链路cost规划不当导致业务流量成环
问题描述
1、拓扑组网:
XX1_WN_DS与XX2_WN_DS之间运行ospf 400,属于area 0区域;XX2_WN_DS与AS之间运行ospf 400 属于area 1;XX1_WN_DS_01与XX1_WN_DS_02之间部署IBGP路由协议
2、路由控制策略
XX1_WN_DS_01 BGP路由控制策略:
ospf 400路由引入bgp并拒绝从横联vlan 880接口学习的ospf 400路由,设置团体属性no-export;
bgp路由优先级设置为170
route-policy p_setmed deny node 1
if-match interface Vlanif880 ##XX1_WN_DS_01与XX1_WN_DS_02横联接口
#
route-policy p_setmed permit node 10
apply cost 10
apply community no-export
#
bgp 65XXX
ipv4-family unicast
preference 170 170 170
import-route ospf 400 route-policy p_setmed
#
XX1_WN_DS_01 OSPF路由控制策略:OSPF 400将接收到的办公(匹配Branch_Other_Routes前缀的路由)路由优先级设置为190
ip ip-prefix Branch_Other_Routes index 10 permit x.x.0.0 19 greater-equal 19 less-equal 32
route-policy Pre_OSPF400 permit node 10
if-match ip-prefix Branch_Other_Routes
apply preference 190
#
ospf 400 router-id x.x.x.x
preference route-policy Pre_OSPF400 10
preference ase route-policy Pre_OSPF400 150
XX1_WN_DS_02 BGP路由控制策略:
ospf 400路由引入bgp并拒绝从横联vlan 880接口学习的ospf 400路由,设置团体属性no-export;
bgp路由优先级设置为170
route-policy p_setmed deny node 1
if-match interface Vlanif880 ##XX1_WN_DS_01与XX1_WN_DS_02横联接口
#
route-policy p_setmed permit node 10
apply cost 10
apply community no-export
#
bgp 65XXX
ipv4-family unicast
preference 170 170 170
import-route ospf 400 route-policy p_setmed
#
XX1_WN_DS_02 OSPF路由控制策略:OSPF 400将接收到的生产(匹配Branch_Prd_Routes前缀的路由)路由优先级设置为190
ip ip-prefix Branch_Prd_Routes index 10 permit y.y.0,0 15 greater-equal 15 less-equal 32
route-policy Pre_OSPF400 permit node 10
if-match ip-prefix Branch_Prd_Routes
apply preference 190
#
ospf 400 router-id x.x.x.x
preference route-policy Pre_OSPF400 10
preference ase route-policy Pre_OSPF400 150
客户的设计目标是,所有至生产的流量都经过XX1_WN_DS_01转发,所有至办公的流量都经过XX1_WN_DS_02转发。
目标流量模型:
问题:由于XX2_WN_DS_01与XX2_WN_DS_02间横联cost规划与XX1_WN_DS_01与XX1_WN_DS_02间横联cost规划一致,在XX2_WN_DS_01与AS01间链路故障时:部分生产在XX1_WN_DS_01与XX1_WN_DS_02间形成环路。
XX1_WN_DS_01学习到两条等价的生产路由,两条路由的cost都是250,下一跳分别是至XX2_WN_DS_01和XX1_WN_DS_02。
经XX1_WN_DS_01至生产的流量当被负荷分担到至XX1_WN_DS_02时,流量到达XX1_WN_DS_02后发现IBGP学习到的生产路由优先级为170,比ospf 400学习到的190更优,因此流量会匹配IBGP路由再回送至XX1_WN_DS_01,
从而导致这部分流量随机在XX1_WN_DS_01和XX1_WN_DS_02之间来回传递。
解决方案
将XX2_WN_DS_01和XX2_WN_DS_02之间的横联cost调整为45,这样在该故障场景下,XX1_WN_DS_01上学习到的生产路由不会形成等价路由,设备上只会存在1条至生产的路由,下一跳是XX2_WN_DS_01,
流量不会被送至XX1_WN_DS_02。
