Tải bản đầy đủ - 0 (trang)
Chapter 3. Protocol Independent Properties and Routing Policy

Chapter 3. Protocol Independent Properties and Routing Policy

Tải bản đầy đủ - 0trang

generalcapabilitiesandconfigurationofPIPandpolicysothat

subsequentcasestudyexamplesarefullyunderstood.

ThePIPtopicsinclude:

Static,aggregated,andgeneratedroutes

Globalpreference

Martianroutes

Routetablesandroutinginformationbase(RIB)groups

Autonomoussystem(AS)numberandrouterID

Routingpolicytopicsinclude:

Policyoverview,importandexportpolicy

Policycomponents(terms,matchconditions,actions,policy

chains)

Routefilters

Advancedpolicyconcepts



3.1.ProtocolIndependentProperties

PIPsareusedforavarietyoffunctions,suchasstaticand

aggregateroutes,protocolpreferences,routetables,routerID,

andsoforth.TherangeofPIPsisconfiguredatthe[edit

routing-options]hierarchy.



3.1.1.Static,Aggregate,andGeneratedRoutes

Althoughtheuseofstaticroutingissometimesconsideredbad

form,especiallyduringarouting-protocol-basedpractical

examination,therearemanypracticalapplicationsforstatic

routes,alongwiththeiraggregate/generatedcounterparts.

Staticroutingsuffersfromagenerallackofdynamism(though



BidirectionalForwardingDetection[BFD]canmitigatethis

issue),whichoftenleadstolossofconnectivityduringnetwork

outagesduetotheinabilitytoreroute.Staticroutescanquickly

becomemaintenanceandadministrationburdensfornetworks

thathavefrequentadds,moves,orchanges.Withthatsaid,

staticroutingisoftenusedatthenetworkedgetosupport

attachmenttostubnetworks,which,giventheirsinglepointof

entry/egress,arewellsuitedtothesimplicityofastaticroute.

Staticroutesareoftenusedtopromotestabilitythrough

advertisementintoaroutingprotocol,suchasBGP,wherea

singleroutethatisalwaysupisusedtorepresentthe

connectivityofnumerous,morespecificroutes,which

individuallymaycomeandgo(flap)duetoinstabilityinthe

attachednetwork'sinfrastructure.Bysuppressingthespecifics

infavorofasinglestaticroute,theworldisshieldedfromthe

day-to-dayflappingwhileoverallconnectivityispreserved.

Static,aggregate,andgeneratedroutesaresimilarinthatall

aredefinedstatically,andallcanhavemasklengthsthat

representsuper-nets(aggregatednetworkprefixes),orsubnets

(extendingthenetworkIDintothehostfieldofaclassful

addresstogainmorenetworks,eachwithfewerhosts).As

such,thereisoftenconfusionaboutthedifferences,andwhyall

threetypesofstaticroutingareneeded.Table3-1summarizes

howtheseroutetypesdiffer.

Table3-1.Static,aggregate,andgeneratedroute

comparison

Route

type



Nexthoptype



Comment



Static



Discard,reject,

IP/interfacenext

hop,labelswitchedpath

(LSP)nexthop



Globalpreferenceof5;canbe

usedforforwarding.Supports

qualifiedandindirectnext

hops.Activatedbyvalidnext

hop.



Aggregate Reject(default),



Globalpreferenceof130;not



discard



Generated Preferred

contributer

(default)or

discard



usedforforwarding,activated

bycontributingroute.Default

rejectformatchingtraffic.

Defaultforwardingnexthop

basedonpreferedcontributer.



3.1.1.1.Nexthoptypes

Staticandaggregateroutessupportvariousnexthoptypes,

someofwhichprovideforwardingandotherswhichdonot.

Understandingthedifferencesbetweenonenexthoptypeand

anotheriscriticaltoachievingdesiredgoals.Herearethe

specificsforeachtypeofnexthop:



Discard

Adiscardnexthopresultsinthesilentdiscardofmatching

traffic.SilentherereferstothefactthatnoInternetControl

MessageProtocol(ICMP)errormessageisgeneratedback

tothesourceofthepacket.Younormallychooseadiscard

nexthopwhenthegoalistoadvertiseasingleaggregate

thatrepresentsagroupofprefixes,withtheexpectation

thatanytrafficattractedbytheaggregateroutewill

longest-matchagainstoneofthemorespecificroutes,and

thereforebeforwardedaccordingtotherelatednexthop

ratherthantherejectordiscardnexthopoftheaggregate

routeitself.

