BGP特性实验

最新推荐文章于 2023-01-23 17:42:32 发布
最新推荐文章于 2023-01-23 17:42:32 发布
阅读量312 收藏
点赞数
分类专栏: 实验 文章标签: 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_32405915/article/details/113624747
版权

实验需求

本实验模拟大规模BGP网络部署,使用4字节AS号,传递IPv6路由。
预配说明:
各设备已启用ipv6,都有Loopback0接口,AS内部已配置OSPFv3,AS边界之间已配置ISIS。
在这里插入图片描述

一、部署BGP4+

1.1 建立IBGP邻居。

1.1.1 R7与R1-6建立IBGP邻居。
1.1.2 R5与R8/9建立IBGP邻居。
1.1.3 R12与R10/11建立IBGP邻居。
1.1.4 R7要求使用对等体组配置,组名称为IBGP。
1.1.5 AS号如图所示。
1.1.6 确认邻居关系。

1.2 部署反射器

1.2.1 R7为反射器,R1-6是客户端。
1.2.2 R5为反射器,R8/9是客户端。

1.3 建立EBGP邻居>SM

1.3.1 R2和R10使用Loopback0建立EBGP邻居.
1.3.2 已运行ISIS,请确认Loopback0可互通。
1.3.3 使用GTSM防止伪装者攻击,TTL有效跳数为1。
1.3.4 使用md5认证邻居的合法性,password为GT,在配置文件中可查看到明文口令。
1.3.5 确认邻居关系

1.4 建立EBGP邻居&keychain

1.4.1 R6和R11使用Loopback0建立EBGP邻居。
1.4.2已运行ISIS,请确认Loopback0可互通。
1.4.3 EBGP邻居最大跳数为2。
1.4.4 使用keychain认证邻居的合法性:
名称:GT
模式:日周期
key-id 1:算法hmac-md5;口令GT123,明文可查;发送和接收时间0点-11点59
key-id 2:算法hmac-md5;口令GT321,明文可查;发送和接收时间12点-23点59

二、路由聚合

2.1 发布路由

在R12上使用BGP发布Loopback12上4个地址的路由。

2.2 指定明细路由聚合

2.2.1 在R2上将3012::/112和3012::1:0/112聚合为3012::/64
2.2.2 聚合路由保留AS号,且抑制所有明细。
2.2.3 不要将其他路由聚合或抑制。
2.2.4 前缀列表的名称为P1,index 10 匹配3012::/112,index 20匹配3012::1:0/112。
2.2.5 路由策略的名称为RP1,node 10 匹配前缀列表。
2.2.6 在聚合路由时调用策略。

2.3 聚合抑制部分路由

2.3.1 在R11上将R12发布的四条路由聚合为3012::/64。
2.3.2 聚合后抑制3012::/112和3012::1:0/112两条路由。
2.3.3 前缀列表的名称为P1,index 10 匹配3012::/112,index 20匹配3012::1:0/112。
2.3.4 路由策略的名称为RP1,node 10 匹配前缀列表。
2.3.5 在聚合路由时调用策略。

三、BGP特性

3.1 路由衰减

R6为维持bgp路由稳定,部署衰减功能。
3.1.1 半衰期为10分钟
3.1.2 再使用值为1500
3.1.3 路由抑制值为3000
3.1.4 最大惩罚值为8000
3.1.5 尝试频繁更新R12路由信息,查看R6的路由抑制是否生效。

3.2 活跃路由通告

3.2.1 在R8上使用BGP通告Loobapck8的路由2008::1/128。
3.2.2 在R8的Looback8上运行OSPFv3,进程1,区域0.
3.2.3 确认R7的BGP可收到该路由,并反射给客户端。
3.2.4 在R5上启用BGP活跃路由通告。
3.2.5 确认R7的BGP路由表中收不到该路由。
3.2.6 把R8的Looback8从ospfv3中删除。
3.2.7 确认R7的BGP重新收到该路由,AS200.1的BGP也能收到该路由。

3.3 团体属性

3.3.1 在R9的BGP中通告Loopback9的两条路由。
3.3.2 使用路由策略,名称RP1,通告3009::/112时携带团体属性100:9。
3.3.3 除了R8和R12,其他路由器都能收到该团体属性。
3.3.4 在R10中部署基础团体属性过滤器,名称C1,拒绝100:9的路由,接收其他所有路由。
3.3.5 路由策略调用团体属性过滤器,名称RP1,node 10。
3.3.6 R10从R2接收路由时调用该策略。
3.3.6 确认策略生效。

