案例精解：BGP路由黑洞

合集下载

BGP路由黑洞

案例精解：BGP路由黑洞2008-10-19 15:05:37标签：路由反射器路由黑洞同步BGP联邦什么是路由黑洞？简单的说，它会默默的将数据包丢弃，使所有数据包有去无回，下面来看一个案例：如图所示：R1和R2建立EBGP邻居关系R2和R5建立IBGP邻居关系R5和R7建立EBGP邻居关系R2、R3、R5之间运行RIPv2首先看配置：hostname r1interface Loopback0ip address 1.1.1.1 255.255.255.0interface Serial1/0ip address 192.168.12.1 255.255.255.0serial restart-delay 0router bgp 100no synchronizationbgp router-id 1.1.1.1bgp log-neighbor-changesnetwork 1.1.1.0 mask 255.255.255.0network 192.168.12.0neighbor 2.2.2.2 remote-as 200neighbor 2.2.2.2 ebgp-multihop 255neighbor 2.2.2.2 update-source Loopback0 no auto-summary!ip route 2.2.2.0 255.255.255.0 192.168.12.2hostname r2interface Loopback0ip address 2.2.2.2 255.255.255.0!interface Serial1/0ip address 192.168.23.2 255.255.255.0serial restart-delay 0!interface Serial1/1ip address 192.168.12.2 255.255.255.0serial restart-delay 0!interface Serial1/2ip address 192.168.24.2 255.255.255.0serial restart-delay 0!router ripversion 2network 2.0.0.0network 192.168.23.0no auto-summary!router bgp 200no synchronizationbgp log-neighbor-changesnetwork 192.168.12.0network 192.168.23.0neighbor 1.1.1.1 remote-as 100neighbor 1.1.1.1 ebgp-multihop 255neighbor 1.1.1.1 update-source Loopback0 neighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 update-source Loopback0 neighbor 5.5.5.5 next-hop-selfno auto-summary!ip route 1.1.1.0 255.255.255.0 192.168.12.1hostname r3interface Loopback0ip address 3.3.3.3 255.255.255.0!interface Serial1/0ip address 192.168.35.3 255.255.255.0serial restart-delay 0!interface Serial1/1ip address 192.168.23.3 255.255.255.0 serial restart-delay 0router ripversion 2network 3.0.0.0network 192.168.23.0network 192.168.35.0no auto-summaryhostname r5interface Loopback0ip address 5.5.5.5 255.255.255.0!interface FastEthernet0/0no ip addressshutdownduplex half!interface Serial1/0ip address 192.168.57.5 255.255.255.0 serial restart-delay 0!interface Serial1/1ip address 192.168.35.5 255.255.255.0 serial restart-delay 0!interface Serial1/2ip address 192.168.45.5 255.255.255.0 serial restart-delay 0!interface Serial1/3no ip addressshutdownserial restart-delay 0!router ripversion 2network 5.0.0.0network 192.168.35.0no auto-summary!router bgp 200no synchronizationbgp log-neighbor-changesbgp confederation identifier 200neighbor 3.3.3.3 remote-as 200neighbor 7.7.7.7 remote-as 300neighbor 7.7.7.7 ebgp-multihop 255neighbor 7.7.7.7 update-source Loopback0 no auto-summary!ip route 7.7.7.0 255.255.255.0 192.168.57.7interface Serial1/1ip address 192.168.57.7 255.255.255.0serial restart-delay 0!interface Serial1/2no ip addressshutdownserial restart-delay 0!interface Serial1/3no ip addressshutdownserial restart-delay 0!router bgp 300no synchronizationbgp log-neighbor-changesneighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 ebgp-multihop 255no auto-summary!ip route 5.5.5.0 255.255.255.0 192.168.57.5现在查看R1的路由表r7#sh ip routeB 1.1.1.0 [20/0] via 5.5.5.5, 00:02:54 //为节约篇幅未完整显示可见R7学到了R1的路由，从表面上看这个实验很完美，达了目的，然而这时问题出现了，作个测试，在R7上PING R1r7#ping 1.1.1.1Type escape sequence to abort.Sending 5, 0-byte ICMP Echos to 7.7.7.7, timeout:.....这究竟是怎么回事呢？原来，我们在R5上关闭了同步，这时它会将一条并没有优化的路由传送给R7，当R7要发向R1发包时，它看到R5是它的下一跳，于是将包发给R5，然后R5又查看它的路由表，发现到R1的下一跳是R2，并继续查找，发现在通过R3可以达到R2，于是它将数据送给R3，这时问题出现了，因为R3没有运行BGP，它不知道R1怎么走，于是它将数据包丢弃，从而造成路由黑洞。

