BGP公網(wǎng)常見問題

BGP公網(wǎng)常見問題Page2BGP鄰居異常的定位思路Page3BGP鄰居無法建立常見問題BGP鄰居未使能/未配置沒有配置connect-interface本地被shutdown鄰居未協(xié)商路由問題MD5認(rèn)證/TTL錯(cuò)誤EBGP鄰居沒有ebgp-max-hop

Page4BGP有限狀態(tài)機(jī)-ConnectPage5Q1：BGP鄰居無法建立的可能原因bgp12479router-id10.34.0.12groupLEVEL1_IPV4externalpeerLEVEL1_IPV4ignore //鄰居被shutdownpeerLEVEL1_IPV4connect-interfaceLoopBack0 //沒有配置connect-interfacepeerLEVEL1_IPV4valid-ttl-hops2 //valid-ttl-hop設(shè)置錯(cuò)誤或未使能eBGP-max-hoppeerLEVEL1_IPV4passwordcipher>8*$OV‘“C1P$UV=;M\D’4A!! //MD5密碼不一致peer193.149.1.192as-number12478peer193.149.1.192groupLEVEL1_IPV4#ipv4-familyunicastundosynchronizationpeerLEVEL1_IPV4enableundopeer193.149.1.192enable //BGP鄰居未使能peer193.149.1.192groupLEVEL1_IPV4Page6Q2:本地被shutdown[RT1-bgp]displaybgppeerBGPlocalrouterID:10.34.0.12LocalASnumber:12479Totalnumberofpeers:1Peersinestablishedstate:0Peer VAS MsgRcvdMsgSentOutQ Up/DownState PrefRcv193.149.1.192 412478000 00:03:17 Idle(Admin)0[RT1-bgp]鄰居被shutdownPage7Q3:鄰居未協(xié)商[RT1-bgp]displaybgppeer //本地未在IPv4單播上使能[RT1-bgp][RT1-bgp]displaybgpvpnv4allpeerBGPlocalrouterID:10.34.0.12LocalASnumber:12479Totalnumberofpeers:1Peersinestablishedstate:0PeerVASMsgRcvdMsgSentOutQUp/DownState PrefRcv193.149.1.19241247800000:03:17 Established

0[RT1-bgp]displaybgpl2vpnpeerBGPlocalrouterID:10.34.0.12LocalASnumber:12479Totalnumberofpeers:1Peersinestablishedstate:0PeerVASMsgRcvdMsgSentOutQUp/DownState PrefRcv193.149.1.19241247800000:03:17 Noneg 0本地配置了該地址族，但鄰居未使能Page8Q4:路由問題[RT1]displayiprouting-table193.149.1.192 //沒有IGP路由[RT1][RT1]displaycurrent-configurationinterfaceLoopBack0#interfaceLoopBack0ipaddress193.149.1.191255.255.255.255#return[RT1]ping-a193.149.1.191193.149.1.192 //帶源地址ping不通鄰居PING193.149.1.192:56databytes,pressCTRL_CtobreakRequesttimeoutRequesttimeoutPage9Q5:MD5認(rèn)證/TTL錯(cuò)誤<RT1>distcpstatusremote-ip193.149.1.192TCPCBTid/SoidLocalAdd:portForeignAdd:portVPNIDState6ebdab10135/2140.0.0.0:179193.149.1.192:00Listening

*<RT1>distcpstatusremote-ip193.149.1.192TCPCBTid/SoidLocalAdd:portForeignAdd:portVPNIDState6ebdab10135/2140.0.0.0:179193.149.1.192:00Listening*55419288135/17193.149.1.140:50731193.149.1.192:1790Syn_Sent*MD5認(rèn)證TCP三次握手無法建立Page10判斷BGP鄰居中斷原因[RT1]displaybgppeer202.112.146.100log-infoPeer:202.112.146.100Date Time StateErrorNotification

