BGP iBGP实验
实验TOPO
实验由5个路由器和3个交换机组成,分为三个自治区。AS65002和AS65003作为AS65001的客户自治区,AS65001典型的作为ISP,是一个传输自治区。在RTE上的环回接口上配置6.6.6.0/24网段,使得RTD能够访问6.6.6.0网段。
实验配置
1.在RTD和RTA之间配置EBGP邻居,使得两者可以相互发布路由
RTA(config)# router bgp 65001
RTA(config-router)# neighbor 10.1.3.2 remote-as external
RTA(config-router)#
RTD(config)# router bgp 65002
RTD(config)# ip route 10.1.0.0/16 10.1.3.1 eth1 #添加静态路由,对于客户来说,默认路由应该指向ISP,由于是在容器中进行实验,默认路由给了172.17.0.1,这里使用10.1.0.0/16来表示我们组网环境中的路由。
RTD(config-router)# neighbor 10.1.3.1 remote-as external
RTD(config-router)#
RTA# show bgp neighbors
BGP neighbor is 10.1.3.2, remote AS 65002, local AS 65001, external link
Hostname: 354e0539ed87
BGP version 4, remote router ID 172.17.0.5, local router ID 172.17.0.2
BGP state = Established, up for 00:01:56
#邻居关系已经建立
2.在RTE和RTB之间配置EBGP邻居,使得两者可以相互发布路由
RTB(config)# router bgp 65001
RTB(config-router)# neighbor 10.1.4.2 remote-as external
RTB(config-router)#
RTE(config)# router bgp 65003
RTE(config)# ip route 10.1.0.0/16 10.1.4.1 eth1 #添加静态路由,对于客户来说,默认路由应该指向ISP,由于是在容器中进行实验,默认路由给了172.17.0.1,这里使用10.1.0.0/16来表示我们组网环境中的路由。
RTE(config-router)# neighbor 10.1.4.1 remote-as external
RTE(config-router)#
RTB# show bgp neighbors
BGP neighbor is 10.1.4.2, remote AS 65003, local AS 65001, external link
Hostname: e6985f96d945
BGP version 4, remote router ID 172.17.0.6, local router ID 172.17.0.3
BGP state = Established, up for 00:00:55
#邻居关系已经建立
3.在RTA和RTB之间配置IBGP,使RTB能够将从RTE学到的路由信息发布给RTA,进一步RTA将学到的路由发给RTD
因为RTA和RTB在同一个自治区,这就是为什么我们需要IBGP的原因:
- 为什么在AS65001中RTB不使用OSPF (or EIGRP)等IGP协议将RTB学到的BGP路由重分发到AS65001,然后在RTA上再重分发回BGP协议呢?
- IBGP必须直连吗?
- 如果在AS65001中不配置任何其它的IGP协议,RTA和RTB是否能够相互通信呢?
- RTC是一个什么样的角色呢? 是否也需要配置IBGP协议?
