1.BGP為了保證可靠性使用TCP作為其承載協定,使用TCP 179号端口号,可跨越多跳路由器建立鄰居關系。
2.由于使用單點傳播建立連接配接使BGP隻能手動制定鄰居。
3.AS編号:09年1月之前:公有1-64511,私有64512-65534
09年1月之後:4位元組表示AS,65536-4294967295。
4.BGP分為兩種:EBGP用于建立不同AS中的路由器之間的鄰居關系,IBGP用于建立同一AS中路由器之間的鄰居關系。
5.BGP路由生成方式有兩種:
一Network,逐條引入,将IP路由表中的已經存在的路由引入BGP路由表中;
二Import,适用于路由條目較多,根據路由類型(OSPF,Direct,static)引入。
6.BGP路由通告四原則:
一、隻将自己最優路由釋出給鄰居;
二、将通過從EBGP獲得的最優路由釋出給所有BGP鄰居;
三、通過IBGP獲得最優路由不釋出給IBGP鄰居(為防環路産生);
四、BGP與IGP同步(一條從IBGP鄰居學到的路由在釋出給一個BGP鄰居之前,通過IGP必須知道該路由);
7.配置BGP之前必須先配置IGP.
8.華為路由器中預設BGP和IGP的同步檢查是關閉的,可以直接通告,不需直接打開。
9.BGP的四大屬性:公認:所有BGP路由器必須識别并支援的屬性 可選:不必所有路由器都能識别的屬性
Well-known Mandatory(公認必遵):Origin、AS-Path、Next-hop 必須包含在Update消息中
Well-known Discretionatory(公認可選):Local-Pre、Atomic-aggregate 不必包含在Update消息中
Optional Transitive(可選過渡):Aggregator、Community 路由器不能識别但是可以接受并轉發
Optional Non-Transitive(可選非過渡):MED 可以忽略并不轉發
10.Local-Pre屬性隻在IBGP之間有效,判斷離開AS時最優路由,預設100,越大越優先。
11.MED屬性僅在相鄰兩個AS之間傳遞,判斷進入AS的最佳路由,預設為0,越小越優先。
12.Community屬性:團體屬性,用來區分不同網段的使用者。
13.BGP路由聚合中一是将多條路由聚合成一條路有減輕了路由器負擔,二是隐藏了AS-Path資訊易産生環路。
14.自動聚合隻對import入BGP中的路由進行聚合,然後發給鄰居。
15.BGP通常用在骨幹網上。
配置IBGP和EBGP
R1:
#
router id 10.0.1.1
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.14.1 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
bgp 64512
timer keepalive 30 hold 90 //設定keepalive和hold時間
peer 10.0.2.2 as-number 64512 //建立IBGP對等體關系
peer 10.0.2.2 connect-interface LoopBack0
//建立IBGP關系一般使用loopback0口,但是loopback0是虛拟接口,需要強制指定使用此接口建立關系
peer 10.0.3.3 as-number 64512
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.4.4 as-number 64513 //建立EBGP對等體關系
peer 10.0.4.4 ebgp-max-hop 2
//若使用loopback口建立EBGP連接配接必須配置此指令,EBGP封包中的TTL預設為1,無此指令發送的資料包會被丢棄。因為loopback口是虛拟的且非直連,中間有2跳。預設情況下通過實體接口建立連接配接。
peer 10.0.4.4 connect-interface LoopBack0 //使用loopback口就得強制指定
#
ipv4-family unicast
undo synchronization
peer 10.0.2.2 enable
peer 10.0.2.2 next-hop-local
//由BGP屬性Next_hop的性質,當BGP路由器向IBGP鄰居通告從EBGP學到的路由時不改變下一跳,隻有配置此條指令才能讓IBGP鄰居學到正确的下一跳
peer 10.0.3.3 enable
peer 10.0.3.3 next-hop-local
peer 10.0.4.4 enable
#
ospf 1
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.12.1 0.0.0.0
#
ip route-static 10.0.4.4 255.255.255.255 10.0.14.4
//因為R1和R4通過loopback口建立EBGP關系,而loopback口非直連,故通過配置靜态路由為BGP服務,使BGP在釋出路由時能釋出正确的下一跳資訊
#
R2:
#
router id 10.0.2.2
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.2 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
bgp 64512
peer 10.0.1.1 as-number 64512
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.3.3 as-number 64512
peer 10.0.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.0.1.1 enable
peer 10.0.3.3 enable
#
ospf 1
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.12.2 0.0.0.0
network 10.0.23.2 0.0.0.0
#
R3:
#
router id 10.0.3.3
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.35.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
bgp 64512
peer 10.0.1.1 as-number 64512
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.2.2 as-number 64512
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.35.5 as-number 64514 //通過實體鍊路建立EBGP關系
#
ipv4-family unicast
undo synchronization
peer 10.0.1.1 enable
peer 10.0.1.1 next-hop-local
peer 10.0.2.2 enable
peer 10.0.2.2 next-hop-local
peer 10.0.35.5 enable
#
ospf 1
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.23.3 0.0.0.0
