Tc gi: + Nguyn Th Bng Tm 5.1.

Phn tch cc bc cu hnh trn router ca Cisco Trong ti ny s dng thit b router ca Cisco m phng mng MPLS/VPN. Mng MPLS l mng chuyn mch nhn, thch hp cho mi trng truyn dn tc cao. Do , trong thc t khi trin khai m hnh mng ny s dng cc router dng cho mng li nh router dng 7200, router dng 12000 c im ca router Cisco ging nh mt my tnh, n cn phi c h iu hnh ci t vo. H iu hnh trong cc thit b ca Cisco c gi l IOS. Ty vo tng IOS m c th p ng tng hot ng dch v khc nhau. i vi MPLS, cn s dng IOS phin bn dnh Enterprise Plus (phin bn js). Tuy nhin, trong ti ny, vic cu hnh mng MPLS/VPN ch l cu hnh trong phng th nghim, do s dng cc router nh nh router series 2600, hay router series 2500. Trc khi i vo phn lm lab, ta i tm hiu cc bc cu hnh VPN v QoS, TE cn thit trong mng MPLS. 5.1.1. Cu hnh VPN trong mng MPLS Cc bc cu hnh VPN ti router PE: Bc 1: Khi bo VRF trong router PE Bc 2: Cu hnh phin MP-BGP gia cc router PE. Bc 3: Cu hnh nh tuyn gia router PE v CE. Bc 4: Kim tra, gim st hot ng MPLS/VPN 5.1.1.a. Khai bo VRF trong router PE Khai bo VRF theo s sau :

Trnh t khai bo gm cc bc nh sau: To bng VRF ng k Route Distinguisher cho VRF Ch ra cc gi tr Route target xut v nhp ng k VRF vo interface. To bng VRF S dng cu lnh: router(config)# ip vrf vrf_name vrf_name l tn ca vrf cn to, tn ca vrf l case-sensitive, tc l c s phn bit ch thng v ch hoa. N ch c ngha cc b Mun xo vrf ra khi router: no ip vrf vrf_name ng k RD VRF s khng hot ng nu khng c gi tr RD ng k cho n. ng k rd vo VRF bng cu lnh sau: rd route-distinguisher

+ Mi VRF ch c mt gi tr rd duy nht. + C th s dng format ASN:nn hoc A.B.C.D:nn ng k cho RD. + Ch ra gi tr Route Target import v export to route-target extended community cho VRF, s dng cu lnh route-target trong submode ca vrf. tt cu hnh route-target, s dng lnh no. route-target {import | export | both} route-target-ext-community no route-target {import | export | both} route-target-ext-community + Import: nhp thng tin nh tuyn t target VPN extended community + Export: xut thng tin nh tuyn n target VPN extended community + Both: nhp c thng tin nh tuyn nhp v xut n target VPN extended community. + Route-tartget-ext-community: l gi tr ca route-target, format ca route-target cng tng t nh route-distinguisher, c th l AS:nn hoc A.B.C.D:nn. + ng k interface vo VRF S dng cu lnh ip vrf forwarding trong mode interface: Router(config)# ip vrf forwarding vrf-name + Khi p t interface vo vrf, a ch ip trn interface s b loi b i, lc ta cn cu hnh li a ch ip. + Chuyn mch CEF phi c bt ln trn interface. 5.1.1.b. Cu hnh phin MP-BGP gia cc router PE + Cu hnh BGP address family. + Cu hnh lng ging MP-BGP. + Kch hot lng ging BGP c cu hnh cho vic trao i route VPNv4. + Ch ra cc tham s cho vic trao i route VPNv4 (nh filter, next-hop v.v) + Cu hnh address family Cu hnh address family la chn routing context m ta mun s dng. Bao gm cc bc sau: + Cu hnh tin trnh nh tuyn BGP global: Router(config)# router bgp autonomous-system vo submode address family cu hnh cc giao thc nh tuyn nh BGP, RIPv2, v nh tuyn tnh, s dng cu lnh address-family. tt tnh nng ny th s dng no pha trc cu lnh. + Cu hnh trao i cc prefix vpnv4: address-family vpnv4 [unicast] no address-family vpnv4 [unicast] + Cu hnh cc tham s trn vrf gia PE v CE:

address-family ipv4 [unicast] vrf vrf-name address-family ipv4 [unicast] vrf vrf-name + Cu hnh lng ging MP-BGP Tt c lng ging MP-BGP phi c cu hnh mode cu hnh nh tuyn global BGP. Phin MP-BGP phi chy gia cc interface loopback. Cu lnh nh sau: router(config)#

