在Cisco Nexus交換機上配置BGP中的disable-peer-as-check

下載選項

PDF (208.2 KB)
在多種裝置上使用 Adobe Reader 檢視
ePub (118.0 KB)
在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
Mobi (Kindle) (102.6 KB)
在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視

已更新: 2019 年 7 月 30 日

文件 ID:214619

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的，無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言，或引用第三方產品的語言，因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件，讓全世界的使用者能夠以自己的語言理解支援內容。請注意，即使是最佳機器翻譯，也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責，並建議一律查看原始英文文件（提供連結）。

簡介

本檔案介紹執行NX-OS作業系統的Cisco Nexus系列交換器上的邊界閘道通訊協定(BGP)中的disable-peer-as-check命令。

必要條件

需求

思科建議您瞭解以下主題：

Nexus NX-OS軟體。
BGP路由協定。

採用元件

本文中的資訊係根據以下軟體和硬體版本：

Cisco Nexus 7000
NXOS 7.3(0)D1(1)版

本檔案所述內容不限於特定軟體和硬體版本。本檔案中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您的網路運作中，請確保您瞭解任何指令可能造成的影響。

設定

當網路首碼通告給eBGP對等點時，其自治系統(AS)一律會排在BGP的AS_PATH屬性清單之前。

預設情況下，基於Cisco Nexus NX-OS的交換機不會將網路字首通告給在BGP的網路字首AS_PATH屬性中最後找到AS的eBGP對等體。

此行為與基於Cisco IOS®(和Cisco IOS®-XE)的路由器和交換機不同，在這些路由器和交換機中，即使對等體的AS已經位於網路字首AS_PATH屬性中，網路字首仍會通告給eBGP對等體。

在這種情況下，BGP環路防護機制會捨棄接收方對等路由器上的網路字首（預設情況下），並觸發類似於「DENIED due to:AS-PATH僅包含我們自己的AS"（僅當啟用了相應的調試時）。

附註：預設情況下，基於Cisco IOS® XR的路由器的行為與NX-OS類似。在Cisco IOS® XR中，as-path-loopcheck out disable命令可用於修改此行為。

網路圖表

組態

R1 - Cisco IOS®
configure terminal ! hostname R1 ! interface Loopback0 ip address 10.255.255.1 255.255.255.255 ! interface GigabitEthernet0/1 ip address 10.1.2.1 255.255.255.0 no shutdown ! router bgp 64512 bgp log-neighbor-changes network 10.255.255.1 mask 255.255.255.255 neighbor 10.1.2.2 remote-as 65535 ! end

R1 - Cisco IOS®

configure terminal
!
hostname R1
!
interface Loopback0
 ip address 10.255.255.1 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 10.1.2.1 255.255.255.0
 no shutdown
!
router bgp 64512
 bgp log-neighbor-changes
 network 10.255.255.1 mask 255.255.255.255
 neighbor 10.1.2.2 remote-as 65535
!
end

N7K-2 - Nexus NX-OS
configure terminal ! hostname N7K-2 ! feature bgp ! interface Ethernet2/1 no switchport ip address 10.1.2.2/24 no shutdown interface Ethernet2/2 no switchport ip address 10.2.3.2/24 no shutdown ! router bgp 65535 address-family ipv4 unicast neighbor 10.1.2.1 remote-as 64512 address-family ipv4 unicast neighbor 10.2.3.3 remote-as 64512 address-family ipv4 unicast ! end

N7K-2 - Nexus NX-OS

configure terminal
!
hostname N7K-2
!
feature bgp
!
interface Ethernet2/1
  no switchport
  ip address 10.1.2.2/24
  no shutdown

interface Ethernet2/2
  no switchport
  ip address 10.2.3.2/24
  no shutdown
!
router bgp 65535
  address-family ipv4 unicast
  neighbor 10.1.2.1
    remote-as 64512
    address-family ipv4 unicast
  neighbor 10.2.3.3
    remote-as 64512
    address-family ipv4 unicast
!
end

R3 - Cisco IOS®
configure terminal ! hostname R3 ! interface GigabitEthernet0/1 ip address 10.2.3.3 255.255.255.0 no shutdown ! router bgp 64512 bgp log-neighbor-changes neighbor 10.2.3.2 remote-as 65535 ! end

