实验任务:
画出拓扑图来之后如下图:
实验要求:
1.两个局域网基于6to4tunnel可达
2.R1可以访问R3的环回
实验思路:
首先开始搭建公网 公网搭建好了之后再建立左边的双栈 最后建立右边的AS区域 在AS区域中需要先起ospf协议 再起bgp协议,注意建邻 (引用一下多数组)
实验步骤:
先配公网再配私网
首先对于R2
[r2]ipv6
[r2]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip address 23.1.1.1 24
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 23.1.1.2 24
[r3-LoopBack0]ip address 3.3.3.3 24
[r3-LoopBack0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip address 34.1.1.1 24
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip address 34.1.1.2 24
就是让公网通起来。
[r2]ip route-static 0.0.0.0 0 23.1.1.2
[r4]ip route-static 0.0.0.0 0 34.1.1.1
配置R1,R2的环回地址的IP地址(ipv4)
[r1-LoopBack0]ip address 192.168.1.1 25
[r1-LoopBack1]ip address 192.168.1.129 25
[r1-GigabitEthernet0/0/0]ip address 192.168.0.1 30
[r2-GigabitEthernet0/0/0]ip address 192.168.0.2 30
[r2-LoopBack0]ip address 192.168.2.1 24
此时开始写R1 R2静态:
[r1]ip route-static 0.0.0.0 0 192.168.0.2
[r2]ip route-static 192.168.1.0 24 192.168.0.1
此时需要在R2上做nat
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r2-GigabitEthernet0/0/1]nat outbound 2000
此时 ipv4的局域网访问广域网的部分已经做好了
接下来就是
ipv6子网配置ripng
首先是配置IP地址
因为后面用的是6to4的tunnel 接口 用内部ipv6是用R2到R3之间的接口23.1.1.1换算而来的
所以需要换算一下:
23= 17+6
即得 23.1.1.1-------可以得到:1701:0101 就是将十进制变成十六进制
融合之后就成了
2002:1701:0101::/48 ------ipv4 兼容地址
用上述的地址做子网划分,范围比较大,因此我们要缩小一下范围
简单划分到64位去
即就是:
2002:1701:0101::/64------2002 :1701:0101 :FFFF::/64
由于 RIPNG支持子网汇总
第一个网段再分为/65位配到环回上
也就是:
2002:1701:0101:0000:0 000: /64的 (分隔出来的0是可以再细分为4个0的,去拆出来的4个0的第一位,掩码就变成65)
即就是:
2002:1701:0101 :0000:0000: :/65
2002:1701:0101: 0000:8000: :/65
[r1]ipv6
[r1-LoopBack0]ipv6 enable
[r1-LoopBack0]ipv6 address 2002:1701:0101:0000:0000::1/65
[r1-LoopBack1]ipv6 enable
[r1-LoopBack1]ipv6 address 2002:1701:0101:0000:8000::1/65
[r1-GigabitEthernet0/0/0]ipv6 enable
[r1-GigabitEthernet0/0/0]ipv6 address 2002:1701:0101:0001::1/64
[r2]ipv6
[r2-GigabitEthernet0/0/0]ipv6 enable
[r2-GigabitEthernet0/0/0]ipv6 address 2002:1701:0101:0001::2/64
[r2-LoopBack0]ipv6 enable
[r2-LoopBack0]ipv6 address 2002:1701:0101:0002::2/64
首先使用ripng让R1-R2通起来
[r1]ripng 1
[r1-ripng-1]int l0
[r1-LoopBack0]ripng 1 enable
[r1-LoopBack0]int l1
[r1-LoopBack1]ripng 1 enable
[r1-LoopBack1]int g0/0/0
[r1-GigabitEthernet0/0/0]ripng 1 enable
[r2]ripng 1
[r2-ripng-1]int l0
[r2-LoopBack0]ripng 1 enable
[r2-LoopBack0]int g0/0/0
[r2-GigabitEthernet0/0/0]ripng 1 enable
此时R1-R2能够学到对方的环回。
但是需要在R1上,将两个环回汇总一下 :
[r1-GigabitEthernet0/0/0]ripng summary-address 2002:1701:0101:0000:: 64
再一次看图:
接下来是ipv6的内部要出去的是依靠6to4出去
[r2]int Tunnel 0/0/1
[r2-Tunnel0/0/1]ipv6 enable
[r2-Tunnel0/0/1]ipv6 address 2002:1701:0101:0003::1/64
[r2-Tunnel0/0/1]tunnel-protocol ipv6-ipv4 6to4
[r2-Tunnel0/0/1]source g0/0/1
此时R1到R2上还需要路由
[r2]ipv6 route-static 2002:: 16 Tunnel 0/0/1
现在R1还没有到外的路由,现在有两种方法
1.是重新写R1上的路由条目
2.是让R2给R1发一个缺省 (RIP)
only的作用是只给发缺省,不会发环回一起传输,节省路由表