BGP路由黑洞

BGP路由黑洞一、实验目标：分析路由黑洞，并给出路由黑洞的解决方法二、网络拓扑图：三、配置：R1#router ospf 1log-adjacency-changesredistribute connected metric 1000 metric-type 1 subnets 重发布直连路由到OSPF network 10.0.1.4 0.0.0.3 area 0公布该网段，在该10.0.1.4/30网段接口运行OSPF，与R3建立OSPF邻居关系，注，只是重发布不会建立OSPF邻居，必须在接口运行OSPF，建立OSPF邻居ip route 10.0.0.0 255.255.0.0 Null0ip route 10.3.0.0 255.255.0.0 Null0 静态路由汇总router bgp 65000no synchronization 关闭同步bgp log-neighbor-changesnetwork 10.0.0.0 mask 255.255.0.0 汇总路由注入BGP network 10.3.0.0 mask 255.255.0.0neighbor 10.0.0.2 remote-as 65000 AS65000邻居10.0.0.2 neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 next-hop-selfneighbor 10.0.15.2 remote-as 65001 AS65001邻居10.0.15.2 no auto-summaryR2# R2配置与R1相似router ospf 1log-adjacency-changesredistribute connected metric 1000 metric-type 1 subnets network 10.0.1.8 0.0.0.3 area 0ip route 10.0.0.0 255.255.0.0 Null0ip route 10.3.0.0 255.255.0.0 Null0router bgp 65000no synchronizationbgp log-neighbor-changesnetwork 10.0.0.0 mask 255.255.0.0network 10.3.0.0 mask 255.255.0.0neighbor 10.0.0.1 remote-as 65000neighbor 10.0.0.1 update-source Loopback0neighbor 10.0.0.1 next-hop-selfneighbor 10.0.26.2 remote-as 65002no auto-summaryR3# 公布业务网段，建立OSPF邻居，实现IGP路由可达router ospf 1log-adjacency-changesnetwork 10.0.0.3 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.4 0.0.0.3 area 0network 10.3.3.0 0.0.0.255 area 0R4# 公布业务网段，建立OSPF邻居，实现IGP路由可达router ospf 1log-adjacency-changesnetwork 10.0.0.4 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.8 0.0.0.3 area 0network 10.3.4.0 0.0.0.255 area 0R5#ip route 10.5.0.0 255.255.0.0 Null0router bgp 65001no synchronization 同步关闭bgp log-neighbor-changesnetwork 10.5.0.0 mask 255.255.0.0 汇总路由注入neighbor 10.0.15.1 remote-as 65000 与R1建立邻居no auto-summaryR6# 相似R5ip route 10.6.0.0 255.255.0.0 Null0router bgp 65002no synchronizationbgp log-neighbor-changesnetwork 10.6.0.0 mask 255.255.0.0neighbor 10.0.26.1 remote-as 65000no auto-summary路由黑洞分析RT6#ping 10.5.5.1 source 10.6.6.1 不能实现连通Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.5.5.1, timeout is 2 seconds: Packet sent with a source address of 10.6.6.1.....Success rate is 0 percent (0/5)查看各个路由器路由表因为关闭同步，所以R5，R6能够相互学到到达对方网段的路由RT5#show ip route10.0.0.0/8 is variably subnetted, 7 subnets, 4 masksC 10.0.15.0/30 is directly connected, Serial0/0B 10.3.0.0/16 [20/0] via 10.0.15.1, 00:14:47B 10.0.0.0/16 [20/0] via 10.0.15.1, 00:14:47B 10.6.0.0/16 [20/0] via 10.0.15.1, 00:11:44 R5学到到达R6的路由，来自R1 R5查看路由表，将数据交给R1R1经过路由递归查找，数据交给R3RT1#show ip routeC 10.0.4.0/30 is directly connected, Serial0/0O E1 10.0.0.2/32 [110/1300] via 10.0.1.5, 00:25:23, Serial0/0B 10.6.0.0/16 [200/0] via 10.0.0.2, 00:11:10B 10.5.0.0/16 [20/0] via 10.0.15.2, 00:14:13RT3# R3经过查找路由表，没有对应条目，丢弃数据包从R6到R5的过程与上类似RT6#show ip route10.0.0.0/8 is variably subnetted, 7 subnets, 4 masksB 10.3.0.0/16 [20/0] via 10.0.26.1, 00:11:52B 10.0.0.0/16 [20/0] via 10.0.26.1, 00:11:52B 10.5.0.0/16 [20/0] via 10.0.26.1, 00:11:52 R6学到到达R5的路由，来自R2C 10.0.26.0/30 is directly connected, Serial0/0RT2#show ip routeO E1 10.0.0.1/32 [110/1300] via 10.0.1.9, 00:25:30, Serial0/0B 10.6.0.0/16 [20/0] via 10.0.26.2, 00:11:16B 10.5.0.0/16 [200/0] via 10.0.0.1, 00:12:06C 10.0.26.0/30 is directly connected, Serial0/1RT4#解决方法1、关闭同步，内网BGP全连接使用peer-group命令简化BGP配置RT1(config)#router bgp 65000RT1(config-router)#neighbor 65000 peer-group 创建peer-groupRT1(config-router)#neighbor 65000 remote-as 65000RT1(config-router)#neighbor 65000 update-source loopback 0RT1(config-router)#neighbor 65000 next-hop-self peer-group的BGP邻居配置RT1(config-router)#neighbor 10.0.0.3 peer-group 65000RT1(config-router)#neighbor 10.0.0.4 peer-group 65000 加入peer-groupRT2(config)#router bgp 65000 参见R1RT2(config-router)#neighbor 65000 peer-groupRT2(config-router)#neighbor 65000 remote-as 65000RT2(config-router)#neighbor 65000 update-source loopback 0RT2(config-router)#neighbor 65000 next-hop-selfRT2(config-router)#neighbor 10.0.0.3 peer-group 65000RT2(config-router)#neighbor 10.0.0.4 peer-group 65000RT3(config)#router bgp 65000 R3运行BGP，与AS65000中所有路由器建立邻居RT3(config-router)#neighbor 65000 peer-groupRT3(config-router)#neighbor 65000 remote-as 65000RT3(config-router)#neighbor 65000 next-hop-selfRT3(config-router)#neighbor 65000 update-source lo0RT3(config-router)#neighbor 10.0.0.1 peer-group 65000RT3(config-router)#neighbor 10.0.0.2 peer-group 65000RT3(config-router)#neighbor 10.0.0.4 peer-group 65000RT4(config)#router bgp 65000 R4运行BGP，与AS65000中所有路由器建立邻居RT4(config-router)#neighbor 65000 peer-groupRT4(config-router)#neighbor 65000 remote-as 65000RT4(config-router)#neighbor 65000 next-hop-selfRT4(config-router)#neighbor 65000 update-source lo0RT4(config-router)#neighbor 10.0.0.1 peer-group 65000RT4(config-router)#neighbor 10.0.0.2 peer-group 65000RT4(config-router)#neighbor 10.0.0.3 peer-group 65000查看BGP邻居表，实现BGP全连接RT1#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.2 4 65000 45 44 5 0 0 00:38:55 310.0.0.3 4 65000 13 15 5 0 0 00:09:13 010.0.0.4 4 65000 10 12 5 0 0 00:06:30 010.0.15.2 4 65001 46 47 5 0 0 00:41:08 1RT2#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.1 4 65000 45 46 5 0 0 00:39:04 310.0.0.3 4 65000 13 15 5 0 0 00:09:21 010.0.0.4 4 65000 10 12 5 0 0 00:06:16 010.0.26.2 4 65002 43 44 5 0 0 00:38:14 1RT3#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.1 4 65000 15 13 5 0 0 00:09:28 310.0.0.2 4 65000 15 13 5 0 0 00:09:27 310.0.0.4 4 65000 10 10 5 0 0 00:06:34 0RT4#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.1 4 65000 12 10 7 0 0 00:06:49 310.0.0.2 4 65000 12 10 7 0 0 00:06:26 310.0.0.3 4 65000 10 10 7 0 0 00:06:38 0R3和R4学到全部的BGP路由RT3#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.2 0 100 0 i*>i 10.0.0.1 0 100 0 i* i10.3.0.0/16 10.0.0.2 0 100 0 i*>i 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT4#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i10.0.0.0/16 10.0.0.2 0 100 0 i* i 10.0.0.1 0 100 0 i*>i10.3.0.0/16 10.0.0.2 0 100 0 i* i 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT3#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksO 10.0.1.8/30 [110/200] via 10.0.1.2, 00:15:55, FastEthernet1/0O E1 10.0.15.0/30 [110/1100] via 10.0.1.6, 00:15:55, Serial0/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.6, 00:15:55, Serial0/0O E1 10.0.0.2/32 [110/1200] via 10.0.1.2, 00:15:55, FastEthernet1/0B 10.3.0.0/16 [200/0] via 10.0.0.1, 00:13:49C 10.0.0.3/32 is directly connected, Loopback0C 10.3.3.0/24 is directly connected, Ethernet3/0B 10.0.0.0/16 [200/0] via 10.0.0.1, 00:13:49C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1100] via 10.0.1.6, 00:15:55, Serial0/0B 10.6.0.0/16 [200/0] via 10.0.0.2, 00:13:49O 10.3.4.0/24 [110/110] via 10.0.1.2, 00:15:55, FastEthernet1/0O 10.0.0.4/32 [110/101] via 10.0.1.2, 00:15:56, FastEthernet1/0B 10.5.0.0/16 [200/0] via 10.0.0.1, 00:13:49C 10.0.1.4/30 is directly connected, Serial0/0O E1 10.0.26.0/30 [110/1200] via 10.0.1.2, 00:15:56, FastEthernet1/0RT4#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksC 10.0.1.8/30 is directly connected, Serial0/0O E1 10.0.15.0/30 [110/1200] via 10.0.1.1, 00:58:11, FastEthernet1/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.10, 00:58:11, Serial0/0O E1 10.0.0.2/32 [110/1100] via 10.0.1.10, 00:58:11, Serial0/0B 10.3.0.0/16 [200/0] via 10.0.0.2, 00:11:59O 10.0.0.3/32 [110/101] via 10.0.1.1, 00:58:11, FastEthernet1/0O 10.3.3.0/24 [110/110] via 10.0.1.1, 00:58:11, FastEthernet1/0B 10.0.0.0/16 [200/0] via 10.0.0.2, 00:11:59C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1200] via 10.0.1.1, 00:58:11, FastEthernet1/0B 10.6.0.0/16 [200/0] via 10.0.0.2, 00:11:59C 10.3.4.0/24 is directly connected, Ethernet3/0C 10.0.0.4/32 is directly connected, Loopback0B 10.5.0.0/16 [200/0] via 10.0.0.1, 00:12:22O 10.0.1.4/30 [110/200] via 10.0.1.1, 00:58:11, FastEthernet1/0O E1 10.0.26.0/30 [110/1100] via 10.0.1.10, 00:58:11, Serial0/0RT5#ping 10.6.6.1 source 10.5.5.