Internet路由结构学习心得二：通告汇聚和具体路由影响AS入流量-阿里云开发者社区

如图所示。你是R1、R2、R3所在的AS 123的网管，R3所在的子公司需要大量对AS 5中的R5所在ISP进行访问，因此在它们之间连接了一条网段为36.0.0.0/24的网段。要求：除了R3与R5之间的流量使用35.0.0.0/24链路进行路由外，其余流量通过R2进行路由。当R2出口链路无效时，采用R3的出口链路。

思路：
这是一个典型的不同目的地负载均衡。可使双链路中其中一条发布汇总，另一条发布汇总及特定的具体路由；针对多ISP，使用as-path prepend而非MED影响入流量；使用local-pref属性影响出流量。

案例分析：
一、针对出流量。由于BGP与其他路由协议之间的默认路由重发布比较复杂，这里我只实现了完全重发布的方法。R1、R2、R3之间运行OSPF，使用redistribute bgp 123 subnets进行所有外部路由重发布。实际工作肯定不会使用这种方法的，这也是本实验委曲求全的无奈之举，敬请见谅。
二、针对入流量，由于是多ISP，可以采用as-path影响所有ISP的路由选择。这形成了多链路的负载均衡：若ISP转发到达具体路由为目的地的数据包，由于路由表中存在该详细路由，因此将选择发布该详细路由的BGP peer作为下一跳；若转发目的地不是具体路由，则由于另一peer的汇总路由拥有较短的as-path，而选择该peer作为下一跳；
三、可以使用aggregation+specific route的方式。从两条链路发送as-path长短不同的网络汇总到ISP，并在其中一条链路上发布详细路由（R3本地的）。可对返回流量进行控制；

普通配置：

R1#show run
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 1.0.0.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
description To R2's F0/0
ip address 172.16.12.1 255.255.255.0
!
interface FastEthernet0/1
description To R3's F0/0
ip address 172.16.13.1 255.255.255.0
!
router ospf 100
router-id 1.1.1.1
passive-interface Loopback0
passive-interface Loopback1
network 1.0.0.1 0.0.0.0 area 0
network 1.1.1.1 0.0.0.0 area 0
network 172.16.12.1 0.0.0.0 area 0
network 172.16.13.1 0.0.0.0 area 0
end

R2#show run
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip address 172.16.2.2 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
description To R1's F0/0
ip address 172.16.12.2 255.255.255.0
!
interface FastEthernet0/1
description To R3's F0/1
ip address 172.16.23.2 255.255.255.0
!
interface FastEthernet1/0
description To R4's F1/0
ip address 24.0.0.2 255.255.255.0
!
router ospf 100
router-id 2.2.2.2
redistribute bgp 123 subnets
passive-interface Loopback0
passive-interface Loopback1
network 2.2.2.2 0.0.0.0 area 0
network 172.16.2.2 0.0.0.0 area 0
network 172.16.12.2 0.0.0.0 area 0
network 172.16.23.2 0.0.0.0 area 0
!
router bgp 123
no synchronization
bgp router-id 2.2.2.2
network 2.2.2.2 mask 255.255.255.255
network 172.16.1.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 123
neighbor LOCAL_AS update-source Loopback0
neighbor LOCAL_AS next-hop-self
neighbor 3.3.3.3 peer-group LOCAL_AS
neighbor 24.0.0.4 remote-as 4
neighbor 24.0.0.4 filter-list 10 out
no auto-summary
!
ip as-path access-list 10 permit ^$
!
end

R3#show run
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 172.16.3.3 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
description To R1's F0/1
ip address 172.16.13.3 255.255.255.0
!
interface Serial0/0
description To R5's S0/0
ip address 35.0.0.3 255.255.255.0
!
interface FastEthernet0/1
description To R2's F0/1
ip address 172.16.23.3 255.255.255.0
!
router ospf 100
router-id 3.3.3.3
redistribute bgp 123 subnets
passive-interface Loopback0
passive-interface Loopback1
network 3.3.3.3 0.0.0.0 area 0
network 172.16.3.3 0.0.0.0 area 0
network 172.16.13.3 0.0.0.0 area 0
network 172.16.23.3 0.0.0.0 area 0
!
router bgp 123
no synchronization
bgp router-id 3.3.3.3
network 3.3.3.3 mask 255.255.255.255
network 172.16.1.0 mask 255.255.255.0
network 172.16.3.0 mask 255.255.255.0
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 123
neighbor LOCAL_AS update-source Loopback0
neighbor LOCAL_AS next-hop-self
neighbor 2.2.2.2 peer-group LOCAL_AS
neighbor 35.0.0.5 remote-as 5
neighbor 35.0.0.5 filter-list 10 out
no auto-summary
!
ip as-path access-list 10 permit ^$
!
end

