|
一、概述
Quagga是一个开源路由软件套件。本文将介绍把一个Linux系统变成
一个BGP路由器,还是使用Quagga,演示如何建立BGP与其它BGP路由器对等。
在我们进入细节之前,一些BGP的背景知识还是必要的。边界网关协议(即BGP)是互联网的域间路由协议的实际标准。
在BGP术语中,全球互联网是由成千上万相关联的自治系统(AS)组成,其中每一个AS代表每一个特定运营商提供的一个
网络管理域(据说,美国前总统乔治.布什都有自己的 AS 编号)。
为了使其网络在全球范围内路由可达,每一个AS需要知道如何在英特网中到达其它的AS。
这时候就需要BGP出来扮演这个角色了。BGP是一个AS去与相邻的AS交换路由信息的语言。
这些路由信息通常被称为BGP线路或者BGP前缀。包括AS号(ASN;全球唯一号码)以及相关的IP地址块。
一旦所有的BGP线路被当地的BGP路由表学习和记录,每一个AS将会知道如何到达互联网的任何公网IP。
在不同域(AS)之间路由的能力是BGP被称为外部网关协议(EGP)或者域间协议的主要原因。
就如一些路由协议,例如OSPF、IS-IS、RIP和EIGRP都是内部网关协议(IGPs)或者域内路由协议,用于处理一个域内的路由。
二、环境准备
1、网络规划
我们假设运营商A想要建立一个BGP来与运营商B对等交换路由。它们的AS号和IP地址空间的细节如下所示:
运营商 A: ASN (100), IP地址空间 (100.100.1.0/24), 分配给BGP路由器eth0网卡的IP地址(172.19.4.15)
运营商 B: ASN (200), IP地址空间 (200.200.1.0/24), 分配给BGP路由器eth0网卡的IP地址(172.19.4.16)
路由器A和路由器B使用172.19.4.0/24子网来连接到对方。从理论上来说,任何子网从运营商那里都是可达的、可互连的。
 2、相关软件
centos7.6
uagga-0.99.22.4
3、配置虚拟网卡
说明:由于测试的linux主机是单网卡,因此需添加虚拟网卡来模拟网络(多网卡主机直接配置ip即可)。
[root@jyhpt-ddfw-1 ~]# ifconfig eth0:1 100.100.1.1/24 up
[root@jyhpt-ddfw-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:9f:30:5d brd ff:ff:ff:ff:ff:ff
inet 172.19.4.15/24 brd 172.19.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet 100.100.1.1/24 brd 100.100.1.255 scope global eth0:1
valid_lft forever preferred_lft forever
[root@jyhpt-ddfw-2 ~]# ifconfig eth0:1 200.200.1.1/24 up
[root@jyhpt-ddfw-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:f8:95:fd brd ff:ff:ff:ff:ff:ff
inet 172.19.4.16/24 brd 172.19.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet 200.200.1.1/24 brd 200.200.1.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fef8:95fd/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
#配置后测试一下网络情况
[root@jyhpt-ddfw-2 ~]# ping 172.19.4.15
PING 172.19.4.15 (172.19.4.15) 56(84) bytes of data.
64 bytes from 172.19.4.15: icmp_seq=1 ttl=64 time=0.416 ms
64 bytes from 172.19.4.15: icmp_seq=2 ttl=64 time=0.471 ms
^C
--- 172.19.4.15 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.416/0.443/0.471/0.034 ms
[root@jyhpt-ddfw-2 ~]# ping 100.100.1.1
PING 100.100.1.1 (100.100.1.1) 56(84) bytes of data.
^C
--- 100.100.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
[root@jyhpt-ddfw-1 ~]# ping 200.200.1.1
PING 200.200.1.1 (200.200.1.1) 56(84) bytes of data.
