3.OSPF与BGP的联动

Posted 2023-03-23 卓应

14.3实验3：OSPF与BGP联动配置

1. 实验目的
2. 实验拓扑

1. 实验步骤

1. 配置IP地址

1. AR1的配置

<Huawei>system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sysname AR1

[AR1]interface g0/0/0

[AR1-GigabitEthernet0/0/0]ip address 10.0.12.1 24

[AR1-GigabitEthernet0/0/0]quit

[AR1]interface g0/0/1

[AR1-GigabitEthernet0/0/1]ip address 10.0.13.1 24

[AR1-GigabitEthernet0/0/1]quit

[AR1]interface LoopBack 0

[AR1-LoopBack0]ip address 1.1.1.1 32

[AR1-LoopBack0]quit

1. AR2的配置

<Huawei>system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sysname AR2

[AR2]interface g0/0/0

[AR2-GigabitEthernet0/0/0]ip address 10.0.24.2 24

[AR2-GigabitEthernet0/0/0]quit

[AR2]interface g0/0/1

[AR2-GigabitEthernet0/0/1]ip address 10.0.12.2 24

[AR2-GigabitEthernet0/0/1]quit

[AR2]interface LoopBack 0

[AR2-LoopBack0]ip address 2.2.2.2 32

[AR2-LoopBack0]quit

1. AR3的配置

<Huawei>system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sysname AR3

[AR3]interface g0/0/0

[AR3-GigabitEthernet0/0/0]ip address 10.0.13.3 24

[AR3-GigabitEthernet0/0/0]quit

[AR3]interface g0/0/1

[AR3-GigabitEthernet0/0/1]ip address 10.0.34.3 24

[AR3-GigabitEthernet0/0/1]quit

[AR3]interface LoopBack 0

[AR3-LoopBack0]ip address 3.3.3.3 32

[AR3-LoopBack0]quit

1. AR4的配置

<Huawei>system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sysname AR4

[AR4]interface g0/0/0

[AR4-GigabitEthernet0/0/0]ip address 10.0.34.4 24

[AR4-GigabitEthernet0/0/0]quit

[AR4]interface g0/0/1

[AR4-GigabitEthernet0/0/1]ip address 10.0.24.4 24

[AR4-GigabitEthernet0/0/1]quit

[AR4]interface g0/0/2

[AR4-GigabitEthernet0/0/2]ip address 10.0.45.4 24

[AR4-GigabitEthernet0/0/2]quit

[AR4]interface LoopBack 0

[AR4-LoopBack0]ip address 4.4.4.4 32

[AR4-LoopBack0]quit

1. AR5的配置

<Huawei>system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]undo info-center enable

Info: Information center is disabled.

[Huawei]sysname AR5

[AR5]interface g0/0/0

[AR5-GigabitEthernet0/0/0]ip address 10.0.45.5 24

[AR5-GigabitEthernet0/0/0]quit

[AR5]interface LoopBack 0

[AR5-LoopBack0]ip address 5.5.5.5 32

[AR5-LoopBack0]quit

1. 运行IGP

1. AR1的配置

[AR1]ospf router-id 1.1.1.1

[AR1-ospf-1]area 0

[AR1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

[AR1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255

[AR1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[AR1-ospf-1-area-0.0.0.0]quit

1. AR2的配置

[AR2]ospf router-id 2.2.2.2

[AR2-ospf-1]area 0

[AR2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

[AR2-ospf-1-area-0.0.0.0]network 10.0.24.0 0.0.0.255

[AR2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[AR2-ospf-1-area-0.0.0.0]quit

1. AR3的配置

[AR3]ospf router-id 3.3.3.3

[AR3-ospf-1]area 0

[AR3-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255

[AR3-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255

[AR3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[AR3-ospf-1-area-0.0.0.0]quit

