[Lab8]BGP
BGP 被称为是路径向量路由协议,它的任务是在自治系统之间交换路由信息,同时确保
没有路由环路,其特征如下:
1. 用属性(attribute)描述路径,而不是用度量值;
2. 使用TCP(端口179)作为传输协议,继承了TCP 的可靠性和面向连接的特性;
3. 通过keepalive 信息来检验TCP 的连接;
4. 具有丰富的属性特征,方便实现基于策略的路由;
5. 拥有自己的BGP 表;
6. 支持VLSM 和CIDR;
7. 适合在大型网路中使用。
在详细讨论BGP 之前,首先应该掌握如下BGP 术语:
1. 对等体(peer):当两台BGP 路由器之间建立了一条基于TCP 的连接后,就称它们为
邻居或对等体;
2. AS: 是一组处于统一管理控制和策略下的路由器或主机。AS 号由因特网注册机构分
配,范围为1-65535,其中64512-65535 是私有使用的;
3. IBGP: 当BGP 在一个AS 内运行时,被称为内部BGP(IBGP);
4. EBGP: 当BGP 运行在AS 之间时,被称为外部BGP(EBGP);
5. NLRI(网络层可达性信息):BGP 通过NLRI 支持CIDR 的。NLRI 是BGP 更新报文的一
部分,用于列出可到达的目的地的集合;
6. 同步:在BGP 能够通告路由之前,该路由必须存在于当前的IP 路由表中。也就是说,
BGP 和IGP 必须在网络能被通告前同步。Cisco 允许通过命令“no synchronization”来关
闭同步;
7. IBGP 水平分割:通过IBGP 学到的路由不能通告给其它的IBGP 邻居。
1-Next-hop-self
R1#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 12.1.1.2 remote-as 100
no auto-summary
R2#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 100
neighbor 23.1.1.3 remote-as 200
no auto-summary
R3#sh run | se bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
neighbor 23.1.1.2 remote-as 100
no auto-summary
那我们在R1上看到3.3.3.0网段
发现3.3.3.0并不时最优
我们在R2 上作个next-hop-self
R2(config-router)#nei 12.1.1.1 next-hop-self \\参数是为了解决下一跳可达的问
题
R1#sh bgp ipv4 unicast
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i3.3.3.0/24 12.1.1.2 0 100 0 200 i
等再次查看3.3.3.0已是最优路由
BGP路由条目解释:
① s:表示路由条目被抑制;
② d:表示路由条目由于被惩罚而受到抑制,从而阻止了不稳定路由的发布;
③ h: 表示该路由该路由正在被惩罚,但还未达到抑制阀值而使它被抑制;
④ *: 表示该路由条目有效;
⑤ >: 表示该路由条目最优,可以被传递,达到最优的重要前提是下一跳可达;
⑥ i:表示该路由条目是从IBGP 邻居学到的;
⑦ r:表示将BGP 表中的路由条目放入到IP 路由表中失败。
以上输出中,起源代码(Origin codes)的含义解释如下:
① i:表示路由条目来源为IGP;
② e:表示路由条目来源为EGP;
③ ?: 表示路由条目来源不清楚,通常是从IGP 重分布到BGP 的路由条目。
2-Synchronization
R1#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
R3#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 34.1.1.4 remote-as 200
no auto-summary
R4#sh run | se bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 34.1.1.3 remote-as 100
no auto-summary
在R1上我们可以看到4.4.4.0的路由,且是最优的,下一跳为3.3.3.3
但实际上R1是ping不通4.4.4.4的
因为包的传递还是hop by hop,在R2 上没有去4.4.4.4的路由
所以不开启同步很有可能会有路由黑洞
我们在R1 R3开启同步
R3(config-router)#synchronization
R1#sh bgp ipv4 unicast
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i4.4.4.0/24 3.3.3.3 0 100 0 200 i
然后打开同步解决了黑洞问题,但实际上R1还是通不了4.4.4.4,所以同步默认是关闭的
Final solution:是as100所有路由器都跑bgp
Better solution:联邦和发射器
Best solution:MPLS
在R2 上开启bgp
R2#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
R1R2互相指邻居
R3R2互相指邻居
3-Peer Group
我们用peer group来做上面的试验 让 R1/2/3相互指邻居
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor fuyi peer-group
neighbor fuyi remote-as 100
neighbor fuyi update-source Loopback0
neighbor fuyi next-hop-self
neighbor 2.2.2.2 peer-group fuyi
neighbor 3.3.3.3 peer-group fuyi
no auto-summary
peer group可以达到简化命令的结果,但缺陷是只能做出站策略(以peer-group为单位),peer-group成员只能做入站策略
4-动态BGP
bgp listen range 192.168.1.0/24 peer-group XXXX (基于peer-group的)
5-BGP自动汇总
1-自动汇总并不会汇总宣告的明细路由
2-自动汇总在重分布时,会自动汇总重分布进BGP的路由
下面我们来证明这两点:
R1#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 12.1.1.2 remote-as 100
neighbor 12.1.1.2 next-hop-self
no auto-summary
R2#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 100
neighbor 12.1.1.1 next-hop-self
neighbor 23.1.1.3 remote-as 200
no auto-summary
R3#sh run | se bgp
router bgp 200
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
network 33.3.3.0 mask 255.255.255.0
neighbor 23.1.1.2 remote-as 100
no auto-summary
我们在R1上看BGP的拓扑表如下:
R1#sh bgp ipv4 unicast
BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i3.3.3.0/24 12.1.1.2 0 100 0 200 i
*>i33.3.3.0/24 12.1.1.2 0 100 0 200 i
如果我们在R3 敲入自动汇总
R3(config-router)#auto-summary
其实在R1上看BGP拓扑表的结果和上面一样
说明自动汇总并没有对明细路由汇总并没有汇总!!!!!
打开自动汇总的影响是: 此时可以去宣告一个主类网络
R3(config-router)#net 3.0.0.0
R3(config-router)#net 33.0.0.0
在R1可以看到BGP拓扑表
我们在R2 上起环回接口2.2.2.2 重分布进BGP
R2(config)#router bgp 100
R2(config-router)#auto-summary
R2(config-router)#redistribute connected
R2#sh bgp ipv4 unicast
BGP table version is 26, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.0.0.0 0.0.0.0 0 32768 ?
*> 3.0.0.0 23.1.1.3 0 0 200 i
*> 3.3.3.0/24 23.1.1.3 0 0 200 i
*> 12.0.0.0 0.0.0.0 0 32768 ?
