Baocao at Internet 0223

Bi t p l n An ton internet & TMDT GVHD : Tr n c S

H C VI N K THU T M T M KHOA AN TON THNG TIN

***

BI T P L N AN TON INTERNET V TH NG M I I N T

TM HI U V GIAO TH C NH TUY N BGP

Sinh vin th c hi n : Nhm I-L p AT4C-HVKTMM 1

Bi t p l n An ton internet & TMDT GVHD : Tr n c S M C L C : CH NG I.T NG QUAN V BGP . 2

I.1.Khi ni m BGP .. 2I.2. c i m c a BGP.

2

I.3.Thu t ng BGP.. 5 I.4.Ho t ng c a BGP... 6 I.5.Khi dng BGP v khi khng dng BGP .. 15

I.5.1.Khi no dng BGP?.................................................................................. 15

I.5.2.Khi no khng dng BGP?....................................................................... 16

I.6.So snh IBGP v EBGP 16

I.7.Cc b c xy d ng b ng nh tuy n . 16

CH NG II.CC THNG S TUY N NG TRONG BGP 17

*C 2 d ng thng s : + Well Know : - Mandatory ( Origin , AS path , Next-hop )

- Discretionary ( Local preference , Atomic aggregate)

+ Option : - Non transitive ( MED , Cluster list )

- Transitive ( Communities)

II.1. Thng s AS path 17II.2.Thng s Next hop .. 19II.3.Thu c tnh Aggregator v Local preference.. 22II.4.Thu c tnh Weight v thu c tnh MED 25

CH NG III.S D NG CHNH SCH V I BGP... 28III.1.L c tuy n

28

III.2.S d ng distribute list l c route 28

III.3.L nh ip prefix list. 29III.4.Route map . 30

CH NG IV.DEMOV KI M TRA BGP ... 34IV.1.Xem tr ng thi BGP .IV.2.Xem hng xm BGP .

IV.3.Xem b ng BGP .IV.4.Xem b ng routing .



Ti li u tham kh o :

- CCNP ROUTE 642-902 Official Certification Guide

- Cisco IOS Cookbook, 2nd Edition

- Cisco Press - Routing TCPIP Volume II (CCIE Professional Development)

(2010)

- Cisco.Press.CCNP.BSCI.Portable.Command.Guide.May.2007

- ISP WorkShop

Danh m c cc hnh v : Danh m c cc hnh Trang

Hnh 1.1 .B ng cc giao th c nh tuy n ng 2Hnh 1.2 .



CH NG I . T NG QUAN V BGP

I.1. KHI NI M Nh ta bi t Internet c t o b i r t nhi u cc Autonomous System. BGP

c s d ng chia s thng tin nh tuy n gi a cc AS khc nhau. BGP s d ng giao th c v n chuy n tin c y (reliable transport protocol) trao i thng tin nh tuy n chnh l Transmission Control Protocol (TCP). BGP s d ng c ng 179 thit l p k t n i. BGP h tr variable-length subnet mask (VLSM), classless interdomain routing (CIDR), v summarization. i u ng ch v BGP l n khng quan tm v intra-AS routing, n tin t ng r ng cc IGP c s d ng trong AS s m nhi m intra-AS routing. M n ch c p t i inter-AS routing. M t BGP speaking device s chia s thng tin n c m ng v i neighbor c a n. Thng tin n c m ng ch a ng d li u d a trn cc AS khc nhau m n i qua. Thng tin ny s c BGP spaking device t o graph c a t t c cc AS ang s d ng. Graph s gip cho BGP lo i b c routing loop v m b o hi u l c c a policy cho AS c a n.

Hnh1.1 B ng cc giao th c nh tuy n ng



I.2 : C I M C A BGP + S d ng giao th c nh h ng k t n i v i nh ng c i ti n: - B n tin c p nh t l tin c y - c p nh t theo chu k - nhi u thng s tnh metrics + c dng thi t k m ng c quy m r t l n BGP l m t giao th c nh tuy n d ng path-vector nn vi c ch n l a ng i t t

nh t thng th ng d a trn m t t p h p cc thu c tnh c g i l ATTRIBUTE. Do s d ng metric kh ph c t p, BGP c xem l m t giao th c kh ph c t p. Nhi m v c a BGP l m b o thng tin lin l c gi a cc AS, trao i thng tin nh tuy n gi a cc AS, cung c p thng tin v tr m k cho m i ch n. BGP s d ng giao th c TCP c ng 179. Cc giao th c nhm distance vector th ng qu ng b thng tin hi n c n cc router lng gi ng, cn path vector ch ra chnh xc danh sch ton b ng d n n ch. Ngoi ra cc giao th c nh tuy n ho t ng dng path vector gip vi c xc nh vng l p trn m ng r t t t b ng cch xem xt cc con ng m cc router khc g i v xem c chnh b n thn AS trong hay khng, n u c s bi t c ngay l l p, v s lo i b .

