BGP路由黑洞及IBGP全连接
BGP路由黑洞
案例精解:BGP路由黑洞2008-10-19 15:05:37标签:路由反射器路由黑洞同步BGP联邦什么是路由黑洞?简单的说,它会默默的将数据包丢弃,使所有数据包有去无回,下面来看一个案例:如图所示:R1和R2建立EBGP邻居关系R2和R5建立IBGP邻居关系R5和R7建立EBGP邻居关系R2、R3、R5之间运行RIPv2首先看配置:hostname r1interface Loopback0ip address 1.1.1.1 255.255.255.0interface Serial1/0ip address 192.168.12.1 255.255.255.0serial restart-delay 0router bgp 100no synchronizationbgp router-id 1.1.1.1bgp log-neighbor-changesnetwork 1.1.1.0 mask 255.255.255.0network 192.168.12.0neighbor 2.2.2.2 remote-as 200neighbor 2.2.2.2 ebgp-multihop 255neighbor 2.2.2.2 update-source Loopback0 no auto-summary!ip route 2.2.2.0 255.255.255.0 192.168.12.2hostname r2interface Loopback0ip address 2.2.2.2 255.255.255.0!interface Serial1/0ip address 192.168.23.2 255.255.255.0serial restart-delay 0!interface Serial1/1ip address 192.168.12.2 255.255.255.0serial restart-delay 0!interface Serial1/2ip address 192.168.24.2 255.255.255.0serial restart-delay 0!router ripversion 2network 2.0.0.0network 192.168.23.0no auto-summary!router bgp 200no synchronizationbgp log-neighbor-changesnetwork 192.168.12.0network 192.168.23.0neighbor 1.1.1.1 remote-as 100neighbor 1.1.1.1 ebgp-multihop 255neighbor 1.1.1.1 update-source Loopback0 neighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 update-source Loopback0 neighbor 5.5.5.5 next-hop-selfno auto-summary!ip route 1.1.1.0 255.255.255.0 192.168.12.1hostname r3interface Loopback0ip address 3.3.3.3 255.255.255.0!interface Serial1/0ip address 192.168.35.3 255.255.255.0serial restart-delay 0!interface Serial1/1ip address 192.168.23.3 255.255.255.0 serial restart-delay 0router ripversion 2network 3.0.0.0network 192.168.23.0network 192.168.35.0no auto-summaryhostname r5interface Loopback0ip address 5.5.5.5 255.255.255.0!interface FastEthernet0/0no ip addressshutdownduplex half!interface Serial1/0ip address 192.168.57.5 255.255.255.0 serial restart-delay 0!interface Serial1/1ip address 192.168.35.5 255.255.255.0 serial restart-delay 0!interface Serial1/2ip address 192.168.45.5 255.255.255.0 serial restart-delay 0!interface Serial1/3no ip addressshutdownserial restart-delay 0!router ripversion 2network 5.0.0.0network 192.168.35.0no auto-summary!router bgp 200no synchronizationbgp log-neighbor-changesbgp confederation identifier 200neighbor 3.3.3.3 remote-as 200neighbor 7.7.7.7 remote-as 300neighbor 7.7.7.7 ebgp-multihop 255neighbor 7.7.7.7 update-source Loopback0 no auto-summary!ip route 7.7.7.0 255.255.255.0 192.168.57.7interface Serial1/1ip address 192.168.57.7 255.255.255.0serial restart-delay 0!interface Serial1/2no ip addressshutdownserial restart-delay 0!interface Serial1/3no ip addressshutdownserial restart-delay 0!router bgp 300no synchronizationbgp log-neighbor-changesneighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 ebgp-multihop 255no auto-summary!ip route 5.5.5.0 255.255.255.0 192.168.57.5现在查看R1的路由表r7#sh ip routeB 1.1.1.0 [20/0] via 5.5.5.5, 00:02:54 //为节约篇幅未完整显示可见R7学到了R1的路由,从表面上看这个实验很完美,达了目的,然而这时问题出现了,作个测试,在R7上PING R1r7#ping 1.1.1.1Type escape sequence to abort.Sending 5, 0-byte ICMP Echos to 7.7.7.7, timeout:.....这究竟是怎么回事呢?原来,我们在R5上关闭了同步,这时它会将一条并没有优化的路由传送给R7,当R7要发向R1发包时,它看到R5是它的下一跳,于是将包发给R5,然后R5又查看它的路由表,发现到R1的下一跳是R2,并继续查找,发现在通过R3可以达到R2,于是它将数据送给R3,这时问题出现了,因为R3没有运行BGP,它不知道R1怎么走,于是它将数据包丢弃,从而造成路由黑洞。
配置BGP
配置BGPBGP协议概述BGP是目前Internet使用最广的外部网关协议(Exterior Gateway Protocol,EGP),其提供的主要功能是在不同的自治系统(autonomous systems,AS)之间交换网络可达信息,并通过协议自身机制消除路由环路。
BGP使用TCP作为传输协议,用TCP协议的可靠传输机制保证BGP的传输可靠性。
运行BGP协议的router称为BGP speaker,建立了BGP会话连接(BGP session)的BGP speakers之间被称作对等体(BGP peers)。
BGP speaker之间建立对等体的模式有两种:IBGP(Internal BGP)和EBGP(External BGP)。
IBGP是指在相同AS内建立的BGP连接,EBGP是指在不同AS之间建立的BGP连接。
二者的作用简而言之就是:EBGP是完成不同AS之间路由信息的交换,IBGP是完成路由信息在本AS内的过渡。
锐捷网络的BGP协议有如下特点:●支持BGP-4●支持路径属性✓ORIGN Attribute✓AS_PATH Attribute✓NEXT_HOP Attribute✓MULTI_EXIT_DISC Attribute✓LOCAL-PREFERENCE Attribute✓ATOMIC_AGGREGATE Attribute✓AGGREGATOR Attribute✓COMMUNITY Attribute✓ORIGINATOR_ID Attribute✓CLUSTER_LIST Attribute●支持BGP对等体组●支持使用Loopback接口●支持使用TCP的MD5认证●支持BGP和IGP的同步●支持BGP路由聚合●支持BGP路由衰减●支持BGP路由反射器●支持AS联盟●支持BGP软复位缺省的BGP配置:要运行交换机的BGP ,在特权模式下,按照如下步骤进行: Step1 Step2 Step3 Step4 Step5 Step6 Step7使用no router bgp 关闭BGP 。
