Example:Next Hop on a Multiaccess Network
BGP States
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
2.2.2.0/24
0.0.0.0
0
32768 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
2.2.2.0/24
12.1.1.2
0
0 2 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
0.0.0.0
0
32768 ?
*>
2.2.2.0/24
12.1.1.2
0
0 2 i
*>
3.3.3.0/24
134.1.1.3
1
32768 ?
*>
134.1.1.0/24
0.0.0.0
0
32768 ?
*
> 200.1.16.0 12.1.1.2 0 0 2 i
*> 200.1.16.0/22 12.1.1.2 0 0 2 i
*> 200.1.17.0 12.1.1.2 0 0 2 i
*> 200.1.18.0 12.1.1.2 0 0 2 i
*> 200.1.19.0 12.1.1.2 0 0 2 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
12.1.1.1
0
0 1 ?
*>
2.2.2.0/24
0.0.0.0
0
32768 i
*>
3.3.3.0/24
12.1.1.1
1
0 1 ?
*>
134.1.1.0/24
12.1.1.1
0
0 1 ?
s>
200.1.16.0
0.0.0.0
0
32768 i
*> 200.1.16.0/22 0.0.0.0 32768 i
s> 200.1.17.0 0.0.0.0 0 32768 i
s> 200.1.18.0 0.0.0.0 0 32768 i
s> 200.1.19.0 0.0.0.0 0 32768 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
0.0.0.0
0
32768 ?
*>
2.2.2.0/24
12.1.1.2
0
0 2 i
*>
3.3.3.0/24
134.1.1.3
1
32768 ?
*>
134.1.1.0/24
0.0.0.0
0
32768 ?
*> 200.1.16.0/22 12.1.1.2 0 0 2 i
match ip address prefix-list 1
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
12.1.1.1
0
0 1 ?
*>
2.2.2.0/24
0.0.0.0
0
32768 i
*>
3.3.3.0/24
12.1.1.1
1
0 1 ?
*>
134.1.1.0/24
12.1.1.1
0
0 1 ?
s> 200.1.16.0 0.0.0.0 0 32768 i
*>
200.1.16.0/22
0.0.0.0
32768 i
s> 200.1.17.0 0.0.0.0 0 32768 i
*>
200.1.18.0
0.0.0.0
0
32768 i
*>
200.1.19.0
0.0.0.0
0
32768 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
0.0.0.0
0
32768 ?
*>
2.2.2.0/24
12.1.1.2
0
0 2 i
*>
3.3.3.0/24
134.1.1.3
1
32768 ?
*>
134.1.1.0/24
0.0.0.0
0
32768 ?
*> 200.1.16.0/22 12.1.1.2 0 0 2 i
*> 200.1.18.0 12.1.1.2 0 0 2 i
*> 200.1.19.0 12.1.1.2 0 0 2 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
0.0.0.0
0
32768 ?
*>
2.2.2.0/24
12.1.1.2
0
0 2 i
*>
3.3.3.0/24
134.1.1.3
1
32768 ?
*>
134.1.1.0/24
0.0.0.0
0
32768 ?
s>
200.1.16.0
12.1.1.2
0
0 2 i
*> 200.1.16.0/22 0.0.0.0 32768 i
s>
200.1.17.0
12.1.1.2
0
0 2 i
s>
200.1.18.0
12.1.1.2
0
0 2 i
s>
200.1.19.0
12.1.1.2
0
0 2 i
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
12.1.1.1
0
0 1 ?
*>
2.2.2.0/24
0.0.0.0
0
32768 i
*>
3.3.3.0/24
12.1.1.1
1
0 1 ?
*>
134.1.1.0/24
12.1.1.1
0
0 1 ?
*>
200.1.16.0
0.0.0.0
0
32768 i
*> 200.1.16.0/22 12.1.1.1 0 0 1 i
*>
200.1.17.0
0.0.0.0
0
32768 i
*>
200.1.18.0
0.0.0.0
0
32768 i
*>
200.1.19.0
0.0.0.0
0
32768 i
R1(router -config)aggregate-address 200.1.16.0 255.255.252.0 as-set summary-only
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Network
Next Hop
Metric LocPrf Weight Path
*>
1.1.1.0/24
0.0.0.0
0
32768 ?
*>
2.2.2.0/24
12.1.1.2
0
0 2 i
*>
3.3.3.0/24
134.1.1.3
1
32768 ?
