目录
第三章 BGP协议特性与配置
实验 3-5 BGP多宿主
学习目的
·掌握BGP多宿主环境中仅使用缺省路由时的配置方法
·掌握BGP多宿主环境中使用缺省路由过滤部分路由的配置方法
·掌握BGP多宿主环境中,仅使用BGP路由时的配置方法
拓扑图
图3-5 BGP多宿主
场景
你是公司的网络管理员。公司的网络采用了BGP协议接入了运营商ISP1。公司自己采用了私有的AS号64512,ISP1的AS号为100,公司从两台路由器分别接入ISP1。起初公司采用默认路由的方式通过运营商接入Internet,随着公司的发展,这种默认路由的接入方式已不能满足选路的需求,你需要把一部分Internet路由引入到公司的AS中。一段时间以后,公司又租用了一条线路接入到ISP2,ISP2的AS号为200。最终公司实现了由BGP选路的多宿主网络。
学习任务
步骤一.基础配置与IP编址
给所有路由器配置物理接口及Loopback接口的IP地址和掩码。注意各Loopback 0接口均使用32位掩码。
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]quit
[R1]interface Serial 3/0/0
[R1-Serial3/0/0]ip address 10.0.14.1 24
[R1-Serial3/0/0]quit
[R1]interface loopback 0
[R1-LoopBack0]ip address 10.0.1.1 32
[R1-LoopBack0]quit
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24
[R2-Serial1/0/0]quit
[R2]interface Serial 2/0/0
[R2-Serial2/0/0]ip address 10.0.23.2 24
[R2-Serial2/0/0]quit
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.25.2 24
[R2-GigabitEthernet0/0/0]quit
[R2]interface loopback 0
[R2-LoopBack0]ip address 10.0.2.2 32
[R2-LoopBack0]quit
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ip address 10.0.23.3 24
[R3-Serial2/0/0]quit
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.113.3 24
[R3-GigabitEthernet0/0/1]quit
[R3]interface loopback 0
[R3-LoopBack0]ip address 10.0.3.3 32
[R3-LoopBack0]quit
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]interface Serial 1/0/0
[R4-Serial1/0/0]ip address 10.0.14.4 24
[R4-Serial1/0/0]quit
[R4]interface GigabitEthernet 0/0/1
[R4-GigabitEthernet0/0/1]ip address 10.0.114.4 24
[R4-GigabitEthernet0/0/1]quit
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 10.0.4.4 32
[R4-LoopBack0]quit
<R5>system-view
Enter system view, return user view with Ctrl+Z.
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.25.5 24
[R5-GigabitEthernet0/0/0]quit
[R5]interface GigabitEthernet 0/0/1
[R5-GigabitEthernet0/0/1]ip address 10.0.115.5 24
[R5-GigabitEthernet0/0/1]quit
[R5]interface loopback 0
[R5-LoopBack0]ip address 10.0.5.5 32
[R5-LoopBack0]quit
配置完成后,测试直连链路的连通性。
<R1>ping -c 1 10.0.14.4
PING 10.0.14.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.14.4: bytes=56 Sequence=1 ttl=255 time=33 ms
--- 10.0.14.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 33/33/33 ms
<R1>ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=34 ms
--- 10.0.12.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/34/34 ms
<R2>ping -c 1 10.0.25.5
PING 10.0.25.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.25.5: bytes=56 Sequence=1 ttl=255 time=13 ms
--- 10.0.25.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 13/13/13 ms
<R2>ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=39 ms
--- 10.0.23.3 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 39/39/39 ms
步骤二.配置IGP及BGP
在AS 64512内部使用OSPF作为IGP,所有设备属于区域0。
R3的G0/0/1和Loopback 0连接的运行OSPF。
[R3]router id 10.0.3.3
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.113.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]quit
[R3-ospf-1]quit
R4的G0/0/1和Loopback 0连接的网段运行OSPF。
[R4]router id 10.0.4.4
