H3C学习笔记 BGP学习综合实验

H3C BGP OSPF RIP 学习综合实验

企业内部运行OSPF,不承载业务流量,并且运行IBGP。企业之间通过公网运行EBGP,办事处与总公司运行RIP。
拓扑如下:
topo

实验需求:

1、某企业总公司和分公司运行EBGP 实现路由互通,办事处运行 RIPv2。总公司和分公司之间通过两条线路相连。企业内有办公和财务两种流量。
2、按照图示配置 IP 地址,除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立可靠的邻居,地址格式为 X.X.X.X/32,X 为设备编号。
3、总公司和分公司内部配置 OSPF,仅用于实现 BGP 的 TCP 可达,不宣告业务网段。
4、办事处和总公司之间配置 RIPv2。
5、总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002,各自 AS 内部使用对等体组建立可靠的 IBGP 全连接,AS 之间使用直连接口建立 EBGP 邻居,总公司和分公司的业务网段宣告在 BGP 中。
6、为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使办公数据经过 R2 和 R4(左边),财务数据经过 R3 和 R5(右边)。
7、适当调整链路 Cost,避免产生等价路由。
8、在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的办公和财务都能与总公司互通,但办事处与分公司之间只有办公能够互通。
9、不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文。

总公司、分公司与办事处内部路由配置

按照图中规划,给各设备配置好IP地址,然后启用动态路由协议:

各路由器接口IP配置

路由器R1接口IP配置如下:

//R1接口IP配置命令
<H3C>system-view
[H3C]sysname R1
[R1]interface GigabitEthernet 0/0
[R1-GigabitEthernet0/0]ip address 10.0.0.1 30
[R1-GigabitEthernet0/0]quit
[R1]interface GigabitEthernet 0/1
[R1-GigabitEthernet0/1]ip address 10.0.0.5 30
[R1-GigabitEthernet0/1]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit
[R1]interface LoopBack 1
[R1-LoopBack0]ip address 192.168.0.1 24
[R1-LoopBack0]quit
[R1]interface LoopBack 2
[R1-LoopBack0]ip address 172.16.0.1 24
[R1-LoopBack0]quit
//R1接口IP查看命令及结果
[R1]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.1        --
GE0/1                    up       up       10.0.0.5        --
GE0/2                    down     down     --              --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    1.1.1.1         --
Loop1                    up       up(s)    192.168.0.1     --
Loop2                    up       up(s)    172.16.0.1      --

路由器R2接口IP配置如下:

//R2接口IP查看命令及结果
[R2]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.2        --
GE0/1                    up       up       10.0.0.9        --
GE0/2                    up       up       10.0.0.13       --
GE5/0                    up       up       10.0.0.33       --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    2.2.2.2         --

路由器R3接口IP配置如下:

//R3接口IP查看命令及结果
[R3]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.6        --
GE0/1                    up       up       10.0.0.10       --
GE0/2                    up       up       10.0.0.17       --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    3.3.3.3         --

路由器R4接口IP配置如下:

//R4接口IP查看命令及结果
[R4]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.25       --
GE0/1                    up       up       10.0.0.21       --
GE0/2                    up       up       10.0.0.14       --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    4.4.4.4         --

路由器R5接口IP配置如下:

//R5接口IP查看命令及结果
[R5]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.29       --
GE0/1                    up       up       10.0.0.22       --
GE0/2                    up       up       10.0.0.18       --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    5.5.5.5         --

路由器R6接口IP配置如下:

//R6接口IP查看命令及结果
[R6]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.26       --
GE0/1                    up       up       10.0.0.30       --
GE0/2                    down     down     --              --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    6.6.6.6         --
Loop1                    up       up(s)    192.168.1.1     --
Loop2                    up       up(s)    172.16.1.1      --

路由器R7接口IP配置如下:

//R7接口IP查看命令及结果
[R7]display ip interface brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       10.0.0.34       --
GE0/1                    down     down     --              --
GE0/2                    down     down     --              --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
Loop0                    up       up(s)    192.168.2.1     --
Loop1                    up       up(s)    172.16.2.1      --

总公司内部OSPF动态路由协议配置

除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立邻居,地址格式为 X.X.X.X/32,X 为设备编号
OSPF路由仅实现各路由器之间路由可达,不承载业务。

路由器R1配置如下:

[R1]ospf router-id 1.1.1.1  //以环回0口地址作为router-id
[R1-ospf-1]area 0  //实验环境使用骨干区域 
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0  //精准宣告router-id
[R1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0  // 精准宣告接口IP
[R1-ospf-1-area-0.0.0.0]network 10.0.0.5 0.0.0.0
//查看R1 OSPF配置
[R1-ospf-1]dis this
#
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.0.0.1 0.0.0.0
  network 10.0.0.5 0.0.0.0
#
return

路由器R2配置如下:

//查看R2 OSPF配置
[R2-ospf-1]dis this
#
ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 10.0.0.2 0.0.0.0
  network 10.0.0.9 0.0.0.0
#
return

路由器R3配置如下:

//查看R3 OSPF配置
[R3-ospf-1]dis this
#
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 10.0.0.6 0.0.0.0
  network 10.0.0.10 0.0.0.0
#
return

查看R1 R2 R3之间的OSPF路由邻居状态:

//查看R1 OSPF状态
<R1>display ospf peer

         OSPF Process 1 with Router ID 1.1.1.1
               Neighbor Brief Information

 Area: 0.0.0.0
 Router ID       Address         Pri Dead-Time  State             Interface
 2.2.2.2         10.0.0.2        1   35         Full/DR           GE0/0
 3.3.3.3         10.0.0.6        1   39         Full/DR           GE0/1

//查看R2 OSPF状态
<R2>display ospf peer

         OSPF Process 1 with Router ID 2.2.2.2
               Neighbor Brief Information

 Area: 0.0.0.0
 Router ID       Address         Pri Dead-Time  State             Interface
 1.1.1.1         10.0.0.1        1   40         Full/BDR          GE0/0
 3.3.3.3         10.0.0.10       1   31         Full/DR           GE0/1

//查看R3 OSPF状态
<R3>display ospf peer

         OSPF Process 1 with Router ID 3.3.3.3
               Neighbor Brief Information

 Area: 0.0.0.0
 Router ID       Address         Pri Dead-Time  State             Interface
 1.1.1.1         10.0.0.5        1   34         Full/BDR          GE0/0
 2.2.2.2         10.0.0.9        1   34         Full/BDR          GE0/1

查看R1 R2 R3之间的OSPF路由学习情况:

//查看R1 OSPF路由学习情况
<R1>display ospf routing

         OSPF Process 1 with Router ID 1.1.1.1
                  Routing Table

                Topology base (MTID 0)

 Routing for network
 Destination        Cost     Type    NextHop         AdvRouter       Area
 10.0.0.0/30        1        Transit 0.0.0.0         2.2.2.2         0.0.0.0
 10.0.0.4/30        1        Transit 0.0.0.0         1.1.1.1         0.0.0.0
 10.0.0.8/30        2        Transit 10.0.0.6        2.2.2.2         0.0.0.0
 10.0.0.8/30        2        Transit 10.0.0.2        2.2.2.2         0.0.0.0
 3.3.3.3/32         1        Stub    10.0.0.6        3.3.3.3         0.0.0.0
 2.2.2.2/32         1        Stub    10.0.0.2        2.2.2.2         0.0.0.0
 1.1.1.1/32         0        Stub    0.0.0.0         1.1.1.1         0.0.0.0

 Total nets: 7
 Intra area: 7  Inter area: 0  ASE: 0  NSSA: 0
 
//查看R2 OSPF路由学习情况
<R2>display ospf routing

         OSPF Process 1 with Router ID 2.2.2.2
                  Routing Table

                Topology base (MTID 0)

