1:基本
配置
在配置IBGP之前,首先要在rout-option下面配置好本地AS。
}
routing-options {
autonomous-system 65412;
}
再建立一个BGP组,命名。指定邻居类型,IBGP或者EBGP,最后指定邻居。
protocols {
bgp {
group internal (组名){
type internal; (IBGP或者EBGP)
local-address 10.0.6.1;(相当于IOS的updata-sorsce)不是必须的。
neighbor 10.0.6.2; (邻居地址)
neighbor 10.0.3.3;
neighbor 10.0.3.4;
neighbor 10.0.3.5;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
}
2:通告路由
由于
juniper不像cisco那样,提供network的命令,所以
juniper通告路由全是采用策略的方式去实现通告路由。
policy-statement ibgp {
term 1 {
from {
protocol static;
route-filter 192.168.10.0/24 exact;
}
then accept;
}
}
}
你可以在group internal 层次下做export那么这条路由就直会发给发给这个group下的邻居,在这个
实验中换句话说就是只会发给他的IBGP关系的邻居。
protocols {
bgp {
group internal {
type internal;
}
local-address 10.0.6.1;
export ibgp;
neighbor 10.0.6.2;
neighbor 10.0.3.3;
验证ibgp邻居是否收到路由。
lunsui# run show route 192.168.10.0/24 extensive logical-router R2
inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
192.168.10.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 192.168.10.0/24 -> {indirect(131071)}
*BGP Preference: 170/-101
Next-hop reference count: 3 (从IGP层面有3条路径可以去往该目的地)
Source: 10.0.6.1 (发送源)
Next hop: 10.0.4.6 via fxp2.212, selected (实际选择的IGP层面的下一跳)
Protocol next hop: 10.0.6.1 (BGP的下一跳)
Indirect next hop: 85d1100 131071
State: <Active Int Ext>
Local AS: 65412 Peer AS: 65412 (本地AS与邻居的AS号)
Age: 18:51 Metric2: 5 (IGP层面的METRIC)
Task: BGP_65412.10.0.6.1+3280
Announcement bits (2): 0-KRT 4-Resolve tree 2
AS path: I
Localpref: 100
Router ID: 10.0.6.1
Indirect next hops: 1
Protocol next hop: 10.0.6.1 Metric: 5
Indirect next hop: 85d1100 131071
Indirect path forwarding next hops: 1
Next hop: 10.0.4.6 via fxp2.212
10.0.6.1/32 Originating RIB: inet.0
Metric: 5 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.4.6 via fxp2.212
3:IBGP
认证
BGP认证支持两种方式 IPSEC和MD5。IPSEC的方式在M/T系列的考试中不会涉及,所以不与讨论,同时我个人认为路由协议之间的数据也不需要使用IPSEC这样一种极度变态的加密结构。
lunsui# show protocols
bgp {
group internal {
type internal;
local-address 10.0.3.4;
authentication-key "$9$.fQnEhrlMX"; ## SECRET-DATA
export ibgp;
neighbor 10.0.6.1;
neighbor 10.0.6.2 {
authentication-key "$9$wZ2oGzF/CtO"; ## SECRET-DATA
}
neighbor 10.0.3.3 {
authentication-key "$9$-nbYof5Fn/t"; ## SECRET-DATA
}
neighbor 10.0.3.5;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
}
lunsui# run show bgp neighbor 10.0.3.3 logical-router R4
Peer: 10.0.3.3+3454 AS 65412 Local: 10.0.3.4+179 AS 65412
Type: Internal State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: [ ibgp ]
Options: <Preference LocalAddress HoldTime AuthKey Refresh>
Authentication key is configured
Local Address: 10.0.3.4 Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 10.0.3.3 Local ID: 10.0.3.4 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 2
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Table inet.0 Bit: 10000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 1
Received prefixes: 1
Suppressed due to damping: 0
Advertised prefixes: 1
Last traffic (seconds): Received 22 Sent 22 Checked 22
Input messages: Total 21 Updates 1 Refreshes 0 Octets 454
Output messages: Total 22 Updates 1 Refreshes 0 Octets 473
Output Queue[0]: 0
juniper 的认证配置提供多个层次上的认证,比如在 protoclols下,group 下,neighbor下。
如果配置产生冲突,那么下范围的有限于大范围的。比如neighbor优先于group。
4:IBGP路由反射器
下面是配置方法,juniper不像cisco使用一条命令来配置RR。而是直接配置一个cluster-ID。然后下面跟的邻居就他的客户。注意juniper的层次结构。
lunsui# show protocols
bgp {
group cluster-2222 {
type internal;
local-address 10.0.3.5;
authentication-key "$9$KpwWX-UDkqfz"; ## SECRET-DATA
export ibgp;
