这里写目录标题
一、BGP路径属性
1. 定义
路径属性: path attributes,作用类似于metric,用于度量BGP的路由优劣(用来进行选路)
当一条BGP路由被BGP路由器更新给其对等体时,这条BGP路由会携带多个路径属性值(Path Attributes)一并传递给对等体,BGP的这些路径属性,将影响BGP的路由优选。他们的存在使得BGP的路由策略能力异常强大。
2.BGP路由优选规则概览
1.优选具有最大Preferred-Value的路由 |
2.优选具有最大Local_Preference的路由 |
3.优选起源于本地的路由 |
4.优选AS_Path最短的路由 |
5.Origin(IGP>EGP>Ilncomplete) |
6.优选MED最小的路由 |
7.优选EBGP对等体所通告的路由 |
8.优选到Next_Hop的IGP度量值最小的路由 |
9.BGP路由负载分担 |
10.优选Cluster_List最短的路由 |
11.优选Router-ID最小的BGP对等体发来的路由 |
12.优选Peer-IP地址最小的对等体发来的路由 |
BGP路由优选规则也被称为BGP选路规则,不同厂商的设备在BGP选路上存在细微差异,本文档以华为VRP V8版本中实现的选路规则(常用规则)进行讲解。
3.路径属性分类
公认属性Well-Known
- 公认必尊属性Well-known mandatory
- 公认自由决定属性Well-known discretionary
可选属性 Optional
- 可选传递的 Optional non-transitive
- 可选非传递的 Optional non-transitive
、
公认属性 | 公认必遵 | 所有的BGP实现都必须都能识别,且在Update报文中必须携带。 | Origin AS_Path Nexthop |
公认自决 | 所有的BGP实现都必须都能识别,但不要求必须包含在Update报文中。 | Local-Preference ATOMIC_Aggregate | |
可选属性 | 可选传递 | 设备可以不支持该属性,但即使不支持,也应当接收包含该属性的路由并传递给其他对等体。 | Community Aggregator |
可选非传递 | 设备可以不支持该属性,不识别的BGP进程忽略包含这个属性的路由更新,并且不传递给其他BGP对等体。 | MED Originator_ID Cluster_list *pre_value |
4.BGP选路原则
1.如果此路由的下一跳不可达,忽略此路由 |
2.Preferred-Value值数值越高越优先,华为私有属性,仅本地有意义 |
3.Local-Preference值最高的路由优先 |
4.聚合路由优先于非聚合路由 |
5.本地手动聚合路由的优先级高于本地自动聚合的路由 |
6.本地通过Network命令引入的路由的优先级高于本地通过import-route命令引入的路由 |
7.AS-path的长度最短的路由优先 |
8.比较Origin属性,IGP优于EGP,EGP优于Incomplete |
9.选择MED较小的路由 |
10.EBGP路由优于IBGP路由 |
11.BGP优先选择BGP下一跳的IGP度量值最低的路径 |
当以上全部相同,则为等价路由,可以负载分担(注意:AS-Path必须一致,当负载分担时,一下3条原则无效) |
12.比较Cluster_list长度,短者优先 |
13.比较Originator_ID(如果没有Originator_ID,则用Router_ID比较),选择数值较小的路径 |
14.比较对等体的IP地址选择IP地址数值最小的路径 |
5.BGP属性选路配置
共12种方法,这里介绍3种常用方法:
根据local-prefernce控制选路(越大越优)
- 为公认自由属性,用于告诉AS中的路由器,哪条路径是离开AS的首选路径
- Local_Preference属性只能在IBGP对等体间传递(除非做策略否则Local_Preference值在IBGP对等体间传递过程中不会丢失),而不能再EBGP对等体间传递,如果在EBGP对等体间收到的路由的路径属性中携带了 Local_Preference,则会触发Notifacation报文,造成会话中断:
- 但是可以在AS边界路由器上使用Import方向的策略来修改Local_Preference属性值。也就是在收到路由之后,在本地为路由赋予 Local_Preference
[R3]route-policy lop permit node 10
注:创建一个指定的策略 lop名字
[R3-route-policy]apply local-preference 222
注:应用 优先级设置为222
[R3-route-policy]q
[R3]bgp 200
[R3-bgp]peer 4.4.4.4 route-policy lop export
注:使R3到R4出站方向为export的路由策略,R4配置此策略则为import入站
[R3-bgp]q
[R3]q
<R3>refresh bgp all export
注:刷新
使用AS-path属性控制选路(越少越优先)
- 为公认必遵属性,是前往目标网络的路由经过的AS号列表
- 作用:确保路由在EBGP对等体之间传递无环;另外也作为路由优选的衡量标准之一
- 路由在被通告给EBGP对等体时,路由器会在该路由的AS_Path中追加上本地的AS号:路由被通告给IBGP对等体时,AS-path不会发生改变
- 使用route-policy修改BGP路由的AS_Path:
- apply as-path xxx additive #在已有As_path基础上追加xxx
- apply as-path xxx overwrite #将已有As_path值替换(覆盖)成xxx
- apply as-path none overwrite #清空路由的As_path属性
- 使用route-policy修改BGP路由的As_path时,可以在EBGP对等体之间改变EBGP路由的As_path属性,从而影响BGP路由的优选。在华为路由器上,在EBGP对等体之间,也可使用route-policy修改BGP路由的As_path。无论何种场景,改变BGP路由的As_path都必须十分谨慎,建议跟上一个经过的AS号保持一致。
- Bestroute as-path-ignore命令来配置BGP在选择最优路由时忽略AS路径属性。配置该命令后,BGP将不比较AS路径的长度,越小越优
[R2]route-policy as permit node 10
[R2-route-policy]apply as-path 123 123 additive
注:在已有AS-path基础上追加
[R2-route-policy]q
[R2]bgp 200
[R2-bgp]peer 4.4.4.4 route-policy as export
[R2-bgp]q
[R2]q
<R2>refresh bgp all export
通过MED属性控制选路(越小越优)
- 为可选非传递属性,是一种度量值
- 一般情况下,BGP设备只比较来自同一AS(不同对等体)的路由的MED值。可以通过配置命令来允许BGP比较来自不同AS的路由的MED属性值
- 执行compare-different-as-med命令后,系统将比较来自不同AS来自不同AS中的对等体的路由的MED值。
[R2]route-policy med permit node 10
[R2-route-policy]apply cost + 500
[R2-route-policy]q
[R2]bgp 200
[R2-bgp]peer 1.1.1.1 route-policy med export
[R2-bgp]q
[R2]q
<R2>refresh bgp all export
<R2>sys
[R2]dis bgp routing-table
[R2]dis bgp routing-table
多网段情况下只匹配某一网段选路
- Origin属于公有必遵,用来定义路径信息的来源,其作用是标记一条路由时如何成为BGP路由的,EBGP邻居之间起作用。
- 它有三种属性:①IGP(i):优先级最高,②EGP(e):优先级次之,③Incomplete(?):优先级最低
ip ip-prefix 1 permit 100.0.1.0 24
route-policy RP permit node 10
if-match ip-prefix 1
apply origin incomplete
route-policy RP permit node 20
bgp 100
network 100.0.1.0 24
peer 10.1.13.3 as-number 345
peer 10.1.13.3 route-policy RP export
二、BGP实验配置
