Gio trnh kha hc BSCI

Chng 6 - BGP

CHNG 6:

BGP

6.1.

S cn thit ca BGP

BGP l mt giao thc kh phc tp c dng nhiu trn Internet v trong cc cng ty a quc gia. Mc ch chnh ca BGP l kt ni cc mng rt ln hoc cc Autonomous-System. Cc cng ty ln c th dng BGP nh l mt kt ni gia cc mng cc quc gia khc nhau. Mc ch ca cc giao thc ngoi nh BGP l khng ch tm ra mt ng i v mt mng no m cn cho php ngi qun tr tm ra cc AS ca cc network. Cc giao thc ni nh EIGRP, RIP, OSPF v ISIS s tm ra network m ngi qun tr cn.

6.2.

Mt s tnh cht ca BGP

BGP l mt giao thc nh tuyn dng path-vector nn vic chn la ng i tt nht thng thng da trn mt tp hp cc thuc tnh c gi l ATTRIBUTE. Do s dng metric kh phc tp, BGP c xem l mt giao thc kh phc tp. Nhim v ca BGP l m bo thng tin lin lc gia cc AS, trao i thng tin nh tuyn gia cc AS, cung cp thng tin v trm k cho mi ch n. BGP s dng giao thc TCP cng 179. Nh cc chng trc cp, cc giao thc nhm distance vector thng qung b thng tin hin c n cc router lng ging, cn path vector ch ra chnh xc danh sch ton b ng dn n ch. Ngoi ra cc giao thc nh tuyn hot ng dng path vector gip vic xc nh vng lp trn mng rt tt bng cch xem xt cc con ng m cc router khc gi v xem c chnh bn thn AS trong hay khng, nu c s bit c ngay l lp, v s loi b. BGP h tr cho cc a ch CIDR (Classless Interdomain Routing). BGP cho php dng xc thc v BGP c cc c ch keepalive nh k nhm duy tr quan h gia cc BGP peers. Trong giai on ban u ca ca phin thit lp quan h BGP, ton b cc thng tin routing-update s c gi. Sau , BGP s chuyn sang c ch dng trigger-update. Bt k mt thay i no trong h thng mng cng s l nguyn nhn gy ra trigger-update. Mt trong cc c im khc bit nht ca BGP l trong cc routing-update ca n. Khi ta xem xt cc BGP update, ta s nhn thy cc routing update ny l kh chnh xc. BGP khng quan tm n vic giao tip c y kin thc ca tt c cc subnet bn trong mt cng ty m BGP quan tm n vic chuyn ti y thng tin tm mt AS khc. Cc BGP update thc hin qu trnh summarization n mt mc ti a bng cch cho php mt s AS, cho php mt s prefix v mt vi thng tin nh tuyn. Tuy nhin, mt phn nh ca BGP 100

Gio trnh kha hc BSCI

Chng 6 - BGP

update l kh quan trng. BGP m bo rng lp transport truyn cc update v cc c s d liu v ng i c ng b. BGP c th c hin thc bao gm gia cc AS khc nhau hay trong cng 1 AS. Khi dng BGP kt ni cc AS khc nhau, BGP c gi l eBGP. Giao thc ny cng c th c dng mang thng tin gia cc router eBGP trong mt AS. Khi BGP c gi l iBGP.

Hnh 6.1 - V d v BGP

Trong mt AS ta s dng giao thc nh tuyn ni IGP (v d nh RIP, ISIS, EIGRP, OSPF) nhng khi ra ngoi mt AS th phi s dng mt giao thc khc. Vn y chnh l mc ch ca cc IGP v EGP khng ging nhau. Cc IGP thc hin nh tuyn gi i t ngun n ch m khng cn quan tm n chnh sch nh tuyn (policy). Trong khi ra khi phm vi mt AS th chnh sch nh tuyn li l vn quan trng . Xt v d sau:
AS4---AS1---AS2---AS3---(C Company) |...............................| |...............................| B Company----------------A Company

Gi s A mun truyn d liu n AS4. A v B l 2 i th ca nhau. B khng mun chuyn d liu cho cng ty A nn A ch c th chuyn d liu thng qua AS3, AS2, AS1 101

Gio trnh kha hc BSCI

Chng 6 - BGP

n c AS4, mc d con ng thng qua cng ty B c th l ti u nht. Gi s C thuc AS3 cng mun n AS4 nhng C l i tc ca B nn B sn sng cho qu giang. Nh vy A v C c cng mt ch n nhng phi i theo nhng cch khc nhau. Cc IGP khng th lm c iu ny v mt nguyn nhn ch yu chnh l cc giao thc u lin quan n metric hay l cost m hon ton khng quan tm n chnh sch nh tuyn. N ch bit c gng lm sao chuyn c cc gi d liu n ch mt cch hiu qu v ti u nht.

6.3.

Cc thut ng BGP

Bng 6.1 - Cc thut ng BGP

TT 1 2

Thut ng Aggregation Attribute

nh ngha L qu trnh tm tt cc route (summarization). Tng t nh metric. Cc bin ny s m t cc c im ca ng i ti mt a ch ch no . Khi c nh ngha, cc c im ny c th c dng ra quyt nh v nn i theo ng i no.

Autonomous System

nh ngha mng ca mt t chc. Trong mt AS, cc router s c cng giao thc nh tuyn. Nu ta kt ni ra Internet, ch s AS ny phi l duy nht v c cung cp bi cc y ban Internet.

Exterior Gateway Protocol (EGP)

Thut ng chung cho mt giao thc c chy gia cc AS khc nhau. Cng c mt giao thc c tn l EGP l tin thn ca BGP.

5 6

EBGP Interior Gateway Protocol (IGP)

Gi thng tin nh tuyn gia cc AS khc nhau y l cc giao thc nh tuyn chy bn trong mt AS. Trong qu kh, thut ng gateway thng c dng nh ngha mt router.

IBGP

Giao thc ny c dng bn trong mt AS. Cc router khng yu cu phi l lng ging ca nhau v phng din kt ni vt l v thng ngoi ra ca mt AS. IBGP c dng gia cc router chy BGP trong cng mt AS. 102

Gio trnh kha hc BSCI 8 Originator-ID

Chng 6 - BGP y l thuc tnh ca BGP. N l mt thuc tnh ty chn. Thuc tnh ny s cha gi tr routerID ca router pht sinh ra ng i . Mc ch ca thuc tnh ny l ngn nga routing loop. Nu mt router nhn c mt update t chnh n, router s b qua update .

policy-based routing

C ch ny cho php ngi qun tr lp trnh giao thc nh tuyn bng cch nh ngha traffic s c route nh th no. y l mt dng ca nh tuyn tnh. PBR c lp vi cc giao thc nh tuyn v dng route-map to ra cc qu trnh ring l p t cc quyt nh nh tuyn.

10

prefix list

Prefix list c dng nh mt thay th cho distribute-list kim sot BGP hc hoc qung b cc cp nht nh th no. Prefix-list th nhanh hn, uyn chuyn hn v t tn ti nguyn ca h thng hn.

11

Route-reflector

y l router c cu hnh chuyn cc routes t cc router iBGP khc. Khi cu hnh route-reflector, cc iBGP khng cn phi fully-mesh na. Mt mng fully-mesh th khng c kh nng m rng.

