研究leBGP同步规则路由测试
1、参考上图,现要求AS100的R1路由器loopback0:1.1.1.1/24可以连通AS300的R5路由器loopback 0:5.5.5.5/24,R2、R3、R4均存在于AS 200里面,但是R3是一台非BGP路由器,R2、R3、R4之间的IGP协议使用OSPF。
2、配置如下:
R1:
hostname R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 172.16.255.1 255.255.255.252
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 172.16.255.2 remote-as 200
no auto-summary
!
no ip http server
no ip http secure-server
control-plane
line con 0
exec-timeout 0 0
Logging synchronous
line aux 0
line vty 0 4
end
R2:
hostname R2
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0/0
ip address 172.16.255.2 255.255.255.252
half-duplex
!
interface Ethernet0/1
ip address 172.16.255.5 255.255.255.252
half-duplex
!
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
redistribute bgp 200 metric 30 subnetsroute-map test
network 2.2.2.0 0.0.0.255 area 0
network 172.16.255.0 0.0.0.3 area 0
network 172.16.255.4 0.0.0.3 area 0
!
router bgp 200
synchronization
bgp log-neighbor-changes
network 172.16.255.0 mask 255.255.255.252
network 172.16.255.4 mask 255.255.255.252
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 172.16.255.1 remote-as 100
neighbor 172.16.255.1 next-hop-self
no auto-summary
!
no ip http server
no ip http secure-server
ip prefix-list 1 seq 5 permit 1.1.1.0/24
!
route-map test permit 10
match ip address prefix-list 1
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
end
R3:
hostname R3
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
interface Ethernet0/1
ip address 172.16.255.6 255.255.255.252
half-duplex
!
interface Ethernet0/2
ip address 172.16.255.9 255.255.255.252
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
router ospf 10
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.0 0.0.0.255 area 0
network 172.16.255.4 0.0.0.3 area 0
network 172.16.255.8 0.0.0.3 area 0
!
no ip http server
no ip http secure-server
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
end
R4:
hostname R4
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
!
interface Ethernet0/2
ip address 172.16.255.10 255.255.255.252
half-duplex
!
interface Ethernet0/3
ip address 172.16.255.13 255.255.255.252
half-duplex
!
router ospf 10
router-id 4.4.4.4
log-adjacency-changes
redistribute bgp 200 metric 30 subnetsroute-map test
network 4.4.4.0 0.0.0.255 area 0
network 172.16.255.12 0.0.0.3 area 0
network 172.16.255.0 0.0.0.255 area 0
!
router bgp 200
synchronization
bgp log-neighbor-changes
network 172.16.255.8 mask 255.255.255.252
network 172.16.255.12 mask 255.255.255.252
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 172.16.255.14 remote-as 300
neighbor 172.16.255.14 next-hop-self
no auto-summary
!
no ip http server
no ip http secure-server
ip prefix-list 2 seq 5 permit 5.5.5.0/24
!
route-map test permit 10
match ip address prefix-list 2
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
end
R5:
hostname R5
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Ethernet0/0
no ip address
shutdown half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
ip address 172.16.255.14 255.255.255.252
half-duplex
!
router bgp 300
no synchronization
bgp log-neighbor-changes
network 5.5.5.0 mask 255.255.255.0
neighbor 172.16.255.13 remote-as 200
no auto-summary
!