^C
--- 200.200.1.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
#没配置bgp路由自己去,直连网段172.19.4.0/24可以通信,其它网段还不通。
三、安装配置
1、安装Quagga
yum install quagga
2、系统参数配置
如果你正在使用的是CentOS7系统,你需要应用一下策略来设置SELinux。否则,SElinux将会阻止Zebra守护进程写入它的配置目录。
如果你正在使用的是CentOS6,你可以跳过这一步。
setsebool -P zebra_write_config 1
也可以直接关闭selinux
修改/etc/sysctl.conf中的内容:将net.ipv4.ip_forward=1前的#去掉,并执行sysctl -p,出现net.ipv4.ip_forward = 1即为成功
3、配置启动Zebra服务
Quagga软件套件包含几个守护进程,这些进程可以协同工作。关于BGP路由,我们将把重点放在建立以下2个守护进程。
Zebra:一个核心守护进程用于内核接口和静态路由.
BGPd:一个BGP守护进程.
在Quagga被安装后,下一步就是配置Zebra来管理BGP路由器的网络接口。
我们通过创建一个Zebra配置文件和启用日志记录来开始第一步。
以下配置2个节点都需要配置:
[root@jyhpt-ddfw-1 ~]# cp /usr/share/doc/quagga-0.99.22.4/zebra.conf.sample /etc/quagga/zebra.conf
cp:是否覆盖"/etc/quagga/zebra.conf"? y
[root@jyhpt-ddfw-1 ~]# service zebra start
Redirecting to /bin/systemctl start zebra.service
[root@jyhpt-ddfw-1 ~]# service zebra status
Redirecting to /bin/systemctl status zebra.service
● zebra.service - GNU Zebra routing manager
Loaded: loaded (/usr/lib/systemd/system/zebra.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2021-03-06 18:13:41 CST; 3s ago
Process: 6465 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 6461 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Main PID: 6467 (zebra)
Tasks: 1
CGroup: /system.slice/zebra.service
└─6467 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf
Quagga提供了一个叫做vtysh特有的命令行工具,你可以输入与路由器厂商(例如Cisco和Juniper)兼容和支持的命令。我们将使用vtysh shell来配置BGP路由在教程的其余部分。
启动vtysh shell 命令,输入:
[root@jyhpt-ddfw-1 ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
jyhpt-ddfw-1#
jyhpt-ddfw-1# configure terminal
jyhpt-ddfw-1(config)# log file /var/log/quagga/quagga.log
jyhpt-ddfw-1(config)# exit
永久保存Zebra配置:
jyhpt-ddfw-1# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
[OK]
jyhpt-ddfw-1# quit
[root@jyhpt-ddfw-1 ~]# tail /var/log/q
qemu-ga.log qga-install.log quagga/
[root@jyhpt-ddfw-1 ~]# tail /var/log/quagga/quagga.log
另一节点配置:
[root@jyhpt-ddfw-2 ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
jyhpt-ddfw-2# configure terminal
jyhpt-ddfw-2(config)# log file /var/log/quagga/quagga.log
jyhpt-ddfw-2(config)# exit
jyhpt-ddfw-2# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
[OK]
jyhpt-ddfw-2# exit
[root@jyhpt-ddfw-2 ~]# ls -lh /var/log/quagga/quagga.log
-rw------- 1 quagga quagga 0 3月 6 18:18 /var/log/quagga/quagga.log
4、bgp配置
[root@jyhpt-ddfw-1 ~]# cp /usr/share/doc/quagga-0.99.22.4/bgpd.conf.sample /etc/quagga/bgpd.conf
[root@jyhpt-ddfw-1 ~]# systemctl start bgpd
[root@jyhpt-ddfw-1 ~]# systemctl status bgpd
● bgpd.service - BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2021-03-06 19:09:30 CST; 4s ago
Process: 8133 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 8136 (bgpd)
Tasks: 1
CGroup: /system.slice/bgpd.service
└─8136 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf
3月 06 19:09:30 jyhpt-ddfw-1 systemd[1]: Starting BGP routing daemon...
