1、BGP配置及其排錯(cuò), 2003, Cisco Systems, Inc. All rights reserved.,1,BGP掌控著Internet上十多萬(wàn)條路由，之所以這么強(qiáng)悍是因?yàn)槠渖钪O無(wú)為而治的道理，IGP的協(xié)議都有著非常復(fù)雜的路由算法（SPF/DUAL）,看上去很美的算法反而束縛了這些協(xié)議的施展空間，BGP沒(méi)有算法，有的是可以隨心所欲控制的規(guī)則（屬性） 可憐的IGP不僅要被人鄙視，還要被霸道的BGP利用，它們一方面要為BGP牽線搭橋建立鄰居關(guān)系，另一方面他們辛苦學(xué)習(xí)來(lái)的路由還要遭受BGP隨心所欲的玩弄（控制）。 相對(duì)于IGP而言，BGP協(xié)議的精髓在于對(duì)路由的控制，而不是學(xué)習(xí)路由。, 2

2、003, Cisco Systems, Inc. All rights reserved.,2,BGP何以如此強(qiáng)大？, 2003, Cisco Systems, Inc. All rights reserved.,3,BGP高度總結(jié),鄰居：用loopback接口創(chuàng)建(update-source loopback)，保證鄰居的可靠冗余 IBGP : 兩個(gè)地址之間有路由即可 。有兩大問(wèn)題 同步問(wèn)題 （只要規(guī)劃合理，no synchronization） 水平分割問(wèn)題 解決方案有三個(gè) FULL-MESH IBGP （開(kāi)銷太高） Route Reflector （路由反射器） Route Confed

3、erence （路由聯(lián)盟） EBGP:如果不直連，用靜態(tài)路由提供IP連接并且修改TTL值（ebgp-multihop 255） 下一跳： 不需要直連，但必須通過(guò)IGP可達(dá) 默認(rèn)情況，是指的到達(dá)下一個(gè)AS的最佳入口地址，當(dāng)不可達(dá)時(shí)(Next-HoP-Self),控制數(shù)據(jù)包的出口路徑（在inbound方向的路由上設(shè)置） Weight Local-Preference 控制數(shù)據(jù)包的入口路經(jīng)（在outbound方向的路由上設(shè)置） As-Path prepend Med Community,策略控制,Access-List filter (最傳統(tǒng)的控制方法，不靈活) Prefix-List filter

4、 （可以直接引用在Neighbor上， 也可以被distribute-list以及route-map調(diào)用） AS-path filter （可以被filter-list或者route-map調(diào)用） Community-list filter （可以被route-map調(diào)用） Distribute-List (只過(guò)濾不做屬性控制) Route-Map（過(guò)濾，屬性控制） 強(qiáng)烈推薦：對(duì)于IGP協(xié)議,用prefix-list定義路由，通過(guò)Distribute-List掉用進(jìn)行路由過(guò)濾。對(duì)于BGP協(xié)議，用Prefix-List,As-Path List Community-list定義路由，再通過(guò)rou

5、te-map進(jìn)行調(diào)用, 2003, Cisco Systems, Inc. All rights reserved.,5,匯總,Network x.x.x.x x.x.x.x （對(duì)IGP路由進(jìn)行匯總宣告此路由必須在路由表中有一個(gè)精確匹配的路由） 屬于虛假匯總，需要?jiǎng)?chuàng)建指向null 0的靜態(tài)路由 Aggregate x.x.x.x x.x.x.x (summary-only) (as-set) 真正的匯總，匯總BGP表中的路由，具體路由可以通過(guò)summary-only抑制 as-set可以設(shè)置被匯總具體路由的AS編號(hào),常見(jiàn)故障匯總,鄰居不能建立（AS號(hào)碼錯(cuò)誤，地址不匹配，路由不可達(dá)，TTL問(wèn)）

6、Bgp log-neighbor-change Show ip bgp neighbor x.x.x.x Show ip bgp summary 路由丟失 (next-hop無(wú)效，路由未同步，宣告的網(wǎng)絡(luò)沒(méi)有與之匹配的IGP路由，匯總時(shí)被抑制，做了錯(cuò)誤的過(guò)濾) Show ip bgp (x.x.x.x) (longer) Show ip route (x.x.x.x)(longer) SHOW IP BGP NEIGHBOR X.X.X.X ADVERTISED-ROUTES SHOW IP BGP NEIGHBOT X.X.X.X RECEIVED-ROUTES SHOW IP BGP NEI

7、GHBOR X.X.X.X ROUTES（需要命令neighbor soft reconfiguration） DEBUG IP BGP DEBUG IP BGP X.X.X.X UPDATE DEBUG IP BGP EVENTS Clear ip bgp （soft in） Clear ip bgp (soft out),BGP基本概念/基本配置回顧BGP路由屬性及其策略選路BGP匯總配置BGP過(guò)濾配置BGP故障排除,BGP Characteristics,BGP is a distance-vector protocol with the following enhancements:

8、Reliable updates: BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalive messages to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks (e.g., the Internet),BGP Characteristics (Cont.),Reliable Updates Us

9、e TCP as transport protocol No periodic updates Periodic keepalives to verify TCP connectivity Triggered updates are batched and rate-limited every 5 seconds for internal peer every 30 seconds for external peer 量太大，批量更新,BGP Databases,Neighbor table （必須雙向手工創(chuàng)建） List of BGP neighbors Show ip bgp neighb

10、or （summary） BGP forwarding table/database（不是包含所有路徑） List of all networks learned from each neighbor Can contain multiple（不是所有） pathways to destination networks Database contains BGP attributes for each pathway Show ip bgp IP routing table List of best paths to destination networks Show ip route,BGP

11、 Commands,router bgp autonomous-system,Router(config)#,This command, with no subcommands, does not activate BGP.（對(duì)BGP而言 Network命令不是必須的） Only one instance of BGP can be configured on the router at a single time. The autonomous system number identifies the autonomous system to which the router belongs

12、. The autonomous system number in this command is compared to the autonomous system numbers listed in neighbor statements to determine if the neighbor is an internal or external neighbor.,BGP neighbor Command,neighbor ip-address | peer-group-name remote-as autonomous-system,Router(config-router)#,Th

13、e neighbor command activates a BGP session with this neighbor. The term remote-as shows what AS this neighbor is in. This AS number is used to determine if the neighbor is internal or external. This command is used for both external and internal neighbors. The IP address specified is the destination

14、 address of BGP packets going to this neighbor. This router must have an IP pathway to reach this neighbor before it can set up a BGP relationship. （IGP對(duì)BGP的貢獻(xiàn)之一提供TCP連接的路經(jīng)）,Example: BGP neighbor Command,BGP Issues with Source IP Address,When creating a BGP packet, the neighbor statement will be the

15、destination IP address and the outbound interface will be the source IP address.（有需要時(shí)可以通過(guò)Update-source修改） When a BGP packet is received for a new BGP session, the source address of the packet is compared to the list of neighbor statements. If a match is found, a relationship is established. If no ma

16、tch is found, the packet is ignored. Make sure the source IP address matches the address that the other router has in its neighbor statement.,BGP Neighbor Update Source Address,neighbor ip-address | peer-group-name update-source interface-type interface-number,Router(config-router)#,This command all

17、ows the BGP process to use the IP address of a specified interface as the source IP address of all BGP updates to that neighbor. A loopback interface is usually used, as it will be available as long as the router is operational. The IP address used in this command will be the destination IP address

18、of all BGP updates and should be the loopback interface of the other router. The update-source command is normally used only with IBGP neighbors. The address of an EBGP neighbor must be directly connected by default. The loopback of an EBGP neighbor is not directly connected.,Example: BGP Using Loop

19、back Addresses （保證鄰居關(guān)系的可靠冗余）,Example: ebgp-multihop Command（默認(rèn)情況下，EBGP鄰居必須建立在同一網(wǎng)段上）,IBGP and Redistribution,A transit AS should run IBGP on all routers because the full Internet routing table is too large to redistribute into an IGP.（在internet上將BGP路由全部注入IGP將是一件非?？植赖氖虑椋?IBGP Split Horizon Rule,By def

20、ault, routes learned via IBGP are never propagated to other IBGP peers.,Partial Mesh IGP,解決水平分割問(wèn)題的三種機(jī)制 Full-Mesh IBGP Route Reflector Conferderence, 2003, Cisco Systems, Inc. All rights reserved.,21,Route Reflector Split-Horizon Rules,Classic BGP: IBGP routes are not propagated to other IBGP peers F

