• 自制MPLS解决路由黑洞实验


     

    利用mpls解决BGP路由黑洞配置命令全解析

    ——By Jim

    什么是BGP路由黑洞?

    BGP规定无论路由器是否启动bgp都要无条件地转发BGP消息和更新包(凌驾于IGP之上),违背了IGP"非igp路由器阻断igp域"的原则,因而辗转造成了BGP路由器"居然ping不通路由表中的条目"的现象,也就是所谓的路由黑洞。

     

    本实验用gns3模拟器3640路由器完成,笔者将配置全拷贝,读者按图搭建拓扑后直接右击复制命令行即可完成实验。

     

    实验拓扑:

     

     

     

    第一步:底层基础配置

    R1:

    int e0/1

    no shu

    ip add 12.12.12.1 255.255.255.0

    int loo 0

    ip add 1.1.1.1 255.255.255.0

    int loo 100

    ip add 100.100.100.1 255.255.255.0

    router os 1

    router-id 1.1.1.1

    net 12.12.12.1 255.255.255.0 a 0

    net 1.1.1.1 255.255.255.0 a 0

    R2:

    int e0/1

    no shu

    ip add 12.12.12.2 255.255.255.0

    int e0/2

    no shu

    ip add 23.23.23.2 255.255.255.0

    no shu

    int loo 0

    ip add 2.2.2.2 255.255.255.0

    router os 1

    router-id 2.2.2.2

    net 12.12.12.2 255.255.255.0 a 0

    net 2.2.2.2 255.255.255.0 a 0

    net 23.23.23.2 255.255.255.0 a 0

    !

    R3:

    int e0/1

    ip add 23.23.23.3 255.255.255.0

    int e0/2

    ip add 34.34.34.3 255.255.255.0

    int lo 0

    ip add 3.3.3.3 255.255.255.0

    router os 1

    router-id 3.3.3.3

    net 23.23.23.3 255.255.255.0 a 0

    net 34.34.34.3 255.255.255.0 a 0

    net 3.3.3.3 255.255.255.0 a 0

    R4

    int e0/1

    no shu

    ip add 34.34.34.4 255.255.255.0

    int e0/2

    no shu

    ip add 45.45.45.4 255.255.255.0

    int loo 0

    ip add 4.4.4.4 255.255.255.0

    ROUTER OS 1

    router-id 4.4.4.4

    net 34.34.34.4 255.255.255.0 a 0

    net 45.45.45.4 255.255.255.0 a 0

    net 4.4.4.4 255.255.255.0 a 0

    R5

    int e0/1

    no shu

    ip add 45.45.45.5 255.255.255.0

    int loo 0

    ip add 5.5.5.5 255.255.255.0

    int loo 200

    ip add 200.200.200.1 255.255.255.0

    router os 1

    router-id 5.5.5.5

    net 45.45.45.5 255.255.255.0 a 0

    net 5.5.5.5 255.255.255.0 a 0

    第二步:进行bgp的配置

    R1

    router bgp 12345

    no au

    no syn

    bgp router-id 1.1.1.1

    neighbor 5.5.5.5 remote-as 12345

    neighbor 5.5.5.5 update-source loo 0

    neighbor 5.5.5.5 next-hop-self

    net 100.100.100.0 mask 255.255.255.0

    R5:

    router bgp 12345

    no au

    no syn

    bgp router-id 5.5.5.5

    neighbor 1.1.1.1 remote-as 12345

    neighbor 1.1.1.1 update-source loopback 0

    neighbor 1.1.1.1 next-hop-self

    net 200.200.200.0 mask 255.255.255.0

    =====================================================================

    第三步:校验

    R1#show ip route bgp

    B 200.200.200.0/24 [200/0] via 5.5.5.5, 00:55:29

    R5#show ip route bgp

    100.0.0.0/24 is subnetted, 1 subnets

    B 100.100.100.0 [200/0] via 1.1.1.1, 00:57:47

    此时R1和R5都通过BGP学到了AS外的路由。

     

     

    但是!!!

     

    R1#ping 200.200.200.0

     

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 200.200.200.0, timeout is 2 seconds:

    UUUUU

    Success rate is 0 percent (0/5)

    !

    R1#trace 200.200.200.0

     

    Type escape sequence to abort.

    Tracing the route to 200.200.200.0

     

    1 12.12.12.2 36 msec 56 msec 16 msec

    2 12.12.12.2 !H !H !H

     

    同理,R5也ping不通100.100.100.0,直接原因都是卡在第一条。

     

    根本原因:出现了路由黑洞,R2R3R4上没有自治系统外的路由条目,收到该路由包直接丢弃!

     

    第四步:配置mpls ldp

    R1:

    mpls ldp router-id loopback 0

    mpls label range 100 199

    int e0/1

    mpls ip

    R2:

    mpls ldp router-id loopback 0

    mpls label range 200 299

    int e0/1

    mpls ip

    int e0/2

    mpls ip

    R3:

    mpls ldp router-id loopback 0

    mpls label range 300 399

    int e0/1

    mpls ip

    int e0/2

    mpls ip

    !

    !

    !

    R4:

    mpls ldp router-id loopback 0

    mpls label range 400 499

    int e0/1

    mpls ip

    int e0/2

    mpls ip

    !

    !

    !

    !

    R5:

    mpls ldp router-id loo 0

    mpls label range 500 599

    int e0/1

    mpls ip

     

     

    =====================================================================

     

    第五步:验证

    R1#ping 200.200.200.0

     

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 200.200.200.0, timeout is 2 seconds:

    !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 104/128/176 ms

    !

    !

    R1#trace 200.200.200.0

     

    Type escape sequence to abort.

    Tracing the route to 200.200.200.0

     

    1 12.12.12.2 [MPLS: Label 204 Exp 0] 120 msec 112 msec 136 msec

    2 23.23.23.3 [MPLS: Label 303 Exp 0] 124 msec 120 msec 128 msec

    3 34.34.34.4 [MPLS: Label 403 Exp 0] 108 msec 92 msec 112 msec

    4 45.45.45.5 124 msec 140 msec 124 msec

     

    同理R5也能ping通100.100.100.0

     

    ……………………成功…………………………

     

     

  • 相关阅读:
    IdentityServer4 接口说明
    MQTT中的Retained(保留消息) 与 LWT(最后遗嘱)
    Docker常用命令
    开源服务容错处理库Polly使用文档
    MQTT 主题的高级特性
    MQTT的$SYS主题定义
    RabbitMQ消息队列之Windows下安装和部署
    RabbitMQ多台物理机集群搭建
    Ocelot.json完整配置文件
    nginx.conf文件配置明细详解
  • 原文地址:https://www.cnblogs.com/jinhengyu/p/7516563.html
Copyright © 2020-2023  润新知