2011/09/2114:09:51UTC-08:00Down4/0SendNotification2011/09/2114:04:57UTC-08:00Up[RT1]日志：Sep14201120:50:34JSXZH-MC-CMNET-RT01-XAL_NE40E%%01BGP/6/SEND_NOTIFY(l):TheroutersentaNOTIFICATIONmessagetopeer211.138.205.2.(ErrorCode=4,SubErrorCode=0,BgpAddressFamily=Public,ErrorData=NULL)鄰居發(fā)的報(bào)文未收到，本地感知錯(cuò)誤，通知鄰居斷連時(shí)間、原因等Page11BGP五種報(bào)文類型Open：能力協(xié)商（你好？）Update：路由更新/撤銷（?；?、增量更新）KeepAlive：?；?，19字節(jié)，華為缺省60秒；1/3個(gè)Hodtimer；Refresh：路由全部重發(fā)Notification：鄰居斷連Page12Page13BGP報(bào)文格式-Notification錯(cuò)誤碼1錯(cuò)誤碼子錯(cuò)誤碼錯(cuò)誤說明1BGP報(bào)文頭錯(cuò)誤1/1Marker錯(cuò)誤1/2報(bào)文長(zhǎng)度錯(cuò)誤1/3報(bào)文類型錯(cuò)誤2Open報(bào)文錯(cuò)誤2/1不支持的版本號(hào)（非BGP4版本）2/2PeerAS錯(cuò)誤(與配置不符)2/3BGPidentify錯(cuò)誤(與自己的id相同)2/4不支持的可選參數(shù)2/5鑒權(quán)失敗2/6不可接受的holdtime時(shí)間2/7不支持的協(xié)商能力(RFC3392)3UPDATE報(bào)文錯(cuò)誤0Unspecific（未使用，不可識(shí)別）3/1畸形的屬性列表(報(bào)文過大)3/2不可識(shí)別的公認(rèn)（well-known）屬性3/3缺少公認(rèn)屬性3/4屬性標(biāo)記錯(cuò)誤（標(biāo)記與類型規(guī)定不符）3/5屬性長(zhǎng)度錯(cuò)誤（長(zhǎng)度與類型規(guī)定不符）3/6無效的起源屬性（ORINGIN）3/7AS號(hào)環(huán)路3/8無效的下一跳（NEXT-HOP）屬性3/9可選屬性錯(cuò)誤3/10無效的網(wǎng)絡(luò)層信息3/11畸形的AS-PATH屬性Page14BGP報(bào)文格式-Notification錯(cuò)誤碼2錯(cuò)誤碼子錯(cuò)誤碼錯(cuò)誤說明HoldTime超時(shí)4/0HoldTime超時(shí)狀態(tài)機(jī)錯(cuò)誤5/0狀態(tài)機(jī)錯(cuò)誤Cease/

連接終結(jié)6/1路由前綴超限6/2管理員關(guān)閉6/3鄰居重新配置6/4管理員重置連接6/5拒絕連接6/6其他配置變更6/7連接沖突6/8資源不足6/9BFD通知鄰居down這兩類最常見Page15BGP狀態(tài)機(jī)故障終極方法-debugPage16BGP鄰居關(guān)系常用命令行總結(jié)displaycurrent-configurationconfigurationbgp //配置問題占絕大部分displaybgppeerverbose //有verbose就盡量用displaybgpvpnv4allpeerdisplaybgppeerx.x.x.xlog-infoping–ax.x.x.xx.x.x.x/pingx.x.x.xdisplaytcpstatusremote-ipx.x.x.xPage17BGP公網(wǎng)流量中斷的定位思路Page18BGP公網(wǎng)路由常見問題BGP路由沒收到，在BGP路由表中看不到；BGP路由收到，在BGP路由表中能看到但因下一跳不活躍(valid)；BGP路由收到，在BGP路由表中活躍，但是在IP路由表中看不到；Page19Q1：BGP路由沒收到？<MXEXRPI3>displaybgprou62.97.128.019<MXEXRPI3>檢查配置1、相應(yīng)的BGP鄰居是否Established狀態(tài)？displaybgppeer2、相應(yīng)的BGP鄰居是否發(fā)送了此路由？3、查看的路由掩碼是否錯(cuò)誤？displaybgprouting-tablex.x.x.xx.x.x.x4、檢查對(duì)應(yīng)地址族下的入口filter是否被deny？peerx.x.x.xroute-policy***importpeerx.x.x.xip-prefix***importpeerx.x.x.xas-path-filter***importpeerx.x.x.xfilter-policy***importpeerx.x.x.xroute-limit***Page20Q2：BGP路由收到，但在BGP路由表不活躍？[RT1]displaybgprouting-tablepeer202.112.146.100received-routesTotalNumberofRoutes:1BGPLocalrouterIDis202.112.146.1Statuscodes:*-valid,>-best,d-damped,h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?-incompleteNetworkNextHopMEDLocPrfPrefValPath/Ogn

