BGP鄰居建立與路由發佈
一、實驗拓撲
二、實驗配置
1、建立BGP鄰居
R2
router ospf 1
router-id 10.10.0.2
log-adjacency-changes
redistribute connected metric 1000 metric-type 1 subnets
network 10.10.0.2 0.0.0.0 area 0
network 10.10.1.0 0.0.0.3 area 0
network 10.10.1.4 0.0.0.3 area 0
default-information originate always metric 2000 metric-type 1
!
R5
router ospf 1
router-id 10.10.0.5
log-adjacency-changes
passive-interface Serial0/0
network 10.10.0.5 0.0.0.0 area 0
network 10.10.1.0 0.0.0.3 area 0
network 10.10.1.8 0.0.0.3 area 0
network 10.20.45.0 0.0.0.3 area 0
default-information originate always metric 2000 metric-type 1
!
注意:如果AS邊界接口啓動了IGP,必須配置被動接口;禁止在AS間建立IGP鄰居,禁止將AS內部IGP拓撲通告給其他AS,AS間的路由傳播通過BGP。
R2#sh ip bgp summary
BGP router identifier 10.10.0.2, local AS number 10
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.0.5 4 10 7 7 1 0 0 00:03:22 0
10.10.23.2 4 30 6 6 1 0 0 00:02:05 0
R2#
R2#sh ip bgp neighbors
BGP neighbor is 10.10.0.5, remote AS 10, internal link
BGP version 4, remote router ID 10.10.0.5
BGP state = Established, up for 00:04:42
Last read 00:00:42, last write 00:00:43, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 0 0
Keepalives: 7 7
Route Refresh: 0 0
Total: 8 8
Default minimum time between advertisement runs is 0 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0
Connections established 1; dropped 0
Last reset never
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255
Local host: 10.10.0.2, Local port: 24133
Foreign host: 10.10.0.5, Foreign port: 179
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x64B654):
Timer Starts Wakeups Next
Retrans 7 0 0x0
TimeWait 0 0 0x0
AckHold 6 5 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
iss: 3435368555 snduna: 3435368734 sndnxt: 3435368734 sndwnd: 16206
irs: 2674832881 rcvnxt: 2674833060 rcvwnd: 16206 delrcvwnd: 178
SRTT: 264 ms, RTTO: 1169 ms, RTV: 905 ms, KRTT: 0 ms
minRTT: 140 ms, maxRTT: 860 ms, ACK hold: 200 ms
Flags: active open, nagle
IP Precedence value : 6
Datagrams (max data segment is 536 bytes):
Rcvd: 11 (out of order: 0), with data: 6, total data bytes: 178
Sent: 14 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 7, total data bytes: 178
BGP neighbor is 10.10.23.2, remote AS 30, external link
BGP version 4, remote router ID 10.10.0.3
BGP state = Established, up for 00:03:33
..........
R3#sh ip bgp summary
BGP router identifier 10.10.0.3, local AS number 30
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.23.1 4 10 9 9 1 0 0 00:05:35 0
10.30.34.2 4 40 6 7 1 0 0 00:03:50 0
R4#sh ip bgp summary
BGP router identifier 10.10.0.4, local AS number 40
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.20.45.1 4 10 0 0 0 0 0 never Idle //TCP建立不成功
10.30.34.1 4 30 9 8 1 0 0 00:05:24 0
R4#
R5#sh ip bgp summary
BGP router identifier 10.10.0.5, local AS number 10
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.0.2 4 10 12 12 1 0 0 00:08:35 0
10.20.24.2 4 40 0 0 0 0 0 never Idle//注意沒有建立鄰居
TCP建立不成功,這裏的原因是配錯IP
我們查看一下R5的BGP配置
!
router bgp 10
no synchronization
bgp log-neighbor-changes
network 10.10.0.0 mask 255.255.0.0
neighbor 10.10.0.2 remote-as 10
neighbor 10.10.0.2 update-source Loopback0
neighbor 10.20.24.2 remote-as 40 //錯誤所在 低級錯誤
no auto-summary
!
我們改正過來
R5(config)#router bgp 10
R5(config-router)#no neighbor 10.20.24.2 remote-as 40
R5(config-router)#nei 10.20.45.2 remote-as 40
R5#sh ip bgp sum
BGP router identifier 10.10.0.5, local AS number 10
BGP table version is 13, main routing table version 12
3 network entries using 351 bytes of memory
6 path entries using 312 bytes of memory
7/3 BGP path/bestpath attribute entries using 868 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1627 total bytes of memory
BGP activity 6/3 prefixes, 10/4 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.0.2 4 10 82 81 12 0 0 01:17:12 3
10.20.45.2 4 40 7 2 0 0 0 00:00:00 2
建立成功!!
