Experimental requirements:
1. This topology is a company network, which includes the company headquarters, company branches, and company backbone networks, and does not include the operator's public network.
2. The device names are all renamed using the names on the topology and are case-sensitive.
3. The entire topology is configured using private network addresses.
4. In the entire network, the Router-id value of the device running OSPF protocol or BGP protocol is the device name and number. For example, the Router-id of R1 is 1.1.1.1. 5. In the OSPF route announcement part, select the interface announcement method, for
example 192.168.100.1 0.0.0.0; BGP only announces the user network segment.
6. The IBGP part uses loopback to establish neighbors, and the EBGP part uses direct links to establish neighbors. All devices running BGP need to establish neighbors.
7. R1, R2, R5, R6, R7, R8, R9, and R10 need to configure a loopback interface. The loopback interface IP is the device name and number, and the mask is 32. For example, the loopback interface of R2 is 2.2.2.2/32.
8. The IP addresses of all PCs are configured manually.
Company branch:
1. PC5 and PC6 belong to different VLANs
3. SW3 is a three-layer switch
2. SW4 is a two-layer switch
4. R9 is the branch egress router
5. The branch uses OSPF process 200 to reach the entire branch network Up to
6. The export equipment of the company branch runs BGP protocol to connect to the backbone network , and the AS number is 100.
7. Due to the AS-PATH attribute, the headquarters and branch routes will not be learned . Use the command such as (peer10.10.10.10 allow- as-loop, which can only be configured on the headquarters and branch equipment), will allow duplicate AS numbers.Company headquarters:
1. The switch is a layer 2 switch.
2. PC1 and PC2 belong to the same network segment. PC3 and PC4 are the same network segment.
3. R3 and R4 are the gateway routers of the PC below.
4. In order to ensure the connection from the company headquarters to the backbone network The company headquarters uses dual routers and dual exits to access the backbone network.
5. In order to ensure the load within the company headquarters network, R1, R2, R3, and R4 devices are all used as redundant devices, and full connectivity is used for routing selection.
6. The headquarters intranet uses OSPF process 100 to reach the entire network , and OSPF needs to declare a loopback.
7. The dual-exit equipment of the company headquarters runs the BGP protocol to connect to the backbone network . The AS number is 100.
8. Because suboptimal paths will appear when R1 and R2 are republished, the BGP routing priority needs to be modified . Use the command (preference140255255, only on the headquarters equipment Just configure it), the configuration location is in iPv4-familyunicast.Company backbone network:
1. In order to ensure the company's network connectivity, the backbone network considers equipment redundancy operation, uses dual routers to connect to the headquarters, and uses dual link mode between some routers in the backbone network. 2. The backbone network equipment runs the OSPF protocol to achieve the full coverage of the backbone
network . The network is reachable and the process number is 10.
3. The backbone network equipment runs the BGP protocol , and the AS number is 200. Use full connectivity to establish neighbors .optimization:
1. In order to achieve the effect of offloading and mutual backup, the traffic of the company's headquarters business department accessing the branch goes through R1, and R2 serves as a backup. The company's headquarters engineering department's traffic accessing the branch goes through R2, and R1 serves as a backup, and the round-trip paths are required to be consistent.
2. Traffic from the dual exits of the company headquarters flows to R5, with R6 as backup. The round trip path is the same.
