各AS内部首先铺设底层,可以使用ospf先保证AS内部联通
AS1,AS2内部建立全连IBGP关系,之间建立EBGP关系
在R9、R10上分别抓取PC的流量并打上团体值,并且传播出去,在R12上同样
在AS3,AS4内部可以配置loc_preference属性并在连接AS1,AS2接口的入向调用策略,干涉各个PC去A,B的走向
R1运营商环境的路由器(R1-R8)
interface Ethernet0/0/0
ip address 10.1.15.1 255.255.255.0
interface Ethernet0/0/1
ip address 10.1.13.1 255.255.255.0
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.3.19.1 255.255.255.0
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
bgp 1
peer 10.3.19.2 as-number 3
group IBGP internal
peer IBGP connect-interface LoopBack0
peer 10.3.3.3 as-number 1
peer 10.3.3.3 group IBGP
peer 10.5.5.5 as-number 1
peer 10.5.5.5 group IBGP
peer 10.7.7.7 as-number 1
peer 10.7.7.7 group IBGP
ipv4-family unicast
undo synchronization
peer 10.3.19.2 enable
peer 10.3.19.2 advertise-community
peer IBGP enable
peer IBGP next-hop-local
peer IBGP advertise-community
peer 10.3.3.3 enable
peer 10.3.3.3 group IBGP
peer 10.5.5.5 enable
peer 10.5.5.5 group IBGP
peer 10.7.7.7 enable
peer 10.7.7.7 group IBGP
ospf 1
area 0.0.0.0
network 10.1.1.1 0.0.0.0
network 10.1.0.0 0.0.255.255
R9
#
interface Ethernet0/0/0
ip address 10.3.19.2 255.255.255.0
#
interface Ethernet0/0/1
ip address 10.3.109.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.3.2.1 255.255.255.0
#
interface LoopBack0
ip address 10.9.9.9 255.255.255.255
#
bgp 3
peer 10.3.19.1 as-number 1
peer 10.10.10.10 as-number 3
peer 10.10.10.10 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.3.1.0 255.255.255.0
network 10.3.2.0 255.255.255.0
peer 10.3.19.1 enable
peer 10.3.19.1 route-policy loc import
peer 10.3.19.1 route-policy com export
peer 10.3.19.1 advertise-community
peer 10.10.10.10 enable
peer 10.10.10.10 next-hop-local
peer 10.10.10.10 advertise-community
#
ospf 1
area 0.0.0.0
network 10.9.9.9 0.0.0.0
network 10.3.109.0 0.0.0.255
#
route-policy com permit node 10
if-match ip-prefix a
apply community 100:3
#
route-policy com permit node 20
if-match ip-prefix b
apply community 200:3
#
route-policy com permit node 30
#
route-policy loc permit node 10
if-match community-filter a
apply local-preference 200
#
route-policy loc permit node 20
#
ip ip-prefix a index 10 permit 10.3.1.0 24
ip ip-prefix a index 20 permit 10.3.3.0 24
ip ip-prefix b index 10 permit 10.3.2.0 24
ip ip-prefix b index 20 permit 10.3.4.0 24
#
ip community-filter advanced a permit 100
R10
#
interface Ethernet0/0/0
ip address 10.3.104.2 255.255.255.0
#
interface Ethernet0/0/1
ip address 10.3.109.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.3.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.3.4.1 255.255.255.0
#
interface LoopBack0
ip address 10.10.10.10 255.255.255.255
#
bgp 3
peer 10.3.104.1 as-number 2
peer 10.9.9.9 as-number 3
peer 10.9.9.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.3.3.0 255.255.255.0
network 10.3.4.0 255.255.255.0
peer 10.3.104.1 enable
peer 10.3.104.1 route-policy loc import
peer 10.3.104.1 route-policy com export
peer 10.3.104.1 advertise-community
peer 10.9.9.9 enable
peer 10.9.9.9 next-hop-local
peer 10.9.9.9 advertise-community
#
ospf 1
area 0.0.0.0
network 10.10.10.10 0.0.0.0
network 10.3.109.0 0.0.0.255
#
route-policy com permit node 10
if-match ip-prefix a
apply community 100:3
#
route-policy com permit node 20
if-match ip-prefix b
apply community 200:3
#
route-policy com permit node 30
#
route-policy loc permit node 10
if-match community-filter b
apply local-preference 200
#
route-policy loc permit node 20
#
ip ip-prefix a index 10 permit 10.3.1.0 24
ip ip-prefix a index 20 permit 10.3.3.0 24