12

Route-Reflector Client

Mt client l mt router c mt TCP session vi mt router khc hot ng nh mt route-reflector-server. Client khng cn thit phi thit lp peer vi cc client khc.

13

Route_reflector Clustor

Mt cluster l mt nhm bao gm mt routereflector v clients. C th c nhiu hn mt routereflector server trong mt cluster.

14

transit autonomous system

L AS c dng mang cc BGP traffic qua cc AS khc.

103

Gio trnh kha hc BSCI

Chng 6 - BGP

6.4.

Khi no th dng BGP?

Khi mng ca mt cng ty kt ni n nhiu ISP hoc cc AS khc v ang dng cc kt ni ny. Nhiu cng ty dng cc kt ni khc nhau nhm mc ch d phng. Chi ph c th gim thiu nu tt c cc kt ni u c dng. Trong trng hp ny, PBR c th cn thit trin khai trn tng kt ni. BGP cn c dng khi chnh sch nh tuyn ca nh cung cp dch v v ca cng ty khc nhau. Hoc traffic trong cng ty cn phi c phn bit vi traffic ca ISP. Mng ca hai t chc khng th xut hin nh mt AS. Mt trng hp khc phi dng BGP l khi mng ca ta l mt ISP. Nu l mt ISP, h thng mng ny phi cho php cc traffic khc i qua AS ca mnh. Lc ny n hot ng nh mt transit domain.

6.5.

Khi no th khng dng BGP?

Mt h thng mng n gin l mt h thng mng d dng qun l v bo tr. y l l do chnh trnh dng BGP trong mt h thng mng. V vy, nu h thng mng c cc c im sau, nn dng nhng cch thc khc, chng hn nh static hoc default-routing. Mng ca ISP v mng ca cng ty c chung mt chnh sch nh tuyn. Mc d cng ty ca bn c nhiu kt ni n ISP, cc kt ni ny l d phng v v vy khng cn mt k hoch kch hot nhiu hn mt kt ni n Internet. Ti nguyn mng l c gii hn, chng hn nh b nh v CPU ca router. Bng thng gia cc AS l thp v cc ph tn cho nh tuyn s nh hng n qu trnh chuyn d liu.

6.6.

Mt s thuc tnh quan trng ca BGP

BGP nh tuyn traffic bng cch s dng cc thuc tnh. Vic s dng cc thuc tnh m ch n vic s dng cc bin trong qu trnh chn la ng i trong BGP. Cc thuc tnh ca BGP khng ch l danh sch cc bin m qua route c chn la. Mt vi thng tin c mang trong cc thng ip cp nht l quan trng hn cc thng tin khc. Mt s thng tin khc l rt quan trng cho hot ng ca BGP, v vy cc thng tin ny phI c mang n tt c cc router BGP trong mng. Qu trnh chn la ng i da trn nhng thuc tnh v cc gi tr ca n. Cc thuc tnh c chia thnh hai nhm: nhm nI ting (well-known) v nhm ty chn (optional). C hai nhm ny s c tip tc chia ra lm cc nhm con.

104

Gio trnh kha hc BSCI

Bng 6.2 - Cc nhm thuc tnh

Chng 6 - BGP

Nhm Well-known mandatory

M t Cc thuc tnh ny l bt buc v c cng nhn bi tt c cc router BGP. Khng yu cu cc thuc tnh ny tn ti trong cc cp nht nhng nu chng tn ti, tt c cc router s cng nhn v s c hnh ng tng ng da trn thng tin c cha bn trong thuc tnh ny. Router c th khng cng nhn cc thuc tnh ny nhng nu router nhn c thuc tnh ny, n s nh du v gi y cp nht ny n router k tip. Cc thuc tnh s khng thay i khi i qua router nu thuc tnh ny khng c cng nhn bi router. Cc thuc tnh ny b loi b nu cp nht mang thuc tnh

Well-known Discretionary

Optional Transitive

Optional Nontransitive

ny i vo router m router khng hiu hoc khng cng nhn thuc tnh. Cc thuc tnh ny s khng truyn ti cc BGP.

6.6.1.

Thuc tnh AS_PATH

y l thuc tnh quan trng trong vic xc nh ng i ti u, mang 2 chc nng. Th nht, AS_PATH cng ngn cng c router u tin hn. (v d t AS3 n AS4 c 2 con ng khc nhau: AS3 - B - AS4, hoc AS3 - AS2 - AS1 AS4 th router s u tin con ng ngn hn l qua B). Chc nng th hai l ngn nga vng lp. Bi v thuc tnh AS_PATH rt quan trng cho qu trnh hot ng ca BGP nn tt c cc nh cung cp phi h tr n v l mt thuc tnh mang tnh bt buc, ngha l tt c cc b nh tuyn phi chuyn thuc tnh ny n tt c cc lng ging trong mi thng ip cp nht ca BGP. 6.6.2. Thuc tnh ngun gc (Origin-attribute)

y l mt thuc tnh xc nh ngun gc ca cc routing thng tin cp nht nh tuyn. Nu l i th ch rng routing thng tin cp nht nh tuyn c bit thng qua mt IGP (RIP, OSPF). Nu gi tr e th routing thng tin cp nht nh tuyn c bit thng qua mt EGP. Nu gi tr ? (incomplete) th ch rng khng bit ngun gc ca routing thng tin cp nht nh tuyn. (iu ny c th xut hin nu routing thng tin cp nht nh tuyn c bit thng qua IGP ri sau li c thng bo qua EGP.). Khi n hc ng bng 105

Gio trnh kha hc BSCI

Chng 6 - BGP

lnh network th n thuc tnh ny l: i. Khi n hc ng qua cc lnh nh redistribute v.v... th n thuc tnh l: ?.Cn sau cc mng ny c qung b ti cc EGP router lng ging th thuc tnh ny c i thnh e v router mi hc c cc tuyn ng ny nh EGP. Thuc tnh origin khng thay i qua giao thc EBGP m vn gi nguyn. Thuc tnh origin l e khi tuyn c hc t giao thc EGP (y l giao thc nh tuyn gia cc AS, c s dng nhiu trn Internet khi BGP cha ra i nhng hin nay hu nh khng cn c s dng). 6.6.3. Thuc tnh Next-Hop

Trong eBGP, gi tr next-hop l a ch IP ca router t bn ngoi ca vng t tr AS qung b vo bn trong AS. a ch IP c ch ra bi lnh neighbor. Tuy nhin trong mi trng multiaccess, nu mt route n t mt router, s l khng khn ngoan nu mt router qung b a ch ca n nh l a ch ngun v iu ny s dn n vic cc packets b gi n vi router trn mng multiacess trc khi c th tm ra c ngun gc xut pht tht s. V vy, c mt lut rng, a ch ca router xut pht gi tin BGP s vn gi nh a ch ngun. Khi BGP khai bo mt mng, router t nh r bn thn router nh l Next Hop. Tuy nhin, nu router gi thng ip update cho mt router lng ging khc trong cng mt AS th n li tip tc dng router ngoi AS lm Next hop. Do ta phi cu hnh cho cc router cn li trong AS bit c chnh router bin cng AS vi n l router Next Hop ch khng phi l router khc AS.

