BGP基础-BGP通告原则四则
实验目的1.1.1.1与6.6.6.6互通
各个路由器配置:
AR1路由器配置
interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack1 ip address 10.1.1.1 255.255.255.255 # bgp 100 router-id 1.1.1.1 peer 202.102.1.2 as-number 200 #手动配置,BGP区域号,RouteID,对等体邻居 ipv4-family unicast #地址族自动生成 undo synchronization #BGP同步通能,自动关闭 network 1.1.1.1 255.255.255.255
#手动配置
peer 202.102.1.2 enable
#配置peer 202.102.1.2 as-number 200 后自动生成
AR2路由器配置
interface GigabitEthernet0/0/0 ip address 202.102.1.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.1.24.2 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.1.23.2 255.255.255.0 # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # bgp 200 router-id 2.2.2.2 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack0 peer 5.5.5.5 as-number 200 peer 5.5.5.5 connect-interface LoopBack0 peer 202.102.1.1 as-number 100 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable peer 3.3.3.3 next-hop-local peer 4.4.4.4 enable peer 4.4.4.4 next-hop-local peer 5.5.5.5 enable peer 5.5.5.5 next-hop-local peer 202.102.1.1 enable #下一跳属性next-hop-local ,在BGP通告原则二中会说明该属性作用 ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.23.2 0.0.0.0 network 10.1.24.2 0.0.0.0
AR3配置与AR4配置大致相同
interface GigabitEthernet0/0/1 ip address 10.1.35.3 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.1.23.3 255.255.255.0 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # bgp 200 router-id 3.3.3.3 peer 2.2.2.2 as-number 200 peer 2.2.2.2 connect-interface LoopBack0 peer 5.5.5.5 as-number 200 peer 5.5.5.5 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 5.5.5.5 enable # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.1.23.3 0.0.0.0 network 10.1.35.3 0.0.0.0
AR5路由器配置:
interface GigabitEthernet0/0/0 ip address 202.102.2.5 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.1.35.5 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 10.1.45.5 255.255.255.0 # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # bgp 200 router-id 5.5.5.5 peer 2.2.2.2 as-number 200 peer 2.2.2.2 connect-interface LoopBack0 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack0 peer 202.102.2.6 as-number 300 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 2.2.2.2 next-hop-local peer 3.3.3.3 enable peer 3.3.3.3 next-hop-local peer 4.4.4.4 enable peer 4.4.4.4 next-hop-local peer 202.102.2.6 enable # ospf 1 router-id 5.5.5.5 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 10.1.35.5 0.0.0.0 network 10.1.45.5 0.0.0.0
实验结果验证,1.1.1.1 ping 6.6.6.6
<AR1>ping -a 1.1.1.1 6.6.6.6
PING 6.6.6.6: 56 data bytes, press CTRL_C to break
Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=252 time=50 ms
Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=252 time=50 ms
Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=252 time=60 ms
Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 6.6.6.6 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
<AR1>
<AR1>tracert -a 1.1.1.1 6.6.6.6 traceroute to 6.6.6.6(6.6.6.6), max hops: 30 ,packet length: 40,press CTRL_C t o break 1 202.102.1.2 20 ms 10 ms 30 ms 2 10.1.23.3 30 ms 10.1.24.4 10 ms 10.1.23.3 20 ms 3 10.1.45.5 40 ms 10.1.35.5 40 ms 10.1.45.5 40 ms 4 202.102.2.6 30 ms 20 ms 40 ms <AR1>
实验回顾与知识点总结
BGP通告原则一:路由器仅将自己最优且有效的路由发布给邻居
查看AR5路由器BGP路由表
BGP表中红色圈起来部分含义:
*:代表有效路由
>:代表最优路由
i:代表在AS内部邻居学习到路由,在本次实验中是指从AR2学到1.1.1.1路由条目。
此时,1.1.1.1是有效且最优路由,所以AR5会将本条路由发布EBGP邻居AR6,验证如下截图信息:
反向验证:AR2上删除下一跳属性,使AR5的1.1.1.1路由成为无效路由,验证AR6无法学习到路由条目
[AR2-bgp]undo peer 5.5.5.5 next-hop-local
查看AR5路由器BGP路由表
如上截图显示,前往1.1.1.1下一跳地址是202.102.1.1,而202.102.1.1不是AR5的邻居接口IP,数据无法直接转发到202.102.1.1.所以1.1.1.1该条路由为无效路由。
验证AR6上是否存在1.1.1.1路由条目
如上显示,AR6路由器没有1.1.1.1路由条目。结论通过正反验证得出 - BGP通告原则一:路由器仅将自己最优且有效的路由发布给邻居
BGP通告原则二:路由器通过EBGP获得的最优路由发布给所有邻居
在模拟实验中,AR2通过EBGP获取AR1的1.1.1.1路由
[AR2-bgp]dis bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.1/32 202.102.1.1 0 0 100i *>i 6.6.6.6/32 5.5.5.5 0 100 0 300i [AR2-bgp]
