BGP邻居建立与路由发布
BGP邻居建立与路由发布
一、实验拓扑
二、实验配置
1、建立BGP邻居
R2
router ospf 1
router-id 10.10.0.2
log-adjacency-changes
redistribute connected metric 1000 metric-type 1 subnets
network 10.10.0.2 0.0.0.0 area 0
network 10.10.1.0 0.0.0.3 area 0
network 10.10.1.4 0.0.0.3 area 0
default-information originate always metric 2000 metric-type 1
!
R5
router ospf 1
router-id 10.10.0.5
log-adjacency-changes
passive-interface Serial0/0
network 10.10.0.5 0.0.0.0 area 0
network 10.10.1.0 0.0.0.3 area 0
network 10.10.1.8 0.0.0.3 area 0
network 10.20.45.0 0.0.0.3 area 0
default-information originate always metric 2000 metric-type 1
!
注意:如果AS边界接口启动了IGP,必须配置被动接口;禁止在AS间建立IGP邻居,禁止将AS内部IGP拓扑通告给其他AS,AS间的路由传播通过BGP。
R2#sh ip bgp summary
BGP router identifier 10.10.0.2, local AS number 10
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.0.5 4 10 7 7 1 0 0 00:03:22 0
10.10.23.2 4 30 6 6 1 0 0 00:02:05 0
R2#
R2#sh ip bgp neighbors
BGP neighbor is 10.10.0.5, remote AS 10, internal link
BGP version 4, remote router ID 10.10.0.5
BGP state = Established, up for 00:04:42
Last read 00:00:42, last write 00:00:43, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 0 0
Keepalives: 7 7
Route Refresh: 0 0
Total: 8 8
Default minimum time between advertisement runs is 0 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Connections established 1; dropped 0
Last reset never
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255
Local host: 10.10.0.2, Local port: 24133
Foreign host: 10.10.0.5, Foreign port: 179
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x64B654):
Timer Starts Wakeups Next
Retrans 7 0 0x0
TimeWait 0 0 0x0
AckHold 6 5 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
iss: 3435368555 snduna: 3435368734 sndnxt: 3435368734 sndwnd: 16206
irs: 2674832881 rcvnxt: 2674833060 rcvwnd: 16206 delrcvwnd: 178
SRTT: 264 ms, RTTO: 1169 ms, RTV: 905 ms, KRTT: 0 ms
minRTT: 140 ms, maxRTT: 860 ms, ACK hold: 200 ms
Flags: active open, nagle
IP Precedence value : 6
Datagrams (max data segment is 536 bytes):
Rcvd: 11 (out of order: 0), with data: 6, total data bytes: 178
Sent: 14 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 7, total data bytes: 178
BGP neighbor is 10.10.23.2, remote AS 30, external link
BGP version 4, remote router ID 10.10.0.3
BGP state = Established, up for 00:03:33
..........
R3#sh ip bgp summary
BGP router identifier 10.10.0.3, local AS number 30
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.23.1 4 10 9 9 1 0 0 00:05:35 0
10.30.34.2 4 40 6 7 1 0 0 00:03:50 0
R4#sh ip bgp summary
BGP router identifier 10.10.0.4, local AS number 40
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.20.45.1 4 10 0 0 0 0 0 never Idle //TCP建立不成功
10.30.34.1 4 30 9 8 1 0 0 00:05:24 0
R4#
R5#sh ip bgp summary
BGP router identifier 10.10.0.5, local AS number 10
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.0.2 4 10 12 12 1 0 0 00:08:35 0
10.20.24.2 4 40 0 0 0 0 0 never Idle//注意没有建立邻居
TCP建立不成功,这里的原因是配错IP
我们查看一下R5的BGP配置
!
router bgp 10
no synchronization
bgp log-neighbor-changes
network 10.10.0.0 mask 255.255.0.0
neighbor 10.10.0.2 remote-as 10
neighbor 10.10.0.2 update-source Loopback0
neighbor 10.20.24.2 remote-as 40 //错误所在 低级错误
no auto-summary
!
我们改正过来
R5(config)#router bgp 10
R5(config-router)#no neighbor 10.20.24.2 remote-as 40
R5(config-router)#nei 10.20.45.2 remote-as 40
R5#sh ip bgp sum
BGP router identifier 10.10.0.5, local AS number 10
BGP table version is 13, main routing table version 12
3 network entries using 351 bytes of memory
6 path entries using 312 bytes of memory
7/3 BGP path/bestpath attribute entries using 868 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1627 total bytes of memory
BGP activity 6/3 prefixes, 10/4 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.0.2 4 10 82 81 12 0 0 01:17:12 3
10.20.45.2 4 40 7 2 0 0 0 00:00:00 2
建立成功!!
