网络工程 - 瞻博网络 MX 系列 iBGP 路由的问题 - 吾爱随笔录

瞻博网络 MX 系列 iBGP 路由的问题

网络工程路由 bgp 杜松瞻博网络瞻博网络

2021-07-17 05:32:20

我有一个简单的设置：

2 个瞻博网络 MX 系列路由器，每个路由器都有一个上行链路到传输提供商
两个路由器之间的 iBGP 会话（点对点）
出于测试目的，我禁用了从 R2 到传输提供商的上行链路。所有路由均从 R1 iBGP 会话接收。
试图弄清楚为什么 R2 在它似乎有一个路由时不能使用 R1 的路由

配置非常基本：

protocols {
    bgp {
        group internal-peers {
            type internal;
            description "iBGP between R1 and R2";
            local-address 172.16.20.1; # lo0.0
            export iBGP-send-direct;
            neighbor 172.16.20.2; # R2 lo0.0
        }
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0 {
                passive;
            }
            interface et-0/0/0.0; # point-to-point to R2
        }
    }
}

protocols {                             
    bgp {
        group internal-peers {
            type internal;
            description "iBGP between R2 and R1";
            local-address 172.16.20.2; # lo0.0
            export iBGP-send-direct;
            neighbor 172.16.20.1; # R1 lo0.0
        }
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0 {
                passive;
            }
            interface et-0/0/0.0; # point-to-point to R1
        }
    }
}

iBGP-发送-直接策略声明

policy-statement iBGP-send-direct {     
    term 1 {                            
        from protocol direct;           
        then accept;                    
    }                                   
    term 2 {                            
        from protocol static;           
        then accept;                    
    }                                   
}

我正在正确获取路由，但是当流量从 R2 流向 R1 时，它不会到达上游：

user@r2> show route 1.1.1.1 

inet.0: 713294 destinations, 713297 routes (713294 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/24         *[BGP/170] 00:07:47, MED 2020, localpref 100, from 172.16.20.1
                      AS path: 174 13335 I, validation-state: unverified
                    > to 172.16.25.1 via et-0/0/0.0

当从 R2 跟踪 1.1.1.1 时，它会到达 172.16.25.1（可以到达），但没有别的。1.1.1.1 在 R1 上有一条路由。

user@r1> show route 1.1.1.1 

inet.0: 713326 destinations, 713329 routes (713326 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/24         *[BGP/170] 04:07:16, MED 2020, localpref 100
                      AS path: 174 13335 I, validation-state: unverified
                    > to 38.104.XX.XX via xe-0/1/4.0

我在这里显然遗漏了一些非常明显的东西。有人可以提供一些见解吗？

谢谢你。

2个回答

出于兴趣，我构建了一个测试拓扑，如下图所示：

小评论：所有路由器的配置几乎都是默认的。我做了什么：

具有 1.1.1.1/32 环回的 ISP 路由器。通过 BGP 向 vMX-1 公布路由 1.1.1.0/24。未配置到 vMX-2 的 BGP 会话；
vMX-1 和 vMX-2 通过 VRRP 共享虚拟 IP 198.18.100.3；此 IP 设置为 PC1 (198.18.100.5) 的默认网关；
vMX-1 向 ISP 宣布 198.18.100.0/24；
有意删除了从 vMX-2 到 ISP 的连接。

路由器配置：

互联网服务供应商

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 201.100.0.5 255.255.255.248
 duplex auto
 speed auto
!
router bgp 200
 no synchronization
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 neighbor 201.100.0.1 remote-as 100
 neighbor 201.100.0.1 update-source FastEthernet0/0
 no auto-summary
!
ip route 1.1.1.0 255.255.255.0 Null0

地位：

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
201.100.0.1     4        100      53      50        4    0    0 00:15:01        1

     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       1.1.1.1/32 is directly connected, Loopback0
S       1.1.1.0/24 is directly connected, Null0
     201.100.0.0/29 is subnetted, 1 subnets
C       201.100.0.0 is directly connected, FastEthernet0/0
B    198.18.100.0/24 [20/0] via 201.100.0.1, 00:07:38

vMX-1

interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 201.100.0.1/29;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.16.25.1/30;
                address 198.18.100.1/29 {
                    vrrp-group 1 {
                        virtual-address 198.18.100.3;
                        priority 50;
                        accept-data;
                    }
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 172.16.20.1/32;
            }
        }
    }
}
routing-options {
    static {
        route 198.18.100.0/24 {
            discard;
            preference 240;
        }
    }
}
protocols {
    bgp {
        local-as 100;
        group internal-peers {
            type internal;
            local-address 172.16.20.1;
            export ibgp-local-as;
            neighbor 172.16.20.2;
        }
        group isp {
            type external;
            export bgp-local-as;
            neighbor 201.100.0.5 {
                peer-as 200;
            }
        }
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0 {
                passive;
            }
            interface ge-0/0/1.0;
        }
    }
}
policy-options {
    policy-statement bgp-local-as {
        term t1 {
            from {
                route-filter 198.18.100.0/24 exact;
            }
            then accept;
        }
    }
    policy-statement ibgp-local-as {
        term t1 {
            then {
                next-hop self;
            }
        }
    }
}