no ip http server
no ip http secure-server
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
end
3、查看路由条目:
R1:
R1#showip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
5.0.0.0/24 is subnetted, 1 subnets
B 5.5.5.0 [20/0] via 172.16.255.2, 00:00:16
172.16.0.0/30 is subnetted, 5 subnets
C 172.16.255.0 is directly connected, Ethernet0/0
B 172.16.255.4 [20/0] via 172.16.255.2, 00:00:16
B 172.16.255.8 [20/0] via 172.16.255.2, 00:00:16
B 172.16.255.12 [20/0] via 172.16.255.2, 00:00:16
B 172.16.255.16 [20/0] via 172.16.255.2, 00:00:16
可以明显看见R 1通过BGP协议学到了5.5.5.5/24的路由条目;下一跳目的地为172.16.255.2
R2:
R2#show ip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 172.16.255.1, 00:01:50
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 172.16.255.6, 00:02:45, Ethernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/21] via 172.16.255.6, 00:02:45, Ethernet0/1
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/30] via 172.16.255.6, 00:02:45, Ethernet0/1
172.16.0.0/30 is subnetted, 5 subnets
C 172.16.255.0 is directly connected, Ethernet0/0
C 172.16.255.4 is directly connected, Ethernet0/1
O 172.16.255.8 [110/20] via 172.16.255.6, 00:02:48, Ethernet0/1
O 172.16.255.12 [110/30] via 172.16.255.6,00:02:48, Ethernet0/1
C 172.16.255.16 is directly connected, Ethernet0/2
可以看见R2也学到了5.5.5.5/24的路由条目,但是通过BGP重分布进OSPF方式得到,下一跳为172.16.255.6;
R3:
R3#show ip route
Codes: C - connected, S - static, R - RIP, M- mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/30] via 172.16.255.5, 00:03:19, Ethernet0/1
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/11] via 172.16.255.5, 00:04:09, Ethernet0/1
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/11] via 172.16.255.10, 00:04:09, Ethernet0/2
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/30] via 172.16.255.10, 00:04:09, Ethernet0/2
172.16.0.0/30 is subnetted, 5 subnets
O 172.16.255.0 [110/20] via 172.16.255.5, 00:04:11, Ethernet0/1
C 172.16.255.4 is directly connected, Ethernet0/1
C 172.16.255.8 is directly connected, Ethernet0/2
O 172.16.255.12 [110/20] via 172.16.255.10, 00:04:12, Ethernet0/2
非常关键的路由器,R1能不能PING通R5,关键在它上面是否有全拓扑路由条目,如果少一条都不行,查看R3上已经具备全拓扑路由条目,网段5.5.5.5/24通过OSPF学到,下一跳:172.16.255.10;
R4:
R4#showip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/30] via 172.16.255.9, 00:03:53, Ethernet0/2
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/21] via 172.16.255.9, 00:04:44, Ethernet0/2
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 172.16.255.9, 00:04:44, Ethernet0/2
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
5.0.0.0/24 is subnetted, 1 subnets
B 5.5.5.0 [20/0] via 172.16.255.14, 00:22:49
172.16.0.0/30 is subnetted, 5 subnets
O 172.16.255.0 [110/30] via 172.16.255.9, 00:04:46, Ethernet0/2
O 172.16.255.4 [110/20] via 172.16.255.9,00:04:46, Ethernet0/2
C 172.16.255.8 is directly connected, Ethernet0/2
C 172.16.255.12 is directly connected, Ethernet0/3
C 172.16.255.16 is directly connected, Ethernet0/1
R4通过将BGP重分布进OSPF,保证R2、R3都能学到5.5.5.5/24路由,为什么要保证呢?关键还是得看BGP同步规则;目标网段5.5.5.5/24下一跳:172.16.255.14;
R5:
R5#show ip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 172.16.255.13, 00:08:25
5.0.0.0/24 is subnetted, 1 subnets
C 5.5.5.0 is directly connected, Loopback0
172.16.0.0/30 is subnetted, 5 subnets
B 172.16.255.0 [20/0] via 172.16.255.13, 00:07:54
B 172.16.255.4 [20/0] via 172.16.255.13, 00:07:54
B 172.16.255.8 [20/0] via 172.16.255.13, 00:23:45
C 172.16.255.12 is directly connected, Ethernet0/3
B 172.16.255.16 [20/0] via 172.16.255.13, 00:23:45
4、测试从R1到R5的连通性:
R1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5,timeout is 2 seconds:
!!!!!