21、ull mesh of IBGP peers is therefore required,Route reflector can propagate IBGP routes to other IBGP peers. Full mesh of IBGP peers is no longer required,Splitting a Transit AS withBGP Confederations,Splitting a Transit AS withBGP Confederations,Splitting the AS into smaller autonomous systems would

22、 reduce the number of BGP sessions, but extra AS numbers are not available,Splitting the AS into smaller autonomous systems would reduce the number of BGP sessions, but extra AS numbers are not available,Splitting a Transit AS withBGP Confederations,Confederations enable internal AS numbers to be hi

23、dden and announce only one (external) AS number to EBGP neighbors,Splitting a Transit AS withBGP Confederations,Confederations enable internal AS numbers to be hidden and announce only one (external) AS number to EBGP neighbors,Splitting the AS into smaller autonomous systems would reduce the number

24、 of BGP sessions, but extra AS numbers are not available,Splitting a Transit AS withBGP Confederations,Confederations enable internal AS numbers to be hidden and announce only one (external) AS number to EBGP neighbors,Splitting the AS into smaller autonomous systems would reduce the number of BGP s

25、essions, but extra AS numbers are not available,Splitting a Transit AS withBGP Confederations,Confederations enable internal AS numbers to be hidden and announce only one (external) AS number to EBGP neighbors,Splitting the AS into smaller autonomous systems would reduce the number of BGP sessions,

26、but extra AS numbers are not available,AS-Path Propagation Within theBGP Confederation,IBGP session AS path is not changed Intraconfederation EBGP session Intraconfederation AS number is prepended to AS path EBGP session with external peer Intraconfederation AS numbers are removed from the AS path E

27、xternal AS number is prepended to the AS path,AS-Path Propagation Within theBGP Confederation (Cont.),AS-Path Processing inBGP Confederations,Intraconfederation AS path is encoded as a separate segment of the AS path Displayed in parentheses when you are using Cisco IOS show commands All routers wit

28、hin the BGP confederation have to support BGP confederations A router not supporting BGP confederations will reject AS path with unknown segment type,Intraconfederation EBGPSession Properties,Behaves like EBGP session during session establishment EBGP neighbor has to be directly connected, or you ha

29、ve to configure ebgp-multihop on the neighbor Behaves like IBGP session when propagating routing updates Local preference, MED and next-hop attributes are retained The whole confederation can run one IGP, giving optimal routing based on next-hop attribute in BGP routing table,Routing Issues without

30、Fully Meshed IBGP,Router C will drop the packet to network 10.0.0.0. Router C is not running IBGP; therefore, it has not learned about the route to network 10.0.0.0 from router B.（C會(huì)扔棄數(shù)據(jù)包，但F根本不知道C的情況，所以會(huì)不停的把數(shù)據(jù)包發(fā)往C,這就是著名的路由黑洞） In this example, router B and router E are not redistributing BGP into OSP

31、F.,BGP Synchronization,Synchronization rule: Do not use or advertise to an external neighbor a route learned by IBGP until a matching route has been learned from an IGP. Avoids black holes within the AS Safe to turn off if all routers in the AS are running full-mesh IBGP,no synchronization （同步規(guī)則是用來(lái)指

32、導(dǎo)和約束B(niǎo)GP規(guī)劃和配置，以避免路由黑洞的發(fā)生，只要我們能確保黑洞不會(huì)發(fā)生，我們就可以關(guān)閉同步。類似于現(xiàn)實(shí)生活中的法律，如果我們遵紀(jì)守法，我們不用擔(dān)心法律的制裁）,Router(config-router)#,Disables BGP synchronization so that a router will advertise routes in BGP without learning them in IGP,BGP基本概念/基本配置回顧BGP路由屬性及其策略選路BGP匯總配置BGP過(guò)濾配置BGP常見(jiàn)排錯(cuò),BGP Path Attributes,BGP metrics are called

33、 path attributes BGP attributes are categorized as well-known and optional Well-known attributes must be recognized by all compliant implementations Optional attributes are only recognized by some implementations (could be private), expected not to be recognized by everyone,Well-Known BGP Attributes

