BGP路由策略实验
一.实验拓扑图
二、实验要求
1.互联链路配置及测试
2.AS65001和AS65002的IGP配置及测试(修改以太网接口网络类型为P2P,修改R2、R3间OSPF链路开销为10,请不要将AS65001的业务网段发布进IGP)。
3.按图示建立BGP邻居关系,并查看BGP邻居表(请不要忘记针对IBGP邻居修改更新源和下一跳)。
4.在R1、R2、R3、R4上用BGP发布各自AS的业务网段路由(Loop1)
5.查看各台路由器的BGP路由表和IP转发表,查看是否有去往其他AS业务网段的路由。请分析R6的BGP路由表中的最优BGP路由是如何选择的?
6.测试各业务网段间的连通性。
7.在合适的位置上通过修改Local-Pre值实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4,使用Tracert命令测试。
8. 还原第7步的配置后,在合适的位置上通过修改MED值实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4使用Tracert命令测试。
三、实验过程
[R1]bgp 65001
[R1-bgp]peer 10.0.1.6 as-num 65002
[R1-bgp]peer 4.4.4.4 as-num 65002
[R1-bgp]peer 4.4.4.4 connect-int lo0
[R1-bgp]peer 4.4.4.4 next-hop-lo
[R4]bgp 65001
[R4-bgp]peer 10.0.1.10 as-num 65002
[R4-bgp]peer 1.1.1.1 as-num 65001
[R4-bgp]peer 1.1.1.1 connect-int lo0
[R4-bgp]peer 1.1.1.1 next-hop-lo
[R2]bgp 65002
[R2-bgp]peer 10.0.1.5 as-num 65001
[R2-bgp]group rr internal
[R2-bgp]peer rr next-hop-lo
[R2-bgp]peer rr connect-int lo0
[R2-bgp]peer 3.3.3.3 group rr
[R2-bgp]peer 5.5.5.5 group rr
[R2-bgp]peer 6.6.6.6 group rr
[R3]bgp 65002
[R3-bgp]peer 10.0.1.9 as-num 65001
[R3-bgp]group nn internal
[R3-bgp]peer nn next-hop-lo
[R3-bgp]peer nn connect-int lo0
[R3-bgp]peer 2.2.2.2 group nn
[R3-bgp]peer 5.5.5.5 group nn
[R3-bgp]peer 6.6.6.6 group nn
[R5]bgp 65002
[R5-bgp]group mm internal
[R5-bgp]peer mm next
[R5-bgp]peer mm next-hop-local
[R5-bgp]peer mm con
[R5-bgp]peer mm connect-interface lo0
[R5-bgp]peer 2.2.2.2 group mm
[R5-bgp]peer 3.3.3.3 group mm
[R5-bgp]peer 6.6.6.6 group mm
[R6]bgp 65002
[R6-bgp]group ii internal
[R6-bgp]peer ii ne
[R6-bgp]peer ii next-hop-local
[R6-bgp]peer ii con
[R6-bgp]peer ii connect-interface lo0
[R6-bgp]peer 2.2.2.2 group ii
[R6-bgp]peer 5.5.5.5 group ii
[R6-bgp]peer 3.3.3.3 group ii
[R6-bgp]
[R2-bgp]net 10.10.5.1 32
[R2-bgp]net 10.10.6.1 32
[R2-bgp]
[R3-bgp]net 10.10.5.1 32
[R3-bgp]net 10.10.6.1 32
[R3-bgp]
[R1-bgp]net 10.30.1.1 32
[R4-bgp]net 10.40.4.1 32
[R2]bgp 65002
[R2-bgp]peer 10.0.1.5 route-po lp import
[R2-bgp]q
[R2]route-po lp permit node 10
New Sequence of this List
[R2-route-policy]if-m acl 2003
[R2-route-policy]apply local-pre 300
[R2-route-policy]qui
[R2]acl num 2003
[R2-acl-basic-2003]rule permit source 10.30.1.1 0.0.0.0
[R2-acl-basic-2003]qui
问题:
1.BGP发言者network的路由以及自己使用的路由才会发布到对等体
2.BGP路由表里可用与最优是什么意思?