3. When OSPF redistributes, the change type is Type-1
4. All policy names are policy-1
5. When changing the cost, change all to 10
Step One: IP Address Planning
|
Equipment
|
network segment
|
gateway
|
Remark
|
|
PC1
|
192.168.1.0/24
|
192.168.1.254
|
IP
:
192.168.1.1
|
|
PC2
|
192.168.1.0/24
|
192.168.1.254
|
IP
:
192.168.1.2
|
|
PC3
|
192.168.2.0/24
|
192.168.2.254
|
IP
:
192.168.2.1
|
|
PC4
|
192.168.2.0/24 | 192.168.2.254 |
IP:
192.168.2.2
|
|
R3- R4
|
192.168.100.0/30
|
R3:192.168.100.1/30
;
R4:192.168.100.2/30
;
|
|
|
R3-
R2
|
192.168.100.4/30
|
R2:192.168.100.5/30
;
R3:192.168.100.6/30
;
|
|
|
R3-
R1
|
192.168.100.8/30
|
R1:192.168.100.9/30
;
R3:192.168.100.10/30
;
|
|
|
R4-
R2
|
192.168.100.12/30
|
R2:192.168.100.13/30
;
R4:192.168.100.14/30
;
|
|
|
R4-
R1
|
192.168.100.16/30
|
R1:192.168.100.17/30
;
R4:192.168.100.18/30
|
|
|
PC5
|
192.168.3.0/24
|
192.168.3.254
|
IP
:
192.168.3.1/vlan10
|
|
PC6
|
192.168.4.0/24
|
192.168.4.254
|
IP
:
192.168.4.1/vlan20
|
|
R1
|
192.168.3.0/24
;
192.168.4.0/24
;
|
GE0/0/1.1(vlan10
) :192.168.3.254;
GE0/0/1.2(vlan20
) :192.168.4.254;
|
|
|
R9-
R1
|
192.168.200.0/30
|
R9:192.168.200.2
;
R10
:
192,168,2
_
|
|
|
R1-R5
|
10.10.10.0/30
|
R1:10.10.10.1/30
;
R5:10.10.10.2/30
;
|
|
|
R1-
R6
|
10.10.10.4/30
|
R1:10.10.10.5/30
;
R6:10.10.10.6/30
;
|
|
|
R2-
R5
|
10.10.10.8/30
|
R2:10.10.10.9/30
;
R5:10.10.10.10/30
;
|
|
|
R2-
R6
|
10.10.10.12/30
|
R2:10.10.10.13/30
;
R6:10.10.10.14/30
;
|
|
|
R5-
R6
|
10.10.10.16/30
|
R5:10.10.10.17/30
;
R6:10.10.10.18/30
;
|
|
|
R5-
R7
|
10.10.10.20/30
|
R5:10.10.10.21/30
;
R7:10.10.10.22/30
;
|
|
|
R6-
R7
|
10.10.10.24/30
|
R6:10.10.10.25/30
;
R7:10.10.10.26/30
;
|
|
|
R7-
R8
|
10.10.10.28/30
;
10.10.10.32/30
;
|
R7:10.10.10.29/30
;
(0/0/2
connected
port
) R8:10.10.10.30/30
;
(0/0/0
connected
port
) R7:10.10.10.33/30
;
(
connected to 3/0/0
port
) R8:10.10.10.34/30
;
(0/0/1
interface
)
|
|
|
R8-
R9
|
10.10.10.36/30
|
R8:10.10.10.37/30
;
R9:10.10.10.38/30
;
|
|
|
R1-
R2
|
10.10.10.40/30
|
R1:10.10.10.41/30
;
R2:10.10.10.42/30
;
|
第二步:配置IP地址
R1配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.100.9/30 up up
GigabitEthernet0/0/1 10.10.10.1/30 up up
GigabitEthernet0/0/2 10.10.10.41/30 up up
GigabitEthernet3/0/0 192.168.100.17/30 up up
GigabitEthernet4/0/0 10.10.10.5/30 up up
LoopBack0 1.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
R2配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.100.13/30 up up
GigabitEthernet0/0/1 10.10.10.14/30 up up
GigabitEthernet0/0/2 10.10.10.42/30 up up
GigabitEthernet3/0/0 192.168.100.5/30 up up
GigabitEthernet4/0/0 10.10.10.9/30 up up
LoopBack0 2.2.2.2/32 up up(s)
NULL0 unassigned up up(s) R3配置/0
R4配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.100.14/30 up up
GigabitEthernet0/0/1 192.168.2.254/24 up up
