验证BGP的AS间路由转发及同步
2014-04-29吴刚
吴刚
摘 要: 边界网关协议BGP适合在多个AS自治系统间交换路由信息,对运营管理系统的集成和协调起着重要作用,通常对配置多个AS之间的路由转发及IBGP的路由同步存在诸多问题。通过搭建多自治系统的实验环境,在BGP网络中采用路由重发布、内部邻居设定、指定IBGP的next-hop、启用路由同步、路由汇总等方法,给出了针对所存在问题的解决方案并给予了论证。
关键词: BGP; IBGP; 自治系统; 路由重发布; 路由同步
中图分类号:TP393.2 文献标志码:A 文章编号:1006-8228(2014)03-14-03
0 引言
BGP协议适合在大的自治系统间交换路由信息,应用在这样几种环境:AS允许数据包穿过它到达其他AS;有到其他AS的多条连接;必须对进入和离开AS的数据流进行控制;典型的环境是ISP[1]。
BGP路由选择的前提条件是:路由同步、无环路、下一跳可达(优化)。
BGP路由选择判断条件比较多,判断优先顺序依如下步骤:
⑴ 选择最高的本地优先级;
⑵ 选择本路由器始发的路由(next hop=0.0.0.0);
⑶ 选择最短的AS路径;
⑷ 选择最小的起源code (IGP ⑸ 选择最小的MED; ⑹ 选择从EBGP邻居学到的路由; ⑺ 选择到达BGP下一跳最短的路由(根据IGP路由选择); ⑻ 选择从EBGP邻居学到最老的路由(oldest route:意为邻居计时器的值更大); ⑼ 选择最小的邻居路由器Router ID; ⑽ 选择最小的邻居路由器IP地址(BGP neighbor配置那个地址)[1]。 1 实验环境 用一个实验环境来验证BGP的配置、IBGP和IGP的同步、AS系统间的转发及穿透,如图1所示。 图1 BGP系统拓扑 在图1所示的实验环境中,包含三个自治系统,其中AS65100含有R2、R3、R4三台路由器,R2和R4创建IBGP邻居关系,同时,这三台路由器运行OSPF的IGP内部路由协议;为了便于路由汇总,减少AS之间的路由信息条目,AS65100内部规划的网络地址范围可以汇总为60.100.0.0/16地址段。 R1和R2是两个不同自治系统的边界网关,建立EBGP邻居关系; R4和R5是两个不同自治系统的边界网关,建立EBGP邻居关系。 2 设备配置命令序列及功能 2.1 R1配置 interface Loopback0 ip address 60.202.11.1 255.255.255.0 interface FastEthernet0/0 ip address 60.200.12.1 255.255.255.0 router bgp 65202 synchronization network 60.202.11.0 mask 255.255.255.0 !!通告本系统中的网络段,不通告AS外部连接网络段 neighbor 60.200.12.2 remote-as 65100 no auto-summary[3] 2.2 R2配置 interface FastEthernet0/0 ip address 60.100.23.2 255.255.255.0 interface FastEthernet0/1 ip address 60.200.12.2 255.255.255.0 router ospf 1 !!AS65100系统内部使用OSPF路由协议 redistribute bgp 65100 metric 1000 subnets !!为了使EBGP传播的路由信息和IBGP保持同步,需要把EBGP路由再发布到OSPF路由信息中。 network 60.100.23.0 0.0.0.255 area 0 ! router bgp 65100 bgp log-neighbor-changes neighbor 60.100.34.4 remote-as 65100 neighbor 60.200.12.1 remote-as 65202 neighbor 60.100.34.4 next-hop-self !!IBGP保持路由条目的下一跳信息,IBGP邻居收到的路由下一跳是不可达的外部AS网关,所以通告IBGP邻居,EBGP的下一跳路由指向自己,这是可达的路由条目。 no auto-summary synchronization !!启用同步功能,防止路由黑洞 network 60.100.0.0 mask 255.255.0.0 !!向外部AS系统通告一条汇总的网段 ip route 60.100.0.0 255.255.0.0 Null0 !!需要在IGP表中构造一条对应的汇总网段路由,不然就不能用network通告汇总路由[2]。
2.3 R3配置
interface FastEthernet0/0
ip address 60.100.34.3 255.255.255.0
interface FastEthernet0/1
ip address 60.100.23.3 255.255.255.0
router ospf 1
network 60.100.23.0 0.0.0.255 area 0
network 60.100.34.0 0.0.0.255 area 0
R3中不需要运行BGP协议建立网状的IBGP邻居关系,BGP协议运行在TCP协议中,可以通过IGP路由传递,只要本AS中的边界网关互相建立IBGP邻居关系就可。
2.4 R4配置
interface FastEthernet0/0
ip address 60.100.34.4 255.255.255.0
interface FastEthernet0/1
ip address 60.201.45.4 255.255.255.0
router ospf 1
log-adjacency-changes
redistribute bgp 65100 metric 1000 subnets
network 60.100.34.0 0.0.0.255 area 0
router bgp 65100
bgp log-neighbor-changes
