BGP
{Back to Index}
Table of Contents
使用 BGP 的意义在于利用其 丰富的路径属性来影响路由决策(包括选路,路由过滤) 。
(相比之下, IGP 通常只能通过操控 AD/Metric 来进行路由决策)
1 BGP 引入路由方式
network宣告- 重发布
- 本地汇总
2 AS 划分
AS 取值范围 1-65535 ,其中 64512-65535 是 私有号 ,IANA 负责 AS 号的分发。
3 输出内容
R2#sh ip bgp
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r>i 105.1.1.0/24 10.10.5.5 0 100 0 i
| |
|-> 指的是 IBGP 邻居传递过来的路由 |-> 起源类型,路由是通过 network 进入 bgp 的
4 BGP 报文类型
| 报文 | 作用 | 发送时机 |
|---|---|---|
| OPEN | 协商参数,建立邻居 | 通过 TCP 建立连接,发送 OPEN 报文 |
| UPDATE | 路由信息的交换 | 有路由需要发送或路由变化时,UPDATE通告对端路由信息 |
| NOTIFICATION | 报告错误,中止邻居关系 | 运行中发现 错误 时,通告对端 |
| KEEPALIVE | 维持邻居关系 | 定时发送以保持邻居关系的有效性 |
| Router-Refresh | 触发更新路由的机制 | 路由策略发生变化时,触发请求邻居重新通告路由 |
5 发起邻居建立请求的前提
- 默认路由是不能主动发起 TCP 连接请求的 ,但是可以回应对端的 TCP 连接请求,静态路由可以主动发起 TCP 请求
- 主动发起 TCP 连接请求的一方必须用对方 Neighbor 所指定的 IP 地址为源地址发出 TCP 连接请求,如果对方没有使用此地址,该请求被拒绝 (TCP 连接源检测)
6 BGP 建立过程的状态变化
Figure 1: BGP 有限状态机
IDLE 和 Active 是不正常的状态。
6.1 IDLE 状态排错
造成 IDLE 状态的原因通常是:
- 无法找到去往邻居的路由
6.2 Active 状态排错
造成 Active 状态的原因通常是:
- 邻居没有去往本路由器的路由
- 邻居使用了错误的地址来标识本路由器作为 BGP Peer
- 邻居没有将本路由器标识为 BGP Peer
- 使用了错误的 AS 号
7 BGP 防环方案 (水平分割原则)
7.1 EBGP 防环
EBGP 防环是利用 AS_PATH 实现。
8 Transit AS 中路由黑洞问题 👨🏫
Figure 3: 路由黑洞问题
8.1 保护措施 (路由优化)
只有满足保护措施,BGP 表中的路由条目才会被标记为 best 。 (同步规则默认是关闭的,实际中可以不用考虑了)
8.1.1 同步规则 1
BGP 同步规则指出,BGP 路由器不应使用通过 IBGP 获悉的路由或将其通告给外部邻居, 除非该路由是通过 IGP 学习到的(或是本地静态的) 。
之所以要有同步规则是因为如果路由是通过 IGP 学习到的,说明该路由信息在整个 AS 内是一致的,从数据层面讲,不会出现黑洞。
但是 , Cisco IOS 默认关闭同步规则 ,即允许 BGP 可以将 IBGP 获取的路由(并没有出现在本地路由表中)通告给 EBGP 邻居。该做法基于的理念是: 数据层面的问题可以通过别的方式解决,但不要干预控制层面。另外,为了在 IGP 中出现 BGP 的路由,势必要将路由从 BGP 重分布进 IGP ,这并不现实。
若同步规则开启,当 IBGP 获悉路由后,需等待 IGP 将该路由传遍整个自治系统(或出现在本地路由表中), 方可 将其通告给 EBGP 。
针对 IBGP 路由,当开启同步规则后,如从 IBGP 邻居收到路由,则检查逻辑为: 1. 检查本路由器路由表,如果没有针对该前缀的路由,则为 non-best 2. 如果存在路由: 1. 如果路由表中的路由是 OSPF 路由,则检查通过 OSFP 传来路由的 Router-ID 与 IBGP 邻居的 Router-ID 是否一致,如一致则为 best 路由,否则为 non-best 2. 如果路由表中的路由是非 OSPF 路由,检查该路由的 AD 值是否小于 IBGP 的 AD 值,如果小于则为 best ,否则为 non-best
8.1.2 下一跳可达 (next-hop-self)
由 AS 边界路由器 A 通知其 iBGP 邻居 B ,这样 B 通过 iBGP 从 A 学到的路由下一跳就指向 A (而不是外部 AS 边界路由器 IP),从而避免造成路由不可达 (黑洞) 。
8.2 常见解决方案
8.2.1 BGP 路由重发布进 IGP 2
8.2.2 IBGP 全互联 3
Figure 5: 全互联示意图
环境配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 1.1.1.1 255.255.255.255 int e0/0 ip address 10.1.12.1 255.255.255.0 no sh int e0/1 ip address 10.1.13.1 255.255.255.0 no sh router ospf 110 router-id 11.11.11.11 network 10.1.12.1 0.0.0.0 area 0 network 10.1.13.1 0.0.0.0 area 0 network 1.1.1.1 0.0.0.0 area 0 router bgp 1 bgp router-id 11.11.11.11 neighbor MY_PEER_GROUP peer-group neighbor MY_PEER_GROUP remote-as 1 neighbor MY_PEER_GROUP update-source lo0 neighbor 2.2.2.2 