i2.2.2.0/24100.112.146.1001500i[RT1]displayiprouting-table2.2.2.024verbose //IP路由表中沒有[RT1]BGP路由不活躍Page21Q2：BGP路由收到，但在BGP路由表不活躍？[RT1]displayiprouting-table100.112.146.100verbose //沒有下一跳的路由[RT1]displaybgprouting-table2.2.2.024BGPlocalrouterID:202.112.146.1LocalASnumber:100Paths:1available,0best,0selectBGProutingtableentryinformationof2.2.2.0/24:From:202.112.146.100(202.112.146.100)RouteDuration:00h05m36s

RelayIPNexthop:0.0.0.0

RelayIPOut-Interface:Originalnexthop:100.112.146.100Qosinformation:0x0AS-pathNil,originigp,localpref150,pref-val0,internal,pre255Notadvertisedtoanypeeryet迭代不到下一跳和出接口Page22Q3：BGP路由活躍，但在IP路由表中不活躍？[RT1]displaybgprouting-tablepeer202.112.146.100received-routesTotalNumberofRoutes:1BGPLocalrouterIDis202.112.146.1Statuscodes:*-valid,>-best,d-damped,h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?-incompleteNetworkNextHopMEDLocPrfPrefValPath/Ogn*>i129.1.1.0/24202.112.146.1001500I[RT1]displayiprouting-table129.1.1.0RouteFlags:R-relay,D-downloadtofibRoutingTable:PublicSummaryCount:1Destination/MaskProtoPreCostFlagsNextHopInterface129.1.1.0/24

Static600D0.0.0.0NULL0從鄰居已經(jīng)收到路由并活躍Page23Q3：BGP路由活躍，但在IP路由表中不活躍？[Quidway]displayiprouting-table129.1.1.024verboseRouteFlags:R-relay,D-downloadtofibRoutingTable:PublicSummaryCount:2Destination:129.1.1.0/24Protocol:StaticProcessID:0Preference:60Cost:0NextHop:0.0.0.0Neighbour:0.0.0.0State:ActiveAdvAge:00h00m34sTag:0Priority:mediumLabel:NULLQoSInfo:0x0IndirectID:0x0RelayNextHop:0.0.0.0Interface:NULL0TunnelID:0x0Flags:DDestination:129.1.1.0/24Protocol:BGPProcessID:0Preference:255Cost:0NextHop:202.112.146.100Neighbour:202.112.146.100State:InactiveAdvReliedAge:00h01m02sTag:0Priority:lowLabel:NULLQoSInfo:0x0IndirectID:0x2RelayNextHop:0.0.0.0Interface:Ethernet0/0/0TunnelID:0x0Flags:R[Quidway]優(yōu)先級(jí)preferenceBGP路由不活躍Page24路由表的層級(jí)Page25BGP路由常用命令行總結(jié)BGP路由表和IP路由表詳細(xì)信息同時(shí)查看，注意帶掩碼displayiprouting-tablex.x.x.xx.x.x.xverbose //IP路由詳細(xì)信息displaybgprouting-tablex.x.x.xx.x.x.x //BGP路由詳細(xì)信息displaybgprouting-tablestatistics //BGP路由總數(shù)displayiprouting-tablestatistics //IP路由總數(shù)displaybgprouting-tablepeerx.x.x.xreceived-routes//從鄰居收到的路由【注意】displaybgprouting-tablepeerx.x.x.xadvertised-routes//發(fā)給鄰居的路由當(dāng)前版本顯示的BGP路由屬性是本地存儲(chǔ)，并非是真正發(fā)送給鄰居的

Page26BGP路由屬性-選路規(guī)則（LAOMEN老男人）1、Preferred-value（大的優(yōu)先，本地有效，不傳遞，Cisco叫weight）2、Local-Preference（大的優(yōu)先）3、Aggregator>Automic-Aggregate4、AS-Path5、Origin6、MED7、eBGP>iBGP>LocalCross>RemoteCross8、Nexthop(cost)負(fù)載分擔(dān)選擇條件9、Cluster-List10、Originator-ID(Route