2、BGP配置及調試(路由發佈:靜態注入)
R2(config)#ip route 10.10.0.0 255.255.0.0 null 0 //配置了一條靜態路由
R2(config)#router bgp 10
R2(config-router)#net 10.10.0.0 mask 255.255.0.0 //注入這條靜態路由
R2(config-router)#end
*Mar 1 02:16:13.491: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 11 subnets, 4 masks
S 10.10.0.0/16 is directly connected, Null0
C 10.10.1.0/30 is directly connected, Ethernet1/0
O 10.10.0.1/32 [110/101] via 10.10.1.6, 00:37:53, Serial0/0
C 10.10.0.2/32 is directly connected, Loopback0
O 10.10.5.0/24 [110/110] via 10.10.1.6, 00:37:53, Serial0/0
C 10.10.1.4/30 is directly connected, Serial0/0
O 10.10.0.5/32 [110/101] via 10.10.1.2, 00:37:53, Ethernet1/0
O 10.10.0.6/32 [110/201] via 10.10.1.2, 00:37:53, Ethernet1/0
O 10.10.1.8/30 [110/200] via 10.10.1.2, 00:37:53, Ethernet1/0
O 10.10.1.12/30 [110/200] via 10.10.1.6, 00:37:53, Serial0/0
C 10.10.23.0/30 is directly connected, Serial0/1
R2#sh ip bgp
BGP table version is 2, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete //BGP的屬性:源頭
Network Next Hop Metric LocPrf Weight Path
*> 10.10.0.0/16 0.0.0.0 0 32768 i //這裏的i表示IGP
注意:weight是cisco的私有值,不是BGP屬性,不能在BGP鄰居間傳播,只在BGP本路由器內有效。Cisco裏首選weight值最高的路由。
R5(config)# ip route 10.10.0.0 255.255.0.0 null 0
R5(config)#router bgp 10
R5(config-router)#net 10.10.0.0 mask 255.255.0.0
注意:R5上發佈這條路由是爲了備份
R3(config)#ip route 10.30.0.0 255.255.0.0 null 0
R3(config)#router bgp 30
R3(config-router)#net 10.30.0.0 mask 255.255.0.0
R4(config)#ip route 10.40.0.0 255.255.0.0 null 0
R4(config)#router bgp 40
R4(config-router)#net 10.40.0.0 mask 255.255.0.0
查看各設備BGP表
R2#sh ip bgp
BGP table version is 13, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i10.10.0.0/16 10.10.0.5 0 100 0 i //從IBGP鄰居學到的?
*> 0.0.0.0 0 32768 i //靜態注入的IGP
*> 10.30.0.0/16 10.10.23.2 0 0 30 i
*>i10.40.0.0/16 10.20.45.2 0 100 0 40 i //不會改變下一跳?
* 10.10.23.2 0 30 40 i
問題:什麼叫IGP?從IBGP鄰居學到的爲什麼也是i? (這裏的i是指path那裏的標記)
解答:i是表示該路由在來源路由器那裏是IGP。(來源路由器指最先發起該條路由的路由器)
* i10.10.0.0/16
最前面的i是指該路由是內部路由,即從IBGP學來的BGP路由。
R5#sh ip bgp
BGP table version is 13, local router ID is 10.10.0.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i10.10.0.0/16 10.10.0.2 0 100 0 i //
*> 0.0.0.0 0 32768 i
* 10.30.0.0/16 10.20.45.2 0 40 30 i
*>i 10.10.23.2 0 100 0 30 i
*> 10.40.0.0/16 10.20.45.2 0 0 40 i
//cisco首選weight值最高的路由;其他廠家,選擇本地始發的路由
本地始發的路由下一跳0.0.0.0,向BGP鄰居通告時,將下一跳改爲自己。
//選擇AS-PATH最短的路由
BGP只把最優的路由通告給它的鄰居,以及基於鄰居的水平分割。
上面R2將10.30.0.0傳給IBGP鄰居R5時不改變下一跳。
R3#sh ip bgp
BGP table version is 12, local router ID is 10.10.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 10.10.0.0/16 10.30.34.2 0 40 10 i
*> 10.10.23.1 0 0 10 i
*> 10.30.0.0/16 0.0.0.0 0 32768 i //本地始發路由
* 10.40.0.0/16 10.10.23.1 0 10 40 i
*> 10.30.34.2 0 0 40 i
R4#sh ip bgp
BGP table version is 21, local router ID is 10.10.0.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.10.0.0/16 10.20.45.1 0 0 10 i
* 10.30.34.1 0 30 10 i
* 10.30.0.0/16 10.20.45.1 0 10 30 i//下一跳改爲自己
*> 10.30.34.1 0 0 30 i
*> 10.40.0.0/16 0.0.0.0 0 32768 i
上面R3與R4:R3的本地始發路由下一跳爲0.0.0.0 ,向BGP鄰居R4通告時,將下一跳改爲自己.
