IS-IS、BGP基础实验
1. IS-IS 基础实验
1.1 设置IP地址
1.2 配置 IS-IS 协议
-
R1
[R1-isis-1]dis this [V200R003C00] # isis 1 is-level level-1 network-entity 49.0001.0000.0000.0001.00 # return [R1-isis-1] [R1]interface LoopBack0 [R1-LoopBack0] isis enable 1 [R1]interface GigabitEthernet0/0/1 [R1-GigabitEthernet0/0/1] isis enable 1 [R1-GigabitEthernet0/0/1] quit
-
R2、R3 、R4、R5 类似,接口都要 isis enable 1
-
做接口认证
[R1]interface GigabitEthernet0/0/1 [R1-GigabitEthernet0/0/1] isis authentication-mode md5 huawei [R1-GigabitEthernet0/0/1] quit 所有物理接口都要做一下。
-
检查配置结果
R1已经成功地与R2、R3建立IS-IS邻居,并且是L1类型。 R4已经成功地与R2、R3、R5建立IS-IS邻居,并且是L2类型。
1.3 修改 R1,接口的dis优先级,使其成为dis
-
修改 R1 的GE0/0/1 DIS优先级
[R1]interface GigabitEthernet0/0/1 [R1-GigabitEthernet0/0/1] isis dis-priority 127 <R1>dis isis int
-
查看 R1 接口状态
<R1>dis isis interface Interface information for ISIS(1) --------------------------------- Interface Id IPV4.State IPV6.State MTU Type DIS GE0/0/1 001 Up Down 1497 L1/L2 Yes/No Loop0 001 Up Down 1500 L1/L2 -- <R1>
1.4 引入外部路由
-
在R5上创建Loopback1接口,配置IP地址为192.168.1.1,作为外部路由引入到IS-IS中;
[R5]interface LoopBack 1 [R5-LoopBack1] ip address 192.168.1.1 32 [R5-LoopBack1] quit [R5]isis 1 [R5-isis-1] import-route direct [R5-isis-1] quit
-
查看 R1 isis 路由
<R1>dis isis route Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 0.0.0.0/0 10 NULL GE0/0/1 10.0.123.3 A/-/-/- GE0/0/1 10.0.123.2 10.0.24.0/24 20 NULL GE0/0/1 10.0.123.2 A/-/-/- 3.3.3.3/32 10 NULL GE0/0/1 10.0.123.3 A/-/-/- 192.168.1.0/24 10 20 GE0/0/1 10.0.123.3 A/-/-/U 2.2.2.2/32 10 NULL GE0/0/1 10.0.123.2 A/-/-/- 10.0.123.0/24 10 NULL GE0/0/1 Direct D/-/L/- 5.5.5.5/32 30 NULL GE0/0/1 10.0.123.3 A/-/-/U 10.0.45.0/24 30 NULL GE0/0/1 10.0.123.3 A/-/-/U 1.1.1.1/32 0 NULL Loop0 Direct D/-/L/- 4.4.4.4/32 20 NULL GE0/0/1 10.0.123.3 A/-/-/U 10.0.34.0/24 20 NULL GE0/0/1 10.0.123.3 A/-/-/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set <R1>
从输出信息无法看到路由192.168.1.1/32,R1作为L1路由器,默认情况下L1-2路由器不会向其传递L2路由,所以在R1上无法看到引入的外部路由192.168.1.1/32,但R1上存在前往骨干区域的默认路由,并且为负载均衡状态。
R1可以与R5的Loopback1接口正常通信。
1.5 修改 IS-IS 接口 cost 值:
-
本来,R4去往1.1.1.1 的路由有两条处于负载分担,修改为只留G0/0/1口
[R4-GigabitEthernet0/0/1]dis this [V200R003C00] # interface GigabitEthernet0/0/1 ip address 10.0.34.4 255.255.255.0 isis enable 1 isis authentication-mode md5 cipher %$%$x;;@'}~-k4s2jm#NQ$k)Foky%$%$ isis cost 15 # return [R4-GigabitEthernet0/0/1]
1.6 配置 IS-IS 路由渗透
-
路由渗透
由于缺省时R1并不知道到达L2区域的具体路由,仅仅通过L1-2路由器发布的缺省路由到达L2区域; 因此当前R1只能选择R2及R3作为等价的下一跳设备到达L2区域。 为了将R1发往R5的流量引导到R3进行转发,可以在R3上配置路由渗透,由其将到达L2区域的路由渗透到L1区域,使得R1能够通过IS-IS学习到相关路由。 [R3]isis 1 [R3-isis-1] import-route isis level-2 into level-1 <R1>dis ip routing-table 5.5.5.5 Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 5.5.5.5/32 ISIS-L1 15 30 D 10.0.123.3 GigabitEthernet 0/0/1 <R1> 此时R1去往10.0.5.5的路由下一跳为10.0.123.3,即R3,并且是明细路由而不是默认路由。
[R3-isis-1] quit
2. BGP 基础实验
2.1 设备配置IP地址
2.2 配置 AS64512 内的OSPF
-
R2、R3、R4分别宣告自己相邻网络。但是R2与R1,R4与R5之间不能宣告,因为他们是不同的自治域,需要考虑安全问题。
[R2-ospf-1]dis this [V200R003C00] # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.0.23.0 0.0.0.255 # return [R3]dis ospf peer brief OSPF Process 1 with Router ID 3.3.3.3 Peer Statistic Information ---------------------------------------------------------------------------- Area Id Interface Neighbor id State 0.0.0.0 GigabitEthernet0/0/0 2.2.2.2 Full 0.0.0.0 GigabitEthernet0/0/1 4.4.4.4 Full ---------------------------------------------------------------------------- [R3]
2.3 配置 AS64512 内的全互联 IBGP 对等体关系
-
构建 IBGP 对等体关系
