1、1边界网关路由协议边界网关路由协议BGP2教学目标(教学目标(Objectives )1.BGP概念和术语概念和术语(Concepts and Terminology)2.BGP特征(特征(BGP Characteristics)3.EBGP and IBGP4.BGP路由汇总路由汇总(Route Summarization)5.BGP路径属性(路径属性(BGP Path Attributes)6.BGP选路判定(选路判定(Selecting a BGP Path)3第一节第一节 BGP基本原理和基本配置基本原理和基本配置4使用使用BGP连接到连接到Internet(Using BGP to
2、Connect to the Internet)5BGP自治系统(自治系统(BGP Autonomous Systems)AS是一组被统一管理的路由器,他们使用相同的内部网关路由协议和统一的度量值来决定在是一组被统一管理的路由器,他们使用相同的内部网关路由协议和统一的度量值来决定在AS内部路由数据包,并使用内部路由数据包,并使用EGP决定如何把数据包路由到其他的决定如何把数据包路由到其他的AS。An AS is a collection of networks under a single technical administration.AS.IGP在一个在一个AS内操作(内操作(IGPs
3、operate within an)BGP在在AS之间操作。(之间操作。(BGP is used between autonomous systems.)确保无环路的路由信息的交换(确保无环路的路由信息的交换(Exchange of loop-free routing information is guaranteed.)6路径向量路由(路径向量路由(BGP Path-Vector Routing)IGP通告网络,并描述到达这些网络的度量值通告网络,并描述到达这些网络的度量值 IGPs announce networks and describe the metric to reach tho
4、se networks.BGP通告路径和网络的可达信息。通告路径和网络的可达信息。BGP通过属性(类似度量值)来描述路径信息通过属性(类似度量值)来描述路径信息BGP announces paths and the networks that are reachable at the end of the path.BGP describes the path by using attributes,which are similar to metrics.BGP允许管理员定义策略来决定数据怎样通过允许管理员定义策略来决定数据怎样通过AS BGP allows administrators t
5、o define policies or rules for how data will flow through the autonomous systems.7BGP路由策略(路由策略(BGP Routing Policies)BGP路由选择采用逐跳模式路由选择采用逐跳模式 BGP can support any policy conforming(一致一致)to the hop-by-hop(AS-by-AS)routing paradigm.8BGP特征(特征(BGP Characteristics)当至少满足下面的至少一个条件时,最适合使用当至少满足下面的至少一个条件时,最适合使用B
6、GP BGP is most appropriate when at least one of the following conditions exists:一个一个AS允许数据包穿越它到达另外的允许数据包穿越它到达另外的AS,如如ISP An AS allows packets to transit through it to reach other autonomous systems(for example,it is a service provider).一个一个AS到其他的到其他的AS有多个连接有多个连接 An AS has multiple connections to oth
7、er autonomous systems.必须对进入和离开必须对进入和离开AS的流量的路由策略和路由选择方式进行控制的流量的路由策略和路由选择方式进行控制 Routing policy and route selection for traffic entering and leaving the AS must be manipulated.9BGP特征(特征(BGP Characteristics)满足下列条件之一的,不适合使用满足下列条件之一的,不适合使用BGP:BGP is not always appropriate.You do not have to use BGP if yo
8、u have one of the following conditions:对路由过滤和对路由过滤和BGP路径选择过程的理解有限路径选择过程的理解有限 Limited understanding of route filtering and BGP path-selection process 到其他到其他AS只有一条路径只有一条路径 A single connection to the Internet or another AS 路由器没有足够的能力处理连续的路由器没有足够的能力处理连续的BGP更新更新 Lack of memory or processor power to handl
9、e constant updates on BGP routers 10BGP特征(特征(BGP Characteristics)BGP是路径向量协议,比距离向量提升的特征如下:是路径向量协议,比距离向量提升的特征如下:BGP is a path-vector protocol with the following enhancements over distance vector protocols:可靠更新:运行在可靠更新:运行在TCP的的179端口端口 Reliable updates:runs on top of TCP(port 179)仅仅是增量和触发更新 Incremental,
10、triggered updates only 定期的定期的keepalive消息验证消息验证TCP的连接的连接 Periodic keepalive messages to verify TCP connectivity 丰富的属性丰富的属性 Rich metrics(called path vectors or attributes)被设计用于巨型网络被设计用于巨型网络 Designed to scale to huge internetworks(for example,the Internet)11BGP数据库(数据库(BGP Databases)邻居表邻居表(Neighbor tabl