查看個設備的全局路由表
R3>en
R3#sh ip route
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
B 10.10.0.0/16 [20/0] via 10.10.23.1, 01:20:27
C 10.10.0.3/32 is directly connected, Loopback0
S 10.30.0.0/16 is directly connected, Null0
C 10.30.3.0/24 is directly connected, Ethernet1/1
C 10.10.23.0/30 is directly connected, Serial0/0
B 10.40.0.0/16 [20/0] via 10.30.34.2, 00:00:03
C 10.30.34.0/30 is directly connected, Serial0/1
R4
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
B 10.10.0.0/16 [20/0] via 10.20.45.1, 00:17:49 //鄰居的靜態注入
C 10.10.0.4/32 is directly connected, Loopback0
B 10.30.0.0/16 [20/0] via 10.20.45.1, 00:01:00 //鄰居的靜態注入
S 10.40.0.0/16 is directly connected, Null0 自己的靜態路由管理距離是0
C 10.40.4.0/24 is directly connected, Ethernet1/1
C 10.20.45.0/30 is directly connected, Serial0/1
C 10.30.34.0/30 is directly connected, Serial0/0
注意:不同類型的路由協議優選原則按照管理距離
而BGP自己的路由優選原則是根據那幾個屬性,不要混淆了。。
R2
10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
S 10.10.0.0/16 is directly connected, Null0 //優選管理距離小的靜態路由
C 10.10.1.0/30 is directly connected, Ethernet1/0
C 10.10.0.2/32 is directly connected, Loopback0
O 10.10.0.5/32 [110/101] via 10.10.1.2, 00:00:03, Ethernet1/0 //IGP
O 10.10.0.6/32 [110/201] via 10.10.1.2, 00:00:03, Ethernet1/0
O 10.10.1.8/30 [110/200] via 10.10.1.2, 00:00:03, Ethernet1/0
O 10.10.1.12/30 [110/210] via 10.10.1.2, 00:00:03, Ethernet1/0
B 10.30.0.0/16 [20/0] via 10.10.23.2, 01:22:20
C 10.10.23.0/30 is directly connected, Serial0/1
B 10.40.0.0/16 [200/0] via 10.20.45.2, 00:16:09
O 10.20.45.0/30 [110/164] via 10.10.1.2, 00:00:03, Ethernet1/0 //遞歸查找
R5
10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
S 10.10.0.0/16 is directly connected, Null0
C 10.10.1.0/30 is directly connected, Ethernet1/0
O 10.10.0.2/32 [110/101] via 10.10.1.1, 00:00:02, Ethernet1/0
C 10.10.0.5/32 is directly connected, Loopback0
O 10.10.0.6/32 [110/101] via 10.10.1.10, 00:00:02, Serial0/1
C 10.10.1.8/30 is directly connected, Serial0/1
O 10.10.1.12/30 [110/110] via 10.10.1.10, 00:00:02, Serial0/1
B 10.30.0.0/16 [200/0] via 10.10.23.2, 01:32:36
O E1 10.10.23.0/30 [110/1100] via 10.10.1.1, 00:00:02, Ethernet1/0//從R2學來的通過重發布進來OSPF進程的直連路由
B 10.40.0.0/16 [20/0] via 10.20.45.2, 00:17:57
C 10.20.45.0/30 is directly connected, Serial0/0
R1
10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks
O 10.10.1.0/30 [110/200] via 10.10.1.5, 00:00:31, Serial0/1
C 10.10.0.1/32 is directly connected, Loopback0
O 10.10.0.2/32 [110/101] via 10.10.1.5, 00:00:31, Serial0/1
C 10.10.5.0/24 is directly connected, Ethernet1/1
C 10.10.1.4/30 is directly connected, Serial0/1
O 10.10.0.5/32 [110/201] via 10.10.1.5, 00:00:31, Serial0/1
O 10.10.0.6/32 [110/301] via 10.10.1.5, 00:00:31, Serial0/1
O 10.10.1.8/30 [110/300] via 10.10.1.5, 00:00:31, Serial0/1
C 10.10.1.12/30 is directly connected, Ethernet1/0
O E1 10.10.23.0/30 [110/1100] via 10.10.1.5, 00:00:31, Serial0/1
O 10.20.45.0/30 [110/264] via 10.10.1.5, 00:00:31, Serial0/1
O*E1 0.0.0.0/0 [110/2100] via 10.10.1.5, 00:00:31, Serial0/1//從R5學到的重發布缺省
1)R2與R1之間的鏈路爲什麼在數據鏈路層上是一下子up一下子down呢?以致導致學到的這條路由是從R5來的?
