拓扑图如下:
--------------------------------------------------------------------------
Internet
|
+-----+----+ +------------------+ +----------+
| AS 65001 | | AS 65002 | | AS 65003 |
| +--+ +--+ |
| (R1, R2) | | (R3, R4, R5, R6) | | (R7, R8) |
+----------+ +------------------+ +----------+
193.17.2.3 193.17.4.4
| | 193.17.6.6
193.17.0.2 193.17.1.3 | 193.17.2.4 | |
| | | | | 193.17.4.6|
193.17.0.1 | 193.17.1.2 | | F1/0 F0/0 | | 193.17.7.7 193.17.8.8
| | | | | ------R4------ | | | |
193.17.255.1 | | | | F0/1 / (OSPF) \ F0/0 | 193.17.6.7 | 193.17.7.8|
| | | | | / \ | | | | |
L1 F1/0 F1/0 S2/0 S2/0 / (OSPF) (OSPF) \ S2/0 S1/0 F0/0 F0/0 L0
----R1-----------R2-----------R3 (BGP)·····(BGP) R6-----------R7-----------R8----
(OSPF) (OSPF)|(BGP) \ (RIP) (RIP) / (RIP) (RIP)
| \ / (BGP)
F0/0 | F0/0 \ (RIP) / F1/0
| | | ------R5------ |
10.17.2.4 | | F0/0 F1/0 |
| 193.17.3.3 | | 193.17.5.6
| | |
Internet 193.17.3.5 |
|
193.17.5.5
--------------------------------------------------------------------------
要求R1、R2之间运行RIP,R2、R3之间运行eBGP,R3、R4、R6之间运行OSPF,R3、R5、
R6之间运行RIP,R3、R6之间运行iBGP,R6、R7之间运行eBGP,R7、R8之间运行RIP。
最终达到的目标是,所有的Rn的所有接口之间互相可达,可通过R2的F0/0接口到达
Internet(不考虑源IP无效带来的问题)。
这个拓扑存在很多问题,我们是人为刻意设计成这个样子,以方便后续的其它实验。
下面用Dynamips搭建测试环境,由于我对Cisco设备配置以及相关路由协议并不熟悉,
配置方案并不科学,只是达到了最终目标而已,不是最优配置,分享出来仅供初学者
入门时参考,请高手多多指教。
bgp.net如下:
--------------------------------------------------------------------------
autostart = false
ghostios = true
sparsemem = true
[localhost:7200]
udp = 10000
workingdir = /opt/dynagen/labs/bgp/working
`7200`
# Specify IOS p_w_picpath on *nix here:
p_w_picpath = /opt/dynagen/p_w_picpath/c7200-jk9o3s-mz.124-12
npe = npe-400
ram = 160
disk0 = 0
disk1 = 0
mmap = true
`Router R1`
model = 7200
console = 2000
F1/0 = R2 F1/0
cnfg = /opt/dynagen/labs/bgp/config/R1.txt
`Router R2`
model = 7200
console = 2001
F0/0 = NIO_linux_eth:eth0
S2/0 = R3 S2/0
cnfg = /opt/dynagen/labs/bgp/config/R2.txt
`Router R3`
model = 7200
console = 2002
F0/0 = R5 F0/0
F0/1 = R4 F1/0
cnfg = /opt/dynagen/labs/bgp/config/R3.txt
`Router R4`
model = 7200
console = 2003
F0/0 = R6 F0/0
cnfg = /opt/dynagen/labs/bgp/config/R4.txt
`Router R5`
model = 7200
console = 2004
F1/0 = R6 F1/0
cnfg = /opt/dynagen/labs/bgp/config/R5.txt
`Router R6`
model = 7200
console = 2005
S2/0 = R7 S1/0
cnfg = /opt/dynagen/labs/bgp/config/R6.txt
`Router R7`
model = 7200
console = 2006
F0/0 = R8 F0/0
cnfg = /opt/dynagen/labs/bgp/config/R7.txt
`Router R8`
model = 7200
console = 2007
cnfg = /opt/dynagen/labs/bgp/config/R8.txt
--------------------------------------------------------------------------
R1.txt如下:
--------------------------------------------------------------------------
hostname R1
enable password R1