[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.114.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]quit
[R4-ospf-1]quit
R5的G0/0/1和Loopback 0连接的网段运行OSPF,
[R5]router id 10.0.5.5
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.0.115.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 10.0.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]quit
[R5-ospf-1]quit
在S1上创建Vlan13,配置Vlanif地址与R3进行互联。
创建Vlan14,配置Vlanif地址与R4进行互联。
创建Vlan15,配置Vlanif地址与R5进行互联。
互联接口使用Access模式,Vlanif 13、Vlanif 14 、Vlanif 15和Loopback 0连接的网段运行OSPF。
[S1]vlan batch 13 to 15
[S1]interface vlan 13
[S1-Vlanif13]ip address 10.0.113.1 255.255.255.0
[S1-Vlanif13]quit
[S1]interface vlan 14
[S1-Vlanif14]ip address 10.0.114.1 255.255.255.0
[S1-Vlanif14]quit
[S1]interface vlan 15
[S1-Vlanif15]ip address 10.0.115.1 255.255.255.0
[S1-Vlanif15]quit
[S1]interface GigabitEthernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type access
[S1-GigabitEthernet0/0/3]port default vlan 13
[S1-GigabitEthernet0/0/3]quit
[S1]interface GigabitEthernet 0/0/4
[S1-GigabitEthernet0/0/4]port link-type access
[S1-GigabitEthernet0/0/4]port default vlan 14
[S1-GigabitEthernet0/0/4]quit
[S1]interface GigabitEthernet 0/0/5
[S1-GigabitEthernet0/0/5]port link-type access
[S1-GigabitEthernet0/0/5]port default vlan 15
[S1-GigabitEthernet0/0/5]quit
[S1]interface loopback 0
[S1-LoopBack0]ip address 10.0.1.11 32
[S1-LoopBack0]quit
[S1]router id 10.0.1.11
[S1]ospf 1
[S1-ospf-1]area 0
[S1-ospf-1-area-0.0.0.0]network 10.0.113.1 0.0.0.0
[S1-ospf-1-area-0.0.0.0]network 10.0.114.1 0.0.0.0
[S1-ospf-1-area-0.0.0.0]network 10.0.115.1 0.0.0.0
[S1-ospf-1-area-0.0.0.0]network 10.0.1.11 0.0.0.0
[S1-ospf-1-area-0.0.0.0]quit
[S1-ospf-1]quit
检查是否学习到其他设备的Loopback 0接口连接网段的路由。
<R3>display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.11/32 OSPF 10 1 D 10.0.113.1 GigabitEthernet0/0/1
10.0.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.4.4/32 OSPF 10 2 D 10.0.113.1 GigabitEthernet0/0/1
10.0.5.5/32 OSPF 10 2 D 10.0.113.1 GigabitEthernet0/0/1
10.0.23.0/24 Direct 0 0 D 10.0.23.3 Serial2/0/0
10.0.23.2/32 Direct 0 0 D 10.0.23.2 Serial2/0/0
10.0.23.3/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.113.0/24 Direct 0 0 D 10.0.113.3 GigabitEthernet0/0/1
10.0.113.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.113.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.114.0/24 OSPF 10 2 D 10.0.113.1 GigabitEthernet0/0/1
10.0.115.0/24 OSPF 10 2 D 10.0.113.1 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
<R4>display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.11/32 OSPF 10 1 D 10.0.114.1 GigabitEthernet0/0/1
10.0.3.3/32 OSPF 10 2 D 10.0.114.1 GigabitEthernet0/0/1
10.0.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.5.5/32 OSPF 10 2 D 10.0.114.1 GigabitEthernet0/0/1
10.0.14.0/24 Direct 0 0 D 10.0.14.4 Serial1/0/0
10.0.14.1/32 Direct 0 0 D 10.0.14.1 Serial1/0/0
10.0.14.4/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.113.0/24 OSPF 10 2 D 10.0.114.1 GigabitEthernet0/0/1
10.0.114.0/24 Direct 0 0 D 10.0.114.4 GigabitEthernet0/0/1
