網(wǎng)絡(luò)設(shè)備安裝與調(diào)試chp10bgp課件

1、邊界網(wǎng)關(guān)路由協(xié)議BGP教學(xué)目標(biāo)（ Objectives ）1.BGP概念和術(shù)語(yǔ)（ Concepts and Terminology ）2. BGP特征（BGP Characteristics）3. EBGP and IBGP4. BGP路由匯總（ Route Summarization）5. BGP路徑屬性（BGP Path Attributes）6. BGP選路判定（Selecting a BGP Path）第一節(jié) BGP基本原理和基本配置使用BGP連接到Internet（Using BGP to Connect to the Internet）BGP自治系統(tǒng)（BGP Autonomous

2、Systems）AS是一組被統(tǒng)一管理的路由器，他們使用相同的內(nèi)部網(wǎng)關(guān)路由協(xié)議和統(tǒng)一的度量值來(lái)決定在AS內(nèi)部路由數(shù)據(jù)包，并使用EGP決定如何把數(shù)據(jù)包路由到其他的AS。An AS is a collection of networks under a single technical administration.AS.IGP在一個(gè)AS內(nèi)操作（IGPs operate within an）BGP在AS之間操作。（BGP is used between autonomous systems. ）確保無(wú)環(huán)路的路由信息的交換（Exchange of loop-free routing informati

3、on is guaranteed.）路徑向量路由（BGP Path-Vector Routing）IGP通告網(wǎng)絡(luò)，并描述到達(dá)這些網(wǎng)絡(luò)的度量值IGPs announce networks and describe the metric to reach those networks. BGP通告路徑和網(wǎng)絡(luò)的可達(dá)信息。BGP通過(guò)屬性（類似度量值）來(lái)描述路徑信息BGP announces paths and the networks that are reachable at the end of the path. BGP describes the path by using attribute

4、s, which are similar to metrics.BGP允許管理員定義策略來(lái)決定數(shù)據(jù)怎樣通過(guò)ASBGP allows administrators to define policies or rules for how data will flow through the autonomous systems.BGP路由策略（BGP Routing Policies）BGP路由選擇采用逐跳模式BGP can support any policy conforming (一致) to the hop-by-hop (AS-by-AS) routing paradigm.BGP特征（

5、BGP Characteristics）當(dāng)至少滿足下面的至少一個(gè)條件時(shí)，最適合使用BGPBGP is most appropriate when at least one of the following conditions exists:一個(gè)AS允許數(shù)據(jù)包穿越它到達(dá)另外的AS,如ISPAn AS allows packets to transit through it to reach other autonomous systems (for example, it is a service provider).一個(gè)AS到其他的AS有多個(gè)連接An AS has multiple conn

6、ections to other autonomous systems.必須對(duì)進(jìn)入和離開(kāi)AS的流量的路由策略和路由選擇方式進(jìn)行控制Routing policy and route selection for traffic entering and leaving the AS must be manipulated.BGP特征（BGP Characteristics）滿足下列條件之一的，不適合使用BGP:BGP is not always appropriate. You do not have to use BGP if you have one of the following cond

7、itions:對(duì)路由過(guò)濾和BGP路徑選擇過(guò)程的理解有限Limited understanding of route filtering and BGP path-selection process到其他AS只有一條路徑A single connection to the Internet or another AS路由器沒(méi)有足夠的能力處理連續(xù)的BGP更新Lack of memory or processor power to handle constant updates on BGP routers BGP特征（BGP Characteristics）BGP是路徑向量協(xié)議，比距離向量提升的特

8、征如下：BGP is a path-vector protocol with the following enhancements over distance vector protocols:可靠更新：運(yùn)行在TCP的179端口Reliable updates: runs on top of TCP (port 179)僅僅是增量和觸發(fā)更新Incremental, triggered updates only定期的keepalive消息驗(yàn)證TCP的連接Periodic keepalive messages to verify TCP connectivity豐富的屬性Rich metrics

9、(called path vectors or attributes)被設(shè)計(jì)用于巨型網(wǎng)絡(luò)Designed to scale to huge internetworks (for example, the Internet)BGP數(shù)據(jù)庫(kù)（BGP Databases）鄰居表 （Neighbor table）List of BGP neighbors show ip bgp neighbors show ip bgp summary BGP表 （BGP table ，forwarding database) show ip bgp 列出從每個(gè)鄰居學(xué)到的所有網(wǎng)絡(luò)List of all networks

