多自治系统BGP网络

BGP网络拓扑图如下:bgp1

网络拓扑说明:

R2和R3之间跑OSPF, AS号 65001

R4,R5,R6之间跑IS-IS,BGP协议, AS号 4808

R7和R8之间跑OSPF,AS号 65002

左边的65001和中间的ISIS使用EBGP连接

右边的65002和中间的ISIS使用EBGP连接

要求: 从R1能ping通R9

 

配置工具: SecureCRT

连接方式: SecureCRT通过telnet方式连接这9台路由器

bgp2

各路由器主机名,访问方式,地址规划:

设备名 主机名 Telnet连接方式 loopabck 0 s1 / 0 s1/1 f0/0
R1 Rack01R01 127.0.0.1:2000 NA 20.1.12.1/24 NA 20.1.11.1/24
R2 Rack01R02 127.0.0.1:2001 2.2.2.2/32 20.1.12.2/24 20.1.23.2/24 NA
R3 Rack01R03 127.0.0.1:2002 3.3.3.3/32 10.1.34.3/24 20.1.23.3/24 NA
R4 Rack01R04 127.0.0.1:2003 4.4.4.4/32 10.1.34.4/24 10.1.45.4/24 NA
R5 Rack01R05 127.0.0.1:2004 5.5.5.5/32 10.1.56.5/24 10.1.45.5/24 NA
R6 Rack01R06 127.0.0.1:2005 6.6.6.6/32 10.1.56.6/24 10.1.67.6/24 NA
R7 Rack01R07 127.0.0.1:2006 7.7.7.7/32 30.1.78.7/24 10.1.67.7/24 NA
R8 Rack01R08 127.0.0.1:2007 8.8.8.8/32 30.1.78.8/24 30.1.89.8/24 NA
R9 Rack01R09 127.0.0.1:2008 NA NA 30.1.89.9/24 30.1.99.9/24

 

简要说明,及需要注意地方:

进入接口配置地址第1件事 no shutdown以免忘记开启

R1到R2 和R9到R8都使用缺省路由

R2到R1和R8到R9都是用静态路由

 

R3和R4之间跑EBGP, R3绝不能将EBGP的网络号注入到OSPF

R7和R6之间跑EBGP, R7绝不能将EBGP的网络号注入到OSPF

R2将数据包送往R9使用的是缺省路由,这个缺省路由是R3发给R2的需要在OSPF中配置

R8将数据包送往R1使用的是缺省路由,这个缺省路由是R7发给R8的需要在OSPF中配置

 

假设R1到R9的主机名和各接口IP地址已配置完成

执行show ip interfaces brief 检查ip地址有没有配错,端口有没有开启

配置结束记得存盘

 

下面正式开始配置:

R1配置缺省路由

Rack01R01(config)#路由 0.0.0.0 0.0.0.0 20.1.12.2

Rack01R01(config)#结束

Rack01R01(config)#wr

R2配置到R1的静态路由

Rack01R02(config)#路由 20.1.11.0 255.255.255.0 20.1.12.1

Rack01R02(config)#wr

 

配置R2和R3之间的OSPF

R2:

Rack01R02(config)#router ospf 65001

Rack01R02(config-router)#router-id 2.2.2.2

Rack01R02(config-router)#网络 2.2.2.2 0.0.0.0 area 0

Rack01R02(config-router)#网络 20.1.23.0 0.0.0.255 area 0

需要注意的是R2的s1/0口网络一定不能宣告在OSPF中

 

R3:

Rack01R03(config)#router ospf 65001

Rack01R02(config-router)#router-id 3.3.3.3

Rack01R02(config-router)#网络 3.3.3.3.3 0.0.0.0 area 0

Rack01R02(config-router)#网络 20.1.23.0 0.0.0.255 area 0

 

这样R2和R3之间的OSPF就起来了,可以用show ip route分别查看验证.

 

这时,从R1 pingR3的3.3.3.3是不通的.

