目录
1.AS2基于172.16.0.0/16划分IP,AS间骨干链路IP地址随意定制
题目
实验要求
1.AS2基于172.16.0.0/16划分IP,AS间骨干链路IP地址随意定制
2.AS2内部使用OSPF协议互联
3.给整个网络配置BGP协议,使所有环回互相访问
4.减少路由条目
5.AS1和AS3做GRE隧道
配置步骤
1.AS2基于172.16.0.0/16划分IP,AS间骨干链路IP地址随意定制
环回建邻网段
R2:2.2.2.2 /32
R3:3.3.3.3 /32
R4:4.4.4.4 /32
R5:5.5.5.5 /32
R6:6.6.6.6 /32
R7:7.7.7.7 /32
172.16.0.0 /16借一位化为:
骨干链路网段 172.16.0.0/17
再借到24位:
R2-R3:172.16.0.0 /24
R3-R4:172.16.1.0 /24
R4-R7:172.16.2.0 /24
R2-R5:172.16.3.0 /24
R5-R6:172.16.4.0 /24
R6-R7:172.16.5.0 /24
环回业务网段 172.16.128.0/17
再借到24位:
R2:172.16.128.0 /24
R3:172.16.129.0 /24
R4:172.16.130.0 /24
R5:172.16.131.0 /24
R6:172.16.132.0 /24
R7:172.16.133.0 /24
R1
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 192.168.1.1 24
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 12.0.0.1 24
[R1]interface LoopBack 1
[R1-LoopBack1]ip address 1.1.1.1 32
R2
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 32
[R2]interface LoopBack 1
[R2-LoopBack1]ip address 172.16.128.1 24
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.0.0.2 24
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 172.16.0.1 24
[R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]ip address 172.16.3.1 24
R3
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 3.3.3.3 32
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.0.2 24
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip address 172.16.1.1 24
[R3]interface LoopBack 1
[R3-LoopBack1]ip address 172.16.129.1 24
R4
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 4.4.4.4 32
[R4]interface LoopBack 1
[R4-LoopBack1]ip address 172.16.130.1 24
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ip address 172.16.1.2 24
[R4]interface GigabitEthernet 0/0/1
[R4-GigabitEthernet0/0/1]ip address 172.16.2.1 24
R5
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 32
[R5]interface LoopBack 1
[R5-LoopBack1]ip address 172.16.131.1 24
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip address 172.16.3.2 24
[R5]interface GigabitEthernet 0/0/1
[R5-GigabitEthernet0/0/1]ip address 172.16.4.1 24
R6
[R6]interface LoopBack 0
[R6-LoopBack0]ip address 6.6.6.6 32
[R6]interface LoopBack 1
[R6-LoopBack1]ip address 172.16.132.1 24
[R6]interface GigabitEthernet 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.4.2 24
[R6]interface GigabitEthernet 0/0/1
[R6-GigabitEthernet0/0/1]ip address 172.16.5.1 24
R7
[R7]interface LoopBack 0
[R7-LoopBack0]ip address 7.7.7.7 32
[R7]interface LoopBack 1
[R7-LoopBack1]ip address 172.16.133.1 24
[R7]interface GigabitEthernet 0/0/0
[R7-GigabitEthernet0/0/0]ip address 172.16.5.2 24
[R7]interface GigabitEthernet 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.2.2 24
[R7]interface GigabitEthernet 0/0/2
[R7-GigabitEthernet0/0/2]ip address 23.0.0.1 24
R8
[R8]interface LoopBack 0
[R8-LoopBack0]ip address 192.168.2.1 24
[R8]interface GigabitEthernet 0/0/0
[R8-GigabitEthernet0/0/0]ip address 23.0.0.2 24
[R8]interface LoopBack 1
[R8-LoopBack1]ip address 8.8.8.8 32
2.AS2内部使用OSPF协议互联
R2
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 172.16.128.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 172.16.3.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
R3
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.129.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.0.2 0.0.0.0
R4
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 172.16.130.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 172.16.1.2 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
R5
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 172.16.131.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 172.16.3.2 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[R6-ospf-1-area-0.0.0.0]network 172.16.132.0 0.0.0.255
[R6-ospf-1-area-0.0.0.0]network 172.16.4.2 0.0.0.0
[R6-ospf-1-area-0.0.0.0]network 172.16.5.1 0.0.0.0
R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 7.7.7.7 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.5.2 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.133.0 0.0.0.255
