Beginner BGP protocol experiment

Experimental topic

  1. All routers in the network run BGP protocol
  2. All PC s can access each other

Topology construction

Experimental ideas

  1. Enable OSPF protocol in AS 2 to realize internal routing interworking
  2. AS1 and AS2, AS2 and AS3 are adjacent to EBGP, All routers in AS2 are built adjacent to iBGP (in order to avoid routing black holes, all routers in AS2 are enabled with BGP protocol in this experiment, which will not be done in the actual project, because the routers that can carry BGP protocol are expensive and costly; MPLS multi protocol label switching will be used to solve the routing black hole later, so it is not necessary to enable all routers to enable BGP protocol)
  3. After the configuration is completed, unicast TCP handshakes between neighbors for three times, target port 179, and establish a TCP session; Then, all BGP protocol packets are transmitted based on the session;
  4. After the neighbor relationship is established, the administrator selectively announces the routing entries obtained from any source in the local routing table to the BGP protocol; Use updata packets to share routes among neighbors; Then generate BGP table - load all routing entries sent and received locally;

Key error prone points

  1. During EBGP neighbor building, it is recommended to enable the loopback interface to keep the TCP session unblocked and set the backup network cable. When one network cable is disconnected, another network cable will be enabled to continue to maintain the TCP session and enhance stability

  2. During IBGP neighbor building, because most of the internal topology redundancy of an AS is relatively rich, if the physical interface is used AS the source and destination IP addresses to establish BGP neighbors, redundant resources will be wasted; It is recommended to use the loopback interface AS the source / destination IP address; Stable and can use multiple link resources at the same time

  3. Due to the horizontal division anti ring mechanism of IBGP, the routing entries learned locally from one IBGP neighbor cannot be transmitted to other IBGP neighbors. Therefore, R3 cannot forward the routes of R2 and R4. R2 and R4 must be non directly connected to each other and send routing entries to each other by unicast update

  4. When IBGP sends packets internally, because BGP protocol uses AS-BY-AS rules instead of hop by hop, no attributes will be modified by default during the transmission of an AS internal entry, so each router must manually set itself AS the destination of the next hop. Otherwise, except for the direct connected router, other routers will not add routing entries to the table

  5. TTL problem: the default TTL value of data packets between IBGP neighbors is 255, and the default TTL value between EBGP neighbors is 1. Therefore, if ring back is used to establish EBGP neighbor relationship, TTL is not enough; Therefore, the TTL value must be modified

Experimental configuration

Enable BGP and set router ID

[R1]bgp 1   //The AS number needs to be defined during startup, and there is no multi process concept; One device can only work in one AS
[R1-bgp]router-id 1.1.1.1  //It is recommended to configure RID; The generation rules of RID are the same as OSPF;

Multi link EBGP neighbor relationship
Take R4 and R5 as examples

[R4]bgp 2 
[R4-bgp]peer  5.5.5.5 as-number 3 //And 5.5.5.5 interface building
[R4-bgp]peer  5.5.5.5 connect-interface LoopBack 0 //Set the adjacent interface as its own loopback, otherwise it defaults to the physical interface
[R4]ip route-static  5.5.5.0 24 45.1.1.2 //IP reachability problem. There is no R5 loopback address in the R4 routing table, so the static routing is manually configured
[R4]ip route-static 5.5.5.0 24 54.1.1.2
[R4-bgp]peer 5.5.5.5 ebgp-max-hop 2 //Modify TTL
[R5]bgp 3 
[R5-bgp]peer  4.4.4.4 as-number 2 //4.4.4.4 interface building
[R5-bgp]peer  4.4.4.4 connect-interface LoopBack 0 //Set the adjacent interface as its own loopback, otherwise it defaults to the physical interface
[R5]ip route-static  4.4.4.0 24 45.1.1.1 //IP reachability problem. There is no R4 loopback address in the R5 routing table, so the static routing is manually configured
[R5]ip route-static 4.4.4.0 24 54.1.1.1
[R5-bgp]peer 4.4.4.4 ebgp-max-hop 2 //Modify TTL

After the configuration of both ends is completed, the neighbors first shake hands with TCP three times to establish a TCP session

IBGP configuration

[R2]bgp 2 
[R2-bgp]peer  3.3.3.3 as-number 2
[R2-bgp]peer  3.3.3.3 connect-interface LoopBack 0
[R2-bgp]peer  4.4.4.4 as-number 2
[R2-bgp]peer  4.4.4.4 connect-interface LoopBack 0
[R3]bgp 2 
[R3-bgp]peer  4.4.4.4 as-number 2
[R3-bgp]peer  4.4.4.4 connect-interface LoopBack 0
[R3-bgp]peer  2.2.2.2 as-number 2
[R3-bgp]peer  2.2.2.2 connect-interface LoopBack 0
[R4]bgp 2 
[R4-bgp]peer  3.3.3.3 as-number 2
[R4-bgp]peer  3.3.3.3 connect-interface LoopBack 0
[R4-bgp]peer  2.2.2.2 as-number 2
[R4-bgp]peer  2.2.2.2 connect-interface LoopBack 0

Announce routing

[R1]bgp 1 
[R1-bgp]network 192.168.1.0 24
[R2]bgp 2
[R2-bgp]network 192.168.2.0 24
[R3]bgp 2
[R3-bgp]network 192.168.3.0 24
[R4]bgp 2
[R4-bgp]network 192.168.4.0 24
[R5]bgp 3
[R5-bgp]network 192.168.5.0 24

Modify next hop configuration

[R2]bgp 2 
[R2-bgp]peer  3.3.3.3 next-hop-local   //When R2 transmits the route to 3.3.3.3, modify the next hop address to R2;
[R2-bgp]peer  4.4.4.4 next-hop-local   //When R2 transmits the route to 4.4.4.4, modify the next hop address to R2;
[R4]bgp 2 
[R4-bgp]peer  3.3.3.3 next-hop-local   //When R4 transmits the route to 3.3.3.3, modify the next hop address to R4;
[R4-bgp]peer  2.2.2.2 next-hop-local   //When R4 transmits the route to 2.2.2.2, modify the next hop address to R4;

Keywords: Cyber Security Network Protocol

Added by masalastican on Sat, 15 Jan 2022 13:09:42 +0200