多自治系统BGP网络
BGP网络拓扑图如下:
网络拓扑说明:
R2和R3之间跑OSPF, AS号 65001
R4,R5,R6之间跑IS-IS,BGP, AS号 4808
R7和R8之间跑OSPF,AS号 65002
左边的65001和中间的ISIS使用EBGP连接
右边的65002和中间的ISIS使用EBGP连接
要求: 从R1能ping通R9
配置工具: SecureCRT
连接方式: SecureCRT通过telnet方式连接这9台路由器
各路由器主机名,访问方式,地址规划:
| 设备名 | 主机名 | Telnet连接方式 | loopabck 0 | s1/0 | s1/1 | f0/0 |
| R1 | Rack01R01 | 127.0.0.1:2000 | NA | 20.1.12.1/24 | NA | 20.1.11.1/24 |
| R2 | Rack01R02 | 127.0.0.1:2001 | 2.2.2.2/32 | 20.1.12.2/24 | 20.1.23.2/24 | NA |
| R3 | Rack01R03 | 127.0.0.1:2002 | 3.3.3.3/32 | 10.1.34.3/24 | 20.1.23.3/24 | NA |
| R4 | Rack01R04 | 127.0.0.1:2003 | 4.4.4.4/32 | 10.1.34.4/24 | 10.1.45.4/24 | NA |
| R5 | Rack01R05 | 127.0.0.1:2004 | 5.5.5.5/32 | 10.1.56.5/24 | 10.1.45.5/24 | NA |
| R6 | Rack01R06 | 127.0.0.1:2005 | 6.6.6.6/32 | 10.1.56.6/24 | 10.1.67.6/24 | NA |
| R7 | Rack01R07 | 127.0.0.1:2006 | 7.7.7.7/32 | 30.1.78.7/24 | 10.1.67.7/24 | NA |
| R8 | Rack01R08 | 127.0.0.1:2007 | 8.8.8.8/32 | 30.1.78.8/24 | 30.1.89.8/24 | NA |
| R9 | Rack01R09 | 127.0.0.1:2008 | NA | NA | 30.1.89.9/24 | 30.1.99.9/24 |
简要说明,及需要注意地方:
进入接口配置地址,第1件事 no shutdown,以免忘记开启。
R1到R2 和R9到R8都使用缺省路由
R2到R1和R8到R9都是用静态路由
R3和R4之间跑EBGP, R3绝不能将EBGP的网络号注入到OSPF
R7和R6之间跑EBGP, R7绝不能将EBGP的网络号注入到OSPF
R2将数据包送往R9使用的是缺省路由,这个缺省路由是R3发给R2的,需要在OSPF中配置。
R8将数据包送往R1使用的是缺省路由,这个缺省路由是R7发给R8的,需要在OSPF中配置。
假设R1到R9的主机名和各接口IP地址已配置完成
执行show ip interfaces brief 检查ip地址有没有配错,端口有没有开启
配置结束,记得存盘。
下面正式开始配置:
R1配置缺省路由
Rack01R01(config)#ip route 0.0.0.0 0.0.0.0 20.1.12.2
Rack01R01(config)#end
Rack01R01(config)#wr
R2配置到R1的静态路由
Rack01R02(config)#ip route 20.1.11.0 255.255.255.0 20.1.12.1
Rack01R02(config)#wr
配置R2和R3之间的OSPF
R2:
Rack01R02(config)#router ospf 65001
Rack01R02(config-router)#router-id 2.2.2.2
Rack01R02(config-router)#network 2.2.2.2 0.0.0.0 area 0
Rack01R02(config-router)#network 20.1.23.0 0.0.0.255 area 0
需要注意的是R2的s1/0口网络一定不能宣告在OSPF中
R3:
Rack01R03(config)#router ospf 65001
Rack01R02(config-router)#router-id 3.3.3.3
Rack01R02(config-router)#network 3.3.3.3.3 0.0.0.0 area 0
Rack01R02(config-router)#network 20.1.23.0 0.0.0.255 area 0
这样R2和R3之间的OSPF就起来了,可以用show ip route分别查看验证.
这时,从R1 pingR3的3.3.3.3是不通的.
原因是这样的, R1 pingR3的3.3.3.3,因为缺省路由缘故,会将数据包发送到R2,而R2和R3之间起的是OSPF,
因此很容易将数据包发送给R3,R3回应数据包,目的网段是20.1.12.0和20.1.11.0 但是R3的路由表中并不
包括20.1.12.0和20.1.11.0 , 因为20.1.12.0和20.1.11.0 不能用OSPF宣告.这时只需要将20.1.12.0这个
静态网络注入到OSPF中,那么R3就会学习到.R1才能顺利ping通3.3.3.3
操作如下:
R2
Rack01R02(config)#router ospf 65001
Rack01R02(config-router)#redistribute static subnets metric 10 //将R2的静态路由注入到OSPF中
Rack01R02(config-router)#redistribute connected subnets //将R2的直连网络注入到OSPF中
R3和R4之间跑EBGP
EBGP传输信息时基于TCP 179端口,在这么多协议中EBGP是唯一基于TCP协议的,而且需要手动建立邻居关系.
一般来讲,建立EBGP之前都需要静态路由来做支撑.
现在需要在R3和R4之间创建静态路由.
