题 Cisco BGP不等成本负载平衡


我正在尝试在我的网络中实现BGP不等成本负载平衡功能。 根据cisco手册(长: http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgplb.html,简短: https://ccieblog.co.uk/bgp/bgp-unequal-load-cost-sharing我已经构建了这样的网络拓扑:

net topology

R1  - 路由器,我正在尝试为传出流量实现负载平衡。带名称的VRF表 nat 用来。

R2-R4  - 运行quagga的NAT服务器,默认路由为 R5 跟...一起分享 R1 超过eBGP。

R1配置

R1 IOS版本: 12.2(33)SXJ4(s72033-adventerprisek9_wan-mz.122-33.SXJ4.bin)

R2配置 (R3  R4 只有router-id和vlan不同)

结果我有3个不同的默认路由 R1 具有相同的份额 - 1/1(1:1:1)。但比例1:2:3被驱逐:

R1# sh ip bgp vpnv4 vrf nat 0.0.0.0

Paths: (6 available, best #5, table nat)
Multipath: eiBGP
  Advertised to update-groups:
     2         
  65000
    10.30.227.227 from 10.30.227.227 (10.30.227.227)
      Origin IGP, localpref 100, valid, external, multipath
      Extended Community: RT:192.168.33.4:13
      DMZ-Link Bw 250 kbytes
  65000, (received-only)
    10.30.227.227 from 10.30.227.227 (10.30.227.227)
      Origin IGP, localpref 100, valid, external
      DMZ-Link Bw 250 kbytes
  65000
    10.30.228.228 from 10.30.228.228 (10.30.228.228)
      Origin IGP, localpref 100, valid, external, multipath
      Extended Community: RT:192.168.33.4:13
      DMZ-Link Bw 375 kbytes
  65000, (received-only)
    10.30.228.228 from 10.30.228.228 (10.30.228.228)
      Origin IGP, localpref 100, valid, external
      DMZ-Link Bw 375 kbytes
  65000
    10.30.225.225 from 10.30.225.225 (10.30.225.225)
      Origin IGP, localpref 100, valid, external, multipath, best
      Extended Community: RT:192.168.33.4:13
      DMZ-Link Bw 125 kbytes
  65000, (received-only)
    10.30.225.225 from 10.30.225.225 (10.30.225.225)
      Origin IGP, localpref 100, valid, external
      DMZ-Link Bw 125 kbytes

R1# sh ip cef vrf nat 0.0.0.0/0 internal

0.0.0.0/0, epoch 3, flags rib only nolabel, rib defined all labels, RIB[B], refcount 7, per-destination sharing
  sources: RIB, D/N, DRH
  feature space:
   NetFlow: Origin AS 0, Peer AS 0, Mask Bits 0
   Broker: linked
   IPRM: 0x00018000
  subblocks:
   DefNet source: 0.0.0.0/0
  ifnums:
   Vlan3225(231): 10.30.225.225
   Vlan3227(232): 10.30.227.227
   Vlan3228(233): 10.30.228.228
  path 541B7858, path list 53E3E0D8, share 1/1, type recursive nexthop, for IPv4, flags resolved
  recursive via 10.30.225.225[IPv4:nat], fib 5496C804, 1 terminal fib
    path 541B7BF8, path list 53E3E170, share 1/1, type adjacency prefix, for IPv4
    attached to Vlan3225, adjacency IP adj out of Vlan3225, addr 10.30.225.225 513F6B60
  path 541B78CC, path list 53E3E0D8, share 1/1, type recursive nexthop, for IPv4, flags resolved
  recursive via 10.30.227.227[IPv4:nat], fib 54969B7C, 1 terminal fib
    path 541B7B10, path list 53E3E08C, share 1/1, type adjacency prefix, for IPv4
    attached to Vlan3227, adjacency IP adj out of Vlan3227, addr 10.30.227.227 513F66E0
  path 541B7DC8, path list 53E3E0D8, share 1/1, type recursive nexthop, for IPv4, flags resolved
  recursive via 10.30.228.228[IPv4:nat], fib 54970EAC, 1 terminal fib
    path 541B79B4, path list 53E3E040, share 1/1, type adjacency prefix, for IPv4
    attached to Vlan3228, adjacency IP adj out of Vlan3228, addr 10.30.228.228 513F6560
  output chain:
    loadinfo 51283B80, per-session, 3 choices, flags 0003, 5 locks
    flags: Per-session, for-rx-IPv4
    15 hash buckets
      < 0 > IP adj out of Vlan3225, addr 10.30.225.225 513F6B60
      < 1 > IP adj out of Vlan3227, addr 10.30.227.227 513F66E0
      < 2 > IP adj out of Vlan3228, addr 10.30.228.228 513F6560
      < 3 > IP adj out of Vlan3225, addr 10.30.225.225 513F6B60
      < 4 > IP adj out of Vlan3227, addr 10.30.227.227 513F66E0
      < 5 > IP adj out of Vlan3228, addr 10.30.228.228 513F6560
      < 6 > IP adj out of Vlan3225, addr 10.30.225.225 513F6B60
      < 7 > IP adj out of Vlan3227, addr 10.30.227.227 513F66E0
      < 8 > IP adj out of Vlan3228, addr 10.30.228.228 513F6560
      < 9 > IP adj out of Vlan3225, addr 10.30.225.225 513F6B60
      <10 > IP adj out of Vlan3227, addr 10.30.227.227 513F66E0
      <11 > IP adj out of Vlan3228, addr 10.30.228.228 513F6560
      <12 > IP adj out of Vlan3225, addr 10.30.225.225 513F6B60
      <13 > IP adj out of Vlan3227, addr 10.30.227.227 513F66E0
      <14 > IP adj out of Vlan3228, addr 10.30.228.228 513F6560
    Subblocks:
     None

