边界网关协议(BGP)选路的四项重要原则
文章目录
- 前言
- 一、BGP的四种选路原则
-
- AS-path
- Local Preference
- Preference Value(华为私有协议)
- Multi-Exit Discriminator (MED)
- 二、案列图
-
- 1.基础配置
- 2.建立IBGP与EBGP
-
- 通过AS-path属性改变路由
- 通过Preference Value(华为私有协议)属性改变路由
- 通过MED属性改变路由
- 通过Local Preference属性改变路由
前言
BGP的选路原则帮助网络管理员控制和优化网络流量,确保高效的路由决策。是网络协议中用于确定数据包传输路径的规则,尤其是在多条路径可用时,路由器需要根据这些原则来选择最佳路径。影响流量分布,提高网络的可靠性和性能。
一、BGP的四种选路原则
AS-path
定义:AS-path是一个包含路由经过的所有自治系统(AS)的列表。AS-path越短,表示路径越少,一般情况下优先选择AS-path较短的路由。
优先级:短的AS-path优先级高。
Local Preference
定义:Local Preference(本地优先级)是用于在同一自治系统内选择最佳出口的策略。它是一个16位的值,数值越高表示优先级越高。
优先级:数值较高的Local Preference优先级高。默认值通常为100。
Preference Value(华为私有协议)
定义:华为特有的优先级值,用于影响路由的选择。数值范围通常为0到255,数值越小优先级越高。
优先级:数值越小表示优先级越高,在其他选路原则中优先级也是最高的。
Multi-Exit Discriminator (MED)
定义:MED用于在不同自治系统之间的选择优先级,指示一个AS如何选择最佳的入口路径。数值越小表示优先级越高,通常也称为"外部优先级"。
优先级:数值较小的MED优先级高。
下面通过实验来验证并分析上面四种选路的关系
二、案列图
在上面拓扑图中,我们以loopback 0为为每台设备的router-id。loopback 1 和loopback 2为外部路由。
题目要求:
当AR1设备访问AR7中的loopback 1时,我们需要流量走AR1–AR2–AR4–AR5–AR7;
当AR1设备访问AR7中的loopback 2时,我们需要流量走AR1–AR3–AR4–AR6–AR7;
当AR7设备访问AR1中的loopback 2时,我们需要流量走AR7–AR5–AR4–AR2–AR1;
当AR7设备访问AR1中的loopback 1时,我们需要流量走AR7–AR6–AR4–AR3–AR1;
1.基础配置
- AR1,AR2,AR3上配置IP地址和ospf 1 ;
- AR5,AR6,AR7上配置IP地址和ospf 2 ;
- AR4配置IP地址
代码如下:
<AR1>
#
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface LoopBack1
ip address 100.0.0.1 255.255.255.255
#
interface LoopBack2
ip address 200.0.0.1 255.255.255.255
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 10.0.1.1 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.13.0 0.0.0.255
#
<AR2>
#
interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.24.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.2 0.0.0.0
network 10.0.12.0 0.0.0.255
#
<AR3>
#
interface GigabitEthernet0/0/0
ip address 10.0.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.34.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 10.0.3.3 0.0.0.0
network 10.0.13.0 0.0.0.255
#
<AR4>
#
interface GigabitEthernet0/0/0
ip address 10.0.24.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.34.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 10.0.46.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
<AR5>
#
interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.57.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
#
ospf 2 router-id 10.0.5.5
area 0.0.0.0
network 10.0.5.5 0.0.0.0
network 10.0.57.0 0.0.0.255
#
<AR6>
#
interface GigabitEthernet0/0/0
ip address 10.0.46.6 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.67.6 255.255.255.0
#
interface LoopBack0
ip address 10.0.6.6 255.255.255.255
#
ospf 2 router-id 10.0.6.6
area 0.0.0.0
network 10.0.6.6 0.0.0.0
network 10.0.67.0 0.0.0.255
#
<AR7>
#
interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.57.7 255.255.255.0
#
#
interface LoopBack0
ip address 10.0.7.7 255.255.255.255
#
interface LoopBack1
ip address 100.0.0.7 255.255.255.255
#
interface LoopBack2
ip address 200.0.0.7 255.255.255.255
#
ospf 2 router-id 10.0.7.7
area 0.0.0.0
