BGP综合实验2

  拓扑结构：

要求：

1、AS1存在两个环回，一个环回地址为192.168.1.0/24，该地址不能在任何协议中宣告；AS3存在两个环回，一个地址为192.168.2.0/24，该地址不能在任何协议中宣告；最终要求这两个环回可以相互通讯；

2、AS1的另一个环回地址为10.1.1.0/24，AS3的另一个环回地址为10.1.2.0/24

3、整个AS2的IP地址为172.16.0.0/16，请合理划分

4、AS间的骨干链路IP地址随意定制

5、使用BGP协议让整个网络所有设备的环回可以相互访问

6、减少路由条目数量，避免环路出现

 使用的设备：8台路由器

 解决网络拓扑：

1、确定广播域的个数

2、分配网段

3、配置IP地址 （优先配置路由器）

确定广播域的个数

根据拓扑结构图以及要求可知，其中一部分网段地址已经给出，剩下的自己划分，并自己定制

分配网段

自主分配网段

接口网段：

接口	分配网段
R1：GE0/0/0 R2：GE0/0/0	12.0.0.0/30
R2：GE0/0/1 R3：GE0/0/0	172.16.0.0/30
R3：GE0/0/1 R4：GE0/0/0	172.16.0.4/30
R2：GE0/0/2 R5：GE0/0/0	172.16.0.8/30
R5：GE0/0/1 R6：GE0/0/0	172.16.0.12/30
R6：GE0/0/1 R7：GE0/0/0	172.16.0.16/30
R4：GE0/0/1 R7：GE0/0/1	172.16.0.20/30
R7：GE0/0/0 R8：GE0/0/0	78.0.0.0/30

环回网段：

环回	分配网段
R1 LoopBack 0 R1 LoopBack 1	192.168.1.0/24 10.1.1.0/24
R2 LoopBack 0	172.16.2.0/24
R3 LoopBack 0	172.16.3.0/24
R4 LoopBack 0	172.16.4.0/24
R5 LoopBack 0	172.16.5.0/24
R6 LoopBack 0	172.16.6.0/24
R7 LoopBack 0	172.16.7.0/24
R8 LoopBack 0 R8 LoopBack 1	192.168.2.0/24 10.1.2.0/24

​​

配置路由器IP地址

 AR1：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.0.0.1 30
[r1-GigabitEthernet0/0/0]
May 25 2023 19:56:35-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r1-GigabitEthernet0/0/0]q           
[r1]interface LoopBack 0
[r1-LoopBack0]ip address 192.168.1.1 24
[r1-LoopBack0]q
[r1]interface LoopBack 1
[r1-LoopBack1]ip address 10.1.1.1 24
[r1-LoopBack1]q
[r1]

AR2：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 12.0.0.2 30
May 25 2023 21:19:29-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r2-GigabitEthernet0/0/0]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 172.16.0.1 30
May 25 2023 21:19:55-08:00 r2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r2-GigabitEthernet0/0/1]q
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]ip address 172.16.0.9 30
May 25 2023 21:20:27-08:00 r2 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state. 
[r2-GigabitEthernet0/0/2]q
[r2]interface LoopBack 0
[r2-LoopBack0]ip address 172.16.2.1 24
[r2-LoopBack0]q
[r2]

AR3：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r3 
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 172.16.0.2 30
[r3-GigabitEthernet0/0/0]
May 25 2023 21:21:38-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 172.16.0.5 30
May 25 2023 21:21:50-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r3-GigabitEthernet0/0/1]q
[r3]interface LoopBack 0
[r3-LoopBack0]ip address 172.16.3.1 24
[r3-LoopBack0]q
[r3]

AR4：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 172.16.0.6 30
May 25 2023 21:23:54-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 172.16.0.21 30
May 25 2023 21:24:16-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r4-GigabitEthernet0/0/1]q
[r4]interface LoopBack 0
[r4-LoopBack0]ip add
[r4-LoopBack0]ip address 172.16.4.1 24
[r4-LoopBack0]q
[r4]