106

Gio trnh kha hc BSCI Bc 1: Router A gi cp nht v mng 192.33.33.0

Chng 6 - BGP

Bc 2: Router D nhn update v truyn. Tuy nhin nu routerD thay i a ch sourceaddress thnh a ch a ch ca chnh n, s c mt s nhm ln xy ra v trong mi trng multiaccess, mi router s cng b n l next-hop. trnh tnh hung ny, a ch ngun ca update khng thay i. Bc 3: Router B bit routerA l next-hop ca mng 192.33.33.0 Thuc tnh Next-Hop v mng NBMA Cng ging nh trong mi trng multiaccess, mt mng NBMS cng tun theo cng mt qui lut. Tuy nhin s c tim n mt vn v cc router khc s khng c kh nng kt ni trc tip vi router ngun nu m my NBMA c cu hnh hub-and-spoke.

Thuc tnh Next-Hop trong BGP

150.10.0.0 (AS 100) RouterA--------(150.10.3.1)---IBGP--------RouterB---| |(170.10.20.1) | | | (170.10.20.2) RouterC |_ 170.10.0.0 (AS 300)

107

Gio trnh kha hc BSCI

Chng 6 - BGP

Thuc tnh BGP nexthop l mt a ch next hop IP m n s c dng i n mt s mng ch. i vi EBGP, next hop lun lun l a ch IP ca router lng ging c khai bo trong cu lnh neighbor. Theo v d trn, RouterC s qung co network 170.10.0.0 cho RouterA vi mt next hop l 170.10.20.2 v ngc li RouterA s qung co li 150.10.0.0 cho RouterC vi mt next hop l 170.10.20.1. i vi IBGP, c mt nguyn tc l: the next hop advertised by EBGP should be carried into IBGP. Chnh v quy lut ny, nn Router A s qung co li 170.10.0.0 cho cc IBGP peer ca n, trong trng hp ny l RouterB vi mt next hop l 170.10.20.2. V th, lc ny RouterB s c next hop i n network 170.10.0.0 s l 170.10.20.2 ch KHNG phi l 150.10.30.1. Lc ny th bn phi m bo rng RouterB c th reach 170.10.20.2 thng qua IGP, nu khng RouterB s drop nhng packet c dest. l 170.10.0.0 v lc ny a ch next hop address tr nn inaccessible. n y th bn hy hnh dung nu nh trong mi trng NBMA, v c thm mt RouterD (network 180.20.0.0) c thm vo trong AS 300, m RouterA khng c PVC kt ni trc tip n RouterD th lc ny nexthop ca RouterD qung co cho RouterA m RouterA s khng reach c. Lc ny routing s fail. khc phc tnh trng ny th NEXT-HOPE-SELF c s dng.
neighbor {ip-address| peer-group-name1 } next-hop-self

Cu lnh ny s cho php p t BGP dng a ch mnh khai bo thnh next hop thay v BGP t chn next hop.
RouterC# router bgp 300 neighbor 170.10.20.1 remote-as 100 neighbor 170.10.20.1 next-hop-self

RouterC s qang co 180.20.0.0 vi NextHop = 170.10.20.2. Next-hop-self ch c li trong mi trng non-meshed. 6.6.4. Thuc tnh Local-Preference

y l thuc tnh khng bt buc (tc l khng cn phi xut hin trong thng ip Update), ch mang ngha cc b trong phm vi AS m khng bao gi gi ra khi AS . N c truyn n cc local BGP neighbors. Thuc tnh Local-Preference cho php chng ta chn con ng mong mun nht ra khi mt AS.

108

Gio trnh kha hc BSCI 6.6.5. Thuc tnh trng s (Weight)

Chng 6 - BGP

y cng l thuc tnh khng bt buc, cc nh cung cp khng cn phi h tr cho n. Thc t thuc tnh ch c cung cp cho mt b nh tuyn n v khng gi trong bt k thng ip Update no. Thuc tnh Weight c dng iu khin hng truyn cc local packet n router khi router c hai route khc nhau ra khi AS (multihomed). 6.6.6. Thuc tnh MULTI_EXIT_DISC (MED)

y l thuc tnh c AS dng tham chiu cho vic nn chn router no i n cng mt ch trong mt AS. Trong BGP cng c mt ATTRIBUTE c gi l metric, l MED (Multiexit Discrimination). Tuy nhin MED ny c ngha hi khc so vi metric trong cc IGP. BGP dng MED (metric) hng dn cho cc router lng ging la chn ng i tt nht. MED(multiple-exit-discriminator) l 1 attribute ca BGP, n gii thiu v nhng router lng ging bn ngoi v 1 mng c chn vo 1 AS c nhiu exit point, ci no c MED thp hn s c chn (do c l n ging vi metric), khng ging nh Local Preference, MED c trao i gia cc AS nhng n s khng ra khi AS nu n vo (khi 1 thng tin cp nht nh tuyn vo 1 AS vi gi tr MEd xc nh th n s c s dng thc hin quyt nh trong ni b AS .Nu 1 route xut pht t chnh AS th MED s c tnh theo metric ca IBGP. MED l mt attribute yu (trong th t route-selection ca BGP), nn control c n cn phi ch n cc thuc tnh c mc u tin cao hn (weight-localpreference-originate-ASpath-origin code). Hn na, originated AS khng th iu khin qu trnh t MED trn cc originating AS (neighbor AS), hoc ngc li, nn him khi c dng trong thc t. Ngoi ra, vi nhiu Customer vi cc yu cu chnh sch chn outgoing traffic khc nhau, MED khng hiu qu. Ngi ta hay s dng community attribute gii quyt vn chn incomming traffic thay cho as-path prepending hoc MED. 6.6.7. Thuc tnh Communtity

y l mt thuc tnh khng bt buc. Thuc tnh ny c dng cung cp chnh sch cho mt nhm cc router i qua cc AS. Do cc router ny c cng mt tnh cht v c chung chnh sch. Nu mt router nhn c mt thng ip Thng tin cp nht nh tuyn vi thuc tnh Community c thit lp,n s x l thng ip ny mt cch hp l. Nu n khng hiu thng ip ny th s gi thuc tnh cho router lng ging router x l. (Tuy nhin, nu n hiu th s khng bao gi gi thuc tnh cho lng ging router tr khi c ch nh lm thm iu g ). 109

Gio trnh kha hc BSCI

Chng 6 - BGP

6.7.

Tng quan hot ng ca BGP

BGP l mt giao thc hng kt ni. Khi thit lp mt quan h neighbor, mt phin lm vic TCP s c thit lp v duy tr. BGP s gi ra cc thng ip keepalive kim tra ng truyn v duy tr phin lm vic TCP ny. Cc thng ip keepalive ny ch l nhng header c gi tr 19-bytes. Sau cc router s gi cc cp nht nh k ch khi c thay i xy ra. Sau khi iu chnh bng BGP, qu trnh BGP s truyn n tt c cc lng ging cc thay i. C 4 kiu thng ip c dng trong BGP: 1. Thng ip open: c dng thit lp kt ni vi cc router BGP khc. 2. Thng ip keepalive: c gi nh k gia cc BGP peers duy tr kt nI v kim tra ng i. Cc thng ip keepalive ny c gi theo c ch khng tin cy. Nu khong thi gian nh k c gn v bng 0, s khng c thng ip keepalive no c gi. 3. Thng ip cp nht: cha cc ng i v cc a ch ch v cc thuc tnh ca ng i. Cc cp nht bao gm cc route khng cn tn ti. Thng tin cha trong cc cp nht bao gm cc thuc tnh v ng dn, bao gm thuc tnh origin, AS_PATH, neighbor. 4. Thng ip Notification: c dng thng bo cho cc router khc v nhng nguyn nhn gy ra kt ni b ngt.