peer-group MY_PEER_GROUP neighbor 3.3.3.3 peer-group MY_PEER_GROUP ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 2.2.2.2 255.255.255.255 int e0/0 ip address 10.1.12.2 255.255.255.0 no sh int e0/1 ip address 10.1.24.2 255.255.255.0 no sh router ospf 110 router-id 22.22.22.22 network 10.1.12.2 0.0.0.0 area 0 network 2.2.2.2 0.0.0.0 area 0 router bgp 1 bgp router-id 22.22.22.22 neighbor MY_PEER_GROUP peer-group neighbor MY_PEER_GROUP remote-as 1 neighbor MY_PEER_GROUP update-source lo0 neighbor MY_PEER_GROUP next-hop-self neighbor 1.1.1.1 peer-group MY_PEER_GROUP neighbor 3.3.3.3 peer-group MY_PEER_GROUP neighbor 10.1.24.4 remote-as 4 ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 3.3.3.3 255.255.255.255 int e0/0 ip address 10.1.35.3 255.255.255.0 no sh int e0/1 ip address 10.1.13.3 255.255.255.0 no sh router ospf 110 router-id 33.33.33.33 network 10.1.13.3 0.0.0.0 area 0 network 3.3.3.3 0.0.0.0 area 0 router bgp 1 bgp router-id 33.33.33.33 neighbor MY_PEER_GROUP peer-group neighbor MY_PEER_GROUP remote-as 1 neighbor MY_PEER_GROUP update-source lo0 neighbor MY_PEER_GROUP next-hop-self neighbor 1.1.1.1 peer-group MY_PEER_GROUP neighbor 2.2.2.2 peer-group MY_PEER_GROUP neighbor 10.1.35.5 remote-as 5 ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 4.4.4.4 255.255.255.255 int e0/1 ip address 10.1.24.4 255.255.255.0 no sh router bgp 4 bgp router-id 44.44.44.44 neighbor 10.1.24.2 remote-as 1 network 4.4.4.4 mask 255.255.255.255 ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 5.5.5.5 255.255.255.255 int e0/0 ip address 10.1.35.5 255.255.255.0 no sh router bgp 5 bgp router-id 55.55.55.55 neighbor 10.1.35.3 remote-as 1 network 5.5.5.5 mask 255.255.255.255
R2 BGP 信息
R2#sh ip bgp summary
BGP router identifier 22.22.22.22, local AS number 1
BGP table version is 3, main routing table version 3
2 network entries using 288 bytes of memory
2 path entries using 168 bytes of memory
2/2 BGP path/bestpath attribute entries using 320 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 824 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 1 195 194 3 0 0 02:55:14 0
3.3.3.3 4 1 196 196 3 0 0 02:54:55 1
10.1.24.4 4 4 191 192 3 0 0 02:48:38 1
R2#sh tcp brief ! TCP 连接信息
TCB Local Address Foreign Address (state)
C3839648 2.2.2.2.179 3.3.3.3.44041 ESTAB
C3837B08 2.2.2.2.179 1.1.1.1.37630 ESTAB
C77861D0 10.1.24.2.179 10.1.24.4.26677 ESTAB
连通性测试
R4#ping 5.5.5.5 source 4.4.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 4.4.4.4 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
8.2.3 联邦
联邦的思想是将 iBGP 关系转换为联邦 eBGP 关系,从而绕过 iBGP 防环机制 将路由传递给邻居。