R1# traceroute 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 172.16.255.2 148 msec 100msec 64 msec
2172.16.255.6 [AS 200] 148 msec 92 msec 124 msec
3172.16.255.10 [AS 200] 220 msec 144 msec 248 msec
4172.16.255.14 [AS 200] 236 msec * 408msec
通过比照发现,路由追踪的条目正好完全等于我们在路由表中查看到的路由条目及下一跳,红字部分;
(注:BGP同步规则:学习自IBGP邻居的路由进入路由表或被宣告给BGP对等体前,必须通过IGP来知晓路由,IBGP进程下的同步必须开启才能同步)
5、实验变化:R2、R4间之间互联绕过R3,模拟R3链路中断;
(1)首先R3模拟E0/2断开:
R3:
Int e0/2
Shut
(2)可以发现路由直接DOWN掉,因为物理链路故障,导致网络层也无法正常工作;
(3)R2、R4互联配置:
R2:
interface Ethernet0/2
ipaddress 172.16.255.17 255.255.255.252
half-duplex
router bgp 200
network 172.16.255.16 mask 255.255.255.252
neighbor 172.16.255.18 remote-as 200
neighbor 172.16.255.18 next-hop-self
R4:
interface Ethernet0/1
ipaddress 172.16.255.18 255.255.255.252
half-duplex
router bgp 200
network 172.16.255.16 mask 255.255.255.252
neighbor 172.16.255.17 remote-as 200
neighbor 172.16.255.17 next-hop-self
(4)现在R1、R2、R4、R5都配置了BGP,理应可以让R1正常访问R5,看路由:
R2#showip route
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 172.16.255.1, 00:00:17
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
172.16.0.0/30 is subnetted, 3 subnets
C 172.16.255.0 is directly connected, Ethernet0/0
C 172.16.255.4 is directly connected, Ethernet0/1
C 172.16.255.16 is directly connected, Ethernet0/2
很奇怪没有5.5.5.5/24,查看BGP表:
R2#showip bgp
BGP table version is 7, local router ID is2.2.2.2
Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 172.16.255.1 0 0 100 i
* i5.5.5.0/24 172.16.255.18 0 100 0 300 i
*> 172.16.255.0/30 0.0.0.0 0 32768 i
*> 172.16.255.4/30 0.0.0.0 0 32768 i
* i172.16.255.8/30 172.16.255.18 0 100 0 i
* i172.16.255.12/30 172.16.255.18 0 100 0 i
*> 172.16.255.16/30 0.0.0.0 0 32768 i
* i 172.16.255.18 0 100 0 i
5.5.5.5/24作为非优化路由仅存在于BGP表中,不能进入路由表;这是为什么,回忆BGP同步规则:因为无IGP:5.5.5.5/24路由不知晓如何到达5.5.5.5/24,所以无法将5.5.5.5/24装入路由表,解决办法是取消同步,
R2(config)#router bgp 200
R2(config-router)#no sy
R2(config-router)#no synchronization
这样将BGP路由表再次刷新下,10S左右,发现BGP表:
R2#show ip bgp
BGP table version is 8, local router ID is2.2.2.2
Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 172.16.255.1 0 0 100 i
*>i5.5.5.0/24 172.16.255.18 0 100 0 300 i
*> 172.16.255.0/30 0.0.0.0 0 32768 i
*> 172.16.255.4/30 0.0.0.0 0 32768 i
*>i172.16.255.8/30 172.16.255.18 0 100 0 i
*>i172.16.255.12/30 172.16.255.18 0 100 0 i
*> 172.16.255.16/30 0.0.0.0 0 32768 i
* i 172.16.255.18 0 100 0 i
学到了路由条目,因为IBGP之间建立了全互联,且关闭同步,BGP无须首先通过IGP知道的情况下进入路由表。
(5)测试R1访问R5:
R1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5,timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),round-trip min/avg/max = 144/176/272 ms
R1#tr
R1#traceroute 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1172.16.255.2 148 msec 156 msec 60 msec
2172.16.255.18 [AS 200] 140 msec 112 msec 128 msec
3172.16.255.14 [AS 200] 212 msec * 176msec
查看路由追踪,发现路由5.5.5.5/24直接走互联BGP通道了。
反之:R5访问R1也是一样的原理,这里不做说明了。
转载于:https://blog.51cto.com/7754794/1294816
1483
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
