©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-1BGP配置及其排错(一)©2003,CiscoSystems,Inc.Allrightsreserved.1©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-2•BGP掌控着Internet上几十万条路由,之所以这么强悍是因为其深谙无为而治的道理,IGP的协议都有着非常复杂的路由算法(SPF/DUAL),看上去很美的算法反而束缚了这些协议的施展空间,BGP没有算法,有的是可以任意驾驭的规则(属性)•可怜的IGP不仅要被人鄙视,还要被霸道的BGP利用,它们一方面要为BGP牵线搭桥建立邻居关系,另一方面他们辛苦学习来的路由还要遭受BGP随心所欲的玩弄(控制)。•相对于IGP而言,BGP协议的精髓在于对路由的控制,而不是学习路由。©2003,CiscoSystems,Inc.Allrightsreserved.2BGP何以如此强大?©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-3输入策略机输出策略机选择最佳路由BGPNetIntIGPNetInt本地产生BGP路由路由表来自邻居的路由Network…Redistribute…AD值最小发送邻居的路由©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-4输入策略机输出策略机选择最佳路由BGPNetIntIGPNetInt本地产生BGP路由路由表Network…Redistributeigp…AD最小©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-5©2003,CiscoSystems,Inc.Allrightsreserved.5BGP高度总结•邻居:用loopback接口创建(update-sourceloopback),保证邻居的可靠冗余IBGP:两个地址之间有路由即可。有两大问题一同步问题(只要规划合理,nosynchronization)二水平分割问题解决方案有三个FULL-MESHIBGP(开销太高)RouteReflector(路由反射器)RouteConfederence(路由联盟)EBGP:如果不直连,用静态路由提供IP连接并且修改TTL值(ebgp-multihop255)•下一跳:不需要直连,但必须通过IGP可达默认情况,是指的到达下一个AS的最佳入口地址,当不可达时(Next-HoP-Self)©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-6控制数据包的出口路径(在inbound方向的路由上设置)•Weight•Local-Preference控制数据包的入口路经(在outbound方向的路由上设置)•As-Pathprepend•Med•Community策略控制©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-7Access-Listfilter(最传统的控制方法,不灵活)Prefix-Listfilter(可以直接引用在Neighbor上,也可以被distribute-list以及route-map调用)AS-pathfilter(可以被filter-list或者route-map调用)Community-listfilter(可以被route-map调用)Distribute-List(只过滤不做属性控制)Route-Map(过滤,属性控制)强烈推荐:对于IGP协议,用prefix-list定义路由,通过Route-map掉用进行路由过滤。对于BGP协议,用Prefix-List,As-PathListCommunity-list定义路由,再通过route-map进行调用©2003,CiscoSystems,Inc.Allrightsreserved.7©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-8汇总•Networkx.x.x.xx.x.x.x(对IGP路由进行汇总宣告此路由必须在路由表中有一个精确匹配的路由)属于虚假汇总,需要创建指向null0的静态路由•Aggregatex.x.x.xx.x.x.x(summary-only)(as-set)真正的汇总,汇总BGP表中的路由,具体路由可以通过summary-only抑制as-set可以设置被汇总具体路由的AS编号©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-9常见故障汇总•邻居不能建立(AS号码错误,地址不匹配,路由不可达,TTL问)Bgplog-neighbor-changeShowipbgpneighborx.x.x.xShowipbgpsummary•路由丢失(next-hop无效,路由未同步,宣告的网络没有与之匹配的IGP路由,汇总时被抑制,做了错误的过滤)Showipbgp(x.x.x.x)(longer)Showiproute(x.x.x.x)(longer)SHOWIPBGPNEIGHBORX.X.X.XADVERTISED-ROUTESSHOWIPBGPNEIGHBOTX.X.X.XRECEIVED-ROUTESSHOWIPBGPNEIGHBORX.X.X.XROUTES(需要命令neighborsoftreconfiguration)DEBUGIPBGPDEBUGIPBGPX.X.X.XUPDATEDEBUGIPBGPEVENTSClearipbgp(softin)Clearipbgp(softout)©2003,CiscoSystems,Inc.Allrightsreserved.10BGP基本概念/基本配置回顾BGP路由属性及其策略选路BGP汇总配置BGP过滤配置BGP故障排除©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-11BGPCharacteristicsBGPisapath-vectorprotocolwiththefollowingenhancements:•Reliableupdates:BGPrunsontopofTCP(port179)•Incremental,triggeredupdatesonly•PeriodickeepalivemessagestoverifyTCPconnectivity•Richmetrics(calledpathvectorsorattributes)•Designedtoscaletohugeinternetworks(e.g.,theInternet)©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-12BGPCharacteristics(Cont.)ReliableUpdates•UseTCPastransportprotocol•Noperiodicupdates•PeriodickeepalivestoverifyTCPconnectivity•Triggeredupdatesarebatchedandrate-limited–every5secondsforinternalpeer–every30secondsforexternalpeer量太大,批量更新©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-13BGPDatabases•Neighbortable(必须双向手工创建)–ListofBGPneighborsShowipbgpneighbor(summary)•BGPforwardingtable/database(不是包含所有路径)–Listofallnetworkslearnedfromeachneighbor–Cancontainmultiple(不是所有)pathwaystodestinationnetworks–DatabasecontainsBGPattributesforeachpathwayShowipbgp•IProutingtable–ListofbestpathstodestinationnetworksShowiproute©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-14BGPCommandsrouterbgpautonomous-systemRouter(config)#•Thiscommand,withnosubcommands,doesnotactivateBGP.(对BGP而言Network命令不是必须的)•OnlyoneinstanceofBGPcanbeconfiguredontherouteratasingletime.•Theautonomoussystemnumberidentifiestheautonomoussystemtowhichtherouterbelongs.•Theautonomoussystemnumberinthiscommandiscomparedtotheautonomoussystemnumberslistedinneighborstatementstodetermineiftheneighborisaninternalorexternalneighbor.©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-15BGPneighborCommandneighbor{ip-address|peer-group-name}remote-asautonomous-systemRouter(config-router)#•TheneighborcommandactivatesaBGPsessionwiththisneighbor.•Thetermremote-asshowswhatASthisneighborisin.ThisASnumberisusedtodetermineiftheneighborisinternalorexternal.•Thiscommandisusedforbothexternalandinternalneighbors.•TheIPaddressspecifiedisthedestinationaddressofBGPpacketsgoingtothisneighbor.•ThisroutermusthaveanIPpathwaytoreachthisneighborbeforeitcansetupaBGPrelationship.(IGP对BGP的贡献之一提供TCP连接的路经)©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-16Example:BGPneighborCommand©2003,CiscoSystems,Inc.Allrightsreserved.BSCI2.0—7-17BGPIssueswithSourceIPAddress•WhencreatingaBGPpacket,theneighborstatementwillbethedestinationIPaddressandtheoutboundinterfacewillbethesourceIPaddress.(有需要时可以通过Update-source修改)•WhenaBGPpacketisreceivedforanewBGPsession,thesourceaddressofthepacketiscomparedtothelistofneighborstatements.–Ifamatchisfo