1. AR4的配置

[AR4]ospf router-id 4.4.4.4

[AR4-ospf-1]area 0

[AR4-ospf-1-area-0.0.0.0]network 10.0.24.0 0.0.0.255

[AR4-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255

[AR4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

[AR4-ospf-1-area-0.0.0.0]quit

1. 运行BGP

1. AR1的配置

[AR1]bgp 100

[AR1-bgp]undo synchronization

[AR1-bgp]peer 2.2.2.2 as-number 100

[AR1-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[AR1-bgp]peer 3.3.3.3 as-number 100

[AR1-bgp]peer 3.3.3.3 connect-interface LoopBack 0

[AR1-bgp]peer 4.4.4.4 as-number 100

[AR1-bgp]peer 4.4.4.4 connect-interface LoopBack 0

[AR1-bgp]network 1.1.1.1 32

[AR1-bgp]quit

1. AR2的配置

[AR2]bgp 100

[AR2-bgp]undo synchronization

[AR2-bgp]peer 1.1.1.1 as-number 100

[AR2-bgp]peer 1.1.1.1 connect-interface loo0

[AR2-bgp]peer 3.3.3.3 as-number 100

[AR2-bgp]peer 3.3.3.3 connect-interface LoopBack 0

[AR2-bgp]peer 4.4.4.4 as-number 100

[AR2-bgp]peer 4.4.4.4 connect-interface LoopBack 0

[AR2-bgp]quit

1. AR3的配置

[AR3]bgp 100

[AR3-bgp]undo synchronization

[AR3-bgp]peer 1.1.1.1 as-number 100

[AR3-bgp]peer 1.1.1.1 connect-interface LoopBack 0

[AR3-bgp]peer 2.2.2.2 as-number 100

[AR3-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[AR3-bgp]peer 4.4.4.4 as-number 100

[AR3-bgp]peer 4.4.4.4 connect-interface LoopBack 0

[AR3-bgp]quit

1. AR4的配置

[AR4]bgp 100

[AR4-bgp]undo synchronization

[AR4-bgp]peer 1.1.1.1 as-number 100

[AR4-bgp]peer 1.1.1.1 connect-interface LoopBack 0

[AR4-bgp]peer 2.2.2.2 as-number 100

[AR4-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[AR4-bgp]peer 3.3.3.3 as-number 100