原因是这样的, R1 pingR3的3.3.3.3,因为缺省路由缘故,会将数据包发送到R2,而R2和R3之间起的是OSPF,

因此很容易将数据包发送给R3,R3回应数据包,目的网段是20.1.12.0和20.1.11.0 但是R3的路由表中并不

包括20.1.12.0和20.1.11.0 , 因为20.1.12.0和20.1.11.0 不能用OSPF宣告.这时只需要将20.1.12.0这个

静态网络注入到OSPF中,那么R3就会学习到.R1才能顺利ping通3.3.3.3

操作如下:

R2

Rack01R02(config)#router ospf 65001

Rack01R02(config-router)#redistribute static subnets metric 10 //将R2的静态路由注入到OSPF中

Rack01R02(config-router)#redistribute connected subnets //将R2的直连网络注入到OSPF中

 

R3和R4之间跑EBGP

EBGP传输信息时基于TCP 179端口,在这么多协议中EBGP是唯一基于TCP协议的,而且需要手动建立邻居关系.

一般来讲,建立EBGP之前都需要静态路由来做支撑.

现在需要在R3和R4之间创建静态路由.

R3

Rack01R03(config)#路由 4.4.4.4 255.255.255.255 10.1.34.4

R4

Rack01R04(config)#路由 3.3.3.3 255.255.255.255 10.1.34.3

 

用do ping 3.3.3.3 soruce 4.4.4.4和do ping 4.4.4.4 soruce 3.3.3.3发现都是通的,

说明静态路由配置成功. 邻接关系建立成功, 只有邻接关系建立好才能做EBGP.

 

R3上起BGP

Rack01R03(config)#router bgp 65001

Rack01R03(config-router)#bgp router-id 3.3.3.3

Rack01R03(config-router)#neighbor 4.4.4.4 remote-as 4808

Rack01R03(config-router)#neighbor 4.4.4.4 update-source loopback 0

Rack01R03(config-router)#neighbor 4.4.4.4 ebgp-multihop 2

 

R4上起BGP

Rack01R03(config)#router bgp 4808

Rack01R03(config-router)#bgp router-id 4.4.4.4

Rack01R03(config-router)#neighbor 3.3.3.3 remote-as 65001

Rack01R03(config-router)#neighbor 3.3.3.3 update-source loopback 0

Rack01R03(config-router)#neighbor 3.3.3.3 ebgp-multihop 2

 

R3和R4之间的BGP建立后,在特权模式下执行 show ip interface brief 查看BGP情况,如下:

Rack01R03#show ip bgp summary

BGP router identifier 3.3.3.3, local AS number 65001

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

4.4.4.4 4 4808 3 3 1 0 0 00:00:55 0

 

Rack01R04#show ip bgp summary

BGP router identifier 4.4.4.4, local AS number 4808

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

3.3.3.3 4 65001 3 3 1 0 0 00:00:40 0

 

R3和R4之间,千万不要把OSPF注入到BGP, 更不要把BGP注入到OSPF

只需要在R3的BGP下面宣告网络号即可

接上面的BGP:

Rack01R03(config)#router bgp 65001

Rack01R03(config-router)#网络 20.0.0.0 面具 255.0.0.0

 

R4特权模式执行show ip bgp,

Rack01R04#show ip bgp

Rack01R04#

没有发现R3发布的网络号20.0.0.0

 

BGP没有发现网络,应该从下面4个方面考虑

1.邻接关系是否正常[已测试,邻接关系是正常的]

2.同步是否完成 [在这里没有完成同步因为R3宣告的20.0.0.0 255.255.255网络在IGP中不存在,也就是

show ip route后没有20.0.0.0/8这个网段因此20.0.0.0/8没有发布出去],

BGP说自己有20.0.0.0/8网段,但是IGP中没有20.0.0.0/8网段. 这就是不同步的概念

网络号不同步需要路由欺骗来解决.

上面1和2说的是EBGP没有发现网络检查方法, 对于IBGP除了以上还包括3和4两点.

3.存在水平分割[IBGP的特点],需要配置路由反射器.

4.如果next hop有不能到达的情况,需要调整next hop.

