Juniper系列iBGP路由的问题
Juniper系列iBGP路由的问题
提问于 2018-10-30 02:13:21
我有一个简单的设置:
- 2x Juniper MX系列路由器,每个路由器都有一个到传输提供商的上行链路
- 两个路由器之间的iBGP会话(点到点)
- 出于测试目的,我已经禁用了从R2到传输提供者的上行链路。所有路由都是从R1 iBGP会话接收的。
- 试图找出为什么R2不能利用R1's路由,而它似乎有这样的路线
配置非常基本:
R1
protocols {
bgp {
group internal-peers {
type internal;
description "iBGP between R1 and R2";
local-address 172.16.20.1; # lo0.0
export iBGP-send-direct;
neighbor 172.16.20.2; # R2 lo0.0
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface et-0/0/0.0; # point-to-point to R2
}
}
}R2
protocols {
bgp {
group internal-peers {
type internal;
description "iBGP between R2 and R1";
local-address 172.16.20.2; # lo0.0
export iBGP-send-direct;
neighbor 172.16.20.1; # R1 lo0.0
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface et-0/0/0.0; # point-to-point to R1
}
}
}iBGP-发送-直接策略-声明
policy-statement iBGP-send-direct {
term 1 {
from protocol direct;
then accept;
}
term 2 {
from protocol static;
then accept;
}
}不过,当交通从R2到R1时,我得到了正确的路线,但它并没有到达上游:
R2
user@r2> show route 1.1.1.1
inet.0: 713294 destinations, 713297 routes (713294 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/24 *[BGP/170] 00:07:47, MED 2020, localpref 100, from 172.16.20.1
AS path: 174 13335 I, validation-state: unverified
> to 172.16.25.1 via et-0/0/0.0当从R2跟踪1.1.1.1时,它将转到172.16.25.1 (这是可以到达的),但是没有其他任何东西。R1上有一条1.1.1.1的路径。
R1
user@r1> show route 1.1.1.1
inet.0: 713326 destinations, 713329 routes (713326 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/24 *[BGP/170] 04:07:16, MED 2020, localpref 100
AS path: 174 13335 I, validation-state: unverified
> to 38.104.XX.XX via xe-0/1/4.0我显然错过了一些很明显的东西。有人能说出一些见解吗?
谢谢。
回答 2
Network Engineering用户
发布于 2018-11-01 20:02:39
为了感兴趣,我构建了一个测试拓扑,它显示在下面的图像中:
注意:所有路由器的信任几乎都是默认的。我所做的:
- 返回1.1.1.1/32的ISP路由器。通过BGP宣布1.1.1.0/24号路线至vMX-1。BGP会话到vMX-2没有配置;
- vMX-1和vMX-2通过VRRP共享虚拟IP 198.18.100.3,该IP被设置为PC1的默认网关(198.18.100.5);
- vMX-1向ISP宣布198.18.100.0/24;
- 从vMX-2到ISP的连接故意删除。
路由器配置:
ISP
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 201.100.0.5 255.255.255.248
duplex auto
speed auto
!
router bgp 200
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 201.100.0.1 remote-as 100
neighbor 201.100.0.1 update-source FastEthernet0/0
no auto-summary
!
ip route 1.1.1.0 255.255.255.0 Null0状态:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
201.100.0.1 4 100 53 50 4 0 0 00:15:01 1
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.1/32 is directly connected, Loopback0
S 1.1.1.0/24 is directly connected, Null0
201.100.0.0/29 is subnetted, 1 subnets
C 201.100.0.0 is directly connected, FastEthernet0/0
B 198.18.100.0/24 [20/0] via 201.100.0.1, 00:07:38vMX-1
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 201.100.0.1/29;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 172.16.25.1/30;
address 198.18.100.1/29 {
vrrp-group 1 {
virtual-address 198.18.100.3;
priority 50;
accept-data;
}
}
}
}
}
lo0 {
unit 0 {
family inet {
address 172.16.20.1/32;
}
}
}
}
routing-options {
static {
route 198.18.100.0/24 {
discard;
preference 240;
}
}
}
protocols {
bgp {
local-as 100;
group internal-peers {
type internal;
local-address 172.16.20.1;
export ibgp-local-as;
neighbor 172.16.20.2;
}
group isp {
type external;
export bgp-local-as;
neighbor 201.100.0.5 {
peer-as 200;
}
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-0/0/1.0;
}
}
}
policy-options {
policy-statement bgp-local-as {
term t1 {
from {
route-filter 198.18.100.0/24 exact;
}
then accept;
}
}
policy-statement ibgp-local-as {
term t1 {
then {
next-hop self;
}
}
}
}状态:
> show bgp summary
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.20.2 100 42 44 0 0 18:28 0/0/0/0 0/0/0/0
