BGP多路径

网络需求

当存在多条ECMP(Equal-Cost Multipath)的BGP路由到达目标网络时,默认情况下只有第1个路由(先学习到的)会被放入路由表。

当开启BGP multipath功能后,所有这些ECMP的BGP路由都会被放入路由表,实现出站流量的负载均衡。允许同时使用多条等效路径,以提高网络性能和容错性。

网络拓扑

image-20240118140808316

  1. FortiGate与Router1和Router2分别建立iBGP邻居,FortiGate宣告自己的内网网段。
  2. Router1和Router2分别与Router3建立eBGP邻居,Router3宣告自己的内网网段。

配置步骤

  1. 基础网络配置(略)。

  2. 配置FortiGate的BGP,与Router1和Router2分别建立iBGP邻居。

    config router bgp
        set as 65001
        set router-id 10.10.1.2
        config neighbor
            edit "10.10.1.1"
                set soft-reconfiguration enable
                set remote-as 65001
            next
            edit "10.10.1.5"
                set soft-reconfiguration enable
                set remote-as 65001
            next
        end
        config network
            edit 1
                set prefix 10.10.3.0 255.255.255.0
            next
        end
    end
    
  3. 配置Router1的BGP,与FortiGate建立iBGP邻居,将路由下一跳修改为自己。与Router3建立eBGP邻居。

    config router bgp
        set as 65001
        set router-id 10.10.1.1
        config neighbor
            edit "10.10.1.2"
                set next-hop-self enable
                set soft-reconfiguration enable
                set remote-as 65001
            next
            edit "10.10.2.1"
                set soft-reconfiguration enable
                set remote-as 65002
            next
        end
    end
    
  4. 配置Router2的BGP,与FortiGate建立iBGP邻居,将路由下一跳修改为自己。与Router3建立eBGP邻居。

    config router bgp
        set as 65001
        set router-id 10.10.1.5
        config neighbor
            edit "10.10.1.6"
                set next-hop-self enable
                set soft-reconfiguration enable
                set remote-as 65001
            next
            edit "10.10.2.1"
                set soft-reconfiguration enable
                set remote-as 65002
            next
        end
    end
    
  5. 配置Router3的BGP,分别与Router1和Router2建立eBGP邻居。

    config router bgp
        set as 65002
        set router-id 10.10.2.1
        config neighbor
            edit "10.10.2.2"
                set soft-reconfiguration enable
                set remote-as 65001
            next
            edit "10.10.2.3"
                set soft-reconfiguration enable
                set remote-as 65001
            next
        end
        config network
            edit 1
                set prefix 10.10.4.0 255.255.255.0
            next
        end
    end
    

结果验证

  1. 在FortiGate上查看BGP学习到的路由,可以看到分别从iBGP邻居Router1和Router2学习到了Router3发布的BGP路由,下一跳分别为Router1和Router2。

    FortiGate # get router info bgp network 
    VRF 0 BGP table version is 4, local router ID is 10.10.1.2
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric     LocPrf Weight RouteTag Path
    *> 10.10.3.0/24     0.0.0.0                       100  32768        0 i <-/1>
    *>i10.10.4.0/24     10.10.1.1       0             100      0        0 65002 i <-/1>
    * i                 10.10.1.5       0             100      0        0 65002 i <-/->
    
    Total number of prefixes 2
    
    FortiGate # get router info bgp network 10.10.4.0
    VRF 0 BGP routing table entry for 10.10.4.0/24
    Paths: (2 available, best #1, table Default-IP-Routing-Table)
      Not advertised to any peer
      Original VRF 0
      65002
        10.10.1.1 from 10.10.1.1 (10.10.1.1)
          Origin IGP metric 0, localpref 100, valid, internal, best
          Last update: Thu Jan 18 11:46:37 2024
    
      Original VRF 0
      65002
        10.10.1.5 from 10.10.1.5 (10.10.1.5)
          Origin IGP metric 0, localpref 100, valid, internal
          Last update: Thu Jan 18 11:47:05 2024
    
  2. 但在FortiGate上只有下一跳为Router1的BGP路由被放入路由表。

    FortiGate # get router info routing-table bgp
    Routing table for VRF=0
    B       10.10.4.0/24 [200/0] via 10.10.1.1 (recursive is directly connected, port2), 02:41:00, [1/0]
    
  3. 配置FortiGate的BGP开启ibgp-multipath。

    config router bgp
        set ibgp-multipath enable
    end
    
  4. 再次查看FortiGate的路由表,下一跳为Router2的BGP路由也被放入路由表,路由下一跳在Router1和Router2间负载。

    FortiGate # get router info routing-table bgp
    Routing table for VRF=0
    B       10.10.4.0/24 [200/0] via 10.10.1.1 (recursive is directly connected, port2), 00:00:55, [1/0]
                         [200/0] via 10.10.1.5 (recursive is directly connected, port3), 00:00:55, [1/0]
    
  5. 在Router3上查看BGP学习到的路由,可以看到分别从eBGP邻居Router1和Router2学习到了FortiGate发布的BGP路由,下一跳分别为Router1和Router2(eBGP路由会自动更改下一跳为自身)。

    Router3 # get router info bgp network
    VRF 0 BGP table version is 2, local router ID is 10.10.2.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric     LocPrf Weight RouteTag Path
    *> 10.10.3.0/24     10.10.2.2       0                      0        0 65001 i <-/1>
    *                   10.10.2.3       0                      0        0 65001 i <-/->
    *> 10.10.4.0/24     0.0.0.0                       100  32768        0 i <-/1>
    
    Total number of prefixes 2
    
  6. 但在Router3上只有下一跳为Router1的BGP路由被放入路由表。

    Router3 # get router info bgp network
    VRF 0 BGP table version is 2, local router ID is 10.10.2.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric     LocPrf Weight RouteTag Path
    *> 10.10.3.0/24     10.10.2.2       0                      0        0 65001 i <-/1>
    *                   10.10.2.3       0                      0        0 65001 i <-/->
    *> 10.10.4.0/24     0.0.0.0                       100  32768        0 i <-/1>
    
    Total number of prefixes 2
    
    Router3 # get router info bgp network 10.10.3.0
    VRF 0 BGP routing table entry for 10.10.3.0/24
    Paths: (2 available, best #1, table Default-IP-Routing-Table)
      Advertised to non peer-group peers:
       10.10.2.3
      Original VRF 0
      65001
        10.10.2.2 from 10.10.2.2 (10.10.1.1)
          Origin IGP metric 0, localpref 100, valid, external, best
          Last update: Thu Jan 18 14:17:19 2024
    
      Original VRF 0
      65001
        10.10.2.3 from 10.10.2.3 (10.10.1.5)
          Origin IGP metric 0, localpref 100, valid, external
          Last update: Thu Jan 18 14:17:13 2024
    
  7. 配置FortiGate的BGP开启ebgp-multipath。

    config router bgp
        set ebgp-multipath enable
    end
    
  8. 再次查看Router3的路由表,下一跳为Router2的BGP路由也被放入路由表,路由下一跳在Router1和Router2间负载。

    Router3 # get router info routing-table bgp
    Routing table for VRF=0
    B       10.10.3.0/24 [20/0] via 10.10.2.2 (recursive is directly connected, port2), 00:00:21, [1/0]
                         [20/0] via 10.10.2.3 (recursive is directly connected, port2), 00:00:21, [1/0]
    

Copyright © 2024 Fortinet Inc. All rights reserved. Powered by Fortinet TAC Team.
📲扫描下方二维码分享此页面👇
该页面修订于: 2024-01-18 14:36:25

results matching ""

    No results matching ""