驗證

使用本節內容，確認您的組態是否正常運作。

沒有disable-peer-as-check命令會阻止運行NX-OS的N7K-2將字首10.255.255.1/32通告給路由器R3，因為R3的AS(64512)在AS_PATH屬性中是最後找到的。

附註：預設情況下，配置中會禁用disable-peer-as-check命令。您必須手動新增命令才能啟用該功能。

當N7K-2將10.255.255.1/32通告給R3時，它會將最後一個AS 64512包含在AS_PATH屬性中。

此AS64512置與R3中配置的AS相同。

N7K-2 - Nexus NX-OS
N7K-2# show bgp ipv4 unicast BGP routing table information for VRF default, address family IPv4 Unicast BGP table version is 17, local router ID is 10.1.2.2 Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, -valid, >-best Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i njected Origin codes: i - IGP, e - EGP, ? - incomplete, \| - multipath, & - backup Network Next Hop Metric LocPrf Weight Path >e10.255.255.1/32 10.1.2.1 0 0 64512 i N7K-2#

N7K-2 - Nexus NX-OS

N7K-2# show bgp ipv4 unicast
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 17, local router ID is 10.1.2.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

   Network            Next Hop            Metric     LocPrf     Weight Path
*>e10.255.255.1/32    10.1.2.1                 0                     0 64512 i

N7K-2#

觀察到，在R3上，debug命令debug bgp ipv4 unicast已啟用。

為了進一步確認未收到路由，會執行命令clear bgp ipv4 unicast * soft，強制再次交換路由。R3路由沒有收到該路由。

R3 - Cisco IOS®
R3#debug bgp ipv4 unicast BGP debugging is on for address family: IPv4 Unicast R3# R3#clear bgp ipv4 unicast * soft R3# *Jul 15 19:22:36.427: BGP: 10.2.3.2 sending REFRESH_REQ(5) for afi/safi: 1/1, refresh code is 0 R3#

R3 - Cisco IOS®

R3#debug bgp ipv4 unicast 
BGP debugging is on for address family: IPv4 Unicast 
R3#
R3#clear bgp ipv4 unicast * soft 
R3#
*Jul 15 19:22:36.427: BGP: 10.2.3.2 sending REFRESH_REQ(5) for afi/safi: 1/1, refresh code is 0
R3#

必須在N7K-2上啟用disable-peer-as-check命令，以便該命令可以將網路字首通告給R3。

N7K-2 - Nexus NX-OS
N7K-2# conf t Enter configuration commands, one per line. End with CNTL/Z. N7K-2(config)# router bgp 65535 N7K-2(config-router)# neighbor 10.2.3.3 N7K-2(config-router-neighbor)# address-family ipv4 unicast N7K-2(config-router-neighbor-af)# disable-peer-as-check N7K-2(config-router-neighbor-af)#

N7K-2 - Nexus NX-OS

N7K-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# router bgp 65535
N7K-2(config-router)# neighbor 10.2.3.3
N7K-2(config-router-neighbor)# address-family ipv4 unicast 
N7K-2(config-router-neighbor-af)# disable-peer-as-check
N7K-2(config-router-neighbor-af)#

在N7K-2上實施disable-peer-as-check後，該路由將通告給R3，但被預期的BGP環路預防機制丟棄。

觀察「DENIED DUE to:AS-PATH包含我們自己的AS」，如調試輸出所示。

R3 - Cisco IOS®
R3# Jul 15 19:29:06.440: BGP(0): 10.2.3.2 rcv UPDATE w/ attr: nexthop 10.2.3.2, origin i, originator 0.0.0.0, merged path 65535 64512, AS_PATH , community , extended community , SSA attribute Jul 15 19:29:06.442: BGPSSA ssacount is 0 *Jul 15 19:29:06.442: BGP(0): 10.2.3.2 rcv UPDATE about 10.255.255.1/32 -- DENIED due to: AS-PATH contains our own AS; R3#

R3 - Cisco IOS®

R3#
*Jul 15 19:29:06.440: BGP(0): 10.2.3.2 rcv UPDATE w/ attr: nexthop 10.2.3.2, origin i, originator 0.0.0.0, merged path 65535 64512, AS_PATH , community , extended community , SSA attribute 
*Jul 15 19:29:06.442: BGPSSA ssacount is 0
*Jul 15 19:29:06.442: BGP(0): 10.2.3.2 rcv UPDATE about 10.255.255.1/32 -- DENIED due to: AS-PATH contains our own AS;
R3#