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ripng default-route only
此时左边完成
接下来,来到右边 ipv6 子网 右边
首先
我们先规划ip
公网地址 34.1.1.2 换算
34=32+2-----即:2201:0102::/48
所以ipv4兼容地址为: 2002:2201:0102::/48
此时需要划分一下:
两个AS直接划分为64不合理,两个AS最好是要汇总成为一个
第一步就是要一分为二 ,分成两个49的,再继续往下走
因为AS内部是看IGP的
2002:2201:0102::/49
{
AS1:2002:2201:0102: :/64
2002: 2201: 0102:7FFF::/64
}
{
AS2 : 2002: 2201: 0102: 8000: : /49
}
其中AS1给到R4-R5之间的区域
[r4]ipv6
[r4]int l0
[r4-LoopBack0]ipv6 enable
[r4-LoopBack0]ipv6 address 2002:2201:0102::1/64
[r4-LoopBack0]int g0/0/1
[r4-GigabitEthernet0/0/1]ipv6 enable
[r4-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:001::1/64
[r5]ipv6
[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ipv6 enable
[r5-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:001::2/64
[r5-GigabitEthernet0/0/0]int l0
[r5-LoopBack0]ipv6 enable
[r5-LoopBack0]ipv6 address 2002:2201:0102:8000::1/64
[r5-LoopBack0]int g0/0/1
[r5-GigabitEthernet0/0/1]ipv6 enable
[r5-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:8001::1/64
[r6]ipv6
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ipv6 enable
[r6-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:8001::2/64
[r6-GigabitEthernet0/0/0]int l0
[r6-LoopBack0]ipv6 enable
[r6-LoopBack0]ipv6 address 2002:2201:0102:8002::1/64
[r6-LoopBack0]int g0/0/1
[r6-GigabitEthernet0/0/1]ipv6 enable
[r6-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:8003::1/64
[r7]ipv6
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ipv6 enable
[r7-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:8003::2/64
[r7]int l0
[r7-LoopBack0]ipv6 enable
[r7-LoopBack0]ipv6 address 2002:2201:0102:8004::1/64
[r7-GigabitEthernet0/0/0]int g0/0/1
[r7-GigabitEthernet0/0/1]ipv6 enable
[r7-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:8005::1/64
[r8]ipv6
[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ipv6 enable
[r8-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:8005::2/64
[r8-GigabitEthernet0/0/0]int l0
[r8-LoopBack0]ipv6 enable
[r8-LoopBack0]ipv6 address 2002:2201:0102:8006::1/64
此时已经配好了ipv6的地址了
接下来就是配置ospfv3----IGP
[r5]ospfv3 1
[r5-ospfv3-1]router-id 5.5.5.5
[r5-ospfv3-1]int l0
[r5-LoopBack0]ospfv3 1 area 0
[r5-LoopBack0]int g0/0/0
[r5-GigabitEthernet0/0/0]ospfv3 1 area 0
[r5-GigabitEthernet0/0/0]int g0/0/1
[r5-GigabitEthernet0/0/1]ospfv3 1 area 0
[r6]ospfv3 1
[r6-ospfv3-1]router-id 6.6.6.6
[r6-ospfv3-1]int l0
[r6-LoopBack0]ospfv3 1 area 0
[r6-ospfv3-1]int g0/0/0
[r6-GigabitEthernet0/0/0]ospfv3 1 area 0
[r6-GigabitEthernet0/0/0]int g0/0/1
[r6-GigabitEthernet0/0/1]ospfv3 1 area 0
[r7]ospfv3 1
[r7-ospfv3-1]router-id 7.7.7.7
[r7-ospfv3-1]int l0
[r7-LoopBack0]ospfv3 1 area 0
[r7-LoopBack0]int g0/0/0
[r7-GigabitEthernet0/0/0]ospfv3 1 area 0
[r7-GigabitEthernet0/0/0]int g0/0/1
[r7-GigabitEthernet0/0/1]ospfv3 1 area 0
[r8]ospfv3 1
[r8-ospfv3-1]router-id 8.8.8.8
