关于BGP协议的一些认识

1.BGP为了保证可靠性使用TCP作为其承载协议,使用TCP 179号端口号,可跨越多跳路由器建立邻居关系。
2.由于使用单播建立连接使BGP只能手动制定邻居。
3.AS编号:09年1月之前:公有1-64511,私有64512-65534
09年1月之后:4字节表示AS,65536-4294967295。
4.BGP分为两种:EBGP用于建立不同AS中的路由器之间的邻居关系,IBGP用于建立同一AS中路由器之间的邻居关系。
5.BGP路由生成方式有两种:
一Network,逐条引入,将IP路由表中的已经存在的路由引入BGP路由表中;
二Import,适用于路由条目较多,根据路由类型(OSPF,Direct,static)引入。
6.BGP路由通告四原则:
一、只将自己最优路由发布给邻居;
二、将通过从EBGP获得的最优路由发布给所有BGP邻居;
三、通过IBGP获得最优路由不发布给IBGP邻居(为防环路产生);
四、BGP与IGP同步(一条从IBGP邻居学到的路由在发布给一个BGP邻居之前,通过IGP必须知道该路由);
7.配置BGP之前必须先配置IGP.
8.华为路由器中默认BGP和IGP的同步检查是关闭的,可以直接通告,不需直接打开。
9.BGP的四大属性:公认:所有BGP路由器必须识别并支持的属性 可选:不必所有路由器都能识别的属性
Well-known Mandatory(公认必遵):Origin、AS-Path、Next-hop 必须包含在Update消息中
Well-known Discretionatory(公认可选):Local-Pre、Atomic-aggregate 不必包含在Update消息中
Optional Transitive(可选过渡):Aggregator、Community 路由器不能识别但是可以接受并转发
Optional Non-Transitive(可选非过渡):MED 可以忽略并不转发
10.Local-Pre属性只在IBGP之间有效,判断离开AS时最优路由,默认100,越大越优先。
11.MED属性仅在相邻两个AS之间传递,判断进入AS的最佳路由,默认为0,越小越优先。
12.Community属性:团体属性,用来区分不同网段的用户。
13.BGP路由聚合中一是将多条路由聚合成一条路有减轻了路由器负担,二是隐藏了AS-Path信息易产生环路。
14.自动聚合只对import入BGP中的路由进行聚合,然后发给邻居。
配置IBGP和EBGP
关于BGP协议的一些认识_第1张图片
R1:

#
router id 10.0.1.1
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.14.1 255.255.255.0 
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.12.1 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.1.1 255.255.255.255 
#
bgp 64512
 timer keepalive 30 hold 90                    //设置keepalive和hold时间
 peer 10.0.2.2 as-number 64512                 //建立IBGP对等体关系
 peer 10.0.2.2 connect-interface LoopBack0
 //建立IBGP关系一般使用loopback0口,但是loopback0是虚拟接口,需要强制指定使用此接口建立关系       
 peer 10.0.3.3 as-number 64512 
 peer 10.0.3.3 connect-interface LoopBack0
 peer 10.0.4.4 as-number 64513                 //建立EBGP对等体关系
 peer 10.0.4.4 ebgp-max-hop 2                  
 //若使用loopback口建立EBGP连接必须配置此命令,因为loopback口是虚拟的且非直连,默认情况下通过物理接口建立连接
 peer 10.0.4.4 connect-interface LoopBack0     //使用loopback口就得强制指定
#
 ipv4-family unicast
  undo synchronization
  peer 10.0.2.2 enable
  peer 10.0.2.2 next-hop-local                 
  //由BGP属性Next_hop的性质,当BGP路由器向IBGP邻居通告从EBGP学到的路由时不改变下一跳,只有配置此条命令才能让IBGP邻居学到正确的下一跳
  peer 10.0.3.3 enable
  peer 10.0.3.3 next-hop-local 
  peer 10.0.4.4 enable
#
ospf 1 
 area 0.0.0.0 
  network 10.0.1.1 0.0.0.0 
  network 10.0.12.1 0.0.0.0 
#
ip route-static 10.0.4.4 255.255.255.255 10.0.14.4     
//因为R1和R4通过loopback口建立EBGP关系,而loopback口非直连,故通过配置静态路由为BGP服务,使BGP在发布路由时能发布正确的下一跳信息
#

