BGP 学习
一、BGP FUNDAMENTALS
l With the exception of the neighbor ebgp-multihop router configuration command,the commands for configuring EBGP&IBGP are the same.
l Within as AS,BGP peers don't need to be directly connected
l router bgp command enables a BGP routing process and assigns to it a AS number
l neighbor remote-as command adds an entry to the BGP neighbor table specifying that the peer identified by a particular IP address belongs to the specified AS.
for EBGP ,neighbor IP address is usually the IP address directly connected.
for IBGP, neighbor IP address can be the IP address of any of the router's interfaces.
l To verify that BGP peers are up,use the show ip bgp neighbor, if it doesn't show that state=established,then the peers are not up. the remote router ID is the highest ip address or highest loopback interface on that router. the table version number increments by new incoming information
l clear ip bgp to reset the bgp session after make a configuration change
INTERNAL BGP
当BGP speaker收到同一个AS域中其他的BGP speaker发来的路由信息时,该BGP speaker 只通过EBGP向外部的BGP speaker发送收到的信息,所以在同一AS域中必须full meshed
loopback interface:
当使用某一物理端口作为neighbor remote-as中的地址时,若该端口不能使用,则两个路由器将不能连通。使用loopback interface就没有这一顾虑。
router bgp 100
neighbor 190.225.22.2 remote-as 100
neighbor 190.225.22.2 update-source loopback 0
neighbor update-source是指明用于连接的是loopback端口,而不是物理端口。
由于EBGP peers之间通常是端对端互连的,必须依靠物理端口的连接,因此较少使用loopback
EXTERNAL BGP
ip multihop:
当两个BGP speaker之间不能直接连接时使用,这时可通过两者的loopback端口互连,并使用neighbor ebgp-multihop,但在配置中必须加上静态路由或起IGP,以保证两者能互通。
!Router A
loopback interface 0
ip address 129.213.1.1
!
router bgp 100
neighbor 180.225.11.1 remote-as 300
neighbor 180.225.11.1 ebgp-multihop
neighbor 180.225.11.1 update-source loopback 0
!Router B
loopback interface 0
ip address 180.225.11.1
!
router bgp 300
neighbor 129.213.1.1 remote-as 100
neighbor 129.213.1.1 ebgp-multihop
neighbor 129.213.1.1 update-source loopback 0
EBGP LOAD BALANCING
当两个AS之间通过多条链路连接时,使用neighbor ebgp-multihop,使BGP同时使用这多条链路,可以实现load balancing
!router A
interface loopback 0
ip address 150.10.1.1 255.255.255.0
!
router bgp 100
neighbor 160.10.1.1 remote-as 200
neighbor 160.10.1.1 ebgp-multihop
neighbor 160.10.1.1 update-source loopback 0
network 150.10.0.0
!
ip route 160.10.0.0 255.255.0.0 1.1.1.2
ip route 160.10.0.0 255.255.0.0 2.2.2.2
! router B
interface loopback 0
ip address 160.10.1.1 255.255.255.0
!
router bgp 200
neighbor 150.10.1.1 remote-as 100
neighbor 150.10.1.1 ebgp-multihop
neighbor 150.10.1.1 update-source loopback 0
network 160.10.0.0
!
ip route 150.10.0.0 255.255.0.0 1.1.1.1
ip route 150.10.0.0 255.255.0.0 2.2.2.1
SYNCHRONIZATION (no synchronization)
BGP同步规则规定假如一个AS域为另一个AS域提供传输服务时,则只有在该AS域中所有的路由器都通过IGP学到一条路由信息时,才将这条信息广播出去。不使用同步,传输可快速一些,但可能引起数据包丢失。只有符合下列条件时可不使用同步:1、该AS不为其他两个AS提供通道 2、 该AS域内都走BGP。
二、BGP & Route Maps
router map 与BGP一起使用时可控制路由信息,并可定义路由再分配的条件: route-map map-tag [[permitdeny][sequence-number]], map-tag是route-map的标识号,sequence-number是每一个route map 条件的标识号。
BGP使用route-map时,从最小的sequence-number开始对应。
Match 用于定义一些必须符合的条件,set是定义当符合match中的条件时所采取的一些动作。如:
route-map mymap permit 10
match ip address 1.1.1.1
set metric 5
例:route A 与 route B走RIP,route A与route C走BGP。Route A 对从170.10.0.0来的路由设metric为2,其他为5:
!router A
router rip
network 3.0.0.0
network 2.0.0.0
network 150.10.0.0
passive-interface serial 0
redistribute bgp 100 route-map setmetric
!
