十八、CCNP-BGP(概述、基本配置、属性)

一般情况下,BGP接触的少,中小型企业、医院、学校用IGP协议就够了,如OSPF、EIGRP就可以了。大型企业、运营商用IGP协议就容易跑死,就需要BGP了,BGP用于大规模网络或运营商里面,如中国银行、移动、联通、典型等。

18.1 BGP概述

  • OSPF区域划分和重发布是为了更好的路由控制、汇总、过滤、策略等。
  • 不同AS间路由信息传递,可选择BGP协议,拥有强大的路由决策工具,丰富的路由路径属性把控路径选择。

18.1.1 IGP

IGP协议特性,更适合于AS内部,实现内部路由可达。

BGP关注的不是内部路由,而是AS间路径选择和传递的问题。

18.1.2 BGP特征

在AS的边缘设备上同时运行OSPF和BGP协议,注意BGP重发布进IGP时,庞大的路由容易把IGP跑死,需要做一些控制。

EIGRP间的AS号是自定义的,随便用,但是BGP的AS号是需要向相关部门申请的。

  • IGP操控路由基本就是METRIC值;
  • BGP中METRIC值只是众多属性中的一个;
  • 抛开BGP深度特性来说,某种层面来说和RIP相似,都是距离矢量协议。
  • RIP基于跳数,一跳一个路由器,而BGP一跳则是一个AS。

AP_PATH:丈量距离,防止环路(在AS内部传递时,AS_PATH是不会变的)。

  • IGP建立邻居是直连的、利用组播的HELLO包发现邻居,其中OSPF报文封装在IP包中,EIGRP类似,RIP基于UDP。
  • BGP基于TCP,允许PEER邻居是非直连的,前提是邻居间路由可达,邻居间的中间路由器之间有可能运行IGP协议,一方面实现AS内部路由,一方面两邻居可达。
  • 最终BGP凌驾在IGP之上,通过IGP路由让BGP邻居可达,从而建立邻居关系。逻辑上完全可以忽略邻居间的路由器,但是物理上邻居间更新路由信息需要经过中间路由器转发,这时中间路由器看到的是普通IP包,进行源目转发即可。
  • BGP不同于IGP,如OSPF,不能自动发现邻居,需要手动指定邻居IP地址来建立邻居关系。
  • BGP不会周期性更新,所以适合大型架构,且BGP收敛速度远慢于IGP。

18.1.3 BGP报文

  • 基于TCP的179。
  • BGP的5中报文。
  • OPEN:建立完TCP连接后,发送OPEN消息,包含参数及特性值。
  • UPDATE:BGP路由前缀放在UPDATE包中,还有响应路径属性,不会周期性更新,只会触发更新,当出现路由失效,也是通过UPDATE包发送。
  • NOTIFICATION:BGP进程检测到错误时,发送该报文给邻居。
  • KEEPALIVE:保活机制,默认60S,弥补TCP机制的缺陷。
  • ROUTE-REFRESH:当路由策略变化,触发请求

