BGP综合大实验

实验拓扑

实验思路

1.IP地址规划

2. OSPF配置（仅AS2内部）

3. BGP配置

4. 避免环路和减少路由条目5. 测试和验证

实验步骤

配置IP地址

[R1]INT G0/0/0 [R1-GigabitEthernet0/0/0]IP ADD 12.1.1.1 24 [R1-GigabitEthernet0/0/0]INT L0 [R1-LoopBack0]IP ADD 1.1.1.1 32 [R1-LoopBack0]int l1 [R1-LoopBack1]ip add 192.168.1.1 24 ​ [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 12.1.1.2 24 [R2-LoopBack0]ip add 2.2.2.2 32 [R2-LoopBack0]int g0/0/1 [R2-GigabitEthernet0/0/1]ip add 172.16.1.2 30 [R2-GigabitEthernet0/0/1]int g0/0/2 [R2-GigabitEthernet0/0/2]ip add 172.16.1.21 30 ​ [R3-GigabitEthernet0/0/0]int g0/0/1 [R3-GigabitEthernet0/0/1]ip add 172.16.1.5 30 [R3-GigabitEthernet0/0/1]int g0/0/0 [R3-GigabitEthernet0/0/0]ip add 172.16.1.2 30 [R3-GigabitEthernet0/0/0]int l0 [R3-LoopBack0]ip add 3.3.3.3 32 [R3-LoopBack0]int l1 [R3-LoopBack1]ip add 172.16.3.3 24 ​ [R4]int g0/0/0 [R4-GigabitEthernet0/0/0]ip add 172.16.1.6 30 [R4-GigabitEthernet0/0/0]int g0/0/1 [R4-GigabitEthernet0/0/1]ip add 172.16.1.9 30 [R4-GigabitEthernet0/0/1]int l0 [R4-LoopBack0]ip add 4.4.4.4 32 [R4-LoopBack0]int l1 [R4-LoopBack1]ip add 172.16.4.4 24 ​ [R5]int g0/0/0 [R5-GigabitEthernet0/0/0]ip add 172.16.1.22 30 [R5-GigabitEthernet0/0/0]int g0/0/1 [R5-GigabitEthernet0/0/1]ip add 172.16.1.17 30 [R5-GigabitEthernet0/0/1]int l0 [R5-LoopBack0]ip add 5.5.5.5 32 [R5-LoopBack0]int l1 [R5-LoopBack1]ip add 172.16.5.5 24 ​ [R6]int g0/0/0 [R6-GigabitEthernet0/0/0]ip add 172.16.1.18 30 [R6-GigabitEthernet0/0/0]int g0/0/1 [R6-GigabitEthernet0/0/1]ip add 172.16.1.13 30 [R6-GigabitEthernet0/0/1]int l0 [R6-LoopBack0]ip add 6.6.6.6 32 [R6-LoopBack0]int l1 [R6-LoopBack1]ip add 172.16.6.6 24 ​ [R7]int g0/0/0 [R7-GigabitEthernet0/0/0]ip add 172.16.1.14 30 [R7-GigabitEthernet0/0/0]int g0/0/1 [R7-GigabitEthernet0/0/1]ip add 172.16.1.10 30 [R7-GigabitEthernet0/0/1]int g0/0/2 [R7-GigabitEthernet0/0/2]ip add 34.1.1.7 24 [R7-GigabitEthernet0/0/2]int l0 [R7-LoopBack0]ip add 7.7.7.7 32 [R7-LoopBack0]int l1 [R7-LoopBack1]ip add 172.16.7.7 24 ​ [R8]int g0/0/0 [R8-GigabitEthernet0/0/0]ip add 34.1.1.8 24 [R8-GigabitEthernet0/0/0]int l0 [R8-LoopBack0]ip add 8.8.8.8 32 [R8-LoopBack0]int l1 [R8-LoopBack1]ip add 192.168.2.8 24