GigabitEthernet0/0/2 192.168.100.2/30 up up
GigabitEthernet3/0/0 192.168.100.18/30 up up
GigabitEthernet4/0/0 unassigned down down
NULL0 unassigned up up(s) R5配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.10.10.2/30 up up
GigabitEthernet0/0/1 10.10.10.10/30 up up
GigabitEthernet0/0/2 10.10.10.21/30 up up
GigabitEthernet3/0/0 10.10.10.17/30 up up
GigabitEthernet4/0/0 unassigned down down
LoopBack0 5.5.5.5/32 up up(s)
NULL0 unassigned up up(s) R6配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.10.10.14/30 up up
GigabitEthernet0/0/1 10.10.10.6/30 up up
GigabitEthernet0/0/2 10.10.10.25/30 up up
GigabitEthernet3/0/0 10.10.10.18/30 up up
GigabitEthernet4/0/0 unassigned down down
LoopBack0 6.6.6.6/32 up up(s)
NULL0 unassigned up up(s) R7配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.10.10.26/30 up up
GigabitEthernet0/0/1 10.10.10.22/30 up up
GigabitEthernet0/0/2 10.10.10.29/30 up up
GigabitEthernet3/0/0 10.10.10.33/30 up up
GigabitEthernet4/0/0 unassigned down down
LoopBack0 7.7.7.7/32 up up(s)
NULL0 unassigned up up(s) R8配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.10.10.30/30 up up
GigabitEthernet0/0/1 10.10.10.34/30 up up
GigabitEthernet0/0/2 10.10.10.37/30 up up
GigabitEthernet3/0/0 unassigned down down
GigabitEthernet4/0/0 unassigned down down
LoopBack0 8.8.8.8/32 up up(s)
NULL0 unassigned up up(s)R9配置
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.10.10.38/30 up up
GigabitEthernet0/0/1 192.168.200.2/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 9.9.9.9/32 up up(s)
NULL0 unassigned up up(s) R10配置
[R10]int g 0/0/1.1
[R10-GigabitEthernet0/0/1.1]dot1q termination vid 10
[R10-GigabitEthernet0/0/1.1]ip address 192.168.3.254 24
[R10-GigabitEthernet0/0/1.1]arp broadcast enable
[R10-GigabitEthernet0/0/1.1]int g 0/0/1.2
[R10-GigabitEthernet0/0/1.2]dot1q termination vid 20
[R10-GigabitEthernet0/0/1.2]ip address 192.168.4.254 24
[R10-GigabitEthernet0/0/1.2]arp broadcast enable
[R10-GigabitEthernet0/0/1.2]
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.200.1/30 up up
GigabitEthernet0/0/1 unassigned up down
GigabitEthernet0/0/1.1 192.168.3.254/24 up up
GigabitEthernet0/0/1.2 192.168.4.254/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 10.10.10.10/32 up up(s)
NULL0 unassigned up up(s) SW3配置
[SW3]vlan 10
[SW3-vlan10]q
[SW3]vlan 20
[SW3-vlan20]q
[SW3]int g 0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port default vlan 10
[SW3]int g 0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 20
[SW3]int g 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20第三步:宣告
【R1】
ospf 100 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.100.7 0.0.0.0
network 192.168.100.9 0.0.0.0
network 192.168.100.17 0.0.0.0
【R2】
ospf 100 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.100.5 0.0.0.0