10.0.114.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.114.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.115.0/24 OSPF 10 2 D 10.0.114.1 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
<R5>display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.11/32 OSPF 10 1 D 10.0.115.1 GigabitEthernet0/0/1
10.0.3.3/32 OSPF 10 2 D 10.0.115.1 GigabitEthernet0/0/1
10.0.4.4/32 OSPF 10 2 D 10.0.115.1 GigabitEthernet0/0/1
10.0.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.25.0/24 Direct 0 0 D 10.0.25.5 GigabitEthernet0/0/0
10.0.25.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.25.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.113.0/24 OSPF 10 2 D 10.0.115.1 GigabitEthernet0/0/1
10.0.114.0/24 OSPF 10 2 D 10.0.115.1 GigabitEthernet0/0/1
10.0.115.0/24 Direct 0 0 D 10.0.115.5 GigabitEthernet0/0/1
10.0.115.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.115.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.11/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 OSPF 10 1 D 10.0.113.3 Vlanif13
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.113.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在R2、R3、R5上配置EBGP。
AS的规划如图所示,EBGP全部使用物理接口地址建立对等体关系。S1不运行BGP。
[R2]router id 10.0.2.2
[R2]bgp 100
[R2-bgp]peer 10.0.25.5 as-number 64512
[R2-bgp]peer 10.0.23.3 as-number 64512
[R2-bgp]quit
[R3]bgp 64512
[R3-bgp]peer 10.0.23.2 as-number 100
[R3-bgp]quit
[R5]bgp 64512
[R5-bgp]peer 10.0.25.2 as-number 100
[R5-bgp]quit
完成后检查BGP邻居是否完全建立。
[R2]display bgp peer
BGP local router ID : 10.0.2.2
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.0.23.3 4 64512 7 9 0 00:05:55 Established 0
10.0.25.5 4 64512 6 7 0 00:04:17 Established 0
[R3]display bgp peer
BGP local router ID : 10.0.3.3
Local AS number : 64512
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.0.23.2 4 100 8 8 0 00:06:09 Established 0
<R5>display bgp peer
BGP local router ID : 10.0.5.5
Local AS number : 64512
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.0.25.2 4 100 7 7 0 00:05:31 Established 0
步骤三.配置仅使用缺省路由归属到单个ISP
默认情况下,BGP的负载分担是关闭的。在所有的路由器上打开负载分担,设置为最大4条路径。
[R1]router id 10.0.1.1
[R1]bgp 200
[R1-bgp]maximum load-balancing 4
[R1-bgp]quit
[R2]bgp 100
[R2-bgp]maximum load-balancing 4
[R2-bgp]quit
[R3]bgp 64512
[R3-bgp]maximum load-balancing 4
[R3-bgp]quit
[R4]bgp 64512
[R4-bgp]maximum load-balancing 4
[R4-bgp]quit
[R5]bgp 64512
[R5-bgp]maximum load-balancing 4
[R5-bgp]quit
在R2上创建Loopback 1和Loopback 2,地址分别为10.1.2.2/24和10.2.2.2/24。使用network命令将这两个网段发布到BGP中,
[R2]interface LoopBack 1
[R2-LoopBack1]ip address 10.1.2.2 24
[R2-LoopBack1]quit
[R2]interface LoopBack 2
[R2-LoopBack2]ip address 10.2.2.2 24
[R2-LoopBack2]quit
[R2]bgp 100
[R2-bgp]network 10.1.2.0 255.255.255.0
[R2-bgp]network 10.2.2.0 255.255.255.0
[R2-bgp]quit
在R3和R5上分别检查是否学习到该路由。
[R3]display bgp routing-table
BGP Local router ID is 10.0.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.2.0/24 10.0.23.2 0 0 100i
*> 10.2.2.0/24 10.0.23.2 0 0 100i
<R5>display bgp routing-table
