구성하여라.
1.1 R1, R2, R3 Frame-Relay 구간에 MPLS 스위칭이 가능하도록 LDP를 Enable 하여라.
1.2 이때, Label 범위를 ‘x000~xxxx’로 조정하며, LDP Router-ID는 Loopback 0으로 사용하여라.
|
@ R1
mpls label protocol ldp mpls label range 1000 1111 mpls ldp router-id lo 0 ! int s1/0.12 mpls ip
|
@ R2
mpls label protocol ldp mpls label range 2000 2222 mpls ldp router-id lo 0 ! int s1/0.12 mpls ip ! int s1/0.23 mpls ip |
@ R3
mpls label protocol ldp mpls label range 3000 3333 mpls ldp router-id lo 0 ! int s1/0.23 mpls ip
|
1.3 설정이 완료되었다면, R1~R3에서 LDP 네이버 성립 상태와 Label 사용 범위를 확인하여라.
|
R1#show mpls ldp neighbor Peer LDP Ident: 13.13.2. TCP connection: 13.13.2.2.33060 - 13.13.1.1.646 State: Oper; Msgs sent/rcvd: 11/10; Downstream Up time: LDP discovery sources: Serial1/0.12, Src IP addr: 13.13.9.2 Addresses bound to peer LDP Ident: 13.13.9.2 13.13.8.2 13.13.2.2 R1# R1#show mpls label range Downstream Generic label region: Min/Max label: 1000/1111 |
|
R2#show mpls ldp neighbor Peer LDP Ident: 13.13.1. TCP connection: 13.13.1.1.646 - 13.13.2.2.33060 State: Oper; Msgs sent/rcvd: 12/13; Downstream Up time: LDP discovery sources: Serial1/0.12, Src IP addr: 13.13.9.1 Addresses bound to peer LDP Ident: 150.1.13.1 13.13.9.1 13.13.1.1 Peer LDP Ident: 13.13.3. TCP connection: 13.13.3.3.16305 - 13.13.2.2.646 State: Oper; Msgs sent/rcvd: 12/13; Downstream Up time: LDP discovery sources: Serial1/0.23, Src IP addr: 13.13.8.3 Addresses bound to peer LDP Ident: 150.3.13.1 13.13.8.3 13.13.3.3 R2# R2#show mpls label range Downstream Generic label region: Min/Max label: 2000/2222 |
|
R3#show mpls ldp neighbor Peer LDP Ident: 13.13.2. TCP connection: 13.13.2.2.646 - 13.13.3.3.16305 State: Oper; Msgs sent/rcvd: 14/12; Downstream Up time: LDP discovery sources: Serial1/0.23, Src IP addr: 13.13.8.2 Addresses bound to peer LDP Ident: 13.13.9.2 13.13.8.2 13.13.2.2 R3# R3#show mpls label range Downstream Generic label region: Min/Max label: 3000/3333 |
1.4 R1~R3에서 LIB(Lable Information Base) 정보와 LFIB(Lable Forwarding Information Base)를 확인하여라.
|
R1#show mpls ldp bindings tib entry: 13.13.1.0/24, rev 2 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 13.13.2.0/24, rev 4 local binding: tag: 1000 remote binding: tsr: 13.13.2. tib entry: 13.13.3.0/24, rev 6 local binding: tag: 1001 remote binding: tsr: 13.13.2. tib entry: 13.13.8.0/24, rev 8 local binding: tag: 1002 remote binding: tsr: 13.13.2. tib entry: 13.13.9.0/24, rev 10 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 150.1.13.0/24, rev 12 local binding: tag: imp-null R1# R1#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 1000 Pop tag 13.13.2.0/24 0 Se1/0.12 point2point 1001 2001 13.13.3.0/24 0 Se1/0.12 point2point 1002 Pop tag 13.13.8.0/24 0 Se1/0.12 point2point |
|