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
interface loopback 1
ip address 193.17.255.1 255.255.255.0
no cdp enable
interface FastEthernet1/0
ip address 193.17.0.1 255.255.255.0
router ospf 1
router-id 1.0.0.1
network 193.17.255.0 0.0.0.255 area 1
network 193.17.0.0 0.0.0.255 area 0
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R2.txt如下:
--------------------------------------------------------------------------
hostname R2
enable password R2
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
ip route 0.0.0.0 0.0.0.0 10.17.255.254
interface loopback 0
ip address 1.0.0.2 255.255.255.255
interface FastEthernet1/0
ip address 193.17.0.2 255.255.255.0
interface Serial2/0
ip address 193.17.1.2 255.255.255.0
interface FastEthernet0/0
ip address 10.17.2.4 255.255.0.0
no cdp enable
no ip proxy-arp
no ip redirects
router ospf 1
network 193.17.0.0 0.0.0.255 area 0
!
! always的作用在于即使没有"ip route 0.0.0.0 0.0.0.0"的配合,也让自己成为缺
! 省路由(宣告出去)
!
default-information originate always
!
! [64512,65535]
!
router bgp 65001
!
! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由
!
redistribute ospf 1
!redistribute connected
bgp log-neighbor-changes
bgp dampening
neighbor 193.17.1.3 remote-as 65002
neighbor 193.17.1.3 default-originate
no auto-summary
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R3.txt如下:
--------------------------------------------------------------------------
hostname R3
enable password R3
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
interface loopback 0
ip address 1.0.0.3 255.255.255.255
interface Serial2/0
ip address 193.17.1.3 255.255.255.0
interface FastEthernet0/1
ip address 193.17.2.3 255.255.255.0
interface FastEthernet0/0
ip address 193.17.3.3 255.255.255.0
router rip
version 2
!
! 不指定正确的metric的话,不能如想像的那样工作,可查看R5的路由表
!
redistribute bgp 65002 metric 15
!redistribute connected
passive-interface FastEthernet0/1
network 193.17.2.0
network 193.17.3.0
!
! RIP可以用这条命令让自己成为缺省路由,并且不需要ip route 0.0.0.0 0.0.0.0
! 的配合
!
!default-information originate
router ospf 1
redistribute bgp 65002 subnets
!redistribute connected subnets
passive-interface FastEthernet0/0
network 193.17.2.0 0.0.0.255 area 0
network 193.17.3.0 0.0.0.255 area 0
!
! always的作用在于即使没有"ip route 0.0.0.0 0.0.0.0"的配合,也让自己成为缺
! 省路由(宣告出去)
!
default-information originate always
router bgp 65002
!
! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由
!
redistribute ospf 1
redistribute rip
!redistribute connected
bgp log-neighbor-changes
!no synchronization
bgp dampening
!
! The networks we want to advertise
!
network 193.17.1.0 mask 255.255.255.0
neighbor 193.17.1.2 remote-as 65001
!
! 如果不建立iBGP,R2通过BGP只能看到2、3、4、5网段,看不到6、7、8,同理R7通
! 过BGP只能看到2、3、4、5网段,看不到255、0、1。
!