BGP h tr cho cc a ch CIDR (Classless Interdomain Routing). BGP cho php dng xc th c v BGP c cc c ch keepalive nh k nh m duy tr quan h gi a cc BGP peers.

Trong giai o n ban u c a c a phin thi t l p quan h BGP, ton b cc thng tin routing-update s c g i. Sau , BGP s chuy n sang c ch dng trigger-update. B t k m t thay i no trong h th ng m ng cng s l nguyn nhn gy ra trigger-update.

M t trong cc c i m khc bi t nh t c a BGP l trong cc routing-update c a n. Khi ta xem xt cc BGP update, ta s nh n th y cc routing update ny l kh chnh xc. BGP khng quan tm n vi c giao ti p c y ki n th c c a t t c cc subnet bn trong m t cng ty m BGP quan tm n vi c chuy n t i y thng tin tm m t AS khc. Cc BGP update th c hi n qu trnh summarization n m t m c t i a b ng cch cho php m t s AS, cho php m t s prefix v m t vi thng tin nh tuy n. Tuy nhin, m t ph n nh c a BGP update l kh quan tr ng. BGP m b o r ng l p transport truy n cc update v cc c s d li u v ng i c ng b . BGP c th c hi n th c bao g m gi a cc AS khc nhau hay trong cng 1 AS. Khi dng BGP k t n i cc AS khc nhau, BGP c g i l eBGP. Giao th c ny cng c th c dng mang thng tin gi a cc router eBGP trong m t AS. Khi BGP c g i l iBGP.



Trong m t AS ta s d ng giao th c nh tuy n n i IGP (v d nh RIP, ISIS, EIGRP, OSPF) nh ng khi ra ngoi m t AS th ph i s d ng m t giao th c khc. V n y chnh l m c ch c a cc IGP v EGP khng gi ng nhau. Cc IGP th c hi n nh tuy n gi i t ngu n n ch m khng c n quan tm n chnh sch nh tuy n (policy). Trong khi ra kh i ph m vi m t AS th chnh sch nh tuy n l i l v n quan tr ng . Xt v d sau:

AS4---AS1---AS2---AS3---(C Company) |........................................|

|........................................|

B Company-----------A Company

Gi s A mu n truy n d li u n AS4. A v B l 2 i th c a nhau. B khng mu n chuy n d li u cho cng ty A nn A ch c th chuy n d li u thng qua AS3, AS2, AS1 n c AS4, m c d con ng thng qua cng ty B c th l t i u nh t. Gi s C thu c AS3 cng mu n n AS4 nh ng C l i tc c a B nn B s n sng cho qu giang. Nh v y A v C c cng m t ch n nh ng ph i i theo nh ng cch khc nhau. Cc IGP khng th lm c i u ny v m t nguyn nhn ch y u chnh l cc giao th c u lin quan n metric hay l cost m hon ton khng quan tm n chnh sch nh tuy n. N ch bi t c g ng lm sao chuy n c cc gi d li u n ch m t cch hi u qu v t i u nh t



I .3 .THU T NG BGP

Stt Thut ng nh ngha1 Aggregation L qu trnh tm t t cc route (summarization)2 Attribute T ng t nh metric. Cc bi n ny s m t cc c

i m c a ng i t i m t a ch ch no . Khi c nh ngha, cc c i m ny c th c dng ra quy t nh v nn i theo ng i no.

3 Autonomous System nh ngha m ng c a m t t ch c. Trong m t AS, cc router s c cng giao th c nh tuy n. N u ta k t n i ra Internet, ch s AS ny ph i l duy nh t v c cung c p b i cc y ban Internet.

4 Exterior Gateway

Protocol (EGP)

Thu t ng chung cho m t giao th c c ch y gi a cc AS khc nhau. Cng c m t giao th c c tn l EGP l ti n thn c a BGP

5 EBGP G i thng tin nh tuy n gi a cc AS khc nhau 6 Interior Gateway

Protocol (IGP)

y l cc giao th c nh tuy n ch y bn trong m t AS. Trong qu kh , thu t ng gateway th ng c dng nh ngha m t router.

