java400本精心收藏.juniper教學講義

1、Ericsson AXI 520/580 Internet EngineerModule 11: Border Gateway ProtocolModule ObjectivesAfter successfully completing this module, you will be able to: Compare the operation of EGPs to IGPsDescribe the use of common BGP attributes such as LOCAL-PREF, MED, AS-Path, etc.Explain why iBGP peering is no

2、rmally done between loopback addressesList and describe the JUNOS Software BGP route selection algorithmDescribe the default BGP route advertisement rulesConfigure BGPMonitor and troubleshoot BGP operation using the CLIBorder Gateway Protocol (BGP)Where we are goingWhat is BGP?BGP Fundamentals and C

3、onnectionsBGP PeeringInternal BGP (IBGP)External BGP (EBGP)When To Use BGPJUNOS Support for BGPJUNOS BGP Routing TableBasic ConfigurationMonitoring BGP OperationWhat Is BGP?BGP is an inter-domain routing protocol that communicates prefix reachabilityBGP is a “path vector” protocolBGP views the Inter

4、net as a collection of autonomous systemsBGP supports CIDRBGP routers exchange routing information between peersDefined in RFC 1771BGP FundamentalsEach BGP update contains one path advertisement and attributesMany prefixes can share the same pathRoutes consist of destination prefixes with an AS path

5、 and other BGP-specific attributesBGP compares the AS path and other attributes to choose the best pathUnreachable routes are withdrawnBGP ConnectionsBGP updates are incrementalNo regular refreshesExcept at session establishment, when volume of routing can be highBGP runs over TCP connectionsTCP por

6、t 179TCP ServicesFragmentationAcknowledgmentsChecksumsSequencingFlow ControlNo automatic neighbor discoveryBGP Neighbor StatesTCP connectivityIdleConnectActiveBGP connectivityOpenSentOpenConfirmEstablishedBGP Message TypesFour BGP message types:OpenUpdateKeepaliveNotificationMessages use a common he

7、aderBGP Attributes: Next-HopAn IP address of a BGP peerBGP next-hop must be reachable by router prior to placing an advertised route into the RIB-LOCALValue is changed by default only across EBGP linksValue is not changed by default across IBGP linksValue can be changed by a policyAttribute is alway

8、s present and is transmitted across all BGP linksBGP Attributes: LOCAL-PREFIs used to decide the preferred path out of the ASAll BGP traffic in an AS will flow toward the peer with the highest LOCAL-PREFValues are used only within an individual ASNothing is sent across EBGP linksLocal Preference Exa

9、mpleApplenet wants to use OC-12c outbound, but have OC-3c available for inbound traffic and backup outbound trafficApplenetIBGPBanananetCoconetZebranet192.168.27.0/24OC-12cOC-3cSF:LA:192.168.27.0/24192.168.27.0/24Set local_pref = 200Set local_pref = 300BGP Attributes: AS_PATHProvides a path back to

10、the source of the route, preventing routing loopsRoutes with the routers own AS number in the path must be looped; these routes will be dropped immediatelyEach router on the edge of the AS adds their AS number to the front of the path, for example:34 67 195 6743 701Attribute is always present and is

11、 transmitted across all BGP linksBGP Attributes: OriginAdded by the router that added the route to BGPDescribes where the first router received the informationI = IGP (0)E = EGP (1)? = plete (3)Attribute is always present and is transmitted across all BGP linksUse of the ORIGIN AttributeTo other AS:

12、EBGPExport Statics:10.0.0.0/8172.16.0.0/16192.168.27.0/24Export IGP:10.20.0.0/16From other AS172.31.0.0/2410.0.0.0/8 : origin IGP10.20.0.0/16 : origin IGP172.16.0.0/16 : origin IGP172.31.0.0/24 : origin IGP192.168.14.0/24 : origin IGP192.168.27.0/24 : origin IGPExport Direct:192.168.14.0/24BGP Attri

13、butes: MEDMulti-Exit-Discriminator (MED)By default, used only when there are multiple links between the same two autonomous systemsIs used to help influence the preferred path back into an ASLower the value better is the metricAttribute need not be present on a routeWhen present, it is transmitted o

14、n all BGP linksSimple MED ExampleAS1Traffic for 10.10.0.0/16Traffic for 10.20.0.0/1610.10.0.0/16 MED=1010.20.0.0/16 MED=20AS210.10.0.0/16 MED=2010.20.0.0/16 MED=10(10.10.0.0/16 nearby)(10.20.0.0/16 nearby)BGP Attributes: CommunityGeneric mechanism for tagging routesCommunities can be:Used by policy

15、to perform an action on a particular set of routes that have been tagged with a communityAdded to the community list (community add)Deleted from current community list (community delete)Set to the community list (community set)BGP PeeringBGP sessions are established between peersBGP SpeakersTwo type