network 192.168.100.13 0.0.0.0
【R3】
ospf 100 router-id 3.3.3.3
area 0.0.0.0
network 192.168.1.254 0.0.0.0
network 192.168.100.1 0.0.0.0
network 192.168.100.6 0.0.0.0
network 192.168.100.10 0.0.0.0
【R4】
ospf 100 router-id 4.4.4.4
area 0.0.0.0
network 192.168.2.254 0.0.0.0
network 192.168.100.2 0.0.0.0
network 192.168.100.14 0.0.0.0
network 192.168.100.18 0.0.0.0
【R5】
ospf 10 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.10.10.17 0.0.0.0
network 10.10.10.21 0.0.0.0
【R6】
ospf 10 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.10.10.18 0.0.0.0
network 10.10.10.25 0.0.0.0
【R7】
ospf 10 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 10.10.10.22 0.0.0.0
network 10.10.10.26 0.0.0.0
network 10.10.10.29 0.0.0.0
network 10.10.10.33 0.0.0.0
【R8】
ospf 10 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 10.10.10.30 0.0.0.0
network 10.10.10.34 0.0.0.0
【R9】
ospf 200 router-id 9.9.9.9
area 0.0.0.0
network 192.168.200.2 0.0.0.0
【R10】
ospf 200 router-id 10.10.10.10
area 0.0.0.0
network 192.168.3.254 0.0.0.0
network 192.168.4.254 0.0.0.0
network 192.168.200.1 0.0.0.0 第四步:配置BGP
【R5】
[R5]bgp 200
[R5-bgp]router-id 5.5.5.5
[R5-bgp]peer 6.6.6.6 as-number 200
[R5-bgp]peer 6.6.6.6 con l 0
[R5-bgp]peer 7.7.7.7 as-number 200
[R5-bgp]peer 7.7.7.7 con l 0
[R5-bgp]peer 8.8.8.8 as-number 200
[R5-bgp]peer 8.8.8.8 con l 0
[R5-bgp]peer 10.10.10.1 as-number 100
[R5-bgp]peer 10.10.10.9 as-number 100
[R5-bgp]
【R6】
[R6]bgp 200
[R6-bgp]ro
[R6-bgp]router-id 6.6.6.6
[R6-bgp]peer 5.5.5.5 as-number 200
[R6-bgp]peer 5.5.5.5 con l0
[R6-bgp]peer 7.7.7.7 as-number 200
[R6-bgp]peer 7.7.7.7 con l0
[R6-bgp]peer 8.8.8.8 as-number 200
[R6-bgp]peer 8.8.8.8 con lo0
[R6-bgp]peer 10.10.10.5 as-number 100
[R6-bgp]peer 10.10.10.13 as-number 100
[R6-bgp]
【R7】
[R7]bgp 200
[R7-bgp]router-id 7.7.7.7
[R7-bgp]peer 6.6.6.6 as-number 200
[R7-bgp]peer 6.6.6.6 con l0
[R7-bgp]
[R7-bgp]peer 5.5.5.5 as-number 200
[R7-bgp]peer 5.5.5.5 con l0
[R7-bgp]peer 8.8.8.8 as-number 200
[R7-bgp]peer 8.8.8.8 con l0
[R7-bgp]
【R8】
[R8]bgp 200
[R8-bgp]router-id 8.8.8.8
[R8-bgp]peer 7.7.7.7 as-number 200
[R8-bgp]peer 7.7.7.7 con lo0
[R8-bgp]pe
[R8-bgp]peer 6.6.6.6 as-number 200
[R8-bgp]peer 6.6.6.6 con lo0
[R8-bgp]peer 5.5.5.5 as-number 200
[R8-bgp]peer 5.5.5.5 con lo0
[R8-bgp]
【R9】
[R9]bgp 100
[R9-bgp]router-id 9.9.9.9
[R9-bgp]peer 10.10.10.37 as-number 200
[R9-bgp]q第五步:骨干网中修改BGP为本地
【R5】
[R5]bgp 200
[R5-bgp]peer 7.7.7.7 next-hop-local
[R5-bgp]peer 8.8.8.8 next-hop-local
[R5-bgp]
【R6】
[R6]bgp 200
[R6-bgp]peer 7.7.7.7 n
[R6-bgp]peer 7.7.7.7 next-hop-local
[R6-bgp]peer 8.8.8.8 next-hop-local
【R7】
//没有EGP邻居关系,所以不需要修改
【R8】
[R8]bgp 200
[R8-bgp]peer 5.5.5.5 next-hop-local
[R8-bgp]peer 6.6.6.6 next-hop-local
[R8-bgp]peer 7.7.7.7 next-hop-local修改前
修改后
R7选路为优
第六步:AS号重重复,修改为允许重复
