BGP路由反射器、联邦综合实验
实验要求:
- AS1存在两个环回,一个地址为192.168.1.0/24该地址不能在任何协议中宣告
AS3存在两个环回,一个地址为192.168.2.0/24该地址不能在任何协议中宣告
- 最终要求这两个环回可以互相通讯;
- AS1的另一个环回为10.1.1.0/24,AS3的另一个环回为11.1.1.0/24
- 整个AS2的IP地址为172.16.0.0/16请合理划分
- AS间的骨干链路IP地址随意定制
- 使用BGP协议让整个网络所有设备的环回可以相互访问
- 减少条目数量,避免环路出现
AS-2内部IP地址规划
172.16.0.0/16
取172.16.0.0/21拆分
172.16.0.0/24
172.16.0.0/25——P2P
172.16.0.0/30
172.16.0.4/30
172.16.0.8/30
172.16.0.12/30
172.16.0.16/30
172.16.0.20/30
172.16.0.128/25——后期MA
172.16.1.0/24——BGP建邻环回
设备用户环回
172.16.2.0/24
172.16.3.0/24
172.16.4.0/24
172.16.5.0/24
172.16.6.0/24
172.16.7.0/24
AS-2内部OSPF搭建
以R2为例:
[r2-ospf-1]display this
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 172.16.0.0 0.0.255.255
#
return
AS-2,内部宣告完成
修改环回接口工作方式,模拟用户网段
这里我们修改一下,ospf宣告模拟用户网段的环回接口的工作方式,使其掩码修改为/24
interface LoopBack0
ospf network-type broadcast
BGP建立连接
R1
bgp 1
router-id 1.1.1.1
peer 12.0.0.2 as-number 2
R2
bgp 64512
router-id 2.2.2.2
confederation id 2
confederation peer-as 64513
peer 12.0.0.1 as-number 1
peer 172.16.1.3 as-number 64512
peer 172.16.1.3 connect-interface LoopBack1
peer 172.16.1.5 as-number 64513
peer 172.16.1.5 ebgp-max-hop 2
peer 172.16.1.5 connect-interface LoopBack1
R3
bgp 64512
router-id 3.3.3.3
confederation id 2
peer 172.16.1.2 as-number 64512
peer 172.16.1.2 connect-interface LoopBack1
peer 172.16.1.4 as-number 64512
peer 172.16.1.4 connect-interface LoopBack1
R4
bgp 64512
router-id 4.4.4.4
confederation id 2
confederation peer-as 64513
peer 172.16.1.3 as-number 64512
peer 172.16.1.3 connect-interface LoopBack1
peer 172.16.1.7 as-number 64513
peer 172.16.1.7 ebgp-max-hop 2
peer 172.16.1.7 connect-interface LoopBack1
R5
bgp 64513
router-id 5.5.5.5
confederation id 2
confederation peer-as 64512
peer 172.16.1.2 as-number 64512
peer 172.16.1.2 ebgp-max-hop 2
peer 172.16.1.2 connect-interface LoopBack1
peer 172.16.1.6 as-number 64513
peer 172.16.1.6 connect-interface LoopBack1
R6
bgp 64513
router-id 6.6.6.6
confederation id 2
peer 172.16.1.5 as-number 64513
peer 172.16.1.5 connect-interface LoopBack1
peer 172.16.1.7 as-number 64513
peer 172.16.1.7 connect-interface LoopBack1
R7
bgp 64513
router-id 7.7.7.7
confederation id 2
confederation peer-as 64512
peer 78.0.0.2 as-number 3
peer 172.16.1.4 as-number 64512
peer 172.16.1.4 ebgp-max-hop 2
peer 172.16.1.4 connect-interface LoopBack1
peer 172.16.1.6 as-number 64513
peer 172.16.1.6 connect-interface LoopBack1
R8
bgp 3
router-id 8.8.8.8
peer 78.0.0.1 as-number 2
查看邻居建立关系是否完成
display bgp peer
BGP宣告
从R1开始宣告
[r1]bgp 1
[r1-bgp]network 10.1.1.1 24
# 查看BGP路由表
[r1-bgp]display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 0.0.0.0 0 0 i
R2查看BGP路由
此时我们去R2设备上查看
<r2>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 12.0.0.1 0 0 1i
R3、R5上路由不可用
R1的路由在R2上处于可用且优的状态,但是在R3、R5上查看到却是不可用的状态
<r3>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
i 10.1.1.0/24 12.0.0.1 0 100 0 1i
<r5>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
i 10.1.1.0/24 12.0.0.1 0 100 0 (64512) 1i
- 原因:NextHop:12.0.0.1,是不可达状态
- 解决方法:传递时修改下一跳属性
修改下一跳属性
[r2-bgp]peer 172.16.1.3 next-hop-local
[r2-bgp]peer 172.16.1.5 next-hop-local
修改完下一跳属性后,在R3、R5查看BGP路由表
<r3>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 1i
<r5>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 (64512) 1i
R4、R6上查看BGP路由
OK,R2、R3上R1的环回正常可用且优,那我们再去R4、R6上查看一下
<r6>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 (64512) 1i
我们发现:R6上R1环回可用且优,R4压根学习不到R1的环回
IBGP水平分割
- 原因:BGP协议中存在IBGP水平分割,因此R7也学习不到R1环回
- 解决方法:此图中适用路由反射器
路由反射器
[r3-bgp]peer 172.16.1.4 reflect-client #R3成为反射器,指定R4为R3的客户
[r6-bgp]peer 172.16.1.7 reflect-client #R6成为反射器,指定R7为R6的客户
- 这里不是必须这样配置,具体配置要求参考路由反射器规则(也许之后会发???)