16、s of peering sessionsE-BGP (external) peers with different ASsI-BGP (internal) peers within the same ASIGP connects BGP speakers within the ASIGP advertises internal routesBGP Route SelectionCan the BGP next-hop be resolved-else stopPrefer the highest LOCAL-PREF valuePrefer the shortest AS-PATH leng

17、thPrefer the lowest ORIGIN valuePrefer the lowest MED valuePrefer routes learned via EBGP over routes via IBGPPrefer routes with the lowest IGP metric7a Prefer routes from inet.3 over inet.0 7b Prefer routes with a greater number of next-hops 7c If youre doing Route Reflectors, prefer the route with

18、 the shorter cluster listPrefer routes from the peer with the lowest RID.Prefer routes from the peer with the lowest peer ID.E-BGP and I-BGPOSPFI-BGPE-BGPE-BGPCustomer AS 1ISP-X AS 2I-BGPISP-Y AS 3Customer 2No AS number;uses default routeto the InternetI-BGP Loopback InterfacesI-BGP peering is often

19、 done using loopback interfacesLoopback interfaces are more stableNot tied to a single physical pathThe AS needs an IGP so that I-BGP speakers can reach each others loopback addressRouter ARouter BAS 1Lo0: 192.168.255.2/32Full-MeshI-BGPRouter CLo0: 192.168.255.1/32Lo0: 192.168.255.3/32BGP Route Adve

20、rtisement RulesAdvertise only the active BGP routes to peersBGP next-hop must be reachableNever forward I-BGP routes to I-BGP peersPrevents loopsWithdraw routes if active BGP routes e unreachableDefault BGP Advertisement Rules(1) I-BGP advertises routes learned from E-BGP, and(2) E-BGP advertises an

21、y route learned from I-BGP or E-BGP, butI-BGPI-BGPE-BGPCustomer AS 1ISP 1 AS 2(3) I-BGP does not advertise any routes learned via I-BGPThe Need for a Full I-BGP MeshAS1AS2R11R12R13R22R23R21N22Advertise N22XXN23AdvertiseN22N23I-BGPE-BGPHow do the default rules of I-BGP/E-BGP impact AS2?N22Advertise N

22、23N23AdvertiseN22N23AdvertiseN22N23JUNOS Software Support for BGPRFC 1771, A Border Gateway Protocol 4 (BGP-4) RFC 1772, Application of the Border Gateway Protocol in the Internet RFC 1966, BGP Route Reflection: An Alternative to Full-Mesh I-BGP RFC 1997, BGP Communities Attribute RFC 2270, Using a

23、Dedicated AS for Sites Homed to a Single Provider RFC 2283, Multiprotocol Extensions for BGP-4 RFC 2385, Protection of BGP Sessions through the TCP MD5 Signature Option RFC 2439, BGP Route Flap DampingRFC 2842, Capabilities Advertisement with BGP-4RFC 3065, Autonomous System Confederations for BGP J

24、UNOS Software BGP Routing TableBGP routes are placed in the JUNOS software main routing table (inet.0)Routing table stores Routing information learned from update messagesRouting information that passes sanity check (for instance, AS Loop detection)Local routing information selected by applying loca

25、l policies to routes received in update messagesA Basic BGP Configurationrouting-options autonomous-system 64;protocols bgp group external-peer1 type external; peer-as 1; neighbor 10.0.3.6; group internal-peers type internal; local-address 192.168.24.1; neighbor 192.168.16.1; neighbor 192.168.6.1; M

26、onitoring BGP OperationSeveral commands display a wide variety of BGP information, either from the protocol itself or from BGP routesuserhost show bgp ?Possible completions: group Show the BGP group database neighbor Show the BGP neighbor database summary Show an overview of the BGP informationShow

27、bgp groupView information about a BGP groupuserhost show bgp group Group Type: Internal AS: 65412 Local AS: 65412 Name: int-peers Total peers: 1 Established: 1 192.168.16.1 Route Queue Timer: unset Route Queue: emptyGroup Type: External Local AS: 65412 Name: ext-peers Total peers: 2 Established: 1 1

28、0.0.29.1 10.0.3.6 Route Queue Timer: unset Route Queue: emptyShow BGP Neighboruserhost show bgp neighborPeer: 10.0.3.6 AS 1 Local: 10.0.3.7+179 AS 65412 Type: External State: Established Flags: Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: Holdtime: 90 Preference: 170 N

29、umber of flaps: 0 Error: Cease Sent: 1 Recv: 0 Peer ID: 192.168.28.1 Local ID: 192.168.24.1 Active Holdtime: 90 Keepalive Interval: 30 NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Table inet.0 Bit: 10001 Send state: in sync Active pre

30、fixes: 0 Received prefixes: 0 Suppressed due to damping: 0 Last traffic (seconds): Received 30 Sent 30 Checked 30 Input messages: Total 13 Updates 0 Refreshes 0 Octets 273 Output messages: Total 14 Updates 0 Refreshes 0 Octets 292 Output Queue0: 0Show BGP SummaryUse the show bgp summary command to v

31、iew basic information about all BGP neighborsGroups: 2 Peers: 3 Down peers: 1Table Tot Paths Act Paths Suppressed History Damp State Pendinginet.0 0 0 0 0 0 0inet.2 0 0 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/DwnState192.168.16.1 65412 39 40 0 0 18:41 0/0/0 10.0.3.6 1 16 17 0 0 7:15 0/0/0 10.