 

接上面

Rack01R03(config)#router bgp 65001

Rack01R03(config-router)#路由 20.0.0.0 255.0.0.0 无效的 0

Rack01R03(config)#

 

这时R4上再次执行show ip bg ,如下:

Rack01R04#show ip bgp

BGP table version is 2, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 20.0.0.0 3.3.3.3 0 0 65001 一世

可以发现20.0.0.0网段next hop是3.3.3.3 ,R3欺骗成功,这样就满足了同步的条件

 

R3上执行一次show ip route如下黑色字体所示:

Rack01R03#show ip route

Codes: C – connected, 秒 – 静态的, 电阻 – RIP, 中号 – mobile, 乙 – BGP协议

d – EIGRP, EXEIGRP external, OOSPF, IAOSPF inter area

N1OSPF NSSA external type 1, N2OSPF NSSA external type 2

E1OSPF external type 1, E2OSPF external type 2

一世 – IS-IS, 它的 – IS-IS summary, L1IS-IS level-1, L2IS-IS level-2

iaIS-IS inter area, * – candidate default, Uper-user static route

Ø – ODR, 磷 – periodic downloaded static route

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets

O 2.2.2.2 [110/65] via 20.1.23.2, 00:34:47, Serial1/1

3.0.0.0/32 is subnetted, 1 subnets

C 3.3.3.3 is directly connected, Loopback0

4.0.0.0/32 is subnetted, 1 subnets

秒 4.4.4.4 [1/0] via 10.1.34.4

20.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 20.1.23.0/24 is directly connected, Serial1/1

秒 20.0.0.0/8 is directly connected, Null0

O E2 20.1.12.0/24 [110/20] via 20.1.23.2, 00:34:35, Serial1/1

O E2 20.1.11.0/24 [110/10] via 20.1.23.2, 00:34:47, Serial1/1

10.0.0.0/24 is subnetted, 1 subnets

C 10.1.34.0 is directly connected, Serial1/0

 

发现一条路由是 S 20.0.0.0/8 is directory connected Null0

因此同步条件也满足了

 

R4也要向EBGP发布10.0.0.0/8网段这时也要做一下路由欺骗

Rack01R04#conf t

Rack01R04(config)#router bgp 4808

Rack01R04(config-router)#网络 10.0.0.0 面具 255.0.0.0

Rack01R04(config-router)#路由 10.0.0.0 255.0.0.0 无效的 0

然后R3上执行show ip bgp 可以看到10网段了,如下:

Rack01R03#show ip bgp

BGP table version is 3, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,

r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0 4.4.4.4 0 0 4808 一世

*> 20.0.0.0 0.0.0.0 0 32768 一世

 

现在配置R4,R5,R6的IS-IS协议

R4

Rack01R04(config)#router isis 4808

Rack01R04(config-router)#网 49.4808.0040.0400.4004.00

Rack01R04(config-router)#is-type level-2-only

Rack01R04(config-router)#in l0

Rack01R04(config-if)#ip router isis 4808

Rack01R04(config-if)#in s1/1

Rack01R04(config-if)#ip router isis 4808

注意R4的S1/0不启用ISIS,这是另外一个运营商的.

 

R5

Rack01R05(config)#router isis 4808

Rack01R05(config-router)#网 49.4808.0050.0500.5005.00

Rack01R05(config-router)#is-type level-2-only

Rack01R05(config-router)#in lo 0

Rack01R05(config-if)#ip router isis 4808

Rack01R05(config-if)#in s1/0

Rack01R05(config-if)#ip router isis 4808

Rack01R05(config-if)#in s1/1

Rack01R05(config-if)#ip router isis 4808

 

R6

Rack01R06(config)#router isis 4808

Rack01R06(config-router)#网 49.4808.0060.0600.6006.00

Rack01R06(config-router)#is-type level-2-only

Rack01R06(config-router)#in lo 0

Rack01R06(config-if)#ip router isis 4808

Rack01R06(config-if)#in s1/0

Rack01R06(config-if)#ip router isis 4808

注意R6的S1/1不启用ISIS,这是另外一个运营商的.

