以前發在Junipers的帖子:
最近做JNCIA中的BGP試驗,深入研究了一下靜態路由的next-hop選項(discard/receive/reject),有些心得和大家一起分享。如果陳述有誤,歡迎拍磚!
以下爲正文,附件帶有拓撲和初始接口配置文件
配置STATIC_MS/STATIC_CBL,分別指定靜態路由
Muscat:
static 10.20.1.0/24 next-hop 172.16.21.2
static 10.20.2.0/24 next-hop 172.16.21.2
Chablis:
static 10.20.3.0/24 next-hop 172.16.23.2
static 10.20.4.0/24 next-hop 172.16.23.2
1.Q&A:
在Muscat或者Chablis單獨配置static2bgp,則Shiraz/Chablis都無法學習到BGP路由,在Shiraz發現10.20.1.0/10.20.2.0/10.20.3.0/10.20.4.0/都hidden,狀態unusable
分析:因爲Shiraz/Chablis不知道怎麼到達Muscat上10.20.1.0/10.20.2.0的路由,確切講是他們沒有關於Muscat直連接口fxp1.21(172.16.21.0/30)的路由,所以他們不會把這兩條路由放到BGP中
2.Q&A:
配置direct2bgp後,Shiraz/Chablis才能學習到BGP路由
分析:配置direct2bgp,實際上是把Muscat上的直連接口fxp1.21網段(172.16.21.0/30)宣告到BGP中,這樣Shiraz/Chablis就知道怎麼到達10.20.1.0/10.20.2.0了
二:JNCIA F8.13_5Routers拓撲的分析
刪除STATIC_MS/STATIC_CBL,刪除fpx1.21/FXP1.23
Muscat(只有接口fxp1.100/Lo0.6,沒有關於10.20.1.0/10.20.2.0的接口)
靜態路由:
static 10.20.1.0/24 discard
static 10.20.2.0/24 discard
Chablis(只有接口fxp2.101/Lo0.7,沒有關於10.20.3.0/10.20.4.0的接口)
靜態路由:
static 10.20.3.0/24 discard
static 10.20.4.0/24 discard
1.Q&A:
在Muscat或者Chablis單獨配置static2bgp,則Shiraz/Chablis可以學習到這些靜態路由。
分析:首先參看next-hop選項的解釋IJNR_P355:
Once in the configuration, static routes appear in the routing table if they are active.Active static routes have a valid next-hop option. Routes with reject or discard options as next hops always are active and present in the routing table. Routes with an IP address as a next hop are present only if that address is reachable across a directly connected interface on the router.
根據以上解釋,static 10.20.3.0/24 discard實際上是在Muscat的routing table中創建一條一定present的路由,這樣BGP纔會把它裝入BGP表中。
JNCIA SG中關於BGP路由的論述:
BGP routers by default advertise only active BGP routes in the routing table. This creates a sort of chicken-and-egg problem. A route can appear in the routing table as a BGP route only if it is received from a BGP peer, but a BGP peer can only advertise a route if it's already in the routing table as a BGP route.
2.Q:
靜態路由next-hop的參數receive/reject如何理解?如果沒有10.20.1.0/16,10.20.2.0/16,10.20.3.0/16,10.20.4.0/16的接口,如何驗證該這些網段的可達性?
驗證:
Chablis靜態路由:
static 10.20.3.0/24 discard
static 10.20.4.0/24 receive
static 10.20.5.0/24 reject
結論:
Chablis靜態路由next-hop的配置成discard/receive/reject對Shiraz/Muscat上的BGP路由都沒有影響,Shiraz/Muscat上都可以正確學習到。
3.Q:
在Chablis是否需要把loopback配置成192.168.7.7/32,10.20.3.1/32,10.20.4.1/32?