 Routing for network
 Destination        Cost     Type    NextHop         AdvRouter       Area
 10.0.0.0/30        1        Transit 0.0.0.0         2.2.2.2         0.0.0.0
 10.0.0.4/30        2        Transit 10.0.0.10       1.1.1.1         0.0.0.0
 10.0.0.4/30        2        Transit 10.0.0.1        1.1.1.1         0.0.0.0
 10.0.0.8/30        1        Transit 0.0.0.0         2.2.2.2         0.0.0.0
 3.3.3.3/32         1        Stub    10.0.0.10       3.3.3.3         0.0.0.0
 2.2.2.2/32         0        Stub    0.0.0.0         2.2.2.2         0.0.0.0
 1.1.1.1/32         1        Stub    10.0.0.1        1.1.1.1         0.0.0.0

 Total nets: 7
 Intra area: 7  Inter area: 0  ASE: 0  NSSA: 0
 
//查看R3 OSPF路由学习情况
<R3>dis ospf routing

         OSPF Process 1 with Router ID 3.3.3.3
                  Routing Table

                Topology base (MTID 0)

 Routing for network
 Destination        Cost     Type    NextHop         AdvRouter       Area
 10.0.0.0/30        2        Transit 10.0.0.5        2.2.2.2         0.0.0.0
 10.0.0.0/30        2        Transit 10.0.0.9        2.2.2.2         0.0.0.0
 10.0.0.4/30        1        Transit 0.0.0.0         1.1.1.1         0.0.0.0
 10.0.0.8/30        1        Transit 0.0.0.0         2.2.2.2         0.0.0.0
 3.3.3.3/32         0        Stub    0.0.0.0         3.3.3.3         0.0.0.0
 2.2.2.2/32         1        Stub    10.0.0.9        2.2.2.2         0.0.0.0
 1.1.1.1/32         1        Stub    10.0.0.5        1.1.1.1         0.0.0.0

 Total nets: 7
 Intra area: 7  Inter area: 0  ASE: 0  NSSA: 0

分公司内部OSPF动态路由协议配置

路由器R4-R6 配置如下:

//查看R4 OSPF配置
[R4-ospf-1]dis this
#
ospf 1 router-id 4.4.4.4
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 10.0.0.21 0.0.0.0
  network 10.0.0.25 0.0.0.0
#
return
//查看R5 OSPF配置
[R5-ospf-1]dis this
#
ospf 1 router-id 5.5.5.5
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 10.0.0.22 0.0.0.0
  network 10.0.0.29 0.0.0.0
#
return
//查看R6 OSPF配置
[R6-ospf-1]dis this
#
ospf 1 router-id 6.6.6.6
 area 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 10.0.0.26 0.0.0.0
  network 10.0.0.30 0.0.0.0
#
return

查看R4 R5 R6之间的OSPF路由邻居状态:

//查看R4 OSPF状态
[R4]display ospf peer

         OSPF Process 1 with Router ID 4.4.4.4
               Neighbor Brief Information

 Area: 0.0.0.0
 Router ID       Address         Pri Dead-Time  State             Interface
 6.6.6.6         10.0.0.26       1   38         Full/BDR          GE0/0
 5.5.5.5         10.0.0.22       1   34         Full/BDR          GE0/1
//查看R5 OSPF状态
[R5]display ospf peer

         OSPF Process 1 with Router ID 5.5.5.5
               Neighbor Brief Information

 Area: 0.0.0.0
 Router ID       Address         Pri Dead-Time  State             Interface
 6.6.6.6         10.0.0.30       1   34         Full/DR           GE0/0
 4.4.4.4         10.0.0.21       1   38         Full/DR           GE0/1
//查看R6 OSPF状态
[R6]display ospf peer