6.8.

CIDR v Route Aggregation

BGP cn phi truyn mt s thng tin gia cc AS nhng c l khng phi tt c cc thng tin l cn thit. Nu h thng mng c thit k h tr qu trnh summarization, tng s ti nguyn mng s c gim i bi v c rt t b nh, bng thng v CPU c dng gi bng nh tuyn. Tht ra, bng cch tm tt cc lp a ch IANA, mng Internet s tr thnh mt mt mi trng nhanh hn v tin cy hn. Cch dng CIDR l mt trong nhng gii php c dng nhiu trong nhng nm gn y. Cc a ch s c hp nht li thnh mt s a ch dng summary. Thay v mt a ch c mt gi tr netmask nhn ra phn a ch network, n s c mt gi tr prefix mask. Gi tr ny n gin l mt con s ch ra s bit dnh cho phn network. Qu trnh summarization s gim thiu s prefix. Nu mt mng c cp tm a ch lp C, n c th c qung b nh mt network. BGP s truyn cc prefix v cc prefix mask. Mt router c th truyn route c tm tt, cc route ring l cha c summarize hoc truyn c hai. 110

Gio trnh kha hc BSCI

Chng 6 - BGP

6.9.

C ch hot ng ca IBGP

IBGP khng thay i thuc tnh AS-PATH ca mt tuyn do chng loop, s dng qui lut split-horizon: mt BGP peer s khng gi cc tuyn c hc t IBGP n mt BGP peer khc. Nh vy, c th forward d liu cho cc AS khc, cc router ca transit AS phi thc hin: 1. Gii php th nht: Phn phi li cc tuyn BGP vo IGP tha mn qui lut ng b, nhng phng php ny khng nn s dng trong cc mng core ca ISP do s tuyn trn Internet rt ln, cc IGP c thit k khng phi c th qun l s tuyn qu ln nh vy, ngoi ra, nu dng phng php ny th khi c s thay i v 1 tuyn trn Internet s lm cc IGP phi thc hin gii thut tm ng chim nhiu CPU v b nh gy mt n nh. 2. Gii php th hai: Cc BGP peer c full-mesh m bo cc router u c thng tin nh tuyn forward packet. Khi ny c th tt chc nng ng b ca IBGP. Nhng full-mesh dn n vic kh qun l, tn bng thng cp nht nh tuyn, tn 111

Gio trnh kha hc BSCI

Chng 6 - BGP

CPU,mem. C 2 cch gii quyt vn ny. S dng Route Reflector: thay i qui lut split-horizon ca IBGP. Cc RR c th gi cc tuyn IBGP n cc BGP peer khc. chng lp vng, cc RR thm vo cc thuc tnh: cluster-id v originator. S dng Confederation: thay i cch x l AS-PATH ca IBGP: Chia mt AS thnh nhiu member-AS. BGP gia cc BGP peer thuc cc member-AS khc nhau s l EBGP (tc l s thm member-AS vo AS-PATH chng loop) nhng cc thuc tnh khc nh Local Preference, MED, Next-hop s khng thay i. u im ca gii php ny l cc member-AS c th c qun l c lp, tng kh nng chnh sch nh tuyn routing. Cc member-AS c th s dng cc IGP khc nhau. Nhng qun l mt Confederation th c th s rt phc tp do n ch thch hp cho cc ISP cc ln (cc ISP kt ni trc tip vo cc im trung chuyn quc t nh NAP...) hoc cc cng ty a quc gia cn c s linh ng v c lp gia cc thnh phn ca h thng. la chn tuyn cho cc Incoming traffic, c th s dng cc cch sau. S dng thuc tnh MED: cch ny t s dng do MED l mt thuc tnh yu v non-transitive. S dng community: phng php ny i hi phi c upstream ISP h tr, ch nh hng n ISP trc tip, trong nhiu trng hp khng lm vic tt. S dng AS-Prepend: phng php ny c s dng thng dng hn do c th lm vic tt trong tt c cc m hnh. Nhng mt iu cn phi nh, quyt nh tuyn cho Incoming traffic rt kh thc hin chnh xc do cc AS khc c th thay i cc thuc tnh. set metric, bn c th dng lnh default-metric
Router(config-router)#default-metric number

hoc c th dng route-map:

router bgp 100 neighbor 1.1.1.1 route-map freddy out ! ip as-path access-list 1 permit ^690_ ip as-path access-list 2 permit .* ! route-map freddy permit 10 match as-path 1 set metric 127 ! route-map freddy permit 20

112

Gio trnh kha hc BSCI

match as-path 2

Chng 6 - BGP

Trong v d trn, cc route as 690 s c set metric l 127.

6.10.

Tm tt gii thut tm ng i tt nht ca BGP

BGP s gn ng i hp l u tin nh l ng i tt nht hin c. Sau BGP s so snh ng i tt nht ny vI ng i k tip trong danh sch cho n khi no hon tt tt c cc ng trong danh sch cc ng i hp l. DI y l danh sch cc lut c dng xc nh ng i tt nht. u tin ng i c trng s WEIGHT cao nht. WEIGHT l mt thng s do Cisco

a ra. Thng s ny ch c nh hng trong phm vi ni b ca router c cu hnh dng thng s ny. u tin ng i c LOCAL_PREF cao nht. Nhng ng i khng c thuc tnh u tin nhng ng i c ngun gc t lnh network hoc lnh aggregate hoc thng LOCAL_PREF s c gi tr mc nh l 100. qua qu trnh redistribution t mt IGP. Cc ng i c ngun gc t lnh network hoc lnh redistribution c u tin hn nhng ng i c ngun gc t lnh aggregate. u tin nhng ng i c thuc tnh AS_PATH ngn nht. Bc ny s b b qua nu bin bgp bestpath as-path c cu hnh. Mt tp hp AS_SET s c m t 1, bt chp c bao nhiu AS bn trong tp hp. Cc bin AS_CONFED_SEQUENCE v AS_CONFED_SET s khng bao gm trong AS_PATH. u tin cc ng i c ngun gc thp nht. IGP th thp hp EGP v EGP th thp u tin nhng ng i c gi tr MED nh nht. S so snh ny ch c thc hin hn INCOMPLETE. nu AS u tin l ging nhau cho c hai ng i. Bt c mt AS con no ca confederation s b b qua. Ni cch khc, MED c so snh ch nu gi tr AS u tin trong AS_SEQUENCE l ging nhau. Nu lnh bgp always-compare-med c cu hnh, MED c so snh cho tt c cc ng i c th. Nu dng chn la ny, tt c cc router trong AS phI c cu hnh vI chn la bgp always-compare-med, nu khng routing loop s xy ra. Nu thng s bgp bestpath med-confed c cu hnh, MED s c so snh trn tt c cc ng i m ch cha bin AS_CONFED_SEQUENCE (l nhng ng i xut pht t local confederation). Nhng ng i c nhn t mt router lng ging c gi tr MED l 4,294,967,295 s c gi tr MED thay I n 4,294,967,294 trc khi c chn vo bng BGP. Nhng ng i c nhn m khng c MED c cu hnh s c gn gi tr MED bng 0. 113

Gio trnh kha hc BSCI bc 9. u tin nhng ng i c IGP metric thp nht n BGP next-hop.

