配置和验证BGP条件通告特性
Contents
Introduction
边界网关协议 (BGP) 条件通告功能可以根据 BGP 表中是否存在其他前缀,提供对路由通告的更多控制。
Prerequisites
Requirements
在尝试此配置前,请保证您熟悉:
Components Used
在本文描述的BGP条件通告特性在Cisco IOS软件版本11.1cc和11.2被介绍了并且是可用的在最新版本。
本文档中的信息基于以下软件和硬件版本:
-
Cisco IOS软件版本12.2(13)T13
-
Cisco 2500 系列路由器
The information in this document was created from the devices in a specific lab environment.All of the devices used in this document started with a cleared (default) configuration.If your network is live, make sure that you understand the potential impact of any command.
背景理论
通常,会传播路由,而不管是否存在不同的路径。BGP条件通告特性使用non-exist-map和advertise-map关键字neighbor advertise-map命令为了由路由前缀跟踪路由。如果路由前缀不是存在输出的non-exist-map命令中,则advertise-map命令指定的路由宣布。此功能为多址网络是有用的,一些前缀做通告到其中一个供应商,只有当从另一个供应商的信息不存在(这在对等体会话或部分可到达性中指示一个故障)。
有条件的BGP公告被发送除BGP路由器发送到其对等体的正常公告之外。
Conventions
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
Configure
本部分提供有关如何配置本文档所述功能的信息。
Note: 要寻找关于用于本文的命令的其他信息,请使用ios命令查找工具
Network Diagram
本文档使用此图所示的网络设置。
这里, R103环回接口用于宣布192.168.50.0/24到R102。R102有一个BGP网络, 128.16.16.0/24,默认情况下被通知对两个其外部BGP (EBGP)对等体, R101和R103。
使用BGP条件通告特性,您能当前完成在R102的这些任务:
-
如果192.168.50.0/24在R102's BGP表里存在,则请勿通告128.16.16.0/24网络对R101。
-
如果192.168.50.0/24在R102's BGP表里不存在,则请通告128.16.16.0/24网络对R101。
使用Cisco IOS 12.2T或以上版本,已存在映射关键字可以用于完成这些任务:
-
如果192.168.50.0/24在R102's BGP表里存在,则请通告128.16.16.0/24网络对R101。
-
如果192.168.50.0/24在R102's BGP表里不存在,则请勿通告128.16.16.0/24网络对R101。
配置有条件通告功能
本文档使用以下配置:
Note: 这里示例讨论non-exist-map关键字。已存在映射关键字的使用方法类似于此。
| R102 |
|---|
hostname R102 ! interface Loopback0 ip address 128.16.16.1 255.255.255.0 ! interface Serial8/0 ip address 10.10.10.2 255.255.255.0 ! interface Serial9/0 ip address 10.10.20.2 255.255.255.0 ! router bgp 2 bgp log-neighbor-changes network 128.16.16.0 mask 255.255.255.0 network 130.130.0.0 neighbor 10.10.10.1 remote-as 1 neighbor 10.10.10.1 advertise-map ADVERTISE non-exist-map NON-EXIST !--- Advertises the routes matched in the route-map ADVERTISE (128.16.16.0/24) !--- only if the routes matched in route-map NON-EXIST (192.168.50.0/24) !--- do not exist in the BGP table. neighbor 10.10.20.3 remote-as 3 ! ip route 130.130.0.0 255.255.0.0 Null0 ! access-list 60 permit 128.16.16.0 0.0.0.255 access-list 65 permit 192.168.50.0 0.0.0.255 ! route-map NON-EXIST permit 10 match ip address 65 ! route-map ADVERTISE permit 10 match ip address 60 ! |
| R103 |
|---|
hostname R103 ! interface Loopback0 ip address 192.168.50.1 255.255.255.0 ! interface Serial9/0 ip address 10.10.20.3 255.255.255.0 ! router bgp 3 bgp log-neighbor-changes network 192.168.50.0 neighbor 10.10.20.2 remote-as 2 ! |
| R101 |
|---|
hostname R101 ! interface Loopback0 ip address 200.200.200.1 255.255.255.0 ! interface Serial8/0 ip address 10.10.10.1 255.255.255.0 ! router bgp 1 bgp log-neighbor-changes network 200.200.200.0 neighbor 10.10.10.2 remote-as 2 ! |
验证配置
示例 1
此示例验证什么BGP看起来,当192.168.50.0/24在R102's BGP表里时:
首先请确认192.168.50.0/24是否在R102's BGP表里存在:
R102# show ip bgp BGP table version is 6, local router ID is 128.16.16.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 128.16.16.0/24 0.0.0.0 0 32768 i *> 130.130.0.0 0.0.0.0 0 32768 i *> 192.168.50.0 10.10.20.3 0 0 3 i *> 200.200.200.0 10.10.10.1 0 0 1 i
因为192.168.50.0/24在R102's BGP表里,然后R102不能通告128.16.16/24到R101。
R102# show ip bgp neighbors 10.10.10.1 advertised-routes
BGP table version is 6, local router ID is 128.16.16.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 130.130.0.0 0.0.0.0 0 32768 i
*> 192.168.50.0 10.10.20.3 0 0 3 i
!--- Note 128.16.16.0/24 is not advertised to neighbor 10.10.10.1.