         OSPF Process 1 with Router ID 6.6.6.6
               Neighbor Brief Information

 Area: 0.0.0.0
 Router ID       Address         Pri Dead-Time  State             Interface
 4.4.4.4         10.0.0.25       1   36         Full/DR           GE0/0
 5.5.5.5         10.0.0.29       1   36         Full/BDR          GE0/1

查看R4 R5 R6之间的OSPF路由学习情况:

//查看R4 OSPF路由学习情况
[R4]display ospf routing

         OSPF Process 1 with Router ID 4.4.4.4
                  Routing Table

                Topology base (MTID 0)

 Routing for network
 Destination        Cost     Type    NextHop         AdvRouter       Area
 6.6.6.6/32         1        Stub    10.0.0.26       6.6.6.6         0.0.0.0
 5.5.5.5/32         1        Stub    10.0.0.22       5.5.5.5         0.0.0.0
 4.4.4.4/32         0        Stub    0.0.0.0         4.4.4.4         0.0.0.0
 10.0.0.20/30       1        Transit 0.0.0.0         4.4.4.4         0.0.0.0
 10.0.0.24/30       1        Transit 0.0.0.0         4.4.4.4         0.0.0.0
 10.0.0.28/30       2        Transit 10.0.0.26       6.6.6.6         0.0.0.0
 10.0.0.28/30       2        Transit 10.0.0.22       6.6.6.6         0.0.0.0

 Total nets: 7
 Intra area: 7  Inter area: 0  ASE: 0  NSSA: 0
//查看R5 OSPF路由学习情况
[R5]display ospf routing

         OSPF Process 1 with Router ID 5.5.5.5
                  Routing Table

                Topology base (MTID 0)

 Routing for network
 Destination        Cost     Type    NextHop         AdvRouter       Area
 6.6.6.6/32         1        Stub    10.0.0.30       6.6.6.6         0.0.0.0
 5.5.5.5/32         0        Stub    0.0.0.0         5.5.5.5         0.0.0.0
 4.4.4.4/32         1        Stub    10.0.0.21       4.4.4.4         0.0.0.0
 10.0.0.20/30       1        Transit 0.0.0.0         4.4.4.4         0.0.0.0
 10.0.0.24/30       2        Transit 10.0.0.21       4.4.4.4         0.0.0.0
 10.0.0.24/30       2        Transit 10.0.0.30       4.4.4.4         0.0.0.0
 10.0.0.28/30       1        Transit 0.0.0.0         6.6.6.6         0.0.0.0

 Total nets: 7
 Intra area: 7  Inter area: 0  ASE: 0  NSSA: 0
//查看R6 OSPF路由学习情况
[R6]display ospf routing

         OSPF Process 1 with Router ID 6.6.6.6
                  Routing Table

                Topology base (MTID 0)

 Routing for network
 Destination        Cost     Type    NextHop         AdvRouter       Area
 6.6.6.6/32         0        Stub    0.0.0.0         6.6.6.6         0.0.0.0
 5.5.5.5/32         1        Stub    10.0.0.29       5.5.5.5         0.0.0.0
 4.4.4.4/32         1        Stub    10.0.0.25       4.4.4.4         0.0.0.0
 10.0.0.20/30       2        Transit 10.0.0.25       4.4.4.4         0.0.0.0
 10.0.0.20/30       2        Transit 10.0.0.29       4.4.4.4         0.0.0.0
 10.0.0.24/30       1        Transit 0.0.0.0         4.4.4.4         0.0.0.0
 10.0.0.28/30       1        Transit 0.0.0.0         6.6.6.6         0.0.0.0

 Total nets: 7
 Intra area: 7  Inter area: 0  ASE: 0  NSSA: 0

办事处RIP路由配置:

办事处和总公司之间配置 RIPv2。
R2 R7配置如下:

//R2 RIP配置如下
[R2-rip-1]dis this
#
rip 1  //进入RIP视图
 undo summary  //关闭自动路由聚合
 version 2  //选择版本2
 network 10.0.0.33 0.0.0.0  //路由宣告
//R7 RIP配置如下
[R7-rip-1]dis this
#
rip 1
 undo summary
 version 2
 network 10.0.0.34 0.0.0.0
 network 172.16.2.0 0.0.0.255
 network 192.168.2.0

R2 R7 RIP路由学习:

//R2已学习到R7的RIP路由
[R2]display ip routing-table | include RIP
172.16.2.0/24      RIP     100 1           10.0.0.34       GE5/0
192.168.2.0/24     RIP     100 1           10.0.0.34       GE5/0

总公司与分公司BGP路由配置

总公司BGP配置:

总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002;
各自 AS 内部使用对等体组建立可靠的 IBGP 全连接;
AS 之间使用直连接口建立 EBGP 邻居;
总公司和分公司的业务网段宣告在 BGP 中。
1、BGP配置:

//R1 BGP配置
[R1-bgp-default]dis this
#
bgp 65001  //进入BGP视图
 group neibu internal  //使用对等体组
 peer neibu connect-interface LoopBack0  //更改更新源地址为环回口
 peer 2.2.2.2 group neibu  //R2加入对等体组
 peer 3.3.3.3 group neibu  //R3加入对等体组
 #
 address-family ipv4 unicast  //进入IPv4地址族
  peer neibu enable  //使能邻居对等体组
#
return
//R2 BGP配置
[R2-bgp-default]dis this
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002  //指向另一个BGP区域
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local  //跨BGP区域,把更新源改为本身
  peer 10.0.0.14 enable
#
return
//R3 BGP配置
[R3-bgp-default]dis this
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 2.2.2.2 group neibu
 peer 10.0.0.18 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.18 enable
#
return

2、BGP状态:

//R1 BGP状态
[R1]dis bgp pe ipv4

 BGP local router ID: 192.168.0.1
 Local AS number: 65001
 Total number of peers: 2                 Peers in established state: 2

  * - Dynamically created peer
  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

  2.2.2.2              65001       14       13    0       0 00:08:51 Established
  3.3.3.3              65001        3        3    0       0 00:00:41 Established
//R2 BGP状态
[R2]dis bgp pe ipv4

 BGP local router ID: 2.2.2.2
 Local AS number: 65001
 Total number of peers: 3                 Peers in established state: 2

  * - Dynamically created peer
  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

  1.1.1.1              65001       13       14    0       0 00:08:40 Established
  3.3.3.3              65001        3        3    0       0 00:00:31 Established
  10.0.0.14            65002        0        0    0       0 00:09:00 Connect
//R3 BGP状态
[R3]dis bgp pe ipv4

 BGP local router ID: 3.3.3.3
 Local AS number: 65001
 Total number of peers: 3                 Peers in established state: 2

  * - Dynamically created peer
  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

  1.1.1.1              65001        3        3    0       0 00:00:16 Established
  2.2.2.2              65001        3        3    0       0 00:00:17 Established
  10.0.0.18            65002        0        0    0       0 00:00:39 Connect

分公司BGP配置:

1、BGP配置:

//R4 BGP配置
[R4-bgp-default]dis this
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 5.5.5.5 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.13 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.13 enable
#
return
//R5 BGP配置
[R5-bgp-default]dis this
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.17 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.17 enable
#
return
//R6 BGP配置
[R6-bgp-default]dis this
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 5.5.5.5 group neibu
 #
 address-family ipv4 unicast
  peer neibu enable
#
return

2、BGP状态:

//R4 BGP状态
[R4-bgp-default]dis bgp pee ipv4

 BGP local router ID: 4.4.4.4
 Local AS number: 65002
 Total number of peers: 3                 Peers in established state: 3

  * - Dynamically created peer
  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

  5.5.5.5              65002        5        5    0       0 00:01:56 Established
  6.6.6.6              65002        4        4    0       0 00:01:09 Established
  10.0.0.13            65001       10        9    0       0 00:05:57 Established
//R5 BGP状态
[R5-bgp-default]dis bgp pee ipv4

