一、BGP FUNDAMENTALS l With the exception of the neighbor ebgp-multihop router configuration command,the commands for configuring EBGP&IBGP are the same. l Within as AS,BGP peers don't need to be directly connected l router bgp command enables a BGP routing PRocess and assigns to it a AS number l neighbor remote-as command adds an entry to the BGP neighbor table specifying that the peer identified by a particular ip address belongs to the specified AS. for EBGP ,neighbor IP address is usually the IP address directly connected. for IBGP, neighbor IP address can be the IP address of any of the router's interfaces. l To verify that BGP peers are up,use the show ip bgp neighbor, if it doesn't show that state=established,then the peers are not up. the remote router ID is the highest ip address or highest loopback interface on that router. the table version number increments by new incoming information l clear ip bgp to reset the bgp session after make a configuration change INTERNAL BGP 當(dāng)BGP speaker收到同一個(gè)AS域中其他的BGP speaker發(fā)來(lái)的路由信息時(shí),該BGP speaker 只通過(guò)EBGP向外部的BGP speaker發(fā)送收到的信息,所以在同一AS域中必須full meshed loopback interface: 當(dāng)使用某一物理端口作為neighbor remote-as中的地址時(shí),若該端口不能使用,則兩個(gè)路由器將不能連通。使用loopback interface就沒(méi)有這一顧慮。 router bgp 100 neighbor 190.225.22.2 remote-as 100 neighbor 190.225.22.2 update-source loopback 0 neighbor update-source是指明用于連接的是loopback端口,而不是物理端口。 由于EBGP peers之間通常是端對(duì)端互連的,必須依靠物理端口的連接,因此較少使用loopback EXTERNAL BGP ip multihop: 當(dāng)兩個(gè)BGP speaker之間不能直接連接時(shí)使用,這時(shí)可通過(guò)兩者的loopback端口互連,并使用neighbor ebgp-multihop,但在配置中必須加上靜態(tài)路由或起IGP,以保證兩者能互通。 !Router A loopback interface 0 ip address 129.213.1.1 ! router bgp 100 neighbor 180.225.11.1 remote-as 300 neighbor 180.225.11.1 ebgp-multihop neighbor 180.225.11.1 update-source loopback 0
! router B interface loopback 0 ip address 160.10.1.1 255.255.255.0 ! router bgp 200 neighbor 150.10.1.1 remote-as 100 neighbor 150.10.1.1 ebgp-multihop neighbor 150.10.1.1 update-source loopback 0 network 160.10.0.0 ! ip route 150.10.0.0 255.255.0.0 1.1.1.1 ip route 150.10.0.0 255.255.0.0 2.2.2.1 SYNCHRONIZATION (no synchronization) BGP同步規(guī)則規(guī)定假如一個(gè)AS域?yàn)榱硪粋€(gè)AS域提供傳輸服務(wù)時(shí),則只有在該AS域中所有的路由器都通過(guò)IGP學(xué)到一條路由信息時(shí),才將這條信息廣播出去。不使用同步,傳輸可快速一些,但可能引起數(shù)據(jù)包丟失。只有符合下列條件時(shí)可不使用同步:1、該AS不為其他兩個(gè)AS提供通道 2、 該AS域內(nèi)都走BGP。 二、BGP & Route Maps router map 與BGP一起使用時(shí)可控制路由信息,并可定義路由再分配的條件: route-map map-tag [[permitdeny][sequence-number]], map-tag是route-map的標(biāo)識(shí)號(hào),sequence-number是每一個(gè)route map 條件的標(biāo)識(shí)號(hào)。 BGP使用route-map時(shí),從最小的sequence-number開(kāi)始對(duì)應(yīng)。 Match 用于定義一些必須符合的條件,set是定義當(dāng)符合match中的條件時(shí)所采取的一些動(dòng)作。如: route-map mymap permit 10 match ip address 1.1.1.1 set metric 5 例:route A 與 route B走RIP,route A與route C走BGP。