network 10.0.7.7 0.0.0.0
network 10.0.57.0 0.0.0.255
network 10.0.67.0 0.0.0.255
#
防止出现错误的配置,我们检查设备的连通性和ospf是否建立邻居成功
<R7>display ospf peer brief
OSPF Process 2 with Router ID 10.0.7.7
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.0.6.6 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.5.5 Full
----------------------------------------------------------------------------
<R7>ping 10.0.57.5
PING 10.0.57.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.57.5: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 10.0.57.5: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.0.57.5: bytes=56 Sequence=3 ttl=255 time=30 ms
--- 10.0.57.5 ping statistics ---
3 packet(s) transmitted
3 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms
如果状态为FULL这表示ospf邻居建立成功,通过ping对端端口发现有数据回来,说明数据是可以正常通信的。
2.建立IBGP与EBGP
iBGP 主要用于自治系统内部的路由器之间,它的主要特点是需要完整连接。
eBGP 用于不同自治系统之间,路由信息可以直接传播。
<AR1>
bgp 100
router-id 10.0.1.1
peer 10.0.2.2 as-number 100 ##建立BGP对等体,指出该对等体位于 AS(自治系统)编号为 100 的网络中
peer 10.0.2.2 connect-interface LoopBack0 ##通过 LoopBack0 接口与对等体进行通信,可以提高可靠性和稳定性
peer 10.0.3.3 as-number 100
peer 10.0.3.3 connect-interface LoopBack0
#
#
ipv4-family unicast
undo synchronization
network 100.0.0.1 255.255.255.255 ##把外部网络宣告进BGP中
network 200.0.0.1 255.255.255.255
peer 10.0.2.2 enable
peer 10.0.2.2 next-hop-local ##把出站流量控制在本地设备的场景下,防止环路
peer 10.0.3.3 enable
peer 10.0.3.3 next-hop-local
#
<AR2>
bgp 100
router-id 10.0.2.2
peer 10.0.1.1 as-number 100
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.3.3 as-number 100
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.24.4 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.0.1.1 enable
peer 10.0.1.1 next-hop-local
peer 10.0.3.3 enable
peer 10.0.3.3 next-hop-local
peer 10.0.24.4 enable
#
<AR3>
bgp 100
router-id 10.0.3.3
peer 10.0.1.1 as-number 100
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.2.2 as-number 100
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.34.4 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.0.1.1 enable
peer 10.0.1.1 next-hop-local
peer 10.0.2.2 enable
peer 10.0.2.2 next-hop-local
peer 10.0.34.4 enable
<AR4>
#
bgp 200
router-id 10.0.4.4
peer 10.0.24.2 as-number 100
peer 10.0.34.3 as-number 100
peer 10.0.45.5 as-number 300
peer 10.0.46.6 as-number 300
#
ipv4-family unicast
undo synchronization
network 10.0.4.4 255.255.255.255
peer 10.0.24.2 enable
peer 10.0.34.3 enable
peer 10.0.45.5 enable
peer 10.0.46.6 enable
#
<AR5>
bgp 300
router-id 10.0.5.5
peer 10.0.6.6 as-number 300
peer 10.0.6.6 connect-interface LoopBack0
peer 10.0.7.7 as-number 300
peer 10.0.7.7 connect-interface LoopBack0
peer 10.0.45.4 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.0.6.6 enable
peer 10.0.6.6 next-hop-local
peer 10.0.7.7 enable
peer 10.0.7.7 next-hop-local
peer 10.0.45.4 enable
<AR6>
#
bgp 300
router-id 10.0.6.6
peer 10.0.5.5 as-number 300
peer 10.0.5.5 connect-interface LoopBack0
peer 10.0.7.7 as-number 300
peer 10.0.7.7 connect-interface LoopBack0
