要求:
1、使用PreVal策略,确保R4通过R2到达192.168.10.0/24
2、使用AS_Path策略,确保R4通过R3到达192.168.11.0/24
3、配置MED策略,确保R4通过R3到达192.168.12.0/24
4、使用Local Preference策略,确保R1通过R2到达192.168.1.0/24
5、使用Local Preference策略,确保R1通过R3到达192.168.2.0/24
6、配置负载均衡,确保R1通过R2和R3到达192.168.3.0/24
7、使用AS策略,AS 500不接受任何始发于AS 123的路由
8、使用自定义community策略,确保192.168.3.0/24路由不会被发布到AS 500
9、IBGP使用环回接口建邻,EBGP使用物理接口建邻
10、修改AS 123中的用户网段为Broadcast,方便后续在BGP中宣告
11、BGP在宣告时,仅宣告24网段的用户网段
分析:
1、配置IP地址
AR1
[AR1]int g 0/0/0
[AR1-GigabitEthernet0/0/0]ip add 12.0.0.1 29
[AR1-GigabitEthernet0/0/0]int g 0/0/1
[AR1-GigabitEthernet0/0/1]ip add 13.0.0.1 29
[AR1-GigabitEthernet0/0/1]int g 0/0/2
[AR1-GigabitEthernet0/0/2]ip add 15.0.0.1 29
[AR1-GigabitEthernet0/0/2]int l 0
[AR1-LoopBack0]ip add 1.1.1.1 32
[AR1-LoopBack0]int l 1
[AR1-LoopBack1]ip add 192.168.100.1 24
AR2
[AR2]int g 0/0/0
[AR2-GigabitEthernet0/0/0]ip add 24.0.0.2 29
[AR2-GigabitEthernet0/0/0]int g 0/0/1
[AR2-GigabitEthernet0/0/1]ip add 12.0.0.2 29
[AR2-GigabitEthernet0/0/1]int l 0
[AR2-LoopBack0]ip add 2.2.2.2 32
[AR2-LoopBack0]int l 1
[AR2-LoopBack1]ip add 192.168.20.1 24
AR3
[AR3]int g 0/0/0
[AR3-GigabitEthernet0/0/0]ip add 34.0.0.3 29
[AR3-GigabitEthernet0/0/0]int g 0/0/1
[AR3-GigabitEthernet0/0/1]ip add 13.0.0.3 29
[AR3-GigabitEthernet0/0/1]int l 0
[AR3-LoopBack0]ip add 3.3.3.3 32
[AR3-LoopBack0]int l 1
[AR3-LoopBack1]ip add 192.168.30.1 24
AR4
[AR4]int g 0/0/0
[AR4-GigabitEthernet0/0/0]ip add 24.0.0.4 29
[AR4-GigabitEthernet0/0/0]int g 0/0/1
[AR4-GigabitEthernet0/0/1]ip add 34.0.0.4 29
[AR4-GigabitEthernet0/0/1]int l 0
[AR4-LoopBack0]ip add 192.168.1.1 24
[AR4-LoopBack0]int l 1
[AR4-LoopBack1]ip add 192.168.2.1 24
[AR4-LoopBack1]int l 2
[AR4-LoopBack2]ip add 192.168.3.1 24
AR5
[AR5]int g 0/0/0
[AR5-GigabitEthernet0/0/0]ip add 15.0.0.5 29
[AR5-GigabitEthernet0/0/0]int l 0
[AR5-LoopBack0]ip add 192.168.10.1 24
[AR5-LoopBack0]int l 1
[AR5-LoopBack1]ip add 192.168.11.1 24
[AR5-LoopBack1]int l 2
[AR5-LoopBack2]ip add 192.168.12.1 24
2、AS 123启用OSPF
AR1
[AR1]ospf 1 router-id 1.1.1.1
[AR1-ospf-1]a 0
[AR1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 192.168.100.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 12.0.0.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 13.0.0.1 0.0.0.0
AR2
[AR2]ospf 1 router-id 2.2.2.2
[AR2-ospf-1]a 0
[AR2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]network 192.168.20.1 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]network 12.0.0.2 0.0.0.0
AR3
[AR3]ospf 1 router-id 3.3.3.3
[AR3-ospf-1]a 0
[AR3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]network 192.168.30.1 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]network 13.0.0.3 0.0.0.0
3、启用BGP,并且IBGP使用环回建邻,EBGP使用物理接口建邻
AR1
[AR1]bgp 123
[AR1-bgp]router-id 1.1.1.1
[AR1-bgp]peer 2.2.2.2 as 123
[AR1-bgp]peer 2.2.2.2 con l 0
[AR1-bgp]peer 2.2.2.2 next-hop-local
[AR1-bgp]peer 3.3.3.3 as 123
[AR1-bgp]peer 3.3.3.3 con l 0
[AR1-bgp]peer 3.3.3.3 next-hop-local
[AR1-bgp]peer 15.0.0.5 as 500
AR2
[AR2]bgp 123
[AR2-bgp]router-id 2.2.2.2
[AR2-bgp]peer 1.1.1.1 as 123
[AR2-bgp]peer 1.1.1.1 con l 0
[AR2-bgp]peer 1.1.1.1 next-hop-local
[AR2-bgp]peer 24.0.0.4 as 400
AR3
[AR3]bgp 123
[AR3-bgp]router-id 3.3.3.3
[AR3-bgp]peer 1.1.1.1 as 123
[AR3-bgp]peer 1.1.1.1 con l 0
[AR3-bgp]peer 1.1.1.1 next-hop-local
[AR3-bgp]peer 34.0.0.4 as 400
AR4
[AR4]bgp 400
[AR4-bgp]router-id 4.4.4.4
[AR4-bgp]peer 24.0.0.2 as 123
[AR4-bgp]peer 34.0.0.3 as 123
AR5
[AR5]bgp 500
[AR5-bgp]router-id 5.5.5.5
