【CCNP】BGP-eBGP多跳解析.docx

BGP eBGP多跳解析【CCNP】BGP eBGP多跳解析版本 V1.0密级开放内部机密 类型讨论版测试版正式版修订记录修订日期修订人版本号审核人修订说明2012-11-13Jeff1.0Jeff正式发布1 案例配置拓扑2 案例配置需求1、 如上图所示，IP地址规划方面，R1/R2上有一环回接口loopback 0，地址为X.X.X.X/32（其中X为路由器编号，如R1的环回口loopback 0地址为1.1.1.1/32），路由器互联的接口为172.8.AB.X/24（其中AB为路由器编号叠加，X为路由器编号，如R1连接R2的接口S0/0的地址为172.8.12.1/24）2、 图中有2个AS，分别是AS 100，AS 200，配置BGP，R1与R2形成eBGP的邻居关系（采用loopback 0作为更新源），R1/R2配置到达对方的loopback 0的静态路由；3 案例配置思路1、 R1上的关键配置：router bgp 100no synchronizationneighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 ebgp-multihop 2 /推理：R1与R2行程eBGP关系，默认发出包的TTL值为1，数据包发送到R2时，需要将TTL值减1，那么此时TTL=0，如果将数据包发送到本地接口IP，则数据包可被接收（如本例中的loopback 0），如果要将此数据包发送给下一跳路由器，则由于TTL=0被丢弃，按照这种推断， R1/R2建立eBGP是没有问题的，但是实验中就是无法建立邻居关系；解析：其实没有配置eBGP多跳导致邻居关系建立不起来的关键原因不是TTL值的问题，而是默认情况下路由器有直连检测功能，如果发现建邻居的地址不是本地的直连地址，那么则不发送数据包，自然邻居无法建立，可以在BGP进程下采用neighbor x.x.x.x disable-connected-check 命令关闭直连检测功能/追加问题：为什么配置了eBGP多跳之后，邻居建立正常？解析：由于配置了eBGP多跳之后，多跳的条件覆盖了直连检测的功能，那么将不做直连检测/ neighbor 2.2.2.2 update-source Loopback0 no auto-summary!ip route 2.2.2.2 255.255.255.255 172.8.12.2 /到达R2 loopback 0的路由，保证TCP可达/2、 R2上的关键配置：router bgp 100no synchronizationneighbor 1.1.1.1 remote-as 200 neighbor 1.1.1.1 ebgp-multihop 2 /同上解析/ neighbor 1.1.1.1 update-source Loopback0 no auto-summary!ip route 1.1.1.1 255.255.255.255 172.8.12.1 /到达R1 loopback 0的路由，保证TCP可达/4 案例检验结果1、 采用show ip bgp查看BGP表：R1#show tcp brief TCB Local Address Foreign Address (state)65092D04 1.1.1.1.14299 2.2.2.2.179 ESTAB /R1与R2建立TCP Session，目标端口为179/2、 查看邻居的详细信息：R1#show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 200, external link BGP version 4, remote router ID 2.2.2.2 BGP state = Established, up for 00:06:40 /邻居建立/ Last read 00:00:40, last write 00:00:40, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 3 3 Notifications: 0 0 Updates: 1 0 Keepalives: 53 53 Route Refresh: 0 0 Total: 57 56 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 2, neighbor version 2/0 Output queue size : 0 Index 1, Offset 0, Mask 0x2 1 update-group member Sent Rcvd Prefix activity: - - Prefixes Current: 1 0 Prefixes Total: 1 0 Implicit Withdraw: 0 0 Explicit Withdraw: 0 0 Used as bestpath: n/a 0 Used as multipath: n/a 0 Outbound Inbound Local Policy Denied Prefixes: - - Total: 0 0 Number of NLRIs in the update sent: max 1, min 1 Connections established 3; dropped 2 Last reset 00:06:45, due to User reset External BGP neighbor may be up to 2 hops away.Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 2Local host: 1.1.1.1, Local port: 14299Foreign host: 2.2.2.2, Foreign port: 179/TCP建立的情况，发送的TTL为2/Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)Event Timers (current time is 0x399748):Timer Starts Wakeups NextRetrans 11 0 0x0TimeWait 0 0 0x0AckHold 8 6 0x0SendWnd 0 0 0x0KeepAlive 0 0 0x0GiveUp 0 0 0x0PmtuAger 0 0 0x0DeadWait 0 0 0x0iss: 3399376472 snduna: 3399376742 sndnxt: 3399376742 sndwnd: 16115irs: 4015713844 rcvnxt: 4015714061 rcvwnd: 16168 delrcvwnd: 216SRTT: 231 ms, RTTO: 769 ms, RTV: 538 ms, KRTT: 0 msminRTT: 60 ms, maxRTT: 300 ms, ACK hold: 200 msFlags: active open, nagleIP Precedence value : 6Datagrams (max data segment is 536 bytes):Rcvd: 11 (out of order: 0), with data: 8, total data bytes: 216Sent: 18 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 10, total data bytes: 2693、 查看BGP的summary信息：R1#show ip bgp summaryBGP router identifier 1.1.1.1, local AS number 100BGP table version is 2, main routing table version 21 network entries using 117 bytes of memory1 path entries using 52 bytes of memory2/1 BGP path/bestpath attribute entries using 248 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBGP using 417 total bytes of memoryBGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd2.2.2.2 4 200 59 60 2 0 0 00:09:56 05 案例数据抓包1、 路由器发送出来的数据包的TTL=1：2、 配置eBGP多跳为2跳后，路由器发送出来的数据包的TTL=2： 6 案例配置文件7 案例总结及其他1、 eBGP之间通过loopback接口建立邻居时，需要指定eBGP多跳，命令如下：neighbor 1.1.1.1 ebgp-multihop 2 /如果不加参数2，则为255跳/本环境中（两台eBGP路由器物理上直接相连），若不使用命令指定多跳，那么关闭直连检测功能即可，命令为：neighbor x.x.x.x disable-conn