答案如下:
- 技术上是可以的。我们可以在AS65001上运行OSPF (or EIGRP),然后在BGP和OSPF之间进行重分发。在上面的例子中,RTE只有一个前缀,所以它是没有问题的。但是当RTE有整个INTERNET的路由的时候(通常是超过500.000前缀(五十万))。OSPF或者EIGP协议通常是不能处理这么多前缀信息的。所以我们这种情况我们是需要IBGP的。
- IBGP并不想EBGP那样一定需要直连 ,这可能会有一点不好理解,因为OSPF和EIGRP它们总是直连的。
- 答案是可以的,可以通过配置静态路由来达到这个目的,但是当AS65001的路由器非常多的时候,通过配置静态路由的方式将显得非常繁琐和业余。所以我们需要在RTA和RTB之间配置IGP协议使其能够互通。这就是为什么在AS内部需要IGP协议。
- RTC是一个中转路由器,它不需要配置IBGP协议,只需要配置IGP协议。
RTA(config)# router ospf
RTA(config-router)# network 10.1.1.0/24 area 1
RTA(config-router)#
RTB(config)# router ospf
RTB(config-router)# network 10.1.2.0/24 area 1
RTB(config-router)#
RTC(config)# router ospf
RTC(config-router)# network 10.1.2.0/24 area 1
RTC(config-router)# network 10.1.1.0/24 area 1
RTA# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
O 10.1.1.0/24 [110/10] is directly connected, eth1, 00:05:22
O>* 10.1.2.0/24 [110/20] via 10.1.1.2, eth1, 00:05:12
RTA#
RTB# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
O>* 10.1.1.0/24 [110/20] via 10.1.2.2, eth1, 00:03:13
O 10.1.2.0/24 [110/10] is directly connected, eth1, 00:03:23
RTB#
RTC# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
O 10.1.1.0/24 [110/10] is directly connected, eth1, 00:09:00
O 10.1.2.0/24 [110/10] is directly connected, eth2, 00:11:20
RTC#
查看RTB与RTA的连通性
root@RTB:/# ping 10.1.1.1 -c 1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=63 time=0.179 ms
--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.179/0.179/0.179/0.000 ms
root@RTA:/#
在RTA和RTB之间配置IBGP
RTA(config)# router bgp 65001
RTA(config-router)# neighbor 10.1.2.1 remote-as internal
RTA(config-router)#
RTB(config)# router bgp 65001
RTB(config-router)# neighbor 10.1.1.1 remote-as internal
RTB(config-router)#
RTA# show bgp neighbors 10.1.2.1
BGP neighbor is 10.1.2.1, remote AS 65001, local AS 65001, internal link
Hostname: 92d346c92771
BGP version 4, remote router ID 172.17.0.3, local router ID 172.17.0.2
BGP state = Established, up for 00:00:51
Last read 00:00:50, Last write 00:00:50
Hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
RTA# show ip bgp summary
IPv4 Unicast Summary:
BGP router identifier 172.17.0.2, local AS number 65001 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 2, using 41 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.2.1 4 65001 8 9 0 0 0 00:05:09 0
10.1.3.2 4 65002 48 48 0 0 0 00:45:55 0
Total number of neighbors 2
RTA#
注:配置IBGP最好使用环回口地址作为源地址
发布环回口网段6.6.6.0/24
在发布路由之前我们先查看一下RTA和RTD的BGP路由表:
RTA# show ip bgp
No BGP prefixes displayed, 0 exist
RTA#
RTD# show ip bgp
No BGP prefixes displayed, 0 exist
RTD#
在RTE上发布路由
RTE(config-router)# address-family ipv4 unicast
RTE(config-router-af)# network 6.6.6.0/24
RTE(config-router-af)#
查看RTE, RTA和RTD的路由表
RTA# show ip route bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
B> 6.6.6.0/24 [200/0] via 10.1.4.2 (recursive), 00:12:55
* via 10.1.1.2, eth1, 00:12:55
RTA# show ip bgp
BGP table version is 5, local router ID is 172.17.0.2, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i6.6.6.0/24 10.1.4.2 0 100 0 65003 i
Displayed 1 routes and 1 total paths
RTA#
