思科BGP邻居故障排查 |
您所在的位置:网站首页 › bgp的邻居状态 › 思科BGP邻居故障排查 |
思科BGP邻居故障排查
|
背景信息 BGP 路由器只有在互相之间建立对等连接时,才能交换路由信息。BGP 对等体的建立开始于设备之间 TCP 连接的创建。TCP 连接建立后,BGP 设备会尝试通过 BGP Open 消息交换创建 BGP 会话,其中这些设备交换 BGP 版本、AS 编号、保持时间和 BGP 标识符。 在 BGP 对等体建立的过程中,有几件事可能会阻止 BGP 邻居关系的正常建立。本文档将讨论导致该问题的一些可能的原因: Neighbor语句不正确。到邻居地址的路由不存在或默认路由被用于到达对等体。BGP 下 update-source 命令丢失。输入错误导致了邻居声明中的 IP 地址错误或自治系统编号错误。您需要检查您的配置。单播已损坏,部分原因如下:异步传输模式 (ATM) 中错误的虚拟电路 (VC) 映射或者高度冗余网络中的帧中继环境。访问列表阻塞单播或 TCP 数据包。网络地址转换 (NAT) 正在路由器上运行,并且正在转换单播数据包。第二层关闭。缺少 ebgp-multihop 命令是阻止对等体出现的一个常见错误。这个问题将在第二个示例中进行讨论。网络图该网络图用作前三个原因的示例:
路由器R1-AGS上的show ip bgp summary命令显示会话处于活动状态。 R1-AGS(9)#show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.10.10.2 4 400 0 0 0 0 0 never Active 配置如下: R1-AGS R6-2500 interface Loopback0 ip address 10.2.2.2 255.255.255.255 ! interface Serial1 ip address 10.10.10.1 255.255.255.0 ! router bgp 400 neighbor 10.10.10.2 remote-as 400 neighbor 10.10.10.2 update-source Loopback0 ! ip route 10.1.1.1 255.255.255.255 10.10.10.2interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Serial0 ip address 10.10.10.2 255.255.255.0 ! router bgp 400 neighbor 10.10.10.1 remote-as 400 neighbor 10.10.10.1 update-source Loopback0 ! ip route 10.2.2.2 255.255.255.255 10.10.10.1debug ip bgp 和 debug ip tcp transactions 命令显示 TCP 连接失败。 路由器 R1-AGS 上的 debug: BGP: 10.10.10.2 open active, local address 10.2.2.2 TCB00135978 created TCB00135978 setting property 0 16ABEA TCB00135978 bound to 10.2.2.2.11039 TCP: sending SYN, seq 3797113156, ack 0 TCP0: Connection to 10.10.10.2:179, advertising MSS 1460 TCP0: state was CLOSED -> SYNSENT [11039 -> 10.10.10.2(179)] TCP0: state was SYNSENT -> CLOSED [11039 -> 10.10.10.2(179)] TCP0: bad seg from 10.10.10.2 -- closing connection: seq 0 ack 3797113157 rcvnxt 0 rcvwnd 0 TCP0: connection closed - remote sent RST TCB00135978 destroyed BGP: 10.10.10.2 open failed: Connection refused by remote host TCP: sending RST, seq 0, ack 1965664223 TCP: sent RST to 10.1.1.1:11016 from 10.10.10.1:179 路由器 R6-2500 上的 debug: TCP: sending RST, seq 0, ack 3797113157 TCP: sent RST to 10.2.2.2:11039 from 10.10.10.2:179 BGP: 10.10.10.1 open active, local address 10.1.1.1 TCB001E030C created TCB001E030C setting property TCP_WINDOW_SIZE (0) 194F7A TCB001E030C setting property TCP_TOS (11) 194F79 TCB001E030C bound to 10.10.1.1.11016 TCP: sending SYN, seq 1965664222, ack 0 TCP0: Connection to 10.10.10.1:179, advertising MSS 1460 TCP0: state was CLOSED -> SYNSENT [11016 -> 10.10.10.1(179)] TCP0: state was SYNSENT -> CLOSED [11016 -> 10.10.10.1(179)] TCP0: bad seg from 10.10.10.1 -- closing connection: seq 0 ack 1965664223 rcvnxt 0 rcvwnd 0 TCP0: connection closed - remote sent RST TCB 0x1E030C destroyed BGP: 10.10.10.1 open failed: Connection refused by remote host 解决方案要解决此问题,需更正 neighbor 语句中的环回地址,或者从配置中移除 update-source 命令。 在此示例中,对地址进行了更正。 R1-AGS R6-2500 router bgp 400 neighbor 10.1.1.1 remote-as 400 neighbor 10.1.1.1 update-source Loopback0 ! ip route 10.1.1.1 255.255.255.255 10.10.10.2router bgp 400 neighbor 10.2.2.2 remote-as 400 neighbor 10.2.2.2 update-source Loopback0 ! ip route 10.2.2.2 255.255.255.255 10.10.10.1查看show ip bgp summary命令可显示路由器R1-AGS处于已建立状态。 R1-AGS(9)#show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.1 4 400 3 3 1 0 0 00:00:26 0 问题2:到邻居地址的路由不存在或默认路由被用于到达对端路由器R1-AGS上的show ip bgp summary命令显示会话当前处于活动状态。 R1-AGS(9)#show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.1 4 400 0 0 0 0 0 never Active 配置如下: R1-AGS R6-2500 interface Loopback0 ip address 10.2.2.2 255.255.255.255 ! interface Serial1 ip address 10.10.10.1 255.255.255.0 ! router bgp 300 neighbor 10.1.1.1 remote-as 400 neighbor 10.1.1.1 ebgp-multihop 2 neighbor 10.1.1.1 update-source Loopback0interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Serial0 ip address 10.10.10.2 255.255.255.0 ! router bgp 400 neighbor 10.2.2.2 remote-as 300 neighbor 10.2.2.2 ebgp-multihop 2 neighbor 10.2.2.2 update-source Loopback0如果您运行 debug 命令,则它会显示没有到邻居的路由。 路由器 R1-AGS 上的 debug: BGP: 10.1.1.1 open active, delay 9568ms BGP: 10.1.1.1 multihop open delayed 19872ms (no route) BGP: 10.1.1.1 multihop open delayed 12784ms (no route) 路由器 R6-2500 上的 debug: BGP: 10.2.2.2 open active, delay 6531ms BGP: 10.2.2.2 multihop open delayed 14112ms (no route) BGP: 10.2.2.2 multihop open delayed 15408ms (no route) 解决方案解决办法是在 BGP neighbor 语句中加入到下一跳的路由。根据具体情况,您可以使用静态路由或动态路由。在您拥有更多控制权的内部 BGP (iBGP) 环境中,您可以使用路由协议动态地传播该路由。在外部 BGP (eBGP) 情况下,建议配置静态路由以到达下一跳。 注意:仅当与eBGP对等体上的IP地址未直接连接时,才使用neighbor ebgp-multihop命令。 在本例中,使用了静态路由。 R1-AGS R6-2500 router bgp 300 neighbor 10.1.1.1 remote-as 400 neighbor 10.1.1.1 ebgp-multihop 2 neighbor 10.1.1.1 update-source Loopback0 ! ip route 10.1.1.1 255.255.255.255 10.10.10.2router bgp 400 neighbor 10.2.2.2 remote-as 300 neighbor 10.2.2.2 ebgp-multihop 2 neighbor 10.2.2.2 update-source Loopback0 ! ip route 10.2.2.2 255.255.255.255 10.10.10.1show ip bgp summary命令显示路由器R1-AGS处于已建立状态。 R1-AGS(9)#show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.1 4 400 3 3 1 0 0 00:00:26 0
注意:默认路由永远不会用于建立BGP会话(iBGP/eBGP),并且您在调试中会看到相同的(无路由)输出,尽管您可以ping通BGP邻居。解决办法仍然是添加到 BGP 邻居的路由。 问题3:BGP下缺少Update-source命令路由器R1-AGS上的show ip bgp summary命令显示会话处于活动状态。 R1-AGS(9)#show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.1 4 400 0 0 0 0 0 never Active 配置如下: R1-AGS R6-2500 interface Loopback0 ip address 10.2.2.2 255.255.255.255 ! interface Serial1 ip address 10.10.10.1 255.255.255.0 ! router bgp 400 neighbor 10.1.1.1 remote-as 400 ! ip route 10.1.1.1 255.255.255.255 10.10.10.2interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Serial0 ip address 10.10.10.2 255.255.255.0 ! router bgp 400 neighbor 10.2.2.2 remote-as 400 ! ip route 10.2.2.2 255.255.255.255 10.10.10.1如果您运行 debug 命令,则它会显示 TCP 连接失败。 路由器 R1-AGS 上的 debug: TCP: sending RST, seq 0, ack 2248020754 TCP: sent RST to 10.10.10.2:11018 from 10.2.2.2:179 BGP: 10.1.1.1 open active, local address 10.10.10.1 TCB0016B06C created TCB0016B06C setting property 0 16ADEA TCB0016B06C bound to 10.10.10.1.11042 TCP: sending SYN, seq 4099938541, ack 0 TCP0: Connection to 10.1.1.1:179, advertising MSS 536 TCP0: state was CLOSED -> SYNSENT [11042 -> 10.1.1.1(179)] TCP0: state was SYNSENT -> CLOSED [11042 -> 10.1.1.1(179)] TCP0: bad seg from 10.1.1.1 -- closing connection: seq 0 ack 4099938542 rcvnxt 0 rcvwnd 0 TCP0: connection closed - remote sent RST TCB0016B06C destroyed BGP: 10.1.1.1 open failed: Connection refused by remote host 路由器 R6-2500 上的 debug: BGP: 10.2.2.2 open active, local address 10.10.10.2 TCB00194800 created TCB00194800 setting property TCP_WINDOW_SIZE (0) E6572 TCB00194800 setting property TCP_TOS (11) E6571 TCB00194800 bound to 10.10.10.2.11018 TCP: sending SYN, seq 2248020753, ack 0 TCP0: Connection to 10.2.2.2:179, advertising MSS 556 TCP0: state was CLOSED -> SYNSENT [11018 -> 10.2.2.2(179)] TCP0: state was SYNSENT -> CLOSED [11018 -> 10.2.2.2(179)] TCP0: bad seg from 10.2.2.2 -- closing connection: seq 0 ack 2248020754 rcvnxt 0 rcvwnd 0 TCP0: connection closed - remote sent RST TCB 0x194800 destroyed BGP: 10.2.2.2 open failed: Connection refused by remote host TCP: sending RST, seq 0, ack 4099938542 TCP: sent RST to 10.10.10.1:11042 from 10.1.1.1:179 解决方案要解决这一问题,需在这两个路由器上同时配置 update-source 命令,或者删除 update-source 命令,并且更改这两个路由器上的 neighbor 语句。下面是这两种解决办法的示例。 两台路由器上都配置了update-source命令: R1-AGS R6-2500 interface Loopback0 ip address 10.2.2.2 255.255.255.255 ! interface Serial1 ip address 10.10.10.1 255.255.255.0 ! router bgp 400 neighbor 10.1.1.1 remote-as 400 neighbor 10.1.1.1 update-source Loopback0 ! ip route 10.1.1.1 255.255.255.255 10.10.10.2interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Serial0 ip address 10.10.10.2 255.255.255.0 ! router bgp 400 neighbor 10.2.2.2 remote-as 400 neighbor 10.2.2.2 update-source Loopback0 ! ip route 10.2.2.2 255.255.255.255 10.10.10.1show ip bgp summary命令显示路由器R1-AGS处于已建立状态。 R1-AGS(9)# show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.2.2.2 4 400 3 3 1 0 0 00:00:26 0 当有人在对等您的环回地址时,您只需使用 update-source 命令。这适用于 iBGP 对等体和 eBGP 对等体。 在下面的示例中,删除了 update-source 命令并且同时更改了这两个路由器上的 neighbor 语句。 R1-AGS R6-2500 interface Loopback0 ip address 10.2.2.2 255.255.255.255 ! interface Serial1 ip address 10.10.10.1 255.255.255.0 ! router bgp 400 neighbor 10.10.10.2 remote-as 400interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Serial0 ip address 10.10.10.2 255.255.255.0 ! router bgp 400 neighbor 10.10.10.1 remote-as 400show ip bgp summary命令显示路由器R1-AGS处于已建立状态。 R1-AGS(9)#show ip bgp summary BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.10.10.2 4 400 3 3 1 0 0 00:00:26 0 BGP运行状况检查CLIshow ip interface summaryshow ipv6 interface summaryshow ip bgpshow ip bgp summaryshow ip bgp neighborsshow ip bgp neighbors accepted-routesshow ip bgp neighbors advertised-routesshow ip bgp neighbors received-routesping src ping6 src 排除CLI故障show snmp trap history verbose | grep -i bgpshow logs | grep -i bgpshow srp monitor all(如果使用ICSR) |
【本文地址】
今日新闻 |
推荐新闻 |