*> 23.0.0.0 0.0.0.0 0 32768 ?
*> 33.0.0.0 23.1.1.3 0 0 200 i
*> 33.3.3.0/24 23.1.1.3 0 0 200 i
可见:如果开起自动汇总,重分布进BGP的路由是会自动汇总!!
6-BGP手工汇总
本实验实现在路由器R2 上将路由器R1 和路由器R3 通告的环回接口的路由进行地址聚
合,并通告给路由器R4。在路由器R1、R3、R4 配置静态路由实现网络互通。
<基本配置如下:>
R1#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.0.0 mask 255.255.255.0
network 1.1.1.0 mask 255.255.255.0
neighbor 12.1.1.2 remote-as 200
no auto-summary
R2#sh run | se bgp
router bgp 200
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 100
neighbor 23.1.1.3 remote-as 300
neighbor 24.1.1.4 remote-as 400
no auto-summary
R3#sh run | se bgp
router bgp 300
no synchronization
bgp log-neighbor-changes
network 1.1.2.0 mask 255.255.255.0
network 1.1.3.0 mask 255.255.255.0
neighbor 23.1.1.2 remote-as 200
no auto-summary
R4#sh run | se bgp
router bgp 400
no synchronization
bgp log-neighbor-changes
neighbor 24.1.1.2 remote-as 200
no auto-summary
查看R4的BGP拓扑表
R4#sh bgp ipv4 unicast
BGP table version is 5, local router ID is 24.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.0.0/24 24.1.1.2 0 200 100 i
*> 1.1.1.0/24 24.1.1.2 0 200 100 i
*> 1.1.2.0/24 24.1.1.2 0 200 300 i
*> 1.1.3.0/24 24.1.1.2 0 200 300 i
如果我们在R2上作BGP手工汇总
R2(config-router)#aggregate-address 1.1.0.0 255.255.252.0
R4 上看BGP拓扑表:
实际上手工汇总并没有抑制明晰路由,源AS path属性丢失(原来是100 300)
6-1 AS-SET
R2(config-router)#aggregate-address 1.1.0.0 255.255.252.0 as-set
PS: BGP 路由器下一跳为“0.0.0.0”,表示该BGP 路由起源本地,Weight 值为“32768”
R4#sh bgp ipv4 unicast
BGP table version is 11, local router ID is 24.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.0.0/22 24.1.1.2 0 0 200 {100,300} i
应该看到了变化吧?没有明细路由了,且保留ASPATH属性
携带ASPATH的目的就是为了防环 (不带参数AS-SET之前,R2会把路由发回给R1和R3,但现在R1/R3不接受 R2回传的路由了)
以下的输出更加证明了上面的论述
R2#sh bgp ipv4 unicast neighbors 12.1.1.1 advertised-routes
BGP table version is 11, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.0.0/22 0.0.0.0 100 32768 {100,300} i
\\实际上R2还是向R1传这条汇总路由
R1(config-router)#neighbor 12.1.1.2 soft-reconfiguration inbound
\\开起接受buffer
R1#sh bgp ipv4 unicast neighbors 12.1.1.2 received-routes
BGP table version is 11, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.2.0/24 12.1.1.2 0 200 300 i
*> 1.1.3.0/24 12.1.1.2 0 200 300 i
R1 没有接收聚合路由“1.1.0.0/22”,因为它发现聚合路由条目中 的AS-PATH 属性列表“{100,300}”中包含自己的AS 号码100,所以不接收。同理,路由器 R3 也不会接收该聚合路由条目
6-2 Summary-only
在R2 上作变更:
R2(config-router)#aggregate-address 1.1.0.0 255.255.252.0 summary-only as-set
R2#
*Jul 15 14:00:43.167: %BGP-5-ADJCHANGE: neighbor 24.1.1.4 Up
R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 1.1.0.0/24 12.1.1.1 0 0 100 i
*> 1.1.0.0/22 0.0.0.0 100 32768 {100,300} i
s> 1.1.1.0/24 12.1.1.1 0 0 100 i
s> 1.1.2.0/24 23.1.1.3 0 0 300 i
s> 1.1.3.0/24 23.1.1.3 0 0 300 i
可以看到明晰路由被抑制了,前面加了’s’
6-3 Suppress-Map
这个参数的作用 在聚合后只抑制部分明细路由条目,参数“suppress-map”可以完成
比如我们要求路由器R1的两条明细路由被抑制,而路由器R3的明细路由要求传递给路由器R4
R2(config)#ip prefix-list suppress permit 1.1.0.0/24
R2(config)#ip prefix-list suppress permit 1.1.1.0/24
R2#sh run | se route-map
route-map suppress permit 10
match ip address prefix-list suppress
R2(config-router)#aggregate-address 1.1.0.0 255.255.252.0 as-set suppress-map suppress
R2#sh ip bgp
BGP table version is 8, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 1.1.0.0/24 12.1.1.1 0 0 100 i
*> 1.1.0.0/22 0.0.0.0 100 32768 {100,300} i
s> 1.1.1.0/24 12.1.1.1 0 0 100 i
*> 1.1.2.0/24 23.1.1.3 0 0 300 i
*> 1.1.3.0/24 23.1.1.3 0 0 300 i
6-4 Advertise-Map
条件通告,指的是当route-map里匹配的路由(此路由必须是被包含在汇总路由里的明细路由)在BGP表存在时,汇总路由才能生成。
如果使用了as-set参数,汇总路由只继承了route-map里匹配的路由属性
我们用advertise-map去匹配1.1.0.0/24这条路由,当这条路由存在时,R2就会产生汇总,传递给R4.
