lab environment:
eNSP device configuration
Lab topology:
Experimental requirements:
An enterprise and carrier network as shown above, please build a good test environment according to the topology environment, configure the corresponding IP address, directly connected PING test pass. Servers using loopback mouth to simulate A large enterprises need to take the Internet networking tasks for transparent transmission of Internet entry, ISPB wears a lot of servers, these servers must have access to the Internet, there are a number of columns on the server ISPC, requirements Internet can be accessed. (BGP advertisement only entry port loopback on R1 / R7)
Experimental Procedure:
1, each router have played a loopback address port 0/32, the RX address is used to establish IBGP neighbor relationship XXXX
Configuring the IP addresses on R2 as an example, the configuration command is as follows:
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.12.12.2 30
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 213.34.1.1 30
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 213.34.1.5 30
[R2-GigabitEthernet0/0/2]int loo0
[R2-LoopBack0]ip address 2.2.2.2 32
2, the internal A large enterprises from OSPF protocol, also as internal ISP B OSPF protocol entry port advertisement loop (for up to protect underlying TCP); request based on the topology of the corresponding planned AS, configured to run the BGP (IBGP established with port loopback neighbor relations established by direct connection port EBGP neighbor relationship), for entry to the Web server on the Internet (R1 / R7 loop port entry) transparent transmission; wherein a large enterprise and ISP B are established and ISP C EBGP neighbor relationship. The entry port loopback advertised on R1 / R7 enter BGP
OSPF is configured to, for example on the R7 (A large enterprises and ISP B are configured as area 0, to note that the interface between R3 and R5, R6 interface between R4 and do not notices into OSPF, otherwise it from neighbors there is no relationship between the meaning of the partition) command should be as follows:
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 83.69.1.2 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 83.69.1.6 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 134.0.1.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 134.1.1.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 134.2.1.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 134.3.1.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 7.7.7.7 0.0.0.0
Then configured to run BGP, EBGP neighbors pay attention when directly specifying the AS number to a neighbor and neighbor, the establishment of IGBP neighbor when two commands should pay more action is specified interface sets up neighbor and modify the next hop for themselves, configure the following command (for example to configure on R2, because R2 both established ibgp neighbors have established ebgp neighbor):
[R2]bgp 200
[R2-bgp]peer 12.12.12.1 as-number 100
[R2-bgp]peer 3.3.3.3 as-number 200
[R2-bgp]peer 3.3.3.3 connect-interface loo0
[R2-bgp]peer 3.3.3.3 next-hop-local
[R2-bgp]peer 4.4.4.4 as-number 200
[R2-bgp]peer 4.4.4.4 connect-interface loo0
[R2-bgp]peer 4.4.4.4 next-hop-local
When all ospf and BGP configuration, with the loop entry port loopback port entry tracertR7 R1 has the communication can
And taking the above road
3, requires ISPC server entries learned from the ISP B as small as possible, only to receive and retain the polymerization entry AS path. Large companies are not required to reduce entry
ISP C because it is only required route aggregation, so the polymerization R2 above configuration, the configuration command is as follows:
[R2]bgp 200
[R2-bgp]aggregate 134.0.0.0 255.252.0.0 as-set detail-suppressed Before configuring the routing table view bgp
After configuration and then find the routing table entries from the four port loopback R7 are aggregated and retained the AS path
4, is required to access the server on the ISP B ISP C is the bandwidth of the link between the bottom R4 and R6 to go, using the modified cost manner at R5.
When the above steps R1tracertR7 can be found taking the default above the road (selected via the 11 strategies can be drawn reason to go that way because routeID above is relatively small), and then modify the overhead on the R5, configuration command is as follows:
[R5]acl 2000
[R5-acl-basic-2000]rule permit
[R5]route-policy med permit node 10
[R5-route-policy]if-match acl 2000
[R5-route-policy]apply cost 1000
[R5-bgp]undo peer 35.35.35.1 route-policy med export Once you've configured R7tracertR1 can see now is taking the following that road
5 requires a BGP neighbor between A ISPC and large enterprises to establish a safe and user password to view the configuration when the display is ciphertext
Example commands to configure in R1, the configuration is as follows:
[R1]bgp 100
[R1-bgp]peer 12.12.12.2 password cipher wenwenAuthentication also disposed on R2, then view the configuration, the password is found cipher text