peer 10.0.46.4 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.0.5.5 enable
peer 10.0.5.5 next-hop-local
peer 10.0.7.7 enable
peer 10.0.7.7 next-hop-local
peer 10.0.46.4 enable
#
<AR7>
#
bgp 300
router-id 10.0.7.7
peer 10.0.5.5 as-number 300
peer 10.0.5.5 connect-interface LoopBack0
peer 10.0.6.6 as-number 300
peer 10.0.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 100.0.0.7 255.255.255.255
network 200.0.0.7 255.255.255.255
peer 10.0.5.5 enable
peer 10.0.5.5 next-hop-local
peer 10.0.6.6 enable
peer 10.0.6.6 next-hop-local
#
通过AS-path属性改变路由
AR7
#
ip ip-prefix 1 index 10 permit 100.0.0.7 32
ip ip-prefix 2 index 10 permit 200.0.0.7 32
#
route-policy 1 permit node 10
if-match ip-prefix 1
apply as-path 300 200 additive
#
route-policy 1 permit node 20
#
route-policy 2 permit node 10
if-match ip-prefix 2
apply as-path 300 200 additive
#
route-policy 2 permit node 20
#
bgp 300
peer 10.0.5.5 route-policy 2 export=
peer 10.0.6.6 route-policy 1 export
#
定义两个 IP 前缀,建立了基于这些前缀的路由策略,并通过 BGP 与两个对等体进行连接,策略定义了如何处理匹配的路由。
查看结果
<R6>display bgp routing-table 100.0.0.7
BGP local router ID : 10.0.6.6
Local AS number : 300
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 100.0.0.7/32:
From: 10.0.7.7 (10.0.7.7)
Route Duration: 00h27m49s
Relay IP Nexthop: 10.0.67.7
Relay IP Out-Interface: GigabitEthernet0/0/1
Original nexthop: 10.0.7.7
Qos information : 0x0
AS-path 300 200, origin igp, MED 0, localpref 100, pref-val 0, valid, internal,
best, select, active, pre 255, IGP cost 1
Advertised to such 1 peers:
10.0.46.4
<R6>display bgp routing-table 200.0.0.7
BGP local router ID : 10.0.6.6
Local AS number : 300
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 200.0.0.7/32:
From: 10.0.7.7 (10.0.7.7)
Route Duration: 00h31m55s
Relay IP Nexthop: 10.0.67.7
Relay IP Out-Interface: GigabitEthernet0/0/1
Original nexthop: 10.0.7.7
Qos information : 0x0
AS-path Nil, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, bes
t, select, active, pre 255, IGP cost 1
Advertised to such 1 peers:
10.0.46.4
<R4>display bgp routing-table
BGP Local router ID is 10.0.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.4.4/32 0.0.0.0 0 0 i
*> 100.0.0.7/32 10.0.45.5 0 300i
*> 200.0.0.7/32 10.0.46.6 0 300i
通过在发现路由 200.0.0.7 在该AR6路由器上由于AS_Path长度短,所以AR4优选AR6上通告过来的200.0.0.7路由
通过Preference Value(华为私有协议)属性改变路由
ip ip-prefix 2 index 10 permit 200.0.0.7 32
#
route-policy 2 permit node 10
if-match ip-prefix 2
apply preferred-value 10
#
route-policy 2 permit node 20
#
bgp 100
peer 10.0.3.3 route-policy 2 import
定义一个 IP 前缀列表,并通过路由策略在 BGP 中设置特定路由的优先值。对于来自对等体 10.0.3.3 的路由,只有匹配 200.0.0.7/32 的路由会被赋予preferred-value优先值 10,而其他路由将按默认规则被接受。
查看效果和结果
<R1>tracert -a 100.0.0.1 100.0.0.7
traceroute to 100.0.0.7(100.0.0.7), max hops: 30 ,packet length: 40,press CTRL
_C to break
1 10.0.12.2 30 ms 20 ms 30 ms
2 10.0.24.4 40 ms 20 ms 20 ms
3 10.0.45.5 30 ms 20 ms 40 ms
4 10.0.57.7 70 ms 40 ms 40 ms
<R1>tracert -a 100.0.0.1 200.0.0.7
traceroute to 200.0.0.7(200.0.0.7), max hops: 30 ,packet length: 40,press CTRL
