H3C学习笔记 BGP学习综合实验
H3C BGP OSPF RIP 学习综合实验
企业内部运行OSPF,不承载业务流量,并且运行IBGP。企业之间通过公网运行EBGP,办事处与总公司运行RIP。
拓扑如下:
实验需求:
1、某企业总公司和分公司运行EBGP 实现路由互通,办事处运行 RIPv2。总公司和分公司之间通过两条线路相连。企业内有办公和财务两种流量。
2、按照图示配置 IP 地址,除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立可靠的邻居,地址格式为 X.X.X.X/32,X 为设备编号。
3、总公司和分公司内部配置 OSPF,仅用于实现 BGP 的 TCP 可达,不宣告业务网段。
4、办事处和总公司之间配置 RIPv2。
5、总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002,各自 AS 内部使用对等体组建立可靠的 IBGP 全连接,AS 之间使用直连接口建立 EBGP 邻居,总公司和分公司的业务网段宣告在 BGP 中。
6、为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使办公数据经过 R2 和 R4(左边),财务数据经过 R3 和 R5(右边)。
7、适当调整链路 Cost,避免产生等价路由。
8、在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的办公和财务都能与总公司互通,但办事处与分公司之间只有办公能够互通。
9、不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文。
总公司、分公司与办事处内部路由配置
按照图中规划,给各设备配置好IP地址,然后启用动态路由协议:
各路由器接口IP配置
路由器R1接口IP配置如下:
//R1接口IP配置命令
<H3C>system-view
[H3C]sysname R1
[R1]interface GigabitEthernet 0/0
[R1-GigabitEthernet0/0]ip address 10.0.0.1 30
[R1-GigabitEthernet0/0]quit
[R1]interface GigabitEthernet 0/1
[R1-GigabitEthernet0/1]ip address 10.0.0.5 30
[R1-GigabitEthernet0/1]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit
[R1]interface LoopBack 1
[R1-LoopBack0]ip address 192.168.0.1 24
[R1-LoopBack0]quit
[R1]interface LoopBack 2
[R1-LoopBack0]ip address 172.16.0.1 24
[R1-LoopBack0]quit
//R1接口IP查看命令及结果
[R1]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.1 --
GE0/1 up up 10.0.0.5 --
GE0/2 down down -- --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 1.1.1.1 --
Loop1 up up(s) 192.168.0.1 --
Loop2 up up(s) 172.16.0.1 --
路由器R2接口IP配置如下:
//R2接口IP查看命令及结果
[R2]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.2 --
GE0/1 up up 10.0.0.9 --
GE0/2 up up 10.0.0.13 --
GE5/0 up up 10.0.0.33 --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 2.2.2.2 --
路由器R3接口IP配置如下:
//R3接口IP查看命令及结果
[R3]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.6 --
GE0/1 up up 10.0.0.10 --
GE0/2 up up 10.0.0.17 --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 3.3.3.3 --
路由器R4接口IP配置如下:
//R4接口IP查看命令及结果
[R4]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.25 --
GE0/1 up up 10.0.0.21 --
GE0/2 up up 10.0.0.14 --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 4.4.4.4 --
路由器R5接口IP配置如下:
//R5接口IP查看命令及结果
[R5]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.29 --
GE0/1 up up 10.0.0.22 --
GE0/2 up up 10.0.0.18 --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 5.5.5.5 --
路由器R6接口IP配置如下:
//R6接口IP查看命令及结果
[R6]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.26 --
GE0/1 up up 10.0.0.30 --
GE0/2 down down -- --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 6.6.6.6 --
Loop1 up up(s) 192.168.1.1 --
Loop2 up up(s) 172.16.1.1 --
路由器R7接口IP配置如下:
//R7接口IP查看命令及结果
[R7]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 10.0.0.34 --