10、 learned from each neighbor可以包含到達(dá)目的網(wǎng)絡(luò)的多條路徑Can contain multiple paths to destination networks 每條BGP路徑都包含屬性Contains BGP attributes for each pathIP路由表（ IP routing table ）show ip routeList of best paths to destination networks列出到達(dá)目的網(wǎng)絡(luò)的最佳路徑對(duì)等體=鄰居（Peers = Neighbors）“BGP peer”用于已經(jīng)形成鄰居關(guān)系的BGP發(fā)言者的特定的術(shù)語(yǔ)A “BGP

11、peer” also known as a “BGP neighbor,” is a specific term that is used for BGP speakers that have established a neighbor relationship. 兩臺(tái)路由器形成TCP連接，并且交換BGP的路由信息，就稱為BGP對(duì)等體或鄰居Any two routers that have formed a TCP connection to exchange BGP routing information are called BGP peers or BGP neighbors.Exte

12、rnal BGP當(dāng)運(yùn)行BGP的鄰居屬于不同的AS時(shí)，稱為EBGPWhen BGP is running between neighbors that belong to different autonomous systems, it is called EBGP.默認(rèn)情況下，EBGP的鄰居需要直接連接EBGP neighbors, by default, need to be directly connected.Internal BGP當(dāng)運(yùn)行BGP的鄰居屬于相同的AS時(shí)，稱為IBGPWhen BGP is running between neighbors within the same

13、AS, it is called IBGP.IBGP的鄰居不需要直接連接The neighbors do not have to be directly connected.IBGP in a Transit（中轉(zhuǎn)） AS (ISP)不推薦將BGP路由重分布到IGP中，替代的是，在所有的路由器上運(yùn)行IBGPRedistributing BGP into an IGP (OSPF in this example) is not recommended. Instead, run IBGP on all routers.非傳遞區(qū)域IBGP鄰居關(guān)系（IBGP Neighbor in a NonTra

14、nsit AS）IBGP水平分割原則（ IBGP Split Horizon Rule ）IBGP水平分割原則:默認(rèn)情況下，從IBGP學(xué)到的路由，不再傳遞給其他的IBGP鄰居,所以需要全互聯(lián)的IBGPIBGP Split Horizon Rule：By default, routes learned via IBGP are never propagated to other IBGP peers, so they need full-mesh IBGP.Routing Issues If BGP Not on in All Routers in Transit Path路由器將丟棄去往10.

15、0.0.0網(wǎng)絡(luò)的數(shù)據(jù)包。因?yàn)槁酚善鰿沒(méi)有運(yùn)行IBGP,因此他沒(méi)有從路由器B學(xué)到該路由Router C will drop the packet to network . Router C is not running IBGP; therefore, it has not learned about the route to network from router B.本例中，路由器B和E沒(méi)有把BGP重分布到OSPF中In this example, router B and router E are not redistributing BGP into O

16、SPF.解決方案（Resolution）Solution 1: full mesh（邏輯全互聯(lián)）對(duì)路由器的資源和帶寬的使用都成為負(fù)擔(dān)，管理任務(wù)也很重Become a burden on router resources, bandwidth usage, and administrative overhead如果IBGP路由器的個(gè)數(shù)為n，TCP和BGP的連接是n(n-1)/2 If the number of IBGP routers is n, then the number of TCP and BGP connections is n(n-1)/2Solution 2: route re

17、flectors (RR,路由反射器)類似OSPF中的DR和BDR的特征This approach similar to OSPFs DR/BDR feature推薦在每個(gè)路由器有100個(gè)會(huì)話以上時(shí)使用Recommend only for AS that support approximately more than 100 sessions per routerBGP命令（BGP Commands）router bgp autonomous-systemRouter(config)#這條命令僅僅是進(jìn)入路由配置模式，必須執(zhí)行子命令才能激活BGP進(jìn)程This command enters rou

