赞
踩
建议食用原文
原文链接
BGP与IGP交互示例
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-bV9zA7wA-1670225013617)(image/image_V0IS8mG4NK.png)]
用户将网络划分为AS65008和AS65009,在AS65009内,使用IGP协议来计算路由(该例使用OSPF做为IGP协议)。要求实现两个AS之间的互相通信。
采用如下的思路配置BGP与IGP交互:
在Router2、Router3和Router4上配置OSPF协议,使Router2、3、4之间可以互访。
在Router1和Router2上配置EBGP连接,使Router1和Router2之间可以通过BGP相互传递路由。
在Router2上配置BGP与OSPF互相引入,实现两个AS之间的互相通信。
(可选)在Router2上配置BGP路由聚合,可以简化BGP路由表规模。
AR1
# interface GigabitEthernet0/0/0 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 150.1.1.254 255.255.255.0 # interface LoopBack0 ip address 10.10.10.1 255.255.255.255 # bgp 65008 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 150.1.1.0 255.255.255.0 peer 10.10.10.2 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.1.2 #
AR2
# interface LoopBack0 ip address 10.10.10.2 255.255.255.255 # bgp 65009 peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 group 234 internal peer 234 connect-interface LoopBack0 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 # ipv4-family unicast undo synchronization import-route ospf 1 peer 10.10.10.1 enable peer 234 enable peer 234 next-hop-local peer 10.10.10.3 enable peer 10.10.10.3 group 234 peer 10.10.10.4 enable peer 10.10.10.4 group 234 # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.24.0 0.0.0.255 # ip route-static 10.10.10.1 255.255.255.255 100.1.1.1 #
AR3
# interface GigabitEthernet0/0/0 ip address 192.168.34.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 192.168.23.3 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.3 255.255.255.255 # bgp 65009 group 234 internal peer 234 connect-interface LoopBack0 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 # ipv4-family unicast undo synchronization peer 234 enable peer 10.10.10.2 enable peer 10.10.10.2 group 234 peer 10.10.10.4 enable peer 10.10.10.4 group 234 # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.34.0 0.0.0.255 #
AR4
# interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/1 ip address 192.168.34.4 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 192.168.24.4 255.255.255.0 # interface LoopBack0 ip address 10.10.10.4 255.255.255.255 # bgp 65009 group 234 internal peer 234 connect-interface LoopBack0 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 # ipv4-family unicast undo synchronization peer 234 enable peer 10.10.10.2 enable peer 10.10.10.2 group 234 peer 10.10.10.3 enable peer 10.10.10.3 group 234 # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 192.168.24.0 0.0.0.255 network 192.168.34.0 0.0.0.255 #
配置AS_Path过滤器示例
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-c2e9toef-1670225013618)(image/image_gdgvpPO-nY.png)]
Router1与Router2、Router4与Router5之间建立EBGP连接。用户希望AS65008的设备和AS65010的设备无法相互通信。
采用如下思路配置BGP的AS_Path过滤器:
在Router1和Router2之间、Router4和Router5之间分别配置EBGP连接,并宣告直连路由,使AS之间通过EBGP连接实现相互通信。
在RouterB上配置AS_Path过滤器,并应用该过滤规则,使AS65009不向AS65008发布AS65010的路由,也不向AS65010发布AS65008的路由。
代码段A:实现需求1
AS之间互相通信
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iewE0GFn-1670225013619)(image/image_awVTVm2clo.png)]
查看Router2的发布路由表。以Router2发布给Router1的路由表为例,可以看到RouterB发布了AS65010宣告的路由
# 查看Router2的发布路由表。以Router2发布给Router1的路由表为例,可以看到RouterB发布了AS65010宣告的路由: [AR2-bgp]display bgp routing-table peer 10.10.10.1 advertised-routes BGP Local router ID is 100.1.1.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 120.1.1.0/24 10.10.10.2 0 65009 65010i
同样,查看Router1的路由表,可以看到Router1也通过Router2学习到了这条路由
<AR1>dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 10.10.10.2 0 65009 65010i
*> 150.1.1.0/24 0.0.0.0 0 0 i
查看Router4的发布路由表。以Router4发布给Router5的路由表为例,可以看到Router4发布了AS65008宣告的路由
<AR4>dis bgp routing-table peer 10.10.10.5 advertised-routes
BGP Local router ID is 10.10.10.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 150.1.1.0/24 10.10.10.4 0 65009 6500
