本技术文章讨论BGP的路由黑洞解决方案、BGP聚合,即减少路由条目数的技术
乾颐堂军哥HCIE9-解决BGP路由黑洞、聚合的各种参数以及RR基础
1.BGP路由黑洞
1.1 解决路由黑洞问题1
某些AS内的设备没有运行BGP(R3),那么它会缺少路由(2.2.2.2/6.6.6.6),由于IP报文是逐跳转发的,报文到达R3,R3只能丢弃报文
解决方案:
1)BGP的全互联(full-mesh)确实可以解决路由黑洞问题,同时带来了邻居过多,TCP会话多拖,没必要的路由更新过多,拍错困难等问题
完成全互联配置:
bgp 345
peer 33.1.1.1 as-number 345
peer 44.1.1.1 as-number 345
peer 44.1.1.1 connect-interface LoopBack0
peer 66.1.1.1 as-number 60
peer 66.1.1.1 ebgp-max-hop 2
peer 66.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 5.5.5.5 255.255.255.255
network 55.1.1.0 255.255.255.0
network 55.1.1.1 255.255.255.255
peer 33.1.1.1 enable
peer 33.1.1.1 next-hop-local
peer 44.1.1.1 enable
peer 44.1.1.1 next-hop-local
peer 66.1.1.1 enable
2)BGP引入到IGP(困难重重)
<R5>dis ip routing-table protocol bgp
Route Flags: R - relay, D - download to fib

Public routing table : BGP
Destinations : 3 Routes : 3

BGP routing table status : <Active>
Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost Flags NextHop Interface

    2.2.2.2/32  IBGP    255  0          RD   44.1.1.1        Serial1/0/0
    6.6.6.6/32  EBGP    255  0          RD   66.1.1.1        Serial2/0/0
   22.1.1.1/32  IBGP    255  0          RD   44.1.1.1        Serial1/0/0

<R4>dis ip routing-table protocol bgp
Route Flags: R - relay, D - download to fib

Public routing table : BGP
Destinations : 4 Routes : 4

BGP routing table status : <Active>
Destinations : 3 Routes : 3

Destination/Mask Proto Pre Cost Flags NextHop Interface

    2.2.2.2/32  EBGP    255  0           D   10.1.24.2       GigabitEthernet0/0/1
    5.5.5.5/32  IBGP    255  0          RD   55.1.1.1        Serial1/0/0
    6.6.6.6/32  IBGP    255  0          RD   55.1.1.1        Serial1/0/0

配置:
R4和R5
ospf 1 router-id 5.5.5.5
import-route bgp //现实网络,极有可能需要路由策略以及注意iBGP的环境,默认情况下只能把eBGP路由引入到IGP;iBGP不能引入到IGP(基于环路考虑)
[R5-ospf-1]import-route bgp permit-ibgp //在OSPF进程下允许把iBGP引入引入到OSPF,产生路由环路可能性很大
<R3>dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib

Public routing table : OSPF
Destinations : 14 Routes : 14

OSPF routing table status : <Active>
Destinations : 14 Routes : 14

Destination/Mask Proto Pre Cost Flags NextHop Interface

     2.2.2.2/32  O_ASE   150  1           D   10.1.35.5       GigabitEthernet0/0/0

//R3的下一跳是35.5

3)MPLS 环境
标签转发
1.2 BGP的同步概念
同步的目的是为了在不做全互联的前提下解决BGP路由黑洞
但本身是一种过时的技术(所以华为设备无法开启BGP同步)
同步是IBGP和IGP路由同步,如果没有实现同步,那么结果是路由不更新给eBGP
本身
此时iBGP得到了11.1.1.1的路由,但是IGP没有得到,此时同步没有完成,但是却开启了同步命令
router bgp 200
synchronization
结果是什么?结果是由于该路由不是最优的,所以不会更新给eBGP邻居R5!
1--(2--3--4)--5
2.BGP的路由提高(产生路由)
BGP的路由如何产生:
1)network命令,在bgp中不用于建立邻居,只是产生路由。BGP可以network其他协议产生的路由(OSPF、rip、isis、静态、直连),这个位置有一个属性:origin属性为i;聚合方式也可以产生路由,起源属性也是i
2)EGP形式,起源属性为e
3)引入路由:import,起源属性为?(incomplete)
3.聚合
3.1 自动聚合
仅仅在DV协议才存在
仅仅对引入的(import)路由有效
[R5]bgp 345
[R5-bgp]
[R5-bgp]su
[R5-bgp]summary au
[R5-bgp]summary automatic
Info: Automatic summarization is valid only for the routes imported through the import-route command.
<R6>dis bgp routing-table 66.0.0.0

BGP local router ID : 0.0.6.6
Local AS number : 60
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 66.0.0.0/8:
From: 55.1.1.1 (10.1.35.5)
Route Duration: 00h02m01s
Relay IP Nexthop: 10.1.56.5
Relay IP Out-Interface: Serial2/0/0
Original nexthop: 55.1.1.1
Qos information : 0x0
AS-path 345, origin incomplete, pref-val 0, valid, external, best, select, active, pre 255, IGP cost 48
Aggregator: AS 345, Aggregator ID 10.1.35.5
3.2 增加了一种手动聚合方式
利用BGP的network命令,手工产生一条汇总后的静态的汇总路由,然后再通告该路由
6.6.6.6 0000,0110
6.6.6.9 0000,1001
6.6.6.0 /28
[R6]ip route-static 6.6.6.0 28 NULL 0 //空接口,一个路由黑洞接口,所有到达6.6.6.0/28的数据都将被丢弃进空接口,否则将会造成带宽的浪费
[R6]bgp 60
[R6-bgp]network 6.6.6.0 28 //仅仅通告汇总后的静态路由,去掉明细路由,否则路由条目增多的
<R5>display bgp routing-table 6.6.6.0

BGP local router ID : 10.1.35.5
Local AS number : 345
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.0/28:
From: 66.1.1.1 (0.0.6.6)
Route Duration: 00h06m34s
Relay IP Nexthop: 10.1.56.6
Relay IP Out-Interface: Serial2/0/0
Original nexthop: 66.1.1.1
Qos information : 0x0
AS-path 60, origin igp, MED 0, pref-val 0, valid, external, best, select, active, pre 255, IGP cost 48
Advertised to such 2 peers:
44.1.1.1
33.1.1.1
3.3 专门的AGGREGATE
聚合的前提是BGP表中存在明细路由
3.3.1 直接实施,没有任何参数
[R6-bgp]aggregate 6.6.6.0 28 //会生成一条聚合路由,但并不会抑制明细路由
<R5>dis bgp routing-table

BGP Local router ID is 10.1.35.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 21
Network NextHop MED LocPrf PrefVal Path/Ogn

>i 2.2.2.2/32 44.1.1.1 0 100 0 20i
> 5.5.5.5/32 0.0.0.0 0 0 i
> 6.6.6.0/28 66.1.1.1 0 60i
> 6.6.6.6/32 66.1.1.1 0 0 60i
*> 6.6.6.9/32 66.1.1.1 0 0 60i
3.3.2 抑制明细路由,仅仅向邻居公告汇总
[R6-bgp]aggregate 6.6.6.0 28 detail-suppressed
<R5>dis bgp routing-table

BGP Local router ID is 10.1.35.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 19
Network NextHop MED LocPrf PrefVal Path/Ogn

>i 2.2.2.2/32 44.1.1.1 0 100 0 20i
> 5.5.5.5/32 0.0.0.0 0 0 i
> 6.6.6.0/28 66.1.1.1 0 60i
> 10.1.1.0/24 0.0.0.0 0 0 ?
[R6-bgp]dis bgp rou

BGP Local router ID is 0.0.6.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 20
Network NextHop MED LocPrf PrefVal Path/Ogn