 

这样的话,R4,R5,R6之间的IS-IS就配置完成了

在R6上 show ip route 如果能看到R4R5的is-is发布的网络号

如果出现下图黑体字部分,就说明IS-IS配置成功

Rack01R06#show ip route

Codes: C – connected, 秒 – 静态的, 电阻 – RIP, 中号 – mobile, 乙 – BGP协议

d – EIGRP, EXEIGRP external, OOSPF, IAOSPF inter area

N1OSPF NSSA external type 1, N2OSPF NSSA external type 2

E1OSPF external type 1, E2OSPF external type 2

一世 – IS-IS, 它的 – IS-IS summary, L1IS-IS level-1, L2IS-IS level-2

iaIS-IS inter area, * – candidate default, Uper-user static route

Ø – ODR, 磷 – periodic downloaded static route

Gateway of last resort is not set

4.0.0.0/32 is subnetted, 1 subnets

i L2 4.4.4.4 [115/30] via 10.1.56.5, Serial1/0

5.0.0.0/32 is subnetted, 1 subnets

i L2 5.5.5.5 [115/20] via 10.1.56.5, Serial1/0

6.0.0.0/32 is subnetted, 1 subnets

C 6.6.6.6 is directly connected, Loopback0

10.0.0.0/24 is subnetted, 3 subnets

i L2 10.1.45.0 [115/20] via 10.1.56.5, Serial1/0

C 10.1.56.0 is directly connected, Serial1/0

C 10.1.67.0 is directly connected, Serial1/1

 

有了前面IS-IS的铺垫, 就可以在R4,R5,R6之间运行BGP协议了

R4

Rack01R04(config)#router bgp 4808

Rack01R04(config-router)#neighbor 5.5.5.5 remote-as 4808

Rack01R04(config-router)#neighbor 5.5.5.5 update-source loopback 0

 

R5

Rack01R05(config)#router bgp 4808

Rack01R05(config-router)#neighbor 4.4.4.4 remote-as 4808

Rack01R05(config-router)#neighbor 4.4.4.4 update-source loopback 0

Rack01R05(config-router)#neighbor 6.6.6.6 remote-as 4808

Rack01R05(config-router)#neighbor 6.6.6.6 update-source loopback 0

 

R6

Rack01R06(config)#router bgp 4808

Rack01R06(config-router)#neighbor 5.5.5.5 remote-as 4808

Rack01R06(config-router)#neighbor 5.5.5.5 update-source loopback 0

 

R4和R5建立邻接关系R5和R4R6建立了邻接关系R6和R5建立了邻接关系

这里R4和R6之间不需要建立邻接关系R4和R6只需要和R5建立即可

这样R4,R5,R6之间的IS-IS的邻接关系已经建立了

这里假定R5是核心路由R4和R6是汇聚路由

在这里R5需要做路由反射器在实际项目中可能会拿2台或多台作为路由反射器

主要是用来传输路由表和策略的但不走数据

 

【路由反射器在运营商里面是单独的路由器不承担任何数据流量只传输路由表和策略】

 

R5

show ip bgp能看到20.0.0.0/8网段next hop 3.3.3.3 ,但3.3.3.3在R5上看不到,也就是无法到达3.3.3.3 如下:

Rack01R05#show ip bgp

BGP table version is 2, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,

r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*>i10.0.0.0 4.4.4.4 0 100 0 一世

* i20.0.0.0 3.3.3.3 0 100 0 65001 一世

并且R3和R4之间的网路号就没有发布到IS-IS中, R3 的loopback 0也没有发布到IS-IS中

解决办法

R4

Rack01R04(config)#router bgp 4808

Rack01R04(config-router)#neighbor 5.5.5.5 next-hop-self

这样的话在R5上再次执行show ip bgp ,看到的20网段的next hop变成了4.4.4.4

 

Rack01R05#show ip bgp

BGP table version is 3, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,

r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*>i10.0.0.0 4.4.4.4 0 100 0 一世

*>i20.0.0.0 4.4.4.4 0 100 0 65001 一世

 

在R5上执行show ip route 可以看到20网段的路线路由表进行了2次递归查询

要去20.0.0.0网段先到4.4.4.4而要去4.4.4.4则经过网段10.1.45.4

 

