Cisco BGP 错误的下一跳

网络工程 思科 bgp
2021-07-17 10:45:41

我对这个有点超出我的深度,我害怕犯任何错误。

我们有两个 Cisco 路由器,R1 和 R2,配置了 BGP。他们都有自己的互联网连接,但 R1 是主要的(更大的)连接。

问题是,R1 通过 R2 而不是它自己的互联网连接路由出去。

router01#show bgp sum BGP router identifier 222.222.222.58, local AS
number 333333 BGP table version is 250008, main routing table version
250008 5 network entries using 740 bytes of memory 9 path entries
using 576 bytes of memory 3/2 BGP path/bestpath attribute entries
using 408 bytes of memory 1 BGP AS-PATH entries using 24 bytes of
memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP
filter-list cache entries using 0 bytes of memory BGP using 1748 total
bytes of memory Dampening enabled. 0 history paths, 0 dampened paths
BGP activity 125006/125001 prefixes, 125010/125001 paths, scan
interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ
Up/Down  State/PfxRcd
111.111.203.253 4       333333    1440    1444   250008    0    0 21:43:39        5
222.222.222.57  4         9822       0       0        1    0    0 21:43:31 Idle (PfxCt)

我被难住了,超出了我的深度。0.0.0.0 应该通过其接口 222.222.222.58 -> 222.222.222.57 路由出去,但它选择了 111.111.203.243 (R2)

你能帮我弄清楚为什么吗?配置对我来说很好。但又一次,超出了我的理解。

这是相关的配置:

interface GigabitEthernet0/1
 description Primary Router Internet Link 20Mbit
 ip address 222.222.222.58 255.255.255.252
 duplex auto
 speed auto
!
router bgp 333333
 bgp log-neighbor-changes
 bgp dampening
 network 111.111.200.0 mask 255.255.255.0
 network 111.111.201.0 mask 255.255.255.0
 network 111.111.202.0 mask 255.255.255.0
 network 111.111.203.0 mask 255.255.255.0
 neighbor 111.111.203.253 remote-as 333333
 neighbor 111.111.203.253 next-hop-self
 neighbor 222.222.222.57 remote-as 9999
 neighbor 222.222.222.57 version 4
 neighbor 222.222.222.57 prefix-list announce out
 neighbor 222.222.222.57 maximum-prefix 125000
 neighbor 222.222.222.57 filter-list 1 in
!
ip forward-protocol nd
!
ip as-path access-list 1 deny _7473_
ip as-path access-list 1 deny _4648_
ip as-path access-list 1 deny _4637_
ip as-path access-list 1 deny _1239_
ip as-path access-list 1 deny _2914_
ip as-path access-list 1 permit .*
!
ip route 111.111.200.0 255.255.255.0 111.111.203.1
ip route 111.111.201.0 255.255.255.0 111.111.203.1
ip route 111.111.202.0 255.255.255.0 111.111.203.1
!
ip access-list extended isp-in
 remark DENY FRAGMENTS
 deny   tcp any any fragments
 deny   udp any any fragments
 deny   icmp any any fragments
 deny   ip any any fragments
 remark DENY IP OPTIONS
 deny   ip any any option any-options
 remark BGP SESSION
 permit tcp host 222.222.222.57 host 222.222.222.58 eq bgp
 permit tcp host 222.222.222.57 eq bgp host 222.222.222.58
 deny   ip any host 111.111.204.254
 deny   ip any host 111.111.204.253
 deny   ip any host 111.111.204.252
 deny   ip any host 222.222.222.58
 remark DEFAULT ALLOW
 permit ip any any
!
!
ip prefix-list announce description ALLOWED ROUTING ANNOUNCEMENTS
ip prefix-list announce seq 10 permit 111.111.200.0/24
ip prefix-list announce seq 20 permit 111.111.201.0/24
ip prefix-list announce seq 30 permit 111.111.202.0/24
ip prefix-list announce seq 40 permit 111.111.203.0/24
ip prefix-list announce seq 50 deny 0.0.0.0/0 le 32
2个回答

好吧,该节点与 ISP 的 BGP 会话已关闭,因此您无法通过 222.222.222.57 获得任何路由,这就是所有流量都流向另一个 BGP 邻居的原因:

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
111.111.203.253 4       333333    1440    1444   250008    0    0 21:43:39        5
222.222.222.57  4         9822       0       0        1    0    0 21:43:31 Idle (PfxCt)

“空闲 (PfxCt)”状态意味着此特定会话超出了最大前缀设置并已重置。在您的配置中,您有“邻居 222.222.222.57 最大前缀 125000”,这意味着会话已启动一段时间,然后超过 125k 的前缀并被重置。

修复限制,然后我们可以从您的角度检查流程是否正确,一旦两个会话都启动。

您是否考虑过仅从 ISP 请求默认路由?这样您就不必担心接收大型路由表的硬件限制。

其它你可能感兴趣的问题
上一篇在第 2 层接口上接收到大量广播 下一篇多重生成树。实例上所有交换机的 VLAN 相同吗?