18、ter configuration mode only; subcommands must be entered to activate BGP.在一臺(tái)路由器上只能配置一個(gè)BGP進(jìn)程O(píng)nly one instance of BGP can be configured on the router.AS號(hào)用來(lái)識(shí)別路由器屬于哪個(gè)ASThe autonomous system number identifies the autonomous system to which the router belongs.通過(guò)比較該命令的和鄰居陳述的AS號(hào)碼，路由器可以確定鄰居是內(nèi)部鄰居還是外部鄰居The aut

19、onomous system number in this command is compared to the autonomous system numbers listed in neighbor statements to determine if the neighbor is an internal or external neighbor.BGP neighbor命令（BGP neighbor remote-as Command）neighbor ip-address | peer-group-name remote-as autonomous-systemRouter(conf

20、ig-router)#該命令激活與鄰居的BGP會(huì)話The neighbor command activates a BGP session with this neighbor. IP地址是BGP發(fā)往鄰居的所有數(shù)據(jù)包的目的地址The IP address that is specified is the destination address of BGP packets going to this neighbor.在建立BGP關(guān)系之前，要確保該IP地址可達(dá)This router must have an IP path to reach this neighbor before it ca

21、n set up a BGP relationship. remote-as參數(shù)指明鄰居路由器所在的ASThe remote-as option shows what AS this neighbor is in. IBGP和EBGP都是用該命令建立鄰居關(guān)系This command is used for both external and internal neighbors.BGP neighbor命令舉例（Example: BGP neighbor Command）BGP network命令（BGP network Command）network network-number mask

22、network-mask route-map map-tag Router(config-router)#該命令告訴BGP通告什么網(wǎng)絡(luò)This command tells BGP what network to advertise.該命令不是在接口上啟用BGP協(xié)議The command does not activate the protocol on an interface.沒(méi)有mask選項(xiàng)，該命令通告有類別的網(wǎng)絡(luò)，如果路由表中存在子網(wǎng)路由，有類地址也可以被通告，前提是開(kāi)啟自動(dòng)匯總，自動(dòng)匯總本地生效Without a mask option, the command advertises

23、classful networks. If a subnet of the classful network exists in a routing table, the classful address is announced.如果有mask參數(shù)，BGP在通告之前要最精確匹配本地的路由條目With the mask option, BGP looks for an exact match in the local routing table before announcing the route.實(shí)例：BGP network命令（Example: BGP network Command）

24、network mask Router(config-router)#在路由表中精確查找/24 ，如果不匹配，就不通告The router looks for exactly /24 in the routing table, but cannot find it, so it will not announce anything. network mask Router(config-router)#路由器在路由表中精確查找/16路

25、由條目The router looks for exactly /16 in the routing table.如果路由表中沒(méi)有匹配的路由，你可以通過(guò)添加指向null0的路由，以便能夠被宣告。If the exact route is not in the table, you can add a static route to null0 so that the route can be announced.Case Study1：BGP基本配置第二節(jié) IBGP和EBGPBGP更新源問(wèn)題(BGP Issues with Source IP Address)當(dāng)創(chuàng)建BGP

26、分組時(shí)，目的地址是鄰居后指定的地址，源地址是出接口的地址When creating a BGP packet, the neighbor statement defines the destination IP address and the outbound interface defines the source IP address.當(dāng)從一個(gè)新的BGP會(huì)話收到BGP數(shù)據(jù)包時(shí)，將數(shù)據(jù)包的源地址與鄰居指定的地址比較：When a BGP packet is received for a new BGP session, the source address of the packet is

27、compared to the list of neighbor statements:如果地址匹配，鄰居關(guān)系形成If a match is found, a relationship is established.如果不匹配，忽略數(shù)據(jù)包If no match is found, the packet is ignored.必須確定源地址和neighbor命令指定的地址匹配，否則鄰居關(guān)系不能建立Make sure that the source IP address matches the address that the other router has in its neighbor st

28、atement.指定BGP鄰居更新源的命令（BGP neighbor update-source Command）neighbor ip-address | peer-group-name update-source interface-type interface-numberRouter(config-router)#該命令將允許BGP進(jìn)程使用指定接口的IP地址作為BGP的更新源This command allows the BGP process to use the IP address of a specified interface as the source IP address

29、 of all BGP updates to that neighbor.通常使用環(huán)回接口（A loopback interface is usually used）正常情況下，通常在建立IBGP鄰居關(guān)系的使用該命令（The neighbor update-source command is normally used only with IBGP neighbors.）EBGP鄰居的地址通常是直連，而使用環(huán)回接口作為更新源并沒(méi)有直連The address of an EBGP neighbor must be directly connected by default; the loopba