R2(config)#ip prefix-list ADV permit 1.1.0.0/24
R2(config)#route-map adv permit 10
R2(config-route-map)#match ip address prefix-list ADV
R2(config-router)#aggregate-address 1.1.0.0 255.255.252.0 as-set advertise-map adv
R4#sh ip bgp
BGP table version is 14, local router ID is 24.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.0.0/22 24.1.1.2 0 0 200 100 i
如果我们在R1上
R1(config-router)#no network 1.1.0.0 mask 255.255.255.0
那么我们在R4上还能看到汇总路由吗? (答案是看不到的)
R2#sh bgp ipv4 unicast neighbors 24.1.1.4 advertised-routes
BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 12.1.1.1 0 0 100 i
*> 1.1.2.0/24 23.1.1.3 0 0 300 i
*> 1.1.3.0/24 23.1.1.3 0 0 300 i
R4#sh ip bgp
BGP table version is 18, local router ID is 24.1.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 24.1.1.2 0 200 100 i
*> 1.1.2.0/24 24.1.1.2 0 200 300 i
*> 1.1.3.0/24 24.1.1.2 0 200 300 i
\\R4 没有看到没有汇总路由,说明汇总命令在R2上失效了
6-5 Attribute-Map
先来了解下community
相当于BGP的TAG,属性值
Community的格式:32bit,可以用用AS:NN的形式来表示. (16bit):(16bit)
默认commuity 是不传递的,可以使用
Neighbor X.X.X.X send-Community 让community属性传递下去
R1#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.0.0 mask 255.255.255.0
network 1.1.1.0 mask 255.255.255.0
neighbor 12.1.1.2 remote-as 200
neighbor 12.1.1.2 send-community both
neighbor 12.1.1.2 soft-reconfiguration inbound
neighbor 12.1.1.2 route-map ccnp out
no auto-summary
route-map ccnp permit 10
match ip address prefix-list 10
set community 6553601
R1#sh run | se ip prefix-list
ip prefix-list 10 seq 5 permit 1.1.0.0/24
ip prefix-list 10 seq 10 permit 1.1.1.0/24
那么我们可以在R2上看到路由
R2(config)#ip bgp-community new-format \\更改查看community的格式
R2#sh ip bgp 1.1.0.0/24
BGP routing table entry for 1.1.0.0/24, version 13
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
2
100
12.1.1.1 from 12.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 100:1
有的时候汇总后我们需要加上一些属性值,那么我们可以使用attribut-map这个参数
R2(config-router)# aggregate-address 1.1.0.0 255.255.252.0 attribute-map summary-only SETCOMM as-set
% "SETCOMM" used as BGP attribute route-map, set community add not supported
R2#sh run | se route-map
route-map SETCOMM permit 10
set community 100:100 additive
R4#sh ip bgp 1.1.0.0/22
BGP routing table entry for 1.1.0.0/22, version 71
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200 {100,300}, (aggregated by 200 2.2.2.2)
24.1.1.2 from 24.1.1.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 100:1 100:100 \\完成属性值添加
7-BGP的默认路由
拓扑图如下
下放默认路由使R1的loopback口1.1.1.1能与R3的loopback口3.3.3.3 相PING通
基本配置就是R2能与R3相互起邻居
R2#sh ip bgp summary
BGP router identifier 22.2.2.2, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
12.1.1.1 4 100 4 4 0 0 0 00:00:30 0
23.1.1.3 4 200 4 4 0 0 0 00:00:30 0
7-1静态路由+宣告产生默认路由
R3(config)#ip route 0.0.0.0 0.0.0.0 f0/1 23.1.1.2
R3(config)#router bgp 200
R3(config-router)#net 0.0.0.0 mask 0.0.0.0
R2#sh ip route
Gateway of last resort is 23.1.1.3 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 12.1.1.1, 00:00:24, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.1.1.0 is directly connected, FastEthernet0/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, FastEthernet0/0
B* 0.0.0.0/0 [20/0] via 23.1.1.3, 00:04:19
R1#sh ip route
Gateway of last resort is 12.1.1.2 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, FastEthernet0/0
B* 0.0.0.0/0 [200/0] via 12.1.1.2, 00:05:05
R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/56/124 m
7-2 重分布+ Default Information Originate产生默认路由
R3(config-router)#router bgp 200
R3(config-router)#no net 0.0.0.0 mask 0.0.0.0 \\删除之前的配置
R3(config-router)#redistribute static
R3(config-router)#default-information originate
R3依旧是能ping通R1的
7-3 指邻居产生默认路由
把上面R3的配置全部都no掉
R3(config-router)#neighbor 23.1.1.2 default-originate
R2(config-router)#neighbor 23.1.1.3 default-originate
8-BGP路由反射器
当一个AS 包含多个IBGP 对等体时,路由反射器非常有用。因为IBGP 客户只需要和路
由反射器建立邻居关系,从而降低了IBGP 的连接数量。路由反射器和它的客户合称为一个
簇(Cluster)。路由反射器是克服IBGP 水平分割的重要手段。
8-1反射规则
RR 的反射规则如下:
(1)如果路由是从非客户的IBGP邻居学来的,则RR只将它反射给客户;(不会反射到非客户)
(2)如果路由是从客户学来的,RR会将它反射给所有的非客户和客户(除了发起该路
由的客户);
(3)如果路由是从EBGP邻居学来的,RR会将它反射给所有的非客户和客户。
R2# neighbor 3.3.3.3 route-reflector-client\\代表R2 是R3的RR(R2指R3为客户), R2作反射动作
8-2反射防环
RR打破了BGP的水平分割,所以可能导致环路,为了防环,用了下面的技术来防环:
1 若起源相同,则不接受
2 若cluster-id相同,则互不反射
R1#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
no auto-summary
R2#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 route-reflector-client
neighbor 1.1.1.1 next-hop-self
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
neighbor 3.3.3.3 next-hop-self
no auto-summary
R3#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 34.1.1.4 remote-as 200
no auto-summary
R4#sh run | se bgp
router bgp 200
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 34.1.1.3 remote-as 100
no auto-summary
R2#sh bgp ipv4 unicast neighbors 1.1.1.1
BGP neighbor is 1.1.1.1, remote AS 100, internal link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:27:16
Last read 00:00:15, last write 00:00:14, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
New ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
For address family: IPv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 2, Offset 0, Mask 0x4
Route-Reflector Client\\R1是R2 (RR)的客户端
R2#sh ip bgp 4.4.4.0
BGP routing table entry for 4.4.4.0/24, version 10
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
2
200, (Received from a RR-client)
3.3.3.3 (metric 156160) from 3.3.3.3 (3.3.3.3) \\从R3学习到,发射给R1
Origin IGP, metric 0, localpref 100, valid, internal, best
R1#sh ip bgp 4.4.4.0
BGP routing table entry for 4.4.4.0/24, version 10
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200
3.3.3.3 (metric 158720) from 2.2.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 3.3.3.3, Cluster list: 2.2.2.2 \\起源ID为R3的RouterID,cluster list ID 为R2 的router ID
8-3反射术语
① ORIGINATOR_ID:由路由反射器生成,默认是本AS内路由创造者的路由器ID;
② CLUSTER_ID(簇ID): 一个AS 内的每个簇必须用一个唯一的4 个字节的簇ID 来标
识,如果簇内只有一个RR,那么簇ID 就是RR 的路由器ID。当RR 收到一个更新消息的时候,
它检查CLUSTER_LIST,如果发现在列表中有自己的簇ID,就知道出现了路由环路。当然我们可以手工配置cluster id
命令:bgp cluster-ID X.X.X.X
8-4 RR Cluster
