当前位置：网站首页>Hcip day 12 (BGP black hole, anti ring, configuration)

because BGP The protocol can be used to establish neighbors without direct connection , Therefore, there may be BGP Protocol spanning is not running BGP Protocol router , Lead to BGP After routing , Display control level , however , Data level , The flow is not running BGP Protocol router , Unable to get , Form a routing black hole .

Solution ：

（1） Give Way AS All the equipment in the are running BGP agreement

（2） Can be in AS Internal operation BGP The device looks like AS For internal use IGP Enter republication in the agreement

（3） Use MPLS Technology solves the routing black hole problem （ This method is the main solution used in the current project BGP Routing black hole scheme ）

BGP In order to prevent BGP The generation of routing black holes , Put forward BGP Synchronization mechanism （ That is, when a router from its own IBGP The peer learns a BGP When routing , He can't announce this route to his EBGP peers , Unless it is required IBGP Routing and IGP Route synchronization ）.

2、BGP The anti ring mechanism of

BGP The anti ring mechanism used ： Horizontal segmentation

stay BGP There are two kinds of horizontal segmentation in ：

1）EBGP Horizontal segmentation ： To solve EBGP Possible loop problems between peers .

BGP The protocol records the route in the routing entry AS Number is AS_PATH attribute （ Record everything AS Attribute of number , This attribute can be used in addition to EBGP Out of ring protection between peers , You can also select routes under specific circumstances ）. The received BGP In peer routing entries AS_PHTH If it contains local AS Number , Will be rejected , Avoid loop generation .

2）IBGP Horizontal segmentation ： To solve IBGP Possible loop problems between peers .

because BGP Of AS-BY-AS Characteristics of , Lead to AS The interior is considered as a whole , By default , The properties of the route will not change , All can not be protected by attributes .

therefore IBGP The practice of horizontal segmentation is when a router starts from a IBGP Learn a certain item from the peer BGP When routing , He will no longer pass this routing information to others IBGP peers .

IBGP Horizontal segmentation can effectively solve IBGP Loop problems caused by routing backhaul between peers , however , It will also lead to the problem of routing information transmission obstacles . Want to avoid IBGP Problems caused by horizontal segmentation , Can make all AS Internal operation BGP All routers are established IBGP Peer relationship . This relationship establishes a whole connection IBGP Peer solutions are not the best solution , Because being a AS Internal operation BGP When the number of routers in the protocol is large , Establish a company wide neighborhood , It will cause a lot of waste of resources , And reduce the scalability of the network .

therefore BGP There are two techniques specifically designed to solve IBGP Problems caused by horizontal segmentation 1、 Routing reflectors ;2、 The federal .

3、BGP Basic configuration

BGP Neighborhood building process

（1）EBGP Peer direct connection and neighbor building

1） start-up BGP process

[r1]bgp 1 //1 Refers to the location of the router AS Number , Not a process . Because a router can only belong to one AS in , So a router can only start one BGP process .

（2） To configure RID

[r1-bgp]router-id 1.1.1.1

（3） Specify a neighbor relationship

[r1-bgp]peer 12.0.0.2 as-number 2 // Specify neighbor IP Address and neighborhood AS The number of （ Neighborhood designation is bidirectional ）

[r1-bgp]display bgp peer // This command can view BGP My neighbor table

because IBGP Neighbors in the same AS In the middle , Normal should be AS There are a large number of backup paths in the , If physical interface is used to establish neighbor relationship, these backup or load balancing paths will be wasted ; Therefore, it is recommended to use the loopback interface to IBGP Establishment of peer relationship .

IBGP Peer loopback neighbor building

[r2-bgp]peer 3.3.3.3 as-number 2

[r2-bgp]peer 3.3.3.3 connect-interface LoopBack 0 // The connection interface designated to send packets to neighbors is the loopback interface

Be careful ： Once the loopback address is used as the neighbor address , At the same time, you need to modify the source IP The address is the local loopback address .

EBGP Peer loopback neighbor building

because EBGP Peers usually use the method of direct connection to build neighbors , So we need to EBGP In packets between peers TTL Value is set to 1, At the same time, add direct connection detection （ Detection source IP Is it in the same network segment ）;

Because Huawei equipment does not directly close the direct connection detection method , But you can modify TTL It's worth it EBGP Neighbors can build neighbors through normal indirect connection , Direct connection detection will automatically fail .

modify TTL The method of value ：

[r4-bgp]peer 5.5.5.5 ebgp-max-hop 2

[r5-bgp]peer 4.4.4.4 ebgp-max-hop // No numbers at the end , Is equivalent to TTL Change value to maximum value ,255.

summary ： In establishment EBGP Peer relationship , The first method is recommended ,EBGP Direct connection and neighbor building between peers ;IBGP It is recommended to use loopback interface to build neighbors between peers , That is, use method 2 .

BGP Route Publishing

（1） adopt Network Order to be issued

BGP All routing entries in the routing table can be passed through Network Order to be issued .

[r1-bgp]network 1.1.1.0 24

[r1-bgp]display bgp routing-table // This command can view the BGP surface

Network： Target network segment and mask information

Nethop： Next jump , Belong to BGP The routing properties of . Who announced it , Who is the next jump ; If you publish it yourself , Then the next hop attribute is 0.0.0.0

stay Network The symbol appearing before becomes the symbol of this route Status code

" * "： On behalf of the available ,BGP Every time the device receives a routing message , Will check the accessibility of its next hop attribute （ Query through routing table ）. If the next hop address is reachable , Indicates that the route is available , Otherwise, it is not available , If unavailable, the routing information will not be accepted , Not directly involved in the choice .