四. 代码

<R1>dis cu
[V200R003C00]
#
 sysname R1
#
 board add 0/1 2SA 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 1.1.1.1
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::1/128 
 ospfv3 1 area 0.0.0.0
#
bgp 100.1
 router-id 1.1.1.1
 peer 2000::7 as-number 100.1 
 peer 2000::7 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  peer 2000::7 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R2>dis cu
[V200R003C00]
#
 sysname R2
#
 board add 0/1 2SA 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0100.0000.0000.0002.00
 is-name R2
 #
 ipv6 enable topology standard
 #
#
ospfv3 1
 router-id 2.2.2.2
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
 isis ipv6 enable 1
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::2/128 
 ospfv3 1 area 0.0.0.0
 isis ipv6 enable 1
#
bgp 100.1
 router-id 2.2.2.2
 peer 2000::7 as-number 100.1 
 peer 2000::7 connect-interface LoopBack0
 peer 2000::10 as-number 200.1 
 peer 2000::10 connect-interface LoopBack0
 peer 2000::10 password simple GT 
 peer 2000::10 valid-ttl-hops 1 
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  aggregate 3012:: 64 as-set detail-suppressed origin-policy RP1 
  peer 2000::7 enable
  peer 2000::7 next-hop-local 
  peer 2000::10 enable
  peer 2000::10 advertise-community
#
route-policy RP1 permit node 10 
 if-match ipv6 address prefix-list P1 
#
ip ipv6-prefix P1 index 10 permit 3012:: 112
ip ipv6-prefix P1 index 20 permit 3012::1:0 112
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R3>dis cu
[V200R003C00]
#
 sysname R3
#
 board add 0/1 2SA 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 3.3.3.3
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::3/128 
 ospfv3 1 area 0.0.0.0
#
bgp 100.1
 router-id 3.3.3.3
 peer 2000::7 as-number 100.1 
 peer 2000::7 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  peer 2000::7 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R4>dis cu
[V200R003C00]
#
 sysname R4
#
 board add 0/1 2SA 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 4.4.4.4
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::4/128 
 ospfv3 1 area 0.0.0.0
#
bgp 100.1
 router-id 4.4.4.4
 peer 2000::7 as-number 100.1 
 peer 2000::7 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  peer 2000::7 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R5>dis cu
[V200R003C00]
#
 sysname R5
#
 board add 0/1 2SA 
 board add 0/2 1GEC 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 5.5.5.5
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::5/128 
 ospfv3 1 area 0.0.0.0
#
bgp 100.1
 router-id 5.5.5.5
 peer 2000::7 as-number 100.1 
 peer 2000::7 connect-interface LoopBack0
 peer 2000::8 as-number 100.1 
 peer 2000::8 connect-interface LoopBack0
 peer 2000::9 as-number 100.1 
 peer 2000::9 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  active-route-advertise
  peer 2000::7 enable
  peer 2000::7 advertise-community
  peer 2000::8 enable
  peer 2000::8 reflect-client
  peer 2000::9 enable
  peer 2000::9 reflect-client
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R6>dis cu
[V200R003C00]
#
 sysname R6
#
 board add 0/1 2SA 
 board add 0/2 1GEC 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
keychain GT mode periodic daily
 key-id 1
  algorithm hmac-md5
  key-string plain GT123
  send-time daily 00:00 to 11:59
  receive-time daily 00:00 to 11:59
 key-id 2
  algorithm hmac-md5
  key-string plain GT321
  send-time daily 12:00 to 23:59
  receive-time daily 12:00 to 23:59
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0100.0000.0000.0006.00
 is-name R6
 #
 ipv6 enable topology standard
 #
#
ospfv3 1
 router-id 6.6.6.6
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
 isis ipv6 enable 1
#
interface GigabitEthernet2/0/0
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::6/128 
 ospfv3 1 area 0.0.0.0
 isis ipv6 enable 1
#
bgp 100.1
 router-id 6.6.6.6
 peer 2000::7 as-number 100.1 
 peer 2000::7 connect-interface LoopBack0
 peer 2000::11 as-number 200.1 
 peer 2000::11 ebgp-max-hop 2 
 peer 2000::11 connect-interface LoopBack0
 peer 2000::11 keychain GT 
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  dampening 10 1500 3000 8000
  peer 2000::7 enable
  peer 2000::7 next-hop-local 
  peer 2000::11 enable
  peer 2000::11 advertise-community
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R7>dis cu
[V200R003C00]
#
 sysname R7
#
 board add 0/1 2SA 
 board add 0/2 2SA 
 board add 0/3 2SA 
 board add 0/4 2SA 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 7.7.7.7
#
firewall zone Local
 priority 15
#
interface Serial1/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial1/0/1
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial2/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial2/0/1