11、e)List of BGP neighbors show ip bgp neighbors show ip bgp summary BGP表表(BGP table,forwarding database)show ip bgp 列出从每个邻居学到的所有网络列出从每个邻居学到的所有网络 List of all networks learned from each neighbor 可以包含到达目的网络的多条路径可以包含到达目的网络的多条路径 Can contain multiple paths to destination networks 每条每条BGP路径都包含属性路径都包含属性 Conta
12、ins BGP attributes for each path IP路由表(路由表(IP routing table)show ip route List of best paths to destination networks 列出到达目的网络的最佳路径列出到达目的网络的最佳路径12对等体对等体=邻居(邻居(Peers=Neighbors)“BGP peer”用于已经形成邻居关系的用于已经形成邻居关系的BGP发言者的特定的术语发言者的特定的术语 A“BGP peer”also known as a“BGP neighbor,”is a specific term that is used
13、 for BGP speakers that have established a neighbor relationship.两台路由器形成两台路由器形成TCP连接,并且交换连接,并且交换BGP的路由信息,就称为的路由信息,就称为BGP对等体对等体或邻居或邻居 Any two routers that have formed a TCP connection to exchange BGP routing information are called BGP peers or BGP neighbors.13External BGP 当运行当运行BGP的邻居属于不同的的邻居属于不同的AS时,
14、称为时,称为EBGP When BGP is running between neighbors that belong to different autonomous systems,it is called EBGP.默认情况下,默认情况下,EBGP的邻居需要直接连接的邻居需要直接连接 EBGP neighbors,by default,need to be directly connected.14Internal BGP 当运行当运行BGP的邻居属于相同的的邻居属于相同的AS时,称为时,称为IBGP When BGP is running between neighbors withi
15、n the same AS,it is called IBGP.IBGP的邻居不需要直接连接的邻居不需要直接连接 The neighbors do not have to be directly connected.15IBGP in a Transit(中转)(中转)AS(ISP)不推荐将不推荐将BGP路由重分布到路由重分布到IGP中,替代的是,在所有的路由器上中,替代的是,在所有的路由器上运行运行IBGP Redistributing BGP into an IGP(OSPF in this example)is not recommended.Instead,run IBGP on al
16、l routers.16非传递区域非传递区域IBGP邻居关系邻居关系(IBGP Neighbor in a NonTransit AS)17IBGP水平分割原则(水平分割原则(IBGP Split Horizon Rule)IBGP水平分割原则水平分割原则:默认情况下,从默认情况下,从IBGP学到的路由学到的路由,不再传递给其他的,不再传递给其他的IBGP邻居邻居,所以需要全互联的所以需要全互联的IBGPIBGP Split Horizon Rule:By default,routes learned via IBGP are never propagated to other IBGP pe
17、ers,so they need full-mesh IBGP.18Routing Issues If BGP Not on in All Routers in Transit Path 路由器将丢弃去往路由器将丢弃去往10.0.0.0网络的数据包。因为路由器网络的数据包。因为路由器C没有运行没有运行IBGP,因因此他没有从路由器此他没有从路由器B学到该路由学到该路由 Router C will drop the packet to network 10.0.0.0.Router C is not running IBGP;therefore,it has not learned about
18、the route to network 10.0.0.0 from router B.本例中,路由器本例中,路由器B和和E没有把没有把BGP重分布到重分布到OSPF中中 In this example,router B and router E are not redistributing BGP into OSPF.19解决方案(解决方案(Resolution)Solution 1:full mesh(逻辑全互联)(逻辑全互联)对路由器的资源和带宽的使用都成为负担,管理任务也很重对路由器的资源和带宽的使用都成为负担,管理任务也很重 Become a burden on router res
19、ources,bandwidth usage,and administrative overhead 如果如果IBGP路由器的个数为路由器的个数为n,TCP和和BGP的连接是的连接是n(n-1)/2 If the number of IBGP routers is n,then the number of TCP and BGP connections is n(n-1)/2Solution 2:route reflectors(RR,路由反射器路由反射器)类似类似OSPF中的中的DR和和BDR的特征的特征 This approach similar to OSPFs DR/BDR featu
20、re 推荐在每个路由器有推荐在每个路由器有100个会话以上时使用个会话以上时使用 Recommend only for AS that support approximately more than 100 sessions per router20BGP命令(命令(BGP Commands)router bgp autonomous-systemRouter(config)#这条命令仅仅是进入路由配置模式,必须执行子命令才能激活这条命令仅仅是进入路由配置模式,必须执行子命令才能激活BGP进程进程 This command enters router configuration mode on