cluster 2.2.2.2;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
}
注意:并且从非客户学来的路由在传给客户与非客户的时候是不会加上cluster-id属性。
BGP Preference: 170/-101
Next-hop reference count: 1
Source: 10.0.3.4
Next hop: 10.0.4.5 via fxp1.212, selected
Protocol next hop: 10.0.4.10
Indirect next hop: 85d1300 131087
State: <NotBest Int Ext>
Inactive reason: IGP metric
Local AS: 65412 Peer AS: 65412
Age: 1:38:18 Metric2: 10
Task: BGP_65412.10.0.3.4+4122
AS path: I (Originator) Cluster list: 3.3.3.3
AS path: Originator ID: 10.0.6.2
Localpref: 100
Router ID: 10.0.3.4
Indirect next hops: 1
Protocol next hop: 10.0.4.10 Metric: 10
Indirect next hop: 85d1300 131087
Indirect path forwarding next hops: 1
Next hop: 10.0.4.5 via fxp1.212
10.0.4.8/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.4.5 via fxp1.212
有时候一台客户
路由器同时属于不同的两个cluster,所以他有可能从不同的两个RR收到不同的路由,我们知道BGP只会使用一条路由来进行包的转发,所以会有一个决策的过程一般是那13条决策规则。下面一条决策失败的路由信息,在juniper里面我们把这样的路由叫做inactive,并且会给出一个inactive的原因。
BGP Preference: 170/-101
Next-hop reference count: 1
Source: 10.0.3.4
Next hop: 10.0.4.5 via fxp1.212, selected
Protocol next hop: 10.0.4.10
Indirect next hop: 85d1300 131087
State: <NotBest Int Ext>
Inactive reason: IGP metric
Local AS: 65412 Peer AS: 65412
Age: 1:38:18 Metric2: 10
Task: BGP_65412.10.0.3.4+4122
AS path: I (Originator) Cluster list: 3.3.3.3
AS path: Originator ID: 10.0.6.2
Localpref: 100
Router ID: 10.0.3.4
Indirect next hops: 1
Protocol next hop: 10.0.4.10 Metric: 10
Indirect next hop: 85d1300 131087
Indirect path forwarding next hops: 1
Next hop: 10.0.4.5 via fxp1.212
10.0.4.8/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.4.5 via fxp1.212
上面红色部分就说明了这条路由是在那一条决策规则上输掉的,这个例子中,是IGP的metric。
蓝色部分就表明这条路由是从cluster 3.3.3.3 的RR学到的。
5:联邦
联邦是除了路由放射器之外的另一种消除IBGP关系全互联的一种技术。是将你的AS划分成多个子AS,各个子AS必须有自己唯一的AS号,每个子AS的BGP邻居之关系的关系我们把他叫做CBGP。CBGP的操作与EBGP的操作类似,除了CBGP携带了IBGP属性。
下面显示的是基本配置。
联邦的协议层次下的配置与普通的BGP配置一样。
protocols {
bgp {
group 65001 {
type internal;
local-address 10.0.3.4;
export ibgp;
neighbor 10.0.6.2;
}
group cbgp {
type external;
multihop {
ttl 255; EBGP对等体默认TTL只有1跳。而我用的环回口做的本地地址。也就是cisco里面所说的updata source
local-address 10.0.3.4;
export ibgp;
neighbor 10.0.3.3 {
peer-as 65000;
}
neighbor 10.0.3.5 {
peer-as 65002;
}
}
}
联邦的关键配置在路有选项中配置
lunsui# show routing-options
static {
route 192.168.40.0/24 discard;
}
aggregate {
route 10.0.4.0/22;
}
autonomous-system 65001; 本地联邦子AS的AS号。
confederation 65412 (对外部非联邦对等体使用的本地AS号)members [ 65000 65001 65002 ]; (在这个联邦中拥有的成员)
从联邦学来的路由表。。注意AS PATH
unsui# run show route protocol bgp 192.168.60.0 extensive logical-router R
inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
192.168.60.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 192.168.60.0/24 -> {indirect(131110)}
*BGP Preference: 170/-101
Next-hop reference count: 3
Source: 10.0.3.4
Next hop: 10.0.4.1 via fxp2.223
Next hop: 10.0.4.9 via fxp2.224, selected
Protocol next hop: 10.0.9.6
Indirect next hop: 85d1400 131110
State: <Active Int Ext>
Local AS: 65001 Peer AS: 65001
Age: 5:08:22 Metric2: 5
Task: BGP_65001.10.0.3.4+2866
Announcement bits (2): 0-KRT 4-Resolve tree 2
AS path: (65000 65002) I
Localpref: 100
Router ID: 10.0.3.4
Indirect next hops: 1
Protocol next hop: 10.0.9.6 Metric: 5
Indirect next hop: 85d1400 131110
Indirect path forwarding next hops: 2
Next hop: 10.0.4.1 via fxp2.223
Next hop: 10.0.4.9 via fxp2.224
0.0.0.0/0 Originating RIB: inet.0
Metric: 5 Node path count: 1
Forwarding nexthops: 2
Nexthop: 10.0.4.1 via fxp2.223
Nexthop: 10.0.4.9 via fxp2.224
在联邦中的CBGP在传递路由的时候,虽然他们是EBGP关系的邻居,但是他们是不会改变这条路由的协议下一条。