3月 06 19:09:30 jyhpt-ddfw-1 systemd[1]: Started BGP routing daemon.
[root@jyhpt-ddfw-1 ~]# netstat -tnlp|grep bgpd
tcp 0 0 127.0.0.1:2605 0.0.0.0:* LISTEN 8136/bgpd
tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 8136/bgpd
tcp6 0 0 :::179 :::* LISTEN 8136/bgpd
[root@jyhpt-ddfw-2 ~]# cp /usr/share/doc/quagga-0.99.22.4/bgpd.conf.sample /etc/quagga/bgpd.conf
[root@jyhpt-ddfw-2 ~]# systemctl start bgpd
[root@jyhpt-ddfw-2 ~]# systemctl status bgpd
● bgpd.service - BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2021-03-06 19:09:40 CST; 4s ago
Process: 33350 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 33354 (bgpd)
Tasks: 1
CGroup: /system.slice/bgpd.service
└─33354 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf
3月 06 19:09:40 jyhpt-ddfw-2 systemd[1]: Starting BGP routing daemon...
3月 06 19:09:40 jyhpt-ddfw-2 systemd[1]: Started BGP routing daemon.
[root@jyhpt-ddfw-2 ~]# netstat -tnlp
tcp 0 0 127.0.0.1:2605 0.0.0.0:* LISTEN 33354/bgpd
tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 33354/bgpd
tcp6 0 0 :::179 :::* LISTEN 33354/bgpd
第一步,我们要确认当前没有已经配置的BGP会话。
在一些版本,我们可能会发现一个AS号为7675的BGP会话。由于我们不需要这个会话,所以把它移除。
[root@jyhpt-ddfw-1 ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
jyhpt-ddfw-1# show running-config
Building configuration...
Current configuration:
!
hostname Router
log file /var/log/quagga/quagga.log
hostname bgpd
log stdout
!
password zebra
enable password zebra
!
interface eth0
ipv6 nd suppress-ra
!
interface lo
!
interface virbr0
ipv6 nd suppress-ra
!
interface virbr0-nic
ipv6 nd suppress-ra
!
router bgp 7675
bgp router-id 192.168.122.1
!
ip forwarding
!
line vty
!
end
移除一些预先配置好的BGP会话,并建立我们所需的会话取而代之。
jyhpt-ddfw-1#
jyhpt-ddfw-1# configure terminal
jyhpt-ddfw-1(config)# no router bgp 7675
jyhpt-ddfw-1(config)# router bgp 100
jyhpt-ddfw-1(config-router)# no auto-summary
jyhpt-ddfw-1(config-router)# no synchronization
jyhpt-ddfw-1(config-router)# neighbor 172.19.4.16 remote-as 200
jyhpt-ddfw-1(config-router)# neighbor 172.19.4.16 description "provider B"
jyhpt-ddfw-1(config-router)# exit
jyhpt-ddfw-1(config)# exit
jyhpt-ddfw-1# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-1# show ip bgp summary
BGP router identifier 192.168.122.1, local AS number 100
RIB entries 0, using 0 bytes of memory
Peers 1, using 4560 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.19.4.16 4 200 1 3 0 0 0 never Active
Total number of neighbors 1
另一节点配置:
[root@jyhpt-ddfw-2 ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
jyhpt-ddfw-2# show running-config
Building configuration...
Current configuration:
!
hostname Router
log file /var/log/quagga/quagga.log
hostname bgpd
log stdout
!
password zebra
enable password zebra
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
interface virbr0
ipv6 nd suppress-ra
!
interface virbr0-nic
ipv6 nd suppress-ra
!
router bgp 7675
bgp router-id 200.200.1.1
!
ip forwarding
!
line vty
!
end
jyhpt-ddfw-2#
jyhpt-ddfw-2# no router bgp 7675
% Unknown command.
jyhpt-ddfw-2# configure terminal
jyhpt-ddfw-2(config)# no router bgp 7675
jyhpt-ddfw-2(config)# router bgp 200
jyhpt-ddfw-2(config-router)# no auto-summary
jyhpt-ddfw-2(config-router)# no synchronization
jyhpt-ddfw-2(config-router)# neighbor 172.19.4.15 remote-as 100
jyhpt-ddfw-2(config-router)# neighbor 172.19.4.15 description "provider A"
jyhpt-ddfw-2(config-router)# exit
jyhpt-ddfw-2(config)# exit
jyhpt-ddfw-2# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-2# show ip bgp summary
BGP router identifier 200.200.1.1, local AS number 200
RIB entries 0, using 0 bytes of memory
Peers 1, using 4560 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.19.4.15 4 100 2 3 0 0 0 00:00:22 0
Total number of neighbors 1
从输出中,我们可以看到"State/PfxRcd"部分。如果对等关闭,输出将会显示"Idle"或者"Active'。
请记住,单词'Active'这个词在路由器中总是不好的意思。它意味着路由器正在积极地寻找邻居、前缀或者路由。
当对等是up状态,"State/PfxRcd"下的输出状态将会从特殊邻居接收到前缀号。
5、配置前缀通告
正如一开始提到,AS 100将以100.100.0.0/22作为通告,在我们的例子中AS 200将同样以200.200.0.0/22作为通告。
这些前缀需要被添加到BGP配置如下。
yhpt-ddfw-1# configure terminal
jyhpt-ddfw-1(config)# router bgp 100
jyhpt-ddfw-1(config-router)# network 100.100.1.0/24
jyhpt-ddfw-1(config-router)# exit
jyhpt-ddfw-1(config)# exit
jyhpt-ddfw-1# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-1# show ip bgp summary
BGP router identifier 192.168.122.1, local AS number 100
RIB entries 3, using 336 bytes of memory
Peers 1, using 4560 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.19.4.16 4 200 7 12 0 0 0 00:04:01 1
Total number of neighbors 1
jyhpt-ddfw-2# configure terminal
jyhpt-ddfw-2(config)# router bgp 200
jyhpt-ddfw-2(config-router)# network 200.200.1.0/24
jyhpt-ddfw-2(config-router)# exit
jyhpt-ddfw-2(config)# exit
jyhpt-ddfw-2# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-2# show ip bgp summary
BGP router identifier 200.200.1.1, local AS number 200
RIB entries 3, using 336 bytes of memory
Peers 1, using 4560 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.19.4.15 4 100 6 7 0 0 0 00:03:49 1(前缀的数量已经被改变)
Total number of neighbors 1
6、测试前缀通告
为了查看所接收的更多前缀细节,我们可以使用以下命令显示邻居
172.19.4.16所接收到的前缀总数。
jyhpt-ddfw-2# show ip bgp neighbors 172.19.4.15 advertised-routes
BGP table version is 0, local router ID is 200.200.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 200.200.1.0 172.19.4.16 0 32768 i
Total number of prefixes 1
查看哪一个前缀是我们从邻居接收到的:
jyhpt-ddfw-2# show ip bgp neighbors 172.19.4.15 routes
BGP table version is 0, local router ID is 200.200.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.100.1.0/24 172.19.4.15 0 0 100 i
查看所有的BGP路由器:
jyhpt-ddfw-2# show ip bgp
BGP table version is 0, local router ID is 200.200.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.100.1.0/24 172.19.4.15 0 0 100 i
*> 200.200.1.0 0.0.0.0 0 32768 i
查看路由:
jyhpt-ddfw-2# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, A - Babel,
> - selected route, * - FIB route
K>* 0.0.0.0/0 via 172.19.4.1, eth0
B>* 100.100.1.0/24 [20/0] via 172.19.4.15, eth0, 00:07:04
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
C>* 172.19.4.0/24 is directly connected, eth0
C>* 192.168.122.0/24 is directly connected, virbr0
C>* 200.200.1.0/24 is directly connected, eth0
查看bpg路由:
jyhpt-ddfw-2# show ip route bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, A - Babel,
> - selected route, * - FIB route
B>* 100.100.1.0/24 [20/0] via 172.19.4.15, eth0, 00:07:54
BGP学习到的路由也将会在Linux路由表中出现。
这个也是我们模拟在linux跑起来bgp后,无需添加静态路由的情况下,位于jyhpt-ddfw-1上的eth0:1接口100.100.1.1/24和
位jyhpt-ddfw-2上的eth0:1接口200.200.1.1/24直接能ping通的前提。
[root@jyhpt-ddfw-2 ~]# ip route
default via 172.19.4.1 dev eth0
100.100.1.0/24 via 172.19.4.15 dev eth0 proto zebra
169.254.0.0/16 dev eth0 scope link metric 1002
172.19.4.0/24 dev eth0 proto kernel scope link src 172.19.4.16
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
200.200.1.0/24 dev eth0 proto kernel scope link src 200.200.1.1
[root@jyhpt-ddfw-2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.19.4.1 0.0.0.0 UG 0 0 0 eth0
100.100.1.0 172.19.4.15 255.255.255.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.19.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
200.200.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
使用ping命令来测试连通:
[root@jyhpt-ddfw-2 ~]# ping 100.100.1.1
PING 100.100.1.1 (100.100.1.1) 56(84) bytes of data.
64 bytes from 100.100.1.1: icmp_seq=1 ttl=64 time=0.513 ms
64 bytes from 100.100.1.1: icmp_seq=2 ttl=64 time=0.482 ms
^C
--- 100.100.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.482/0.497/0.513/0.027 ms
[root@jyhpt-ddfw-2 ~]# ssh 100.100.1.1
The authenticity of host '100.100.1.1 (100.100.1.1)' can't be established.
ECDSA key fingerprint is SHA256:atZYCNwWd7IByGShV3dzcFAzrkZk8d6QN9lUkA/qtrc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.100.1.1' (ECDSA) to the list of known hosts.
root@100.100.1.1's password:
Last login: Sat Mar 6 18:59:22 2021 from 172.19.33.5
Authorized users only. All activity may be monitored and reported
[root@jyhpt-ddfw-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:9f:30:5d brd ff:ff:ff:ff:ff:ff
inet 172.19.4.15/24 brd 172.19.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet 100.100.1.1/24 brd 100.100.1.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet 172.19.4.250/24 scope global secondary eth0:0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe9f:305d/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
[root@jyhpt-ddfw-1 ~]# ping 200.200.1.1
PING 200.200.1.1 (200.200.1.1) 56(84) bytes of data.
64 bytes from 200.200.1.1: icmp_seq=1 ttl=64 time=0.298 ms
64 bytes from 200.200.1.1: icmp_seq=2 ttl=64 time=0.491 ms
^C
--- 200.200.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.298/0.394/0.491/0.098 ms
[root@jyhpt-ddfw-1 ~]# ssh 200.200.1.1
The authenticity of host '200.200.1.1 (200.200.1.1)' can't be established.
ECDSA key fingerprint is SHA256:atZYCNwWd7IByGShV3dzcFAzrkZk8d6QN9lUkA/qtrc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '200.200.1.1' (ECDSA) to the list of known hosts.
root@200.200.1.1's password:
Last login: Sat Mar 6 21:17:28 2021 from 172.19.33.5
Authorized users only. All activity may be monitored and reported
[root@jyhpt-ddfw-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:f8:95:fd brd ff:ff:ff:ff:ff:ff
inet 172.19.4.16/24 brd 172.19.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet 200.200.1.1/24 brd 200.200.1.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fef8:95fd/64 scope link
valid_lft forever preferred_lft forever
总而言之,本文将重点放在如何在CentOS系统中运行一个基本的BGP路由器。
bgp的基本配置测试已经完成,一些更高级的设置例如设置过滤器、BGP属性调整、本地优先级和预先路径准备等待续。
|