需求:
用户将网络划分为AS65008和AS65009,在AS65009内,使用IGP协议来计算路由(该例使用OSPF做为IGP协议)。要求实现两个AS之间的互相通信。
配置思路:
采用如下的思路配置BGP与IGP交互:
- 在Router2、Router3和Router4上配置OSPF协议,使Router2、3、4之间可以互访。
- 在Router1和Router2上配置EBGP连接,使Router1和Router2之间可以通过BGP相互传递路由。
- 在Router2上配置BGP与OSPF互相引入,实现两个AS之间的互相通信。
- (可选)在Router2上配置BGP路由聚合,可以简化BGP路由表规模。
- AR1
#
interface GigabitEthernet0/0/0
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 150.1.1.254 255.255.255.0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
bgp 65008
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 150.1.1.0 255.255.255.0
peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
#
- AR2
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
#
bgp 65009
peer 10.10.10.1 as-number 65008
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
group 234 internal
peer 234 connect-interface LoopBack0
peer 10.10.10.3 as-number 65009
peer 10.10.10.3 group 234
peer 10.10.10.4 as-number 65009
peer 10.10.10.4 group 234
#
ipv4-family unicast
undo synchronization
import-route ospf 1
peer 10.10.10.1 enable
peer 234 enable
peer 234 next-hop-local
peer 10.10.10.3 enable
peer 10.10.10.3 group 234
peer 10.10.10.4 enable
peer 10.10.10.4 group 234
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.2 0.0.0.0
network 192.168.23.0 0.0.0.255
network 192.168.24.0 0.0.0.255
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
- AR3
#
interface GigabitEthernet0/0/0
ip address 192.168.34.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.23.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
#
bgp 65009
group 234 internal
peer 234 connect-interface LoopBack0
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 group 234
peer 10.10.10.4 as-number 65009
peer 10.10.10.4 group 234
#
ipv4-family unicast
undo synchronization
peer 234 enable
peer 10.10.10.2 enable
peer 10.10.10.2 group 234
peer 10.10.10.4 enable
peer 10.10.10.4 group 234
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.10.10.3 0.0.0.0
network 192.168.23.0 0.0.0.255
network 192.168.34.0 0.0.0.255
#
- AR4
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 192.168.34.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.24.4 255.255.255.0
#
interface LoopBack0
ip address 10.10.10.4 255.255.255.255
#
bgp 65009
group 234 internal
peer 234 connect-interface LoopBack0
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 group 234
peer 10.10.10.3 as-number 65009
peer 10.10.10.3 group 234
#
ipv4-family unicast
undo synchronization
peer 234 enable
peer 10.10.10.2 enable
peer 10.10.10.2 group 234
peer 10.10.10.3 enable
peer 10.10.10.3 group 234
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.10.10.4 0.0.0.0
network 192.168.24.0 0.0.0.255
network 192.168.34.0 0.0.0.255
#
- 配置AS_Path过滤器示例
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-c2e9toef-1670225013618)(image/image_gdgvpPO-nY.png)]
组网示意
Router1与Router2、Router4与Router5之间建立EBGP连接。用户希望AS65008的设备和AS65010的设备无法相互通信。
配置思路
采用如下思路配置BGP的AS_Path过滤器:
- 在Router1和Router2之间、Router4和Router5之间分别配置EBGP连接,并宣告直连路由,使AS之间通过EBGP连接实现相互通信。
- 在RouterB上配置AS_Path过滤器,并应用该过滤规则,使AS65009不向AS65008发布AS65010的路由,也不向AS65010发布AS65008的路由。
代码段A:实现需求1
AS之间互相通信
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iewE0GFn-1670225013619)(image/image_awVTVm2clo.png)]
- 查看Router2的发布路由表。以Router2发布给Router1的路由表为例,可以看到RouterB发布了AS65010宣告的路由
# 查看Router2的发布路由表。以Router2发布给Router1的路由表为例,可以看到RouterB发布了AS65010宣告的路由:
[AR2-bgp]display bgp routing-table peer 10.10.10.1 advertised-routes
BGP Local router ID is 100.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 120.1.1.0/24 10.10.10.2 0 65009 65010i
- 同样,查看Router1的路由表,可以看到Router1也通过Router2学习到了这条路由
<AR1>dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 10.10.10.2 0 65009 65010i
*> 150.1.1.0/24 0.0.0.0 0 0 i
- 查看Router4的发布路由表。以Router4发布给Router5的路由表为例,可以看到Router4发布了AS65008宣告的路由
<AR4>dis bgp routing-table peer 10.10.10.5 advertised-routes