8i
<AR4>
同样,查看Router5的路由表,可以看到Router5也通过Router4学习到了这条路由
<AR5>dis bgp routing-table
BGP Local router ID is 200.1.1.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
*> 150.1.1.0/24 10.10.10.4 0 65009 65008i
AR1
# interface GigabitEthernet0/0/0 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 150.1.1.254 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.1 255.255.255.255 # bgp 65008 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization summary automatic network 150.1.1.0 255.255.255.0 peer 10.10.10.2 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.1.2 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 #
AR2
# interface GigabitEthernet0/0/0 ip address 192.168.23.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 192.168.24.2 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.2 255.255.255.255 # bgp 65009 peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 group 234 internal peer 234 connect-interface LoopBack0 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 # ipv4-family unicast undo synchronization peer 10.10.10.1 enable peer 234 enable peer 234 next-hop-local peer 10.10.10.3 enable peer 10.10.10.3 group 234 peer 10.10.10.4 enable peer 10.10.10.4 group 234 # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.24.0 0.0.0.255 # ip route-static 10.10.10.1 255.255.255.255 100.1.1.1 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR3
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.34.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 192.168.23.3 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.3 255.255.255.255 # bgp 65009 group 234 internal peer 234 connect-interface LoopBack0 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 # ipv4-family unicast undo synchronization peer 234 enable peer 10.10.10.2 enable peer 10.10.10.2 group 234 peer 10.10.10.4 enable peer 10.10.10.4 group 234 # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.34.0 0.0.0.255 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR4
# interface GigabitEthernet0/0/0 ip address 200.1.1.4 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 192.168.34.4 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 192.168.24.4 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.4 255.255.255.255 # bgp 65009 peer 10.10.10.5 as-number 65010 peer 10.10.10.5 ebgp-max-hop 255 peer 10.10.10.5 connect-interface LoopBack0 group 234 internal peer 234 connect-interface LoopBack0 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 # ipv4-family unicast undo synchronization peer 10.10.10.5 enable peer 234 enable peer 234 next-hop-local peer 10.10.10.2 enable peer 10.10.10.2 group 234 peer 10.10.10.3 enable peer 10.10.10.3 group 234 # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 192.168.24.0 0.0.0.255 network 192.168.34.0 0.0.0.255 # ip route-static 10.10.10.5 255.255.255.255 200.1.1.5 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR5
# interface GigabitEthernet0/0/0 ip address 200.1.1.5 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 120.1.1.254 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.5 255.255.255.255 # bgp 65010 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 ebgp-max-hop 255 peer 10.10.10.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization summary automatic network 120.1.1.0 255.255.255.0 peer 10.10.10.4 enable # ip route-static 10.10.10.4 255.255.255.255 200.1.1.4 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
代码段B:实现需求2
AR2:
在Router2上配置AS_Path过滤器,并在Router2的出方向上应用该过滤器创建编号为as65008的AS_Path过滤器,拒绝包含AS号65010的路由通过(正则表达式"65010"表示任何包含AS65010的AS列表,". *"表示与任何字符匹配)。
[AR2]ip as-path-filter as65008 deny _65010_
[AR2]ip as-path-filter as65008 permit .*
[AR2]bgp 65009