> 2.2.2.2/32 55.1.1.1 0 345 20i
> 5.5.5.5/32 55.1.1.1 0 0 345i
*> 6.6.6.0/28 127.0.0.1 0 i
s> 6.6.6.6/32 0.0.0.0 0 0 i
s> 6.6.6.9/32 0.0.0.0 0 0 i //s代表被抑制的,即没有更新给邻居的路由
R5聚合后
<R2>dis bgp routing-table 6.6.6.0

BGP local router ID : 10.1.24.2
Local AS number : 20
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.0/28:
From: 10.1.24.4 (4.4.4.4)
Route Duration: 00h00m09s
Direct Out-interface: GigabitEthernet0/0/2
Original nexthop: 10.1.24.4
Qos information : 0x0
AS-path 345, origin igp, pref-val 0, valid, external, best, select, active, pre 255
Aggregator: AS 345, Aggregator ID 10.1.35.5, Atomic-aggregate //在AS345的R5聚合后丢失了as属性或者团体属性
3.3.3
关于聚合之后的属性可能会改变
eBGP的防环:如果在收到的bgp的as-path属性中包含和自身相同的As号码,则丢弃该路由
[R5-bgp]aggregate 6.6.6.0 255.255.255.240 detail-suppressed as-set //聚合后依旧携带原有的as集合的参数,避免环路的发生以及次优的转发路径
Jan 13 2018 14:46:27.729.1-08:00 R6 RM/6/RMDEBUG:
BGP.Public: 55.1.1.1 MSG ignored : Looping in ASPATH value,
while recv UPDATE .

<R6>
Jan 13 2018 14:46:27.729.2-08:00 R6 RM/6/RMDEBUG:
BGP: routes in update message need to be processed as withdrawn message due to reason mentioned above.

<R6>
Jan 13 2018 14:46:27.729.3-08:00 R6 RM/6/RMDEBUG:
BGP.Public: Recv UPDATE from 55.1.1.1 with following destinations :

    Update message length : 66
    MP_reach  : AFI/SAFI  1/1 
    Origin    : IGP 
    AS Path   : 345 60 
    Next Hop  : 55.1.1.1 
    BGP.Public: Recv UPDATE(Withdraw) MSG from 55.1.1.1 with following destinations :

    6.6.6.0/28,

需求:
在R5上完成聚合,不能看到明细路由,R2上得到的路由的as-path为345 60

Atomic_Aggregate:标识发生了路径信息的丢失。生成的聚合路由带Atomic-aggregate属性,并且不能携带原具体路由的团体属性。
Aggregator:标识路径信息丢失发生的位置

3.3.4 抑制部分明细,放行汇总
[R6-bgp]aggregate 6.6.6.0 28 suppress-policy SUPPRESS //使用SUPPRESS这个路由策略来命中路由,被聚合中的suppress-policy调用,命中的路由抑制,其他路由放行

acl number 2000
rule 5 permit source 6.6.6.9 0
route-policy SUPPRESS permit node 5
if-match acl 2000
[R6]dis bgp routing-table

BGP Local router ID is 0.0.6.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 20
Network NextHop MED LocPrf PrefVal Path/Ogn

> 2.2.2.2/32 55.1.1.1 0 345 20i
> 5.5.5.5/32 55.1.1.1 0 0 345i
> 6.6.6.0/28 127.0.0.1 0 i
> 6.6.6.6/32 0.0.0.0 0 0 i
s> 6.6.6.9/32 0.0.0.0 0 0 i //被抑制在本地的路由
3.3.4
聚合后的起源属性是?
[R6-bgp]aggregate 6.6.6.0 255.255.255.240 suppress-policy SUPPRESS attribute-policy ATTRIBUTE //对聚合后的路由修改起源属性为egp
route-policy ATTRIBUTE permit node 10
apply origin egp 123
验证结果:
<R5>dis bgp routing-table

BGP Local router ID is 10.1.35.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 20
Network NextHop MED LocPrf PrefVal Path/Ogn