6:IBGP的计时器和一些杂七杂八的东西
BGP多路径负载均衡。、
lunsui# show bgp
preference 154;
group 65002 {
type internal;
local-address 10.0.3.5;
multipath;
neighbor 10.0.9.6;
neighbor 10.0.9.7;
}
group cbgp {
type external;
multihop {
ttl 255;
}
local-address 10.0.3.5;
export ibgp;
neighbor 10.0.3.3 {
peer-as 65000;
}
neighbor 10.0.3.4 {
peer-as 65001;
}
}
验证多路径。
[edit logical-routers R5 protocols bgp group 65002]
lunsui# ... bgp 192.168.0.0 extensive logical-router R5
inet.0: 42 destinations, 58 routes (42 active, 0 holddown, 0 hidden)
192.168.0.0/24 (3 entries, 1 announced)
TSI:
KRT in-kernel 192.168.0.0/24 -> {indirect(131113)}
Aggregated into 192.168.0.0/22
Page 0 idx 1 Type 1 val 8650120
Nexthop: 172.16.40.1
MED: 0
Localpref: 100
AS path: I
Communities:
Path 192.168.0.0 from 10.0.9.6 Vector len 4. Val: 1
*BGP Preference: 154/-101
Next-hop reference count: 8
Source: 10.0.9.6
Next hop: 10.0.8.5 via fxp1.256, selected
Next hop: 10.0.8.10 via fxp1.257
Protocol next hop: 172.16.40.1
Indirect next hop: 85d1700 131113
Protocol next hop: 172.16.40.5
Indirect next hop: 85d1800 131116
State: <Active Int Ext>
Local AS: 65002 Peer AS: 65002
Age: 32:46 Metric: 0 Metric2: 10
Task: BGP_65002.10.0.9.6+179
Announcement bits (4): 0-KRT 3-Aggregate 4-BGP.0.0.0.0+179 5-Resolve tree 2
AS path: I
Localpref: 100
Router ID: 10.0.9.6
Indirect next hops: 2
Protocol next hop: 172.16.40.1 Metric: 10
Indirect next hop: 85d1700 131113
Indirect path forwarding next hops: 1
Next hop: 10.0.8.5 via fxp1.256
172.16.40.0/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.8.5 via fxp1.256
Protocol next hop: 172.16.40.5 Metric: 10
Indirect next hop: 85d1800 131116
Indirect path forwarding next hops: 1
Next hop: 10.0.8.10 via fxp1.257
172.16.40.4/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.8.10 via fxp1.257
BGP Preference: 154/-101
Next-hop reference count: 4
Source: 10.0.9.7
Next hop: 10.0.8.10 via fxp1.257, selected
Protocol next hop: 172.16.40.5
Indirect next hop: 85d1800 131116
State: <NotBest Int Ext>
Inactive reason: Router ID
Local AS: 65002 Peer AS: 65002
Age: 31:31 Metric: 0 Metric2: 10
Task: BGP_65002.10.0.9.7+4051
AS path: I
Localpref: 100
Router ID: 10.0.9.7
Indirect next hops: 1
Protocol next hop: 172.16.40.5 Metric: 10
Indirect next hop: 85d1800 131116
Indirect path forwarding next hops: 1
Next hop: 10.0.8.10 via fxp1.257
172.16.40.4/30 Originating RIB: inet.0
Metric: 10 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.8.10 via fxp1.257
注意红色部分。
另外多路径也可以在不同的层次设置。
计时器:
BGP对等体中有hold-timer和keepalive两个计时器。其中KEEPALIVE计时器用与控制keepalive包多少时间发一次。Hold-timer用与在多少时间内没有收到对端的keepalive包就宣布对端失效。
在juniper的路由器中keepalive计时器被间接的设置,因为在juniper中两者是被绑定修改的,hlod-timer是keepalive的3倍,在你改变hold-timer的时候也就改变了keepalive。
lunsui# show protocols bgp
group 65001 {
type internal;
local-address 10.0.3.4;
export ibgp;
neighbor 10.0.6.2;
}
group cbgp {
type external;
multihop {
ttl 255;
}
local-address 10.0.3.4;
export ibgp;
neighbor 10.0.3.3 {
hold-time 180; (也可以在不同的层次下设置)也就是说可以根据不同的BGP会话进行设置。
peer-as 65000;
}
neighbor 10.0.3.5 {
peer-as 65002;
}
}
当两个对等题的hold-timer设置不一样的时候,也能建立起邻居,并且两者协商一个值做为两端同样的值。这个值选择一个较小的。
bgp被动模式
被动模式是指本地BGP不主动发起TCP连接会话。
protocols {
bgp {
passive;
通告inactive的BGP路由。
默认情况下BGP只会通告active的路由,可以使用下面红色部分的关键字来修改这一默认动作。
lunsui# show protocols bgp
export adv;
group 65000 {
type internal;
local-address 10.0.3.3;
advertise-inactive;
import import;
authentication-key "$9$UKiqfu0IRSe"; ## SECRET-DATA
cluster 1.1.1.1;
neighbor 10.0.6.1;
neighbor 10.0.6.2;
neighbor 10.0.3.4;
2001-2007 Comsenz Inc.