AR2会将该路由发送给邻居路由器AR3,AR4,AR5
[AR2-bgp]dis bgp peer BGP local router ID : 2.2.2.2 Local AS number : 200 Total number of peers : 4 Peers in established state : 4 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 3.3.3.3 4 200 116 120 0 01:54:38 Established 0 4.4.4.4 4 200 116 120 0 01:54:50 Established 0 5.5.5.5 4 200 121 125 0 01:54:47 Established 1 202.102.1.1 4 100 118 122 0 01:55:26 Established 1 [AR2-bgp]
查看AR3,AR4,AR5路由器BGP路由表
<AR3>dis bgp routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
i 1.1.1.1/32 202.102.1.1 0 100 0 100i
i 6.6.6.6/32 202.102.2.6 0 100 0 300i
<AR4>dis bgp routing-table
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
i 1.1.1.1/32 202.102.1.1 0 100 0 100i
i 6.6.6.6/32 202.102.2.6 0 100 0 300i
<AR4>
[AR5-bgp]dis bgp routing-table
BGP Local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
i 1.1.1.1/32 202.102.1.1 0 100 0 100i
*> 6.6.6.6/32 202.102.2.6 0 0 300i
此时AR3,AR4,AR5的BGP路由表中学习到了1.1.1.1路由,但是1.1.1.1是无效路由。
原因在于前往1.1.1.1路由的下一跳地址是202.102.1.1。下一跳地址属于AR1路由器IP。
AR3,AR4,AR5均不是AR1邻居不能将数据发送到下一跳地址202.102.1.1。
解决办法:在AR2上配置next-hop-local《下一跳属性》,路由器通过EBGP学习到的路由转发时候将下一跳地址改换自身地址
[AR2-bgp]peer 3.3.3.3 next-hop-local
[AR2-bgp]peer 4.4.4.4 next-hop-local
[AR2-bgp]peer 5.5.5.5 next-hop-local
验证AR5路由器BGP路由表
[AR5-bgp]dis bgp routing-table BGP Local router ID is 5.5.5.5 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 1.1.1.1/32 2.2.2.2 0 100 0 100i *> 6.6.6.6/32 202.102.2.6 0 0 300i
[AR5-bgp]dis bgp peer BGP local router ID : 5.5.5.5 Local AS number : 200 Total number of peers : 4 Peers in established state : 4 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 2.2.2.2 4 200 159 154 0 02:27:56 Established 1 3.3.3.3 4 200 149 153 0 02:27:48 Established 0 4.4.4.4 4 200 149 152 0 02:27:56 Established 0 202.102.2.6 4 300 151 156 0 02:28:25 Established 1
如上图显示,1.1.1.1路由下一跳地址变为2.2.2.2。因为AR2与AR5属于逻辑上的邻居,所以逻辑上AR2与AR5属于直连端口,1.1.1.1路由可达可用
结论 通过验证得出 - 路由器通过EBGP获得的最优路由发布给所有邻居(注:缺省状态下,最优路由发送邻居,路由器不会关注邻居学习路由是否可达。必须配置next-hop-local)
BGP通告原则三:路由器通过IBGP获得的最优路由不会发布其他的IBGP邻居
实验中,AR2没有与AR5建立BGP邻居关系;AR4分别与AR2和AR5建立BGP邻居关系:
[AR2-bgp]dis bgp peer BGP local router ID : 2.2.2.2 Local AS number : 200 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 3.3.3.3 4 200 158 164 0 02:36:55 Established 0 4.4.4.4 4 200 159 165 0 02:37:07 Established 0 202.102.1.1 4 100 160 165 0 02:37:43 Established 1 [AR2-bgp]
<AR4>dis bgp peer BGP local router ID : 4.4.4.4 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 2.2.2.2 4 200 165 160 0 02:38:28 Established 1 5.5.5.5 4 200 163 161 0 02:38:24 Established 1 <AR4>
[AR5-bgp]dis bgp peer
BGP local router ID : 5.5.5.5
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
3.3.3.3 4 200 159 163 0 02:37:49 Established 0
4.4.4.4 4 200 159 162 0 02:37:57 Established 0
202.102.2.6 4 300 161 167 0 02:38:26 Established 1
[AR5-bgp]
以AR2学习到1.1.1.1路由为例子,AR2与AR5不是邻居,查看AR5路由器BGP路由表
[AR2-bgp]dis bgp routing-table
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 202.102.1.1 0 0 100i
[AR2-bgp]
<AR4>dis bgp routing-table
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 1.1.1.1/32 2.2.2.2 0 100 0 100i
i 6.6.6.6/32 202.102.2.6 0 100 0 300i
<AR4>
[AR5-bgp]dis bgp routing-table
BGP Local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 6.6.6.6/32 202.102.2.6 0 0 300i
[AR5-bgp]
AR2与AR4是邻居关系,AR4路由器BGP路由表拥有1.1.1.1路由。
AR4与AR5是邻居关系,AR4拥有1.1.1.1路由,但是查看AR5路由器路由表中没有1.1.1.1路由。
结论 通过实验验证得出 - BGP通告原则三:路由器通过IBGP获得的最优路由不会发布其他的IBGP邻居(注:因此得出,BGP边界路由器必须同一AS内的所有路由器建立邻居关系;非边界路由只需要与邻接路由器和边界路由器建立BGP邻居关系)
BGP通告原则四:BGP与IGP同步。
以AS200为例
在开启BGP与IGP同步功能情况下,AS内部所有的路由器必须运行IGP路由协议(OSPF,ISIS等),内部所有路由条目必须要通告IGP协议学到。
如果不运行IGP协议,或者IGP协议没有学习到路由条目,那么该路由不会通告EBGP。
AR5路由表中2.2.2.2路由是通过BGP协议学习到,而不是通过OSPF学习到路由条目,OSPF路由表没有2.2.2.2路由条目,那么AR5路由器不会将2.2.2.2路由P通告EBGP路由器AR6
华为设备默认关闭BGP同步且无法开启,不进行实验验证