Chng 6 - BGP

u tin nhng ng i eBGP so vI iBGP. Nu ng i tt nht c chn la, qua

Kim tra xem c nhiu ng i d phng cn phi ci t vo bng routing hay

khng. Nu c hai ng i l t bn ngoi, u tin ng i c nhn trc (ng i c nht). Bc ny s b b qua nu: o Lnh bgp best path compare-routerid c dng. o RouterID l ging nhau cho nhiu ng i v cc routes c nhn t cng 1 router. o Hin ti khng c mt ng i tt nht. u tin nhng ng i n t BGP router c routerID nh nht. Gi tr routerID l a ch IP cao nht trn router. Gi tr ny cng c th c gn bng lnh bgp router-id. Nu mt ng i cha 1 route-reflector, thuc tnh Originator ID ca Route-Reflector s thay th cho routerID. Nu RouterID l ging nhau cho nhiu ng i, u tin ng i c s cluster l t nht. iu ny ch ng trong mi trng BGP route-reflector. N cho php nhng thnh vin trong Route-Reflector thit lp quan h peer vI cc thnh vin trong cc RR khc. u tin nhng ng i n t nhng lng ging c a ch thp nht. a ch ny l a ch c dng trong lnh neighbor.

6.11.

Xy dng network dng iBGP

Mc d BGP l mt giao thc ngoi vng, n c hai phin bn: BGP ni (iBGP) v BGP ngoi (eBGP). S khc nhau ph thuc vo chc nng ca giao thc nh tuyn. Router s xc nh khi no th mt BGP s l eBGP hoc l mt iBGP bng cch kim tra gi tr AS c gi trong thng ip open-message. eBGP s tng thch vi cc yu cu chung ca mt giao thc ngoi vng. EBGP s gi cc thng tin nh tuyn gia cc AS khc nhau. V vy, router bin gii cc AS l eBGP router. iBGP c dng trong cc AS. IBGP chuyn cc thng tin n tt c cc BGP router bn trong domain v m bo rng tt c cc router c chung mt hiu bit v cc mng hin c. IBGP c dng gia cc router trong cng mt AS. thit k v trin khai BGP chnh xc, c mt vi c im ca BGP cn phI c hiu. iBGP khng nht thit phi kt ni trc tip v mt vt l. Khng ging nh RIP hoc OSPF hoc IP v.6, cc router chy iBGP khng cn phi kt ni trc tip trn cng mt h tng mng. Mt s giao thc khc, chng hn nh OSPF s nh tuyn cc gi BGP gia cc iBGP router. 114

Gio trnh kha hc BSCI

Chng 6 - BGP

Hnh 6.2 - Cc AS ca BGP

Thng qua cc kt ni logic, TCP s route cc gi i qua cc AS bi cc bng nh tuyn c duy tr bi OSPF. BGP c th truyn cc thng tin nh tuyn vo bn trong AS, n c th dng redistribute t BGP vo IGP. Qu trnh redistribute ny c th rt phc tp. Mt iBGP s truyn mt route n BGP neighbor theo hai iu kin sau: iu kin 1: Mt route c truyn bi router bng mt trong nhng phng thc sau di y. Thng qua lnh network c redistribute t mt IGP c redistribute t tuyn ng tnh iu kin 2: Nu route c qung b l tuyn ng tnh.

115

Gio trnh kha hc BSCI

Chng 6 - BGP

Nu mt route c hc t mt update t mt BGP peer trong cng mt AS, mt router BGP c th truyn route ny ch n eBGP. Bi v iBGP khng c chuyn nhng cp nht m n hc t iBGP peers, n cn phi kt ni fully-mesh vi nhau c y kin thc. Tuy nhin, mt mng fully-mesh th s khng c kh nng m rng v tt c cc router trong mt AS phi thit lp peer vi nhau.

6.12.

Lut synchronization

Lut n gin ni rng trc khi mt iBGP c th truyn mt route vo mt AS khc, route phi c bit trn ton AS ca n. Ni cch khc, mt giao thc nh tuyn IGP phi c ng b (synchronized) vi BGP. Lut synchronization ny l c bt ON ch mc nh v n ch nn c tt nu tt c cc routers trong AS ny chy BGP. Cc router BGP c bng nh tuyn v BGP table ring bit. Lut synchronization c pht biu nh sau: Mt route c hc t mt router IBGP lng ging (tc l route ny c trong BGP table) ch c a vo bng nh tuyn hoc qung b (advertise) ti BGP peer khi n c bit ti nh mt IGP. Khi mt router BGP nhn mt tuyn IBGP th n phi xem trong bng nh tuyn IGP c ng i n mng cha, nu c th mi xem tuyn c gi tr v c th s dng hoc gi cho cc BGP peer khc. iu ny l cn thit m bo cc router dc ng khng loi b cc gi tin do khng c tuyn.

Hnh 6.3 - Lut synchronization

116

Gio trnh kha hc BSCI

Chng 6 - BGP

Trong hnh v trn, nu transit AS ch c cc router ngoi ra chy iBGP, ta cn phi da vo cc IGP mang traffic gia cc router iBGP. V vy, IGP cn phI c cc thng tin ny trong bng nh tuyn c th hon tt vic ny. AS400 v AS800 dng AS200 nh l transit AS. Theo lut synchronization, router s gi cc cp nht n AS 800 s khng truyn network 56.0.0.0 c qung b bi AS 400 tr phi OSPF c y thng tin v network 56.0.0.0. Ni cch khc, AS800 c th gI traffic n 56.0.0.0 s b mt trong AS200 bi v nu khng c thng tin trong bng nh tuyn, n s khng c kh nng y traffic n a ch ch ph hp. Trong mt mng m c IGP v IBGP chy song song th vn khng nh hng g c. Cc IBGP cn phi c full-meshed v mt router c th bit c cch n c IBGP peer ca n , n phi da vo IGP. Trong bng nh tuyn ca mt router s c c cc route ca BGP v IGP , do tt c cc router trong mng u bit ng i n tt c cc net work ta phi thc hin redistribute , hoc qung co net work mt router trong mng. Ty theo topo ca mng m ta c nhng gii php c th. Trong mt vi trng hp, vic tt synchronization l cn thit. Cc trng hp ny l: Tt c cc Router trong AS u chy BGP. AS ca bn khng phi l 1 transit AS, tc l khng advertise routes t 1 AS sang 1 AS khc. Nu tt c cc router trong AS l fully-mesh. Version 12.2 th BGP Sync s tt ch mc nh.

6.13.

Aggregate Address

Khi cu hnh aggregate-address m khng dng thm mt ty chn no, route c sinh ra s khng tha hng bt c mt attribute no ca tng specific route (v d nh AS_PATH hoc community). Khi bn dng t kha as-set, thuc tnh ca tng route thnh vin s c lu li.
router bgp 300 neighbor 2.2.2.2 remote-as 100 neighbor 3.3.3.3 remote-as 200 neighbor 4.4.4.4 remote-as 400 aggregate-address 160.0.0.0 255.0.0.0 summary-only as-set ! RouterD#show ip bgp

117

Gio trnh kha hc BSCI

BGP table version is 2, local router ID is 4.4.4.4

Chng 6 - BGP

Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path *> 160.0.0.0/8 4.4.4.1 0 300 {200,100} i

Trong bng BGP, as-path ca aggregate-route c thm cc path ca tng route thnh vin.