最优的一定是可用的,可用的不一定是最优的。
在R3上(BGP里)network3.3.3.3 32 之后
[R4]dis ip rout
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/0
10.0.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/1
10.0.1.9/32 Direct 0 0 127.0.0.1 InLoop0
10.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R4] dis bgp rout
Total Number of Routes: 2
BGP Local router ID is 10.40.4.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 3.3.3.3/32 10.0.1.10 0 0 65002i
*> 10.40.4.1/32 0.0.0.0 0 0 i
Total Number of Routes: 3
BGP Local router ID is 10.10.5.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
i 3.3.3.3/32 3.3.3.3 0 100 0 i
*>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i
*>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i
Routing Tables: Public
Destinations : 17 Routes : 20
Destination/Mask Proto Pre Cost NextHop Interface
2.2.2.2/32 OSPF 10 10 10.0.1.17 Eth0/1/0
3.3.3.3/32 OSPF 10 20 10.0.1.17 Eth0/1/0
OSPF 10 20 10.0.1.26 Eth0/1/2
5.5.5.5/32 Direct 0 0 127.0.0.1 InLoop0
6.6.6.6/32 OSPF 10 10 10.0.1.26 Eth0/1/2
10.0.1.4/30 OSPF 10 20 10.0.1.17 Eth0/1/0
10.0.1.8/30 OSPF 10 30 10.0.1.17 Eth0/1/0
OSPF 10 30 10.0.1.26 Eth0/1/2
10.0.1.12/30 OSPF 10 20 10.0.1.17 Eth0/1/0
10.0.1.16/30 Direct 0 0 10.0.1.18 Eth0/1/0
10.0.1.18/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.20/30 OSPF 10 20 10.0.1.26 Eth0/1/2
10.0.1.24/30 Direct 0 0 10.0.1.25 Eth0/1/2
10.0.1.25/32 Direct 0 0 127.0.0.1 InLoop0
10.10.5.1/32 Direct 0 0 127.0.0.1 InLoop0
10.30.1.1/32 BGP 255 0 2.2.2.2 Eth0/1/0
10.40.4.1/32 BGP 255 0 3.3.3.3 Eth0/1/0
BGP 255 0 3.3.3.3 Eth0/1/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R3]dis ip rout
Routing Tables: Public
Destinations : 18 Routes : 19
Destination/Mask Proto Pre Cost NextHop Interface
2.2.2.2/32 OSPF 10 10 10.0.1.13 S0/2/0
3.3.3.3/32 Direct 0 0 127.0.0.1 InLoop0
5.5.5.5/32 OSPF 10 20 10.0.1.13 S0/2/0
OSPF 10 20 10.0.1.22 Eth0/1/1
6.6.6.6/32 OSPF 10 10 10.0.1.22 Eth0/1/1
10.0.1.4/30 OSPF 10 20 10.0.1.13 S0/2/0
10.0.1.8/30 Direct 0 0 10.0.1.10 Eth0/1/3
10.0.1.10/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.12/30 Direct 0 0 10.0.1.14 S0/2/0
10.0.1.13/32 Direct 0 0 10.0.1.13 S0/2/0
10.0.1.14/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.16/30 OSPF 10 20 10.0.1.13 S0/2/0
10.0.1.20/30 Direct 0 0 10.0.1.21 Eth0/1/1
10.0.1.21/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.24/30 OSPF 10 20 10.0.1.22 Eth0/1/1
10.30.1.1/32 BGP 255 0 2.2.2.2 S0/2/0
10.40.4.1/32 BGP 255 0 10.0.1.9 Eth0/1/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R3]dis bgp rout
Total Number of Routes: 3
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 3.3.3.3/32 0.0.0.0 0 0 i
*>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i
*> 10.40.4.1/32 10.0.1.9 0 0 65001i
3.R1和R4互相收不到路由。
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.0/30 Direct 0 0 10.0.1.1 Eth0/1/2
10.0.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.4/30 Direct 0 0 10.0.1.5 Eth0/1/0
10.0.1.5/32 Direct 0 0 127.0.0.1 InLoop0
10.10.5.1/32 BGP 255 10 10.0.1.6 Eth0/1/0
10.30.1.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.3/32 BGP 255 0 10.0.1.10 Eth0/1/1
4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/0
10.0.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/1
10.0.1.9/32 Direct 0 0 127.0.0.1 InLoop0
10.10.5.1/32 BGP 255 20 10.0.1.10 Eth0/1/1
10.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
查看邻居是否建立
BGP local router ID : 10.30.1.1
Local AS number : 65001
Total number of peers : 2 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
4.4.4.4 4 65002 0 0 0 0 00:45:19 Active
10.0.1.6 4 65002 49 61 0 1 00:44:48 Established
BGP local router ID : 10.40.4.1
Local AS number : 65001
Total number of peers : 2 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 4 65001 0 0 0 0 01:02:43 Active
10.0.1.10 4 65002 84 84 0 2 01:02:11 Established
邻居未建立,停在了Active状态。为什么。
排错:BGP邻居通过对比open消息建立连接关系,并进行了参数协商。内容包括:BGP版本号,自己所属的AS号,路由器ID,hold time值、认证信息。
1) 于是首先发现R1配对等体时AS号错了。改正之后还是不行。
2)后来发现建邻居用的是loopback接口,TCP三次握手需要路由才能到,由于没有到对方loopback口的路由,所以无法建立TCP连接,所以建立不了邻居。
配了到各自的静态的路由之后,可以建立邻居。
问题,不配静态路由,R1,R4能否通过跨越AS 65002建邻居。前提在BGP里network了loopback网段。
[R1]undo ip rout 10.40.4.1 255.255.255.255 10.0.1.2
[R1]dis bgp peer
BGP local router ID : 10.30.1.1
Local AS number : 65001
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.0.1.6 4 65002 246 315 0 1 03:58:23 Established
10.40.4.1 4 65001 25 19 0 2 00:15:15 Established
[R1]
(BGP连接隔了一两分钟才断开,可以通过重启进程)
%Aug 31 15:29:07:438 2012 R1 RM/3/RMLOG:
BGP.: 10.40.4.1 State is changed from ESTABLISHED to IDLE.