再来看个实验深入了解路由反射器
R1#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 12.1.1.2 remote-as 200
no auto-summary
R2#sh run | se bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 100
neighbor 12.1.1.1 next-hop-self
neighbor 12.1.1.1 default-originate \\使R5能ping通1.1.1.1
neighbor 23.1.1.3 remote-as 200
neighbor 23.1.1.3 next-hop-self
neighbor 24.1.1.4 remote-as 200
neighbor 24.1.1.4 next-hop-self
no auto-summary
R3#sh run | se bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 23.1.1.2 remote-as 200
neighbor 23.1.1.2 route-reflector-client
neighbor 23.1.1.2 next-hop-self
neighbor 34.1.1.4 remote-as 200
neighbor 34.1.1.4 next-hop-self
neighbor 35.1.1.5 remote-as 200
neighbor 35.1.1.5 next-hop-self
no auto-summary
R4#sh run | se bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 24.1.1.2 remote-as 200
neighbor 24.1.1.2 route-reflector-client
neighbor 24.1.1.2 next-hop-self
neighbor 34.1.1.3 remote-as 200
neighbor 34.1.1.3 next-hop-self
neighbor 45.1.1.5 remote-as 200
neighbor 45.1.1.5 next-hop-self
no auto-summary
R5#sh run | se bgp
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 35.1.1.3 remote-as 200
neighbor 35.1.1.3 next-hop-self
neighbor 45.1.1.4 remote-as 200
neighbor 45.1.1.4 next-hop-self
no auto-summary
看R1怎么防环
R2#sh ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
2
100
12.1.1.1 from 12.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
\\因为起源ID(Originator: 24.1.1.2) 相同所以R2不会接受自己发出去的路由
看R5学习到的1.1.1.0路由 说明R3/4反射了1.1.1.0给R5
R5#sh ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 3
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Not advertised to any peer
100
24.1.1.2 (metric 1) from 45.1.1.4 (45.1.1.4)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 24.1.1.2, Cluster list: 45.1.1.4 \\来自R4
100
23.1.1.2 (metric 1) from 35.1.1.3 (35.1.1.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 24.1.1.2, Cluster list: 35.1.1.3 \\来自R3
R3#sh ip bgp 1.1.1.0 (R4同理)
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
3
100
24.1.1.2 (metric 1) from 34.1.1.4 (45.1.1.4)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 24.1.1.2, Cluster list: 45.1.1.4 \\来自R4反射
100, (Received from a RR-client)
23.1.1.2 from 23.1.1.2 (24.1.1.2)
Origin IGP, metric 0, localpref 100, valid, internal, best \\来自EBGP
R3#sh ip bgp
BGP table version is 2, local router ID is 35.1.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.0/24 24.1.1.2 0 100 0 100 i
*>i 23.1.1.2 0 100 0 100 i
在R3/4同时做下面配置
R3/4(config-router)#bgp cluster-id 34.34.34.34 \\配置为RR Cluster
R3#sh ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
3
100, (Received from a RR-client)
23.1.1.2 from 23.1.1.2 (24.1.1.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
\\R3拒绝让cluster ID 相同的路由加表, 如果发现在cluster列表中有自己的簇ID,就知道出现了路由环路
R3#sh ip bgp
BGP table version is 2, local router ID is 35.1.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 23.1.1.2 0 100 0 100 i
9-BGP联邦
BGP 联邦用于将AS 分割成多个子AS,是控制大型IBGP 对等的另一条途径。而子AS被称
为成员自治系统。每个联邦都有被分配一个联邦ID,对联邦外部来讲,这个联邦ID是代表
整个联邦的AS 号码。外部看不到联邦内部结构,联邦看起来就是一个AS,成员自治系统信
息被隐藏起来。
联邦主要就2个命令
R1(config-router)#bgp confederation identifier 100 //配置联邦ID
R1(config-router)#bgp confederation peers 65002 //联邦EBGP 对等的成员
下面具体看下每个router的配置
R1#sh run | se bgp
router bgp 65001
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 65002
network 1.1.1.0 mask 255.255.255.0
neighbor 12.1.1.2 remote-as 200
neighbor 13.1.1.3 remote-as 65002
neighbor 13.1.1.3 next-hop-self
no auto-summary
R2#sh run | se bgp
router bgp 200
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
neighbor 12.1.1.1 remote-as 100
neighbor 23.1.1.3 remote-as 100
no auto-summary
R3#sh run | se bgp
router bgp 65002
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
bgp confederation identifier 100
bgp confederation peers 65001
network 3.3.3.0 mask 255.255.255.0
neighbor 4.4.4.4 remote-as 65002
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 13.1.1.1 remote-as 65001
neighbor 13.1.1.1 next-hop-self
neighbor 23.1.1.2 remote-as 200
no auto-summary
R4#sh run | se bgp
router bgp 65002
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 3.3.3.3 remote-as 65002
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
R2#sh ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.0/24 23.1.1.3 0 100 i
*> 12.1.1.1 0 0 100 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
* 3.3.3.0/24 12.1.1.1 0 100 i
*> 23.1.1.3 0 0 100 i
* 4.4.4.0/24 12.1.1.1 0 100 i
*> 23.1.1.3 0 100 i
R3#sh ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 13.1.1.1 0 100 0 (65001) i
* 2.2.2.0/24 13.1.1.1 0 100 0 (65001) 200 i
*> 23.1.1.2 0 0 200 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
r>i4.4.4.0/24 4.4.4.4 0 100 0 i
联邦总结:
1 BGP 联邦内所有成员的AS PATH信息对外都被隐藏
2 联邦内的AS-PATH 用“()”表示
在联邦范围内,将成员AS 加入到AS-PATH 中,并且用括号扩起来,但是并不将它们公
布到联邦的范围以外。AS-PATH 中联邦的AS 号用于避免出现路由环路。
10-BGP团体
Community 默认是不会被传递的
在上面的实验中完成团体实验
通过让路由器R4 上的“4.4.4.0”携带不同的团体属性,来验证团体的各个属性的传递特征。
对团体的讨论,我们仅仅讨论熟知的属性“local-AS”、“no-export”和“no-advertise”
默认是’Internet’ (无限制)
10-1 Local AS
在R4上配置:
R4(config)#ip prefix-list 1 permit 4.4.4.0/24
R4(config)#route-map LocalAS
R4(config-route-map)#match ip address prefix-list 1
R4(config-route-map)#set community local-AS
R4(config)#router bgp 65002
R4(config-router)#neighbor 3.3.3.3 send-community
R4(config-router)#neighbor 3.3.3.3 route-map LocalAS out
那么在R1/R2上BGP表中是看不到4.4.4.0路由的。
这表明携带团体“local-AS”属性的条目“4.4.4.0/24”只传递给路由器R3,因为路由器R3 和R4 都在AS 65002 内,并没有传递给路由器R2 和R1。由此可见“local-AS”团体属性只能在本AS 内(或联邦子AS内)传递。
10-2 no-export
R4(config)#route-map noexport
R4(config-route-map)#match ip address prefix-list 1
R4(config-route-map)#set community no-export
R4(config)#router bgp 65002
R4(config-router)#nei 3.3.3.3 route-map noexport out
R3(config-router)#nei 13.1.1.1 send-community
R1#sh ip bgp community no-export
BGP table version is 17, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 13.1.1.3 0 100 0 (65002) i
携带团体“no-export”属性的条目“4.4.4.0/24”传递给路由器R3和R1,因为路由器R1、R3 和R4 都在联邦AS 100 内,并没有传递给路由器R2。
no-export团体属性能在联邦的大AS 内传递,如果没有联邦,只能在本AS内传递.