2、BGP配置及调试(路由发布:静态注入)
R2(config)#ip route 10.10.0.0 255.255.0.0 null 0 //配置了一条静态路由
R2(config)#router bgp 10
R2(config-router)#net 10.10.0.0 mask 255.255.0.0 //注入这条静态路由
R2(config-router)#end
*Mar 1 02:16:13.491: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 11 subnets, 4 masks
S 10.10.0.0/16 is directly connected, Null0
C 10.10.1.0/30 is directly connected, Ethernet1/0
O 10.10.0.1/32 [110/101] via 10.10.1.6, 00:37:53, Serial0/0
C 10.10.0.2/32 is directly connected, Loopback0
O 10.10.5.0/24 [110/110] via 10.10.1.6, 00:37:53, Serial0/0
C 10.10.1.4/30 is directly connected, Serial0/0
O 10.10.0.5/32 [110/101] via 10.10.1.2, 00:37:53, Ethernet1/0
O 10.10.0.6/32 [110/201] via 10.10.1.2, 00:37:53, Ethernet1/0
O 10.10.1.8/30 [110/200] via 10.10.1.2, 00:37:53, Ethernet1/0
O 10.10.1.12/30 [110/200] via 10.10.1.6, 00:37:53, Serial0/0
C 10.10.23.0/30 is directly connected, Serial0/1
R2#sh ip bgp
BGP table version is 2, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete //BGP的属性:源头
Network Next Hop Metric LocPrf Weight Path
*> 10.10.0.0/16 0.0.0.0 0 32768 i //这里的i表示IGP
注意:weight是cisco的私有值,不是BGP属性,不能在BGP邻居间传播,只在BGP本路由器内有效。Cisco里首选weight值最高的路由。
R5(config)# ip route 10.10.0.0 255.255.0.0 null 0
R5(config)#router bgp 10
R5(config-router)#net 10.10.0.0 mask 255.255.0.0
注意:R5上发布这条路由是为了备份
R3(config)#ip route 10.30.0.0 255.255.0.0 null 0
R3(config)#router bgp 30
R3(config-router)#net 10.30.0.0 mask 255.255.0.0
R4(config)#ip route 10.40.0.0 255.255.0.0 null 0
R4(config)#router bgp 40
R4(config-router)#net 10.40.0.0 mask 255.255.0.0
查看各设备BGP表
R2#sh ip bgp
BGP table version is 13, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i10.10.0.0/16 10.10.0.5 0 100 0 i //从IBGP邻居学到的?
*> 0.0.0.0 0 32768 i //静态注入的IGP
*> 10.30.0.0/16 10.10.23.2 0 0 30 i
*>i10.40.0.0/16 10.20.45.2 0 100 0 40 i //不会改变下一跳?
* 10.10.23.2 0 30 40 i
问题:什么叫IGP?从IBGP邻居学到的为什么也是i? (这里的i是指path那里的标记)
解答:i是表示该路由在来源路由器那里是IGP。(来源路由器指最先发起该条路由的路由器)
* i10.10.0.0/16
最前面的i是指该路由是内部路由,即从IBGP学来的BGP路由。
R5#sh ip bgp
BGP table version is 13, local router ID is 10.10.0.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i10.10.0.0/16 10.10.0.2 0 100 0 i //
*> 0.0.0.0 0 32768 i
* 10.30.0.0/16 10.20.45.2 0 40 30 i
*>i 10.10.23.2 0 100 0 30 i
*> 10.40.0.0/16 10.20.45.2 0 0 40 i
//cisco首选weight值最高的路由;其他厂家,选择本地始发的路由
本地始发的路由下一跳0.0.0.0,向BGP邻居通告时,将下一跳改为自己。
//选择AS-PATH最短的路由
BGP只把最优的路由通告给它的邻居,以及基于邻居的水平分割。
上面R2将10.30.0.0传给IBGP邻居R5时不改变下一跳。
R3#sh ip bgp
BGP table version is 12, local router ID is 10.10.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 10.10.0.0/16 10.30.34.2 0 40 10 i
*> 10.10.23.1 0 0 10 i
*> 10.30.0.0/16 0.0.0.0 0 32768 i //本地始发路由
* 10.40.0.0/16 10.10.23.1 0 10 40 i
*> 10.30.34.2 0 0 40 i
R4#sh ip bgp
BGP table version is 21, local router ID is 10.10.0.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.10.0.0/16 10.20.45.1 0 0 10 i
* 10.30.34.1 0 30 10 i
* 10.30.0.0/16 10.20.45.1 0 10 30 i//下一跳改为自己
*> 10.30.34.1 0 0 30 i
*> 10.40.0.0/16 0.0.0.0 0 32768 i
上面R3与R4:R3的本地始发路由下一跳为0.0.0.0 ,向BGP邻居R4通告时,将下一跳改为自己.
