hcie精英培訓(xùn)實驗指導(dǎo)書-05bgp advance

BGP原理概作為最佳路由，并只把此路由發(fā)送給其對等體。BGPBGP的路由優(yōu)選規(guī)則依次比較這些路由的BGP屬性。路由屬性是對路由的特定描述。Update報文中。如果缺少這類屬性，路由信息就會出錯。如Origin屬性，AS-Path屬性，Next-Hop屬性；公認(rèn)任意屬性，所有BGP設(shè)備都可以識別此UpdateLocal_Pref屬性；可選過渡屬性，BGPBGP設(shè)備不識別BGPBGP設(shè)備不識別此類屬性，則會被忽略該屬性，且不會通告給其他對等體。如MED屬性等。當(dāng)?shù)竭_(dá)同一目的地存在多條路由時，BGP依次對比下列屬性來選擇路由：依次優(yōu)選手動聚合路由、自動聚合路由、network命令引入的路由、import-route命令A(yù)S依次優(yōu)選Origin類型 plete的路由ASMED（MultiExitDiscriminator）值最低的路由；依次優(yōu)選EBGP路由、IBGP路由；BGPIGP度量值最小的路由；優(yōu)選Cluster_List最短的路由；RouterIDIP先級，BGP選路時將該路由按缺省的本地優(yōu)先級100來處理。當(dāng)?shù)竭_(dá)同一目的地址存在多的條件是“BGP選擇路由的策略”的1至8條規(guī)則中需要比較的屬性完全相同。實驗?zāi)緽GPBGPBGPBGPAS-PathBGPMEDBGPNext-HopBGP實驗內(nèi)司兩個不同分支機構(gòu)路由器，R2R1R3上分別有設(shè)有不同的業(yè)務(wù)網(wǎng)段，其中192.168.10.0/24與172.16.10.0/24為業(yè)務(wù)A所用網(wǎng)段，192.168.20.0/24與172.16.20.0/24B所用網(wǎng)段。兩個不同分支機構(gòu)與總部間都設(shè)有專線，使得兩分支機按照拓?fù)浯罱ňW(wǎng)絡(luò)，在所有AS間使用直連接口建立EBGP在公司總部AS400中，R4R5，R5R7，R7R6，R6R4IBGP鄰居關(guān)系，IGP協(xié)議使用所有業(yè)務(wù)網(wǎng)段，與所有設(shè)備上的Loopback0所在網(wǎng)段都能通過BGP路由實現(xiàn)互相訪為了使網(wǎng)絡(luò)資源能充分得到利用，要求業(yè)務(wù)網(wǎng)段A的流量通過運營商設(shè)備轉(zhuǎn)發(fā)，B的網(wǎng)絡(luò)管理員進(jìn)行定期線路檢查，現(xiàn)通過適當(dāng)調(diào)整IGP的鏈路開銷值，使得所有經(jīng)過總部AS的流量都沿著R4-R5-R7-R6路徑轉(zhuǎn)發(fā)；BB的流量單獨沿著R4-R6路徑轉(zhuǎn)發(fā)（要求BGP路由選路與實際轉(zhuǎn)發(fā)路徑一致；R7BGP實驗拓實驗編GGLoopbackGGLoopbackGGLoopbackGGGLoopbackGGLoopbackGGGLoopbackGGLoopback驗證與AS間使用直連接口建立EBGP<R1>displaybgpBGPlocalrouterID:10.0.1.1LocalASnumber:100Totalnumberofpeers:2 Peersinestablishedstate:2 ASMsgRcvdMsgSentOutQUp/Down 400400AS400中，R4R5，R5R7，R7R6，R6與R4間使用環(huán)回接口建立IBGP鄰居關(guān)系，IGP協(xié)議使用OSPF[R4]displayospfpeer[R4]displayospfpeerOSPFProcess1withRouterIDPeerStatistic[R4]displaybgpBGPlocalrouterID:10.0.4.4LocalASnumber:400Totalnumberofpeers:Peersinestablishedstate:VASMsgRcvdMsgSentOutQAreaNeighbor400000:04:1904000:03:1504000:03:470所有業(yè)務(wù)網(wǎng)段，與所有設(shè)備上的Loopback0BGP路由<R1>displaybgprouting-tableBGPLocalrouterID<R1>displaybgprouting-tableBGPLocalrouterIDis10.0.1.1Statuscodes:*-valid,>-best,d-h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?- TotalNumberofRoutes: PrefVal00i000200*04000010020000*00*000i00iA的流量通過運營商設(shè)備轉(zhuǎn)發(fā)，B的流量通過專線轉(zhuǎn)發(fā)注：AS-pathBGP在ASAs-path越短越優(yōu)先，BGP可以對鄰居發(fā)送或接受的路由做適當(dāng)修改。0*0*00*0200<R1>displaybgprouting-tableBGPLocalrouterID<R1>displaybgprouting-tableBGPLocalrouterIDis10.0.1.1Statuscodes:*-valid,>-best,d-h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?- TotalNumberofRoutes: LocPrfPrefVal<R1>tracert-a192.168.10.1tracerouteto172.16.10.1(172.16.10.1),maxhops:30,packetlength:40,pressCTRL_Ctobreak110.0.12.290ms50ms50210.0.23.3120ms60ms50<R1>tracert-a192.168.20.1tracerouteto172.16.20.1(172.16.20.1),maxhops:30,packetlength:40,pressCTRL_Ctobreak140ms30ms50260ms80ms603100ms120ms80注：MEDBGPASAS內(nèi)比ASMEDMED越小越優(yōu)先，BGP可<R3>displaybgprouting-tableBGPLocalrouterID<R3>displaybgprouting-tableBGPLocalrouterIDis10.0.3.3Statuscodes:*-valid,>-best,d-h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?