案例精解:BGP路由黑洞
2024-05-12 22:20:14
什么是路由黑洞? 简单的说,它会默默的将数据包丢弃,使所有数据包有去无回,下面来看一个案例:
如图所示:
R1和R2建立EBGP邻居关系
R2和R5建立IBGP邻居关系
R5和R7建立EBGP邻居关系
R2、R3、R5之间运行RIPv2
首先看配置:
hostname r1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Serial1/0
ip address 192.168.12.1 255.255.255.0
serial restart-delay 0
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Serial1/0
ip address 192.168.12.1 255.255.255.0
serial restart-delay 0
router bgp 100
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 192.168.12.0
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
ip route 2.2.2.0 255.255.255.0 192.168.12.2
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 192.168.12.0
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
ip route 2.2.2.0 255.255.255.0 192.168.12.2
hostname r2
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial1/0
ip address 192.168.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.24.2 255.255.255.0
serial restart-delay 0
!
router rip
version 2
network 2.0.0.0
network 192.168.23.0
no auto-summary
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 192.168.12.0
network 192.168.23.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
!
ip route 1.1.1.0 255.255.255.0 192.168.12.1
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial1/0
ip address 192.168.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.24.2 255.255.255.0
serial restart-delay 0
!
router rip
version 2
network 2.0.0.0
network 192.168.23.0
no auto-summary
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 192.168.12.0
network 192.168.23.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
!
ip route 1.1.1.0 255.255.255.0 192.168.12.1
hostname r3
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial1/0
ip address 192.168.35.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.23.3 255.255.255.0
serial restart-delay 0
router rip
version 2
network 3.0.0.0
network 192.168.23.0
network 192.168.35.0
no auto-summary
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial1/0
ip address 192.168.35.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.23.3 255.255.255.0
serial restart-delay 0
router rip
version 2
network 3.0.0.0
network 192.168.23.0
network 192.168.35.0
no auto-summary
hostname r5
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.57.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.35.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.45.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router rip
version 2
network 5.0.0.0
network 192.168.35.0
no auto-summary
!
router bgp 200
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200
neighbor 3.3.3.3 remote-as 200
neighbor 7.7.7.7 remote-as 300
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
ip route 7.7.7.0 255.255.255.0 192.168.57.7
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.57.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.35.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.45.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router rip
version 2
network 5.0.0.0
network 192.168.35.0
no auto-summary
!
router bgp 200
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200
neighbor 3.3.3.3 remote-as 200
neighbor 7.7.7.7 remote-as 300
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
ip route 7.7.7.0 255.255.255.0 192.168.57.7
interface Serial1/1
ip address 192.168.57.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 300
no synchronization
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
no auto-summary
!
ip route 5.5.5.0 255.255.255.0 192.168.57.5
ip address 192.168.57.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 300
no synchronization
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
no auto-summary
!
ip route 5.5.5.0 255.255.255.0 192.168.57.5
现在查看R1的路由表
r7#sh ip route
B 1.1.1.0 [20/0] via 5.5.5.5, 00:02:54 //为节约篇幅未完整显示
B 1.1.1.0 [20/0] via 5.5.5.5, 00:02:54 //为节约篇幅未完整显示
可见R7学到了R1的路由,从表面上看这个实验很完美,达了目的, 然而这时问题出现了,作个测试,在R7上PING R1
r7#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 0-byte ICMP Echos to 7.7.7.7, timeout:
Sending 5, 0-byte ICMP Echos to 7.7.7.7, timeout:
.....
这究竟是怎么回事呢?原来,我们在R5上关闭了同步,这时它会将一条并没有优化的路由传送给R7,当R7要发向R1发包时,它看到R5是它的下一跳,于是将包发给R5,然后R5又查看它的路由表,发现到R1的下一跳是R2,并继续查找,发现在通过R3可以达到R2,于是它将数据送给R3,这时问题出现了,因为R3没有运行BGP,它不知道R1怎么走,于是它将数据包丢弃,从而造成路由黑洞。由此可见,BGP与IGP同步的重要性,什么是同步?在上一篇我已经提到了,不再多阐述。(同理R1无法访问R7,但有R7的路由条目)
(优化的条件:1、下一跳可达,题中满足;2、同步,题中不满足)
既然问题出现了,那到底该怎么去解决呢?