R2:

#
router id 10.0.2.2
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.23.2 255.255.255.0 
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.12.2 255.255.255.0
 #
interface LoopBack0
 ip address 10.0.2.2 255.255.255.255 
#
bgp 64512
 peer 10.0.1.1 as-number 64512 
 peer 10.0.1.1 connect-interface LoopBack0
 peer 10.0.3.3 as-number 64512 
 peer 10.0.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 10.0.1.1 enable
  peer 10.0.3.3 enable
#
ospf 1 
 area 0.0.0.0 
  network 10.0.2.2 0.0.0.0 
  network 10.0.12.2 0.0.0.0 
  network 10.0.23.2 0.0.0.0
#

R3:

#
router id 10.0.3.3
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.23.3 255.255.255.0 
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.35.3 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.3.3 255.255.255.255 
#
bgp 64512
 peer 10.0.1.1 as-number 64512 
 peer 10.0.1.1 connect-interface LoopBack0
 peer 10.0.2.2 as-number 64512 
 peer 10.0.2.2 connect-interface LoopBack0
 peer 10.0.35.5 as-number 64514               //通过物理链路建立EBGP关系
 #
 ipv4-family unicast
  undo synchronization
  peer 10.0.1.1 enable
  peer 10.0.1.1 next-hop-local 
  peer 10.0.2.2 enable
  peer 10.0.2.2 next-hop-local 
  peer 10.0.35.5 enable
#
ospf 1 
 area 0.0.0.0 
  network 10.0.3.3 0.0.0.0 
  network 10.0.23.3 0.0.0.0 
#

R4:

#
router id 10.0.4.4
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.14.4 255.255.255.0
 #
interface LoopBack0
 ip address 10.0.4.4 255.255.255.255 
#
interface LoopBack1
 ip address 10.1.4.4 255.255.255.0 
 #
bgp 64513
 peer 10.0.1.1 as-number 64512 
 peer 10.0.1.1 ebgp-max-hop 2 
 peer 10.0.1.1 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.4.0 255.255.255.0              //把相应网段引入BGP路由中
  peer 10.0.1.1 enable
#
ip route-static 10.0.1.1 255.255.255.255 10.0.14.1
#

R5:

#
router id 10.0.5.5
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.35.5 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.5.5 255.255.255.255 
#
interface LoopBack1
 ip address 10.1.5.5 255.255.255.0 
#
bgp 64514
 peer 10.0.35.3 as-number 64512 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.5.0 255.255.255.0 
  peer 10.0.35.3 enable
#

配置完成后,10.1.5.5可以和10.1.4.4通过BGP通信。各路由器之间单纯建立邻居关系不能实现跨路由器的通信(使用了IGP的路由器之间可以通信),只有将想通信的网段发布进BGP路由中,发布的路由网段之间才能实现通信,而其他网段之间不能通信。
BGP路由汇总
路由聚合方式有三种:
一是静态路由聚合
首先在通告聚合路由的路由器上配置一条静态路由:ip route-static 聚合路由目的网段 聚合路由掩码 NULL0,之所以配置一条黑洞路由是为了防环路产生。
然后用network命令通告入BGP路由中,之后可以使用ip ip-prefix命令过滤掉明细路由。
二是手动聚合,使用aggregate命令。使用了手动聚合后会在IP路由表中自动生成一条与静态聚合相同的黑洞路由,防环路产生。
三是自动聚合,使用summary-automatic命令,自动聚合只对import入的路由有用。
关于BGP协议的一些认识_第2张图片
R1:

#
router id 10.1.1.1
#
acl number 2000  
 rule 0 permit source 10.1.0.0 0.0.255.255 
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.12.1 255.255.255.0 
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.14.1 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.15.1 255.255.255.0 
#
interface LoopBack0
 ip address 10.1.1.1 255.255.255.255
 #
bgp 64513
 peer 10.0.12.2 as-number 64514                 //使用物理链路建立邻居关系
 peer 10.0.14.4 as-number 64512 
 peer 10.0.15.5 as-number 64516 
#
 ipv4-family unicast
  undo synchronization
  aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed 
  //路由聚合后AS-Path属性被丢弃,as-set命令添加入path信息,防环路;detail-suppressed命令过滤掉汇总后的明细路由,只通告汇聚路由
  network 10.1.1.1 255.255.255.255 
  peer 10.0.12.2 enable
  peer 10.0.14.4 enable
  peer 10.0.14.4 advertise-community      //默认不通告团体属性,此命名配置通告团体属性
  peer 10.0.15.5 enable
#
route-policy r1 permit node 10            //配置路由策略加入团体属性
 if-match acl 2000 
 apply community 100:2 
#

R2:

#
router id 10.1.2.2
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.12.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.23.2 255.255.255.0
 #
interface LoopBack0
 ip address 10.1.2.2 255.255.255.255 
#
bgp 64514
 peer 10.0.12.1 as-number 64513 
 peer 10.0.23.3 as-number 64515 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.2.2 255.255.255.255 
  peer 10.0.12.1 enable
  peer 10.0.23.3 enable
#

R3:

#
router id 10.1.3.3
#
interface GigabitEthernet0/0/0
 ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
 ip address 10.1.3.3 255.255.255.255 
#
bgp 64515
 peer 10.0.23.2 as-number 64514 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.3.3 255.255.255.255 
  peer 10.0.23.2 enable
#

R4:

#
router id 10.0.4.4
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.14.4 255.255.255.0
#
interface LoopBack0
 ip address 10.0.4.4 255.255.255.255 
#
bgp 64512
 peer 10.0.14.1 as-number 64513 
 #
 ipv4-family unicast
  undo synchronization
  network 10.0.4.4 255.255.255.255 
  peer 10.0.14.1 enable
#

R5:

#
router id 10.1.5.5
#
acl number 2000  
 rule 0 permit source 10.1.5.5 0
#
interface GigabitEthernet0/0/0
 ip address 10.0.15.5 255.255.255.0
#
interface LoopBack0
 ip address 10.1.5.5 255.255.255.255 
#
bgp 64516
 peer 10.0.15.1 as-number 64513 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.5.5 255.255.255.255 
  peer 10.0.15.1 enable
  peer 10.0.15.1 route-policy r1 export        //在向R1通告的出口上应用路由策略
  peer 10.0.15.1 advertise-community           //配置通告团体属性
#
route-policy r1 permit node 10                 //配置路由策略,应用团体属性
 if-match acl 2000 
 apply community 100 
#

改变BGP属性改变路由选路
关于BGP协议的一些认识_第3张图片
R1:

#
router id 10.0.1.1
#
acl number 2000  
 rule 0 permit source 10.1.6.0 0.0.0.255 
acl number 2001  
 rule 0 permit source 10.1.3.0 0.0.0.255
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.12.1 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.16.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.13.1 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.1.1 255.255.255.255 
#
bgp 64512
 peer 10.0.12.2 as-number 200                        //通过物理链路建立邻居关系
 peer 10.0.13.3 as-number 100 
 group as64512 internal                              //创建对等体组
 peer 10.0.6.6 as-number 64512 
 peer 10.0.6.6 group as64512                         //加入对等体组
 peer 10.0.6.6 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  maximum load-balancing 4                           //开启BGP负载均衡,默认关闭
  peer 10.0.12.2 enable
  peer 10.0.12.2 route-policy r1 export              //在向R2通告是应用路由策略
  peer 10.0.13.3 enable
  peer 10.0.13.3 route-policy me export
  peer as64512 enable
  peer as64512 route-policy r3 export
  peer 10.0.6.6 enable
  peer 10.0.6.6 group as64512 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.1.1 0.0.0.0 
  network 10.0.16.1 0.0.0.0 
#
route-policy r1 permit node 10 
 if-match acl 2000 
 apply as-path 64512 64512 additive                  
 //在通告时添加几条as-path属性,影响路由选路,优选AS-Path短的路由,致使R2通过R3访问10.1.6.0网段
#
route-policy r3 permit node 10 
 if-match acl 2001 
 apply local-preference 110                          
 //通告时添加Local-preference属性,当路由器收到从IBGP路由器发来的目的地址相同下一跳不同的多条路由时,优选Local-pre值大的,默认为100。致使S6通过R1访问10.1.3.0网段。
#
route-policy me permit node 10 
 if-match acl 2000 
 apply cost 100 
 //通告时加入MED属性,当路由器收到从EBGP邻居发来的目的地址相同下一条不同的多条路由时,优选MED值小的,默认为0。致使R3通过R5访问10.1.6.0网段。
#

