以前发在Junipers的帖子:
最近做JNCIA中的BGP试验,深入研究了一下静态路由的next-hop选项(discard/receive/reject),有些心得和大家一起分享。如果陈述有误,欢迎拍砖!
以下为正文,附件带有拓扑和初始接口配置文件
配置STATIC_MS/STATIC_CBL,分别指定静态路由
Muscat:
static 10.20.1.0/24 next-hop 172.16.21.2
static 10.20.2.0/24 next-hop 172.16.21.2
Chablis:
static 10.20.3.0/24 next-hop 172.16.23.2
static 10.20.4.0/24 next-hop 172.16.23.2
1.Q&A:
在Muscat或者Chablis单独配置static2bgp,则Shiraz/Chablis都无法学习到BGP路由,在Shiraz发现10.20.1.0/10.20.2.0/10.20.3.0/10.20.4.0/都hidden,状态unusable
分析:因为Shiraz/Chablis不知道怎么到达Muscat上10.20.1.0/10.20.2.0的路由,确切讲是他们没有关于Muscat直连接口fxp1.21(172.16.21.0/30)的路由,所以他们不会把这两条路由放到BGP中
2.Q&A:
配置direct2bgp后,Shiraz/Chablis才能学习到BGP路由
分析:配置direct2bgp,实际上是把Muscat上的直连接口fxp1.21网段(172.16.21.0/30)宣告到BGP中,这样Shiraz/Chablis就知道怎么到达10.20.1.0/10.20.2.0了
二:JNCIA F8.13_5Routers拓扑的分析
删除STATIC_MS/STATIC_CBL,删除fpx1.21/FXP1.23
Muscat(只有接口fxp1.100/Lo0.6,没有关于10.20.1.0/10.20.2.0的接口)
静态路由:
static 10.20.1.0/24 discard
static 10.20.2.0/24 discard
Chablis(只有接口fxp2.101/Lo0.7,没有关于10.20.3.0/10.20.4.0的接口)
静态路由:
static 10.20.3.0/24 discard
static 10.20.4.0/24 discard
1.Q&A:
在Muscat或者Chablis单独配置static2bgp,则Shiraz/Chablis可以学习到这些静态路由。
分析:首先参看next-hop选项的解释IJNR_P355:
Once in the configuration, static routes appear in the routing table if they are active.Active static routes have a valid next-hop option. Routes with reject or discard options as next hops always are active and present in the routing table. Routes with an IP address as a next hop are present only if that address is reachable across a directly connected interface on the router.
根据以上解释,static 10.20.3.0/24 discard实际上是在Muscat的routing table中创建一条一定present的路由,这样BGP才会把它装入BGP表中。
JNCIA SG中关于BGP路由的论述:
BGP routers by default advertise only active BGP routes in the routing table. This creates a sort of chicken-and-egg problem. A route can appear in the routing table as a BGP route only if it is received from a BGP peer, but a BGP peer can only advertise a route if it's already in the routing table as a BGP route.
2.Q:
静态路由next-hop的参数receive/reject如何理解?如果没有10.20.1.0/16,10.20.2.0/16,10.20.3.0/16,10.20.4.0/16的接口,如何验证该这些网段的可达性?
验证:
Chablis静态路由:
static 10.20.3.0/24 discard
static 10.20.4.0/24 receive
static 10.20.5.0/24 reject
结论:
Chablis静态路由next-hop的配置成discard/receive/reject对Shiraz/Muscat上的BGP路由都没有影响,Shiraz/Muscat上都可以正确学习到。
3.Q:
在Chablis是否需要把loopback配置成192.168.7.7/32,10.20.3.1/32,10.20.4.1/32?