21、ly;subcommands must be entered to activate BGP.在一台路由器上只能配置一个在一台路由器上只能配置一个BGP进程进程 Only one instance of BGP can be configured on the router.AS号用来识别路由器属于哪个号用来识别路由器属于哪个AS The autonomous system number identifies the autonomous system to which the router belongs.通过比较该命令的和邻居陈述的通过比较该命令的和邻居陈述的AS号码,路由器可以确定邻居是
22、内部邻居还是外部邻号码,路由器可以确定邻居是内部邻居还是外部邻居居 The autonomous system number in this command is compared to the autonomous system numbers listed in neighbor statements to determine if the neighbor is an internal or external neighbor.21BGP neighbor命令命令(BGP neighbor remote-as Command)neighbor ip-address|peer-group-
23、name remote-as autonomous-systemRouter(config-router)#该命令激活与邻居的该命令激活与邻居的BGP会话会话 The neighbor command activates a BGP session with this neighbor.IP地址是地址是BGP发往邻居的所有数据包的目的地址发往邻居的所有数据包的目的地址 The IP address that is specified is the destination address of BGP packets going to this neighbor.在建立在建立BGP关系之前,要确
24、保该关系之前,要确保该IP地址可达地址可达 This router must have an IP path to reach this neighbor before it can set up a BGP relationship.remote-as参数指明邻居路由器所在的参数指明邻居路由器所在的AS The remote-as option shows what AS this neighbor is in.IBGP和和EBGP都是用该命令建立邻居关系都是用该命令建立邻居关系 This command is used for both external and internal neig
25、hbors.22BGP neighbor命令举例命令举例(Example:BGP neighbor Command)23BGP network命令(命令(BGP network Command)network network-number mask network-mask route-map map-tag Router(config-router)#该命令告诉该命令告诉BGP通告什么网络通告什么网络 This command tells BGP what network to advertise.该命令不是在接口上启用该命令不是在接口上启用BGP协议协议 The command does
26、not activate the protocol on an interface.没有没有mask选项,该命令通告有类别的网络,如果路由表中存在子网路由,有选项,该命令通告有类别的网络,如果路由表中存在子网路由,有类地址也可以被通告,前提是开启自动汇总,自动汇总本地生效类地址也可以被通告,前提是开启自动汇总,自动汇总本地生效 Without a mask option,the command advertises classful networks.If a subnet of the classful network exists in a routing table,the classf
27、ul address is announced.如果有如果有mask参数,参数,BGP在通告之前要最精确匹配本地的路由条目在通告之前要最精确匹配本地的路由条目 With the mask option,BGP looks for an exact match in the local routing table before announcing the route.24实例:实例:BGP network命令命令(Example:BGP network Command)network 192.168.1.0 mask 255.255.255.0Router(config-router)#在路由
28、表中精确查找在路由表中精确查找192.168.1.0/24,如果不匹配,就不通告,如果不匹配,就不通告 The router looks for exactly 192.168.1.0/24 in the routing table,but cannot find it,so it will not announce work 192.168.0.0 mask 255.255.0.0Router(config-router)#路由器在路由表中精确查找路由器在路由表中精确查找192.168.0.0/16路由条目路由条目 The router looks for exactly 192.168.0
29、.0/16 in the routing table.如果路由表中没有匹配的路由,你可以通过添加指向如果路由表中没有匹配的路由,你可以通过添加指向null0的路由,以便能的路由,以便能够被宣告。够被宣告。If the exact route is not in the table,you can add a static route to null0 so that the route can be announced.25Case Study1:BGP基本配置基本配置26第二节第二节 IBGP和和EBGP27BGP更新源问题更新源问题(BGP Issues with Source IP Ad
30、dress)当创建当创建BGP分组时,目的地址是邻居后指定的地址,源地址是出接口的地址分组时,目的地址是邻居后指定的地址,源地址是出接口的地址 When creating a BGP packet,the neighbor statement defines the destination IP address and the outbound interface defines the source IP address.当从一个新的当从一个新的BGP会话收到会话收到BGP数据包时,将数据包的源地址与邻居指定的地址比数据包时,将数据包的源地址与邻居指定的地址比较:较:When a BGP p
