如何配置FortiGate BGP路由聚合
1、文档用途
本文描述的是如何配置BGP协议的路由会聚功能从而通过宣告聚合路由来达到通告多条详细路由的具体步骤。
2、适应范围
所有的运行在NAT模式下面的FortiGate或VDOM。
3、预期结果
本文将把如下三条详细路由通过BGP会聚功能通告成聚合路由:* 10.162.0.0/16
* 10.162.0.0/255.255.254.0
* 10.162.2.0/255.255.254.0
* 10.162.4.0/255.255.254.0
4、具体配置
具体配置如下显示,名称FGT-AS162是本地FortiGate:
FGT-AS162 (bgp) # show
config router bgp
config aggregate-address
edit 1
set prefix 10.162.0.0 255.255.0.0
set summary-only enable
next
end
set as 162
config neighbor
edit 10.142.0.110
set remote-as 1
next
end
config network
edit 1
set prefix 10.162.0.0 255.255.254.0
next
edit 2
set prefix 10.162.2.0 255.255.254.0
next
edit 3
set prefix 10.162.4.0 255.255.254.0
next
end
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
set router-id 10.142.0.114
end
5、配置验证
名称FGT_ISP是模拟的ISP边界路由器:
FGT-AS162启用了BGP路由聚合功能
我们将用到如下4条关于路由的CLI命令: # get router info bgp summary # get router info bgp neighbors # get router info bgp network # get router info routing-table all
5.1 在FGT-AS162上验证
FGT-AS162 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 192.168.183.254, port1
B 1.1.1.1/32 [20/0] via 10.142.0.110, port2, 01:03:29
C 10.142.0.0/23 is directly connected, port2
B 10.160.0.0/23 [20/0] via 10.142.0.110, port2, 00:02:07
B 10.162.0.0/16 [20/0] is a summary, Null, 00:12:16
C 10.162.0.0/23 is directly connected, port3
C 10.162.2.0/23 is directly connected, port5
C 10.162.4.0/23 is directly connected, port6
B 192.168.0.0/16 [20/0] via 10.142.0.110, port2, 01:03:29
B 192.168.0.0/21 [20/0] via 10.142.0.205, port2, 01:03:29
B 192.168.168.0/24 [20/0] via 10.142.0.110, port2, 01:03:29
C 192.168.182.0/23 is directly connected, port1
可以看到上面路由表里面有条“null”的路由可以避免路由环路产生
FGT-AS162 # get router info bgp network
BGP table version is 9, local router ID is 10.142.0.114
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.142.0.110 0 0 1
*> 10.160.0.0/23 10.142.0.110 0 0 1 i
*> 10.162.0.0/16 0.0.0.0 32768 i <<<< 这就是将要通过BGP宣告出去的路由
s> 10.162.0.0/23 0.0.0.0 100 32768 i
s> 10.162.2.0/23 0.0.0.0 100 32768 i
s> 10.162.4.0/23 0.0.0.0 100 32768 i
*> 192.168.0.0/16 10.142.0.110 0 0 1
*> 192.168.0.0/21 10.142.0.205 0 0 1 2 i
*> 192.168.168.0 10.142.0.110 0 0 1
Total number of prefixes 9
可以看到BGP摘要路由下面有三条路由有 's' 标记,指的是摘要路由来源于这3条详细路由。
5.2 在FGT_ISP上验证
获取本地路由表: FGT_ISP (bgp) # get router info bgp network
BGP table version is 18, local router ID is 10.142.0.110
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.183.254 32768
*> 10.160.0.0/23 0.0.0.0 100 32768 i
*> 10.162.0.0/16 10.142.0.114 0 0 162 i
*> 192.168.0.0/16 192.168.183.254 32768
*> 192.168.0.0/21 10.142.0.205 0 0 2 i
*> 192.168.168.0 192.168.183.254 32768 Total number of prefixes 6 FGT_ISP (bgp) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default S 1.1.1.1/32 [10/0] via 192.168.183.254, port1
C 10.142.0.0/23 is directly connected, port6
C 10.160.0.0/23 is directly connected, port2
B 10.162.0.0/16 [20/0] via 10.142.0.114, port6, 01:04:08
这条就是BGP对端宣告过来的摘要路由
S 192.168.0.0/16 [10/0] via 192.168.183.254, port1
B 192.168.0.0/21 [20/0] via 10.142.0.205, port6, 19:30:25
S 192.168.168.0/24 [10/0] via 192.168.183.254, port1
C 192.168.182.0/23 is directly connected, port1