neighbor 60.100.23.2 remote-as 65100
neighbor 60.201.45.5 remote-as 65203
neighbor 60.100.23.2 next-hop-self
no auto-summary
synchronization
network 60.100.0.0 mask 255.255.0.0
ip route 60.100.0.0 255.255.0.0 Null0
2.5 R5配置
interface Loopback0
ip address 60.203.55.5 255.255.255.0
interface FastEthernet0/0
ip address 60.201.45.5 255.255.255.0
router bgp 65203
synchronization
network 60.203.55.0 mask 255.255.255.0
neighbor 60.201.45.4 remote-as 65100
no auto-summary
3 实验结果输出信息
3.1 R4输出信息
R4上显示TCP连接:
R4#show tcp brief
TCB Local Address Foreign Address (state)
66702968 60.100.34.4.179 60.100.23.2.45640 ESTAB
675625E0 60.201.45.4.46746 60.201.45.5.179 ESTAB
标明BGP通过TCP的179端口建立了连接。
R4上显示BGP邻居信息:
R4#show ip bgp neighbor
BGP neighbor is 60.100.23.2, remote AS 65100, internal link
BGP version 4, remote router ID 60.200.12.2
BGP state=Established, up for 00:41:03
BGP neighbor is 60.201.45.5, remote AS 65203, external link
BGP version 4, remote router ID 60.203.55.5
BGP state=Established, up for 00:41:06
IBGP邻居和EBGP邻居都已经建立起来了。
显示邻居摘要信息:
R4#show ip bgp summary
BGP router identifier 60.201.45.4, local AS number 65100
BGP table version is 5, main routing table version 5
3 network entries using 360 bytes of memory
4 path entries using 208 bytes of memory
5/3 BGP path/bestpath attribute entries using 620 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
60.100.23.2 4 65100 51 51 5 0 0 00:45:05 2
60.201.45.5 4 65203 49 49 5 0 0 00:44:56 1
查看BGP表信息:
R4#show ip bgp
BGP table version is 5, local router ID is 60.201.45.4
Status codes: s suppressed, d damped, h history,
* valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i60.100.0.0/16 60.100.23.2 0 100 0 i
*> 0.0.0.0 0 32768 i
r>i60.202.11.0/24 60.100.23.2 0 100 0 65202 i
*> 60.203.55.0/24 60.201.45.5 0 0 65203 i
r>i60.202.11.0/24这一项中,“r”表明选用了IGP的路由,BGP路由加入路由表失效,但是“>”表示是最优路由,仍然可以传递给外部EBGP。紧接着的“i”表示是IBGP传递过来的路由[4]。
R4#show ip route
60.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 60.100.23.0/24 [110/20] via 60.100.34.3, 00:49:10,
FastEthernet0/0
S 60.100.0.0/16 is directly connected, Null0
C 60.100.34.0/24 is directly connected, FastEthernet0/0
B 60.203.55.0/24 [20/0] via 60.201.45.5, 00:48:29
C 60.201.45.0/24 is directly connected, FastEthernet0/1
O E2 60.202.11.0/24 [110/1000] via 60.100.34.3, 00:49:10,
FastEthernet0/0
R4#
3.2 R1输出信息
R1#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>60.100.0.0/16 60.200.12.2 0 0 65100 i
*>60.202.11.0/24 0.0.0.0 0 32768 i
*>60.203.55.0/24 60.200.12.2 0 65100 65203 i
R1#show ip route
60.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 60.100.0.0/16 [20/0] via 60.200.12.2, 01:01:53
