关于超过ibgp配置和ping时间:跃点限制

Question

我正在配置iBGP

现在有两台机器RS1和RS2

他们使用Ubuntu 18和Bird1.6

连接到as6939的RS1

连接到as20473的RS2

2000:1::/48在RS1上宣布

2000:2:：48在RS2上宣布

RS1和RS2之间通过零层连接，然后建立iBGP

他们的个人资料如下所示

RS1

router id 1.1.1.1;

function is_my_net()
{
        return net ~ [
                2000::/44+,
        ];
}

filter normal_out
{
        if proto = "Announce" then accept;
        if is_my_net() then accept;
        if proto = "NA" then reject;
        reject;
}

protocol static Announce
{
        route 2000:1::/48 reject; #tunnel
}


protocol static NA
{

}


protocol kernel
{
        scan time 60;
        import none;
        #export all;
        metric 2000;
}

protocol device
{
        scan time 60;
}

protocol direct {
        interface "*";
        import all;
}

template bgp ibgp {
        local fd15:9924:d630:e01c:2333:93f4:229e:9998 as 123456;
        import all;
        export all;
        graceful restart on;
}


protocol bgp ibgp_rs2 from ibgp {
        neighbor fd15:9924:d630:e01c:2333:9391:ba13:598b as 123456;
}


protocol bgp he
{
        local 2001:2333:2333:a4::2 as 123456;
        neighbor 2001:2333:2333:a4::1 as 6939;
        import all;
        export filter normal_out;
        graceful restart on;
}

protocol ospf myospf {
        import all;
        export where source ~ [ RTS_DEVICE, RTS_STATIC, RTS_OSPF ] && proto != "static_bgp" && proto != "static_bgp_vultr";
        area 0 {
                interface "bgp" {
                        cost 450;
                };
        };
}

RS2

router id 1.1.1.2;

function is_my_net()
{
        return net ~ [
                2000::/44+
        ];
}

filter normal_out
{
        if proto = "Announce" then accept;
        if is_my_net() then accept;
        if proto = "NA" then reject;
        reject;
}

protocol static Announce
{
        route 2000:2::/48 reject; #tunnel
}

protocol static NA
{

}

protocol static static_vultr {
        route 2001:19f0:ffff::1/128 via fe80::fc00:2333:fe88:2333%ens3;
}

protocol kernel
{
        scan time 60;
        import none;
        #export all;
        metric 2000;
}

protocol device
{
        scan time 60;
}

protocol direct {
        interface "*";
        import all;
}


protocol bgp vultr
{
        local 2001:19f0:4400:5132:5400:2333:fe88:2333 as 123456;
        neighbor 2001:19f0:ffff::1 as 64515;
        import all;
        export filter normal_out;
        graceful restart on;
        multihop 2;
        password "hidepasswd";
}

template bgp ibgp {
        local fd15:9924:d630:e01c:2333:9391:ba13:598b as 123456;
        import all;
        export all;
        graceful restart on;
}

protocol bgp ibgp_rs1 from ibgp {
        neighbor fd15:9924:d630:e01c:2333:93f4:229e:9998 as 123456;
}


protocol ospf myospf {
        import all;
        export where source ~ [ RTS_DEVICE, RTS_STATIC, RTS_OSPF ] && proto != "static_bgp" && proto != "static_bgp_vultr";
        area 0 {
                interface "bgp" {
                        cost 450;
                };
        };
}

在RS1中运行birdc6 show route 2000:2::/48

root@rs1:~# birdc6 show route 2000:2::/48
BIRD 1.6.3 ready.
2000:2::/48 via fd15:9924:d630:e01c:2333:9391:ba13:598b on ztyou4jsxl [ibgp_rs2 14:10:51] * (100/0) [i]

在RS2中运行birdc6 show route 2000:1::/48

root@rs2:~# birdc6 show route 2000:1::/48
BIRD 1.6.6 ready.
2000:1::/48  via fd15:9924:d630:e01c:2333:93f4:229e:9998 on ztyou4jsxl [ibgp_rs1 06:10:45] * (100/0) [i]

但我在rs1上运行traceroute6 2000:2::

root@rs1:~# traceroute6 2000:2::
traceroute to 2000:2:: (2000:2::) from 2001:2333:2333:a4::2, 30 hops max, 24 byte packets
 1  tunnel562333.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::1)  2.144 ms  2.095 ms  1.969 ms
 2  tunnel562333-pt.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::2)  1.87 ms  21.406 ms  10.724 ms
 3  tunnel562333.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::1)  7.368 ms  3.664 ms  3.776 ms
 4  tunnel562333-pt.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::2)  3.396 ms  3.457 ms  3.546 ms
 5  tunnel562333.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::1)  5.58 ms  5.604 ms  5.788 ms
 6  tunnel562333-pt.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::2)  5.089 ms  5.405 ms  5.056 ms
 7  tunnel562333.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::1)  7.197 ms  7.266 ms  6.965 ms
 8  tunnel562333-pt.tunnel.tserv19.hkg1.ipv6.he.net (2001:2333:2333:a4::2)  6.64 ms  7.773 ms  7.013 ms

在rs2上运行traceroute6 2000:1::

root@rs2:~# traceroute6 2000:1::
traceroute to 2000:1:: (2000:1::) from 2001:19f0:4400:5132:5400:2333:fe88:2333, 30 hops max, 24 byte packets
 1  * * *
 2  2001:19f0:4400:5132:5400:2333:fe88:2333 (2001:19f0:4400:5132:5400:2333:fe88:2333)  0.551 ms  0.164 ms  0.107 ms
 3  * * *
 4  2001:19f0:4400:5132:5400:2333:fe88:2333 (2001:19f0:4400:5132:5400:2333:fe88:2333)  0.445 ms  0.226 ms  0.138 ms
 5  * * *
 6  2001:19f0:4400:5132:5400:2333:fe88:2333 (2001:19f0:4400:5132:5400:2333:fe88:2333)  0.353 ms  0.251 ms  0.365 ms
 7  * * *
 8  2001:19f0:4400:5132:5400:2333:fe88:2333 (2001:19f0:4400:5132:5400:2333:fe88:2333)  0.346 ms  0.319 ms  0.216 ms

就像traceroute6一样

IBGP无法工作并破坏BGP路由

我该如何解决这个问题？

Answer 1

这个问题已经解决了，问题是路由不能导出到内核

protocol kernel
{
        scan time 60;
        import none;
        export all;
        metric 2000;
}

此外，我使用OSPF来路由IGP