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial3/0/0
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial3/0/1
 link-protocol ppp
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface Serial4/0/0
 link-protocol ppp
#
interface Serial4/0/1
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::7/128 
 ospfv3 1 area 0.0.0.0
#
bgp 100.1
 router-id 7.7.7.7
 group IBGP internal
 peer IBGP connect-interface LoopBack0
 peer 2000::1 as-number 100.1 
 peer 2000::1 group IBGP 
 peer 2000::2 as-number 100.1 
 peer 2000::2 group IBGP 
 peer 2000::3 as-number 100.1 
 peer 2000::3 group IBGP 
 peer 2000::4 as-number 100.1 
 peer 2000::4 group IBGP 
 peer 2000::5 as-number 100.1 
 peer 2000::5 group IBGP 
 peer 2000::6 as-number 100.1 
 peer 2000::6 group IBGP 
 #
 ipv4-family unicast
  undo synchronization
  peer IBGP enable
 #
 ipv6-family unicast
  undo synchronization
  peer IBGP enable
  peer IBGP reflect-client
  peer IBGP advertise-community
  peer 2000::1 enable
  peer 2000::1 group IBGP 
  peer 2000::2 enable
  peer 2000::2 group IBGP 
  peer 2000::3 enable
  peer 2000::3 group IBGP 
  peer 2000::4 enable
  peer 2000::4 group IBGP 
  peer 2000::5 enable
  peer 2000::5 group IBGP 
  peer 2000::6 enable
  peer 2000::6 group IBGP 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R8>dis cu
[V200R003C00]
#
 sysname R8
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 8.8.8.8
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::8/128 
 ospfv3 1 area 0.0.0.0
#
interface LoopBack8
 ipv6 enable 
 ipv6 address 2008::1/128 
#
bgp 100.1
 router-id 8.8.8.8
 peer 2000::5 as-number 100.1 
 peer 2000::5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  network 2008::1 128 
  peer 2000::5 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R9>dis cu
[V200R003C00]
#
 sysname R9
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 9.9.9.9
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
#
interface GigabitEthernet0/0/2
 ipv6 enable 
 ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::9/128 
 ospfv3 1 area 0.0.0.0
#
interface LoopBack9
 ipv6 enable 
 ipv6 address 3009::1/112 
 ipv6 address 3009::1:1/112 
#
bgp 100.1
 router-id 9.9.9.9
 peer 2000::5 as-number 100.1 
 peer 2000::5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  network 3009:: 112 route-policy RP1 
  network 3009::1:0 112 
  peer 2000::5 enable
  peer 2000::5 advertise-community
#
route-policy RP1 permit node 10 
 apply community 100:9 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R10>dis cu
[V200R003C00]
#
 sysname R10
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0200.0000.0000.0010.00
 is-name R10
 #
 ipv6 enable topology standard
 #
#
ospfv3 1
 router-id 10.10.10.10
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::10/128 
 ospfv3 1 area 0.0.0.0
 isis ipv6 enable 1
#
bgp 200.1
 router-id 10.10.10.10
 peer 2000::2 as-number 100.1 
 peer 2000::2 connect-interface LoopBack0
 peer 2000::2 password simple GT 
 peer 2000::2 valid-ttl-hops 1 
 peer 2000::12 as-number 200.1 
 peer 2000::12 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  peer 2000::2 enable
  peer 2000::2 route-policy RP1 import
  peer 2000::12 enable
  peer 2000::12 next-hop-local 
#
route-policy RP1 permit node 10 
 if-match community-filter C1 
#
ip community-filter basic C1 deny 100:9
ip community-filter basic C1 permit internet
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R11>dis cu
[V200R003C00]
#
 sysname R11
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
keychain GT mode periodic daily
 key-id 1
  algorithm hmac-md5
  key-string plain GT123
  send-time daily 00:00 to 11:59
  receive-time daily 00:00 to 11:59
 key-id 2
  algorithm hmac-md5
  key-string plain GT321
  send-time daily 12:00 to 23:59
  receive-time daily 12:00 to 23:59
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0200.0000.0000.0011.00
 is-name R11
 #
 ipv6 enable topology standard
 #
#
ospfv3 1
 router-id 11.11.11.11
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::11/128 
 ospfv3 1 area 0.0.0.0
 isis ipv6 enable 1
#
bgp 200.1
 router-id 11.11.11.11
 peer 2000::6 as-number 100.1 
 peer 2000::6 ebgp-max-hop 2 
 peer 2000::6 connect-interface LoopBack0
 peer 2000::6 keychain GT 
 peer 2000::12 as-number 200.1 
 peer 2000::12 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  aggregate 3012:: 64 suppress-policy RP1 
  peer 2000::6 enable
  peer 2000::12 enable
  peer 2000::12 next-hop-local 
#
route-policy RP1 permit node 10 
 if-match ipv6 address prefix-list P1 
#
ip ipv6-prefix P1 index 10 permit 3012:: 112
ip ipv6-prefix P1 index 20 permit 3012::1:0 112
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

