培训Bgp 协议.docx
《培训Bgp 协议.docx》由会员分享,可在线阅读,更多相关《培训Bgp 协议.docx(28页珍藏版)》请在冰豆网上搜索。
培训Bgp协议
Ccie培训Bgp协议
基本bgp配置
routerbgp300
nosynchronization//默认配置
bgprouter-id5.5.5.5
bgplog-neighbor-changes
neighbor3.3.3.3remote-as100
neighbor3.3.3.3update-sourceLoopback0
如果不指明更新的接口,那么路由更新是从直连的接口出去
而对端指的是你的环回接口,那么对端路由器要做一个校验,
看看路由更新的源接口和用neighbor命令指的接口是否一致,如果
不一致,就扔掉数据包
noauto-summary
r2#shipbgpsu
r2#shipbgpsummary
BGProuteridentifier2.2.2.2,localASnumber100
BGPtableversionis1,mainroutingtableversion1
NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd
3.3.3.34100151610000:
12:
440
4.4.4.4420000000neverIdle
路由解决了,但是有一个问题,ebgp的多跳问题
r2(config)#routerbgp100
r2(config-router)#neighbor4.4.4.4ebg
r2(config-router)#neighbor4.4.4.4ebgp-multihop2
r4(config)#routerbgp200
r4(config-router)#neighbor2.2.2.2ebgp
r4(config-router)#neighbor2.2.2.2ebgp-multihop2
不用环回口,就不存在整个问题
结果
NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd
3.3.3.34100192130000:
16:
280
4.4.4.442005430000:
00:
091
r2#shipbgp
BGPtableversionis3,localrouterIDis2.2.2.2
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>4.4.4.0/244.4.4.400200i
这个r3学来了没有?
r3#shipbgp
BGPtableversionis1,localrouterIDis3.3.3.3
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
*i4.4.4.0/244.4.4.401000200i
R5?
r5#shipbgp
空
一个路由要向其他的as发送,要满足两个条件
1.igp有这条路由(可以用关闭同步解决,现在默认都是nosynchronization)
2.下一条应该可达
可以用next-hop-self
或者加路由
如果这两个条件满足,路由条目前面会出现一个>号(路由最优)
r2(config-router)#neighbor3.3.3.3next-hop-self
r3#clearipbgp*soft
r3#shipbgp
BGPtableversionis2,localrouterIDis3.3.3.3
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
*>i4.4.4.0/242.2.2.201000200i
r5#shipbgp
BGPtableversionis2,localrouterIDis5.5.5.5
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
*>4.4.4.0/243.3.3.30100200i
Ping测试结果?
r5#ping4.4.4.4
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto4.4.4.4,timeoutis2seconds:
.....
Successrateis0percent(0/5)
Ping测试
1)数据包能否倒台目的地
R1没有运行bgp,所以说出现了路由黑洞问题
解决方法
把4.4.4.0发到ospf里面去,或者做静态路由(不可取)
1.直接把bgp发到ospf里面去,但是一定要做过滤
2.做一条这个路由的静态路由,指向空接口,然后把整个静态路发进去
3.
2)数据包能否返回
r2#shipbgp
BGPtableversionis3,localrouterIDis2.2.2.2
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>4.4.4.0/244.4.4.400200i
r就代表有更好的igp路由
因为4.4.4.0有一条静态路由,所以不重发bgp了,直接就发静态路由算了
routerospf1
log-adjacency-changes
redistributestaticsubnets
redistributebgp100subnetsroute-mapto-igp
network2.2.2.20.0.0.0area0
network12.1.1.20.0.0.0area0
!
routerbgp100
nosynchronization
bgprouter-id2.2.2.2
bgplog-neighbor-changes
neighbor3.3.3.3remote-as100
neighbor3.3.3.3update-sourceLoopback0
neighbor3.3.3.3next-hop-self
neighbor4.4.4.4remote-as200
neighbor4.4.4.4ebgp-multihop2
neighbor4.4.4.4update-sourceLoopback0
noauto-summary
iproute4.4.4.0255.255.255.024.1.1.4
!
!
!
access-list10permit4.4.4.0
!
route-mapto-igppermit10
matchipaddress10
r1
OE24.4.4.0[110/20]via12.1.1.2,00:
00:
39,Serial1/0
还需要做
r3(config-router)#redistributeconnectedsubnets
r4(config)#iproute35.0.0.0255.0.0.024.1.1.2
再测试一下
r5#ping4.4.4.4
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto4.4.4.4,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=124/135/156ms
1.更新接口问题
2.ebgp的多跳问题
3.bgp的条目要正常的通告要满足两个条件
igp路由可达
下一跳可达
4.路由黑洞
同步/路由黑洞
路由反射器
R1运行bgp
routerbgp100
nosynchronization
bgprouter-id1.1.1.1
bgplog-neighbor-changes
neighbor2.2.2.2remote-as100
neighbor3.3.3.3remote-as100
r2
routerbgp100
nosynchronization
bgprouter-id2.2.2.2
bgplog-neighbor-changes
neighbor1.1.1.1remote-as100
neighbor1.1.1.1update-sourceLoopback0
neighbor4.4.4.4remote-as200
neighbor4.4.4.4ebgp-multihop2
neighbor4.4.4.4update-sourceLoopback0
r3
routerbgp100
nosynchronization
bgprouter-id3.3.3.3
bgplog-neighbor-changes
neighbor1.1.1.1remote-as100
neighbor1.1.1.1update-sourceLoopback0
neighbor5.5.5.5remote-as300
neighbor5.5.5.5ebgp-multihop2
neighbor5.5.5.5update-sourceLoopback0
noauto-summary
问题?
