乾颐堂军哥HCIE课程10-BGP的路由联邦实施以及团体属性操控路由

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了乾颐堂军哥HCIE课程10-BGP的路由联邦实施以及团体属性操控路由相关的知识,希望对你有一定的参考价值。

BGP知识
拓扑图
技术分享图片
1.BGP的RR
1.1 RR的规则
切记:非非(非客户端之间)不传
1)从非客户端收到的路由会更新给客户端和ebgp邻居
[R3]dis bgp routing-table 6.6.6.6

BGP local router ID : 10.1.35.3
Local AS number : 345
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
From: 55.1.1.1 (10.1.35.5)
Route Duration: 00h09m31s
Relay IP Nexthop: 10.1.35.5
Relay IP Out-Interface: GigabitEthernet0/0/0
Original nexthop: 55.1.1.1
Qos information : 0x0
AS-path 60, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 48
Advertised to such 2 peers:
10.1.30.10
44.1.1.1 //更新给客户端
2)从客户端收到的路由会更新给所有的邻居(客户端和非客户端、eBGP,不反射回该客户端)

BGP local router ID : 10.1.35.3
Local AS number : 345
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 2.2.2.2/32:
RR-client route.
From: 44.1.1.1 (4.4.4.4)
Route Duration: 00h10m16s
Relay IP Nexthop: 10.1.35.5
Relay IP Out-Interface: GigabitEthernet0/0/0
Original nexthop: 44.1.1.1
Qos information : 0x0
AS-path 20, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 144
Advertised to such 2 peers:
10.1.30.10 //更新给ebgp
55.1.1.1 //更新给非客户端
3)从eBGP学习到的路由更新给客户端和非客户端

1.2 RR的防环属性
簇(cluster),RR和它们的客户端组成一个簇
reflector cluster-id 3.3.3.3 //可选配置
起源ID(originator ID)的防环现象:
Jan 14 2018 10:38:47.58.1-08:00 R4 RM/6/RMDEBUG:
BGP.Public : Error identified while receiving UPDATE message from the peer 55.1.1.1 and ignored
Reason: (ORIGINATORID equal to RouterID). //如果起源ID=RID,则不接收该路由。思路:1)是否产生了路由(路由始发者) 2)是否更新出去 3)路由是否被接受
簇ID(cluster id),
Jan 14 2018 10:52:06.970.4-08:00 R5 RM/6/RMDEBUG:
BGP.Public : Error identified while receiving UPDATE message from the peer 33.1.1.1 and ignored
Reason: (Received CLUSTERLIST Value greater than allowed loop count of ClusterID of the speaker). //由于簇list中包含了自身的簇ID,所以拒绝该路由!
6.6.6.6这条路由R5更新给R3,R3接收了,why?
只有路由被反射了,才会增加起源ID/簇ID属性
dis bgp routing-table 2.2.2.2

BGP local router ID : 10.1.35.5
Local AS number : 345
Paths: 2 available, 1 best, 1 select
BGP routing table entry information of 2.2.2.2/32:
RR-client route.
From: 33.1.1.1 (10.1.35.3)
Route Duration: 00h01m59s
Relay IP Nexthop: 10.1.1.1
Relay IP Out-Interface: Serial1/0/0
Original nexthop: 44.1.1.1
Qos information : 0x0
AS-path 20, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 96
Originator: 4.4.4.4 //起源ID
Cluster list: 3.3.3.3 //簇列表
Advertised to such 2 peers:
66.1.1.1
44.1.1.1
1.3 层次化的RR+补充路由反射器情况下的下一跳
多层RR而已
[R3-bgp]peer 44.1.1.1 next-hop-local //不能实现需求

[R3-bgp]peer 44.1.1.1 route-policy NHOP export //RR上出方向应用策略无效(ENSP 390)
R4上:
[R4-bgp]peer 33.1.1.1 route-policy NHOP import
route-policy NHOP permit node 5
if-match acl 2006
apply ip-address next-hop 33.1.1.1 //如果匹配到acl20006调用的路由,修改下一跳为RR的更新源地址
route-policy NHOP permit node 10 //允许其他路由从RR更新
acl number 2006
rule 5 permit source 6.6.6.6 0
验证:
<R4>dis bgp routing-table

BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn

> 2.2.2.2/32 10.1.24.2 0 0 20i
>i 6.6.6.0/28 55.1.1.1 100 0 60 123e //路由策略放行的路由,不做修改
*>i 6.6.6.6/32 33.1.1.1 0 100 0 60i //生效,修改了下一跳

2.联邦
没有改变iBGP的更新机制,所以不需要额外的防环规则
比如下一跳、本地优先级等属性在整个联邦保持不变
需求:
as345被配置为联邦,R3和R4为成员as64512(私有as号码的最小值),R5为成员as65535(私有as号码的最大值),R3和R5构建联邦as的ebgp邻居
[R5-bgp]dis th
[V200R003C00]
#
bgp 65535
confederation id 345 //表明本as的“国家”身份
confederation peer-as 64512 //表明和成员as的eBGP邻居关系
peer 33.1.1.1 as-number 64512
peer 33.1.1.1 ebgp-max-hop 255
peer 33.1.1.1 connect-interface LoopBack0 //不要忘记成员as的ebgp多跳也需要配置,否则ttl为1,报文无法到达对端
peer 33.1.1.1 next-hop-local //对成员as修改下一跳,否则路由不会优化
peer 66.1.1.1 as-number 60 //构建国家间的ebgp邻居
peer 66.1.1.1 ebgp-max-hop 255
peer 66.1.1.1 connect-interface LoopBack0
<R5>dis bgp routing-table 2.2.2.2

BGP local router ID : 10.1.35.5
Local AS number : 65535
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 2.2.2.2/32:
From: 33.1.1.1 (10.1.35.3)
Route Duration: 00h02m08s
Relay IP Nexthop: 10.1.1.1
Relay IP Out-Interface: Serial1/0/0
Original nexthop: 44.1.1.1
Qos information : 0x0
AS-path (64512) 20, origin igp, MED 0, localpref 100, pref-val 0, valid, external-confed, best, select, active, pre 255, IGP cost 96
Advertised to such 1 peers:
66.1.1.1

3.BGP的团体属性
最容易忽略的是:peer x.x.x.x advertise-community
团体属性可以有多种应用方式,不同的应用结果不同
NETWORK、针对邻居在出/入方向应用、引入路由的时候应用、聚合的时候应用
3.1 众所周知的团体属性(路由过滤相关)
INTERNET,默认属性,所有路由都具备这个属性
no-advertise,不更新路由给邻居
aggregate 6.6.6.0 255.255.255.240 suppress-policy SUPPRESS attribute-policy ATTRIBUTE
//聚合路由时修改团体属性
route-policy ATTRIBUTE permit node 10
apply community no-advertise
[R6-bgp]dis bgp rou 6.6.6.0

BGP local router ID : 0.0.6.6
Local AS number : 60
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.0/28:
Aggregated route.
Route Duration: 00h03m10s
Direct Out-interface: NULL0
Original nexthop: 127.0.0.1
Qos information : 0x0
Community:no-advertise //由于是路由在生成时就具备该属性,所以不在更新给邻居
针对邻居应用的实例:
route-policy COMM permit node 5
if-match acl 2006
apply community no-advertise //仅仅对acl2006的路由做出团体属性no-advertise
#
route-policy COMM permit node 10 //放行其他路由,不做团体属性的修改
bgp 60
peer 55.1.1.1 advertise-community
peer 55.1.1.1 route-policy COMM export //针对邻居调用
验证结果:
<R5>dis bgp routing-table 6.6.6.6

BGP local router ID : 10.1.35.5
Local AS number : 65535
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
From: 66.1.1.1 (0.0.6.6)
Route Duration: 00h00m11s
Relay IP Nexthop: 10.1.56.6
Relay IP Out-Interface: Serial2/0/0
Original nexthop: 66.1.1.1
Qos information : 0x0
Community:no-advertise //团体属性
AS-path 60, origin igp, MED 0, pref-val 0, valid, external, best, select, active, pre 255, IGP cost 48
Not advertised to any peer yet //不更新给任何邻居

no-export,不更新路由给真正的EBGP
此时R3和R4是否具备no-export属性?没有,因为默认不向邻居通告团体属性
R6:
route-policy COMM permit node 5
if-match acl 2006
apply community no-export //对acl2006命中的路由,增加“不通告给真正的ebgp”的团体属性
#
route-policy COMM permit node 10 //对其他路由放心
peer 55.1.1.1 route-policy COMM export
[R5-bgp]peer 33.1.1.1 advertise-community
[R3-bgp]peer 44.1.1.1 advertise-community
[R3-bgp]peer 55.1.1.1 advertise-community
<R4>dis bgp routing-table 6.6.6.6

