BGP路由協(xié)議-CISCO設(shè)備

1、bgp,bgp autonomous systems,an as is a collection of networks under a single technical administration.(自治系統(tǒng)經(jīng)典定義:在單一技術(shù)下管理下,采用同一種內(nèi)部網(wǎng)關(guān)協(xié)議和統(tǒng)一度量值在as內(nèi)轉(zhuǎn)發(fā)數(shù)據(jù)包,并采用一種外部協(xié)議將數(shù)據(jù)包轉(zhuǎn)發(fā)到其他as的一組路由器.) igps operate within an as. bgp is used between autonomous systems. exchange of loop-free routing information is guaranteed.

2、(bgp的主要目標(biāo)是提供一種能夠保證自治系統(tǒng)間無(wú)環(huán)路的路由選擇信息交換的域間路由系統(tǒng).,bgp characteristics (特征,bgp is a distance-vector protocol with the following enhancements: reliable updates: bgp runs on top of tcp (port 179;可靠通信.) incremental, triggered updates only(增量更新,觸發(fā)更新) periodic keepalive messages to verify tcp connectivity(周期性通過(guò)

3、keepalive包發(fā)送消息.) rich metrics (called path vectors or attributes,豐富的計(jì)量值,一一比較,bgp中稱為屬性;類似于igp中的開銷值.) designed to scale to huge internetworks (e.g., the internet;專門為大型互聯(lián)網(wǎng)絡(luò)而設(shè)計(jì).) 支持vlsm可變長(zhǎng)子網(wǎng)掩碼,bgp databases(數(shù)據(jù)表,neighbor table list of bgp neighbors(bgp對(duì)等體,鄰居,交換路徑信息,與rip類似.) 可以直連可以不直連. 鄰居關(guān)系建立在tcp連接之上. bgp

4、 forwarding table/database list of all networks learned from each neighbor can contain multiple pathways to destination networks database contains bgp attributes for each pathway ip routing table list of best paths to destination networks(列出了到目標(biāo)網(wǎng)絡(luò)的最佳路徑,bgp表,運(yùn)行bgp的路由器保存著一個(gè)獨(dú)立于ip路由表的bgp表. show ip bgp b

5、gp table version is 23, local router id is 192.168.1.49 status codes: s suppressed, d damped, h history, * valid, best, i - internal origin codes: i - igp, e - egp, ? - incomplete network next hop metric locprf weight path * 10.0.0.0 10.1.1.100 0 0 65200 i * 172.16.10.0/24 10.1.1.100 0 0 65200 i,bgp

6、 message types,bgp defines the following message types: open：(版本號(hào)4,as號(hào),保持時(shí)間,路由器id) includes holdtime and bgp router id keepalive：(類似hello包) update：(撤消路由,路徑屬性,網(wǎng)絡(luò)層可達(dá)信息) information for one path only (could be to multiple networks) includes path attributes and networks notification：(通告消息,檢測(cè)到出錯(cuò)條件時(shí),發(fā)送通知消

7、息) when error is detected bgp connection is closed after sent,bgp states,when establishing a bgp session, bgp goesthrough the following steps: idle(閑置狀態(tài)): router is searching routing table to see if a route exists to reach the neighbor. connect(連接狀態(tài)): router found route and has completed three-way t

8、cp handshake. open sent(發(fā)送消息): open message sent with the parameters(參數(shù)) for the bgp session. open confirm(確認(rèn)消息): router received agreement on the parameters for establishing session. established(建立鄰居,開始路由): peering is established; routing begins,peers = neighbors,a bgp peer, also known as a bgp nei

9、ghbor, is a specific term that is used for bgp speakers that have established a neighbor relationship. any two routers that have formed a tcp connection to exchange bgp routing information are called peers or neighbors,internal bgp,igbp refers to the presence of bgp neighbors within the same as. the

10、 neighbors do not have to be directly connected,external bgp,when bgp neighbors belong to different autonomous systems they are called ebgp. ebgp neighbors, by default, need to be directly connected,bgp peering,routera# show ip bgp summary bgp table version is 23, main routing table version 23 10 ne

11、twork entries and 11 paths using 1242 bytes of memory 4 bgp path attribute entries using 380 bytes of memory bgp activity 23/13 prefixes, 38/27 paths 0 prefixes revised. neighbor v as msgrcvd msgsent tblver inq outq up/down state/pfxrcd 10.1.1.100 4 65200 211 211 13 0 0 00:01:53 5 192.168.1.18 4 651

