一般情况下,BGP接触的少,中小型企业、医院、学校用IGP协议就够了,如OSPF、EIGRP就可以了。大型企业、运营商用IGP协议就容易跑死,就需要BGP了,BGP用于大规模网络或运营商里面,如中国银行、移动、联通、典型等。
18.1 BGP概述
- OSPF区域划分和重发布是为了更好的路由控制、汇总、过滤、策略等。
- 不同AS间路由信息传递,可选择BGP协议,拥有强大的路由决策工具,丰富的路由路径属性把控路径选择。
18.1.1 IGP
IGP协议特性,更适合于AS内部,实现内部路由可达。
BGP关注的不是内部路由,而是AS间路径选择和传递的问题。
18.1.2 BGP特征
在AS的边缘设备上同时运行OSPF和BGP协议,注意BGP重发布进IGP时,庞大的路由容易把IGP跑死,需要做一些控制。
EIGRP间的AS号是自定义的,随便用,但是BGP的AS号是需要向相关部门申请的。
- IGP操控路由基本就是METRIC值;
- BGP中METRIC值只是众多属性中的一个;
- 抛开BGP深度特性来说,某种层面来说和RIP相似,都是距离矢量协议。
- RIP基于跳数,一跳一个路由器,而BGP一跳则是一个AS。
AP_PATH:丈量距离,防止环路(在AS内部传递时,AS_PATH是不会变的)。
- IGP建立邻居是直连的、利用组播的HELLO包发现邻居,其中OSPF报文封装在IP包中,EIGRP类似,RIP基于UDP。
- BGP基于TCP,允许PEER邻居是非直连的,前提是邻居间路由可达,邻居间的中间路由器之间有可能运行IGP协议,一方面实现AS内部路由,一方面两邻居可达。
- 最终BGP凌驾在IGP之上,通过IGP路由让BGP邻居可达,从而建立邻居关系。逻辑上完全可以忽略邻居间的路由器,但是物理上邻居间更新路由信息需要经过中间路由器转发,这时中间路由器看到的是普通IP包,进行源目转发即可。
- BGP不同于IGP,如OSPF,不能自动发现邻居,需要手动指定邻居IP地址来建立邻居关系。
- BGP不会周期性更新,所以适合大型架构,且BGP收敛速度远慢于IGP。
18.1.3 BGP报文
- 基于TCP的179。
- BGP的5中报文。
- OPEN:建立完TCP连接后,发送OPEN消息,包含参数及特性值。
- UPDATE:BGP路由前缀放在UPDATE包中,还有响应路径属性,不会周期性更新,只会触发更新,当出现路由失效,也是通过UPDATE包发送。
- NOTIFICATION:BGP进程检测到错误时,发送该报文给邻居。
- KEEPALIVE:保活机制,默认60S,弥补TCP机制的缺陷。
- ROUTE-REFRESH:当路由策略变化,触发请求
18.1.4 BGP状态
尝试和邻居建立TCP的三次握手
三次握手建立后,向邻居发送TCP的OPEN消息
如果TCP三次握手建立失败,进入ACTIVE状态
反复尝试建立TCP,同时启动计时器
当计时器超时后,重新进入IDLE状态
ACTIVE重新尝试成功
OPEN发出后,邻居检测到OPEN参数和本地不匹配,触发错误进入IDLE
如果顺利,则进入KEEPALIVE确认
继续发送KEEPALIVE消息,最终进入确认状态
更新路由信息
18.1.5 EBGP和IBGP
BGP邻居并不要求直连
两种BGP邻居关系,一个为EBGP,建立EBGP关系,一般用直连建立。
IBGP,则是同一个AS内部。
18.1.5.1 路由黑洞
TRANSIT AS:中转AS
- 路由器A运行一个或多个IGP协议,保证路由可达。
- 路由器A还会跑一个BGP进程,完成EBGP邻居关系。
- A的网段P1放入BGP进程中,A和B保持EBGP关系,A把路由公告给B,虽然BCDE运行了OSPF,但是只有BE保持了IBGP邻居关系,B把注入后的P1路由更新给E,E在更新给F,F就有了P1的路由。
- 虽然有了路由,但是F能PING通P1网络吗?
