要求:
1.AS1中192.168.1.0/24不宣告,AS2中192.168.2.0/24不宣告,但可以互相访问
2.AS1除一个环回为192.168.1.0/24外,其他为10.1.1.0/24。AS1除一个环回为192.168.1.0/24外,其他为10.1.1.0/24
3.AS2为172.16.0.0/16,AS起ospf,AS间地址任意规划
4.R3为R4的RR,R6为R7的RR
5.不得出现环路,所有设备环回均可互访
地址规划:
AS2骨干网段
172.16.1.0/30 172.16.1.4/30 172.16.1.8/30 172.16.1.12/30 172.16.1.16/30 172.16.1.20/30
环回网段
172.16.2.1/24 172.16.3.1/24 172.16.4.1/24 172.16.5.1/24 172.16.6.1/24 172.16.7.1/24分别为R2-R7环回
AS间为12网段和78网段
R1环回为10.1.1.1/25和10.1.1.129/25和192.168.1.1/24
R8环回为10.1.2.1/25和10.1.2.129/25和192.168.2.1/24
配置:
1.配置ip地址
2.起ospf协议
R2
router ospf 1
router-id 2.2.2.2
network 172.16.0.0 0.0.255.255 a 0
R3
router ospf 1
router-id 3.3.3.3
network 172.16.0.0 0.0.255.255 a 0
R4
router ospf 1
router-id 4.4.4.4
network 172.16.0.0 0.0.255.255 a 0
R5
router ospf 1
router-id 5.5.5.5
network 172.16.0.0 0.0.255.255 a 0
R6
router ospf 1
router-id 6.6.6.6
network 172.16.0.0 0.0.255.255 a 0
R7
router ospf 1
router-id 7.7.7.7
network 172.16.0.0 0.0.255.255 a 0
3.建立bgp邻居
R1
router bgp 1
b router-id 1.1.1.1
neighbor 12.1.1.2 remote-as 2
R2
router bgp 64512
b router-id 172.16.2.1
neighbor 12.1.1.1 remote-as 1
neighbor 172.16.3.1 remote-as 64512
neighbor 172.16.3.1 update-source lo0
neighbor 172.16.5.1 remote-as 64513
neighbor 172.16.5.1 update-source lo0
neighbor 172.16.5.1 ebgp-multihop 和EBGP邻居用环回建邻时要修改ttl
bgp confederation peers 64513
bgp confederation identifier 2
R3
router bgp 64512
b router-id 172.16.3.1
neighbor 172.16.2.1 remote-as 64512
neighbor 172.16.2.1 update-source lo0
neighbor 172.16.4.1 remote-as 64512
neighbor 172.16.4.1 update-source lo0
bgp confederation identifier 2
R4
router bgp 64512
b router-id 172.16.4.1
neighbor 172.16.3.1 remote-as 64512
neighbor 172.16.3.1 update-source lo0
neighbor 172.16.7.1 remote-as 64513
neighbor 172.16.7.1 update-source lo0
neighbor 172.16.7.1 ebgp-multihop
bgp confederation peers 64513
bgp confederation identifier 2
R5
router bgp 64513
b router-id 172.16.5.1
neighbor 172.16.6.1 remote-as 64513
neighbor 172.16.6.1 update-source lo0
neighbor 172.16.2.1 remote-as 64512
neighbor 172.16.2.1 update-source lo0
neighbor 172.16.2.1 ebgp-multihop
bgp confederation peers 64512
bgp confederation identifier 2
R6
router bgp 64513
b router-id 172.16.6.1
neighbor 172.16.5.1 remote-as 64513
neighbor 172.16.5.1 update-source lo0
neighbor 172.16.7.1 remote-as 64513
neighbor 172.16.7.1 update-source lo0
bgp confederation identifier 2
R7
router bgp 64513
b router-id 172.16.7.1
neighbor 172.16.6.1 remote-as 64513
neighbor 172.16.6.1 update-source lo0
neighbor 78.1.1.8 remote-as 3
bgp confederation peers 64513
bgp confederation identifier 2
R8
router bgp 3
b router-id 8.8.8.8
neighbor 78.1.1.7 remote-as 2
4.宣告
R1
ip route 10.1.1.0 255.255.255.0 null 0 先写空接口路由,再宣告汇总路由
router bgp 1
network 10.1.1.0 mask 255.255.255.0
R8
router bgp 3
network 10.1.2.0 mask 255.255.255.128
network 10.1.2.128 mask 255.255.255.128
aggregate-address 10.1.2.0 255.255.255.0 summary-only 可以先宣告明细,再宣告汇总后的路由,明细路由将被抑制
所有设备环回互访
R2
ip route 172.16.0.0 255.255.248.0 null 0
router bgp 64512
network 172.16.0.0 mask 255.255.248.0
R7
ip route 172.16.0.0 255.255.248.0 null 0
router bgp 64512
network 172.16.0.0 mask 255.255.248.0
5.路由不优,改下一跳(R2把路由传给R3和R5的时候路由不优)
R2
route-map next permit 10
set ip next-hop peer-address 这里不做match表示匹配所有路由,把所有路由都改下一跳
router bgp 64512
neigubor 172.16.3.1 route-map next out
neigubor 172.16.5.1 route-map next out
R7
route-map next permit 10
set ip next-hop peer-address
router bgp 64513
neigubor 172.16.4.1 route-map next out
neigubor 172.16.6.1 route-map next out
route-map生效后
6.反射器
R3
router bgp 64512
neighbor 172.16.4.1 route-reflector-client
R6
router bgp 64513
neighbor 172.16.7.1 route-reflector-client
此时测试,发现不通
检查路由表,发现R6访问R1环回的下一跳是R7,出现环路
分析是更改下一跳的原因。需要在route-map里只匹配10.1.1.0/24的路由更改下一跳
R2
ip prefix-list next permit 10.1.1.0/24
route-map next permit 10
match ip address prefix-list next
set ip next-hop peer-address
R7
ip prefix-list next permit 10.1.2.0/24
route-map next permit 10
match ip address prefix-list next
set ip next-hop peer-address
测试:
192.168.1.0访问192.168.2.0配置tunnel
R1
int t0
ip add 10.1.3.1 255.255.255.0
tunnel source 10.1.1.1
tunnel destination 10.1.2.1
ip route 192.168.2.0 255.255.255.0 t0
R8
int t0
ip add 10.1.3.2 255.255.255.0
tunnel source 10.1.2.1
tunnel destination 10.1.1.1
ip route 192.168.2.0 255.255.255.0 10.1.3.2
测试: