《BGP公网常见问题.ppt》由会员分享,可在线阅读,更多相关《BGP公网常见问题.ppt(28页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 2BGP邻居异常的定位思路HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 3BGP邻居无法建立常见问题lBGP邻居未使能邻居未使能/未配置未配置l没有配置没有配置connect-interfacel本地被本地被shutdownl邻居未协商邻居未协商l路由问题路由问题lMD5认证认证/TTL错误错误lEBGP邻居没有邻居没有ebgp-max-hop HUAWEI TECHNOLOGIES CO., LTD.Huawei Confi
2、dential Page 4BGP有限状态机- -ConnectIdleConnectActiveOpenSentOpenConfirmEstablishedStart其它Connect-Retry定时器超时Connect-Retry定时器超时TCP连接失败TCP连接失败TCP连接中断TCP连接建立其它TCP连接建立Error收到了正确的OPEN报文KeepAlive定时器超时ErrorErrorHUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 5Q1:BGP邻居无法建立的可能原因bgp 12479 router-id 10.34.0.
3、12 group LEVEL1_IPV4 external peer LEVEL1_IPV4 ignore/邻居被shutdown peer LEVEL1_IPV4 connect-interface LoopBack0/没有配置connect-interface peer LEVEL1_IPV4 valid-ttl-hops 2/valid-ttl-hop设置错误或未使能eBGP-max-hop peer LEVEL1_IPV4 password cipher 8*$OV“C1P$UV=;MD4A!/MD5密码不一致 peer 193.149.1.192 as-number 12478 pe
4、er 193.149.1.192 group LEVEL1_IPV4 # ipv4-family unicast undo synchronization peer LEVEL1_IPV4 enable undo peer 193.149.1.192 enable/BGP邻居未使能 peer 193.149.1.192 group LEVEL1_IPV4HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 6Q2:本地被shutdownRT1-bgpdisplay bgp peer BGP local router ID : 10.34.0
5、.12 Local AS number : 12479 Total number of peers : 1 Peers in established state : 0 PeerV AS MsgRcvd MsgSent OutQUp/Down State PrefRcv 193.149.1.1924 12478 0 0 000:03:17 Idle(Admin) 0RT1-bgp邻居被邻居被shutdownshutdownHUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 7Q3:邻居未协商RT1-bgp display bgp peer
6、/本地未在IPv4单播上使能RT1-bgpRT1-bgp display bgp vpnv4vpnv4 all peer BGP local router ID : 10.34.0.12 Local AS number : 12479 Total number of peers : 1 Peers in established state : 0 Peer V AS MsgRcvd MsgSent OutQ Up/Down StatePrefRcv 193.149.1.192 4 12478 0 0 0 00:03:17EstablishedEstablished 0RT1-bgp displ
7、ay bgp l2vpn peer BGP local router ID : 10.34.0.12 Local AS number : 12479 Total number of peers : 1 Peers in established state : 0 Peer V AS MsgRcvd MsgSent OutQ Up/Down StatePrefRcv 193.149.1.192 4 12478 0 0 0 00:03:17No negNo neg0本地配置了该地址族,但邻居未使能本地配置了该地址族,但邻居未使能HUAWEI TECHNOLOGIES CO., LTD.Huawei
8、 Confidential Page 8Q4:路由问题RT1 display ip routing-table 193.149.1.192/没有IGP路由RT1RT1 display current-configuration interface LoopBack 0#interface LoopBack0 ip address 193.149.1.191 255.255.255.255#returnRT1 ping -a 193.149.1.191 193.149.1.192/带源地址ping不通邻居 PING 193.149.1.192: 56 data bytes, press CTRL
9、_C to break Request time out Request time outHUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 9Q5:MD5认证/TTL错误 dis tcp status remote-ip 193.149.1.192TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State6ebdab10 135/214 0.0.0.0:179 193.149.1.192:0 0 Listening * * dis tcp status remote-ip 193
10、.149.1.192TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State6ebdab10 135/214 0.0.0.0:179 193.149.1.192:0 0 Listening *55419288 135/17 193.149.1.140:50731 193.149.1.192:179 0 Syn_Sent *MD5MD5认证认证TCPTCP三次握手无法建立三次握手无法建立HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 10判断BGP邻居中断原因RT1displa
11、y bgp peer 202.112.146.100 log-info Peer : 202.112.146.100 Date Time State Error Notification 2011/09/21 14:09:51 UTC-08:00 Down 4/0 Send Notification 2011/09/21 14:04:57 UTC-08:00 UpRT1日志:日志:Sep 14 2011 20:50:34 JSXZH-MC-CMNET-RT01-XAL_NE40E %01BGP/6/SEND_NOTIFY(l): The router sent a NOTIFICATION m
12、essage to peer 211.138.205.2. (ErrorCode=4, SubErrorCode=0, BgpAddressFamily=Public, ErrorData=NULL)邻居发的报文未收到,本地感知错误,通知邻居邻居发的报文未收到,本地感知错误,通知邻居断连时间、原因等断连时间、原因等HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 11BGP五种报文类型lOpen:能力协商:能力协商(你好?(你好? )lUpdate:路由更新:路由更新/撤销(保活、增量更新)撤销(保活、增量更新)lKeepAlive:保
