BGP 조건부 광고 기능
소개
이 문서에서는 BGP 테이블에 다른 접두사가 있을 때 종속되는 경로 광고를 추가로 제어하는 BGP(Border Gateway Protocol) 조건부 광고 기능에 대해 설명합니다.
사전 요구 사항
요구 사항
Cisco에서는 이 주제에 대해 알고 있는 것이 좋습니다.
- 플랫폼 독립적
사용되는 구성 요소
이 문서의 정보는 다음 소프트웨어 및 하드웨어 버전을 기반으로 합니다.
- IOS
- IOS-XE
- ASR1000
이 문서의 정보는 특정 랩 환경의 디바이스를 토대로 작성되었습니다.이 문서에 사용된 모든 디바이스는 초기화된(기본) 컨피그레이션으로 시작되었습니다.네트워크가 작동 중인 경우 모든 명령의 잠재적인 영향을 이해해야 합니다.
구성
R1, R2 및 R3을 구성합니다. 컨피그레이션은 여기에 지정됩니다.
네트워크 다이어그램
구성
R1 구성:
!
hostname R1
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 1.1.1.2 255.255.255.255
!
interface Loopback2
ip address 1.1.1.3 255.255.255.255
!
interface Loopback3
ip address 1.1.1.4 255.255.255.255
!
interface Loopback4
ip address 1.1.1.5 255.255.255.255
!
interface Loopback100
ip address 10.139.224.1 255.255.240.0
!
interface Ethernet0/0
ip address 10.10.12.1 255.255.255.0
!
router bgp 1
bgp log-neighbor-changes
neighbor 10.10.12.2 remote-as 2
!
address-family ipv4
network 0.0.0.0 route-map DEF
network 1.1.1.1 mask 255.255.255.255 route-map RM1
network 1.1.1.5 mask 255.255.255.255
redistribute connected route-map CUST
neighbor 10.10.12.2 activate
neighbor 10.10.12.2 send-community
neighbor 10.10.12.2 soft-reconfiguration inbound
exit-address-family
!
ip forward-protocol nd
!
ip bgp-community new-format
ip route 0.0.0.0 0.0.0.0 Null0
!
ip prefix-list CUST seq 5 permit 10.139.224.0/20
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
ip prefix-list PL1 seq 5 permit 1.1.1.1/32
!
route-map CUST permit 10
match ip address prefix-list CUST
set community 64671:501
!
route-map RM1 permit 10
match ip address prefix-list PL1
set community 64952:3008
!
route-map DEF permit 10
match ip address prefix-list DEFAULT
set community 64848:3011 65011:200 65013:200
!
end
R2 구성:
! hostname R2 ! ip cef ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Ethernet0/0 ip address 10.10.12.2 255.255.255.0 ! interface Ethernet0/1 ip address 10.10.23.2 255.255.255.0 ! router bgp 2 bgp log-neighbor-changes neighbor 10.10.12.1 remote-as 1 neighbor 10.10.23.3 remote-as 3 ! address-family ipv4 neighbor 10.10.12.1 activate neighbor 10.10.12.1 soft-reconfiguration inbound neighbor 10.10.23.3 activate neighbor 10.10.23.3 send-community neighbor 10.10.23.3 advertise-map ADV-MAP exist-map EXIST-MAP <<< This statement changes in non-exist-map neighbor 10.10.23.3 soft-reconfiguration inbound exit-address-family ! ip forward-protocol nd ! ip bgp-community new-format ip community-list standard DEFAULT-ROUTE permit 65013:200 ip community-list standard DC1-ROUTES permit 64952:3008 ip community-list standard DC2-ROUTES permit 64671:501 ip community-list standard DC3-ROUTES permit 64950:3009 ip community-list standard DEFAULT-ROUTE-DENY deny 65013:200 ! ! ip prefix-list DEFAULT seq 5 permit 1.1.1.5/32 ip prefix-list DEFAULT seq 10 permit 1.1.1.1/32 ! ip prefix-list EXIST seq 5 permit 10.10.10.10/32 ! ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0 ! ip prefix-list DEFAULT-ROUTE-DENY seq 5 deny 0.0.0.0/0 ! ip prefix-list IP1 seq 5 permit 10.139.224.0/20 ! ip prefix-list T2 seq 5 permit 1.1.1.5/32 ! route-map ADV-MAP permit 10 match ip address prefix-list IP1 ! route-map ADV-MAP permit 20 match community DC1-ROUTES DC2-ROUTES DC3-ROUTES ! route-map EXIST-MAP permit 10 description Verify Default Route from MDC-SWG match ip address prefix-list DEFAULT-ROUTE IP1 match community DEFAULT-ROUTE ! ! end
R3 구성:
! hostname R3 ! ip cef ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface Ethernet0/1 ip address 10.10.23.3 255.255.255.0 shutdown ! router bgp 3 bgp log-neighbor-changes neighbor 10.10.23.2 remote-as 2 ! address-family ipv4 neighbor 10.10.23.2 activate neighbor 10.10.23.2 send-community neighbor 10.10.23.2 soft-reconfiguration inbound exit-address-family ! ip forward-protocol nd ! ip bgp-community new-format ! ! end
다음을 확인합니다.