router bgp 100
neighbor 2.2.2.3 remote-as 300
network 150.10.0.0
!
route-map setmetric permit 10
match ip-address 1
set metric 2
!
route-map setmetric permit 20
set metric 5
!
Access-list 1 permit 170.10.0.0 0.0.255.255
若在router C上对170.10.0.0的outgoing包设community attribute为300:
!router C
router bgp 300
network 170.10.0.0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 route-map setcommunity out
!
route-map setcommunity permit 10
match ip address 1
set community 300
!
access-list 1 permit 0.0.0.0 255.255.255.255
Advertising Networks
BGP 通过三种方法对外广播其AS内的路由信息:重分配静态路由、重分配动态路由、用network命令。
redistributing static routes
!router c
router bgp 200
neighbor 1.1.1.1 remote-as 300
redistribute static
!
ip route 175.220.0.0 0.0.255.255 null 0
redistribute dynamic routes
有些IGP路由是通过BGP学到的,因此需用access list阻止这些路由被再分配回BGP。
!router c
router eigrp 10
network 175.220.0.0
redistribute bgp 200
redistributed connected
default-metric 1000 100 250 100 1500
!
router bgp 200
neighbor 1.1.1.1 remote-as 300
neighbor 2.2.2.2 remote-as 200
neighbor 1.1.1.1 distribute-list 1 out
redistribute eigrp 10
!
access-list 1 permit 175.220.0.0 0.0.255.255
通常应避免将BGP再分配入IGP,因为这样会导致太多的路由注入AS中。
use the network command
在BGP中使用network命令定义AS的起始处,而在IGP中,network命令则指定起IGP的端口。
!router c
router bgp 200
neighbor 1.1.1.1 remote-as 300
network 175.220.0.0
三、BGP Decicion Algorithm
AS_path Attribute
当有更新信息通过AS 时,BGP将在前面加上自己的AS号。
Origin Attribute
路由的Origin属性有以下三种:
IGP---路由起源于同一AS域内,用show ip bgp时由I代表
EGP---路由通过Exterior Gateway Protocol学得,用show ip bgp时由e代表。
Incomplete---路由起源未知或通过其他方式学得,用?表示
1. External BGP peering
例:
Router A in AS100
interface ethernet 5/0
ip address 222.222.10.2 255.255.255.240
router bgp 100
network 220.220.8.0 mask 255.255.255.0
neighbor 222.222.10.1 remote-as 101
neighbor 222.222.10.1 distribute-list 180 in
neighbor 222.222.10.1 distribute-list 181 out
Router B in AS101
interface ethernet 1/0/0
ip address 222.222.10.1 255.255.255.240
router bgp 101
network 220.220.16.0 mask 255.255.240.0
neighbor 222.222.10.2 remote-as 100
neighbor 222.222.10.2 distribute-list 150 in
neighbor 222.222.10.2 distribute-list 151 out
2. stable iBGP peering(peering to loopback address)
.peer with loopback address
.iBGP session is not dependent on a single interface
.loopback interface does not go down ever
例:
router A:
interface loopback 0
ip address 215.10.7.1 255.255.255.255
router bgp 100
network 220.220.1.0
neighbor 215.10.7.2 remote-as 100
neighbor 215.10.7.2 update-source loopback 0
neighbor 215.10.7.3 remote-as 100
neighbor 215.10.7