10-3 no-advertise
R4(config)#route-map noadv
R4(config-route-map)#match ip add prefix-list 1
R4(config-route-map)#set community no-advertise
R4(config)#router bgp 65002
R4(config-router)#no neighbor 3.3.3.3 route-map noexport out
R4(config-router)#nei 3.3.3.3 route-map noadv out
携带团体“no-advertise”属性的条目“4.4.4.0/24”只传递给路由器R3,并没有继续传递给路由器R2 和R1。由此可见携带“no-advertise”团体属性的条目被收到后,将不通告给任何E EBGP 对等体 (包括联邦的EBGP邻居)。
【提示】
可以为一条BGP 路由设置多个团体属性。
11-BGP条件性通告
neighbor X.X.X.X advertise-map AMP exist-map EMP
只有(拓扑表)里面有EMP规定的路由,我才通告AMP里面规定的路由
neighbor X.X.X.X advertise-map AMP non-exist-map NEMP
只有(拓扑表)里面【没】有NEMP规定的路由,我才通告AMP里面规定的路由
现在要求在R3上作条件性公告,如果R3有1.1.1.0/24 或 1.1.2.0/24的路由我才向R4通告3.3.3.0/24 ,同时我通告给R4的时候我需要隐藏掉R1的AS号与R2的AS号
R1#sh run | se bgp
router bgp 65001
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 13.1.1.3 remote-as 100
no auto-summary
R2#sh run | se bgp
router bgp 65002
no synchronization
bgp log-neighbor-changes
network 1.1.2.0 mask 255.255.255.0
neighbor 23.1.1.3 remote-as 100
no auto-summary
R3#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
neighbor 13.1.1.1 remote-as 65001
neighbor 23.1.1.2 remote-as 65002
neighbor 34.1.1.4 remote-as 200
neighbor 34.1.1.4 advertise-map AMP exist-map EMP
no auto-summary
R3#sh ip prefix-list
ip prefix-list 10: 2 entries
seq 5 permit 1.1.1.0/24
seq 10 permit 1.1.2.0/24
R3#sh run | se route-map
route-map EMP permit 10
match ip address prefix-list 10
route-map AMP permit 10
match ip address prefix-list 40
R4#sh run | se bgp
router bgp 200
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 34.1.1.3 remote-as 100
neighbor 34.1.1.3 soft-reconfiguration inbound
no auto-summary
如果把R1/R2 的环回口都关掉
R3#sh bgp ipv4 unicast neighbors 34.1.1.4 advertised-routes
Total number of prefixes 0
那么R3是不会通告3.3.3.3的,实验成功
R4#sh ip bgp
BGP table version is 23, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 34.1.1.3 0 100 65001 i
*> 1.1.2.0/24 34.1.1.3 0 100 65002 i
*> 3.3.3.0/24 34.1.1.3 0 0 100 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
现在要隐藏掉AS65001 65002
那么我们可以在R3上做个配置即可:
R3(config-router)#neighbor 34.1.1.4 remove-private-as
R4#sh ip bgp
BGP table version is 25, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 34.1.1.3 0 100 i
*> 1.1.2.0/24 34.1.1.3 0 100 i
*> 3.3.3.0/24 34.1.1.3 0 0 100 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
12-BGP属性总结
BGP 具有丰富的属性,为网络管理员进行路由控制带来很大的方便,BGP路径属性分为
4 类:
1. 公认必遵(Well-Known Mandatory):BGP 更新报文中必须包含的,且必须被所有
BGP 厂商实现所能识别的,包括ORIGIN,AS_PATH 和Next_Hop 三个属性。
(1)ORIGIN(起源):这个属性说明了源路由是怎样放到BGP 表中的。有三个可能的
源:IGP,EGP 以及INCOMPLETE。路由器在多个路由选择的处理中使用这个信息。路由器选
择具有最低ORIGIN 类型的路径。ORIGIN 类型从低到高的顺序为:IGP<EGP<INCOMPLETE;
(2)AS_PATH(AS 路径):指出包含在UPDATE 报文中的路由信息所经过的自治系统的序列;
(3)Next_HOP(下一跳):声明路由器所获得的BGP路由的下一跳。对EBGP会话来说,下一跳就是通告该路由的邻居路由器的源地址。对于IBGP会话,有两种情况,一是起源AS内部的路由的下一跳就是通告该路由的邻居路由器的源地址;二是由EBGP注入AS的路由,它的下一跳会不变的带入IBGP中;
2. 公认自决(Well-Known Discretionary):指必须被所有BGP 实现所识别,但是在BGP 更新报文中可以发送,也可以不发送的属性,包括LOCAL_PREF 和ATOMIC_ AGGREGATE两个属性。
(1)LOCAL_PREF(本地优先级):本地优先级属性是用于告诉自治系统内的路由器在有多条路径的时候,怎样离开自治系统。本地优先级越高,路由优先级越高。这个属性仅仅在IBGP 邻居之间传递;
(2)ATOMIC_ AGGREGATE(原子聚合):原子聚合属性指出已被丢失了的信息。当路由聚合时将会导致信息的丢失,因为聚合来自具有不同属性的不同源。如果一个路由器发送了导致信息丢失的聚合,路由器被要求将原子聚合属性附加到该路由上。
3.可选过渡(Optional Transitive):可选过渡属性并不要求所有的BGP 实现都支持。如果该属性不能被BGP进程识别,它就会去看过渡标志。如果过渡标志被设置了,BGP进程会接受这个属性并将它不加改变的传送,包括AGGREGATOR 和COMMUNITY。
(1)AGGREGATOR(聚合者):此属性标明了实施路由聚合的BGP 路由器ID 和聚合路由的路由器的AS 号;
(2)COMMUNITY(团体):此属性指共享一个公共属性的一组路由器。
4. 可选非过渡(Optional Nontransitive):可选非过渡属性并不要求所有的BGP 实现都支持。如果这些属性被发送到不能对其识别的路由器,这些属性将会被丢弃,不能传送给BGP 邻居,包括MED、ORIGINATOR_ID 和CLUSTER_LIST。
(1)MED(多出口区分):该属性通知AS 外的路由器采用哪一条路径到达AS。它也被
认为是路由的外部度量,低的MED 值表示高的优先级。MED 属性在自治系统间交换,但MED
属性不能传递到第三方AS;
(2)ORIGINATOR_ID(起源ID): 路由反射器会附加到这个属性上,它携带本AS 源路
由器的路由器ID,用以防止环路;