BGP路由黑洞
BGP路由黑洞一、实验目标:分析路由黑洞,并给出路由黑洞的解决方法二、网络拓扑图:三、配置:R1#router ospf 1log-adjacency-changesredistribute connected metric 1000 metric-type 1 subnets 重发布直连路由到OSPF network 10.0.1.4 0.0.0.3 area 0公布该网段,在该10.0.1.4/30网段接口运行OSPF,与R3建立OSPF邻居关系,注,只是重发布不会建立OSPF邻居,必须在接口运行OSPF,建立OSPF邻居ip route 10.0.0.0 255.255.0.0 Null0ip route 10.3.0.0 255.255.0.0 Null0 静态路由汇总router bgp 65000no synchronization 关闭同步bgp log-neighbor-changesnetwork 10.0.0.0 mask 255.255.0.0 汇总路由注入BGP network 10.3.0.0 mask 255.255.0.0neighbor 10.0.0.2 remote-as 65000 AS65000邻居10.0.0.2 neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 next-hop-selfneighbor 10.0.15.2 remote-as 65001 AS65001邻居10.0.15.2 no auto-summaryR2# R2配置与R1相似router ospf 1log-adjacency-changesredistribute connected metric 1000 metric-type 1 subnets network 10.0.1.8 0.0.0.3 area 0ip route 10.0.0.0 255.255.0.0 Null0ip route 10.3.0.0 255.255.0.0 Null0router bgp 65000no synchronizationbgp log-neighbor-changesnetwork 10.0.0.0 mask 255.255.0.0network 10.3.0.0 mask 255.255.0.0neighbor 10.0.0.1 remote-as 65000neighbor 10.0.0.1 update-source Loopback0neighbor 10.0.0.1 next-hop-selfneighbor 10.0.26.2 remote-as 65002no auto-summaryR3# 公布业务网段,建立OSPF邻居,实现IGP路由可达router ospf 1log-adjacency-changesnetwork 10.0.0.3 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.4 0.0.0.3 area 0network 10.3.3.0 0.0.0.255 area 0R4# 公布业务网段,建立OSPF邻居,实现IGP路由可达router ospf 1log-adjacency-changesnetwork 10.0.0.4 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.8 0.0.0.3 area 0network 10.3.4.0 0.0.0.255 area 0R5#ip route 10.5.0.0 255.255.0.0 Null0router bgp 65001no synchronization 同步关闭bgp log-neighbor-changesnetwork 10.5.0.0 mask 255.255.0.0 汇总路由注入neighbor 10.0.15.1 remote-as 65000 与R1建立邻居no auto-summaryR6# 相似R5ip route 10.6.0.0 255.255.0.0 Null0router bgp 65002no synchronizationbgp log-neighbor-changesnetwork 10.6.0.0 mask 255.255.0.0neighbor 10.0.26.1 remote-as 65000no auto-summary路由黑洞分析RT6#ping 10.5.5.1 source 10.6.6.1 不能实现连通Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.5.5.1, timeout is 2 seconds: Packet sent with a source address of 10.6.6.1.....Success rate is 0 percent (0/5)查看各个路由器路由表因为关闭同步,所以R5,R6能够相互学到到达对方网段的路由RT5#show ip route10.0.0.0/8 is variably subnetted, 7 subnets, 4 masksC 10.0.15.0/30 is directly connected, Serial0/0B 10.3.0.0/16 [20/0] via 10.0.15.1, 00:14:47B 10.0.0.0/16 [20/0] via 10.0.15.1, 00:14:47B 10.6.0.0/16 [20/0] via 10.0.15.1, 00:11:44 R5学到到达R6的路由,来自R1 R5查看路由表,将数据交给R1R1经过路由递归查找,数据交给R3RT1#show ip routeC 10.0.4.0/30 is directly connected, Serial0/0O E1 10.0.0.2/32 [110/1300] via 10.0.1.5, 00:25:23, Serial0/0B 10.6.0.0/16 [200/0] via 10.0.0.2, 00:11:10B 10.5.0.0/16 [20/0] via 10.0.15.2, 00:14:13RT3# R3经过查找路由表,没有对应条目,丢弃数据包从R6到R5的过程与上类似RT6#show ip route10.0.0.0/8 is variably subnetted, 7 subnets, 4 masksB 10.3.0.0/16 [20/0] via 10.0.26.1, 00:11:52B 10.0.0.0/16 [20/0] via 10.0.26.1, 00:11:52B 10.5.0.0/16 [20/0] via 10.0.26.1, 00:11:52 R6学到到达R5的路由,来自R2C 10.0.26.0/30 is directly connected, Serial0/0RT2#show ip routeO E1 10.0.0.1/32 [110/1300] via 10.0.1.9, 00:25:30, Serial0/0B 10.6.0.0/16 [20/0] via 10.0.26.2, 00:11:16B 10.5.0.0/16 [200/0] via 10.0.0.1, 00:12:06C 10.0.26.0/30 is directly connected, Serial0/1RT4#解决方法1、关闭同步,内网BGP全连接使用peer-group命令简化BGP配置RT1(config)#router bgp 65000RT1(config-router)#neighbor 65000 peer-group 创建peer-groupRT1(config-router)#neighbor 65000 remote-as 65000RT1(config-router)#neighbor 65000 update-source loopback 0RT1(config-router)#neighbor 65000 next-hop-self peer-group的BGP邻居配置RT1(config-router)#neighbor 10.0.0.3 peer-group 65000RT1(config-router)#neighbor 10.0.0.4 peer-group 65000 加入peer-groupRT2(config)#router bgp 65000 参见R1RT2(config-router)#neighbor 65000 peer-groupRT2(config-router)#neighbor 65000 remote-as 65000RT2(config-router)#neighbor 65000 update-source loopback 0RT2(config-router)#neighbor 65000 