BGP Local router ID is 10.0.5.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.2.0/24 10.0.25.2 0 0 100i
*> 10.2.2.0/24 10.0.25.2 0 0 100i
在这里,R3接入到ISP1的线路为主用线路,R5接入到ISP1的线路为备用线路。在R3和R5上分别将OSPF的路由通过import-route命令引入进BGP,
[R3]bgp 64512
[R3-bgp]import-route ospf 1
[R3-bgp]quit
[R5]bgp 64512
[R5-bgp]import-route ospf 1
[R5-bgp]quit
在R3和R5上向区域0内强制发布默认路由,并采用第一类外部路由类型发布。设置R3发布的默认路由cost为20,R5发布的默认路由cost为40。
[R3]ospf 1
[R3-ospf-1]default-route-advertise always cost 20 type 1
[R3-ospf-1]quit
[R5]ospf 1
[R5-ospf-1]default-route-advertise always cost 40 type 1
[R5-ospf-1]quit
在S1上查看路由表。
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 21 D 10.0.113.3 Vlanif13
10.0.1.11/32Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 OSPF 10 1 D 10.0.113.3 Vlanif13
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.113.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在S1上查看到达地址10.1.2.2经过的路径。
缺省情况下,设备的ICMP端口不可达报文的发送功能处于未使能状态,所以我们首先在R2上执行命令icmp port-unreachable send,使能设备的ICMP端口不可达报文的发送功能。
[R2]icmp port-unreachable send
[S1]tracert 10.1.2.2
traceroute to 10.1.2.2(10.1.2.2), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.113.3 3 ms 2 ms 48 ms
2 10.1.2.2 19 ms 19 ms 18 ms
此时S1选择使用从R3上学习到的默认路由,即通过主用线路访问10.1.2.2。
关闭R3的S2/0/0,模拟公司到运营商的线路故障。
[R3]interface s2/0/0
[R3-Serial2/0/0]shutdown
[R3-Serial2/0/0]quit
待路由收敛后在S1上查看路由表。并检查到10.1.2.2的连通性。
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 21 D 10.0.113.3 Vlanif13
10.0.1.11/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 OSPF 10 1 D 10.0.113.3 Vlanif13
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.113.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[S1]ping 10.1.2.2
PING 10.1.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.1.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
可以观察到S1的路由表没有变化,仍旧是通过R3访问目标网络。
由于是上联链路故障,而下联链路中S1是通过比较R3与R5下发默认路由的cost值的大小,最终选择R3下发的默认路由,二者互不影响,所以网络无法正常工作。
恢复R3的S2/0/0,关闭R3的G0/0/1,模拟R3的下联线路故障。
查看路由收敛情况,并检查连通性。
[R3]interface s2/0/0
[R3-Serial2/0/0]undo shutdown
[R3-Serial2/0/0]quit
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]shutdown
[R3-GigabitEthernet0/0/1]quit
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/01 O_ASE 150 41 D 10.0.115.5 Vlanif15
10.0.1.11/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.114.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[S1]ping 10.1.2.2
PING 10.1.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms
--- 10.1.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
此时S1通过R5学习到默认路由,即通过备用链路访问目标网络。
恢复R3的G0/0/1端口。
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]undo shutdown
[R3-GigabitEthernet0/0/1]quit
步骤四.配置使用缺省路由和部分过滤路由归属到单个ISP
配置R3、R4、R5到S1的IBGP邻居关系,并添加next-hop-local参数,保证S1能学习到从ISP发来的路由更新消息。
[R3]bgp 64512
[R3-bgp]peer 10.0.113.1 as-number 64512
[R3-bgp]peer 10.0.113.1 next-hop-local
[R3-bgp]quit
[R4]bgp 64512
[R4-bgp]peer 10.0.114.1 as-number 64512
[R4-bgp]peer 10.0.114.1 next-hop-local
[R4-bgp]quit
[R5]bgp 64512
[R5-bgp]peer 10.0.115.1 as-number 64512
[R5-bgp]peer 10.0.115.1 next-hop-local
[R5-bgp]quit
[S1]bgp 64512