[R1]
[R1]
[R1]dis bgp peer
BGP local router ID : 10.30.1.1
Local AS number : 65001
Total number of peers : 2 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.0.1.6 4 65002 250 320 0 1 04:02:01 Established
10.40.4.1 4 65001 0 0 0 0 00:01:51 Active
4.R4 ping 10.10.5.1 要带源ping,并且源是在BGP里发布了的10.40.4.1 ,否则不通,因为要保证对端有回来的路由。
traceroute to 10.10.5.1(10.10.5.1) 30 hops max,40 bytes packet, press CTRL_C to break
1 10.0.1.1 4294967291 ms 20 ms <1 ms
2 10.0.1.6 10 ms 20 ms 20 ms
3 10.10.5.1 30 ms 25 ms 5 ms
traceroute to 10.40.4.1(10.40.4.1) 30 hops max,40 bytes packet, press CTRL_C to break
1 10.0.1.26 30 ms 10.0.1.17 4 ms 10.0.1.26 15 ms
2 10.0.1.14 15 ms 10.0.1.21 25 ms 10.0.1.14 21 ms
3 10.40.4.1 14 ms 10 ms 35 ms
5.修改路由信息属性来控制数据流方向
修改local-pre值,实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4,使用Tracert命令测试。
1) local-pre该配在哪里?根据BGP的路由选路规则,R2,R3,R5去往10.30.1.1的路径都是R1-R2
现在只有
[R2]acl num 2003
[R2-acl-basic-2003]rule 1 permit source 10.30.1.1 0.0.0.0
[R2-acl-basic-2003]q
[R2]route-policy R1-R2 permit node 10
New Sequence of this List
[R2-route-policy]if-match acl 2003
[R2-route-policy]apply local-pre 200
[R2-route-policy]q
[R2]bgp 65002
[R2-bgp]peer 10.0.1.5 route-policy R1-R2 import
[R3]acl num 2003
[R3-acl-basic-2003]rule 1 permit source 10.40.4.1 0.0.0.0
[R3-acl-basic-2003]q
[R3]route-policy R3-R4 permit node 10
New Sequence of this List
[R3-route-policy]if-match acl 2003
[R3-route-policy]apply ?
as-path Prepend the as-path string to the AS path
comm-list Set BGP community list (for deletion)
community BGP community attribute
cost Set cost of the matched route
cost-type Type of metric for destination routing protocol
extcommunity BGP extended community attribute
ip-address IP information
ipv6 IPv6 Information
isis IS-IS routing protocol defined by ISO
local-preference BGP local preference
mpls-label Match MPLS label
origin BGP origin code
preference Give the Preference (Route Preference)
preferred-value BGP Preferred-value (weight) for routing table
tag Set tag of route
[R3-route-policy]apply local-pre 300
[R3-route-policy]q
[R3]bgp 65002
[R3-bgp]peer 10.0.1.9 route-policy R3-R4 ?
export Specify export policy
import Specify import policy
[R3-bgp]peer 10.0.1.9 route-policy R3-R4 import
修改后的效果
Total Number of Routes: 7
BGP Local router ID is 6.6.6.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
i 3.3.3.3/32 3.3.3.3 0 100 0 i
* i 10.10.5.1/32 2.2.2.2 10 100 0 i
* i 3.3.3.3 20 100 0 i
* i 10.10.6.1/32 3.3.3.3 10 100 0 i
* i 2.2.2.2 20 100 0 i
*>i 10.30.1.1/32 2.2.2.2 0 200 0 65001i
*>i 10.40.4.1/32 3.3.3.3 0 300 0 65001i
6.