#
R4:
#
router id 10.0.4.4
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.14.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
interface LoopBack1
ip address 10.1.4.4 255.255.255.0
#
bgp 64513
peer 10.0.1.1 as-number 64512
peer 10.0.1.1 ebgp-max-hop 2
peer 10.0.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.1.4.0 255.255.255.0 //把相應網段引入BGP路由中
peer 10.0.1.1 enable
#
ip route-static 10.0.1.1 255.255.255.255 10.0.14.1
#
R5:
#
router id 10.0.5.5
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.35.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
#
interface LoopBack1
ip address 10.1.5.5 255.255.255.0
#
bgp 64514
peer 10.0.35.3 as-number 64512
#
ipv4-family unicast
undo synchronization
network 10.1.5.0 255.255.255.0
peer 10.0.35.3 enable
#
配置完成後,10.1.5.5可以和10.1.4.4通過BGP通信。各路由器之間單純建立鄰居關系不能實作跨路由器的通信(使用了IGP的路由器之間可以通信),隻有将想通信的網段釋出進BGP路由中,釋出的路由網段之間才能實作通信,而其他網段之間不能通信。
BGP路由彙總
路由聚合方式有三種:
一是靜态路由聚合
首先在通告聚合路由的路由器上配置一條靜态路由:ip route-static 聚合路由目的網段 聚合路由掩碼 NULL0,之是以配置一條黑洞路由是為了防環路産生。
然後用network指令通告入BGP路由中,之後可以使用ip ip-prefix指令過濾掉明細路由。
二是手動聚合,使用aggregate指令。使用了手動聚合後會在IP路由表中自動生成一條與靜态聚合相同的黑洞路由,防環路産生。
三是自動聚合,使用summary-automatic指令,自動聚合隻對import入的路由有用。
R1:
#
router id 10.1.1.1
#
acl number 2000
rule 0 permit source 10.1.0.0 0.0.255.255
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.14.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.15.1 255.255.255.0
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
bgp 64513
peer 10.0.12.2 as-number 64514 //使用實體鍊路建立鄰居關系
peer 10.0.14.4 as-number 64512
peer 10.0.15.5 as-number 64516
#
ipv4-family unicast
undo synchronization
aggregate 10.1.0.0 255.255.0.0 as-set detail-suppressed
//路由聚合後AS-Path屬性被丢棄,as-set指令添加入path資訊,防環路;detail-suppressed指令過濾掉彙總後的明細路由,隻通告彙聚路由
network 10.1.1.1 255.255.255.255
peer 10.0.12.2 enable
peer 10.0.14.4 enable
peer 10.0.14.4 advertise-community //預設不通告團體屬性,此命名配置通告團體屬性
peer 10.0.15.5 enable
#
route-policy r1 permit node 10 //配置路由政策加入團體屬性
if-match acl 2000
apply community 100:2
#
R2:
#
router id 10.1.2.2
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.23.2 255.255.255.0
#
interface LoopBack0
ip address 10.1.2.2 255.255.255.255
#
bgp 64514
peer 10.0.12.1 as-number 64513
peer 10.0.23.3 as-number 64515
#
ipv4-family unicast
undo synchronization
network 10.1.2.2 255.255.255.255
peer 10.0.12.1 enable
peer 10.0.23.3 enable
#
R3:
#
router id 10.1.3.3
#
interface GigabitEthernet0/0/0
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.1.3.3 255.255.255.255
#
bgp 64515
peer 10.0.23.2 as-number 64514
#
ipv4-family unicast
undo synchronization
network 10.1.3.3 255.255.255.255
peer 10.0.23.2 enable
#
R4:
#
router id 10.0.4.4
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.14.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
bgp 64512
peer 10.0.14.1 as-number 64513
#
ipv4-family unicast
undo synchronization
network 10.0.4.4 255.255.255.255
peer 10.0.14.1 enable
#
R5:
#
router id 10.1.5.5
#
acl number 2000
rule 0 permit source 10.1.5.5 0
#
interface GigabitEthernet0/0/0
ip address 10.0.15.5 255.255.255.0
#
interface LoopBack0
ip address 10.1.5.5 255.255.255.255
#
bgp 64516
peer 10.0.15.1 as-number 64513
#
ipv4-family unicast
undo synchronization