+ Cu hnh dnh cho vic trao i cc route VPNv4 router(config-router)#address-family vpnv4 router(config-router-af)#neighbor {ip-address| peer-group-name} activate + Kch hot vic trao i route vpnv4 router(config-router-af)#neighbor ip-address send-community [extended| both] + c s dng truyn community extended BGP v standard BGP gn vo VPNv4. Trong , community extended BGP phi c trao i gia cc lng ging MP-BGP vi nhau. router(config-router)#no bgp default ipv4 unicast + Vic trao i route Ipv4 gia cc BGP lng ging c bt ln mc nh, mi lng ging c cu hnh s nhn route Ipv4 bn cnh route VPNv4. S dng cu lnh ny khi trn cng mt router mang c cc route internet v route VPNv4, v ta khng mun truyn route internet n router PE khc. 5.1.1.c. Cu hnh nh tuyn gia router PE v router CE Mi khch hng c th chy mi giao thc nh tuyn ring bit khi kt ni vo router PE. Trn router PE ch cn cu hnh trn mi VRF thuc v khch hng giao thc nh tuyn ca ring h th xem nh kt ni gia router PE v CE c thnh lp. Giao thc nh tuyn per-VRF c th c cu hnh theo hai cch: + Nu ch c BGP hay RIP hay nh tuyn tnh, cc tham s per_VRF sex c ch ra trong routing context, di cu lnh address family. + Tin trnh OSPF c cu hnh trn mi VRF. Tng s tin trnh nh tuyn trn mi router ti a l 32. Cu hnh routing context VRF s dng nh tuyn tnh

La chn u tin l chy giao thc nh tuyn tnh gia router PE v CE. Thng tin nh tuyn ny c redistribute vo BGP qung b qua phin MP-iBGP. y s l la chn tt nu site s dng dch v VPN l stub site, tc l ch c mt im entry vo mng nh cung cp dch v. Cu trc cu lnh nh sau: ip route vrf vrf-name static route parameters Cu hnh routing context VRF cho BGP v RIPv2.

+ VRF routing context c la chn bng cu lnh address-family ipv4 vrf vrf-name trong tin trnh nh tuyn ca RIP v BGP. Tt c cc tham s nh tuyn ca ring tng mi giao thc (network number, passive interface, neighbor, filter) c cu hnh di a ch family ny . + Cu hnh per-VRF BGP routing context Khch hng c th chy giao thc nh tuyn BGP-4 v trao i cc route VPNv4 dc phin BGP-4. Vi la chn ny, tt c cc route c hc t router CE s c qung b vo dc mng backbone MPLS/VPN s dng phin MP-iBGP tn ti trc gia cc router PE. Khi cu trnh BGP gia PE v CE, nh phn trn ta thy, bt u cu hnh per-VRF BGP vi cu lnh address-family ipv4 vrf vrf-name. Sau khi tin vo mode cu hnh address family, ta nh ngha lng ging BGP trn c CE v PE v kch hot chng. Sau cu hnh redistribute t tt c cc giao thc nh tuyn per-VRF khc vo BGP. Ch l lun cu hnh BGP address-family cho mi VRF, v cu hnh redistribute route vo BGP ngay c khi khng s dng BGP l giao thc nh tuyn gia PE v CE. Mt s lu khi cu hnh nh tuyn gia PE v CE: + Tt tnh nng BGP synchronization (mc nh l c bt ln). + Tt tnh nng auto-summarization (t ng thu gn subnet li thnh lp mng classfull) (mc nh c bt ln). Mng MPLS/VPN backbone phi truyn route ca khch hng nh ban u, khng c thay i n m bo s trong sut nh tuyn u cui n u cui gia cc site khch hng. + Redistribute cc route BGP vo IGP phi c tt i (mc nh l c bt ln). + Cu hnh nh tuyn RIP gia PE v CE Cu hnh RIP n gin hn BGP. Cng nh BGP, cu hnh routing context ta vo mode cu hnh address-family ipv4 vrf vrf-name. Tt c cc tham s RIP c cu hnh di mode ny. Ch c RIPv2 mi tnh nng address-family. Cc route BGP phi c truyn li vo RIP nu ta mun nh tuyn RIP u cui u cui trong mng khch hng.

