潇湘夜雨移动版

主页 > 网络与安全 >

Quagga搭建bgp网络

一、概述
Quagga是一个开源路由软件套件。本文将介绍把一个Linux系统变成
一个BGP路由器,还是使用Quagga,演示如何建立BGP与其它BGP路由器对等。
 
在我们进入细节之前,一些BGP的背景知识还是必要的。边界网关协议(即BGP)是互联网的域间路由协议的实际标准。
在BGP术语中,全球互联网是由成千上万相关联的自治系统(AS)组成,其中每一个AS代表每一个特定运营商提供的一个
网络管理域(据说,美国前总统乔治.布什都有自己的 AS 编号)。
为了使其网络在全球范围内路由可达,每一个AS需要知道如何在英特网中到达其它的AS。
这时候就需要BGP出来扮演这个角色了。BGP是一个AS去与相邻的AS交换路由信息的语言。
这些路由信息通常被称为BGP线路或者BGP前缀。包括AS号(ASN;全球唯一号码)以及相关的IP地址块。
一旦所有的BGP线路被当地的BGP路由表学习和记录,每一个AS将会知道如何到达互联网的任何公网IP。
 
在不同域(AS)之间路由的能力是BGP被称为外部网关协议(EGP)或者域间协议的主要原因。
就如一些路由协议,例如OSPF、IS-IS、RIP和EIGRP都是内部网关协议(IGPs)或者域内路由协议,用于处理一个域内的路由。
 
 
二、环境准备
 
1、网络规划
我们假设运营商A想要建立一个BGP来与运营商B对等交换路由。它们的AS号和IP地址空间的细节如下所示:
运营商 A: ASN (100), IP地址空间 (100.100.1.0/24), 分配给BGP路由器eth0网卡的IP地址(172.19.4.15)
运营商 B: ASN (200), IP地址空间 (200.200.1.0/24), 分配给BGP路由器eth0网卡的IP地址(172.19.4.16)
路由器A和路由器B使用172.19.4.0/24子网来连接到对方。从理论上来说,任何子网从运营商那里都是可达的、可互连的。
 
               
 






2、相关软件
 
centos7.6
uagga-0.99.22.4
 
3、配置虚拟网卡
 
说明:由于测试的linux主机是单网卡,因此需添加虚拟网卡来模拟网络(多网卡主机直接配置ip即可)。
[root@jyhpt-ddfw-1 ~]# ifconfig eth0:1  100.100.1.1/24 up
[root@jyhpt-ddfw-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:9f:30:5d brd ff:ff:ff:ff:ff:ff
    inet 172.19.4.15/24 brd 172.19.4.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 100.100.1.1/24 brd 100.100.1.255 scope global eth0:1
       valid_lft forever preferred_lft forever
 
[root@jyhpt-ddfw-2 ~]# ifconfig eth0:1 200.200.1.1/24 up
[root@jyhpt-ddfw-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:f8:95:fd brd ff:ff:ff:ff:ff:ff
    inet 172.19.4.16/24 brd 172.19.4.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 200.200.1.1/24 brd 200.200.1.255 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fef8:95fd/64 scope link
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
 
#配置后测试一下网络情况
[root@jyhpt-ddfw-2 ~]# ping 172.19.4.15
PING 172.19.4.15 (172.19.4.15) 56(84) bytes of data.
64 bytes from 172.19.4.15: icmp_seq=1 ttl=64 time=0.416 ms
64 bytes from 172.19.4.15: icmp_seq=2 ttl=64 time=0.471 ms
^C
--- 172.19.4.15 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.416/0.443/0.471/0.034 ms
 
 
[root@jyhpt-ddfw-2 ~]# ping 100.100.1.1
PING 100.100.1.1 (100.100.1.1) 56(84) bytes of data.
^C
--- 100.100.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
 
[root@jyhpt-ddfw-1 ~]# ping 200.200.1.1
PING 200.200.1.1 (200.200.1.1) 56(84) bytes of data.
^C
--- 200.200.1.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
 
#没配置bgp路由自己去,直连网段172.19.4.0/24可以通信,其它网段还不通。
 
 
 