<R12>dis cu
[V200R003C00]
#
 sysname R12
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
ipv6 
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
ospfv3 1
 router-id 12.12.12.12
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address auto link-local
 ospfv3 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ipv6 enable 
 ipv6 address 2000::12/128 
 ospfv3 1 area 0.0.0.0
#
interface LoopBack12
 ipv6 enable 
 ipv6 address 3012::1/112 
 ipv6 address 3012::1:1/112 
 ipv6 address 3012::2:1/112 
 ipv6 address 3012::3:1/112 
#
bgp 200.1
 router-id 12.12.12.12
 peer 2000::10 as-number 200.1 
 peer 2000::10 connect-interface LoopBack0
 peer 2000::11 as-number 200.1 
 peer 2000::11 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv6-family unicast
  undo synchronization
  network 3012:: 112 
  network 3012::1:0 112 
  network 3012::2:0 112 
  network 3012::3:0 112 
  peer 2000::10 enable
  peer 2000::11 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
土豆aaa
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
华为路由器之BGP路由技术总结及配置命令
cheng198956的专栏
08-01 4153
博文大纲: 一、BGP的概念1、自治系统是什么?2、动态路由分类3、BGP的特征 二、BGP的工作原理1、BGP邻居关系2、通告BGP路由的方法3、BGP对等体的交互原则4、更新源建立邻居关系5、保证IBGP下一跳可达6、EBGP多跳7、控制BGP选路8、BGP的选路原则 三、BGP的配置实例1、AS之间、AS内部建立邻居关系2、使用BGP协议宣告网段3、控制路由选路的多个方法4、向BGP注入...
HCIE实验45 BGP特性实验
WFlySky的博客
11-06 371
BGP特性实验实验拓扑实验需求实验配置 实验拓扑 实验需求 本实验模拟大规模BGP网络部署,使用4字节AS号,传递IPv6路由。 预配说明: 各设备已启用ipv6,都有Loopback0接口,AS内部已配置OSPFv3,AS边界之间已配置ISIS。 一、部署BGP4+ 1.1 建立IBGP邻居。 1.1.1 R7与R1-6建立IBGP邻居。 1.1.2 R5与R8/9建立IBGP邻居。 1.1.3 R12与R10/11建立IBGP邻居。 1.1.4 R7要求使用对等体组配置,组名称为IBGP。 1.1.5
BGP通告原则
ssslq的博客
01-23 2836
BGP通告原则
ip协议采用何种路由策略实现路由选择_第5期 BGP路由策略(上)
weixin_42378094的博客
12-19 535
BGP路由策略(上)在前几期的路由策略专题中,我们介绍路由策略的时候,大多是用某种IGP协议进行举例的。实际上,对于BGP路由的控制是路由策略的最大的用武之地,因为我们知道,BGP路由最大的特点就是灵活可控,这主要得益于BGP单独提供了不少工具用于配合执行路由策略。对BGP路由合理使用路由策略,可以做到对路由的精准控制,这也是很多网络工程师追求的一个目标。本期及下期内容内容,我们将会用较...
NAT ip地址转换(项目)
云计算
10-29 522
AR1 <R1>display current-configuration [V200R003C00] # sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal.
动态路由BGP实验.rar
01-20
动态路由协议是网络通信中的重要组成部分,特别是在大型网络和互联网中, Border Gateway Protocol(BGP)作为外部网关...通过这样的实验,你可以更好地掌握如何配置和管理BGP,以及如何利用其特性来设计和优化网络。
基于BGP路由表的域间路径特性实验研究
03-01