GE0/1 down down -- --
GE0/2 down down -- --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
Loop0 up up(s) 192.168.2.1 --
Loop1 up up(s) 172.16.2.1 --
总公司内部OSPF动态路由协议配置
除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立邻居,地址格式为 X.X.X.X/32,X 为设备编号
OSPF路由仅实现各路由器之间路由可达,不承载业务。
路由器R1配置如下:
[R1]ospf router-id 1.1.1.1 //以环回0口地址作为router-id
[R1-ospf-1]area 0 //实验环境使用骨干区域
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 //精准宣告router-id
[R1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0 // 精准宣告接口IP
[R1-ospf-1-area-0.0.0.0]network 10.0.0.5 0.0.0.0
//查看R1 OSPF配置
[R1-ospf-1]dis this
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.0.1 0.0.0.0
network 10.0.0.5 0.0.0.0
#
return
路由器R2配置如下:
//查看R2 OSPF配置
[R2-ospf-1]dis this
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.0.2 0.0.0.0
network 10.0.0.9 0.0.0.0
#
return
路由器R3配置如下:
//查看R3 OSPF配置
[R3-ospf-1]dis this
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.0.6 0.0.0.0
network 10.0.0.10 0.0.0.0
#
return
查看R1 R2 R3之间的OSPF路由邻居状态:
//查看R1 OSPF状态
<R1>display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
2.2.2.2 10.0.0.2 1 35 Full/DR GE0/0
3.3.3.3 10.0.0.6 1 39 Full/DR GE0/1
//查看R2 OSPF状态
<R2>display ospf peer
OSPF Process 1 with Router ID 2.2.2.2
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
1.1.1.1 10.0.0.1 1 40 Full/BDR GE0/0
3.3.3.3 10.0.0.10 1 31 Full/DR GE0/1
//查看R3 OSPF状态
<R3>display ospf peer
OSPF Process 1 with Router ID 3.3.3.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
1.1.1.1 10.0.0.5 1 34 Full/BDR GE0/0
2.2.2.2 10.0.0.9 1 34 Full/BDR GE0/1
查看R1 R2 R3之间的OSPF路由学习情况:
//查看R1 OSPF路由学习情况
<R1>display ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
10.0.0.0/30 1 Transit 0.0.0.0 2.2.2.2 0.0.0.0
10.0.0.4/30 1 Transit 0.0.0.0 1.1.1.1 0.0.0.0
10.0.0.8/30 2 Transit 10.0.0.6 2.2.2.2 0.0.0.0
10.0.0.8/30 2 Transit 10.0.0.2 2.2.2.2 0.0.0.0
3.3.3.3/32 1 Stub 10.0.0.6 3.3.3.3 0.0.0.0
2.2.2.2/32 1 Stub 10.0.0.2 2.2.2.2 0.0.0.0
1.1.1.1/32 0 Stub 0.0.0.0 1.1.1.1 0.0.0.0
Total nets: 7
Intra area: 7 Inter area: 0 ASE: 0 NSSA: 0
//查看R2 OSPF路由学习情况
<R2>display ospf routing
OSPF Process 1 with Router ID 2.2.2.2
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
10.0.0.0/30 1 Transit 0.0.0.0 2.2.2.2 0.0.0.0
10.0.0.4/30 2 Transit 10.0.0.10 1.1.1.1 0.0.0.0
10.0.0.4/30 2 Transit 10.0.0.1 1.1.1.1 0.0.0.0
10.0.0.8/30 1 Transit 0.0.0.0 2.2.2.2 0.0.0.0
3.3.3.3/32 1 Stub 10.0.0.10 3.3.3.3 0.0.0.0
2.2.2.2/32 0 Stub 0.0.0.0 2.2.2.2 0.0.0.0
1.1.1.1/32 1 Stub 10.0.0.1 1.1.1.1 0.0.0.0
Total nets: 7
Intra area: 7 Inter area: 0 ASE: 0 NSSA: 0
//查看R3 OSPF路由学习情况
<R3>dis ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
10.0.0.0/30 2 Transit 10.0.0.5 2.2.2.2 0.0.0.0
10.0.0.0/30 2 Transit 10.0.0.9 2.2.2.2 0.0.0.0