neighbor 193.17.4.6 remote-as 65002
no auto-summary
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R4.txt如下:
--------------------------------------------------------------------------
hostname R4
enable password R4
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
interface loopback 0
ip address 1.0.0.4 255.255.255.255
interface FastEthernet1/0
ip address 193.17.2.4 255.255.255.0
interface FastEthernet0/0
ip address 193.17.4.4 255.255.255.0
router ospf 1
network 193.17.2.0 0.0.0.255 area 0
network 193.17.4.0 0.0.0.255 area 1
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R5.txt如下:
--------------------------------------------------------------------------
hostname R5
enable password R5
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
interface FastEthernet0/0
ip address 193.17.3.5 255.255.255.0
interface FastEthernet1/0
ip address 193.17.5.5 255.255.255.0
router rip
version 2
network 193.17.3.0
network 193.17.5.0
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R6.txt如下:
--------------------------------------------------------------------------
hostname R6
enable password R6
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
interface loopback 0
ip address 1.0.0.6 255.255.255.255
interface FastEthernet0/0
ip address 193.17.4.6 255.255.255.0
interface FastEthernet1/0
ip address 193.17.5.6 255.255.255.0
interface Serial2/0
ip address 193.17.6.6 255.255.255.0
router rip
version 2
!
! 不指定正确的metric的话,不能如想像的那样工作,可查看R5的路由表
!
redistribute bgp 65002 metric 15
!redistribute connected
!
! 下面这两条不加也可以,加上可以优化从R5到193.17.4.6的路由
!
passive-interface FastEthernet0/0
network 193.17.4.0
network 193.17.5.0
!
! 可以用"clear ip ospf process"重启OSPF进程
!
router ospf 1
redistribute bgp 65002 subnets
!redistribute connected subnets
passive-interface FastEthernet1/0
network 193.17.4.0 0.0.0.255 area 1
network 193.17.5.0 0.0.0.255 area 1
router bgp 65002
!
! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由
!
redistribute ospf 1
redistribute rip
!redistribute connected
bgp log-neighbor-changes
!no synchronization
bgp dampening
!
! The networks we want to advertise
!
network 193.17.6.0 mask 255.255.255.0
neighbor 193.17.2.3 remote-as 65002
!
! 如果不建立iBGP,R2通过BGP只能看到2、3、4、5网段,看不到6、7、8,同理R7通
! 过BGP只能看到2、3、4、5网段,看不到255、0、1。
!
neighbor 193.17.6.7 remote-as 65003
neighbor 193.17.6.7 default-originate
no auto-summary
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R7.txt如下:
--------------------------------------------------------------------------
hostname R7
enable password R7
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
!ip route 0.0.0.0 0.0.0.0 193.17.6.6
key chain password_group_0
key 1
key-string password_1
interface loopback 0
ip address 1.0.0.7 255.255.255.255
interface Serial1/0
ip address 193.17.6.7 255.255.255.0
interface FastEthernet0/0
ip address 193.17.7.7 255.255.255.0
ip rip authentication key-chain password_group_0
ip rip authentication mode md5
router rip
version 2
network 193.17.7.0
!
! RIP可以用这条命令让自己成为缺省路由,并且不需要ip route 0.0.0.0 0.0.0.0
! 的配合
!
default-information originate
!
! [64512,65535]
!
router bgp 65003
!
! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由
!
redistribute rip
!redistribute connected
bgp log-neighbor-changes
bgp dampening
neighbor 193.17.6.6 remote-as 65002
no auto-summary
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
--------------------------------------------------------------------------
R8.txt如下:
--------------------------------------------------------------------------
hostname R8
enable password R8
no ip domain-lookup
no exception crashinfo
ip classless
ip subnet-zero
key chain password_group_0
key 1
key-string password_1
interface FastEthernet0/0
ip address 193.17.7.8 255.255.255.0
ip rip authentication key-chain password_group_0
ip rip authentication mode md5
interface loopback 0
ip address 193.17.8.8 255.255.255.0
ip rip authentication key-chain password_group_0
ip rip authentication mode md5
no cdp enable
router rip
version 2
network 193.17.7.0
network 193.17.8.0
line console 0
no exec-timeout
logging synchronous
line vty 0 4
password nsfocus
login
transport input telnet
end
转载于:https://blog.51cto.com/alandu/287638
586
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
