BGP双平面实验

实验要求

1.合理IP地址 
2.AS 1 2 3 内部使用OSPF 协议 ， AS 1 AS 2内部建立全互联的IBGP邻居 ，AS之间建立全部的EBGP邻居
3.PC 1 3 5 属于电信的路由，通信时必须使用电信AS 1 ;PC 2 4 6 属于联通的路由，通信时必须使用联通的 AS 2
4.若 R1-R9之间链路断开，电信的路由依然通过电信 AS 1 通信

 新建拓扑

 配置IP地址

 

 

 写OSPF协议，顺便修改环回接口类型

[r1]ospf 100 router-id 1.1.1.1
[r1-ospf-100-area-0.0.0.0]network 1.1.1.1 0.0.0.0 
[r1-ospf-100-area-0.0.0.0]network 10.0.15.1 0.0.0.0 
[r1-ospf-100-area-0.0.0.0]network 10.1.13.1 0.0.0.0
[r1-ospf-100-area-0.0.0.0]q
[r1-ospf-100]q   
[r1]int l0
[r1-LoopBack0]ospf network-type broadcast 

[r3]ospf 100 router-id 3.3.3.3
[r3-ospf-100]area 0
[r3-ospf-100-area-0.0.0.0]network 10.1.13.2 0.0.0.0 
[r3-ospf-100-area-0.0.0.0]network 10.0.37.1 0.0.0.0
[r3-ospf-100-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[r3-ospf-100-area-0.0.0.0]q
[r3-ospf-100]q
[r3]int l0
[r3-LoopBack0]ospf network-type broadcast 

[r5]ospf 100 router-id 5.5.5.5
[r5-ospf-100]area 0
[r5-ospf-100-area-0.0.0.0]network 10.0.15.2 0.0.0.0 
[r5-ospf-100-area-0.0.0.0]network 10.1.57.1 0.0.0.0
[r5-ospf-100-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[r5-ospf-100-area-0.0.0.0]q
[r5-ospf-100]q
[r5]int l0
[r5-LoopBack0]ospf network-type broadcast 

[r7]ospf 100 router-id 7.7.7.7
[r7-ospf-100]area 0
[r7-ospf-100-area-0.0.0.0]network 7.7.7.7 0.0.0.0 
[r7-ospf-100-area-0.0.0.0]network 10.1.57.2 0.0.0.0
[r7-ospf-100-area-0.0.0.0]network 10.0.37.2 0.0.0.0
[r7-ospf-100-area-0.0.0.0]q
[r7-ospf-100]q
[r7]int l0
[r7-LoopBack0]ospf network-type broadcast 

[r2]ospf 200 router-id 2.2.2.2
[r2-ospf-200]area 0
[r2-ospf-200-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[r2-ospf-200-area-0.0.0.0]network 10.0.26.1 0.0.0.0
[r2-ospf-200-area-0.0.0.0]network 10.1.24.1 0.0.0.0
[r2-ospf-200-area-0.0.0.0]q
[r2-ospf-200]q
[r2]int l0
[r2-LoopBack0]ospf network-type broadcast 

[r4]ospf 200 router-id 4.4.4.4
[r4-ospf-200]area 0
[r4-ospf-200-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4-ospf-200-area-0.0.0.0]network 10.1.24.2 0.0.0.0 
[r4-ospf-200-area-0.0.0.0]network 10.0.48.1 0.0.0.0
[r4-ospf-200-area-0.0.0.0]q
[r4-ospf-200]q
[r4]int l0
[r4-LoopBack0]ospf network-type broadcast 

[r6]ospf 200 router-id 6.6.6.6
[r6-ospf-200]area 0
[r6-ospf-200-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[r6-ospf-200-area-0.0.0.0]network 10.0.26.2 0.0.0.0
[r6-ospf-200-area-0.0.0.0]network 10.1.68.1 0.0.0.0
[r6-ospf-200-area-0.0.0.0]q
[r6-ospf-200]
[r6]int l0
[r6-LoopBack0]ospf network-type broadcast 

[r8]ospf 200 router-id 8.8.8.8
[r8-ospf-200]area 0
[r8-ospf-200-area-0.0.0.0]network 8.8.8.8 0.0.0.0 
[r8-ospf-200-area-0.0.0.0]network 10.0.48.2 0.0.0.0 
[r8-ospf-200-area-0.0.0.0]network 10.1.68.2 0.0.0.0
[r8-ospf-200-area-0.0.0.0]q
[r8-ospf-200]q 
[r8]int l0
[r8-LoopBack0]ospf network-type broadcast 