路由反射器配置结果
<r4>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 1i
<r7>display bgp routing-table
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 (64512) 1i
* i 172.16.1.2 0 100 0 (64512) 1i
设置路由反射器后,R4、R7正常学习到R1的环回,但此时我们发现,R7身上有两条关于R1的环回
- 原因:R4和R7属于EBGP对等体关系,R4,学习到路由后,会正常传给R7,又因为,R6为路由反射器,所以R6也会传递路由给R7,但是因为AS_BY_AS规则,在没有学习BGP选路和BGP属性的情况下,我们无法知晓,这两条路由信息分别是谁传递给R7的,
- BGP默认不支持负载均衡,所以两条中只选择一条使用
查看邻居传递给我的路由
可用通过以下这条命令,查看我的邻居给我传递了哪条路由
<r7>display bgp routing-table peer 172.16.1.4 received-routes
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 (64512) 1i
<r7>display bgp routing-table peer 172.16.1.6 received-routes
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* i 10.1.1.0/24 172.16.1.2 0 100 0 (64512) 1i
R8的BGP路由表可正常学习R1的环回
<r8>display bgp routing-table
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 78.0.0.1 0 2 1i
同理,宣告R8时,也要注意在R7上修改下一跳属性
[r7-bgp]peer 172.16.1.4 next-hop-local
[r7-bgp]peer 172.16.1.6 next-hop-local
在R1查看BGP路由表
<r1>display bgp routing-table
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 0.0.0.0 0 0 i
*> 11.1.1.0/24 12.0.0.2 0 2 3i
可以正常学习到R8的环回
R1、R8学习AS-2的环回
方法一:
[r2]ip route-static 172.16.0.0 21 NULL 0
[r2]bgp 64512
[r2-bgp]network 172.16.0.0 21
此时R1、R8已经学习到了,AS-2的环回,但是当R8找一个不存在的网段,会造成路由黑洞,浪费中间链路资源。因此,需要在所有的边界设备上均配置空接口防环
我们在R7上使用另一种方式宣告:
方法二:
[r7-bgp]network 172.16.2.0 24
[r7-bgp]network 172.16.3.0 24
[r7-bgp]network 172.16.4.0 24
[r7-bgp]network 172.16.5.0 24
[r7-bgp]network 172.16.6.0 24
[r7-bgp]network 172.16.7.0 24
<r1>display bgp routing-table
Total Number of Routes: 9
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 0.0.0.0 0 0 i
*> 11.1.1.0/24 12.0.0.2 0 2 3i
*> 172.16.0.0/21 12.0.0.2 0 0 2i
*> 172.16.2.0/24 12.0.0.2 0 2i
*> 172.16.3.0/24 12.0.0.2 0 2i
*> 172.16.4.0/24 12.0.0.2 0 2i
*> 172.16.5.0/24 12.0.0.2 0 2i
*> 172.16.6.0/24 12.0.0.2 0 2i
*> 172.16.7.0/24 12.0.0.2 0 2i
<r8>display bgp routing-table
Total Number of Routes: 9
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 78.0.0.1 0 2 1i
*> 11.1.1.0/24 0.0.0.0 0 0 i
*> 172.16.0.0/21 78.0.0.1 0 2i
*> 172.16.2.0/24 78.0.0.1 3 0 2i
*> 172.16.3.0/24 78.0.0.1 2 0 2i
*> 172.16.4.0/24 78.0.0.1 1 0 2i
*> 172.16.5.0/24 78.0.0.1 2 0 2i
*> 172.16.6.0/24 78.0.0.1 1 0 2i
*> 172.16.7.0/24 78.0.0.1 0 0 2i
在所有设备上都能查到,宣告的明细路由,但AS2内部运行了IGP协议,因此,不添加到路由表中
汇总并抑制其它明细路由
在R7上汇总,并抑制其它明细路由
[r7-bgp]aggregate 172.16.0.0 21 detail-suppressed
汇总后自动生成一条空接口防环路由
172.16.0.0/21 IBGP 255 0 D 127.0.0.1 NULL0
汇总抑制结果
<r7>display bgp routing-table
Total Number of Routes: 10
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 172.16.1.2 0 100 0 (64512) 1i
* i 172.16.1.2 0 100 0 (64512) 1i
*> 11.1.1.0/24 78.0.0.2 0 0 3i
*> 172.16.0.0/21 127.0.0.1 0 i
s> 172.16.2.0/24 0.0.0.0 3 0 i
s> 172.16.3.0/24 0.0.0.0 2 0 i
s> 172.16.4.0/24 0.0.0.0 1 0 i
s> 172.16.5.0/24 0.0.0.0 2 0 i
s> 172.16.6.0/24 0.0.0.0 1 0 i
s> 172.16.7.0/24 0.0.0.0 0 0 i
<r1>display bgp routing-table
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 0.0.0.0 0 0 i
*> 11.1.1.0/24 12.0.0.2 0 2 3i
*> 172.16.0.0/21 12.0.0.2 0 0 2i