附註：如果在AS_PATH屬性中最後找不到R3的AS，則N7K-2不需要命令來通告路由。

在本示例中，使用route-map和set as-path prepend命令在AS_PATH屬性中最後預置另一個AS。現在，在R3的AS路徑中有另一個AS。

AS_PATH列出6530064512。

N7K-2 - Nexus NX-OS
configure terminal ! route-map TEST permit 10 set as-path prepend 65300 ! N7K-2# conf t Enter configuration commands, one per line. End with CNTL/Z. N7K-2(config)# router bgp 65535 N7K-2(config-router)# neighbor 10.1.2.1 N7K-2(config-router-neighbor)# address-family ipv4 unicast N7K-2(config-router-neighbor-af)# route-map TEST in N7K-2(config-router-neighbor-af)# N7K-2# N7K-2# show bgp ipv4 unicast BGP routing table information for VRF default, address family IPv4 Unicast BGP table version is 18, local router ID is 10.1.2.2 Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, -valid, >-best Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected Origin codes: i - IGP, e - EGP, ? - incomplete, \| - multipath, & - backup Network Next Hop Metric LocPrf Weight Path >e10.255.255.1/32 10.1.2.1 0 0 65300 64512 i N7K-2#

N7K-2 - Nexus NX-OS

configure terminal
!
route-map TEST permit 10
  set as-path prepend 65300
!

N7K-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# router bgp 65535
N7K-2(config-router)#   neighbor 10.1.2.1
N7K-2(config-router-neighbor)#     address-family ipv4 unicast
N7K-2(config-router-neighbor-af)# route-map TEST in
N7K-2(config-router-neighbor-af)# 
N7K-2# 

N7K-2# show bgp ipv4 unicast
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 18, local router ID is 10.1.2.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

   Network            Next Hop            Metric     LocPrf     Weight Path
*>e10.255.255.1/32    10.1.2.1                 0                     0 65300 64512 i

N7K-2#

觀察N7K-2在此情況下如何在不需要disable-peer-as-check的情況下通告路由。

N7K-2 - Nexus NX-OS
N7K-2# sh run bgp !Command: show running-config bgp !Time: Mon Jul 15 21:28:59 2019 version 7.3(0)D1(1) feature bgp router bgp 65535 address-family ipv4 unicast neighbor 10.1.2.1 remote-as 64512 address-family ipv4 unicast route-map TEST in neighbor 10.2.3.3 remote-as 64512 address-family ipv4 unicast N7K-2#

N7K-2 - Nexus NX-OS

N7K-2# sh run bgp 

!Command: show running-config bgp
!Time: Mon Jul 15 21:28:59 2019

version 7.3(0)D1(1)
feature bgp

router bgp 65535
  address-family ipv4 unicast
  neighbor 10.1.2.1
    remote-as 64512
    address-family ipv4 unicast
      route-map TEST in
  neighbor 10.2.3.3
    remote-as 64512
    address-family ipv4 unicast


N7K-2#

通知「由於以下原因被拒絕：AS-PATH包含我們自己的AS」，可從R3的調試輸出中看到。

R3 - Cisco IOS®
R3#show debug IP routing: BGP debugging is on for address family: IPv4 Unicast BGP updates debugging is on for address family: IPv4 Unicast R3# R3#clear bgp ipv4 unicast * soft R3# Jul 15 21:33:11.309: BGP: 10.2.3.2 sending REFRESH_REQ(5) for afi/safi: 1/1, refresh code is 0 Jul 15 21:33:12.312: BGP(0): 10.2.3.2 rcv UPDATE w/ attr: nexthop 10.2.3.2, origin i, originator 0.0.0.0, merged path 65535 65300 64512, AS_PATH , community , extended community , SSA attribute Jul 15 21:33:12.313: BGPSSA ssacount is 0 Jul 15 21:33:12.313: BGP(0): 10.2.3.2 rcv UPDATE about 10.255.255.1/32 -- DENIED due to: AS-PATH contains our own AS; R3#

R3 - Cisco IOS®

R3#show debug
IP routing:
  BGP debugging is on for address family: IPv4 Unicast 
  BGP updates debugging is on for address family: IPv4 Unicast 

