BGP 协议的测试实验 | 运维进阶
【作者】王巧雷,拥有多年一线实战经验的运维人。
1、基本概念
描述一些前置知识:
1. BGP的全称是border gateway protocol,是用在AS之间的协议。
2. AS是Autonomous system的简称,可以理解为运行同一种选路策略、统一管理的一组路由器。
3. 每个AS都有一个AS number,取值范围为 1-65535 ,其中1-64511是公有的,需要向IANA申请 , 64512-65535是私有的可以自由使用,类似192.168的IP地址。
4. 跨AS的是EBGP,AS内的是IBGP。
5. BGP是基于tcp做的封包,可以理解为bgp的包头外面会由tcp封包,tcp外面由IP封包,然后然后是二层的包头。在网络中传输。
关于路由黑洞:
以2.1的拓扑图为例:
pc1的192.168.1.10对pc2的172.16.30.10做ping测试,就需要有路由信息。路由信息封装在bgp中, 从R4到R5的链路中,R1没有运行bgp,当bgp的数据包传输的时候,因为是基于tcp封装的,bgp信息依次被tcp、ip、以太网等包头封装,和普通的网络包一样,只要相邻的两台路由器可以互通,就可以把数据包从R4传送到R5;但是数据包从pc2返回pc1的时候,封包格式为icmp ip,IP包头中会有src和dest的地址,这个dest ip就是pc1的192.168.1.10地址,这个数据包到了R3的后,R1是没有bgp协议的,也就学不到192.168.1.0的路由信息,所以传输会失败。这就是路由黑洞。
解决路由黑洞的方法有好几种,比如:
物理线路的full mesh,也就是说将as内的边缘路由器连线
将BGP重分布进OSPF
AS内所有路由器都运行bgp(本次实验采用的)
使用MPLS做tunnel
2. 测试过程
本次实验是采用GNS3模拟器做的,采用了IOU设备的方式。
模拟了bgp的实现过程,顺便验证了一下BGP中的路由黑洞。
2.1 测试拓扑
拓扑解释:
R1、R2、R3为一个自治区域,号码为123,为ibgp,3台路由器之间运行ospf,R2和R3运行bgp,R1仅运行ospf
R4为一个自治区域,号码为4,和R123之间为ebgp
R5为一个自治区域,号码为5,和R123之间为ebgp
各自路由器的router id为路由器编号地址,比如R1的为1.1.1.1
2.2 R1、R2、R3配置IP,配置ospf
1、配置IP地址
R1配置IP:
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#int s2/0R1(config-if)#ip add 12.1.1.2 255.255.255.0R1(config-if)#no shuR1(config-if)#exitR1(config)#int s2/1R1(config-if)#ip add 11.1.1.1 255.255.255.0R1(config-if)#no shuR2配置IP:
R2#conf tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#int s2/0R2(config-if)#ip add 14.1.1.2 255.255.255.0R2(config-if)#no shuR2(config-if)#exitR2(config)#int s2/1R2(config-if)#ip add 12.1.1.1 255.255.255.0R2(config-if)#no shu
R3配置IP:
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.R3(config)#int s2/0R3(config-if)#ip add 11.1.1.2 255.255.255.0R3(config-if)#no shuR3(config-if)#exitR3(config)#int s2/1R3(config-if)#ip add 13.1.1.1 255.255.255.0R3(config-if)#no shu2、配置ospf,对于R2和R3来说,只配置AS内的接口,外联ebgp的口不配置到ospf中
R1配置
R1(config)#router ospf 110R1(config-router)#router-id 1.1.1.1R1(config-router)#net 12.1.1.2 0.0.0.0 area 0R1(config-router)#net 11.1.1.1 0.0.0.0 area 0
R2配置
R2(config)#router ospf 110R2(config-router)#router-id 2.2.2.2R2(config-router)#net 12.1.1.1 0.0.0.0 area 0R3配
R3(config)#router ospf 110R3(config-router)#router-id 3.3.3.3R3(config-router)#network 11.1.1.2 0.0.0.0 area 0
R2#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route - replicated route, % - next hop overrideGateway of last resort is not set 11.0.0.0/24 is subnetted, 1 subnetsO 11.1.1.0 [110/128] via 12.1.1.2, 00:01:46, Serial2/1 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 12.1.1.0/24 is directly connected, Serial2/1L 12.1.1.1/32 is directly connected, Serial2/1查看ospf
R2#show ip ospf databaseOSPF Router with ID (2.2.2.2) (Process ID 110)Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count1.1.1.1 1.1.1.1 178 0x80000005 0x00A804 42.2.2.2 2.2.2.2 205 0x80000004 0x0083EC 23.3.3.3 3.3.3.3 179 0x80000004 0x002742 2
2.3 配置bgp
这部分分为ibgp和ebgp的
2.3.1 为as123配置ibgp
1、在R2配置bgp协议
R2(config)#router bgp 123R2(config-router)#bgp router-id 2.2.2.2R2(config-router)#neighbor 11.1.1.2 remote-as 123 //为bgp指定邻居,这里指定的是本as内R3的s2/0R2(config-router)#*Feb 29 15:43:36.408: %BGP-5-ADJCHANGE: neighbor 11.1.1.2 Up //等待片刻,可以看到邻居建立R2(config-router)#neighbor 14.1.1.1 remote-as 4 //这里是指定ebgp对端as4的邻居关系2、在R3配置bgp协议
R3(config)#router bgp 123R3(config-router)#bgp router-id 3.3.3.3R3(config-router)#neighbor 12.1.1.1 remote-as 123R3(config-router)#neighbor 13.1.1.2 remote-as 5