2)注意:R1沒有收到BGP路由是因爲,運行BGP的路由器只會把自己的BGP路由表發給自己的BGP鄰居。
R6
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
O 10.10.1.0/30 [110/200] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.0.1/32 [110/301] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.0.2/32 [110/201] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.5.0/24 [110/310] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.1.4/30 [110/300] via 10.10.1.9, 00:00:23, Serial0/0
O 10.10.0.5/32 [110/101] via 10.10.1.9, 00:00:23, Serial0/0
C 10.10.6.0/24 is directly connected, Ethernet1/1
C 10.10.0.6/32 is directly connected, Loopback0
C 10.10.1.8/30 is directly connected, Serial0/0
C 10.10.1.12/30 is directly connected, Ethernet1/0
O E1 10.10.23.0/30 [110/1200] via 10.10.1.9, 00:00:23, Serial0/0
O 10.20.45.0/30 [110/164] via 10.10.1.9, 00:00:23, Serial0/0
O*E1 0.0.0.0/0 [110/2100] via 10.10.1.9, 00:00:24, Serial0/0
3、 BGP配置及調測(數據轉發及路由分析)
1)測試全網的連通性
R1#ping 10.30.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.3.1, timeout is 2 seconds:
...!.
Success rate is 20 percent (1/5), round-trip min/avg/max = 980/980/980 ms
R1#ping 10.30.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.3.1, timeout is 2 seconds:
.!.!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 556/1201/1728 ms
R1#ping 10.30.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.30.3.1, timeout is 2 seconds:
!!!!.
Success rate is 80 percent (4/5), round-trip min/avg/max = 1032/1440/1872 ms
R1#ping 10.40.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.4.1, timeout is 2 seconds:
..!..
Success rate is 20 percent (1/5), round-trip min/avg/max = 400/400/400 ms
R1#ping 10.40.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.4.1, timeout is 2 seconds:
.!.!.
Success rate is 40 percent (2/5), round-trip min/avg/max = 1580/1610/1640 ms
R1#ping 10.40.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.40.4.1, timeout is 2 seconds:
!..!.
Success rate is 40 percent (2/5), round-trip min/avg/max = 1472/1578/1684 ms
R1#
*Mar 1 00:27:43.607: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.0.6 on Ethernet1/0 from LOADING to FULL, Loading Done
R1#ping 10.40.4.1
疑問:丟包率很高時咋回事呢?
恐怕跟之前端口一直up down有關係的。。。究竟是爲什麼呢?
問題1:
*Mar 1 00:56:57.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
*Mar 1 00:57:17.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
*Mar 1 00:57:57.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
*Mar 1 00:58:07.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
*Mar 1 00:58:37.3
注:R4s0/0,R1的S0/1,R2的S0/1,R3的S0/0出現了這種情況。
問題2:
*Mar 1 00:29:58.635: %BGP-5-ADJCHANGE: neighbor 10.30.34.2 Up
*Mar 1 00:30:05.827: %BGP-5-ADJCHANGE: neighbor 10.10.23.1 Up
*Mar 1 00:33:06.575: %BGP-5-ADJCHANGE: neighbor 10.10.23.1 Down Peer closed the session
*Mar 1 00:33:36.447: %BGP-5-ADJCHANGE: neighbor 10.10.23.1 Up
問題3:
bytes
*Mar 1 01:16:17.931: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.0.2 on Ethernet1/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Mar 1 01:16:37.583: %OSPF-5-ADJCHG: Process 1, Nbr 10.10.0.2 on Ethernet1/0 from LOADING to FULL, Loading Done
注:R5和R2之間的OSPF鄰接一直在FULL to DOWN,LOADING to FULL。
猜測:端口一直up down導致導致鄰居的建立不穩定。問題2是由問題1直接導致的。
思考:R5的OSPF沒有配置passive-int s0/0,以至於R5與R4之間建立了OSPF鄰居,有什麼危害?
把自己AS內部的路由通告給了AS外部,這樣將把自己的網絡暴露在外部人員眼中,必將導致網絡安全上的問題。