HCIP第8天-BGP2

最新推荐文章于 2024-09-05 10:39:00 发布

m0_59760462

最新推荐文章于 2024-09-05 10:39:00 发布

阅读量162

点赞数

分类专栏： HCIP 文章标签： html5 java html

本文链接：https://blog.csdn.net/m0_59760462/article/details/120825532

版权

HCIP 专栏收录该内容

7 篇文章 0 订阅

订阅专栏

ip地址规划

2-6直连接口使用172.16.0.0/24网段，使用/30来划分。2-6环回使用172.16.2.0/24-172.16.7.0/24.

基本配置

[r1-bgp]dis cu 
[V200R003C00]
#
 sysname r1
#
interface GigabitEthernet0/0/0
 ip address 12.1.1.1 255.255.255.0 
#
interface LoopBack0
 ip address 10.1.1.1 255.255.255.0 
#
interface LoopBack1
 ip address 192.168.1.1 255.255.255.0 
#
bgp 1
 peer 12.1.1.2 as-number 2 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.1.0 255.255.255.0 
  peer 12.1.1.2 enable
#
user-interface con 0
 idle-timeout 0 0

[r2-bgp]dis cu 
[V200R003C00]
#
 sysname r2
#
interface GigabitEthernet0/0/0
 ip address 172.16.0.1 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 12.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 172.16.0.9 255.255.255.252 
#
interface NULL0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
 ospf network-type broadcast
#
bgp 64512
 router-id 2.2.2.2        //指定RouteID
 confederation id 2       //指定大AS号，即对外共有AS号。
 confederation peer-as 64513       //指定对端小AS号，即私有AS号
 peer 3.3.3.3 as-number 64512      //指定对端地址及AS号
 peer 3.3.3.3 connect-interface LoopBack0        //使用本地环回地址与对端建邻
 peer 5.5.5.5 as-number 64513      //指定对端地址及AS号
 peer 5.5.5.5 ebgp-max-hop 2       //修改到对端的TTL值
 peer 5.5.5.5 connect-interface LoopBack0        //使用本地环回地址与对端建邻
 peer 12.1.1.1 as-number 1         //指定对端地址及AS号
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 3.3.3.3 next-hop-local   //修改对端通过本设备学习到路由信息的下一跳指向为本地
  peer 5.5.5.5 enable
  peer 5.5.5.5 next-hop-local   //修改对端通过本设备学习到路由信息的下一跳指向为本地
  peer 12.1.1.1 enable
#
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 172.16.0.1 0.0.0.0 
  network 172.16.0.9 0.0.0.0 
  network 172.16.2.0 0.0.0.255 
  network 172.16.2.1 0.0.0.0 
#
user-interface con 0
 idle-timeout 0 0
#

[r3]dis cu 
[V200R003C00]
#
 sysname r3
#
interface GigabitEthernet0/0/0
 ip address 172.16.0.5 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 172.16.0.2 255.255.255.252 
#
interface GigabitEthernet0/0/2
#
interface LoopBack0
 ip address 172.16.3.1 255.255.255.0 
 ospf network-type broadcast
#
interface LoopBack9
 ip address 3.3.3.3 255.255.255.255 
#
bgp 64512    //开启BGP，AS号为64512，私有AS号
 router-id 3.3.3.3    //指定RouteID
 confederation id 2   //指定大AS号，即共有AS号。
 confederation peer-as 64513   //指定对端私有的AS号
 peer 2.2.2.2 as-number 64512  //指定对端IP地址及AS号
 peer 2.2.2.2 connect-interface LoopBack9   //使用本地环回与对端建邻
 peer 4.4.4.4 as-number 64512  //指定对端私有的AS号  
 peer 4.4.4.4 connect-interface LoopBack9     //使用本地环回与对端建邻
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 2.2.2.2 reflect-client    //设置本地为RR，2.2.2.2为客户端
  peer 4.4.4.4 enable
  peer 4.4.4.4 reflect-client    //设置本地为RR，4.4.4.4为客户端
#
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 172.16.0.2 0.0.0.0 
  network 172.16.0.5 0.0.0.0 
  network 172.16.3.1 0.0.0.0 
#
user-interface con 0
 idle-timeout 0 0
#

[r4]dis cu 
[V200R003C00]
#
 sysname r4
#
interface GigabitEthernet0/0/1
 ip address 172.16.0.6 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 172.16.0.13 255.255.255.252 
#
interface LoopBack0
 ip address 172.16.4.1 255.255.255.0 
 ospf network-type broadcast
#
interface LoopBack9
 ip address 4.4.4.4 255.255.255.255 
#
bgp 64512
 peer 3.3.3.3 as-number 64512 
 peer 3.3.3.3 connect-interface LoopBack9
 peer 7.7.7.7 as-number 64513 
 peer 7.7.7.7 ebgp-max-hop 2 
 peer 7.7.7.7 connect-interface LoopBack9
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 3.3.3.3 next-hop-local 
  peer 7.7.7.7 enable
#
ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 172.16.0.6 0.0.0.0 
  network 172.16.0.13 0.0.0.0 
  network 172.16.4.1 0.0.0.0 
#
user-interface con 0
 idle-timeout 0 0