3、查看bgp信息,因为as4和5的IP和bgp还没配置,所以邻居部分的显示不正常
R2执行查看
R2#show ip bgp summary BGP router identifier 2.2.2.2, local AS number 123BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd11.1.1.2 4 123 9 9 1 0 0 00:04:47 014.1.1.1 4 4 0 0 1 0 0 never IdleR3执行查看
R3#show ip bgp summaryBGP router identifier 3.3.3.3, local AS number 123BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd12.1.1.1 4 123 9 10 1 0 0 00:05:28 013.1.1.2 4 5 0 0 1 0 0 never Idle
2.3.2 为AS4和5配置ebgp
1、首先配置R4和5的IP地址
R4的地址
R4#conf tEnter configuration commands, one per line. End with CNTL/Z.R4(config)#int s2/0 R4(config-if)#ip add 14.1.1.1 255.255.255.0R4(config-if)#no shuR4(config-if)#exitR4(config)#int e0/0R4(config-if)#ip add 192.168.1.1 255.255.255.0 R4(config-if)#no shuR5的地址
R5#conf tEnter configuration commands, one per line. End with CNTL/Z.R5(config)#int s2/0R5(config-if)#ip add 13.1.1.2 255.255.255.0R5(config-if)#no shuR5(config-if)#exitR5(config)#int e0/0R5(config-if)#ip add 172.16.30.1 255.255.255.0R5(config-if)#no shu
2、为R4配置bgp
R4(config)#router bgp 4R4(config-router)#bgp router-id 4.4.4.4R4(config-router)#neighbor 14.1.1.2 remote-as 123 //指定as123中R2的s2/0为邻居R4(config-router)#*Feb 29 15:54:02.133: %BGP-5-ADJCHANGE: neighbor 14.1.1.2 Up //邻居建立提示3、为R5配置bgp
R5(config-router)#bgp routerR5(config-router)#bgp router-id 5.5.5.5R5(config-router)#neighbor 13.1.1.1 remote-as 123
4、查看bgp信息
R4#show ip bgp summary BGP router identifier 4.4.4.4, local AS number 4BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd14.1.1.2 4 123 6 6 1 0 0 00:02:38 0此时再看R2或者R3的bgp信息,邻居关系就都正常了
R2#show ip bgp summaryBGP router identifier 2.2.2.2, local AS number 123BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd11.1.1.2 4 123 19 18 1 0 0 00:13:40 014.1.1.1 4 4 7 7 1 0 0 00:03:14 0
2.3.3 在as4的路由R4 宣告路由192.168.1.0
这里是要将pc1的192.168.1.0/24这个网络宣告到bgp中,步骤如下
1、在R4上宣告路由
R4(config)#router bgp 4R4(config-router)#network 192.168.1.0 mask 255.255.255.0 //只能宣告网段,指定掩码查看bgp 路由信息
R4#show ip bgpBGP table version is 2, local router ID is 4.4.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,x best-external, a additional-path, c RIB-compressed,Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path*> 192.168.1.0 0.0.0.0 0 32768 i
R2#show ip bgpBGP table version is 2, local router ID is 2.2.2.2Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0 14.1.1.1 0 0 4 iR2#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route- replicated route, % - next hop overrideGateway of last resort is not set11.0.0.0/24 is subnetted, 1 subnetsO 11.1.1.0 [110/128] via 12.1.1.2, 00:31:18, Serial2/112.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 12.1.1.0/24 is directly connected, Serial2/1L 12.1.1.1/32 is directly connected, Serial2/114.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 14.1.1.0/24 is directly connected, Serial2/0L 14.1.1.2/32 is directly connected, Serial2/0B 192.168.1.0/24 [20/0] via 14.1.1.1, 00:05:35
R3#show ip bgpBGP table version is 1, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * i 192.168.1.0 14.1.1.1 0 100 0 4 iR2(config)#router bgp 123R2(config-router)#neighbor 11.1.1.2 next-hop-self
此时再看,发现下一跳的地址已经更新过来了,12.1.1.1正是R2的s2/1出口