- F包给E,E知道给B,但是需要经过D/C时,运行的是OSPF路由,OSPF里面没有去往P1的路由,这时出现了路由黑洞,包被丢弃,造成有路由但是PING不通。在于CD上没有运行BGP,或说不知道BGP内的路由,导致数据包被丢弃。
为了避免路由黑洞,BGP做了一些同步规则。
- 规则1:E路由器收到了从B过来的路由,不能更新给F。除非E还从OSPF如C、D也学习到了该路由,或其他IGP协议的路由。
- 规则2:该同步规则比较鸡肋,所以默认都是关闭的。
关闭后怎么解决路由黑洞?
方法1、将BGP上的路由重发布进IGP,不是特别建议,因为BGP协议重发布IGP时,务必谨慎,BGP路由多,直接通告,导致IGP崩溃。
方法2、让CD也跑BGP协议。
18.1.5.2 IBGP水平分割
- BGP防环,距离矢量协议,AS_PATH路由前缀的路由属性,记录路由传递过程,有重复的就能发现。
- 原则:BCDE维持着IBGP邻居关系,规定当D从E收到路由后,不能传递给BC,某台BGP从邻居收到路由后,不能传递给任何其他BGP路由器。
- 水平分割原则造成的后果,E从F学到的路由给C或者D后,到不了B,同样B从A学到的BGP路由也到了F。
18.1.5.3 BGP通告原则
18.1.6 BGP表
BGP协议有三个AD值,从EBGP学到的为20,从IBGP学到的为200,EBGP优先级高,是为了便于AS间通讯,AS内部低是为了便于内部搞定。
18.2 BGP基本配置
18.2.1 试验1:直连接口BGP
R1,R2,R3跑OSPF,R1,R3间创建IBGP邻居关系
18.2.1.1 基础配置
路由器R1,配置接口地址和loopback地址:
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown
路由器R2,配置接口地址和loopback地址:
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config-if)#no shutdown
路由器R3,配置接口地址和loopback地址:
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface serial 0/1
R3(config-if)#ip address 10.1.34.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown
路由器R4,配置接口地址和loopback地址:
R4(config)#interface serial 0/0
R4(config-if)#ip address 10.1.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown
18.2.1.2 BGP配置
R1路由器手动指定邻居IP地址
R1(config)#router bgp 123
R1(config-router)#neighbor 10.1.12.2 remote-as 123
R2路由器手动指定邻居IP地址
R2(config)#router bgp 123
R2(config-router)#neighbor 10.1.12.1 remote-as 123
R2(config-router)#neighbor 10.1.23.3 remote-as 123
查看R2配置:
R2#show running-config | section router
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 10.1.12.1 remote-as 123
neighbor 10.1.23.3 remote-as 123
no auto-summary
默认关闭同步规则,默认关闭自动汇总
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.12.1 4 123 5 5 1 0 0 00:02:03 0
10.1.23.3 4 123 0 0 0 0 0 never Active
邻居关系也建立起来了,两个邻居。由于R3还没有启动,所以还在尝试建立邻居。
R3路由器手动指定邻居IP地址
R3(config)#router bgp 123
R3(config-router)#neighbor 10.1.23.2 remote-as 123
R3(config-router)#neighbor 10.1.34.4 remote-as 400
R4(config)#router bgp 400
R4(config-router)#neighbor 10.1.34.3 remote-as 123
至此基于直连接口的基本BGP配置完成
但是目前的BGP表是空的,只是建立了邻居关系。
R1#show ip bgp
因为目前没有装在任何条目进BGP进程
三种注入方式:
- NETWORK命令
- 重发布
- BGP汇总
18.2.1.3 路由注入1:NETWORK命令
- BGP的NETWORK命令完全不同于IGP的NETWORK命令,IGP如NETWORK命令将网络号注入OSPF、同时尝试发现邻居。
- BGP的NETWORK命令则不同,尝试将4.4.4.4的在直连网络注入BGP,如果写MASK后,注入的是无类掩码,且掩码必须和路由表一致,严格匹配网络号和前缀。如果不写MASK,则认为是有类,需要开启AUTO-SUMMARY,则会自动汇总为主类网络。
R4(config)#router bgp 400
R4(config-router)#network 4.4.4.0 mask 255.255.255.0
R4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
BGP表已经有路由了,其中>代表BEST最优。
R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 10.1.34.4 0 0 400 i
R4就会宣告给R3,同时会将BGP的最优的路径会装在进IP路由表中。
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
B 4.4.4.0 [20/0] via 10.1.34.4, 00:02:25
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.23.0 is directly connected, Serial0/0
可以看到4.4.4.0 [20/0] via 10.1.34.4, 00:02:25路由,AD值为20,因为是EBGP传过来的。
R3#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/40 ms
R3中有路由了,所以可以PING通
R2#show ip bgp