13、活,:保活,19字节,华为缺省字节,华为缺省60秒;秒;1/3个个 Hodtimer;lRefresh :路由全部重发:路由全部重发lNotification:邻居断连:邻居断连HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 12HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 13BGP报文格式-Notification错误码1错误码子错误码错误说明1BGP报文头错误1/1Marker错误1/2报文长度错误1/3报文类型错误2Open报文错误2/1不支持的版本号(非BGP4版
14、本)2/2Peer AS错误(与配置不符)2/3BGP identify错误(与自己的 id相同)2/4不支持的可选参数2/5鉴权失败2/6不可接受的hold time时间2/7不支持的协商能力(RFC3392)3UPDATE报文错误0Unspecific(未使用,不可识别)3/1畸形的属性列表 (报文过大 )3/2不可识别的公认(well-known)属性3/3缺少公认属性3/4属性标记错误(标记与类型规定不符)3/5属性长度错误(长度与类型规定不符)3/6无效的起源属性(ORINGIN)3/7AS号环路3/8无效的下一跳(NEXT-HOP)属性3/9可选属性错误3/10无效的网络层信息HU
15、AWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 14BGP报文格式-Notification错误码2错误码错误码子错误码子错误码错误说明错误说明Hold TimeHold Time超时超时4/04/0Hold TimeHold Time超时超时状态机错误状态机错误5/05/0状态机错误状态机错误Cease/连接终结6/16/1路由前缀超限路由前缀超限6/2管理员关闭6/36/3邻居重新配置邻居重新配置6/46/4管理员重置连接管理员重置连接6/5拒绝连接6/6其他配置变更6/7连接冲突6/8资源不足6/96/9BFD BFD 通知邻居通知
16、邻居downdown这两类最常见这两类最常见HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 15BGP状态机故障终极方法-debugHUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 16BGP邻居关系常用命令行总结display current-configuration configuration bgpdisplay current-configuration configuration bgp/ /配置问题占绝大部分配置问题占绝大部分display bgp peer di
17、splay bgp peer verboseverbose/ /有有verboseverbose就尽量用就尽量用display bgp vpnv4 all peerdisplay bgp vpnv4 all peerdisplay bgp peer x.x.x.x log-infodisplay bgp peer x.x.x.x log-infoping a x.x.x.x x.x.x.x / ping x.x.x.xping a x.x.x.x x.x.x.x / ping x.x.x.xdisplay tcp status remote-ip x.x.x.xdisplay tcp stat
18、us remote-ip x.x.x.xHUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 17BGP公网流量中断的定位思路HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 18BGP公网路由常见问题lBGP路由没收到,在路由没收到,在BGP路由表中看不到;路由表中看不到;lBGP路由收到,在路由收到,在BGP路由表中能看到但因下一跳不活跃路由表中能看到但因下一跳不活跃(valid);lBGP路由收到,在路由收到,在BGP路由表中活跃,但是在路由表中活跃,但是在IP路由表中看不到;
19、路由表中看不到;HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 19Q1:BGP路由没收到?display bgp rou 62.97.128.0 19检查配置检查配置l1、相应的、相应的BGP邻居是否邻居是否Established状态?状态? display bgp peerl2、相应的、相应的BGP邻居是否发送了此路由?邻居是否发送了此路由?l3、查看的路由掩码是否错误?、查看的路由掩码是否错误? display bgp routing-table x.x.x.x x.x.x.xl4、检查对应地址族下的入口、检查对应地址族下的入口
20、filter是否被是否被deny?ppeer x.x.x.x route-policy * importppeer x.x.x.x ip-prefix * importppeer x.x.x.x as-path-filter * importppeer x.x.x.x filter-policy * importppeer x.x.x.x route-limit *HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 20Q2:BGP路由收到,但在BGP路由表不活跃?RT1display bgp routing-table peer 202
21、.112.146.100 received-routes Total Number of Routes: 1 BGP Local router ID is 202.112.146.1 Status codes: * - valid, - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 2.2.2.0/24 100.112.146
22、.100 150 0 iRT1display ip routing-table 2.2.2.0 24 verbose/IP路由表中没有路由表中没有RT1BGPBGP路由不活跃路由不活跃HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 21Q2:BGP路由收到,但在BGP路由表不活跃?RT1display ip routing-table 100.112.146.100 verbose/没有下一跳的路由没有下一跳的路由RT1display bgp routing-table 2.2.2.0 24 BGP local router ID :
23、 202.112.146.1 Local AS number : 100 Paths: 1 available, 0 best, 0 select BGP routing table entry information of 2.2.2.0/24: From: 202.112.146.100 (202.112.146.100) Route Duration: 00h05m36s Relay IP Nexthop: 0.0.0.0 Relay IP Out-Interface: Original nexthop: 100.112.146.100 Qos information : 0 x0 AS
24、-path Nil, origin igp, localpref 150, pref-val 0, internal, pre 255 Not advertised to any peer yet迭代不到下一跳和出接口迭代不到下一跳和出接口HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 22Q3:BGP路由活跃,但在IP路由表中不活跃?RT1display bgp routing-table peer 202.112.146.100 received-routes Total Number of Routes: 1 BGP Local
25、 router ID is 202.112.146.1 Status codes: * - valid, - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *i 129.1.1.0/24 202.112.146.100 150 0 IRT1display ip routing-table 129.1.1.0Route Flags:
26、 R - relay, D - download to fib-Routing Table : PublicSummary Count : 1Destination/Mask Proto Pre Cost Flags NextHop Interface 129.1.1.0/24 Static 60 0 D 0.0.0.0 NULL0从邻居已经收到路由并活跃从邻居已经收到路由并活跃HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 23Q3:BGP路由活跃,但在IP路由表中不活跃?Quidwaydisplay ip routing-tabl
27、e 129.1.1.0 24 verboseRoute Flags: R - relay, D - download to fib-Routing Table : PublicSummary Count : 2Destination: 129.1.1.0/24 Protocol: Static Process ID: 0 Preference: 60 Cost: 0 NextHop: 0.0.0.0 Neighbour: 0.0.0.0 State: Active Adv Age: 00h00m34s Tag: 0 Priority: medium Label: NULL QoSInfo: 0
28、 x0 IndirectID: 0 x0 RelayNextHop: 0.0.0.0 Interface: NULL0 TunnelID: 0 x0 Flags: DDestination: 129.1.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 202.112.146.100 Neighbour: 202.112.146.100 State: Inactive Adv Relied Age: 00h01m02s Tag: 0 Priority: low Label: NULL QoSInfo: 0 x
29、0 IndirectID: 0 x2 RelayNextHop: 0.0.0.0 Interface: Ethernet0/0/0 TunnelID: 0 x0 Flags: RQuidway优先级优先级preferencepreferenceBGPBGP路由不活跃路由不活跃HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 24路由表的层级HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 25BGP路由常用命令行总结BGP路由表和IP路由表详细信息同时查看,注意带掩码displa
30、y ip routing-table x.x.x.x x.x.x.x display ip routing-table x.x.x.x x.x.x.x verbose verbose /IP/IP路由详细信息路由详细信息display bgp routing-table x.x.x.x x.x.x.x display bgp routing-table x.x.x.x x.x.x.x /BGP/BGP路由详细信息路由详细信息display bgp routing-table statistics display bgp routing-table statistics /BGP/BGP路由总数
31、路由总数display ip routing-table statisticsdisplay ip routing-table statistics /IP/IP路由总数路由总数display bgp routing-table peer x.x.x.x received-routes /display bgp routing-table peer x.x.x.x received-routes /从邻居收到的路由从邻居收到的路由【注意注意】display bgp routing-table peer x.x.x.x advertised-routes /display bgp routing
32、-table peer x.x.x.x advertised-routes /发给邻居的路由发给邻居的路由当前版本显示的当前版本显示的BGPBGP路由属性是本地存储,并非是真正发送给邻居的路由属性是本地存储,并非是真正发送给邻居的 HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page 26BGP路由属性-选路规则(LAO MEN老男人)l1、Preferred-value(大的优先,本地有效,不传递,(大的优先,本地有效,不传递,Cisco叫叫weight)l2、Local-Preference(大的优先)(大的优先)l3、Aggregat
33、or Automic-Aggregatel4、AS-Pathl5、Originl6、MEDl7、eBGPiBGPLocalCrossRemoteCrossl8、Next hop(cost) -负载分担选择条件负载分担选择条件-l9、Cluster-Listl10、Originator-ID(Router ID)l11、BGP邻居邻居IP地址地址lCommunity/Ext-Community(缺省不发,需配置命令缺省不发,需配置命令peer advertise-community才发才发)HUAWEI TECHNOLOGIES CO., LTD.Huawei Confidential Page
34、 27Quidway-bgpdisplay bgp routing-table 129.1.1.0 BGP local router ID : 202.112.146.1 Local AS number : 100 Paths: 2 available, 1 best, 1 select BGP routing table entry information of 129.1.1.0/24: From: 202.112.146.100 (202.112.146.100) Route Duration: 00h09m43s Relay IP Nexthop: 0.0.0.0 Relay IP O
35、ut-Interface: Ethernet0/0/0 Original nexthop: 202.112.146.100 Qos information : 0 x0 AS-path Nil, origin igp, localpref 150, pref-val 0, valid, internal, best, select, pre 255 Advertised to such 1 peers:190.12.2.26 BGP routing table entry information of 129.1.1.0/24: Imported route. From: 0.0.0.0 (0.0.0.0) Route Duration: 00h00m07s Direct Out-interface: NULL0 Original nexthop: 0.0.0.0 Qos information : 0 x0 AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, pre 60, not preferred for Local_Pref Not advertised to any peer yetQ1: BGP路由不被优选?发给了邻居发给了邻居不被优选的原因不被优选的原因
黑公网安备:91230400333293403D