R4#show run
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 45.0.0.4 255.255.255.0
!
interface FastEthernet1/0
ip address 24.0.0.4 255.255.255.0
!
router bgp 4
no synchronization
bgp router-id 4.4.4.4
network 4.4.4.4 mask 255.255.255.255
neighbor 24.0.0.2 remote-as 123
neighbor 45.0.0.5 remote-as 5
no auto-summary
!
end

R5#show run
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
description To R4's F0/0
ip address 45.0.0.5 255.255.255.0
!
interface Serial0/0
ip address 35.0.0.5 255.255.255.0
!
interface Serial0/2
description To R6's S0/0
ip address 56.0.0.5 255.255.255.0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
network 5.5.5.5 mask 255.255.255.255
neighbor 35.0.0.3 remote-as 123
neighbor 45.0.0.4 remote-as 4
neighbor 56.0.0.6 remote-as 6
no auto-summary
!
end

R6#show run
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Loopback1
ip address 6.0.0.6 255.255.255.0
!
interface Serial0/0
description To R5's S0/2
ip address 56.0.0.6 255.255.255.0
!
router bgp 6
no synchronization
bgp router-id 6.6.6.6
network 6.0.0.0 mask 255.255.255.0
network 6.6.6.6 mask 255.255.255.255
neighbor 56.0.0.5 remote-as 5
no auto-summary
!
end

在没有策略和负载均衡的配置下，很容易看出上述配置与我们所制定的目标并不一致：

R1#show ip route
     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       1.1.1.1/32 is directly connected, Loopback0
C       1.0.0.0/24 is directly connected, Loopback1
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 172.16.12.2, 00:00:48, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/11] via 172.16.13.3, 00:00:48, FastEthernet0/1
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.4 [110/1] via 172.16.12.2, 00:00:48, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
O E2    5.5.5.5 [110/1] via 172.16.13.3, 00:00:48, FastEthernet0/1
     6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E2    6.6.6.6/32 [110/1] via 172.16.13.3, 00:00:48, FastEthernet0/1
O E2    6.0.0.0/24 [110/1] via 172.16.13.3, 00:00:49, FastEthernet0/1
     172.16.0.0/24 is subnetted, 3 subnets
O       172.16.23.0 [110/20] via 172.16.13.3, 00:00:49, FastEthernet0/1
                    [110/20] via 172.16.12.2, 00:00:49, FastEthernet0/0
C       172.16.12.0 is directly connected, FastEthernet0/0
C       172.16.13.0 is directly connected, FastEthernet0/1

R5#show ip bgp
      Network          Next Hop       Metric LocPrf Weight Path
*> 2.2.2.2/32       35.0.0.3         0                             123 i
*   45.0.0.4                               0                             4 123 i
*   3.3.3.3/32       45.0.0.4                             0         4 123 i
*>                       35.0.0.3         0                  0         123 i
*> 4.4.4.4/32       45.0.0.4         0                  0         4 i
*> 5.5.5.5/32       0.0.0.0           0                  32768 i
*> 6.0.0.0/24       56.0.0.6         0                  0         6 i
*> 6.6.6.6/32       56.0.0.6         0                  0        6 i
* 172.16.1.0/24   45.0.0.4         0                             4 123 i
*>                       35.0.0.3         11                0         123 i
* 172.16.2.0/24   45.0.0.4         0                            4 123 i
*>                       35.0.0.3                             0        123 i
* 172.16.3.0/24   45.0.0.4                             0        4 123 i
*>                       35.0.0.3         0                  0        123 i