18.1.4 BGP状态

尝试和邻居建立TCP的三次握手

三次握手建立后,向邻居发送TCP的OPEN消息

如果TCP三次握手建立失败,进入ACTIVE状态

反复尝试建立TCP,同时启动计时器

当计时器超时后,重新进入IDLE状态

ACTIVE重新尝试成功

OPEN发出后,邻居检测到OPEN参数和本地不匹配,触发错误进入IDLE

如果顺利,则进入KEEPALIVE确认

继续发送KEEPALIVE消息,最终进入确认状态

更新路由信息

18.1.5 EBGP和IBGP

BGP邻居并不要求直连

两种BGP邻居关系,一个为EBGP,建立EBGP关系,一般用直连建立。

IBGP,则是同一个AS内部。

18.1.5.1 路由黑洞

TRANSIT AS:中转AS

  • 路由器A运行一个或多个IGP协议,保证路由可达。
  • 路由器A还会跑一个BGP进程,完成EBGP邻居关系。
  • A的网段P1放入BGP进程中,A和B保持EBGP关系,A把路由公告给B,虽然BCDE运行了OSPF,但是只有BE保持了IBGP邻居关系,B把注入后的P1路由更新给E,E在更新给F,F就有了P1的路由。
  • 虽然有了路由,但是F能PING通P1网络吗?
  • F包给E,E知道给B,但是需要经过D/C时,运行的是OSPF路由,OSPF里面没有去往P1的路由,这时出现了路由黑洞,包被丢弃,造成有路由但是PING不通。在于CD上没有运行BGP,或说不知道BGP内的路由,导致数据包被丢弃。

为了避免路由黑洞,BGP做了一些同步规则。

  • 规则1:E路由器收到了从B过来的路由,不能更新给F。除非E还从OSPF如C、D也学习到了该路由,或其他IGP协议的路由。
  • 规则2:该同步规则比较鸡肋,所以默认都是关闭的。

关闭后怎么解决路由黑洞?

方法1、将BGP上的路由重发布进IGP,不是特别建议,因为BGP协议重发布IGP时,务必谨慎,BGP路由多,直接通告,导致IGP崩溃。

方法2、让CD也跑BGP协议。

18.1.5.2 IBGP水平分割

  • BGP防环,距离矢量协议,AS_PATH路由前缀的路由属性,记录路由传递过程,有重复的就能发现。
  • 原则:BCDE维持着IBGP邻居关系,规定当D从E收到路由后,不能传递给BC,某台BGP从邻居收到路由后,不能传递给任何其他BGP路由器。
  • 水平分割原则造成的后果,E从F学到的路由给C或者D后,到不了B,同样B从A学到的BGP路由也到了F。

18.1.5.3 BGP通告原则

18.1.6 BGP表

BGP协议有三个AD值,从EBGP学到的为20,从IBGP学到的为200,EBGP优先级高,是为了便于AS间通讯,AS内部低是为了便于内部搞定。

18.2 BGP基本配置

18.2.1 试验1:直连接口BGP

R1,R2,R3跑OSPF,R1,R3间创建IBGP邻居关系

18.2.1.1 基础配置

路由器R1,配置接口地址和loopback地址:

R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown

路由器R2,配置接口地址和loopback地址:

R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown

R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown

R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config-if)#no shutdown

路由器R3,配置接口地址和loopback地址:

R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown

R3(config)#interface serial 0/1
R3(config-if)#ip address 10.1.34.3 255.255.255.0
R3(config-if)#no shutdown

R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown 

路由器R4,配置接口地址和loopback地址:

R4(config)#interface serial 0/0
R4(config-if)#ip address 10.1.34.4 255.255.255.0
R4(config-if)#no shutdown

R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown

18.2.1.2 BGP配置

R1路由器手动指定邻居IP地址

R1(config)#router bgp 123
R1(config-router)#neighbor 10.1.12.2 remote-as 123

R2路由器手动指定邻居IP地址

R2(config)#router bgp 123
R2(config-router)#neighbor 10.1.12.1 remote-as 123
R2(config-router)#neighbor 10.1.23.3 remote-as 123

查看R2配置:

R2#show running-config | section router
router bgp 123
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.1.12.1 remote-as 123
 neighbor 10.1.23.3 remote-as 123
 no auto-summary

默认关闭同步规则,默认关闭自动汇总

R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.12.1       4   123       5       5        1    0    0 00:02:03        0
10.1.23.3       4   123       0       0        0    0    0 never    Active

邻居关系也建立起来了,两个邻居。由于R3还没有启动,所以还在尝试建立邻居。

R3路由器手动指定邻居IP地址

R3(config)#router bgp 123
R3(config-router)#neighbor 10.1.23.2 remote-as 123
R3(config-router)#neighbor 10.1.34.4 remote-as 400

R4(config)#router bgp 400
R4(config-router)#neighbor 10.1.34.3 remote-as 123

至此基于直连接口的基本BGP配置完成

但是目前的BGP表是空的,只是建立了邻居关系。

R1#show ip bgp

因为目前没有装在任何条目进BGP进程

三种注入方式:

  1. NETWORK命令
  2. 重发布
  3. BGP汇总

18.2.1.3 路由注入1:NETWORK命令

  • BGP的NETWORK命令完全不同于IGP的NETWORK命令,IGP如NETWORK命令将网络号注入OSPF、同时尝试发现邻居。
  • BGP的NETWORK命令则不同,尝试将4.4.4.4的在直连网络注入BGP,如果写MASK后,注入的是无类掩码,且掩码必须和路由表一致,严格匹配网络号和前缀。如果不写MASK,则认为是有类,需要开启AUTO-SUMMARY,则会自动汇总为主类网络。
R4(config)#router bgp 400
R4(config-router)#network 4.4.4.0 mask 255.255.255.0
R4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       0.0.0.0                  0         32768 i

BGP表已经有路由了,其中>代表BEST最优。

R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       10.1.34.4                0             0 400 i

R4就会宣告给R3,同时会将BGP的最优的路径会装在进IP路由表中。

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
B       4.4.4.0 [20/0] via 10.1.34.4, 00:02:25
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.23.0 is directly connected, Serial0/0

可以看到4.4.4.0 [20/0] via 10.1.34.4, 00:02:25路由,AD值为20,因为是EBGP传过来的。

R3#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/40 ms

R3中有路由了,所以可以PING通

R2#show ip bgp
BGP table version is 1, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
* i4.4.4.0/24       10.1.34.4                0    100      0 400 i3

R3也宣告给了R2,下一跳指向R4的接口,但是R4的接口IP对于R2来说是不可达的,不是>最优的,就不放进路由表里面。

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.23.0 is directly connected, Serial0/1

所以R2路由表中没有4.4.4.4的路由

18.2.2 试验2:指定更新源next-hop-self

上例中,直连接口建立邻居关系,任何一个接口DOWN都有可能导致连接丢失。如果用LOOPBACK建立邻居关系,使用IGP实现路由可达,IGP还实现了可靠性和冗余性。IGP动态发现冗余链路。

所以IGP使用LOOPBACK接口作为IBGP更新源,对于EBGP还是使用直连接口。

R1,R2,R3跑OSPF,放入LOOPBACK。先关闭之前试验的BGP

R1(config)#no router bgp 123
R2(config)#no router bgp 123
R3(config)#no router bgp 123

18.2.2.1 OSPF配置

R1上运行OSPF

R1(config)#router ospf 1
R1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0

R2上运行OSPF

R2(config)#router ospf 1
R2(config-router)# network 10.1.12.2 0.0.0.0 area 0 
R2(config-router)# network 10.1.23.2 0.0.0.0 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0

R3上运行OSPF

R3(config)#router ospf 1
R3(config-router)#network 10.1.23.3 0.0.0.0 area 0
R3(config-router)#network 3.3.3.3 0.0.0.0 area 0
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 10.1.12.2, 00:00:18, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/129] via 10.1.12.2, 00:00:18, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
O       10.1.23.0 [110/128] via 10.1.12.2, 00:00:18, Serial0/0

邻居关系起来了,去往R1,R2,R3的LOOPBACK地址有路由了。

18.2.2.2 BGP配置

R1,R3建IBGP邻居关系,R2不运行BGP

R1(config)#router bgp 123
R1(config-router)#neighbor 3.3.3.3 remote-as 123
R1(config-router)#neighbor 3.3.3.3 update-source loopback 0

R1指定R3的LOOPBACK为邻居,同时和R3邻居建立关系时用R1的本地更新源接口设置为LOOPBACK。

R3(config)#router bgp 123
R3(config-router)#neighbor 1.1.1.1 remote-as 123
R3(config-router)#neighbor 1.1.1.1 update-source loopback 0