[S1-bgp]peer 10.0.113.3 as-number 64512
[S1-bgp]peer 10.0.114.4 as-number 64512
[S1-bgp]peer 10.0.115.5 as-number 64512
[S1-bgp]quit
观察S1是否学习到了10.1.2.0/24和10.2.2.0/24。
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 21 D 10.0.113.3 Vlanif13
10.0.1.11/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 OSPF 10 1 D 10.0.113.3 Vlanif13
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.113.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
10.1.2.0/24 IBGP 255 0 RD 10.0.113.3 Vlanif13
10.2.2.0/24 IBGP 255 0 RD 10.0.113.3 Vlanif13
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
这时我们希望通过BGP来影响选路,在R3上添加路由策略policy_r3,过滤掉10.1.2.0/24。
[R3]acl number 2001
[R3-acl-basic-2001]rule 0 permit source 10.1.2.0 0.0.0.255
[R3-acl-basic-2001]quit
[R3]route-policy policy_r3 deny node 10
[R3-route-policy]if-match acl 2001
[R3-route-policy]quit
[R3]route-policy policy_r3 permit node 20
[R3-route-policy]quit
[R3]bgp 64512
[R3-bgp]peer 10.0.113.1 route-policy policy_r3 export
[R3-bgp]quit
在R5上添加路由策略policy_r5,过滤掉10.2.2.0/24,
[R5]acl number 2001
[R5-acl-basic-2001]rule 0 permit source 10.2.2.0 0.0.0.255
[R5-acl-basic-2001]quit
[R5]route-policy policy_r5 deny node 10
[R5-route-policy]if-match acl 2001
[R5-route-policy]quit
[R5]route-policy policy_r5 permit node 20
[R5-route-policy]quit
[R5]bgp 64512
[R5-bgp]peer 10.0.115.1 route-policy policy_r5 export
[R5-bgp]quit
在S1上观察路由表的变化。
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 21 D 10.0.113.3 Vlanif13
10.0.1.11/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 OSPF 10 1 D 10.0.113.3 Vlanif13
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.113.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
10.1.2.0/24 IBGP 255 0 RD 10.0.115.5 Vlanif15
10.2.2.0/24 IBGP 255 0 RD 10.0.113.3 Vlanif13
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
此时到达网络10.1.2.0/24的下一跳是R5,到达网络10.2.2.0/24的下一跳是R3。
关闭R3的S2/0/0。
[R3]interface s2/0/0
[R3-Serial2/0/0]shutdown
[R3-Serial2/0/0]quit
观察S1的路由变化,测试到10.1.2.2的连通性。
[S1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 21 D 10.0.113.3 Vlanif13
10.0.1.11/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 OSPF 10 1 D 10.0.113.3 Vlanif13
10.0.4.4/32 OSPF 10 1 D 10.0.114.4 Vlanif14
10.0.5.5/32 OSPF 10 1 D 10.0.115.5 Vlanif15
10.0.113.0/24 Direct 0 0 D 10.0.113.1 Vlanif13
10.0.113.1/32 Direct 0 0 D 127.0.0.1 Vlanif13
10.0.114.0/24 Direct 0 0 D 10.0.114.1 Vlanif14
10.0.114.1/32 Direct 0 0 D 127.0.0.1 Vlanif14
10.0.115.0/24 Direct 0 0 D 10.0.115.1 Vlanif15
10.0.115.1/32 Direct 0 0 D 127.0.0.1 Vlanif15
10.1.2.0/24 IBGP 255 0 RD 10.0.115.5 Vlanif15
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
此时只有路由10.1.2.0/24,因为R5上做了策略过滤掉了路由10.2.2.0/24。
[S1]ping 10.1.2.2
PING 10.1.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=254 time=1 ms
Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=254 time=1 ms
--- 10.1.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
恢复R3的S2/0/0接口。
[R3]interface s2/0/0
[R3-Serial2/0/0]undo shutdown
[R3-Serial2/0/0]quit
步骤五.配置使用BGP路由归属到多个ISP