看过孟诗宇blog:http://jncie.wordpress.com/category/ospf/----->
JNCIP案例分析 – Juniper/Cisco OSPF互操作 Part1,他是在loopback接口上配置了多个地址,每个地址都是属于static路由中的网段
Reference Documentation:
help reference routing-options static
环回接口是自动宣告的
8.1版本后不自动宣告
三:在IGP中引入带next-hop选项的static路由
1.Muscat/Shiraz/Chablis
deactivate prot bgp
Muscat:
1.policy static2ospf,then export to ospf
2.routing-options {
static {
route 10.20.1.0/24 discard;
route 10.20.2.0/24 reject;
route 10.20.7.0/24 receive;
route 10.20.6.0/24 discard;
}
3.verification:
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.1.1 logical-router Chablis
PING 10.20.1.1 (10.20.1.1): 56 data bytes
^C
--- 10.20.1.1 ping statistics ---
35 packets transmitted, 0 packets received, 100% packet loss
[edit logical-routers Chablis]
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.7.1 logical-router Chablis
PING 10.20.7.1 (10.20.7.1): 56 data bytes
^C
--- 10.20.7.1 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss
ping 10.20.1.1/10.20.7.1没有任何返回消息,这说明报文到达Muscat后直接被discard,但是Muscat没有给source反馈消息。
问题在于从Chablis ping一个完全不存在的地址,也不会有任何反馈消息,这个和discard/receive的效果一模一样。这样就无从验证Chablis到10.20.1.1/10.20.7.1是否真正可达。
[email=lab@FSJ]lab@FSJ[/email]# run ping 1.1.1.2 logical-router Chablis
PING 1.1.1.2 (1.1.1.2): 56 data bytes
^C
--- 1.1.1.2 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
当然以上是基于olive logical router进行的,在真正的Juniper Router上应该不是这样,比如这样测试:
[email=lab@FSJ]lab@FSJ[/email]# run ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
看,同样是一个不存在的地址(1.1.1.2),但是olive的结果和olive logical router是不一样的,应该是olive返回的才是正确的信息。
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.2.1 logical-router Chablis
PING 10.20.2.1 (10.20.2.1): 56 data bytes
36 bytes from 192.168.100.2: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 9709 0 0000 fe 01 f3df 192.168.101.2 10.20.2.1
ping 10.20.2.1可以看到从192.168.100.2返回的消息:Destination Host Unreachable,这说明报文成功到达Muscat,只是配置的是discard,因而Muscat丢弃报文后给source一个反馈“Destination Host Unreachable”
4.在Muscat上配置lo0.6的第二个地址10.20.6.1/32,并且在area 0中宣告出去
lo0 {
unit 6 {
family inet {
address 192.168.6.6/32;
address 10.20.6.1/32;
}
}
ospf {
export static2ospf;
area 0.0.0.0 {
interface lo0.6;
interface fxp1.100;
}
}
policy-statement static2ospf {
term static2ospf {
from protocol static;
then accept;
}
}
routing-options {
static {
route 10.20.1.0/24 discard;
route 10.20.2.0/24 reject;
route 10.20.7.0/24 receive;
route 10.20.6.0/24 discard;
}
更改10.20.6.0/24的next-hop选项,不管是discard,还是reject/receive,从ping 10.20.6.1 from Chablis,得到的反馈消息都是一样
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.6.1 logical-router Chablis
PING 10.20.6.1 (10.20.6.1): 56 data bytes
64 bytes from 10.20.6.1: icmp_seq=0 ttl=254 time=0.294 ms
64 bytes from 10.20.6.1: icmp_seq=1 ttl=254 time=0.279 ms
^C
--- 10.20.6.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.279/0.286/0.294/0.008 ms
但是ping 10.20.6.2 from Chablis,并且更改10.20.60.0/24的next-hop选项(discard/recieve/reject),得到反馈消息和3.verfication一模一样
5。最后来看看Chablis上的ospf routes:
[email=lab@FSJ]lab@FSJ[/email]# run show route protocol ospf logical-router Chablis
inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.20.1.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
