涉及Aggregator路由聚合 BGP路由注入 as-path属性的应用
实验背景
实验要求
(1)AR1和AR2属于 AS100,AR3和AR4属于AS200
(2)域内采用IBGP协议
(3)4台路由器的Loopback0地址可互通
(4)域间路由发布必须通过EBGP
(5)AR1和AR3分别 向AR2和AR4发布默认路由
(6)PC2所在的地址段10.1.2.0/24只能和域内地址互通
(7)AR3只能向AR1发布PC3和PC4的汇总路由
简单分析题目要求
- R3和R1做静态 使他们环回口能互相连通
- 使用as-path属性让R3不接收pc2的路由信息
- 在R3手动聚合pc3和pc4的路由
实验开始
第一步配置设备ip(略过)
第二步配置R1和R3的静态 因为BGP是建立在tcp基础上的 所以想要R1R3建立对等体就不许tcp可达
R1
[R1]ip route-static 3.3.3.3 32 192.168.13.2
[R1]ip route-static 3.3.3.3 32 192.168.13.6
R3
[R3]ip route-static 1.1.1.1 32 192.168.13.1
[R3]ip route-static 1.1.1.1 32 192.168.13.5
第三步配置BGP 因为冗余链路问题 所以EBGP建立是得用环回地址作为BGP更新源地址 这就涉及到了最大跳数的问题 用这个命令可以解决ebgp-max-hop >=2 不然路由更新发送不出去
R1
[R1]bgp 100
[R1-bgp]peer 3.3.3.3 as 200
[R1-bgp]peer 3.3.3.3 connect-interface lo0
[R1-bgp]peer 3.3.3.3 ebgp-max-hop 2
[R1-bgp]undo su a
[R1-bgp]peer 192.168.12.2 as 100
[R1-bgp]peer 192.168.12.2 co g0/0/2
[R1-bgp]peer 192.168.12.2 next-hop-local
R3
[R3]bgp 200
[R3-bgp]peer 192.168.34.2 as 200
[R3-bgp]peer 192.168.34.2 co g1/0/0
[R3-bgp]peer 192.168.34.2 next-hop-local
[R3-bgp]un su a
[R3-bgp]peer 1.1.1.1 as 100
[R3-bgp]peer 1.1.1.1 co lo0
[R3-bgp]peer 1.1.1.1 e 2
R2
[R2]bgp 100
[R2-bgp]peer 192.168.12.1 as 100
[R2-bgp]peer 192.168.12.1 co g0/0/0
R4
[R4]bgp 200
[R4-bgp]peer 192.168.34.1 as 200
[R4-bgp]peer 192.168.34.1 co g0/0/0
配置完稍微等待一会 查看bgp邻居表 可以看到邻居状态为established
第四步引入直连 使得环回地址能ping通 在BGP里注入了每台路由器相连的网段 使对等体能互相学习到路由信息
R1
[R1]bgp 100
[R1-bgp]import-route direct
R2
[R2]bgp 100
[R2-bgp]import-route direct
R3
[R3]bgp 200
[R3-bgp]import-route direct
R4
[R4]bgp 200
[R4-bgp]import-route direct
查看BGP路由表
测试能不能ping通各自的环回地址
第五步配置路由策略 抓取pc2的路由 给他添加上200的as-path属性 这样他就会在向as200方向传递路由时带上200的路径 使得这条路由不被as200接收以达到实验目的(方法很多 我只讲我写的这一种)
配置前先查看 as200里面是否有pc2的路由信息
R1
[R1]ip ip-prefix www permit 10.1.2.0 24
[R1]route-policy www permit node 10
Info: New Sequence of this List.
[R1-route-policy]if-match ip-prefix www
[R1-route-policy]apply as-path 200 additive
[R1-route-policy]q
[R1]route-policy www permit no 20
Info: New Sequence of this List.
[R1-route-policy]q
[R1]bgp 100
[R1-bgp]peer 3.3.3.3 route-policy www export
现在查看as200区域的BGP路由表 此时已经找不到pc2网段的路由了
但是在as100里 能查到 说明已经达到实验目的
最后一步 手动路由聚合pc3和pc4的网段路由 并且抑制明细路由 聚合后的网段自己算
R3
[R3]bgp 200
[R3-bgp]aggregate 10.2.0.0 21 detail-suppressed
此时查看R1的BGP路由表 相比之前的 你们可以自己看一下
至此实验结束 默认路由没配 我觉得没用
欢迎访问本人的个人网站评论留言
以下是所有设备配置信息
R1
<R1>dis cu
[V200R003C00]
#
sysname R1
#
board add 0/1 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.13.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.13.5 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 192.168.12.1 255.255.255.252
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 3.3.3.3 as-number 200
peer 3.3.3.3 ebgp-max-hop 2
peer 3.3.3.3 connect-interface LoopBack0
peer 192.168.12.2 as-number 100
peer 192.168.12.2 connect-interface GigabitEthernet0/0/2
#
ipv4-family unicast
undo synchronization
import-route direct
peer 3.3.3.3 enable
peer 3.3.3.3 route-policy www export
peer 192.168.12.2 enable
peer 192.168.12.2 next-hop-local
#
route-policy www permit node 10
if-match ip-prefix www
apply as-path 200 additive
#
route-policy www permit node 20
#
ip ip-prefix www index 10 permit 10.1.2.0 24
#
ip route-static 3.3.3.3 255.255.255.255 192.168.13.2
ip route-static 3.3.3.3 255.255.255.255 192.168.13.6
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R1>
R2
<R2>dis cu
[V200R003C00]
#
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.12.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 192.168.12.1 as-number 100
peer 192.168.12.1 connect-interface GigabitEthernet0/0/0
#
ipv4-family unicast
undo synchronization
import-route direct
peer 192.168.12.1 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3
<R3>dis cu
[V200R003C00]
#
sysname R3
#
board add 0/1 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.13.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.13.6 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.2.3.1 255.255.255.128
#
interface GigabitEthernet1/0/0
ip address 192.168.34.1 255.255.255.252
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 200
peer 1.1.1.1 as-number 100
peer 1.1.1.1 ebgp-max-hop 2
peer 1.1.1.1 connect-interface LoopBack0
peer 192.168.34.2 as-number 200
peer 192.168.34.2 connect-interface GigabitEthernet1/0/0
#
ipv4-family unicast
undo synchronization
aggregate 10.2.0.0 255.255.248.0 detail-suppressed
import-route direct
peer 1.1.1.1 enable
peer 192.168.34.2 enable
peer 192.168.34.2 next-hop-local
#
ip route-static 1.1.1.1 255.255.255.255 192.168.13.1
ip route-static 1.1.1.1 255.255.255.255 192.168.13.5
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R4
<R4>dis cu
[V200R003C00]
#
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.34.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.2.4.1 255.255.255.128
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 192.168.34.1 as-number 200
peer 192.168.34.1 connect-interface GigabitEthernet0/0/0
#
ipv4-family unicast
undo synchronization
import-route direct
peer 192.168.34.1 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return