BGP Local router ID is 10.10.10.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 150.1.1.0/24 10.10.10.4 0 65009 6500
8i
<AR4>
- 同样,查看Router5的路由表,可以看到Router5也通过Router4学习到了这条路由
<AR5>dis bgp routing-table
BGP Local router ID is 200.1.1.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
*> 150.1.1.0/24 10.10.10.4 0 65009 65008i
- AR1
#
interface GigabitEthernet0/0/0
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 150.1.1.254 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
bgp 65008
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
summary automatic
network 150.1.1.0 255.255.255.0
peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
- AR2
#
interface GigabitEthernet0/0/0
ip address 192.168.23.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.24.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
#
bgp 65009
peer 10.10.10.1 as-number 65008
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
group 234 internal
peer 234 connect-interface LoopBack0
peer 10.10.10.3 as-number 65009
peer 10.10.10.3 group 234
peer 10.10.10.4 as-number 65009
peer 10.10.10.4 group 234
#
ipv4-family unicast
undo synchronization
peer 10.10.10.1 enable
peer 234 enable
peer 234 next-hop-local
peer 10.10.10.3 enable
peer 10.10.10.3 group 234
peer 10.10.10.4 enable
peer 10.10.10.4 group 234
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.2 0.0.0.0
network 192.168.23.0 0.0.0.255
network 192.168.24.0 0.0.0.255
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR3
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.34.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.23.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
#
bgp 65009
group 234 internal
peer 234 connect-interface LoopBack0
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 group 234
peer 10.10.10.4 as-number 65009
peer 10.10.10.4 group 234
#
ipv4-family unicast
undo synchronization
peer 234 enable
peer 10.10.10.2 enable
peer 10.10.10.2 group 234
peer 10.10.10.4 enable
peer 10.10.10.4 group 234
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.10.10.3 0.0.0.0
network 192.168.23.0 0.0.0.255
network 192.168.34.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR4
#
interface GigabitEthernet0/0/0
ip address 200.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.34.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.24.4 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.4 255.255.255.255
#
bgp 65009
peer 10.10.10.5 as-number 65010
peer 10.10.10.5 ebgp-max-hop 255
peer 10.10.10.5 connect-interface LoopBack0
group 234 internal
peer 234 connect-interface LoopBack0
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 group 234
peer 10.10.10.3 as-number 65009
peer 10.10.10.3 group 234
#
ipv4-family unicast
undo synchronization
peer 10.10.10.5 enable
peer 234 enable
peer 234 next-hop-local
peer 10.10.10.2 enable
peer 10.10.10.2 group 234
peer 10.10.10.3 enable
peer 10.10.10.3 group 234
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.10.10.4 0.0.0.0
network 192.168.24.0 0.0.0.255
network 192.168.34.0 0.0.0.255
#
ip route-static 10.10.10.5 255.255.255.255 200.1.1.5
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR5
#
interface GigabitEthernet0/0/0
ip address 200.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 120.1.1.254 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.5 255.255.255.255
#
bgp 65010
peer 10.10.10.4 as-number 65009
peer 10.10.10.4 ebgp-max-hop 255
peer 10.10.10.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
summary automatic
network 120.1.1.0 255.255.255.0
peer 10.10.10.4 enable
#
ip route-static 10.10.10.4 255.255.255.255 200.1.1.4
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
代码段B:实现需求2
- AR2:
在Router2上配置AS_Path过滤器,并在Router2的出方向上应用该过滤器创建编号为as65008的AS_Path过滤器,拒绝包含AS号65010的路由通过(正则表达式"65010"表示任何包含AS65010的AS列表,". *"表示与任何字符匹配)。