看過孟詩宇blog:http://jncie.wordpress.com/category/ospf/----->
JNCIP案例分析 – Juniper/Cisco OSPF互操作 Part1,他是在loopback接口上配置了多個地址,每個地址都是屬於static路由中的網段
Reference Documentation:
help reference routing-options static
環回接口是自動宣告的
8.1版本後不自動宣告
三:在IGP中引入帶next-hop選項的static路由
1.Muscat/Shiraz/Chablis
deactivate prot bgp
Muscat:
1.policy static2ospf,then export to ospf
2.routing-options {
static {
route 10.20.1.0/24 discard;
route 10.20.2.0/24 reject;
route 10.20.7.0/24 receive;
route 10.20.6.0/24 discard;
}
3.verification:
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.1.1 logical-router Chablis
PING 10.20.1.1 (10.20.1.1): 56 data bytes
^C
--- 10.20.1.1 ping statistics ---
35 packets transmitted, 0 packets received, 100% packet loss
[edit logical-routers Chablis]
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.7.1 logical-router Chablis
PING 10.20.7.1 (10.20.7.1): 56 data bytes
^C
--- 10.20.7.1 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss
ping 10.20.1.1/10.20.7.1沒有任何返回消息,這說明報文到達Muscat後直接被discard,但是Muscat沒有給source反饋消息。
問題在於從Chablis ping一個完全不存在的地址,也不會有任何反饋消息,這個和discard/receive的效果一模一樣。這樣就無從驗證Chablis到10.20.1.1/10.20.7.1是否真正可達。
[email=lab@FSJ]lab@FSJ[/email]# run ping 1.1.1.2 logical-router Chablis
PING 1.1.1.2 (1.1.1.2): 56 data bytes
^C
--- 1.1.1.2 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
當然以上是基於olive logical router進行的,在真正的Juniper Router上應該不是這樣,比如這樣測試:
[email=lab@FSJ]lab@FSJ[/email]# run ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
看,同樣是一個不存在的地址(1.1.1.2),但是olive的結果和olive logical router是不一樣的,應該是olive返回的纔是正確的信息。
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.2.1 logical-router Chablis
PING 10.20.2.1 (10.20.2.1): 56 data bytes
36 bytes from 192.168.100.2: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 9709 0 0000 fe 01 f3df 192.168.101.2 10.20.2.1
ping 10.20.2.1可以看到從192.168.100.2返回的消息:Destination Host Unreachable,這說明報文成功到達Muscat,只是配置的是discard,因而Muscat丟棄報文後給source一個反饋“Destination Host Unreachable”
4.在Muscat上配置lo0.6的第二個地址10.20.6.1/32,並且在area 0中宣告出去
lo0 {
unit 6 {
family inet {
address 192.168.6.6/32;
address 10.20.6.1/32;
}
}
ospf {
export static2ospf;
area 0.0.0.0 {
interface lo0.6;
interface fxp1.100;
}
}
policy-statement static2ospf {
term static2ospf {
from protocol static;
then accept;
}
}
routing-options {
static {
route 10.20.1.0/24 discard;
route 10.20.2.0/24 reject;
route 10.20.7.0/24 receive;
route 10.20.6.0/24 discard;
}
更改10.20.6.0/24的next-hop選項,不管是discard,還是reject/receive,從ping 10.20.6.1 from Chablis,得到的反饋消息都是一樣
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.6.1 logical-router Chablis
PING 10.20.6.1 (10.20.6.1): 56 data bytes
64 bytes from 10.20.6.1: icmp_seq=0 ttl=254 time=0.294 ms
64 bytes from 10.20.6.1: icmp_seq=1 ttl=254 time=0.279 ms
^C
--- 10.20.6.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.279/0.286/0.294/0.008 ms
但是ping 10.20.6.2 from Chablis,並且更改10.20.60.0/24的next-hop選項(discard/recieve/reject),得到反饋消息和3.verfication一模一樣
5。最後來看看Chablis上的ospf routes:
[email=lab@FSJ]lab@FSJ[/email]# run show route protocol ospf logical-router Chablis
inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.20.1.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