10.0.0.4/30 1 Transit 0.0.0.0 1.1.1.1 0.0.0.0
10.0.0.8/30 1 Transit 0.0.0.0 2.2.2.2 0.0.0.0
3.3.3.3/32 0 Stub 0.0.0.0 3.3.3.3 0.0.0.0
2.2.2.2/32 1 Stub 10.0.0.9 2.2.2.2 0.0.0.0
1.1.1.1/32 1 Stub 10.0.0.5 1.1.1.1 0.0.0.0
Total nets: 7
Intra area: 7 Inter area: 0 ASE: 0 NSSA: 0
分公司内部OSPF动态路由协议配置
路由器R4-R6 配置如下:
//查看R4 OSPF配置
[R4-ospf-1]dis this
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.0.21 0.0.0.0
network 10.0.0.25 0.0.0.0
#
return
//查看R5 OSPF配置
[R5-ospf-1]dis this
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.0.0.22 0.0.0.0
network 10.0.0.29 0.0.0.0
#
return
//查看R6 OSPF配置
[R6-ospf-1]dis this
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.0.0.26 0.0.0.0
network 10.0.0.30 0.0.0.0
#
return
查看R4 R5 R6之间的OSPF路由邻居状态:
//查看R4 OSPF状态
[R4]display ospf peer
OSPF Process 1 with Router ID 4.4.4.4
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
6.6.6.6 10.0.0.26 1 38 Full/BDR GE0/0
5.5.5.5 10.0.0.22 1 34 Full/BDR GE0/1
//查看R5 OSPF状态
[R5]display ospf peer
OSPF Process 1 with Router ID 5.5.5.5
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
6.6.6.6 10.0.0.30 1 34 Full/DR GE0/0
4.4.4.4 10.0.0.21 1 38 Full/DR GE0/1
//查看R6 OSPF状态
[R6]display ospf peer
OSPF Process 1 with Router ID 6.6.6.6
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
4.4.4.4 10.0.0.25 1 36 Full/DR GE0/0
5.5.5.5 10.0.0.29 1 36 Full/BDR GE0/1
查看R4 R5 R6之间的OSPF路由学习情况:
//查看R4 OSPF路由学习情况
[R4]display ospf routing
OSPF Process 1 with Router ID 4.4.4.4
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
6.6.6.6/32 1 Stub 10.0.0.26 6.6.6.6 0.0.0.0
5.5.5.5/32 1 Stub 10.0.0.22 5.5.5.5 0.0.0.0
4.4.4.4/32 0 Stub 0.0.0.0 4.4.4.4 0.0.0.0
10.0.0.20/30 1 Transit 0.0.0.0 4.4.4.4 0.0.0.0
10.0.0.24/30 1 Transit 0.0.0.0 4.4.4.4 0.0.0.0
10.0.0.28/30 2 Transit 10.0.0.26 6.6.6.6 0.0.0.0
10.0.0.28/30 2 Transit 10.0.0.22 6.6.6.6 0.0.0.0
Total nets: 7
Intra area: 7 Inter area: 0 ASE: 0 NSSA: 0
//查看R5 OSPF路由学习情况
[R5]display ospf routing
OSPF Process 1 with Router ID 5.5.5.5
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
6.6.6.6/32 1 Stub 10.0.0.30 6.6.6.6 0.0.0.0
5.5.5.5/32 0 Stub 0.0.0.0 5.5.5.5 0.0.0.0
4.4.4.4/32 1 Stub 10.0.0.21 4.4.4.4 0.0.0.0
10.0.0.20/30 1 Transit 0.0.0.0 4.4.4.4 0.0.0.0
10.0.0.24/30 2 Transit 10.0.0.21 4.4.4.4 0.0.0.0
10.0.0.24/30 2 Transit 10.0.0.30 4.4.4.4 0.0.0.0
10.0.0.28/30 1 Transit 0.0.0.0 6.6.6.6 0.0.0.0
Total nets: 7
Intra area: 7 Inter area: 0 ASE: 0 NSSA: 0
//查看R6 OSPF路由学习情况
[R6]display ospf routing
OSPF Process 1 with Router ID 6.6.6.6
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
6.6.6.6/32 0 Stub 0.0.0.0 6.6.6.6 0.0.0.0
5.5.5.5/32 1 Stub 10.0.0.29 5.5.5.5 0.0.0.0
4.4.4.4/32 1 Stub 10.0.0.25 4.4.4.4 0.0.0.0
10.0.0.20/30 2 Transit 10.0.0.25 4.4.4.4 0.0.0.0
10.0.0.20/30 2 Transit 10.0.0.29 4.4.4.4 0.0.0.0