BGP table version is 1, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i4.4.4.0/24 10.1.34.4 0 100 0 400 i3
R3也宣告给了R2,下一跳指向R4的接口,但是R4的接口IP对于R2来说是不可达的,不是>最优的,就不放进路由表里面。
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
所以R2路由表中没有4.4.4.4的路由
18.2.2 试验2:指定更新源next-hop-self
上例中,直连接口建立邻居关系,任何一个接口DOWN都有可能导致连接丢失。如果用LOOPBACK建立邻居关系,使用IGP实现路由可达,IGP还实现了可靠性和冗余性。IGP动态发现冗余链路。
所以IGP使用LOOPBACK接口作为IBGP更新源,对于EBGP还是使用直连接口。
R1,R2,R3跑OSPF,放入LOOPBACK。先关闭之前试验的BGP
R1(config)#no router bgp 123
R2(config)#no router bgp 123
R3(config)#no router bgp 123
18.2.2.1 OSPF配置
R1上运行OSPF
R1(config)#router ospf 1
R1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R2上运行OSPF
R2(config)#router ospf 1
R2(config-router)# network 10.1.12.2 0.0.0.0 area 0
R2(config-router)# network 10.1.23.2 0.0.0.0 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0
R3上运行OSPF
R3(config)#router ospf 1
R3(config-router)#network 10.1.23.3 0.0.0.0 area 0
R3(config-router)#network 3.3.3.3 0.0.0.0 area 0
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.12.2, 00:00:18, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.12.2, 00:00:18, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
O 10.1.23.0 [110/128] via 10.1.12.2, 00:00:18, Serial0/0
邻居关系起来了,去往R1,R2,R3的LOOPBACK地址有路由了。
18.2.2.2 BGP配置
R1,R3建IBGP邻居关系,R2不运行BGP
R1(config)#router bgp 123
R1(config-router)#neighbor 3.3.3.3 remote-as 123
R1(config-router)#neighbor 3.3.3.3 update-source loopback 0
R1指定R3的LOOPBACK为邻居,同时和R3邻居建立关系时用R1的本地更新源接口设置为LOOPBACK。
R3(config)#router bgp 123
R3(config-router)#neighbor 1.1.1.1 remote-as 123
R3(config-router)#neighbor 1.1.1.1 update-source loopback 0
R3指定R1的LOOPBACK为邻居,同时和R1邻居建立关系时用R3的本地更新源接口设置为LOOPBACK。
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 123 5 5 1 0 0 00:01:25 0
R1和R3跨越R2建立BGP关系
R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 123
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 123 6 6 1 0 0 00:02:04 0
再补上R3和R4的BGP关系
R3(config)#router bgp 123
R3(config-router)#neighbor 10.1.34.4 remote-as 400
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 123 7 8 2 0 0 00:03:42 0
10.1.34.4 4 400 5 4 2 0 0 00:00:08 1
可以看到1.1.1.1和R4都有BGP路由了。
R1#show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i4.4.4.0/24 10.1.34.4 0 100 0 400 i
此时R1可以看到去往4.4.4.4的BGP路由,但不是最佳路由,因为不可见,OSPF只是IGP内部路由,没有去往R4的路由。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.12.2, 00:16:58, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.12.2, 00:16:58, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
O 10.1.23.0 [110/128] via 10.1.12.2, 00:16:58, Serial0/0
因为R1没有到R4的路由。
加静态路由
R1(config)#ip route 10.1.34.0 255.255.255.0 serial 0/0
R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 10.1.34.4 0 100 0 400 i
此时变成最优的BGP了,因为已经有路由了。欺骗性的方法,不是最优的,因为R2到R4也没有路由
R1(config)#no ip route 10.1.34.0 255.255.255.0 serial 0/0
去除静态路由。
- 方法1:将去往外部R4的路由通告进AS,但是不可取,毕竟是外部路由。
- 方法2:在R3上做配置,将通告R4的NEXT-HOP改为自身。
R3(config)#router bgp 123
R3(config-router)#neighbor 1.1.1.1 next-hop-self
R1#show ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 3.3.3.3 0 100 0 400 i
这时就可以了,R1本来就有通往3.3.3.3的路由,所以BGP可以达最优。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.12.2, 02:47:33, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.12.2, 02:47:33, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
B 4.4.4.0 [200/0] via 3.3.3.3, 02:16:06
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
O 10.1.23.0 [110/128] via 10.1.12.2, 02:47:35, Serial0/0
R1路由中,4.4.4.0 [200/0] via 3.3.3.3, 02:16:06,下一跳是3.3.3.3,路由递归下去3.3.3.3 [110/129] via 10.1.12.2, 02:47:33, Serial0/0,最后到直连10.1.12.0 is directly connected, Serial0/0
18.2.3 试验3:EBGP多跳
如R3和R4也通过LOOPBACK建立邻居关系。
R3(config)#router bgp 123
R3(config-router)#no neighbor 10.1.34.4
R4(config)#router bgp 400
R4(config-router)#no neighbor 10.1.34.3
R3(config)#router bgp 123
R3(config-router)#neighbor 4.4.4.4 remote-as 400
R3(config-router)#neighbor 4.4.4.4 update-source loopback 0
R3(config)#ip route 4.4.4.0 255.255.255.0 serial 0/1
告知怎么去R4的loopbakc地址
R4(config)#router bgp 400
R4(config-router)#neighbor 3.3.3.3 remote-as 123
R4(config-router)#neighbor 3.3.3.3 update-source loopback 0
R4(config)#ip route 0.0.0.0 0.0.0.0 10.1.34.3
默认路由回程
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 3, main routing table version 3
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 123 171 174 3 0 0 02:47:12 0
4.4.4.4 4 400 0 0 0 0 0 never Idle
此时是IDLE状态
R3(config)#router bgp 123
R3(config-router)#neighbor 4.4.4.4 ebgp-multihop 2
R4(config)#router bgp 400
R4(config-router)#neighbor 3.3.3.3 ebgp-multihop 2
R4#show ip bgp summary
BGP router identifier 4.4.4.4, local AS number 400
BGP table version is 3, main routing table version 3
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 123 4 5 3 0 0 00:00:14 0
此时建立正常了
R3#show ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r> 4.4.4.0/24 4.4.4.4 0 0 400 i
r装表失败,
R3上到4.4.4.4有EBGP的路由,还有静态路由,静态路由AD值小,导致EBGP被抑制。
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/129] via 10.1.23.2, 03:02:43, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.23.2, 03:02:43, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
S 4.4.4.0 is directly connected, Serial0/1
10.0.0.0/24 is subnetted, 3 subnets
O 10.1.12.0 [110/128] via 10.1.23.2, 03:02:43, Serial0/0
C 10.1.23.0 is directly connected, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1
R3(config)#no ip route 4.4.4.0 255.255.255.0
R3(config)#ip route 4.4.4.4 255.255.255.255 serial 0/1
为了避免冲突
R3#show ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 4.4.4.4 0 0 400 i
这回就是最佳路由了。
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/129] via 10.1.23.2, 03:06:51, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.23.2, 03:06:51, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 4.4.4.4/32 is directly connected, Serial0/1
B 4.4.4.0/24 [20/0] via 4.4.4.4, 00:00:36
10.0.0.0/24 is subnetted, 3 subnets
O 10.1.12.0 [110/128] via 10.1.23.2, 03:06:53, Serial0/0
C 10.1.23.0 is directly connected, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1.