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.6.6.1, timeout is 2 seconds:Packet sent with a source address of 10.5.5.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 128/190/280 msR3，R4之间不需要建立BGP邻居关系BGP全连接虽然能实现R5和R6相互访问，但是每个路由器都要与其他路由器建立BGP 邻居，加重了路由器负担2、开启同步，重发布BGP路由到IGP中RT4(config)#no router bgp 65000 还原R3，R4配置，关闭BGPRT3(config)#no router bgp 65000R1和R2上看，邻居R3，R4状态为Active，TCP建立不成功RT1#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.2 4 65000 54 53 5 0 0 00:47:23 310.0.0.3 4 65000 20 22 0 0 0 00:01:09 Active10.0.0.4 4 65000 18 20 0 0 0 00:00:48 Active10.0.15.2 4 65001 54 55 5 0 0 00:49:37 1RT2#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.1 4 65000 54 55 5 0 0 00:48:06 310.0.0.3 4 65000 20 22 0 0 0 00:01:52 Active10.0.0.4 4 65000 17 19 0 0 0 00:01:30 Active10.0.26.2 4 65002 52 53 5 0 0 00:47:16 1在R1，R2上开启同步RT1(config)#router bgp 65000RT1(config-router)#synchronizationRT2(config)#router bgp 65000RT2(config-router)#synchronizationRT1(config)#do show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.2 0 100 0 i 未同步，丢弃*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.2 0 100 0 i 未同步，丢弃*> 0.0.0.0 0 32768 i*> 10.5.0.0/16 10.0.15.2 0 0 65001 i* i10.6.0.0/16 10.0.0.2 0 100 0 65002 i 丢弃未同步路由丢弃来自IBGP宣告的未达到同步的路由所以，R1不会把该路由通告给R5RT2(config)#do show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.5.0.0/16 10.0.0.1 0 100 0 65001 i 丢弃未同步路由*> 10.6.0.0/16 10.0.26.2 0 0 65002 iR5和R6不学到相互的路由RT5#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.15.1 0 0 65000 i*> 10.3.0.0/16 10.0.15.1 0 0 65000 i*> 10.5.0.0/16 0.0.0.0 0 32768 iRT6#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.26.1 0 0 65000 i*> 10.3.0.0/16 10.0.26.1 0 0 65000 i*> 10.6.0.0/16 0.0.0.0 0 32768 i把BGP路由重发布到OSPF中，实现IGP路由同步RT1(config)#router ospf 1RT1(config-router)#redistribute bgp 65000 subnetsRT2(config)#router ospf 1RT2(config-router)#redistribute bgp 65000 subnetsR1与R2通过IGP路由，实现同步RT1#show ip routeO E2 10.6.0.0/16 [110/1] via 10.0.1.5, 00:05:03, Serial0/0RT2#show ip routeO E2 10.5.0.0/16 [110/1] via 10.0.1.9, 00:10:17, Serial0/0RT1#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.2 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.2 0 100 0 i*> 0.0.0.0 0 32768 i*> 10.5.0.0/16 10.0.15.2 0 0 65001 ir>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iR表示该路由已经通过BGP路由学到，但是不能进入全局路由表RT2#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 ir>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*> 10.6.0.0/16 10.0.26.2 0 0 65002 iR5,R6各自通过EBGP学到相互的路由RT5#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.15.1 0 0 65000 i*> 10.3.0.0/16 10.0.15.1 0 0 65000 i*> 10.5.0.0/16 0.0.0.0 0 32768 i*> 10.6.0.0/16 10.0.15.1 0 65000 65002 iRT6#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.26.1 0 0 65000 i*> 10.3.0.0/16 10.0.26.1 0 0 65000 i*> 10.5.0.0/16 10.0.26.1 0 65000 65001 i *> 10.6.0.0/16 0.0.0.0 0 32768 iRT3#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksO 10.0.1.8/30 [110/200] via 10.0.1.2, 00:19:10, FastEthernet1/0O E1 10.0.15.0/30 [110/1100] via 10.0.1.6, 00:19:10, Serial0/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.6, 00:19:10, Serial0/0O E1 10.0.0.2/32 [110/1200] via 10.0.1.2, 00:19:10, FastEthernet1/0O E2 10.3.0.0/16 [110/1] via 10.0.1.6, 00:09:52, Serial0/0C 10.0.0.3/32 is directly connected, Loopback0C 10.3.3.0/24 is directly connected, Ethernet3/0O E2 10.0.0.0/16 [110/1] via 10.0.1.6, 00:09:52, Serial0/0C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1100] via 10.0.1.6, 00:19:10, Serial0/0O E2 10.6.0.0/16 [110/1] via 10.0.1.2, 00:09:52, FastEthernet1/0O 10.3.4.0/24 [110/110] via 10.0.1.2, 00:19:10, FastEthernet1/0O 10.0.0.4/32 [110/101] via 10.0.1.2, 00:19:10, FastEthernet1/0O E2 10.5.0.0/16 [110/1] via 10.0.1.6, 00:12:01, Serial0/0C 10.0.1.4/30 is directly connected, Serial0/0O E1 10.0.26.0/30 [110/1200] via 10.0.1.2, 00:19:10, FastEthernet1/0RT4#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksC 10.0.1.8/30 is directly connected, Serial0/0O E1 10.0.15.0/30 [110/1200] via 10.0.1.1, 00:18:53, FastEthernet1/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.10, 00:18:53, Serial0/0O E1 10.0.0.2/32 [110/1100] via 10.0.1.10, 00:18:53, Serial0/0O E2 10.3.0.0/16 [110/1] via 10.0.1.10, 00:09:57, Serial0/0O 10.0.0.3/32 [110/101] via 10.0.1.1, 00:18:53, FastEthernet1/0O 10.3.3.0/24 [110/110] via 10.0.1.1, 00:18:53, FastEthernet1/0O E2 10.0.0.0/16 [110/1] via 10.0.1.10, 00:09:57, Serial0/0C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1200] via 10.0.1.1, 00:18:53, FastEthernet1/0O E2 10.6.0.0/16 [110/1] via 10.0.1.10, 00:09:57, Serial0/0C 10.3.4.0/24 is directly connected, Ethernet3/0C 10.0.0.4/32 is directly connected, Loopback0O E2 10.5.0.0/16 [110/1] via 10.0.1.1, 00:12:06, FastEthernet1/0O 10.0.1.4/30 [110/200] via 10.0.1.1, 00:18:53, FastEthernet1/0O E1 10.0.26.0/30 [110/1100] via 10.0.1.10, 00:18:53, Serial0/0RT6#ping 10.5.5.1 source 10.6.6.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.5.5.1, timeout is 2 seconds:Packet sent with a source address of 10.6.6.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 140/184/236 ms重发布BGP路由进入IGP路由虽然能解决路由同步问题，但是因特网上路由有十几万条，该方法不可行3、路由反射器使用路由反射技术，代替BGP互连接RT1(config-router)#no synchronization 关闭同步RT2(config-router)#no synchronizationR1作路由反射器，其他路由器都是客户端RT1(config)#router bgp 65000RT1(config-router)#neighbor 10.0.0.2 route-reflector-clientRT1(config-router)#neighbor rr peer-groupRT1(config-router)#neighbor rr update-source lo0RT1(config-router)#neighbor rr remote-as 65000RT1(config-router)#neighbor rr next-hop-selfRT1(config-router)#neighbor rr route-reflector-clientRT1(config-router)#neighbor 10.0.0.3 peer-group rrRT1(config-router)#neighbor 10.0.0.4 peer-group rrRT1(config-router)#RT3(config)#router bgp 65000RT3(config-router)#neighbor 10.0.0.1 remote-as 65000RT3(config-router)#neighbor 10.0.0.1 update-source lo0RT3(config-router)#neighbor 10.0.0.1 next-hop-selfRT4(config)#router bgp 65000RT4(config-router)#neighbor 10.0.0.1 remote-as 65000RT4(config-router)#neighbor 10.0.0.1 update-source lo0RT4(config-router)#neighbor 10.0.0.1 next-hop-selfRT1#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 0.0.0.0 0 32768 i* i 10.0.0.2 0 100 0 i*> 10.3.0.0/16 0.0.0.0 0 32768 i* i 10.0.0.2 0 100 0 i*> 10.5.0.0/16 10.0.15.2 0 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT2#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*> 10.6.0.0/16 10.0.26.2 0 0 65002 iR1,R2关于10.6.0.0/16的下一跳指向10.0.0.2 ，因为该路由是通过路由反射得到RT3#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i10.0.0.0/16 10.0.0.1 0 100 0 i*>i10.3.0.0/16 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT4#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i10.0.0.0/16 10.0.0.1 0 100 0 i*>i10.3.0.0/16 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT5#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.15.1 0 0 65000 i*> 10.3.0.0/16 10.0.15.1 0 0 65000 i*> 10.5.0.0/16 0.0.0.0 0 32768 i*> 10.6.0.0/16 10.0.15.1 0 65000 65002 iRT6#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.26.1 0 0 65000 i*> 10.3.0.0/16 10.0.26.1 0 0 65000 i*> 10.5.0.0/16 10.0.26.1 0 65000 65001 i*> 10.6.0.0/16 0.0.0.0 0 32768 i四、总结：路由同步的概念，来自IBGP的BGP路由条目不会无效，并且不会发给EBGP邻居，除非该路由能通过IGP路由学到。

