catalogue
bgp neighbor establishment process
Experiment: configure non shortcut DSVPN (BGP routing protocol)
1. Configure addresses and security zones
2. Check the nhrp table of spoke2
If the branches are located in different as domains, the private subnet environment of the headquarters and branches changes frequently, such as adding and deleting. In order to simplify maintenance, it is more suitable to establish ebgp between as to transfer network routing.
Review the content of bgp
bgp neighbor establishment process
bgp relies on tcp to transfer protocol data to establish neighbor relationship. The neighbor relationship is relative to the route ID, while tcp is based on ip, so the route ID of bgp must be reachable.
The router ID of bgp is manually configured or automatically generated. If there is no manual configuration, the address of the logical interface will be used as the router ID of the router. This logical interface can be loopback interface or tunnel interface. If there is no logical interface of up, the ip address of the physical interface with the largest address will be used.
Unicast messages are used in the establishment of bgp.
By default, the branch sends the nhrp registration message to the hub in a period of 1800s. This registration will trigger the hub to establish and maintain the nhrp mapping. Therefore, after the hub is restarted, unless the spoke is also restarted, the nhrp registration message will not be sent immediately, so the nhrp mapping table of the hub is still empty. Therefore, the mapping relationship between the public network address and the tunnel address of the spoke cannot be established, and the bgp relationship cannot be established. Instead, it stays in the connect stage because the open message cannot be sent.
If you want to trigger the registration through another configuration when the registration has been manually configured, vrp will prompt that it has been registered.
Manually undo NHRP entry x.x.x.x x.x.x regester in the tunnel interface of the spoke node. It will trigger the sending of deregistration message.
The registration message can be sent only after the configuration is cancelled.
Next, bgp's open message will be sent from the hub, and then the spoke will reply to one.
Experiment: configure non shortcut DSVPN (BGP routing protocol)
Requirements and topology
A small and medium-sized enterprise has a headquarters (Hub) and two branches (Spoke1 and Spoke2), which are distributed in different regions and belong to different AS domains. The subnet environment of the headquarters and branches will often change. The branch uses dynamic address to access the public network. In the current network planning of the enterprise, OSPF routing protocol is used within the AS domain and EBGP routing protocol is used between the AS domains.
Now users want to realize VPN interconnection between branches.
Operation steps
1. Configure addresses and security zones
2. Configure security policy
3. Configure public network dynamic routing to ensure that public network interface routing can reach
4. Configure tunnel
//f1(hub) interface Tunnel0 ip address 172.16.1.1 255.255.255.0 tunnel-protocol gre p2mp source GigabitEthernet1/0/1 //f2f3(spoke) interface Tunnel0 ip address 172.16.1.2 255.255.255.0 tunnel-protocol gre p2mp source GigabitEthernet1/0/1 nhrp entry 172.16.1.1 1.1.1.10 register (Manual trigger to hub (registered)
Check the nhrp registration of the hub. The subsequent configuration is meaningful only after the nhrp table entry is established.
dis nhrp peer all 2022-03-06 10:02:06.990 -------------------------------------------------------------------------------- -- Protocol-addr Mask NBMA-addr NextHop-addr Type Flag -------------------------------------------------------------------------------- -- 172.16.1.3 32 1.1.3.10 172.16.1.3 registered up|unique -------------------------------------------------------------------------------- -- Tunnel interface: Tunnel0 Created time : 00:15:45 Expire time : 01:44:15 HostName : f3 HostEsn : F8A93336815F3222AB8B45A1812CFE55 -------------------------------------------------------------------------------- -- Protocol-addr Mask NBMA-addr NextHop-addr Type Flag -------------------------------------------------------------------------------- -- 172.16.1.2 32 1.1.2.10 172.16.1.2 registered up|unique -------------------------------------------------------------------------------- -- Tunnel interface: Tunnel0 Created time : 00:08:19 Expire time : 01:51:41 HostName : f2 HostEsn : 7578183FC75338E9B2EF54539E604239 Number of nhrp peers: 2
5. Configure ebgp
5.1 configure ebgp neighbor relationship
//f1 bgp 100 peer 172.16.1.2 as-number 200 peer 172.16.1.3 as-number 300 //f2 bgp 200 peer 172.16.1.1 as-number 100 peer 172.16.1.3 as-number 300 //f3 bgp 300 peer 172.16.1.2 as-number 200 peer 172.16.1.1 as-number 100
Check the bgp neighbor establishment of f1, f2 and f3
[f1-bgp]dis bgp peer 2022-03-06 10:02:55.020 BGP local router ID : 172.16.1.1 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 172.16.1.2 4 200 11 11 0 00:09:07 Established 0 172.16.1.3 4 300 18 18 0 00:16:25 Established 0
5.2 configure ospf process 2 to publish private subnets
//f1 ospf 2 area 0.0.0.0 network 192.168.0.0 0.0.0.255 //f2 ospf 2 area 0.0.0.0 network 192.168.1.0 0.0.0.255 //f3 ospf 2 area 0.0.0.0 network 192.168.2.0 0.0.0.255
This ospf process has only one function, which is to introduce the published network into bgp for transmission. Therefore, there is no need to establish ospf neighbor relationship, just publish the private network segment
5.3 introduce ospf2 routing into ebgp
//f1 bgp 100 import-route ospf 2 //f2 bgp 200 import-route ospf 2 //f3 bgp 300 import-route ospf 2
Check routing
[f2]dis ip routing-table pro bgp
2022-03-06 10:09:45.420
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : BGP
Destinations : 2 Routes : 2
BGP routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.0.0/24 EBGP 255 0 D 172.16.1.1 Tunnel0
192.168.2.0/24 EBGP 255 0 D 172.16.1.3 Tunnel0
BGP routing table status : <Inactive>
Destinations : 0 Routes : 0
Analysis and verification
1. ping pc2 on pc3
2. Check the nhrp table of spoke2
[f3]dis nhrp peer all 2022-03-06 10:17:03.130 -------------------------------------------------------------------------------- -- Protocol-addr Mask NBMA-addr NextHop-addr Type Flag -------------------------------------------------------------------------------- -- 172.16.1.1 32 1.1.1.10 172.16.1.1 hub up -------------------------------------------------------------------------------- -- Tunnel interface: Tunnel0 Created time : 00:24:43 Expire time : -- HostName : f1 HostEsn : 32C9D6CE92F3344ABA1224AB45239A7B -------------------------------------------------------------------------------- -- Protocol-addr Mask NBMA-addr NextHop-addr Type Flag -------------------------------------------------------------------------------- -- 172.16.1.2 32 1.1.2.10 172.16.1.2 remote up -------------------------------------------------------------------------------- -- Tunnel interface: Tunnel0 Created time : 01:33:55 Expire time : 01:24:41 HostName : f2 HostEsn : 7578183FC75338E9B2EF54539E604239 -------------------------------------------------------------------------------- -- Protocol-addr Mask NBMA-addr NextHop-addr Type Flag -------------------------------------------------------------------------------- -- 172.16.1.3 32 1.1.3.10 172.16.1.3 local up -------------------------------------------------------------------------------- -- Tunnel interface: Tunnel0 Created time : 01:33:55 Expire time : 01:24:41 HostName : f3 HostEsn : F8A93336815F3222AB8B45A1812CFE55 Number of nhrp peers: 3
The experimental topology and complete configuration are packaged and obtained by replying to dspn3.
supplement
1. The sending interval of nhrp registration message is 1800s and the aging time is 7200s.