使用BGP連接兩個不直接相連的網路
04/28/2010, 11:51
有兩個網路,分隔在別的網路兩端,因是經由自已無法掌管的網路連接,這時要如何讓兩邊的網路資料正常傳送呢?使用Tunnel是不錯的方法。



兩個網路要傳送資料,第一個要先可以查到路由,得知資料要傳送的下個位置,再傳送出資料。而因為兩個網路被無法掌管的網路分隔,所以傳統的default route是不可行,而RIP/OSPF等需要依靠Layer2的交換交換方式也不可行,除了Tunnel之外,只是要傳送交換路由的話,也可以試試BGP。因為BGP是用TCP port 179傳輸路由資料,不是Layer2,所以只要兩個Router的IP是可以連接的,就可以將路由資料帶過去。
可以用Cisco Router,也可以用Linux/BSD。
在Ubuntu可以用Quagga,在Slackware或其他Linux版本可以用Zebra,兩者是相同的。

R1 zebra.conf

!
hostname csd.zebra
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
ip forwarding
!
!
line vty
no login
!
end


R1 bgpd
!
hostname csd.bgpd
!
router bgp 1974
bgp router-id 172.16.9.222
network 10.0.0.0/24
redistribute rip metric 5000
neighbor 192.168.7.252 remote-as 1974
neighbor 192.168.7.252 allowas-in
!
line vty
!
end


csd.bgpd# sh ip bgp neighbors
BGP neighbor is 192.168.7.252, remote AS 1974, local AS 1974, internal link
BGP version 4, remote router ID 192.168.7.252
BGP state = Established, up for 23:05:49
Last read 00:00:43, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 1 0
Notifications: 0 0
Updates: 1 4
Keepalives: 1387 1386
Route Refresh: 0 0
Capability: 0 0
Total: 1389 1390
Minimum time between advertisement runs is 5 seconds

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
17 accepted prefixes

Connections established 1; dropped 0
Last reset never
Local host: 172.16.9.222, Local port: 179
Foreign host: 192.168.7.252, Foreign port: 44416
Nexthop: 172.16.9.222
Nexthop global: fe80::21d:7dff:fe41:1c0a
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off


csd.bgpd# sh ip bgp
BGP table version is 0, local router ID is 172.16.9.222
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/24 0.0.0.0 0 32768 i
*>i155.226.11.3/32 192.168.7.245 5000 100 0 ?
*>i155.226.237.192/26
192.168.7.245 5000 100 0 ?
*>i169.254.0.0 192.168.7.249 5000 100 0 ?
*>i172.16.7.248/29 192.168.7.254 5000 100 0 ?
*>i172.16.10.0/24 192.168.7.252 0 100 0 i
*>i172.16.55.0/24 192.168.7.249 5000 100 0 ?
*>i172.16.66.0/24 192.168.7.249 5000 100 0 ?
*>i172.16.77.0/24 192.168.7.249 5000 100 0 ?
*>i172.16.100.0/24 192.168.7.252 0 100 0 i
*>i172.16.200.0/24 192.168.7.252 0 100 0 i
*>i172.16.220.0/24 192.168.7.252 0 100 0 i
*>i172.16.251.0/24 192.168.7.249 5000 100 0 ?
*>i172.30.0.0 192.168.7.252 0 100 0 i
*>i172.30.1.0/30 192.168.7.249 5000 100 0 ?
*>i192.168.7.254/32 192.168.7.252 0 100 0 i
*>i192.168.8.0 192.168.7.252 0 100 0 i
*>i192.168.9.0 192.168.7.252 0 100 0 i