[AR2]ip as-path-filter as65008 deny _65010_
[AR2]ip as-path-filter as65008 permit .*
[AR2]bgp 65009
[AR2-bgp]peer 10.10.10.1 as-path-filter as65008 export
- AR4:
在Router4上配置AS_Path过滤器,并在Router4的出方向上应用该过滤器创建编号为as65010的AS_Path过滤器 **,拒绝包含AS号65008的路由通过(正则表达式"65010"表示任何包含AS65008的AS列表,". "表示与任何字符匹配) *。
[AR4]ip as-path-filter as65010 deny _65008_
[AR4]ip as-path-filter as65010 permit .*
[AR4]bgp 65009
[AR4-bgp]peer 10.10.10.5 as-path-filter as65010 export
再次查看Router2和Router4的发布路由表,为空
[AR2]display bgp routing-table peer 10.10.10.1 advertised-routes
[AR2]
[AR4]display bgp routing-table peer 10.10.10.5 advertised-routes
[AR4]
查看Router1和Router5的bgp路由表,没有过滤之后的路由
<AR1>dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 150.1.1.0/24 0.0.0.0 0 0 i
<AR1>
-------------------------------------------------------------------------------
<AR5>dis bgp routing-table
BGP Local router ID is 200.1.1.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
<AR5>
- 没有路由后PC之间自然不同
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iQyJttix-1670225013619)(image/image_zRw77wYCvK.png)]
- AS_Path过滤器配置文件
拓扑:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Kreaxndw-1670225013620)(image/image_ENXo-v0MOH.png)]
BGP AS过滤 配置文件.zip使用方法:
- 下载压缩包解压
- 建立好拓扑后右击路由器导入配置
- 选择对应的Router导入
- 启动路由器
- 配置BGP的MED属性控制路由
拓扑:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-02BpNsCV-1670225013621)(image/image_x6Oj7L0V4t.png)]
- 组网需求:
所有路由器配置BGP,AR1与AR2、AR3之间建立EBGP邻居,AR2与AR3建立IBGP关系,需求从65008到65009的流量优先通过AR3 - 配置思路:
- 采用如下的思路配置BGP的MED属性控制路由选择:
- 通过使用路由策略增大AR2发送给AR1的MED值,这样可以使AR1选择AR3作为流量发往AS65009的入口设备。
配置:
- AR1
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 120.1.1.254 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 200.1.1.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
bgp 65008
group 009 external
peer 009 as-number 65009
peer 009 ebgp-max-hop 255
peer 009 connect-interface LoopBack0
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 group 009
peer 10.10.10.3 as-number 65009
peer 10.10.10.3 group 009
#
ipv4-family unicast
undo synchronization
network 120.1.1.0 255.255.255.0
peer 009 enable
peer 10.10.10.2 enable
peer 10.10.10.2 group 009
peer 10.10.10.3 enable
peer 10.10.10.3 group 009
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
ip route-static 10.10.10.3 255.255.255.255 200.1.1.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR2
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.23.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 150.1.1.254 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
#
bgp 65009
peer 10.10.10.1 as-number 65008
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
peer 10.10.10.3 as-number 65009
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 150.1.1.0 255.255.255.0
peer 10.10.10.1 enable
peer 10.10.10.3 enable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.2 0.0.0.0
network 150.1.1.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR3
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.23.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 200.1.1.3 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
#
bgp 65009
peer 10.10.10.1 as-number 65008
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
peer 10.10.10.2 as-number 65009
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.1 enable
peer 10.10.10.2 enable
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.10.10.3 0.0.0.0
network 192.168.23.0 0.0.0.255
#
ip route-static 10.10.10.1 255.255.255.255 200.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
查看AR1的路由表
- 路由表AR1
<AR1>dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
*> 150.1.1.0/24 10.10.10.2 0 0 65009i
* 10.10.10.3 0 65009i
<AR1>
从路由表可以看出,到达目的地址150.1.1.0/24有两条有效路由,其中下一跳为10.10.10.2的路由是最优路由。
配置MED属性
通过策略配置AR2发个AR1的MED值
- AR2
[AR2]route-policy 10 permit node 10
Info: New Sequence of this List.