R2:

#
router id 10.0.2.2
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.12.2 255.255.255.0
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.23.2 255.255.255.0
#
interface LoopBack0
 ip address 10.0.2.2 255.255.255.255 
#
bgp 200
 peer 10.0.12.1 as-number 64512 
 peer 10.0.23.3 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  maximum load-balancing 4
  peer 10.0.12.1 enable
  peer 10.0.23.3 enable
#

R3:

#
router id 10.0.3.3 
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.35.3 255.255.255.0 
#
interface Serial2/0/1
 link-protocol ppp
 ip address 10.0.23.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.13.3 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.3.3 255.255.255.255 
#
interface LoopBack1
 ip address 10.1.3.3 255.255.255.0 
#
bgp 100
 peer 10.0.13.1 as-number 64512 
 peer 10.0.23.2 as-number 200 
 peer 10.0.35.5 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.3.0 255.255.255.0 
  maximum load-balancing 4
  peer 10.0.13.1 enable
  peer 10.0.23.2 enable
  peer 10.0.35.5 enable
#

R4:

#
router id 10.0.4.4 
#
acl number 2000  
 rule 0 permit source 10.1.5.0 0.0.0.255
#
interface GigabitEthernet0/0/0
 ip address 10.0.45.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.46.4 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.4.4 255.255.255.255 
#
bgp 64512
 peer 10.0.45.5 as-number 100 
 group as64512 internal
 peer 10.0.6.6 as-number 64512 
 peer 10.0.6.6 group as64512 
 peer 10.0.6.6 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  maximum load-balancing 4
  peer 10.0.45.5 enable
  peer as64512 enable
  peer as64512 route-policy r1 export
  peer 10.0.6.6 enable
  peer 10.0.6.6 group as64512 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.4.4 0.0.0.0 
  network 10.0.46.4 0.0.0.0 
#
route-policy r1 permit node 10 
 if-match acl 2000 
 apply local-preference 110                   //致使S6通过R4访问10.1.5.0网段
#

R5:

#
router id 10.0.5.5
#
interface Serial2/0/0
 link-protocol ppp
 ip address 10.0.35.5 255.255.255.0
#
interface GigabitEthernet0/0/0
 ip address 10.0.45.5 255.255.255.0 
#
interface LoopBack0
 ip address 10.0.5.5 255.255.255.255 
#
interface LoopBack1
 ip address 10.1.5.5 255.255.255.0 
#
bgp 100
 peer 10.0.35.3 as-number 100 
 peer 10.0.45.4 as-number 64512 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.5.0 255.255.255.0 
  maximum load-balancing 4
  peer 10.0.35.3 enable
  peer 10.0.45.4 enable
#

S6:

#
router id 10.0.6.6
#
vlan batch 16 46
#
interface Vlanif16
 ip address 10.0.16.6 255.255.255.0
#
interface Vlanif46
 ip address 10.0.46.6 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 46
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 16
#
interface LoopBack0
 ip address 10.0.6.6 255.255.255.255
#
interface LoopBack1
 ip address 10.1.6.6 255.255.255.0
#
bgp 64512
 group as64512 internal
 peer 10.0.1.1 as-number 64512
 peer 10.0.1.1 group as64512
 peer 10.0.1.1 connect-interface LoopBack0
 peer 10.0.4.4 as-number 64512
 peer 10.0.4.4 group as64512
 peer 10.0.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.6.0 255.255.255.0
  maximum load-balancing 4
  peer as64512 enable
  peer 10.0.1.1 enable
  peer 10.0.1.1 group as64512
  peer 10.0.4.4 enable
  peer 10.0.4.4 group as64512
#
ospf 1
 area 0.0.0.0
  network 10.0.6.6 0.0.0.0
  network 10.0.16.6 0.0.0.0
  network 10.0.46.6 0.0.0.0
#

配置community属性和Router-policy过滤BGP路由信息
关于BGP协议的一些认识_第4张图片
1.首先配置好接口、网段,建立BGP邻居关系。
2.配置所有路由器之间通告团体属性,默认是不通告,其他路由器与R1配置类似:

[R1]bgp 64513
[R1-bgp]peer 10.0.14.4 advertise-community
[R1-bgp]peer 10.0.12.2 advertise-community

3.将R5上的Loopback1、Loopback2、Loopback3发布进去,Loopback1添加community100,Loopback2添加community no-export,Loopback3添加community no-advertise。

[R5]bgp 64515
[R5-bgp]network 10.1.5.5 255.255.255.0
[R5-bgp]network 10.2.5.5 255.255.255.0
[R5-bgp]network 10.3.5.5 255.255.255.0
[R5]acl 2000
[R5-acl-basic-2000]rule 0 permit source 10.1.5.0 0.0.0.255
[R5]route-policy r1 permit node 10
[R5-route-policy]if-match acl 2000
[R5-route-policy]apply community 100
[R5]acl 2001
[R5-acl-basic-2001]rule 0 permit source 10.2.5.0 0.0.0.255
[R5]route-policy r1 permit node 20
[R5-route-policy]if-match acl 2001
[R5-route-policy]apply community no-export
[R5]acl 2002
[R5-acl-basic-2002]rule 0 permit source 10.3.5.0 0.0.0.255
[R5]route-policy r1 permit node 30
[R5-route-policy]if-match acl 2002
[R5-route-policy]apply community no-advertise
[R5]bgp 64515
[R5-bgp]peer 10.0.25.2 route-policy r1 export

4.将R5发布的10.1.5.0/24和R3发布的10.2.3.0/24汇总成10.0.0.0/8的路由,并抑制明细路由。汇总后通告给R4community为200。10.1.3.0/24保留明细通告给R4。
R3中配置:

[R3]bgp 64514
[R3-bgp]network 10.1.3.3 255.255.255.0
[R3-bgp]network 10.2.3.3 255.255.255.0
//发布Loopback1和Loopback2
[R3]acl 2000
[R3-acl-basic-2000]rule 0 permit source 10.2.3.0 0.0.0.255
[R3]route-policy r1 permit node 10
[R3-route-policy]if-match acl 2000
[R3-route-policy]apply community 100
//先给10.2.3.0加上community属性100
[R3]route-policy r1 permit node 20             
//节点中若无if-match,默认通过匹配,此条命令为了10.1.3.0通过
[R3]bgp 64514
[R3-bgp]peer 10.0.23.2 route-policy r1 export

在R1中配置:

[R1]ip community-filter 1 permit 100        
//先配置团体属性过滤列表,过滤出community为100的路由
[R1]route-policy r1 permit node 10
[R1-route-policy]if-match community-filter 1
//创建路由策略,匹配community为100的路由
[R1]route-policy r2 permit node 10
[R1-route-policy]apply community 200:1 additive
//创建路由策略,添加community属性200:1
[R1]bgp 64513
[R1-bgp]aggregate 10.0.0.0 255.0.0.0 detail-suppressed origin-policy r1 attribut
e-policy r2

你可能感兴趣的:(路由交换)