三、安装配置
 
 
1、安装Quagga
yum install quagga
 
2、系统参数配置
 
如果你正在使用的是CentOS7系统,你需要应用一下策略来设置SELinux。否则,SElinux将会阻止Zebra守护进程写入它的配置目录。
如果你正在使用的是CentOS6,你可以跳过这一步。
setsebool -P zebra_write_config 1 
 
也可以直接关闭selinux
 
修改/etc/sysctl.conf中的内容:将net.ipv4.ip_forward=1前的#去掉,并执行sysctl -p,出现net.ipv4.ip_forward = 1即为成功
 
3、配置启动Zebra服务
Quagga软件套件包含几个守护进程,这些进程可以协同工作。关于BGP路由,我们将把重点放在建立以下2个守护进程。
Zebra:一个核心守护进程用于内核接口和静态路由.
BGPd:一个BGP守护进程.
 
在Quagga被安装后,下一步就是配置Zebra来管理BGP路由器的网络接口。
我们通过创建一个Zebra配置文件和启用日志记录来开始第一步。
 
以下配置2个节点都需要配置:
[root@jyhpt-ddfw-1 ~]# cp /usr/share/doc/quagga-0.99.22.4/zebra.conf.sample /etc/quagga/zebra.conf
cp:是否覆盖"/etc/quagga/zebra.conf"? y
 
[root@jyhpt-ddfw-1 ~]# service zebra start
Redirecting to /bin/systemctl start zebra.service
[root@jyhpt-ddfw-1 ~]# service zebra status
Redirecting to /bin/systemctl status zebra.service
● zebra.service - GNU Zebra routing manager
   Loaded: loaded (/usr/lib/systemd/system/zebra.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2021-03-06 18:13:41 CST; 3s ago
  Process: 6465 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
  Process: 6461 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
 Main PID: 6467 (zebra)
    Tasks: 1
   CGroup: /system.slice/zebra.service
           └─6467 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf
 
 
Quagga提供了一个叫做vtysh特有的命令行工具,你可以输入与路由器厂商(例如Cisco和Juniper)兼容和支持的命令。我们将使用vtysh shell来配置BGP路由在教程的其余部分。
 
启动vtysh shell 命令,输入:
   
[root@jyhpt-ddfw-1 ~]# vtysh
 
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
 
jyhpt-ddfw-1#
jyhpt-ddfw-1# configure terminal
jyhpt-ddfw-1(config)# log file /var/log/quagga/quagga.log
jyhpt-ddfw-1(config)# exit
永久保存Zebra配置:
 
jyhpt-ddfw-1# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
[OK]
jyhpt-ddfw-1# quit
[root@jyhpt-ddfw-1 ~]# tail /var/log/q
qemu-ga.log      qga-install.log  quagga/
[root@jyhpt-ddfw-1 ~]# tail /var/log/quagga/quagga.log
 
 
另一节点配置:
 
[root@jyhpt-ddfw-2 ~]# vtysh
 
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
 
jyhpt-ddfw-2# configure  terminal
jyhpt-ddfw-2(config)# log file /var/log/quagga/quagga.log
jyhpt-ddfw-2(config)# exit
jyhpt-ddfw-2# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
[OK]
jyhpt-ddfw-2# exit
[root@jyhpt-ddfw-2 ~]# ls -lh /var/log/quagga/quagga.log
-rw------- 1 quagga quagga 0 3月   6 18:18 /var/log/quagga/quagga.log
 
 
4、bgp配置
 
[root@jyhpt-ddfw-1 ~]# cp /usr/share/doc/quagga-0.99.22.4/bgpd.conf.sample /etc/quagga/bgpd.conf
[root@jyhpt-ddfw-1 ~]#  systemctl start bgpd
[root@jyhpt-ddfw-1 ~]#  systemctl status bgpd
● bgpd.service - BGP routing daemon
   Loaded: loaded (/usr/lib/systemd/system/bgpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2021-03-06 19:09:30 CST; 4s ago
  Process: 8133 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 8136 (bgpd)
    Tasks: 1
   CGroup: /system.slice/bgpd.service
           └─8136 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf
 