_C to break
1 10.0.13.3 20 ms 20 ms 20 ms
2 10.0.34.4 30 ms 20 ms 40 ms
3 10.0.46.6 30 ms 20 ms 30 ms
4 10.0.67.7 40 ms 40 ms 50 ms
<R1>display bgp routing-table 200.0.0.7
BGP local router ID : 10.0.1.1
Local AS number : 100
Paths: 2 available, 1 best, 1 select
BGP routing table entry information of 200.0.0.7/32:
From: 10.0.3.3 (10.0.3.3)
Route Duration: 00h42m25s
Relay IP Nexthop: 10.0.13.3
Relay IP Out-Interface: GigabitEthernet0/0/1
Original nexthop: 10.0.3.3
Qos information : 0x0
AS-path 200 300, origin igp, localpref 100, pref-val 10, valid, internal, best,
select, active, pre 255, IGP cost 1
Not advertised to any peer yet
BGP routing table entry information of 200.0.0.7/32:
From: 10.0.2.2 (10.0.2.2)
Route Duration: 00h42m44s
Relay IP Nexthop: 10.0.12.2
Relay IP Out-Interface: GigabitEthernet0/0/0
Original nexthop: 10.0.2.2
Qos information : 0x0
AS-path 200 300, origin igp, localpref 100, pref-val 0, valid, internal, pre 25
5, IGP cost 1, not preferred for PreVal
Not advertised to any peer yet
通过display bgp routing-table 200.0.0.7得出,R3通告BGP路由200.0.0.7 其pref-val为10,而R2通告BGP路由200.0.0.7 其pref-val为0 。所以R1优先R3通告的200.0.0.7BGP路由。
通过MED属性改变路由
AR4
#
ip ip-prefix 1 index 10 permit 100.0.0.1 32
ip ip-prefix 2 index 10 permit 200.0.0.1 32
#
route-policy 1 permit node 10
if-match ip-prefix 1
apply cost 200
#
route-policy 1 permit node 20
#
route-policy 2 permit node 10
if-match ip-prefix 2
apply cost 200
#
route-policy 2 permit node 20
#
bgp 200
peer 10.0.24.2 route-policy 1 import
peer 10.0.34.3 route-policy 2 import
查看效果和结果
[R4-bgp]display bgp routing-table
BGP Local router ID is 10.0.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.4.4/32 0.0.0.0 0 0 i
*> 100.0.0.1/32 10.0.34.3 0 100i
* 10.0.24.2 200 0 100i
*> 200.0.0.1/32 10.0.24.2 0 100i
* 10.0.34.3 200 0 100i
此时AR2通告的BGP路由100.0.0.1其MED值为200,而AR3通告BGP路由MED值为0。所以AR4优选MED值小的BGP路由,故AR3通告的路由被优选。
通过Local Preference属性改变路由
AR7
acl number 2001
rule 5 permit source 100.0.0.1 0
#
route-policy 3 permit node 10
if-match acl 2001
apply local-preference 200
#
route-policy 3 permit node 20
#
bgp 300
peer 10.0.6.6 route-policy 3 import
查看结果
<R7>display bgp routing-table
BGP Local router ID is 10.0.7.7
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 100.0.0.1/32 10.0.6.6 200 0 200 100i
* i 10.0.5.5 100 0 200 100i
*>i 200.0.0.1/32 10.0.5.5 100 0 200 100i
* i 10.0.6.6 100 0 200 100i
此时AR6通告BGP路由100.0.0.1其LocPrf 为200,而AR5通告BGP路由100.0.0.1其LocPrf 为100 。所以AR7优选LocPrf值大的BGP路由,故AR6通告被优选。
最终实现效果
<R7>tracert -a 100.0.0.7 100.0.0.1
traceroute to 100.0.0.1(100.0.0.1), max hops: 30 ,packet length: 40,press CTRL
_C to break
1 10.0.67.6 20 ms 20 ms 10 ms
2 10.0.46.4 40 ms 20 ms 30 ms
3 10.0.34.3 40 ms 20 ms 50 ms
4 10.0.13.1 50 ms 30 ms 40 ms
<R7>tracert -a 100.0.0.7 200.0.0.1
traceroute to 200.0.0.1(200.0.0.1), max hops: 30 ,packet length: 40,press CTRL
_C to break
1 10.0.57.5 40 ms 20 ms 20 ms
2 10.0.45.4 20 ms 30 ms 20 ms
3 10.0.24.2 40 ms 40 ms 40 ms
4 10.0.12.1 30 ms 40 ms 40 ms