[r5]dis cu 
[V200R003C00]
#
 sysname r5
#
interface GigabitEthernet0/0/0
 ip address 172.16.0.17 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 172.16.0.10 255.255.255.252 
#
interface LoopBack0
 ip address 172.16.5.1 255.255.255.0 
 ospf network-type broadcast
#
interface LoopBack9
 ip address 5.5.5.5 255.255.255.255 
#
bgp 64513
 confederation id 2
 confederation peer-as 64512
 peer 2.2.2.2 as-number 64512 
 peer 2.2.2.2 ebgp-max-hop 2 
 peer 2.2.2.2 connect-interface LoopBack9
 peer 6.6.6.6 as-number 64513 
 peer 6.6.6.6 connect-interface LoopBack9
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 6.6.6.6 enable
#
ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 172.16.0.10 0.0.0.0 
  network 172.16.0.17 0.0.0.0 
  network 172.16.5.1 0.0.0.0 
#
user-interface con 0
 idle-timeout 0 0
#

[r6]dis cu 
[V200R003C00]
#
 sysname r6
#
interface GigabitEthernet0/0/0
 ip address 172.16.0.21 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 172.16.0.18 255.255.255.252 
#
interface LoopBack0
 ip address 172.16.6.1 255.255.255.0 
 ospf network-type broadcast
#
interface LoopBack9
 ip address 6.6.6.6 255.255.255.255 
#
bgp 64513
 confederation id 2
 peer 5.5.5.5 as-number 64513 
 peer 5.5.5.5 connect-interface LoopBack9
 peer 7.7.7.7 as-number 64513 
 peer 7.7.7.7 connect-interface LoopBack9
 #
 ipv4-family unicast
  undo synchronization
  peer 5.5.5.5 enable
  peer 5.5.5.5 reflect-client
  peer 7.7.7.7 enable
  peer 7.7.7.7 reflect-client
#
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 6.6.6.6 0.0.0.0 
  network 172.16.0.18 0.0.0.0 
  network 172.16.0.21 0.0.0.0 
  network 172.16.6.1 0.0.0.0 
#
user-interface con 0
 idle-timeout 0 0

[r7]dis cu 
[V200R003C00]
#
 sysname r7
#
interface GigabitEthernet0/0/0
 ip address 78.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 172.16.0.22 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 172.16.0.14 255.255.255.252 
#
interface LoopBack0
 ip address 172.16.7.1 255.255.255.0 
 ospf network-type broadcast
#
interface LoopBack9
 ip address 7.7.7.7 255.255.255.255 
#
bgp 64513
 confederation id 2
 confederation peer-as 64512
 peer 4.4.4.4 as-number 64512 
 peer 4.4.4.4 ebgp-max-hop 2 
 peer 4.4.4.4 connect-interface LoopBack9
 peer 6.6.6.6 as-number 64513 
 peer 6.6.6.6 connect-interface LoopBack9
 peer 78.1.1.2 as-number 3 
 peer 78.1.1.2 ebgp-max-hop 2 
 peer 78.1.1.2 connect-interface LoopBack9
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.4 enable
  peer 6.6.6.6 enable
  peer 6.6.6.6 next-hop-local 
  peer 78.1.1.2 enable
#
ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 7.7.7.7 0.0.0.0 
  network 172.16.0.14 0.0.0.0 
  network 172.16.0.22 0.0.0.0 
  network 172.16.7.1 0.0.0.0 
#
user-interface con 0
 authentication-mode password
 idle-timeout 0 0

[r8] dis cu 
[V200R003C00]
#
 sysname r8
#
interface GigabitEthernet0/0/1
 ip address 78.1.1.2 255.255.255.0 
#
interface LoopBack0
 ip address 10.1.2.1 255.255.255.0 
#
interface LoopBack1
 ip address 192.168.2.1 255.255.255.0 
#
bgp 3
 peer 7.7.7.7 as-number 2 
 peer 7.7.7.7 ebgp-max-hop 2 
 #
 ipv4-family unicast
  undo synchronization
  network 10.1.2.0 255.255.255.0 
  peer 7.7.7.7 enable
#
ip route-static 7.7.7.7 255.255.255.255 78.1.1.1
#
user-interface con 0
 authentication-mode password
 idle-timeout 0 0

BGP路由宣告

1，在R2和R7上写一条汇总路由，指向空接口，然后将改汇总路由宣告进BGP。

[r2]ip route-static 172.16.0.0 21 NULL 0
[r2]bgp 64512
[r2-bgp]import-route static

[r7]ip route-static 172.16.0.0 21 NULL 0
[r7]bgp 64513
[r7-bgp]import-route static