R102# show ip bgp 128.16.16.0
BGP routing table entry for 128.16.16.0/24, version 6
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
!--- This is not advertised to R101.
10.10.20.3
Local
0.0.0.0 from 0.0.0.0 (128.16.16.1)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
然后请检查条件通告的状态在R102的:
R102# show ip bgp neighbors 10.10.10.1 BGP neighbor is 10.10.10.1, remote AS 1, external link BGP version 4, remote router ID 200.200.200.1 BGP state = Established, up for 02:27:07 Last read 00:00:07, hold time is 180, keepalive interval is 60 seconds !--- Output suppressed. For address family: IPv4 Unicast BGP table version 6, neighbor version 6 Index 1, Offset 0, Mask 0x2 Condition-map NON-EXIST, Advertise-map ADVERTISE, status: Withdraw 1 accepted prefixes consume 36 bytes Prefix advertised 3, suppressed 0, withdrawn 1 Number of NLRIs in the update sent: max 1, min 0 !--- Output suppressed.
输出表示“提取条件通告”,并且,匹配路由映射“的网络做通告”没有宣布对对等体10.10.10.1。
为了确认匹配路由映射“的路由请做通告”没有宣布对R101,检查在R101的BGP表:
R101# show ip bgp 128.16.16.0 % Network not in table
示例 2
此示例显示什么BGP看起来,当网络192.168.50.0/24在R102 BGP表里时不存在:
首先,请关闭在R103的环回接口0,以便R103不再宣布192.168.50.0/24对R102。
R103(config)# interface loopback 0 R103(config-if)# shutdown R103(config-if)# 03:29:36: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
然后请验证R102不了解192.168.50.0/24,并且网络在R102 BGP表里没有包括。
R102# show ip bgp BGP table version is 8, local router ID is 128.16.16.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 128.16.16.0/24 0.0.0.0 0 32768 i *> 130.130.0.0 0.0.0.0 0 32768 i *> 200.200.200.0 10.10.10.1 0 0 1 i !--- Note 192.168.50.0/24 is not present.
现在,请参阅多长时间为条件通告需要插入在:
R102# debug ip bgp updates *Mar 1 02:39:18.059: BGP(0): 10.10.20.3 rcv UPDATE about 192.168.50.0/24 -- withdrawn *Mar 1 02:39:18.059: BGP(0): no valid path for 192.168.50.0/24 *Mar 1 02:39:18.079: BGP(0): nettable_walker 192.168.50.0/24 no best path *Mar 1 02:39:18.219: BGP(0): 10.10.10.1 computing updates, afi 0, neighbor version 10, table version 11, starting at 0.0.0.0 *Mar 1 02:39:18.219: BGP(0): 10.10.10.1 send unreachable 192.168.50.0/24 *Mar 1 02:39:18.219: BGP(0): 10.10.10.1 send UPDATE 192.168.50.0/24 -- unreachable *Mar 1 02:39:18.219: BGP(0): 10.10.10.1 1 updates enqueued (average=27, maximum=27) *Mar 1 02:39:18.219: BGP(0): 10.10.10.1 update run completed, afi 0, ran for 0ms, neighbor version 10, start version 11, throttled to 11 *Mar 1 02:40:04.747: BPG(0): Condition NON-EXIST changes to Advertise *Mar 1 02:40:04.747: BGP(0): net 128.16.16.0/24 matches ADV MAP ADVERTISE: bump version to 12 *Mar 1 02:40:05.187: BGP(0): nettable_walker 128.16.16.0/24 route sourced locally *Mar 1 02:40:05.187: BGP(0): 10.10.10.1 computing updates, afi 0, neighbor version 11, table version 12, starting at 0.0.0.0 *Mar 1 02:40:05.187: BGP(0): 10.10.10.1 128.16.16.0/24 matches advertise map ADVERTISE, state: Advertise *Mar 1 02:40:05.187: BGP(0): 10.10.10.1 send UPDATE (format) 128.16.16.0/24, next 10.10.10.2, metric 0, path *Mar 1 02:40:05.187: BGP(0): 10.10.10.1 1 updates enqueued (average=52, maximum=52) *Mar 1 02:40:05.187: BGP(0): 10.10.10.1 update run completed, afi 0, ran for 0ms, neighbor version 11, start version 12, throttled to 12