(3)CLUSTER_LIST(簇列表):此属性显示了采用的反射路径。
13-BGP选路原则
BGP 使用了描述路由特性的很多属性。这些属性和每一个路由一起在BGP 更新报文中被
发送。路由器使用这些属性去选择到目的地的最佳路由。理解BGP 路由判定的过程很重要的,
下面按优先顺序给出了路由器在BGP 路径选择中的判定过程:
1. 如果下一跳不可达,则不考虑该路由;
2.优先选取具有最大权重(weight)值的路径,权重是Cisco 专有属性;
3.如果权重值相同,优先选取具有最高本地优先级的路由(AD值);
4.如果本地优先级相同,优先选取源自于本路由器(即下一跳为“0.0.0.0”)上BGP
的路由;
5.如果本地优先级相同,并且没有源自本路由器的路由,优先选取具有最短AS 路径的
路由;
6.如果具有相同的AS 路径长度,优先选取有最低起源代码(IGP<EGP<INCOMPLETE)的
路由;
7.如果起源代码相同,优先选取具有最低MED 值的路径;
8.如果MED 都相同,在EBGP 路由和联盟EBGP 路由中,首选EBGP 路由,在联盟EBGP
路由和IBGP 路由中,首选联盟EBGP 路由;
9.如果前面所有属性都相同,优先选取离IGP 邻居最近的路径;
10.如果内部路径也相同,优先选取具有最低BGP 路由器ID 的路径。
13-1 Weight
该属性不传递,只在本机起作用
默认学习的路由weight value 为 0,但自身产生的路由weight值为32768
若作策略只能在in方向做
R1#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 11.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 14.1.1.4 remote-as 200
no auto-summary
R2#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 22.1.1.1
bgp log-neighbor-changes
network 123.1.1.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
R3#sh run | se bgp
router bgp 100
no synchronization
bgp router-id 33.1.1.1
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 34.1.1.4 remote-as 200
no auto-summary
R4#sh run | se bgp
router bgp 200
no synchronization
bgp router-id 44.1.1.1
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 14.1.1.1 remote-as 100
neighbor 34.1.1.3 remote-as 100
no auto-summary
那么在R4上可以学习到123.1.1.X路由的两条路径
R4#sh ip bgp
BGP table version is 3, local router ID is 44.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
* 123.1.1.0/24 34.1.1.3 0 100 i
*> 14.1.1.1 0 100 i
GNS3 从R1先学习到EBGP路由,根据选路原则第10条,EBGP越老越优先的原则,默认是走14.1.1.1
要求改变选路,让其走34.1.1.3
R4(config-router)#neighbor 14.1.1.1 weight 300
R4(config-router)#nei 34.1.1.3 wei 500
或者
access-list 10 permit 123.1.1.0 0.0.0.255
neighbor 34.1.1.3 route-map wei2 in
route-map wei2 permit 10
match ip address 10
set weight 200
R4#sh ip bgp 123.1.1.0
BGP routing table entry for 123.1.1.0/24, version 15
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Flag: 0x860
Advertised to update-groups:
1
100
34.1.1.3 from 34.1.1.3 (33.1.1.1)
Origin IGP, localpref 100, weight 200, valid, external, best
100
14.1.1.1 from 14.1.1.1 (11.1.1.1)
Origin IGP, localpref 100, valid, external
13-2 Local Pref
传递性:只能在本AS内,不可以跨AS
若跨越了AS, LP 值清空, 当受到LP为空时,默认值为LP value 为 100
若学习到路由LP的值不为空,则直接使用
由于该属性值传不出AS,所以只能in方向做
延续上面的实验,使用LP属性让R4去123.1.1.X的路由走 34.1.1.3
R4(config-router)#nei 34.1.1.3 route-map lp in
R4#clear ip bgp * soft
R4#sh run | se route-map
route-map lp permit 10
match ip address 10
set local-preference 5000
R4#sh ip bgp
BGP table version is 19, local router ID is 44.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
*> 123.1.1.0/24 34.1.1.3 5000 0 100 i
* 14.1.1.1 0 100 i
13-3 自身起源路由
用的比较少,防止路由重叠
一般来说,自身产生的路由weight值高32768,而学习到的路由weight为0,跟第一条重叠
比如说,R4也有条123.1.1.x网段,那么R2 宣告的123.1.1.x网段对R4 默认情况下是造成不了什么影响
13-4 AS PATH
传递性:可以跨越AS
若用于生产环境汇总,尽量添加自己的AS号,使其 AS长度变长
优先选AS长度小的路由
忽略这个属性的命令:《BGP Bestpath as-path ignore》
现在我们要求使用AS Path属性使得R4去往123.1.1.X走34.1.1.3,清空上面的实验配置
由于AS属性可以跨越AS,因此出和入方向都可以做,这里我们来个出方向。
R1(config-router)#nei 14.1.1.4 route-map asadd out
R1:
route-map asadd permit 10
match ip address prefix-list 10
set as-path prepend 100 100 100
R4#sh ip bgp
BGP table version is 6, local router ID is 44.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
*> 123.1.1.0/24 34.1.1.3 0 100 i
* 14.1.1.1 0 100 100 100 100 i
13-5 Origin
起源属性:I > E > ? (重分布等),可跨AS传递
R1#sh run | se bgp
redistribute connected route-map red \\red route-map抓直连路由22.22.22.X
route-map red permit 10
match ip address prefix-list 10
R2#sh run | se bgp
router bgp 100
neighbor 1.1.1.1 route-map Test in \\block 掉22.22.22.X
neighbor 3.3.3.3 route-map Test in
route-map Test deny 10
match ip address prefix-list 10
!