[r8]ping -a 10.1.2.1 172.16.3.1
  PING 172.16.3.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.3.1: bytes=56 Sequence=1 ttl=253 time=60 ms
    Reply from 172.16.3.1: bytes=56 Sequence=2 ttl=253 time=40 ms
    Reply from 172.16.3.1: bytes=56 Sequence=3 ttl=253 time=30 ms
    Reply from 172.16.3.1: bytes=56 Sequence=4 ttl=253 time=40 ms
    Reply from 172.16.3.1: bytes=56 Sequence=5 ttl=253 time=40 ms

  --- 172.16.3.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/42/60 ms

因为AS2内所有用来建邻的IP都没有宣告进BGP，R1与R2，R7与R8之间的直连网段也没有宣告，所有不能ping AS2内用来建邻的环回地址，也不能ping R1与R2，R7与R8之间的直连网段.

[r2]dis bgp routing-table 

 BGP Local router ID is 2.2.2.2 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 4
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   10.1.1.0/24        12.1.1.1        0                     0      1i
 *>i  10.1.2.0/24        7.7.7.7         0          100        0      (64513) 3i
 *>   172.16.0.0/21      0.0.0.0         0                     0      ?
[r2]

[r7-bgp]dis bgp routing-table 

 BGP Local router ID is 78.1.1.1 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 4
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  10.1.1.0/24        2.2.2.2         0          100        0      (64512) 1i
 *>   10.1.2.0/24        78.1.1.2        0                     0      3i
 *>   172.16.0.0/21      0.0.0.0         0                     0      ?
[r7-bgp]

[r8]dis bgp routing-table 

 BGP Local router ID is 78.1.1.2 
 Status codes: * - valid, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total Number of Routes: 4
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>   10.1.1.0/24        7.7.7.7                               0      2 1i
 *>   10.1.2.0/24        0.0.0.0         0                     0      i
 *>   172.16.0.0/21      7.7.7.7         0                     0      2?
[r8]

2.配置NAT

[r1]acl name nat 2000
[r1-acl-basic-nat]rule 10 permit  source 192.168.1.0 0.0.0.255
[r1-acl-basic-nat]q
[r1]nat address-group 2 12.1.1.3 12.1.1.4
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000 address-group 2



r8]acl name nat 2000
[r8-acl-basic-nat]rule 10 permit source 192.168.2.0 0.0.0.255
[r8-acl-basic-nat]q
[r8]nat address-group 2 78.1.1.3 78.1.1.4
[r8]int g0/0/1
[r8-GigabitEthernet0/0/1]nat outbound 2000 address-group 2
[r8-GigabitEthernet0/0/1]

配置端口映射


[r1]interface GigabitEthernet0/0/0
[r1-GigabitEthernet0/0/1] nat server protocol icmp global 12.1.1.10 inside 192.168.1.10


[r8]int g0/0/1
[r8-GigabitEthernet0/0/1]nat server protocol icmp global  78.1.1.10 inside 192.168.2.10

[r1]dis nat session all
  NAT Session Table Information:

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 78.1.1.10                                      
     DestAddr  Vpn     : 12.1.1.10                                      
     Type Code IcmpId  : 0   8   3785 
     NAT-Info
       New SrcAddr     : ----
       New DestAddr    : 192.168.1.10   
       New IcmpId      : ----

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 78.1.1.10                                      
     DestAddr  Vpn     : 12.1.1.10                                      
     Type Code IcmpId  : 0   8   3805 
     NAT-Info
       New SrcAddr     : ----
       New DestAddr    : 192.168.1.10   
       New IcmpId      : ----

     Protocol          : ICMP(1)
     SrcAddr   Vpn     : 78.1.1.10                                      
     DestAddr  Vpn     : 12.1.1.10                                      
     Type Code IcmpId  : 0   8   3787

配置Tunnel ：

#R1
interface Tunnel0/0/0
 ip address 10.1.3.1 255.255.255.0 
 tunnel-protocol gre
 source 10.1.1.1
 destination 10.1.2.1
#
ip route-static 192.168.20.0 255.255.255.0 Tunnel0/0/0


#R8
interface Tunnel0/0/0
 ip address 10.1.3.2 255.255.255.0 
 tunnel-protocol gre
 source 10.1.2.1
 destination 10.1.1.1
ip route-static 192.168.10.0 255.255.255.0 Tunnel0/0/0

[r1] ping -a 192.168.10.1 192.168.20.1
  PING 192.168.20.1: 56  data bytes, press CTRL_C to break
    Reply from 192.168.20.1: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 192.168.20.1: bytes=56 Sequence=2 ttl=255 time=40 ms
    Reply from 192.168.20.1: bytes=56 Sequence=3 ttl=255 time=60 ms
    Reply from 192.168.20.1: bytes=56 Sequence=4 ttl=255 time=40 ms
    Reply from 192.168.20.1: bytes=56 Sequence=5 ttl=255 time=50 ms

  --- 192.168.20.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/60 ms

[r1]