R2: [R2-bgp]dis this [V200R003C00] # bgp 64512 router-id 2.2.2.2 peer 3.3.3.3 as-number 64512 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 64512 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable peer 4.4.4.4 enable # return R3: [R3]bgp 64512 [R3-bgp]dis this [V200R003C00] # bgp 64512 router-id 3.3.3.3 peer 2.2.2.2 as-number 64512 peer 2.2.2.2 connect-interface LoopBack0 peer 4.4.4.4 as-number 64512 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 4.4.4.4 enable # return R4: [R4-bgp]dis this [V200R003C00] # bgp 64512 peer 2.2.2.2 as-number 64512 peer 2.2.2.2 connect-interface LoopBack0 peer 3.3.3.3 as-number 64512 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable # return # 查看邻居关系 [R3]dis bgp peer BGP local router ID : 3.3.3.3 Local AS number : 64512 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 2.2.2.2 4 64512 20 20 0 00:18:23 Established 0 4.4.4.4 4 64512 18 20 0 00:16:59 Established 0 [R3]
2.4 配置AS 64512、AS 64513、AS 64514之间的EBGP对等体关系
-
R1 和 R2,R4 和 R5之间做静态路由
R1: [R1]ip route-static 2.2.2.2 32 10.0.12.2 R2: [R2]ip route-static 1.1.1.1 32 10.0.12.1 R4: [R4]ip route-static 5.5.5.5 32 10.0.45.5 R5: [R5]ip route-static 4.4.4.4 32 10.0.45.4
-
配置R1、R2之间的EBGP对等体
R1: [R1]bgp 64513 [R1-bgp]router-id 1.1.1.1 [R1-bgp]peer 2.2.2.2 as-number 64512 [R1-bgp]peer 2.2.2.2 ebgp-max-hop 2 [R1-bgp]peer 2.2.2.2 connect-interface LoopBack 0 R2: [R2-bgp]peer 1.1.1.1 as-number 64513 [R2-bgp]peer 1.1.1.1 ebgp-max-hop 2 [R2-bgp]peer 1.1.1.1 connect-interface LoopBack 0 配置R4、R5之间EBGP对等体关系步骤类似。
-
检查对等体关系
<R1>dis bgp peer BGP local router ID : 1.1.1.1 Local AS number : 64513 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 2.2.2.2 4 64512 4 6 0 00:02:55 Established 0 <R5>dis bgp peer BGP local router ID : 5.5.5.5 Local AS number : 64514 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv 4.4.4.4 4 64512 4 4 0 00:02:18 Established 0 <R5>
2.5 在R1、R5上将Loopback1接口路由发布到BGP,在R2、R4上修改BGP下一跳地址。
-
在R1、R5上将Loopback1接口路由发布到BGP
[R1]bgp 64513 [R1-bgp]network 10.1.1.1 24 [R5]bgp 64514 [R5-bgp]network 10.1.5.5 24
-
查看 R3 BGP 路由表
<R3>dis bgp routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn i 10.1.1.0/24 1.1.1.1 0 100 0 64513i i 10.1.5.0/24 5.5.5.5 0 100 0 64514i <R3> R3上已经学习到R1、R5上发布的BGP路由,;但是都是非有效路由,这是因为它们的下一跳在R3上都不可达 为此可以在R2、R4上通过next-hop-local命令修改下一跳地址为R2、R4的更新源地址。
-
在R2、R4上将路由的下一跳地址修改为自身。
[R2]bgp 64512 [R2-bgp]peer 3.3.3.3 next-hop-local [R2-bgp]peer 4.4.4.4 next-hop-local [R4]bgp 64512 [R4-bgp]peer 2.2.2.2 next-hop-local [R4-bgp]peer 3.3.3.3 next-hop-local
-
查看 R3 BGP 路由表
<R3>dis bgp routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.1.1.0/24 2.2.2.2 0 100 0 64513i *>i 10.1.5.0/24 4.4.4.4 0 100 0 64514i <R3> 此时两条BGP路由都变成了有效、最优的状态
-
查看R1、R5 BGP路由表
<R1>dis bgp routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 0.0.0.0 0 0 i *> 10.1.5.0/24 2.2.2.2 0 64512 6451 4i <R1> <R5>dis bgp routing-table BGP Local router ID is 5.5.5.5 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 4.4.4.4 0 64512 6451 3i *> 10.1.5.0/24 0.0.0.0 0 0 i <R5> R1、R5之间相互学习到了对端Loopback1接口路由。
-
测试R1、R5的Loopback 1之间的连通性
<R1>ping -c 5 -a 10.1.1.1 10.1.5.5 PING 10.1.5.5: 56 data bytes, press CTRL_C to break Reply from 10.1.5.5: bytes=56 Sequence=1 ttl=252 time=60 ms Reply from 10.1.5.5: bytes=56 Sequence=2 ttl=252 time=50 ms Reply from 10.1.5.5: bytes=56 Sequence=3 ttl=252 time=40 ms Reply from 10.1.5.5: bytes=56 Sequence=4 ttl=252 time=50 ms Reply from 10.1.5.5: bytes=56 Sequence=5 ttl=252 time=40 ms --- 10.1.5.5 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/48/60 ms <R1>