1.AS200内运行OSPF协议,要求实现1.1.1.1可以访问5.5.5.5
R1的配置命令
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 13.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 200
peer 2.2.2.2 ebgp-max-hop 2
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 200
peer 3.3.3.3 ebgp-max-hop 2
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
network 2.2.2.2 255.255.255.255
network 3.3.3.3 255.255.255.255
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ip route-static 2.2.2.2 255.255.255.255 12.1.1.2
ip route-static 3.3.3.3 255.255.255.255 13.1.1.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R2的配置命令
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 24.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 2
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
network 2.2.2.2 255.255.255.255
network 3.3.3.3 255.255.255.255
network 4.4.4.4 255.255.255.255
peer 1.1.1.1 enable
peer 3.3.3.3 enable
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
network 24.1.1.0 0.0.0.255
#
ip route-static 1.1.1.1 255.255.255.255 12.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3的配置命令
#
sysname R3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 2
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 200
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
network 2.2.2.2 255.255.255.255
network 3.3.3.3 255.255.255.255
network 4.4.4.4 255.255.255.255
peer 1.1.1.1 enable
peer 2.2.2.2 enable
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 13.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255
#
ip route-static 1.1.1.1 255.255.255.255 13.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R4的配置命令
#
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 24.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 34.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 45.1.1.4 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 200
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
peer 5.5.5.5 as-number 300
peer 5.5.5.5 ebgp-max-hop 2
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
network 3.3.3.3 255.255.255.255
network 4.4.4.4 255.255.255.255
network 5.5.5.5 255.255.255.255
peer 2.2.2.2 enable
peer 2.2.2.2 next-hop-local
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-local
peer 5.5.5.5 enable
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 24.1.1.0 0.0.0.255
network 34.1.1.0 0.0.0.255
network 45.1.1.0 0.0.0.255
#
ip route-static 5.5.5.5 255.255.255.255 45.1.1.5
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R5的配置命令
#
sysname R5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 300
peer 4.4.4.4 as-number 200
peer 4.4.4.4 ebgp-max-hop 2
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 4.4.4.4 255.255.255.255
network 5.5.5.5 255.255.255.255
peer 4.4.4.4 enable
#
ip route-static 4.4.4.4 255.255.255.255 45.1.1.4
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
结果展示:
2.根据local-prefernce控制选路(越大越优)
举例R3上配置命令如下
#
bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 2
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 200
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
network 3.3.3.3 255.255.255.255
peer 1.1.1.1 enable
peer 2.2.2.2 enable
peer 4.4.4.4 enable
peer 4.4.4.4 route-policy lp export
###使R3到R4出站方向为export的路由策略,R4配置此策略则为import入站
peer 4.4.4.4 next-hop-local
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 34.1.1.0 0.0.0.255
#
route-policy lp permit node 10
####创建名为lp的路由策略
apply local-preference 300
###设置本地优先级为300
最后刷新
R4上的BGP路由就变成3.3.3.3
3.使用AS-PATB属性控制选路(越少越优先)
举例R1上配置命令如下
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
network 2.2.2.2 255.255.255.255
network 3.3.3.3 255.255.255.255
peer 2.2.2.2 enable
peer 2.2.2.2 route-policy as import
###使R1到R2出站方向为export的路由策略,R2配置此策略则为import入站
peer 3.3.3.3 enable
#
route-policy as permit node 10
####创建名为as的路由策略
apply as-path 100 100 100 additive
###在已有的AS-path基础上追加 100 100 100
#