实际上在R4上去往20网段也经过了2次递归查询执行show ip route后路由表有所体现

Rack01R05#show ip route

Codes: C – connected, 秒 – 静态的, 电阻 – RIP, 中号 – mobile, 乙 – BGP协议

d – EIGRP, EXEIGRP external, OOSPF, IAOSPF inter area

N1OSPF NSSA external type 1, N2OSPF NSSA external type 2

E1OSPF external type 1, E2OSPF external type 2

一世 – IS-IS, 它的 – IS-IS summary, L1IS-IS level-1, L2IS-IS level-2

iaIS-IS inter area, * – candidate default, Uper-user static route

Ø – ODR, 磷 – periodic downloaded static route

Gateway of last resort is not set

4.0.0.0/32 is subnetted, 1 subnets

i L2 4.4.4.4 [115/20] via 10.1.45.4, Serial1/1

乙 20.0.0.0/8 [200/0] via 4.4.4.4, 00:03:47

5.0.0.0/32 is subnetted, 1 subnets

C 5.5.5.5 is directly connected, Loopback0

6.0.0.0/32 is subnetted, 1 subnets

i L2 6.6.6.6 [115/20] via 10.1.56.6, Serial1/0

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

乙 10.0.0.0/8 [200/0] via 4.4.4.4, 00:18:04

C 10.1.45.0/24 is directly connected, Serial1/1

C 10.1.56.0/24 is directly connected, Serial1/0

 

在R6上查看是否能看到20网段?

先不要看路由表(show ip route),先看数据库(show ip bgp),数据库里面没有路由表中一定没有

如果数据库中有则继续看next hop能不能到如果next hop到不了那么路由表中也没有

show ip bgp 看不到10.20网段这里邻居关系都建好了

这里就涉及到水平分割的问题通过IBGP内部邻居学习到的网络号永远不会送给其他的内部邻居

 

那这个问题如何解决呢?

R5

Rack01R05(config)#router bgp 4808

Rack01R05(config-router)#neighbor 4.4.4.4 route-reflector-client

Rack01R05(config-router)#neighbor 6.6.6.6 route-reflector-client

这样

R6上执行 show ip bgp发现20.0.0和10.0.0.0网段他们的next hop都是4.4.4.4

执行show ip route发现20网段存在说明可以到达也是经过了2次路由表查询

Rack01R06#show ip bgp

BGP table version is 7, local router ID is 6.6.6.6

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,

r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*>i10.0.0.0 4.4.4.4 0 100 0 一世

*>i20.0.0.0 4.4.4.4 0 100 0 65001 一世

 

R6在看一下路由表是否包含20.0.0.0/8网段,如果包含,则可以到达

Rack01R06#show ip route

Codes: C – connected, 秒 – 静态的, 电阻 – RIP, 中号 – mobile, 乙 – BGP协议

d – EIGRP, EXEIGRP external, OOSPF, IAOSPF inter area

N1OSPF NSSA external type 1, N2OSPF NSSA external type 2

E1OSPF external type 1, E2OSPF external type 2

一世 – IS-IS, 它的 – IS-IS summary, L1IS-IS level-1, L2IS-IS level-2

iaIS-IS inter area, * – candidate default, Uper-user static route

Ø – ODR, 磷 – periodic downloaded static route

Gateway of last resort is not set

4.0.0.0/32 is subnetted, 1 subnets

i L2 4.4.4.4 [115/30] via 10.1.56.5, Serial1/0

乙 20.0.0.0/8 [200/0] via 4.4.4.4, 00:04:01

5.0.0.0/32 is subnetted, 1 subnets

i L2 5.5.5.5 [115/20] via 10.1.56.5, Serial1/0

6.0.0.0/32 is subnetted, 1 subnets

C 6.6.6.6 is directly connected, Loopback0

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

乙 10.0.0.0/8 [200/0] via 4.4.4.4, 00:04:01

i L2 10.1.45.0/24 [115/20] via 10.1.56.5, Serial1/0

C 10.1.56.0/24 is directly connected, Serial1/0

C 10.1.67.0/24 is directly connected, Serial1/1

 

R6和R7之间跑EBGP,在配置EBGP之前先做静态路由

R6

Rack01R06(config)#路由 7.7.7.7 255.255.255.255 10.1.67.7

R7

Rack01R07(config)#路由 6.6.6.6 255.255.255.255 10.1.67.6

 

R6和R7之间配置EBGP

R6

Rack01R06(config)#router bgp 4808

Rack01R06(config-router)#bgp router-id 6.6.6.6

 

R5

Rack01R05(config)#router bgp 4808

Rack01R05(config-router)#bgp router-id 5.5.5.5

 