31、acket is received for a new BGP session,the source address of the packet is compared to the list of neighbor statements:如果地址匹配,邻居关系形成如果地址匹配,邻居关系形成 If a match is found,a relationship is established.如果不匹配,忽略数据包如果不匹配,忽略数据包 If no match is found,the packet is ignored.必须确定源地址和必须确定源地址和neighbor命令指定的地址匹配,否则邻
32、居关系不能建立命令指定的地址匹配,否则邻居关系不能建立 Make sure that the source IP address matches the address that the other router has in its neighbor statement.28指定指定BGP邻居更新源的命令邻居更新源的命令(BGP neighbor update-source Command)neighbor ip-address|peer-group-name update-source interface-type interface-numberRouter(config-router)
33、#该命令将允许该命令将允许BGP进程使用指定接口的进程使用指定接口的IP地址作为地址作为BGP的更新源的更新源 This command allows the BGP process to use the IP address of a specified interface as the source IP address of all BGP updates to that neighbor.通常使用环回接口(通常使用环回接口(A loopback interface is usually used)正常情况下,通常在建立正常情况下,通常在建立IBGP邻居关系的使用该命令(邻居关系的使用该
34、命令(The neighbor update-source command is normally used only with IBGP neighbors.)EBGP邻居的地址通常是直连,而使用环回接口作为更新源并没有直连邻居的地址通常是直连,而使用环回接口作为更新源并没有直连 The address of an EBGP neighbor must be directly connected by default;the loopback of an EBGP neighbor is not directly connected.29使用环回接口作为更新源的例子使用环回接口作为更新源的例
35、子(Example:BGP Using Loopback Addresses)30EBGP多跳命令多跳命令(BGP neighbor ebgp-multihop Command)neighbor ip-address|peer-group-name ebgp-multihop ttl Router(config-router)#该命令解决了默认是该命令解决了默认是EBGP只有一跳的限制只有一跳的限制 This command increases the default of one hop for EBGP peers.能够路由到能够路由到EBGP环回接口地址环回接口地址 It allows
36、routes to the EBGP loopback address 可以使得跳数大于可以使得跳数大于1 Which will have a hop count greater than 1.31EBGP多跳举例多跳举例(Example:ebgp-multihop Command)32下一跳行为下一跳行为(Next-Hop Behavior)BGP是逐是逐AS的路由协议,而不是逐路由器路由协议的路由协议,而不是逐路由器路由协议 BGP is an AS-by-AS routing protocol,not a router-by-router routing protocol.在在BGP中下
37、一跳并不意味着下一个路由器,而是到达下一个中下一跳并不意味着下一个路由器,而是到达下一个AS的的IP地址地址 In BGP,the next hop does not mean the next router;it means the IP address to reach the next AS.对于对于EBGP,默认下一跳发送更新的邻居路由器的默认下一跳发送更新的邻居路由器的IP地址地址 For EBGP,the default next hop is the IP address of the neighbor router that sent the update.对于对于IBGP,被
38、,被EBGP通告的下一跳地址将被携带到通告的下一跳地址将被携带到IBGP 中中 For IBGP,the BGP protocol states that the next hop advertised by EBGP should be carried into IBGP.33下一跳行为举例下一跳行为举例(Example:Next-Hop Behavior)Router A advertisesnetwork 172.16.0.0 torouter B in EBGP,with a next hop of 10.10.10.3.Router B advertises172.16.0.0 in
39、 IBGP torouter C,keeping 10.10.10.3as the next-hop address.34BGP邻居下一跳自我命令邻居下一跳自我命令(BGP neighbor next-hop-self Command)强制对这个邻居的更新使用自己作为下一跳强制对这个邻居的更新使用自己作为下一跳 Forces all updates for this neighbor to beadvertised with this router as the next hop.使用使用next-hop-self参数的下一跳地址是参数的下一跳地址是BGP的更新源的更新源 The IP add
40、ress used for the next-hop-self option will be the same as the source IP address of the BGP packet.neighbor ip-address|peer-group-name next-hop-selfRouter(config-router)#35下一跳自我配置举例下一跳自我配置举例(Example:next-hop-self Configuration)36RouterA#sh ip bgp neighborsBGP neighbor is 172.31.1.3,remote AS 64998,e