10.20.2.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
10.20.6.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
10.20.6.1/32 *[OSPF/10] 00:11:19, metric 2
> to 192.168.101.1 via fxp2.101
10.20.7.0/24 *[OSPF/150] 00:11:19, metric 0, tag 0
> to 192.168.101.1 via fxp2.101
192.168.5.5/32 *[OSPF/10] 00:11:19, metric 1
> to 192.168.101.1 via fxp2.101
192.168.6.6/32 *[OSPF/10] 00:11:19, metric 2
> to 192.168.101.1 via fxp2.101
192.168.100.0/24 *[OSPF/10] 00:11:19, metric 2
> to 192.168.101.1 via fxp2.101
224.0.0.5/32 *[OSPF/10] 01:11:49, metric 1
MultiRecv
10.20.1.0-7.0的next-hop都是192.168.101.1,Preference Value是150(OSPF external routes),metric是0
10.20.6.1/32的next-hop也是192.168.101.1,Preference Value是10(OSPF internal routes),metric是2
分析:10.20.1.0-7.0都是static2ospf這個policy導入的,所以被當作OSPF external routes,另外在static2ospf並沒有指定external type和metric,故爲OSPF external type 1,而且metric爲0
而10.20.6.1/32本身就是Muscat的lo0.6接口IP,而且在area 0中宣告,因此他被當成OSPF internal routes,從Chablis-Shiraz-Muscat一共2跳,所以metric爲2
綜合以上,可以得出以下結論:
1。靜態路由後加上next-hop(discard/receive/reject)選項,都是爲了創建一條一定present的路由,這樣它們才能放進routing table中,進一步地這些靜態路由才能隨着policy傳遞到其他的路由器。
2。帶有next-hop選項的路由和接口沒有關係,也就是說,沒有必要爲Chablis的lo0.6添加一個諸如10.20.1.1/32等等地址,這些static路由可以是根本不存在的任何路由,這樣你就可以把customer的網段都列出來,相當於模擬了customer的網絡。
3。根據上邊的1、2兩點,爲了模擬customer網絡,沒有必要採用JNCIA F8.13_9Routers這樣的拓撲,用JNCIA F8.13_5Routers拓撲即可。當然這裏需要把customer的所有網段用靜態路由都羅列出來,配置next-hop選項。項
4。基於三:在IGP中引入帶next-hop選項的static路由,個人覺得用reject好一些。
不知道你做了這個沒有.
三:在IGP中引入帶next-hop選項的static路由
Muscat:
1.policy static2ospf,then export to ospf
2.routing-options {
static {
route 10.20.1.0/24 discard;
route 10.20.2.0/24 reject;
route 10.20.7.0/24 receive;
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.7.1 logical-router Chablis
PING 10.20.7.1 (10.20.7.1): 56 data bytes
^C
--- 10.20.7.1 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.1.1 logical-router Chablis
PING 10.20.1.1 (10.20.1.1): 56 data bytes
^C
--- 10.20.1.1 ping statistics ---
35 packets transmitted, 0 packets received, 100% packet loss
[email=lab@FSJ]lab@FSJ[/email]# run ping 10.20.2.1 logical-router Chablis
PING 10.20.2.1 (10.20.2.1): 56 data bytes
36 bytes from 192.168.100.2: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 9709 0 0000 fe 01 f3df 192.168.101.2 10.20.2.1
用receive得到結果和discard一模一樣,Muscat並沒有迴應ICMP-ECHO信息,在Chablis 看不到任何反饋,不知道爲什麼。倒是reject這個選項看到了反饋信息
其實這個receive選項我並沒有真正理解,還請指教!
肯定有問題, RECEIVE是最好用的, 不需要本地接口配地址, 就能迴應.
你這個有點怪
如果有迴應,是什麼樣子的?是下邊這樣的嗎?這個是我在Muscat上直接ping的結果
lab@OLIVE# run ping 10.20.7.1 logical-router Muscat
PING 10.20.7.1 (10.20.7.1): 56 data bytes
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
另外樓上說的“RECEIVE是最好用的, 不需要本地接口配地址, 就能迴應. ”,言下之意discard/reject還要在本地接口配地址嗎?
R1--fe-0/0/0-------------fe-0/0/0-R3
[edit]
jnpr@R1# show interfaces fe-0/0/0
unit 0 {
family inet {
filter {
output test1;
}
address 13.13.13.1/24;
}
family iso;
}
[edit]
jnpr@R1# show interfaces lo0
unit 0 {
family inet {
address 1.1.1.1/32;
}
family iso {
address 49.4949.1111.1111.1111.00;
}
}
[edit]
jnpr@R1# show protocols isis
level 1 disable;
interface fe-0/0/0.0;
interface lo0.0;
R3接口配置差不多, 同一網段直連R1.
