RFC1771中的同步规则要求IGP路由表必须跟IBGP路由表同步。如果IGP和IBGP路由不能同步,就会存在潜在的路由黑洞问题。都听过路由黑洞,但路由黑洞是什么东西?可能清楚,可能不清楚,反正路由黑洞不是好东西。
什么是路由黑洞
R1上的配置如下:
interface Loopback0
ip address 1.1.1.1 255.255.255.255 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 ip address 13.1.1.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router ospf 10 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 13.1.1.1 0.0.0.0 area 0 ! router bgp 100 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes network 172.16.1.0 mask 255.255.255.0 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 no auto-summary !
R2上的配置如下:
interface Loopback0
ip address 2.2.2.2 255.255.255.255 ! interface Loopback1 ip address 172.16.2.1 255.255.255.0 ! interface Serial1/0 ip address 23.1.1.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router ospf 10 log-adjacency-changes network 2.2.2.2 0.0.0.0 area 0 network 23.1.1.2 0.0.0.0 area 0 ! router bgp 100 no synchronization bgp router-id 2.2.2.2 bgp log-neighbor-changes network 172.16.2.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 100 no auto-summary !
R3上的配置如下:
interface Serial1/0
ip address 13.1.1.3 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 23.1.1.3 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router ospf 10 log-adjacency-changes network 13.1.1.3 0.0.0.0 area 0 network 23.1.1.3 0.0.0.0 area 0
!
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/129] via 13.1.1.3, 00:10:22, Serial1/1 23.0.0.0/24 is subnetted, 1 subnets O 23.1.1.0 [110/128] via 13.1.1.3, 00:10:22, Serial1/1 172.16.0.0/24 is subnetted, 2 subnets C 172.16.1.0 is directly connected, Loopback1 B 172.16.2.0 [200/0] via 2.2.2.2, 00:10:00 13.0.0.0/24 is subnetted, 1 subnets C 13.1.1.0 is directly connected, Serial1/1
R1#ping 172.16.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5)
可以看到R1可以从IBGP邻居R2学习到172.16.2.0/24的路由,下一跳可达,可以放进路由表
路由表有路由但是不能ping通,这是因为R3上没有172.16.2.0的路由。R3就是那个所谓的路由黑洞,R1将数据包转发给R3,但是R3却不知道要转发到哪里。这种路由表中有路由但实际上不可达的情况就是所谓的路由黑洞。
路由黑洞的解决方法:将IBGP路由重分布到IGP中
注意:
1.默认情况下,重分布动作只会将EBGP路由重分布进IGP中,IBGP路由是不会被重分布的。
在BGP进程中,使用bgp redistribute-internal命令使IBGP路由可以重分布进IGP中。
2.如果BGP路由条目巨大,IGP是无法承载的。OSPF最多可以承受的路由大概是20000条,而现在INTERNET BGP路由表路由条目可达到350000之多。通过将BGP路由重分布到IGP来满足BGP同步规则是不可行的。
传统路由协议的缺陷:
传统路由协议中,一台路由器无法透明地将路由信息打包给另一台路由器,沿途所有路由器必须能够理解并且路由表中有所要传递的路由条目。对于传输区域的路由器来说,并不需要这些路由,但必须路由表有这些路由条目,这是传统路由协议的缺陷。而能够承载大量路由信息的协议只有BGP,OSPF最大能承载的路由大概是2万条(这与路由算法有关),而全球的路由条目现已达到35万并在持续地增长。
有一种解决传统路由协议缺陷的技术――MPLS
什么是同步?
考虑到潜在的路由黑洞问题,于是乎出现了bgp同步规则
学习自IBGP邻居的路由在进入IGP路由表或被宣告给BGP对等体之前,必须首先通过IGP来知晓该路由。
使用同步规则防止路由黑洞的思路:
Whenever a router receives an update about a destination from an IBGP peer, the router tries to verify internal reachability for that destination before advertising it to other EBGP peers.The router does this by checking the destination prefix first to see if a route to the next-hop router exists and second to see if a destination prefix in the IGP exists. This router check indicates whether non-BGP routers can deliver traffic to that destination. Assuming that the IGP recognizes that destination, the router announces it to other EBGP peers. Otherwise, the router treats the destination prefix as not being synchronized with the IGP and does not advertise it.
具体的就不一句句的翻译了,大概意思就是,在宣告路由给对等体之前,首先检查下一跳是否可达然后目的前缀是否在IGP路由表存在。检查的目的是确定non-BGP路由器(即没有运行BGP协议的路由器)是否有能力传递这个路由。也就是说,BGP邻居之间传递路由信息,如果中间有路由器没有运行BGP路由协议,就使用IGP替BGP传递路由。
这种防止路由黑洞的思路真是――很傻很天真,如果IGP有能力传递这么多的路由条目,我干嘛还要用BGP!
BGP同步规则之所以存在,就是让你去关闭的,同时也提醒你,正确部署BGP网络,不要让路由黑洞存在。
In practice,most situations allow synchronization to be safely turned off on border routers, assuming that all transit routers in the AS are running fully meshed IBGP.
|