[r9]ospf 300 router-id 9.9.9.9
[r9-ospf-300]area 0
[r9-ospf-300-area-0.0.0.0]network 9.9.9.9 0.0.0.0
[r9-ospf-300-area-0.0.0.0]network 10.0.9.1 0.0.0.0
[r9-ospf-300-area-0.0.0.0]q
[r9-ospf-300]q
[r9]int l0
[r9-LoopBack0]ospf network-type broadcast 

[r10]ospf 300 router-id 10.10.10.10
[r10-ospf-300]area 0
[r10-ospf-300-area-0.0.0.0]network 10.10.10.10 0.0.0.0
[r10-ospf-300-area-0.0.0.0]network 10.0.9.2 0.0.0.0
[r10-ospf-300-area-0.0.0.0]q
[r10-ospf-300]q
[r10]int l0
[r10-LoopBack0]ospf network-type broadcast 

使用对等组peer group定义BGP邻居关系建立

[r1]bgp 1    
[r1-bgp]router-id 1.1.1.1
[r1-bgp]peer 10.0.19.2 as-number 3
[r1-bgp]peer 10.2.12.2 as-number 2
[r1-bgp]group r1      
[r1-bgp]peer r1 connect-interface l0
[r1-bgp]peer r1 next-hop-local
[r1-bgp]peer r1 advertise-community
[r1-bgp]peer 3.3.3.3 group r1
[r1-bgp]peer 5.5.5.5 group r1
[r1-bgp]peer 7.7.7.7 group r1
[r1-bgp]peer 10.0.19.2 advertise-community
[r1-bgp]peer 10.2.12.2 advertise-community

[r3]bgp 1
[r3-bgp]router-id 3.3.3.3
[r3-bgp]peer 10.2.34.2 as-number 2
[r3-bgp]group r2
[r3-bgp]peer r2 connect-interface l0
[r3-bgp]peer r2 next-hop-local
[r3-bgp]peer r2 advertise-community
[r3-bgp]peer 1.1.1.1 group r2
[r3-bgp]peer 5.5.5.5 group r2  
[r3-bgp]peer 7.7.7.7 group r2  
[r3-bgp]peer 10.2.34.2 advertise-community

[r5]bgp 1
[r5-bgp]router-id 5.5.5.5
[r5-bgp]peer 10.0.11.2 as-number 4
[r5-bgp]peer 10.2.56.2 as-number 2
[r5-bgp]group r5
[r5-bgp]peer r5 connect-interface l0
[r5-bgp]peer r5 next-hop-local
[r5-bgp]peer r5 advertise-community
[r5-bgp]peer 1.1.1.1 group r5
[r5-bgp]peer 3.3.3.3 group r5
[r5-bgp]peer 7.7.7.7 group r5
[r5-bgp]peer 10.0.11.2 advertise-community
[r5-bgp]peer 10.2.56.2 advertise-community

[r7]bgp 1
[r7-bgp]router-id 7.7.7.7
[r7-bgp]peer 10.2.78.2 as-number 2
[r7-bgp]peer 10.2.78.2 advertise-community
[r7-bgp]group r7
[r7-bgp]peer r7 connect-interface l0
[r7-bgp]peer r7 next-hop-local
[r7-bgp]peer r7 advertise-community
[r7-bgp]peer 1.1.1.1 group r7
[r7-bgp]peer 3.3.3.3 group r7
[r7-bgp]peer 5.5.5.5 group r7

[r2]bgp 2
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 10.2.12.1 as-number 1
[r2-bgp]peer 10.2.12.1 advertise-community
[r2-bgp]group r2
[r2-bgp]peer r2 connect-interface l0
[r2-bgp]peer r2 next-hop-local
[r2-bgp]peer r2 advertise-community
[r2-bgp]peer 4.4.4.4 group r2
[r2-bgp]peer 6.6.6.6 group r2
[r2-bgp]peer 8.8.8.8 group r2

[r4]bgp 2
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 10.0.10.2 as-number 3
[r4-bgp]peer 10.2.34.1 as-number 1
[r4-bgp]peer 10.2.34.1 advertise-community
[r4-bgp]peer 10.0.10.2 advertise-community
[r4-bgp]group r4
[r4-bgp]peer r4 connect-interface l0
[r4-bgp]peer r4 next-hop-local
[r4-bgp]peer r4 advertise-community
[r4-bgp]peer 2.2.2.2 group r4
[r4-bgp]peer 6.6.6.6 group r4
[r4-bgp]peer 8.8.8.8 group r4