[AR2-route-policy]apply cost 100
[AR2]bgp 65009
[AR2-bgp]peer 10.10.10.1 route-policy 10 export
[AR2-bgp]
查看AR1的路由表
- 路由表AR1
[AR1-bgp]dis bgp routing-table
BGP Local router ID is 10.10.10.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 120.1.1.0/24 0.0.0.0 0 0 i
*> 150.1.1.0/24 10.10.10.3 0 65009i
* 10.10.10.2 100 0 65009i
[AR1-bgp]
从路由表中可以看出,由于下一跳为10.10.10.2 32(SwitchB)的路由MED值为100,而下一跳为10.10.10.3 32的MED值为0,所以BGP优先选择MED值较小的路由。
在PC机上路由追踪:去往去往AS 65009的流量优先经过AR3
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-i2lGa4Wy-1670225013621)(image/image_186qVVz4X-.png)]
- MED属性控制配置文件
BGP MED属性控制.zip[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-r6raqhiE-1670225013622)(image/image_tLIxSCvYn2.png)]
- 配置BGP路由反射器
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fFiXiZpA-1670225013623)(image/image_DWiGkp9j6R.png)]
组网需求
4台设备分属两个不同AS,AR1和AR2之间建立EBGP邻居,AR3分别和AR2及AR4建立IBGP邻居。为了避免IBGP全连接,达到简化网络配置的目的,用户希望AR2和AR4间在不建立IBGP连接的情况下实现两个AS之间的互通。
配置思路
采用如下的思路配置BGP路由反射器:
- 配置BGP基本功能,实现BGP邻居间的互通。
- 配置AR3为路由反射器,AR2和AR3是它的两个客户机。这样可以使得AR2和AR4之间不需要建立IBGP连接即可学习到AR1发布的路由,达到简化配置的目的。
配置:
- AR1:
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 150.1.1.254 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
bgp 100
peer 10.10.10.2 as-number 200
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 150.1.1.0 255.255.255.0
peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR2:
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 200.1.23.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
#
bgp 200
peer 10.10.10.1 as-number 100
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
peer 10.10.10.3 as-number 200
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
import-route ospf 1
undo synchronization
peer 10.10.10.1 enable
peer 10.10.10.3 enable
peer 10.10.10.3 next-hop-local
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.2 0.0.0.0
network 200.1.23.0 0.0.0.255
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR3
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 200.1.34.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 200.1.23.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
#
bgp 200
group 200 internal
peer 200 connect-interface LoopBack0
peer 10.10.10.2 as-number 200
peer 10.10.10.2 group 200
peer 10.10.10.4 as-number 200
peer 10.10.10.4 group 200
#
ipv4-family unicast
undo synchronization
peer 200 enable
peer 200 reflect-client
peer 10.10.10.2 enable
peer 10.10.10.2 group 200
peer 10.10.10.4 enable
peer 10.10.10.4 group 200
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.10.10.3 0.0.0.0
network 200.1.23.0 0.0.0.255
network 200.1.34.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<AR3>
- AR4
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 200.1.34.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.4 255.255.255.255
#
bgp 200
peer 10.10.10.3 as-number 200
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.3 enable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.10.10.4 0.0.0.0
network 200.1.34.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
配置文件BGP路由反射器.zip
- 配置BGP联盟
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SLpP97ea-1670225013626)(image/image_3vxWLFIMkw.png)]
解决AS内部的IBGP网络连接激增问题,除了使用路由反射器之外,还可以使用联盟(Confederation)。联盟将一个AS划分为若干个子AS。每个子AS内部建立IBGP全连接关系,子AS之间建立联盟EBGP连接关系,但联盟外部AS仍认为联盟是一个AS。配置联盟后,原AS号将作为每个路由器的联盟ID。这样有两个好处:一是可以保留原有的IBGP属性,包括Local Preference属性、MED属性和NEXT_HOP属性等;二是联盟相关的属性在传出联盟时会自动被删除,即管理员无需在联盟的出口处配置过滤子AS号等信息的操作。
路由反射器 | 联盟 |
不需要更改现有的网络拓扑,兼容性好。 | 需要改变逻辑拓扑。 |
配置方便,只需要对作为反射器的设备进行配置,客户机并不需要知道自己是客户机。 | 所有设备需要重新进行配置。 |
集群与集群之间仍然需要全连接。 | 联盟的子AS之间是特殊的EBGP连接,不需要全连接。 |
适用于中、大规模网络。 | 适用于大规模网络。 |
配置命令:
- AR1