RTD# show ip route bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
B>* 6.6.6.0/24 [20/0] via 10.1.3.1, eth1, 00:13:24
RTD# show ip bgp
BGP table version is 5, local router ID is 172.17.0.5, vrf id 0
Default local pref 100, local AS 65002
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 6.6.6.0/24 10.1.3.1 0 65001 65003 i
Displayed 1 routes and 1 total paths
RTD#
在RTD上已经安装了6.6.6.0路由了。
从IBGP邻居学习到的路由,如果其下一跳不可达的话,将不会被安装到路由表中,只能在BGP路由表中看到,因为下一跳不可达会造成黑洞,同时也不会发送给其它的EBGP邻居,在解决了下一跳可达问题后会安装到路由表中,同时发送给EBGP邻居。
在RTD上ping 6.6.6.6
RTD# ping 6.6.6.6
PING 6.6.6.6 (6.6.6.6): 56 data bytes
^C--- 6.6.6.6 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
RTD#
从上面可以看出,依然不能ping通,这是因为在RTC上没有6.6.6.0/24的路由,造成了路由黑洞。
root@RTC:/# tcpdump -i eth1 -eennvv icmp -c 1
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
09:46:15.241462 02:42:0a:01:01:01 > 02:42:0a:01:01:02, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 37495, offset 0, flags [DF], proto ICMP (1), length 84)
10.1.3.2 > 6.6.6.6: ICMP echo request, id 81, seq 31, length 64
1 packet captured
1 packet received by filter
0 packets dropped by kernel
root@RTC:/# tcpdump -i eth2 -eennvv icmp -c 1
tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
root@RTC:/#
root@RTC:/# ip route
default via 172.17.0.1 dev eth0
10.1.1.0/24 dev eth1 proto kernel scope link src 10.1.1.2
10.1.2.0/24 dev eth2 proto kernel scope link src 10.1.2.2
10.1.3.0/24 via 10.1.1.1 dev eth1 proto ospf metric 20
10.1.4.0/24 via 10.1.2.1 dev eth2 proto ospf metric 20
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4
root@RTC:/#
为了解决这个问题,需要将BGP路由重分发到IGP。
在RTB上将BGP的路由重分发到OSPF
RTB(config)# router ospf
RTB(config-router)# redistribute bgp #将bgp路由重分发到ospf
RTC# show ip ospf route
============ OSPF network routing table ============
N 10.1.1.0/24 [10] area: 0.0.0.1
directly attached to eth1
N 10.1.2.0/24 [10] area: 0.0.0.1
directly attached to eth2
N 10.1.3.0/24 [20] area: 0.0.0.1
via 10.1.1.1, eth1
N 10.1.4.0/24 [20] area: 0.0.0.1
via 10.1.2.1, eth2
============ OSPF router routing table =============
R 172.17.0.3 [10] area: 0.0.0.1, ASBR
via 10.1.2.1, eth2
============ OSPF external routing table ===========
N E2 6.6.6.0/24 [20/20] tag: 0
via 10.1.2.1, eth2
RTC#
RTC# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
O>* 6.6.6.0/24 [110/20] via 10.1.2.1, eth2, 00:03:11
O 10.1.1.0/24 [110/10] is directly connected, eth1, 02:11:37
O 10.1.2.0/24 [110/10] is directly connected, eth2, 02:13:57
O>* 10.1.3.0/24 [110/20] via 10.1.1.1, eth1, 00:23:15
O>* 10.1.4.0/24 [110/20] via 10.1.2.1, eth2, 00:24:30
RTC#
从上面可以看出,在RTC上OSPF已经学习到了6.6.6.0/24这条路由。
在RTA上安装的路由变成了OSPF学到的了
RTA# show ip ospf route
============ OSPF network routing table ============
N 10.1.1.0/24 [10] area: 0.0.0.1
directly attached to eth1
N 10.1.2.0/24 [20] area: 0.0.0.1
via 10.1.1.2, eth1
N 10.1.3.0/24 [10] area: 0.0.0.1
directly attached to eth2
N 10.1.4.0/24 [30] area: 0.0.0.1
via 10.1.1.2, eth1
============ OSPF router routing table =============
R 172.17.0.3 [20] area: 0.0.0.1, ASBR
via 10.1.1.2, eth1
============ OSPF external routing table ===========
N E2 6.6.6.0/24 [30/20] tag: 0