查看个设备的全局路由表
R3>en
R3#sh ip route
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
B 10.10.0.0/16 [20/0] via 10.10.23.1, 01:20:27
C 10.10.0.3/32 is directly connected, Loopback0
S 10.30.0.0/16 is directly connected, Null0
C 10.30.3.0/24 is directly connected, Ethernet1/1
C 10.10.23.0/30 is directly connected, Serial0/0
B 10.40.0.0/16 [20/0] via 10.30.34.2, 00:00:03
C 10.30.34.0/30 is directly connected, Serial0/1
R4
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
B 10.10.0.0/16 [20/0] via 10.20.45.1, 00:17:49 //邻居的静态注入
C 10.10.0.4/32 is directly connected, Loopback0
B 10.30.0.0/16 [20/0] via 10.20.45.1, 00:01:00 //邻居的静态注入
S 10.40.0.0/16 is directly connected, Null0 自己的静态路由管理距离是0
C 10.40.4.0/24 is directly connected, Ethernet1/1
C 10.20.45.0/30 is directly connected, Serial0/1
C 10.30.34.0/30 is directly connected, Serial0/0
注意:不同类型的路由协议优选原则按照管理距离
而BGP自己的路由优选原则是根据那几个属性,不要混淆了。。
R2
10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
S 10.10.0.0/16 is directly connected, Null0 //优选管理距离小的静态路由
C 10.10.1.0/30 is directly connected, Ethernet1/0
C 10.10.0.2/32 is directly connected, Loopback0
O 10.10.0.5/32 [110/101] via 10.10.1.2, 00:00:03, Ethernet1/0 //IGP
O 10.10.0.6/32 [110/201] via 10.10.1.2, 00:00:03, Ethernet1/0
O 10.10.1.8/30 [110/200] via 10.10.1.2, 00:00:03, Ethernet1/0
O 10.10.1.12/30 [110/210] via 10.10.1.2, 00:00:03, Ethernet1/0
B 10.30.0.0/16 [20/0] via 10.10.23.2, 01:22:20
C 10.10.23.0/30 is directly connected, Serial0/1
B 10.40.0.0/16 [200/0] via 10.20.45.2, 00:16:09
O 10.20.45.0/30 [110/164] via 10.10.1.2, 00:00:03, Ethernet1/0 //递归查找
R5
10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
S 10.10.0.0/16 is directly connected, Null0
C 10.10.1.0/30 is directly connected, Ethernet1/0
O 10.10.0.2/32 [110/101] via 10.10.1.1, 00:00:02, Ethernet1/0
C 10.10.0.5/32 is directly connected, Loopback0
O 10.10.0.6/32 [110/101] via 10.10.1.10, 00:00:02, Serial0/1
C 10.10.1.8/30 is directly connected, Serial0/1
O 10.10.1.12/30 [110/110] via 10.10.1.10, 00:00:02, Serial0/1
B 10.30.0.0/16 [200/0] via 10.10.23.2, 01:32:36
O E1 10.10.23.0/30 [110/1100] via 10.10.1.1, 00:00:02, Ethernet1/0//从R2学来的通过重发布进来OSPF进程的直连路由
B 10.40.0.0/16 [20/0] via 10.20.45.2, 00:17:57
C 10.20.45.0/30 is directly connected, Serial0/0
R1
10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
O 10.10.1.0/30 [110/200] via 10.10.1.5, 00:00:31, Serial0/1
C 10.10.0.1/32 is directly connected, Loopback0
O 10.10.0.2/32 [110/101] via 10.10.1.5, 00:00:31, Serial0/1
C 10.10.5.0/24 is directly connected, Ethernet1/1
C 10.10.1.4/30 is directly connected, Serial0/1
O 10.10.0.5/32 [110/201] via 10.10.1.5, 00:00:31, Serial0/1
O 10.10.0.6/32 [110/301] via 10.10.1.5, 00:00:31, Serial0/1
O 10.10.1.8/30 [110/300] via 10.10.1.5, 00:00:31, Serial0/1
C 10.10.1.12/30 is directly connected, Ethernet1/0
O E1 10.10.23.0/30 [110/1100] via 10.10.1.5, 00:00:31, Serial0/1
O 10.20.45.0/30 [110/264] via 10.10.1.5, 00:00:31, Serial0/1
O*E1 0.0.0.0/0 [110/2100] via 10.10.1.5, 00:00:31, Serial0/1//从R5学到的重发布缺省
1)R2与R1之间的链路为什么在数据链路层上是一下子up一下子down呢?以致导致学到的这条路由是从R5来的?