这时公司又申请了一条Internet线路接入ISP2,为了采用BGP来进行路径选择,这里先删除前面试验中OSPF发布的默认路由。
[R3]ospf 1
[R3-ospf-1]undo default-route-advertise
[R3-ospf-1]quit
[R5]ospf 1
[R5-ospf-1]undo default-route-advertise
[R5-ospf-1]quit
删除R3和R5上对路由进行过滤的策略。
[R3]bgp 64512
[R3-bgp]undo peer 10.0.113.1 route-policy policy_r3 export
[R3-bgp]quit
[R3]undo route-policy policy_r3
[R5]bgp 64512
[R5-bgp]undo peer 10.0.115.1 route-policy policy_r5 export
[R5-bgp]quit
[R5]undo route-policy policy_r5
删除R3和R5上将OSPF路由引入到BGP中的命令。
[R3]bgp 64512
[R3-bgp]undo import-route ospf 1
[R3-bgp]quit
[R5]bgp 64512
[R5-bgp]undo import-route ospf 1
[R5-bgp]quit
在R1和R2、R1和R4之间建立EBGP邻居关系,使ISP2也能传送10.1.2.0/24和10.2.2.0/24。
[R1]bgp 200
[R1-bgp]peer 10.0.12.2 as-number 100
[R1-bgp]peer 10.0.14.4 as-number 64512
[R1-bgp]quit
[R2]bgp 100
[R2-bgp]peer 10.0.12.1 as-number 200
[R2-bgp]quit
[R4]bgp 64512
[R4-bgp]peer 10.0.14.1 as-number 200
[R4-bgp]quit
在S1上观察路由10.1.2.0/24和10.2.2.0/24,注意当前的选路原则。
[S1]display bgp routing-table
BGP Local router ID is 10.0.1.11
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.2.0/24 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
* i 10.0.114.4 100 0 200 100i
*>i 10.2.2.0/24 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
* i 10.0.114.4 100 0 200 100i
现在我们希望公司使用连接到ISP2的新线路来访问网络10.2.2.0/24。在R4上设置路由策略policy_r4,将该路由的本地优先属性改为150。
[R4]acl number 2001
[R4-acl-basic-2001]rule 0 permit source 10.2.2.0 0.0.0.255
[R4-acl-basic-2001]quit
[R4]route-policy policy_r4 permit node 10
[R4-route-policy]if-match acl 2001
[R4-route-policy]apply local-preference 150
[R4-route-policy]quit
[R4]route-policy policy_r4 permit node 20
[R4-route-policy]quit
将该路由策略对S1发布。
[R4]bgp 64512
[R4-bgp]peer 10.0.114.1 route-policy policy_r4 export
[R4-bgp]quit
在S1上检查BGP路由表。
[S1]display bgp routing-table
BGP Local router ID is 10.0.1.11
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.2.0/24 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
* i 10.0.114.4 100 0 200 100i
*>i 10.2.2.0/24 10.0.114.4 150 0 200 100i
* i 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
此时S1使用通过R4连接的ISP2获得路由到达网段10.2.2.0/24。
关闭R4的S1/0/0端口模拟故障。
[R4]interface s1/0/0
[R4-Serial1/0/0]shutdown
[R4-Serial1/0/0]quit
查看S1上BGP路由表的变化。
[S1]display bgp routing-table
BGP Local router ID is 10.0.1.11
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.2.0/24 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
*>i 10.2.2.0/24 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
此时S1通过R3所连接的ISP1获得路由10.1.2.0/24和10.2.2.0/24。
打开R4的S1/0/0接口。
[R4]interface s1/0/0
[R4-Serial1/0/0]undo shutdown
[R4-Serial1/0/0]quit
检查S1上的BGP路由表,查看是否恢复。
[S1]display bgp routing-table
BGP Local router ID is 10.0.1.11
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.2.0/24 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
* i 10.0.114.4 100 0 200 100i
*>i 10.2.2.0/24 10.0.114.4 150 0 200 100i
* i 10.0.113.3 0 100 0 100i
* i 10.0.115.5 0 100 0 100i
附加实验: 思考并验证
思考在步骤三中,关闭R3的S2/0/0接口后,虽然公司到运营商的主用链路发生故障,但是此时R5与ISP1之间的备用链路仍然正常,该如何解决此时的连通问题?
在这个例子中,多归属到两个运营商,怎样实现对同一网段入流量的负载分担?