Total Number of Routes: 8
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
i 3.3.3.3/32 3.3.3.3 0 100 0 i
*> 10.10.5.1/32 0.0.0.0 10 0 i
* i 3.3.3.3 20 100 0 i
*> 10.10.6.1/32 0.0.0.0 20 0 i
*> 0.0.0.0 20 0 i
* i 3.3.3.3 10 100 0 i
*> 10.30.1.1/32 10.0.1.5 0 200 0 65001i
*>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i
这里的i是指从本自治系统收到的。
疑问:为什么R2收不到来自R1发来的10.40.4.1这条路由?
R3也收不到来自R4发来的10.30.1.1这条路由?
原因是:原来配错了,导致R1与R4邻居建立不起来。
[R3]dis bgp rout
Total Number of Routes: 10
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 3.3.3.3/32 0.0.0.0 0 0 i
*> 10.10.5.1/32 0.0.0.0 20 0 i
*> 0.0.0.0 20 0 i
* i 2.2.2.2 10 100 0 i
*> 10.10.6.1/32 0.0.0.0 10 0 i
* i 2.2.2.2 20 100 0 i
*> 10.30.1.1/32 10.0.1.9 0 65001i
* i 2.2.2.2 0 100 0 65001i
*> 10.40.4.1/32 10.0.1.9 0 0 65001i
* i 2.2.2.2 100 0 65001i
Total Number of Routes: 10
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
i 3.3.3.3/32 3.3.3.3 0 100 0 i
*> 10.10.5.1/32 0.0.0.0 10 0 i
* i 3.3.3.3 20 100 0 i
*> 10.10.6.1/32 0.0.0.0 20 0 i
*> 0.0.0.0 20 0 i
* i 3.3.3.3 10 100 0 i
*> 10.30.1.1/32 10.0.1.5 0 0 65001i
* i 3.3.3.3 100 0 65001i
*> 10.40.4.1/32 10.0.1.5 0 65001i
* i 3.3.3.3 0 100 0 65001i
2) 配置MED值
[R2]acl num 2004
[R2-acl-basic-2004]rule 1 permit source
%Aug 31 22:04:15:00 2012 R2 RM/3/RMLOG:
BGP.: 6.6.6.6 State is changed from OPENCONFIRM to ESTABLISHED.
10.40.4.1 0.0.0.0
[R2-acl-basic-2004]q
[R2]
%Aug 31 22:04:35:968 2012 R2 RM/3/RMLOG:
BGP.: 5.5.5.5 State is changed from OPENCONFIRM to ESTABLISHED.
[R2]route-policy R3-R4 permit node 10
New Sequence of this List
[R2-route-policy]if-match acl 2004
[R2-route-policy]apply cost 100
[R2]bgp 65002
[R2-bgp]peer 10.0.1.5 route-policy R3-R4 import
[R3]acl num 2004
[R3-acl-basic-2004]rule 1 permit source 10.30.1.1 0.0.0.0
[R3-acl-basic-2004]q
[R3]
[R3]route-policy R3-R4 permit node 10
New Sequence of this List
[R3-route-policy]if-match acl 2004
[R3-route-policy]apply cost 100
[R3]bgp 65002
[R3-bgp]peer 10.0.1.5 route-policy R1-R2 import
模拟器问题,敲下apply cost 100,自动关闭了路由器的模拟窗口?
只在各自上配一条就行了,相对提高值!
四、实验总结
小结: 1.有些路由会显示本地优先级,有些不会,是因为没有发过来?
2.BGP发言者只将自己使用的路由(BGP路由表里的路由)发布给对等体
3.只有在自己全局路由表里存在有的路由,才能通告BGP network 出去!
4.H3C MSR路由器默认关闭了同步,R3上从R5上收到了10.10.5.1的路由,会直接发给自己EBGP R4,由于R3所在区域配置了全互联,所以不会产生路由“黑洞”。
5.全局路由表里显示的直连网段下一跳是自己的出接口
6.EBGP之间建邻居为什么用物理接口?IBGP之间建邻居为什么用loopback0接口?
7.断开R1、R4的连接关系、10.40.4.1 这条路由不会发给R1,因为防环机制,AS号重复了。