联邦的配置有三个步骤:
- 使用私有 AS 号定义 BGP 路由进程
- 声明所在的公有 AS 号
- 私有 AS 边界路由器互相指定 peer (目的是告知路由器当前建立的 eBGP 实际上是联邦内的 eBGP)
Figure 6: 实验环境
实验配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 1.1.1.1 255.255.255.255 int e0/0 ip address 10.1.12.1 255.255.255.0 no sh int e0/1 ip address 10.1.13.1 255.255.255.0 no sh router ospf 110 router-id 11.11.11.11 network 1.1.1.1 0.0.0.0 area 0 network 10.1.13.1 0.0.0.0 area 0 router bgp 64512 bgp router-id 11.11.11.11 bgp confederation identifier 1 ! global AS neighbor 10.1.12.2 remote-as 2 ! eBGP neighbor 3.3.3.3 update-source lo0 neighbor 3.3.3.3 remote-as 64512 neighbor 3.3.3.3 next-hop-self ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 2.2.2.2 255.255.255.255 int e0/0 ip address 10.1.12.2 255.255.255.0 no sh router bgp 2 bgp router-id 22.22.22.22 neighbor 10.1.12.1 remote-as 1 network 2.2.2.2 mask 255.255.255.255 ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 3.3.3.3 255.255.255.255 int e0/0 ip address 10.1.34.3 255.255.255.0 no sh int e0/1 ip address 10.1.13.3 255.255.255.0 no sh router ospf 110 router-id 33.33.33.33 network 3.3.3.3 0.0.0.0 area 0 network 10.1.13.3 0.0.0.0 area 0 network 10.1.34.3 0.0.0.0 area 0 router bgp 64512 bgp router-id 33.33.33.33 bgp confederation identifier 1 ! global AS bgp confederation peers 64513 ! specify 64513 is an confederation eBGP AS neighbor 1.1.1.1 remote-as 64512 neighbor 1.1.1.1 update-source lo0 neighbor 4.4.4.4 remote-as 64513 neighbor 4.4.4.4 update-source lo0 neighbor 4.4.4.4 ebgp-multihop ! eBGP ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 4.4.4.4 255.255.255.255 int e0/0 ip address 10.1.34.4 255.255.255.0 no sh router ospf 110 router-id 44.44.44.44 network 4.4.4.4 0.0.0.0 area 0 network 10.1.34.4 0.0.0.0 area 0 router bgp 64513 bgp router-id 44.44.44.44 bgp confederation identifier 1 ! global AS bgp confederation peers 64512 ! specify 64512 is an confederation eBGP AS neighbor 3.3.3.3 remote-as 64512 neighbor 3.3.3.3 update-source lo0 neighbor 3.3.3.3 ebgp-multihop ! eBGP
R2 的环回口路由能够传递至 R4
R4#sh ip bgp
BGP table version is 2, local router ID is 44.44.44.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 1.1.1.1 0 100 0 (64512) 2 i
R4#sh ip bgp 2.2.2.2/32
BGP routing table entry for 2.2.2.2/32, version 2
Paths: (1 available, best #1, table default)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 1
(64512) 2
1.1.1.1 (metric 21) from 3.3.3.3 (33.33.33.33)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
rx pathid: 0, tx pathid: 0x0
8.2.4 路由反射器
8.2.4.1 角色与反射规则
Figure 7: 路由反射中的各种角色(只有 RR 才知道谁是 client)