<r8>display bgp routing-table
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 78.0.0.1 0 2 1i
*> 11.1.1.0/24 0.0.0.0 0 0 i
*> 172.16.0.0/21 78.0.0.1 0 2i
至此,除了R1、R8两个没有宣告的环回外,其它所有环回均可互相访问
不宣告的环回使用GRE连接
[r1-Tunnel0/0/0]display this
#
interface Tunnel0/0/0
description 11.1.1.1
ip address 192.168.0.1 255.255.255.252
tunnel-protocol gre
source 10.1.1.1
destination 11.1.1.1
[r8-Tunnel0/0/0]display this
#
interface Tunnel0/0/0
ip address 192.168.0.2 255.255.255.252
tunnel-protocol gre
source 11.1.1.1
destination 10.1.1.1
静态引导路由
写两条静态引导路由
[r1]ip route-static 192.168.2.0 24 192.168.0.2
[r8]ip route-static 192.168.1.0 24 192.168.0.1
不宣告环回ping通测试
配置集合
上述配置的命令,可能有所错误或删改,已下面最终版为准
[R1]所有配置
[r1]display current-configuration
#
interface GigabitEthernet0/0/0
ip address 12.0.0.1 255.255.255.0
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.0
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.0
#
interface Tunnel0/0/0
description 11.1.1.1
ip address 192.168.0.1 255.255.255.252
tunnel-protocol gre
source 10.1.1.1
destination 11.1.1.1
#
bgp 1
router-id 1.1.1.1
peer 12.0.0.2 as-number 2
#
network 10.1.1.0 255.255.255.0
#
ip route-static 192.168.2.0 255.255.255.0 192.168.0.2
[R2]所有配置
[r2]display current-configuration
#
interface GigabitEthernet0/0/0
ip address 12.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.0.1 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 172.16.0.5 255.255.255.252
#
interface LoopBack0
ip address 172.16.2.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 172.16.1.2 255.255.255.255
#
bgp 64512
router-id 2.2.2.2
confederation id 2
confederation peer-as 64513
peer 12.0.0.1 as-number 1
peer 172.16.1.3 as-number 64512
peer 172.16.1.3 connect-interface LoopBack1
peer 172.16.1.5 as-number 64513
peer 172.16.1.5 ebgp-max-hop 2
peer 172.16.1.5 connect-interface LoopBack1
#
network 172.16.0.0 255.255.248.0
peer 172.16.1.3 next-hop-local
peer 172.16.1.5 next-hop-local
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 172.16.0.0 0.0.255.255
#
ip route-static 172.16.0.0 255.255.248.0 NULL0
[R3]所有配置
[r3]display current-configuration
#
interface GigabitEthernet0/0/0
ip address 172.16.0.6 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.0.9 255.255.255.252
#
interface LoopBack0
ip address 172.16.3.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 172.16.1.3 255.255.255.255
#
bgp 64512
router-id 3.3.3.3
confederation id 2
peer 172.16.1.2 as-number 64512
peer 172.16.1.2 connect-interface LoopBack1
peer 172.16.1.4 as-number 64512
peer 172.16.1.4 connect-interface LoopBack1
#
peer 172.16.1.4 reflect-client
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 172.16.0.0 0.0.255.255
[R4]所有配置
<r4>display current-configuration
#
interface GigabitEthernet0/0/0
ip address 172.16.0.10 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.0.13 255.255.255.252
#
interface LoopBack0
ip address 172.16.4.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 172.16.1.4 255.255.255.255
#
bgp 64512
router-id 4.4.4.4
confederation id 2
confederation peer-as 64513