3月 06 19:09:30 jyhpt-ddfw-1 systemd[1]: Starting BGP routing daemon...
3月 06 19:09:30 jyhpt-ddfw-1 systemd[1]: Started BGP routing daemon.
[root@jyhpt-ddfw-1 ~]# netstat -tnlp|grep bgpd
tcp        0      0 127.0.0.1:2605          0.0.0.0:*               LISTEN      8136/bgpd
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN      8136/bgpd
tcp6       0      0 :::179                  :::*                    LISTEN      8136/bgpd
 
 
[root@jyhpt-ddfw-2 ~]# cp /usr/share/doc/quagga-0.99.22.4/bgpd.conf.sample /etc/quagga/bgpd.conf
[root@jyhpt-ddfw-2 ~]#  systemctl start bgpd
[root@jyhpt-ddfw-2 ~]#  systemctl status bgpd
● bgpd.service - BGP routing daemon
   Loaded: loaded (/usr/lib/systemd/system/bgpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2021-03-06 19:09:40 CST; 4s ago
  Process: 33350 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 33354 (bgpd)
    Tasks: 1
   CGroup: /system.slice/bgpd.service
           └─33354 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf
 
3月 06 19:09:40 jyhpt-ddfw-2 systemd[1]: Starting BGP routing daemon...
3月 06 19:09:40 jyhpt-ddfw-2 systemd[1]: Started BGP routing daemon.
[root@jyhpt-ddfw-2 ~]# netstat -tnlp
tcp        0      0 127.0.0.1:2605          0.0.0.0:*               LISTEN      33354/bgpd
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN      33354/bgpd
tcp6       0      0 :::179                  :::*                    LISTEN      33354/bgpd
 
第一步,我们要确认当前没有已经配置的BGP会话。
在一些版本,我们可能会发现一个AS号为7675的BGP会话。由于我们不需要这个会话,所以把它移除。
[root@jyhpt-ddfw-1 ~]# vtysh
 
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
 
jyhpt-ddfw-1# show running-config
Building configuration...
 
Current configuration:
!
hostname Router
log file /var/log/quagga/quagga.log
hostname bgpd
log stdout
!
password zebra
enable password zebra
!
interface eth0
 ipv6 nd suppress-ra
!
interface lo
!
interface virbr0
 ipv6 nd suppress-ra
!
interface virbr0-nic
 ipv6 nd suppress-ra
!
router bgp 7675
 bgp router-id 192.168.122.1
!
ip forwarding
!
line vty
!
end
 
 
移除一些预先配置好的BGP会话,并建立我们所需的会话取而代之。
jyhpt-ddfw-1#
jyhpt-ddfw-1# configure  terminal
jyhpt-ddfw-1(config)# no router bgp 7675
jyhpt-ddfw-1(config)# router bgp 100
jyhpt-ddfw-1(config-router)# no auto-summary
jyhpt-ddfw-1(config-router)# no synchronization
jyhpt-ddfw-1(config-router)# neighbor  172.19.4.16 remote-as 200
jyhpt-ddfw-1(config-router)# neighbor  172.19.4.16 description "provider B"
jyhpt-ddfw-1(config-router)# exit
jyhpt-ddfw-1(config)# exit
jyhpt-ddfw-1# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-1# show ip bgp summary
BGP router identifier 192.168.122.1, local AS number 100
RIB entries 0, using 0 bytes of memory
Peers 1, using 4560 bytes of memory
 
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.19.4.16     4   200       1       3        0    0    0 never    Active
 
Total number of neighbors 1
 
 
 
另一节点配置:
[root@jyhpt-ddfw-2 ~]# vtysh
 
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
 
jyhpt-ddfw-2# show  running-config
Building configuration...
 