next-hop-selfRT2(config-router)#neighbor 10.0.0.3 peer-group 65000RT2(config-router)#neighbor 10.0.0.4 peer-group 65000RT3(config)#router bgp 65000 R3运行BGP,与AS65000中所有路由器建立邻居RT3(config-router)#neighbor 65000 peer-groupRT3(config-router)#neighbor 65000 remote-as 65000RT3(config-router)#neighbor 65000 next-hop-selfRT3(config-router)#neighbor 65000 update-source lo0RT3(config-router)#neighbor 10.0.0.1 peer-group 65000RT3(config-router)#neighbor 10.0.0.2 peer-group 65000RT3(config-router)#neighbor 10.0.0.4 peer-group 65000RT4(config)#router bgp 65000 R4运行BGP,与AS65000中所有路由器建立邻居RT4(config-router)#neighbor 65000 peer-groupRT4(config-router)#neighbor 65000 remote-as 65000RT4(config-router)#neighbor 65000 next-hop-selfRT4(config-router)#neighbor 65000 update-source lo0RT4(config-router)#neighbor 10.0.0.1 peer-group 65000RT4(config-router)#neighbor 10.0.0.2 peer-group 65000RT4(config-router)#neighbor 10.0.0.3 peer-group 65000查看BGP邻居表,实现BGP全连接RT1#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.2 4 65000 45 44 5 0 0 00:38:55 310.0.0.3 4 65000 13 15 5 0 0 00:09:13 010.0.0.4 4 65000 10 12 5 0 0 00:06:30 010.0.15.2 4 65001 46 47 5 0 0 00:41:08 1RT2#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.1 4 65000 45 46 5 0 0 00:39:04 310.0.0.3 4 65000 13 15 5 0 0 00:09:21 010.0.0.4 4 65000 10 12 5 0 0 00:06:16 010.0.26.2 4 65002 43 44 5 0 0 00:38:14 1RT3#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.1 4 65000 15 13 5 0 0 00:09:28 310.0.0.2 4 65000 15 13 5 0 0 00:09:27 310.0.0.4 4 65000 10 10 5 0 0 00:06:34 0RT4#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.1 4 65000 12 10 7 0 0 00:06:49 310.0.0.2 4 65000 12 10 7 0 0 00:06:26 310.0.0.3 4 65000 10 10 7 0 0 00:06:38 0R3和R4学到全部的BGP路由RT3#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.2 0 100 0 i*>i 10.0.0.1 0 100 0 i* i10.3.0.0/16 10.0.0.2 0 100 0 i*>i 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT4#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i10.0.0.0/16 10.0.0.2 0 100 0 i* i 10.0.0.1 0 100 0 i*>i10.3.0.0/16 10.0.0.2 0 100 0 i* i 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT3#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksO 10.0.1.8/30 [110/200] via 10.0.1.2, 00:15:55, FastEthernet1/0O E1 10.0.15.0/30 [110/1100] via 10.0.1.6, 00:15:55, Serial0/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.6, 00:15:55, Serial0/0O E1 10.0.0.2/32 [110/1200] via 10.0.1.2, 00:15:55, FastEthernet1/0B 10.3.0.0/16 [200/0] via 10.0.0.1, 00:13:49C 10.0.0.3/32 is directly connected, Loopback0C 10.3.3.0/24 is directly connected, Ethernet3/0B 10.0.0.0/16 [200/0] via 10.0.0.1, 00:13:49C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1100] via 10.0.1.6, 00:15:55, Serial0/0B 10.6.0.0/16 [200/0] via 10.0.0.2, 00:13:49O 10.3.4.0/24 [110/110] via 10.0.1.2, 00:15:55, FastEthernet1/0O 10.0.0.4/32 [110/101] via 10.0.1.2, 00:15:56, FastEthernet1/0B 10.5.0.0/16 [200/0] via 10.0.0.1, 00:13:49C 10.0.1.4/30 is directly connected, Serial0/0O E1 10.0.26.0/30 [110/1200] via 10.0.1.2, 00:15:56, FastEthernet1/0RT4#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksC 10.0.1.8/30 is directly connected, Serial0/0O E1 10.0.15.0/30 [110/1200] via 10.0.1.1, 00:58:11, FastEthernet1/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.10, 00:58:11, Serial0/0O E1 10.0.0.2/32 [110/1100] via 10.0.1.10, 00:58:11, Serial0/0B 10.3.0.0/16 [200/0] via 10.0.0.2, 00:11:59O 10.0.0.3/32 [110/101] via 10.0.1.1, 00:58:11, FastEthernet1/0O 10.3.3.0/24 [110/110] via 10.0.1.1, 00:58:11, FastEthernet1/0B 10.0.0.0/16 [200/0] via 10.0.0.2, 00:11:59C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1200] via 10.0.1.1, 00:58:11, FastEthernet1/0B 10.6.0.0/16 [200/0] via 10.0.0.2, 00:11:59C 10.3.4.0/24 is directly connected, Ethernet3/0C 10.0.0.4/32 is directly connected, Loopback0B 10.5.0.0/16 [200/0] via 10.0.0.1, 00:12:22O 10.0.1.4/30 [110/200] via 10.0.1.1, 00:58:11, FastEthernet1/0O E1 10.0.26.0/30 [110/1100] via 10.0.1.10, 00:58:11, Serial0/0RT5#ping 10.6.6.1 source 10.5.5.