Theuseofdiscardisbestcurrentpracticewhenadvertising

anaggregatebecausethegenerationofICMPerror

messagescanconsumesystemresourcesandmayendup

bombardinganinnocentthirdparty,asinthecaseof

spoofedsourceaddressingaspartofadistributeddenialof

service(DDoS)attack.



Reject

ArejectnexthopresultsinthegenerationofanICMPerror

messagereportinganunreachabledestinationformatching

traffic.Thisisthedefaultnexthoptypeofanaggregated

routeandforageneratedroutewhenithasnocontributors.



Forwarding

Aforwardingnexthopisusedtomovetraffictoa

downstreamnode,anditistypicallyspecifiedastheIP

addressofadirectlyconnecteddevice.Matchingtrafficis

thenforwardedtothespecifiednexthop.Onamultiaccess

networksuchasaLAN,thisinvolvestheresolutionoftheIP

addresstoalinklayeraddressthroughtheAddress

ResolutionProtocol(ARP)orsomeformofstaticmapping.

Whendirectingtrafficoverapoint-to-pointinterface,the

nexthopcanbespecifiedasaninterfacename;however,

LANinterfacetypesrequireanIPaddressnexthopdueto

theirmultipointnature.



3.1.1.1.1.Forwardingnexthopqualifiers

Whendefiningastaticroutewithaforwardingnexthop,you

canusequalifiersthatinfluencehowthenexthopisresolved

andhandled.Specifically:



resolve

Theresolvekeywordallowsyoutodefineanindirectnext

hopforastaticroute,whichistosayanIPforwarding

addressthatdoesnotresolvetoadirectlyconnected

interfaceroute.Forexample,youcouldspecifyastatic

routethatpointstoadownstreamneighbor'sloopback



address.Inthiscase,matchingtrafficwillresultina

recursivelookupagainstthespecified(lo0)nexthopto

selectadirectlyconnectedforwardingnexthop.Ifaparallel

connectionexists,thefailureofthecurrentlyusedlink

resultsinanewrecursivelookupandselectionofthe

remaininglinkforpacketforwarding.



qualified-next-hop

Thequalified-next-hopkeywordallowsyoutodefinea

singlestaticroutewithalistofnexthopsthatare

individuallyqualifiedwithapreference.Inoperation,the

mostpreferredqualifiednexthopthatisoperational—that

is,thenexthopcanberesolvedandtheinterfacethatis

operationalisused.Whenthatnexthopisnolongerusable,

thenext-best-qualifiednexthopisselected.Thatistosay,

whentheprimarylinkisdown,therouterselectsthenext

preferrednexthop,whichmaypointtoalow-speedbackup

facility.



3.1.1.2.Staticversusaggregateroutes

Simplyrealizingthatanaggregate/generatedroutesupportsa

subsetofthenexthopoptionssupportedbyasimplestatic

routedoesnotreallyexplaintherealoperationalmode

differencesbetweentheseroutetypes.Astaticrouteisactive

wheneverithasaviablenexthop.Thisnexthopcantakethe

formofdiscard/reject,whicheffectivelynailstherouteup.



3.1.1.2.1.Aggregatesneedcontributingroutes

Incontrast,bothaggregateandgeneratedroutesrequireat

leastonecontributingroutetobecomeactive.Acontributing

routeissimplyamorespecificroutethatislearnedthrough

someothermechanism,suchasstaticdefinitionordynamic

learningthroughaprotocolsuchasOpenShortestPathFirst

(OSPF).Arouteismorespecific,andisthereforeableto



contributetoanaggregateroute(whenithasamasklength

longerthantheassociatedaggregate)whilesharingthesame

prefixastheaggregate(asindicatedbytheaggregateroute's

masklength).Forexample,theaggregateroute10.1/16canbe

activatedbyroute10.1.1/24becauseithasalonger(more

specific)maskandsharesthesame16high-orderprefixbitsas

theaggregateroute.Incontrast,theroute10.2.2/24doesnot

contributetoa10.1/16aggregateasitdoesnotsharethesame

aggregateprefix.