6.14.

Mng Fully-Mesh

Lut BGP split horizon ni rng mc d cc router khng cn kt ni trc tip, n cn phi fully-mesh. iu kin ny nhm m bo cc mng phi thy nhau. trnh routing-loop, giao thc BGP phi tun theo lut split horizon rng khng c update no hc t mt peer bn trong c th gi n mt peer khc. iu ny c ngha rng, mt network khi c nhn s khng phn phi n cc router iBGP khc. Cc mng ny ch c truyn n cc router BGP trong cc AS khc, cn gi l eBGP peer. BGP duy tr cc thng tin cp nht bng cch gi cc update trn cc kt ni TCP. Cc kt nI TCP ny l mt cch xut sc m bo tnh chnh xc ca thng tin, nhng nhc im ca n l tn nhiu ti nguyn h thng. S kt ni cng ln, ti nguyn yu cu cng nhiu. Mt cng thc n gin nh sau: S cn n (n 1) / 2 kt nI TCP trn mt mng gm n router BGP. Nh vy mt mng gm 10 router s yu cu 10 (10 1) / 2 = 10 * 9 / 2 = 45 phin lm vic. Cng thc ny chp nhn c trong mi trng c mt vi kt ni, tuy nhin nu h thng mng l mt nh ISP th thit k trn khng ph hp. Chi ph qun tr trong mng fullymesh Cng c nhng ph tn qun l trong vic duy tr cc mng kt ni fully-mesh. V d, mi ln c mt router BGP mi thm vo, s kt ni phi thit lp cng s tng ln nhiu ln tng ng. i vI TCP, khng ch phi duy tr cc kt ni rt tn ti nguyn m cn l cc cp nht updates phi i trn cc kt ni ny. Nu tt c cc router kt ni vi tt c cc router khc, mt s lng ln thng tin s c gi i trng lp.

118

Gio trnh kha hc BSCI

Chng 6 - BGP

Hnh 6.4 - Cu hnh fullmesh cho iBGP

Thit k v cu hnh mt mng iBGP Vn hn ch kh nng m rng trong mt mng fully meshed iBGP c th c gii quyt bng cc gii php thit k. Cc gii php v cu hnh s cho php ta b qua lun cc iBGP phi c full mesh. Cc lnh mi ny cho php ta pht trin mt mng hub-and-spoke n gin ha cc kt ni TCP. Gii php c gii thiu trong phn ny l gii php dng route reflector.

6.15.

Route Reflectors

Mt route reflector l mt router c cu hnh chuyn nhng routing update n cc router lng ging hoc cc router chy BGP bn trong mt AS. Cc router iBGP cn phi c ch ra nh l client trong khi cu hnh. Khi mt client gi mt update n route-reflector, n s chuyn update n cc router client khc. c bit, route-reflector nh ngha lut split horizon. Lt ny ni rng mt iBGP router s khng truyn mt route c hc t mt router lng ging trong cng mt AS. Route Reflector v client s i hi mt quan h peer y bi v route reflector s gi cc cp nht t cc client khc nhng vic thit lp peer gia cc client l khng cn thit. 119

Gio trnh kha hc BSCI

Chng 6 - BGP

Mt route-reflector s kt ni n cc peers m n khng y route n. T quan im ca route-reflector, cc neighbor ny c gi l non-clients. Cc router nonclients phi c kt ni fully-meshed vi cc route-reflector v vi cc non-client khc. Khi mt router cu hnh nh mt route-reflector, n s y nhng ng i c hc t cc iBGP khc ch n cc route-reflector clients v ti cc iBGP/eBGP neighbors. iu ny c ngha l mt thit k hub-and-spoke c th c trin khai trong mt AS gia cc iBGP peers, nh vy gim thiu s session gia cc routers. C route-reflector v cc client ca n hnh thnh nn mt n v chia s thng tin. n v ny gi l cluster. Mt Autonomous System c th c chia ra thnh cc cluster, trong cc cc cluster s c cc route-reflector c ch nh v cu hnh. Phi c t nht mt route-reflector trong mi cluster. Nu mt route-reflector kt ni n cc route reflector khc, route-reflector phi c fully-meshed. iu ny nhm m bo cc bng iBGP routing l y . Khi mt routerefletor chuyn i mt update, thuc tnh Originator_ID s c thit lp. y l BGP routerID ca router to ra ng i. Nu router ny nhn lI bn update , router s thy ID ca chnh n v s b qua packet. iu ny nhm ngn nga kh nng routing loop. Nu c nhiu route-reflector trong cluster, cc router s phn bit vi nhau bng clusterID. Thng s ny phc v cng mt mc ch nh thuc tnh Originator_ID ngn nga routing loops.

Vi cch dng route-reflector, router ng vai tr route-reflector s tn nhiu ti nguyn hn. Nu cu hnh route-reflector khng chnh xc, n c th gy ra routing-loop. C nhiu mc route-reflector c th c cu hnh bng cch to ra cc thit k theo th bc. Cc router khng l thnh phn ca route-reflector s khng b nh hng trong nhng thay i v thit k v nhng thay i v qu trnh truyn cc cp nht. Thay vo , cc router ny s khng nhn bit c bt c thay i no v n vn nhn c cc update m n cn. Bn thn cc routing update cng khng b thay i bi v khng c s thay i no trong gi tr cc thuc tnh c mang trong cc routing update. Chnh v cc c im trn, qu trnh chuyn i thit k mt h thng mng no sang dng dng route-reflector th rt d dng. Mt thit k quan trng l bn thn cc routereflector trong mt AS cng phi fully-meshed. Ngoi ra, mt route-reflector ny c th l client cho mt route-reflector khc. Thit k nh vy kh phc tp v yu cu xem xt cn thn bi v khi cc route-reflector c cu hnh v split horizon b disable, khng cn mt c ch no bo v routing loop.

120

Gio trnh kha hc BSCI

Chng 6 - BGP

Hnh 6.5 - Thit k Route-reflector

Cc li ch ca route-reflector bao gm: Kh nng m rng mng. Thit k mang tnh cu trc cao. Gim traffic trn mng. Gim b nh v CPU cn thit duy tr cc phin TCP session trn cc my iBGP peers. Hi t nhanh hn v mng tr nn n gin hn bi v c n hai giao thc nh tuyn c dng: iBGP cho cc thng tin nh tuyn bn ngoi i qua AS; IGP cho cc router bn trong mt AS.

121

Gio trnh kha hc BSCI

Chng 6 - BGP

Hnh 6.6 - Cu hnh cc route-reflector

Hot ng ca Route Reflector Mt RR n gin ging nh mt tm gng phn hi cc update t cc client n cc client khc m khng yu cu mt mng phi fully-meshed. Khi mt RR nhn c mt cp nht: Client s chuyn update cho router lng ging ca n, trong trng hp ny l RR. Mt cp nht t client c nhn t RR v cp nht s c chuyn n cc RR clients cng nh nonclients. Thng s originatorID ban u s b loi tr ra khi cp nht. Nu c nhiu ng i nhn c t RR, ng i tt nht s c chn thng qua RR. Router duy nht m c update chuyn n n l ngun gc ca route. Mt nonclient router s chuyn cc cp nht tI cc lng ging ca n, c th l mt RR. Mt RR nhn mt update t mt router nonclient v update ch c chuyn n clients RR s cp nht c client v non-clients. 122

Gio trnh kha hc BSCI

Chng 6 - BGP

6.16.