Current configuration:
!
hostname Router
log file /var/log/quagga/quagga.log
hostname bgpd
log stdout
!
password zebra
enable password zebra
!
interface eth0
 ipv6 nd suppress-ra
!
interface eth1
 ipv6 nd suppress-ra
!
interface lo
!
interface virbr0
 ipv6 nd suppress-ra
!
interface virbr0-nic
 ipv6 nd suppress-ra
!
router bgp 7675
 bgp router-id 200.200.1.1
!
ip forwarding
!
line vty
!
end
jyhpt-ddfw-2#
jyhpt-ddfw-2# no router bgp 7675
% Unknown command.
jyhpt-ddfw-2# configure  terminal
jyhpt-ddfw-2(config)# no router bgp 7675
jyhpt-ddfw-2(config)# router bgp 200
jyhpt-ddfw-2(config-router)# no auto-summary
jyhpt-ddfw-2(config-router)# no synchronization
jyhpt-ddfw-2(config-router)# neighbor  172.19.4.15 remote-as  100
jyhpt-ddfw-2(config-router)# neighbor  172.19.4.15 description "provider A"
jyhpt-ddfw-2(config-router)# exit
jyhpt-ddfw-2(config)# exit
jyhpt-ddfw-2# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-2# show ip bgp summary
BGP router identifier 200.200.1.1, local AS number 200
RIB entries 0, using 0 bytes of memory
Peers 1, using 4560 bytes of memory
 
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.19.4.15     4   100       2       3        0    0    0 00:00:22        0
 
Total number of neighbors 1
从输出中,我们可以看到"State/PfxRcd"部分。如果对等关闭,输出将会显示"Idle"或者"Active'。
请记住,单词'Active'这个词在路由器中总是不好的意思。它意味着路由器正在积极地寻找邻居、前缀或者路由。
当对等是up状态,"State/PfxRcd"下的输出状态将会从特殊邻居接收到前缀号。
 
 
5、配置前缀通告
 
正如一开始提到,AS 100将以100.100.0.0/22作为通告,在我们的例子中AS 200将同样以200.200.0.0/22作为通告。
这些前缀需要被添加到BGP配置如下。
 
yhpt-ddfw-1# configure  terminal
jyhpt-ddfw-1(config)# router bgp 100
jyhpt-ddfw-1(config-router)# network 100.100.1.0/24
jyhpt-ddfw-1(config-router)# exit
jyhpt-ddfw-1(config)# exit
jyhpt-ddfw-1# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-1# show ip bgp summary
BGP router identifier 192.168.122.1, local AS number 100
RIB entries 3, using 336 bytes of memory
Peers 1, using 4560 bytes of memory
 
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.19.4.16     4   200       7      12        0    0    0 00:04:01        1
 
Total number of neighbors 1
 
 
jyhpt-ddfw-2# configure  terminal
jyhpt-ddfw-2(config)# router bgp 200
jyhpt-ddfw-2(config-router)# network 200.200.1.0/24
jyhpt-ddfw-2(config-router)# exit
jyhpt-ddfw-2(config)# exit
jyhpt-ddfw-2# write
Building Configuration...
Configuration saved to /etc/quagga/zebra.conf
Can't backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
jyhpt-ddfw-2# show ip bgp summary
BGP router identifier 200.200.1.1, local AS number 200
RIB entries 3, using 336 bytes of memory
Peers 1, using 4560 bytes of memory
 
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.19.4.15     4   100       6       7        0    0    0 00:03:49        1(前缀的数量已经被改变)
 
Total number of neighbors 1 
 
 
6、测试前缀通告
 
为了查看所接收的更多前缀细节,我们可以使用以下命令显示邻居
172.19.4.16所接收到的前缀总数。
 
jyhpt-ddfw-2# show ip bgp neighbors 172.19.4.15 advertised-routes
BGP table version is 0, local router ID is 200.200.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
*> 200.200.1.0      172.19.4.16              0         32768 i
Total number of prefixes 1
 
查看哪一个前缀是我们从邻居接收到的:
jyhpt-ddfw-2# show ip bgp neighbors 172.19.4.15 routes
BGP table version is 0, local router ID is 200.200.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.1.0/24   172.19.4.15              0             0 100 i
 
查看所有的BGP路由器:
jyhpt-ddfw-2# show ip bgp
BGP table version is 0, local router ID is 200.200.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.1.0/24   172.19.4.15              0             0 100 i
*> 200.200.1.0      0.0.0.0                  0         32768 i
 
查看路由:
jyhpt-ddfw-2# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, A - Babel,
       > - selected route, * - FIB route
 
K>* 0.0.0.0/0 via 172.19.4.1, eth0
B>* 100.100.1.0/24 [20/0] via 172.19.4.15, eth0, 00:07:04
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
C>* 172.19.4.0/24 is directly connected, eth0
C>* 192.168.122.0/24 is directly connected, virbr0
C>* 200.200.1.0/24 is directly connected, eth0
 
