BGP 社区是可用于标记通告的路由的额外信息,从而使另一端的路由器或 BGP 对等体能够更好地对具有相同属性的路由进行分类/处理。
社区属性值是一个 32 位字段,它拆分为两个子字段。前两个字节对社区源自的网络的 AS 编号进行编码,最后两个字节包含 AS 分配的唯一编号。社区增强了 BGP 功能,从而将其从路由协议转变为实施信令和策略的工具。
注:
IPv6 不支持该功能。
用例
在一组 IP 地址或某个网络具有相同的要求时,BGP 社区是非常有用的。
可以通过它更好地了解网络拓扑和路由策略要求。
它使网络的可扩展性、运维和故障排除变得更容易。有关 BGP 社区的更多信息,请参见应用 BGP 社区。
工作原则
NSX Advanced Load Balancer 在 BGP 配置中支持新的 ip_community 选项。您可以使用相应的社区方便地标记从 NSX Advanced Load Balancer 服务引擎通告的虚拟 IP 地址 (Virtual IP Address, VIP) 或后端服务器 IP 地址。通过进行标记,BGP 对等体可以谨慎地处理 BGP 路由。
配置
登录到 NSX Advanced Load Balancer 控制器 命令行界面 (Command Line Interface, CLI),并按照以下步骤为向 BGP 对等体通告的所有路由配置 BGP 社区:
[admin:controller]: > configure vrfcontext global Updating an existing object. Currently, the object is: +----------------+-------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------+-------------------------------------------------+ [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> cancel Exit the current submode without saving community Community string either in aa:nn format where aa, nn is within [1,65535] or local-AS|no-advertise|no-export|internet. do Execute a show command hold_time Hold time for Peers ibgp BGP peer type ip_communities (submode) keepalive_interval Keepalive interval for Peers local_as Local Autonomous System ID new (Editor Mode) Create new object in editor mode no Remove field peers (submode) save Save and exit the current submode send_community Send community attribute to all peers. show_schema show object schema watch Watch a given show command where Display the in-progress object [admin:controller]: vrfcontext:bgp_profile> [admin:controller]: vrfcontext:bgp_profile> community internet [admin:controller]: vrfcontext:bgp_profile> community 10:10 [admin:controller]: vrfcontext:bgp_profile> community 65000:20 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +---------------------------+-----------------------------------------------------------------------+ | Field | Value | +---------------------------+-----------------------------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | keepalive_interval. | 60 | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 10:10 | | community[3] | 65000:20 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +---------------------------+-----------------------------------------------------------------------+
按照以下步骤删除其中一个已配置的社区:
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> no community 10:10 Removed community 10:10 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | send_community | True | | community[1] | internet | | community[2] | 65000:20 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
配置属于某个 IP 范围的路由器特定的 BGP 社区的步骤。
下面的示例说明了如何使用仅应用于特定 IP 范围的特定社区标记任何路由。该 IP 特定的社区覆盖 bgp_profile 中应用于所有路由的默认社区。
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> ip_communities New object being created [admin:controller]: vrfcontext:bgp_profile:ip_communities> cancel Exit the current submode without saving community Community string either in aa:nn format where aa, nn is within [1,65535] or local-AS|no-advertise|no-export|internet. do Execute a show command ip_begin Beginning of IP address range. ip_end End of IP address range. Optional if ip_begin is the only ip address in specified ip range. no Remove field save Save and exit the current submode show_schema show object schema watch Watch a given show command where Display the in-progress object [admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_begin 10.70.163.100 [admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_end 10.70.163.200 [admin:controller]: vrfcontext:bgp_profile:ip_communities> community 200:200 [admin:controller]: vrfcontext:bgp_profile:ip_communities> community 100:100 [admin:controller]: vrfcontext:bgp_profile:ip_communities> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | hold_time | 180 | | send_community | False | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
按照提到的步骤,为向 BGP 对等体通告的单个 IP 地址(例如 VIP 地址)配置 BGP 社区。在为单个 IP 地址配置社区时,ip_end 是可选的。不过,用户可以将 ip_begin 和 ip_end 配置为相同的 IP 地址,而不会出现任何问题。
[admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> ip_communities New object being created [admin:controller]: vrfcontext:bgp_profile:ip_communities> ip_begin 10.70.164.150 [admin:controller]: vrfcontext:bgp_profile:ip_communities> community 150:150 [admin:controller]: vrfcontext:bgp_profile:ip_communities> save [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +----------------------------+-------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | | | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | ip_communities[2] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
按照 CLI 命令停止使用社区属性标记 BGP 通告的路由。该命令停止使用社区属性标记路由,同时保留配置。
如果需要,用户可以稍后启用标记。