我究竟做错了什么?根据手册,不同 dmzlink bw 值应该导致不同的负载分担比例,但事实上 - 它没有!


更新1 - 用户bangal请求

R1# show ip bgp all summary

For address family: IPv4 Unicast
BGP router identifier X.X.X.129, local AS number 41096
BGP table version is 22283352, main routing table version 22283352
34749 network entries using 4065633 bytes of memory
61661 path entries using 3206372 bytes of memory
8119/5337 BGP path/bestpath attribute entries using 1299040 bytes of memory
3752 BGP AS-PATH entries using 155474 bytes of memory
2990 BGP community entries using 138266 bytes of memory
146 BGP extended community entries using 5168 bytes of memory
53 BGP route-map cache entries using 1696 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 8871649 total bytes of memory
BGP activity 4716897/4682147 prefixes, 11331539/11269872 paths, scan interval 60 secs

# Here are bgp neighbours from global routing table. Not relevant to the question. IP addresses are hidden 

Neighbor     V       AS    MsgRcvd   MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
X.X.X.1      4       XX219    791704  760380 22283352    0    0 6d17h           1
X.X.X.33     4       XX219 112902498 1315655 22283352    0    0 6d17h           0
X.X.X.238    4       XX772    801422  762830 22283352    0    0 2w5d            0
X.X.X.206    4       XX540   2886112 1313917 22283352    0    0 4w4d         9641
X.X.X.70     4       XX772 188343075 1313853 22283352    0    0 6d14h       25881
X.X.X.78     4       XX772 148265282  941127 22283352    0    0 2w6d        26098

# Here are neighbours for vrf nat.

For address family: VPNv4 Unicast
BGP router identifier X.X.X.129, local AS number 41096
BGP table version is 824, main routing table version 824
1 network entries using 137 bytes of memory
6 path entries using 408 bytes of memory
1 multipath network entries and 3 multipath paths
8119/1 BGP path/bestpath attribute entries using 1299040 bytes of memory
3752 BGP AS-PATH entries using 155474 bytes of memory
2990 BGP community entries using 138266 bytes of memory
146 BGP extended community entries using 5168 bytes of memory
53 BGP route-map cache entries using 1696 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1600189 total bytes of memory
3 received paths for inbound soft reconfiguration
BGP activity 4716897/4682147 prefixes, 11331539/11269872 paths, scan interval 15 secs

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.30.225.225   4       65000   11003   11443      824    0    0 3d18h           1
10.30.227.227   4       65000    9853   10293      824    0    0 3d18h           1
10.30.228.228   4       65000   10992   11432      824    0    0 3d18h           1

R1# sh ip route vrf nat

Routing Table: nat
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.30.228.228 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 4 subnets
C       10.30.0.0 is directly connected, Vlan30
C       10.30.228.0 is directly connected, Vlan3228
C       10.30.227.0 is directly connected, Vlan3227
C       10.30.225.0 is directly connected, Vlan3225
B*   0.0.0.0/0 [20/0] via 10.30.228.228, 3d18h
               [20/0] via 10.30.227.227, 3d18h
               [20/0] via 10.30.225.225, 3d18h

