實驗拓撲圖
實驗描述:主要模擬CE端運行EBGP,PE端的配置及路由分析,主要分爲兩步來分析,兩CE端運行相同的自治系統及不同的自治系統。
1、當兩CE端(屬於相同的VRF Ting)運行不同的BGP自治系統的情況分析
當CE-R5與CE-R7運行BGP協議,並且AS分別爲55和77,以下爲各設備配置;
PE-R1: ip vrf Ting rd 100:11 route-target export 100:14 route-target import 100:13 ip cef mpls label range 100 199 interface Loopback0 ip address 1.1.1.1 255.255.255.255 interface FastEthernet0/1 ip vrf forwarding Ting ip address 15.1.1.1 255.255.255.252 interface FastEthernet1/0 ip address 12.1.1.1 255.255.255.252 mpls ip ! router ospf 1 router-id 1.1.1.1 network 1.1.1.1 0.0.0.0 area 0 network 12.1.1.0 0.0.0.3 area 0 ! router bgp 100 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source Loopback0 address-family ***v4 neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community extended address-family ipv4 vrf Ting neighbor 15.1.1.2 remote-as 55 neighbor 15.1.1.2 activate //並沒有進行重分佈
PE-R2: interface Loopback0 ip address 2.2.2.2 255.255.255.255 interface FastEthernet0/0 ip address 12.1.1.2 255.255.255.252 mpls ip interface FastEthernet0/1 ip address 23.1.1.1 255.255.255.252 mpls ip router ospf 1 router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 0 network 12.1.1.0 0.0.0.3 area 0 network 23.1.1.0 0.0.0.3 area 0
PE-R3: interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface FastEthernet0/0 ip address 23.1.1.2 255.255.255.252 mpls ip interface FastEthernet1/0 ip vrf forwarding Ting ip address 37.1.1.1 255.255.255.252 router ospf 1 router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 0 network 23.1.1.0 0.0.0.3 area 0 ! router bgp 100 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 update-source Loopback0 address-family ***v4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended address-family ipv4 vrf Ting neighbor 37.1.1.2 remote-as 77 neighbor 37.1.1.2 activate //並沒有進行重分佈配置
CE-R5: interface Loopback0 ip address 5.5.5.5 255.255.255.255 interface FastEthernet0/0 ip address 15.1.1.2 255.255.255.252 router bgp 55 bgp router-id 5.5.5.5 bgp log-neighbor-changes network 5.5.5.5 mask 255.255.255.255 network 15.1.1.0 mask 255.255.255.252 //將環回接口及互聯接口通告至BGP中 neighbor 15.1.1.1 remote-as 100
CE-R7: interface Loopback0 ip address 7.7.7.7 255.255.255.255 interface FastEthernet0/0 ip address 37.1.1.2 255.255.255.252 router bgp 77 bgp router-id 7.7.7.7 bgp log-neighbor-changes network 7.7.7.7 mask 255.255.255.255 network 37.1.1.0 mask 255.255.255.252 //將環回接口及互聯接口通告至BGP中 neighbor 37.1.1.1 remote-as 100
在PE-R1上查看EBGP建立情況
R1#show ip bgp all su
For address family: ***v4 Unicast
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 23, main routing table version 23
6 network entries using 936 bytes of memory
6 path entries using 480 bytes of memory
5/4 BGP path/bestpath attribute entries using 720 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
4 BGP extended community entries using 128 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2312 total bytes of memory
BGP activity 11/5 prefixes, 11/5 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 100 34 32 23 0 0 00:22:41 3
15.1.1.2 4 55 25 29 23 0 0 00:18:29 2
從輸出可知,鄰居已經建立,並且出到兩條路由,如下:
R1#show ip bgp ***v4 all
BGP table version is 23, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:11 (default for vrf Ting)
*> 5.5.5.5/32 15.1.1.2 0 0 55 i
*>i 7.7.7.7/32 3.3.3.3 0 100 0 77 i