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.6.6.1, timeout is 2 seconds:Packet sent with a source address of 10.5.5.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 128/190/280 msR3,R4之间不需要建立BGP邻居关系BGP全连接虽然能实现R5和R6相互访问,但是每个路由器都要与其他路由器建立BGP 邻居,加重了路由器负担2、开启同步,重发布BGP路由到IGP中RT4(config)#no router bgp 65000 还原R3,R4配置,关闭BGPRT3(config)#no router bgp 65000R1和R2上看,邻居R3,R4状态为Active,TCP建立不成功RT1#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.2 4 65000 54 53 5 0 0 00:47:23 310.0.0.3 4 65000 20 22 0 0 0 00:01:09 Active10.0.0.4 4 65000 18 20 0 0 0 00:00:48 Active10.0.15.2 4 65001 54 55 5 0 0 00:49:37 1RT2#show ip bgp summaryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.1 4 65000 54 55 5 0 0 00:48:06 310.0.0.3 4 65000 20 22 0 0 0 00:01:52 Active10.0.0.4 4 65000 17 19 0 0 0 00:01:30 Active10.0.26.2 4 65002 52 53 5 0 0 00:47:16 1在R1,R2上开启同步RT1(config)#router bgp 65000RT1(config-router)#synchronizationRT2(config)#router bgp 65000RT2(config-router)#synchronizationRT1(config)#do show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.2 0 100 0 i 未同步,丢弃*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.2 0 100 0 i 未同步,丢弃*> 0.0.0.0 0 32768 i*> 10.5.0.0/16 10.0.15.2 0 0 65001 i* i10.6.0.0/16 10.0.0.2 0 100 0 65002 i 丢弃未同步路由丢弃来自IBGP宣告的未达到同步的路由所以,R1不会把该路由通告给R5RT2(config)#do show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.5.0.0/16 10.0.0.1 0 100 0 65001 i 丢弃未同步路由*> 10.6.0.0/16 10.0.26.2 0 0 65002 iR5和R6不学到相互的路由RT5#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.15.1 0 0 65000 i*> 10.3.0.0/16 10.0.15.1 0 0 65000 i*> 10.5.0.0/16 0.0.0.0 0 32768 iRT6#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.26.1 0 0 65000 i*> 10.3.0.0/16 10.0.26.1 0 0 65000 i*> 10.6.0.0/16 0.0.0.0 0 32768 i把BGP路由重发布到OSPF中,实现IGP路由同步RT1(config)#router ospf 1RT1(config-router)#redistribute bgp 65000 subnetsRT2(config)#router ospf 1RT2(config-router)#redistribute bgp 65000 subnetsR1与R2通过IGP路由,实现同步RT1#show ip routeO E2 10.6.0.0/16 [110/1] via 10.0.1.5, 00:05:03, Serial0/0RT2#show ip routeO E2 10.5.0.0/16 [110/1] via 10.0.1.9, 00:10:17, Serial0/0RT1#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.2 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.2 0 100 0 i*> 0.0.0.0 0 32768 i*> 10.5.0.0/16 10.0.15.2 0 0 65001 ir>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iR表示该路由已经通过BGP路由学到,但是不能进入全局路由表RT2#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 ir>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*> 10.6.0.0/16 10.0.26.2 0 0 65002 iR5,R6各自通过EBGP学到相互的路由RT5#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.15.1 0 0 65000 i*> 10.3.0.0/16 10.0.15.1 0 0 65000 i*> 10.5.0.0/16 0.0.0.0 0 32768 i*> 10.6.0.0/16 10.0.15.1 0 65000 65002 iRT6#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.26.1 0 0 65000 i*> 10.3.0.0/16 10.0.26.1 0 0 65000 i*> 10.5.0.0/16 10.0.26.1 0 65000 65001 i *> 10.6.0.0/16 0.0.0.0 0 32768 iRT3#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksO 10.0.1.8/30 [110/200] via 10.0.1.2, 00:19:10, FastEthernet1/0O E1 10.0.15.0/30 [110/1100] via 10.0.1.6, 00:19:10, Serial0/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.6, 00:19:10, Serial0/0O E1 10.0.0.2/32 [110/1200] via 10.0.1.2, 00:19:10, FastEthernet1/0O E2 10.3.0.0/16 [110/1] via 10.0.1.6, 00:09:52, Serial0/0C 10.0.0.3/32 is directly connected, Loopback0C 10.3.3.0/24 is directly connected, Ethernet3/0O E2 10.0.0.0/16 [110/1] via 10.0.1.6, 00:09:52, Serial0/0C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1100] via 10.0.1.6, 00:19:10, Serial0/0O E2 10.6.0.0/16 [110/1] via 10.0.1.2, 00:09:52, FastEthernet1/0O 10.3.4.0/24 [110/110] via 10.0.1.2, 00:19:10, FastEthernet1/0O 10.0.0.4/32 [110/101] via 10.0.1.2, 00:19:10, FastEthernet1/0O E2 10.5.0.0/16 [110/1] via 10.0.1.6, 00:12:01, Serial0/0C 10.0.1.4/30 is directly connected, Serial0/0O E1 10.0.26.0/30 [110/1200] via 10.0.1.2, 00:19:10, FastEthernet1/0RT4#show ip route10.0.0.0/8 is variably subnetted, 16 subnets, 4 masksC 10.0.1.8/30 is directly connected, Serial0/0O E1 10.0.15.0/30 [110/1200] via 10.0.1.1, 