R1# sh ip bgp vpnv4 vrf nat neighbors

R1 sh ip bgp邻居输出

R1# sh run

R1运行配置  敏感信息被掩盖


9
2017-11-09 15:48




您的R1运行配置是否未命中 bandwidth 50000 对于'interface Vlan3228'?你能不能附上'sh ip bgp <IP of R5>'的输出? - Andrey Sapegin
同样在running-config中,据我所知,bandwidthes应该是50kbs-100kbs-150kbs,你的输出 R1# sh ip bgp vpnv4 vrf nat 0.0.0.0 显示125kbs-250kbs-350kbs ...... - Andrey Sapegin
@AndreySapegin sh ip bgp vpnv4 vrf nat 10.30.228.228 显示与...相同 sh ip bgp vpnv4 vrf nat 0.0.0.0 。你错过了吗? neighbors 关键词?如果是这样,输出 sh ip bgp vpnv4 vrf nat neighbors 10.30.228.228 你可以看到最后 R1 sh ip bgp邻居输出 - Shamanu4
你提到的指南(cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgplb.html)区分 neighbor dmzlink-bw,它只允许向邻居发布带宽(在您的配置中显示)和 bgp dmzlink-bw,它可以实现比例负载平衡(在您的配置中似乎是MISSING)。你能不能试试 bgp dmzlink-bw 进入你的运行配置? - Andrey Sapegin
@AndreySapegin。是的,我很确定 maximum paths 应该在 address-family。我需要在vrf实例中使用多路径功能,但在全局路由表中不需要。如果我放 maximum paths 下 router bgp 100 我通过R5只得到一条路线,而R3和R2没有路线。同样的结果 ibgp 在地址家庭之下,因为所有邻居都是外部的。端口通道上的带宽继承在配置中是一致的。我删除了这一行没有任何效果。 承诺 - Shamanu4


答案:


关键问题似乎是缺失 bgp dmzlink-bw 配置中address-family下的选项。但是,让我在这里总结一下我的评论:

  1. bgp dmzlink-bw 下 address-familyneighbor dmzlink-bw 只允许向邻居发布带宽广告bgp dmzlink-bw 实现比例负载平衡。
  2. Running-config有 bandwidth 50000 'interface Vlan3228'缺少选项
  3. 如上所述 这个配置示例, 选项 maximum-paths eibgp 3 可能需要而不是 maximum-paths 3
  4. 此外 sh ip bgp vpnv4 vrf nat 0.0.0.0 通过Shamanu4和bangal的原始指南中提到的其他命令(请参阅问题),检查使用负载平衡的链路的流量共享计数是否不同很有用 sh ip route vrf nat 0.0.0.0
  5. 检查是否没有其他选项可能会干扰负载平衡的配置(例如, bandwidth inherit 在港口频道)

作为一般建议,当你有一个包含大量选项的大型running-config时,有时很难确定问题。如果问题仍然存在,我将使用空配置创建类似的设置并尝试配置 只要 那里的相关选项(最小工作示例),看它是否有效,它不会干扰其他选项,访问列表(例如,在这种特殊情况下极不可能)等等。如果你没有备用硬件,您的路由器正在生产中,因此您无法直接在其上试验空配置,您可以:

  • 将Linux PC / VM与Quagga等路由软件一起使用(在问题中提到)
  • 使用思科的模拟器: Boson NetSim for CCNP 支持BGP,但是,我不确定是否支持address-family / VPN / VRF
  • 将虚拟机与Cisco的IOS XRv配合使用。据我所知,它可以免费提供2 Mbit / s带宽限制,这应该足以进行测试。同样,我不确定是否支持address-family / VPN / VRF: Cisco IOS XRv路由器概述VM下载链接
  • 使用GNS3(http://www.gns3.com/)模拟器。它有Cisco IOS映像,但是,我不知道如何获取它们。
  • 最后,您甚至可以尝试从ebay这样的地方购买二手硬件,尽可能便宜,仅用于测试目的。

3
2017-11-18 14:16



仍无法证实或否定这一理论。 IOS版本15.1(2)SY4a也没有选项 dmzlink-bw 下 address-family。我需要一些时间来解开思科文档与现实生活中的矛盾。 - Shamanu4
真的很奇怪。您可以尝试查看以下文档: cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/..., cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/...,但我没有在配置中看到任何遗漏... - Andrey Sapegin
我将购买cisco VIRL许可证并尝试在那里模拟拓扑。我稍后会报告任何结果。感谢帮助。 - Shamanu4