조건 1:
기본 경로가 BGP RIB에 없는 경우 R2는 특정 경로를 광고하지 않아야 합니다.
기본 경로가 BGP RIB에 있는 경우 R2는 모든 경로를 광고해야 합니다.
exist-map 사용
조건 2:
기본 경로가 BGP RIB에 없는 경우 R2는 모든 경로를 광고해야 합니다.
기본 경로가 BGP RIB에 있는 경우 R2는 특정 경로를 광고하지 않아야 합니다.
존재하지 않는 맵 사용
R1#show ip bgp
BGP table version is 7, local router ID is 10.139.224.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 1.1.1.5/32 0.0.0.0 0 32768 i
*> 10.139.224.0/20 0.0.0.0 0 32768 ?
R2#show ip bgp
BGP table version is 11, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.10.12.1 0 0 1 i
*> 1.1.1.1/32 10.10.12.1 0 0 1 i
*> 1.1.1.5/32 10.10.12.1 0 0 1 i
*> 10.139.224.0/20 10.10.12.1 0 0 1 ?
R2#show ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 9
Paths: (1 available, best #1, table default)
Advertised to update-groups:
1
Refresh Epoch 1
1, (received & used)
10.10.12.1 from 10.10.12.1 (10.139.224.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 64848:3011 65011:200 65013:200
rx pathid: 0, tx pathid: 0x0
R2#show ip bgp neighbors 10.10.23.3 advertised-routes
BGP table version is 11, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.10.12.1 0 0 1 i
*> 1.1.1.1/32 10.10.12.1 0 0 1 i
*> 1.1.1.5/32 10.10.12.1 0 0 1 i
*> 10.139.224.0/20 10.10.12.1 0 0 1 ?
Total number of prefixes 4
Condition1 Verification:
======================== If default route is not present in BGP RIB, R2 should not advertise certain routes.
If default route is present in BGP RIB, R2 should advertise all the routes. Use exist-map
R2's BGP Configuration:
=======================
R2#show running-config | sec bgp
router bgp 2
bgp log-neighbor-changes
neighbor 10.10.12.1 remote-as 1
neighbor 10.10.23.3 remote-as 3
!