R2#show mpls ldp bindings tib entry: 13.13.1.0/24, rev 2 local binding: tag: 2000 remote binding: tsr: 13.13.1. remote binding: tsr: 13.13.3. tib entry: 13.13.2.0/24, rev 4 local binding: tag: imp-null remote binding: tsr: 13.13.1. remote binding: tsr: 13.13.3. tib entry: 13.13.3.0/24, rev 6 local binding: tag: 2001 remote binding: tsr: 13.13.1. remote binding: tsr: 13.13.3. tib entry: 13.13.8.0/24, rev 8 local binding: tag: imp-null remote binding: tsr: 13.13.1. remote binding: tsr: 13.13.3. tib entry: 13.13.9.0/24, rev 10 local binding: tag: imp-null remote binding: tsr: 13.13.1. remote binding: tsr: 13.13.3. tib entry: 150.1.13.0/24, rev 11 remote binding: tsr: 13.13.1. tib entry: 150.3.13.0/24, rev 12 remote binding: tsr: 13.13.3. R2# R2#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 2000 Pop tag 13.13.1.0/24 0 Se1/0.12 point2point 2001 Pop tag 13.13.3.0/24 0 Se1/0.23 point2point |
|
R3#show mpls ldp bindings tib entry: 13.13.1.0/24, rev 2 local binding: tag: 3000 remote binding: tsr: 13.13.2. tib entry: 13.13.2.0/24, rev 4 local binding: tag: 3001 remote binding: tsr: 13.13.2. tib entry: 13.13.3.0/24, rev 6 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 13.13.8.0/24, rev 8 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 13.13.9.0/24, rev 10 local binding: tag: 3002 remote binding: tsr: 13.13.2. tib entry: 150.3.13.0/24, rev 12 local binding: tag: imp-null R3# R3#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 3000 2000 13.13.1.0/24 0 Se1/0.23 point2point 3001 Pop tag 13.13.2.0/24 0 Se1/0.23 point2point 3002 Pop tag 13.13.9.0/24 0 Se1/0.23 point2point |
1.5 R1과 R3에서 ‘traceroute’를 실시하여 Label Push-Swap-Pop 동작을 확인하여라.
|
R1#traceroute 13.13.3.3
Type escape sequence to abort. Tracing the route to 13.13.3.3
1 13.13.9.2 [MPLS: Label 2001 Exp 0] 68 msec 92 msec 64 msec 2 13.13.8.3 80 msec * 60 msec |
|
R3#traceroute 13.13.1.1
Type escape sequence to abort. Tracing the route to 13.13.1.1
1 13.13.8.2 [MPLS: Label 2000 Exp 0] 124 msec 56 msec 80 msec 2 13.13.9.1 68 msec * 56 msec |
2. R1과 R3간에 IBGP 네이버를 성립하여 MBGP를 구현하여라.
|
@ R1
router bgp 13 bgp router-id 13.13.1.1 neighbor 13.13.3.3 remote-as 13 neighbor 13.13.3.3 update-source lo 0 ! address-family vpnv4 neighbor 13.13.3.3 activate neighbor 13.13.3.3 send-community extended |
@ R3
router bgp 13 bgp router-id 13.13.3.3 neighbor 13.13.1.1 remote-as 13 neighbor 13.13.1.1 update-source lo 0 ! address-family vpnv4 neighbor 13.13.1.1 activate neighbor 13.13.1.1 send-community extended |
|
R1#show ip bgp summary BGP router identifier 13.13.1.1, local AS number 13 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 13.13.3.3 4 13 4 3 1 0 0 R1# R1#show ip bgp vpnv4 all summary BGP router identifier 13.13.1.1, local AS number 13 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 13.13.3.3 4 13 4 3 1 0 0 | |
|
R3#show ip bgp summary BGP router identifier 13.13.3.3, local AS number 13 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 13.13.1.1 4 13 4 5 1 0 0 R3# R3#show ip bgp vpnv4 all summary BGP router identifier 13.13.3.3, local AS number 13 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 13.13.1.1 4 13 4 5 1 0 0 | |
3. 다음 조건에 맞게 R1과 R3에서 ABC Site-1/2를 위한 VRF를 구성하여라.