Route Refresh

Sau khi thc hin bt k mt cu hnh BGP no, cn phi reset cc phin lm vic TCP sao cho cc thay i c hiu lc. iu ny l do cc qu trnh BGP lu tr ch nhng tin t prefix p dng cho mt chnh sch lit k trc. Nu chnh sch thay i, cc phin TCP phi c kt thc v kt ni li vi cc c im mi. C th dng cc lnh sau:
Router#clear ip bgp *

Hoc gi mt BGP update n mt neighnor no :

Router#clear ip bgp neighbor-address in

Cng c th cu hnh BGP lu cc mng trc khi policy thay i. Tc v ny r rng i hI nhiu b nh, nhng n cho php cc cu hnh mi c hin thc m khng hy cc session hin c. Lnh di y p dng cho tng neighbor v ch p dng cho cc cp nht theo chiu inbound.
Router#neighbor neighbor-address soft-configuration inbound Router#clear ip bgp neighbor-address soft [inbound]

6.17.

Peer Groups

Nu khng c peer-group, tt c cc iBGP peer phi c fully meshed nhn cng mt update. iu ny c ngha l mi iBGP router u thc hin cng mt tnh ton, gy lng ph CPU v gii hn kh nng m rng ca iBGP. Khi peer group c cu hnh, tt c cc router bn trong peer group c cng chnh sch i vi bn ngoi, nhng vn cho php cc chnh sch i vo khc nhau c cu hnh trn nhm. C ngha l mt cp nht s c to ra cho c nhm. Kt qu l: Ph tn qun l c gim i bi v cu hnh l n gin hn, gim thiu kh nng b li. t i hi ti nguyn CPU, mng hi t nhanh, n nh v tin cy.

6.18.

Kim sot BGP Traffic

Cc BGP update c th c kim sot. Nhn chung, trong cc giao thc nh tuyn, kim sot cc cp nht l mt vic tt. Vic kim sot cc cp nht gip cho n gin ho h thng mng v d dng bo tr. Vic thit k cc thng tin nh tuyn c chuyn i nh th no cng c xem l mt tc v c bn ca bo mt mng v iu ny gip cho gim nguy c b routing-loop. C ba cch p t PBR trong BGP: 123

Gio trnh kha hc BSCI T chi hay chp nhn cc routes c chn. Thit lp cc thuc tnh nh hng n qu trnh chn la ng i.

Chng 6 - BGP

Ra quyt nh da trn thuc tnh AS_PATH, thuc tnh community hoc prefix.

Qu trnh t chi hay chp nhn cc routes yu cu mt vi dng ca filtering thng qua cc ACL. Tc v filtering khng ch c dng trong PBR m cn kim sot traffic trong mng. C ba dng filtering trong Cisco router: Access-list cho AS_PATH c dng lc cc AS. Mt ACL c dng trong BGP s lc cc update c gi t mt router peer trn AS path. Prefix list c dng lc cc prefix, c bit trong qu trnh redistribution. T Cisco IOS v.11.2, cc ISP s dng cc prefix-list l mt dng kh hiu qu ca filtering. C ch dng prefix-list da trn prefix ca mt a ch. Distribute lists Distribute-list c dng lc cc cp nht. Mc d distribute-list thng c dng trong redistribution, cng c ny khng ch dnh ring cho qu trnh redistribution. N c th p dng cho cc traffic theo chiu inbound v chiu outbound t bt c cc peer no. C prefix-list v distribute-list u lc da trn a ch mng ch khng dng AS_PATH. Route maps Route map c dng nh ngha chnh sch nh tuyn. Mt route-map l mt accesslist phc tp qua router hot ng khi mt match c nhn dng. Route map c dng trong BGP xc lp cc thuc tnh ca BGP chn ra ng i tt nht. Prefix List hot ng nh th no? Prefix-list ch tm kim trn phn network ca mt a ch nn qu trnh tm kim l rt nhanh. iu ny c bit quan trng trong khi tm kim nhng bng nh tuyn kch thc ln trong BGP. Mt thun li khc ca prefix-list l kh nng son tho. Mc dng trong ACL truyn thng vn cho php son tho ng (dng named ACL), prefix-list c th to v s dng d dng. iu ny khng ch ng vi tnh nng son tho m cn vi giao din ci tin. Trc khi p dng mt prefix-list vo mt qu trnh hay mt cng giao tip, ngi qun tr phi nh ngha cc tiu ch cho access-list. Mi dng trong prefix-list c kt hp vi mt ch s, tng t nh cc dng trong mt chng trnh my tnh. Nu ta khng nhp vo 124

Gio trnh kha hc BSCI

Chng 6 - BGP

ch s th t (sequence-number), ch s ny s c t ng to ra, vi mi ln tng l 5. Cc s khng c dng, chng hn nh t 1 n 4 cho php cc dng thm vo v sau. Ta c th son tho prefix-list bng cch ch ra ch s dng hoc sequence-number. Kh nng ny l khng c trong ACL. Prefix-list hot ng bng cch tm cc prefix trong danh sch match vi cc prefix ang kim tra. Nu c mt match xy ra, route s c dng hay b loi b. C th, khi c mt prefix b deny hoc c permit, cc lut sau s c dng: Nu mt route l permit, route s c dng Nu mt route l deny, route s khng c dng Kt thc ca mi prefix-list l mt pht biu ngm nh deny. Nh vy, nu cho trc mt prefix m prefix ny khng match vi mt entry trong prefix-list, prefix s b deny theo lut mc nh. Nu c nhiu entry trong mt prefix list match vi mt prefix, entry c ch s sequence number nh nht s c dng. Router bt u tm kim nh ca prefix-list, vi ch s sequence-number bng 1. Khi mt match l tm thy, qu trnh tm kim kt thc. Thi gian x l s c gim nu cc iu kin match/deny c t u ca danh sch. iu ny ngn nga vic phi x l cc iu kin him khi gp mi khi mt route c kim tra. Cc ch s sequence number t ng gia tng theo mc nh. cu hnh sequencenumber, dng thng s seq seq-value trong lnh ip prefix-list. Ch s sequence number khng cn thit ch ra khi xa mt dng trong cu hnh. Lm th no cu hnh BGP prefix-list? Dng lnh sau cu hnh prefix-list:
Router(config-router)#ip prefix-list prefix-list-name [seq seq-value]

{deny|permit} network/len [ge ge-value] [le le-value]

Bng 6.3 - Ch gii cc thng s cu hnh prefix-list

Thng s (Parameter)
prefix-list-name [seq seq-value] {deny | permit}

M t (Description) Tn ca prefix-list S th t c gn n tiu chun ang nh ngha Hnh ng l t chi hoc cho php i vi kt qu 125

Gio trnh kha hc BSCI

network/len [ge ge] [le le_value]

Chng 6 - BGP Chiu di ca prefix phi match Ch ra chiu di ca prefix cn phi match

cu hnh mt router dng prefix-list nh l filter trong distribute-list, dng lnh sau:
Router(config-router)#neighbor prefix-list-name {in|out} {ip address|peer-group} prefix-list

6.19.