00:18:53, FastEthernet1/0O E1 10.0.1.12/30 [110/1100] via 10.0.1.10, 00:18:53, Serial0/0O E1 10.0.0.2/32 [110/1100] via 10.0.1.10, 00:18:53, Serial0/0O E2 10.3.0.0/16 [110/1] via 10.0.1.10, 00:09:57, Serial0/0O 10.0.0.3/32 [110/101] via 10.0.1.1, 00:18:53, FastEthernet1/0O 10.3.3.0/24 [110/110] via 10.0.1.1, 00:18:53, FastEthernet1/0O E2 10.0.0.0/16 [110/1] via 10.0.1.10, 00:09:57, Serial0/0C 10.0.1.0/30 is directly connected, FastEthernet1/0O E1 10.0.0.1/32 [110/1200] via 10.0.1.1, 00:18:53, FastEthernet1/0O E2 10.6.0.0/16 [110/1] via 10.0.1.10, 00:09:57, Serial0/0C 10.3.4.0/24 is directly connected, Ethernet3/0C 10.0.0.4/32 is directly connected, Loopback0O E2 10.5.0.0/16 [110/1] via 10.0.1.1, 00:12:06, FastEthernet1/0O 10.0.1.4/30 [110/200] via 10.0.1.1, 00:18:53, FastEthernet1/0O E1 10.0.26.0/30 [110/1100] via 10.0.1.10, 00:18:53, Serial0/0RT6#ping 10.5.5.1 source 10.6.6.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.5.5.1, timeout is 2 seconds:Packet sent with a source address of 10.6.6.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 140/184/236 ms重发布BGP路由进入IGP路由虽然能解决路由同步问题,但是因特网上路由有十几万条,该方法不可行3、路由反射器使用路由反射技术,代替BGP互连接RT1(config-router)#no synchronization 关闭同步RT2(config-router)#no synchronizationR1作路由反射器,其他路由器都是客户端RT1(config)#router bgp 65000RT1(config-router)#neighbor 10.0.0.2 route-reflector-clientRT1(config-router)#neighbor rr peer-groupRT1(config-router)#neighbor rr update-source lo0RT1(config-router)#neighbor rr remote-as 65000RT1(config-router)#neighbor rr next-hop-selfRT1(config-router)#neighbor rr route-reflector-clientRT1(config-router)#neighbor 10.0.0.3 peer-group rrRT1(config-router)#neighbor 10.0.0.4 peer-group rrRT1(config-router)#RT3(config)#router bgp 65000RT3(config-router)#neighbor 10.0.0.1 remote-as 65000RT3(config-router)#neighbor 10.0.0.1 update-source lo0RT3(config-router)#neighbor 10.0.0.1 next-hop-selfRT4(config)#router bgp 65000RT4(config-router)#neighbor 10.0.0.1 remote-as 65000RT4(config-router)#neighbor 10.0.0.1 update-source lo0RT4(config-router)#neighbor 10.0.0.1 next-hop-selfRT1#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 0.0.0.0 0 32768 i* i 10.0.0.2 0 100 0 i*> 10.3.0.0/16 0.0.0.0 0 32768 i* i 10.0.0.2 0 100 0 i*> 10.5.0.0/16 10.0.15.2 0 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT2#show ip bgpNetwork Next Hop Metric LocPrf Weight Path* i10.0.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i* i10.3.0.0/16 10.0.0.1 0 100 0 i*> 0.0.0.0 0 32768 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*> 10.6.0.0/16 10.0.26.2 0 0 65002 iR1,R2关于10.6.0.0/16的下一跳指向10.0.0.2 ,因为该路由是通过路由反射得到RT3#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i10.0.0.0/16 10.0.0.1 0 100 0 i*>i10.3.0.0/16 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT4#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*>i10.0.0.0/16 10.0.0.1 0 100 0 i*>i10.3.0.0/16 10.0.0.1 0 100 0 i*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 iRT5#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.15.1 0 0 65000 i*> 10.3.0.0/16 10.0.15.1 0 0 65000 i*> 10.5.0.0/16 0.0.0.0 0 32768 i*> 10.6.0.0/16 10.0.15.1 0 65000 65002 iRT6#show ip bgpNetwork Next Hop Metric LocPrf Weight Path*> 10.0.0.0/16 10.0.26.1 0 0 65000 i*> 10.3.0.0/16 10.0.26.1 0 0 65000 i*> 10.5.0.0/16 10.0.26.1 0 65000 65001 i*> 10.6.0.0/16 0.0.0.0 0 32768 i四、总结:路由同步的概念,来自IBGP的BGP路由条目不会无效,并且不会发给EBGP邻居,除非该路由能通过IGP路由学到。
BGP基础知识
BGP基础知识BGP的起源:不同自治系统间路由交换与管理的需求推动了EGP的发展,但是EGP设计太简单,最终被BGP取代。
BGP也叫边界网关协议,是一种用于自治系统间的动态路由协议。
BGP协议特性:BGP是自治系统外部路由协议,用来在AS之间传递路由信息。
路径矢量路由协议,从设计上避免了环路的发生。
由TCP协议承载,端口号是179。
支持CIDR和路由聚合。
路由附带丰富的属性。
只发送增量路由更新。
路由过滤盒路由策略。
BGP术语:BGP发言者(BGP Speaker):发送BGP消息的路由器称为BGP发言者,他接收或产生新的路由消息,并发布给其他的BGP发言者。
BGP对等体(BGP Peer):相互交换消息的BGP发言者之间称对等体。
IBGP对等体:如果BGP对等体处于同一自治系统内,被称为IBGP对等体。
EBGP对等体:如果BGP对等体处于不同自治系统时称为EBGP对等体。
BGP消息类型及作用:BGP状态机:Idle状态:此状态为初始状态,不接受任何BGP连接,等待Start事件的产生。
如果有Start事件产生则系统开启ConnectRetry定时器,向邻居发起TCP连接,将状态变为Connect。
Connect状态:在Connect状态,系统等待TCP连接建立完成。