41、xternal link BGP version 4,remote router ID 172.31.2.3 BGP state=Established,up for 00:19:10 Last read 00:00:10,last write 00:00:10,hold time is 180,keepalive interval is 60 seconds Neighbor capabilities:Route refresh:advertised and received(old&new)Address family IPv4 Unicast:advertised and receive
42、d Message statistics:InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens:7 7 Notifications:0 0 Updates:13 38 show ip bgp neighbors Command37Case Study2:IBGP和和EBGP配置配置38第三节第三节 BGP路由汇总路由汇总39CIDR和地址聚合和地址聚合(CIDR and Aggregate Addresses)BGP4是无类路由协议,支持是无类路由协议,支持VLSM和最长路由匹配,在每个网络更新和最长路由匹配,在每个网络更新中,携带掩码信息。中,携带掩码
43、信息。BGP4 is classless,supports VLSM and longest match routing,and carries a network mask for each network in the update.40网络边界汇总网络边界汇总(Network Boundary Summarization)no auto-summaryRouter(config-router)#41 network network-number mask network-maskRouter(config-router)#BGP network Commandip route prefi
44、x mask null0Router(config)#42使用使用network命令要慎重命令要慎重(Cautions about Network Statement)使用使用network命令和指向命令和指向null0的静态路由实现的静态路由实现BGP路由汇总。路由汇总。BGP Summarization Using the network Command and Static Route to Null0。43配置配置BGP地址聚合地址聚合(Configuring BGP for Aggregate Addressing)aggregate-address ip-address mask
45、summary-only as-setRouter(config-router)#44使用使用aggregate-address命令命令(Using the aggregate-address Command)Network 192.168.24.0/22 192.168.24.0 192.168.25.0 192.168.26.0 192.168.27.0*s s s s Next Hop 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0LocPrfWeight 32768 32768 32768 32768 32768 Path i i i i iMetric
46、 0 0 0 0 0routerC#show ip bgpBGP table version is 28,local router ID is 172.16.2.1Status codes:s=suppressed,*=valid,=best,and i=internalOrigin codes:i=IGP,e=EGP,and?=incomplete45Case Study3:BGP路由汇总配置路由汇总配置46第四节第四节 BGP路径选择路径选择47BGP路径属性(路径属性(BGP Path Attributes)BGP度量值也叫路径属性度量值也叫路径属性 BGP metrics are ca
47、lled path attributes.路径属性的特征包括:路径属性的特征包括:(Characteristics of path attributes include:)公认对可选公认对可选Well-known versus optional必遵对自决必遵对自决Mandatory versus discretionary可传递对对非可传递可传递对对非可传递Transitive versus nontransitive48公认属性(公认属性(Well-known attributes)公认属性(公认属性(Well-known attributes)所有的所有的BGP实现都必须识别这些属性实现都
48、必须识别这些属性 Must be recognized by all compliant BGP implementations 被传递给其他的被传递给其他的BGP邻居邻居 Are propagated to other neighbors 公认必遵(公认必遵(Well-known mandatory attributes)必须出现在所有的更新中必须出现在所有的更新中 Must be present in all update messages 公认自决(公认自决(Well-known discretionary attributes)可以不出现在更新中可以不出现在更新中 May be pre
49、sent in update messages49任选属性(任选属性(Optional attributes)任选属性(任选属性(Optional attributes)可以被某些可以被某些BGP实现所识别(可能是私有),但是不是期望被所实现所识别(可能是私有),但是不是期望被所有的有的BGP路由器识别路由器识别 They are recognized by some implementations(could be private);but expected not to be recognized by all BGP routers.识别的可选属性基于他们的含义被传递到其他的邻居识别的可
50、选属性基于他们的含义被传递到其他的邻居 Recognized optional attributes are propagated to other neighbors based on their meaning.任选可传递(任选可传递(Optional transitive attributes)如果不识别,标记为部分,然后传给其他的邻居如果不识别,标记为部分,然后传给其他的邻居(If not recognized,marked as partial and propagated to other neighbors)任选不可传递(任选不可传递(Optional nontransitive