[edit]
jnpr@R3# show protocols isis
export redis-static;
level 1 disable;
interface fe-0/0/0.0;
interface lo0.0;
[edit]
jnpr@R3# show policy-options policy-statement redis-static
term 1 {
from {
protocol static;
route-filter 3.0.0.0/8 exact;
route-filter 4.0.0.0/8 exact;
}
then accept;
}
[edit]
jnpr@R3# show routing-options static
/* This static route is to show to Kelvin how to optimize customer configurations */
route 3.0.0.0/8 receive;
route 4.0.0.0/8 receive;
注意: R3上沒有任何3/8或者4/8網段內的接口IP.
好了, 配置貼完看結果.
[edit]
jnpr@R1# run ping 4.1.1.1 rapid count 10
PING 4.1.1.1 (4.1.1.1): 56 data bytes
!!!!!!!!!!
--- 4.1.1.1 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.861/0.920/1.321/0.134 ms
[edit]
jnpr@R1# run ping 3.3.23.100 rapid count 10
PING 3.3.23.100 (3.3.23.100): 56 data bytes
!!!!!!!!!!
--- 3.3.23.100 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.862/1.116/2.581/0.509 ms
[edit]
jnpr@R1# run ping 3.4.146.100 rapid count 10
PING 3.4.146.100 (3.4.146.100): 56 data bytes
!!!!!!!!!!
--- 3.4.146.100 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.862/0.914/1.269/0.118 ms
[edit]
jnpr@R1# run ping 4.234.19.100 rapid count 10
PING 4.234.19.100 (4.234.19.100): 56 data bytes
!!!!!!!!!!
--- 4.234.19.100 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.871/0.929/1.314/0.130 ms
PING的這些IP地址, 實際上在R3上都不存在.
另外,樓上所說“discard/reject還要本地配置接口才能迴應”,意思有多少靜態路由,就需要在配置相應數目的本地接口嗎?例如R2中,如果用discard/reject:
.jnpr@R2# show interfaces lo0
unit 0 {
family inet {
address 1.1.1.1/32;
address 4.4.4.4/32;
address 5.5.5.4/32;
}
如果有類似6.0.0.0/8--9.0.0.0/8的靜態路由,依次在lo0後添加?
我沒有真傢伙,只能靠olive學習,但是不想被這種差異誤導,也不希望我的測試誤導其他的人。可否麻煩大貓貓版主補充一點discard/reject的樣例,以及測試的反饋結果?
KKBlue:
說說我的想法
可能是我想的太簡單了
可能是樓主想的太複雜了
其實不用考慮那麼多,搞定這麼幾件事情
第一,靜態路由的作用,建立路由表,指定下一條,這是王道,對吧
第二,要是靜態路由沒有下一 跳,就有貓膩了,比如說靜態路由中比較特殊的aggregate,或者generate,他們都有default的action,你這個實驗裏面沒有做,也就算了
第三,不管環境如何複雜,靜態路由的作用,都是在inet.0裏面有一個路由表條目,當router收到數據包的時候,根據靜態路由的next-hop作處理,對吧
那麼有哪些處理呢?我們看到有指定的下一跳,這個就是router的本分了
那麼您也研究到說有discard,reject and receive
我要說的是,不管是discard,reject還是receive,這個packet是否被路由了呢?答案恐怕是否定的,好,沒有被路由的話,數據包都是被幹掉的了只有天堂纔會尋覓到這個數據包的影子,那麼router針對數據包的發出者,就會有一些操作
如下
discard,---router說丟就丟了吧,我也不管你了,那麼你有可能看到的就是icmp timeout,沉默的殺手哦
reject---router說我有良心一點,丟了你的包,我還告訴你一聲,給你一個icmp unreachable吧,殺了人,一聲大吼,看過投名狀吧,想想最後一段
receive---這個太壞了,明明沒有,明明是不可達的,明明包已經被丟掉咧,可以router還是給你一個echo reply,讓你感覺是!!!!!,呵呵,有點意思,有點意思
那麼你想一想,從某種意義上來說,reject和receive是一樣的
包,最起碼是沒有發出去的,只是router產生的icmp message不一樣而已
就像你給女孩子寫情書,要通過女孩子的父母轉交,
最好的結果,父母轉交了--你小子運氣不錯---這就是next-hop
另外的結果
父母把信丟了,還不告訴你,你就傻等着吧,這就是discard
父母把信丟了,告訴你,你小子不要對我家丫頭耍流氓,這就是reject
父母把信丟了,還告訴你,小子,信送到了哦,這就是receive
一點點個人看法,可能不成熟,希望大家指正