30、ck of an EBGP neighbor is not directly connected.使用環(huán)回接口作為更新源的例子（Example: BGP Using Loopback Addresses）EBGP多跳命令（BGP neighbor ebgp-multihop Command）neighbor ip-address | peer-group-name ebgp-multihop ttl Router(config-router)#該命令解決了默認(rèn)是EBGP只有一跳的限制This command increases the default of one hop for EBGP p

31、eers.能夠路由到EBGP環(huán)回接口地址It allows routes to the EBGP loopback address 可以使得跳數(shù)大于1 Which will have a hop count greater than 1.EBGP多跳舉例（Example: ebgp-multihop Command）下一跳行為（Next-Hop Behavior）BGP是逐AS的路由協(xié)議，而不是逐路由器路由協(xié)議BGP is an AS-by-AS routing protocol, not a router-by-router routing protocol. 在BGP中下一跳并不意味著下一

32、個(gè)路由器，而是到達(dá)下一個(gè)AS的IP地址In BGP, the next hop does not mean the next router; it means the IP address to reach the next AS.對(duì)于EBGP,默認(rèn)下一跳發(fā)送更新的鄰居路由器的IP地址For EBGP, the default next hop is the IP address of the neighbor router that sent the update.對(duì)于IBGP，被EBGP通告的下一跳地址將被攜帶到IBGP 中For IBGP, the BGP protocol states

33、 that the next hop advertised by EBGP should be carried into IBGP.下一跳行為舉例（Example: Next-Hop Behavior）Router A advertisesnetwork torouter B in EBGP, with a next hop of .Router B advertises in IBGP torouter C, keeping as the next-hop address.BGP鄰居下一跳自我命令（BGP ne

34、ighbor next-hop-self Command）強(qiáng)制對(duì)這個(gè)鄰居的更新使用自己作為下一跳Forces all updates for this neighbor to beadvertised with this router as the next hop.使用next-hop-self參數(shù)的下一跳地址是BGP的更新源The IP address used for the next-hop-self option will be the same as the source IP address of the BGP packet.neighbor ip-address | peer

35、-group-name next-hop-selfRouter(config-router)#下一跳自我配置舉例（Example: next-hop-self Configuration）RouterA#sh ip bgp neighborsBGP neighbor is , remote AS 64998, external link BGP version 4, remote router ID BGP state = Established, up for 00:19:10 Last read 00:00:10, last write 00:00

36、:10, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 7 7 Notifications: 0 0 Updates: 13 38 show ip bgp

37、neighbors CommandCase Study2：IBGP和EBGP配置第三節(jié) BGP路由匯總CIDR和地址聚合（CIDR and Aggregate Addresses）BGP4是無(wú)類路由協(xié)議，支持VLSM和最長(zhǎng)路由匹配，在每個(gè)網(wǎng)絡(luò)更新中，攜帶掩碼信息。 BGP4 is classless,supports VLSM and longest match routing, and carries a network mask for each network in the update.網(wǎng)絡(luò)邊界匯總（Network Boundary Summarization）no auto-summ

38、aryRouter(config-router)# network network-number mask network-maskRouter(config-router)#BGP network Commandip route prefix mask null0Router(config)#使用network命令要慎重（Cautions about Network Statement）使用network命令和指向null0的靜態(tài)路由實(shí)現(xiàn)BGP路由匯總。BGP Summarization Using the network Command and Static Route to Null0。

39、配置BGP地址聚合（Configuring BGP for Aggregate Addressing）aggregate-address ip-address mask summary-only as-setRouter(config-router)#使用aggregate-address命令（Using the aggregate-address Command）Network /22 *s s s s Next Hop

40、 LocPrfWeight 32768 32768 32768 32768 32768 Path i i i i iMetric 0 0 0 0 0routerC# show ip bgpBGP table version is 28, local router ID is Status codes: s = suppressed, * = valid, = best, and i = internalOrigin codes : i = IGP, e = EGP, and ? = incompleteCase Study3：BGP路由匯總配置