R5#show ip route
     35.0.0.0/24 is subnetted, 1 subnets
C       35.0.0.0 is directly connected, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [20/0] via 35.0.0.3, 00:43:42
     3.0.0.0/32 is subnetted, 1 subnets
B       3.3.3.3 [20/0] via 35.0.0.3, 00:43:42
     4.0.0.0/32 is subnetted, 1 subnets
B       4.4.4.4 [20/0] via 45.0.0.4, 00:43:42
     5.0.0.0/32 is subnetted, 1 subnets
C       5.5.5.5 is directly connected, Loopback0
     6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       6.6.6.6/32 [20/0] via 56.0.0.6, 00:43:42
B       6.0.0.0/24 [20/0] via 56.0.0.6, 00:43:42
     172.16.0.0/24 is subnetted, 3 subnets
B       172.16.1.0 [20/11] via 35.0.0.3, 00:06:35
B       172.16.2.0 [20/0] via 35.0.0.3, 00:11:07
B       172.16.3.0 [20/0] via 35.0.0.3, 00:08:30
     56.0.0.0/24 is subnetted, 1 subnets
C       56.0.0.0 is directly connected, Serial0/2
     45.0.0.0/24 is subnetted, 1 subnets
C       45.0.0.0 is directly connected, FastEthernet0/0

可以看到，R1中使用R3作为AS 6中6.0.0.0/24的下一跳；同样，R5使用R3作为R1、R2网络的下一跳。这都是我们之前制定策略不允许的。

为满足需要，做了以下修改：

R2(config)#

router bgp 123

aggregate-address 172.16.0.0 255.255.252.0 summary-only

R3(config)#

router ospf 100

redistribute bgp 123 metric 20 subnets

router bgp 123
aggregate-address 172.16.0.0 255.255.252.0 suppress-map ADVERTISE_ROUTE
neighbor 35.0.0.5 route-map SET_LOCAL_PREF_RM in
neighbor 35.0.0.5 route-map SET_AS_PATH_RM out
!
ip as-path access-list 20 permit 5$
!
ip prefix-list SET_AS_PATH_PL description PERMIT LOCAL PREFIX-LIST
ip prefix-list SET_AS_PATH_PL seq 5 permit 172.16.3.0/24
ip prefix-list SET_AS_PATH_PL seq 10 permit 3.3.3.3/32
!
route-map SET_AS_PATH_RM permit 10
match ip address prefix-list SET_AS_PATH_PL
!
route-map SET_AS_PATH_RM permit 20
set origin incomplete
set as-path prepend 123
!
route-map ADVERTISE_ROUTE deny 10
match ip address prefix-list SET_AS_PATH_PL
!
route-map ADVERTISE_ROUTE permit 20
!
route-map SET_LOCAL_PREF_RM permit 10
match as-path 20
set local-preference 200
!
route-map SET_LOCAL_PREF_RM permit 20
set local-preference 50

首先，绿色字体代表了入流量的负载均衡。由于R2仅仅通告了汇总路由；而R3中做了两项工作：一、通告次优的汇总路由（通过route-map增加了as-path长度和修改了origin值）；二、通告了唯一一条本地具体路由（红色字体部分）。注意suppress-map的作用是抑制策略中所有前缀在aggregate-address后的通告，这里仅允许R3本地前缀172.16.3.0/24向外通告。对于AS 5的路由器R5而言，R3本地的路由在路由表中是唯一的详细条目，因此到达R3本地网络采用R3的链路，其余的由于R2策略更优，因此采用R2的链路：

R5#show ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
* 2.2.2.2/32       35.0.0.3                               0 123 123 ?
*>                  45.0.0.4                               0 4 123 i
* 3.3.3.3/32       45.0.0.4                               0 4 123 i
*>                  35.0.0.3                 0             0 123 i
*> 4.4.4.4/32       45.0.0.4                 0             0 4 i
*> 5.5.5.5/32       0.0.0.0                  0         32768 i
*> 6.0.0.0/24       56.0.0.6                 0             0 6 i
*> 6.6.6.6/32       56.0.0.6                 0             0 6 i
*> 172.16.0.0/22    45.0.0.4                               0 4 123 i
*                   35.0.0.3                 0             0 123 123 ?
*> 172.16.3.0/24    35.0.0.3                 0             0 123 i