R6

Rack01R06(config)#router bgp 4808

Rack01R06(config-router)#neighbor 7.7.7.7 remote-as 65002

Rack01R06(config-router)#neighbor 7.7.7.7 update-source loopback 0

Rack01R06(config-router)#neighbor 7.7.7.7 ebgp-multihop 2

 

R7

Rack01R07(config)#router bgp 65002

Rack01R07(config-router)#bgp router-id 7.7.7.7

Rack01R07(config-router)#neighbor 6.6.6.6 remote-as 4808

Rack01R07(config-router)#neighbor 6.6.6.6 update-source loopback 0

Rack01R07(config-router)#neighbor 6.6.6.6 ebgp-multihop 2

Rack01R07(config-router)#网络 30.0.0.0 面具 255.0.0.0 [路由欺骗]

Rack01R07(config)-router#ip route 30.0.0.0 255.0.0.0 无效的 0 [路由欺骗]

 

R6

Rack01R06(config-router)#neighbor 5.5.5.5 next-hop-self

Rack01R06(config-router)#wr

 

然后R7上执行show ip bgp, 发现 10网段和20网段已经有了.

Rack01R07#show ip bgp

BGP table version is 4, local router ID is 7.7.7.7

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,

r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0 6.6.6.6 0 4808 一世

*> 20.0.0.0 6.6.6.6 0 4808 65001 一世

*> 30.0.0.0 0.0.0.0 0 32768 一世

 

R4上执行show ip bgp, 发现 30网段已经有了.

Rack01R04#show ip bgp

BGP table version is 4, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, 一世 – internal,

r RIB-failure, S Stale

Origin codes: 一世 – IGP, Ë – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.0.0 0.0.0.0 0 32768 一世

*> 20.0.0.0 3.3.3.3 0 0 65001 一世

*>i30.0.0.0 6.6.6.6 0 100 0 65002 一世

 

 

现在R7和R8上配置OSPF

R7

Rack01R07(config)#router ospf 65002

Rack01R07(config-router)#router-id 7.7.7.7

Rack01R07(config-router)#网络 7.7.7.7 0.0.0.0 area 0

Rack01R07(config-router)#网络 30.1.78.0 0.0.0.255 area 0

 

R8

Rack01R08(config)#router ospf 65002

Rack01R08(config-router)#router-id 8.8.8.8

Rack01R08(config-router)#网络 8.8.8.8 0.0.0.0 area 0

Rack01R08(config-router)#网络 30.1.78.0 0.0.0.255 area 0

Rack01R08(config-router)#出口

Rack01R08(config)#路由 30.1.99.0 255.255.255.0 30.1.89.9

 

R9

Rack01R09(config)#路由 0.0.0.0 0.0.0.0 30.1.89.8

 

R8别忘了配置路由重分布

Rack01R08(config)#router ospf 65002

Rack01R08(config-router)#redistribute connected subnets

Rack01R08(config-router)#redistribute static subnets metric 10

 

现在从R1 ping R9通不通?

ping 30.1.99.9 source 20.1.11.1

最终是不通的.

因为在R3上能看到30网段,这是BGP传递过来的,但是R2上show ip route是看不到的.

R3千万不能把BGP注入到OSPF,所以R3应该有如下操作:

R3

Rack01R03(config)#router ospf 65001

Rack01R03(config-router)#default-information originate always

然后R2上show ip route发现了去往R3的缺省路由,R3有BGP可以将数据包送往R7

而R7上有30.1.99.0网段,因此可以将数据包送往R8, R8最后将数据包送往R9

R2的路由表信息如下:

Rack01R02#show ip route

Codes: C – connected, 秒 – 静态的, 电阻 – RIP, 中号 – mobile, 乙 – BGP协议

d – EIGRP, EXEIGRP external, OOSPF, IAOSPF inter area

N1OSPF NSSA external type 1, N2OSPF NSSA external type 2

E1OSPF external type 1, E2OSPF external type 2

一世 – IS-IS, 它的 – IS-IS summary, L1IS-IS level-1, L2IS-IS level-2

iaIS-IS inter area, * – candidate default, Uper-user static route

Ø – ODR, 磷 – periodic downloaded static route

Gateway of last resort is 20.1.23.3 to network 0.0.0.0

2.0.0.0/32 is subnetted, 1 subnets

C 2.2.2.2 is directly connected, Loopback0

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/65] via 20.1.23.3, 00:01:11, Serial1/1

