我正在尝试让 bgp 在 4 个路由器之间的实验室环境中工作。我有 1 个中央路由器和 3 个分支。4 台机器中有 3 台是 debian11 机器,1 个分支是 windows server 2019,我也为其设置了 bgp。
“show bgp summary”显示所有邻居都已连接:
ISP# sh bgp summary
IPv4 Unicast Summary:
BGP router identifier 120.116.7.254, local AS number 62000 vrf-id 0
BGP table version 8
RIB entries 9, using 1728 bytes of memory
Peers 3, using 64 KiB of memory
Peer groups 3, using 192 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
120.115.7.65 4 64000 95 84 0 0 0 01:19:51 1 0
120.116.9.129 4 63000 30123 30125 0 0 0 1d01h05m 0 0
120.116.7.1 4 61000 1525 1528 0 0 0 00:29:49 0 0
Total number of neighbors 3
中心路由器ISP配置如下:
Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname ISP
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 62000
neighbor Branch1 peer-group
neighbor Branch1 remote-as 64000
neighbor Branch2 peer-group
neighbor Branch2 remote-as 63000
neighbor Branch3 peer-group
neighbor Branch3 remote-as 61000
neighbor 120.115.7.65 peer-group Branch1
neighbor 120.116.9.129 peer-group Branch2
neighbor 120.116.7.1 peer-group Branch3
!
address-family ipv4 unicast
network 120.116.7.0/26
network 120.115.7.64/26
network 120.116.9.128/25
redistribute kernel
redistribute connected
neighbor Branch1 route-map Branch1 in
neighbor Branch1 route-map Branch1 out
neighbor Branch2 route-map Branch2 in
neighbor Branch2 route-map Branch2 out
neighbor Branch3 route-map Branch3 in
neighbor Branch3 route-map Branch3 out
exit-address-family
!
route-map Branch3 permit 10
match interface ens161
match peer 120.116.7.1
!
route-map Branch1 permit 20
match peer 120.115.7.65
!
route-map Branch2 permit 30
match peer 120.116.9.129
!
line vty
!
end
分支路由器的配置之一:
Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname Branch3
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 61000
neighbor ISP peer-group
neighbor ISP remote-as 62000
neighbor 120.116.7.62 peer-group ISP
!
address-family ipv4 unicast
network 120.116.5.0/26
network 120.116.8.0/24
neighbor ISP route-map ISP in
neighbor ISP route-map ISP out
exit-address-family
!
route-map ISP permit 1
match peer 120.116.7.62
!
line vty
!
end
我不知道我遗漏了什么,因为 BGP Windows Server 发送了他的伪网络(120.116.6.0/24),我给他显示如下:
K>* 0.0.0.0/0 [0/0] via 10.0.255.254, ens192, 1d01h51m
C>* 10.0.0.0/16 is directly connected, ens192, 1d01h51m
C>* 120.116.7.0/26 is directly connected, ens161, 1d01h51m
C>* 120.115.7.64/26 is directly connected, ens256, 1d01h51m
C>* 120.116.9.128/25 is directly connected, ens224, 1d01h51m
B>* 120.116.6.0/24 [20/0] via 120.116.7.65, ens256, weight 1, 00:58:05
ISP#
(附注:ens192 是连接公共互联网安装包的接口)
与其他网络(已配置)一样,ISP 不会向其转发此路由。正如在 Branch 配置中看到的那样,我认为也许我可以向 ISP 发送网络广告,但没有希望。
net.ip4.ip_forward 设置为 1
防火墙已全部禁用
为什么 FRR 不会发送 BGP 通告但可以正常接收它们?