32、0.29.1 1 0 0 0 0 18:53 Active Show BGP Route Advertisementsshow route receive-protocol bgp Look at routes received by a peer before policy is applieduserhost show route receive-protocol bgp 11.1.1.1inet.0: 6 destinations, 6 routes (5 active, 0 holddown, 1 hidden)Prefix Nexthop MED Lclpref AS path10.

33、0.0.0/8 192.168.1.1 100 I172.16.0.0/12 172.19.1.1 100 Ishow route advertising-protocol bgp Look at routes being advertised to a specific peeruserhost show route advertising-protocol bgp 10.1.1.2inet.0: 10 destinations, 10 routes (8 active, 0 holddown, 2 hidden)Prefix Nexthop MED Lclpref AS path10.0.

34、0.0/8 Self 100 I172.16.0.0/12 Self 100 I Show BGP Routesuserhost show route protocol bgp ?Possible completions: Execute this command Destination prefix and prefix length information advertising-protocol Information transmitted by a particular routing protocol all All entries including hidden entries

35、 aspath-regex Entries learned via a specific AS path best Show longest match brief Brief view+ community A community to match, possibly including wildcards damping Entries that have been subjected to route damping detail Detailed view exact Show exact match extensive Extensive view hidden Hidden ent

36、ries inactive Inactive entries label-switched-path Entries associated with a particular LSP tunnel next-hop Entries pointing to a particular next hop output Entries sending packets out a particular interface range Show entire prefix range receive-protocol Information learned from a particular routin

37、g protocol source-gateway Entries learned from a particular router table Entries in a particular routing table terse Terse view | Pipe through a commandLooking at Specific RoutesUse the show route extensive to look at specific entries in the routing tableuserhost show route 192.168.1/24 extensive in

38、et.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both192.168.1.0/24 (1 entry, 1 announced)TSI:Path 192.168.1.0 from 10.0.18.2 Vector len 4. Val: 0 1BGP_Sync_Any dest 192.168.1.0/24 MED 0 *BGP Preference: 170/-101 Nexthop: 10.0.18.2 via so-0/1/2

39、.0, selected State: Local AS: 1 Peer AS: 10 Age: 47:59 Task: BGP_10.10.0.18.2 Announcement bits (3): 2-KRT 3-BGP.0.0.0.0+179 4-BGP_Sync_Any AS path: 10 I Localpref: 100 Router ID: 192.168.0.1Regular ExpressionsRegular expressions are a powerful pattern matching engineIt is the combination of text an

40、d special operators that make up a regular expressionRegular expressions allow for things to be found in context, not as isolated instancesUsed to match AS Paths and CommunitiesJUNOS Software AS Path Regex is not POSIX CompliantNo need for “” and “$”The “.” matches complete AS number, not a single d

41、igitCommunity Regex are POSIX compliantRegular Expression OperatorsRegular expressions take form term Operator is an optional pattern matching character that applies to a single term:Operators immediately follow the term referenced“1024? 2685”The pipe ( | ) operator is used between terms“1024 | 2685

42、”The dash ( - ) operator is used between terms“1024 2685”AS Path Regex OperatorsUsed to represent a range-Used to group terms, or indicate null with no space(),()Match one of the two terms on either side of the pipe|Match 0 or 1 repetitions of term, same as 0,1?Match 1 or more repetitions of term, s

43、ame as 1,+Match 0 or more repetitions of term, same as 0,*Match m or more repetitions of termm,Match exactly m repetitions of termmMatch at least m and at most n repetitions of term m,n.Match a complete AS numberRegex and CommunitiesCommunity regex expressions can use wildcard values of ( * ) or ( .

44、 )The ( * ) matches any single AS number or community-valueThe ( . ) matches any single digit within the AS or community-valueThe combination of these wildcards ( .* ) means something different and is considered a “complex” community regexExamples of “basic” community regex matchesAll communities fr

45、om particular AS: “as-number:*”Example: “600:*” matches all AS 600 communitiesAll AS networks with the same value: “* munity-value”Example: “*:20” matches value 20 from all AS areasAll community-values where the 3rd digit is any number:(5000, 5010, 5020, etc. up to 5090 from AS 1111)“1111:50.0”Filtering Routes With Reg-xRoutes can be filtered using AS-path and community regular expressions:labrouter show route aspath-regex () inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both10.0.0.0/24 *OS