>i 2.2.2.2/32 44.1.1.1 0 100 0 20i
> 5.5.5.5/32 0.0.0.0 0 0 i
> 6.6.6.0/28 66.1.1.1 0 60 123e //成功
> 6.6.6.6/32 66.1.1.1 0 0 60i
聚合后并不能改变所有属性,常见可以修改的属性:起源和团体属性
——————————————————————————————
SW1和R3建立ebgp邻居,同时聚合一条6.0.0.0的路由
[R4-route-policy]dis cu conf bgp
[V200R003C00]
#
bgp 345
peer 10.1.24.2 as-number 20
peer 33.1.1.1 as-number 345
peer 55.1.1.1 as-number 345
peer 55.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
aggregate 6.0.0.0 255.0.0.0 as-set detail-suppressed origin-policy ORIGIN //可以更加明晰的表明某些路由起源自哪些AS
route-policy ORIGIN permit node 10
if-match acl 2000
[R4-route-policy]dis acl all
Total quantity of nonempty ACL number is 2

Basic ACL 2000, 2 rules
Acl's step is 5
rule 5 permit source 6.6.6.10 0 (1 matches)
rule 10 deny (2 matches)
验证结果:
<R2>dis bgp routing-table

BGP Local router ID is 10.1.24.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 21
Network NextHop MED LocPrf PrefVal Path/Ogn

> 2.2.2.2/32 0.0.0.0 0 0 i
> 5.5.5.5/32 10.1.24.4 0 345i
> 6.0.0.0 10.1.24.4 0 345 30i
> 6.6.6.0/28 10.1.24.4 0 345 60 123e
*> 6.6.6.6/32 10.1.24.4 0 345 60i

4.RR和联邦
应用场景都是管理大型BGP域的重要的技术,设计理念不同:RR是大面积的修改了iBGP的防环规则;联邦依旧遵循iBGP的防环规则
4.1 实施和RR的规则
角色:1)RR 2)RR的客户端 3)非客户端
bgp 345
peer 10.1.30.10 as-number 30
peer 44.1.1.1 as-number 345
peer 44.1.1.1 connect-interface LoopBack0
peer 55.1.1.1 as-number 345
peer 55.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.1.30.10 enable
peer 44.1.1.1 enable
peer 44.1.1.1 reflect-client //指定R4和R5为RR的客户端,意味着R3成为RR
peer 55.1.1.1 enable
peer 55.1.1.1 reflect-client

[R5]bgp 345
[R5-bgp]un peer 44.1.1.1 //不在需要全部互联
4.2 RR环境下的防环规则
两个新的属性:起源者Originator和簇ID,Cluster list
切记:非非(非客户端之间)不传
1)从非客户端收到的路由会更新给客户端和ebgp邻居
[R3]dis bgp routing-table 6.6.6.6

BGP local router ID : 10.1.35.3
Local AS number : 345
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 6.6.6.6/32:
From: 55.1.1.1 (10.1.35.5)
Route Duration: 00h09m31s
Relay IP Nexthop: 10.1.35.5
Relay IP Out-Interface: GigabitEthernet0/0/0
Original nexthop: 55.1.1.1
Qos information : 0x0
AS-path 60, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 48
Advertised to such 2 peers:
10.1.30.10
44.1.1.1 //更新给客户端
2)从客户端收到的路由会更新给所有的邻居(客户端和非客户端、eBGP,不反射回该客户端)

BGP local router ID : 10.1.35.3
Local AS number : 345
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 2.2.2.2/32:
RR-client route.
From: 44.1.1.1 (4.4.4.4)
Route Duration: 00h10m16s
Relay IP Nexthop: 10.1.35.5
Relay IP Out-Interface: GigabitEthernet0/0/0
Original nexthop: 44.1.1.1
Qos information : 0x0
AS-path 20, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255, IGP cost 144
Advertised to such 2 peers:
10.1.30.10 //更新给ebgp
55.1.1.1 //更新给非客户端
4.3 层次化的RR

5.团体属性