bgp 鄰居建立

# IGBP直連鄰居建立 # neighbor 10.1.23.3 remote-as 234 的作用： # 1、與10.1.23.3：179建立TCP連接； # 2、源檢測，只允許10.1.23.3建立localhost:179連接； # 3、主動發起TCP連接；被動接收TCP連接； IOU2(config-router)#neighbor 10.1.23.2 transport connection-mode ? active Actively establish the TCP session passive Passively establish the TCP session IOU2#sh run | b r b router bgp 234 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.23.3 remote-as 234 IOU3#sh run | b r b router bgp 234 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.1.23.2 remote-as 234 IOU2#sh ip bgp summ BGP router identifier 2.2.2.2, local AS number 234 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.23.3 4 234 18 18 1 0 0 00:13:20 0 # 1、IDLE狀態：查路由表 # 2、active delay計時器到期後開始， # a.CONNECTED狀態：被動建立 # b.ACTIVE狀態：主動建立 # 3、TCP三次握手 16 15.314333 10.1.23.2 10.1.23.3 TCP 48 40501→179 [SYN] Seq=0 Win=16384 Len=0 MSS=1460 17 15.317349 10.1.23.3 10.1.23.2 TCP 48 179→40501 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 18 15.318670 10.1.23.2 10.1.23.3 TCP 44 40501→179 [ACK] Seq=1 Ack=1 Win=16384 Len=0 # 4、OPENSEND：發送 19 15.329280 10.1.23.2 10.1.23.3 BGP 101 OPEN Message 20 15.331753 10.1.23.3 10.1.23.2 TCP 44 179→40501 [ACK] Seq=1 Ack=58 Win=16327 Len=0 21 15.338059 10.1.23.3 10.1.23.2 BGP 101 OPEN Message # OPENSEND messaga的BGP協商； # a.router-id不能相同；b.AS必須相同； Frame 19: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface 0 Cisco HDLC Internet Protocol Version 4, Src: 10.1.23.2, Dst: 10.1.23.3 Transmission Control Protocol, Src Port: 40501, Dst Port: 179, Seq: 1, Ack: 1, Len: 57 Border Gateway Protocol - OPEN Message Marker: ffffffffffffffffffffffffffffffff Length: 57 Type: OPEN Message (1) Version: 4 My AS: 234 Hold Time: 180 BGP Identifier: 2.2.2.2 Optional Parameters Length: 28 Optional Parameters # c.協商holdtime時間較小的；keepalive時間為holdtime的1/3； IOU2(config-router)#do sh run | b r b router bgp 234 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.23.3 remote-as 234 neighbor 10.1.23.3 timers 30 120 Frame 1505: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface 0 Cisco HDLC Internet Protocol Version 4, Src: 10.1.23.2, Dst: 10.1.23.3 Transmission Control Protocol, Src Port: 57899, Dst Port: 179, Seq: 1, Ack: 1, Len: 57 Border Gateway Protocol - OPEN Message Marker: ffffffffffffffffffffffffffffffff Length: 57 Type: OPEN Message (1) Version: 4 My AS: 234 Hold Time: 120 BGP Identifier: 2.2.2.2 Optional Parameters Length: 28 Optional Parameters # d.協商capability Border Gateway Protocol - OPEN Message Marker: ffffffffffffffffffffffffffffffff Length: 57 Type: OPEN Message (1) Version: 4 My AS: 234 Hold Time: 180 BGP Identifier: 3.3.3.3 Optional Parameters Length: 28 Optional Parameters Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 6 Capability: Multiprotocol extensions capability Type: Multiprotocol extensions capability (1) Length: 4 AFI: IPv4 (1) Reserved: 00 SAFI: Unicast (1) Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 2 Capability: Route refresh capability (Cisco) Type: Route refresh capability (Cisco) (128) Length: 0 Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 2 Capability: Route refresh capability Type: Route refresh capability (2) Length: 0 Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 2 Capability: Enhanced route refresh capability Type: Enhanced route refresh capability (70) Length: 0 Optional Parameter: Capability Parameter Type: Capability (2) Parameter Length: 6 Capability: Support for 4-octet AS number capability Type: Support for 4-octet AS number capability (65) Length: 4 AS Number: 234 # BGP協商成功，則進入keepalive； # BGP協商失敗，則進入notification； # IBGP非直連鄰居建立 # a.節省full-mesh互聯成本 # b.用Loopback口建立鄰居，可以簡化配置； # c.發送數據包源地址為接口地址，根據源檢測，需要修改發送TCP源地址為loopback地址； # neighbor 10.1.2.2 update-source Loopback0;單向neighbor可以建立TCP連接； IOU2(config-router)#do sh run | b r b router bgp 234 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.3.3 remote-as 234 neighbor 10.1.3.3 update-source Loopback0 IOU3(config-router)#do sh run | b r b router bgp 234 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.1.2.2 remote-as 234 neighbor 10.1.2.2 update-source Loopback0 # EBGP直連鄰居建立 IOU2#sh run | b r b router bgp 234 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.23.3 remote-as 432 IOU3#sh run | b r b router bgp 432 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.1.23.2 remote-as 234 # a.EBGP的TTL為1，建議相鄰節點建立EBGP鄰居； Frame 15: 48 bytes on wire (384 bits), 48 bytes captured (384 bits) on interface 0 Cisco HDLC Internet Protocol Version 4, Src: 10.1.12.1, Dst: 10.1.12.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) Total Length: 44 Identification: 0x84f0 (34032) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 1 Protocol: TCP (6) Header checksum: 0xc817 [validation disabled] [Header checksum status: Unverified] Source: 10.1.12.1 Destination: 10.1.12.2 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 40040, Dst Port: 179, Seq: 0, Len: 0 # EBGP非直連鄰居建立 IOU2(config-router)#do sh run | b r b router bgp 234 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.3.3 remote-as 432 neighbor 10.1.3.3 update-source Loopback0 IOU3(config-router)#do sh run | b r b router bgp 432 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.1.2.2 remote-as 234 neighbor 10.1.2.2 update-source Loopback0 # a.EBGP直連檢測導致不發送TCP連接，無法建立非直連鄰居; IOU3(config-router)# *Nov 29 02:58:51.881: BGP: 10.1.2.2 Active open failed - no route to peer, open active delayed 7168ms (35000ms max, 60% jitter # b.直連檢測：路由表中是否存在直連路由；減少發送不必要的數據包開銷； # c.EBGP的TTL為1，多個路由器網絡無法建立鄰居； IOU2(config-router)#do sh run | b r b router bgp 234 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.4.4 remote-as 432 neighbor 10.1.4.4 ebgp-multihop 255 neighbor 10.1.4.4 disable-connected-check neighbor 10.1.4.4 update-source Loopback0 IOU4(config-router)#do sh run | b r b router bgp 432 bgp router-id 4.4.4.4 bgp log-neighbor-changes neighbor 10.1.2.2 remote-as 234 neighbor 10.1.2.2 ebgp-multihop 255 neighbor 10.1.2.2 disable-connected-check neighbor 10.1.2.2 update-source Loopback0

BGP的鄰居建立