2022年限制自己接收的最大前缀条目 .pdf

?限制自己接收的最大前缀条目，来保护他的边界路由器R1R2AS 1AS 2172.16.0.1/24172.16.1.1/24.172.16.8.1/24R1：R1(config-router)#nei 10.1.12.2 maximum-prefix 8 然后在R2上宣告172.16.x.0的网段，到宣告到172.16.6.0/24的时候，也就是宣告了7个网段。由于设置的maximum-prefix为 8，而默认的阀值是75%，所以在R1上会提示以下log信息：R1#show ip bgp BGP table version is 22,local router ID is 1.1.1.1 Status codes:s suppressed,d damped,h history,*valid,best,i-internal,r RIB-failure,S Stale Origin codes:i-IGP,e-EGP,?-incomplete Network Next Hop Metric LocPrf Weight Path*172.16.0.0/24 10.1.12.2 0 0 2 i*172.16.1.0/24 10.1.12.2 0 0 2 i*172.16.2.0/24 10.1.12.2 0 0 2 i*172.16.3.0/24 10.1.12.2 0 0 2 i*172.16.4.0/24 10.1.12.2 0 0 2 i*172.16.5.0/24 10.1.12.2 0 0 2 i*172.16.6.0/24 10.1.12.2 0 0 2 i*Jun 26 09:15:48.447:%BGP-4-MAXPFX:No.of prefix received from 10.1.12.2(afi 0)reaches 7,max 8 继续在R2上宣告一个路由172.16.7.0/24,出现如下的log 信息：*Jun 26 09:18:47.503:%BGP-4-MAXPFX:No.of prefix received from 10.1.12.2(afi 0)名师资料总结-精品资料欢迎下载-名师精心整理-第 1 页，共 7 页 -reaches 8,max 8 R1#show ip bgp BGP table version is 23,local router ID is 1.1.1.1 Status codes:s suppressed,d damped,h history,*valid,best,i-internal,r RIB-failure,S Stale Origin codes:i-IGP,e-EGP,?-incomplete Network Next Hop Metric LocPrf Weight Path*172.16.0.0/24 10.1.12.2 0 0 2 i*172.16.1.0/24 10.1.12.2 0 0 2 i*172.16.2.0/24 10.1.12.2 0 0 2 i*172.16.3.0/24 10.1.12.2 0 0 2 i*172.16.4.0/24 10.1.12.2 0 0 2 i*172.16.5.0/24 10.1.12.2 0 0 2 i*172.16.6.0/24 10.1.12.2 0 0 2 i*172.16.7.0/24 10.1.12.2 0 0 2 i 在 R2上继续宣告172.16.8.0/24的路由，此时R1上就会报错，从而将邻居关系置位idle状态：*Jun 26 09:20:47.519:%BGP-3-MAXPFXEXCEED:No.of prefix received from 10.1.12.2(afi 0):9 exceed limit 8*Jun 26 09:20:47.519:%BGP-5-ADJCHANGE:neighbor 10.1.12.2 Down BGP Notification sent*Jun 26 09:20:47.523:%BGP-3-NOTIFICATION:sent to neighbor 10.1.12.2 3/1(update malformed)0 bytes R1#FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0034 0200 0000 1940 0101 0040 0204 0201 0002 4003 040A 010C 0280 0404 0000 0000 18AC 1008 R1#show ip bgp sum BGP router identifier 1.1.1.1,local AS number 1 BGP table version is 31,main routing table version 31 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.12.2 4 2 30 24 0 0 0 00:01:05 Idle(PfxCt)名师资料总结-精品资料欢迎下载-名师精心整理-第 2 页，共 7 页 -/正常的情况下他是不会出现括号的Pfxct这样的字样的，出现这个代表是路由条目超出自己的接收能力。此时重置双方的邻居关系，可以看出他们邻居关系是可以起来的，然后迅速的中断。R1#clear ip bgp*R1#*Jun 26 09:23:25.355:%BGP-5-ADJCHANGE:neighbor 10.1.12.2 Up*Jun 26 09:23:25.359:%BGP-4-MAXPFX:No.of prefix received from 10.1.12.2(afi 0)reaches 7,max 8*Jun 26 09:23:25.363:%BGP-3-MAXPFXEXCEED:No.of prefix received from 10.1.12.2(afi 0):9 exceed limit 8*Jun 26 09:23:25.367:%BGP-5-ADJCHANGE:neighbor 10.1.12.2 Down BGP Notification sent*Jun 26 09:23:25.367:%BGP-3-NOTIFICATION:sent to neighbor 10.1.12.2 3/1(update malformed)0 bytes R1#FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0054 0200 0000 1940 0101 0040 0204 0201 0002 4003 040A 010C 0280 0404 0000 0000 18AC 1000 18AC 1001 18AC 1002 18AC 1003 18AC 1004 18AC 1005 18AC 1006 18AC 1007 18AC 1008 如果此时将阀值设置为100，也就是能接收的路由条目是8条，他会怎么样呢？R1(config-router)#nei 10.1.12.2 maximum-prefix 8 100 Threshold value(%)at which to generate a warning msg restart Restart bgp connection after limit is exceeded warning-only Only give warning message when limit is exceeded R1#sh ip bgp sum BGP router identifier 1.1.1.1,local AS number 1 BGP table version is 9,main routing table version 9 8 network entries using 808 bytes of memory 8 path entries using 384 bytes of memory 1 BGP path attribute entries using 60 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1276 total bytes of memory 名师资料总结-精品资料欢迎下载-名师精心整理-第 3 页，共 7 页 -BGP activity 42/34 prefixes,42/34 paths,scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.12.2 4 2 45 35 9 0 0 00:00:39 8 实验说明：如果将接收的阀值改为100，也就是接收的最大路由前缀为8，只要不超过8也是能够建立邻居关系.