B 60.203.55.0/24 [20/0] via 60.200.12.2, 01:00:25
C 60.200.12.0/24 is directly connected, FastEthernet0/0
C 60.202.11.0/24 is directly connected, Loopback0
R1#ping 60.203.55.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.203.55.5,
timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
缺省情况下,R1去ping AS65203的网段,是用物理接口地址60.200.12.1,而这个网段在另外两个AS系统中是没有路由条目的,也不必要去通告这条AS系统间的网段,所以是ping 不通的。
R1#ping 60.203.55.5 source 60.202.11.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.203.55.5,
timeout is 2 seconds:
Packet sent with a source address of 60.202.11.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max
=172/258/332 ms
根据source来指定的源地址是AS65202内部的网段,这是BGP对外通告的网段,在另外两个AS是有BGP路由,可以顺利ping通。
3.3 R2输出信息
R2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
* i60.100.0.0/16 60.100.34.4 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 60.202.11.0/24 60.200.12.1 0 0 65202 i
r>i60.203.55.0/24 60.100.34.4 0 100 0 65203 i
可以获取两个EBGP的路由。
R2#show ip route
60.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 60.100.23.0/24 is directly connected, FastEthernet0/0
S 60.100.0.0/16 is directly connected, Null0
O 60.100.34.0/24 [110/20] via 60.100.23.3, 01:02:29,
FastEthernet0/0
O E2 60.203.55.0/24 [110/1000] via 60.100.23.3,
01:01:36, FastEthernet0/0
C 60.200.12.0/24 is directly connected, FastEthernet0/1
B 60.202.11.0/24 [20/0] via 60.200.12.1, 01:03:04
R2#
3.4 R3输出信息
R3#show ip route
60.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 60.100.23.0/24 is directly connected, FastEthernet0/1
O E2 60.100.0.0/16 [110/1000] via 60.100.34.4, 01:04:22,
FastEthernet0/0
[110/1000] via 60.100.23.2, 01:04:22, FastEthernet0/1
C 60.100.34.0/24 is directly connected, FastEthernet0/0
O E2 60.203.55.0/24 [110/1000] via 60.100.34.4,
01:03:30, FastEthernet0/0
O E2 60.202.11.0/24 [110/1000] via 60.100.23.2,
01:04:22, FastEthernet0/1
R3#
3.5 R5输出信息
R5#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 60.100.0.0/16 60.201.45.4 0 0 65100 i
*> 60.202.11.0/24 60.201.45.4 0 65100 65202 i
*> 60.203.55.0/24 0.0.0.0 0 32768 i
可以正常获得AS65202的路由信息,并加入到路由表中。
R5#show ip route
B 60.100.0.0/16 [20/0] via 60.201.45.4, 01:04:56
C 60.203.55.0/24 is directly connected, Loopback0
C 60.201.45.0/24 is directly connected, FastEthernet0/0
B 60.202.11.0/24 [20/0] via 60.201.45.4, 01:04:56
4 结束语
本文对BGP的多AS系统路由配置方案解决了如下问题:AS系统内的IGP和IBGP的同步;AS系统间的路由转发;ping 通各AS内部网络。因为BGP不同的自治系统可能分属于不同的运营商,所以路由转发需要控制过滤,不同的自治系统还需要认证。对于多种属性灵活控制选路,以及BGP的路由黑洞解决办法等技术还有待进一步研究论证。
参考文献:
[1] 程庆梅.创建高级路由型互联网[M].机械工业出版社,2012.
[2] 程庆梅.创建高级路由型互联网实训手册[M].机械工业出版社,2012.
[3] 斯桃枝.路由协议与交换技术[M].清华大学出版社,2012.
[4] 庞玲.边界路由器BGP协议的脆弱性[J].计算机系统应用,2013.22
(1):157-161