R3#show ip bgpBGP table version is 2, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 192.168.1.0 12.1.1.1 0 100 0 4 iR3#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route- replicated route, % - next hop overrideGateway of last resort is not set11.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 11.1.1.0/24 is directly connected, Serial2/0L 11.1.1.2/32 is directly connected, Serial2/012.0.0.0/24 is subnetted, 1 subnetsO 12.1.1.0 [110/128] via 11.1.1.1, 00:40:23, Serial2/013.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 13.1.1.0/24 is directly connected, Serial2/1L 13.1.1.1/32 is directly connected, Serial2/1B 192.168.1.0/24 [200/0] via 12.1.1.1, 00:04:57
R3(config)#router bgp 123R3(config-router)#neighbor 12.1.1.1 next-hop-self2.3.4 在R5上宣告路由172.16.30.0
过程和上一章节类似
1、直接在R5上宣告
R5(config)#router bgp 5R5(config-router)#network 172.16.30.0 mask 255.255.255.0
2、在R4上已经可以看到正常的路由条目了
R4#show bgpBGP table version is 3, local router ID is 4.4.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 172.16.30.0/24 14.1.1.2 0 123 5 i *> 192.168.1.0 0.0.0.0 0 32768 i2.3.5 路由黑洞的测试
1、pc机配置IP地址
在pc1上配置192.168.1.10
在pc2上配置172.16.30.10
2、在路由器R1上打开debug
R1#debug ip packet
IP packet debugging is on
3、执行ping测试,失败
wangql> ping 172.16.30.10172.16.30.10 icmp_seq=1 timeout172.16.30.10 icmp_seq=2 timeout172.16.30.10 icmp_seq=3 timeout172.16.30.10 icmp_seq=4 timeout172.16.30.10 icmp_seq=5 timeout
*Feb 29 16:22:51.401: IP: s=192.168.1.10 (Serial2/0), d=172.16.30.10, len 84, input feature, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE*Feb 29 16:22:51.401: IP: s=192.168.1.10 (Serial2/0), d=172.16.30.10, len 84, unroutableR1#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route- replicated route, % - next hop overrideGateway of last resort is not set11.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 11.1.1.0/24 is directly connected, Serial2/1L 11.1.1.1/32 is directly connected, Serial2/112.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 12.1.1.0/24 is directly connected, Serial2/0L 12.1.1.2/32 is directly connected, Serial2/0
2.3.6 在R1启用BGP来解决路由黑洞
R1(config)#router bgp 123R1(config-router)#bgp router-id 1.1.1.1R1(config-router)#neighbor 12.1.1.1 remote-as 123R1(config-router)#neighbor 11.1.1.2 remote-as 1232 R2和R3两天边缘路由器需要对R1添加邻居信息和next-hop-self,否则无法传递bgp路由的下一跳参数R2
R2(config)#router bgp 123R2(config-router)#neighbor 12.1.1.2 remote-as 123R2(config-router)#neighbor 12.1.1.2 next-hop-self
R3
R3(config)#router bgp 123R3(config-router)#neighbor 11.1.1.1 remote-as 123R3(config-router)#neighbor 11.1.1.1 next-hop-self3、再次测试pc1和pc2,网络通畅了
wangql> ping 172.16.30.1084 bytes from 172.16.30.10 icmp_seq=1 ttl=59 time=36.557 ms84 bytes from 172.16.30.10 icmp_seq=2 ttl=59 time=36.735 ms84 bytes from 172.16.30.10 icmp_seq=3 ttl=59 time=36.005 ms84 bytes from 172.16.30.10 icmp_seq=4 ttl=59 time=33.740 mswangql> trace 172.16.30.10trace to 172.16.30.10, 8 hops max, press Ctrl C to stop1 192.168.1.1 0.290 ms 0.141 ms 0.163 ms2 14.1.1.2 9.157 ms 9.058 ms 8.496 ms3 12.1.1.2 18.042 ms 17.537 ms 17.808 ms4 11.1.1.2 26.682 ms 26.471 ms 26.210 ms5 13.1.1.2 36.360 ms 35.922 ms 34.192 ms6 *172.16.30.10 37.326 ms (ICMP type:3, code:3, Destination port unreachable)
3、小结
通过上面的实验,总结如下:
1. BGP不同于那些IGP的协议,配置的时候需要手工指定邻居关系。
2. 在IBGP的配置过程中,除了显式指定邻居关系,还需要手工配置 next-hop-self,否则传递的BGP路由信息中下一跳的信息不会发送改变,导致路由信息无效
3. 在做网络规划的时候,要注意拓扑的合理性,避免出现路由黑洞。
赞 (0)