[R7-ospf-1-area-0.0.0.0]network 172.16.2.2 0.0.0.0
3.给整个网络配置BGP协议,使所有环回互相访问
R1
[R1]bgp 1
[R1-bgp]router-id 1.1.1.1
[R1-bgp]peer 12.0.0.2 as-number 2
R2
先进入内部的联邦AS
[R2]bgp 64512
[R2-bgp]router-id 2.2.2.2
指定外部的AS号
[R2-bgp]confederation id 2
指定联邦AS的邻居
[R2-bgp]confederation peer-as 64513
[R2-bgp]peer 12.0.0.1 as-number 1
[R2-bgp]peer 3.3.3.3 as-number 64512
修改源地址
[R2-bgp]peer 3.3.3.3 connect-interface LoopBack 0
修改下一跳地址为本地
[R2-bgp]peer 3.3.3.3 next-hop-local
[R2-bgp]peer 5.5.5.5 as-number 64513
[R2-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[R2-bgp]peer 5.5.5.5 next-hop-local
修改EBGP之间的TTL值,默认为最大值
[R2-bgp]peer 5.5.5.5 ebgp-max-hop
R3
[R3]bgp 64512
[R3-bgp]router-id 3.3.3.3
[R3-bgp]confederation id 2
[R3-bgp]peer 2.2.2.2 as-number 64512
[R3-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R3-bgp]peer 2.2.2.2 next-hop-local
[R3-bgp]peer 4.4.4.4 as-number 64512
[R3-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R3-bgp]peer 4.4.4.4 next-hop-local
R4
[R4]bgp 64512
[R4-bgp]router-id 4.4.4.4
[R4-bgp]confederation id 2
[R4-bgp]confederation peer-as 64513
[R4-bgp]peer 3.3.3.3 as-number 64512
[R4-bgp]peer 3.3.3.3 next-hop-local
[R4-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[R4-bgp]peer 7.7.7.7 as-number 64513
[R4-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R4-bgp]peer 7.7.7.7 next-hop-local
[R4-bgp]peer 7.7.7.7 ebgp-max-hop
R5
[R5]bgp 64513
[R5-bgp]router-id 5.5.5.5
[R5-bgp]confederation id 2
[R5-bgp]confederation peer-as 64512
[R5-bgp]peer 2.2.2.2 as-number 64512
[R5-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[R5-bgp]peer 2.2.2.2 ebgp-max-hop
[R5-bgp]peer 2.2.2.2 next-hop-local
[R5-bgp]peer 6.6.6.6 as-number 64513
[R5-bgp]peer 6.6.6.6 connect-interface LoopBack 0
[R5-bgp]peer 6.6.6.6 next-hop-local
R6
[R6]bgp 64513
[R6-bgp]router-id 6.6.6.6
[R6-bgp]confederation id 2
[R6-bgp]peer 5.5.5.5 as-number 64513
[R6-bgp]peer 5.5.5.5 connect-interface LoopBack 0
[R6-bgp]peer 5.5.5.5 next-hop-local
[R6-bgp]peer 7.7.7.7 as-number 64513
[R6-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[R6-bgp]peer 7.7.7.7 next-hop-local
R7
[R7]bgp 64513
[R7-bgp]router-id 7.7.7.7
[R7-bgp]confederation id 2
[R7-bgp]confederation peer-as 64512
[R7-bgp]peer 4.4.4.4 as-number 64512
[R7-bgp]peer 4.4.4.4 ebgp-max-hop
[R7-bgp]peer 4.4.4.4 next-hop-local
[R7-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[R7-bgp]peer 6.6.6.6 as-number 64513
[R7-bgp]peer 6.6.6.6 connect-interface LoopBack 0
[R7-bgp]peer 6.6.6.6 next-hop-local
[R7-bgp]peer 23.0.0.2 as-number 3
[R7-bgp]peer 23.0.0.2 next-hop-local
R8
[R8]bgp 3
[R8-bgp]router-id 8.8.8.8
[R8-bgp]peer 23.0.0.1 as-number 2
R2的BGP邻居表
R1、R8宣告环回测试下效果
[R1-bgp]network 1.1.1.1 32
[R8-bgp]network 8.8.8.8 32
可以发现,隔的太远就会学习不到,原因就是BGP的asbyas机制,IBGP不会把从IBGP学到的信息传给其他IBGP,所以需要再R3和R6处做一个反射器。因为反射是双向的,只配一端即可
[R3]bgp 64512
[R3-bgp]peer 2.2.2.2 reflect-client
[R6]bgp 64513
[R6-bgp]peer 7.7.7.7 reflect-client
现在R2、R7都能学到R8、R1的环回了
4.减少路由条目
现在R2-R7上宣告自己的业务环回IP网段
[R2]bgp 64512
[R2-bgp]network 172.16.128.0 24
汇总前的路由条目
在R2和R7中配置BGP的手工汇总,由于没有要求所以直接抑制所有明细路由
[R2]bgp 64512
[R2-bgp]aggregate 172.16.0.0 16 detail-suppressed
[R7]bgp 64513
[R7-bgp]aggregate 172.16.0.0 16 detail-suppressed
此时R1和R8得到的就是汇总的路由信息了
在R2和R7中在写一条静态路由指向空接口用于防环
[R2]ip route-static 172.16.0.0 16 NULL 0
[R7]ip route-static 172.16.0.0 16 NULL 0
5.AS1和AS3做GRE隧道
R1和R8中存在两个环回,分别是192.168.1.0/24、192.168.2.0/24,要求不在任何协议中宣告,而且能够互相通讯,那么我们只需在R1和R8中间打通一条GRE隧道即可
根据上述配置,R1和R8的1.1.1.1、8.8.8.8环回已经能够通讯,所以将他们作为源和目标
PS:需要配置去往目标网段的静态走tunnel通道
R1
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.0.0.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre
[R1-Tunnel0/0/0]source 1.1.1.1
[R1-Tunnel0/0/0]destination 8.8.8.8
[R1]ip route-static 192.168.2.0 24 10.0.0.2
R8
[R8]interface Tunnel 0/0/0
[R8-Tunnel0/0/0]ip address 10.0.0.2 24
[R8-Tunnel0/0/0]tunnel-protocol gre
[R8-Tunnel0/0/0]source 8.8.8.8
[R8-Tunnel0/0/0]destination 1.1.1.1
[R8]ip route-static 192.168.1.0 24 10.0.0.1