*>
134.1.1.0/24
0.0.0.0
0
32768 ?
s>
200.1.16.0
12.1.1.2
0
0 2 i
*> 200.1.16.0/22 0.0.0.0 100 32768 2 i
s>
200.1.17.0
12.1.1.2
0
0 2 i
s>
200.1.18.0
12.1.1.2
0
0 2 i
s>
200.1.19.0
12.1.1.2
0
0 2 i
--- Well-known versus optional
--- Mandatory versus discretionary
--- Transitive versus nontransitive
--- Partial
---Are propagated to other neighbors
The following takes place in a multiaccess netowrk:
*Router B advertises
network 172.30.0.0 to
router A in EBGP with
a next hop of 10.10.10.2,
not 10.10.10.1.This avoids an unnecessary hop.
*BGP is being efficient by
informing AS 64520 of the
best entry point into AS 65000
for network 172.30.0.0
*Router B i AS 65000 also advertises to AS 64520 that
the best entry point for each network in AS 64600 is the
next hop of router C because that is the best path to
move through AS 65000 to AS 64600
ICMP重定向
接口特性
When establishing a BGp session,BGP goes through the following states:
1.Idle:Router is searching routing table to see whether a route exists to reach the neighbor.
2.Connect:Router found a route to the neighbor and has completed the three-way TCP handshake.
3.Open sent:Open message sent,with the parameters for the BGP session.
4.Open confirm:Router received agreement on the parameters for establishing session.
----- Alternatively,router goes into active state if no response to ipen message.
5.Established:Peering is established;routing begins.
BGP Established and Idle States
*Idle:The router in this state cannot find the address of the
neighbor in the routing table.Check for an IGP problem,Is
the neighbor announcing the route?
* established:the established state is the proper
state for BGP operations.In the output of the show ip bgp
summary command,if the state column has a number,then
the route is IN the established state.The number is how many route have been learned from this
neighbor.
BGP Active State Troubleshooting
Active:The router has sent an open packet and is waiting for a response.The state may cycle between active and idle.The neighbor may not know how to get back to this router because of the following reasons:
BGP Active State Troubleshooting
Active:The router has sent an open packet and is waiting for a response.The state may cycle between active and idle.The neighbor may not know how to get back to this router because of the following reasons:
- Neighbor does not a route to the source IP address of the BGP open packet generated by this router.
- Neighbor is peering with the wrong address.
- Neighbor does not have a neighbor statement for this router.
- AS number is misconfiguration.
BGP Neighbor Authentication
Router(config-router)#
neighbor (ip-address | peer-group-name) password string
- BGP authentication uses MD5.
- Configure a key (passwork);router generates a message digest,or hash,of the key and the message.
- Message digest is sent;key is not sent.
- Router generates and checks the MD5 digest of every segment sent on the TCP connection.Router authenticates the source of each routing update packet that it receives.
R1#show ip bgp rib-failure
ri= router informationbase
IGP
AD
BGP
ri= router informationbase
Clearing the BGP Session
- When policies such as access lists or attributes are changed,the change takes effect immediately,and the next time that a prefix of path is advertised or received,the new policy is used,It can take a long time for the policy to be applied to all networks.
- You must trigger an update to ensure that the policy is immediately applied to all affected prefixes and paths.
- Ways to trigger an update
--Hard reset
--Soft reset
--Route refresh
Hard reset of BGP Sessions
router#
clear ip bgp *
- Reset all BGP connections with this router
- Entire BGP forwarding table is discarded.
- BGP session makes the transition from established to idle;
- everything must be relearned.
router#
clear ip bgp [neighbor-address]
- Reset only a single neighbor.
- BGP session makes the transition from established to idle;everything from this neighbor must be relearned.
- Less sever than clear ip bgp *.
Soft Reset Outbound
Router#
clear ip bgp {*| neighbor-address} [soft out]
Routers learned from this neighbor are not lost
This router resends all BGP information to the neighbor without resetting the connection.
The connection remains established.
This option is highly recommended when you are changing outbound policy.
The soft out option does not help if you are changing inbound policy.
Inbound Soft Reset
Router(config-router)#
- neighbor [ip address] soft-reconfiguration inbound
- This router stores all updates from this neighbor in case the inbound policy is changed.
- The commend is memory-intensive.
Router #
clear ip bgp {*|neighbor-address } soft in
- Uses the stored information to generate new inbound updates
R2#show ip bgp neighbors 12.1.1.1 advertised-routes
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Total number of prefixes 1
R1#show ip bgp neighbors 12.1.1.2 received-routes
% Inbound soft reconfiguration not enabled on 12.1.1.2
R1(config-router)#neighbor 12.1.1.2 soft-reconfiguration inbound
R1#show ip bgp neighbors 12.1.1.2 received-routes
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Total number of prefixes 1
debug ip bgp updates Command
Router#debug ip bgp updates
Network Boundary Summarization
Router(config-router)#
no auto-summary
BGP ,RIPv1 and RIPv2,IGRP,and EIGRP perform network boundary summarization by default.