AR5：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r5
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ip address 172.16.0.10 30
[r5-GigabitEthernet0/0/0]
May 25 2023 21:27:27-08:00 r5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r5-GigabitEthernet0/0/0]q
[r5]interface GigabitEthernet 0/0/1
[r5-GigabitEthernet0/0/1]ip address 172.16.0.13 30
May 25 2023 21:28:04-08:00 r5 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r5-GigabitEthernet0/0/1]q
[r5]interface LoopBack 0
[r5-LoopBack0]ip address 172.16.5.1 24
[r5-LoopBack0]q
[r5]

AR6：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r6
[r6]interface GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ip address 172.16.0.14 30
[r6-GigabitEthernet0/0/0]
May 25 2023 21:30:37-08:00 r6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r6-GigabitEthernet0/0/0]q
[r6]interface GigabitEthernet 0/0/1
[r6-GigabitEthernet0/0/1]ip address 172.16.0.17 30
May 25 2023 21:30:58-08:00 r6 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r6-GigabitEthernet0/0/1]q
[r6]interface LoopBack 0
[r6-LoopBack0]ip address 172.16.6.1 24
[r6-LoopBack0]q
[r6]

AR7：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r7
[r7]interface GigabitEthernet 0/0/0
[r7-GigabitEthernet0/0/0]ip address 172.16.0.18 30
[r7-GigabitEthernet0/0/0]
May 25 2023 21:32:06-08:00 r7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r7-GigabitEthernet0/0/0]q
[r7]interface GigabitEthernet 0/0/1
[r7-GigabitEthernet0/0/1]ip address 172.16.0.22 30
May 25 2023 21:32:19-08:00 r7 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r7-GigabitEthernet0/0/1]q
[r7]interface GigabitEthernet 0/0/2
[r7-GigabitEthernet0/0/2]ip address 78.0.0.1 30
May 25 2023 21:32:37-08:00 r7 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state. 
[r7-GigabitEthernet0/0/2]q
[r7]interface LoopBack 0
[r7-LoopBack0]ip address 172.16.7.1 24
[r7-LoopBack0]q
[r7]

AR8：

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r8
[r8]interface GigabitEthernet 0/0/0
[r8-GigabitEthernet0/0/0]ip address 78.0.0.2 30
[r8-GigabitEthernet0/0/0]
May 25 2023 21:34:08-08:00 r8 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r8-GigabitEthernet0/0/0]q
[r8]interface LoopBack 0
[r8-LoopBack0]ip address 192.168.2.1 24
[r8-LoopBack0]q
[r8]interface LoopBack 1
[r8-LoopBack1]ip address 10.1.2.1 24
[r8-LoopBack1]q
[r8]

配置OSPF动态路由协议

BGP协议承载于IGP协议之上，先将IGP内部网络联通，在AS2内配置IGP协议（OSPF动态路由协议）

AR2：

[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r2-ospf-1-area-0.0.0.0]q
[r2-ospf-1]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r2-GigabitEthernet0/0/1]q
[r2]interface GigabitEthernet 0/0/2                                                                                                                                                                                            
[r2-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher 123456
[r2-GigabitEthernet0/0/2]q
[r2]

AR3：

[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r3-ospf-1-area-0.0.0.0]q
[r3-ospf-1]q
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/1]q
[r3]

AR4：

[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r4-ospf-1-area-0.0.0.0]q
[r4-ospf-1]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet0/0/1]q
[r4]

AR5：

[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r5-ospf-1-area-0.0.0.0]q
[r5-ospf-1]q
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r5-GigabitEthernet0/0/0]q
[r5]interface GigabitEthernet 0/0/1
[r5-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r5-GigabitEthernet0/0/1]q
[r5]