如果TCP状态Established,则拆除ConnectRetry定时器,并发送Open消息,将状态变为OpenSent;如果TCP连接失败则重置ConnectRetry定时器并转为Active状态;如果ConnectRetry timer expired 超时,则重新连接,仍处于Connect状态。
Active状态:如果已经启动事件但TCP连接未完成则处于Active状态。
在Active状态系统会响应ConnectRetry timer expired 事件,重新进行TCP连接成功建立则发生Open消息,将状态变为OpenSend,并清除ConnectRetry定时器,重置HoldTime定时器。
h3c BGP路由策略应用本地优先级、团体属性功能的配置
//引入静态路由
import-route static
undo synchronization
//建立BGP邻居,这里是EBGP,用IBGP也是可以的
peer1.1.1.2 as-number 2
#
//设计好的3条静态黑洞路由
ip route-static1.2.0.0 255.255.0.0 NULL0
ip route-static1.2.3.0 255.255.255.0 NULL0
ip route-static2.0.0.0 255.255.0.0 NULL0
#
RTB配置
#
interface GigabitEthernet0/0
port link-mode route
ip address1.1.1.2 255.255.255.252
//对RTA应用入方向的路由策略com
peer1.1.1.1 route-policy com import
#
//路由策略com允许节点10配置
route-policy com permit node 10
//匹配ACL 2000
if-match acl 2000
//修改本地优先级为168
apply local-preference 168
二、组网图:
三、配置步骤:
适用设备和版本:MSR系列、Version 5.20, Release 1206后所有版本。
RTA配置
#
interface GigabitEthernet0/0
port link-mode route
ip address1.1.1.1 255.255.255.252
#
BGP详解(最终版)
BGP一.B GP邻居类型1)iBGP邻居①本地路由表需要拥有邻居地址的路由条款②邻居地址作为BGP报文的目的地址,TCP连接地址需要③发送单播hello包,TTL=255④从头的BGP会话收到数据包,其源地址会和邻居列表进行对照-若是匹配,邻居关系成立-若是不匹配,数据包忽略⑤iBGP的治理距离为200⑥若是iBGP邻居不在所有的路由器上运行,会存在路由黑洞PS:iBGP邻居之间不需要直连且iBGP一样利用路由器的回环口成立邻居关系(config-router)#neighbor [DIP] remote-as [DAS目标ASID与自己相同]指定邻居目标ip和AS ID(config-router)#neighbor [DIP] update-source [Source loopback]指定邻居目标ip和更新源2)EBGP邻居①本地路由表需要拥有邻居地址的路由条款②邻居地址作为BGP报文的目的地址,TCP源和目的连接地址需要匹配③发送单播的hello包,默许TTL=1(能够通过命令修改)④能够传递任意多个AS,没有跳数限制⑤通过AS改变下一跳地址⑥EBGP一样利用直连接口配置BGP邻居,利用换回口配置邻居能够增加网络冗余⑦EBGP的治理距离为20(config-router)#neighbor [DIP] remote-as [DAS目标ASID与自己不同]指定邻居目标ip和AS ID(config-router)#neighbor [DIP] update-source [Source loopback]指定邻居目标ip和更新源(config-router)#neighbor [DIP] ebgp-multihop [TTL数量,默以为255]修改抵达邻居目标ip的跳数(TTL)二.B GP五种报文类型1)Open包用于协商BGP邻居成立的各项参数2)Update包进行路由信息互换的更新包PS:更新信息中携带路由前缀信息和前缀的前缀属性(Network+Attribute)3)Notification包报告邻居关系错误,邻居关系终止4)Keepalive包用于维持邻居关系,保证邻居关系正常5)Route-refresh包为保证网络稳固,触发更新的路由机制三.B GP邻居六种状态1)IDLE搜索路由表,查看是不是有抵达邻居的路由PS:第一次转向IDLE状态后,路由器会启动从头连接计时器,计时器终止后路由器会从头发起BGP连接。
BGP路由黑洞之路由反射器(Router Reflector)解决
BGP路由黑洞之路由反射器(Router Reflector)解决【实验环境】C3640-IK9O3S-M Version 12.4(10)【实验目的】采用路由反射器(Router Reflector)解决由IBGP水平分割导致的BGP路由黑洞问题【实验拓扑】【实验描述】R1、R2、R4、R5跑BGP协议,R2、R3、R4跑OSPF协议。
目标是使1.1.1.1<->5.5.5.5可以互相访问IBGP邻居关系采用回环口进行建立R1<->R2、R4<->R5之间使用直连接口建立EBGP关系数据层面的BGP路由黑洞问题:由于R3没有跑BGP,因此R2和R4均不会将路由条目传给R3,因此R3没有1.1.1.1和5.5.5.5的路由,导致路由黑洞。
如果在R3上跑BGP,与R2和R4建立IBGP关系,又会因为IBGP水平分割导致R2、R4路由学习不完整。
解决方法:利用路由反射器,将R3作为反射器(RR),其余IBGP路由器作为客户端(C),路由反射器和其客户端共同组成路由反射簇,客户端只需要与路由反射器建立邻居即可,不需要与每台IBGP路由器建立邻居。
路由反射器的规则:1、RR从EBGP收到的路由,会反射给客户端和非客户端;2、从客户端收到的路由,会反射给客户端、非客户端及EBGP邻居;3、从非客户端收到的路由,只会反射给客户端和EBGP邻居,不会反射给其他非客户端。
【实验步骤】1、R1基本配置,端口:!interface Loopback0ip address 1.1.1.1 255.255.255.0!interface Serial0/0ip address 12.0.0.1 255.255.255.0clock rate 64000!2、R2基本配置,端口,OSPF:!interface Loopback0ip address 2.2.2.2 255.255.255.0!interface Serial0/0ip address 12.0.0.2 255.255.255.0 !interface Serial0/1ip address 23.0.0.1 255.255.255.0 clock rate 64000!router ospf 110router-id 2.2.2.2network 2.2.2.0 0.0.0.255 area 0 network 23.0.0.1 0.0.0.0 area 0 !3、R3基本配置,端口,OSPF:!interface Loopback0ip address 3.3.3.3 255.255.255.0 !interface Serial0/0ip address 34.0.0.1 255.255.255.0 clock rate 64000!interface Serial0/1ip address 23.0.0.2 255.255.255.0 !router ospf 110router-id 3.3.3.3network 3.3.3.0 0.0.0.255 area 0 network 23.0.0.2 0.0.0.0 area 0network 34.0.0.1 0.0.0.0 area 0 !4、R4基本配置,端口,OSPF:!interface Loopback0ip address 4.4.4.4 255.255.255.0 !interface Serial0/0ip address 34.0.0.2 255.255.255.0 !interface Serial0/1ip address 45.0.0.1 255.255.255.0 clock rate 64000!router ospf 110router-id 4.4.4.4network 4.4.4.0 0.0.0.255 area 0 network 34.0.0.2 0.0.0.0 area 0 !5、R5基本配置,端口:!interface Loopback0ip address 5.5.5.5 255.255.255.0 !interface Serial0/1ip address 45.0.0.2 255.255.255.0 !6、配置R1与R2之间的EBGP//R1配置AS 1router bgp 1no synchronizationbgp router-id 1.1.1.1network 1.1.1.0 mask 255.255.255.0 neighbor 12.0.0.2 remote-as 3no auto-summary//R2配置AS 3router bgp 3no synchronizationbgp router-id 