BGP4+简介

以下情况不需要使用BGP4+协议：

• 用户只与一个ISP相连。

• ISP不需要向用户提供Internet路由。

• AS间使用了缺省路由进行连接。

BGP4+原理描述

传统的BGP4只能管理IPv4的路由信息，对于使用其他网络层协议（如IPv6等）的应用，在跨自治系统传播路由信息时就无能为力。

为了实现对IPv6协议的支持，BGP4需要将IPv6协议的信息反映到NLRI（Network Layer Reachable Information）属性及Next_Hop属性中。

BGP4+中引入的两个NLRI属性分别是：

• MP_REACH_NLRI：Multiprotocol Reachable NLRI，多协议可达NLRI。用于发布可达路由及下一跳信息。

• MP_UNREACH_NLRI：Multiprotocol Unreachable NLRI，多协议不可达NLRI。用于撤销不可达路由。

BGP4+中的Next_Hop属性用IPv6地址来表示，可以是IPv6全球单播地址或者下一跳的链路本地地址。

BGP4+是利用BGP的多协议扩展属性，来达到在IPv6网络中应用的目的，BGP协议原有的消息机制和路由机制并没有改变。

举例：配置BGP4+基本功能

组网需求

如图2所示，有AS 65008和AS 65009，其中DeviceA属于AS 65008，DeviceB、DeviceC和DeviceD属于AS 65009，要求使用BGP4+协议来交换AS之间的路由信息。

本例中interface1，interface2和interface3分别代表10GE0/0/1，10GE0/0/2和10GE0/0/3。

为完成此配置例，需准备如下的数据：

• DeviceA、DeviceB、DeviceC和DeviceD的Router ID。

• DeviceA、DeviceB、DeviceC和DeviceD所在的AS号。

配置思路

采用如下的思路配置BGP4+的基本功能：

1. 在DeviceB、DeviceC、DeviceD之间配置IBGP连接。

2. 在DeviceA和DeviceB之间配置EBGP连接。

操作步骤

1. 配置各接口的IPv6地址（略）
2. 配置DeivceA的接口加入安全区域，并开启安全策略。其他设备的安全区域和安全策略配置请参考DeviceA进行配置。

   # 配置接口加入安全区域。

   [DeviceA] firewall zone trust
   [DeviceA-zone-trust] add interface 10ge 0/0/1
   [DeviceA-zone-trust] quit
   [DeviceA] firewall zone untrust
   [DeviceA-zone-untrust] add interface 10ge 0/0/2
   [DeviceA-zone-untrust] quit

   #配置local与接口所在安全区域之间的双向安全策略用于设备之间路由学习。

   [DeviceA] security-policy
   [DeviceA-policy-security] rule name policy_sec_1  
   [DeviceA-policy-security-rule-policy_sec_1] source-zone local
   [DeviceA-policy-security-rule-policy_sec_1] destination-zone trust untrust
   [DeviceA-policy-security-rule-policy_sec_1] service bgp
   [DeviceA-policy-security-rule-policy_sec_1] action permit
   [DeviceA-policy-security-rule-policy_sec_1] quit
   [DeviceA-policy-security] rule name policy_sec_2  
   [DeviceA-policy-security-rule-policy_sec_2] source-zone trust untrust
   [DeviceA-policy-security-rule-policy_sec_2] destination-zone local
   [DeviceA-policy-security-rule-policy_sec_2] service bgp
   [DeviceA-policy-security-rule-policy_sec_2] action permit
   [DeviceA-policy-security-rule-policy_sec_2] quit
   [DeviceA-policy-security] quit

3. 配置IBGP

   # 配置DeviceB。

   [DeviceB] bgp 65009
   [DeviceB-bgp] router-id 2.2.2.2
   [DeviceB-bgp] peer 2001:db8:9:1::2 as-number 65009
   [DeviceB-bgp] peer 2001:db8:9:3::2 as-number 65009
   [DeviceB-bgp] ipv6-family unicast
   [DeviceB-bgp-af-ipv6] peer 2001:db8:9:1::2 enable
   [DeviceB-bgp-af-ipv6] peer 2001:db8:9:3::2 enable
   [DeviceB-bgp-af-ipv6] network 2001:db8:9:1:: 64
   [DeviceB-bgp-af-ipv6] network 2001:db8:9:3:: 64
   [DeviceB-bgp-af-ipv6] quit
   [DeviceB-bgp] quit