" > "： Representative preference , When receiving multiple routing information to the same network segment ,BGP The best and most preferred route will be selected according to the route attribute , Only the preferred route will be loaded into the route table , And pass it on to others BGP peers , If it is not preferred, it is not transmitted , Do not add tables .

When a router receives a message from EBGP The routing information sent by the peer is normally added to the table , The protocol type of this route is ：EBGP, priority ：255.

I： Status code for I, It means that the routing information is from IBGP Routing learned from peers .

because BGP There is AS-BY-AS Characteristics of , therefore IBGP When routing between neighbors , The next hop attribute will not be modified by default , May result from EBGP The routing information transmitted by neighbors is in IBGP Inaccessible to neighbors , So you need to execute the following commands to make changes .

[r2-bgp]peer 3.3.3.3 next-hop-local

When a router receives a message from IBGP The routing information sent by the peer is normally added to the table , The protocol type of this route is ：IBGP, priority ：255.

When the number of routes advertised is large , Use network The efficiency of article by article release is low , You can publish routes in batches by republishing them .

（2） Publish by republishing BGP route

[r2-bgp]import-route ospf 1 // By republishing OSPF Route published to BGP in .

OGN： Origin code

1、 adopt Network Published routes ," I "," I " Indicates that the route originated from IGP agreement （ Including static routing and direct routing ）.

2、 adopt EGP Protocol published routing ," e ", The designation is BGP The external gateway protocol before the protocol .（EGP agreement , At present, the agreement is basically not used , therefore E Markers are rare .）

3、 Routes published in addition to the above two ways , The mark of the origin code of the republished route is " ? ".

4、BGP Route aggregation

BGP Route aggregation for ：

1、 Automatic aggregation （ Only for republished routes ）

2、 Manual aggregation

Automatic aggregation

stay R1 Create two 172.16.1.0/24 and 172.16.2.1/24 Direct link routing , Then republish to BGP in

1、 Grab traffic

[r1]ip ip-prefix aa permit 172.16.0.0 16 greater-equal 24

less-equal 24

2、 Routing strategy

[r1]route-policy aa permit node 10

3、 Call in re release

[r1-bgp]import-route direct route-policy aa

Auto aggregate problems ：

1、 Can only aggregate to the main class , Cause to produce Huge routing black hole

2、 It can only take effect for republished routes

[r1-bgp]summary automatic // Huawei equipment automatically turns off the automatic aggregation function by default , Automatic overhead aggregation

" S "： Status code , Once the route is added to the previous status code S Mark , It means that the route is inhibited , No more tables and passes .

After the completion of automatic aggregation, an empty interface route pointing to the summary route is automatically generated for ring prevention .

Due to the problem of automatic summary , So when we need to accurately control the routing summary , Manual aggregation will be a more ideal solution .

Manual aggregation

[r1-bgp]aggregate 172.16.0.0 22 // Commands for manual aggregation

The problem of manual aggregation ：

1、 Detailed routes are not suppressed during manual aggregation , As a result, the number of routing entries passed is not reduced , But increases .

2、 The manually aggregated route entries have the problem of missing route attributes , Especially in routes that do not carry details AS_PATH attribute , Because this attribute is used to prevent ring , Not carrying may lead to loop generation .

[r4-bgp]aggregate 172.16.0.0 22 detail-suppressed // All detailed routes are known while aggregating routes

however , because BGP The particularity of the agreement , Lead to... In some environments , It is often impossible to suppress all detailed routes .

therefore , We Doing it BGP The aggregation , Often only part of the routing information is suppressed , To achieve this effect, you need " suppress-Policy "（ Inhibition strategy ）

1、 Grab the flow first

[r4]ip ip-prefix aa permit 172.16.1.0 24

2、 Use routing policies to match traffic

[r4]route-policy aa permit node 10

[r4-route-policy]if-match ip-prefix aa

3、 Call with suppression policy

[r4-bgp]aggregate 172.16.0.0 22 suppress-policy aa

[r4-bgp]aggregate 172.16.0.0 22 suppress-policy aa as-set // By activating AS_PATH attribute .

*> 172.16.0.0/22 127.0.0.1 0 {1 4}? --- When the detailed route comes from different AS Time solution , During Anti ring , In braces AS Both need to be considered , But when choosing the road , Braces will be considered as a whole , As a AS Number .

It is precisely because of the loss of attributes in the aggregated route , therefore , Such aggregate routing needs special attention . So ,BGP Two aggregation related properties are specially designed ---ATOMIC_AGGREGATE,AGGRGATOR

ATOMIC_AGGREGATE ---- Pure early warning attribute , Aggregation routing will carry （ Only the summary route that suppresses all detailed routes will be carried ）, The intention is to remind that the route is an aggregate route , There may be a property loss problem .

AGGRGATOR ---- The router where the summary is executed will be recorded AS Number and RID.

[r4]display bgp routing-table 172.16.0.0 --- You can view the details of a route

原网站

版权声明
本文为[Enron tears]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202140355091997.html