8.2.4.1.1 学习自非 client
如果路由学习自非 client IBGP peer ,则 反射 给所有 client ,同时 传递 4 给 eBGP 邻居。
8.2.4.1.2 学习自 client
如果路由学习自 client ,则 反射 给所有 IBGP 邻居和其余所有 client ,同时 传递 给 eBGP 邻居。
8.2.4.1.3 学习自 EBGP
如果路由学习自 EBGP 邻居,则 传递 给所有 client 和非 client IBGP 邻居。
8.2.4.2 防环设计
路由反射器需使用 ORIGINATOR_ID 和 CLUSTER_LIST 这两个属性来防止环路。
8.2.4.2.1 ORIGINATOR_ID
- 每当一条路由被反射时,该路由的始发 IBGP 路由器的 Router-ID 将会被存在路由的 originator_ID 属性中
- 当一台路由器收到 IBGP 路由且其 originator_ID 与该路由器的 Router-ID 相同时,则路由器忽略该条路由
- Originator_ID 及 Cluster-list 属性将会影响 BGP 选路决策 5
8.2.4.2.2 CLUSTER-LIST
- 路由反射簇包括反射器及其 Client (Client并不知道自己属于反射簇,只有RR知道)
- 每一个簇都有唯一的簇 ID
- 每当一条路由被反射器反射后,该反射器的 Cluster_ID 就会被添加至路由的 Cluster_list 属性中
- 每当反射器收到一条 Cluster_list 属性已经包含该簇的 Cluster_ID 的路由时,该路由将不被反射
8.2.4.3 配置示例
Figure 12: 实验环境
实验配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 1.1.1.1 255.255.255.255 int e0/0 ip address 10.1.12.1 255.255.255.0 no sh int e0/1 ip address 10.1.13.1 255.255.255.0 no sh router ospf 110 router-id 11.11.11.11 network 1.1.1.1 0.0.0.0 area 0 network 10.1.13.1 0.0.0.0 area 0 router bgp 1 bgp router-id 11.11.11.11 neighbor 10.1.12.2 remote-as 2 ! eBGP neighbor 3.3.3.3 update-source lo0 neighbor 3.3.3.3 remote-as 1 neighbor 3.3.3.3 next-hop-self ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 2.2.2.2 255.255.255.255 int e0/0 ip address 10.1.12.2 255.255.255.0 no sh router bgp 2 bgp router-id 22.22.22.22 neighbor 10.1.12.1 remote-as 1 network 2.2.2.2 mask 255.255.255.255 ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 3.3.3.3 255.255.255.255 int e0/0 ip address 10.1.34.3 255.255.255.0 no sh int e0/1 ip address 10.1.13.3 255.255.255.0 no sh router ospf 110 router-id 33.33.33.33 network 3.3.3.3 0.0.0.0 area 0 network 10.1.13.3 0.0.0.0 area 0 network 10.1.34.3 0.0.0.0 area 0 router bgp 1 bgp router-id 33.33.33.33 bgp cluster-id 33.33.33.33 neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source lo0 neighbor 1.1.1.1 route-reflector-client neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source lo0 ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 4.4.4.4 255.255.255.255 int e0/0 ip address 10.1.34.4 255.255.255.0 no sh router ospf 110 router-id 44.44.44.44 network 4.4.4.4 0.0.0.0 area 0 network 10.1.34.4 0.0.0.0 area 0 router bgp 1 bgp router-id 44.44.44.44 neighbor 3.3.3.3 remote-as 1 neighbor 3.3.3.3 update-source lo0
R4 路由信息
R4#sh ip bgp
BGP table version is 2, local router ID is 44.44.44.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 1.1.1.1 0 100 0 2 i ! 成功反射过来
R4#sh ip bg
R4#sh ip bgp 2.2.2.2/32
BGP routing table entry for 2.2.2.2/32, version 2