10.20.2.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
10.20.6.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
10.20.6.1/32 *[OSPF/10] 00:11:19, metric 2
> to 192.168.101.1 via fxp2.101
10.20.7.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
192.168.5.5/32 *[OSPF/10] 00:11:19, metric 1
> to 192.168.101.1 via fxp2.101
192.168.6.6/32 *[OSPF/10] 00:11:19, metric 2
> to 192.168.101.1 via fxp2.101
192.168.100.0/24 *[OSPF/10] 00:11:19, metric 2
> to 192.168.101.1 via fxp2.101
224.0.0.5/32 *[OSPF/10] 01:11:49, metric 1
MultiRecv
10.20.1.0-7.0的next-hop都是192.168.101.1,Preference Value是150(OSPF external routes),metric是0
10.20.6.1/32的next-hop也是192.168.101.1,Preference Value是10(OSPF internal routes),metric是2
分析:10.20.1.0-7.0都是static2ospf这个policy导入的,所以被当作OSPF external routes,另外在static2ospf并没有指定external type和metric,故为OSPF external type 1,而且metric为0
而10.20.6.1/32本身就是Muscat的lo0.6接口IP,而且在area 0中宣告,因此他被当成OSPF internal routes,从Chablis-Shiraz-Muscat一共2跳,所以metric为2
综合以上,可以得出以下结论:
1。静态路由后加上next-hop(discard/receive/reject)选项,都是为了创建一条一定present的路由,这样它们才能放进routing table中,进一步地这些静态路由才能随着policy传递到其他的路由器。
2。带有next-hop选项的路由和接口没有关系,也就是说,没有必要为Chablis的lo0.6添加一个诸如10.20.1.1/32等等地址,这些static路由可以是根本不存在的任何路由,这样你就可以把customer的网段都列出来,相当于模拟了customer的网络。
3。根据上边的1、2两点,为了模拟customer网络,没有必要采用JNCIA F8.13_9Routers这样的拓扑,用JNCIA F8.13_5Routers拓扑即可。当然这里需要把customer的所有网段用静态路由都罗列出来,配置next-hop选项。项
4。基于三:在IGP中引入带next-hop选项的static路由,个人觉得用reject好一些。
不知道你做了这个没有.
三:在IGP中引入带next-hop选项的static路由
Muscat:
1.policy static2ospf,then export to ospf
2.routing-options {
static {
route 10.20.1.0/24 discard;
route 10.20.2.0/24 reject;
route 10.20.7.0/24 receive;
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.7.1 logical-router Chablis
PING 10.20.7.1 (10.20.7.1): 56 data bytes
^C
--- 10.20.7.1 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.1.1 logical-router Chablis
PING 10.20.1.1 (10.20.1.1): 56 data bytes
^C
--- 10.20.1.1 ping statistics ---
35 packets transmitted, 0 packets received, 100% packet loss
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.2.1 logical-router Chablis
PING 10.20.2.1 (10.20.2.1): 56 data bytes
36 bytes from 192.168.100.2: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 9709 0 0000 fe 01 f3df 192.168.101.2 10.20.2.1
用receive得到结果和discard一模一样,Muscat并没有回应ICMP-ECHO信息,在Chablis 看不到任何反馈,不知道为什么。倒是reject这个选项看到了反馈信息
其实这个receive选项我并没有真正理解,还请指教!
肯定有问题, RECEIVE是最好用的, 不需要本地接口配地址, 就能回应.
你这个有点怪
如果有回应,是什么样子的?是下边这样的吗?这个是我在Muscat上直接ping的结果
lab@OLIVE# run ping 10.20.7.1 logical-router Muscat
PING 10.20.7.1 (10.20.7.1): 56 data bytes
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
另外楼上说的“RECEIVE是最好用的, 不需要本地接口配地址, 就能回应. ”,言下之意discard/reject还要在本地接口配地址吗?
R1--fe-0/0/0-------------fe-0/0/0-R3
[edit]
jnpr@R1# show interfaces fe-0/0/0
unit 0 {
family inet {
filter {
output test1;
}
address 13.13.13.1/24;
}
family iso;
}
[edit]
jnpr@R1# show interfaces lo0
unit 0 {
family inet {
address 1.1.1.1/32;
}
family iso {
address 49.4949.1111.1111.1111.00;
}
}
[edit]
jnpr@R1# show protocols isis
level 1 disable;
interface fe-0/0/0.0;
interface lo0.0;
R3接口配置差不多, 同一网段直连R1.