首先,如果在R5上开启同步,这样的情况就不会发生了,因为R5从R2收到关于R1的路由条目后,它会的查找它的IGP路由表,看是否有这样一条路由可以到达R1,如果没有,它就不会将这条路由传递给R7,此时可避免黑洞问题。但R7学到R1的路由才是我们真正的目的,那该怎么做呢?我们可以将BGP的路由重发布到RIP中,这样IGP和BGP就可以完成同步,但是这样做并不好,在实验环境中我们当然可以这样做,但试想现在INTERNET中有多达20几万条路由条目,如果重发布到我们的IGP路由器中,很显然大多数路由器是无法支撑的。
解决方法一:Full Mesh
分别在R2和R3,R3和R5上运行BGP ,这样R3就可以学到到达R1的路由,这时你需要在R1、R2、R3之间分别建立邻居关系,当路由器很多的时候,全互联要求建立n*(n-1)/2个邻居关系,这显然是很麻烦。(略)
解决方法二:Foute-Reflector
路由反射器,我们可以将R3做成一个路由反射器,使它能将从R1学的路由条目反射给R5,正常情况下为了防止环路,从IBGP学到的路由不会再传给其它IBGP邻居。 现在只需要在路由反射客户和路由反射器间建立邻居关系,邻居关系减少到n-1条。
路由反射器(RR)的条件:
1、如果路由是从非客户的IBGP学到的只反射给客户
2、如果路由是从客户学到的,将它反射给发起该路由的客户以外的所有非客户及客户
3、如果路由是从EBGP对等体学到的,将它反射给所有客户和非客户
做法:清除R2与R5的邻居关系,只在R2与R3、R3与R5之间建立IBGP关系
然后在R3的路由配置模式下:
neighbor 2.2.2.2 route-reflector-client
neighbor 5.5.5.5 route-reflector-client //将R2和R5作为RR的客户
此时R5上能收到关于R1的路由,它也会传给R7
解决方法三 :Confederation
联邦是将整个大的AS区域再划分成多个小的AS区域,比如现在有AS200就相当于中国,而整个中国显然可以再分为若干个省分,现在AS65012和AS65003 就是划分出来的“小AS”,意思这里的AS号是私有的,在出AS200时它将自动被去掉(64512--65535可用),这样划分后,R3和R5就为联邦EBGP邻居了,这时它关于R 1的路由条目就可以传给R5了。
R2:
router bgp 65012 //指定的联邦AS号
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200 //R2对外宣称自己的AS号为200,它会告诉R1它的AS号为200,因为65012是私有的
network 192.168.12.0
network 192.168.23.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 3.3.3.3 remote-as 65012
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200 //R2对外宣称自己的AS号为200,它会告诉R1它的AS号为200,因为65012是私有的
network 192.168.12.0
network 192.168.23.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 3.3.3.3 remote-as 65012
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
no auto-summary
R3:
r3#sh run | b r b
router bgp 65012
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200 //对R5稳定自己的AS号为200,它不会对R2宣称,因为它们属于同一个联邦AS
neighbor 2.2.2.2 remote-as 65012
neighbor 2.2.2.2 update-source Loopback0
neighbor 5.5.5.5 remote-as 65003
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
no auto-summary
!
router bgp 65012
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200 //对R5稳定自己的AS号为200,它不会对R2宣称,因为它们属于同一个联邦AS
neighbor 2.2.2.2 remote-as 65012
neighbor 2.2.2.2 update-source Loopback0
neighbor 5.5.5.5 remote-as 65003
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
no auto-summary
!
R5:
router bgp 65003
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200 //对R3和R7宣称自己的AS号为200
neighbor 3.3.3.3 remote-as 65012
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 7.7.7.7 remote-as 300
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200 //对R3和R7宣称自己的AS号为200
neighbor 3.3.3.3 remote-as 65012
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 7.7.7.7 remote-as 300
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
这时查看R3和R5的邻居关系
r3#sh ip bgp su
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65012 10 9 1 0 0 00:06:26 2
5.5.5.5 4 65003 1 1 0 0 0 never Active
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65012 10 9 1 0 0 00:06:26 2
5.5.5.5 4 65003 1 1 0 0 0 never Active
发现在它们始终处于Active状态,不能完成邻居的建立,这又是为什么呢?