10.0.0.24/30 1 Transit 0.0.0.0 4.4.4.4 0.0.0.0
10.0.0.28/30 1 Transit 0.0.0.0 6.6.6.6 0.0.0.0
Total nets: 7
Intra area: 7 Inter area: 0 ASE: 0 NSSA: 0
办事处RIP路由配置:
办事处和总公司之间配置 RIPv2。
R2 R7配置如下:
//R2 RIP配置如下
[R2-rip-1]dis this
#
rip 1 //进入RIP视图
undo summary //关闭自动路由聚合
version 2 //选择版本2
network 10.0.0.33 0.0.0.0 //路由宣告
//R7 RIP配置如下
[R7-rip-1]dis this
#
rip 1
undo summary
version 2
network 10.0.0.34 0.0.0.0
network 172.16.2.0 0.0.0.255
network 192.168.2.0
R2 R7 RIP路由学习:
//R2已学习到R7的RIP路由
[R2]display ip routing-table | include RIP
172.16.2.0/24 RIP 100 1 10.0.0.34 GE5/0
192.168.2.0/24 RIP 100 1 10.0.0.34 GE5/0
总公司与分公司BGP路由配置
总公司BGP配置:
总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002;
各自 AS 内部使用对等体组建立可靠的 IBGP 全连接;
AS 之间使用直连接口建立 EBGP 邻居;
总公司和分公司的业务网段宣告在 BGP 中。
1、BGP配置:
//R1 BGP配置
[R1-bgp-default]dis this
#
bgp 65001 //进入BGP视图
group neibu internal //使用对等体组
peer neibu connect-interface LoopBack0 //更改更新源地址为环回口
peer 2.2.2.2 group neibu //R2加入对等体组
peer 3.3.3.3 group neibu //R3加入对等体组
#
address-family ipv4 unicast //进入IPv4地址族
peer neibu enable //使能邻居对等体组
#
return
//R2 BGP配置
[R2-bgp-default]dis this
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002 //指向另一个BGP区域
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local //跨BGP区域,把更新源改为本身
peer 10.0.0.14 enable
#
return
//R3 BGP配置
[R3-bgp-default]dis this
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 2.2.2.2 group neibu
peer 10.0.0.18 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.18 enable
#
return
2、BGP状态:
//R1 BGP状态
[R1]dis bgp pe ipv4
BGP local router ID: 192.168.0.1
Local AS number: 65001
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.2.2.2 65001 14 13 0 0 00:08:51 Established
3.3.3.3 65001 3 3 0 0 00:00:41 Established
//R2 BGP状态
[R2]dis bgp pe ipv4
BGP local router ID: 2.2.2.2
Local AS number: 65001
Total number of peers: 3 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 65001 13 14 0 0 00:08:40 Established
3.3.3.3 65001 3 3 0 0 00:00:31 Established
10.0.0.14 65002 0 0 0 0 00:09:00 Connect
//R3 BGP状态
[R3]dis bgp pe ipv4
BGP local router ID: 3.3.3.3
Local AS number: 65001
Total number of peers: 3 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 65001 3 3 0 0 00:00:16 Established
2.2.2.2 65001 3 3 0 0 00:00:17 Established
10.0.0.18 65002 0 0 0 0 00:00:39 Connect
分公司BGP配置:
1、BGP配置:
//R4 BGP配置
[R4-bgp-default]dis this
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 5.5.5.5 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.13 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.13 enable
#
return
//R5 BGP配置
[R5-bgp-default]dis this
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.17 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.17 enable
#
return
//R6 BGP配置
[R6-bgp-default]dis this