ip ip-prefix b index 10 permit 10.3.2.0 24
ip ip-prefix b index 20 permit 10.3.4.0 24
#
ip community-filter advanced b permit 200:.*
R12
#
interface Ethernet0/0/0
ip address 10.4.125.2 255.255.255.0
#
interface Ethernet0/0/1
ip address 10.4.128.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.4.5.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.4.6.1 255.255.255.0
#
interface LoopBack0
ip address 10.12.12.12 255.255.255.255
#
bgp 4
peer 10.4.125.1 as-number 1
peer 10.4.128.1 as-number 2
#
ipv4-family unicast
undo synchronization
network 10.4.5.0 255.255.255.0
network 10.4.6.0 255.255.255.0
peer 10.4.125.1 enable
peer 10.4.125.1 route-policy loc import
peer 10.4.125.1 route-policy com export
peer 10.4.125.1 advertise-community
peer 10.4.128.1 enable
peer 10.4.128.1 route-policy loc2 import
peer 10.4.128.1 route-policy com export
peer 10.4.128.1 advertise-community
#
route-policy com permit node 10
if-match ip-prefix a
apply community 100:4
#
route-policy com permit node 20
if-match ip-prefix b
apply community 200:4
#
route-policy com permit node 30
#
route-policy loc permit node 10
if-match community-filter a
apply local-preference 200
#
route-policy loc permit node 20
#
route-policy loc2 permit node 10
if-match community-filter b
apply local-preference 200
#
route-policy loc2 permit node 20
#
ip ip-prefix a index 10 permit 10.4.5.0 24
ip ip-prefix b index 10 permit 10.4.6.0 24
#
ip community-filter advanced a permit 100:.*
ip community-filter advanced b permit 200:.*
R12
#
interface Ethernet0/0/0
ip address 10.4.125.2 255.255.255.0
#
interface Ethernet0/0/1
ip address 10.4.128.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.4.5.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.4.6.1 255.255.255.0
#
interface LoopBack0
ip address 10.12.12.12 255.255.255.255
#
bgp 4
peer 10.4.125.1 as-number 1
peer 10.4.128.1 as-number 2
#
ipv4-family unicast
undo synchronization
network 10.4.5.0 255.255.255.0
network 10.4.6.0 255.255.255.0
peer 10.4.125.1 enable
peer 10.4.125.1 route-policy loc import
peer 10.4.125.1 route-policy com export
peer 10.4.125.1 advertise-community
peer 10.4.128.1 enable
peer 10.4.128.1 route-policy loc2 import
peer 10.4.128.1 route-policy com export
peer 10.4.128.1 advertise-community
#
route-policy com permit node 10
if-match ip-prefix a
apply community 100:4
#
route-policy com permit node 20
if-match ip-prefix b
apply community 200:4
#
route-policy com permit node 30
#
route-policy loc permit node 10
if-match community-filter a
apply local-preference 200
#
route-policy loc permit node 20
#
route-policy loc2 permit node 10
if-match community-filter b
apply local-preference 200
#
route-policy loc2 permit node 20
#
ip ip-prefix a index 10 permit 10.4.5.0 24
ip ip-prefix b index 10 permit 10.4.6.0 24
#
ip community-filter advanced a permit 100:.*
ip community-filter advanced b permit 200:.*
流量的路线如下:
出现故障时:
R4(AS2内的路由器都得配相同策略)
#
route-policy value permit node 10
if-match community-filter a
apply preferred-value 100
#
route-policy value permit node 20
#
ip community-filter advanced a permit 100:.*
#
bgp 2
peer 10.0.34.1 route-policy value import
配好之后,去的路线没问题,但是回来不是原路返回
在R4上抓到100:.*的路由后,给它的IBGP邻居配置策略,添加一个AS号(AS2),使得回来的路由若是在除了R3之外的A面路由器往下走的话,AS_path大于从R3向下走的AS_path,这样就能规范路由的路线(选路规则,AS_path是优先于EBGP大于IBGP的)
R4以及AS2内所有
#
route-policy as-path permit node 10
if-match community-filter a
apply as-path 2 additive
#
route-policy as-path permit node 20
#
bgp 2
peer IBGP route-policy as-path export
回路线不一致