配置OSPF

[R2]ospf 1 router-id 2.2.2.2 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0]network 172.16.1.20 0.0.0.3 [R2-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.3 ​ ##可以宣告大网段 2 ##network 172.16.1.0 0.0.0.255 ​ [R3]ospf 1 router-id 3.3.3.3 [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.3 [R3-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.3 [R3-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255 ​ ##可以宣告大网段 3 ##network 172.16.1.0 0.0.0.255 ​ [R4]ospf 1 router-id 4.4.4.4 [R4-ospf-1]area 0 [R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0 [R4-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.3 [R4-ospf-1-area-0.0.0.0]network 172.16.1.8 0.0.0.3 [R4-ospf-1-area-0.0.0.0]network 172.16.4.0 0.0.0.255 ​ ##可以宣告大网段 4 ##network 172.16.1.0 0.0.0.255 ​ [R5]ospf 1 router-id 5.5.5.5 [R5-ospf-1]area 0 [R5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0 [R5-ospf-1-area-0.0.0.0]network 172.16.1.20 0.0.0.3 [R5-ospf-1-area-0.0.0.0]network 172.16.1.16 0.0.0.3 [R5-ospf-1-area-0.0.0.0]network 172.16.5.0 0.0.0.255 ​ ##可以宣告大网段 5 ##network 172.16.1.0 0.0.0.255 ​ [R6]ospf 1 router-id 6.6.6.6 [R6-ospf-1]area 0 [R6-ospf-1-area-0.0.0.0]network 6.6.6.6 0.0.0.0 [R6-ospf-1-area-0.0.0.0]network 172.16.1.16 0.0.0.3 [R6-ospf-1-area-0.0.0.0]network 172.16.1.12 0.0.0.3 [R6-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0.255 ​ ##可以宣告大网段 6 ##network 172.16.1.0 0.0.0.255 ​ [R7]ospf 1 router-id 7.7.7.7 [R7-ospf-1]area 0 [R7-ospf-1-area-0.0.0.0]network 7.7.7.7 0.0.0.0 [R7-ospf-1-area-0.0.0.0]network 172.16.1.12 0.0.0.3 [R7-ospf-1-area-0.0.0.0]network 172.16.1.8 0.0.0.3 [R7-ospf-1-area-0.0.0.0]network 172.16.7.0 0.0.0.255 ​ ##可以宣告大网段 7 ##network 172.16.1.0 0.0.0.255

配置BGP

配置联盟的基础是全网通

配置EBGP

[R1]bgp 1 [R1-bgp]peer 12.1.1.2 as-number 2 ​ [R8]bgp 3 [R8-bgp]peer 34.1.1.7 as-number 2

配置IBGP

bgp 64512 ​ [R2]bgp 64512 [R2-bgp]confederation id 2 [R2-bgp]confederation peer-as 64513 [R2-bgp]peer 3.3.3.3 as-number 64512 [R2-bgp]peer 4.4.4.4 as-number 64512 [R2-bgp]peer 12.1.1.1 as-number 1 [R2-bgp]peer 3.3.3.3 connect-interface l0 ##[R2-bgp]peer 4.4.4.4 connect-interface l0 [R2-bgp]peer 3.3.3.3 next-hop-local [R2-bgp]peer 4.4.4.4 next-hop-local ​ [R3]bgp 64512 [R3-bgp]confederation id 2 [R3-bgp]peer 2.2.2.2 as-number 64512 [R3-bgp]peer 2.2.2.2 connect-interface l0 [R3-bgp]peer 4.4.4.4 as-number 64512 [R3-bgp]peer 4.4.4.4 connect-interface l0 ​ [R4]bgp 64512 [R4-bgp]confederation id 2 ##[R4-bgp]peer 2.2.2.2 as-number 64512 ##[R4-bgp]peer 2.2.2.2 connect-interface l0 ##[R4-bgp]peer 3.3.3.3 connect-interface l0 ##[R4-bgp]peer 2.2.2.2 as-number 64512 [R4-bgp]peer 3.3.3.3 as-number 64512 ​ bgp 64513 ​ [R5]bgp 64513 [R5-bgp]confederation id 2 [R5-bgp]confederation peer-as 64512 [R5-bgp]peer 6.6.6.6 as-number 64513 [R5-bgp]peer 6.6.6.6 connect-interface l0 [R5-bgp]peer 6.6.6.6 next-hop-invariable [R5-bgp]peer 6.6.6.6 next-hop-local ​ ​ [R6]bgp 64513 [R6-bgp]confederation id 2 [R6-bgp]peer 5.5.5.5 as-number 64513 [R6-bgp]peer 5.5.5.5 connect-interface l0 [R6-bgp]peer 7.7.7.7 as-number 64513 [R6-bgp]peer 7.7.7.7 connect-interface l0 ​ [R7]bgp 64513 [R7-bgp]confederation id 2 [R7-bgp]peer 6.6.6.6 as-number 64513 [R7-bgp]peer 6.6.6.6 connect-interface l0 [R7-bgp]peer 6.6.6.6 next-hop-local [R7-bgp]peer 34.1.1.8 as-number 3 ​ ##建立联盟EBGP [R2-bgp]peer 172.16.1.22 as-number 64513 [R2-bgp]peer 172.16.1.22 next-hop-local ​ [R5-bgp]peer 172.16.1.21 as-number 64512 [R5-bgp]peer 172.16.1.21 next-hop-local

