【實驗環境】
C3640-IK9O3S-M Version 12.4(10)
【實驗目的】
采用聯邦(BGP Confederation)解決由IBGP水平分割導致的BGP路由黑洞問題
【實驗拓撲】
【實驗描述】
R1、R2、R4、R5跑BGP協議,R2、R3、R4跑OSPF協議。目標是使1.1.1.1<->5.5.5.5可以互相訪問
IBGP鄰居關系采用回環口進行建立
R1<->R2、R4<->R5之間使用直連接口建立EBGP關系
數據層面的BGP路由黑洞問題:由于R3沒有跑BGP,因此R2和R4均不會將路由條目傳給R3,因此R3沒有1.1.1.1和5.5.5.5的路由,導致路由黑洞。如果在R3上跑BGP,與R2和R4建立IBGP關系,又會因為IBGP水平分割導致R2、R4路由學習不完整。
解決方法:將AS 3內部劃分為2個子AS,使用私有BGP AS 65011和65013,此時R3與R4之間的關系就成為EBGP,從而打破IBGP的水平分割法則,解決路由黑洞,這些私有AS就叫做聯邦(Confederation),同時對于AS 1和AS 5來說,聯邦是透明的,在他們看來,AS 3依舊是AS 3
做聯邦的步驟:
1、將路由器劃分組合為不同的小AS
2、在大AS的邊界路由器上聲明所處的大AS號
3、在小AS邊界路由器之間建立聯邦EBGP關系,并互指Peer
注意:
聯邦AS不作為BGP選路標準,僅以大AS為準(在BGP路由表中聯邦AS用括號標識)
【實驗步驟】
1、R1基本配置,端口:
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial0/0
ip address 12.0.0.1 255.255.255.0
clock rate 64000
!
2、R2基本配置,端口,OSPF:
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial0/0
ip address 12.0.0.2 255.255.255.0
!
interface Serial0/1
ip address 23.0.0.1 255.255.255.0
clock rate 64000
!
router ospf 110
router-id 2.2.2.2
network 2.2.2.0 0.0.0.255 area 0
network 23.0.0.1 0.0.0.0 area 0
!
3、R3基本配置,端口,OSPF:
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial0/0
ip address 34.0.0.1 255.255.255.0
clock rate 64000
!
interface Serial0/1
ip address 23.0.0.2 255.255.255.0
!
router ospf 110
router-id 3.3.3.3
network 3.3.3.0 0.0.0.255 area 0
network 23.0.0.2 0.0.0.0 area 0
network 34.0.0.1 0.0.0.0 area 0
!
4、R4基本配置,端口,OSPF:
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Serial0/0
ip address 34.0.0.2 255.255.255.0
!
interface Serial0/1
ip address 45.0.0.1 255.255.255.0
clock rate 64000
!
router ospf 110
router-id 4.4.4.4
network 4.4.4.0 0.0.0.255 area 0
network 34.0.0.2 0.0.0.0 area 0
!
5、R5基本配置,端口:
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Serial0/1
ip address 45.0.0.2 255.255.255.0
!
6、在R2和R3上創建聯邦AS 65011,建立IBGP關系
//R2上創建AS 65011
router bgp 65011
no synchronization
bgp router-id 2.2.2.2
neighbor 3.3.3.3 remote-as 65011
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
//R3上創建AS 65011
router bgp 65011
no synchronization
bgp router-id 3.3.3.3
neighbor 2.2.2.2 remote-as 65011
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
7、在R4上創建聯邦AS 65013
//R4上創建AS 65013
router bgp 65013
no synchronization
bgp router-id 4.4.4.4
no auto-summary
8、在R2、R3、R4上聲明自己的大AS,然后與R1和R5創建EBGP關系
//R2上配置聯邦聲明
router bgp 65011
bgp confederation identifier 3
neighbor 12.0.0.1 remote-as 1
//R4上配置聯邦聲明
router bgp 65013
bgp confederation identifier 3
neighbor 45.0.0.2 remote-as 5
//R3上配置聯邦聲明
router bgp 65011
bgp confederation identifier 3
9、在R3和R4的聯邦AS之間通過環回口創建EBGP關系,并互指聯邦Peer
//R3上配置EBGP鄰居并指定聯邦Peer
router bgp 65011
bgp confederation peers 65013
neighbor 4.4.4.4 remote-as 65013
//由于使用回環口建立聯邦EBGP關系,因此需要將默認TTL值改大
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback0
//R4上配置EBGP鄰居并指定聯邦Peer
router bgp 65013
bgp confederation peers 65011
neighbor 3.3.3.3 remote-as 65011
neighbor 3.3.3.3 ebgp-multihop 2
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
10、在R3上查看路由表
R3#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 2.2.2.2 0 100 0 1 i
* 5.5.5.0/24 45.0.0.2 0 100 0 (65013) 5 i
發現5.5.5.0/24沒有best,下一跳地址不可達。這里需要注意一下不同,常規EBGP的下一跳是對端地址,但聯邦之間的EBGP需要手工next-hop-self
//R3上配置下一跳
router bgp 65013
neighbor 3.3.3.3 next-hop-self
再次查看路由表
R3#sh ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 2.2.2.2 0 100 0 1 i
*> 5.5.5.0/24 4.4.4.4 0 100 0 (65013) 5 i
11、驗證R1和R5回環口的連通性
R1#ping 5.5.5.5 so 1.1.1.1
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 276/316/408 ms
12、在R2上查看5.5.5.0/24這條路由
R2#sh ip bgp 5.5.5.0/24
BGP routing table entry for 5.5.5.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
(65013) 5
4.4.4.4 (metric 129) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, confed-internal, best
13、在R4上查看1.1.1.0/24這條路由
R4#sh ip bgp 1.1.1.0/24
BGP routing table entry for 1.1.1.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table)
(65011) 1
2.2.2.2 (metric 129) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
觀察到由聯邦學習到的路由屬性中出現了confed-internal標識
14、在R1和R5上查看路由表
R1#sh ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 5.5.5.0/24 12.0.0.2 0 3 5 i
R5#sh ip bgp
BGP table version is 4, local router ID is 5.5.5.5
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 45.0.0.1 0 3 1 i
*> 5.5.5.0/24 0.0.0.0 0 32768 i
觀察到1.1.1.0/24和5.5.5.0/24這2條路由的Path屬性中并沒有包含聯邦AS號,證明聯邦AS對于外部是透明的,不可見的