[AR4-bgp]peer 3.3.3.3 connect-interface LoopBack 0

[AR4-bgp]peer 10.0.45.5 as-number 101

[AR4-bgp]peer 1.1.1.1 next-hop-local

[AR4-bgp]peer 2.2.2.2 next-hop-local

[AR4-bgp]peer 3.3.3.3 next-hop-local

[AR4-bgp]quit

1. AR5的配置

[AR5]bgp 101

[AR5-bgp]router-id 5.5.5.5

[AR5-bgp]undo synchronization

[AR5-bgp]peer 10.0.45.4 as-number 100

[AR5-bgp]network 5.5.5.5 32

[AR5-bgp]quit

1. 在R1上创建环回口lo1，并宣告进BGP

[AR1]interface LoopBack 1

[AR1-LoopBack1]ip address 11.11.11.11 32

[AR1-LoopBack1]quit

[AR1]bgp 100

[AR1-bgp]network 11.11.11.11 32

[AR1-bgp]quit

1. 实验调试

1. 在R3改开销，让11.11.11.11访问5.5.5.5走AR1-AR2-AR4-AR5

[AR3]interface g0/0/1

[AR3-GigabitEthernet0/0/1]ospf cost 10

[AR3-GigabitEthernet0/0/1]quit

1. 关闭AR2查看现象

OSPF的收敛速度快，BGP的收敛速度慢，会造成数据丢失。

1. 在AR2上配置

[AR2]ospf

[AR2-ospf-1]stub-router

[AR2-ospf-1]quit

1. 在AR2上查看OSPF的路由表

[AR2]display ospf routing

         OSPF Process 1 with Router ID 2.2.2.2

                  Routing Tables

 Routing for Network

 Destination        Cost  Type       NextHop         AdvRouter       Area

 2.2.2.2/32         0     Stub       2.2.2.2         2.2.2.2         0.0.0.0

 10.0.12.0/24       65535 Transit    10.0.12.2       2.2.2.2         0.0.0.0

 10.0.24.0/24       65535 Transit    10.0.24.2       2.2.2.2         0.0.0.0

 1.1.1.1/32         65535 Stub       10.0.12.1       1.1.1.1         0.0.0.0

 3.3.3.3/32         65536 Stub       10.0.24.4       3.3.3.3         0.0.0.0

 3.3.3.3/32         65536 Stub       10.0.12.1       3.3.3.3         0.0.0.0

 4.4.4.4/32         65535 Stub       10.0.24.4       4.4.4.4         0.0.0.0

 10.0.13.0/24       65536 Transit    10.0.12.1       1.1.1.1         0.0.0.0

 10.0.34.0/24       65536 Transit    10.0.24.4       3.3.3.3         0.0.0.0

 Total Nets: 9 

 Intra Area: 9  Inter Area: 0  ASE: 0  NSSA: 0

把路由的开销设置为65535，就不会选这条路，等故障收敛完成后，再改回来。

OSPF与BGP协议联动

一、OSPF与BGP协议联动分析

免责声明：上图来源于网络，如有版权问题请联系作者删除！

• 实验环境：4台路由器底层运行ospf并建立IBGP邻居；RouterB、RouterC配置为RR路由反射器

• 在有备份链路的情况下，BGP在链路回切时，由于BGP路由收敛速度滞后于ospf路由收敛速度，从而造成流量丢失

• 如上图所示，四台设备RouterA、RouterB、RouterC、RouterD之间运行ospf协议，并建立IBGP连接。RouterC为RouterB的备份设备，当网络环境稳定时，BGP与ospf在设备上是完全收敛的，默认RouterA访问10.3.1.0/30优先从B转发（A→B→D→E），且RouterA收到10.3.1.0/30的下一跳为RouterD的环回接口（RR路由反射器不修改下一跳）

1、问题

• 正常情况下，从RouterA到10.3.1.0/30的流量会优先从RouterB转发。当RouterB发生故障后（比如关机重启了），流量切换到RouterC转发，注意不是立刻切回到C，因为ospf hello包的死亡超时时间为40s，40s之后RouterA才会感知到与RouterB的邻居关系中断了，流量转而从RouterC转发。RouterB故障恢复以后，重新与RouterA建立起ospf邻居关系，流量回切到RouterB，此时会有流量丢失

2、原因分析

• RouterB故障恢复以后，RouterB与RouterA、RouterD的ospf邻居立刻建立，RouterA访问 RouterD环回接口的路由可能从RouterB转发

• 在流量回切到RouterB的过程中，IGP收敛速度比BGP快。RouterA去往10.3.1.0/30的下一跳为RouterD的环回接口（RR路由反射器），RouterA去往RouterD环回接口优先从RouterB转发，但RouterB的BGP路由还没有完成收敛（RouterB还没有学习到去往10.3.1.0/30的BGP路由），数据包在RouterB上丢弃，导致路由转发黑洞

3、解决办法

• 核心思想：在RouterB完成BGP收敛之前，将ospf的metric改大（LSA-1的metric值改大），让RouterA去往RouterD别选择我作为下一跳，即RouterA访问RouterD环回接口时，因为RouterA去往10.3.1.0/30的下一跳为RouterD的环回接口

• RouterB(config)#router ospf 100
  RouterB(config-router)#max-metric router-lsa on-starup wait-for-bgp //等BGP协议完成收敛，ospf的metric值由最大恢复正常
    OR
  RouterB(config-router)#max-metric router-lsa on-starup 10 //ospf协议起来10min之内将metric值设置为最大（目的是让邻居路由别把我当做下一跳），这段时间希望BGP协议完成收敛；10min之后，ospf的metric值由最大恢复正常

• 这样配置以后，流量回切到RouterB时，RouterA去往RouterD环回时不会把RouterB当做下一跳

 