Youcanuseroutingpolicytofilterthesetofroutesthatare

allowedtocontributetoanaggregate,whichhelpsyoucontrol

whenthecorrespondingaggregatebecomesactive.Because

onlyactiveroutesaresubjecttoroutingpolicy,thisinturncan

influencewhenagivenaggregateisadvertisedinarouting

protocol.Forexample,youcanfilterallothercontributessoas

toadvertiseanaggregatefor10.1/16intoBGPbasedstrictlyon

theabsenceorpresenceofa10.1.1.0/30route.Bydefault,the

preferredorprimarycontributingrouteisselectedfromthepool

ofviablecandidatesbasedonglobalpreference.Tobreak

preferenceties,thenumericallysmallestcontributingrouteis

preferred.

Agivenroutecancontributeonlytoasingleaggregateroute.

However,anactiveaggregateroutecanrecursivelycontribute

toalessspecificmatchingaggregateroute.Forexample,an

aggregateroutetothedestination10.1.0.0/16cancontribute

toanaggregaterouteto10.0.0.0/8.



3.1.1.3.Aggregateversusgeneratedroutes

Peopleoftengetconfusedaboutaggregateandgenerated

routes—becausebothrequirecontributorstobecomeactiveand

bothareassignedthesameroutingpreferenceof130.Thekey

differencebetweenthetwotypesofroutesisthatanaggregate

routeisneverusedforforwarding.Althoughitmayattract

plentyoftraffic,thenexthopofanaggregaterouteiseithera

discardorareject—noifs,ands,orbuts.Incontrast,a



generatedrouteinstallsthenexthopassociatedwiththe

preferredcontributor,andthereforecanbeusedtoforward

matchingtraffic.Forthisreason,ageneratedrouteis

sometimescalledarouteoflastresort.Thisisbecauseinthe

generalcase,traffictypicallymatchesamorespecificrouteand

isroutedappropriately,justasinthecaseofanaggregate

route—whenthemostspecific(longest)matchisagainstthe

generatedrouteitself,itisforwardedtoagatewayoflast

resort,asidentifiedbythenexthopassociatedwiththe

currentlypreferredcontributorroute.

Theseoperationaldifferencesareshownviathecommand-line

interface(CLI)atCiderusinga10.10/16aggregateversusa

10.10/16generatedroute:

[editrouting-options]

lab@Cider#showaggregate

route10.10.0.0/16;

[editrouting-options]

lab@Cider#runshowrouteprotocolaggregatedetail



inet.0:10destinations,10routes(10active,0holddown,0hi

10.10.0.0/16(1entry,1announced)

*AggregatePreference:130

Nexthoptype:Reject

Next-hopreferencecount:2

State:

Age:1:50

Task:Aggregate

Announcementbits(1):0-KRT

ASpath:I(LocalAgg)

Flags:Depth:0Active

ASpathlist:

ASpath:IRefcount:2

ContributingRoutes(2):

10.10.11.0/24protoDirect

10.10.12.1/32protoDirect



A10.10/16aggregateisactivatedbythepresenceofdirectly

connectedroutesthatcontributetotheaggregate.Directroutes

formultiaccessnetworkscannotcontributetoanaggregate

becauseaforwardingnexthopcannotbederivedfromthe

merepresenceofthelocalinterface,asispossibleinthecase

ofapoint-to-pointlink,wheretheinterfaceitselfcanbe

specifiedasanexthop.

Toreiterate,ageneratedrouteremainshiddenwhenonlydirect

multiaccessroutesarepresenttocontribute:

[editrouting-options]

lab@Cider#showgenerate

route10.10.0.0/16;

[editrouting-options]

lab@Cider#runshowrouteprotocolaggregatedetailhidden



inet.0:10destinations,10routes(9active,0holddown,1hid

10.10.0.0/16(1entry,0announced)

Aggregate

Nexthoptype:Reject

Next-hopreferencecount:1

State:

Age:3:10

Task:Aggregate

ASpath:I

Flags:GenerateDepth:0Ina



Thisisbecausethenexthopforageneratedrouteisbasedon

theforwardingnexthopofthepreferredcontributor,andfora

multiaccesstypeofnetwork,thisrequiresastaticorlearned

routethatidentifiesanexthopononeofthedirectinterface

routes.Inthisexample,astaticroutewithaforwardingnext

hoppointingoutCider'sfe-0/0/1.100interfacetowardBockis



usedtoactivatethegeneratedroute:

CodeView:

[editrouting-options]

lab@Cider#setstaticroute10.10.1/24next-hop10.10.11.1

[editrouting-options]

lab@Cider#commit

commitcomplete

[editrouting-options]

lab@Cider#runshowroute10.10.1/24detail



inet.0:11destinations,11routes(11active,0holddown,0hi

10.10.1.0/24(1entry,1announced)

*StaticPreference:5

Next-hopreferencecount:5

Nexthop:10.10.11.1viafe-0/0/1.100,selected

State:

Age:17

Task:RT

Announcementbits(2):0-KRT1-Aggregate

ASpath:I

[editrouting-options]

lab@Cider#runshowrouteprotocolaggregatedetail



inet.0:11destinations,11routes(11active,0holddown,0hi

10.10.0.0/16(1entry,1announced)

*AggregatePreference:130

Next-hopreferencecount:5

Nexthop:10.10.11.1viafe-0/0/1.100,selected

State:

Age:11:34

Task:Aggregate

Announcementbits(1):0-KRT

ASpath:I



Flags:GenerateDepth:0A

ContributingRoutes(1):

10.10.1.0/24protoStatic

























Notethatboththe10.10.1.0/24staticrouteandtheresultant

generatedroutesharethesameforwardingnexthop.Asthe

onlyviablecontributingroute,the10.10.1.0/24routeisthe

preferredcontributorinthisexample.



3.1.1.4.Routeattributesandflags

Whenyoudefineastaticroute,youcanincludevariousroute

attributessuchasASpath,BGPcommunity,routetag,metric,

andsoforth.Theseattributesmayormaynotcomeintoplay

laterwhentherouteisredistributedintoaspecificrouting

protocol.Forexample,OSPFhasnonotionofaBGPcommunity

orASpath,andthereforetheseattributesarenotinjectedinto

OSPFdespitebeingattachedtotheroute.Therouteattributes

canbedefinedindividuallyforeachrouteoraspartofadefault

templatethatisinheritedbyallrelatedroutes,unless

specificallyoverwrittenbyacompetingattribute.

Youcanalsoattachflagstoastaticroutethatcontrolsvarious

aspectsofhowtherouteishandledoroperates.Forexample,

theno-advertiseflagpreventstheassociatedroutefrombeing

exportedintoroutingprotocols,evenwhenthepolicy

configurationotherwiseselectsthatrouteforredistribution.You

candisplaythelistofavailablerouteattributesandflagswith

theCLI's?feature:

CodeView:



lab@Cider#setstaticroute10/8?

Possiblecompletions:

activeRemoveinactiveroutefromforwardingta



+apply-groupsGroupsfromwhichtoinheritconfigurati

+apply-groups-exceptDon'tinheritconfigurationdatafromth

>as-pathAutonomoussystempath

>bfd-liveness-detectionBidirectionalForwardingDetection(B

>colorColor(preference)value

>color2Color(preference)value2

+communityBGPcommunityidentifier

discardDroppacketstodestination;sendnoICM

installInstallrouteintoforwardingtable

>lsp-next-hopLSPnexthop

>metricMetricvalue

>metric2Metricvalue2

>metric3Metricvalue3

>metric4Metricvalue4

+next-hopNexthoptodestination

next-tableNexthoptoanothertable

no-installDon'tinstallrouteintoforwardingtabl

no-readvertiseDon'tmarkrouteaseligibletobereadv

no-resolveDon'tallowresolutionofindirectlycon

no-retainDon'talwayskeeprouteinforwardingta

passiveRetaininactiverouteinforwardingtabl

>preferencePreferencevalue

>preference2Preferencevalue2

>qualified-next-hopNexthopwithqualifiers

readvertiseMarkrouteaseligibletobereadvertise

receiveInstallareceiverouteforthedestinat

rejectDroppacketstodestination;sendICMPu

resolveAllowresolutionofindirectlyconnected

retainAlwayskeeprouteinforwardingtable

>tagTagstring

>tag2Tagstring2

























ThereaderisencouragedtoconsultJUNOSsoftware

documentationat

http://www.juniper.net/techpubs/software/junos/junos81/swconfig81-



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 3. Protocol Independent Properties and Routing Policy

Tải bản đầy đủ ngay(0 tr)

×