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
2
1.1.1.1 (metric 21) from 3.3.3.3 (33.33.33.33)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 11.11.11.11, Cluster list: 33.33.33.33
rx pathid: 0, tx pathid: 0x0
8.2.5 MPLS 👍
9 实验
9.1 宣告默认路由
9.1.1 方法一
产生一条默认路由,向所有邻居发送。
ip route 0.0.0.0 0.0.0.0 null 0 router bgp 1000 net 0.0.0.0
9.1.2 方法二
向指定邻居发送默认路由。
nei x.x.x.x default originate
9.1.3 方法三
如果 IGP 有默认路由,做重分布的时候,可以将 IGP 默认路由转化为 BGP 默认路由。
router bgp 10000 default-information originate ! 必须配置该命令才能使能重分布IGP默认路由 redistribute ospf 1 match internal external metric 1 ! 以 OSPF 为例 !
9.2 auto-summary 作用
Figure 13: 实验环境
实验配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 1.1.1.1 255.255.255.255 int e0/0 ip address 10.1.13.1 255.255.255.0 no sh int e0/1 ip address 10.1.12.1 255.255.255.0 no sh router rip version 2 no auto-summary network 10.1.13.1 network 1.1.1.1 router bgp 13 bgp router-id 11.11.11.11 neighbor 10.1.12.2 remote-as 2 ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 2.2.2.2 255.255.255.255 int e0/1 ip address 10.1.12.2 255.255.255.0 no sh router bgp 2 bgp router-id 22.22.22.22 neighbor 10.1.12.1 remote-as 13 ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 3.3.3.3 255.255.255.255 int e0/0 ip address 10.1.13.3 255.255.255.0 no sh router rip version 2 no auto-summary network 10.1.13.3 network 3.3.3.3
9.2.1 auto-summary
- 不携带 IGP 的 Metric 和 Next-hop
- 汇总为 主类
R1 开启 auto-summary 并重分布 RIPv2
router bgp 13 bgp router-id 11.11.11.11 bgp log-neighbor-changes redistribute rip neighbor 10.1.12.2 remote-as 2 auto-summary
R1 路由信息
R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
R 3.3.3.3 [120/1] via 10.1.13.3, 00:00:01, Ethernet0/0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/1
L 10.1.12.1/32 is directly connected, Ethernet0/1
C 10.1.13.0/24 is directly connected, Ethernet0/0
L 10.1.13.1/32 is directly connected, Ethernet0/0
R1#sh ip bgp
BGP table version is 4, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 0 32768 ?
*> 3.0.0.0 0.0.0.0 0 32768 ?
*> 10.0.0.0 0.0.0.0 0 32768 ?
9.2.2 no auto-summary (Default)
- 携带 IGP 的 Metric 和 Next-hop
- 不进行汇总
R1 路由信息 (配置 no auto-summary 后)
R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
R 3.3.3.3 [120/1] via 10.1.13.3, 00:00:11, Ethernet0/0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/1
L 10.1.12.1/32 is directly connected, Ethernet0/1
C 10.1.13.0/24 is directly connected, Ethernet0/0
L 10.1.13.1/32 is directly connected, Ethernet0/0
R1#sh ip bgp
BGP table version is 29, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 3.3.3.3/32 10.1.13.3 1 32768 ?