[AR2-bgp]peer 10.10.10.1 as-path-filter as65008 export
AR4:
在Router4上配置AS_Path过滤器,并在Router4的出方向上应用该过滤器创建编号为as65010的AS_Path过滤器 **,拒绝包含AS号65008的路由通过(正则表达式"65010"表示任何包含AS65008的AS列表,". "表示与任何字符匹配) *。
[AR4]ip as-path-filter as65010 deny _65008_
[AR4]ip as-path-filter as65010 permit .*
[AR4]bgp 65009
[AR4-bgp]peer 10.10.10.5 as-path-filter as65010 export
再次查看Router2和Router4的发布路由表,为空
[AR2]display bgp routing-table peer 10.10.10.1 advertised-routes
[AR2]
[AR4]display bgp routing-table peer 10.10.10.5 advertised-routes
[AR4]
查看Router1和Router5的bgp路由表,没有过滤之后的路由
<AR1>dis bgp routing-table BGP Local router ID is 10.10.10.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 150.1.1.0/24 0.0.0.0 0 0 i <AR1> ------------------------------------------------------------------------------- <AR5>dis bgp routing-table BGP Local router ID is 200.1.1.5 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 120.1.1.0/24 0.0.0.0 0 0 i <AR5>
没有路由后PC之间自然不同
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iQyJttix-1670225013619)(image/image_zRw77wYCvK.png)]
AS_Path过滤器配置文件
拓扑:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Kreaxndw-1670225013620)(image/image_ENXo-v0MOH.png)]
使用方法:
下载压缩包解压
建立好拓扑后右击路由器导入配置
选择对应的Router导入
启动路由器
配置BGP的MED属性控制路由
拓扑:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-02BpNsCV-1670225013621)(image/image_x6Oj7L0V4t.png)]
组网需求:
所有路由器配置BGP,AR1与AR2、AR3之间建立EBGP邻居,AR2与AR3建立IBGP关系,需求从65008到65009的流量优先通过AR3
配置思路:
采用如下的思路配置BGP的MED属性控制路由选择:
通过使用路由策略增大AR2发送给AR1的MED值,这样可以使AR1选择AR3作为流量发往AS65009的入口设备。
配置:
AR1
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 120.1.1.254 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 200.1.1.1 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.1 255.255.255.255 # bgp 65008 group 009 external peer 009 as-number 65009 peer 009 ebgp-max-hop 255 peer 009 connect-interface LoopBack0 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 009 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 009 # ipv4-family unicast undo synchronization network 120.1.1.0 255.255.255.0 peer 009 enable peer 10.10.10.2 enable peer 10.10.10.2 group 009 peer 10.10.10.3 enable peer 10.10.10.3 group 009 # ip route-static 10.10.10.2 255.255.255.255 100.1.1.2 ip route-static 10.10.10.3 255.255.255.255 200.1.1.3 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR2
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.23.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 150.1.1.254 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.2 255.255.255.255 # bgp 65009 peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 150.1.1.0 255.255.255.0 peer 10.10.10.1 enable peer 10.10.10.3 enable # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 150.1.1.0 0.0.0.255 network 192.168.23.0 0.0.0.255 # ip route-static 10.10.10.1 255.255.255.255 100.1.1.1 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR3
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.23.3 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 ip address 200.1.1.3 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.3 255.255.255.255 # bgp 65009 peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 peer 10.10.10.2 as-number 65009 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.1 enable peer 10.10.10.2 enable # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 192.168.23.0 0.0.0.255 # ip route-static 10.10.10.1 255.255.255.255 200.1.1.1 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
查看AR1的路由表
路由表AR1
<AR1>dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
*> 150.1.1.0/24 10.10.10.2 0 0 65009i
* 10.10.10.3 0 65009i
<AR1>
从路由表可以看出,到达目的地址150.1.1.0/24有两条有效路由,其中下一跳为10.10.10.2的路由是最优路由。
配置MED属性
通过策略配置AR2发个AR1的MED值
AR2
[AR2]route-policy 10 permit node 10
Info: New Sequence of this List.