7 IBGP Giao th c ny c dng bn trong m t AS. Cc router khng yu c u ph i l lng gi ng c a nhau v ph ng di n k t n i v t l v th ng ngoi ra c a m t AS. IBGP c dng gi a cc router ch y BGP trong cng m t AS.

8 Originator-ID y l thu c tnh c a BGP. N l m t thu c tnh ty ch n. Thu c tnh ny s ch a gi tr routerID c a router pht sinh ra ng i . M c ch c a thu c tnh ny l ngn ng a routing loop. N u m t router nh n c m t update t chnh n, router s b qua update .

9 policy-based routing C ch ny cho php ng i qu n tr l p trnh giao th c nh tuy n b ng cch nh ngha traffic s c route nh th no. y l m t d ng c a nh tuy n tnh. PBR c l p v i cc giao th c nh tuy n v dng route-map t o ra cc qu trnh ring l p t cc quy t nh nh tuy n.

10 prefix list Prefix list c dng nh m t thay th cho distribute-list ki m sot BGP h c ho c qu ng b cc c p nh t nh th no. Prefix-list th nhanh h n, uy n chuy n h n v t t n ti nguyn c a h th ng h n.


Bi t p l n An ton internet & TMDT GVHD : Tr n c S 11 Route-reflector y l router c c u hnh chuy n cc routes t cc

router iBGP khc. Khi c u hnh route-reflector, cc iBGP khng c n ph i fully-mesh n a. M t m ng fully-mesh th khng c kh nng m r ng.

12 Route-Reflector Client M t client l m t router c m t TCP session v i m t router khc ho t ng nh m t route-reflector-server. Client khng c n thi t ph i thi t l p peer v i cc client khc.

13 Route_reflector Clustor M t cluster l m t nhm bao g m m t route-reflector v clients. C th c nhi u h n m t route-reflector server trong m t cluster.

14 transit autonomous

system

L AS c dng mang cc BGP traffic qua cc AS khc.

I.4. HO T NG C A BGP ( BGP OPERATION ) BGP cho php truy n thng thng tin nh tuy n gi a cc AS khc nhau tr i kh p th

gi i. Hnh d i cho bi t r t nhi u AS v chng s d ng BGP chia s thng tin inh tuy n gi a cc AS khc nhau. Chng s d ng 2 d ng BGP th c hi n i u :

Internal BGP (iBGP)

External BGP (eBGP)

T t c BGP speaking device cng trong m t AS s s d ng iBGP lin l c v i m t BGP speaking khc. V i v i cc BGP speaking trong cng AS s ph i thi t l p peer v i cc BGP speaking khc. i u c ngha l chng ta phi c u hnh full mesh cho iBGP ho t ng m t cch ng cch. Hay ni cch khc t t c cc thi t b ph i thi t l p k t n i TCP v i thi t b khc.


Bi t p l n An ton internet & TMDT GVHD : Tr n c S eBGP c s d ng gi a BGP speaking device c a cc AS khc nhau. Ging nh

iBGP, BGP speking device tham gia phi c k t n i layer-3 gi a chng. Sau TCP s c s d ng b i eBGP thi t l p peer session.

Sau khi thi t l p c peer, BGP speaking device s s d ng thng tin m chng c c t nh ng trao i t o m t BGP graph. Ch m t l n BGP speaking device thi t l p c peer cng nh t o c BGP graph, chng m i b t u qu trnh trao i thng tin nh tuy n. Lc kh i t o BGP speaking s trao i ton b BGP routing table c a n. Sau chng s trao i thng tin update t ng ph n gi a cc peer v i nhau v trao i b n tin KEEPALIVE d duy tr k t n i.