#
sysname AR1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 192.168.1.254 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
bgp 100
peer 10.10.10.2 as-number 200
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 192.168.1.0
peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.12.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR2
#
sysname AR2
#
board add 0/5 4GET
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standad-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.24.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.12.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 100.1.23.2 255.255.255.0
#
interface GigabitEthernet5/0/0
#
interface GigabitEthernet5/0/1
ip address 100.1.25.2 255.255.255.0
#
interface GigabitEthernet5/0/2
ip address 100.1.26.2 255.255.255.0
#
interface GigabitEthernet5/0/3
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
#
bgp 65001
router-id 2.2.2.2
confederation id 200
confederation peer-as 65002 65003
peer 10.10.10.1 as-number 100
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
peer 10.10.10.5 as-number 65002
peer 10.10.10.5 ebgp-max-hop 255
peer 10.10.10.5 connect-interface LoopBack0
peer 10.10.10.6 as-number 65003
peer 10.10.10.6 ebgp-max-hop 255
peer 10.10.10.6 connect-interface LoopBack0
group ibgp internal
peer ibgp connect-interface LoopBack0
peer 10.10.10.3 as-number 65001
peer 10.10.10.3 group ibgp
peer 10.10.10.4 as-number 65001
peer 10.10.10.4 group ibgp
#
ipv4-family unicast
undo synchronization
peer 10.10.10.1 enable
peer 10.10.10.5 enable
peer 10.10.10.5 next-hop-local
peer 10.10.10.6 enable
peer 10.10.10.6 next-hop-local
peer ibgp enable
peer ibgp next-hop-local
peer 10.10.10.3 enable
peer 10.10.10.3 group ibgp
peer 10.10.10.4 enable
peer 10.10.10.4 group ibgp
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.2 0.0.0.0
network 100.1.23.0 0.0.0.255
network 100.1.24.0 0.0.0.255
#
ip route-static 10.10.10.1 255.255.255.255 100.1.12.1
ip route-static 10.10.10.5 255.255.255.255 100.1.25.5
ip route-static 10.10.10.6 255.255.255.255 100.1.26.6
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR3
#
sysname AR3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.23.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.34.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
#
bgp 65001
router-id 3.3.3.3
group ibgp internal
peer ibgp connect-interface LoopBack0
peer 10.10.10.2 as-number 65001
peer 10.10.10.2 group ibgp
peer 10.10.10.4 as-number 65001
peer 10.10.10.4 group ibgp
#
ipv4-family unicast
undo synchronization
peer ibgp enable
peer 10.10.10.2 enable
peer 10.10.10.2 group ibgp
peer 10.10.10.4 enable
peer 10.10.10.4 group ibgp
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.10.10.3 0.0.0.0
network 100.1.23.0 0.0.0.255
network 100.1.34.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR4
#
sysname AR4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.34.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.24.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.4 255.255.255.255
#
bgp 65001
router-id 4.4.4.4
group ibgp internal
peer ibgp connect-interface LoopBack0
peer 10.10.10.2 as-number 65001
peer 10.10.10.2 group ibgp
peer 10.10.10.3 as-number 65001
peer 10.10.10.3 group ibgp
#
ipv4-family unicast
undo synchronization
peer ibgp enable
peer 10.10.10.2 enable
peer 10.10.10.2 group ibgp
peer 10.10.10.3 enable
peer 10.10.10.3 group ibgp
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 10.10.10.4 0.0.0.0
network 100.1.24.0 0.0.0.255
network 100.1.34.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR5
[V200R003C00]
#
sysname AR5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.25.5 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.5 255.255.255.255