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 5.5.5.5 group neibu
#
address-family ipv4 unicast
peer neibu enable
#
return
2、BGP状态:
//R4 BGP状态
[R4-bgp-default]dis bgp pee ipv4
BGP local router ID: 4.4.4.4
Local AS number: 65002
Total number of peers: 3 Peers in established state: 3
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
5.5.5.5 65002 5 5 0 0 00:01:56 Established
6.6.6.6 65002 4 4 0 0 00:01:09 Established
10.0.0.13 65001 10 9 0 0 00:05:57 Established
//R5 BGP状态
[R5-bgp-default]dis bgp pee ipv4
BGP local router ID: 5.5.5.5
Local AS number: 65002
Total number of peers: 3 Peers in established state: 3
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
4.4.4.4 65002 5 5 0 0 00:02:00 Established
6.6.6.6 65002 4 4 0 0 00:01:10 Established
10.0.0.17 65001 4 5 0 0 00:01:53 Established
//R6 BGP状态
[R6-bgp-default]dis bgp pee ipv4
BGP local router ID: 192.168.1.1
Local AS number: 65002
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
4.4.4.4 65002 6 6 0 0 00:03:33 Established
5.5.5.5 65002 7 7 0 0 00:03:31 Established
将业务网段宣告进BGP
1、BGP宣告业务网段
//R1 宣告业务网段
[R1-bgp-default]dis this
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 2.2.2.2 group neibu
peer 3.3.3.3 group neibu
#
address-family ipv4 unicast
network 172.16.0.0 255.255.255.0
network 192.168.0.0 255.255.255.0
peer neibu enable
#
return
//R6 宣告业务网段
[R6-bgp-default]dis this
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 5.5.5.5 group neibu
#
address-family ipv4 unicast
network 172.16.1.0 255.255.255.0
network 192.168.1.0 255.255.255.0
peer neibu enable
#
return
2、BGP路由查看
//R1 BGP学习情况
[R1]dis bgp routing-table ipv4
Total number of routes: 6
BGP local router ID is 192.168.0.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* > 172.16.0.0/24 172.16.0.1 0 32768 i
* >i 172.16.1.0/24 2.2.2.2 100 0 65002i
* i 3.3.3.3 100 0 65002i
* > 192.168.0.0 192.168.0.1 0 32768 i
* >i 192.168.1.0 2.2.2.2 100 0 65002i
* i 3.3.3.3 100 0 65002i
//R6 BGP学习情况
[R6]display bgp routing-table ipv4
Total number of routes: 6
BGP local router ID is 192.168.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 172.16.0.0/24 4.4.4.4 100 0 65001i
* i 5.5.5.5 100 0 65001i
* > 172.16.1.0/24 172.16.1.1 0 32768 i
* >i 192.168.0.0 4.4.4.4 100 0 65001i
* i 5.5.5.5 100 0 65001i
* > 192.168.1.0 192.168.1.1 0 32768 i
调整BGP的as-path参数,使办公与财务负载分流
为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使办公数据经过 R2 和 R4(左边),财务数据经过 R3 和 R5(右边)。
针对办公流走R2-R4(左边)
在R3和R5上面调整BGP的as-path属性,加大as-path,使得ap-path变长,达到办公流量经过R3-R5路径变次优,办公流量优先走R2-R4。
a:在R3 BGP路由出方向对总公司的办公流加大ap-path
b:在R5 BGP路由出方向对分公司的办公流加大ap-path
//在R3的出方向针对办公流量做策略,增加本区域号。
//匹配出办公业务流量
acl basic 2000
description Offiec
rule 0 permit source 192.168.0.0 0.0.0.255
//写策略关联ACL,
route-policy office permit node 10
if-match ip address acl 2000 //如果匹配到流量
apply as-path 65001 //加一个as-path