[AR2-route-policy]apply cost 100
[AR2]bgp 65009
[AR2-bgp]peer 10.10.10.1 route-policy 10 export
[AR2-bgp]
查看AR1的路由表
路由表AR1
[AR1-bgp]dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
*> 150.1.1.0/24 10.10.10.3 0 65009i
* 10.10.10.2 100 0 65009i
[AR1-bgp]
从路由表中可以看出,由于下一跳为10.10.10.2 32(SwitchB)的路由MED值为100,而下一跳为10.10.10.3 32的MED值为0,所以BGP优先选择MED值较小的路由。
在PC机上路由追踪:去往去往AS 65009的流量优先经过AR3
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-i2lGa4Wy-1670225013621)(image/image_186qVVz4X-.png)]
MED属性控制配置文件
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-r6raqhiE-1670225013622)(image/image_tLIxSCvYn2.png)]
配置BGP路由反射器
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fFiXiZpA-1670225013623)(image/image_DWiGkp9j6R.png)]
4台设备分属两个不同AS,AR1和AR2之间建立EBGP邻居,AR3分别和AR2及AR4建立IBGP邻居。为了避免IBGP全连接,达到简化网络配置的目的,用户希望AR2和AR4间在不建立IBGP连接的情况下实现两个AS之间的互通。
采用如下的思路配置BGP路由反射器:
配置BGP基本功能,实现BGP邻居间的互通。
配置AR3为路由反射器,AR2和AR3是它的两个客户机。这样可以使得AR2和AR4之间不需要建立IBGP连接即可学习到AR1发布的路由,达到简化配置的目的。
配置:
AR1:
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 ip address 150.1.1.254 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.1 255.255.255.255 # bgp 100 peer 10.10.10.2 as-number 200 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 150.1.1.0 255.255.255.0 peer 10.10.10.2 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.1.2 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR2:
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 200.1.23.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.2 255.255.255.255 # bgp 200 peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 peer 10.10.10.3 as-number 200 peer 10.10.10.3 connect-interface LoopBack0 # ipv4-family unicast import-route ospf 1 undo synchronization peer 10.10.10.1 enable peer 10.10.10.3 enable peer 10.10.10.3 next-hop-local # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 200.1.23.0 0.0.0.255 # ip route-static 10.10.10.1 255.255.255.255 100.1.1.1 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR3
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 200.1.34.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 200.1.23.3 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.3 255.255.255.255 # bgp 200 group 200 internal peer 200 connect-interface LoopBack0 peer 10.10.10.2 as-number 200 peer 10.10.10.2 group 200 peer 10.10.10.4 as-number 200 peer 10.10.10.4 group 200 # ipv4-family unicast undo synchronization peer 200 enable peer 200 reflect-client peer 10.10.10.2 enable peer 10.10.10.2 group 200 peer 10.10.10.4 enable peer 10.10.10.4 group 200 # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 200.1.23.0 0.0.0.255 network 200.1.34.0 0.0.0.255 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return <AR3>
AR4
# firewall zone Local priority 15 # interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/1 ip address 200.1.34.4 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.4 255.255.255.255 # bgp 200 peer 10.10.10.3 as-number 200 peer 10.10.10.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.3 enable # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 200.1.34.0 0.0.0.255 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
在AR2查看路由表
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iIpw6fhN-1670225013624)(image/image_GZrQb_9npf.png)]
在AR3查看路由表
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-mvVVKcry-1670225013624)(image/image_2FfKSq9ksU.png)]
在AR4查看路由表
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-dyCGk7tG-1670225013625)(image/image_SaeHZ2V7lg.png)]
在PC机上pingAR4的回环口
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-1gvsVRkC-1670225013625)(image/image_CU2P2dz1BZ.png)]
BGP路由反射器配置文件
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-f30ZzWcK-1670225013626)(image/image_TLgtto9-PN.png)]
配置BGP联盟
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SLpP97ea-1670225013626)(image/image_3vxWLFIMkw.png)]
解决AS内部的IBGP网络连接激增问题,除了使用路由反射器之外,还可以使用联盟(Confederation)。联盟将一个AS划分为若干个子AS。每个子AS内部建立IBGP全连接关系,子AS之间建立联盟EBGP连接关系,但联盟外部AS仍认为联盟是一个AS。配置联盟后,原AS号将作为每个路由器的联盟ID。这样有两个好处:一是可以保留原有的IBGP属性,包括Local Preference属性、MED属性和NEXT_HOP属性等;二是联盟相关的属性在传出联盟时会自动被删除,即管理员无需在联盟的出口处配置过滤子AS号等信息的操作。