2.2.2.2neighbor 12.0.0.1 remote-as 1no auto-summary7、配置R4与R5之间的EBGP//R4配置AS 3router bgp 3no synchronizationbgp router-id 4.4.4.4neighbor 45.0.0.2 remote-as 5no auto-summary//R5配置AS 5router bgp 5no synchronizationbgp router-id 5.5.5.5network 5.5.5.0 mask 255.255.255.0 neighbor 45.0.0.1 remote-as 3no auto-summary8、使用回环接口配置R2、R3、R4之间的IBGP关系//R3配置router bgp 3no synchronizationbgp router-id 3.3.3.3neighbor 2.2.2.2 remote-as 3neighbor 2.2.2.2 update-source Loopback0neighbor 4.4.4.4 remote-as 3neighbor 4.4.4.4 update-source Loopback0no auto-summary//R2配置router bgp 3neighbor 3.3.3.3 remote-as 3neighbor 3.3.3.3 update-source Loopback0nei 3.3.3.3 next-hop-self//R4配置router bgp 3neighbor 3.3.3.3 remote-as 3neighbor 3.3.3.3 update-source Loopback0nei 3.3.3.3 next-hop-self9、在R3上开启路由反射器,指定客户端router bgp 3neighbor 2.2.2.2 route-reflector-clientneighbor 4.4.4.4 route-reflector-client10、查看R3的路由表R3#sh ip bgpBGP table version is 3, local router ID is 3.3.3.3Network Next Hop Metric LocPrf Weight Path*>i1.1.1.0/24 2.2.2.2 0 100 0 1 i*>i5.5.5.0/24 4.4.4.4 0 100 0 5 i11、验证R1与R5回环口连通性R1#ping 5.5.5.5 so 1.1.1.1Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:Packet sent with a source address of 1.1.1.1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 188/325/496 ms 12、在R2上查看反射路由条目5.5.5.0/24R2#sh ip bgp 5.5.5.0/24BGP routing table entry for 5.5.5.0/24, version 3Paths: (1 available, best #1, table Default-IP-Routing-Table)4.4.4.4 (metric 129) from 3.3.3.3 (3.3.3.3)Origin IGP, metric 0, localpref 100, valid, internal, bestOriginator: 4.4.4.4, Cluster list: 3.3.3.313、在R4上查看反射路由条目1.1.1.0/24R4#sh ip bgp 1.1.1.0/24BGP routing table entry for 1.1.1.0/24, version 3Paths: (1 available, best #1, table Default-IP-Routing-Table)2.2.2.2 (metric 129) from3.3.3.3 (3.3.3.3)Origin IGP, metric 0, localpref 100, valid, internal, bestOriginator: 2.2.2.2, Cluster list: 3.3.3.314、评价路由反射器相对于邻居全互联来说,简化了配置和数量,因为IBGP邻居关系只需要在客户端与RR之间建立即可。
bgp中null0路由防环机制
bgp中null0路由防环机制
BGP中的null0路由(也称为黑洞路由)是一种用于防止数据
包环路的机制。
当网络中出现问题时,例如当某个目的地不可达或链路故障时,BGP可以将流量引导到null0接口(一个虚
拟接口),从而丢弃所有传入的数据包。
使用null0路由的主要目的是防止路由环路。
当BGP路由器接收到来自其他路由器的可达性信息时,它将比较该路由的最长匹配前缀,并将该路由添加到其路由表中。
然后,该路由表将被用来决定流量的下一跳。
如果网络出现问题,某些路由可能会失效或是不可达。
在这种情况下,使用null0路由可以确保
将传入的流量直接丢弃,而不是进一步尝试转发到其他可能的路径。
使用null0路由的另一个好处是可以防止网络攻击,例如IP地
址欺骗或DDoS攻击。
通过将流量引导到null0接口,攻击者
无法使用假IP地址或过载网络的方式来攻击目标主机。
总结来说,BGP中的null0路由是一种用于防止数据包环路的
机制,它将流量引导到一个虚拟接口,以便丢弃不可达的流量。
它还可以用于防止网络攻击和保护目标主机的安全。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
BGP路由黑洞及IBGP全连接组网需求:1.AS65000边界网段发布:RT1、RT2重发布直连路由至OSPF(metric 1000 type 1)2.BGP配置要求:no synchronizationno auto-summary IBGP使用LOOPBACK建立邻居,下一跳指向自己3.RT1,RT2发布AS65000的汇总路由至BGP:10.0.0.0/16、10.3.0.0/164.RT5发布AS65001的汇总路由至BGP:10.5.0.0/165.RT6发布AS65001的汇总路由至BGP:10.6.0.0/166.分析路由黑洞的形成及解决方法IGP路由的配置:R1:router ospf 1router-id 10.0.0.1redistribute connected metric 1000 metric-type 1 subnets //重发布直连网络到OSPF中passive-interface Serial0/1//与EBGP相连的接口必须配置为被动接口,以免形成邻居network 10.0.0.1 0.0.0.0 area 0network 10.0.1.4 0.0.0.3 area 0router ospf 1router-id 10.0.0.3passive-interface defaultno passive-interface Serial0/0no passive-interface FastEthernet1/0network 10.0.0.3 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.4 0.0.0.3 area 0network 10.3.3.0 0.0.0.255 area 0interface FastEthernet1/0ip address 10.0.1.1 255.255.255.252ip ospf network point-to-point //配置网络类型为点对点(不需选举DR或BDR)R4:router ospf 1router-id 10.0.0.4passive-interface defaultno passive-interface Serial0/0no passive-interface FastEthernet1/0network 10.0.0.4 0.0.0.0 area 0network 10.0.1.0 0.0.0.3 area 0network 10.0.1.8 0.0.0.3 area 0network 10.3.4.0 0.0.0.255 area 0interface FastEthernet1/0ip address 10.0.1.1 255.255.255.252ip ospf network point-to-point //配置网络类型为点对点(不需选举DR或BDR)R2:router ospf 1router-id 10.0.0.2redistribute connected metric 1000 metric-type 1 subnets//重发布直连网络到OSPF中passive-interface default//与EBGP相连的接口必须配置为被动接口,以免形成邻居no passive-interface Serial0/0network 10.0.1.8 0.0.0.3 area 0IBGP的配置:R1:router bgp 65000no synchronization//关闭同步neighbor 10.0.0.2 