address-family ipv4
neighbor 10.10.12.1 activate
neighbor 10.10.12.1 soft-reconfiguration inbound
neighbor 10.10.23.3 activate
neighbor 10.10.23.3 send-community
neighbor 10.10.23.3 advertise-map ADV-MAP exist-map EXIST-MAP
neighbor 10.10.23.3 soft-reconfiguration inbound
exit-address-family
ip bgp-community new-format
When Default route is removed from R2's BGP RIB:
================================================ *Mar 6 09:07:08.833: BGP(0): 10.10.12.1 rcv UPDATE about 0.0.0.0/0 -- withdrawn *Mar 6 09:07:08.833: BGP(0): no valid path for 0.0.0.0/0 *Mar 6 09:07:08.833: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 0.0.0.0/0 *Mar 6 09:07:08.833: BGP(0): (base) 10.10.23.3 send unreachable (format) 0.0.0.0/0 *Mar 6 09:07:21.280: BPG(0): Condition EXIST-MAP changes to Withdraw *Mar 6 09:07:21.353: BGP(0): net 1.1.1.1/32 matches ADV MAP ADV-MAP: bump version to 13 *Mar 6 09:07:21.353: BGP(0): net 10.139.224.0/20 matches ADV MAP ADV-MAP: bump version to 14 *Mar 6 09:07:21.362: BGP(0): Revise route installing 1 of 1 routes for 1.1.1.1/32 -> 10.10.12.1(global) to main IP table *Mar 6 09:07:21.362: BGP(0): Revise route installing 1 of 1 routes for 10.139.224.0/20 -> 10.10.12.1(global) to main IP table *Mar 6 09:07:38.933: BGP(0): (base) 10.10.23.3 send unreachable (format) 1.1.1.1/32 *Mar 6 09:07:38.933: BGP(0): (base) 10.10.23.3 send unreachable (format) 10.139.224.0/20 R2#show ip bgp neighbors 10.10.23.3 advertised-routes BGP table version is 14, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.5/32 10.10.12.1 0 0 1 i Total number of prefixes 1 When Default route is added back into R2's BGP RIB:
=================================================== *Mar 6 09:15:22.883: BGP(0): 10.10.12.1 rcvd UPDATE w/ attr: nexthop 10.10.12.1, origin i, metric 0, merged path 1, AS_PATH , community 64848:3011 65011:200 65013:200 *Mar 6 09:15:22.883: BGP(0): 10.10.12.1 rcvd 0.0.0.0/0 *Mar 6 09:15:22.883: BGP(0): Revise route installing 1 of 1 routes for 0.0.0.0/0 -> 10.10.12.1(global) to main IP table *Mar 6 09:15:22.883: BGP(0): (base) 10.10.23.3 send UPDATE (format) 0.0.0.0/0, next 10.10.23.2, metric 0, path 1 *Mar 6 09:16:21.759: BPG(0): Condition EXIST-MAP changes to Advertise *Mar 6 09:16:21.759: BGP(0): net 1.1.1.1/32 matches ADV MAP ADV-MAP: bump version to 16 *Mar 6 09:16:21.759: BGP(0): net 10.139.224.0/20 matches ADV MAP ADV-MAP: bump version to 17 *Mar 6 09:16:21.768: BGP(0): Revise route installing 1 of 1 routes for 1.1.1.1/32 -> 10.10.12.1(global) to main IP table *Mar 6 09:16:21.769: BGP(0): Revise route installing 1 of 1 routes for 10.139.224.0/20 -> 10.10.12.1(global) to main IP table *Mar 6 09:16:21.769: BGP(0): (base) 10.10.23.3 send UPDATE (format) 1.1.1.1/32, next 10.10.23.2, metric 0, path 1 *Mar 6 09:16:21.769: BGP(0): (base) 10.10.23.3 send UPDATE (format) 10.139.224.0/20, next 10.10.23.2, metric 0, path 1 R2#show ip bgp neighbors 10.10.23.3 advertised-routes BGP table version is 17, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 10.10.12.1 0 0 1 i *> 1.1.1.1/32 10.10.12.1 0 0 1 i *> 1.1.1.5/32 10.10.12.1 0 0 1 i *> 10.139.224.0/20 10.10.12.1 0 0 1 ? Total number of prefixes 4
Condition2 Verification: ========================= If default route is not present in BGP RIB, R2 should advertise all the routes.
If default route is present in BGP RIB, R2 should not advertise certain routes. Use non-exist-map
R2's BGP Configuration:
=======================
R2#show running-config | sec bgp
router bgp 2
bgp log-neighbor-changes
neighbor 10.10.12.1 remote-as 1
neighbor 10.10.23.3 remote-as 3
!