分析一下:
R5和R3都打了这条命令,bgp confederation identifier 200
又因为他们处于不同的联邦AS,所以它们都会宣称自己的AS号为200,然而我们看到它们的Neighbor却不是这样通告的
R3上:neighbor 5.5.5.5 remote-as 65003
R5上:neighbor 3.3.3.3 remote-as 65012
所以这时会报一个错误:AS号错误,如下
所以这时会报一个错误:AS号错误,如下
r5#
*Oct 19 12:20:10.311: %SYS-5-CONFIG_I: Configured from console by console
r5#
*Oct 19 12:20:19.155: %BGP-3-NOTIFICATION: sent to neighbor 3.3.3.3 2/2 (peer in wrong AS) 2 bytes 00C8
r5# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 00C8 00B4 0303 0303 1002 0601 0400 0100 0102 0280 0002 0202 00
*Oct 19 12:20:10.311: %SYS-5-CONFIG_I: Configured from console by console
r5#
*Oct 19 12:20:19.155: %BGP-3-NOTIFICATION: sent to neighbor 3.3.3.3 2/2 (peer in wrong AS) 2 bytes 00C8
r5# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 00C8 00B4 0303 0303 1002 0601 0400 0100 0102 0280 0002 0202 00
解决方法:
R3上:bgp confederation peer 65003 // // 不对65003宣称自己的AS为200
R5上:bgp confederation peer 65012 // 不对65012宣称自己的AS为200
验证
r5#sh ip bgp
BGP table version is 13, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 13, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 2.2.2.2 0 100 0 (65012) 100 i
r> 7.7.7.0/24 7.7.7.7 0 0 300 i
*> 192.168.12.0 2.2.2.2 0 100 0 (65012) i
r> 192.168.23.0 3.3.3.3 0 100 0 (65012) i
*> 192.168.35.0 0.0.0.0 0 32768 i
* 3.3.3.3 0 100 0 (65012) i //括号中的是私有AS号,在出R5时会被去掉,在看7上可以看到效果
*> 192.168.57.0 0.0.0.0 0 32768 i
* 7.7.7.7 0 0 300 i
*> 1.1.1.0/24 2.2.2.2 0 100 0 (65012) 100 i
r> 7.7.7.0/24 7.7.7.7 0 0 300 i
*> 192.168.12.0 2.2.2.2 0 100 0 (65012) i
r> 192.168.23.0 3.3.3.3 0 100 0 (65012) i
*> 192.168.35.0 0.0.0.0 0 32768 i
* 3.3.3.3 0 100 0 (65012) i //括号中的是私有AS号,在出R5时会被去掉,在看7上可以看到效果
*> 192.168.57.0 0.0.0.0 0 32768 i
* 7.7.7.7 0 0 300 i
r7#sh ip bgp
BGP table version is 12, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 12, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 5.5.5.5 0 200 100 i
*> 7.7.7.0/24 0.0.0.0 0 32768 i
*> 192.168.12.0 5.5.5.5 0 200 i
*> 192.168.23.0 5.5.5.5 0 200 i
*> 192.168.35.0 5.5.5.5 0 0 200 i
* 192.168.57.0 5.5.5.5 0 0 200 i
*> 0.0.0.0 0 32768 i
*> 1.1.1.0/24 5.5.5.5 0 200 100 i
*> 7.7.7.0/24 0.0.0.0 0 32768 i
*> 192.168.12.0 5.5.5.5 0 200 i
*> 192.168.23.0 5.5.5.5 0 200 i
*> 192.168.35.0 5.5.5.5 0 0 200 i
* 192.168.57.0 5.5.5.5 0 0 200 i
*> 0.0.0.0 0 32768 i
实验完毕!
注:由于开了过多的设备,CPU实在难以支撑,没办法拷下所有配置过程,只作了总结性讲解,请见谅! 有需要的我们可以再作交流。
转载于:https://blog.51cto.com/xghe110/106619
案例精解:BGP路由黑洞相关推荐
- 利用MPLS解决BGP路由黑洞问题
致歉声明:前版博客由于博主个人对于BGP知识的理解出现偏差,导致路由黑洞产生的原因解释错误,误导大家,抱歉. 配置文件的百度网盘连接及提取码. 链接:https://pan.baidu.com/s/1 ...