route-map Test permit 20
在R4上看BGP表:4#sh ip bgp 22.22.22.0
BGP routing table entry for 22.22.22.0/24, version 20
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
2
100
34.1.1.3 from 34.1.1.3 (33.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
100
14.1.1.1 from 14.1.1.1 (11.1.1.1)
Origin incomplete, metric 0, localpref 100, valid, external
或者这个实验我们也可以这样做
R4(config)#ip prefix-list 10 permit 4.4.4.0/24
R4(config)#route-map egp
R4(config-route-map)#match ip address prefix-list 10
R4(config-route-map)#set origin egp 900
R4(config)#router bgp 200
R4(config-router)#neighbor 14.1.1.1 route-map egp out
R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.0/24 3.3.3.3 0 100 0 200 i
* 14.1.1.4 0 0 200 e
R2#sh ip bgp
*>i4.4.4.0/24 3.3.3.3 0 100 0 200 i
R3#sh ip bgp
*> 4.4.4.0/24 34.1.1.4 0 0 200 i
R1 学到两条关于“4.4.4.0/24”的路由,但是由于起源代码“i”优先于“e”,所以从路由器R3 学到的路由被优化,而从邻居路由器R4 学到的路由不能被优化(路由代码只为“*”,没有“>”),不能继续通告给路由器R2 和R3,所以路由器R2 和R3只有一条关于“4.4.4.0/24”的路由。
13-6 Med
影响范围:两个直连AS间,优选小的值
BGP汇总默认med 为零
而宣告或者重分布则是默认把路由表中的metric值引入
默认情况下,只比较来自同一邻居AS的BGP路由的MED值,就是说如果同一个目的地的两条路有来自不同的AS,则不进行MED值得比较,MED只是在直接相连的AS之间影响业务量,而不会跨AS传递(MED信息只会传递给直连的AS邻居,在跨越了一个AS后,不携带这个属性),可以在IN/OUT方向调用
现在我们用Med属性来改变选路,让它优选34.1.1.3走向123.1.1.x
R1(config)#route-map med
R1(config-route-map)#match ip add prefix-list 10
R1(config-route-map)#set metric 5000
R1(config-router)#neighbor 14.1.1.4 route-map med out
R4#sh ip bgp
BGP table version is 3, local router ID is 44.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 0.0.0.0 0 32768 i
*> 123.1.1.0/24 34.1.1.3 0 100 i
* 14.1.1.1 5000 0 100 i
R4#sh ip bgp 123.1.1.0
BGP routing table entry for 123.1.1.0/24, version 2
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
2
100
34.1.1.3 from 34.1.1.3 (33.1.1.1)
Origin IGP, localpref 100, valid, external, best
100
14.1.1.1 from 14.1.1.1 (11.1.1.1)
Origin IGP, metric 5000, localpref 100, valid, external
*********************总结下以上常用6种选路原则******************************
按选路优先顺序排序:
本地设备: weight
本区域: LP
多区域:AS Path, origin
区域间:MED
****************************************************************************
13-7 EBGP优先于IBGP
第7条:如果有一条路由来自external/联邦/IBGP,则优选External,联盟,IBGP学来的路由
R1与R3分别宣告13.1.1.X ,看R2学那边?
记得R2做AS PATH ignore <IOS 不支持,所以这个实验没发做>
13-8 到达Next-Hop代价
第8条:优选下一条度量值最低的路由, 优选low metric Next-Hop
全网跑OSPF
默认R1 IGP路由表
R1#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
24.0.0.0/24 is subnetted, 1 subnets
O 24.1.1.0 [110/66] via 13.1.1.3, 00:00:05, FastEthernet0/1
34.0.0.0/24 is subnetted, 1 subnets
O 34.1.1.0 [110/2] via 13.1.1.3, 00:00:05, FastEthernet0/1
那么我们在R4上宣告4.4.4.4,看R1的BGP表
R1#sh ip bgp
BGP table version is 6, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 4.4.4.0/24 34.1.1.4 <OSPF 中 Metric小> 0 100 0 i
* i 24.1.1.4 <OSPF 中 Metric大> 0 100 0 i
更大改去往 34.1.1.4路径的metric值
R1(config)#int f0/1
R1(config-if)#ip ospf cost 6000
R1#sh ip route ospf
24.0.0.0/24 is subnetted, 1 subnets
O 24.1.1.0 [110/128] via 12.1.1.2, 00:00:04, Serial1/1
34.0.0.0/24 is subnetted, 1 subnets
O 34.1.1.0 [110/129] via 12.1.1.2, 00:00:04, Serial1/1
R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* i 4.4.4.0/24 34.1.1.4 0 100 0 i
*>i 24.1.1.4 0 100 0 I \\优先选metric小的next-hop
全部配置:
R1#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
neighbor 12.1.1.2 remote-as 100
neighbor 13.1.1.3 remote-as 100
R2#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 100
neighbor 24.1.1.4 remote-as 100
neighbor 24.1.1.4 route-reflector-client
R3#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
neighbor 13.1.1.1 remote-as 100
neighbor 34.1.1.4 remote-as 100
neighbor 34.1.1.4 route-reflector-client
R4#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 24.1.1.2 remote-as 100
neighbor 24.1.1.2 next-hop-self
neighbor 34.1.1.3 remote-as 100
neighbor 34.1.1.3 next-hop-self
13-9 负载均衡
如果在路由器上配置了maximum—paths N,而且从同一个对等体自治域/子自治域接收到多条外部/外部联盟的路径,则最多可以将N条最近接收到的路径加入到IP路由选择表中
R1:
router bgp 100
bgp log-neighbor-changes
neighbor 12.1.1.2 remote-as 100
neighbor 13.1.1.3 remote-as 100
maximum-paths ibgp 2
R1#sh ip bgp
BGP table version is 2, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*mi 4.4.4.0/24 34.1.1.4 0 100 0 i
*>i 24.1.1.4 0 100 0 i
R1#sh ip route rip
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
24.0.0.0/24 is subnetted, 1 subnets
R 24.1.1.0 [120/1] via 12.1.1.2, 00:00:16, FastEthernet0/0
34.0.0.0/24 is subnetted, 1 subnets
R 34.1.1.0 [120/1] via 13.1.1.3, 00:00:17, FastEthernet0/1
13-10 EBGP越老越优先
如果是external的路由,优选最老的路由(最先被学习到的路由).