R3指定R1的LOOPBACK为邻居,同时和R1邻居建立关系时用R3的本地更新源接口设置为LOOPBACK。

R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4   123       5       5        1    0    0 00:01:25        0

R1和R3跨越R2建立BGP关系

R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 123
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
3.3.3.3         4   123       6       6        1    0    0 00:02:04        0

再补上R3和R4的BGP关系

R3(config)#router bgp 123
R3(config-router)#neighbor 10.1.34.4 remote-as 400
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4   123       7       8        2    0    0 00:03:42        0
10.1.34.4       4   400       5       4        2    0    0 00:00:08        1

可以看到1.1.1.1和R4都有BGP路由了。

R1#show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
* i4.4.4.0/24       10.1.34.4                0    100      0 400 i

此时R1可以看到去往4.4.4.4的BGP路由,但不是最佳路由,因为不可见,OSPF只是IGP内部路由,没有去往R4的路由。

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 10.1.12.2, 00:16:58, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/129] via 10.1.12.2, 00:16:58, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
O       10.1.23.0 [110/128] via 10.1.12.2, 00:16:58, Serial0/0

因为R1没有到R4的路由。

加静态路由

R1(config)#ip route 10.1.34.0 255.255.255.0 serial 0/0
R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i4.4.4.0/24       10.1.34.4                0    100      0 400 i

此时变成最优的BGP了,因为已经有路由了。欺骗性的方法,不是最优的,因为R2到R4也没有路由

R1(config)#no ip route 10.1.34.0 255.255.255.0 serial 0/0

去除静态路由。

  • 方法1:将去往外部R4的路由通告进AS,但是不可取,毕竟是外部路由。
  • 方法2:在R3上做配置,将通告R4的NEXT-HOP改为自身。
R3(config)#router bgp 123
R3(config-router)#neighbor 1.1.1.1 next-hop-self
R1#show ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i4.4.4.0/24       3.3.3.3                  0    100      0 400 i

这时就可以了,R1本来就有通往3.3.3.3的路由,所以BGP可以达最优。

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 10.1.12.2, 02:47:33, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/129] via 10.1.12.2, 02:47:33, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
B       4.4.4.0 [200/0] via 3.3.3.3, 02:16:06
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
O       10.1.23.0 [110/128] via 10.1.12.2, 02:47:35, Serial0/0

R1路由中,4.4.4.0 [200/0] via 3.3.3.3, 02:16:06,下一跳是3.3.3.3,路由递归下去3.3.3.3 [110/129] via 10.1.12.2, 02:47:33, Serial0/0,最后到直连10.1.12.0 is directly connected, Serial0/0

18.2.3 试验3:EBGP多跳

如R3和R4也通过LOOPBACK建立邻居关系。

R3(config)#router bgp 123
R3(config-router)#no neighbor 10.1.34.4

R4(config)#router bgp 400
R4(config-router)#no neighbor 10.1.34.3

R3(config)#router bgp 123
R3(config-router)#neighbor 4.4.4.4 remote-as 400
R3(config-router)#neighbor 4.4.4.4 update-source loopback 0

R3(config)#ip route 4.4.4.0 255.255.255.0 serial 0/1

告知怎么去R4的loopbakc地址

R4(config)#router bgp 400
R4(config-router)#neighbor 3.3.3.3 remote-as 123
R4(config-router)#neighbor 3.3.3.3 update-source loopback 0

R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.34.3

默认路由回程

R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 3, main routing table version 3

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4   123     171     174        3    0    0 02:47:12        0
4.4.4.4         4   400       0       0        0    0    0 never    Idle

此时是IDLE状态

R3(config)#router bgp 123
R3(config-router)#neighbor 4.4.4.4 ebgp-multihop 2

R4(config)#router bgp 400
R4(config-router)#neighbor 3.3.3.3 ebgp-multihop 2
R4#show ip bgp summary
BGP router identifier 4.4.4.4, local AS number 400
BGP table version is 3, main routing table version 3
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
3.3.3.3         4   123       4       5        3    0    0 00:00:14        0