*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*> 10.1.13.0/24 0.0.0.0 0 32768 ?
9.3 路由汇总
Figure 14: 实验环境
初始配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 1.1.1.1 255.255.255.255 int e0/0 ip address 10.1.12.1 255.255.255.0 no sh router bgp 1 bgp router-id 11.11.11.11 neighbor 10.1.12.2 remote-as 2 ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 2.2.2.2 255.255.255.255 int lo1 ip address 200.1.16.1 255.255.255.255 int lo2 ip address 200.1.17.1 255.255.255.255 int lo3 ip address 200.1.18.1 255.255.255.255 int lo4 ip address 200.1.19.1 255.255.255.255 int e0/0 ip address 10.1.12.2 255.255.255.0 no sh router bgp 2 bgp router-id 22.22.22.22 neighbor 10.1.12.1 remote-as 1
9.3.1 通过 network 宣告静态路由进行汇总 6
R2 手动创建汇总的静态路由
ip route 200.1.16.0 255.255.252.0 Null0
R2 路由表
R2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.2/32 is directly connected, Ethernet0/0
S 200.1.16.0/22 is directly connected, Null0
200.1.16.0/32 is subnetted, 1 subnets
C 200.1.16.1 is directly connected, Loopback1
200.1.17.0/32 is subnetted, 1 subnets
C 200.1.17.1 is directly connected, Loopback2
200.1.18.0/32 is subnetted, 1 subnets
C 200.1.18.1 is directly connected, Loopback3
200.1.19.0/32 is subnetted, 1 subnets
C 200.1.19.1 is directly connected, Loopback4
将静态路由通告进 BGP
R2#sh run | s router
router bgp 2
bgp router-id 22.22.22.22
bgp log-neighbor-changes
network 200.1.16.0 mask 255.255.252.0
neighbor 10.1.12.1 remote-as 1
查看 R1 BGP 路由
R1#sh ip bgp
BGP table version is 2, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 10.1.12.2 0 0 2 i
9.3.2 通过 aggregate-address 进行汇总
初始配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 1.1.1.1 255.255.255.255 int e0/0 ip address 10.1.12.1 255.255.255.0 no sh router bgp 1 bgp router-id 11.11.11.11 neighbor 10.1.12.2 remote-as 2 ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 2.2.2.2 255.255.255.255 int lo1 ip address 200.1.16.1 255.255.255.255 int lo2 ip address 200.1.17.1 255.255.255.255 int lo3 ip address 200.1.18.1 255.255.255.255 int lo4 ip address 200.1.19.1 255.255.255.255 int e0/0 ip address 10.1.12.2 255.255.255.0 no sh router bgp 2 bgp router-id 22.22.22.22 neighbor 10.1.12.1 remote-as 1 network 200.1.16.1 mask 255.255.255.255 ! network all detailed route network 200.1.17.1 mask 255.255.255.255 network 200.1.18.1 mask 255.255.255.255 network 200.1.19.1 mask 255.255.255.255
9.3.2.1 不使用额外参数
R2 进行汇总
router bgp 2
bgp router-id 22.22.22.22
bgp log-neighbor-changes
network 200.1.16.1 mask 255.255.255.255
network 200.1.17.1 mask 255.255.255.255
network 200.1.18.1 mask 255.255.255.255
network 200.1.19.1 mask 255.255.255.255
aggregate-address 200.1.16.0 255.255.252.0
neighbor 10.1.12.1 remote-as 1
查看 R1 BGP 路由