I.4.1. nh d ng mo u c a b n tin (Message Header Format) BGP s ti n hnh x l b n tin ch khi ton b b n tin c nh n. BGP yu c u m i

b n tin c kch th c nh nh t l 19 octet v max l 4096 octet. Header c a message bao g m nh ng thng tin sau:

+ Marker: tr ng ny di 16 byte. Tr ng Marker c s d ng xc nh s m t ng b gi a m t t p BGP peer v ch ng th c cc b n tin BGP n (incoming BGP message). Gi tr c a tr ng ny ph thu c vo lo i b n tin. N u l m t OPEN message n s khng ch a thng tin ch ng th c v Marker c gi tr l ton bit 1. + Length: tr ng ny c di l 2 byte. Tr ng Length cho bi t di c a ton b b n tin. Gi tr c a n bi n i t 19 cho n 4096. + Type: tr ng ny c di 1 byte. N cho bi t lo i b n tin c s d ng. C th nh hnh bn d i:



a/ B n tin OPEN ( OPEN Message) B n tin OPEN l lo i b n tin u tin c g i sau khi phin k t n i TCP c thi t

l p. Khi b n tin OPEN c ch p nh n, m t b n tin KEEPALIVE xc nh n b n tin OPEN c g i tr l i. Sau khi b n tin KEEPALIVE c g i xc nh n b n tin OPEN, b n tin UPDATE t ng ph n, b n tin NOTIFICATION v b n tin KEEPALIVE s c trao i gi a cc BGP peer.

B n tin OPEN c nh d ng nh sau:

- Version: tr ng ny c chi u di 1 byte v c s d ng xc nh phin b n c a cc BGP speaker t k t qu c a qu trnh m phn v i neighbor. C th qu trnh ny nh sau: BGP speaker s th m phn v i gi tr version number cao nh t m c 2 cng h tr . N u gi tr version number c xc nh trong tr ng version m BGP speaker khc khng h tr , m t b n tin l i s c g i v cho n i g i v phin k t n i TCP s b ng t. Qu trnh trn s ti p t c cho n khi c m t gi tr version number chung c thi t l p. - My Autonomous System: tr ng ny c di 2 byte v n ch a ng Autonolous System Number c a BGP speaker g i. Tr ng ny s thng bo cho BGP speaker nh n bi t


Bi t p l n An ton internet & TMDT GVHD : Tr n c S c gi tr c a AS Number c a neighbor c a n. V gi tr cng c s d ng t o nn BGP graph c a BGP speaker. - Hold Time: tr ng ny c di 2 byte. N thng bo cho BGP speaker nh n gi tr ngh hold time c a BGP speker g i. Sau khi BGP speaker nh n c gi tr hold time t neighbor n s tnh ton v a ra gi tr hold time trong tr ng Hold Time. N s xc nh th i gian t i a m n i nh n ph i i m t thng i p t n i g i (KEEPALIVE hay UPDATE

message). M i l n m t b n tin c nh n gi tr hold time c reset v 0. - BGP Identifier: tr ng ny c di 4 byte v ch a ng gi tr BGP identifier c a BGP speaker g i. BGP identifier t ng t RID trong OSPF, n xc nh duy nh t m t BGP speaker. BGP identifier chnh l a ch IP cao nh t c a loopback interface. N u loopback khng c c u hnh th n chnh l a ch IP cao nh t c a b t k interface no c a router. Gi tr ny c xc nh ch m t l n v gi tr ny khng thay i tr phi kh i ng l i BGP process.

- Optional Parameters Length: tr ng ny c di 1 byte v n th hi n t ng di c a tr ng - ----- Optional Parameters. N u gi tr tr ng ny l 0 cho bi t Optional Parameters khng c thi t l p. - Optional Parameters: tr ng ny c di bi n i v ch a ng m t danh sch cc optional parameters m chng s c s d ng trong qu trnh m phn v i neighbor. M i m t optional parameter c bi u di n b i b ba: .

nh d nh c th nh hnh sau:

Parameter Type: tr ng ny c di 1 byte v nh n ra t ng thng s ring l . Parameter Length: c di 1 byte v ch a ng di c a tr ng Parameter Value. Parameter Value: tr ng ny c di thay i v gi i thch d a trn gi tr c a tr ng Parameter Type.

b/ B n tin UPDATE (UPDATE Message) Sau khi BGP speaker tr thnh peer, chng s trao i b n tin UPDATE t ng ph n


Bi t p l n An ton internet & TMDT GVHD : Tr n c S (incremental UPDATE message) ch a ng thng tin nh tuy n cho BGP. Thng tin ny ch a trong b n tin UPDATE c s d ng xy d ng mi tr ng nh tuy n khng c loop (loop-free routing environment).