 BGP local router ID: 5.5.5.5
 Local AS number: 65002
 Total number of peers: 3                 Peers in established state: 3

  * - Dynamically created peer
  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

  4.4.4.4              65002        5        5    0       0 00:02:00 Established
  6.6.6.6              65002        4        4    0       0 00:01:10 Established
  10.0.0.17            65001        4        5    0       0 00:01:53 Established
//R6 BGP状态
[R6-bgp-default]dis bgp pee ipv4

 BGP local router ID: 192.168.1.1
 Local AS number: 65002
 Total number of peers: 2                 Peers in established state: 2

  * - Dynamically created peer
  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

  4.4.4.4              65002        6        6    0       0 00:03:33 Established
  5.5.5.5              65002        7        7    0       0 00:03:31 Established

将业务网段宣告进BGP

1、BGP宣告业务网段

//R1 宣告业务网段
[R1-bgp-default]dis this
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 2.2.2.2 group neibu
 peer 3.3.3.3 group neibu
 #
 address-family ipv4 unicast
  network 172.16.0.0 255.255.255.0
  network 192.168.0.0 255.255.255.0
  peer neibu enable
#
return
//R6 宣告业务网段
[R6-bgp-default]dis this
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 5.5.5.5 group neibu
 #
 address-family ipv4 unicast
  network 172.16.1.0 255.255.255.0
  network 192.168.1.0 255.255.255.0
  peer neibu enable
#
return

2、BGP路由查看

//R1 BGP学习情况
[R1]dis bgp routing-table ipv4

 Total number of routes: 6

 BGP local router ID is 192.168.0.1
 Status codes: * - valid, > - best, d - dampened, h - history
               s - suppressed, S - stale, i - internal, e - external
               a - additional-path
       Origin: i - IGP, e - EGP, ? - incomplete

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >  172.16.0.0/24      172.16.0.1      0                     32768   i
* >i 172.16.1.0/24      2.2.2.2                    100        0       65002i
*  i                    3.3.3.3                    100        0       65002i
* >  192.168.0.0        192.168.0.1     0                     32768   i
* >i 192.168.1.0        2.2.2.2                    100        0       65002i
*  i                    3.3.3.3                    100        0       65002i

//R6 BGP学习情况
[R6]display bgp routing-table ipv4

 Total number of routes: 6

 BGP local router ID is 192.168.1.1
 Status codes: * - valid, > - best, d - dampened, h - history
               s - suppressed, S - stale, i - internal, e - external
               a - additional-path
       Origin: i - IGP, e - EGP, ? - incomplete

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >i 172.16.0.0/24      4.4.4.4                    100        0       65001i
*  i                    5.5.5.5                    100        0       65001i
* >  172.16.1.0/24      172.16.1.1      0                     32768   i
* >i 192.168.0.0        4.4.4.4                    100        0       65001i
*  i                    5.5.5.5                    100        0       65001i
* >  192.168.1.0        192.168.1.1     0                     32768   i

调整BGP的as-path参数,使办公与财务负载分流

为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使办公数据经过 R2 和 R4(左边),财务数据经过 R3 和 R5(右边)。

针对办公流走R2-R4(左边)

在R3和R5上面调整BGP的as-path属性,加大as-path,使得ap-path变长,达到办公流量经过R3-R5路径变次优,办公流量优先走R2-R4。
a:在R3 BGP路由出方向对总公司的办公流加大ap-path
b:在R5 BGP路由出方向对分公司的办公流加大ap-path

//在R3的出方向针对办公流量做策略,增加本区域号。
//匹配出办公业务流量
acl basic 2000
 description Offiec
 rule 0 permit source 192.168.0.0 0.0.0.255
//写策略关联ACL,
route-policy office permit node 10
 if-match ip address acl 2000  //如果匹配到流量
 apply as-path 65001  //加一个as-path
#
route-policy finance permit node 20  //因默认拒绝,所以写空节点放行其他流量
#