20.0.0.0/24 is subnetted, 3 subnets

C 20.1.23.0 is directly connected, Serial1/1

C 20.1.12.0 is directly connected, Serial1/0

秒 20.1.11.0 [1/0] via 20.1.12.1

O*E2 0.0.0.0/0 [110/1] via 20.1.23.3, 00:01:11, Serial1/1

 

R7和R3做同样的设置

Rack01R03(config)#router ospf 65002

Rack01R03(config-router)#default-information originate always

然后R8执行show ip route 发现有去往R7的缺省路由了.

R2的路由表信息如下:

Rack01R08#show ip route

Codes: C – connected, 秒 – 静态的, 电阻 – RIP, 中号 – mobile, 乙 – BGP协议

d – EIGRP, EXEIGRP external, OOSPF, IAOSPF inter area

N1OSPF NSSA external type 1, N2OSPF NSSA external type 2

E1OSPF external type 1, E2OSPF external type 2

一世 – IS-IS, 它的 – IS-IS summary, L1IS-IS level-1, L2IS-IS level-2

iaIS-IS inter area, * – candidate default, Uper-user static route

Ø – ODR, 磷 – periodic downloaded static route

Gateway of last resort is 30.1.78.7 to network 0.0.0.0

7.0.0.0/32 is subnetted, 1 subnets

O 7.7.7.7 [110/65] via 30.1.78.7, 00:00:03, Serial1/0

8.0.0.0/32 is subnetted, 1 subnets

C 8.8.8.8 is directly connected, Loopback0

30.0.0.0/24 is subnetted, 3 subnets

C 30.1.89.0 is directly connected, Serial1/1

C 30.1.78.0 is directly connected, Serial1/0

秒 30.1.99.0 [1/0] via 30.1.89.9

O*E2 0.0.0.0/0 [110/1] via 30.1.78.7, 00:00:03, Serial1/0

 

R1上再次ping 30.1.99.9 source 20.1.11.1发现是通的,如下:

Rack01R01#ping 30.1.99.9

bgp3

至此配置完成.

 

实验小结:

R2需要把静态路由注入到OSPF,发布给R3

R3需要发布缺省路由给R2

R3和R4之间跑的是EBGP,EBGP创建之前一定要建立静态路由, EBGP创建成成需要满足4个条件

[1.邻接关系,2满足同步条件3,设置欺骗路由],就没有其他问题了.

 

R4,R5,R6之间跑的是IS-IS协议, R3和R4之间的接口以及R6和R7之间的接口不能跑IS-IS协议

IS-IS第一步主要是做R4和R5 以及R5和R6之间的BGP邻接关系(这里指的是IBGP),

第二步,设置一下欺骗路由满足同步条件.

第三步,如果有IBGP,需要考虑做路由反射器,用来解决水平分割的问题.

第四步,如果有next hop不可到达的情况下, 要调整next hop

这4步考虑到了就没问题.

 

 

另外注意: IBGP不需要设置最大跳数, EBGP要设置最大跳数.

 

电信运营商里面用IS-IS或OSPF做IGP,然后上面跑的是BGP, BGP做策略, IGP做负载均衡,

BGP控制流量怎么出去,流量怎么走.在去往其它AS的时候是用BGP选路, 但是在自己AS内部

支撑BGP选路的话是通过IS-IS协议. IS-IS支撑BGP建立会话.R3和R4之间的EBGP靠的是

静态路由做支撑.二级运营商里面可能跑的是OSPF,也可能 是IS-IS.

核心网和一级运营商之间跑得是EBGP, 一级运营商和二级运营商之间也可能跑EBGP, 再往

下面可能会OSPF, 这是以网络规模而定的.

实际环境比实验环境, 设备数量多, 路由表条数多 ,BGP的策略多,BGP策略是基于AS号控制的.

除了以上内容,运营商还使用了MPLS.

