JNCIP study guide(IBGP)
1:基本配置
在配置IBGP之前,首先要在rout-option下面配置好本地AS。
}
routing-options {
autonomous-system 65412;
}
再建立一个BGP组,命名。指定邻居类型,IBGP或者EBGP,最后指定邻居。
protocols {
bgp {
group internal (组名){
type internal; (IBGP或者EBGP)
local-address 10.0.6.1;(相当于IOS的updata-sorsce)不是必须的。
neighbor 10.0.6.2; (邻居地址)
neighbor 10.0.3.3;
neighbor 10.0.3.4;
neighbor 10.0.3.5;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
}
2:通告路由
由于juniper不像cisco那样,提供network的命令,所以juniper通告路由全是采用策略的方式去实现通告路由。
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.10.0/24 exact;
}
then accept;
}
}
}
你可以在group internal 层次下做export那么这条路由就直会发给发给这个group下的邻居,在这个实验中换句话说就是只会发给他的IBGP关系的邻居。
protocols {
bgp {
group internal {
type internal;
}
local-address 10.0.6.1;
export ibgp;
neighbor 10.0.6.2;
neighbor 10.0.3.3;
验证ibgp邻居是否收到路由。
lunsui# run show route 192.168.10.0/24 extensive logical-router R2
inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
192.168.10.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 192.168.10.0/24 -> {indirect(131071)}
*BGP Preference: 170/-101
Next-hop reference count: 3 (从IGP层面有3条路径可以去往该目的地)
Source: 10.0.6.1 (发送源)
Next hop: 10.0.4.6 via fxp2.212, selected (实际选择的IGP层面的下一跳)
Protocol next hop: 10.0.6.1 (BGP的下一跳)
Indirect next hop: 85d1100 131071
State: <Active Int Ext>
Local AS: 65412 Peer AS: 65412 (本地AS与邻居的AS号)
Age: 18:51 Metric2: 5 (IGP层面的METRIC)
Task: BGP_65412.10.0.6.1+3280
Announcement bits (2): 0-KRT 4-Resolve tree 2
AS path: I
Localpref: 100
Router ID: 10.0.6.1
Indirect next hops: 1
Protocol next hop: 10.0.6.1 Metric: 5
Indirect next hop: 85d1100 131071
Indirect path forwarding next hops: 1
Next hop: 10.0.4.6 via fxp2.212
10.0.6.1/32 Originating RIB: inet.0
Metric: 5 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.4.6 via fxp2.212
3:IBGP认证
BGP认证支持两种方式 IPSEC和MD5。IPSEC的方式在M/T系列的考试中不会涉及,所以不与讨论,同时我个人认为路由协议之间的数据也不需要使用IPSEC这样一种极度变态的加密结构。
lunsui# show protocols
bgp {
group internal {
type internal;
local-address 10.0.3.4;
authentication-key "$9$.fQnEhrlMX"; ## SECRET-DATA
export ibgp;
neighbor 10.0.6.1;
neighbor 10.0.6.2 {
authentication-key "$9$wZ2oGzF/CtO"; ## SECRET-DATA
}
neighbor 10.0.3.3 {
authentication-key "$9$-nbYof5Fn/t"; ## SECRET-DATA
}
neighbor 10.0.3.5;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
}
lunsui# run show bgp neighbor 10.0.3.3 logical-router R4
Peer: 10.0.3.3+3454 AS 65412 Local: 10.0.3.4+179 AS 65412
Type: Internal State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: [ ibgp ]
Options: <;Preference LocalAddress HoldTime AuthKey Refresh>
Authentication key is configured
Local Address: 10.0.3.4 Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 10.0.3.3 Local ID: 10.0.3.4 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 2
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Table inet.0 Bit: 10000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 1
Received prefixes: 1
Suppressed due to damping: 0
Advertised prefixes: 1
Last traffic (seconds): Received 22 Sent 22 Checked 22
Input messages: Total 21 Updates 1 Refreshes 0 Octets 454
Output messages: Total 22 Updates 1 Refreshes 0 Octets 473
Output Queue[0]: 0
juniper 的认证配置提供多个层次上的认证,比如在 protoclols下,group 下,neighbor下。
如果配置产生冲突,那么下范围的有限于大范围的。比如neighbor优先于group。
4:IBGP路由反射器
下面是配置方法,juniper不像cisco使用一条命令来配置RR。而是直接配置一个cluster-ID。然后下面跟的邻居就他的客户。注意juniper的层次结构。
lunsui# show protocols
bgp {
group cluster-2222 {
type internal;
local-address 10.0.3.5;
authentication-key "$9$KpwWX-UDkqfz"; ## SECRET-DATA
export ibgp;
cluster 2.2.2.2;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
}
注意:并且从非客户学来的路由在传给客户与非客户的时候是不会加上cluster-id属性。
BGP Preference: 170/-101
Next-hop reference count: 1
Source: 10.0.3.4
Next hop: 10.0.4.5 via fxp1.212, selected
Protocol next hop: 10.0.4.10
Indirect next hop: 85d1300 131087
State: <NotBest Int Ext>
Inactive reason: IGP metric
Local AS: 65412 Peer AS: 65412
Age: 1:38:18 Metric2: 10
Task: BGP_65412.10.0.3.4+4122
AS path: I (Originator) Cluster list: 3.3.3.3
AS path: Originator ID: 10.0.6.2
Localpref: 100
Router ID: 10.0.3.4
Indirect next hops: 1
Protocol next hop: 10.0.4.10 Metric: 10
Indirect next hop: 85d1300 131087
Indirect path forwarding next hops: 1
Next hop: 10.0.4.5 via fxp1.212
10.0.4.8/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.4.5 via fxp1.212
有时候一台客户路由器同时属于不同的两个cluster,所以他有可能从不同的两个RR收到不同的路由,我们知道BGP只会使用一条路由来进行包的转发,所以会有一个决策的过程一般是那13条决策规则。下面一条决策失败的路由信息,在juniper里面我们把这样的路由叫做inactive,并且会给出一个inactive的原因。
BGP Preference: 170/-101
Next-hop reference count: 1
Source: 10.0.3.4
Next hop: 10.0.4.5 via fxp1.212, selected
Protocol next hop: 10.0.4.10
Indirect next hop: 85d1300 131087
State: <NotBest Int Ext>
Inactive reason: IGP metric
Local AS: 65412 Peer AS: 65412
Age: 1:38:18 Metric2: 10
Task: BGP_65412.10.0.3.4+4122
AS path: I (Originator) Cluster list: 3.3.3.3
AS path: Originator ID: 10.0.6.2
Localpref: 100
Router ID: 10.0.3.4
Indirect next hops: 1
Protocol next hop: 10.0.4.10 Metric: 10
Indirect next hop: 85d1300 131087
Indirect path forwarding next hops: 1
Next hop: 10.0.4.5 via fxp1.212
10.0.4.8/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.4.5 via fxp1.212
上面红色部分就说明了这条路由是在那一条决策规则上输掉的,这个例子中,是IGP的metric。
蓝色部分就表明这条路由是从cluster 3.3.3.3 的RR学到的。
5:联邦
**** Hidden Message *****
[[i] 本帖最后由 woshilz 于 2007-10-25 10:10 编辑 [/i]]