最终设备配置
<R1>display current-configuration
[V200R007C00SPC600]
#
sysname R1
#
router id 10.0.1.1
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
#
interface Serial3/0/0
link-protocol ppp
ip address 10.0.14.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
bgp 200
peer 10.0.12.2 as-number 100
peer 10.0.14.4 as-number 64512
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4
peer 10.0.12.2 enable
peer 10.0.14.4 enable
#
return
<R2>display current-configuration
[V200R007C00SPC600]
#
sysname R2
#
router id 10.0.2.2
#
icmp port-unreachable send
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.25.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
#
interface LoopBack1
ip address 10.1.2.2 255.255.255.0
#
interface LoopBack2
ip address 10.2.2.2 255.255.255.0
#
bgp 100
peer 10.0.12.1 as-number 200
peer 10.0.23.3 as-number 64512
peer 10.0.25.5 as-number 64512
#
ipv4-family unicast
undo synchronization
network 10.1.2.0 255.255.255.0
network 10.2.2.0 255.255.255.0
maximum load-balancing 4
peer 10.0.12.1 enable
peer 10.0.23.3 enable
peer 10.0.25.5 enable
#
return
<R3>display current-configuration
[V200R007C00SPC600]
#
sysname R3
#
router id 10.0.3.3
#
acl number 2001
rule 0 permit source 10.1.2.0 0.0.0.255
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.113.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
#
bgp 64512
peer 10.0.23.2 as-number 100
peer 10.0.113.1 as-number 64512
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4
peer 10.0.23.2 enable
peer 10.0.113.1 enable
peer 10.0.113.1 next-hop-local
#
ospf 1
area 0.0.0.0
network 10.0.113.3 0.0.0.0
network 10.0.3.3 0.0.0.0
#
return
<R4>display current-configuration
[V200R007C00SPC600]
#
sysname R4
#
router id 10.0.4.4
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.14.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.114.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
bgp 64512
peer 10.0.14.1 as-number 200
peer 10.0.114.1 as-number 64512
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4
peer 10.0.14.1 enable
peer 10.0.114.1 enable
peer 10.0.114.1 route-policy policy_r4 export
peer 10.0.114.1 next-hop-local
#
ospf 1
area 0.0.0.0
network 10.0.114.4 0.0.0.0
network 10.0.4.4 0.0.0.0
#
route-policy policy_r4 permit node 10
if-match acl 2001
apply local-preference 150
route-policy policy_r4 permit node 20
#
Return
<R5>display current-configuration
[V200R007C00SPC600]
#
sysname R5
#
router id 10.0.5.5
#
interface GigabitEthernet0/0/0
ip address 10.0.25.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.115.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
#
bgp 64512
peer 10.0.25.2 as-number 100
peer 10.0.115.1 as-number 64512
#
ipv4-family unicast
undo synchronization
maximum load-balancing 4
peer 10.0.25.2 enable
peer 10.0.115.1 enable
peer 10.0.115.1 next-hop-local
#
ospf 1
area 0.0.0.0
network 10.0.115.5 0.0.0.0
network 10.0.5.5 0.0.0.0
#
return
<S1>display current-configuration
#
!Software Version V100R005C01SPC100
sysname S1
#
router id 10.0.1.11
#
interface Vlanif13
ip address 10.0.113.1 255.255.255.0
#
interface Vlanif14
ip address 10.0.114.1 255.255.255.0
#
interface Vlanif15
ip address 10.0.115.1 255.255.255.0
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 13
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 14
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 15
#
interface LoopBack0
ip address 10.0.1.11 255.255.255.255
#
bgp 64512
peer 10.0.113.3 as-number 64512
peer 10.0.114.4 as-number 64512
peer 10.0.115.5 as-number 64512
#
ipv4-family unicast
undo synchronization
peer 10.0.113.3 enable
peer 10.0.114.4 enable
peer 10.0.115.5 enable
#
ospf 1
area 0.0.0.0
network 10.0.113.1 0.0.0.0
network 10.0.114.1 0.0.0.0
network 10.0.115.1 0.0.0.0
network 10.0.1.11 0.0.0.0
#
return