12、01 214 226 23 0 0 00:00:13 1 192.168.1.34 4 65101 214 226 23 0 0 00:00:09 1 192.168.1.50 4 65101 214 225 23 0 0 00:00:06 3,bgp commands,router bgp autonomous-system(64512-65535,router(config),this command, with no subcommands, does not activate bgp.(還需要其他子命令配合.) only one instance of bgp can be confi

13、gured on the router at a single time.(僅一個(gè)bgp進(jìn)程,邊界是鏈路.) the autonomous system number identifies the autonomous system to which the router belongs. the autonomous system number in this command is compared to the autonomous system numbers listed in neighbor statements to determine if the neighbor is an

14、 internal or external neighbor.(確定鄰居關(guān)系,bgp neighbor command,neighbor ip-address | peer-group-name remote-as autonomous-system,router(config-router),the neighbor command activates a bgp session with this neighbor.(只有指定鄰居雙方,才能建立會(huì)話.) the term remote-as shows what as this neighbor is in. this as number

15、is used to determine if the neighbor is internal or external.(鄰居as號(hào)一樣,為ibgp;不一樣為ebgp.) this command is used for both external and internal neighbors. the ip address specified is the destination address of bgp packets going to this neighbor.(tcp連接或環(huán)回口地址.) this router must have an ip pathway to reach

16、this neighbor before it can set up a bgp relationship,example: bgp neighbor command,bgp network command,network network-number mask network-mask,router(config-router),this command tells bgp what network to advertise, not how to advertise the network.(宣告什么網(wǎng)絡(luò),將此路由注入bgp;也可使用再發(fā)布.) the command does not a

17、ctivate the protocol on an interface. without a mask option, it advertises classful networks. if a subnet of the classful network exists in a routing table, the classful address is announced if auto summary is enabled. auto summary is enabled by default. bgp looks for an exact match in the local rou

18、ting table before announcing this route.(宣告前必須保證路由是可用的.) 在ios 12.0之前的版本中,每臺(tái)bgp路由器有200條network限制;現(xiàn)在這個(gè)限制已經(jīng)取消了;路由器的內(nèi)存決定了我們可以使用的network命令的最大數(shù)量. mask命令可以處理超網(wǎng)和子網(wǎng);自動(dòng)匯總?cè)笔∈亲詣?dòng)的. network命令列表必須包括as中我們想要通告的所有網(wǎng)絡(luò),而不僅僅是那些本地連接在路由器上的網(wǎng)絡(luò),案例:在多個(gè)as間配置bgp,客戶要求:配置bgp來(lái)與兩家服務(wù)供應(yīng)商交換路由信息;以實(shí)現(xiàn)較強(qiáng)的容錯(cuò)的能力. 方法: 1,保證路由器直連. 2,配置isp1,isp2

19、路由器.(實(shí)際中不可操作) router bgp 100 neighbor 192.168.1.6 remote-as 24 network 10.0.0.0 3,配置公司的邊界路由器: router bgp 24 neighbor 192.168.1.5 remote-as 100 neighbor 172.16.1.5 remote-as 200 network 200.100.50.0 4,show ip bgp觀察到什么情況?ping可達(dá)嗎? 5,請(qǐng)?jiān)诙嗯_(tái)路由器上實(shí)現(xiàn)bgp的互聯(lián),看還需要什么條件,bgp example configuration,1. routerb(config)

20、# router bgp 65000 2. routerb(config-router)# neighbor 10.1.1.2 remote-as 64520 3. routerb(config-router)# neighbor 192.168.2.2 remote-as 65000 4. routerb(config-router)# network 172.16.10.0 mask 255.255.255.0 5. routerb(config-router)# network 192.168.1.0 6. routerb(config-router)# network 192.168.

21、3.0,ibgp and redistribution,a transit as should run ibgp on all routers because the full internet routing table is too large to redistribute into an igp.(由互聯(lián)網(wǎng)絡(luò)上的路由表太大了,如果發(fā)布到igp中,會(huì)使網(wǎng)絡(luò)崩潰,所以在轉(zhuǎn)接as中所有路由器都要運(yùn)行bgp,ibgp split horizon rule,by default, routes learned via ibgp are never propagated to other ibgp

22、 peers.(缺省情況下,路由器從ibgp中學(xué)到的路由不會(huì)再傳給其它ibgp鄰居;.,partial mesh igp,routing issues without fully meshed ibgp,router c will drop the packet to network 10.0.0.0. router c is not running ibgp; therefore, it has not learned about the route to network 10.0.0.0 from router b. in this example, router b and router