3.1 ABC Site-1/2에서 사용할 RD는 13:100으로 구성하여라.
3.2 ABC Site-1 정보가 Site-2로 광고될 때, R1에서는 RT 값을 ‘13:103’를 사용하여라.
3.3 ABC Site-2 정보가 Site-1로 광고될 때, R3에서는 RT 값을 ’13:301’를 사용하여라.
|
@ R1
ip vrf ABC rd 13:100 route-target export 13:103 route-target import 13:301 ! int fa0/0 ip vrf forwarding ABC ip address 150.1.13.1 255.255.255.0 |
@ R3
ip vrf ABC rd 13:100 route-target export 13:301 route-target import 13:103 ! int fa0/0 ip vrf forwarding ABC ip address 150.3.13.1 255.255.255.0 |
3.4 R1과 R3에서 일반 라우팅 테이블(Global Routing Table)과 VRF 라우팅 테이블을 확인하여라.
|
R1#show ip vrf Name ABC 13:100 Fa0/0 R1#show ip route ~ 중간 생략 ~ Gateway of last resort is not set
13.0.0.0/24 is subnetted, 5 subnets C 13.13.1.0 is directly connected, Loopback0 i L1 13.13.2.0 [115/20] via 13.13.9.2, Serial1/0.12 i L1 13.13.3.0 [115/30] via 13.13.9.2, Serial1/0.12 i L1 13.13.8.0 [115/20] via 13.13.9.2, Serial1/0.12 C 13.13.9.0 is directly connected, Serial1/0.12 R1# R1#show ip route vrf ABC
Routing Table: ABC ~ 중간 생략 ~
Gateway of last resort is not set
150.1.0.0/24 is subnetted, 1 subnets C 150.1.13.0 is directly connected, FastEthernet0/0 R1# R1#ping vrf ABC 150.1.13.254
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.13.254, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 28/33/40 ms |
|
R3#show ip vrf Name ABC 13:100 Fa0/0 R3# R3#show ip route ~ 중간 생략 ~
Gateway of last resort is not set
13.0.0.0/24 is subnetted, 5 subnets i L1 13.13.1.0 [115/30] via 13.13.8.2, Serial1/0.23 i L1 13.13.2.0 [115/20] via 13.13.8.2, Serial1/0.23 C 13.13.3.0 is directly connected, Loopback0 C 13.13.8.0 is directly connected, Serial1/0.23 i L1 13.13.9.0 [115/20] via 13.13.8.2, Serial1/0.23 R3# R3#show ip route vrf ABC
Routing Table: ABC ~ 중간 생략 ~ Gateway of last resort is not set
150.3.0.0/24 is subnetted, 1 subnets C 150.3.13.0 is directly connected, FastEthernet0/0 R3# R3#ping vrf ABC 150.3.13.254
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.3.13.254, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 28/44/64 ms |
4. ABC Site-1 구간에서 OSPF Area 0을 구성하며, OSPF와 BGP 간에 재분배를 실시하여라.
|
@ R1
router ospf 1 vrf ABC router-id 13.13.1.1 network 150.1.13.1 0.0.0.0 area 0 redistribute bgp 13 subnets ! router bgp 13 address-family ipv4 vrf ABC redistribute ospf 1 match internal external |
@ R4
router ospf 1 router-id 13.13.4.4 network 13.13.4.4 0.0.0.0 area 0 network 13.13.14.4 0.0.0.0 area 0 network 13.13.144.4 0.0.0.0 area 0 network 150.1.13.254 0.0.0.0 area 0 |
5. ABC Site-2 구간에서 OSPF Area 0을 구성하며, OSPF와 BGP 간에 재분배를 실시하여라.
|
@ R3
router ospf 1 vrf ABC router-id 13.13.3.3 network 150.3.13.1 0.0.0.0 area 0 redistribute bgp 13 subnets ! router bgp 13 address-family ipv4 vrf ABC redistribute ospf 1 match internal external |
@ R5
router ospf 1 router-id 13.13.5.5 network 13.13.5.5 0.0.0.0 area 0 network 13.13.15.5 0.0.0.0 area 0 network 13.13.155.5 0.0.0.0 area 0 network 150.3.13.254 0.0.0.0 area 0 |