R3#
R3#clear bgp ipv4 unicast * soft
R3#
*Jul 15 21:33:11.309: BGP: 10.2.3.2 sending REFRESH_REQ(5) for afi/safi: 1/1, refresh code is 0
*Jul 15 21:33:12.312: BGP(0): 10.2.3.2 rcv UPDATE w/ attr: nexthop 10.2.3.2, origin i, originator 0.0.0.0, merged path 65535 65300 64512, AS_PATH , community , extended community , SSA attribute 
*Jul 15 21:33:12.313: BGPSSA ssacount is 0
*Jul 15 21:33:12.313: BGP(0): 10.2.3.2 rcv UPDATE about 10.255.255.1/32 -- DENIED due to: AS-PATH contains our own AS;    
R3#

疑難排解

本節提供的資訊可用於對組態進行疑難排解。

若要確認BGP配置需要NX-OS上的disable-peer-as-check命令，請開啟這些調試。

debug-filter bgp neighbor <eBGP_NEIGHBOR>
debug-filter bgp prefix <ROUTE_TO_BE_ADVERTISED>
debug bgp updates
debug logfile <FILE_NAME>

請注意，類似「10.2.3.3 10.255.255.1/32 path-id 1」的消息由於以下原因未傳送到對等體：當存在重新傳送路由的請求時，將生成通告AS。

N7K-2 - Nexus NX-OS
N7K-2# debug-filter bgp neighbor 10.2.3.3 N7K-2# debug-filter bgp prefix 10.255.255.1/32 N7K-2# debug bgp updates N7K-2# N7K-2# debug logfile bgpdebug.log N7K-2# show debug logfile bgpdebug.log 2019 Jul 15 21:38:12.586085 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] Continuing update run for peer 10.2.3.3 (#0) 2019 Jul 15 21:38:12.586129 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] consider sending 10.255.255.1/32 to peer 10.2.3.3, path-id 1, best-ext is off 2019 Jul 15 21:38:12.586145 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] 10.2.3.3 10.255.255.1/32 path-id 1 not sent to peer due to: advertising AS 2019 Jul 15 21:38:12.586160 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] 10.2.3.3: walked 0 nodes and packed 0/0 prefixes 2019 Jul 15 21:38:12.586177 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] Found marker dest 0xf35349f0 on xmitlist for peer 10.2.3.3 (sent prefixes: 0) 2019 Jul 15 21:38:12.586200 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] Created EOR marker UPDATE msg (len 23) to peer 10.2.3.3 afer sending 0 routes 2019 Jul 15 21:38:12.586213 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] (#24) Suspending update run for peer 10.2.3.3 (#24) N7K-2#

N7K-2 - Nexus NX-OS

N7K-2# debug-filter bgp neighbor 10.2.3.3
N7K-2# debug-filter bgp prefix 10.255.255.1/32
N7K-2# debug bgp updates
N7K-2# 
N7K-2# debug logfile bgpdebug.log

N7K-2# show debug logfile bgpdebug.log
2019 Jul 15 21:38:12.586085 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] Continuing update run for peer 10.2.3.3 (#0) 
2019 Jul 15 21:38:12.586129 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] consider sending 10.255.255.1/32 to peer 10.2.3.3, path-id 1, best-ext is off
2019 Jul 15 21:38:12.586145 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] 10.2.3.3 10.255.255.1/32 path-id 1 not sent to peer due to: advertising AS 
2019 Jul 15 21:38:12.586160 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] 10.2.3.3: walked 0 nodes and packed 0/0 prefixes 
2019 Jul 15 21:38:12.586177 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] Found marker dest 0xf35349f0 on xmitlist for peer 10.2.3.3 (sent prefixes: 0) 
2019 Jul 15 21:38:12.586200 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] Created EOR marker UPDATE msg (len 23) to peer 10.2.3.3 afer sending 0 routes 
2019 Jul 15 21:38:12.586213 bgp: 65535 [7848] (default) UPD: [IPv4 Unicast] (#24) Suspending update run for peer 10.2.3.3 (#24) 
N7K-2#

完成後，使用以下命令禁用調試：

undebug all
no debug-filter all
clear debug logfile <FILE_NAME>

由思科工程師貢獻

Hector Gustavo Serrano Gutierrez
Cisco TAC工程師

在Cisco Nexus交換機上配置BGP中的disable-peer-as-check

下載選項

無偏見用語

關於此翻譯

目錄

簡介

必要條件

需求

採用元件

設定

網路圖表

組態

驗證

疑難排解

由思科工程師貢獻

這份文件是否有所幫助？

讓思科協助您

本文件適用於這些產品