BGP路由黑洞与反射器(第二次)

RR的几个关键概念：簇（cluster）：一个或者多个RR和它们的RRC的集合 Originator_ID属性：一个路由器的RID，这个RID是由RR产生的。
蓝狐网络技术培训学校
路由反射器的冗余

单RR容易给整个系统带来单点故障。如果RR失效，所有的客户都将失去他们唯一的NLRL源，从冗余的角度考虑，一个簇中可以拥有多台RR,客户与每台 RR都有物理接连，而且每台RR也都建立了对等关系，在其中一台RR出现故障的情况下，客户仍有一条去往另一台RR的连接，因而不会丢失任何可达性信息
蓝狐网络技术培训学校
路由反射器冗余

一个自治系统中可以创建多个路由发射簇
路由反射器是一种放宽了该规则的BGP路由器，因而为了防止出现路由环路，路由反射器必须使用两种 BGP路径属性：originator_id 和cluster_list 1.originator_id：是一种由路由反射器创建的可选非传递性属性，是本地AS中路由发起者的路由器ID。路由发射器不会将某路由宣告回该路由的发起者。即便如此，如果发起者接受到的 update消息中包含了其自己的RID,则忽略该update消息 2.cluster_list:是一种可选非传递性属性，用于记录簇ID,就像AS-PATH记录AS号一样，当RR将来自客户的路由反射给给客户时，同时将其簇ID附加到cluster_list中，如果cluster_list为空，则RR 将创建一个cluster_list。RR接受到update消息后，就会检查cluster_list，如果发现其簇ID 位于簇列表中，则知道已经出现了路由环路，从而忽略该update消息
思考： 1.省节点之间为什么需要一条物理链路相连？如果没有该链路，对邻居的建立会不会有什么影响？ 2.为什么不省节点路由器和核心节点多增一条物理链路以提供备份？ 2.如何考虑市级的路由器部署？为什么？

巧用黑洞路由

网络边缘设计巧用黑洞路由当今园区网组建的潮流中ospf已经成为大型企业网的首选路由协议，然而ospf本身的复杂性使其使用起来会带来很多潜在的问题。

对于一个健康的企业网来说ospf应该限定在汇聚的上行端口，如果把接入区域的网段直接network命令宣告到ospf区域中，那么接入区的网络动荡将直接影响整个网络的核心，而且从网络安全的角度来说把接入区域宣告进去更是直接将企业网的核心暴露出来，不法分子甚至可以伪造ospf报文直接对公司网络进行攻击。

因此接入区域与核心保持有效隔离的情况下把接入网段发布出去成为解决问题的关键。

ospf末梢区域可以减小本区域内的链路状态数据库，从而减小设备压力。

但是末梢区域内的动荡还是会影响到核心。

所以末梢区域并不能解决这个问题。

ospf引入黑洞路由的方式刚好可以达到预期的效果，同时黑洞路由很能防止路由环路的产生。

下面对此方法进行分析。

注释：1.路由信息传递情况1ospf引入静态黑洞路由发布到区域0 ，区域0中的路由器便能学习到到达接入的路径。

2.用户业务报文转发情况2用户直接将数据发送到网关所在地也就是汇聚层。

3汇聚根据静态默认路由发送到下一跳到达核心，核心向目的地转发。

4下行数据根据第五类lsa把数据送到汇聚网关。

5汇聚根据直连路由把数据发送到接入用户。

汇聚并不会根据此条黑洞路由转发，因为直连路由的优先级要比静态路由的高。

这样配置办公接入网段的路由震荡将不会影响到所配置的静态黑洞路由，进而也影响不到核心区域的ospf。

1具体实施方法通过ospf引入静态黑洞路由的方式，具体优化方法如下：(1)在配置一条静态黑洞路由路由子网掩码扩大要包含所有接入网段。

iproute-static 10.6.0.0 255.255.240.0 null0 配置掩码扩大是因为防止直连路由优先级大于静态使静态路由不生效的情况发生，同时黑洞路由能够防止环路。

(2)在ospf中引入次条静态路由因为配置的静态黑洞路由掩码要大所以这条静态路由会成为有效的路由。

BGP路由黑洞之路由反射器(Router Reflector)解决

BGP路由黑洞之路由反射器(Router Reflector)解决【实验环境】C3640-IK9O3S-M Version 12.4(10)【实验目的】采用路由反射器(Router Reflector)解决由IBGP水平分割导致的BGP路由黑洞问题【实验拓扑】【实验描述】R1、R2、R4、R5跑BGP协议，R2、R3、R4跑OSPF协议。

目标是使1.1.1.1<->5.5.5.5可以互相访问IBGP邻居关系采用回环口进行建立R1<->R2、R4<->R5之间使用直连接口建立EBGP关系数据层面的BGP路由黑洞问题：由于R3没有跑BGP，因此R2和R4均不会将路由条目传给R3，因此R3没有1.1.1.1和5.5.5.5的路由，导致路由黑洞。

如果在R3上跑BGP，与R2和R4建立IBGP关系，又会因为IBGP水平分割导致R2、R4路由学习不完整。

解决方法：利用路由反射器，将R3作为反射器(RR)，其余IBGP路由器作为客户端(C)，路由反射器和其客户端共同组成路由反射簇，客户端只需要与路由反射器建立邻居即可，不需要与每台IBGP路由器建立邻居。

路由反射器的规则：1、RR从EBGP收到的路由，会反射给客户端和非客户端；2、从客户端收到的路由，会反射给客户端、非客户端及EBGP邻居；3、从非客户端收到的路由，只会反射给客户端和EBGP邻居，不会反射给其他非客户端。