6. R1과 R3에서 MBGP 포워딩 테이블과 VRF 라우팅 테이블을 확인하여라.
|
R1#show ip bgp vpnv4 all summary ~ 중간 생략 ~ Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 13.13.3.3 4 13 48 48 14 0 0 R1# R1#show ip bgp vpnv4 all ~ 중간 생략 ~
Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 13:100 (default for vrf ABC) *> 13.13.4.4/32 150.1.13.254 11 32768 ? *>i13.13.5.5/32 13.13.3.3 11 100 0 ? *> 13.13.14.4/32 150.1.13.254 11 32768 ? *>i13.13.15.5/32 13.13.3.3 11 100 0 ? *> 13.13.144.0/24 150.1.13.254 11 32768 ? *>i13.13.155.0/24 13.13.3.3 11 100 0 ? *> 150.1.13.0/24 0.0.0.0 0 32768 ? *>i150.3.13.0/24 13.13.3.3 0 100 0 ? R1# R1#show ip route vrf ABC
Routing Table: ABC ~ 중간 생략 ~ Gateway of last resort is not set
13.0.0.0/8 is variably subnetted, 6 subnets, 2 masks B 13.13.5.5/32 [200/11] via 13.13.3.3, O 13.13.4.4/32 [110/11] via 150.1.13.254, B 13.13.15.5/32 [200/11] via 13.13.3.3, O 13.13.14.4/32 [110/11] via 150.1.13.254, O 13.13.144.0/24 [110/11] via 150.1.13.254, B 13.13.155.0/24 [200/11] via 13.13.3.3, 150.1.0.0/24 is subnetted, 1 subnets C 150.1.13.0 is directly connected, FastEthernet0/0 150.3.0.0/24 is subnetted, 1 subnets B 150.3.13.0 [200/0] via 13.13.3.3, |
|
R3#show ip bgp vpnv4 all summary ~ 중간 생략 ~ Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 13.13.1.1 4 13 49 50 17 0 0 R3# R3#show ip bgp vpnv4 all ~ 중간 생략 ~ Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 13:100 (default for vrf ABC) *>i13.13.4.4/32 13.13.1.1 11 100 0 ? *> 13.13.5.5/32 150.3.13.254 11 32768 ? *>i13.13.14.4/32 13.13.1.1 11 100 0 ? *> 13.13.15.5/32 150.3.13.254 11 32768 ? *>i13.13.144.0/24 13.13.1.1 11 100 0 ? *> 13.13.155.0/24 150.3.13.254 11 32768 ? *>i150.1.13.0/24 13.13.1.1 0 100 0 ? *> 150.3.13.0/24 0.0.0.0 0 32768 ? R3# R3#show ip route vrf ABC
Routing Table: ABC ~ 중간 생략 ~
Gateway of last resort is not set
13.0.0.0/8 is variably subnetted, 6 subnets, 2 masks O 13.13.5.5/32 [110/11] via 150.3.13.254, B 13.13.4.4/32 [200/11] via 13.13.1.1, O 13.13.15.5/32 [110/11] via 150.3.13.254, B 13.13.14.4/32 [200/11] via 13.13.1.1, B 13.13.144.0/24 [200/11] via 13.13.1.1, O 13.13.155.0/24 [110/11] via 150.3.13.254, 150.1.0.0/24 is subnetted, 1 subnets B 150.1.13.0 [200/0] via 13.13.1.1, 150.3.0.0/24 is subnetted, 1 subnets C 150.3.13.0 is directly connected, FastEthernet0/0 |
7. R1에서 LFIB 테이블 정보를 확인하고 다음과 같이 ‘traceroute’를 실시하여 MPLS VPN 동작을 확인하여라.
|
R1#show ip bgp vpnv4 vrf ABC labels Network Next Hop In label/Out label Route Distinguisher: 13:100 (ABC) 13.13.4.4/32 150.1.13.254 1004/nolabel 13.13.5.5/32 13.13.3.3 nolabel/3004 13.13.14.4/32 150.1.13.254 1005/nolabel 13.13.15.5/32 13.13.3.3 nolabel/3005 13.13.144.0/24 150.1.13.254 1006/nolabel 13.13.155.0/24 13.13.3.3 nolabel/3006 150.1.13.0/24 0.0.0.0 1003/aggregate(ABC) 150.3.13.0/24 13.13.3.3 nolabel/3003 R1# R1#show mpls ldp bindings tib entry: 13.13.1.0/24, rev 2 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 13.13.2.0/24, rev 8 local binding: tag: 1000 remote binding: tsr: 13.13.2. tib entry: 13.13.3.0/24, rev 12 local binding: tag: 1002 remote binding: tsr: 13.13.2. tib entry: 13.13.8.0/24, rev 10 local binding: tag: 1001 remote binding: tsr: 13.13.2. tib entry: 13.13.9.0/24, rev 4 local binding: tag: imp-null remote binding: tsr: 13.13.2. R1# R1#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 1000 Pop tag 13.13.2.0/24 0 Se1/0.12 point2point 1001 2001 13.13.3.0/24 0 Se1/0.12 point2point 1002 Pop tag 13.13.8.0/24 0 Se1/0.12 point2point 1003 Aggregate 150.1.13.0/24[V] 0 1004 Untagged 13.13.4.4/32[V] 0 Fa0/0 150.1.13.254 1005 Untagged 13.13.14.4/32[V] 0 Fa0/0 150.1.13.254 1006 Untagged 13.13.144.0/24[V] 0 Fa0/0 150.1.13.254 R1#traceroute vrf ABC 13.13.15.5
Type escape sequence to abort. Tracing the route to 13.13.15.5
1 13.13.9.2 [MPLS: Labels 2001/3005 Exp 0] 108 msec 196 msec 120 msec 2 150.3.13.1 [MPLS: Label 3005 Exp 0] 60 msec 60 msec 60 msec 3 150.3.13.254 100 msec * 88 msec |
|
R4#show ip route ospf 13.0.0.0/8 is variably subnetted, 6 subnets, 2 masks O IA 13.13.5.5/32 [110/21] via 150.1.13.1, O IA 13.13.15.5/32 [110/21] via 150.1.13.1, O IA 13.13.155.0/24 [110/21] via 150.1.13.1, 150.3.0.0/24 is subnetted, 1 subnets O IA 150.3.13.0 [110/11] via 150.1.13.1, R4# R4#ping 13.13.15.5
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.13.15.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 124/130/140 ms |