此时R1就有路由了,递归路由
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.12.2, 03:08:11, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 10.1.12.2, 03:08:11, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
B 4.4.4.0 [200/0] via 3.3.3.3, 00:01:56
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
O 10.1.23.0 [110/128] via 10.1.12.2, 03:08:13, Serial0/0
18.2.4 试验4:路由黑洞
但此时R1依旧PING不同R4,症结在R2,R2仅仅中转,
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.12.1, 03:09:54, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 10.1.23.3, 03:09:54, Serial0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
R2上没有4.4.4.4的路由,R2上出现了黑洞,让R2也跑BGP,和R1,R3建立BGP
R1(config)#router bgp 123
R1(config-router)#neighbor 2.2.2.2 remote-as 123
R1(config-router)#neighbor 2.2.2.2 update-source loopback 0
R2(config)#router bgp 123
R2(config-router)#neighbor 1.1.1.1 remote-as 123
R2(config-router)#neighbor 1.1.1.1 update-source loopback 0
R2(config-router)#neighbor 3.3.3.3 remote-as 123
R2(config-router)#neighbor 3.3.3.3 update-source loopback 0
R3(config)#router bgp 123
R3(config-router)#neighbor 2.2.2.2 remote-as 123
R3(config-router)#neighbor 2.2.2.2 update-source loopback 0
建立全互联,两两之间建立IBGP
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 1, main routing table version 1
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/0 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 123 5 4 1 0 0 00:01:25 0
3.3.3.3 4 123 5 4 1 0 0 00:00:33 1
此时R2依旧没有4.4.4.4最佳路由
R3(config)#router bgp 123
R3(config-router)#neighbor 2.2.2.2 next-hop-self
R2#show ip bgp
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 3.3.3.3 0 100 0 400 i
有最佳路由了
R2#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/61/68 ms
通了
R1#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/96/108 ms
通了
18.2.5 试验4:水平分割
去除R1和R3的连接
R1(config)#router bgp 123
R1(config-router)#no neighbor 3.3.3.3
R3(config)#router bgp 123
R3(config-router)#no neighbor 1.1.1.1
R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 123
BGP table version is 9, main routing table version 9
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 123 8 9 9 0 0 00:05:02 0
R1只有和R2的连接了
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 123 9 8 2 0 0 00:05:18 0
3.3.3.3 4 123 10 8 2 0 0 00:04:26 1
R2有和R1、R3的连接
R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 123
BGP table version is 8, main routing table version 8
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 123 8 10 8 0 0 00:04:58 0
4.4.4.4 4 400 22 21 8 0 0 00:17:56 1
R3也没有和R1的IBGP连接了,
R1#show ip bgp
此时R1的BGP表没有任何前缀
R2#show ip bgp
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 3.3.3.3 0 100 0 400 i
而R2有BEST优化的,但是没有给R1,在于水平分割原则导致的,R2从R3收到的不更新给R1。
18.2.6 重置
硬重置方式比较野蛮,*表示断开本地所有BGP连接。重新发路由更新,建立邻居,不太建议使用该方式。特别是在线设备,禁止使用
软重置不会重建和拆除连接,另种方式,分为出站和入站
发送UPDATE消息,触发更新,因为BGP没有周期性更新,希望策略立即生效时可以使用。
18.2.7 查看BGP表
18.2.7.1 邻居表:show ip bgp summary
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 123
BGP table version is 1, main routing table version 1
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/0 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 123 39 39 1 0 0 00:36:47 0
3.3.3.3 4 123 40 39 1 0 0 00:36:41 1
有两个IGP邻居,AS号一样。
18.2.7.2 BGP表:show ip bgp
R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 4.4.4.4 0 0 400 i
只有一个条目,只引入一条。因为BGP一条就是一个AS