R1#sh ip bgp
BGP table version is 8, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 10.1.12.2 0 0 2 i
*> 200.1.16.1/32 10.1.12.2 0 0 2 i ! 明细路由还在
*> 200.1.17.1/32 10.1.12.2 0 0 2 i
*> 200.1.18.1/32 10.1.12.2 0 0 2 i
*> 200.1.19.1/32 10.1.12.2 0 0 2 i
9.3.2.2 summary-only 参数
R2 进行汇总
router bgp 2
bgp router-id 22.22.22.22
bgp log-neighbor-changes
network 200.1.16.1 mask 255.255.255.255
network 200.1.17.1 mask 255.255.255.255
network 200.1.18.1 mask 255.255.255.255
network 200.1.19.1 mask 255.255.255.255
aggregate-address 200.1.16.0 255.255.252.0 summary-only
neighbor 10.1.12.1 remote-as 1
查看 R2 路由
R2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.12.0/24 is directly connected, Ethernet0/0
L 10.1.12.2/32 is directly connected, Ethernet0/0
B 200.1.16.0/22 [200/0], 00:00:05, Null0
200.1.16.0/32 is subnetted, 1 subnets
C 200.1.16.1 is directly connected, Loopback1
200.1.17.0/32 is subnetted, 1 subnets
C 200.1.17.1 is directly connected, Loopback2
200.1.18.0/32 is subnetted, 1 subnets
C 200.1.18.1 is directly connected, Loopback3
200.1.19.0/32 is subnetted, 1 subnets
C 200.1.19.1 is directly connected, Loopback4
R2#sh ip bgp
BGP table version is 12, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r> 200.1.16.0/22 0.0.0.0 32768 i
s 200.1.16.1/32 0.0.0.0 0 32768 i ! 明细被抑制了
s 200.1.17.1/32 0.0.0.0 0 32768 i
s 200.1.18.1/32 0.0.0.0 0 32768 i
s 200.1.19.1/32 0.0.0.0 0 32768 i
查看 R1 BGP 路由
R1#sh ip bgp
BGP table version is 2, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 10.1.12.2 0 0 2 i
R1#sh ip bgp 200.1.16.0
BGP routing table entry for 200.1.16.0/22, version 2
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
2, (aggregated by 2 22.22.22.22)
10.1.12.2 from 10.1.12.2 (22.22.22.22)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
! 如果不使用 as-set,那么聚合后的 BGP 路由,会带有 atomic-aggregate 路径属性标示,
! 用以告诉其他邻居这是一条聚合过的路由,并且丢失了部分属性,特别是路径属性
9.3.2.3 as-set 参数 7
如果 R2 仅发布明细路由,而在 R1 上进行汇总:
R1 汇总并查看路由
R1(config)#router bgp 1
R1(config-router)# aggregate-address 200.1.16.0 255.255.252.0 summary-only
R1#sh ip bgp
BGP table version is 18, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 0.0.0.0 32768 i ! i 表示是本地产生的路由
s> 200.1.16.1/32 10.1.12.2 0 0 2 i
s> 200.1.17.1/32 10.1.12.2 0 0 2 i
s> 200.1.18.1/32 10.1.12.2 0 0 2 i
s> 200.1.19.1/32 10.1.12.2 0 0 2 i
R2 会收到 R1 传来的汇总路由
R2#sh ip bgp
BGP table version is 32, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 10.1.12.1 0 0 1 i
*> 200.1.16.1/32 0.0.0.0 0 32768 i
*> 200.1.17.1/32 0.0.0.0 0 32768 i
*> 200.1.18.1/32 0.0.0.0 0 32768 i
*> 200.1.19.1/32 0.0.0.0 0 32768 i
R2#sh ip bgp 200.1.16.0
BGP routing table entry for 200.1.16.0/22, version 32
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