基于BGP路由表的域间路径特性实验研究
HCIE 实验拓扑文件.zip
09-12
2. **路由协议**:熟悉静态路由、RIP(Routing Information Protocol)、OSPF(Open Shortest Path First)、EIGRP(Enhanced Interior Gateway Routing Protocol)、BGP(Border Gateway Protocol)等路由协议的...
南京邮电大学-课程实验-计算机通信与网络实验-实验报告和源码说明.zip
最新发布
05-12
在这个实验中,学生将接触路由器的工作原理,学习基本的路由协议,如RIP、OSPF或BGP。通过配置虚拟路由器,理解路由表的更新、路径选择和路由环路避免等问题,从而深入理解互联网中的数据包传输。 复习资料: 这...
ccnp实验知道书籍
06-30
从简单的EIGRP接口启用,到注入默认路由,再到路由汇总和非等价负载均衡的配置,以及安全性的EIGRP认证,这一系列实验让读者能够全面理解EIGRP的运行机制和高级特性。此外,还介绍了EIGRP的扩展知识,为进阶学习打下...
wolf 的bgp分解实验练习 几套联系涵盖了 BGP的基础内容
08-06
BGP分解实验四将涵盖BGP的一些高级特性,如路由反射器(Route Reflectors)、联盟(Confederations)、负载均衡(Load Balancing)以及路径操作。此外,你将学习如何进行BGP故障排查,包括检查邻居状态、查看路由表...
NP实验笔记
11-09
最后,BGP(Border Gateway Protocol)的学习是NP实验的重要组成部分。手册详细讲解了BGP的基本配置、使用环回地址配置BGP、自动汇总的理解、路由汇总、同步规则、邻居认证、本地优先级、路由地图配置本地优先级、多...
BGP(基于华为)理论学习+特性介绍+命令学习+实验配置+组网案例
11-30
BGP(基于华为)理论学习+特性介绍+命令学习+实验配置+组网案例
思科实验教程
09-13
3. **增强内部网关路由协议(EIGRP)**:EIGRP是思科开发的一种动态路由协议,提供了快速收敛、负载均衡和带宽效率等特性。它使用DUAL算法,能够在拓扑变化时快速找到最佳路径,并能自动处理网络故障。 4. **回调...
工大瑞普CCNP实验手册
07-04
这些实验旨在使学习者熟悉EIGRP的工作原理和高级特性,如负载均衡和路由安全性。 OSPF实验则涉及多区域配置、NBMA网络的配置、认证设置、外部路由汇总、默认路由带度量的配置、存根区域、完全存根区域、NSSA区域...
HCIP!!!MGRE实验
qq_43199083的博客
12-07 193
拓扑图 <r1>dis cu [V200R003C00] # sysname r1 # board add 0/4 2SA # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-
静态路由实验(华为)
qq_43754475的博客
09-16 968
[R1]display current-configuration [V200R003C00] # sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-serv...
IP PREFIX-LIST[前缀列表]
weixin_33941350的博客
03-07 6062
前缀列表の书写规范:ip prefix-list 1 permit 192.168.16.0/[mask] ge [value] le [value]Len(mask)<ge-value<=le-value前缀列表会先根据掩长度码范围进行匹配(也就是说,不看IP,先看掩码)ge[value] 表示大于等于[value]le[value] 表示小于等于[v...
动态路由协议BGP介绍
qq_41054709的博客
07-29 3706
文章目录BGP介绍BGP相关术语BGP报文介绍BGP五种报文BGP报文结构路由属性分类:BGP常见路由属性Origin属性Next_Hop属性AS_Path属性Local_Pre属性Community属性MED属性BGP路由黑洞产生原因BGP路由反射器以及联盟BGP路由反射器BGP联盟BGP原理 BGP介绍 BGP(Border Gataway Protocol,边界网关协议)是一种用于解决OSP...
周二上午-ZY1906-研究生套件2(BGP)1
08-08
实验中未发现NOTIFICATION报文,这符合BGP协议的特性,因为NOTIFICATION报文仅在检测到错误或异常情况时发送,如连接中断、协商失败或报文错误。在R1和R2的BGP会话稳定状态下,不会有此类报文出现。 实验深入地探讨...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

土豆aaa

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值