B n tin UPDATE khng ch ch a tuy n kh thi s d ng m n cn ch a nh ng tuy n khng kh thi lo i b . M t b n tin UPDATE c th ch a t i a m t feasible route s d ng v nhi u unfeasible route lo i b . inh d ng c a b n tin UPDATE nh sau:

+ Unfeasible Routes Length: tr ng ny c di 2 byte v ch a ng di c a tr ng Withdrawn Routes. Gi tr c a n l 0 cho bi t tr ng Withdrawn Routes khng c th hi n trong b n tin UPDATE. + Withdrawn Routes: tr ng ny c di thay i v ch a m t danh sch nh ng ti n t a ch IP (IP address prefixes)s b lo i b . V i m i ti n t a ch IP c nh d ng nh sau:

- Length: tr ng ny c di 1 byte v ch a ng di ( n v l bit) c a IP address prefix. N u c gi tr l 0 c ngha l t t c IP address prefix. - Prefix: c gi tr bi n i v ch a ng IP address prefix. - Total Path Attributes Length: tr ng ny c di 2 byte v ch a ng di c a tr ng Path Attributes.

- Path Attributes: tr ng ny c di thay i v ch a ng m t chu i cc thu c tnh v path. Tr ng Path Attributes c th hi n trong m i b n tin UPDATE. Thng tin ch a ng trong tr ng Path Attribute c s d ng theo di thng tin nh tuy n c bi t v cng c s d ng cho routing decision v filtering. M i path attribute c phn chia


Bi t p l n An ton internet & TMDT GVHD : Tr n c S vo m t b ba (triplet): - Attribute Type: c di 2 byte v bao g m m t byte Attribute Flags v m t byte Attribute Type Code.

Attribute Flags: c 4 tr ng thi nh sau: + Well-known mandatory: thu c tnh ny ph i c th a nh n b i s thi hnh c a t t c BGP speaker v ph i c trnh by trong b n tin UPDATE. M t phin BGP s b ng t n u m t thu c tnh wellknown attribute khng c trnh by trong bn tin UPDATE. + Well-known discretionary: thu c tnh ny ph i c th a nh n b i s thi hnh c a t t c BGP speaker nh ng khng nh t thi t n ph i c trong b n tin UPDATE. + Optional transitive: thu c tnh ny l m t tnh tu ch n v n c th khng c th a nh n b i s thi hnh c a BGP speaker. Ch gi tr ny khng thay i n u n khng c th a nh n b i BGP speaker. + Optional non-transitive: N u thu c tnh ny khng c th a nh n b i BGP speaker v transitive flag khng c thi t l p th thu c tnh ny s b lo i b .


Bi t p l n An ton internet & TMDT GVHD : Tr n c S + Attribute Type Code: xc nh lo i Path Attribute. C th c minh ho nh hnh sau:



Trong :

ORIGIN: l m t well-known mandatory attribute. AS m t o ra thng tin nh tuy n s t o ra thu c tnh ORIGIN attribute. N c trong t t c b n tin UPDATE nhn b n thng tin nh tuy n.

AS_PATH: l m t well-known mandatory attribute. N bao g m m t danh sch c a t t c cc AS m thng tin nh tuy n i qua. Thnh ph n AS_PATH bao g m m t chu i c a cc AS path segment. M i AS path segment c bi u di n b ng b ba (triplet): . Khi m t BGP speaker qu ng b m t route m n h c c t i BGP speaker khc trong AS c a n, BGP speaker s khng s a i (modify) AS_PATH attribute. Khi m t BGP speaker qu ng b m t route m


Bi t p l n An ton internet & TMDT GVHD : Tr n c S n c t i BGP speaker khc ngoi AS c a n, BGP speaker s s a i (modify) AS_PATH.

- Khi m t BGP speaker t o ra m t route. N s bao g m m t empty AS_PATH attribute khi qu ng b t i BGP speaker trong AS

c a n_ chnh l iBGP peer. BGP speaker s bao g m AS number trong AS_attribute khi qung b t i BGP speaker

ngoi AS c a n_ chnh l eBGP peer. NEXT_HOP: l m t well-known mandatory attribute, n xc nh a ch IP c a router

bin (border router) m c s d ng nh hop ti p theo t i ch xc nh no . MULTI_EXIT_DISC: l m t optional non-transitive attribute. N u c nhi u m c nh p

t i cng m t AS, n c th c s d ng xc nh m c nh p no c s d ng. M c nh p no c metric nh nh t s c s d ng.

LOCAL_PREF: l m t well-known discretionary attribute. Thu c tnh ny c s d ng b i BGP speaker thi t l p u tin c a m t route, n c s d ng cho bi t u tin cao h n c a m t ng thot kh i AS. BGP speaker s qu ng b thu c tnh ny t i BGP peer c a n.