Total number of prefixes 18


csd.zebra# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 172.16.9.254, eth0
C>* 10.0.10.0/24 is directly connected, eth1
C>* 10.10.0.8/32 is directly connected, ppp0
C>* 127.0.0.0/8 is directly connected, lo
B>* 155.226.11.3/32 [200/5000] via 192.168.7.245 (recursive via 172.16.9.254), 23:04:43
B>* 155.226.237.192/26 [200/5000] via 192.168.7.245 (recursive via 172.16.9.254), 23:04:43
B 169.254.0.0/16 [200/5000] via 192.168.7.249, 23:04:43
K>* 169.254.0.0/16 is directly connected, eth0
B>* 172.16.7.248/29 [200/5000] via 192.168.7.254 (recursive via 172.16.9.254), 23:04:43
O 172.16.9.0/24 [110/10] is directly connected, eth0, 23:04:47
C>* 172.16.9.0/24 is directly connected, eth0
B>* 172.16.10.0/24 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
S 172.16.10.0/24 [1/0] via 192.168.7.244 inactive
B>* 172.16.55.0/24 [200/5000] via 192.168.7.249 (recursive via 172.16.9.254), 23:04:43
B>* 172.16.66.0/24 [200/5000] via 192.168.7.249 (recursive via 172.16.9.254), 23:04:43
B>* 172.16.77.0/24 [200/5000] via 192.168.7.249 (recursive via 172.16.9.254), 23:04:43
B>* 172.16.100.0/24 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
S 172.16.100.0/24 [1/0] via 192.168.7.244 inactive
B>* 172.16.200.0/24 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
S 172.16.200.0/24 [1/0] via 192.168.7.245 inactive
B>* 172.16.220.0/24 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
S 172.16.220.0/24 [1/0] via 192.168.7.245 inactive
B>* 172.16.251.0/24 [200/5000] via 192.168.7.249 (recursive via 172.16.9.254), 23:04:43
B>* 172.30.0.0/16 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
B>* 172.30.1.0/30 [200/5000] via 192.168.7.249 (recursive via 172.16.9.254), 23:04:43
B>* 192.168.7.254/32 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
B>* 192.168.8.0/24 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43
B>* 192.168.9.0/24 [200/0] via 192.168.7.252 (recursive via 172.16.9.254), 23:04:43


R2 zebra

!
hostname leo.zebra
!
interface lo
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
ip route 172.16.9.0/24 192.168.7.244
ip route 172.16.10.0/24 192.168.7.244
ip route 172.16.100.0/24 192.168.7.244
ip route 172.20.1.192/26 192.168.7.50
ip route 192.168.6.0/24 192.168.1.201
!
!
line vty
no login
!
end


R2 bgpd

!
hostname Leo.bgpd
!
router bgp 1974
bgp router-id 192.168.7.252
neighbor 172.16.9.222 remote-as 1974
!
address-family ipv4
redistribute ospf metric 5000
neighbor 172.16.9.222 activate
neighbor 172.16.9.222 allowas-in
network 172.16.10.0/24
network 172.16.100.0/24
network 172.16.200.0/24
network 172.16.220.0/24
network 172.30.0.0/16
network 192.168.7.254/32
network 192.168.8.0/24
network 192.168.9.0/24
exit-address-family
!
line vty
no login
!
end


Leo.bgpd# sh ip bgp neighbors
BGP neighbor is 172.16.9.222, remote AS 1974, local AS 1974, internal link
BGP version 4, remote router ID 172.16.9.222
BGP state = Established, up for 23:08:01
Last read 00:01:00, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 2 2
Notifications: 1 1
Updates: 8 2
Keepalives: 1542 1540
Route Refresh: 0 0
Capability: 0 0
Total: 1553 1545
Minimum time between advertisement runs is 5 seconds

For address family: IPv4 Unicast
Configuration flags 0x0
Community attribute sent to this neighbor(both)
1 accepted prefixes

Connections established 2; dropped 1
Last reset 23:25:24, due to BGP Notification received
Local host: 192.168.7.252, Local port: 44416
Foreign host: 172.16.9.222, Foreign port: 179
Nexthop: 192.168.7.252
Nexthop global: fe80::2c0:cff:fe02:2fb2
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off