[AR5-bgp]peer 15.0.0.1 as 123
4、在BGP中宣告网段
AR1
[AR1]bgp 123
[AR1-bgp]network 192.168.100.0 24
AR2
[AR2]bgp 123
[AR2-bgp]network 192.168.20.0 24
AR3
[AR3]bgp 123
[AR3-bgp]network 192.168.30.0 24
AR4
[AR4-bgp]network 192.168.1.0 24
[AR4-bgp]network 192.168.2.0 24
[AR4-bgp]network 192.168.3.0 24
AR5
[AR5]bgp 500
[AR5-bgp]network 192.168.10.0 24
[AR5-bgp]network 192.168.11.0 24
[AR5-bgp]network 192.168.12.0 24
5、 使用PreVal策略,确保R4通过R2到达192.168.10.0/24
方法一:
[AR1-bgp]peer 2.2.2.2 preferred-value 100
方法二:
[AR1]ip ip-prefix PV permit 192.168.1.0 24
[AR1]ip ip-prefix PV permit 192.168.2.0 24
[AR1]ip ip-prefix PV permit 192.168.3.0 24
[AR1]route-policy PV permit node 10
[AR1-route-policy]if-match ip-prefix PV
[AR1-route-policy]apply preferred-value 100
[AR1-route-policy]q
[AR1]route-policy PV permit node 20
Info: New Sequence of this List.
[AR1-route-policy]q
[AR1]bgp 123
[AR1-bgp]peer 2.2.2.2 route-policy PV import
6、使用AS_Path策略,确保R4通过R3到达192.168.11.0/24
[AR1]ip ip-prefix AS permit 192.168.1.0 24
[AR1]ip ip-prefix AS permit 192.168.2.0 24
[AR1]ip ip-prefix AS permit 192.168.3.0 24
[AR1]route-policy AS permit node 10
[AR1-route-policy]if-match ip-prefix AS
[AR1-route-policy]apply as-path 14 additive
[AR1-route-policy]q
[AR1]route-policy AS permit node 20
[AR1-route-policy]q
[AR1]bgp 123[AR1-bgp]peer 2.2.2.2 route-policy AS import
7、配置MED策略,确保R4通过R3到达192.168.12.0/24
[AR2]ip ip-prefix MED permit 192.168.1.0 24
[AR2]ip ip-prefix MED permit 192.168.2.0 24
[AR2]ip ip-prefix MED permit 192.168.3.0 24
[AR2]route-policy MED permit node 10
[AR2-route-policy]if-match ip-prefix MED
[AR2-route-policy]apply cost 10
[AR2-route-policy]q
[AR2]route-policy MED permit node 20
[AR2-route-policy]q
[AR2]bgp 123
[AR2-bgp]peer 1.1.1.1 route-policy MED export
8、使用Local Preference策略,确保R1通过R2到达192.168.1.0/24
[AR1]ip ip-prefix LP2 permit 192.168.100.0 24
[AR1]route-policy LP2 permit node 10
[AR1-route-policy]if-match ip-prefix LP2
[AR1-route-policy]apply local-preference 200
[AR1-route-policy]q
[AR1]route-policy LP2 permit node 20
[AR1-route-policy]q
[AR1]bgp 123
[AR1-bgp]peer 2.2.2.2 route-policy LP2 export
9、使用Local Preference策略,确保R1通过R3到达192.168.2.0/24
[AR1]ip ip-prefix LP3 permit 192.168.100.0 24
[AR1]route-policy LP3 permit node 10
[AR1-route-policy]if-match ip-prefix LP3
[AR1-route-policy]apply local-preference 300
[AR1-route-policy]q
[AR1]route-policy LP3 permit node 20
[AR1-route-policy]q
[AR1]bgp 123
[AR1-bgp]peer 3.3.3.3 route-policy LP3 export
10、配置负载均衡,确保R1通过R2和R3到达192.168.3.0/24
[AR4]bgp 400
[AR4-bgp]maximum load-balancing 2
11、使用AS策略,AS 500不接受任何始发于AS 123的路由
[AR5]ip as-path-filter 1 deny _123$
[AR5]ip as-path-filter 1 permit .*
[AR5]bgp 500
[AR5-bgp]peer 15.0.0.1 as-path-filter 1 import
12、使用自定义community策略,确保192.168.3.0/24路由不会被发布到AS 500
[AR4]ip ip-prefix Community permit 192.168.3.0 24
[AR4]route-policy Community permit node 10
[AR4-route-policy]if-match ip-prefix Community
[AR4-route-policy]apply community no-export-subconfed
[AR4-route-policy]q
[AR4]route-policy Community permit node 20
[AR4-route-policy]q[AR4]bgp 400
[AR4-bgp]peer 24.0.0.2 route-policy Community export[AR4-bgp]peer 24.0.0.2 advertise-community
[AR4-bgp]peer 34.0.0.3 route-policy Community export
[AR4-bgp]peer 34.0.0.3 advertise-community
[AR2]bgp 123
[AR2-bgp]peer 1.1.1.1 advertise-community[AR3]bgp 123
[AR3-bgp]peer 1.1.1.1 advertise-community[AR1]bgp 123
[AR1-bgp]peer 15.0.0.5 advertise-community