【实验步骤】1、R1基本配置，端口:!interface Loopback0ip address 1.1.1.1 255.255.255.0!interface Serial0/0ip address 12.0.0.1 255.255.255.0clock rate 64000!2、R2基本配置，端口，OSPF:!interface Loopback0ip address 2.2.2.2 255.255.255.0!interface Serial0/0ip address 12.0.0.2 255.255.255.0 !interface Serial0/1ip address 23.0.0.1 255.255.255.0 clock rate 64000!router ospf 110router-id 2.2.2.2network 2.2.2.0 0.0.0.255 area 0 network 23.0.0.1 0.0.0.0 area 0 !3、R3基本配置，端口，OSPF:!interface Loopback0ip address 3.3.3.3 255.255.255.0 !interface Serial0/0ip address 34.0.0.1 255.255.255.0 clock rate 64000!interface Serial0/1ip address 23.0.0.2 255.255.255.0 !router ospf 110router-id 3.3.3.3network 3.3.3.0 0.0.0.255 area 0 network 23.0.0.2 0.0.0.0 area 0network 34.0.0.1 0.0.0.0 area 0 !4、R4基本配置，端口，OSPF:!interface Loopback0ip address 4.4.4.4 255.255.255.0 !interface Serial0/0ip address 34.0.0.2 255.255.255.0 !interface Serial0/1ip address 45.0.0.1 255.255.255.0 clock rate 64000!router ospf 110router-id 4.4.4.4network 4.4.4.0 0.0.0.255 area 0 network 34.0.0.2 0.0.0.0 area 0 !5、R5基本配置，端口:!interface Loopback0ip address 5.5.5.5 255.255.255.0 !interface Serial0/1ip address 45.0.0.2 255.255.255.0 !6、配置R1与R2之间的EBGP//R1配置AS 1router bgp 1no synchronizationbgp router-id 1.1.1.1network 1.1.1.0 mask 255.255.255.0 neighbor 12.0.0.2 remote-as 3no auto-summary//R2配置AS 3router bgp 3no synchronizationbgp router-id 2.2.2.2neighbor 12.0.0.1 remote-as 1no auto-summary7、配置R4与R5之间的EBGP//R4配置AS 3router bgp 3no synchronizationbgp router-id 4.4.4.4neighbor 45.0.0.2 remote-as 5no auto-summary//R5配置AS 5router bgp 5no synchronizationbgp router-id 5.5.5.5network 5.5.5.0 mask 255.255.255.0 neighbor 45.0.0.1 remote-as 3no auto-summary8、使用回环接口配置R2、R3、R4之间的IBGP关系//R3配置router bgp 3no synchronizationbgp router-id 3.3.3.3neighbor 2.2.2.2 remote-as 3neighbor 2.2.2.2 update-source Loopback0neighbor 4.4.4.4 remote-as 3neighbor 4.4.4.4 update-source Loopback0no auto-summary//R2配置router bgp 3neighbor 3.3.3.3 remote-as 3neighbor 3.3.3.3 update-source Loopback0nei 3.3.3.3 next-hop-self//R4配置router bgp 3neighbor 3.3.3.3 remote-as 3neighbor 3.3.3.3 update-source Loopback0nei 3.3.3.3 next-hop-self9、在R3上开启路由反射器，指定客户端router bgp 3neighbor 2.2.2.2 route-reflector-clientneighbor 4.4.4.4 route-reflector-client10、查看R3的路由表R3#sh ip bgpBGP table version is 3, local router ID is 3.3.3.3Network Next Hop Metric LocPrf Weight Path*>i1.1.1.0/24 2.2.2.2 0 100 0 1 i*>i5.5.5.0/24 4.4.4.4 0 100 0 5 i11、验证R1与R5回环口连通性R1#ping 5.5.5.5 so 1.1.1.1Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:Packet sent with a source address of 1.1.1.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 188/325/496 ms 12、在R2上查看反射路由条目5.5.5.0/24R2#sh ip bgp 5.5.5.0/24BGP routing table entry for 5.5.5.0/24, version 3Paths: (1 available, best #1, table Default-IP-Routing-Table)4.4.4.4 (metric 129) from 3.3.3.3 (3.3.3.3)Origin IGP, metric 0, localpref 100, valid, internal, bestOriginator: 4.4.4.4, Cluster list: 3.3.3.313、在R4上查看反射路由条目1.1.1.0/24R4#sh ip bgp 1.1.1.0/24BGP routing table entry for 1.1.1.0/24, version 3Paths: (1 available, best #1, table Default-IP-Routing-Table)2.2.2.2 (metric 129) from3.3.3.3 (3.3.3.3)Origin IGP, metric 0, localpref 100, valid, internal, bestOriginator: 2.2.2.2, Cluster list: 3.3.3.314、评价路由反射器相对于邻居全互联来说，简化了配置和数量，因为IBGP邻居关系只需要在客户端与RR之间建立即可。