8. R2에서 LFIB 테이블 정보를 확인하여라.
|
R2#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 2000 Pop tag 13.13.1.0/24 7056 Se1/0.12 point2point 2001 Pop tag 13.13.3.0/24 6373 Se1/0.23 point2point |
9. R3에서 LFIB 테이블 정보와 VRF 라우팅 테이블을 확인하여라.
|
R3#show ip bgp vpnv4 vrf ABC labels Network Next Hop In label/Out label Route Distinguisher: 13:100 (ABC) 13.13.4.4/32 13.13.1.1 nolabel/1004 13.13.5.5/32 150.3.13.254 3004/nolabel 13.13.14.4/32 13.13.1.1 nolabel/1005 13.13.15.5/32 150.3.13.254 3005/nolabel 13.13.144.0/24 13.13.1.1 nolabel/1006 13.13.155.0/24 150.3.13.254 3006/nolabel 150.1.13.0/24 13.13.1.1 nolabel/1003 150.3.13.0/24 0.0.0.0 3003/aggregate(ABC) R3# R3#show mpls ldp bindings tib entry: 13.13.1.0/24, rev 12 local binding: tag: 3002 remote binding: tsr: 13.13.2. tib entry: 13.13.2.0/24, rev 8 local binding: tag: 3000 remote binding: tsr: 13.13.2. tib entry: 13.13.3.0/24, rev 2 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 13.13.8.0/24, rev 4 local binding: tag: imp-null remote binding: tsr: 13.13.2. tib entry: 13.13.9.0/24, rev 10 local binding: tag: 3001 remote binding: tsr: 13.13.2. R3# R3#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 3000 2000 13.13.1.0/24 0 Se1/0.23 point2point 3001 Pop tag 13.13.2.0/24 0 Se1/0.23 point2point 3002 Pop tag 13.13.9.0/24 0 Se1/0.23 point2point 3003 Aggregate 150.3.13.0/24[V] 0 3004 Untagged 13.13.5.5/32[V] 570 Fa0/0 150.3.13.254 3005 Untagged 13.13.15.5/32[V] 1254 Fa0/0 150.3.13.254 3006 Untagged 13.13.155.0/24[V] 0 Fa0/0 150.3.13.254 R3# R3#show ip route vrf ABC
Routing Table: ABC ~ 중간 생략 ~
Gateway of last resort is not set
13.0.0.0/8 is variably subnetted, 6 subnets, 2 masks O 13.13.5.5/32 [110/11] via 150.3.13.254, B 13.13.4.4/32 [200/11] via 13.13.1.1, O 13.13.15.5/32 [110/11] via 150.3.13.254, B 13.13.14.4/32 [200/11] via 13.13.1.1, B 13.13.144.0/24 [200/11] via 13.13.1.1, O 13.13.155.0/24 [110/11] via 150.3.13.254, 150.1.0.0/24 is subnetted, 1 subnets B 150.1.13.0 [200/0] via 13.13.1.1, 150.3.0.0/24 is subnetted, 1 subnets C 150.3.13.0 is directly connected, FastEthernet0/0 |
'네트워크 > Security' 카테고리의 다른 글
| 네트워크 보안 실습 (0) | 2016.07.27 |
|---|---|
| AAA & ACS (0) | 2015.06.26 |
| NAT & DHCP (0) | 2015.04.07 |
| ACL & Cisco IOS Firewall (0) | 2015.04.02 |
| AAA & ACS Server(TACACS+, RADIUS) (0) | 2015.03.30 |