41、第四節(jié) BGP路徑選擇BGP路徑屬性（BGP Path Attributes）BGP度量值也叫路徑屬性BGP metrics are called path attributes.路徑屬性的特征包括： （Characteristics of path attributes include:）公認(rèn)對(duì)可選Well-known versus optional必遵對(duì)自決Mandatory versus discretionary可傳遞對(duì)對(duì)非可傳遞Transitive versus nontransitive公認(rèn)屬性（Well-known attributes）公認(rèn)屬性（Well-known attri

42、butes）所有的BGP實(shí)現(xiàn)都必須識(shí)別這些屬性Must be recognized by all compliant BGP implementations被傳遞給其他的BGP鄰居Are propagated to other neighbors公認(rèn)必遵（Well-known mandatory attributes）必須出現(xiàn)在所有的更新中Must be present in all update messages公認(rèn)自決（Well-known discretionary attributes）可以不出現(xiàn)在更新中May be present in update messages任選屬性（Opt

43、ional attributes）任選屬性（Optional attributes）可以被某些BGP實(shí)現(xiàn)所識(shí)別（可能是私有），但是不是期望被所有的BGP路由器識(shí)別They are recognized by some implementations (could be private); but expected not to be recognized by all BGP routers.識(shí)別的可選屬性基于他們的含義被傳遞到其他的鄰居Recognized optional attributes are propagated to other neighbors based on their

44、 meaning. 任選可傳遞（Optional transitive attributes）如果不識(shí)別，標(biāo)記為部分，然后傳給其他的鄰居(If not recognized, marked as partial and propagated to other neighbors) 任選不可傳遞（Optional nontransitive attributes）不識(shí)別，就丟棄（Discarded if not recognized）BGP屬性（BGP Attributes）BGP屬性包括如下：BGP attributes include the following:AS path * AS路徑

45、Next-hop * 下一跳Origin * 起源Local preference 本地優(yōu)先級(jí)MED 多出口區(qū)分Others* Well-known mandatory attributeAS Path屬性（AS Path Attribute）路由所經(jīng)過(guò)的AS序列：A list of autonomous systems that a route has traversed:For example, on router B, the path to is the AS sequence (65500, 64520).AS path是公認(rèn)必遵屬性The AS path a

46、ttribute is well-known, mandatory.僅當(dāng)路由器通告給EBGP鄰居時(shí)，才會(huì)加上自己的AS號(hào)，通告給IBGP鄰居時(shí)，不會(huì)修改AS PATH屬性下一跳屬性（Next-Hop Attribute）到達(dá)指定網(wǎng)絡(luò)下一個(gè)AS的IP地址The IP address of the next AS to reach a given network:Router A advertises network torouter B in EBGP, with anext hop of .Router B advertises i

47、n IBGP torouter C, keeping as the next-hop address.下一跳是公認(rèn)必遵的屬性The next-hop attribute is well-known, mandatory.起源屬性（Origin Attribute）IGP (i)network commandEGP (e)從EGP重分布（Redistributed from EGP）Incomplete (?)從IGP或靜態(tài)重分布（Redistributed from IGP or static）起源屬性通知網(wǎng)絡(luò)上所有AS路由是怎樣放到BGP中的The origin attr

48、ibute informs all autonomous systems in the internetwork how the prefixes were introduced into BGP.起源是公認(rèn)必遵的屬性The origin attribute is well-known, mandatory.起源屬性實(shí)例（Example: Origin Attribute）RouterA# show ip bgpBGP table version is 14, local router ID is Status codes: s suppressed, d damped,

49、 h history, * valid, best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path* /24 0 32768 i* i 0 100 0 i* /24 0 32768 i*i/24 0 100 0 i* /24 0 649

50、98 64997 i* 0 64999 64997 i* i 0 100 0 64999 64997 i* /24 0 0 64998 i* 0 64999 64998 i* i 0 100 0 64998 ir /24 0 0 64998 ir 0 64999 64998 ir i 0 100 0 64998 i* /24 0 0 64998 i本地優(yōu)先級(jí)屬性（Local Preference Attribute）本地優(yōu)先級(jí)屬性用于通告給IBGP鄰居怎樣離開(kāi)本ASLocal preference is used to advertise to IBGP neighbors about how to leave their AS.只通告給IBGP鄰居，AS內(nèi)有效The local preference is sent to IBGP ne