- TotalNumberofRoutes:<R3>tracert-a172.16.10.1tracerouteto192.168.10.1(192.168.10.1),maxhops:300200*04000400*0200length:length:40,pressCTRL_Cto110.0.23.210ms40ms40210.0.12.170ms60ms40<R3>tracert-a172.16.20.1tracerouteto192.168.20.1(192.168.20.1),maxhops:30,packetlength:40,pressCTRL_Ctobreak110.0.36.610ms50ms30210.0.46.480ms60ms80310.0.14.1110ms80ms70有經(jīng)過總部AS的流量都沿著R4-R5-R7-R6路徑轉(zhuǎn)發(fā)注：BGP255，而OSPF10150注：OSPF在引入BGP做為外部路由時，其它OSPFASBR最近的鏈路，此時可以通過修改接口cost來修改路徑，默認(rèn)接口cost為1。[R4]displayiprouting-RouteFlags:[R4]displayiprouting-RouteFlags:R-relay,D-downloadtoRoutingTables:Destinations:Routes: ProtoPreFlags[R4]displayospfOSPFProcess1withRouterID10.0.4.4RoutingTablesRoutingfor[R4]displayospf01D11IP11Routingfor11130ms30ms30280ms70ms4037041605110OSPFProcess1withRouterIDOSPFProcess1withRouterIDArea:(MPLSTEnot 101[R6]displayospfOSPFProcess1withRouterIDRouting<R1>tracert-a192.168.20.1tracerouteto172.16.20.1(172.16.20.1),maxhops:30,packetlength:40,pressCTRL_CtobreakOSPF注：BGPIBGP的水平分割，所以IBGP鄰居無法正常傳遞路由，這里可以使用全深入理解R4R6為例，將觀察到如下現(xiàn)象（略[R4]displaybgprouting-BGPLocalrouterIDisStatuscodes:*-valid,>-best,d-h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?- TotalNumberofRoutes:*>i00**>i00*00*0100i00*000000[R4]displayiprouting-RouteFlags:R-relay,D-downloadtoRoutingTables:Destinations: Routes: PreFlags172.16.20.0/24255RD[R6]displaybgprouting-BGPLocalrouterIDisStatuscodes:*-valid,>-best,d-h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?- TotalNumberofRoutes:PrefVal*>0 0000*00*030000**00[R6-ospf-1]displayiprouting-RouteFlags:R-relay,D-downloadtoRoutingTables:Destinations:Routes: 192.168.20.0/24IBGPPre255Flags<R1>tracert-a192.168.20.1tracerouteto172.16.20.1(172.16.20.1),maxhops:30,packetlength:40,pressCTRL_Ctobreak110.0.14.430ms50ms60210.0.46.630ms80ms90310.0.36.3100ms70ms70實現(xiàn)R5與R7不參與BGP路徑選擇BGP鄰居，則可以在較穩(wěn)定的一注：BGP是基于TCP的三次握制建立鄰居的路由協(xié)議，在建立過程中會由一方主動發(fā)起TCP連接，如果雙方都不主動發(fā)起請求，則TCP建立失敗，鄰居無法建立。<R4>display<R4>displaybgpBGPlocalrouterID:10.0.4.4LocalASnumber:400Totalnumberofpeers: Peersinestablishedstate: ASMsgRcvdMsgSentOutQ 4000040606<R6>displaybgpBGPlocalrouterID:10.0.6.6LocalASnumber:400Totalnumberofpeers:3 Peersinestablishedstate:2 ASMsgRcvdMsgSentOutQ 40640000406思AS400BGP路由都有兩條相同下一跳的條目，為什么？AS400R5R7IBGP當(dāng)R5和R7不參與，如果R4和R6連接中斷后，業(yè)務(wù)B無法再通過AS400來轉(zhuǎn)發(fā)流量，而是由AS200來轉(zhuǎn)發(fā)。