额额额。。第一次写博客- -
BGP综合实验。先贴个拓扑。。。。
写博客的目的勒- - 因为本人健忘- - 写下来方便以后自己查阅。。。。
进入正题- -!~
基础配置就省略了啊- - 估计这辈子都忘不了。。。。。会以附件形式发上来
实验步骤1:配置AS123内部OSPF。
R1:
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.1.1.1 0.0.0.0 area 0
network 13.1.1.1 0.0.0.0 area 0
R2:
router ospf 2
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.1.1.2 0.0.0.0 area 0
network 23.1.1.2 0.0.0.0 area 0
R3:
router ospf 3
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 13.1.1.3 0.0.0.0 area 0
network 23.1.1.3 0.0.0.0 area 0
测试结果:
R1:
R2:
R3:
步骤2:
配置R1、2、3的BGP协议,R2使用对等组特性简化配置
R1:
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 3.3.3.3 remote-as 123
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 4.4.4.4 remote-as 456
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
ip route 4.4.4.4 255.255.255.255 14.1.1.4
R2:
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor cisco peer-group
neighbor cisco remote-as 123
neighbor cisco update-source Loopback0
neighbor 1.1.1.1 peer-group cisco
neighbor 3.3.3.3 peer-group cisco
no auto-summary
R3:
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 123
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 7.7.7.7 remote-as 7
neighbor 7.7.7.7 ebgp-multihop 2
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 route-map local-p in
neighbor 7.7.7.7 route-map med out
no auto-summary
ip route 7.7.7.7 255.255.255.255 73.1.1.7
步骤3:
配置AS456内部OSPF。
R4:
router ospf 4
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 46.1.1.4 0.0.0.0 area 0
R5:
router ospf 5
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 56.1.1.5 0.0.0.0 area 0
R6:
router ospf 6
router-id 6.6.6.6
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
network 46.1.1.6 0.0.0.0 area 0
network 56.1.1.6 0.0.0.0 area 0
测试结果:
R4:
R5:
R6:
步骤4:配置R4\5\6的BGP协议
R4:
router bgp 65500
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 456
neighbor 1.1.1.1 remote-as 123
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
neighbor 6.6.6.6 remote-as 65500
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
no auto-summary
R5:
router bgp 65501
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 456
bgp confederation peers 65500
neighbor 6.6.6.6 remote-as 65500
neighbor 6.6.6.6 ebgp-multihop 2
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
neighbor 7.7.7.7 remote-as 7
neighbor 7.7.7.7 ebgp-multihop 2
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
ip route 7.7.7.7 255.255.255.255 75.1.1.7
R6:
router bgp 65500
synchronization
bgp log-neighbor-changes
bgp confederation identifier 456
bgp confederation peers 65501
neighbor 4.4.4.4 remote-as 65500
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 5.5.5.5 remote-as 65501
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
结果:
R4:
R5:
R6:
步骤5:配置R7BGP协议
R7:
router bgp 7
no synchronization
bgp always-compare-med
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 123
neighbor 3.3.3.3 ebgp-multihop 2
neighbor 3.3.3.3 update-source Loopback0
neighbor 5.5.5.5 remote-as 456
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 5.5.5.5 update-source Loopback0
no auto-summary
ip route 3.3.3.3 255.255.255.255 73.1.1.3
ip route 5.5.5.5 255.255.255.255 75.1.1.5(EBGP之间用lo口建立邻居逻辑上不算是直连链路,所以用静态路由把对方lo接口加入到本地路由表,让BGP成功建立邻居。R1、3、5的静态路由都是这个作用。前面就不写了。。)
结果:
步骤6:
将R2、5、6、7上的子网注入到BGP网络当中并汇总
R2:network 22.1.0.0 mask 255.255.248.0
ip route 22.1.0.0 255.255.248.0 Null0
R5:network 55.1.1.0 mask 255.255.255.0
R6:network 66.1.0.0 mask 255.255.248.0
ip route 66.1.0.0 255.255.248.0 Null0
R7:network 77.1.0.0 mask 255.255.252.0
ip route 77.1.0.0 255.255.252.0 Null0
后面那条静态路由是为了汇总子网才写的- -(BGP注入的子网必须在自己路由表中存在。)
结果:
步骤7:R3配置本地优先,让到达55.1.1.0/24的流量经过R7到达
access-list 1 permit 55.1.1.0 0.0.0.255
route-map local-p permit 10
match ip address 1
set local-preference 110
route-map local-p permit 20
neighbor 7.7.7.7 route-map local-p in(本地优先对内部起作用所以用In,越大越优先)
结果:到55.1.1.0/24的出口变3.3.3.3了
步骤8:
R5上配置,路由66.1..0.0/21给R7时,增加AS-PATH长度防止环路
access-list 1 permit 66.1.0.0 0.0.7.255
route-map as-path permit 10
match ip address 1
set as-path prepend 57
!
route-map as-path permit 20
neighbor 7.7.7.7 route-map as-path out
(路由器从外部BGP收到某条路由包含自己的AS号时,执行丢包处理,实验防止环路)
结果:
步骤9:
在R5上配置med,发送路由66.1.0.0/21 到R7时,med为180
在R3上配置med,发送路由66.1.0.0/21 到R7时,med为190
R7启用 bgp always-compare-med,对比来自不同区域66.1.0.0/21的med
R3:ip access-list standard med
permit 66.1.0.0 0.0.7.255
route-map med permit 10
match ip address med
set metric 190
route-map med permit 20
neighbor 7.7.7.7 route-map med out
R5:
ip access-list standard med
permit 66.1.0.0 0.0.7.255
route-map med permit 10
match ip address med
set metric 180
route-map med permit 20
neighbor 7.7.7.7 route-map med out(一个方向只能应用一条route-map。这里和上面的AS有点冲突。应该写成一条。)
R7:bgp always-compare-med
结果:
步骤9:R4BGP动态向R1发送默认路由,R7BGP动态向R3发送默认路由
R4:neighbor 1.1.1.1 default-originate
R7:neighbor 3.3.3.3 default-originate
结果
R1:
R3:
步骤10:
AS123内部之间BGP MD5加密
R1:neighbor 2.2.2.2 password cisco123
neighbor 3.3.3.3 password cisco123
R2:neighbor 1.1.1.1 password cisco123
neighbor 3.3.3.3 password cisco123
R3:neighbor 1.1.1.1 password cisco123
neighbor 2.2.2.2 password cisco123
妹的~~~终于结束了。。。实验做了10多分钟。。。。删删改改折腾了3个多小时。。。。。。