查看bpg路由:
jyhpt-ddfw-2# show ip route bgp
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, A - Babel,
       > - selected route, * - FIB route
 
B>* 100.100.1.0/24 [20/0] via 172.19.4.15, eth0, 00:07:54
 
 
BGP学习到的路由也将会在Linux路由表中出现。
这个也是我们模拟在linux跑起来bgp后,无需添加静态路由的情况下,位于jyhpt-ddfw-1上的eth0:1接口100.100.1.1/24和
位jyhpt-ddfw-2上的eth0:1接口200.200.1.1/24直接能ping通的前提。
 
[root@jyhpt-ddfw-2 ~]# ip route
default via 172.19.4.1 dev eth0
100.100.1.0/24 via 172.19.4.15 dev eth0 proto zebra
169.254.0.0/16 dev eth0 scope link metric 1002
172.19.4.0/24 dev eth0 proto kernel scope link src 172.19.4.16
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
200.200.1.0/24 dev eth0 proto kernel scope link src 200.200.1.1
 
[root@jyhpt-ddfw-2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.19.4.1      0.0.0.0         UG    0      0        0 eth0
100.100.1.0     172.19.4.15     255.255.255.0   UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
172.19.4.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
200.200.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
 
使用ping命令来测试连通:
[root@jyhpt-ddfw-2 ~]# ping 100.100.1.1
PING 100.100.1.1 (100.100.1.1) 56(84) bytes of data.
64 bytes from 100.100.1.1: icmp_seq=1 ttl=64 time=0.513 ms
64 bytes from 100.100.1.1: icmp_seq=2 ttl=64 time=0.482 ms
^C
--- 100.100.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.482/0.497/0.513/0.027 ms
[root@jyhpt-ddfw-2 ~]# ssh 100.100.1.1
The authenticity of host '100.100.1.1 (100.100.1.1)' can't be established.
ECDSA key fingerprint is SHA256:atZYCNwWd7IByGShV3dzcFAzrkZk8d6QN9lUkA/qtrc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.100.1.1' (ECDSA) to the list of known hosts.
root@100.100.1.1's password:
Last login: Sat Mar  6 18:59:22 2021 from 172.19.33.5
Authorized users only. All activity may be monitored and reported
[root@jyhpt-ddfw-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:9f:30:5d brd ff:ff:ff:ff:ff:ff
    inet 172.19.4.15/24 brd 172.19.4.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 100.100.1.1/24 brd 100.100.1.255 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet 172.19.4.250/24 scope global secondary eth0:0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe9f:305d/64 scope link
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:66:bd:33 brd ff:ff:ff:ff:ff:ff
[root@jyhpt-ddfw-1 ~]# ping 200.200.1.1
PING 200.200.1.1 (200.200.1.1) 56(84) bytes of data.
64 bytes from 200.200.1.1: icmp_seq=1 ttl=64 time=0.298 ms
64 bytes from 200.200.1.1: icmp_seq=2 ttl=64 time=0.491 ms
^C
--- 200.200.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.298/0.394/0.491/0.098 ms
[root@jyhpt-ddfw-1 ~]# ssh 200.200.1.1
The authenticity of host '200.200.1.1 (200.200.1.1)' can't be established.
ECDSA key fingerprint is SHA256:atZYCNwWd7IByGShV3dzcFAzrkZk8d6QN9lUkA/qtrc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '200.200.1.1' (ECDSA) to the list of known hosts.
root@200.200.1.1's password:
Last login: Sat Mar  6 21:17:28 2021 from 172.19.33.5
Authorized users only. All activity may be monitored and reported
[root@jyhpt-ddfw-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:f8:95:fd brd ff:ff:ff:ff:ff:ff
    inet 172.19.4.16/24 brd 172.19.4.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 200.200.1.1/24 brd 200.200.1.255 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fef8:95fd/64 scope link
       valid_lft forever preferred_lft forever
   
总而言之,本文将重点放在如何在CentOS系统中运行一个基本的BGP路由器。
bgp的基本配置测试已经完成,一些更高级的设置例如设置过滤器、BGP属性调整、本地优先级和预先路径准备等待续。
 
(责任编辑:liangzh)