1, (aggregated by 1 11.11.11.11)
10.1.12.1 from 10.1.12.1 (11.11.11.11)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
R2 接收这条路由的原因在于,R1 在做汇总时并没有保留明细路由的 AS-Path 属性,这样基于 AS-Path 的水平分割就失效了。
R1 使用 as-set 参数
R1(config-router)#$aggregate-address 200.1.16.0 255.255.252.0 summary-only as-set R1#sh ip bgp BGP table version is 28, local router ID is 11.11.11.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 200.1.16.0/22 0.0.0.0 100 32768 2 i s> 200.1.16.1/32 10.1.12.2 0 0 2 i s> 200.1.17.1/32 10.1.12.2 0 0 2 i s> 200.1.18.1/32 10.1.12.2 0 0 2 i s> 200.1.19.1/32 10.1.12.2 0 0 2 i R1#sh ip bgp neighbors 10.1.12.2 advertised-routes BGP table version is 10, local router ID is 11.11.11.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 200.1.16.0/22 0.0.0.0 100 32768 2 i ! 确实是向 R2 发送了路由信息,但是因为水平分割原则,R2 并不接受 Total number of prefixes 1
9.3.2.4 suppress-map 参数
优先级高于 summary-only 。
通常用于抑制部分明细,以实验环境为例,如果在进行汇总时想保留除了 200.1.16.1/32 和 200.1.17.1/32 以外的明细路由,就可以使用 suppress-map :
R2 配置 suppress-map
ip prefix-list PFX_SUPPRESS seq 5 permit 200.1.16.1/32 ip prefix-list PFX_SUPPRESS seq 10 permit 200.1.17.1/32 route-map RTMAP_SUPPRESS permit 10 match ip address prefix-list PFX_SUPPRESS router bgp 2 aggregate-address 200.1.16.0 255.255.252.0 suppress-map RTMAP_SUPPRESS
R2 BGP 路由信息
BGP table version is 28, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 0.0.0.0 32768 i
s> 200.1.16.1/32 0.0.0.0 0 32768 i
s> 200.1.17.1/32 0.0.0.0 0 32768 i
*> 200.1.18.1/32 0.0.0.0 0 32768 i
*> 200.1.19.1/32 0.0.0.0 0 32768 i
R1 BGP 路由信息
R1#sh ip bgp
BGP table version is 10, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 10.1.12.2 0 0 2 i
*> 200.1.18.1/32 10.1.12.2 0 0 2 i
*> 200.1.19.1/32 10.1.12.2 0 0 2 i
9.3.2.5 unsuppress-map 参数
使用 summary-only 后只能保留汇总后的路由,如果希望额外放行一些明细路由,可以使用此参数并结合 route-map 实现。
9.3.2.6 advertise-map 参数
advertise-map 具有两个作用:既继承路径属性又进行聚合。
9.3.2.6.1 有条件聚合
当 advertise-map 中匹配的明细路由存在,才做聚合。
即指定一个 route-map , 只要 map 匹配的路由存在( 任意一条,且该路由可以被传递,即没有 no-adv community attr ) ,则进行汇总,否则不汇总。
在 R2 上进行配置:
ip prefix-list PFX_ADV seq 5 permit 200.1.16.1/32 ip prefix-list PFX_ADV seq 10 permit 200.1.17.1/32 route-map RTMAP_ADV permit 10 match ip address prefix-list PFX_ADV router bgp 2 aggregate-address 200.1.16.0 255.255.252.0 advertise-map RTMAP_ADV
如果在 R2 上同时将 lo1/lo2 关闭,则 R1 就不会收到汇总路由。
9.3.2.6.2 有条件继承
默认聚合路由时,会继承所有路径属性。使用 advertise-map ,则只继承匹配的明细路由的所具有的的属性。
9.3.2.7 attribute-map 参数
用于对汇总后的路由添加路径属性。
R2 上面进行配置
route-map RTMAP_ATTR permit 10
set metric 1234
router bgp 2
aggregate-address 200.1.16.0 255.255.252.0 summary-only attribute-map RTMAP_ATTR
查看 R1 BGP 路由
R1#sh ip bgp
BGP table version is 12, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 200.1.16.0/22 10.1.12.2 1234 0 2 i