23、 e are not redistributing bgp into ospf.所以我們必須為每個(gè)連接指定bgp鄰居;或者將bgp發(fā)布到igp中,1.理解bgp同步,1.bgp同步規(guī)則的定義: 在bgp同步打開的情況下,一個(gè)bgp路由器不會(huì)把那些通過(guò)ibgp鄰居學(xué)到的bgp路由通告給自己的ebgp鄰居;除非自己的igp路由表中存在這些路由,才可以向ebgp路由器通告. 如下例:同步開啟時(shí),a不會(huì)將b告訴它的172.16.0.0告訴e;除非a和b的igp路由表中也存在172.16.0.0.這條路由,a才會(huì)向e宣告.也即a,b同時(shí)運(yùn)行bgp和igp時(shí),要打開同步.(但此圖中沒有匹配的igp路由17

24、2.16.0.0;如同步打開,按同步規(guī)則就會(huì)出現(xiàn)ibgp不會(huì)傳遞ibgp路由.,example: bgp synchronization,if synchronization is on (the default), then: 路由器b將通過(guò)ibgp向as65500中的其他路由器通告到172.16.0.0的路由. 路由器b將使用到172.16.0.0的路由,并且將它放置到它的路由表中. routers a, c, and d would not use or advertise the route to 172.16.0.0 until they receive the matching r

25、oute via an igp(也即,因?yàn)闆]有運(yùn)行igp,所以這些路由器將永遠(yuǎn)不使用或通告此條路由). router e would not hear about 172.16.0.0. if synchronization is off, then: routers a, c, and d would use and advertise the route they receive via ibgp; router e would hear about 172.16.0.0. if router e sends traffic for 172.16.0.0, routers a, c, an

26、d d would route the packets correctly to router b,2.同步規(guī)則的基本需求,2.bgp同步規(guī)則的目的: 為防止一個(gè)as(不是所有的路由器都運(yùn)行bgp)內(nèi)部出現(xiàn)路由黑洞,即向外部通告了一個(gè)本as不可達(dá)的虛假的路由. 3.bgp同步規(guī)則的基本需求 如果一個(gè)as內(nèi)部存在非bgp路由器,那么就出現(xiàn)了bgp和igp的邊界,需要在邊界路由器將bgp路由發(fā)布到igp中,才能保證as所通告到外部的bgp路由,在as內(nèi)部是連通的. 實(shí)際上是要求bgp路由和igp路由的同步,3,然而,4.滿足bgp同步規(guī)則的基本需求的而產(chǎn)生的嚴(yán)重結(jié)果 如果將bgp路由發(fā)布到igp中

27、,由于bgp路由主要是來(lái)自as外部的路由(來(lái)自internet),那么結(jié)果是igp路由器要維護(hù)數(shù)以萬(wàn)計(jì)的外部路由,對(duì)路由器的cpu和memeory以及as內(nèi)部的鏈路帶寬的占用將帶來(lái)巨大的開銷,4.結(jié)論,同步目的之一,缺省情況下,同步打開,不會(huì)將ibgp路由通告給ebgp鄰居.(bgp+igp+重發(fā)布+開同步) -同步目的之二,防止內(nèi)部出現(xiàn)路由黑洞,向外界公布虛假路由. -同步目的之三,當(dāng)bgp和igp同時(shí)存在時(shí),為了保證向外界公告的路由是真實(shí)的,理論上要求同步. -但是,bgp路由主要來(lái)自于互聯(lián)網(wǎng),igp不能承受數(shù)以萬(wàn)計(jì)的外部路由;我們一般不建議將bgp路由注入igp中. 通常bgp協(xié)議的運(yùn)行需要關(guān)閉同步,5,因此,在實(shí)際運(yùn)用中，如下情況要關(guān)閉同步： 1，當(dāng)一個(gè)as內(nèi)的所有轉(zhuǎn)接路由器都在運(yùn)行全網(wǎng)狀互聯(lián)的ibgp時(shí)；內(nèi)部可達(dá)性可以保證；關(guān)閉同步。（外部ebgp可以通過(guò)ibgp自動(dòng)轉(zhuǎn)接） 2，當(dāng)as不是一個(gè)轉(zhuǎn)接型as時(shí)，即不轉(zhuǎn)接其他as間的數(shù)據(jù)流時(shí)，關(guān)閉同步。 在未來(lái)的ios版本中,缺省情況下bgp同步將被關(guān)閉,因?yàn)榇蠖鄶?shù)都在所有的路由器上運(yùn)行bgp,二.bgp同步規(guī)則的總結(jié),1.在所有的方案中, 既要保證傳遞bgp路由,還要保證bgp路由的連通性. 2.關(guān)閉同步能夠?qū)崿F(xiàn)bgp路由的傳遞,不一定能保證as內(nèi)部連通性,除非as內(nèi)所有路由