   # 配置DeviceC。

   [DeviceC] bgp 65009
   [DeviceC-bgp] router-id 3.3.3.3
   [DeviceC-bgp] peer 2001:db8:9:3::1 as-number 65009
   [DeviceC-bgp] peer 2001:db8:9:2::2 as-number 65009
   [DeviceC-bgp] ipv6-family unicast
   [DeviceC-bgp-af-ipv6] peer 2001:db8:9:3::1 enable
   [DeviceC-bgp-af-ipv6] peer 2001:db8:9:2::2 enable
   [DeviceC-bgp-af-ipv6] network 2001:db8:9:3:: 64
   [DeviceC-bgp-af-ipv6] network 2001:db8:9:2:: 64
   [DeviceC-bgp-af-ipv6] quit
   [DeviceC-bgp] quit

   # 配置DeviceD。

   [DeviceD] bgp 65009
   [DeviceD-bgp] router-id 4.4.4.4
   [DeviceD-bgp] peer 2001:db8:9:1::1 as-number 65009
   [DeviceD-bgp] peer 2001:db8:9:2::1 as-number 65009
   [DeviceD-bgp] ipv6-family unicast
   [DeviceD-bgp-af-ipv6] peer 2001:db8:9:1::1 enable
   [DeviceD-bgp-af-ipv6] peer 2001:db8:9:2::1 enable
   [DeviceD-bgp-af-ipv6] network 2001:db8:9:2:: 64
   [DeviceD-bgp-af-ipv6] network 2001:db8:9:1:: 64
   [DeviceD-bgp-af-ipv6] quit
   [DeviceD-bgp] quit

4. 配置EBGP

   # 配置DeviceA。

   [DeviceA] bgp 65008
   [DeviceA-bgp] router-id 1.1.1.1
   [DeviceA-bgp] peer 2001:db8:10::1 as-number 65009
   [DeviceA-bgp] ipv6-family unicast
   [DeviceA-bgp-af-ipv6] peer 2001:db8:10::1 enable
   [DeviceA-bgp-af-ipv6] network 2001:db8:10:: 64
   [DeviceA-bgp-af-ipv6] network 2001:db8:8:: 64
   [DeviceA-bgp-af-ipv6] quit
   [DeviceA-bgp] quit

   # 配置DeviceB。

   [DeviceB] bgp 65009
   [DeviceB-bgp] peer 2001:db8:10::2 as-number 65008
   [DeviceB-bgp] ipv6-family unicast
   [DeviceB-bgp-af-ipv6] peer 2001:db8:10::2 enable
   [DeviceB-bgp-af-ipv6] network 2001:db8:10:: 64
   [DeviceB-bgp-af-ipv6] quit
   [DeviceB-bgp] quit

检查配置结果

# 查看BGP4+对等体的连接状态。

[DeviceB] display bgp ipv6 peerBGP local router ID : 2.2.2.2Local AS number : 65009Total number of peers : 3                 Peers in established state : 3Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv2001:DB8:9:1::2 4 65009        8        9     0 00:05:37 Established       22001:DB8:9:3::2 4 65009        2        2     0 00:00:09 Established       22001:DB8:10::2  4 65008        9        7     0 00:05:38 Established       2

可以看出，DeviceB到其他设备的BGP4+连接均已建立。

# 显示DeviceA的路由表。

[DeviceA] display bgp ipv6 routing-tableBGP Local router ID is 1.1.1.1Status codes: * - valid, > - best, d - damped, x - best external, a - add path,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteRPKI validation codes: V - valid, I - invalid, N - not-foundTotal Number of Routes: 6*>  Network  : 2001:DB8:8::                             PrefixLen : 64NextHop  : ::                                       LocPrf    :MED      : 0                                        PrefVal   : 0Label    :Path/Ogn : i*>  Network  : 2001:DB8:9:1::                           PrefixLen : 64NextHop  : 2001:DB8:10::1                           LocPrf    :MED      : 0                                        PrefVal   : 0Label    :Path/Ogn : 65009 i*>  Network  : 2001:DB8:9:2::                           PrefixLen : 64NextHop  : 2001:DB8:10::1                           LocPrf    :MED      :                                          PrefVal   : 0Label    :Path/Ogn : 65009 i*>  Network  : 2001:DB8:9:3::                           PrefixLen : 64NextHop  : 2001:DB8:10::1                           LocPrf    :MED      : 0                                        PrefVal   : 0Label    :Path/Ogn : 65009 i*>  Network  : 2001:DB8:10::                            PrefixLen : 64NextHop  : ::                                       LocPrf    :MED      : 0                                        PrefVal   : 0Label    :Path/Ogn : i*NextHop  : 2001:DB8:10::1                           LocPrf    :MED      : 0                                        PrefVal   : 0Label    :Path/Ogn : 65009 i                                  