宣告业务网段

[R1-bgp]network 1.1.1.1 32 ​ [R3-bgp]network 172.16.3.0 24 ​ [R4-bgp]network 172.16.4.0 24 ​ [R5-bgp]network 172.16.5.0 24 ​ [R6-bgp]network 172.16.6.0 24 ​ [R7-bgp]network 172.16.7.0 24 ​ [R8-bgp]network 8.8.8.8 32

R1-R8都要宣告业务网段

配置反射器——BGP路由不全（水平分割）

[R3]bgp 64512 [R3-bgp]peer 2.2.2.2 reflect-client [R3-bgp]peer 4.4.4.4 reflect-client [R3-bgp]reflector cluster-id 3.3.3.3 ​ [R6]bgp 64513 [R6-bgp]peer 5.5.5.5 reflect-client [R6-bgp]peer 7.7.7.7 reflect-client [R6-bgp]reflector cluster-id 6.6.6.6

路由策略

[R2-bgp]aggregate 172.16.0.0 21 detail-suppressed as-set ​ [R7-bgp]aggregate 172.16.0.0 21 detail-suppressed as-set

建立隧道

[R1]int Tunnel 0/0/0 [R1-Tunnel0/0/0]ip add 10.1.1.1 24 [R1-Tunnel0/0/0]tunnel-protocol gre [R1-Tunnel0/0/0]source 1.1.1.1 [R1-Tunnel0/0/0]destination 8.8.8.8 ​ [R8]int Tunnel 0/0/0 [R8-Tunnel0/0/0]ip add 10.1.1.2 24 [R8-Tunnel0/0/0]tunnel-protocol gre [R8-Tunnel0/0/0]source 8.8.8.8 [R8-Tunnel0/0/0]destination 1.1.1.1

缺省(不好用)

[R1]ip route-static 0.0.0.0 0 Tunnel 0/0/0 [R8]ip route-static 0.0.0.0 0 Tunnel 0/0/0 ##ping -a 192.168.1.1 192.168.2.8

静态路由

​ [R1]ip route-static 192.168.2.0 24 Tunnel 0/0/0 [R8]ip route-static 192.168.1.0 24 Tunnel 0/0/0 ​

路由引入

[R1-bgp]import-route direct [R8-bgp]import-route direct

缺点：路由条目增加

减少路由条目——路由过滤

[R1]acl 2000 [R1-acl-basic-2000]ru [R1-acl-basic-2000]rule pe [R1-acl-basic-2000]rule permit so [R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 [R1-acl-basic-2000]q [R1]rou [R1]route [R1]route-policy aa pe [R1]route-policy aa permit no [R1]route-policy aa permit node 10 ##不用空节点放行所有人 [R1-route-policy]if-match acl 2000 [R1-route-policy]q [R1]bgp 1 [R1-bgp]import-route direct route-policy aa [R8]acl 2000 [R8-acl-basic-2000]ru [R8-acl-basic-2000]rule p [R8-acl-basic-2000]rule permit so [R8-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255 [R8-acl-basic-2000]q [R8]route-policy aa permit node 10 Info: New Sequence of this List. [R8-route-policy]if-match acl 2000 [R8-route-policy]q [R8]bgp 3 [R8-bgp]import-route direct route-policy aa

测试