二、实验验证

（1）实验环境：R1配置lo100： 172.16.1.1/32，不宣告进ospf，宣告进AS 10，R6配置lo100： 192.168.1.1/32，不宣告进ospf，宣告进AS 20。默认172.16.1.1访问192.168.1.1的转发路径：R1-R2-R4-R5-R6，可通过抓包软件看到效果，即172.16.1.1访问192.168.1.1时，在R1的f0/0、R3的f0/0接口抓包，看不到ICMP流量，而在R1的f1/0、R2的f1/0接口抓包能看到ICMP流量。

（2）实验步骤：172.16.1.1访问192.168.1.1ping上10000个包同时在R1的f1/0接口抓包，中途将R2设备关机再开机观察效果（R2断电之前一定要保存配置）。

• 在R2上没配置R2(config-router)#max-metric router-lsa on-starup wait-for-bgp之前，效果如下：

  R1#ping 192.168.1.1 source 172.16.1.1 repeat 10000

  Type escape sequence to abort.
  Sending 10000, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
  Packet sent with a source address of 172.16.1.1
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!................ //此时将R2设备断电
  *Mar 1 00:30:45.159: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from FULL to DOWN, Neighbor Down:
  Dead timer expired..... //这段时间产生丢包是因为ospf hello超时时间为40s，40s之后R1才感知到与R2的ospf邻居关系中断了
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //这段时间流量转发正常，是因为去往192.168.1.1的流量转而从R3转发了
  *Mar 1 00:31:21.539: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from LOADING to FULL, Loading
  Done!!!!!!!!!!!!!!!!!!!!!!!!!!!!............. //将R2设备重启，这段时间又产生丢包是因为R2与R1、R1的ospf建立成功，R1去往R4的数据包又通过R2转发，但R2的BGP还没有完成收敛，BGP数据库中没有去往192.168.1.1的路由，形成路由转发黑洞
  *Mar 1 00:31:39.963: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down Peer closed the session.......
  *Mar 1 00:31:48.627: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up ..........!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   //当R2的BGP数据库中有192.168.1.1路由时，流量又可以通了

• 在R2上没配置R2(config-router)#max-metric router-lsa on-starup wait-for-bgp之后，效果如下：

  R1#ping 192.168.1.1 source 172.16.1.1 repeat 10000

  Type escape sequence to abort.
  Sending 10000, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
  Packet sent with a source address of 172.16.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........
  ..............    //只在R1感知与R2邻居关系中断的这段时间产生丢包
  *Mar 1 00:36:56.427: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from FULL to DOWN, Neighbor Down:
  Dead timer expired....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!
  *Mar 1 00:37:32.987: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on FastEthernet1/0 from LOADING to FULL, Loading
  Done!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  *Mar 1 00:37:49.443: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down Peer closed the session!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  *Mar 1 00:37:56.319: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

• R2重启完成初期，路由表中没有BGP路由，只有O路由且metric值最大，目的让R1去往4.4.4.4别以我为下一跳

  R2#sho ip route   //只截取一部分
      34.0.0.0/24 is subnetted, 1 subnets
  O 34.1.1.0 [110/65536] via 24.1.1.4, 00:00:01, FastEthernet1/0
      1.0.0.0/32 is subnetted, 1 subnets
  O 1.1.1.1 [110/65536] via 12.1.1.1, 00:00:01, FastEthernet0/0
      4.0.0.0/32 is subnetted, 1 subnets
  O 4.4.4.4 [110/65536] via 24.1.1.4, 00:00:03, FastEthernet1/0
      13.0.0.0/24 is subnetted, 1 subnets
  O 13.1.1.0 [110/65536] via 12.1.1.1, 00:00:03, FastEthernet0/0

 

三、结语

此实验一定要配合抓包软件观察效果，这样才能有深刻的印象，感兴趣的朋友可以自己动手试验一下啊~文中若有不足，请在评论区留言~~