#
bgp 65002
router-id 5.5.5.5
confederation id 200
confederation peer-as 65001
peer 10.10.10.2 as-number 65001
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.25.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR6
#
sysname AR6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.26.6 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.6 255.255.255.255
#
bgp 65003
router-id 6.6.6.6
confederation id 200
confederation peer-as 65001
peer 10.10.10.2 as-number 65001
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.26.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- BGP联盟配置文件
拓扑:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-cdKq7qxm-1670225013627)(image/image_uQ6AjQHeQH.png)]
BGP 联盟配置文件.zip
- 配置BGP负载分担
组网需求
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6clPg1JY-1670225013627)(image/image_VirktNsmEj.png)]
所有路由器都配置BGP,R2在AS100中,R2和RouterC在AS300中,R4在AS200中。要求减少充分利用网络资源R4到目的地址10.10.10.10/32网络拥塞,充分利用网络资源
配置思路
采用如下的思路配置BGP负载分担:
- 在R1和R2、R1和R3、R4和R2、R4和R3之间配置EBGP连接,实现AS之间使用BGP协议相互通信。
- 在R4上配置负载分担功能,使从RouterA发送的流量可以经过RouterB和RouterC两条路径到达R1,实现对网络资源的充分利用。
配置:
- AR1
#
sysname AR1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.13.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
interface LoopBack10
ip address 10.10.10.10 255.255.255.255
#
bgp 100
peer 10.10.10.2 as-number 300
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
peer 10.10.10.3 as-number 300
peer 10.10.10.3 ebgp-max-hop 255
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.0.0.0
network 10.10.10.10 255.255.255.255
peer 10.10.10.2 enable
peer 10.10.10.3 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.12.2
ip route-static 10.10.10.3 255.255.255.255 100.1.13.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR2
#
sysname AR2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.24.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.12.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
#
bgp 300
peer 10.10.10.1 as-number 100
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
peer 10.10.10.4 as-number 200
peer 10.10.10.4 ebgp-max-hop 255
peer 10.10.10.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.1 enable
peer 10.10.10.4 enable
#
ip route-static 10.10.10.1 255.255.255.255 100.1.12.1
ip route-static 10.10.10.4 255.255.255.255 100.1.24.4
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR3
#
sysname AR3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.34.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
#
bgp 300
peer 10.10.10.1 as-number 100
peer 10.10.10.1 ebgp-max-hop 255
peer 10.10.10.1 connect-interface LoopBack0
peer 10.10.10.4 as-number 200
peer 10.10.10.4 ebgp-max-hop 255
peer 10.10.10.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.1 enable
peer 10.10.10.4 enable
#
ip route-static 10.10.10.1 255.255.255.255 100.1.13.1
ip route-static 10.10.10.4 255.255.255.255 100.1.34.4
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- AR4
#
sysname AR4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 100.1.34.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.24.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.4 255.255.255.255
#
bgp 200
peer 10.10.10.2 as-number 300
peer 10.10.10.2 ebgp-max-hop 255
peer 10.10.10.2 connect-interface LoopBack0
peer 10.10.10.3 as-number 300
peer 10.10.10.3 ebgp-max-hop 255
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
maximum load-balancing 2
peer 10.10.10.2 enable
peer 10.10.10.3 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.24.2
ip route-static 10.10.10.3 255.255.255.255 100.1.34.3
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
BGP问题汇总