BGP協議(BGP通告原則)
阿新 • • 發佈:2020-08-06
BGP通告原則之一
僅將自己最優可達的路由釋出給鄰居
什麼才是最優BGP路由
<R2>display bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes:6 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.10.10.10/32 1.1.1.1 0 100 0 ? *> 22.22.22.22/32 0.0.0.0 0 0 i *> 44.44.44.44/32 24.1.1.4 0 0 200i * i 3.3.3.3 0 100 0 200i *>i 100.100.100.100/32 1.1.1.1 0 100 0 i *>i 101.101.101.101/32 1.1.1.1 0 100 0 ?
注意點:
*號 表示valid(有效)
>號 表示best(最優)
思考一下:為什麼RTD到達100網段得下一跳為10.1.12.1?
BGP在整個AS內 不會改變下一跳 但是BGP在AS和AS之間的時候 下一跳會發生改變
修改方法如下:
peer 4.4.4.4 next-hop-local
告訴4.4.4.4你想要到達某一個路由的時候 你把下一跳指向我自己的OK了
BGP路由資訊處理
當從BGP鄰居接收到Update報文時,路由器將會執行路徑選擇演算法,來為每一條字首確定最佳路徑;
得出的最佳路徑被儲存到本地BGP路由表(Local_RIB)中,然後被提交給本地IP路由表(IP_RIB),以用作安裝考慮;
被選出的有效的最佳路徑路由將會被封裝在Update報文中,傳送給對端的BGP鄰居。
BGP通告原則之二
通過EBGP獲得的最優可達路由釋出給所有BGP鄰居(其中包括IBGP和EBGP)
BGP通告原則之三
通過IBGP獲得的最優可達路由不會發布給其他的IBGP鄰居(IBGP的水平分割
)目的是防止環路
BGP通告原則之四
BGP與IGP同步(華為預設關閉,開啟不了)
undo synchronization
一條從IBGP鄰居學來的路由在釋出給一個BGP鄰居之前,通過IGP必須知道該路由,即BGP與IGP同步
華為路由器上,預設是將BGP與IGP的同步檢查關閉的,原因是為了實現IBGP路由的正常通告。會出現路由黑洞的問題
什麼是路由黑洞?
描述如下:
R2 R3 R4屬於AS 200的裝置 並且各自的loopback介面都發布到OSPF裡面 R2的2.2.2.2可以訪問4.4.4.4
R1和R2之間是EBGP關係 用的是物理介面建立
R4和R5之間是EBGP關係 用的是物理介面建立
R2和R4之間是IBGP關係 用的是loopback介面建立
R3裝置沒有和任何裝置建立BGP關係
基礎配置檢查如下
在R3上面檢視OSPF鄰居狀態是否OK
<R3>display ospf peer brief OSPF Process 1 with Router ID 3.3.3.3 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full 0.0.0.0 GigabitEthernet0/0/1 2.2.2.2 Full ---------------------------------------------------------------------------- <R3>
在R2 R3 R4上檢視路由表
<R2>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 3 Routes : 3 OSPF routing table status : <Active> Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 3.3.3.3/32 OSPF 10 1 D 192.168.23.3 GigabitEthernet0/0/1 4.4.4.4/32 OSPF 10 2 D 192.168.23.3 GigabitEthernet0/0/1 192.168.34.0/24 OSPF 10 2 D 192.168.23.3 GigabitEthernet0/0/1 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 <R2>
<R3>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 2 Routes : 2 OSPF routing table status : <Active> Destinations : 2 Routes : 2 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 OSPF 10 1 D 192.168.23.2 GigabitEthernet0/0/1 4.4.4.4/32 OSPF 10 1 D 192.168.34.4 GigabitEthernet0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0
<R4>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 3 Routes : 3 OSPF routing table status : <Active> Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 OSPF 10 2 D 192.168.34.3 GigabitEthernet0/0/0 3.3.3.3/32 OSPF 10 1 D 192.168.34.3 GigabitEthernet0/0/0 192.168.23.0/24 OSPF 10 2 D 192.168.34.3 GigabitEthernet0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0
