BGP通告原则之一
仅将自己最优可达的路由发布给邻居
什么才是最优BGP路由
<R2>display bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 6 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.10.10.10/32 1.1.1.1 0 100 0 ? *> 22.22.22.22/32 0.0.0.0 0 0 i *> 44.44.44.44/32 24.1.1.4 0 0 200i * i 3.3.3.3 0 100 0 200i *>i 100.100.100.100/32 1.1.1.1 0 100 0 i *>i 101.101.101.101/32 1.1.1.1 0 100 0 ?
注意点:
*号 表示valid(有效)
>号 表示best(最优)
思考一下:为什么RTD到达100网段得下一跳为10.1.12.1?
BGP在整个AS内 不会改变下一跳 但是BGP在AS和AS之间的时候 下一跳会发生改变
修改方法如下:
peer 4.4.4.4 next-hop-local
告诉4.4.4.4你想要到达某一个路由的时候 你把下一跳指向我自己的OK了
BGP路由信息处理
当从BGP邻居接收到Update报文时,路由器将会执行路径选择算法,来为每一条前缀确定最佳路径;
得出的最佳路径被存储到本地BGP路由表(Local_RIB)中,然后被提交给本地IP路由表(IP_RIB),以用作安装考虑;
被选出的有效的最佳路径路由将会被封装在Update报文中,发送给对端的BGP邻居。
BGP通告原则之二
通过EBGP获得的最优可达路由发布给所有BGP邻居(其中包括IBGP和EBGP)
BGP通告原则之三
通过IBGP获得的最优可达路由不会发布给其他的IBGP邻居(IBGP的水平分割
)目的是防止环路
BGP通告原则之四
BGP与IGP同步(华为默认关闭,开启不了)
undo synchronization
一条从IBGP邻居学来的路由在发布给一个BGP邻居之前,通过IGP必须知道该路由,即BGP与IGP同步
华为路由器上,默认是将BGP与IGP的同步检查关闭的,原因是为了实现IBGP路由的正常通告。会出现路由黑洞的问题
什么是路由黑洞?
描述如下:
R2 R3 R4属于AS 200的设备 并且各自的loopback接口都发布到OSPF里面 R2的2.2.2.2可以访问4.4.4.4
R1和R2之间是EBGP关系 用的是物理接口建立
R4和R5之间是EBGP关系 用的是物理接口建立
R2和R4之间是IBGP关系 用的是loopback接口建立
R3设备没有和任何设备建立BGP关系
基础配置检查如下
在R3上面查看OSPF邻居状态是否OK
<R3>display ospf peer brief OSPF Process 1 with Router ID 3.3.3.3 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 4.4.4.4 Full 0.0.0.0 GigabitEthernet0/0/1 2.2.2.2 Full ---------------------------------------------------------------------------- <R3>
在R2 R3 R4上查看路由表
<R2>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 3 Routes : 3 OSPF routing table status : <Active> Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 3.3.3.3/32 OSPF 10 1 D 192.168.23.3 GigabitEthernet0/0/1 4.4.4.4/32 OSPF 10 2 D 192.168.23.3 GigabitEthernet0/0/1 192.168.34.0/24 OSPF 10 2 D 192.168.23.3 GigabitEthernet0/0/1 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 <R2>
<R3>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 2 Routes : 2 OSPF routing table status : <Active> Destinations : 2 Routes : 2 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 OSPF 10 1 D 192.168.23.2 GigabitEthernet0/0/1 4.4.4.4/32 OSPF 10 1 D 192.168.34.4 GigabitEthernet0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0
<R4>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 3 Routes : 3 OSPF routing table status : <Active> Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 OSPF 10 2 D 192.168.34.3 GigabitEthernet0/0/0 3.3.3.3/32 OSPF 10 1 D 192.168.34.3 GigabitEthernet0/0/0 192.168.23.0/24 OSPF 10 2 D 192.168.34.3 GigabitEthernet0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0
检查BGP的邻居关系
R1和R2之间的EBGP关系
<R1>display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 192.168.12.2 4 200 17 18 0 00:14:39 Established 1 <R1>
R2的R1的EBGP关系 R2和R4跨邻居的IBGP关系
<R2>display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 4.4.4.4 4 200 17 18 0 00:14:22 Established 1 192.168.12.1 4 100 18 18 0 00:15:02 Established 1
R4和R2的IBGP关系 R4和R5的EBGP关系
<R4>display bgp peer BGP local router ID : 4.4.4.4 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.2 4 200 17 17 0 00:14:49 Established 1 192.168.45.5 4 300 18 18 0 00:15:21 Established 1
R5和R4的EBGP关系
<R5>display bgp peer BGP local router ID : 5.5.5.5 Local AS number : 300 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 192.168.45.4 4 200 18 19 0 00:15:34 Established 1 <R5>
路由黑洞实验现象
在R1的BGP里面宣告1.1.1.1
在R5的BGP里面宣告5.5.5.5
#
bgp 100
network 1.1.1.1 255.255.255.255
#
#
bgp 300
network 5.5.5.5 255.255.255.255
#
在R2上面查看是否学习到关于1.1.1.1和5.5.5.5的BGP路由
<R2>display bgp routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.1/32 192.168.12.1 0 0 100i *>i 5.5.5.5/32 4.4.4.4 0 100 0 300i <R2>
在R4上面查看是否学习到关于1.1.1.1和5.5.5.5的BGP路由
<R4>display bgp routing-table BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 1.1.1.1/32 2.2.2.2 0 100 0 100i *> 5.5.5.5/32 192.168.45.5 0 0 300i <R4>
R4到达1.1.1.1的下一跳是2.2.2.2 因为在R2这边敲了如下命令
#
bgp 200
peer 4.4.4.4 next-hop-local
#
在R5上面查看是否学习到关于1.1.1.1的BGP路由
[R5]display bgp routing-table BGP Local router ID is 5.5.5.5 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.1/32 192.168.45.4 0 200 100i *> 5.5.5.5/32 0.0.0.0 0 0 i [R5]
在R5设备上去访问1.1.1.1
[R5]ping -a 5.5.5.5 1.1.1.1 PING 1.1.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 1.1.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
在R5设备上去访问tracert 1.1.1.1
<R5>tracert -a 5.5.5.5 1.1.1.1 traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break 1 192.168.45.4 50 ms 40 ms 20 ms //发现到R4就停止了 2 * * * 3 * * <R5>
发现数据包交给R4后 R4后面就不通了 我们看下R4到达1.1.1.1的路由表
<R4>display ip routing-table 1.1.1.1 Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 IBGP 255 0 RD 2.2.2.2 GigabitEthernet0/0/0 <R4>
发现R4到达1.1.1.1的下一跳是2.2.2.2 R4上面到达2.2.2.2也是非直连网段 R4会递归查询到达2.2.2.2 发现到达2.2.2.2下一跳是R3 因为R4到达1.1.1.1的时候 数据包经过递归后 下一跳是R3
<R4>display ip routing-table 2.2.2.2 Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.2.2.2/32 OSPF 10 2 D 192.168.34.3 GigabitEthernet0/0/0 <R4>
R4会把数据包交给R3 R3收到后 到达1.1.1.1该如何走呢?
<R3>display ip routing-table 1.1.1.1
发现R3路由表里面根本就没有到达1.1.1.1的路由条目 所以R5访问1.1.1.1就会丢包 , 只要是R5想要访问到R1这边 都会被R3的路由黑洞给吃掉 这个就是路由黑洞
分析原因
原因1:因为R3上没有运行BGP协议
原因2:BGP可以跨邻居建立