地位：

> show bgp summary
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0
                       1          1          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.20.2             100         42         44       0       0       18:28 0/0/0/0              0/0/0/0
201.100.0.5             200         36         41       0       0       17:09 1/1/1/0              0/0/0/0

> show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/24         *[BGP/170] 00:17:35, MED 0, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 201.100.0.5 via ge-0/0/0.0
172.16.20.1/32     *[Direct/0] 00:32:40
                    > via lo0.0
172.16.20.2/32     *[OSPF/10] 00:21:16, metric 1
                    > to 172.16.25.2 via ge-0/0/1.0
                      to 198.18.100.2 via ge-0/0/1.0
172.16.25.0/30     *[Direct/0] 00:22:00
                    > via ge-0/0/1.0
172.16.25.1/32     *[Local/0] 00:22:00
                      Local via ge-0/0/1.0
198.18.100.0/24    *[Static/240] 00:09:57
                      Discard
198.18.100.0/29    *[Direct/0] 00:29:46
                    > via ge-0/0/1.0
198.18.100.1/32    *[Local/0] 00:29:46
                      Local via ge-0/0/1.0
198.18.100.3/32    *[Local/0] 00:22:42
                      Local via ge-0/0/1.0
201.100.0.0/29     *[Direct/0] 00:38:10
                    > via ge-0/0/0.0
201.100.0.1/32     *[Local/0] 00:38:10
                      Local via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 00:31:58, metric 1
                      MultiRecv

> show ospf neighbor
Address          Interface              State     ID               Pri  Dead
198.18.100.2     ge-0/0/1.0             Full      172.16.20.2      128    35
172.16.25.2      ge-0/0/1.0             Full      172.16.20.2      128    39

vMX-2

interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 201.100.0.2/29;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.16.25.2/30;
                address 198.18.100.2/29 {
                    vrrp-group 1 {
                        virtual-address 198.18.100.3;
                        priority 150;
                        accept-data;
                    }
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 172.16.20.2/32;
            }
        }
    }
}
protocols {
    bgp {
        local-as 100;
        group internal-peers {
            type internal;
            local-address 172.16.20.2;
            export ibgp-local-as;
            neighbor 172.16.20.1;
        }
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0 {
                passive;
            }
            interface ge-0/0/1.0;
        }
    }
}
policy-options {
    policy-statement ibgp-local-as {
        term t1 {
            then {
                next-hop self;
            }
        }
    }
}

来自 vMX-2 的路由表：

> show route

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/24         *[BGP/170] 00:03:36, MED 0, localpref 100, from 172.16.20.1
                      AS path: 200 I, validation-state: unverified
                    > to 172.16.25.1 via ge-0/0/1.0
                      to 198.18.100.1 via ge-0/0/1.0
172.16.20.1/32     *[OSPF/10] 00:33:17, metric 1
                      to 172.16.25.1 via ge-0/0/1.0
                    > to 198.18.100.1 via ge-0/0/1.0
172.16.20.2/32     *[Direct/0] 00:44:46
                    > via lo0.0
172.16.25.0/30     *[Direct/0] 00:34:22
                    > via ge-0/0/1.0
172.16.25.2/32     *[Local/0] 00:34:22
                      Local via ge-0/0/1.0
198.18.100.0/29    *[Direct/0] 00:41:49
                    > via ge-0/0/1.0
198.18.100.2/32    *[Local/0] 00:41:49
                      Local via ge-0/0/1.0
198.18.100.3/32    *[Local/0] 00:08:33
                      Local via ge-0/0/1.0
201.100.0.0/29     *[Direct/0] 00:49:58
                    > via ge-0/0/0.0
201.100.0.2/32     *[Local/0] 00:49:58
                      Local via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 00:43:57, metric 1
                      MultiRecv

从 PC1 ping：

PC1> ping 1.1.1.1
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=12.161 ms
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=12.250 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=5.690 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=9.649 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=2.823 ms

痕迹：

PC1> trace 1.1.1.1
trace to 1.1.1.1, 8 hops max, press Ctrl+C to stop
 1   172.16.25.2   2.584 ms  0.861 ms  0.645 ms
 2   172.16.25.1   2.450 ms  1.736 ms  1.723 ms
 3   *201.100.0.5   9.231 ms (ICMP type:3, code:3, Destination port unreachable)

我认为您的配置只是缺乏iBGP的下一跳自策略。

什么是 172.16.25.1？你是在设置 next-hop self 吗？默认情况下，IBGP 通告的前缀保留其当前的下一跳（将是传输）。

您可以修改 Junos 的 BGP 实现以保留所有路由，无论它们是否有效：https : //www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/keep-edit-protocols-bgp。 html

但我怀疑如果你不能追踪路由，这里还有更多的事情发生。你能提供你的traceroute吗？您还可以包含traceroute的源地址吗？我看到混合中的私有地址，这在跟踪到 Internet 时通常不会有帮助。

其它你可能感兴趣的问题

上一篇你能成为你自己的ISP吗？下一篇以太网线路（UTP 电缆）中使用的电压是多少？