从路由表可以看出，DeviceA学到了AS 65009中的路由。AS 65008和AS 65009可以相互交换路由信息。

配置脚本

• DeviceA的配置文件

  #
  sysname DeviceA
  #
  interface 10GE0/0/1ipv6 enableipv6 address 2001:DB8:8::1/64
  #
  interface 10GE0/0/2ipv6 enableipv6 address 2001:DB8:10::2/64
  #
  firewall zone trustadd interface 10GE0/0/1
  firewall zone untrustadd interface 10GE0/0/2
  #
  security-policyrule name policy_sec_1source-zone localdestination-zone trustdestination-zone untrustservice bgpaction permitrule name policy_sec_2source-zone trustsource-zone untrustdestination-zone localservice bgpaction permit
  #
  bgp 65008router-id 1.1.1.1peer 2001:DB8:10::1 as-number 65009#ipv4-family unicast#ipv6-family unicastnetwork 2001:DB8:8:: 64network 2001:DB8:10:: 64peer 2001:DB8:10::1 enable
  #
  return

• DeviceB的配置文件

  #
  sysname DeviceB
  #
  interface 10GE0/0/1ipv6 enableipv6 address 2001:DB8:9:1::1/64
  #
  interface 10GE0/0/2ipv6 enableipv6 address 2001:DB8:10::1/64
  #
  interface 10GE0/0/3ipv6 enableipv6 address 2001:DB8:9:3::1/64
  #
  firewall zone trustadd interface 10GE0/0/1add interface 10GE0/0/3
  firewall zone untrustadd interface 10GE0/0/2
  #
  security-policyrule name policy_sec_1source-zone localdestination-zone trustdestination-zone untrustservice ospf bgpaction permitrule name policy_sec_2source-zone trustsource-zone untrustdestination-zone localservice ospf bgp action permit
  #
  bgp 65009router-id 2.2.2.2peer 2001:DB8:9:1::2 as-number 65009peer 2001:DB8:9:3::2 as-number 65009peer 2001:DB8:10::2 as-number 65008#ipv4-family unicast#ipv6-family unicastnetwork 2001:DB8:9:1:: 64network 2001:DB8:9:3:: 64network 2001:DB8:10:: 64peer 2001:DB8:9:1::2 enablepeer 2001:DB8:9:3::2 enablepeer 2001:DB8:10::2 enable
  #
  return

• DeviceC的配置文件

  #
  sysname DeviceC
  #
  interface 10GE0/0/2ipv6 enableipv6 address 2001:DB8:9:2::1/64
  #
  interface 10GE0/0/3ipv6 enableipv6 address 2001:DB8:9:3::2/64
  #
  firewall zone trustadd interface 10GE0/0/3add interface 10GE0/0/2
  #
  security-policyrule name policy_sec_1source-zone localdestination-zone trustservice ospf bgp action permitrule name policy_sec_2source-zone trustdestination-zone localservice ospf bgp action permit
  #
  bgp 65009router-id 3.3.3.3peer 2001:DB8:9:2::2 as-number 65009peer 2001:DB8:9:3::1 as-number 65009#ipv4-family unicast#ipv6-family unicastnetwork 2001:DB8:9:2:: 64network 2001:DB8:9:3:: 64peer 2001:DB8:9:2::2 enablepeer 2001:DB8:9:3::1 enable
  #
  return

• DeviceD的配置文件

  #
  sysname DeviceD
  #
  interface 10GE0/0/1ipv6 enableipv6 address 2001:DB8:9:1::2/64
  #
  interface 10GE0/0/2ipv6 enableipv6 address 2001:DB8:9:2::2/64
  #
  firewall zone trustadd interface 10GE0/0/1add interface 10GE0/0/2
  #
  security-policyrule name policy_sec_1source-zone localdestination-zone trustservice ospf bgp action permitrule name policy_sec_1source-zone trustdestination-zone localservice ospf bgp action permit
  #
  bgp 65009router-id 4.4.4.4peer 2001:DB8:9:1::1 as-number 65009peer 2001:DB8:9:2::1 as-number 65009#ipv4-family unicast#ipv6-family unicastnetwork 2001:DB8:9:1:: 64network 2001:DB8:9:2:: 64peer 2001:DB8:9:1::1 enablepeer 2001:DB8:9:2::1 enable
  #
  return