network 10.1.5.5 255.255.255.255
peer 10.0.15.1 enable
peer 10.0.15.1 route-policy r1 export //在向R1通告的出口上應用路由政策
peer 10.0.15.1 advertise-community //配置通告團體屬性
#
route-policy r1 permit node 10 //配置路由政策,應用團體屬性
if-match acl 2000
apply community 100
#
改變BGP屬性改變路由選路
R1:
#
router id 10.0.1.1
#
acl number 2000
rule 0 permit source 10.1.6.0 0.0.0.255
acl number 2001
rule 0 permit source 10.1.3.0 0.0.0.255
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.16.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
bgp 64512
peer 10.0.12.2 as-number 200 //通過實體鍊路建立鄰居關系
peer 10.0.13.3 as-number 100
group as64512 internal //建立對等體組
peer 10.0.6.6 as-number 64512
peer 10.0.6.6 group as64512 //加入對等體組
peer 10.0.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4 //開啟BGP負載均衡,預設關閉
peer 10.0.12.2 enable
peer 10.0.12.2 route-policy r1 export //在向R2通告是應用路由政策
peer 10.0.13.3 enable
peer 10.0.13.3 route-policy me export
peer as64512 enable
peer as64512 route-policy r3 export
peer 10.0.6.6 enable
peer 10.0.6.6 group as64512
#
ospf 1
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.16.1 0.0.0.0
#
route-policy r1 permit node 10
if-match acl 2000
apply as-path 64512 64512 additive
//在通告時添加幾條as-path屬性,影響路由選路,優選AS-Path短的路由,緻使R2通過R3通路10.1.6.0網段
#
route-policy r3 permit node 10
if-match acl 2001
apply local-preference 110
//通告時添加Local-preference屬性,當路由器收到從IBGP路由器發來的目的位址相同下一跳不同的多條路由時,優選Local-pre值大的,預設為100。緻使S6通過R1通路10.1.3.0網段。
#
route-policy me permit node 10
if-match acl 2000
apply cost 100
//通告時加入MED屬性,當路由器收到從EBGP鄰居發來的目的位址相同下一條不同的多條路由時,優選MED值小的,預設為0。緻使R3通過R5通路10.1.6.0網段。
#
R2:
#
router id 10.0.2.2
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.23.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
bgp 200
peer 10.0.12.1 as-number 64512
peer 10.0.23.3 as-number 100
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4
peer 10.0.12.1 enable
peer 10.0.23.3 enable
#
R3:
#
router id 10.0.3.3
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.35.3 255.255.255.0
#
interface Serial2/0/1
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.13.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
interface LoopBack1
ip address 10.1.3.3 255.255.255.0
#
bgp 100
peer 10.0.13.1 as-number 64512
peer 10.0.23.2 as-number 200
peer 10.0.35.5 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.1.3.0 255.255.255.0
maximum load-balancing 4
peer 10.0.13.1 enable
peer 10.0.23.2 enable
peer 10.0.35.5 enable
#
R4:
#
router id 10.0.4.4
#
acl number 2000
rule 0 permit source 10.1.5.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.46.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
bgp 64512
peer 10.0.45.5 as-number 100
group as64512 internal
peer 10.0.6.6 as-number 64512
peer 10.0.6.6 group as64512
peer 10.0.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4
peer 10.0.45.5 enable
peer as64512 enable
peer as64512 route-policy r1 export
peer 10.0.6.6 enable
peer 10.0.6.6 group as64512
#
ospf 1
area 0.0.0.0
network 10.0.4.4 0.0.0.0
network 10.0.46.4 0.0.0.0
#
route-policy r1 permit node 10
if-match acl 2000
apply local-preference 110 //緻使S6通過R4通路10.1.5.0網段
#
R5:
#
router id 10.0.5.5
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.35.5 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