<R1>display<R1>displaycurrent-#sysnameR1interfaceipaddress10.0.14.1255.255.255.0interfaceipaddress10.0.12.1255.255.255.0interfaceipaddress10.0.1.1255.255.255.255interfaceipaddress192.168.10.1255.255.255.0interfaceipaddress192.168.20.1255.255.255.0bgprouter-idpeer10.0.12.2as-numberpeer10.0.14.4as-number400ipv4-familyunicastundosynchronization10.0.1.1peer10.0.12.2peer10.0.14.4#<R2>displaycurrent-#sysnameR2aclnumberrule5permitsource172.16.20.0aclnumberrule5permitsource192.168.20.00.0.0.255interfaceipaddress10.0.12.2255.255.255.0interfaceipaddress10.0.23.2255.255.255.0interfaceipaddress10.0.2.2255.255.255.255bgprouter-idas-numbertimerkeepalive30holdas-numbertimerkeepalive30hold#ipv4-familyunicastundosynchronizationnetwork10.0.2.2route-policyASroute-policyMED#route-policyASpermitnode10if-matchacl2000applyas-path200200additiveroute-policyASpermitnode20route-policyMEDpermitnode10if-matchacl2001applycost200route-policyMEDpermitnode20<R3>displaycurrent-#sysnameR3interfaceipaddress10.0.23.3255.255.255.0interfaceipaddress10.0.36.3255.255.255.0interfaceipaddress10.0.3.3255.255.255.255interfaceipaddress172.16.10.1255.255.255.0interfaceipaddress172.16.20.1255.255.255.0bgprouter-idpeer10.0.23.2as-numberpeer10.0.36.6as-number#ipv4-familyunicastundosynchronization10.0.3.3172.16.10.0172.16.20.0peer10.0.23.2peer10.0.36.6#<R4>displaycurrent-#sysnameR4aclnumberrule5permitsource10.0.5.5aclnumberrule5permitsource192.168.20.00.0.0.255interfaceipaddress10.0.45.4255.255.255.0interfaceipaddress10.0.14.4255.255.255.0interfaceipaddress10.0.46.4ospfcost100interfaceipaddress10.0.4.4255.255.255.255bgprouter-idpeer10.0.5.5as-numberpeer10.0.5.5peer10.0.5.5connect-interfaceLoopBack0peer10.0.6.6as-number400peer10.0.6.6connect-interfaceLoopBack0peer10.0.14.1as-number100#ipv4-familyunicastundosynchronizationnetwork10.0.4.4import-routeospf1route-policyO2Bpeer10.0.5.5enablepeer10.0.5.5next-hop-peer10.0.6.6peer10.0.6.6route-policylocalexportpeer10.0.6.6next-hop-localpeer10.0.14.1#ospf1router-idimport-routebgproute-policyB2Oarea0.0.0.0network10.0.4.4network10.0.45.4network10.0.46.4#route-policyO2Bpermitnode10if-matchacl2000#route-policylocalpermitnode10if-matchacl2001applyip-addressnext-hop10.0.46.4route-policylocalpermitnode20route-policyB2Opermitnode10if-matchacl2001#<R5>displaycurrent-#sysnameR5interfaceipaddress10.0.57.5255.255.255.0interfaceipaddress10.0.45.5255.255.255.0interfaceipaddress10.0.5.5255.255.255.255bgprouter-idas-numberconnect-interfaceas-numberconnect-interface#ipv4-familyunicastundosynchronizationreflectorcluster-id1network10.0.5.5#ospf1router-idareanetwork10.0.5.5network10.0.45.5network10.0.57.5#<R6>displaycurrent-#sysnameR6aclnumberrule5permitsource10.0.7.7aclnumberrule5permitsource172.16.20.00.0.0.255interfaceipaddress10.0.36.6255.255.255.0interfaceipaddress10.0.67.6255.255.255.0interfaceipaddress10.0.46.6ospfcost100interfaceipaddress10.0.6.6255.255.255.255bgprouter-idpeer10.0.4.4as-numberpeer10.0.4.4connect-interfaceLoopBack0peer10.0.7.7as-number400peer10.0.7.7connect-interfaceLoopBack0peer10.0.7.7listen-onlypeer10.0.36.3as-number300ipv4-familyunicastundosynchronizationnetwork10.0.6.6import-routeospf1route-policyO2Bpeer10.0.4.4enablepeer10.0.4.4next-hop-peer10.0.4.4route-policylocalexportpeer10.0.7.7enablepeer10.0.7.7next-hop-peer10.0.36.3#ospf1router-idimport-routebg