BGP local router ID : 4.4.4.4
Local AS number : 64512
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
From: 33.1.1.1 (10.1.35.3)
Route Duration: 00h03m51s
Relay IP Nexthop: 10.1.1.1
Relay IP Out-Interface: Serial1/0/0
Original nexthop: 55.1.1.1
Qos information : 0x0
Community:no-export //团体属性

no-export-subconfed,不更新路由给其他成员AS(local-as)/仅仅在该AS传递(如果没有联邦就等同于no-export参数)
R6:
route-policy COMM permit node 5
if-match acl 2006
apply community no-export-subconfed
#
route-policy COMM permit node 10
<R5>dis bgp routing-table 6.6.6.6

BGP local router ID : 10.1.35.5
Local AS number : 65535
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
From: 66.1.1.1 (0.0.6.6)
Route Duration: 00h01m45s
Relay IP Nexthop: 10.1.56.6
Relay IP Out-Interface: Serial2/0/0
Original nexthop: 66.1.1.1
Qos information : 0x0
Community:no-export-subconfed
AS-path 60, origin igp, MED 0, pref-val 0, valid, external, best, select, active, pre 255, IGP cost 48
Not advertised to any peer yet //不更新给其他的成员as
结果是成员as 64512中不存在路由
需求:请在AS345中配置(不允许在as60配置),使得AS64512 得到该路由
团体属性是一种需要配合使用的参数,具备一个破坏性的参数
route-policy NO permit node 10
apply community none //可以把所有团体属性拿掉
新需求:
<R5>dis bgp routing-table 6.6.6.6

BGP local router ID : 10.1.35.5
Local AS number : 65535
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
From: 66.1.1.1 (0.0.6.6)
Route Duration: 00h00m03s
Relay IP Nexthop: 10.1.56.6
Relay IP Out-Interface: Serial2/0/0
Original nexthop: 66.1.1.1
Qos information : 0x0
Community:<60:6>, no-export-subconfed
3.2 自定义的团体属性
3.3 团体属性列表应用和影响选路
团体属性列表,用于去匹配团体属性
[R1]ip community-filter 1 permit 60:6 //团体属性列表命中某些团体属性
route-policy XUANLU permit node 10
if-match community-filter 1
apply preferred-value 10 //针对团体属性修改影响选路的参数
#
route-policy XUANLU permit node 20 //放行其他路由
[R1-route-policy]bgp 10
[R1-bgp]peer 15.15.15.15 route-policy XUANLU import //针对邻居来影响选路
<R1>tracert 6.6.6.6
traceroute to 6.6.6.6(6.6.6.6), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.15.5 60 ms 40 ms 40 ms
2 10.1.56.6 50 ms 40 ms 50 ms
总结:
1).对某些路由自定团体属性 2).别忘记向邻居通告团体属性,否则中断了策略 3)应用 4)对团体属性列表匹配的路由,通过路由策略影响选路
作业:
R6上产生的路由6.6.6.6自定义团体属性60:6;
AS345的R4+R1建立ebgp邻居
AS345的R5+SW3建立ebgp邻居
R1上到达6.6.6.6通过高速的以太网转发数据,其他路由不受影响

4.BGP的选路属性和操作

以上是关于乾颐堂军哥HCIE课程10-BGP的路由联邦实施以及团体属性操控路由的主要内容,如果未能解决你的问题,请参考以下文章

乾颐堂军哥HCIE9-解决BGP路由黑洞聚合的各种参数以及RR基础

神圣教师节再现某吹牛机构白嫖事件,乾颐堂军哥实名DISS丫的

一名大学生选择军哥的乾颐堂是如何顺利通过华为HCIE的,又如何应对HICE面试呢?

来看看军哥对HCIEv3.0预测对了多少内容吧!乾颐堂安德HCIEv3.0视频已经在线

乾颐堂安德华为ICT大赛知识串讲含真题讲解,综合冲刺课程

乾颐堂既有老腊肉也有小鲜肉,欢迎大家来学习,大学生如何学习HCIE,答案来咯