目录
4. 在AR1、AR3、AR5上配置路由策略,为lookback1接口路由打上Community
1. 在AR6上创建Lookback 3,配置IP地址为10.3.6.6,并发布到BGP中。
2. 在AR1上配置IP Prefix Branch,用于匹配规划中的分支路由
概要
在本实验中,我们将会使用AR2、 AR3、AR4模拟Backbone网路,AR5、AR6分别模拟企业分支,我们将会在AR5、AR6、AR1上创建不同的环回口用于模拟终端用户,通过Community Filter、AS_Path Filter、ORF特性来实现业务网络路由传递的控制。
网络拓扑
参考配置
一、配置设备互联
1. AR1配置
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.255.255.252
#
2. AR2配置
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
interface GigabitEthernet0/0/0
ip address 10.0.0.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.0.0.5 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.0.13 255.255.255.252
提示:其它配置类似,省略。
二、 骨干区域OSPF配置
1. AR2配置
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ip address 10.0.0.5 255.255.255.252
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
ip address 10.0.0.13 255.255.255.252
ospf enable 1 area 0.0.0.0
#
2. AR3配置
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/0
ip address 10.0.0.6 255.255.255.252
ospf enable 1 area 0.0.0.0
#
3. AR4配置
#
ospf 1 router-id 10.0.4.4
area 0.0.0.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/0
ip address 10.0.0.14 255.255.255.252
ospf enable 1 area 0.0.0.0
#
三、部署骨干与企业出口之间的BGP
1. AR1、AR2静态路由配置
[AR1]ip route-static 10.0.2.2 32 10.0.0.2
[AR2]ip route-static 10.0.1.1 32 10.0.0.1
2.AR3、AR5静态路由配置
[AR3]ip route-static 10.0.5.5 32 10.0.0.10
[AR5]ip route-static 10.0.3.3 32 10.0.0.9
3.AR4、AR6静态路由配置
[AR4]ip route-static 10.0.6.6 32 10.0.0.18
[AR6]ip route-static 10.0.4.4 32 10.0.0.17
4. AR1、AR2之间EBGP对等体关系建立
#
bgp 65003
router-id 10.0.1.1
peer 10.0.2.2 as-number 65100
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.2.2 password cipher Huawei@123
peer 10.0.2.2 valid-ttl-hops 255
#
#
bgp 65100
router-id 10.0.2.2
peer 10.0.1.1 as-number 65003
peer 10.0.1.1 connect-interface LoopBack0
peer 10.0.1.1 password cipher Huawei@123
peer 10.0.1.1 valid-ttl-hops 255
#
5. AR3、AR5之间EBGP对等体关系建立
#
bgp 65100
router-id 10.0.3.3
peer 10.0.5.5 as-number 65001
peer 10.0.5.5 connect-interface LoopBack0
peer 10.0.5.5 password cipher Huawei@123
peer 10.0.5.5 valid-ttl-hops 255
#
#
bgp 65001
router-id 10.0.5.5
peer 10.0.3.3 as-number 65100
peer 10.0.3.3 connect-interface LoopBack0
peer 10.0.3.3 password cipher Huawei@123
peer 10.0.3.3 valid-ttl-hops 255
#
6. AR4、AR6之间EBGP对等体关系建立
#
bgp 65100
router-id 10.0.4.4
peer 10.0.6.6 as-number 65002
peer 10.0.6.6 connect-interface LoopBack0
peer 10.0.6.6 password cipher Huawei@123
peer 10.0.6.6 valid-ttl-hops 255
#
#
bgp 65002
router-id 10.0.6.6
peer 10.0.4.4 as-number 65100
peer 10.0.4.4 connect-interface LoopBack0
peer 10.0.4.4 password cipher Huawei@123
peer 10.0.4.4 valid-ttl-hops 255
#
四、部署骨干区域内部的BGP
1. AR2的BGP配置
bgp 65100
group BB internal
peer BB connect-interface LoopBack0
peer BB next-hop-local
peer 10.0.3.3 as-number 65100
peer 10.0.3.3 group BB
peer 10.0.4.4 as-number 65100
peer 10.0.4.4 group BB
peer BB reflect-client
2. AR3的BGP配置
bgp 65100
router-id 10.0.3.3
peer 10.0.2.2 as-number 65100
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.2.2 next-hop-local
3. AR4的BGP配置
bgp 65100
router-id 10.0.4.4
peer 10.0.2.2 as-number 65100
peer 10.0.2.2 connect-interface LoopBack0
peer 10.0.2.2 next-hop-local
五、发布BGP路由
1. 创建Loopback1、2接口
[AR1]
#
interface LoopBack1
ip address 10.1.1.1 255.255.255.255
#
interface LoopBack2
ip address 10.2.1.1 255.255.255.255
#
[AR5]
#
interface LoopBack1
ip address 10.1.5.5 255.255.255.255
#
interface LoopBack2
ip address 10.2.5.5 255.255.255.255
#
[AR6]
#
interface LoopBack1
ip address 10.1.6.6 255.255.255.255
#
interface LoopBack2
ip address 10.2.6.6 255.255.255.255
#
2. 在企业路由器中使用network方式宣告业务网段
[AR1]bgp 65003
[AR1-bgp]network 10.1.1.1 32
[AR1-bgp]network 10.2.1.1 32
[AR5]bgp 65001
[AR5-bgp]network 10.1.5.5 32
[AR5-bgp]network 10.2.5.5 32
[AR6]bgp 65002
[AR6-bgp]network 10.1.6.6 32
[AR6-bgp]network 10.2.6.6 32
3. 所有路由器开启向对等体发送Community值的能力
[AR1]bgp 65003
[AR1-bgp]peer 10.0.2.2 advertise-community
[AR2]bgp 65100
[AR2-bgp]peer 10.0.1.1 advertise-community
[AR2-bgp]peer BB advertise-community
[AR3]bgp 65100
[AR3-bgp]peer 10.0.2.2 advertise-community
[AR3-bgp]peer 10.0.5.5 advertise-community
[AR4]bgp 65100
[AR4-bgp]peer 10.0.2.2 advertise-community
[AR4-bgp]peer 10.0.6.6 advertis-community
[AR5]bgp 65001
[AR5-bgp]peer 10.0.3.3 advertise-community
[AR6]bgp 65002
[AR6-bgp]peer 10.0.4.4 advertise-community
4. 在AR1、AR3、AR5上配置路由策略,为lookback1接口路由打上Community
[AR1]ip ip-prefix Com index 10 permit 10.1.1.1 32
[AR1]route-policy Attr permit node 10
Info: New Sequence of this List.