AR6：

[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]area 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r6-ospf-1-area-0.0.0.0]q
[r6-ospf-1]q
[r6]interface GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r6-GigabitEthernet0/0/0]q
[r6]interface GigabitEthernet 0/0/1
[r6-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r6-GigabitEthernet0/0/1]q
[r6]

AR7：

[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r7-ospf-1-area-0.0.0.0]q
[r7-ospf-1]q
[r7]interface GigabitEthernet 0/0/0
[r7-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r7-GigabitEthernet0/0/0]q
[r7]interface GigabitEthernet 0/0/1
[r7-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r7-GigabitEthernet0/0/1]q
[r7]

配置OSPF动态路由协议，在接口配置认证，保证更新安全

配置BGP-边界网关协议

配置完OSPF协议之后AS2之内的设备可以相互通信，然后接着在AS1、AS2、AS3上配置BGP-边界网关协议，实现三个自治系统间的网络通信，暂时未学习新的技术解决BGP黑洞，所以5台路由器均配置BGP协议

AR1：

[r1]bgp 1
[r1-bgp]router-id 1.1.1.1
[r1-bgp]peer 12.0.0.2 as-number 2
[r1-bgp]q
[r1]

AR2：

[r2]bgp 64512
[r2-bgp]router-id 2.2.2.2
[r2-bgp]confederation id 2
[r2-bgp]confederation peer-as 64513
[r2-bgp]peer 172.16.3.1 as-number 64512
[r2-bgp]peer 172.16.3.1 connect-interface LoopBack 0
[r2-bgp]peer 172.16.5.1 as-number 64513
[r2-bgp]peer 172.16.5.1 connect-interface LoopBack 0
[r2-bgp]peer 172.16.5.1 ebgp-max-hop 2
[r2-bgp]q
[r2]

AR3：

[r3]bgp 64512
[r3-bgp]router-id 3.3.3.3
[r3-bgp]confederation id 2
[r3-bgp]peer 172.16.2.1 as-number 64512
[r3-bgp]peer 172.16.2.1 connect-interface LoopBack 0
[r3-bgp]peer 172.16.4.1 as-number 64512
[r3-bgp]peer 172.16.4.1 connect-interface LoopBack 0
[r3-bgp]q
[r3]

​AR4：

[r4]bgp 64512
[r4-bgp]router-id 4.4.4.4
[r4-bgp]confederation id 2
[r4-bgp]confederation peer-as 64513
[r4-bgp]peer 172.16.3.1 as-number 64512 
[r4-bgp]peer 172.16.3.1 connect-interface LoopBack 0
[r4-bgp]peer 172.16.7.1 as-number 64513
[r4-bgp]peer 172.16.7.1 connect-interface LoopBack 0
[r4-bgp]peer 172.16.7.1 ebgp-max-hop 2
[r4-bgp]q
[r4]

AR5：

[r5]bgp 64513
[r5-bgp]router-id 5.5.5.5
[r5-bgp]confederation id 2
[r5-bgp]confederation peer-as 64512
[r5-bgp]peer 172.16.2.1 as-number 64512
[r5-bgp]peer 172.16.2.1 connect-interface LoopBack 0
[r5-bgp]peer 172.16.2.1 ebgp-max-hop 2
[r5-bgp]peer 172.16.6.1 as-number 64513
[r5-bgp]peer 172.16.6.1 connect-interface LoopBack 0
[r5-bgp]q
[r5]

AR6：

[r6]bgp 64513
[r6-bgp]router-id 6.6.6.6
[r6-bgp]confederation id 2
[r6-bgp]peer 172.16.5.1 as-number 64513
[r6-bgp]peer 172.16.5.1 connect-interface LoopBack 0
[r6-bgp]peer 172.16.7.1 as-number 64513
[r6-bgp]peer 172.16.7.1 connect-interface LoopBack 0
[r6-bgp]q
[r6]