ATOMIC_AGGREGATE: l m t well-known discretionary attribute. Khi m t BGP speaker nh n c nh ng route trng kh p t peer c a n, n c th thi t l p thu c tnh ATOMIC_AGGREGATE. Thu c tnh ny s c thi t l p n u BGP speaker ch n c m t route v i subnet mask ng n h n subnet mask c a m t route khc.

AGGREGATOR: l m t optional transitive attribute. Khi m t BGP speaker th c hi n route aggregator, n s tnh n thu c tnh AGGREGATOR bao g m AS number c a n v BGP identifier.

COMMUNITY: l m t optional transitive attribute. Thu c tnh ny s phn nhm cc b ng cch g n th (tag) vo nh ng route c m t s c i m chung.

ORIGINATOR_ID: l m t optional non-transitive attribute. M t BGP speaker th c hi n vai tr c a m t route reflector s t o ra thu c tnh ny. Thu c tnh ORIGINATOR_ID s bao g m BGP identifier c a route reflector. Thu c tnh ny ch c ngha local AS.

CLUSTER_LIST: l m t optional non-transitive attribute. Thu c tnh ny bao g m m t danh sch gi tr CLUSTER_ID. Khi m t route reflector reflect m t route, n s g n gi tr CLUSTER_ID c a n vo CLUSTER_LIST.

Network Layer Reachability Information: V i BGP version 4 n h tr Classless Interdomain Routing (CIDR). th c hi n c i u ny n s d ng tr ng Network Layer Reachability Information (NLRI). Tr ng ny c 2 ph n sau:

Length: cho bi t di c a IP address prefix. Prefix: c di thay i v ch a ng IP address prefix th c s .

c/ B n tin KEEPALIVE (KEEPALIVE Message)


Bi t p l n An ton internet & TMDT GVHD : Tr n c S B n tin KEEPALIVE c s d ng m b o r ng peer v n t n t i. B n tin

KEEPALIVE c c u trc b i BGP Message Header. B n tin KEEPALIVE c g i trong tr ng h p restart gi tr hold timer. Chu k g i b n tin KEEPALIVE c gi tr b ng 1/3 gi tr hold time. B n tin KEEPALIVE khng c g i n u m t b n tin UPDATE trong sut khong chu k ny.

d/ B n tin NOTIFICATION (NOTIFICATION Message) B t c khi no c m t l i x y ra trong m t BGP session, BGP speaker pht ra m t b n

tin NOTIFICATION. Ngay sau khi BGP speaker c pht ra th phin k t n i s b ng t. B n tin NOTIFICATION bao g m error code, error sub-code s cho php ng i qu n tr thu n l i h n trong qu trnh g r i. nh d ng c a b n tin NOTIFICATION nh sau:

I.4.2. Neighbor Negotiation - Tr c khi qu trnh BGP lin l c x y ra, BGP speaker ph i tr thnh neighbor hay peer c a nhau. B c u trong qu trnh thi t l p peer l BGP speaker thi t l p phin k t n i TCP s d ng port 179 v i BGP speaker khc. N u i u ny khng x y ra th BGP speaker s khng bao gi tr thnh peer c a nhau. Sau khi phin k t n i TCP c thi t l p, BGP speaker g i b n tin OPEN t i peer c a n. Ti p l cc b n tin UPDATE, NOTIFICATION, KEEPALIVE s c trao i. - Qu trnh thi t l p neighbor c g i l Finite State Machine. Qu trnh trn c 6 tr ng thi c th x y ra trong qu trnh thi t l p quan h v i neighbor.

Idle state: l tr ng thi u tin m BGP speaker tr i qua khi kh i t o m t phin BGP. tr ng thi ny BGP speaker i m t start event, t ch i t t c BGP k t n i n v khng

kh i t o b t k m t BGP k t n i no (BGP connection). Start event c th c t o ra b i BGP speaker hay qu n tr h th ng. Ch m t l n start event x y ra, BGP speaker s kh i t o t t c ti nguyn BGP c a n. BGP s kh i t o ConnectRetry timer, kh i t o m t k t n i TCP t i BGP speaker m mu n tr thnh peer v i n v cng l ng nghe start event t BGP speaker khc. BGP speaker s thay i tr ng thi c a n sang Connection. N u b t k l i no x y ra trong xu t qu trnh ny, phin TCP s b ng t v tr ng thi c a BGP speaker s tr l i Idle. V m t start event m i c n ph i x y ra BGP speaker th k t n i l i l n n a. N u start event c t ng sinh ra, BGP speaker s i 60 giy tr c khi th l i (retry) k t l i. V m i l n retry k ti p th i gian ch s tng ln g p i.