mpls解决BGP路由黑洞

MPLS 解决BGP路由黑洞问题R1R1>enR1#conf tR1(config)#no ip domain-lookupR1(config)#line console 0R1(config-line)#logg sR1(config-line)#no exec-tR1(config-line)#exitR1(config)#interface s1/0R1(config-if)#ip addR1(config-if)#ip address 12.1.1.1 255.255.255.0R1(config-if)#no shR1(config-if)#no shutdownR1(config-if)#interface s1/1R1(config-if)#ip add 13.1.1.1 255.255.255.0R1(config-if)#no shR1(config-if)#no shutdownR1(config-if)#interface lo 0R1(config-if)#ip add 1.1.1.1 255.255.255.0R1(config-if)#exitR1(config)#router eigrp 90R1(config-router)#no auto-summaryR1(config-router)#network 0.0.0.0*Mar 1 00:21:40.919: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 12.1.1.2 (Serial1/0) is up: new adjacencyR1(config-router)#*Mar 1 00:22:19.859: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 13.1.1.3 (Serial1/1) is up: new adjacencyR1(config-router)#do show ip route1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback02.0.0.0/24 is subnetted, 1 subnetsD 2.2.2.0 [90/2297856] via 12.1.1.2, 00:00:56, Serial1/03.0.0.0/24 is subnetted, 1 subnetsD 3.3.3.0 [90/2297856] via 13.1.1.3, 00:00:14, Serial1/112.0.0.0/24 is subnetted, 1 subnetsC 12.1.1.0 is directly connected, Serial1/013.0.0.0/24 is subnetted, 1 subnetsC 13.1.1.0 is directly connected, Serial1/1R1(config-router)#exitR1(config)#interface s1/0R1(config-if)#mpls ip*Mar 1 01:13:49.207: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UPR1(config-if)#interface s1/1R1(config-if)#mpls ipR1(config-if)#*Mar 1 01:14:10.571: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (2) is UPR2R2>enR1#conf tR2(config)#no ip domain-lookupR2(config)#line console 0R2(config-line)#logg sR2(config-line)#no exec-tR2(config-line)#exitR2(config)#interface s1/0R2(config-if)#ip addR2(config-if)#ip address 12.1.1.2 255.255.255.0R2(config-if)#no shR2(config-if)#no shutdownR2(config-if)#interface s1/1R2(config-if)# ip add 24.1.1.2 255.255.255.0R2(config-if)#no shR2(config-if)#no shutdownR2(config-if)#interface lo 0R2(config-if)#ip add 2.2.2.2 255.255.255.0R2(config-if)#exitR2(config)#router eigrp 90R2(config-router)#no auto-summaryR2(config-router)#network 12.1.1.0 0.0.0.255R2(config-router)#network 2.2.2.0 0.0.0.255R2(config-router)exitR2(config)#router bgp 123R2(config-router)#no auto-summaryR2(config-router)#no synchronizationR2(config-router)#bgp router-id 2.2.2.2R2(config-router)#neighbor 24.1.1.4 remote-as 4R2(config-router)#neighbor 3.3.3.3 remote-as 123R2(config-router)#neighbor 3.3.3.3 update-source lo 0R2(config-router)#*Mar 1 00:27:58.535: %BGP-5-ADJCHANGE: neighbor 3.3.3.3 UpR2(config-router)#*Mar 1 00:29:08.071: %BGP-5-ADJCHANGE: neighbor 24.1.1.4 UpR2(config-router)#endR2#shw*Mar 1 00:33:29.527: %SYS-5-CONFIG_I: Configured from console by consoleR2#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 3.3.3.3 4 123 9 9 3 0 0 00:05:45 1 24.1.1.4 4 4 9 9 3 0 0 00:04:35 1R2#show ip routeGateway of last resort is not set1.0.0.0/24 is subnetted, 1 subnetsD 1.1.1.0 [90/2297856] via 12.1.1.1, 00:23:59, Serial1/02.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Loopback03.0.0.0/24 is subnetted, 1 subnetsD 3.3.3.0 [90/2809856] via 12.1.1.1, 00:23:10, Serial1/04.0.0.0/24 is subnetted, 1 subnetsB 4.4.4.0 [20/0] via 24.1.1.4, 00:16:375.0.0.0/24 is subnetted, 1 subnetsB 5.5.5.0 [200/0] via 3.3.3.3, 00:12:0924.0.0.0/24 is subnetted, 1 subnetsC 24.1.1.0 is directly connected, Serial1/112.0.0.0/24 is subnetted, 1 subnetsC 12.1.1.0 is directly connected, Serial1/013.0.0.0/24 is subnetted, 1 subnetsD 13.1.1.0 [90/2681856] via 12.1.1.1, 00:24:29, Serial1/0R2#show ip bgpBGP table version is 3, local router ID is 2.2.2.2Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path *> 4.4.4.0/24 24.1.1.4 0 0 4 i *>i5.5.5.0/24 3.3.3.3 0 100 0 5 iR2#conf tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#router bgp 123R2(config-router)#neighbor 3.3.3.3 next-hop-selfR2(config-router)#exitR2(config)#interface s1/0R2(config-if)#mpls ipR3R3>enR3#conf tEnter configuration commands, one per line. End with CNTL/Z.R3(config)#no ip domain-lookupR3(config)#line console 0R3(config-line)#logg sR3(config-line)#no exec-tR3(config-line)#exitR3(config)#interface s1/1R3(config-if)#ip add 13.1.1.3 255.255.255.0R3(config-if)#no shR3(config-if)#no shutdownR3(config-if)#interface s1/0R3(config-if)#ip add 35.1.1.3 255.255.255.0R3(config-if)#no shR3(config-if)#no shutdownR3(config-if)#interface lo 0R3(config-if)#ip add 3.3.3.3 255.255.255.0R3(config-if)#exitR3(config)#router eigrp 90R3(config-router)#no auto-summaryR3(config-router)#network 13.1.1.0 0.0.0.255*Mar 1 00:22:28.539: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 13.1.1.1 (Serial1/1) is up: new adjacencyR3(config-router)#network 3.3.3.0 0.0.0.255R3(config-router)#exitR3(config)#router bgp 123R3(config-router)#no auto-summaryR3(config-router)#no synchronizationR3(config-router)#bgp router-id 3.3.3.3R3(config-router)#neighbor 35.1.1.5 remote-as 5R3(config-router)#neighbor 2.2.2.2 remote-as 123R3(config-router)#neighbor 2.2.2.2 UPdate-source LO 0*Mar 1 00:27:58.267: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 UpR3(config-router)#neighbor 2.2.2.2 next-hop-self*Mar 1 00:33:39.699: %BGP-5-ADJCHANGE: neighbor 35.1.1.5 UpR3(config-router)#endR3#show ip*Mar 1 00:45:27.479: %SYS-5-CONFIG_I: Configured from console by consoleR3#show ip route1.0.0.0/24 is subnetted, 1 subnetsD 1.1.1.0 [90/2297856] via 13.1.1.1, 00:23:06, Serial1/135.0.0.0/24 is subnetted, 1 subnetsC 35.1.1.0 is directly connected, Serial1/02.0.0.0/24 is subnetted, 1 subnetsD 2.2.2.0 [90/2809856] via 13.1.1.1, 00:23:06, Serial1/13.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback05.0.0.0/24 is subnetted, 1 subnetsB 5.5.5.0 [20/0] via 35.1.1.5, 00:11:5512.0.0.0/24 is subnetted, 1 subnetsD 12.1.1.0 [90/2681856] via 13.1.1.1, 00:23:06, Serial1/113.0.0.0/24 is subnetted, 1 subnetsC 13.1.1.0 is directly connected, Serial1/1R3#show ip bgpBGP table version is 2, local router ID is 3.3.3.3Network Next Hop Metric LocPrf Weight Path* i4.4.4.0/24 24.1.1.4 0 100 0 4 i（R2在IBGP中未更改下一跳，所以次优）*> 5.5.5.0/24 35.1.1.5 0 0 5 iR3#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i4.4.4.0/24 2.2.2.2 0 100 0 4 i（更改后，最优）*> 5.5.5.0/24 35.1.1.5 0 0 5 iR3#show ip route1.0.0.0/24 is subnetted, 1 subnetsD 1.1.1.0 [90/2297856] via 13.1.1.1, 00:46:09, Serial1/135.0.0.0/24 is subnetted, 1 subnetsC 35.1.1.0 is directly connected, Serial1/02.0.0.0/24 is subnetted, 1 subnetsD 2.2.2.0 [90/2809856] via 13.1.1.1, 00:46:09, Serial1/13.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback04.0.0.0/24 is subnetted, 1 subnetsB 4.4.4.0 [200/0] via 2.2.2.2, 00:09:095.0.0.0/24 is subnetted, 1 subnetsB 5.5.5.0 [20/0] via 35.1.1.5, 00:34:5812.0.0.0/24 is subnetted, 1 subnetsD 12.1.1.0 [90/2681856] via 13.1.1.1, 00:46:10, Serial1/113.0.0.0/24 is subnetted, 1 subnetsC 13.1.1.0 is directly connected, Serial1/1R3#conf tR3(config)#interface s1/1R3(config-if)#mpls ipR4R4>enR4#conf tEnter configuration commands, one per line. End with CNTL/Z.R4(config)#no ip domain-lookupR4(config)#line console 0R4(config-line)#logg sR4(config-line)#exitR4(config)#interface s1/1R4(config-if)#ip addR4(config-if)#ip address 24.1.1.4 255.255.255.0R4(config-if)#no shR4(config-if)#no shutdownR4(config-if)#interface lo 0R4(config-if)#ip add 4.4.4.4 255.255.255.0R4(config-if)#exitR4(config)#*Mar 1 00:20:12.531: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upR4(config)#*Mar 1 00:20:13.339: %LINK-3-UPDOWN: Interface Serial1/1, changed state to upR4(config)#*Mar 1 00:20:14.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to upR4(config)#router bgp 4R4(config-router)#no auto-summaryR4(config-router)#no synchronizationR4(config-router)#bgp router-id 4.4.4.4R4(config-router)#neighbor 24.1.1.2 remotR4(config-router)#neighbor 24.1.1.2 remote-as 123*Mar 1 00:29:07.415: %BGP-5-ADJCHANGE: neighbor 24.1.1.2 UpR4(config-router)#network 4.4.4.0 mask 255.255.255.0R4(config-router)#exitR5R5>enR5#conf tEnter configuration commands, one per line. End with CNTL/Z.R5(config)#no ip domain-lookupR5(config)#line console 0R5(config-line)#logg sR5(config-line)#no exec-tR5(config-line)#exitR5(config)#interface s1/0R5(config-if)#ip add 35.1.1.5 255.255.255.0R5(config-if)#no shR5(config-if)#interface lo 0R5(config-if)#ip add 5.5.5.5 255.255.255.0R5(config-if)#exit*Mar 1 00:20:19.819: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upR5(config-if)#exit*Mar 1 00:20:20.627: %LINK-3-UPDOWN: Interface Serial1/0, changed state to upR5(config-if)#exit*Mar 1 00:20:21.631: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to upR5(config-if)#exitR5(config)#router bgp 5R5(config-router)#no auto-summaryR5(config-router)#no synchronizationR5(config-router)#bgp router-id 5.5.5.5R5(config-router)#neighbor 35.1.1.3 remote-as 123R5(config-router)#network 5.5.5.0 mask 255.255.255.0R5(config-router)#exit*Mar 1 00:33:38.979: %BGP-5-ADJCHANGE: neighbor 35.1.1.3 UpR5(config)#do show ip routeGateway of last resort is not set35.0.0.0/24 is subnetted, 1 subnetsC 35.1.1.0 is directly connected, Serial1/04.0.0.0/24 is subnetted, 1 subnetsB 4.4.4.0 [20/0] via 35.1.1.3, 00:15:505.0.0.0/24 is subnetted, 1 subnetsC 5.5.5.0 is directly connected, Loopback0R5#ping 4.4.4.4 soR5#ping 4.4.4.4 source lo 0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:Packet sent with a source address of 5.5.5.5!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 112/134/172 msR5#R5#R5>。