//在BGP 地址族的出口方向调用策略
[R3-bgp-default]dis this
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 2.2.2.2 group neibu
 peer 10.0.0.18 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.18 enable
  peer 10.0.0.18 route-policy office export  //出方向调用
#
return

//在R5的出方向针对办公流量做策略,增加本区域号。
//匹配出办公业务流量
acl basic 2000
 description Offiec
 rule 0 permit source 192.168.1.0 0.0.0.255
//写策略关联ACL,
route-policy office permit node 10
 if-match ip address acl 2000
 apply as-path 65002
#
route-policy office permit node 20  //因默认拒绝,所以写空节点放行其他流量
#
//在BGP 地址族的出口方向调用策略
[R5-bgp-default]dis this
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.17 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.17 enable
  peer 10.0.0.17 route-policy office export  //出方向调用
#
return

针对财务流走R3-R5(右边)

在R3和R5上面调整BGP的as-path属性,加大as-path,使得ap-path变长,达到财务流量经过R2-R4路径变次优,财务流量优先走R3-R5。
a:在R2 BGP路由出方向对总公司的财务流加大ap-path
b:在R4 BGP路由出方向对分公司的财务流加大ap-path

//在R2的出方向针对财务流量做策略,增加本区域号。
//匹配出财务业务流量
acl basic 2001
 description finance
 rule 0 permit source 172.16.0.0 0.0.0.255
//写策略关联ACL,
route-policy finance permit node 10
 if-match ip address acl 2001
 apply as-path 65001
#
route-policy finance permit node 20
#
//在BGP 地址族的出口方向调用策略
[R2-bgp-default]dis this
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
  peer 10.0.0.14 route-policy finance export  //出方向调用
#
return

//在R4的出方向针对财务流量做策略,增加本区域号。
//匹配出财务业务流量
acl basic 2001
 description finance
 rule 0 permit source 172.16.1.0 0.0.0.255
//写策略关联ACL,
route-policy finance permit node 10
 if-match ip address acl 2001
 apply as-path 65002
#
route-policy finance permit node 20
#
//在BGP 地址族的出口方向调用策略
[R4-bgp-default]dis this
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 5.5.5.5 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.13 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.13 enable
  peer 10.0.0.13 route-policy finance export  //出方向调用
#
return

查看实验结果:

//R1 BGP路由表
<R1>dis bgp routing-table ipv4

 Total number of routes: 4

 BGP local router ID is 192.168.0.1
 Status codes: * - valid, > - best, d - dampened, h - history
               s - suppressed, S - stale, i - internal, e - external
               a - additional-path
       Origin: i - IGP, e - EGP, ? - incomplete

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >  172.16.0.0/24      172.16.0.1      0                     32768   i
* >i 172.16.1.0/24      3.3.3.3                    100        0       65002i
* >  192.168.0.0        192.168.0.1     0                     32768   i
* >i 192.168.1.0        2.2.2.2                    100        0       65002i

//R6 BGP路由表
<R6>dis bgp rou ipv4

 Total number of routes: 4

 BGP local router ID is 192.168.1.1
 Status codes: * - valid, > - best, d - dampened, h - history
               s - suppressed, S - stale, i - internal, e - external
               a - additional-path
       Origin: i - IGP, e - EGP, ? - incomplete

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >i 172.16.0.0/24      5.5.5.5                    100        0       65001i
* >  172.16.1.0/24      172.16.1.1      0                     32768   i
* >i 192.168.0.0        4.4.4.4                    100        0       65001i
* >  192.168.1.0        192.168.1.1     0                     32768   i

把总公司R2与办事处R7的路由做双向引入

在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的办公和财务都能与总公司互通;
但办事处与分公司之间只有办公能够互通。