路由反射器 | 联盟 |
---|---|
不需要更改现有的网络拓扑,兼容性好。 | 需要改变逻辑拓扑。 |
配置方便,只需要对作为反射器的设备进行配置,客户机并不需要知道自己是客户机。 | 所有设备需要重新进行配置。 |
集群与集群之间仍然需要全连接。 | 联盟的子AS之间是特殊的EBGP连接,不需要全连接。 |
适用于中、大规模网络。 | 适用于大规模网络。 |
配置命令:
AR1
# sysname AR1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.12.1 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 ip address 192.168.1.254 255.255.255.0 # interface NULL0 # interface LoopBack0 ip address 10.10.10.1 255.255.255.255 # bgp 100 peer 10.10.10.2 as-number 200 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 192.168.1.0 peer 10.10.10.2 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.12.2 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR2
# sysname AR2 # board add 0/5 4GET # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standad-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.24.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.12.2 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 100.1.23.2 255.255.255.0 # interface GigabitEthernet5/0/0 # interface GigabitEthernet5/0/1 ip address 100.1.25.2 255.255.255.0 # interface GigabitEthernet5/0/2 ip address 100.1.26.2 255.255.255.0 # interface GigabitEthernet5/0/3 # interface NULL0 # interface LoopBack0 ip address 10.10.10.2 255.255.255.255 # bgp 65001 router-id 2.2.2.2 confederation id 200 confederation peer-as 65002 65003 peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 peer 10.10.10.5 as-number 65002 peer 10.10.10.5 ebgp-max-hop 255 peer 10.10.10.5 connect-interface LoopBack0 peer 10.10.10.6 as-number 65003 peer 10.10.10.6 ebgp-max-hop 255 peer 10.10.10.6 connect-interface LoopBack0 group ibgp internal peer ibgp connect-interface LoopBack0 peer 10.10.10.3 as-number 65001 peer 10.10.10.3 group ibgp peer 10.10.10.4 as-number 65001 peer 10.10.10.4 group ibgp # ipv4-family unicast undo synchronization peer 10.10.10.1 enable peer 10.10.10.5 enable peer 10.10.10.5 next-hop-local peer 10.10.10.6 enable peer 10.10.10.6 next-hop-local peer ibgp enable peer ibgp next-hop-local peer 10.10.10.3 enable peer 10.10.10.3 group ibgp peer 10.10.10.4 enable peer 10.10.10.4 group ibgp # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 100.1.23.0 0.0.0.255 network 100.1.24.0 0.0.0.255 # ip route-static 10.10.10.1 255.255.255.255 100.1.12.1 ip route-static 10.10.10.5 255.255.255.255 100.1.25.5 ip route-static 10.10.10.6 255.255.255.255 100.1.26.6 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR3
# sysname AR3 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.23.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.34.3 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.3 255.255.255.255 # bgp 65001 router-id 3.3.3.3 group ibgp internal peer ibgp connect-interface LoopBack0 peer 10.10.10.2 as-number 65001 peer 10.10.10.2 group ibgp peer 10.10.10.4 as-number 65001 peer 10.10.10.4 group ibgp # ipv4-family unicast undo synchronization peer ibgp enable peer 10.10.10.2 enable peer 10.10.10.2 group ibgp peer 10.10.10.4 enable peer 10.10.10.4 group ibgp # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 100.1.23.0 0.0.0.255 network 100.1.34.0 0.0.0.255 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR4
# sysname AR4 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.34.4 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.24.4 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.4 255.255.255.255 # bgp 65001 router-id 4.4.4.4 group ibgp internal peer ibgp connect-interface LoopBack0 peer 10.10.10.2 as-number 65001 peer 10.10.10.2 group ibgp peer 10.10.10.3 as-number 65001 peer 10.10.10.3 group ibgp # ipv4-family unicast undo synchronization peer ibgp enable peer 10.10.10.2 enable peer 10.10.10.2 group ibgp peer 10.10.10.3 enable peer 10.10.10.3 group ibgp # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 100.1.24.0 0.0.0.255 network 100.1.34.0 0.0.0.255 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR5
[V200R003C00] # sysname AR5 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.25.5 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.5 255.255.255.255 # bgp 65002 router-id 5.5.5.5 confederation id 200 confederation peer-as 65001 peer 10.10.10.2 as-number 65001 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.2 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.25.2 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR6
