Table of contents
BGP experiment 1: BGP basic configuration
BGP Experiment 2: BGP Authentication
BGP experiment 1: BGP basic configuration
The three earlier versions of BGP have been discontinued. The currently used version is BGP-4, which has been widely used among ISPs (Internet Service Providers).
Although BGP is a dynamic routing protocol, it does not actually generate routes, discover routes, or calculate routes. Its main function is to complete the selection of the best route and transfer the best route between BGP neighbors. BGP has chosen TCP as its transport protocol, and the port number is 179.
BGP supports classless inter-domain routing CIDR (Classless Inter-Domain Routing), and adopts the trigger incremental update method, which greatly reduces the bandwidth occupied by BGP when propagating routing information, and is especially suitable for propagating a large number of routes on the Internet information.
BGP provides a wealth of routing attributes (Attribute). Through the operation and control of these attributes, BGP can easily implement rich and flexible routing policies. BGP also has good scalability and supports Multicast, VPN, IPv6 and other features.
The neighbor relationship of BGP is divided into IBGP (Internal BGP) and EBGP (External BGP).
When two BGP routers are located in the same AS (with the same AS number), their neighbor relationship is IBGP neighbor relationship.
When two BGP routers are located in different ASs (with different AS numbers), their neighbor relationship is EBGP neighbor relationship.
BGP does not have the ability to automatically establish neighbor relationships. Neighbor relationships must be established through manual configuration. Neighbor relationships can be established through physical interfaces or loopback interfaces.
基本配置
R1:
undo ter mo
sys
sysname R1
user-interface console 0
idle-timeout 0 0
int loop 0
ip add 1.1.1.1 24
int g0/0/0
ip add 192.168.12.1 24
int g0/0/1
ip add 192.168.21.1 24
q
R2:
undo ter mo
sys
sysname R2
user-interface console 0
idle-timeout 0 0
int loop 0
ip add 2.2.2.2 24
int g0/0/0
ip add 192.168.12.2 24
int g0/0/2
ip add 192.168.21.2 24
int g0/0/1
ip add 192.168.23.2 24
int g0/0/3
ip add 192.168.32.2 24
q
R3:
undo ter mo
sys
sysname R3
user-interface console 0
idle-timeout 0 0
int loop 0
ip add 3.3.3.3 24
int g0/0/0
ip add 192.168.23.3 24
int g0/0/1
ip add 192.168.32.3 24
q
Configuring IBGP Neighborhood
Using Physical Interfaces to Establish Neighborhoods
R1:
bgp 100
router-id 1.1.1.1
peer 192.168.12.2 as-number 100
peer 192.168.21.2 as-number 100
q
R2:
bgp 100
router-id 2.2.2.2
peer 192.168.12.1 as-number 100
peer 192.168.21.1 as-number 100
[R2]display bgp peer
Advertise loopback port 0 to the BGP process on R1
R1:
bgp 100
network 1.1.1.0 24
[R2]display bgp routing-table
=========
Using a loopback interface to establish a BGP neighbor
relationship Compared with using a physical interface to establish a BGP neighbor relationship using a loopback interface, the former has better stability and can reduce the overhead of device resources.
R1:
ip route-static 2.2.2.0 255.255.255.0 192.168.12.2
ip route-static 2.2.2.0 255.255.255.0 192.168.21.2
bgp 100
undo peer 192.168.12.2
undo peer 192.168.21.2
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack 0
R2:
ip route-static 1.1.1.0 255.255.255.0 192.168.12.1
ip route-static 1.1.1.0 255.255.255.0 192.168.21.1
bgp 100
undo peer 192.168.12.1
undo peer 192.168.21.1
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack 0
[R2]display bgp peer neighbor can also be established normally
Configure EBGP neighbors
Use Loopback 0 interface to establish EBGP neighbor
R2:
ip route-static 3.3.3.0 255.255.255.0 192.168.23.3
ip route-static 3.3.3.0 255.255.255.0 192.168.32.3
bgp 100
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack 0
peer 3.3.3.3 ebgp-max-hop
R3:
ip route-static 2.2.2.0 255.255.255.0 192.168.23.2
ip route-static 2.2.2.0 255.255.255.0 192.168.32.2
bgp 200
router-id 3.3.3.3
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack 0
peer 2.2.2.2 ebgp-max-hop 255
<R2>display bgp peer neighbor established successfully
Usually, LoopBack interfaces are used to establish IBGP neighbors, and physical interfaces are used to establish EBGP neighbors
BGP Experiment 2: BGP Authentication
Physical interface IP address to establish BGP neighbor relationship
Authentication refers to the mechanism by which routers detect the reliability of the routing information source and the integrity of the routing information itself.
Basic configuration, configure BGP routing protocol
R1:
undo ter mo
sys
sysname R1
int loop 0
ip add 1.1.1.1 24
int g0/0/0
ip add 192.168.12.1 24
q
bgp 100
router-id 1.1.1.1
peer 192.168.12.2 as-number 100
q
R2:
undo ter mo
sys
sysname R2
int loop 0
ip add 2.2.2.2 24
int g0/0/0
ip add 192.168.12.2 24
int g0/0/1
ip add 192.168.23.2 24
q
bgp 100
router-id 2.2.2.2
peer 192.168.12.1 as-number 100
peer 192.168.23.3 as-number 200
q
R3:
undo ter mo
sys
sysname R3
int loop 0
ip add 3.3.3.3 24
int g0/0/1
ip add 192.168.23.3 24
q
bgp 200
router-id 3.3.3.3
peer 192.168.23.2 as-number 100
q
After the configuration is complete, BGP neighbors are established normally
<R2>display bgp peer
=========
Configuring BGP authentication based on a single key
R1:
bgp 100
peer 192.168.12.2 password simple huawei
The normal keepalive 60 hold 180
time is too long, after authentication, the effect is not obvious, you can change the timer to be smaller
Modify timer
bgp 100
timer keepalive 5 hold 15
R1 does the authentication, but R2 does not, and the neighbor cannot be established normally
R2:
BGP 100
PEER 1922.168.12.1 Password Simple HUAWEI
Peer 192.168.23.3 Password Cipher HUAWEI
R3:
BGP 200 PEER
192.168.23.2 Password Simple HUAWEI
CIPHER key will be encrypted. Simpler is explicitly displayed, but it does not affect the establishment of the neighbor
=========
Configuring Keychain-based BGP Authentication
Select the Periodic Daily mode, and use key-id 1 to perform hash operations on BGP packets every day from 8:00 to 18:00.
First delete the simple authentication on R1 R2
R1:
bgp 100
undo peer 192.168.12.2 password
R2:
bgp 100
undo peer 192.168.12.1 password
Then do key chain authentication
absolute absolute time periodic cycle time
R1:
keychain key mode periodic daily
key-id 1
algorithm md5
key-string huawei
send-time daily 08:00 to 18:00
receive-time daily 08:00 to 18:00
bgp 100
peer 192.168.12.2 keychain key
R2:
keychain key mode periodic daily
key-id 1
algorithm md5
key-string huawei
send-time daily 08:00 to 18:00
receive-time daily 08:00 to 18:00
bgp 100
peer 192.168.12.1 keychain key
[R1]display bgp peer neighbor relationship is normal
[R1]display keychain key