Route A 對(duì)從170.10.0.0來(lái)的路由設(shè)metric為2,其他為5: !router A router rip network 3.0.0.0 network 2.0.0.0 network 150.10.0.0 passive-interface serial 0 redistribute bgp 100 route-map setmetric ! router bgp 100 neighbor 2.2.2.3 remote-as 300 network 150.10.0.0 ! route-map setmetric permit 10 match ip-address 1 set metric 2 ! route-map setmetric permit 20 set metric 5 ! access-list 1 permit 170.10.0.0 0.0.255.255 若在router C上對(duì)170.10.0.0的outgoing包設(shè)community attribute為300: !router C router bgp 300 network 170.10.0.0 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 route-map setcommunity out ! route-map setcommunity permit 10 match ip address 1 set community 300 ! access-list 1 permit 0.0.0.0 255.255.255.255 Advertising Networks BGP 通過(guò)三種方法對(duì)外廣播其AS內(nèi)的路由信息:重分配靜態(tài)路由、重分配動(dòng)態(tài)路由、用network命令。 redistributing static routes !router c router bgp 200 neighbor 1.1.1.1 remote-as 300 redistribute static ! ip route 175.220.0.0 0.0.255.255 null 0 redistribute dynamic routes 有些IGP路由是通過(guò)BGP學(xué)到的,因此需用access list阻止這些路由被再分配回BGP。 !router c router eigrp 10 network 175.220.0.0 redistribute bgp 200 redistributed connected default-metric 1000 100 250 100 1500 ! router bgp 200 neighbor 1.1.1.1 remote-as 300 neighbor 2.2.2.2 remote-as 200 neighbor 1.1.1.1 distribute-list 1 out redistribute eigrp 10 ! access-list 1 permit 175.220.0.0 0.0.255.255 通常應(yīng)避免將BGP再分配入IGP,因?yàn)檫@樣會(huì)導(dǎo)致太多的路由注入AS中。 use the network command 在BGP中使用network命令定義AS的起始處,而在IGP中,network命令則指定起IGP的端口。 !router c router bgp 200 neighbor 1.1.1.1 remote-as 300 network 175.220.0.0 三、BGP Decicion Algorithm AS_path Attribute 當(dāng)有更新信息通過(guò)AS 時(shí),BGP將在前面加上自己的AS號(hào)。 Origin Attribute 路由的Origin屬性有以下三種: IGP---路由起源于同一AS域內(nèi),用show ip bgp時(shí)由I代表 EGP---路由通過(guò)Exterior Gateway Protocol學(xué)得,用show ip bgp時(shí)由e代表。 Incomplete---路由起源未知或通過(guò)其他方式學(xué)得,用?表示 1. External BGP peering 例: Router A in AS100 interface ethernet 5/0 ip address 222.222.10.2 255.255.255.240 router bgp 100 network 220.220.8.0 mask 255.255.255.0 neighbor 222.222.10.1 remote-as 101 neighbor 222.222.10.1 distribute-list 180 in neighbor 222.222.10.1 distribute-list 181 out
Router B in AS101 interface ethernet 1/0/0 ip address 222.222.10.1 255.255.255.240 router bgp 101 network 220.220.16.0 mask 255.255.240.0 neighbor 222.222.10.2 remote-as 100 neighbor 222.222.10.2 distribute-list 150 in neighbor 222.222.10.2 distribute-list 151 out
2. stable iBGP peering(peering to loopback address) .peer with loopback address .iBGP session is not dependent on a single interface .loopback interface does not go down ever 例: router A: interface loopback 0 ip address 215.10.7.1 255.255.255.255 router bgp 100 network 220.220.1.0 neighbor 215.10.7.2 remote-as 100 neighbor 215.10.7.2 update-source loopback 0 neighbor 215.10.7.3 remote-as 100 neighbor 215.10.7
