BGP联邦

要求：

1.AS1存在两个环回，192.168.1.0/24不能宣告在任何协议中，另一个为10.1.1.0/24

AS3存在两个环回，192.168.2.0/24不能宣告在任何协议中，另一个为10.1.2.0/24

最终要求两个环回可以互相访问

2.整个AS2为172.16.0.0/16

3.AS之间骨干链路随意设置

4.使用BGP让整个网络环回互通

5.R2/3/4使用BGP联邦64512，R5/6/7使用BGP联邦54613

6.减少路由条目

拓扑如下

AS1与AS2之间使用12.1.1.0/24，AS2与AS3使用78.1.1.0/24

AS2内网划分完使用的172.16.0.0/20

一、

配置完地址先启用IGP协议（OSPF）

R2

ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 172.16.0.0 0.0.15.255 
  network 172.16.32.0 0.0.15.255 
  network 172.16.128.0 0.0.15.255

R3

ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 172.16.0.0 0.0.15.255 
  network 172.16.16.0 0.0.15.255 
  network 172.16.144.0 0.0.15.255 

R4

ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 172.16.16.0 0.0.15.255 
  network 172.16.80.0 0.0.15.255 
  network 172.16.160.0 0.0.15.255 

R5

ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 172.16.32.0 0.0.15.255 
  network 172.16.48.0 0.0.15.255 
  network 172.16.176.0 0.0.15.255 

R6

ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 172.16.48.0 0.0.15.255 
  network 172.16.64.0 0.0.15.255 
  network 172.16.192.0 0.0.15.255 

R7

ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 172.16.64.0 0.0.15.255 
  network 172.16.80.0 0.0.15.255 
  network 172.16.208.0 0.0.15.255 

二、

建立BGP邻居

AS1与AS2使用直连接口建立邻居

R1

bgp 1
 router-id 1.1.1.1
 peer 12.1.1.2 as-number 2 

R2

bgp 64512
 router-id 2.2.2.2
 confederation id 2//声明大AS号
 peer 12.1.1.1 as-number 1 

AS2与AS3之间使用环回接口建立邻居

R7

bgp 64513
 router-id 7.7.7.7
 confederation id 2
 peer 10.1.2.1 as-number 3 
 peer 10.1.2.1 ebgp-max-hop 2 
 peer 10.1.2.1 connect-interface LoopBack0

 ip route-static 10.1.2.1 255.255.255.255 78.1.1.2//到对端环回的路由

R8

bgp 3
 router-id 8.8.8.8
 peer 172.16.208.1 as-number 2 
 peer 172.16.208.1 ebgp-max-hop 2 
 peer 172.16.208.1 connect-interface LoopBack1

 ip route-static 172.16.208.1 255.255.255.255 78.1.1.1

AS2之间建立IBGP邻居

R2

bgp 64512
 confederation peer-as 64513//声明对端小AS号
 peer 172.16.144.1 as-number 64512 
 peer 172.16.144.1 connect-interface LoopBack0
 peer 172.16.176.1 as-number 64513 
 peer 172.16.176.1 ebgp-max-hop 255 //联邦之间为EBGP邻居关系
 peer 172.16.176.1 connect-interface LoopBack0

R3

bgp 64512
 router-id 3.3.3.3
 confederation id 2
 peer 172.16.128.1 as-number 64512 
 peer 172.16.128.1 connect-interface LoopBack0
 peer 172.16.160.1 as-number 64512 
 peer 172.16.160.1 connect-interface LoopBack0

R4

bgp 64512
 router-id 4.4.4.4
 confederation id 2
 confederation peer-as 64513
 peer 172.16.144.1 as-number 64512 
 peer 172.16.144.1 connect-interface LoopBack0
 peer 172.16.208.1 as-number 64513 
 peer 172.16.208.1 ebgp-max-hop 255 
 peer 172.16.208.1 connect-interface LoopBack0