 

附录: R1到R9的配置文件

R1:

路由 0.0.0.0 0.0.0.0 20.1.12.2
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

 

R2:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R02
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
IP地址 2.2.2.2 255.255.255.255
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 20.1.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
IP地址 20.1.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65001
router-id 2.2.2.2
log-adjacency-changes
redistribute connected subnets
redistribute static metric 10 subnets
网络 2.2.2.2 0.0.0.0 area 0
网络 20.1.23.0 0.0.0.255 area 0
!
路由 20.1.11.0 255.255.255.0 20.1.12.1
!
!
ip http server
no ip http secure-server
!

!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R3:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R03
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
IP地址 3.3.3.3 255.255.255.255
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 10.1.34.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
IP地址 20.1.23.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65001
router-id 3.3.3.3
log-adjacency-changes
网络 3.3.3.3 0.0.0.0 area 0
网络 20.1.23.0 0.0.0.255 area 0
default-information originate always
!
router bgp 65001
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
网络 20.0.0.0
neighbor 4.4.4.4 remote-as 4808
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
路由 4.4.4.4 255.255.255.255 10.1.34.4
路由 20.0.0.0 255.0.0.0 Null0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R4:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R04
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
interface Loopback0
IP地址 4.4.4.4 255.255.255.255
ip router isis 4808
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 10.1.34.4 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
IP地址 10.1.45.4 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis 4808
网 49.4808.0040.0400.4004.00
is-type level-2-only
!
router bgp 4808
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
网络 10.0.0.0
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 ebgp-multihop 2
neighbor 3.3.3.3 update-source Loopback0
neighbor 5.5.5.5 remote-as 4808
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
!
路由 3.3.3.3 255.255.255.255 10.1.34.3
路由 10.0.0.0 255.0.0.0 Null0
!
!
ip http server
no ip http secure-server
!
!!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R5:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R05
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!

!
!
interface Loopback0
IP地址 5.5.5.5 255.255.255.255
ip router isis 4808
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 10.1.56.5 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/1
IP地址 10.1.45.5 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis 4808
网 49.4808.0050.0500.5005.00
is-type level-2-only
!
router bgp 4808
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 4808
neighbor 4.4.4.4 route-reflector-client
neighbor 6.6.6.6 remote-as 4808
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 route-reflector-client
no auto-summary
!
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R6:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R06
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
IP地址 6.6.6.6 255.255.255.255
ip router isis 4808
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 10.1.56.6 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/1
IP地址 10.1.67.6 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis 4808
网 49.4808.0060.0600.6006.00
is-type level-2-only
!
router bgp 4808
no synchronization
bgp router-id 6.6.6.6
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 4808
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
neighbor 7.7.7.7 remote-as 65002
neighbor 7.7.7.7 ebgp-multihop 2
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
路由 7.7.7.7 255.255.255.255 10.1.67.7
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R7:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R07
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
IP地址 7.7.7.7 255.255.255.255
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 30.1.78.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
IP地址 10.1.67.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65002
router-id 7.7.7.7
log-adjacency-changes
网络 7.7.7.7 0.0.0.0 area 0
网络 30.1.78.0 0.0.0.255 area 0
default-information originate always
!
router bgp 65002
no synchronization
bgp router-id 7.7.7.7
bgp log-neighbor-changes
网络 30.0.0.0
neighbor 6.6.6.6 remote-as 4808
neighbor 6.6.6.6 ebgp-multihop 2
neighbor 6.6.6.6 update-source Loopback0
no auto-summary
!
路由 6.6.6.6 255.255.255.255 10.1.67.6
路由 30.0.0.0 255.0.0.0 Null0
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R8:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R08
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
interface Loopback0
IP地址 8.8.8.8 255.255.255.255
!
接口 FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
IP地址 30.1.78.8 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
IP地址 30.1.89.8 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65002
router-id 8.8.8.8
log-adjacency-changes
redistribute connected subnets
redistribute static metric 10 subnets
网络 8.8.8.8 0.0.0.0 area 0
网络 30.1.78.0 0.0.0.255 area 0
!
路由 30.1.99.0 255.255.255.0 30.1.89.9
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

 

R9:

!
版 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R09
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
接口 FastEthernet0/0
IP地址 30.1.99.9 255.255.255.0
duplex auto
speed auto
!
接口 FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
IP地址 30.1.89.9 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
路由 0.0.0.0 0.0.0.0 30.1.89.8
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
结束

发表评论