address-family ipv4
neighbor 10.10.12.1 activate
neighbor 10.10.12.1 soft-reconfiguration inbound
neighbor 10.10.23.3 activate
neighbor 10.10.23.3 send-community
neighbor 10.10.23.3 advertise-map ADV-MAP non-exist-map EXIST-MAP
neighbor 10.10.23.3 soft-reconfiguration inbound
exit-address-family
ip bgp-community new-format
When Default route is removed from R2's BGP RIB: ================================================ *Mar 6 09:21:24.445: BGP(0): 10.10.12.1 rcv UPDATE about 0.0.0.0/0 -- withdrawn *Mar 6 09:21:24.445: BGP(0): no valid path for 0.0.0.0/0 *Mar 6 09:21:24.445: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 0.0.0.0/0 *Mar 6 09:21:24.445: BGP(0): (base) 10.10.23.3 send unreachable (format) 0.0.0.0/0 *Mar 6 09:22:22.050: BPG(0): Condition EXIST-MAP changes to Advertise *Mar 6 09:22:22.050: BGP(0): net 1.1.1.1/32 matches ADV MAP ADV-MAP: bump version to 21 *Mar 6 09:22:22.050: BGP(0): net 10.139.224.0/20 matches ADV MAP ADV-MAP: bump version to 22 *Mar 6 09:22:22.060: BGP(0): Revise route installing 1 of 1 routes for 1.1.1.1/32 -> 10.10.12.1(global) to main IP table *Mar 6 09:22:22.060: BGP(0): Revise route installing 1 of 1 routes for 10.139.224.0/20 -> 10.10.12.1(global) to main IP table *Mar 6 09:22:22.060: BGP(0): (base) 10.10.23.3 send UPDATE (format) 1.1.1.1/32, next 10.10.23.2, metric 0, path 1 *Mar 6 09:22:22.060: BGP(0): (base) 10.10.23.3 send UPDATE (format) 10.139.224.0/20, next 10.10.23.2, metric 0, path 1 R2#show ip bgp neighbors 10.10.23.3 advertised-routes BGP table version is 22, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 10.10.12.1 0 0 1 i *> 1.1.1.5/32 10.10.12.1 0 0 1 i *> 10.139.224.0/20 10.10.12.1 0 0 1 ? Total number of prefixes 3 When Default route is added back into R2's BGP RIB: ===================================================== *Mar 6 09:23:04.461: BGP(0): 10.10.12.1 rcvd UPDATE w/ attr: nexthop 10.10.12.1, origin i, metric 0, merged path 1, AS_PATH , community 64848:3011 65011:200 65013:200 *Mar 6 09:23:04.461: BGP(0): 10.10.12.1 rcvd 0.0.0.0/0 *Mar 6 09:23:04.461: BGP(0): Revise route installing 1 of 1 routes for 0.0.0.0/0 -> 10.10.12.1(global) to main IP table *Mar 6 09:23:04.461: BGP(0): (base) 10.10.23.3 send UPDATE (format) 0.0.0.0/0, next 10.10.23.2, metric 0, path 1 *Mar 6 09:23:22.090: BPG(0): Condition EXIST-MAP changes to Withdraw *Mar 6 09:23:22.090: BGP(0): net 1.1.1.1/32 matches ADV MAP ADV-MAP: bump version to 24 *Mar 6 09:23:22.090: BGP(0): net 10.139.224.0/20 matches ADV MAP ADV-MAP: bump version to 25 *Mar 6 09:23:22.103: BGP(0): Revise route installing 1 of 1 routes for 1.1.1.1/32 -> 10.10.12.1(global) to main IP table *Mar 6 09:23:22.103: BGP(0): Revise route installing 1 of 1 routes for 10.139.224.0/20 -> 10.10.12.1(global) to main IP table *Mar 6 09:23:35.248: BGP(0): (base) 10.10.23.3 send unreachable (format) 1.1.1.1/32 *Mar 6 09:23:35.248: BGP(0): (base) 10.10.23.3 send unreachable (format) 10.139.224.0/20 R2#show ip bgp neighbors 10.10.23.3 advertised-routes BGP table version is 25, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 10.10.12.1 0 0 1 i *> 1.1.1.5/32 10.10.12.1 0 0 1 i Total number of prefixes 2
| Exist-map 상태 |
Advertise-map 상태 |
|
| 기본 경로가 있는 경우 |
조건 일치 |
광고 |
| 기본 경로가 없는 경우 |
조건이 일치하지 않음 |
철회됨 |
| 존재하지 않는 맵 상태 |
Advertise-map 상태 |
|
| 기본 경로가 있는 경우 |
조건 일치 |
철회 |
| 기본 경로가 없는 경우 |
조건이 일치하지 않음 |
광고 |
문제 해결
중요한 명령은 BGP 조건부 맵과 연결된 경로 맵의 백엔드 이동을 제공하는 debug ip bgp 업데이트입니다.대규모 네트워크에서 ACL을 사용하여 조건부 디버그를 실행합니다.
피드백