[r8-ospfv3-1]int l0
[r8-LoopBack0]ospfv3 1 area 0
[r8-LoopBack0]int g0/0/0
[r8-GigabitEthernet0/0/0]ospfv3 1 area 0
以上建邻情况就已经做好了
在R8上查看路由表是否已经齐全,此处已经显示12条,说明已经是起了
接下来起BGP
从R4开始:
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2002:2201:102:1::2 as-number 2
[r4-bgp]ipv6-family
[r4-bgp-af-ipv6]peer 2002:2201:102:1::2 enable
[r5]bgp 64512
[r5-bgp]router-id 5.5.5.5
[r5-bgp]confederation id 2
[r5-bgp]peer 2002:2201:102:1::1 as-number 1
[r5-bgp]ipv6-family
[r5-bgp-af-ipv6]peer 2002:2201:102:1::1 enable
因为ipv6的地址太长容易记混,所以引入一个多数组的概念
[r5-LoopBack0]ipv6 address 5::5/64
[r6-LoopBack0]ipv6 address 6::6/64
[r7-LoopBack0]ipv6 address 7::7/64
[r8-LoopBack0]ipv6 address 8::8/64
这些不用在OSPF中宣告,就可以走OSPF协议
[r5]bgp 64512
[r5-bgp]peer 6::6 as-number 64512
[r5-bgp]peer 6::6 connect-interface LoopBack 0
[r5-bgp]ipv6-family
[r5-bgp-af-ipv6]peer 6::6 enable
[r6]bgp 64512
[r6-bgp]router-id 6.6.6.6
[r6-bgp]confederation id 2
[r6-bgp]peer 5::5 as-number 64512
[r6-bgp]peer 5::5 connect-interface LoopBack 0
[r6-bgp]ipv6-family
[r6-bgp-af-ipv6]peer 5::5 enable
此时在多数组的环境下可以ping通R5到R8
如图:
此时则需要修改,不修改就会一直建不起邻居
[r5-bgp]peer 6::6 connect-interface l0 5::5
[r6-bgp]peer 5::5 connect-interface l0 6::6
[r6-bgp]peer 7::7 as-number 64512
[r6-bgp]peer 7::7 connect-interface l0 6::6
[r6-bgp]ipv6-family
[r6-bgp-af-ipv6]peer 7::7 enable
[r7]bgp 64512
[r7-bgp]router-id 7.7.7.7
[r7-bgp]confederation id 2
[r7-bgp]confederation peer-as 64513
[r7-bgp]peer 6::6 as-number 64512
[r7-bgp]peer 6::6 connect-interface l0 7::7
[r7-bgp]peer 8::8 as-number 64513
[r7-bgp]peer 8::8 connect-interface l0 7::7
[r7-bgp]peer 8::8 ebgp-max-hop 2
[r7-bgp]ipv6-family
[r7-bgp-af-ipv6]peer 6::6 enable
[r7-bgp-af-ipv6]peer 8::8 enable
[r8]bgp 64513
[r8-bgp]router-id 8.8.8.8
[r8-bgp]confederation id 2
[r8-bgp]confederation peer-as 64512
[r8-bgp]peer 7::7 as-number 64512
[r8-bgp]peer 7::7 connect-interface l0 8::8
[r8-bgp]peer 7::7 ebgp-max-hop 2
[r8-bgp]ipv6-family
[r8-bgp-af-ipv6]peer 7::7 enable
此时查看R5上的bgp
如图:
BGP建邻完成
此时R5\R6\R7\R8需要从左边进入公网,还需要和R1\R2建立联系
所以R4要出去就需要做一个tunnel接口
[r4]int Tunnel 0/0/0
[r4-Tunnel0/0/0]ipv6 enable
[r4-Tunnel0/0/0]ipv6 address 2002:2201:0102:2::1/64
[r4-Tunnel0/0/0]tunnel-protocol ipv6-ipv4 6to4
[r4-Tunnel0/0/0]source g0/0/0
[r4]ipv6 route-static 2002:: 16 Tunnel 0/0/0
汇总, 空接口 且宣告
[r5]ipv6 route-static 2002:2201:0102:8000:: 49 NULL 0
[r5]bgp 64512
[r5-bgp]ipv6-family
[r5-bgp-af-ipv6]network 2002:2201:0102:8000:: 49
填补IGP到外网的路由
[r4]bgp 1
[r4-bgp]ipv6-family
[r4-bgp-af-ipv6]network 2002:: 16
[r5]bgp 64512
[r5-bgp]ipv6-family
[r5-bgp-af-ipv6]peer 6::6 next-hop-local
信息能够给到6
但是给不到7
所以就在R6上做一个反射器
[r6]bgp 64512
[r6-bgp]ipv6-family
[r6-bgp-af-ipv6]peer 7::7 reflect-client
实验完成!!!
实验总结:
首先这个类似一个综合实验,我们需要一部分一部分的做,才比较简单,其次,这些配置问题都是在ipv4的基本命令上添加了一部分而已,不算难。
注意打tunnel接口的时候记得写缺省,不然通不了,ipv6的地址比较长,需要细心一点的去写。