r> 15.1.1.0/30 15.1.1.2 0 0 55 i
*>i 37.1.1.0/30 3.3.3.3 0 100 0 77 i
從路由表可知,在R5和R7通告的四個前輟條目都已經加入路由表項,而且並沒有進行重分佈,由此可知EBGP與MP-BGP之間的重分佈是自動進行的,並不需要進行重分佈配置。
CE-R7及CE-R5查看路由情況:
R7#show ip route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 37.1.1.1, 00:13:18
7.0.0.0/32 is subnetted, 1 subnets
C 7.7.7.7 is directly connected, Loopback0
15.0.0.0/30 is subnetted, 1 subnets
B 15.1.1.0 [20/0] via 37.1.1.1, 00:13:18
37.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 37.1.1.0/30 is directly connected, FastEthernet0/0
L 37.1.1.2/32 is directly connected, FastEthernet0/0
R5#show ip route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
7.0.0.0/32 is subnetted, 1 subnets
B 7.7.7.7 [20/0] via 15.1.1.1, 00:14:13
15.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 15.1.1.0/30 is directly connected, FastEthernet0/0
L 15.1.1.2/32 is directly connected, FastEthernet0/0
37.0.0.0/30 is subnetted, 1 subnets
B 37.1.1.0 [20/0] via 15.1.1.1, 00:14:13
R5#traceroute 7.7.7.7
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
1 15.1.1.1 96 msec 56 msec 128 msec
2 12.1.1.2 [MPLS: Labels 200/307 Exp 0] 172 msec 160 msec 184 msec
3 37.1.1.1 [AS 77] [MPLS: Label 307 Exp 0] 152 msec 124 msec 96 msec
4 37.1.1.2 [AS 77] 168 msec 132 msec 128 msec
2、當CE-R5和CE-R7運行相同的AS 55時情況分析
R7及R3上的配置,如下:
R7配置:
router bgp 55
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
network 37.1.1.0 mask 255.255.255.252
neighbor 37.1.1.1 remote-as 100
R3配置:
address-family ipv4 vrf Ting
neighbor 37.1.1.2 remote-as 55
neighbor 37.1.1.2 activate
在R3上查看bgp 鄰居關係
R3#show ip bgp all su
For address family: ***v4 Unicast
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 26, main routing table version 26
6 network entries using 936 bytes of memory
6 path entries using 480 bytes of memory
5/4 BGP path/bestpath attribute entries using 720 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
4 BGP extended community entries using 128 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2288 total bytes of memory
BGP activity 13/7 prefixes, 13/7 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 52 55 26 0 0 00:40:29 3
37.1.1.2 4 55 7 7 26 0 0 00:02:09 2
EBGP鄰居已經建立,並且收到兩條來至37.1.1.2的前輟路由,如下:
R3#show ip bgp ***v4 all
BGP table version is 26, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:11 (default for vrf Ting)
*>i 5.5.5.5/32 1.1.1.1 0 100 0 55 i
*> 7.7.7.7/32 37.1.1.2 0 0 55 i
*>i 15.1.1.0/30 1.1.1.1 0 100 0 55 i
r> 37.1.1.0/30 37.1.1.2 0 0 55 i
在PE-R1上查看路由情況,如下:
R1#show ip bgp ***v4 all
BGP table version is 29, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:11 (default for vrf Ting)
*> 5.5.5.5/32 15.1.1.2 0 0 55 i
*>i 7.7.7.7/32 3.3.3.3 0 100 0 55 i
r> 15.1.1.0/30 15.1.1.2 0 0 55 i
*>i 37.1.1.0/30 3.3.3.3 0 100 0 55 i
從上可知,從R7通告的兩條前輟已經通過MP-BGP傳遞至PE-R1上,現在在CE-R5上查看路由情況
R5#show ip bgp all su
For address family: IPv4 Unicast
BGP router identifier 5.5.5.5, local AS number 55
BGP table version is 13, main routing table version 13
2 network entries using 288 bytes of memory
2 path entries using 160 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 584 total bytes of memory
BGP activity 7/5 prefixes, 7/5 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
15.1.1.1 4 100 57 51 13 0 0 00:41:57 0
從上面輸出可知,EBGP鄰居已經建立,但並未收到BGP路由前輟,這是爲什麼呢?