201.100.0.5 200 36 41 0 0 17:09 1/1/1/0 0/0/0/0
> show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/24 *[BGP/170] 00:17:35, MED 0, localpref 100
AS path: 200 I, validation-state: unverified
> to 201.100.0.5 via ge-0/0/0.0
172.16.20.1/32 *[Direct/0] 00:32:40
> via lo0.0
172.16.20.2/32 *[OSPF/10] 00:21:16, metric 1
> to 172.16.25.2 via ge-0/0/1.0
to 198.18.100.2 via ge-0/0/1.0
172.16.25.0/30 *[Direct/0] 00:22:00
> via ge-0/0/1.0
172.16.25.1/32 *[Local/0] 00:22:00
Local via ge-0/0/1.0
198.18.100.0/24 *[Static/240] 00:09:57
Discard
198.18.100.0/29 *[Direct/0] 00:29:46
> via ge-0/0/1.0
198.18.100.1/32 *[Local/0] 00:29:46
Local via ge-0/0/1.0
198.18.100.3/32 *[Local/0] 00:22:42
Local via ge-0/0/1.0
201.100.0.0/29 *[Direct/0] 00:38:10
> via ge-0/0/0.0
201.100.0.1/32 *[Local/0] 00:38:10
Local via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 00:31:58, metric 1
MultiRecv
> show ospf neighbor
Address Interface State ID Pri Dead
198.18.100.2 ge-0/0/1.0 Full 172.16.20.2 128 35
172.16.25.2 ge-0/0/1.0 Full 172.16.20.2 128 39vMX-2
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 201.100.0.2/29;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 172.16.25.2/30;
address 198.18.100.2/29 {
vrrp-group 1 {
virtual-address 198.18.100.3;
priority 150;
accept-data;
}
}
}
}
}
lo0 {
unit 0 {
family inet {
address 172.16.20.2/32;
}
}
}
}
protocols {
bgp {
local-as 100;
group internal-peers {
type internal;
local-address 172.16.20.2;
export ibgp-local-as;
neighbor 172.16.20.1;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-0/0/1.0;
}
}
}
policy-options {
policy-statement ibgp-local-as {
term t1 {
then {
next-hop self;
}
}
}
}vMX-2的路由表:
> show route
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/24 *[BGP/170] 00:03:36, MED 0, localpref 100, from 172.16.20.1
AS path: 200 I, validation-state: unverified
> to 172.16.25.1 via ge-0/0/1.0
to 198.18.100.1 via ge-0/0/1.0
172.16.20.1/32 *[OSPF/10] 00:33:17, metric 1
to 172.16.25.1 via ge-0/0/1.0
> to 198.18.100.1 via ge-0/0/1.0
172.16.20.2/32 *[Direct/0] 00:44:46
> via lo0.0
172.16.25.0/30 *[Direct/0] 00:34:22
> via ge-0/0/1.0
172.16.25.2/32 *[Local/0] 00:34:22
Local via ge-0/0/1.0
198.18.100.0/29 *[Direct/0] 00:41:49
> via ge-0/0/1.0
198.18.100.2/32 *[Local/0] 00:41:49
Local via ge-0/0/1.0
198.18.100.3/32 *[Local/0] 00:08:33
Local via ge-0/0/1.0
201.100.0.0/29 *[Direct/0] 00:49:58
> via ge-0/0/0.0
201.100.0.2/32 *[Local/0] 00:49:58
Local via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 00:43:57, metric 1
MultiRecv来自PC1的Ping:
PC1> ping 1.1.1.1
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=12.161 ms
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=12.250 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=5.690 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=9.649 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=2.823 ms追踪:
PC1> trace 1.1.1.1
trace to 1.1.1.1, 8 hops max, press Ctrl+C to stop
1 172.16.25.2 2.584 ms 0.861 ms 0.645 ms
2 172.16.25.1 2.450 ms 1.736 ms 1.723 ms
3 *201.100.0.5 9.231 ms (ICMP type:3, code:3, Destination port unreachable)我认为您的配置只是缺少iBGP的下一跳策略。
Network Engineering用户
发布于 2018-11-03 13:24:56
什么是172.16.25.1?你在设置下一跳自我吗?默认情况下,IBGP广告中的前缀保留当前的下一跳(这将是传输)。
您可以修改Junos的BGP实现以保留所有路由,无论它们是否有效:https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/keep-edit-protocols-bgp.html
但我怀疑如果你不能跟踪这里还会发生更多的事情。你能提供你的拖拉机吗?您还可以包括traceroute的源地址吗?我看到了混合的私人地址,当追踪到互联网时,这些地址通常不会有帮助。
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/54339
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号