18.2.7.3 路径信息:show ip bgp ip地址
R3#show ip bgp 4.4.4.0
BGP routing table entry for 4.4.4.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
2 3
400
4.4.4.4 from 4.4.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external, best
18.2.7.4 查看
18.3 BGP路径属性
BGP不是所有场合都使用,BGP有一个强大的策略工具集合和属性库,
18.3.1 分类
BGP抓包
18.3.2 WEIGHT
本路由器有效,权重值是自己认为
R4#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
R4本地始发,权重WEIGHT为32768
R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 4.4.4.4 0 0 400 i
从R4学到的BGP,权重为0
18.3.3 LOCAL PREFERENCE
此处的本地指的是本地AS,在AS内部发挥作用。只能发给IBGP邻居,不能发给EBGP。
如A和B收到外部1.1.1.0的路由,通过AB传给C,C从AB收到1.1.1.0的路由更新,AB收到1.1.1.0路由时,是外部AS,所以是不携带LP的,AB传给C时会赋值默认值100,LP相等的情况下就无法权衡了。这时可以再A上做策略,利用ROUTE-MAP策略,A发送UPDATE消息时,做LP设为200的动作,这时C优选A出去。
R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 4.4.4.4 0 0 400 i
R3从R4收到的LP值为空,因为不属于同一个AS。
R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 3.3.3.3 0 100 0 400 i
R3给R1时,默认LP为100。
18.3.4 AS-PATH
- 作用1:衡量到目的地距离远近的标志,到目的地的跳数,一个AS为一跳
- 作用2:确保无环,携带的路由出现了本地AS号,说明环了
AS_SEQUENCE有序列表,400去往,先经过300,达到100
AS-SET常见于做了汇总场合,防环。
汇总路由可能会丢失明细:4个AS,R1,R2更新给R3,R3做了路由汇总成一条,默认情况下,R3在本地生成一条新的路由,R4就会认为这条路由是R3产生的,丢失了明细的路径属性。这时如果R4和R2连接,将信息同步给R2,里面只有300和400,美哦与200,R2就接受,从而产生环路。
BGP汇总时,允许手动增加关键字AS-SET,新产生的汇总路由将会继承之前的明细,汇总路由会继承AS-PATH属性,形式为R3给R4更新时,会加上自己的AS号,同时会保留之前的AS号100和200,这时到底是100排前面还是200排前面,没法定夺,而且也不重要。主要是基于放环,顺序不重要。即格式300{100,200}。其中100,200可以是无序的,只是为了放环。这时如果R4试图传给R1S时,就是400,300{100,200},R1收到后,发现AS-PATH里面有100,和本地的AS号重复,存在环路,则忽略。起到放环的目的。
抓包可以看到AS-PATH包含两部分,AS-sequence和AS-SET,300{100,200}。
R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 3.3.3.3 0 100 0 400 i
R1去往R4,AS-PATH为400,先要达到400。
18.3.5 Origin
路由的起源,标记路由是从什么途径引入BGP进程。
R4(config)#interface loopback 1
R4(config-if)#ip address 44.4.4.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#access-list 44 per 44.4.4.0
R4(config)#route-map test
R4(config-route-map)#match ip address 44
R4(config-route-map)#exit
R4(config)#router bgp 400
R4(config-router)#redistribute connected route-map test
R4#show ip bgp
BGP table version is 3, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
*> 44.4.4.0/24 0.0.0.0 0 32768 ?
44.4.4.0路由本地WEIGHT为32768,PATH为空,本地始发。?为ORIGIN,表示INCOMPLETE,路由重发布进BGP后,ORIGIN为一个?,传递给其他邻居也是一个?,如下
R3#show ip bgp
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 4.4.4.4 0 0 400 i
*> 44.4.4.0/24 4.4.4.4 0 0 400 ?
ORIGION也可以影响路由优先,I>E>?。
BGP表示例。
18.3.6 MED
BGP的度量值。IGP为METIC度量值,而BGP有多个度量值,MED只是众多属性中的一个。
在AS之间影响流量,LP为内部影响流量,而MED用于AS间影响进入AS的流量。
两个不同的AS,就不比较MED值。
R3#show ip bgp
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 4.4.4.4 0 0 400 i
*> 44.4.4.0/24 4.4.4.4 0 0 400 ?
此处METRIC值就是MED值,R4发布的两条默认值都是0
18.3.7 NEXT_HOP
去往某一条路由前缀标识的目的地。
如果从EBGP收到路由更新,路由的下一跳更新的邻居接口地址。前提EBGP邻居关系使用直连接口建的。
当R2从R1收到后,传递给R3时,NEXT-HOP将原封不动的传递给IBGP邻居。告诉AS内路由去,去往其他AS的路由应该找哪个入口。此时R2需要知道怎么去R1,否则R3不知道去往R1的,就认为不是最佳路由,不使用。之前讲的三种方法。
- 方法1:R3本地配静态路由,不科学
- 方法2:R2将互联路由重发布进IGP,让R3学到。
- 方法3:在R2上对R3做NEXT-HOP-SELF。这样就会把NEXT-HOP改为R2,R3就知道怎么走了。
R2和R3间IBGP邻居关系,R2上运行了OSPF协议,R2将两个OSPF的邻居路由学到了,R2使用NETWORK或者重发布的方式把OSPF这两条路由引入了BGP,给了R3,这是引入的路由NEXT-HOP属性将会继承在OSPF中的下一跳。
18.3.8 COMMUNITY
18.3.9 Atomic_Aggregate|aggregator
R3上有4条明细,R3做了手动汇总,如上命令。如果不加SUMMARY-ONLY的话,R3会放行4条明细,并加上一条路由汇总。加上后,R3只会更新汇总路由给R4,R4收到汇总后,是一条由R3产生的全新汇总路由,这时R4收到后,AS-PATH只有300,没有任何明细信息,R4会认为是R3产生的路由,容易导致路由环路。
这时需要告诉R4这是一条汇总路由,以及是在哪汇总的。如R3汇总,地址为3.3.3.3