可用debug ip bgp updates查看原因
如下:
R5#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast
*Dec 1 22:35:26.991: BGP(0): 15.1.1.1 rcv UPDATE w/ attr: nexthop 15.1.1.1, origin i, originator 0.0.0.0, merged path 100 55, AS_PATH , community , extended community , SSA attribute
*Dec 1 22:35:27.003: BGPSSA ssacount is 0
*Dec 1 22:35:27.003: BGP(0): 15.1.1.1 rcv UPDATE about 7.7.7.7/32 -- DENIED due to: AS-PATH contains our own AS;
*Dec 1 22:35:27.007: BGP(0): 15.1.1.1 rcv UPDATE about 37.1.1.0/30 -- DENIED due to: AS-PATH contains our own AS;
從上述debug可知,R5接收到來至15.1.1.1(PE-R1)路由器傳來的7.7.7.7/32及37.1.1.0/30的前輟,其自治系統與自已的相同,由於BGP的防環機制,拒絕把AS號與自己相同的前輟路由加入路由表,而是將其丟棄。
在CE-R7的情況也是如此,如下:
R7#show ip bgp all su
For address family: IPv4 Unicast
BGP router identifier 7.7.7.7, local AS number 55
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
2 path entries using 160 bytes of memory
1/1 BGP path/bestpath attribute entries using 136 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 584 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
37.1.1.1 4 100 28 28 3 0 0 00:20:56 0
如果出現上述情況,怎樣才能讓R7通過的前輟加入R5的路由表呢?可用兩種方法進行解決。
1)、配置允許AS重疊
在PE-R1和PE-R3上配置允許AS重疊
R1(config)#router bgp 100 R1(config-router)#address-family ipv4 vrf Ting R1(config-router-af)#neighbor 15.1.1.2 as-override R3(config)#router bgp 100 R3(config-router)#address-family ipv4 vrf Ting R3(config-router-af)#neighbor 37.1.1.2 as-override
在R5上查看BGP路由情況
R5#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 15, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 0.0.0.0 0 32768 i
*> 7.7.7.7/32 15.1.1.1 0 100 100 i
*> 15.1.1.0/30 0.0.0.0 0 32768 i
*> 37.1.1.0/30 15.1.1.1 0 100 100 i
從上可知,AS號被重寫,不是100 55 ,而是兩個100,從而與自己的AS不同,就將其加入路由表,R7的情況也是如此;
R7#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 5, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 37.1.1.1 0 100 100 i
*> 7.7.7.7/32 0.0.0.0 0 32768 i
*> 15.1.1.0/30 37.1.1.1 0 100 100 i
*> 37.1.1.0/30 0.0.0.0 0 32768 i
2)、允許AS相同的進入
在R5及R7上配置如下命令
R5(config)#router bgp 55 R5(config-router)#neighbor 15.1.1.1 allowas-in R7(config)#router bgp 55 R7(config-router)#neighbor 37.1.1.1 allowas-in
在R5上查看路由情況
R5#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 19, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 5.5.5.5/32 0.0.0.0 0 32768 i
*> 7.7.7.7/32 15.1.1.1 0 100 55 i
*> 15.1.1.0/30 0.0.0.0 0 32768 i
*> 37.1.1.0/30 15.1.1.1 0 100 55 i
從上可知,BGP的自治系統號並沒有被修改。
總結:
1.CE端運行BGP時,不需要與MP-BGP之間配置重分佈,路由自動導入;
2.如果兩CE端運行的BGP自治系統號相同,會導致互相的路由都不會出現在路由表中,其原因是BGP的防環機制,要想打破其機制,可通過上述兩種方法進行配置修改,以達到設計效果。