[AR1-route-policy]if-match ip-prefix Com
[AR1-route-policy]apply community 65003:1
[AR1-route-policy]quit
[AR1]route-policy Attr permit node 100
Info: New Sequence of this List.
[AR1]bgp 65003
[AR1-bgp]peer 10.0.2.2 route-policy Attr export
[AR5]ip ip-prefix Com index 10 permit 10.1.5.5 32
[AR5]route-policy Attr permit node 10
Info: New Sequence of this List.
[AR5-route-policy]apply community 65001:1
[AR5]route-policy Attr permit node 100
Info: New Sequence of this List.
[AR5-route-policy]if-match ip-prefix Com
[AR5-route-policy]quit
[AR5]bgp 65001
[AR5-bgp]peer 10.0.3.3 route-policy Attr export
[AR6]ip ip-prefix Com index 10 permit 10.1.6.6 32
[AR6]route-policy Attr permit node 10
Info: New Sequence of this List.
[AR6-route-policy]apply community 65002:1
[AR6]route-policy Attr permit node 100
Info: New Sequence of this List.
[AR6]bgp 65002
[AR6-bgp]peer 10.0.4.4 route-policy Attr export
六、配置路由策略,控制业务路由传递
为控制业务路由的学习,现要实现只有总部能够学习到分支的Loopback2接口路由,分支间无法相互学习到Loopback2的接口路由。
[AR3]ip community-filter basic OA permit 65002:1
[AR3]ip community-filter basic OA permit 65003:1
[AR3]ip as-path-filter Finance permit 65002$
[AR3]route-policy Finance permit node 10
Info: New Sequence of this List.
[AR3-route-policy]if-match community-filter OA
[AR3]route-policy Finance deny node 20
Info: New Sequence of this List.
[AR3-route-policy]if-match as-path-filter Finance
[AR3-route-policy]quit
[AR3]route-policy Finance permit node 30
Info: New Sequence of this List.
[AR3-route-policy]quit
[AR3]bgp 65100
[AR3-bgp]peer 10.0.5.5 route-policy Finance export
[AR4]ip community-filter basic OA permit 65001:1
[AR4]ip community-filter basic OA permit 65003:1
[AR4]ip as-path-filter AS_Filter permit 65001$
[AR4]route-policy Finance permit node 10
Info: New Sequence of this List.
[AR4-route-policy]if-match community-filter OA
[AR4-route-policy]route-policy Finance deny node 20
Info: New Sequence of this List.
[AR4-route-policy]if-match as-path-filter Finance
[AR4]route-policy Finance permit node 30
Info: New Sequence of this List.
[AR4]bgp 65100
[AR4-bgp]peer 10.0.6.6 route-policy Finance export
七、配置ORF
为防止分支错误发布路由,从而导致总部学习到不必要的路由条目,在R1、R2上部署ORF特性,让AR1只学习规划中分支应该发布的路由。
1. 在AR6上创建Lookback 3,配置IP地址为10.3.6.6,并发布到BGP中。
[AR6]int lo3
[AR6-LoopBack3]ip add 10.3.6.6 32
[AR6]bgp 65002
[AR6-bgp]network 10.3.6.6 32
2. 在AR1上配置IP Prefix Branch,用于匹配规划中的分支路由
[AR1]ip ip-prefix Branch index 10 permit 10.1.5.5 32
[AR1]ip ip-prefix Branch index 20 permit 10.2.5.5 32
[AR1]ip ip-prefix Branch index 30 permit 10.1.6.6 32
[AR1]ip ip-prefix Branch index 40 permit 10.2.6.6 32
3. 配置AR1、AR2的ORF特性
[AR1]bgp 65003
[AR1-bgp]peer 10.0.2.2 ip-prefix Branch import
[AR1-bgp]peer 10.0.2.2 capability-advertise orf ip-prefix send
[AR2]bgp 65100
[AR2-bgp]peer 10.0.1.1 capability-advertise orf ip-prefix receive
小结
过滤接收的路由:在本端的入方向或者对端的出方向部署路由策略、使用ORF特性。