【实验环境】
C3640-IK9O3S-M Version 12.4(10)
【实验目的】
采用联邦(BGP Confederation)解决由IBGP水平分割导致的BGP路由黑洞问题
【实验拓扑】
【实验描述】
R1、R2、R4、R5跑BGP协议,R2、R3、R4跑OSPF协议。目标是使1.1.1.1<->5.5.5.5可以互相访问
IBGP邻居关系采用回环口进行建立
R1<->R2、R4<->R5之间使用直连接口建立EBGP关系
数据层面的BGP路由黑洞问题:由于R3没有跑BGP,因此R2和R4均不会将路由条目传给R3,因此R3没有1.1.1.1和5.5.5.5的路由,导致路由黑洞。如果在R3上跑BGP,与R2和R4建立IBGP关系,又会因为IBGP水平分割导致R2、R4路由学习不完整。
解决方法:将AS 3内部划分为2个子AS,使用私有BGP AS 65011和65013,此时R3与R4之间的关系就成为EBGP,从而打破IBGP的水平分割法则,解决路由黑洞,这些私有AS就叫做联邦(Confederation),同时对于AS 1和AS 5来说,联邦是透明的,在他们看来,AS 3依旧是AS 3
做联邦的步骤:
1、将路由器划分组合为不同的小AS
2、在大AS的边界路由器上声明所处的大AS号
3、在小AS边界路由器之间建立联邦EBGP关系,并互指Peer
注意:
联邦AS不作为BGP选路标准,仅以大AS为准(在BGP路由表中联邦AS用括号标识)
【实验步骤】
1、R1基本配置,端口:
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial0/0
ip address 12.0.0.1 255.255.255.0
clock rate 64000
!
2、R2基本配置,端口,OSPF:
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial0/0
ip address 12.0.0.2 255.255.255.0
!
interface Serial0/1
ip address 23.0.0.1 255.255.255.0
clock rate 64000
!
router ospf 110
router-id 2.2.2.2
network 2.2.2.0 0.0.0.255 area 0
network 23.0.0.1 0.0.0.0 area 0
!
3、R3基本配置,端口,OSPF:
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial0/0
ip address 34.0.0.1 255.255.255.0
clock rate 64000
!
interface Serial0/1
ip address 23.0.0.2 255.255.255.0
!
router ospf 110
router-id 3.3.3.3
network 3.3.3.0 0.0.0.255 area 0
network 23.0.0.2 0.0.0.0 area 0
network 34.0.0.1 0.0.0.0 area 0
!
4、R4基本配置,端口,OSPF:
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Serial0/0
ip address 34.0.0.2 255.255.255.0
!
interface Serial0/1
ip address 45.0.0.1 255.255.255.0
clock rate 64000
!
router ospf 110
router-id 4.4.4.4
network 4.4.4.0 0.0.0.255 area 0
network 34.0.0.2 0.0.0.0 area 0
!
5、R5基本配置,端口:
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Serial0/1
ip address 45.0.0.2 255.255.255.0
!
6、在R2和R3上创建联邦AS 65011,建立IBGP关系
//R2上创建AS 65011
router bgp 65011
no synchronization
bgp router-id 2.2.2.2
neighbor 3.3.3.3 remote-as 65011
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
//R3上创建AS 65011
router bgp 65011
no synchronization
bgp router-id 3.3.3.3
neighbor 2.2.2.2 remote-as 65011
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
7、在R4上创建联邦AS 65013
//R4上创建AS 65013
router bgp 65013
no synchronization
bgp router-id 4.4.4.4
no auto-summary
8、在R2、R3、R4上声明自己的大AS,然后与R1和R5创建EBGP关系
//R2上配置联邦声明
router bgp 65011
bgp confederation identifier 3
neighbor 12.0.0.1 remote-as 1
//R4上配置联邦声明
router bgp 65013
bgp confederation identifier 3
neighbor 45.0.0.2 remote-as 5
//R3上配置联邦声明
router bgp 65011
bgp confederation identifier 3
9、在R3和R4的联邦AS之间通过环回口创建EBGP关系,并互指联邦Peer
//R3上配置EBGP邻居并指定联邦Peer
router bgp 65011
bgp confederation peers 65013
neighbor 4.4.4.4 remote-as 65013
//由于使用回环口建立联邦EBGP关系,因此需要将默认TTL值改大
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback0
//R4上配置EBGP邻居并指定联邦Peer
router bgp 65013
bgp confederation peers 65011
neighbor 3.3.3.3 remote-as 65011
neighbor 3.3.3.3 ebgp-multihop 2
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
10、在R3上查看路由表
R3#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 2.2.2.2 0 100 0 1 i
* 5.5.5.0/24 45.0.0.2 0 100 0 (65013) 5 i
发现5.5.5.0/24没有best,下一跳地址不可达。这里需要注意一下不同,常规EBGP的下一跳是对端地址,但联邦之间的EBGP需要手工next-hop-self
//R3上配置下一跳
router bgp 65013
neighbor 3.3.3.3 next-hop-self
再次查看路由表
R3#sh ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 2.2.2.2 0 100 0 1 i
*> 5.5.5.0/24 4.4.4.4 0 100 0 (65013) 5 i
11、验证R1和R5回环口的连通性
R1#ping 5.5.5.5 so 1.1.1.1
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 276/316/408 ms
12、在R2上查看5.5.5.0/24这条路由
R2#sh ip bgp 5.5.5.0/24
BGP routing table entry for 5.5.5.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
(65013) 5
4.4.4.4 (metric 129) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, confed-internal, best
13、在R4上查看1.1.1.0/24这条路由
R4#sh ip bgp 1.1.1.0/24
BGP routing table entry for 1.1.1.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table)
(65011) 1
2.2.2.2 (metric 129) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
观察到由联邦学习到的路由属性中出现了confed-internal标识
14、在R1和R5上查看路由表
R1#sh ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 5.5.5.0/24 12.0.0.2 0 3 5 i
R5#sh ip bgp
BGP table version is 4, local router ID is 5.5.5.5
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 45.0.0.1 0 3 1 i
*> 5.5.5.0/24 0.0.0.0 0 32768 i
观察到1.1.1.0/24和5.5.5.0/24这2条路由的Path属性中并没有包含联邦AS号,证明联邦AS对于外部是透明的,不可见的