BGP <-> OSPF路由再分配环
BGP <-> OSPF路由再分配环
提问于 2021-07-29 08:51:49
在下面的拓扑中,我有一个来自BGP <-> OSPF的多点重新分布,最近我遇到了一个路由循环。在进一步阅读之后,我了解到有问题的路由器是ISP-2和ISP-3,我需要在需要时标记这些路由并拒绝,这样循环就不会发生,但是在尝试之后,我了解到BGP不支持标记(% "OSPF_TO_BGP" used as redistribute ospf into bgp route-map, set tag not supported)。关于这个话题,我被告知我可以在BGP社区中实现同样的目标,但我不知道该如何实现这个目标。我会感谢你的帮助。
注意:下面添加的图像、跟踪和配置
RB-5#trace 10.1.22.2
Type escape sequence to abort.
Tracing the route to 10.1.22.2
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.52.2 11 msec 9 msec 6 msec
2 172.16.65.1 [AS 65200] 9 msec 13 msec 7 msec
3 10.1.11.2 [AS 65200] 9 msec 21 msec 20 msec
4 10.1.31.1 [AS 65200] 29 msec 18 msec 15 msec
5 10.0.32.2 [AS 65200] 17 msec 20 msec 10 msec
6 10.0.42.1 [AS 65200] 18 msec 25 msec 13 msec
7 172.16.34.2 [AS 65100] 21 msec 32 msec 18 msec
8 172.16.32.2 [AS 65100] 13 msec 12 msec 14 msec
9 172.16.65.1 [AS 65200] 15 msec 31 msec 16 msec
10 10.1.11.2 [AS 65200] 15 msec 18 msec 16 msec
11 10.1.31.1 [AS 65200] 18 msec 28 msec 24 msec
12 10.0.32.2 [AS 65200] 22 msec 24 msec 13 msec
13 10.0.42.1 [AS 65200] 22 msec 24 msec 22 msec
14 172.16.34.2 [AS 65100] 34 msec 22 msec 16 msec
15 172.16.32.2 [AS 65100] 20 msec 18 msec 17 msec
16 172.16.65.1 [AS 65200] 41 msec 33 msec 26 msec
17 10.1.11.2 [AS 65200] 20 msec 25 msec 28 msec
18 10.1.31.1 [AS 65200] 31 msec 34 msec 28 msec
19 10.0.32.2 [AS 65200] 21 msec 32 msec 24 msec
20 10.0.42.1 [AS 65200] 26 msec 30 msec 31 msec
21 172.16.34.2 [AS 65100] 37 msec 45 msec 44 msec
22 172.16.32.2 [AS 65100] 12 msec 29 msec 36 msec
23 172.16.65.1 [AS 65200] 24 msec 38 msec 33 msec
24 10.1.11.2 [AS 65200] 31 msec 34 msec 32 msec
25 10.1.31.1 [AS 65200] 68 msec 59 msec 63 msec
26 10.0.32.2 [AS 65200] 42 msec 45 msec 35 msec
27 10.0.42.1 [AS 65200] 28 msec 51 msec 30 msec
28 172.16.34.2 [AS 65100] 45 msec 32 msec 48 msec
29 172.16.32.2 [AS 65100] 41 msec 37 msec 41 msec
30 172.16.65.1 [AS 65200] 39 msec 47 msec 39 msecISP-2 Config:
ISP-2(config)#do show run
Building configuration...
Current configuration : 2854 bytes
!
! Last configuration change at 08:07:38 UTC Thu Jul 29 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname ISP-2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
no ip domain-lookup
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no switchport
ip address 172.16.12.2 255.255.255.252
duplex auto
!
interface Ethernet0/1
no switchport
ip address 172.16.52.2 255.255.255.252
duplex auto
!
interface Ethernet0/2
no switchport
ip address 172.16.32.2 255.255.255.252
duplex auto
!
interface Ethernet0/3
no switchport
ip address 172.16.210.1 255.255.255.252
duplex auto
!
interface Ethernet1/0
shutdown
!
interface Ethernet1/1
shutdown
!
interface Ethernet1/2
shutdown
!
interface Ethernet1/3
shutdown
!
interface Ethernet2/0
shutdown
!
interface Ethernet2/1
shutdown
!
interface Ethernet2/2
shutdown
!
interface Ethernet2/3
shutdown
!
interface Ethernet3/0
shutdown
!
interface Ethernet3/1
shutdown
!
interface Ethernet3/2
shutdown
!
interface Ethernet3/3
no switchport
ip address 172.16.65.2 255.255.255.252
duplex auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 101
redistribute bgp 65200 metric 1 metric-type 1 subnets route-map BGP_TO_OSPF
network 172.16.65.0 0.0.0.3 area 1
!
router bgp 65200
bgp router-id 2.0.0.2
bgp log-neighbor-changes
neighbor 172.16.12.1 remote-as 15000
neighbor 172.16.32.1 remote-as 65100
neighbor 172.16.52.1 remote-as 25000
neighbor 172.16.210.2 remote-as 65300
!
address-family ipv4
network 172.16.12.0 mask 255.255.255.252
network 172.16.32.0 mask 255.255.255.252
network 172.16.52.0 mask 255.255.255.252
network 172.16.65.0 mask 255.255.255.252
network 172.16.210.0 mask 255.255.255.252
redistribute ospf 101 match internal external 1 external 2 route-map OSPF_TO_BGP
neighbor 172.16.12.1 activate
neighbor 172.16.32.1 activate
neighbor 172.16.52.1 activate
neighbor 172.16.210.2 activate
exit-address-family
!
ip forward-protocol nd
!
ip bgp-community new-format
!
no ip http server
no ip http secure-server
!