此时建立正常了

R3#show ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 4.4.4.0/24       4.4.4.4                  0             0 400 i

r装表失败,

R3上到4.4.4.4有EBGP的路由,还有静态路由,静态路由AD值小,导致EBGP被抑制。

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/129] via 10.1.23.2, 03:02:43, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 10.1.23.2, 03:02:43, Serial0/0
     3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
S       4.4.4.0 is directly connected, Serial0/1
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.12.0 [110/128] via 10.1.23.2, 03:02:43, Serial0/0
C       10.1.23.0 is directly connected, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1
R3(config)#no ip route 4.4.4.0 255.255.255.0

R3(config)#ip route 4.4.4.4 255.255.255.255 serial 0/1

为了避免冲突

R3#show ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       4.4.4.4                  0             0 400 i

这回就是最佳路由了。

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/129] via 10.1.23.2, 03:06:51, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 10.1.23.2, 03:06:51, Serial0/0
     3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Loopback0
     4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S       4.4.4.4/32 is directly connected, Serial0/1
B       4.4.4.0/24 [20/0] via 4.4.4.4, 00:00:36
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.12.0 [110/128] via 10.1.23.2, 03:06:53, Serial0/0
C       10.1.23.0 is directly connected, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1.

此时R1就有路由了,递归路由

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/65] via 10.1.12.2, 03:08:11, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/129] via 10.1.12.2, 03:08:11, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
B       4.4.4.0 [200/0] via 3.3.3.3, 00:01:56
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
O       10.1.23.0 [110/128] via 10.1.12.2, 03:08:13, Serial0/0

18.2.4 试验4:路由黑洞

但此时R1依旧PING不同R4,症结在R2,R2仅仅中转,

R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/65] via 10.1.12.1, 03:09:54, Serial0/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/65] via 10.1.23.3, 03:09:54, Serial0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.23.0 is directly connected, Serial0/1

R2上没有4.4.4.4的路由,R2上出现了黑洞,让R2也跑BGP,和R1,R3建立BGP

R1(config)#router bgp 123
R1(config-router)#neighbor 2.2.2.2 remote-as 123
R1(config-router)#neighbor 2.2.2.2 update-source loopback 0
R2(config)#router bgp 123
R2(config-router)#neighbor 1.1.1.1 remote-as 123
R2(config-router)#neighbor 1.1.1.1 update-source loopback 0
R2(config-router)#neighbor 3.3.3.3 remote-as 123
R2(config-router)#neighbor 3.3.3.3 update-source loopback 0
R3(config)#router bgp 123
R3(config-router)#neighbor 2.2.2.2 remote-as 123
R3(config-router)#neighbor 2.2.2.2 update-source loopback 0

建立全互联,两两之间建立IBGP

R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 1, main routing table version 1
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/0 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4   123       5       4        1    0    0 00:01:25        0
3.3.3.3         4   123       5       4        1    0    0 00:00:33        1

此时R2依旧没有4.4.4.4最佳路由

R3(config)#router bgp 123
R3(config-router)#neighbor 2.2.2.2 next-hop-self
R2#show ip bgp
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i4.4.4.0/24       3.3.3.3                  0    100      0 400 i

有最佳路由了

R2#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/61/68 ms

通了

R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/96/108 ms

通了

18.2.5 试验4:水平分割

去除R1和R3的连接

R1(config)#router bgp 123
R1(config-router)#no neighbor 3.3.3.3
R3(config)#router bgp 123
R3(config-router)#no neighbor 1.1.1.1
R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 123
BGP table version is 9, main routing table version 9

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4   123       8       9        9    0    0 00:05:02        0

R1只有和R2的连接了

R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4   123       9       8        2    0    0 00:05:18        0
3.3.3.3         4   123      10       8        2    0    0 00:04:26        1