R5#show ip route

     35.0.0.0/24 is subnetted, 1 subnets
C       35.0.0.0 is directly connected, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [20/0] via 45.0.0.4, 01:21:42
     3.0.0.0/32 is subnetted, 1 subnets
B       3.3.3.3 [20/0] via 35.0.0.3, 01:18:57
     4.0.0.0/32 is subnetted, 1 subnets
B       4.4.4.4 [20/0] via 45.0.0.4, 01:21:42
     5.0.0.0/32 is subnetted, 1 subnets
C       5.5.5.5 is directly connected, Loopback0
     6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       6.6.6.6/32 [20/0] via 56.0.0.6, 01:21:42
B       6.0.0.0/24 [20/0] via 56.0.0.6, 01:21:42
     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
B       172.16.0.0/22 [20/0] via 45.0.0.4, 01:21:42
B       172.16.3.0/24 [20/0] via 35.0.0.3, 01:21:42
     56.0.0.0/24 is subnetted, 1 subnets
C       56.0.0.0 is directly connected, Serial0/2
     45.0.0.0/24 is subnetted, 1 subnets
C       45.0.0.0 is directly connected, FastEthernet0/0

其次，为解决R1路由表的问题，采用了Local-Pref + weight的方式。其中R3把最终AS为5的路由weight置为200，使其大于默认weight值0；然后把所有的路由Local-Pref置为50，小于默认值100。这样本AS内所有的iBGP peer都认为R3不是合适的网关。这点可以从R2的BGP表中看出：

R2#show ip bgp

*> 2.2.2.2/32       0.0.0.0                  0         32768 i
r>i3.3.3.3/32       3.3.3.3                  0    100      0 i
*> 4.4.4.4/32       24.0.0.4                 0             0 4 i
* i5.5.5.5/32       3.3.3.3                  0     50      0 5 i
*>                  24.0.0.4                               0 4 5 i
*> 6.0.0.0/24       24.0.0.4                               0 4 5 6 i
*> 6.6.6.6/32       24.0.0.4                               0 4 5 6 i
r> 172.16.0.0/22    0.0.0.0                            32768 i
r i                 3.3.3.3                  0    100      0 i
s> 172.16.1.0/24    172.16.12.1             11         32768 i
s> 172.16.2.0/24    0.0.0.0                  0         32768 i
r>i172.16.3.0/24    3.3.3.3                  0    100      0 i

现在R1的路由表应该满足我们的要求了：

R1#show ip route
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/11] via 172.16.12.2, 02:10:47, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/11] via 172.16.13.3, 02:10:47, FastEthernet0/1
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.4 [110/1] via 172.16.12.2, 00:13:15, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
O E2    5.5.5.5 [110/1] via 172.16.12.2, 00:00:02, FastEthernet0/0
     6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E2    6.6.6.6/32 [110/1] via 172.16.12.2, 00:13:15, FastEthernet0/0
O E2    6.0.0.0/24 [110/1] via 172.16.12.2, 00:13:15, FastEthernet0/0
     172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks
O       172.16.23.0/24 [110/20] via 172.16.13.3, 02:10:48, FastEthernet0/1
                       [110/20] via 172.16.12.2, 02:10:48, FastEthernet0/0
C       172.16.12.0/24 is directly connected, FastEthernet0/0
C       172.16.13.0/24 is directly connected, FastEthernet0/1
O E2    172.16.0.0/22 [110/20] via 172.16.13.3, 00:00:02, FastEthernet0/1
C       172.16.1.0/24 is directly connected, Loopback1
O       172.16.2.0/24 [110/11] via 172.16.12.2, 02:10:48, FastEthernet0/0
O       172.16.3.0/24 [110/11] via 172.16.13.3, 02:10:48, FastEthernet0/1

黄色条目可以通过重分配的route-map去掉。当然不去掉也没什么关系，因为实验的汇总并不十分正确，正常情况下应该是汇总里所有具体条目都确确实实存在的。不过无论如何，本实验通过aggregate-address的策略及细化，实现了对外AS入流量的负载均衡。其中失误的地方敬请指教。

本文转自 gole_huang 51CTO博客，原文链接:http://blog.51cto.com/golehuang/275626

Internet路由结构学习心得二：通告汇聚和具体路由影响AS入流量

热门文章

最新文章

相关电子书

探索云世界

热门

云计算

大数据

云原生

人工智能

数据库

开发与运维

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

Internet路由结构学习心得二：通告汇聚和具体路由影响AS入流量

热门文章

最新文章

相关电子书