!
!
route-map BGP_TO_OSPF deny 10
match tag 111
!
route-map BGP_TO_OSPF permit 20
set tag 222
!
route-map OSPF_TO_BGP deny 10
match tag 222
!
route-map OSPF_TO_BGP permit 20
set tag 111
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end回答 4
Network Engineering用户
发布于 2021-07-29 09:13:06
我在我的网络里也这么做,但它确实有效。我认为这里的不同之处在于您用于重新分发的标记,并且不像您提到的那样受支持。您可以通过ip前缀而不是标记对路线图进行过滤。请检查我的路由器中的例子,让我知道它是否有帮助。
router ospf 1
router-id 10.254.61.254
redistribute bgp 65111 metric 10 route-map BGP-to-OSPF
passive-interface default
no passive-interface Loopback1
no passive-interface Vlan4003
network 10.211.61.72 0.0.0.3 area 11
network 10.254.61.254 0.0.0.0 area 11
!
router bgp 65111
bgp router-id 10.255.61.5
bgp log-neighbor-changes
neighbor 10.255.61.1 remote-as 65444
neighbor 10.255.61.1 update-source GigabitEthernet0/0/0
!
address-family ipv4
network 10.254.61.254 mask 255.255.255.255
network 10.255.61.0 mask 255.255.255.248
network 172.17.111.0 mask 255.255.255.0
network 172.17.121.0 mask 255.255.255.0
redistribute ospf 1 metric 10 route-map OSPF-to-BGP
neighbor 10.255.61.1 activate
neighbor 10.255.61.1 send-community
neighbor 10.255.61.1 allowas-in 1
neighbor 10.255.61.1 soft-reconfiguration inbound
exit-address-family
!
ip prefix-list IPVPN seq 10 permit 10.30.0.0/16
ip prefix-list IPVPN seq 15 permit 172.19.221.0/24
ip prefix-list IPVPN seq 20 permit 172.19.21.0/24
ip prefix-list IPVPN seq 25 permit 10.7.0.0/16
!
ip prefix-list PF-LOCAL seq 10 permit 10.211.1.0/24
ip prefix-list PF-LOCAL seq 15 permit 172.17.101.0/24
ip prefix-list PF-LOCAL seq 20 permit 172.17.102.0/24
ip prefix-list PF-LOCAL seq 25 permit 172.17.103.0/24
ip prefix-list PF-LOCAL seq 30 permit 172.17.104.0/24
ip prefix-list PF-LOCAL seq 35 permit 172.17.105.0/24
ip prefix-list PF-LOCAL seq 40 permit 172.17.111.0/24
ip prefix-list PF-LOCAL seq 45 permit 172.17.121.0/24
!
ip prefix-list PL-DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
!
route-map BGP-to-OSPF permit 10
match ip address prefix-list IPVPN
!
route-map OSPF-to-BGP permit 10
match ip address prefix-list PF-LOCAL
!
route-map RM-DENY-DEFAULT-IN deny 5
match ip address prefix-list PL-DEFAULT-ROUTE
!
route-map RM-DENY-DEFAULT-IN permit 10
!Network Engineering用户
发布于 2021-07-29 11:52:52
昨天有过这样的谈话。社区听起来很复杂,但实际上只是BGP的标签。有几种不同的方法可以潜在地解决这个问题。看看拓扑,我假设RO-1和RO-4是你的重新分配集。考虑到这一点,您可以将BGP社区设置为65100:10和65200:10 (数字是任意的)。标准做法是使用您的ASN)。在重新分配点,您将添加一个路线图,将社区设置为将路由重新分配到社区65100:10或65200:10,然后在您的eBGP对等点上,您希望从ebgp邻居设置一个入站策略,以匹配65100:10或65200:10,并拒绝这些路由。我正在打电话,所以输入一个示例配置有点困难,但希望这会有所帮助。
要记住的关键是:你需要接受和发送社区。
建议打开软复位入站(帮助验证您是否看到NLRI并可以相应地设置规则)。
入站策略:您可以在已知前缀上匹配,也可以在社区上匹配。有些条件是可以设置的,但这些条件更复杂一些。
Network Engineering用户
发布于 2021-07-29 17:15:13
你有几张路线图几乎是正确的。正如您所推测的,您需要在BGP路由策略中使用社区。
ip community-list standard permit from-ospf <asn>:1
route-map BGP_TO_OSPF deny 10
match community from-ospf
route-map BGP_TO_OSPF permit 20
set tag 222
route-map OSPF_TO_BGP deny 10
match tag 222
route-map OSPF_TO_BGP permit 20
set community <asn>:1页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/75695
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号