#
route-policy finance permit node 20 //因默认拒绝,所以写空节点放行其他流量
#
//在BGP 地址族的出口方向调用策略
[R3-bgp-default]dis this
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 2.2.2.2 group neibu
peer 10.0.0.18 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.18 enable
peer 10.0.0.18 route-policy office export //出方向调用
#
return
//在R5的出方向针对办公流量做策略,增加本区域号。
//匹配出办公业务流量
acl basic 2000
description Offiec
rule 0 permit source 192.168.1.0 0.0.0.255
//写策略关联ACL,
route-policy office permit node 10
if-match ip address acl 2000
apply as-path 65002
#
route-policy office permit node 20 //因默认拒绝,所以写空节点放行其他流量
#
//在BGP 地址族的出口方向调用策略
[R5-bgp-default]dis this
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.17 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.17 enable
peer 10.0.0.17 route-policy office export //出方向调用
#
return
针对财务流走R3-R5(右边)
在R3和R5上面调整BGP的as-path属性,加大as-path,使得ap-path变长,达到财务流量经过R2-R4路径变次优,财务流量优先走R3-R5。
a:在R2 BGP路由出方向对总公司的财务流加大ap-path
b:在R4 BGP路由出方向对分公司的财务流加大ap-path
//在R2的出方向针对财务流量做策略,增加本区域号。
//匹配出财务业务流量
acl basic 2001
description finance
rule 0 permit source 172.16.0.0 0.0.0.255
//写策略关联ACL,
route-policy finance permit node 10
if-match ip address acl 2001
apply as-path 65001
#
route-policy finance permit node 20
#
//在BGP 地址族的出口方向调用策略
[R2-bgp-default]dis this
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
peer 10.0.0.14 route-policy finance export //出方向调用
#
return
//在R4的出方向针对财务流量做策略,增加本区域号。
//匹配出财务业务流量
acl basic 2001
description finance
rule 0 permit source 172.16.1.0 0.0.0.255
//写策略关联ACL,
route-policy finance permit node 10
if-match ip address acl 2001
apply as-path 65002
#
route-policy finance permit node 20
#
//在BGP 地址族的出口方向调用策略
[R4-bgp-default]dis this
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 5.5.5.5 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.13 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.13 enable
peer 10.0.0.13 route-policy finance export //出方向调用
#
return
查看实验结果:
//R1 BGP路由表
<R1>dis bgp routing-table ipv4
Total number of routes: 4
BGP local router ID is 192.168.0.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* > 172.16.0.0/24 172.16.0.1 0 32768 i
* >i 172.16.1.0/24 3.3.3.3 100 0 65002i
* > 192.168.0.0 192.168.0.1 0 32768 i
* >i 192.168.1.0 2.2.2.2 100 0 65002i
//R6 BGP路由表
<R6>dis bgp rou ipv4
Total number of routes: 4
BGP local router ID is 192.168.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 172.16.0.0/24 5.5.5.5 100 0 65001i
* > 172.16.1.0/24 172.16.1.1 0 32768 i
* >i 192.168.0.0 4.4.4.4 100 0 65001i
* > 192.168.1.0 192.168.1.1 0 32768 i
把总公司R2与办事处R7的路由做双向引入
在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的办公和财务都能与总公司互通;
但办事处与分公司之间只有办公能够互通。
总公司R2 BGP引入RIP
//R2 BGP引入RIP
[R2-bgp-default]dis this
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