[r6]bgp 2
[r6-bgp]router-id 6.6.6.6
[r6-bgp]peer 10.2.56.1 as-number 1
[r6-bgp]peer 10.2.56.1 advertise-community
[r6-bgp]group r6
[r6-bgp]peer r6 connect-interface l0
[r6-bgp]peer r6 next-hop-local
[r6-bgp]peer r6 advertise-community
[r6-bgp]peer 2.2.2.2 group r6
[r6-bgp]peer 4.4.4.4 group r6
[r6-bgp]peer 8.8.8.8 group r6

[r8]bgp 2
[r8-bgp]router-id 8.8.8.8
[r8-bgp]peer 10.2.78.1 as-number 1 s
[r8-bgp]peer 10.0.12.2 as-number 4
[r8-bgp]peer 10.2.78.1 advertise-community
[r8-bgp]peer 10.0.12.2 advertise-community
[r8-bgp]group r8
[r8-bgp]peer r8 connect-interface l0
[r8-bgp]peer r8 next-hop-local
[r8-bgp]peer r8 advertise-community
[r8-bgp]peer 2.2.2.2 group r8
[r8-bgp]peer 4.4.4.4 group r8
[r8-bgp]peer 6.6.6.6 group r8

[r9]bgp 3
[r9-bgp]router-id 9.9.9.9
[r9-bgp]peer 10.0.19.1 as-number 1
[r9-bgp]peer 10.0.19.1 advertise-community
[r9-bgp]peer 10.10.10.10 as-number 3
[r9-bgp]peer 10.10.10.10 next-hop-local
[r9-bgp]peer 10.10.10.10 connect-interface l0
[r9-bgp]peer 10.10.10.10 advertise-community

[r10]bgp 3 
[r10-bgp]router-id 10.10.10.10
[r10-bgp]peer 9.9.9.9 as-number 3
[r10-bgp]peer 9.9.9.9 next-hop-local
[r10-bgp]peer 9.9.9.9 connect-interface l0
[r10-bgp]peer 9.9.9.9 advertise-community
[r10-bgp]peer 10.0.10.1 as-number 2
[r10-bgp]peer 10.0.10.1 advertise-community

[r11]bgp 4
[r11-bgp]router-id 11.11.11.11 
[r11-bgp]peer 10.0.11.1 as-number 1
[r11-bgp]peer 10.0.11.1 advertise-community
[r11-bgp]peer 10.0.12.1 as-number 2
[r11-bgp]peer 10.0.12.1 advertise-community

 

宣告R9、R10、R11网段看路由的选路情况

[r9]bgp 3
[r9-bgp]network 10.0.1.0 24
[r9-bgp]network 10.0.2.0 24

[r10]bgp 3
[r10-bgp]network 10.0.3.0 24
[r10-bgp]network 10.0.4.0 24

[r11]bgp 4
[r11-bgp]network 10.0.5.0 24
[r11-bgp]network 10.0.6.0 24

 使用前缀列表抓取流量，打入对应的团体属性

[r9]ip ip-prefix c1 permit 10.0.1.0 24
[r9]ip ip-prefix c1 permit 10.0.3.0 24
[r9]ip ip-prefix c2 permit 10.0.2.0 24
[r9]ip ip-prefix c2 permit 10.0.4.0 24
[r9]route-policy com permit node 10
[r9-route-policy]if-match ip-prefix c1
[r9-route-policy]apply community 100:3
[r9-route-policy]route-policy com permit node 20
[r9-route-policy]if-match ip-prefix c2          
[r9-route-policy]apply community 200:3
[r9]route-policy com permit node 30

[r9]bgp 3
[r9-bgp]peer 10.0.19.1 route-policy com export

[r10]ip ip-prefix c1 permit 10.0.1.0 24
[r10]ip ip-prefix c1 permit 10.0.3.0 24
[r10]ip ip-prefix c2 permit 10.0.2.0 24
[r10]ip ip-prefix c2 permit 10.0.4.0 24
[r10]route-policy com permit node 10
[r10-route-policy]if-match ip-prefix c1
[r10-route-policy]apply community 100:3
[r10-route-policy]route-policy com permit node 20
[r10-route-policy]if-match ip-prefix c2          
[r10-route-policy]apply community 200:3          
[r10-route-policy]route-policy com permit node 30

[r10]bgp 3
[r10-bgp]peer 10.0.10.1 route-policy com export 

 PC 1 3 5 属于电信的路由，通信时必须使用电信AS 1

 PC 2 4 6 属于联通的路由，通信时必须使用联通的 AS 2

[r11]ip community-filter advanced com1 permit 100:.*
[r11]ip community-filter advanced com2 permit 200:.* 
[r11]route-policy com1 permit node 10 
[r11-route-policy]if-match community-filter com1
[r11-route-policy]apply local-preference 105
[r11-route-policy]q
[r11]route-policy com1 permit node 20