# sysname AR6 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.26.6 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.6 255.255.255.255 # bgp 65003 router-id 6.6.6.6 confederation id 200 confederation peer-as 65001 peer 10.10.10.2 as-number 65001 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.2 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.26.2 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
BGP联盟配置文件
拓扑:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-cdKq7qxm-1670225013627)(image/image_uQ6AjQHeQH.png)]
配置BGP负载分担
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6clPg1JY-1670225013627)(image/image_VirktNsmEj.png)]
所有路由器都配置BGP,R2在AS100中,R2和RouterC在AS300中,R4在AS200中。要求减少充分利用网络资源R4到目的地址10.10.10.10/32网络拥塞,充分利用网络资源
采用如下的思路配置BGP负载分担:
在R1和R2、R1和R3、R4和R2、R4和R3之间配置EBGP连接,实现AS之间使用BGP协议相互通信。
在R4上配置负载分担功能,使从RouterA发送的流量可以经过RouterB和RouterC两条路径到达R1,实现对网络资源的充分利用。
配置:
AR1
# sysname AR1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.12.1 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.13.1 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.1 255.255.255.255 # interface LoopBack10 ip address 10.10.10.10 255.255.255.255 # bgp 100 peer 10.10.10.2 as-number 300 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 peer 10.10.10.3 as-number 300 peer 10.10.10.3 ebgp-max-hop 255 peer 10.10.10.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 10.0.0.0 network 10.10.10.10 255.255.255.255 peer 10.10.10.2 enable peer 10.10.10.3 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.12.2 ip route-static 10.10.10.3 255.255.255.255 100.1.13.3 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR2
# sysname AR2 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.24.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.12.2 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.2 255.255.255.255 # bgp 300 peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 peer 10.10.10.4 as-number 200 peer 10.10.10.4 ebgp-max-hop 255 peer 10.10.10.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.1 enable peer 10.10.10.4 enable # ip route-static 10.10.10.1 255.255.255.255 100.1.12.1 ip route-static 10.10.10.4 255.255.255.255 100.1.24.4 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR3
# sysname AR3 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.13.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.34.3 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.3 255.255.255.255 # bgp 300 peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0 peer 10.10.10.4 as-number 200 peer 10.10.10.4 ebgp-max-hop 255 peer 10.10.10.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.1 enable peer 10.10.10.4 enable # ip route-static 10.10.10.1 255.255.255.255 100.1.13.1 ip route-static 10.10.10.4 255.255.255.255 100.1.34.4 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
AR4
# sysname AR4 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 100.1.34.4 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 100.1.24.4 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 10.10.10.4 255.255.255.255 # bgp 200 peer 10.10.10.2 as-number 300 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0 peer 10.10.10.3 as-number 300 peer 10.10.10.3 ebgp-max-hop 255 peer 10.10.10.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization maximum load-balancing 2 peer 10.10.10.2 enable peer 10.10.10.3 enable # ip route-static 10.10.10.2 255.255.255.255 100.1.24.2 ip route-static 10.10.10.3 255.255.255.255 100.1.34.3 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。