条件通告进程由BGP扫描程序进程触发,运行每60秒。这意味着条件通告的最大时间生效是60秒。条件通告能快生效,根据,当被跟踪的路由从BGP表时被去除,并且,当BGP扫描程序的下个实例发生时。发出这些on命令R102为了验证在R102的条件通告状况邻接10.10.10.1的:
R102# show ip bgp neighbors 10.10.10.1 BGP neighbor is 10.10.10.1, remote AS 1, external link BGP version 4, remote router ID 200.200.200.1 BGP state = Established, up for 02:45:27 Last read 00:00:27, hold time is 180, keepalive interval is 60 seconds !--- Output suppressed. For address family: IPv4 Unicast BGP table version 12, neighbor version 12 Index 1, Offset 0, Mask 0x2 Condition-map NON-EXIST, Advertise-map ADVERTISE, status: Advertise 1 accepted prefixes consume 36 bytes Prefix advertised 6, suppressed 0, withdrawn 4 Number of NLRIs in the update sent: max 1, min 0 !--- Output suppressed.
R101's BGP表和路由表有128.16.16.0/24,如显示这里:
Note: 在此输出示例:中,有条件的BGP公告(网络128.16.16.0/24)被发送,除BGP路由器发送到其对等体的正常BGP公告(网络130.130.0.0/16)之外。
R101# show ip bgp BGP table version is 18, local router ID is 200.200.200.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 128.16.16.0/24 10.10.10.2 0 0 2 i *> 130.130.0.0 10.10.10.2 0 0 2 i *> 200.200.200.0 0.0.0.0 0 32768 i
R101# show ip route bgp
128.16.0.0/24 is subnetted, 1 subnets
B 128.16.16.0 [20/0] via 10.10.10.2, 00:09:32
B 130.130.0.0/16 [20/0] via 10.10.10.2, 02:48:46
示例 3
此示例在R102介入192.168.50.0/24网络的重新安装为了发现BGP更改从“如何做通告” “让步”。
为了重新安装192.168.50.0/24,发出no shutdown命令带来在R103的interface loopback 0对“”。
R103(config)# interface loopback 0 R103(config-if)# no shutdown R103(config-if)# 03:49:06: %LINK-3-UPDOWN: Interface Loopback0, changed state to up 03:49:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up !--- R102 kicks in conditional advertisement the moment the !--- conditional network is received again. *Mar 1 02:51:42.227: BGP(0): 10.10.20.3 rcvd UPDATE w/ attr: nexthop 10.10.20.3, origin i, metric 0, path 3 *Mar 1 02:51:42.227: BGP(0): 10.10.20.3 rcvd 192.168.50.0/24 *Mar 1 02:51:42.247: BGP(0): Revise route installing 192.168.50.0/24 -> 10.10.20.3 to main IP table *Mar 1 02:51:42.379: BGP(0): 10.10.10.1 computing updates, afi 0, neighbor version 12, table version 13, starting at 0.0.0.0 *Mar 1 02:51:42.379: BGP(0): 10.10.10.1 send UPDATE (format) 192.168.50.0/24, next 10.10.10.2, metric 0, path 3 *Mar 1 02:51:42.379: BGP(0): 10.10.10.1 1 updates enqueued (average=47, maximum=47) *Mar 1 02:51:42.379: BGP(0): 10.10.10.1 update run completed, afi 0, ran for 0ms, neighbor version 12, start version 13, throttled to 13 *Mar 1 02:52:09.159: BPG(0): Condition NON-EXIST changes to Withdraw *Mar 1 02:52:09.159: BGP(0): net 128.16.16.0/24 matches ADV MAP ADVERTISE: bump version to 14 *Mar 1 02:52:09.499: BGP(0): nettable_walker 128.16.16.0/24 route sourced locally *Mar 1 02:52:11.559: BGP(0): 10.10.10.1 computing updates, afi 0, neighbor version 13, table version 14, starting at 0.0.0.0 *Mar 