檢查BGP的鄰居關係
R1和R2之間的EBGP關係
<R1>display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 192.168.12.2 4 200 17 18 0 00:14:39 Established 1 <R1>
R2的R1的EBGP關係 R2和R4跨鄰居的IBGP關係
<R2>display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 4.4.4.4 4 200 17 18 0 00:14:22 Established 1 192.168.12.1 4 100 18 18 0 00:15:02 Established 1
R4和R2的IBGP關係 R4和R5的EBGP關係
<R4>display bgp peer BGP local router ID : 4.4.4.4 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.2 4 200 17 17 0 00:14:49 Established 1 192.168.45.5 4 300 18 18 0 00:15:21 Established 1
R5和R4的EBGP關係
<R5>display bgp peer BGP local router ID : 5.5.5.5 Local AS number : 300 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 192.168.45.4 4 200 18 19 0 00:15:34 Established 1 <R5>
路由黑洞實驗現象
在R1的BGP裡面宣告1.1.1.1
在R5的BGP裡面宣告5.5.5.5
#
bgp 100
network 1.1.1.1 255.255.255.255
#
#
bgp 300
network 5.5.5.5 255.255.255.255
#
在R2上面檢視是否學習到關於1.1.1.1和5.5.5.5的BGP路由
<R2>display bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.1/32 192.168.12.1 0 0 100i *>i 5.5.5.5/32 4.4.4.4 0 100 0 300i <R2>
在R4上面檢視是否學習到關於1.1.1.1和5.5.5.5的BGP路由
<R4>display bgp routing-table BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 1.1.1.1/32 2.2.2.2 0 100 0 100i *> 5.5.5.5/32 192.168.45.5 0 0 300i <R4>
R4到達1.1.1.1的下一跳是2.2.2.2 因為在R2這邊敲了如下命令
#
bgp 200
peer 4.4.4.4 next-hop-local
#
在R5上面檢視是否學習到關於1.1.1.1的BGP路由
[R5]display bgp routing-table BGP Local router ID is 5.5.5.5 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.1/32 192.168.45.4 0 200 100i *> 5.5.5.5/32 0.0.0.0 0 0 i [R5]
在R5裝置上去訪問1.1.1.1
[R5]ping -a 5.5.5.5 1.1.1.1 PING 1.1.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 1.1.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
在R5裝置上去訪問tracert 1.1.1.1
<R5>tracert -a 5.5.5.5 1.1.1.1 traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break 1 192.168.45.4 50 ms 40 ms 20 ms //發現到R4就停止了 2 * * * 3 * * <R5>
發現數據包交給R4後 R4後面就不通了 我們看下R4到達1.1.1.1的路由表
<R4>display ip routing-table 1.1.1.1 Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 IBGP 255 0 RD 2.2.2.2 GigabitEthernet0/0/0 <R4>
發現R4到達1.1.1.1的下一跳是2.2.2.2 R4上面到達2.2.2.2也是非直連網段 R4會遞迴查詢到達2.2.2.2 發現到達2.2.2.2下一跳是R3 因為R4到達1.1.1.1的時候 資料包經過遞迴後 下一跳是R3
<R4>display ip routing-table 2.2.2.2 Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 OSPF 10 2 D 192.168.34.3 GigabitEthernet0/0/0 <R4>
R4會把資料包交給R3 R3收到後 到達1.1.1.1該如何走呢?
<R3>display ip routing-table 1.1.1.1
發現R3路由表裡面根本就沒有到達1.1.1.1的路由條目 所以R5訪問1.1.1.1就會丟包 , 只要是R5想要訪問到R1這邊 都會被R3的路由黑洞給吃掉 這個就是路由黑洞
分析原因
原因1:因為R3上沒有執行BGP協議
原因2:BGP可以跨鄰居建立