via 10.1.1.2, eth1
RTA#
RTA# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
O>* 6.6.6.0/24 [110/20] via 10.1.1.2, eth1, 00:03:40
O 10.1.1.0/24 [110/10] is directly connected, eth1, 02:09:02
O>* 10.1.2.0/24 [110/20] via 10.1.1.2, eth1, 02:08:52
O 10.1.3.0/24 [110/10] is directly connected, eth2, 00:23:44
O>* 10.1.4.0/24 [110/30] via 10.1.1.2, eth1, 00:24:59
RTA#
RTB# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
K>* 0.0.0.0/0 [0/0] via 172.17.0.1, eth0, 02:22:05
B>* 6.6.6.0/24 [20/0] via 10.1.4.2, eth2, 01:03:12
O>* 10.1.1.0/24 [110/20] via 10.1.2.2, eth1, 02:08:31
O 10.1.2.0/24 [110/10] is directly connected, eth1, 02:08:41
C>* 10.1.2.0/24 is directly connected, eth1, 02:22:00
O>* 10.1.3.0/24 [110/30] via 10.1.2.2, eth1, 00:25:39
O 10.1.4.0/24 [110/10] is directly connected, eth2, 00:26:54
C>* 10.1.4.0/24 is directly connected, eth2, 02:21:59
C>* 172.17.0.0/16 is directly connected, eth0, 02:22:05
RTB#
总结
1.在客户AS中,EBGP的默认路由应该指向ISP的EGP路由。
2.从IBGP对等体学习到的路由,如果下一跳不可达,那么不会安装到路由表,也不会发送给任何邻居。
3.为了避免黑洞产生,在必要的情况下,需要将EBGP学习到的路由重分发到IGP协议中。
最终的配置
RTA
RTA# show running-config
Building configuration...
Current configuration:
!
frr version 7.1
frr defaults traditional
hostname 3a4af51f21dc
log syslog informational
no ipv6 forwarding
hostname RTA
service integrated-vtysh-config
!
router bgp 65001
neighbor 10.1.2.1 remote-as internal
neighbor 10.1.3.2 remote-as external
!
router ospf
network 10.1.1.0/24 area 1
network 10.1.3.0/24 area 1
!
line vty
!
end
RTA#
RTB
RTB# show running-config
Building configuration...
Current configuration:
!
frr version 7.1
frr defaults traditional
hostname 44eca222bd2d
log syslog informational
no ipv6 forwarding
hostname RTB
service integrated-vtysh-config
!
router bgp 65001
neighbor 10.1.1.1 remote-as internal
neighbor 10.1.4.2 remote-as external
!
router ospf
redistribute bgp
network 10.1.2.0/24 area 1
network 10.1.4.0/24 area 1
!
line vty
!
end
RTB#
RTC
RTC# show running-config
Building configuration...
Current configuration:
!
frr version 7.1
frr defaults traditional
hostname 880704b1e5a4
log syslog informational
no ipv6 forwarding
hostname RTC
service integrated-vtysh-config
!
router ospf
network 10.1.1.0/24 area 1
network 10.1.2.0/24 area 1
!
line vty
!
end
RTC#
RTD
RTD# show running-config
Building configuration...
Current configuration:
!
frr version 7.1
frr defaults traditional
hostname 0eb7dbe66cea
log syslog informational
no ipv6 forwarding
hostname RTD
service integrated-vtysh-config
!
ip route 10.1.0.0/16 10.1.3.1 eth1
!
router bgp 65002
neighbor 10.1.3.1 remote-as external
!
line vty
!
end
RTD#
RTE
RTE# show running-config
Building configuration...
Current configuration:
!
frr version 7.1
frr defaults traditional
hostname b304ffa6464d
log syslog informational
no ipv6 forwarding
hostname RTE
service integrated-vtysh-config
!
ip route 0.0.0.0/0 10.1.4.1 eth1
ip route 10.1.0.0/16 10.1.4.1 eth1
!
interface lo
ip address 6.6.6.6/24
!
router bgp 65003
neighbor 10.1.4.1 remote-as external
!
address-family ipv4 unicast
network 6.6.6.0/24
exit-address-family
!
line vty
!
end
RTE#