R5

bgp 64513
 router-id 5.5.5.5
 confederation id 2
 confederation peer-as 64512
 peer 172.16.128.1 as-number 64512 
 peer 172.16.128.1 ebgp-max-hop 255 
 peer 172.16.128.1 connect-interface LoopBack0
 peer 172.16.192.1 as-number 64513 
 peer 172.16.192.1 connect-interface LoopBack0

R6

bgp 64513
 router-id 6.6.6.6
 confederation id 2
 peer 172.16.176.1 as-number 64513 
 peer 172.16.176.1 connect-interface LoopBack0
 peer 172.16.208.1 as-number 64513 
 peer 172.16.208.1 connect-interface LoopBack0

R7

bgp 64513
 confederation peer-as 64512
 peer 172.16.160.1 as-number 64512 
 peer 172.16.160.1 ebgp-max-hop 255 
 peer 172.16.160.1 connect-interface LoopBack0
 peer 172.16.192.1 as-number 64513 
 peer 172.16.192.1 connect-interface LoopBack0

四、

通告路由

R1只能通告10.1.1.0/24网段

bgp 1
  network 10.1.1.0 255.255.255.0 

ip route-static 10.1.1.0 255.255.255.0 NULL0

R2将汇总路由通告到BGP

bgp 64512
  network 172.16.0.0 

ip route-static 172.16.0.0 255.255.0.0 NULL0

R7跟R2一样

bgp 64513
  network 172.16.0.0 

ip route-static 172.16.0.0 255.255.0.0 NULL0

R8跟R1一样

bgp 3
  network 10.1.2.0 255.255.255.0 

ip route-static 10.1.2.0 255.255.255.0 NULL0

R4因为IBGP水平分割原因收不到AS1的路由

 Total Number of Routes: 2
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  10.1.2.0/24        172.16.208.1    0          100        0      (64513) 3i
 *>i  172.16.0.0         172.16.208.1    0          100        0      (64513)i

所以在R3上配置为RR指定R4为客户端

bgp 64512
  peer 172.16.160.1 reflect-client

R5同理收不到AS3路由

R6指定R5为客户端

bgp 64513
  peer 172.16.176.1 reflect-client

此时AS2内部路由全部可以传递

AS1pinAS3

ping -a 10.1.1.1 10.1.2.1
  PING 10.1.2.1: 56  data bytes, press CTRL_C to break
    Reply from 10.1.2.1: bytes=56 Sequence=1 ttl=251 time=80 ms
    Reply from 10.1.2.1: bytes=56 Sequence=2 ttl=251 time=50 ms
    Reply from 10.1.2.1: bytes=56 Sequence=3 ttl=251 time=50 ms
    Reply from 10.1.2.1: bytes=56 Sequence=4 ttl=251 time=30 ms
    Reply from 10.1.2.1: bytes=56 Sequence=5 ttl=251 time=50 ms

  --- 10.1.2.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/52/80 ms

五、

AS1的192.168.1.0/24与AS3的192.168.2.0/24互通

这里使用GRP VPN

R1

interface LoopBack0
 ip address 192.168.1.1 255.255.255.128 

interface Tunnel0/0/0
 ip address 10.1.1.129 255.255.255.128 
 tunnel-protocol gre
 source 10.1.1.1      //使用通告进BGP的地址
 destination 10.1.2.1
 ospf network-type broadcast

ip route-static 0.0.0.0 0.0.0.0 Tunnel0/0/0//使用缺省将AS1，AS3不能通告路由协议的网段连通

R8

interface LoopBack0
 ip address 192.168.2.1 255.255.255.128 

interface Tunnel0/0/0
 ip address 10.1.2.129 255.255.255.128 
 tunnel-protocol gre
 source 10.1.2.1
 destination 10.1.1.1
 ospf network-type broadcast

ip route-static 0.0.0.0 0.0.0.0 Tunnel0/0/0

R1pingR8

[Huawei] ping -a 192.168.1.1 192.168.2.1
  PING 192.168.2.1: 56  data bytes, press CTRL_C to break
    Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=255 time=60 ms
    Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=255 time=40 ms
    Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=255 time=40 ms
    Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=255 time=50 ms

  --- 192.168.2.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/60 ms