Bi t p l n An ton internet & TMDT GVHD : Tr n c S - Connection state: Trong tr ng thi ny, BGP s i k t n i TCP c thi t l p. Ch m t l n k t n i c thi t l p thnh cng, BGP speaker s lm s ch ConnectRetry timer, n s g i m t b n tin OPEN t i remote BGP speaker v chuy n tr ng thi c a n sang OpenSent. N u k t n i TCP khng c k t n i thnh cng, BGP speaker s kh i t o l i ConnectRetry timer, v ti p t c nghe m t yu c u k t n i khc t remote BGP speaker, v chuy n tr ng thi sang Active. N u ConnectRetry timer h t h n, BGP speaker s kh i t i l i ConnectRetry timer v ti p t c l ng nghe m t yu c u k t n i t remote BGP speaker v n v n gi tr ng thi c a n Connection state. N u b t c lo i event khc gy ln l i th BGP speaker s ng k t n i TCP v chuy n tr ng thi c a n v Idle. T t c cc start even u s b l i trong Connection state. - Active state: trong tr ng thi ny, BGP speaker th kh t o m t phin k t n i TCP v i BGP speaker m mu n tr thnh peer v i n. Ch m t l n k t n i thnh cng, BGP speaker s xo s ch ConnectRetrry timer, sau BGP speaker s g i m t b n tin OPEN t i remote BGP speaker v chuy n tr ng thi sang OpenSent. N u ConnectRetry timer h t h n, BGP speaker s thi t l p l i th i gian, kh i t o m t phin k t n i TCP v ti p t c l ng nghe cc yu c u k t n i t remote BGP speaker v chuy n tr ng thi sang Connection. N u BGP speaker xc nh c m t BGP speaker khc th thi t l p k t n i v i n v a ch IP c a remote BGP speakerkhng ph i l a ch mong mu n, BGP speaker s t ch i yu c u k t n i ny v thi t l p l i ConnectRetry timer, ti p t c l ng nghe m t yu c u k t n i khc t remote BGP speaker v gi tr ng thi Active. N u b t c lo i event khc no gy ra l i,BGP speaker s ng k t n i TCP v chuy n tr ng thi v Idle. T t c start event s b l i tr ng thi Active. - OpenSent state: tr ng thi ny, BGP speaker i nh n m t b n tin OPEN t remote BGP speaker. Ch m t l n BGP speaker nh n b n tin OPEN, t t c cc tr ng s c ki m tra.N u m t l i c xc nh b i BGP speaker, n s g i m t b n tin NOTIFICATION t i remote BGP speaker v ng t k t n i TCP, v chuy n tr ng thi c a n sang Idle. N u khng c l i no c xc nh, BGP speaker s g i m t b n tin KEEPALIVE t i remote BGP speaker, thi t l p cc gi tr keepalive timer v hold timer m phn v i neighbor. BGP speaker s m phn i u ch nh gi tr hold time. N u hold time gi tr l 0, c ngha l keepalive timer v hold timer s khng bao gi c thi t l p l i. Sau qu trnh m phn v hold timer, BGP speaker s xc nh k t n i l iBGP hay eBGP.

N u 2 BGP speaker cng trong m t autonomous system, lo i BGP s l iBGP. N u chng thu c 2 autonomous system khc nhau, lo i BGP s l eBGP. Ch m t l n lo i BGP c xc nh, tr ng thi c a n s chuy n sang OpenConfirm.

Trong su t tr ng thi ny, c th BGP speaker s nh n c m t b n tin disconnect. N u i u ny x y ra, BGP speaker s chuy n tr ng thi sang Active. N u b t k event khc no gy ra m t l i, BGP speaker s ng k t n i TCP v chuy n tr ng thi sang Idle. T t c