Kt ni Internet dng BGP

Do l giao thc ngoi vng, BGP c dng kt ni n Interner v nh tuyn traffic trn Internet. Do bn cn phi bit mt s tiu ch thit k khi kt ni n mt ngun ti nguyn khng l nh vy. Khi kt ni Internet, mng ca bn tham gia vo mt h thng mng rng ln, v vy bn phi m bo router ca bn khng b qu ti bi lng thng tin. Phn ny kho st hai vn : nhu cu cho cc kt ni d phng (cn gi l multihoming) v nhu cu ra quyt nh s c bao nhiu thng tin nhn t Internet.

6.20.

Kt ni d phng ra Internet - Multihoming

Mt lng ln cc traffic trn Internet l tm kim ti nguyn. Traffic ny khng ch bao gm email v cc phng tin khc ca giao tip m cn truy cp thng tin t Internet. Ngi qun tr mng phi phi thng xuyn kt ni ti Internet. Nu c nhiu kt ni n Internet, ngi ta gi y l multi-homing. Nguyn nhn c nhiu kt ni n internet th kh r rng. Nu dng nhiu kt ni d phng, ta cn c th trin khai vic chia ti ci tin performance ca h thng mng. C ch multihoming c th bao gm vi kt ni n cng mt nh cung cp dch v hoc bao gm nhiu mc d phng bng cch kt ni n mt nh cung cp dch v ISP khc. C cc mi quan tm sau y khi kt ni n nhiu hn mt ISP: Mi nh cung cp dch v c th khng truyn cng cc routes n t Internet. Nu cc nh cung cp dch v gi cng mt subnets ca cc routes c yu cu, s c vn ln pht sinh khi kt ni t mt trong nhng nh cung cp dch v b rt. Nu bn kt ni n hai nh cung cp dch v khc nhau, vng AS ca bn c th tr thnh transit AS gia cc ISP. iu ny c th xy ra nu mt router trong AS ca mt nh cung cp dch v tm thy ng i n ch thng qua AS ca mt nh ISP khc. V nu AS ca bn cung cp ng i tt nht n AS ca nh ISP kia. Cu hnh mc ISP l gii php cho nhng mi quan tm ny v n lin quan n vic thit lp dch v. V vy, bn nn a ra yu cu v multihome khi tho thun vi cc nh cung cp dch v sao cho cc ISP nhn bit v nhu cu cu hnh thm cho bn. 126

Gio trnh kha hc BSCI

Chng 6 - BGP

6.21.

Nhn thng tin nh tuyn t Internet

Khi kt ni ra mt h thng mng ln nh Internet, vi k hoch phi c chun b k. c bit, ngi qun tr cn phi quyt nh nhng updates no l cn gi ra th gii bn ngoi v cc router bn trong mt AS cn phi bit v th gii bn ngoi nh th no. C 3 gii php chn la route t Internet: Chp nhn ch default-route t tt c cc nh cung cp dch v.

Chp nhn mt phn routes bn cnh cc default-routes t cc nh cung cp dch v.

Chp nhn ton b bng nh tuyn t tt c cc nh cung cp dch v.

127

Gio trnh kha hc BSCI

Chng 6 - BGP

Qu trnh quyt nh th kh r rng: N phi cn bng gia cc ti nguyn mng v thng tin. Tng s thng tin cng nhiu, cng nhiu routes c th c chp nhn t cc nh cung cp dch v.

128

Routes chp nhn t Internet

IGP chn ng i B nh CPU tt nht n default-route Thp Thp Yes

BGP chn la ng i n mng bn ngoi i n gateway gn nht ang qung b ng i

ng i ra bn ngoi c th hiu thuc tnh BGP No

AS c gi tt c cc

ISP chn ng i v AS? Yes

chnh thng qua cc route n ISP? Yes

Cc default routes ch t cc ISP

Chn la route v default route t ISP

Trung bnh

Trung bnh

Yes

Yes: thng thng AS path l thuc tnh chn la ng i ra Internet

Yes

Yes

Yes

Nhn y bng nh tuyn t ISP

Cao

Cao

Yes

Yes: thng thng thuc tnh AS_PATH gip chn la ng i ra Internet

Yes

Yes

Yes

129

Chng 6 - BGP

6.22.

Dng thuc tnh Local Preference v trng s weight

Thuc tnh trng s weight s chn la ng i ra khi router khi c nhiu ng i n cng mt a ch ch. Trng s cng cao, ng i cng tt. Lnh ny c tm vc cc b v thuc tnh ny s khng truyn n cc router khc. Thuc tnh ny cng l ca ring Cisco. cu hnh trng s weight, dng lnh sau:
Router(config-router)#neighbor weight { ip-address | peer-group-name} weight

6.23.

Redistribution gia IGP v BGP

Trong trng hp mng khng phi l mt ISP, s c tnh hung l mng ang chy mt IGP trong mt AS. Cc ng i c th c a vo bng nh tuyn t IGP vo BGP hoc t BGP vo IGP. 6.23.1. Qung b route t IGP vo BGP

u tin, hy xem xt qu trnh qung b route vo BGP. C ba cch qung b bng BGP vi cc IGP routes: Dng lnh network: Lnh ny dng qung b nhng routes c trong bng nh tuyn. Redistributing static: Mc d bt c tuyn ng tnh no c th c redistribute vo BGP, cc nh tuyn tnh thng c dng to ra cc supernet. nh tuyn tnh l tm tt cc a ch, v d cc a ch lp C vi gi tr prefix-mask bng 16 bit. Summary-route s ch v next-hop l null0. Khi ny s c kh nng to ra cc l en (black-hole) c th lm mt route. Cisco khuyn co rng ta nn dng lnh aggregateaddress thay cho cch dng nh tuyn tnh vi null0. Redistribute cc route t IGP: cch ny khng c khuyn co v s ph thuc nhiu vo bng BGP. Cc route iBGP s b loi b, nu khng routing loop s xy ra khi cc BGP routes c a vo IGP. 6.23.2. Qung b route t BGP vo IGP

Phn phi cc routes t Internet vo mt h thng mng nh l khng hiu qu. iu ny l do Internet qu rng ln v v do kch thc khng l ca bng nh tuyn ca cc router trn Internet. Khi c khi dng rt nhiu php summary v lc, vn c rt nhiu thng tin phi truyn ti. Bi v ISP thng chy eBGP v iBGP rt nhiu, cc ISP thng chy BGP cho cc routes bn ngoi v dng IGP cho cc routes bn trong. Khng c yu cu phi dng 130

Chng 6 - BGP redistribution. Chc nng synchronization th khng cn thit trong kiu mng ny v IGP vn chy theo kiu full-mesh. Nu dng full-mesh hoc RR, lut synchronization c th c tt i. IGP cn phi mang nhng routes i qua cc AS n cc BGP khc. Ngoi ra, bt c thit b no mun kt ni n Internet cn phi c mt default-route hoc cc route ring l n chuyn traffic. Lc ny nn cu hnh cc c ch route-filering, nu khng bng nh tuyn s b qu ti.

131