34、,Well-known attributes are divided into mandatory and discretionary Mandatory well-known attributes must be present in all update messages Discretionary well-known attributes are optional, they could be present in update messages All well-known attributes are propagated to other neighbors,Well-Known

35、 BGP Attributes (Cont.),Mandatory Well-Known Attributes Origin Specifies the origin of a BGP route IGPRoute originated in an IGP EGP Route originated in EGP UnknownRoute was redistributed into BGP AS-path Sequence of AS numbers through which the network is accessible Next-hop IP address of the next-

36、hop router,Well-Known BGP Attributes (Cont.),Discretionary Well-Known Attributes Local preference Used for consistent routing policy within AS Atomic aggregate Informs the neighbor AS that the originating router aggregated routes,Optional BGP Attributes,Optional BGP attributes are transitive or nont

37、ransitive Transitive optional attributes Propagated to other neighbors if not recognized; partial bit set to indicate that the attribute was not recognized Nontransitive optional attributes Discarded if not recognized Recognized optional attributes are propagated to other neighbors based on their me

38、aning (not constrained by transitive bit),Optional BGP Attributes (Cont.),Nontransitive attributes Multi-Exit Discriminator Used to discriminate between multiple entry points to a single autonomous system Transitive attributes Aggregator Specifies IP address and AS number of the router that performe

39、d route aggregation Community（為路由打上標(biāo)記，對(duì)BGP/MPLS VPN的路由隔離有著極為重大的貢獻(xiàn)） Used for route tagging,AS-Path Attribute（BGP中用來(lái)避免環(huán)路的最有效機(jī)制）,The AS-path attribute is empty when a local route is inserted in the BGP table The AS number of the sender is prepended to the AS-path attribute when the routing update cross

40、es AS boundary The receiver of BGP routing information can use the AS-path to determine through which AS the information has passed An AS that receives routing information with its own AS number in the AS-path silently ignores the information,AS-Path Attribute (Cont.),AS-Path Attribute (Cont.),AS-Pa

41、th Attribute (Cont.),Next-Hop Attribute(到達(dá)下一個(gè)AS的最佳入口IP地址),The IP address of the next AS to reach a given network: Router A advertises network 172.16.0.0 to router B in EBGP, with a next hop of 10.10.10.3 Router B advertises 172.16.0.0 in IBGP to router C, keeping 10.10.10.3 as the next-hop address T

42、he next-hop attribute is well-known, mandatory,and transitive.,Next-Hop Attribute (Cont.),Next-hop attribute is usually set to the IP address of the sending router,Next-hop processing,Next-Hop Attribute (Cont.),Next-hop processing,Next-hop attribute is usually set to the IP address of the sending ro

43、uter,Next-Hop Attribute (Cont.),If the receiving BGP router is in the same subnet as the current next-hop address, the next-hop address is not changed to optimize packet forwarding,Next-hop processing on shared media,Next-Hop Attribute (Cont.),Next-hop processing on shared media,If the receiving BGP

44、 router is in the same subnet as the current next-hop address, the next-hop address is not changed to optimize packet forwarding,Next-Hop Attribute (Cont.),BGP next-hop processing can break connectivity with improper networkdesigns over partially-meshed WAN networks,Next-hop processing on NBMA netwo

45、rk,Next-Hop Attribute (Cont.),BGP next-hop processing can break connectivity with improper networkdesigns over partially-meshed WAN networks,Next-hop processing on NBMA network,Example: next-hop-self Configuration,Origin Attribute(本地產(chǎn)生BGP路由的方式),IGP (i) network command EGP (e) Redistributed from EGP

46、Incomplete (?) Redistributed from IGP or static,The origin attribute informs all Autonomous Systems in the internetwork how the prefixes were introduced into BGP. The origin attribute is well-known, mandatory, and transitive.,Local Preference Attribute,The local preference attribute is well-known, d

47、iscretionary, and is passed only within the AS.,Paths with highest preference value are most desirable: Local preference is used to advertise to IBGP neighbors about how to leave their AS. The local preference is sent to IBGP neighbors only.,Multiexit Discriminator (MED) Attribute,The paths with the