2)注意:R1没有收到BGP路由是因为,运行BGP的路由器只会把自己的BGP路由表发给自己的BGP邻居。
R6
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
O 10.10.1.0/30 [110/200] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.0.1/32 [110/301] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.0.2/32 [110/201] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.5.0/24 [110/310] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.1.4/30 [110/300] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.0.5/32 [110/101] via 10.10.1.9, 00:00:23, Serial0/0
C 10.10.6.0/24 is directly connected, Ethernet1/1
C 10.10.0.6/32 is directly connected, Loopback0
C 10.10.1.8/30 is directly connected, Serial0/0
C 10.10.1.12/30 is directly connected, Ethernet1/0
O E1 10.10.23.0/30 [110/1200] via 10.10.1.9, 00:00:23, Serial0/0
O 10.20.45.0/30 [110/164] via 10.10.1.9, 00:00:23, Serial0/0
O*E1 0.0.0.0/0 [110/2100] via 10.10.1.9, 00:00:24, Serial0/0
3、 BGP配置及调测(数据转发及路由分析)
1)测试全网的连通性
R1#ping 10.30.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.3.1, timeout is 2 seconds:
...!.
Success rate is 20 percent (1/5), round-trip min/avg/max = 980/980/980 ms
R1#ping 10.30.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.3.1, timeout is 2 seconds:
.!.!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 556/1201/1728 ms
R1#ping 10.30.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.3.1, timeout is 2 seconds:
!!!!.
Success rate is 80 percent (4/5), round-trip min/avg/max = 1032/1440/1872 ms
R1#ping 10.40.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.4.1, timeout is 2 seconds:
..!..
Success rate is 20 percent (1/5), round-trip min/avg/max = 400/400/400 ms
R1#ping 10.40.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.4.1, timeout is 2 seconds:
.!.!.
Success rate is 40 percent (2/5), round-trip min/avg/max = 1580/1610/1640 ms
R1#ping 10.40.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.4.1, timeout is 2 seconds:
!..!.
Success rate is 40 percent (2/5), round-trip min/avg/max = 1472/1578/1684 ms
R1#
*Mar 1 00:27:43.607: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.0.6 on Ethernet1/0 from LOADING to FULL, Loading Done
R1#ping 10.40.4.1
疑问:丢包率很高时咋回事呢?
恐怕跟之前端口一直up down有关系的。。。究竟是为什么呢?
问题1:
*Mar 1 00:56:57.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
*Mar 1 00:57:17.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
*Mar 1 00:57:57.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
*Mar 1 00:58:07.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
*Mar 1 00:58:37.3
注:R4s0/0,R1的S0/1,R2的S0/1,R3的S0/0出现了这种情况。
问题2:
*Mar 1 00:29:58.635: %BGP-5-ADJCHANGE: neighbor 10.30.34.2 Up
*Mar 1 00:30:05.827: %BGP-5-ADJCHANGE: neighbor 10.10.23.1 Up
*Mar 1 00:33:06.575: %BGP-5-ADJCHANGE: neighbor 10.10.23.1 Down Peer closed the session
*Mar 1 00:33:36.447: %BGP-5-ADJCHANGE: neighbor 10.10.23.1 Up
问题3:
bytes
*Mar 1 01:16:17.931: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.0.2 on Ethernet1/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Mar 1 01:16:37.583: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.0.2 on Ethernet1/0 from LOADING to FULL, Loading Done
注:R5和R2之间的OSPF邻接一直在FULL to DOWN,LOADING to FULL。
猜测:端口一直up down导致导致邻居的建立不稳定。问题2是由问题1直接导致的。
思考:R5的OSPF没有配置passive-int s0/0,以至于R5与R4之间建立了OSPF邻居,有什么危害?
把自己AS内部的路由通告给了AS外部,这样将把自己的网络暴露在外部人员眼中,必将导致网络安全上的问题。