import-route rip 1 //引入RIP路由
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
peer 10.0.0.14 route-policy finance export
#
return
办事处RIP路由引入到BGP
办事处与分公司之间只有办公能够互通。
避免RIP中办事处学习到分中心的财务路由。
//在R2上面写策略匹配财务流量
//ACL匹配流量
acl basic 2002
description XianLiu
rule 0 permit source 192.168.0.0 0.0.1.255
rule 5 permit source 172.16.0.0 0.0.0.255
//写策略关联ACL
route-policy XL permit node 10
if-match ip address acl 2002
#
//RIP引入BGP时调用,使RIP无法学习BGP分公司财务路由
rip 1
undo summary
version 2
network 10.0.0.33 0.0.0.0
import-route bgp allow-ibgp route-policy XL //调用策略XL,allow-ibgp参数引入所有BGP路由,默认只引入EBGP路由
#
//在BGP路由里面过滤办事处的RIP财务流量,使R6不能学习到R7的财务流量
//R2 定义ACL匹配流量
acl basic 2003
description xl-r2b
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
//R2 BGP中调用
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
import-route rip 1
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
peer 10.0.0.14 route-policy finance export
peer 10.0.0.14 filter-policy 2003 export //因已使用策略路由,使用filter调用ACL过滤办事处的财务流量
//R3 路由器如上
优化配置,写ACL阻止分中心学习办事处的财务路由,在R2和R3上面BGP调用
//写ACL匹配
acl basic 2003
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
//在BGP调用
[R2-bgp-default-ipv4]peer 10.0.0.14 filter-policy 2003 export
//R3同上
调整cost,避免等价路由
优化之前:
//R1
10.0.0.8/30 O_INTRA 10 2 10.0.0.2 GE0/0
10.0.0.6 GE0/1
//R6
10.0.0.20/30 O_INTRA 10 2 10.0.0.25 GE0/0
10.0.0.29 GE0/1
适当调整路由器OSPF接口的cost
[R1-GigabitEthernet0/0]dis this
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.1 255.255.255.252
ospf cost 20
#
[R1-GigabitEthernet0/1]dis this
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 10.0.0.5 255.255.255.252
ospf cost 30
#
[R2-GigabitEthernet0/0]dis this
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.2 255.255.255.252
ospf cost 20
#
[R2-GigabitEthernet0/1]dis this
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 10.0.0.9 255.255.255.252
ospf cost 30
#
[R3-GigabitEthernet0/0]dis this
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.6 255.255.255.252
ospf cost 40
#
[R3-GigabitEthernet0/1]dis this
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 10.0.0.10 255.255.255.252
ospf cost 50
#
//分公司如上
静默接口,不出现协议报文
不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文。
实验当中OSPF未宣告业务网段,无需配置静默接口
BGP路由没有静默接口概念
所以在RIP路由中配置静默接口
//在R7上配置静默业务接口
[R7-rip-1]dis this
#
rip 1
undo summary
version 2
network 10.0.0.34 0.0.0.0
network 172.16.2.0 0.0.0.255
network 192.168.2.0
silent-interface LoopBack0 //静默业务接口
silent-interface LoopBack1 //静默业务接口
#
return
//R2上面静默业务接口
[R2-rip-1]dis this
#
rip 1
undo summary
version 2
network 10.0.0.33 0.0.0.0
silent-interface GigabitEthernet0/0 //静默被宣告的接口
silent-interface GigabitEthernet0/1 //静默被宣告的接口
silent-interface GigabitEthernet0/2 //静默被宣告的接口
import-route bgp allow-ibgp route-policy XL
#
return
结语
刚接触学习BGP,错误之处还请指正,多谢!