的。继续在R1上配置：R1(config-router)#nei 10.1.12.2 maximum-prefix 8 warning-only 此时在R2上添加一条路由前缀172.16.8.0/24,这时通告的路由前缀是9.R2#show ip bgp nei 10.1.12.1 advertised-routes BGP table version is 10,local router ID is 2.2.2.2 Status codes:s suppressed,d damped,h history,*valid,best,i-internal,r RIB-failure,S Stale Origin codes:i-IGP,e-EGP,?-incomplete Network Next Hop Metric LocPrf Weight Path*172.16.0.0/24 0.0.0.0 0 32768 i*172.16.1.0/24 0.0.0.0 0 32768 i*172.16.2.0/24 0.0.0.0 0 32768 i*172.16.3.0/24 0.0.0.0 0 32768 i*172.16.4.0/24 0.0.0.0 0 32768 i*172.16.5.0/24 0.0.0.0 0 32768 i*172.16.6.0/24 0.0.0.0 0 32768 i*172.16.7.0/24 0.0.0.0 0 32768 i*172.16.8.0/24 0.0.0.0 0 32768 i R1#show ip bgp BGP table version is 10,local router ID is 1.1.1.1 Status codes:s suppressed,d damped,h history,*valid,best,i-internal,r RIB-failure,S Stale Origin codes:i-IGP,e-EGP,?-incomplete 名师资料总结-精品资料欢迎下载-名师精心整理-第 4 页，共 7 页 -Network Next Hop Metric LocPrf Weight Path*172.16.0.0/24 10.1.12.2 0 0 2 i*172.16.1.0/24 10.1.12.2 0 0 2 i*172.16.2.0/24 10.1.12.2 0 0 2 i*172.16.3.0/24 10.1.12.2 0 0 2 i*172.16.4.0/24 10.1.12.2 0 0 2 i*172.16.5.0/24 10.1.12.2 0 0 2 i*172.16.6.0/24 10.1.12.2 0 0 2 i*172.16.7.0/24 10.1.12.2 0 0 2 i*172.16.8.0/24 10.1.12.2 0 0 2 i R1#show ip bgp sum BGP router identifier 1.1.1.1,local AS number 1 BGP table version is 10,main routing table version 10 9 network entries using 909 bytes of memory 9 path entries using 432 bytes of memory 1 BGP path attribute entries using 60 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1425 total bytes of memory BGP activity 43/34 prefixes,43/34 paths,scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.12.2 4 2 50 39 10 0 0 00:04:53 9*Jun 26 09:34:47.951:%BGP-3-MAXPFXEXCEED:No.of prefix received from 10.1.12.2(afi 0):9 exceed limit 8 试验证明：R2通告过来的路由前缀超过设置的最大接收前缀和阀值时，R2仍然能通告这些路由，并且R1也能接收这些路由条目，并且邻居关系正常，只不过在R1上出现了以上的警告信息罢了。如果此时修改R1的参数：名师资料总结-精品资料欢迎下载-名师精心整理-第 5 页，共 7 页 -neighbor 10.1.12.2 maximum-prefix 8 100 restart 1*Jun 26 09:41:48.135:%BGP-3-MAXPFXEXCEED:No.of prefix received from 10.1.12.2(afi 0):9 exceed limit 8*Jun 26 09:41:48.135:%BGP-5-ADJCHANGE:neighbor 10.1.12.2 Down BGP Notification sent*Jun 26 09:41:48.139:%BGP-3-NOTIFICATION:sent to neighbor 10.1.12.2 3/1(update malformed)0 bytes R1#FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0034 0200 0000 1940 0101 0040 0204 0201 0002 4003 040A 010C 0280 0404 0000 0000 18AC 1008*Jun 26 09:43:06.147:%BGP-5-ADJCHANGE:neighbor 10.1.12.2 Up*Jun 26 09:43:06.347:%BGP-3-MAXPFXEXCEED:No.of prefix received from 10.1.12.2(afi 0):9 exceed limit 8*Jun 26 09:43:06.351:%BGP-5-ADJCHANGE:neighbor 10.1.12.2 Down BGP Notification sent*Jun 26 09:43:06.351:%BGP-3-NOTIFICATION:sent to neighbor 10.1.12.2 3/1(update malformed)0 bytes R1#FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0054 0200 0000 1940 0101 0040 0204 0201 0002 4003 040A 010C 0280 0404 0000 0000 18AC 1000 18AC 1001 18AC 1002 18AC 1003 18AC 1004 18AC 1005 18AC 1006 18AC 1007 18AC 1008 R1#show ip bgp sum BGP router identifier 1.1.1.1,local AS number 1 BGP table version is 51,main routing table version 51 9 network entries using 909 bytes of memory 0 path entries using 0 bytes of memory 0 BGP path attribute entries using 60 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 993 total bytes of memory BGP activity 53/44 prefixes,61/61 paths,scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 名师资料总结-精品资料欢迎下载-名师精心整理-第 6 页，共 7 页 -10.1.12.2 4 2 66 54 0 0 0 00:00:15 Idle(PfxCt)设置这个参数后，他会在1分钟之后尝试的建立BGP连接，如果此时没有超过设置的阀值的话，他是能建立起来的，如果超过了，他还是会置位为idle状态：R1(config-router)#nei 10.1.12.2 maximum-prefix 8 100 restart?Restart interval in minutes R1(config-router)#nei 10.1.12.2 maximum-prefix 8 100 restart 名师资料总结-精品资料欢迎下载-名师精心整理-第 7 页，共 7 页 -