R2有和R1、R3的连接

R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 8, main routing table version 8
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4   123       8      10        8    0    0 00:04:58        0
4.4.4.4         4   400      22      21        8    0    0 00:17:56        1

R3也没有和R1的IBGP连接了,

R1#show ip bgp

此时R1的BGP表没有任何前缀

R2#show ip bgp
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i4.4.4.0/24       3.3.3.3                  0    100      0 400 i

而R2有BEST优化的,但是没有给R1,在于水平分割原则导致的,R2从R3收到的不更新给R1。

18.2.6 重置

硬重置方式比较野蛮,*表示断开本地所有BGP连接。重新发路由更新,建立邻居,不太建议使用该方式。特别是在线设备,禁止使用

软重置不会重建和拆除连接,另种方式,分为出站和入站

发送UPDATE消息,触发更新,因为BGP没有周期性更新,希望策略立即生效时可以使用。

18.2.7 查看BGP表

18.2.7.1 邻居表:show ip bgp summary

R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 1, main routing table version 1
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/0 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4   123      39      39        1    0    0 00:36:47        0
3.3.3.3         4   123      40      39        1    0    0 00:36:41        1

有两个IGP邻居,AS号一样。

18.2.7.2 BGP表:show ip bgp

R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       4.4.4.4                  0             0 400 i

只有一个条目,只引入一条。因为BGP一条就是一个AS

18.2.7.3 路径信息:show ip bgp ip地址

R3#show ip bgp 4.4.4.0
BGP routing table entry for 4.4.4.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     2          3
  400
    4.4.4.4 from 4.4.4.4 (4.4.4.4)
      Origin IGP, metric 0, localpref 100, valid, external, best

18.2.7.4 查看

18.3 BGP路径属性

BGP不是所有场合都使用,BGP有一个强大的策略工具集合和属性库,

18.3.1 分类

BGP抓包

18.3.2 WEIGHT

本路由器有效,权重值是自己认为

R4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       0.0.0.0                  0         32768 i

R4本地始发,权重WEIGHT为32768

R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       4.4.4.4                  0             0 400 i

从R4学到的BGP,权重为0

18.3.3 LOCAL PREFERENCE

此处的本地指的是本地AS,在AS内部发挥作用。只能发给IBGP邻居,不能发给EBGP。

如A和B收到外部1.1.1.0的路由,通过AB传给C,C从AB收到1.1.1.0的路由更新,AB收到1.1.1.0路由时,是外部AS,所以是不携带LP的,AB传给C时会赋值默认值100,LP相等的情况下就无法权衡了。这时可以再A上做策略,利用ROUTE-MAP策略,A发送UPDATE消息时,做LP设为200的动作,这时C优选A出去。

R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       4.4.4.4                  0             0 400 i

R3从R4收到的LP值为空,因为不属于同一个AS。

R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i4.4.4.0/24       3.3.3.3                  0    100      0 400 i 

R3给R1时,默认LP为100。

18.3.4 AS-PATH

  • 作用1:衡量到目的地距离远近的标志,到目的地的跳数,一个AS为一跳
  • 作用2:确保无环,携带的路由出现了本地AS号,说明环了

AS_SEQUENCE有序列表,400去往,先经过300,达到100

AS-SET常见于做了汇总场合,防环。

汇总路由可能会丢失明细:4个AS,R1,R2更新给R3,R3做了路由汇总成一条,默认情况下,R3在本地生成一条新的路由,R4就会认为这条路由是R3产生的,丢失了明细的路径属性。这时如果R4和R2连接,将信息同步给R2,里面只有300和400,美哦与200,R2就接受,从而产生环路。

