OSPF与BGP协议联动
Posted szc425
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OSPF与BGP协议联动相关的知识,希望对你有一定的参考价值。
一、OSPF与BGP协议联动分析
免责声明:上图来源于网络,如有版权问题请联系作者删除!
-
实验环境:4台路由器底层运行ospf并建立IBGP邻居;RouterB、RouterC配置为RR路由反射器
-
在有备份链路的情况下,BGP在链路回切时,由于BGP路由收敛速度滞后于ospf路由收敛速度,从而造成流量丢失
-
如上图所示,四台设备RouterA、RouterB、RouterC、RouterD之间运行ospf协议,并建立IBGP连接。RouterC为RouterB的备份设备,当网络环境稳定时,BGP与ospf在设备上是完全收敛的,默认RouterA访问10.3.1.0/30优先从B转发(A→B→D→E),且RouterA收到10.3.1.0/30的下一跳为RouterD的环回接口(RR路由反射器不修改下一跳)
1、问题
-
正常情况下,从RouterA到10.3.1.0/30的流量会优先从RouterB转发。当RouterB发生故障后(比如关机重启了),流量切换到RouterC转发,注意不是立刻切回到C,因为ospf hello包的死亡超时时间为40s,40s之后RouterA才会感知到与RouterB的邻居关系中断了,流量转而从RouterC转发。RouterB故障恢复以后,重新与RouterA建立起ospf邻居关系,流量回切到RouterB,此时会有流量丢失
2、原因分析
-
RouterB故障恢复以后,RouterB与RouterA、RouterD的ospf邻居立刻建立,RouterA访问 RouterD环回接口的路由可能从RouterB转发
-
在流量回切到RouterB的过程中,IGP收敛速度比BGP快。RouterA去往10.3.1.0/30的下一跳为RouterD的环回接口(RR路由反射器),RouterA去往RouterD环回接口优先从RouterB转发,但RouterB的BGP路由还没有完成收敛(RouterB还没有学习到去往10.3.1.0/30的BGP路由),数据包在RouterB上丢弃,导致路由转发黑洞
3、解决办法
-
核心思想:在RouterB完成BGP收敛之前,将ospf的metric改大(LSA-1的metric值改大),让RouterA去往RouterD别选择我作为下一跳,即RouterA访问RouterD环回接口时,因为RouterA去往10.3.1.0/30的下一跳为RouterD的环回接口
-
RouterB(config)#router ospf 100
RouterB(config-router)#max-metric router-lsa on-starup wait-for-bgp //等BGP协议完成收敛,ospf的metric值由最大恢复正常
OR
RouterB(config-router)#max-metric router-lsa on-starup 10 //ospf协议起来10min之内将metric值设置为最大(目的是让邻居路由别把我当做下一跳),这段时间希望BGP协议完成收敛;10min之后,ospf的metric值由最大恢复正常 -
这样配置以后,流量回切到RouterB时,RouterA去往RouterD环回时不会把RouterB当做下一跳
二、实验验证
(1)实验环境:R1配置lo100: 172.16.1.1/32,不宣告进ospf,宣告进AS 10,R6配置lo100: 192.168.1.1/32,不宣告进ospf,宣告进AS 20。默认172.16.1.1访问192.168.1.1的转发路径:R1-R2-R4-R5-R6,可通过抓包软件看到效果,即172.16.1.1访问192.168.1.1时,在R1的f0/0、R3的f0/0接口抓包,看不到ICMP流量,而在R1的f1/0、R2的f1/0接口抓包能看到ICMP流量。
(2)实验步骤:172.16.1.1访问192.168.1.1ping上10000个包同时在R1的f1/0接口抓包,中途将R2设备关机再开机观察效果(R2断电之前一定要保存配置)。
-
在R2上没配置R2(config-router)#max-metric router-lsa on-starup wait-for-bgp之前,效果如下:
R1#ping 192.168.1.1 source 172.16.1.1 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!................ //此时将R2设备断电
*Mar 1 00:30:45.159: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from FULL to DOWN, Neighbor Down:
Dead timer expired..... //这段时间产生丢包是因为ospf hello超时时间为40s,40s之后R1才感知到与R2的ospf邻居关系中断了
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //这段时间流量转发正常,是因为去往192.168.1.1的流量转而从R3转发了
*Mar 1 00:31:21.539: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from LOADING to FULL, Loading
Done!!!!!!!!!!!!!!!!!!!!!!!!!!!!............. //将R2设备重启,这段时间又产生丢包是因为R2与R1、R1的ospf建立成功,R1去往R4的数据包又通过R2转发,但R2的BGP还没有完成收敛,BGP数据库中没有去往192.168.1.1的路由,形成路由转发黑洞
*Mar 1 00:31:39.963: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down Peer closed the session.......
*Mar 1 00:31:48.627: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up ..........!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //当R2的BGP数据库中有192.168.1.1路由时,流量又可以通了
-
在R2上没配置R2(config-router)#max-metric router-lsa on-starup wait-for-bgp之后,效果如下:
R1#ping 192.168.1.1 source 172.16.1.1 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........
.............. //只在R1感知与R2邻居关系中断的这段时间产生丢包
*Mar 1 00:36:56.427: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from FULL to DOWN, Neighbor Down:
Dead timer expired....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!
*Mar 1 00:37:32.987: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from LOADING to FULL, Loading
Done!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*Mar 1 00:37:49.443: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down Peer closed the session!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*Mar 1 00:37:56.319: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
R2重启完成初期,路由表中没有BGP路由,只有O路由且metric值最大,目的让R1去往4.4.4.4别以我为下一跳
R2#sho ip route //只截取一部分
34.0.0.0/24 is subnetted, 1 subnets
O 34.1.1.0 [110/65536] via 24.1.1.4, 00:00:01, FastEthernet1/0
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65536] via 12.1.1.1, 00:00:01, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65536] via 24.1.1.4, 00:00:03, FastEthernet1/0
13.0.0.0/24 is subnetted, 1 subnets
O 13.1.1.0 [110/65536] via 12.1.1.1, 00:00:03, FastEthernet0/0
三、结语
此实验一定要配合抓包软件观察效果,这样才能有深刻的印象,感兴趣的朋友可以自己动手试验一下啊~文中若有不足,请在评论区留言~~
以上是关于OSPF与BGP协议联动的主要内容,如果未能解决你的问题,请参考以下文章