【实验说明】
本实验将验证BGP的同步,分别配置同步开启和关闭后的不同效果,R4的loopback地址为4.4.4.4;R5的loopback地址为5.5.5.5;在配置bgp时R4与R5分别通告各自的loopback地址;
正确的情况为在R1和R2开启同步,则R4学习不到R5的loopback地址,在同步关闭的情况下,R4可以学习到R5的loopback地址。虽然能够学习到,但是无法ping通, 原因是被R3丢弃,因为R3不参与BGP运行,路由表中没有4.4.4.4和5.5.5.5的路由。最后通过将BGP重定向到IGP实现R4 ping R5的loopback地址。
【指导理论】
1、BGP同步规则的定义
在BGP同步打开的情况下,一个BGP路由器不会把那些通过ibgp邻居学习到得bgp路由器通告给自己的ebgp邻居,除非自己的igp路由表中存在这些路由,才可以向ebgp路由器通告,
2、BGP同步规则的目的:
防止一个AS(不是所有的路由器都运行BGP)内部出现路由黑洞,即向外部通告了一个本AS不可达的虚假的路由。
3、BGP同步规则的基本需求
如果一个AS内部存在非BGP路由器,那么就出现了BGP和IGP的边界,需要在边界路由器将BGP路由发布到IGP中,才能保证AS所通告到外部的BGP路由在AS内部是连通的,实际上是要求BGP路由和IGP路由的同步。
4、满足BGP同步规则的基本需求的结果
如果将BGP路由发布到IGP中,由于BGP路由主要是来自AS外部的路由(来自internet),那么结果是IGP路由器要维护数以万计的外部路由,对路由器的CPU和memeory以及AS内部的链路带宽的占用将带来巨大的开销。
BGP同步规则的总结
1、在所有的方案中,既要保证传递BGP路由,还要保证BGP路由的连通性。
2、关闭同步能够实现BGP路由的传递,不一定能保证AS内部连通性,除非AS内所有路由器都运行BGP才可以保证连通性;否则,仍然需要路由再发布
3、最后,在AS内部一般需要部署IGP来维持AS内部网络路径的连通性,以保证AS内部的所通告的BGP路由的吓一跳的可达性,这样BGP网络就具有更好的灵活性和扩展性
【实验拓扑】
【实验基本配置】
R1:
interface FastEthernet0/0
ip address 14.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial0/0
ip address 13.0.0.1 255.0.0.0
clock rate 2000000
!
router ospf 1
log-adjacency-changes
network 13.0.0.1 0.0.0.0 area 0
network 14.0.0.1 0.0.0.0 area 0
!
router bgp 1
synchronization
neighbor 14.0.0.4 remote-as 4
neighbor 23.0.0.2 remote-as 1
R2:
interface FastEthernet0/0
ip address 25.0.0.2 255.0.0.0
!
interface Serial0/0
ip address 23.0.0.2 255.0.0.0
clock rate 2000000
!
router ospf 1
log-adjacency-changes
network 23.0.0.2 0.0.0.0 area 0
network 25.0.0.2 0.0.0.0 area 0
!
router bgp 1
synchronization
neighbor 13.0.0.1 remote-as 1
neighbor 25.0.0.5 remote-as 5
R3:
interface Serial0/0
ip address 13.0.0.3 255.0.0.0
clock rate 2000000
!
interface Serial0/1
ip address 23.0.0.3 255.0.0.0
clock rate 2000000
!
router ospf 1
network 13.0.0.3 0.0.0.0 area 0
network 23.0.0.3 0.0.0.0 area 0
R4:
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 14.0.0.4 255.0.0.0
!
router bgp 4
network 4.4.4.4 mask 255.255.255.255
neighbor 14.0.0.1 remote-as 1
!
ip route 0.0.0.0 0.0.0.0 14.0.0.1
R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
ip address 25.0.0.5 255.0.0.0
!
router bgp 5
network 5.5.5.5 mask 255.255.255.255
neighbor 25.0.0.2 remote-as 1
!