48、 lowest MED (also called the metric) value are the most desirable: MED is used to advertise to EBGP neighbors how to exit their AS to reach networks owned by this AS. MED is sent to EBGP neighbors only. The MED attribute is optional and nontransitive.,Weight Attribute (Cisco-Only),Paths with highest

49、 weight value are most desirable. Weight not sent to any BGP neighbors,BGP Route Selection,The BGP forwarding table usually has multiple pathways from which to choose for each network. BGP is not designed to perform load balancing: Paths are chosen because of policy. Paths are not chosen based upon

50、bandwidth. The BGP selection process eliminates any multiple pathways through attrition until a single best pathway is left.（縱向：根據(jù)attribute逐步篩選找到最佳的BGP路由） That best pathway is submitted to the routing table manager process and evaluated against the methods of other routing protocols for reaching tha

51、t network (administrative distance).（和其他路由進(jìn)行橫向比較根據(jù)AD選出最佳路由送入路由表） The routing protocol with the lowest administrative distance will be installed in the routing table.,Building the BGP Table,所有從鄰居接收到的路由都會(huì)被放入BGP表（被過(guò)濾的除外） 所有本地產(chǎn)生的路由也會(huì)被放入BGP表,BGP Route Selection Criteria (Cont.),Best routes to the destina

52、tion networks are selected from the BGP table（根據(jù)attribute逐步篩選出來(lái)）,21.0.0.0 應(yīng)該選擇 3.4.5.6作為最佳路由,Route Selection Decision Process,Consider only (synchronized) routes with no AS loops and a valid next hop, and then: Prefer highest weight (local to router) （思科私有屬性） Prefer highest local preference (global

53、within AS) Prefer route originated by the local router (next hop = 0.0.0.0) Prefer shortest AS path Prefer lowest origin code (IGP EGP incomplete) Prefer lowest MED (from other AS) Prefer EBGP path over IBGP path Prefer the path through the closest IGP neighbor Prefer oldest route for EBGP paths Pre

54、fer the path with the lowest neighbor BGP router ID,BGP Route Propagation,Best BGP routes are propagated to BGP neighbors（自己未必會(huì)使用它，此路由未必會(huì)進(jìn)入到路由表）,Building the IP Routing Table,Best BGP routes are copied into the IP routing table based on administrative distance,控制屬性進(jìn)行策略選路,Prefer highest weight (local

55、 to router) （思科私有屬性） Prefer highest local preference (global within AS) Prefer shortest AS path Prefer lowest origin code (IGP EGP incomplete) Prefer lowest MED (from other AS) Prefer EBGP path over IBGP path 每個(gè)屬性均會(huì)影響到BGP最佳路由的選擇，但影響力度（優(yōu)先級(jí)）是不一樣的。,控制數(shù)據(jù)包的出口路徑（在inbound方向的路由上設(shè)置） Weight Local-Preference 控

56、制數(shù)據(jù)包的入口路經(jīng)（在outbound方向的路由上設(shè)置） As-Path prepend Med Community,控制屬性進(jìn)行策略選路 Weight, 2003, Cisco Systems, Inc. All rights reserved.,66,Configuring Per-Neighbor Weights,Routes received from primary ISP should be preferred over routes received from backup ISP,控制屬性進(jìn)行策略選路 Local-preference, 2003, Cisco Systems,

57、 Inc. All rights reserved.,68,Consistent Route SelectionWithin the AS (Cont.),Have the traffic run over the fastest line available,BGP Local Preference,You can use local preference to ensure AS-wide route selection policy Any BGP router can set local preference when processing incoming route updates

58、, when doing redistribution, or when sending outgoing route updates（送給IBGP鄰居時(shí)） Local preference is used to select routes with equal weight Local preference is stripped in outgoing EBGP updates except in EBGP updates with confederation peers,BGP Local Preference (Cont.),Local preference is the second

59、 strongest BGP route selection parameter Remember the BGP route selection rules: Prefer highest weight (local to router) Prefer highest local preference (global within AS) Other BGP route-selection rules Weights configured on a router override local preference settings To ensure consistent AS-wide route selection: Do not change local preference within the AS（從IBGP鄰居來(lái)的路由，此值不要改變） Do not use BGP weights,BGP is Designed to Implement Policy Routing,BGP is designed for manipulating routing pathways.,BGP Local Preference,bgp default local-preferen