R2/R3都宣告23.1.1.X
R1#sh ip bgp 23.1.1.0
BGP routing table entry for 23.1.1.0/24, version 2
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1
Refresh Epoch 1
300
13.1.1.3 from 13.1.1.3 (13.1.1.3)
Origin IGP, metric 0, localpref 100, valid, external
Refresh Epoch 1
200
12.1.1.2 from 12.1.1.2 (12.1.1.2)
Origin IGP, metric 0, localpref 100, valid, external, best
我们先把R2的f0/0 shutdown掉,
R1#sh ip bgp 23.1.1.0
BGP routing table entry for 23.1.1.0/24, version 3
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
300
13.1.1.3 from 13.1.1.3 (13.1.1.3)
Origin IGP, metric 0, localpref 100, valid, external, best
再把R2的f0/0 no shutdown
R1#clear ip bgp * soft
R1#sh ip bgp 23.1.1.0
BGP routing table entry for 23.1.1.0/24, version 3
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1
Refresh Epoch 4
200
12.1.1.2 from 12.1.1.2 (12.1.1.2)
Origin IGP, metric 0, localpref 100, valid, external
Refresh Epoch 4
300
13.1.1.3 from 13.1.1.3 (13.1.1.3)
Origin IGP, metric 0, localpref 100, valid, external, best
<依旧选时间最久的EBGP路由>
13-11 Router-ID
越小越优先
如果在同一时间学习到多条到同一目的地的路由,优选最小BGP-router-ID的路由,注意,如果有路由发射器则比较originator ID,选择小的.
R1#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
neighbor 12.1.1.2 remote-as 100
neighbor 13.1.1.3 remote-as 100
R2#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
network 23.1.1.0 mask 255.255.255.0
neighbor 12.1.1.1 remote-as 100
R3#sh run | se bgp
router bgp 100
bgp log-neighbor-changes
network 23.1.1.0 mask 255.255.255.0
neighbor 13.1.1.1 remote-as 100
默认是选小的 router-id宣告的路由
R1#sh ip bgp
BGP table version is 5, local router ID is 13.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 23.1.1.0/24 13.1.1.3 0 100 0 i
*>i 12.1.1.2 0 100 0 i
R2(config)#router bgp 100
R2(config-router)#bgp router-id 23.1.1.22 \\特意改大router id
R1#sh ip bgp 23.1.1.0
BGP routing table entry for 23.1.1.0/24, version 6
Paths: (2 available, best #2, table default)
Not advertised to any peer
Refresh Epoch 1
Local
12.1.1.2 from 12.1.1.2 (23.1.1.22)
Origin IGP, metric 0, localpref 100, valid, internal
Refresh Epoch 1
Local
13.1.1.3 from 13.1.1.3 (23.1.1.3)
Origin IGP, metric 0, localpref 100, valid, internal, best \\选小
13-12 Cluster-list长度
长度越小越优先
如果路由从路由反射器上学习到 ,优选最小Cluster-ID(BGP_ID of the route reflector)长度的路由,而且它运行客户机和其他反射器族中的RR/Clients 之间做对等连接,在这种情况下,路由器必须知道BGP协议中的RR的具体配置.
贴出全部配置:
R1#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 124.1.1.2 remote-as 100
neighbor 124.1.1.2 next-hop-self
neighbor 124.1.1.4 remote-as 100
neighbor 124.1.1.4 next-hop-self
no auto-summary
R2#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 23.1.1.3 remote-as 100
neighbor 23.1.1.3 route-reflector-client
neighbor 23.1.1.3 next-hop-self
neighbor 124.1.1.1 remote-as 100
neighbor 124.1.1.1 route-reflector-client
no auto-summary
R3#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 23.1.1.2 remote-as 100
neighbor 23.1.1.2 route-reflector-client
neighbor 35.1.1.5 remote-as 100
neighbor 35.1.1.5 next-hop-self
no auto-summary
R4#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 45.1.1.5 remote-as 100
neighbor 45.1.1.5 next-hop-self
neighbor 124.1.1.1 remote-as 100
neighbor 124.1.1.1 route-reflector-client
no auto-summary
R5#sh run | se bgp
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 35.1.1.3 remote-as 100
neighbor 45.1.1.4 remote-as 100
no auto-summary
R5#sh ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Not advertised to any peer
Local
124.1.1.1 (metric 1) from 35.1.1.3 (35.1.1.3)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 1.1.1.1, Cluster list: 35.1.1.3, 124.1.1.2
Local
124.1.1.1 (metric 1) from 45.1.1.4 (124.1.1.4)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 1.1.1.1, Cluster list: 124.1.1.4
13-13 最小邻居地址
优选具有最低对等体地址接收到的路径。这个地址是在BGP对等体上配置并使用的地址,这个地址是本地对等体路由器在其上配置TCP邻居并与远端对等体建立连接时地址
BGP 13条选路小结:
14-BGP命令汇总
show tcp brief 查看TCP 连接信息摘要
show ip bgp neighbors 查看邻居的TCP 和BGP 连接的详细信息
show ip bgp summary 查看BGP 连接的摘要信息
show ip bgp 查看BGP 表的信息
show ip bgp community 查看BGP 团体属性
clear ip bgp * 重置BGP 连接
router bgp 启动BGP 进程
no synchronization 关闭同步
synchronization 打开同步
bgp router-id 配置BGP 路由器ID
neighbor ip-address remote-as 配置邻居路由器及所在的AS
neighbor ip-address update-source 指定更新源
neighbor ip-address next-hop-self 配置下一跳自我
neighbor ip-address
route-reflector-client配置RR 客户端
network 通告网络
aggregate-address 配置地址聚合
ip prefix-list 配置前缀列表
set origin egp 设置起源代码为EGP
set as-path prepend 配置追加AS-PATH
set local-preference 设置本地优先级属性值
bgp default local-preference 设置默认本地优先级属性值
bgp confederation identifier 配置联邦ID
bgp confederation peers 配置联邦EBGP 对等的成员
set community local-AS 设置团体属性
neighbor ip-address send-community 开启发送团体属性的能力