为什么 iBGP 的环回网络在 AS 中无效?

网络工程 BGP 联网
2022-02-21 14:17:07

这是我的测试拓扑:

在此处输入图像描述

这是我的路由器的详细配置:

<R1>display current-configuration 
#
sysname R1
#
router id 1.1.1.1
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 10.1.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
 ip address 100.1.1.1 255.255.255.255
#
interface LoopBack2
 ip address 100.1.2.1 255.255.255.255
#
bgp 100
 peer 10.1.12.2 as-number 200
 #
 ipv4-family unicast
  undo synchronization
  network 1.1.1.1 255.255.255.255
  network 100.1.1.1 255.255.255.255
  network 100.1.2.1 255.255.255.255
  peer 10.1.12.2 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R2>dis current-configuration 
#
sysname R2
#
router id 2.2.2.2
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 10.1.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 10.1.23.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255
#
bgp 200
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 connect-interface LoopBack0
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack0
 peer 10.1.12.1 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  network 2.2.2.2 255.255.255.255
  peer 3.3.3.3 enable
  peer 3.3.3.3 next-hop-local
  peer 4.4.4.4 enable
  peer 4.4.4.4 next-hop-local
  peer 10.1.12.1 enable
#
ospf 1
 area 0.0.0.1
  network 2.2.2.2 0.0.0.0
  network 10.1.23.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R3>dis current-configuration 
#
sysname R3
#
router id 3.3.3.3
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 10.1.34.3 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 10.1.23.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
bgp 200
 peer 2.2.2.2 as-number 200
 peer 2.2.2.2 connect-interface LoopBack0
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 3.3.3.3 255.255.255.255
  peer 2.2.2.2 enable
  peer 4.4.4.4 enable
#
ospf 1
 area 0.0.0.1
  network 3.3.3.3 0.0.0.0
  network 10.1.23.0 0.0.0.255
  network 10.1.34.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R4>dis current-configuration 
#
sysname R4
#
router id 4.4.4.4
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 10.1.34.4 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
#
bgp 200
 peer 2.2.2.2 as-number 200
 peer 2.2.2.2 connect-interface LoopBack0
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  network 4.4.4.4 255.255.255.255
  peer 2.2.2.2 enable
  peer 3.3.3.3 enable
#
ospf 1
 area 0.0.0.1
  network 4.4.4.4 0.0.0.0
  network 10.1.34.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

问题是:

在我的选择中,所有loopback的网络都将是valid(*),为什么会这样?

<R1>dis bgp routing-table 

 BGP Local router ID is 1.1.1.1 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 4
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   1.1.1.1/32         0.0.0.0         0                     0      i
 *>   2.2.2.2/32         10.1.12.2       0                     0      200i
 *>   100.1.1.1/32       0.0.0.0         0                     0      i
 *>   100.1.2.1/32       0.0.0.0         0                     0      i

<R2>dis bgp routing-table 

 BGP Local router ID is 2.2.2.2 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 6
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   1.1.1.1/32         10.1.12.1       0                     0      100i
 *>   2.2.2.2/32         0.0.0.0         0                     0      i
   i  3.3.3.3/32         3.3.3.3         0          100        0      i
   i  4.4.4.4/32         4.4.4.4         0          100        0      i
 *>   100.1.1.1/32       10.1.12.1       0                     0      100i
 *>   100.1.2.1/32       10.1.12.1       0                     0      100i

<R3>dis bgp routing-table 

 BGP Local router ID is 3.3.3.3 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 6
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  1.1.1.1/32         2.2.2.2         0          100        0      100i
   i  2.2.2.2/32         2.2.2.2         0          100        0      i
 *>   3.3.3.3/32         0.0.0.0         0                     0      i
   i  4.4.4.4/32         4.4.4.4         0          100        0      i
 *>i  100.1.1.1/32       2.2.2.2         0          100        0      100i
 *>i  100.1.2.1/32       2.2.2.2         0          100        0      100i

<R4>dis bgp routing-table 

 BGP Local router ID is 4.4.4.4 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 6
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  1.1.1.1/32         2.2.2.2         0          100        0      100i
   i  2.2.2.2/32         2.2.2.2         0          100        0      i
   i  3.3.3.3/32         3.3.3.3         0          100        0      i
 *>   4.4.4.4/32         0.0.0.0         0                     0      i
 *>i  100.1.1.1/32       2.2.2.2         0          100        0      100i
 *>i  100.1.2.1/32       2.2.2.2         0          100        0      100i

EDIT-01

我有几个问题:

  1. 当我在 iBGP 路由器 R3 宣布network 3.3.3.3 32时,是否意味着 R3-iBGP 学会了3.3.3.3/32

  2. 如果 R1 想要访问10.1.34.4/24,那么我需要10.1.34.0/24在 R2 而不是在 R4 或 R3 中宣布,对吗?

  3. 我仍然有疑问,当我在 R3 或 R4中时network 10.1.34.0 24,在 R1 中这是一条有效路线,但为什么不是3.3.3.3/324.4.4.4/32我认为网络在AS中没有区别。

2个回答

您的其他问题:

当我在 iBGP 路由器 R3 宣布网络 3.3.3.3 32 时,是否意味着 R3-iBGP 学习到了 3.3.3.3/32?

您正在宣布 3.3.3.3,所以是的,它在 BGP 表中。

如果 R1 想要访问 10.1.34.4/24,那么我需要在 R2 而不是在 R4 或 R3 中宣布 10.1.34.0/24,对吗?

不会。通常情况下,您会从所有连接的路由器(R3 和 R4)通告网络。但在这种情况下,R4 依赖于 R3 与 R2 通信,因此 R4 做广告的意义不大。R2 会将路由通告给 R1,因为 R1 是 eBGP 对等体。

更好的解决方案是让 R3 成为路由反射器。

你知道iBGP规则吗?从 iBGP 学到的路由不能通过 iBGP 传递到同一个 AS 中的另一个路由器。那是为了防止路由循环,以及为什么应该在 AS 内使用 IGP。通过 eBGP 学习的路由可以通过 iBGP 没有问题,但通过 iBGP 学习的路由不能。

例如,R3 通过 iBGP 了解 R4 环回无法告诉 R2 通过 iBGP 进行环回,反之亦然。

有一些缓解措施,例如路由反射器和联盟,可以绕过规则而不会导致可能的循环。您可以将 R3 配置为路由反射器。实际上,您可以在 AS 内使用 IGP 进行内部路由,并使用 iBGP 告诉路由器有关 eBGP 学习的路由。

其它你可能感兴趣的问题
上一篇Cisco nexus 9236C 和 9336C 之间的 vPC 下一篇如何将文件导入 Junos 主配置文件?