BGP路由黑洞问题,同步、IBGP全接

26、BGP路由黑洞问题，同步、IBGP全接一、实验拓扑图（一）二、组网要求三、基本连通性调试四、实验关键配置RT1:router ospf 1router-id 10.0.0.1redistribute connected metric 1000 metric-type 1 subnets passive-interface defaultno passive-interface Serial0/0network 10.0.0.1 0.0.0.0 area 0network 10.0.1.4 0.0.0.3 area 0default-information originate always metric 2000 metric-type 1 !router bgp 65000no synchronizationbgp log-neighbor-changesnetwork 10.0.0.0 mask 255.255.0.0neighbor 10.0.0.2 remote-as 65000neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 next-hop-selfneighbor 10.0.15.2 remote-as 65001no auto-summary!ip route 10.0.0.0 255.255.0.0 Null0ip route 10.3.0.0 255.255.0.0 Null0!RT2:router ospf 1router-id 10.0.0.2redistribute connected metric 1000 metric-type 1 subnets passive-interface defaultno passive-interface Serial0/0network 10.0.0.2 0.0.0.0 area 0network 10.0.1.8 0.0.0.3 area 0default-information originate always metric 2000 metric-type 1 !router bgp 65000no synchronizationnetwork 10.3.0.0 mask 255.255.0.0 neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.1 next-hop-selfneighbor 10.0.26.2 remote-as 65002no auto-summary!ip route 10.0.0.0 255.255.0.0 Null0ip route 10.3.0.0 255.255.0.0 Null0!RT3:router ospf 1router-id 10.0.0.3passive-interface defaultno passive-interface Serial0/0no passive-interface FastEthernet1/0 network 10.0.0.3 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.4 0.0.0.3 area 0network 10.3.3.0 0.0.0.255 area 0RT4:router ospf 1router-id 10.0.0.4log-adjacency-changesnetwork 10.0.0.4 0.0.0.0 area 0 network 10.0.1.0 0.0.0.3 area 0 network 10.0.1.8 0.0.0.3 area 0 network 10.3.4.0 0.0.0.255 area 0 !RT5:router bgp 65001no synchronizationnetwork 10.5.0.0 mask 255.255.0.0 neighbor 10.0.15.1 remote-as 65000 no auto-summary!ip route 10.5.0.0 255.255.0.0 Null0 !RT6:router bgp 65002no synchronizationnetwork 10.6.0.0 mask 255.255.0.0neighbor 10.0.26.1 remote-as 65000no auto-summary!ip route 10.6.0.0 255.255.0.0 Null0!五、实验连通性及其调试：Ping测试：10.6.6.1去往10.5.5.1..................由于rt3、rt4没有运行BGP，学习不到as外的路由。

BGP路由黑洞与解决方案

（2）路由黑洞解决方案
1、通过建立 IBGP 全互联对等体（繁琐） 2、通过 MPLS VPN BGP（配置复杂） 3、通过 GRE 隧道
Generic Routing Encapsulation，通用路由封装如图，可在 R2 和 R4 之间建立 GRE 隧道 [R2] # interface Tunnel0/0/0 ip address 10.0.2.2 255.255.255.0 tunnel-protocol gre source 10.0.23.2 destination 10.0.34.4 # ip route-static 5.5.5.5 255.255.255.255 Tunnel0/0/0 [RGP：R1—R2；R4—R5 | IBGP：R2—R4
（1）什么是路由黑洞
当 IBGP 对等体之间不是直连关系时（如图中的 R2 和 R4），就可能导致路由黑洞问题
黑洞案例 R1 将 1.1.1.1 的路由依次传递给 R2、R4、R5 在 R2 上配置 next-hop-local，保证 R4 对于 1.1.1.1 的下一跳可达然而实际上，R4 会通过 R3 来转发报文 R3 上并没有到达 1.1.1.1 的路由，最终导致通信失败
<R1>tracert -a 1.1.1.1 5.5.5.5 1 10.0.12.2 40 ms 50 ms 50 ms 2 10.0.4.4 80 ms 70 ms 100 ms 3 10.0.45.5 110 ms 70 ms 110 ms <R1>
interface Tunnel0/0/0 ip address 10.0.4.4 255.255.255.0 tunnel-protocol gre source 10.0.34.4 destination 10.0.23.2 # ip route-static 1.1.1.1 255.255.255.255 Tunnel0/0/0

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

案例精解：BGP路由黑洞什么是路由黑洞？简单的说，它会默默的将数据包丢弃，使所有数据包有去无回，下面来看一个案如图所示：R1和R2建立EBGP邻居关系R2和R5建立IBGP邻居关系R5和R7建立EBGP邻居关系R2、R3、R5之间运行RIPv2首先看配置：sysname route-1#router id 1.1.1.1#interface Ethernet0/0ip address 192.168.12.1 255.255.255.252#interface Ethernet0/1ip address dhcp-alloc#interface LoopBack0ip address 1.1.1.1 255.255.255.255#bgp 100undo synchronizationgroup 1 externalpeer 192.168.12.2 group 1 as-number 200#ip route-static 2.2.2.2 255.255.255.255 192.168.12.2 preference 60#sysname route-2#router id 2.2.2.2#interface Ethernet0/0ip address 192.168.12.2 255.255.255.252#interface Ethernet0/1ip address 192.168.23.1 255.255.255.252#interface LoopBack0ip address 2.2.2.2 255.255.255.255#bgp 200undo synchronizationgroup 1 externalpeer 192.168.12.1 group 1 as-number 100group 2 internalpeer 192.168.35.2 group 2#ospf 1import-route directimport-route staticarea 0.0.0.0network 2.2.2.2 0.0.0.0network 192.168.23.0 0.0.0.3#ip route-static 1.1.1.1 255.255.255.255 192.168.12.1 preference 60 #sysname route-3#router id 3.3.3.3#interface Ethernet0/0ip address 192.168.35.1 255.255.255.252#interface Ethernet0/1ip address 192.168.23.2 255.255.255.252#interface LoopBack0ip address 3.3.3.3 255.255.255.255#ospf 1import-route directimport-route staticarea 0.0.0.0network 3.3.3.3 0.0.0.0network 192.168.23.0 0.0.0.3network 192.168.35.0 0.0.0.3#sysname route-5#router id 5.5.5.5#interface Ethernet0/0ip address 192.168.35.2 255.255.255.252#interface Ethernet0/1ip address 192.168.57.1 255.255.255.252#interface LoopBack0ip address 5.5.5.5 255.255.255.255#bgp 200undo synchronizationgroup 2 internalpeer 192.168.23.1 group 2group 1 externalpeer 192.168.57.2 group 1 as-number 300#ospf 1import-route directimport-route staticarea 0.0.0.0network 5.5.5.5 0.0.0.0network 192.168.35.0 0.0.0.3#ip route-static 7.7.7.7 255.255.255.255 192.168.57.2 preference 60sysname route-7#router id 7.7.7.7#interface Ethernet0/0ip address dhcp-alloc#interface Ethernet0/1ip address 192.168.57.2 255.255.255.252#interface LoopBack0ip address 7.7.7.7 255.255.255.255#bgp 300undo synchronizationgroup 1 externalpeer 192.168.57.1 group 1 as-number 200#ip route-static 1.1.1.1 255.255.255.255 192.168.57.1 preference 60ip route-static 5.5.5.5 255.255.255.255 192.168.57.1 preference 60现在查看R7的路由表<route-7>disp ip rouRouting Table: public netDestination/Mask Protocol Pre Cost Nexthop Interface1.1.1.1/32 STA TIC 60 0 192.168.57.1 Ethernet0/15.5.5.5/32 STA TIC 60 0 192.168.57.1 Ethernet0/17.7.7.7/32 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0192.168.57.0/30 DIRECT 0 0 192.168.57.2 Ethernet0/1192.168.57.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0可见R7学到了R1的路由，从表面上看这个实验很完美，达了目的，然而这时问题出现了，作个测试，在R7上PING R1<route-7> ping 1.1.1.1PING 1.1.1.1: 56 data bytes, press CTRL_C to breakRequest time outRequest time outRequest time outRequest time outRequest time out--- 1.1.1.1 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet loss.....这究竟是怎么回事呢？原来，我们在R5上关闭了同步，这时它会将一条并没有优化的路由传送给R7，当R7要发向R1发包时，它看到R5是它的下一跳，于是将包发给R5，然后R5又查看它的路由表，发现到R1的下一跳是R2，并继续查找，发现在通过R3可以达到R2，于是它将数据送给R3，这时问题出现了，因为R3没有运行BGP，它不知道R1怎么走，于是它将数据包丢弃，从而造成路由黑洞。