AR7：

[r7]bgp 64513
[r7-bgp]router-id 7.7.7.7
[r7-bgp]confederation id 2
[r7-bgp]confederation peer-as 64512
[r7-bgp]peer 172.16.4.1 as-number 64512
[r7-bgp]peer 172.16.4.1 connect-interface LoopBack0
[r7-bgp]peer 172.16.4.1 ebgp-max-hop 2
[r7-bgp]peer 172.16.6.1 as-number 64513
[r7-bgp]peer 172.16.6.1 connect-interface LoopBack 0
[r7-bgp]peer 78.0.0.2 as-number 3
[r7-bgp]q
[r7]

AR8：

[r8]bgp 3
[r8-bgp]router-id 8.8.8.8
[r8-bgp]peer 78.0.0.1 as-number 2
[r8-bgp]q
[r8]

配置完BGP协议后要进行宣告，按要求来操作

宣告网段：

AR1：

[r1]bgp 1
[r1-bgp]network 10.1.1.0 24
[r1-bgp]q
[r1]

该路由宣告后传递给R2，R2在将该路由传递给R3，但是R2的路由表上是有该网段，R3的路由表上没有该网段，因为AS-BY-AS规则，导致传递到R2的路由条目为优（去该网段下一跳可达），可以加入路由表，但是传递到R3时，路由条目不优（去该网段下一跳不可达），不能加入路由表。所以需要在R2上将该路由条目的下一跳改为本地。

AR2：

[r2]bgp 64512
[r2-bgp]peer 172.16.3.1 next-hop-local
[r2-bgp]peer 172.16.5.1 next-hop-local
[r2-bgp]q
[r2]

R3上的路由条目为优后，可以加入路由表，但是因为BGP协议的水平分割，导致不能传递给R4，所以我们需要在R3上建立反射器。同样，路由传递给R5时也不优，也要修改下一跳为本地，并且R5传递路由给R6时，因为水平分割规则，也是不能传递给R7，所以R6也要做成反射器。

AR3：

[r3]bgp 64512
[r3-bgp]peer 172.16.2.1 reflect-client 
[r3-bgp]q
[r3]

AR6：

[r6]bgp 64513
[r6-bgp]peer 172.16.5.1 reflect-client 
[r6-bgp]q
[r6]

同样在R8和R7上也是一样的操作

#AR8：
[r8]bgp 3
[r8-bgp]network 10.1.2.0 24
[r8-bgp]q
[r8]

#AR7：
[r7]bgp 64513
[r7-bgp]peer 172.16.4.1 next-hop-local
[r7-bgp]peer 172.16.6.1 next-hop-local
[r7-bgp]q
[r7]

空接口：

[r2]ip route-static 172.16.0.0 21 NULL 0
[r2]bgp 64512
[r2-bgp]network 172.16.0.0 21
[r2-bgp]q
[r2]

[r7]ip route-static 172.16.0.0 21 NULL 0
[r7]bgp 64513
[r7-bgp]network 172.16.0.0 21
[r7-bgp]q
[r7]

​

 

此时除了192.168.1.0和192.168.2.0不能正常通信，其他网段都可以，所以我们要在AS1和AS3之间做一个GRE

AR1：

[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.3.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre 
[r1-Tunnel0/0/0]source 10.1.1.1
[r1-Tunnel0/0/0]destination 10.1.2.1
May 25 2023 22:39:08-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r1-Tunnel0/0/0]q
[r1]ip route-static 192.168.2.0 24 10.1.3.2
[r1]

AR8：

[r8]interface Tunnel 0/0/0
[r8-Tunnel0/0/0]ip address 10.1.3.2 24
[r8-Tunnel0/0/0]tunnel-protocol gre 
[r8-Tunnel0/0/0]source 10.1.2.1
[r8-Tunnel0/0/0]destination 10.1.1.1
May 25 2023 22:38:40-08:00 r8 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r8-Tunnel0/0/0]q
[r8]ip route-static 192.168.1.0 24 10.1.3.1
[r8]

此时192.168.1.0网段可以和192.168.2.0网段正常通信，全网可达，并且满足要求。