BGP路由配置(实验举例)

涉及Aggregator路由聚合 BGP路由注入 as-path属性的应用

实验背景

实验要求

（1）AR1和AR2属于 AS100，AR3和AR4属于AS200
（2）域内采用IBGP协议
（3）4台路由器的Loopback0地址可互通
（4）域间路由发布必须通过EBGP
（5）AR1和AR3分别 向AR2和AR4发布默认路由
（6）PC2所在的地址段10.1.2.0/24只能和域内地址互通
（7）AR3只能向AR1发布PC3和PC4的汇总路由

简单分析题目要求

• R3和R1做静态 使他们环回口能互相连通
• 使用as-path属性让R3不接收pc2的路由信息
• 在R3手动聚合pc3和pc4的路由

实验开始

第一步配置设备ip(略过)

第二步配置R1和R3的静态 因为BGP是建立在tcp基础上的 所以想要R1R3建立对等体就不许tcp可达

R1

[R1]ip route-static 3.3.3.3 32 192.168.13.2
[R1]ip route-static 3.3.3.3 32 192.168.13.6	

R3

[R3]ip route-static 1.1.1.1 32 192.168.13.1
[R3]ip route-static 1.1.1.1 32 192.168.13.5

第三步配置BGP 因为冗余链路问题 所以EBGP建立是得用环回地址作为BGP更新源地址 这就涉及到了最大跳数的问题 用这个命令可以解决ebgp-max-hop >=2 不然路由更新发送不出去

R1

[R1]bgp 100
[R1-bgp]peer 3.3.3.3 as 200
[R1-bgp]peer 3.3.3.3 connect-interface lo0
[R1-bgp]peer 3.3.3.3 ebgp-max-hop 2
[R1-bgp]undo su a
[R1-bgp]peer 192.168.12.2 as 100
[R1-bgp]peer 192.168.12.2 co g0/0/2
[R1-bgp]peer 192.168.12.2 next-hop-local

R3

[R3]bgp 200
[R3-bgp]peer 192.168.34.2 as 200
[R3-bgp]peer 192.168.34.2 co g1/0/0	
[R3-bgp]peer 192.168.34.2 next-hop-local
[R3-bgp]un su a
[R3-bgp]peer 1.1.1.1 as 100
[R3-bgp]peer 1.1.1.1 co lo0
[R3-bgp]peer 1.1.1.1 e 2

R2

[R2]bgp 100
[R2-bgp]peer 192.168.12.1 as 100
[R2-bgp]peer 192.168.12.1 co g0/0/0

R4

[R4]bgp 200
[R4-bgp]peer 192.168.34.1 as 200
[R4-bgp]peer 192.168.34.1 co g0/0/0

配置完稍微等待一会 查看bgp邻居表 可以看到邻居状态为established

第四步引入直连 使得环回地址能ping通 在BGP里注入了每台路由器相连的网段 使对等体能互相学习到路由信息

R1

[R1]bgp 100
[R1-bgp]import-route direct 

R2

[R2]bgp 100
[R2-bgp]import-route direct 

R3

[R3]bgp 200
[R3-bgp]import-route direct

R4

[R4]bgp 200
[R4-bgp]import-route direct

查看BGP路由表

测试能不能ping通各自的环回地址

第五步配置路由策略 抓取pc2的路由 给他添加上200的as-path属性 这样他就会在向as200方向传递路由时带上200的路径 使得这条路由不被as200接收以达到实验目的(方法很多 我只讲我写的这一种)

配置前先查看 as200里面是否有pc2的路由信息

R1

[R1]ip ip-prefix www permit 10.1.2.0 24
[R1]route-policy www permit node 10
Info: New Sequence of this List.	
[R1-route-policy]if-match ip-prefix www
[R1-route-policy]apply as-path 200 additive 
[R1-route-policy]q
[R1]route-policy www permit no 20
Info: New Sequence of this List.
[R1-route-policy]q
[R1]bgp 100
[R1-bgp]peer 3.3.3.3 route-policy www export 

现在查看as200区域的BGP路由表 此时已经找不到pc2网段的路由了

但是在as100里 能查到 说明已经达到实验目的

最后一步 手动路由聚合pc3和pc4的网段路由 并且抑制明细路由 聚合后的网段自己算

R3

[R3]bgp 200
[R3-bgp]aggregate 10.2.0.0 21 detail-suppressed

此时查看R1的BGP路由表 相比之前的 你们可以自己看一下

至此实验结束 默认路由没配 我觉得没用
欢迎访问本人的个人网站评论留言

以下是所有设备配置信息

R1

<R1>dis cu
[V200R003C00]
#
 sysname R1
#
 board add 0/1 1GEC 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.13.1 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 192.168.13.5 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 192.168.12.1 255.255.255.252 
#
interface GigabitEthernet1/0/0
 ip address 10.1.1.1 255.255.255.0 
#
interface NULL0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
bgp 100
 peer 3.3.3.3 as-number 200 
 peer 3.3.3.3 ebgp-max-hop 2 
 peer 3.3.3.3 connect-interface LoopBack0
 peer 192.168.12.2 as-number 100 
 peer 192.168.12.2 connect-interface GigabitEthernet0/0/2
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 3.3.3.3 enable
  peer 3.3.3.3 route-policy www export
  peer 192.168.12.2 enable
  peer 192.168.12.2 next-hop-local 
#
route-policy www permit node 10 
 if-match ip-prefix www 
 apply as-path 200 additive
#
route-policy www permit node 20 
#
ip ip-prefix www index 10 permit 10.1.2.0 24
#
ip route-static 3.3.3.3 255.255.255.255 192.168.13.2
ip route-static 3.3.3.3 255.255.255.255 192.168.13.6
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R1>

R2

<R2>dis cu
[V200R003C00]
#
 sysname R2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.12.2 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 10.1.2.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
#
bgp 100
 peer 192.168.12.1 as-number 100 
 peer 192.168.12.1 connect-interface GigabitEthernet0/0/0
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 192.168.12.1 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

R3

<R3>dis cu
[V200R003C00]
#
 sysname R3
#
 board add 0/1 1GEC 
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.13.2 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 192.168.13.6 255.255.255.252 
#
interface GigabitEthernet0/0/2
 ip address 10.2.3.1 255.255.255.128 
#
interface GigabitEthernet1/0/0
 ip address 192.168.34.1 255.255.255.252 
#
interface NULL0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255 
#
bgp 200
 peer 1.1.1.1 as-number 100 
 peer 1.1.1.1 ebgp-max-hop 2 
 peer 1.1.1.1 connect-interface LoopBack0
 peer 192.168.34.2 as-number 200 
 peer 192.168.34.2 connect-interface GigabitEthernet1/0/0
 #
 ipv4-family unicast
  undo synchronization
  aggregate 10.2.0.0 255.255.248.0 detail-suppressed 
  import-route direct
  peer 1.1.1.1 enable
  peer 192.168.34.2 enable
  peer 192.168.34.2 next-hop-local 
#
ip route-static 1.1.1.1 255.255.255.255 192.168.13.1
ip route-static 1.1.1.1 255.255.255.255 192.168.13.5
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

R4

<R4>dis cu
[V200R003C00]
#
 sysname R4
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.34.2 255.255.255.252 
#
interface GigabitEthernet0/0/1
 ip address 10.2.4.1 255.255.255.128 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
#
bgp 200
 peer 192.168.34.1 as-number 200 
 peer 192.168.34.1 connect-interface GigabitEthernet0/0/0
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 192.168.34.1 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return