1 02:52:11.559: BGP(0): 10.10.10.1 128.16.16.0/24 matches advertise map ADVERTISE, state: Withdraw *Mar 1 02:52:11.559: BGP(0): 10.10.10.1 send unreachable 128.16.16.0/24 *Mar 1 02:52:11.559: BGP(0): 10.10.10.1 send UPDATE 128.16.16.0/24 -- unreachable *Mar 1 02:52:11.559: BGP(0): 10.10.10.1 1 updates enqueued (average=27, maximum=27) *Mar 1 02:52:11.559: BGP(0): 10.10.10.1 update run completed, afi 0, ran for 0ms, neighbor version 13, start version 14, throttled to 14
R102不再通告128.16.16.0/24对R101。
R102# show ip bgp neighbors 10.10.10.1 advertised-routes BGP table version is 14, local router ID is 128.16.16.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 130.130.0.0 0.0.0.0 0 32768 i *> 192.168.50.0 10.10.20.3 0 0 3 i !--- Note 128.16.16.0/24 is not advertised. R102# show ip bgp neighbors 10.10.10.1 BGP neighbor is 10.10.10.1, remote AS 1, external link BGP version 4, remote router ID 200.200.200.1 BGP state = Established, up for 03:01:32 Last read 00:00:31, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: !--- Output supressed. For address family: IPv4 Unicast BGP table version 14, neighbor version 14 Index 1, Offset 0, Mask 0x2 Condition-map NON-EXIST, Advertise-map ADVERTISE, status: Withdraw 1 accepted prefixes consume 36 bytes Prefix advertised 7, suppressed 0, withdrawn 5 Number of NLRIs in the update sent: max 1, min 0 !--- Output supressed.
Note: 在真实世界方案中, AS1和AS3被连接到互联网(全局BGP)。因此网络192.168.50.0/24可能通过从AS3的一个全球BGP网被传播到AS1 (R101) BGP表。AS1,反过来,可能传播前缀192.168.50.0到R102 (根据在AS1和AS2之间的策略协议)。如果R101传播AS3从全球BGP网的获知的路由到R102,则条件通告可以发生故障,如果另外的检查在不存在的映射没有安置。
为了更好知道条件通告为什么发生故障,请考虑此方案。AS1了解192.168.50.0/24从全球BGP网并且宣布192.168.50.0/24对AS2 (R102)。R102也了解从其直接同位体的前缀192.168.50.0/24到R103 (在对R103链路的R102)。当R102和R103之间的直接链接发生故障时,您预计前缀192.168.50.0/24在R102's BGP表里停止存在,并且条件通告起动并且宣布前缀128.16.16.0/24对R101。然而,因为前缀192.168.50.0/24在R102 BGP表里继续存在(了解从R101),条件通告中断,因为在不存在的映射的前缀在R102 BGP表里仍然存在。要保证前缀192.168.50.0/24从与AS3 (对R103的R102的直接连接仅了解)为了条件通告能起动,请添加匹配as_path语句在匹配AS_PATH前缀192.168.50.0/24获知从直接连接(在这种情况下是AS 3)的不存在的映射下。此案件的常规表示是^3。使用在BGP的常规表示关于常规表示的更多信息,请参见。当心您不能匹配AS路径和不匹配前缀。match as-path能只补充被匹配的前缀的匹配标准。换句话说,如果前缀不从确定存在AS #,您不能通告一些前缀对相邻。
在R102的新的配置显示得这里。添加在粗体。
| R101 |
|---|
hostname R102 ! interface Loopback0 ip address 128.16.16.1 255.255.255.0 ! interface Serial8/0 ip address 10.10.10.2 255.255.255.0 ! interface Serial9/0 ip address 10.10.20.2 255.255.255.0 ! router bgp 2 bgp log-neighbor-changes network 128.16.16.0 mask 255.255.255.0 network 130.130.0.0 neighbor 10.10.10.1 remote-as 1 neighbor 10.10.10.1 advertise-map ADVERTISE non-exist-map NON-EXIST neighbor 10.10.20.3 remote-as 3 ! ip route 130.130.0.0 255.255.0.0 Null0 ! ip as-path access-list 1 permit ^3 ! access-list 60 permit 128.16.16.0 0.0.0.255 access-list 65 permit 192.168.50.0 0.0.0.255 ! route-map NON-EXIST permit 10 match ip address 65 match as-path 1 ! route-map ADVERTISE permit 10 match ip address 60 ! |
已知问题
有与BGP和条件通告关连的两三个已知Bug。欲知更多信息,请参见Bug CSCdp18563 (仅限注册用户)和CSCdp20320 (仅限注册用户)在Bug Toolkit。
反馈