由此可见，BGP与IGP同步的重要性，什么是同步？在上一篇我已经提到了，不再多阐述。

(同理R1无法访问R7，但有R7的路由条目)（优化的条件：１、下一跳可达，题中满足；２、同步，题中不满足）既然问题出现了，那到底该怎么去解决呢？首先，如果在R5上开启同步，这样的情况就不会发生了，因为R5从R2收到关于R1的路由条目后，它会的查找它的IGP路由表，看是否有这样一条路由可以到达R1，如果没有，它就不会将这条路由传递给R7，此时可避免黑洞问题。

但R7学到R1的路由才是我们真正的目的，那该怎么做呢？我们可以将BGP的路由重发布到RIP中，这样IGP和BGP就可以完成同步，但是这样做并不好，在实验环境中我们当然可以这样做，但试想现在INTERNET 中有多达20几万条路由条目，如果重发布到我们的IGP路由器中，很显然大多数路由器是无法支撑的。

解决方法一：Full Mesh分别在R2和R3，R3和R5上运行BGP ，这样R3就可以学到到达R1的路由，这时你需要在R1、R2、R3之间分别建立邻居关系，当路由器很多的时候，全互联要求建立n*(n-1)/2个邻居关系，这显然是很麻烦。

（略）解决方法二：Foute-Reflector路由反射器，我们可以将R3做成一个路由反射器，使它能将从R1学的路由条目反射给R5，正常情况下为了防止环路，从IBGP学到的路由不会再传给其它IBGP邻居。

现在只需要在路由反射客户和路由反射器间建立邻居关系，邻居关系减少到n-1条。

路由反射器（RR）的条件：1、如果路由是从非客户的IBGP学到的只反射给客户2、如果路由是从客户学到的，将它反射给发起该路由的客户以外的所有非客户及客户3、如果路由是从EBGP对等体学到的，将它反射给所有客户和非客户做法：清除R2与R5的邻居关系，只在R2与R3、R3与R5之间建立IBGP关系然后在R3的路由配置模式下：neighbor 2.2.2.2 route-reflector-clientneighbor 5.5.5.5 route-reflector-client //将R2和R5作为RR的客户此时R5上能收到关于R1的路由,它也会传给R7联邦是将整个大的AS区域再划分成多个小的AS区域,比如现在有AS200就相当于中国，而整个中国显然可以再分为若干个省分，现在AS65012和AS65003 就是划分出来的“小AS”，意思这里的AS号是私有的，在出AS200时它将自动被去掉（64512--65535可用），这样划分后，R3和R5就为联邦EBGP邻居了，这时它关于R 1的路由条目就可以传给R5了。

R2：router bgp 65012 //指定的联邦AS号no synchronizationbgp log-neighbor-changesbgp confederation identifier 200 //R2对外宣称自己的AS号为200，它会告诉R1它的AS号为200，因为65012是私有的network 192.168.12.0network 192.168.23.0neighbor 1.1.1.1 remote-as 100neighbor 1.1.1.1 ebgp-multihop 255neighbor 1.1.1.1 update-source Loopback0neighbor 3.3.3.3 remote-as 65012neighbor 3.3.3.3 update-source Loopback0neighbor 3.3.3.3 next-hop-selfno auto-summaryR3：r3#sh run | b r brouter bgp 65012no synchronizationbgp log-neighbor-changesbgp confederation identifier 200 //对R5稳定自己的AS号为200，它不会对R1宣称，因为它们属于同一个联邦ASneighbor 2.2.2.2 remote-as 65012neighbor 2.2.2.2 update-source Loopback0neighbor 5.5.5.5 remote-as 65003neighbor 5.5.5.5 ebgp-multihop 255neighbor 5.5.5.5 update-source Loopback0no auto-summary!R5：router bgp 65003no synchronizationbgp log-neighbor-changesbgp confederation identifier 200 //对R3和R7宣称自己的AS号为200neighbor 3.3.3.3 remote-as 65012neighbor 3.3.3.3 ebgp-multihop 255neighbor 7.7.7.7 remote-as 300neighbor 7.7.7.7 ebgp-multihop 255neighbor 7.7.7.7 update-source Loopback0no auto-summary!这时查看R3和R5的邻居关系r3#sh ip bgp suNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd2.2.2.2 4 65012 10 9 1 0 0 00:06:26 25.5.5.5 4 65003 1 1 0 0 0 never Active发现在它们始终处于Active状态，不能完成邻居的建立，这又是为什么呢？分析一下：R5和R3都打了这条命令，bgp confederation identifier 200又因为他们处于不同的联邦AS，所以它们都会宣称自己的AS号为200，然而我们看到它们的Neighbor却不是这样通告的R3上：neighbor 5.5.5.5 remote-as 65003R5上：neighbor 3.3.3.3 remote-as 65012所以这时会报一个错误：AS号错误，如下r5#*Oct 19 12:20:10.311: %SYS-5-CONFIG_I: Configured from console by consoler5#*Oct 19 12:20:19.155: %BGP-3-NOTIFICATION: sent to neighbor 3.3.3.3 2/2 (peer in wrong AS) 2 bytes 00C8r5# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 00C8 00B4 0303 0303 1002 0601 0400 0100 0102 0280 0002 0202 00解决方法：R3上：bgp confederation peer 65003 // // 不对65003宣称自己的AS为200R5上：bgp confederation peer 65012 // 不对65012宣称自己的AS为200验证r5#sh ip bgpBGP table version is 13, local router ID is 5.5.5.5Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path*> 1.1.1.0/24 2.2.2.2 0 100 0 (65012) 100 ir> 7.7.7.0/24 7.7.7.7 0 0 300 i*> 192.168.12.0 2.2.2.2 0 100 0 (65012) ir> 192.168.23.0 3.3.3.3 0 100 0 (65012) i*> 192.168.35.0 0.0.0.0 0 32768 i* 3.3.3.3 0 100 0 (65012) i //括号中的是私有AS号，在出R5时会被去掉，在看7上可以看到效果*> 192.168.57.0 0.0.0.0 0 32768 i* 7.7.7.7 0 0 300 ir7#sh ip bgpBGP table version is 12, local router ID is 7.7.7.7Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path*> 1.1.1.0/24 5.5.5.5 0 200 100 i*> 7.7.7.0/24 0.0.0.0 0 32768 i*> 192.168.12.0 5.5.5.5 0 200 i*> 192.168.23.0 5.5.5.5 0 200 i*> 192.168.35.0 5.5.5.5 0 0 200 i* 192.168.57.0 5.5.5.5 0 0 200 i*> 0.0.0.0 0 32768 i。