总公司R2 BGP引入RIP

//R2 BGP引入RIP
[R2-bgp-default]dis this
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  import-route rip 1   //引入RIP路由
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
  peer 10.0.0.14 route-policy finance export
#
return

办事处RIP路由引入到BGP

办事处与分公司之间只有办公能够互通。
避免RIP中办事处学习到分中心的财务路由。

//在R2上面写策略匹配财务流量
//ACL匹配流量
acl basic 2002
 description XianLiu
 rule 0 permit source 192.168.0.0 0.0.1.255
 rule 5 permit source 172.16.0.0 0.0.0.255
//写策略关联ACL
route-policy XL permit node 10
 if-match ip address acl 2002
#
//RIP引入BGP时调用,使RIP无法学习BGP分公司财务路由
rip 1
 undo summary
 version 2
 network 10.0.0.33 0.0.0.0
 import-route bgp allow-ibgp route-policy XL  //调用策略XL,allow-ibgp参数引入所有BGP路由,默认只引入EBGP路由
#
//在BGP路由里面过滤办事处的RIP财务流量,使R6不能学习到R7的财务流量
//R2 定义ACL匹配流量
acl basic 2003
 description xl-r2b
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
//R2 BGP中调用
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  import-route rip 1
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
  peer 10.0.0.14 route-policy finance export
  peer 10.0.0.14 filter-policy 2003 export  //因已使用策略路由,使用filter调用ACL过滤办事处的财务流量
//R3 路由器如上

优化配置,写ACL阻止分中心学习办事处的财务路由,在R2和R3上面BGP调用

//写ACL匹配
acl basic 2003
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
//在BGP调用
[R2-bgp-default-ipv4]peer 10.0.0.14 filter-policy 2003 export

//R3同上

调整cost,避免等价路由

优化之前:

//R1
10.0.0.8/30        O_INTRA 10  2           10.0.0.2        GE0/0
                                           10.0.0.6        GE0/1
//R6
10.0.0.20/30       O_INTRA 10  2           10.0.0.25       GE0/0
                                           10.0.0.29       GE0/1                                        

适当调整路由器OSPF接口的cost

[R1-GigabitEthernet0/0]dis this
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.1 255.255.255.252
 ospf cost 20
#
[R1-GigabitEthernet0/1]dis this
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 10.0.0.5 255.255.255.252
 ospf cost 30
#
[R2-GigabitEthernet0/0]dis this
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.2 255.255.255.252
 ospf cost 20
#
[R2-GigabitEthernet0/1]dis this
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 10.0.0.9 255.255.255.252
 ospf cost 30
#
[R3-GigabitEthernet0/0]dis this
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.6 255.255.255.252
 ospf cost 40
#
[R3-GigabitEthernet0/1]dis this
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 10.0.0.10 255.255.255.252
 ospf cost 50
#

//分公司如上

静默接口,不出现协议报文

不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文。
实验当中OSPF未宣告业务网段,无需配置静默接口
BGP路由没有静默接口概念
所以在RIP路由中配置静默接口

//在R7上配置静默业务接口
[R7-rip-1]dis this
#
rip 1
 undo summary
 version 2
 network 10.0.0.34 0.0.0.0
 network 172.16.2.0 0.0.0.255
 network 192.168.2.0
 silent-interface LoopBack0  //静默业务接口
 silent-interface LoopBack1  //静默业务接口
#
return
//R2上面静默业务接口
[R2-rip-1]dis this
#
rip 1
 undo summary
 version 2
 network 10.0.0.33 0.0.0.0
 silent-interface GigabitEthernet0/0  //静默被宣告的接口
 silent-interface GigabitEthernet0/1  //静默被宣告的接口
 silent-interface GigabitEthernet0/2  //静默被宣告的接口
 import-route bgp allow-ibgp route-policy XL
#
return



结语

刚接触学习BGP,错误之处还请指正,多谢!

  • 11
    点赞
  • 50
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值