[edit]
jnpr@R3# show protocols isis
export redis-static;
level 1 disable;
interface fe-0/0/0.0;
interface lo0.0;
[edit]
jnpr@R3# show policy-options policy-statement redis-static
term 1 {
from {
protocol static;
route-filter 3.0.0.0/8 exact;
route-filter 4.0.0.0/8 exact;
}
then accept;
}
[edit]
jnpr@R3# show routing-options static
/* This static route is to show to Kelvin how to optimize customer configurations */
route 3.0.0.0/8 receive;
route 4.0.0.0/8 receive;
注意: R3上没有任何3/8或者4/8网段内的接口IP.
好了, 配置贴完看结果.
[edit]
jnpr@R1# run ping 4.1.1.1 rapid count 10
PING 4.1.1.1 (4.1.1.1): 56 data bytes
!!!!!!!!!!
--- 4.1.1.1 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.861/0.920/1.321/0.134 ms
[edit]
jnpr@R1# run ping 3.3.23.100 rapid count 10
PING 3.3.23.100 (3.3.23.100): 56 data bytes
!!!!!!!!!!
--- 3.3.23.100 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.862/1.116/2.581/0.509 ms
[edit]
jnpr@R1# run ping 3.4.146.100 rapid count 10
PING 3.4.146.100 (3.4.146.100): 56 data bytes
!!!!!!!!!!
--- 3.4.146.100 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.862/0.914/1.269/0.118 ms
[edit]
jnpr@R1# run ping 4.234.19.100 rapid count 10
PING 4.234.19.100 (4.234.19.100): 56 data bytes
!!!!!!!!!!
--- 4.234.19.100 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.871/0.929/1.314/0.130 ms
PING的这些IP地址, 实际上在R3上都不存在.
另外,楼上所说“discard/reject还要本地配置接口才能回应”,意思有多少静态路由,就需要在配置相应数目的本地接口吗?例如R2中,如果用discard/reject:
.jnpr@R2# show interfaces lo0
unit 0 {
family inet {
address 1.1.1.1/32;
address 4.4.4.4/32;
address 5.5.5.4/32;
}
如果有类似6.0.0.0/8--9.0.0.0/8的静态路由,依次在lo0后添加?
我没有真家伙,只能靠olive学习,但是不想被这种差异误导,也不希望我的测试误导其他的人。可否麻烦大猫猫版主补充一点discard/reject的样例,以及测试的反馈结果?
KKBlue:
说说我的想法
可能是我想的太简单了
可能是楼主想的太复杂了
其实不用考虑那么多,搞定这么几件事情
第一,静态路由的作用,建立路由表,指定下一条,这是王道,对吧
第二,要是静态路由没有下一 跳,就有猫腻了,比如说静态路由中比较特殊的aggregate,或者generate,他们都有default的action,你这个实验里面没有做,也就算了
第三,不管环境如何复杂,静态路由的作用,都是在inet.0里面有一个路由表条目,当router收到数据包的时候,根据静态路由的next-hop作处理,对吧
那么有哪些处理呢?我们看到有指定的下一跳,这个就是router的本分了
那么您也研究到说有discard,reject and receive
我要说的是,不管是discard,reject还是receive,这个packet是否被路由了呢?答案恐怕是否定的,好,没有被路由的话,数据包都是被干掉的了只有天堂才会寻觅到这个数据包的影子,那么router针对数据包的发出者,就会有一些操作
如下
discard,---router说丢就丢了吧,我也不管你了,那么你有可能看到的就是icmp timeout,沉默的杀手哦
reject---router说我有良心一点,丢了你的包,我还告诉你一声,给你一个icmp unreachable吧,杀了人,一声大吼,看过投名状吧,想想最后一段
receive---这个太坏了,明明没有,明明是不可达的,明明包已经被丢掉咧,可以router还是给你一个echo reply,让你感觉是!!!!!,呵呵,有点意思,有点意思
那么你想一想,从某种意义上来说,reject和receive是一样的
包,最起码是没有发出去的,只是router产生的icmp message不一样而已
就像你给女孩子写情书,要通过女孩子的父母转交,
最好的结果,父母转交了--你小子运气不错---这就是next-hop
另外的结果
父母把信丢了,还不告诉你,你就傻等着吧,这就是discard
父母把信丢了,告诉你,你小子不要对我家丫头耍流氓,这就是reject
父母把信丢了,还告诉你,小子,信送到了哦,这就是receive
一点点个人看法,可能不成熟,希望大家指正