BGP,RIPv2,and EIGRP can disable network boundary summarization.
CiDR has forced thi IANA to begin using class A addresses,like 64.0.0.0,in a classless manner.
If you are assigned a portion of a class A,B,or C address,the no auto-summary command needs
to be implemented under the BGP process or you risk claiming ownership of the whole lass A,B,or C address.
总结
auto summary
any ->bgp 不携带原有的下一跳,和metric
no auto-summary
any ->bgp 拾原有的下一跳,和metric
CIDR and Aggregate Addresses
- With BGP4,routes can be aggregated by any AS on any BGP router.
- BGP4 is classless,supports VLSM and longest match routing,and carries a network mask for each network in the update.
1、 手工写静路由NULL0
network 汇总路由
R2(config)# ip route 200.1.16.0 255.255.252.0 null 0
R2(config-router)#network 200.1.16.0 mask 255.255.252.0
Configuring BGP for Aggregate Addressing
Router(config-router)#
aggregate-address
ip-address mask [summary-only]
[as-set]
- Creates an aggregate(summary)entry in te BGP table
- Uses the summary-only option to advertise only the summary and not the specific routes
- Adds the as-set option to include a list of all the autonomous system numbers that the more specific routes have passed through
- Recommended method of summarization for BGP
- Null static route not needed,BGP null route automatically generated
R2(config-router)#aggregate-address 200.1.16.0 255.255.252.0
R1#show ip bgp
BGP table version is 18, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
R2(config-router)#aggregate-address 200.1.16.0 255.255.252.0 summary-only
R2#show ip bgp
BGP table version is 22, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
R1#show ip bgp
BGP table version is 22, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
抑止200.1.16.0 200.1.17.0,允许200.1.16.0/22
200.1.18.0 200.119.0通过。
R2(config-router) aggregate-address 200.1.16.0 255.255.252.0 summary-only suppress-map SUP
R2(config)#ip prefix-list 1 permit 200.1.16.0/x ge y le z
len < ge-value <= le-value
x
200.1.16.0/24
200.1.17.0/24
ip prefix-list 1 permit 200.1.16.0/23 ge 24 le 24
1
ip prefix-list 1 seq 5 permit 200.1.16.0/23 ge 24 le 24
2
route-map SUP permit 10
3 aggregate-address 200.1.16.0 255.255.252.0 summary-only suppress-map SUP
R2#show ip bgp
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
R1#show ip bgp
BGP table version is 24, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
R1(config-router)#aggregate-address 200.1.16.0 255.255.252.0 summary-only
在R1上做agg存在一个问题
如下:r1上生成一条200.1.16.0/22,并且没有标识从R2上收到的,r1会将此路由宣告到r2上
R1#show ip bgp
BGP table version is 32, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
R2#show ip
*Jun
1 14:10:03.506: %SYS-5-CONFIG_I: Configured from console by console
R2#show ip bgp
BGP table version is 16, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
R1#show ip bgp
BGP table version is 33, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
BGP Path Attributes
- BGP metrics are called path attributes.
- Characteristics of path attributes include:
Well-Known Attributes
Well-Known attributes
--Must be recognized by all compliant BGP implementations
Well-known mandatory attributes
--Must be present in all update messages
Well-know discretionary attributes
--May be present in update messages
BGP Attributes
BGP attributes include the following:
- AS path *
- Next-hot *
- Origin *
- Local preference
- MED
- Others
* Well-known mandatory attribute(公认,必须遵守)
Origin Attribute
- IGP(i)
--network command
- EBGP(e)
--Redistributed from BGP
- Incomplete(?)
--Redistributed from IGP or static
The origin attribute informs all autonomous systems in the internetwork how the prefixes were introduced into BGP.
The origin attribute is well-known,mandatory.
修改属性一般方法
R1(config)# ip prefix-list 2 permit 2.2.2.2/24
R1(config)#router-map o
R1(config-route-map)match
ip address prefix-list 2
R1(config)#router bgp 1
R1(config-router)neighbor 12.1.1.2 route-map o in
R1(config)route-map o permit 20
Route Selection Decision Process
Consider only(synchronized)routes with no AS loops and a valid next hop,and then:
1、 Prefer highest weight (local to router).
2、Prefer highest local preference(global within AS).
3、Prefer route originated by the local router (next hop = 0.0.0.0).
4 、Prefer shortest AS path.
5、Prefer lowest origin code(IGP
6 、Prefer lowest MED(exchannged between autonomous systems).
7、Prefer EBGP path over IBGP paht.
8、Prefer the path through the closest iGP neighbor.
9、Prefer oldest route for EBGP paths.
10、Prefer the path with the lowest neighbor BGP router ID.