peer 172.16.1.3 as-number 64512
peer 172.16.1.3 connect-interface LoopBack1
peer 172.16.1.7 as-number 64513
peer 172.16.1.7 ebgp-max-hop 2
peer 172.16.1.7 connect-interface LoopBack1
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 172.16.0.0 0.0.255.255
[R5]所有配置
<r5>display current-configuration
#
interface GigabitEthernet0/0/0
ip address 172.16.0.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.0.17 255.255.255.252
#
interface LoopBack0
ip address 172.16.5.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 172.16.1.5 255.255.255.255
#
bgp 64513
router-id 5.5.5.5
confederation id 2
confederation peer-as 64512
peer 172.16.1.2 as-number 64512
peer 172.16.1.2 ebgp-max-hop 2
peer 172.16.1.2 connect-interface LoopBack1
peer 172.16.1.6 as-number 64513
peer 172.16.1.6 connect-interface LoopBack1
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 172.16.0.0 0.0.255.255
[R6]所有配置
<r6>display current-configuration
#
interface GigabitEthernet0/0/0
ip address 172.16.0.18 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.0.21 255.255.255.252
#
interface LoopBack0
ip address 172.16.6.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 172.16.1.6 255.255.255.255
#
bgp 64513
router-id 6.6.6.6
confederation id 2
peer 172.16.1.5 as-number 64513
peer 172.16.1.5 connect-interface LoopBack1
peer 172.16.1.7 as-number 64513
peer 172.16.1.7 connect-interface LoopBack1
#
peer 172.16.1.7 reflect-client
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 172.16.0.0 0.0.255.255
[R7]所有配置
<r7>display current-configuration
#
interface GigabitEthernet0/0/0
ip address 172.16.0.22 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.0.14 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 78.0.0.1 255.255.255.0
#
interface LoopBack0
ip address 172.16.7.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 172.16.1.7 255.255.255.255
#
bgp 64513
router-id 7.7.7.7
confederation id 2
confederation peer-as 64512
peer 78.0.0.2 as-number 3
peer 172.16.1.4 as-number 64512
peer 172.16.1.4 ebgp-max-hop 2
peer 172.16.1.4 connect-interface LoopBack1
peer 172.16.1.6 as-number 64513
peer 172.16.1.6 connect-interface LoopBack1
#
aggregate 172.16.0.0 255.255.248.0 detail-suppressed
network 172.16.2.0 255.255.255.0
network 172.16.3.0 255.255.255.0
network 172.16.4.0 255.255.255.0
network 172.16.5.0 255.255.255.0
network 172.16.6.0 255.255.255.0
network 172.16.7.0 255.255.255.0
peer 172.16.1.4 next-hop-local
peer 172.16.1.6 next-hop-local
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 172.16.0.0 0.0.255.255
[R8]所有配置
<r8>display current-configuration
#
interface GigabitEthernet0/0/0
ip address 78.0.0.2 255.255.255.0
#
interface LoopBack0
ip address 11.1.1.1 255.255.255.0
#
interface LoopBack1
ip address 192.168.2.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 192.168.0.2 255.255.255.252
tunnel-protocol gre
source 11.1.1.1
destination 10.1.1.1
#
bgp 3
router-id 8.8.8.8
peer 78.0.0.1 as-number 2
#
network 11.1.1.0 255.255.255.0
#
ip route-static 192.168.1.0 255.255.255.0 192.168.0.1