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> no send_community +--------------------------+----------------+ | Field | Value | +--------------------------+----------------+ | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | hold_time | 180 | | send_community | False | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | ip_communities[2] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | +--------------------------+----------------+ [admin:controller]: vrfcontext:bgp_profile> save
执行 NSX Advanced Load Balancer CLI 命令以删除配置的 ip_communities:
| send_community | False | | community[1] | local-AS | | community[2] | no-export | | ip_communities[1] | | | ip_begin | 10.70.163.100 | | ip_end | 10.70.163.200 | | community[1] | 200:200 | | community[2] | 100:100 | | ip_communities[2] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> no ip_communities index 1 Removed ip_communities with index 1 +--------------------------+----------------+ | Field | Value | +--------------------------+----------------+ | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | | | | hold_time | 180 | | send_community | False | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | +--------------------------+----------------+
按照以下步骤为 BGP 通告的路由启用社区属性标记:
[admin:controller]: > configure vrfcontext global [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> send_community Overwriting the previously entered value for send_community [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save s+----------------------------+------------------------------------------------+ | Field | Value | +----------------------------+-------------------------------------------------+ | uuid | vrfcontext-ded10944-53da-4542-bbf1-1cd4f300fb29 | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | peers[1] | | | remote_as | 1 | | peer_ip | 10.70.163.23 | | subnet | 10.70.163.0/24 | | md5_secret | sensitive | | bfd | True | | advertise_vip | True | | advertise_snat_ip | True | | advertisement_interval | 5 | | connect_timer | 10 | | keepalive_interval | 60 | | hold_time | 180 | | ebgp_multihop | 0 | | peers[2] | | | remote_as | 1 | | peer_ip | 10.70.164.21 | | subnet | 10.70.164.0/24 | | md5_secret | sensitive | | bfd | True | | advertise_vip | True | | advertise_snat_ip | True | | advertisement_interval | 5 | | connect_timer | 10 | | keepalive_interval | 60 | | hold_time | 180 | | ebgp_multihop | 0 | | keepalive_interval | 60 | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 65000:20 | | ip_communities[1] | | | ip_begin | 10.70.164.150 | | community[1] | 150:150 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+-------------------------------------------------+
可以使用标准社区属性标记向 BGP 对等体通告的路由。NSX Advanced Load Balancer 仅在 BGP 子模式下支持标记路由。NSX Advanced Load Balancer 不支持针对每个路由标记社区。
[admin:controller]: > configure vrfcontext global Updating an existing object. Currently, the object is: +----------------+-------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------+ | uuid | vrfcontext-3cc726d3-d94a-4eb0-9c70-f70d7e1b185e | | name | global | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------+-------------------------------------------------+ [admin:controller]: vrfcontext> bgp_profile [admin:controller]: vrfcontext:bgp_profile> cancel Exit the current submode without saving community List of community attributes. Valid values are "internet", "local-AS", "no-advertise", "no-export". Community can also be specified in : format where AS,Val are in the range [1,65535]. do Execute a show command hold_time Hold time for Peers ibgp BGP peer type keepalive_interval Keepalive interval for Peers local_as Local Autonomous System ID new (Editor Mode) Create new object in editor mode no Remove field peers (submode) save Save and exit the current submode send_community Send community attribute to all peers(True by default) show_schema show object schema watch Watch a given show command where Display the in-progress object [admin:controller]: vrfcontext:bgp_profile> community internet [admin:controller]: vrfcontext:bgp_profile> community 10:10 [admin:controller]: vrfcontext:bgp_profile> community 65000:20 [admin:controller]: vrfcontext:bgp_profile> save [admin:controller]: vrfcontext> save +---------------------------+-----------------------------------------------------------------------+ | Field | Value | +---------------------------+-----------------------------------------------------------------------+ | uuid | vrfcontext-3cc726d3-d94a-4eb0-9c70-f70d7e1b185e | | name | global | | bgp_profile | | | local_as | 65000 | | ibgp | True | | keepalive_interval. | 60 | | hold_time | 180 | | send_community | True | | community[1] | internet | | community[2] | 10:10 | | community[3] | 65000:20 | | system_default | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +---------------------------+-----------------------------------------------------------------------+ </code></pre>
