BGP 學習
更新時間: 2007-05-24 09:38:02來源: 粵嵌教育瀏覽量:785
一、BGP FUNDAMENTALS
l With the exception of the neighbor ebgp-multihop router configuration command,the commands for configuring EBGP&IBGP are the same.
l Within as AS,BGP peers don't need to be directly connected
l router bgp command enables a BGP routing process and assigns to it a AS number
l neighbor remote-as command adds an entry to the BGP neighbor table specifying that the peer identified by a particular IP address belongs to the specified AS.
for EBGP ,neighbor IP address is usually the IP address directly connected.
for IBGP, neighbor IP address can be the IP address of any of the router's interfaces.
l To verify that BGP peers are up,use the show ip bgp neighbor, if it doesn't show that state=established,then the peers are not up. the remote router ID is the highest ip address or highest loopback interface on that router. the table version number increments by new incoming information
l clear ip bgp to reset the bgp session after make a configuration change
INTERNAL BGP
當BGP speaker收到同一個AS域中其他的BGP speaker發來的路由信息時,該BGP speaker 只通過EBGP向外部的BGP speaker發送收到的信息,所以在同一AS域中必須full meshed
loopback interface:
當使用某一物理端口作為neighbor remote-as中的地址時,若該端口不能使用,則兩個路由器將不能連通。使用loopback interface就沒有這一顧慮。
router bgp 100
neighbor 190.225.22.2 remote-as 100
neighbor 190.225.22.2 update-source loopback 0
neighbor update-source是指明用于連接的是loopback端口,而不是物理端口。
由于EBGP peers之間通常是端對端互連的,必須依賴物理端口的連接,因此較少使用loopback
EXTERNAL BGP
ip multihop:
當兩個BGP speaker之間不能直接連接時使用,這時可通過兩者的loopback端口互連,并使用neighbor ebgp-multihop,但在配置中必須加上靜態路由或起IGP,以保證兩者能互通。
!Router A
loopback interface 0
ip address 129.213.1.1
!
router bgp 100
neighbor 180.225.11.1 remote-as 300
neighbor 180.225.11.1 ebgp-multihop
neighbor 180.225.11.1 update-source loopback 0
!Router B
loopback interface 0
ip address 180.225.11.1
!
router bgp 300
neighbor 129.213.1.1 remote-as 100
neighbor 129.213.1.1 ebgp-multihop
neighbor 129.213.1.1 update-source loopback 0
EBGP LOAD BALANCING
當兩個AS之間通過多條鏈路連接時,使用neighbor ebgp-multihop,使BGP同時使用這多條鏈路,可以實現load balancing
!router A
interface loopback 0
ip address 150.10.1.1 255.255.255.0
!
router bgp 100
neighbor 160.10.1.1 remote-as 200
neighbor 160.10.1.1 ebgp-multihop
neighbor 160.10.1.1 update-source loopback 0
network 150.10.0.0
!
ip route 160.10.0.0 255.255.0.0 1.1.1.2
ip route 160.10.0.0 255.255.0.0 2.2.2.2
! router B
interface loopback 0
ip address 160.10.1.1 255.255.255.0
!
router bgp 200
neighbor 150.10.1.1 remote-as 100
neighbor 150.10.1.1 ebgp-multihop
neighbor 150.10.1.1 update-source loopback 0
network 160.10.0.0
!
ip route 150.10.0.0 255.255.0.0 1.1.1.1
ip route 150.10.0.0 255.255.0.0 2.2.2.1
SYNCHRONIZATION (no synchronization)
BGP同步規則規定如果一個AS域為另一個AS域提供傳輸服務時,則只有在該AS域中所有的路由器都通過IGP學到一條路由信息時,才將這條信息廣播出去。不使用同步,傳輸可快速一些,但可能引起數據包丟失。只有符合下列條件時可不使用同步:1、該AS不為其他兩個AS提供通道 2、 該AS域內都走BGP。
二、BGP & Route Maps
router map 與BGP一起使用時可控制路由信息,并可定義路由再分配的條件: route-map map-tag [[permit|deny]|[sequence-number]], map-tag是route-map的標識號,sequence-number是每一個route map 條件的標識號。
BGP使用route-map時,從小的sequence-number開始對應。
Match 用于定義一些必須符合的條件,set是定義當符合match中的條件時所采取的一些動作。如:
route-map mymap permit 10
match ip address 1.1.1.1
set metric 5
例:route A 與 route B走RIP,route A與route C走BGP。Route A 對從170.10.0.0來的路由設metric為2,其他為5:
!router A
router rip
network 3.0.0.0
network 2.0.0.0
network 150.10.0.0
passive-interface serial 0
redistribute bgp 100 route-map setmetric
!