Bi t p l n An ton internet & TMDT GVHD : Tr n c S cc start event s b l i trong tr ng thi OpenSent. - OpenConfirm state: tr ng thi ny, BGP speker i nh n m t b n tin KEEPALIVE t remote BGP speaker. Ch m t l n b n tin KEEALIVE c nh n, BGP speaker s thi t l p l i hold timer v chuy n tr ng thi sang Established. T i th i i m ny m i quan h peer gi a chng c thi t l p. N u m t b n tin NOTIFICATION c nh n thay th cho b n tin KEEPALIVE, BGP speaker s thay i tr ng thi sang Idle. Trong tr ng h p hold timer h t h n tr c khi nh n c b n tin KEEPALIVE t remote BGP speaker, k t thc k t n i TCP chuy n tr ng thi sang Idle. BGP speaker c th nh n c b n tin disconnect t peer c a n. N u i u ny x y ra, BGP speaker chuy n tr ng thi sang Idle. B t c lo i event khc gy ln l i, BGP speaker s ng k t n i TCP v chuy n tr ng thi sang Idle. T t c cc start event s b l i trong tr ng thi OpenConfirm. - Established state: ch m t l n m t BGP speaker t n tr ng thi Established, t t c cc qu trnh m phn v i neigbor hon t t. tr ng thi ny BGP peer s trao i b n tin UPDATE v b n tin KEEPALIVE. M i l n BGP speaker nh n c m t bn tin UPDATE hay bn tin KEEPALIVE, n s thi t l p l i hold timer c a n. N u hold timer h t h n tr c khi nh n c m t b n tin UPDATE hay b n tin KEEPALIVE, BGP speaker s g i m t bn tin NOTIFICATION t i peer c a n, ng t phin k t n i TCP v chuy n tr ng thi sang Idle. B t c event khc khi n cho BGP speaker t o ra m t b n NOTIFICATION th BGP speaker s chuy n tr ng thi v Idle. T t c Start event s b l i trong tr ng thi Established.

Tip: Ch m t l n BGP peer t n tr ng thi Established, chng s b t u qu trnh trao i thng tin nh tuy n.

I..5. KHI NO DNG BGP V KHI KHNG DNG BGP ( WHEN & WHEN NOT TO USE BGP ) I .5.1.Khi no th dng BGP?

Khi m ng c a m t cng ty k t n i n nhi u ISP ho c cc AS khc v ang dng cc k t n i ny. Nhi u cng ty dng cc k t n i khc nhau nh m m c ch d phng. Chi ph c th gi m thi u n u t t c cc k t n i u c dng. Trong tr ng h p ny, PBR c th c n thi t tri n khai trn t ng k t n i. BGP cn c dng khi chnh sch nh tuy n c a nh cung c p d ch v v c a cng ty khc nhau. Ho c traffic trong cng ty c n ph i c phn bi t v i traffic c a ISP. M ng c a hai t ch c khng th xu t hi n nh m t AS. M t tr ng h p khc ph i dng BGP l khi m ng c a ta l m t ISP. N u l m t ISP, h th ng m ng ny ph i cho php cc traffic khc i qua AS c a mnh. Lc ny n ho t ng nh m t transit domain. I .5.2Khi no th khng dng BGP?

M t h th ng m ng n gi n l m t h th ng m ng d dng qu n l v b o tr. y l l do chnh trnh dng BGP trong m t h th ng m ng. V v y, n u h th ng m ng


Bi t p l n An ton internet & TMDT GVHD : Tr n c S c cc c i m sau, nn dng nh ng cch th c khc, ch ng h n nh static ho c default- routing.

* M ng c a ISP v m ng c a cng ty c chung m t chnh sch nh tuy n * M c d cng ty c a b n c nhi u k t n i n ISP, cc k t n i ny l d phng

v v v y khng c n m t k ho ch kch ho t nhi u h n m t k t n i n Internet. * Ti nguyn m ng l c gi i h n, ch ng h n nh b nh v CPU c a router.

Bng thng gi a cc AS l th p v cc ph t n cho nh tuy n s nh h ng n qu trnh chuy n d li u. I.6. SO SNH IBGP V EBGP

- Cc thng s trao i trong b n tin update c a IBGP khng thay i - b i v BGP ch y split horizon, do v y cc tuy n ng h c t hng xm IBGP s

khng c qu n b t i hng xm IBGP khc. - Thng s Local-preference v med ch qu ng b trong phin IBGP - Hng xm EBGP l k t n i tr c ti p, IBGP c th k t n i t xa

I.7. CC B C XY D NG B NG NH TUY N TRONG BGP - Nh n b n tin update - Xy d ng b ng BGP - L a ch n tuy n ng BG - Qu ng b tuy n ng BGP - Xy d ng b ng nh tuy n BGP - Qu ng b m ng C c b


Documents

Baocao at Internet 0223