IGP metric lun lun c copy vo trong thuc tnh MED ca BGP route khi route IGP c redistribute vo BGP. Vi giao thc BGP-4 chun, thuc tnh ch c s dng khi la chn route, v khng c copy ngc vo li IGP metric. Trong MPLS/VPN m rng cu lnh redistribute metric transparent cho php MED c thm vo cc route c redistribute nh l metric ca RIP khi BGP qung b route ngc li vo RIP. iu ny cho php ta trong sut nh tuyn RIP gia u cui khch hng: + Rip hop count c thm vo attribute MED khi route RIP c ingress router PE redistribute vo BGP. + Gi tr attribute MED (l RIP hop count trc ) c copy vo RIP hop count, nu c cu hnh, khi BGP route c redistribute li vo RIP. Do ton b mng backbone MPLS/VPN ging nh mt hop n l i vi cc router CE. Cu hnh nh tuyn OSPF gia router PE v CE Thng tin nh tuyn c hc t cc site khch hng thng qua OSPF c t vo VRF tng ng vi interface ng vo ging nh cc c ch m ta tho lun trn y. Cc route ny sau c qung b dc mng backbone MPLS/VPN gia cc router PE s dng MP-iBGP, v c nhp vo VRF thch hp trn router PE khc. Giao thc nh tuyn OSPF c thit k h tr kin trc mng phn tng vi mng backbone trung tm. Mng chy OSPF c chia thnh cc area. Tt c cc area phi kt ni trc tip vo area backbone (area 0). Ton b mng OSPF (area backbone v cc area khc kt ni vo n) c gi l OSPF domain (min OSPF). h tr kt ni OSPF gia PE v CE trong mng MPLS/VPN, cn phi c s m rng cu trc phn tng trong OSPF chy cc tin trnh OSPF c lp vi nhau v hc cc route t site khc m khng cn phi thit lp mi quan h cn k trc tip. Khc vi cc giao thc nh tuyn khc l chy cc routing context khc nhau nhng trong cng mt tin trnh, cn OSPF mi VRF chy mi tin trnh nh tuyn khc nhau (tc l c process-ID khc nhau), do cn phi c s cch ly gia cc tin trnh OSPF trn router PE. p ng yu cu ny, cu lnh router ospf c m rng, c cu trc nh sau:

truyn c cc route ca khch hng qua mng backbone MPLS th n phi c redistribute vo MP-BGP. Nh ta bit, bt k khi no mt route c redistribute vo OSPF t giao thc nh tuyn khc, n c xem nh l external OSPF route. Trong mng MPLS VPN cng vy khi khch hng s dng OSPF lm giao thc nh tuyn chy trn kt ni PE CE. Cc route OSPF c router PE nhn s c truyn dc mng backbone, v c redistribute ngc li vo OSPF site khc nh l external OSPF route. Mt s c im i vi external OSPF route l: + External route khng th summarize. + External route c flood n tt c cc OSPF area khc.

+ External route c th s dng metric type khc, metric ny khng thch hp vi OSPF cost. + External route khng c thm vo nhng area no c xem l stub v not-so-stubby (NSSA). + Cc route internal lun lun c u tin hn i vi cc route external, bt chp cost ca chng nh th no. V nhng c im trn, vic chuyn khch hng OSPF s dng dch v MPLS VPN c th gy ra nhiu vn i vi nh tuyn khch hng. Do khi kin trc MPLS VPN phi m rng m hnh nh tuyn OSPF-BGP h tr s trong sut i vi khch hng. Kin trc MPLS VPN h tr mng backbone qua area 0 (superbackbone). Tc l mng MPLS VPN s l superbackbone, cn cc site khch hng khc c th chy OSPF cc area khc nhau, k c area 0. iu ny cho php area backbone OSPF (area 0) c tch ra cc site khch hng MPLS/VPN. + Mng superbackbone phi p ng c cc mc tiu sau: - Super-backbone khng s dng c ch redistribute OPSF-BGP chun - OSPF continity phi c h tr gia cc site OSPF: + Internal route OPSF phi c duy tr l internal route OSPF. + External route OSPF phi c duy tr l external route OSPF. + Cc route khng phi l OSPF c redistribute vo OSPF phi xut hin nh l external route OSPF trong OSPF. + Metric OSPF v metric type (external 1 v external 2) phi c bo v (tc l khng c thay i). - OSPF super-backbone phi trong sut i vi router CE chy giao thc OSPF. Router PE kt ni cc area OSPF ca khch hng vo mng super-backbone s c xem l ABR trong OSPF area. Cc route OSPF intra-area c thm vo mng OSPF superbackbone bng cch redistribute route OSPF vo MP-BGP. Route summarization c th c router PE thc hin trn bin redistribute. Cc route MP-BGP c truyn n router PE khc, lc ny n c truyn vo cc OSPF area khc nh l inter-area route. + Mt s quy tc i vi mng super-backbone MPLS VPN: - OSPF super-backbone c c c im chnh xc nh area o trong OSPF thng thng. + Router PE c xem l Area Border router. + Cc route c redistribute t BGP vo OSPF xut hin nh l inter-area route nu route khi to l inter-area hoc intra-area route, v c xem l external route nu route khi to l external route. V d nh cc route bt u t area 0 ca site ny khi n area 0 ca site khc s c xem l inter-area route. Bt k khi no router PE nhn cp nht MP-iBGP c cc prefix c hc thng qua OSPF do router PE u xa gi ti, n phi c kh nng nhn din loi route OSPF no c trong cp nht. iu ny thc s cn thit cho router PE pht ra LSA thch hp n router CE ca khch hng VPN da trn loi route OSPF m n nhn c. h tr yu cu ny, khi router PE truyn route OSPF vo MP-iBGP thng qua redistribute, thuc tnh BGP Community m rng c s dng truyn thuc tnh OSPF ca route.

Format ca community ny c nh ngha nh bng sau: Bng 5.1: Format ca thuc tnh Community