此时PC1pingPC5不通,因为R1、R2上没有学到192.168.3.0 和 192.168.4.0 的路由,没有学到的原因是总部和分公司的AS号重复,将AS号修改为可以重复,
【R1】
[R1]bgp 100
[R1-bgp]peer 10.10.10.2 al
[R1-bgp]peer 10.10.10.2 allow-as-loop
[R1-bgp]
[R1-bgp]peer
[R1-bgp]peer 10.10.10.6 al
[R1-bgp]peer 10.10.10.6 allow-as-loop
[R1-bgp]q
【R2】
[R2]bgp 100
[R2-bgp]peer 10.10.10.10 al
[R2-bgp]peer 10.10.10.10 allow-as-loop
[R2-bgp]peer 10.10.10.14 al
[R2-bgp]peer 10.10.10.14 allow-as-loop
【R9】
[R9]bgp 100
[R9-bgp]pe
[R9-bgp]peer 10.10.10.37 al
[R9-bgp]peer 10.10.10.37 allow-as-loop 此时R1、R2就可以学习到192.168.3.0 和192.168.4.0的路由了
第七步:重发布
进行重发布之前,R3、R4并没有学到192.168.3.0、192.168.4.0的路由R10也没学到192.168.1.0、192.168.2.0的路由
【R1】
[R1]ospf 100
[R1-ospf-100]import-route bgp type 1
[R1-ospf-100]q
【R2】
[R2]ospf 100
[R2-ospf-100]import-route bgp type 1
[R2-ospf-100]
【R9】
[R9]ospf 200
[R9-ospf-200]import-route bgp type 1
[R9-ospf-200]此时R3、R4、R10已经学到路由了
PC1可以ping通PC5、PC6
PC2可以ping通PC5、PC6
第八步:修改BGP路由优先级
使用命令(preference140255255,仅在总部设备上配置即可),配置位置在iPv4-familyunicast中
【R1】
[R1]bgp 100
[R1-bgp]ipv4-family unicast
[R1-bgp-af-ipv4]preference 140 255 255
【R2】
[R2]bgp 100
[R2-bgp]ipv4-family unicast
[R2-bgp-af-ipv4]preference 140 255 255
修改优先级的原因
因为R1正常向R5发生流量,而R2却向R3、R4发生流量,R1不学习R2 OSPF发过来的路由,原因是R2没有学习到BGP的路由,没有学到的原因是重发布进来的优先级为150,优于EBGP的优先级255,所以覆盖
第九步:优化
1、为达到分流互备效果,公司总部业务部访问分部流量走R1,R2做备份,公司总部工程部访间分部流量走R2,R1做备份,并要求来回路径致。
【R2】
[R2]int g 3/0/0
[R2-GigabitEthernet3/0/0]os
[R2-GigabitEthernet3/0/0]ospf c
[R2-GigabitEthernet3/0/0]ospf cost 10
【R3】
[R3]int g 3/0/0
[R3-GigabitEthernet3/0/0]os
[R3-GigabitEthernet3/0/0]ospf c
[R3-GigabitEthernet3/0/0]ospf cost 10
[R3-GigabitEthernet3/0/0]q以R4为例
修改前
修改后
【R1】
[R1]ip ip-prefix policy-1 permit 192.168.2.0 24
[R1]route-policy policy-1 permit node 10
Info: New Sequence of this List.
[R1-route-policy]if-match ip-prefix policy-1
[R1-route-policy]apply cost 10
[R1-route-policy]q
[R1]route-policy policy-1 permit node 20
Info: New Sequence of this List.
[R1-route-policy]q
[R1]bgp 100
[R1-bgp]peer 10.10.10.6 route-policy policy-1 export
【R2】
[R2]ip ip-prefix policy-1 permit 192.168.1.0 24
[R2]route-policy policy-1 permit node 10
Info: New Sequence of this List.
[R2-route-policy]if-match ip-prefix policy-1
[R2-route-policy]apply cost 10
[R2-route-policy]q
[R2]route-policy policy-1 permit node 20
Info: New Sequence of this List.
[R2-route-policy]q
[R2]bgp 100
[R2-bgp]peer 10.10.10.14 route-policy policy-1 export
[R2-bgp]peer 10.10.10.10 route-policy policy-1 export R5 
R6
2、公司总部双出口流量均流向R5,R6做备份。来回路径一致。
【R6】
[R6]route-policy policy-1 permit node 10
Info: New Sequence of this List.
[R6-route-policy]apply cost 10
[R6-route-policy]q
[R6]route-policy policy-1 permit node 20
Info: New Sequence of this List.
[R6-route-policy]q
[R6]bgp 200
[R6-bgp]peer 10.10.10.5 route-policy policy-1 export
[R6-bgp]peer 10.10.10.13 route-policy policy-1 export【R1】
【R2】