ip route 0.0.0.0 0.0.0.0 25.0.0.2
【配置后的验证】
1、R1上学习到的BGP路由
R1#show ip bgp
BGP table version is 2, local router ID is 14.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 14.0.0.4 0 0 4 i
* i5.5.5.5/32 25.0.0.5 0 100 0 5 i
2、在R1上查看BGP路由5.5.5.5的详细信息
R1#show ip bgp 5.5.5.5
BGP routing table entry for 5.5.5.5/32, version 0
Paths: (1 available, no best path)
Not advertised to any peer
5
25.0.0.5 (metric 138) from 23.0.0.2 (25.0.0.2)
Origin IGP, metric 0, localpref 100, valid, internal,
not synchronized
同步开启的情况下,ibgp路由器不会把从bgp学习到的路由传递给其他bgp路由器,因此R4与R5路由表中没有对方的loopback地址
R4#
show ip route
Gateway of last resort is 14.0.0.1 to network 0.0.0.0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
C 14.0.0.0/8 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 14.0.0.1
R5#show ip route
Gateway of last resort is 25.0.0.2 to network 0.0.0.0
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
C 25.0.0.0/8 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 25.0.0.2
接下来把同步关闭----------------------------------------
R1(config)#
router bgp 1
R1(config-router)#
no synchronization
R1(config-router)#
end
R2(config)#
router bgp 1
R2(config-router)#
no synchronization
R2(config-router)#
end
R1#
clear ip bgp *
R2#
clear ip bgp *
查看关闭同步后的效果
R1#
show ip bgp
BGP table version is 5, local router ID is 14.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 14.0.0.4 0 0 4 i
*>i5.5.5.5/32 25.0.0.5 0 100 0 5 i
此时的5.5.5.5 可达
R1#
show ip bgp neighbors 14.0.0.4 advertised-routes
BGP table version is 5, local router ID is 14.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i5.5.5.5/32 25.0.0.5 0 100 0 5 i
显示IBGP邻居的通告路由
Total number of prefixes 1
R4#
show ip route 5.5.5.5
Routing entry for 5.5.5.5/32
Known via "bgp 4", distance 20, metric 0
Tag 1, type external
Last update from 14.0.0.1 00:05:09 ago
Routing Descriptor Blocks:
* 14.0.0.1, from 14.0.0.1, 00:05:09 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 1
R4#
show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 14.0.0.1 to network 0.0.0.0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 14.0.0.1, 00:05:19
C 14.0.0.0/8 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 14.0.0.1
下面测试R4是否能够ping通R5的loopback地址
R4#
debug ip icmp
ICMP packet debugging is on
R4#
ping 5.5.5.5
此时在R5上能够看到R5的路由,但是无法ping通,通过debug ip icmp 看到被13.0.0.3 丢弃,原因是R3的路由表中没有到达5.5.5.5 的路由。
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
U
*Mar 1 00:39:40.935: ICMP: dst (14.0.0.4) host unreachable rcv from 13.0.0.3.U
*Mar 1 00:39:42.967: ICMP: dst (14.0.0.4) host unreachable rcv from 13.0.0.3.U
Success rate is 0 percent (0/5)
【思考】
如何才能使R4与R5 ping通对方的loopback地址呢?
方法1、将BGP重定向到IGP中,配置如下:
同时将同步打开
R1:
ip prefix-list R4_loopback permit 4.4.4.4/32
!
route-map R4_loop permit 10
match ip address prefix-list R4_loopback
router ospf 1
redistribute bgp 1 subnets route-map R4_loop
router bgp 1
synchronization
R2:
ip prefix-list R5_loopback seq 5 permit 5.5.5.5/32
!
route-emap R5_loop permit 10
match ip address prefix-list R5_loopback
router ospf 1
redistribute bgp 1 subnets route-map R5_loop
router bgp 1
synchronization
重定向后验证
R4:
R4#show ip route
Gateway of last resort is 14.0.0.1 to network 0.0.0.0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 14.0.0.1, 00:05:58 路由中有R5的loopback地址,
说明重定向后R4与R5之间能够学习到对方的BGP路由
C 14.0.0.0/8 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 14.0.0.1
R3:
R3#show ip route
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/1] via 13.0.0.1, 00:06:15, Serial0/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/1] via 23.0.0.2, 00:06:15, Serial0/1
重定向生效后在R3的路由器中有了BGP路由
C 23.0.0.0/8 is directly connected, Serial0/1
O 25.0.0.0/8 [110/74] via 23.0.0.2, 00:06:15, Serial0/1
C 13.0.0.0/8 is directly connected, Serial0/0
O 14.0.0.0/8 [110/74] via 13.0.0.1, 00:06:15, Serial0/0
R4#
ping 5.5.5.5 也能够ping 通了
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =60/61/69 ms
R1#show ip bgp
BGP table version is 4, local router ID is 14.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 14.0.0.4 0 0 4 i
r>i5.5.5.5/32 25.0.0.5 0 100 0 5 i
注意多了一个r
R4#show ip route 5.5.5.5
Routing entry for 5.5.5.5/32
Known via "bgp 4", distance 20, metric 0
Tag 1, type external
Last update from 14.0.0.1 00:16:24 ago
Routing Descriptor Blocks:
* 14.0.0.1, from 14.0.0.1, 00:16:24 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 1
转载于:https://blog.51cto.com/haolun/992895
269
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