[r11]bgp 4
[r11-bgp]peer 10.0.11.1 route-policy com1 import


[r11]route-policy com2 permit node 10       
[r11-route-policy]if-match community-filter com2         
[r11-route-policy]apply local-preference 110             
[r11-route-policy]q
[r11]route-policy com2 permit node 20
[r11-route-policy]q
[r11]bgp 4
[r11-bgp]peer 10.0.12.1 route-policy com2 import  

 抓取pc5、pc6的流量

[r11]ip ip-prefix c1 permit 10.0.5.0 24
[r11]ip ip-prefix c2 permit 10.0.6.0 24
[r11]route-policy com3 permit  node 10
[r11-route-policy]if-match ip-prefix c1
[r11-route-policy]apply community 100:4
[r11-route-policy]route-policy com3 permit node 2
[r11-route-policy]if-match ip-prefix c2           
[r11-route-policy]route-policy com3 permit node 20
[r11-route-policy]apply community 200:4           
[r11-route-policy]route-policy com3 permit node 30
[r11-route-policy]q
[r11]bgp 4
[r11-bgp]peer 10.0.11.1 route-policy com3 export 
[r11-bgp]peer 10.0.12.1 route-policy com3 export

 

 修改pc5、pc6选路情况

[r9]ip community-filter advanced hcia permit 100:.*
[r9]route-policy hcia permit node 10
[r9-route-policy]if-match community-filter hcia   
[r9-route-policy]apply local-preference 200
[r9-route-policy]q
[r9]route-policy hcia permit node 20
[r9]bgp 3
[r9-bgp]peer 10.0.19.1 route-policy hcia import 


[r10]ip community-filter advanced hcia permit 200.*    
[r10]route-policy hcia permit node 10
[r10-route-policy]if-match community-filter hcia
[r10-route-policy]apply local-preference 200
[r10]route-policy hcia permit node 20
[r10]bgp 3
[r10-bgp]peer 10.0.10.1 route-policy hcia import 

 可以看到电信都走上面过

  可以看到联通都走下面过

 若 R1-R9之间链路断开，电信的路由依然通过电信 AS 1 通信

在R2、R4、R6、R8上修改

[r2]ip community-filter advanced hcie permit 100:.*
[r4]ip community-filter advanced hcie permit 100:.*
[r6]ip community-filter advanced hcie permit 100:.*
[r8]ip community-filter advanced hcie permit 100:.*

[r2]route-policy hcie permit node 10
[r2-route-policy]if-match community-filter hcie
[r2-route-policy]apply preferred-value 9
[r2]route-policy hcie permit node 20

[r4]route-policy hcie permit node 10 
Info: New Sequence of this List.
[r4-route-policy] if-match community-filter hcie 
[r4-route-policy] apply preferred-value 9
[r4-route-policy]#
[r4-route-policy]route-policy hcie permit node 20 

[r6]route-policy hcie permit node 10 
Info: New Sequence of this List.
[r6-route-policy] if-match community-filter hcie 
[r6-route-policy] apply preferred-value 9
[r6-route-policy]#
[r6-route-policy]route-policy hcie permit node 20 

[r8]route-policy hcie permit node 10 
Info: New Sequence of this List.
[r8-route-policy] if-match community-filter hcie 
[r8-route-policy] apply preferred-value 9
[r8-route-policy]#
[r8-route-policy]route-policy hcie permit node 20 

[r2]bgp 2
[r2-bgp]peer 10.2.12.1 route-policy hcie import 

[r4]bgp 2
[r4-bgp]peer 10.2.34.1 route-policy hcie import

[r6]bgp 2
[r6-bgp]peer 10.2.56.1 route-policy hcie import 

[r8]bgp 2
[r8-bgp]peer 10.2.78.1 route-policy hcie import 

  到达5.0走的是10.2.12.1，把链路断开再看

 可以看到链路断开，依旧会走电信

 将电信路由传递时增加As-path,在R4上做

[r4]route-policy as permit node 10
[r4-route-policy]if-match community-filter hcie
[r4-route-policy]apply as-path 3 3 3 additive 
[r4]route-policy as permit node 20
[r4]bgp 2
[r4-bgp]peer r4 route-policy as export 

可以看到已经修改过来了

 测试

 

 这个时候我们就实现了，电信路由走电信，联通路由走联通，即使链路出现故障，我们还可以进行切换。

实验结束