router bgp 100
neighbor 2.2.2.3 remote-as 300
network 150.10.0.0
!
route-map setmetric permit 10
match ip-address 1
set metric 2
!
route-map setmetric permit 20
set metric 5
!
access-list 1 permit 170.10.0.0 0.0.255.255
若在router C上對170.10.0.0的outgoing包設community attribute為300:
!router C
router bgp 300
network 170.10.0.0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 route-map setcommunity out
!
route-map setcommunity permit 10
match ip address 1
set community 300
!
access-list 1 permit 0.0.0.0 255.255.255.255
Advertising Networks
BGP 通過三種方法對外廣播其AS內的路由信息:重分配靜態路由、重分配動態路由、用network命令。
redistributing static routes
!router c
router bgp 200
neighbor 1.1.1.1 remote-as 300
redistribute static
!
ip route 175.220.0.0 0.0.255.255 null 0
redistribute dynamic routes
有些IGP路由是通過BGP學到的,因此需用access list阻止這些路由被再分配回BGP。
!router c
router eigrp 10
network 175.220.0.0
redistribute bgp 200
redistributed connected
default-metric 1000 100 250 100 1500
!
router bgp 200
neighbor 1.1.1.1 remote-as 300
neighbor 2.2.2.2 remote-as 200
neighbor 1.1.1.1 distribute-list 1 out
redistribute eigrp 10
!
access-list 1 permit 175.220.0.0 0.0.255.255
通常應避免將BGP再分配入IGP,因為這樣會導致太多的路由注入AS中。
use the network command
在BGP中使用network命令定義AS的起始處,而在IGP中,network命令則指定起IGP的端口。
!router c
router bgp 200
neighbor 1.1.1.1 remote-as 300
network 175.220.0.0
三、BGP Decicion Algorithm
AS_path Attribute
當有更新信息通過AS 時,BGP將在前面加上自己的AS號。
Origin Attribute
路由的Origin屬性有以下三種:
IGP---路由起源于同一AS域內,用show ip bgp時由I代表
EGP---路由通過Exterior Gateway Protocol學得,用show ip bgp時由e代表。
Incomplete---路由起源未知或通過其他方式學得,用?表示
1. External BGP peering
例:
Router A in AS100
interface ethernet 5/0
ip address 222.222.10.2 255.255.255.240
router bgp 100
network 220.220.8.0 mask 255.255.255.0
neighbor 222.222.10.1 remote-as 101
neighbor 222.222.10.1 distribute-list 180 in
neighbor 222.222.10.1 distribute-list 181 out
Router B in AS101
interface ethernet 1/0/0
ip address 222.222.10.1 255.255.255.240
router bgp 101
network 220.220.16.0 mask 255.255.240.0
neighbor 222.222.10.2 remote-as 100
neighbor 222.222.10.2 distribute-list 150 in
neighbor 222.222.10.2 distribute-list 151 out
2. stable iBGP peering(peering to loopback address)
.peer with loopback address
.iBGP session is not dependent on a single interface
.loopback interface does not go down ever
例:
router A:
interface loopback 0
ip address 215.10.7.1 255.255.255.255
router bgp 100
network 220.220.1.0
neighbor 215.10.7.2 remote-as 100
neighbor 215.10.7.2 update-source loopback 0
neighbor 215.10.7.3 remote-as 100
neighbor 215.10.7