- BGP路由黑洞问题及BGP同步规则
BGP路由黑洞出现为原因 两台BGP设备之间无需直连,只要IP连通,并且能够建立TCP连接,就能够建立BGP对等体,这个特点使路由传递更加灵活,但是也可能带来一个问题,就是路由黑洞问题. 如上图,已知 ...
- 华为HCIE-RS3.0论述题--BGP路由黑洞
3.3BGP路由黑洞 题干:R1/R2/R3/R4运行ospf协议,R1和R4建立IBGP,并且BGP进程下宣告站点路由. 1,根据以上描述,当站点1的用户访问站点2的用户时会发生什么问题?请描述产生 ...
- 《Linux企业应用案例精解》一书已由清华大学出版社出版
<Linux企业应用案例精解>简介 本书同时被×××国家科学图书馆.中国国家图书馆.首都图书馆.清华大学.北京大学等上百所国内综合性大学图书馆收录为馆藏图书,2013年本书远销到中国台湾地 ...
- 【ArcGIS风暴】ArcGIS+CASS点云(.las)数据生成等高线方法案例精解
本文讲解基于点云LAS数据,在ArcGIS+CASS平台上生成等高线的方法. 扩展阅读: 什么是点云?什么是Las数据集?一篇文章告诉你点云数据的奥秘 ArcGIS+CASS点云(.las)数据生成等 ...
- 【ArcGIS风暴】ArcGIS平台上点云(.las)数据生成等高线方法案例精解
las是点云数据常见的存储格式,摄影测量和激光雷达数据均采用此格式,点云数据常用来生成等高线,地籍测量,土方量计算等.本文讲解在ArcGIS平台上生成等高线并转换为dwg格式供CASS使用. 扩展阅读 ...
- C#企业级开发案例精解:用经典案例学通 NET技术
C#企业级开发案例精解:用经典案例学通 NET技术 那位有这本书,我想购买 现在买不到 qq:312941559 转载于:https://www.cnblogs.com/hnxc345/archive ...
- 乾颐堂军哥HCIE9-解决BGP路由黑洞、聚合的各种参数以及RR基础
本技术文章讨论BGP的路由黑洞解决方案.BGP聚合,即减少路由条目数的技术 1.BGP路由黑洞 1.1 解决路由黑洞问题1 某些AS内的设备没有运行BGP(R3),那么它会缺少路由(2.2.2.2/6 ...
- GRE配置详解和路由黑洞及检测机制
GRE配置详解和路由黑洞及检测机制 基本路由配置先省略,直接上GRE配置: 合肥: int tunnel 0/0/1 //创建隧道 ip add 192.168.13.1 24 //给隧道口ip地址, ...
- BGP路由黑洞及解决方案
一.BGP拓扑 备注: 阅读本片BGP路由黑洞需要有BGP基础,感兴趣的同学可以进入圈子对基本的BGP及OSPF配置原理进行了解后再进行阅读 二.路由黑洞产生背景 1.R4设备不进行BGP的配置,R2 ...
最新文章
- S210-设置通过X130-Profinet口进行配置
- Ubuntu14.04安装redis和简单配置
- Linux下将文件打包、压缩并分割成指定大小
- 安装 | MatlabR2019b: License Manager Error -8. License checkout failed.
- 可持久化Splay 学习笔记
- 判断字符串中是否包含指定字符的N种方法对比
- 浏览器加载、渲染过程总结
- linux 批量更改三四级目录 扩展名,Linux批量更改文件后缀名
- C语言short精解
- 糖尿病会对视网膜造成影响吗?
- 解决 java.lang.RuntimeException: Method i in android.util.Log not mocked. See http://g.co/androidstudi
- Android自动化测试应用:uiautomatorviewer工具的安装与使用
- OpenCV-Python在线参考手册
- 【程序猿的黑科技】一些有趣且有用的的工具整理
- 必看:C语言高效学习方法(附经典试题详解)
- 腾讯笔试编程题,贪吃的小Q(二分查找)
- Java的LockSupport.park()实现分析(转载)
- 论文翻译:2020_TinyLSTMs: Efficient Neural Speech Enhancement for Hearing Aids
- html交叉轴排列,操作一下竖轴- 使用align-items属性设置纵轴排列方式
- 乐观锁 VS 悲观锁