remote-as 65000//指定IBGP邻居和ASneighbor 10.0.0.2 update-source Loopback0//指定更新源为LOOPBACK0neighbor 10.0.0.2 next-hop-self//把下跳改为自己(EBGP默认)neighbor 10.0.15.2 remote-as 65001 //指定EBGP邻居和ASnetwork 10.0.0.0 mask 255.255.0.0 /静态发布路由到BGPno auto-summary//关闭自动汇总ip route 10.0.0.0 255.255.0.0 null 0 //添加一条静态汇总路由,用来发布router bgp 65000no synchronization//关闭同步neighbor 10.0.0.1 remote-as 65000//指定邻居和ASneighbor 10.0.0.1 update-source Loopback0//指定更新源为LOOPBACK0 neighbor 10.0.0.1 next-hop-self//把下跳改为自己(EBGP默认)neighbor 10.0.26.2 remote-as 65002//指定EBGP邻居和ASnetwork 10.3.0.0 mask 255.255.0.0 /静态发布路由到BGPno auto-summary//关闭自动汇总ip route 10.3.0.0 255.255.0.0 null 0 //添加一条静态汇总路由,用来发布R5:router bgp 65001network 10.5.0.0 mask 255.255.0.0//静态发布路由到BGPneighbor 10.0.15.1 remote-as 65000//指定EBGP邻居和ASno auto-summary//关闭自动汇总ip route 10.5.0.0 255.255.0.0 Null0//添加一条静态汇总路由,用来发布到BGP R6:router bgp 65002no synchronization//关闭同步network 10.6.0.0 mask 255.255.0.0//静态发布路由到BGPneighbor 10.0.26.1 remote-as 65000//指定EBGP邻居和ASno auto-summary//关闭自动汇总ip route 10.6.0.0 255.255.0.0 Null0//添加一条静态汇总路由,用来发布到BGP 注意:使用IBGP时默认跳数为255,EBGP的默认跳数为1,如果使用EBGP的LOOBACK地址建邻居,需手工指定跳数neighbor 10.10.10.10 ebgp-multihop 2//后面接的是跳数1-255思考:现在10.5.5.1能够PING通10.6.6.1吗?答案是不能ping通,原因是R3上没有去往R6的路由(后面分析)现在我们来分析一下R6上的10.6.0.0/16路由的传播!在R6上:Network Next Hop Metric LocPrf Weight Path*> 10.5.0.0/16 10.0.26.1 0 65000 65001 i*> 10.6.0.0/16 0.0.0.0 0 32768 i*表示有效>表示最优因为10.6.0.0是由本路由器始发所以下一跳是0.0.0.0,如果是重发布到BGP的就为IGP中的下一跳,本地始发路由的weight为32768,Originn属性为IGPR2收到从EBGP收到的路由,向它所有的邻居转发*> 10.6.0.0/16 10.0.26.2 0 0 65002 i因为是由EBGP通告过来的,所以下一跳为EBGP的邻居地址R1:*>i10.6.0.0/16 10.0.0.2 0 100 0 65002 i从IBGP学到的路由,是否通告给EBGP,视同步而定,因为这里是关闭同步的所以能通告给R5(如果开启了同步,必须达到同步的路由才能传给EBGP),同时在R2上配置了next-hop-self将下一跳改变为自己,所以R1收到的路由的下一跳指向它的IBGP邻居R5:*> 10.6.0.0/16 10.0.15.1 0 65000 65002 i向EBGP通告路由时,将下一跳改变为自己。
同理R6也能学到R5的路由当10.5.5.1ping10.6.6.1时,R5查找路由表,匹配10.6.0.0/16的路由,下一跳为10.0.15.1为直连接口,将数发往R1,R1进行查找路由,找到匹配10.6.0.0/16路由,下一跳为10.0.0.2,不是直连接口,将下一跳为目标IP进行递归查找路由,匹配10.0..02/32的路由,下一跳为10.0.1.5为直连接口,将数据发到R3,R3以目标IP10.6.6.1进行查找路由,找不到匹配项,便丢弃数据,因为R3没有运行BGP学习不到BGP的路由,所以形成路由黑洞。
解决方法:1.将BGP的路由重分布到OSPF中2.将AS内的路由器形成IBGP全连接3.路由反射器4.配置MPLS方法1.配置如下:R1:router ospf 1redistribute bgp 65000 subnets //重分布BGP的路由到OSPF中R2:router ospf 1redistribute bgp 65000 subnets//重分布BGP的路由到OSPF中现在可以看到AS内的路由器都有AS外的路由呢,所以可以PING通了!R3的路由表,有AS外的路由:R5上测试一下:注意:因为INTERNET网上的BGP路由多达十几万条,如果不做策略将BGP路由重分布到OSPF中,是不可行的,OSPF最大也只能支持一万多条路由表,并且极大消耗路由器的内存,所以此方法一般不用!这里有一个INTERNET上的公共路由器,可以去查看上面的路由表,只需telnet上这个地址就行,用户名为rviewsBGP路由表有14万多方法2:IBGP的全连接(因为从一个IBGP学习到的路由不会传递给另一个IBGP,所以需要全连接,为了防止路由环路)配置如下:R1:neighbor 10.0.0.3 remote-as 65000neighbor 10.0.0.3 update-source Loopback0neighbor 10.0.0.3 next-hop-selfneighbor 10.0.0.4 remote-as 65000neighbor 10.0.0.4 update-source Loopback0neighbor 10.0.0.4 next-hop-selfR3:router bgp 65000no synchronizationneighbor 10.0.0.1 remote-as 65000neighbor 10.0.0.1 update-source Loopback0neighbor 10.0.0.1 next-hop-selfneighbor 10.0.0.4 remote-as 65000neighbor 10.0.0.4 update-source Loopback0neighbor 10.0.0.4 next-hop-selfneighbor 10.0.0.2 remote-as 65000neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 next-hop-selfno auto-summaryR4:router bgp 65000no synchronizationneighbor 10.0.0.1 remote-as 65000neighbor 10.0.0.1 update-source Loopback0neighbor 10.0.0.1 next-hop-selfneighbor 10.0.0.3 remote-as 65000neighbor 10.0.0.3 update-source Loopback0neighbor 10.0.0.3 next-hop-selfneighbor 10.0.0.2 remote-as 65000neighbor 10.0.0.2 update-source Loopback0neighbor 10.0.0.2 next-hop-selfno auto-summaryR2:neighbor 10.0.0.4 remote-as 65000neighbor 10.0.0.4 update-source Loopback0neighbor 10.0.0.4 next-hop-selfneighbor 10.0.0.3 remote-as 65000neighbor 10.0.0.3 update-source Loopback0neighbor 10.0.0.3 next-hop-self在R3上查看邻居关系,已经形成全连接了!也有AS外部路由了现在R5上测试一下:现在我们来分析一条路由,R1通告10.5.0.0/16路由给R3,R3会把这条路由通告给R4吗?R3收到一条路来自己R1的路由:*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 iR4上的路由:*>i10.5.0.0/16 10.0.0.1 0 100 0 65001 i这里为什么只有一条路由呢,因为形成了IGBP全连接由R1通告过来了,R3从IBGP学习到的路由不再传递给IBGP,所以R4只有一条,这就是为什么要形成全连接的原因。