#
interface LoopBack1
ip address 10.1.5.5 255.255.255.0
#
bgp 100
peer 10.0.35.3 as-number 100
peer 10.0.45.4 as-number 64512
#
ipv4-family unicast
undo synchronization
network 10.1.5.0 255.255.255.0
maximum load-balancing 4
peer 10.0.35.3 enable
peer 10.0.45.4 enable
#
S6:
#
router id 10.0.6.6
#
vlan batch 16 46
#
interface Vlanif16
ip address 10.0.16.6 255.255.255.0
#
interface Vlanif46
ip address 10.0.46.6 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 46
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 16
#
interface LoopBack0
ip address 10.0.6.6 255.255.255.255
#
interface LoopBack1
ip address 10.1.6.6 255.255.255.0
#
bgp 64512
group as64512 internal
peer 10.0.1.1 as-number 64512
peer 10.0.1.1 group as64512
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.4.4 as-number 64512
peer 10.0.4.4 group as64512
peer 10.0.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.1.6.0 255.255.255.0
maximum load-balancing 4
peer as64512 enable
peer 10.0.1.1 enable
peer 10.0.1.1 group as64512
peer 10.0.4.4 enable
peer 10.0.4.4 group as64512
#
ospf 1
area 0.0.0.0
network 10.0.6.6 0.0.0.0
network 10.0.16.6 0.0.0.0
network 10.0.46.6 0.0.0.0
#
配置community屬性和Router-policy過濾BGP路由資訊
1.首先配置好接口、網段,建立BGP鄰居關系。
2.配置所有路由器之間通告團體屬性,預設是不通告,其他路由器與R1配置類似:
[R1]bgp 64513
[R1-bgp]peer 10.0.14.4 advertise-community
[R1-bgp]peer 10.0.12.2 advertise-community
3.将R5上的Loopback1、Loopback2、Loopback3釋出進去,Loopback1添加community100,Loopback2添加community no-export,Loopback3添加community no-advertise。
[R5]bgp 64515
[R5-bgp]network 10.1.5.5 255.255.255.0
[R5-bgp]network 10.2.5.5 255.255.255.0
[R5-bgp]network 10.3.5.5 255.255.255.0
[R5]acl 2000
[R5-acl-basic-2000]rule 0 permit source 10.1.5.0 0.0.0.255
[R5]route-policy r1 permit node 10
[R5-route-policy]if-match acl 2000
[R5-route-policy]apply community 100
[R5]acl 2001
[R5-acl-basic-2001]rule 0 permit source 10.2.5.0 0.0.0.255
[R5]route-policy r1 permit node 20
[R5-route-policy]if-match acl 2001
[R5-route-policy]apply community no-export
[R5]acl 2002
[R5-acl-basic-2002]rule 0 permit source 10.3.5.0 0.0.0.255
[R5]route-policy r1 permit node 30
[R5-route-policy]if-match acl 2002
[R5-route-policy]apply community no-advertise
[R5]bgp 64515
[R5-bgp]peer 10.0.25.2 route-policy r1 export
4.将R5釋出的10.1.5.0/24和R3釋出的10.2.3.0/24彙總成10.0.0.0/8的路由,并抑制明細路由。彙總後通告給R4community為200。10.1.3.0/24保留明細通告給R4。
R3中配置:
[R3]bgp 64514
[R3-bgp]network 10.1.3.3 255.255.255.0
[R3-bgp]network 10.2.3.3 255.255.255.0
//釋出Loopback1和Loopback2
[R3]acl 2000
[R3-acl-basic-2000]rule 0 permit source 10.2.3.0 0.0.0.255
[R3]route-policy r1 permit node 10
[R3-route-policy]if-match acl 2000
[R3-route-policy]apply community 100
//先給10.2.3.0加上community屬性100
[R3]route-policy r1 permit node 20
//節點中若無if-match,預設通過比對,此條指令為了10.1.3.0通過
[R3]bgp 64514
[R3-bgp]peer 10.0.23.2 route-policy r1 export
在R1中配置:
[R1]ip community-filter 1 permit 100
//先配置團體屬性過濾清單,過濾出community為100的路由
[R1]route-policy r1 permit node 10
[R1-route-policy]if-match community-filter 1
//建立路由政策,比對community為100的路由
[R1]route-policy r2 permit node 10
[R1-route-policy]apply community 200:1 additive
//建立路由政策,添加community屬性200:1
[R1]bgp 64513
[R1-bgp]aggregate 10.0.0.0 255.0.0.0 detail-suppressed origin-policy r1 attribut
e-policy r2