R3或者说R5还能学到4.4..4.4这个路由吗?
r2#shipbgp
BGPtableversionis3,localrouterIDis2.2.2.2
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>4.4.4.0/244.4.4.400200i
r1#shipbgp
BGPtableversionis3,localrouterIDis1.1.1.1
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>i4.4.4.0/244.4.4.401000200i
r3#shipbgp
r3#
r3为什么没有路由?
Ibgp路由只能传递一跳
一个ibgp路由器不会把从一个ibgp对等体学来的路由再传给其他的对等体
叫做ibgp的水平分割
注意:
防止路由环路(bgp防止环路的机制是靠AS,但是在一个as里面,as就失去了意义)
解决方法:
1.全互联
2.路由反射器
3.联盟
路由反射器
把r1配置成路由反射器
从路由反射器的客户端来的路由可以反给客户端和非客户端
从路由反射器的非客户端来的路由可以反给客户端
routerbgp100
nosynchronization
bgprouter-id1.1.1.1
bgplog-neighbor-changes
neighbor2.2.2.2remote-as100
neighbor2.2.2.2route-reflector-client
neighbor3.3.3.3remote-as100
再到R3看一看
r3#shipbgp
BGPtableversionis7,localrouterIDis3.3.3.3
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>i4.4.4.0/244.4.4.401000200i
下一跳
Ebgp的下一跳进入as的时候保留
Ibgp的下一跳出as的时候改变
联盟
把一个大的as分成许多小的as
对外是大的as,小的as只是在区域内有作用
R1
routerbgp65001
nosynchronization
bgprouter-id1.1.1.1
bgplog-neighbor-changes
bgpconfederationidentifier100
bgpconfederationpeers65002
neighbor2.2.2.2remote-as65001
neighbor3.3.3.3remote-as65002
neighbor3.3.3.3ebgp-multihop2
neighbor3.3.3.3update-sourceLoopback0
R2
routerbgp65001
nosynchronization
bgprouter-id2.2.2.2
bgplog-neighbor-changes
bgpconfederationidentifier100
neighbor1.1.1.1remote-as65001
neighbor1.1.1.1update-sourceLoopback0
neighbor4.4.4.4remote-as200
neighbor4.4.4.4ebgp-multihop2
neighbor4.4.4.4update-sourceLoopback0
noauto-summary
R3
routerbgp65002
nosynchronization
bgprouter-id3.3.3.3
bgplog-neighbor-changes
bgpconfederationidentifier100
bgpconfederationpeers65001
neighbor1.1.1.1remote-as65001
neighbor1.1.1.1ebgp-multihop2
neighbor1.1.1.1update-sourceLoopback0
neighbor5.5.5.5remote-as300
neighbor5.5.5.5ebgp-multihop2
neighbor5.5.5.5update-sourceLoopback0
r4
routerbgp200
nosynchronization
bgprouter-id4.4.4.4
bgplog-neighbor-changes
network4.4.4.0mask255.255.255.0
neighbor2.2.2.2remote-as100
neighbor2.2.2.2ebgp-multihop2
neighbor2.2.2.2update-sourceLoopback0
noauto-summary
r5
routerbgp300
nosynchronization
bgprouter-id5.5.5.5
bgplog-neighbor-changes
neighbor3.3.3.3remote-as100
neighbor3.3.3.3ebgp-multihop2
neighbor3.3.3.3update-sourceLoopback0
noauto-summary
注意:
下一跳这个属性不理会联盟的as
r3#shipbgp
BGPtableversionis3,localrouterIDis3.3.3.3
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>4.4.4.0/244.4.4.401000(65001)200i
对等体组
R1
routerbgp100
nosynchronization
bgprouter-id1.1.1.1
bgplog-neighbor-changes
neighboraaapeer-group//创建一个对等体组
neighboraaaremote-as100
neighboraaaupdate-sourceLoopback0
neighboraaaroute-reflector-client
neighbor2.2.2.2peer-groupaaa
neighbor3.3.3.3peer-groupaaa
r2
routerbgp100
nosynchronization
bgprouter-id2.2.2.2
bgplog-neighbor-changes
neighbor1.1.1.1remote-as100
neighbor1.1.1.1update-sourceLoopback0
r3
routerbgp100
nosynchronization
bgprouter-id3.3.3.3
bgplog-neighbor-changes
neighbor1.1.1.1remote-as100
neighbor1.1.1.1update-sourceLoopback0
noauto-summary
联盟
社团属性
知名的社团属性
一种有特殊意义的标记
Community
一种是知名社团,大家一看到这种标记,就知道他的特殊意义
Local-as
不传给本as之外的对等体(对联盟中的对等体有作用)
route-mapcompermit10
setcommunitylocal-AS
r2#clearipbgp*s
r2#shipbgpcomm
r2#shipbgpcommunitylo
r2#shipbgpcommunitylocal-AS
BGPtableversionis6,localrouterIDis2.2.2.2
Statuscodes:
ssuppressed,ddamped,hhistory,*valid,>best,i-internal,
rRIB-failure,SStale
Origincodes:
i-IGP,e-EGP,?
-incomplete
NetworkNextHopMetricLocPrfWeightPath
r>4.4.4.0/244.4.4.400200i
No-Export
不传给本as之外的对等体(不会理会联盟的as)
R2
routerbgp100
nosynchronization
bgprouter-id2.2.2.2
bgplog-neighbor-changes
neighbor1.1.1.1remote-as100
neighbor1.1.1.1update-sourceLoopback0
neighbor1.1.1.1send-community
neighbor4.4.4.4remote-as200
neighbor4.4.4.4ebgp-multihop2
neighbor4.4.4.4update-sourceLoopback0
neighbor4.4.4.4route-mapcomin
route-mapcompermit10
setcommuni
升级会员 