Leo.bgpd# sh ip bgp
BGP table version is 0, local router ID is 192.168.7.252
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.0/24 172.16.9.222 0 100 0 i
*> 155.226.11.3/32 192.168.7.245 5000 32768 ?
*> 155.226.237.192/26
192.168.7.245 5000 32768 ?
*> 169.254.0.0 192.168.7.249 5000 32768 ?
*> 172.16.7.248/29 192.168.7.254 5000 32768 ?
*> 172.16.10.0/24 0.0.0.0 0 32768 i
*> 172.16.55.0/24 192.168.7.249 5000 32768 ?
*> 172.16.66.0/24 192.168.7.249 5000 32768 ?
*> 172.16.77.0/24 192.168.7.249 5000 32768 ?
*> 172.16.100.0/24 0.0.0.0 0 32768 i
* 172.16.200.0/24 192.168.7.245 5000 32768 ?
*> 0.0.0.0 0 32768 i
* 172.16.220.0/24 192.168.7.245 5000 32768 ?
*> 0.0.0.0 0 32768 i
*> 172.16.251.0/24 192.168.7.249 5000 32768 ?
--More-- *> 172.30.0.0 0.0.0.0 0 32768 i
*> 172.30.1.0/30 192.168.7.249 5000 32768 ?
*> 192.168.7.254/32 0.0.0.0 0 32768 i
*> 192.168.8.0 0.0.0.0 0 32768 i
*> 192.168.9.0 0.0.0.0 0 32768 i

Total number of prefixes 18


leo.zebra# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.1.201, eth0
B>* 10.0.0.0/24 [200/0] via 172.16.9.222 (recursive via 192.168.7.244), 23:07:21
R>* 10.0.0.0/30 [120/2] via 172.16.7.130, eth1, 00:00:12
K * 127.0.0.0/8 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
O>* 155.226.11.3/32 [110/2530] via 192.168.7.245, eth0, 01w1d01h
O>* 155.226.237.192/26 [110/2030] via 192.168.7.245, eth0, 01w1d01h
O>* 169.254.0.0/16 [110/2010] via 192.168.7.249, eth0, 01w1d01h
C>* 172.16.7.128/29 is directly connected, eth1
O>* 172.16.7.248/29 [110/20] via 192.168.7.254, eth0, 01w1d01h
O 172.16.9.0/24 [110/2520] via 192.168.7.245, eth0, 01w1d01h
S>* 172.16.9.0/24 [1/0] via 192.168.7.244, eth0
O 172.16.10.0/24 [110/2520] via 192.168.7.245, eth0, 01w1d01h
S>* 172.16.10.0/24 [1/0] via 192.168.7.244, eth0
O>* 172.16.55.0/24 [110/20] via 192.168.7.249, eth0, 01w1d01h
O>* 172.16.66.0/24 [110/20] via 192.168.7.249, eth0, 01w1d01h
O>* 172.16.77.0/24 [110/20] via 192.168.7.249, eth0, 01w1d01h
O 172.16.100.0/24 [110/2520] via 192.168.7.245, eth0, 01w1d01h
S>* 172.16.100.0/24 [1/0] via 192.168.7.244, eth0
O>* 172.16.200.0/24 [110/20] via 192.168.7.245, eth0, 01w1d01h
O>* 172.16.220.0/24 [110/30] via 192.168.7.245, eth0, 01w1d01h
O>* 172.16.251.0/24 [110/3010] via 192.168.7.249, eth0, 01w1d01h
S>* 172.20.1.192/26 [1/0] via 192.168.7.50, eth0
O>* 172.30.1.0/30 [110/2010] via 192.168.7.249, eth0, 01w1d01h
O 192.168.0.0/16 [110/10] is directly connected, eth0, 01w1d01h
C>* 192.168.0.0/16 is directly connected, eth0
S>* 192.168.6.0/24 [1/0] via 192.168.1.201, eth0


會這樣使用是因為公司兩個lab之間需要傳送測試資料,但MIS一直不作兩個lab私有IP的routing,只給default route,中間還有NAT,所以就經由BGP自已交換了。