BGP汇总时,允许手动增加关键字AS-SET,新产生的汇总路由将会继承之前的明细,汇总路由会继承AS-PATH属性,形式为R3给R4更新时,会加上自己的AS号,同时会保留之前的AS号100和200,这时到底是100排前面还是200排前面,没法定夺,而且也不重要。主要是基于放环,顺序不重要。即格式300{100,200}。其中100,200可以是无序的,只是为了放环。这时如果R4试图传给R1S时,就是400,300{100,200},R1收到后,发现AS-PATH里面有100,和本地的AS号重复,存在环路,则忽略。起到放环的目的。

抓包可以看到AS-PATH包含两部分,AS-sequence和AS-SET,300{100,200}。

R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i4.4.4.0/24       3.3.3.3                  0    100      0 400 i

R1去往R4,AS-PATH为400,先要达到400。

18.3.5 Origin

路由的起源,标记路由是从什么途径引入BGP进程。

R4(config)#interface loopback 1
R4(config-if)#ip address 44.4.4.4 255.255.255.0
R4(config-if)#no shutdown

R4(config)#access-list 44 per 44.4.4.0
R4(config)#route-map test
R4(config-route-map)#match ip address 44
R4(config-route-map)#exit

R4(config)#router bgp 400
R4(config-router)#redistribute connected route-map test
R4#show ip bgp
BGP table version is 3, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       0.0.0.0                  0         32768 i
*> 44.4.4.0/24      0.0.0.0                  0         32768 ?

44.4.4.0路由本地WEIGHT为32768,PATH为空,本地始发。?为ORIGIN,表示INCOMPLETE,路由重发布进BGP后,ORIGIN为一个?,传递给其他邻居也是一个?,如下

R3#show ip bgp
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       4.4.4.4                  0             0 400 i
*> 44.4.4.0/24      4.4.4.4                  0             0 400 ?

ORIGION也可以影响路由优先,I>E>?。

BGP表示例。

18.3.6 MED

BGP的度量值。IGP为METIC度量值,而BGP有多个度量值,MED只是众多属性中的一个。

在AS之间影响流量,LP为内部影响流量,而MED用于AS间影响进入AS的流量。

两个不同的AS,就不比较MED值。

R3#show ip bgp
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       4.4.4.4                  0             0 400 i
*> 44.4.4.0/24      4.4.4.4                  0             0 400 ?

此处METRIC值就是MED值,R4发布的两条默认值都是0

18.3.7 NEXT_HOP

去往某一条路由前缀标识的目的地。

如果从EBGP收到路由更新,路由的下一跳更新的邻居接口地址。前提EBGP邻居关系使用直连接口建的。

当R2从R1收到后,传递给R3时,NEXT-HOP将原封不动的传递给IBGP邻居。告诉AS内路由去,去往其他AS的路由应该找哪个入口。此时R2需要知道怎么去R1,否则R3不知道去往R1的,就认为不是最佳路由,不使用。之前讲的三种方法。

  • 方法1:R3本地配静态路由,不科学
  • 方法2:R2将互联路由重发布进IGP,让R3学到。
  • 方法3:在R2上对R3做NEXT-HOP-SELF。这样就会把NEXT-HOP改为R2,R3就知道怎么走了。

R2和R3间IBGP邻居关系,R2上运行了OSPF协议,R2将两个OSPF的邻居路由学到了,R2使用NETWORK或者重发布的方式把OSPF这两条路由引入了BGP,给了R3,这是引入的路由NEXT-HOP属性将会继承在OSPF中的下一跳。

18.3.8 COMMUNITY

18.3.9 Atomic_Aggregate|aggregator

R3上有4条明细,R3做了手动汇总,如上命令。如果不加SUMMARY-ONLY的话,R3会放行4条明细,并加上一条路由汇总。加上后,R3只会更新汇总路由给R4,R4收到汇总后,是一条由R3产生的全新汇总路由,这时R4收到后,AS-PATH只有300,没有任何明细信息,R4会认为是R3产生的路由,容易导致路由环路。

这时需要告诉R4这是一条汇总路由,以及是在哪汇总的。如R3汇总,地址为3.3.3.3

发表回复