R3
Rack01R03(config)#ip route 4.4.4.4 255.255.255.255 10.1.34.4
R4
Rack01R04(config)#ip route 3.3.3.3 255.255.255.255 10.1.34.3
用do ping 3.3.3.3 soruce 4.4.4.4和do ping 4.4.4.4 soruce 3.3.3.3发现都是通的,
说明静态路由配置成功. 邻接关系建立成功, 只有邻接关系建立好才能做EBGP.
R3上起BGP
Rack01R03(config)#router bgp 65001
Rack01R03(config-router)#bgp router-id 3.3.3.3
Rack01R03(config-router)#neighbor 4.4.4.4 remote-as 4808
Rack01R03(config-router)#neighbor 4.4.4.4 update-source loopback 0
Rack01R03(config-router)#neighbor 4.4.4.4 ebgp-multihop 2
R4上起BGP
Rack01R03(config)#router bgp 4808
Rack01R03(config-router)#bgp router-id 4.4.4.4
Rack01R03(config-router)#neighbor 3.3.3.3 remote-as 65001
Rack01R03(config-router)#neighbor 3.3.3.3 update-source loopback 0
Rack01R03(config-router)#neighbor 3.3.3.3 ebgp-multihop 2
R3和R4之间的BGP建立后,在特权模式下执行 show ip interface brief 查看BGP情况,如下:
Rack01R03#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 65001
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 4808 3 3 1 0 0 00:00:55 0
Rack01R04#show ip bgp summary
BGP router identifier 4.4.4.4, local AS number 4808
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 65001 3 3 1 0 0 00:00:40 0
R3和R4之间,千万不要把OSPF注入到BGP, 更不要把BGP注入到OSPF
只需要在R3的BGP下面宣告网络号即可
接上面的BGP:
Rack01R03(config)#router bgp 65001
Rack01R03(config-router)#network 20.0.0.0 mask 255.0.0.0
R4特权模式执行show ip bgp,
Rack01R04#show ip bgp
Rack01R04#
没有发现R3发布的网络号20.0.0.0
BGP没有发现网络,应该从下面4个方面考虑
1.邻接关系是否正常[已测试,邻接关系是正常的]
2.同步是否完成 [在这里,没有完成同步,因为R3宣告的20.0.0.0 255.255.255网络在IGP中不存在,也就是
show ip route后没有20.0.0.0/8这个网段,因此20.0.0.0/8没有发布出去],
BGP说自己有20.0.0.0/8网段,但是IGP中没有20.0.0.0/8网段. 这就是不同步的概念
网络号不同步需要路由欺骗来解决.
上面1和2说的是EBGP没有发现网络检查方法, 对于IBGP除了以上还包括3和4两点.
3.存在水平分割[IBGP的特点],需要配置路由反射器.
4.如果next hop有不能到达的情况,需要调整next hop.
接上面
Rack01R03(config)#router bgp 65001
Rack01R03(config-router)#ip route 20.0.0.0 255.0.0.0 null 0
Rack01R03(config)#
这时R4上再次执行show ip bg ,如下:
Rack01R04#show ip bgp
BGP table version is 2, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 20.0.0.0 3.3.3.3 0 0 65001 i
可以发现20.0.0.0网段,next hop是3.3.3.3 ,R3欺骗成功,这样就满足了同步的条件
R3上执行一次show ip route如下黑色字体所示:
Rack01R03#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 20.1.23.2, 00:34:47, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
S 4.4.4.4 [1/0] via 10.1.34.4
20.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 20.1.23.0/24 is directly connected, Serial1/1
S 20.0.0.0/8 is directly connected, Null0
O E2 20.1.12.0/24 [110/20] via 20.1.23.2, 00:34:35, Serial1/1
O E2 20.1.11.0/24 [110/10] via 20.1.23.2, 00:34:47, Serial1/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.34.0 is directly connected, Serial1/0
发现一条路由是 S 20.0.0.0/8 is directory connected Null0
因此同步条件也满足了。
R4也要向EBGP发布10.0.0.0/8网段,这时也要做一下路由欺骗
Rack01R04#conf t
Rack01R04(config)#router bgp 4808
Rack01R04(config-router)#network 10.0.0.0 mask 255.0.0.0
Rack01R04(config-router)#ip route 10.0.0.0 255.0.0.0 null 0
然后R3上执行show ip bgp 可以看到10网段了,如下:
Rack01R03#show ip bgp
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 4.4.4.4 0 0 4808 i
*> 20.0.0.0 0.0.0.0 0 32768 i
现在配置R4,R5,R6的IS-IS协议。
R4
Rack01R04(config)#router isis 4808
Rack01R04(config-router)#net 49.4808.0040.0400.4004.00
Rack01R04(config-router)#is-type level-2-only
Rack01R04(config-router)#in l0
Rack01R04(config-if)#ip router isis 4808
Rack01R04(config-if)#in s1/1
Rack01R04(config-if)#ip router isis 4808
注意R4的S1/0不启用ISIS,这是另外一个运营商的.
R5
Rack01R05(config)#router isis 4808
Rack01R05(config-router)#net 49.4808.0050.0500.5005.00
Rack01R05(config-router)#is-type level-2-only
Rack01R05(config-router)#in lo 0
Rack01R05(config-if)#ip router isis 4808
Rack01R05(config-if)#in s1/0
Rack01R05(config-if)#ip router isis 4808
Rack01R05(config-if)#in s1/1
Rack01R05(config-if)#ip router isis 4808
R6
Rack01R06(config)#router isis 4808
Rack01R06(config-router)#net 49.4808.0060.0600.6006.00
Rack01R06(config-router)#is-type level-2-only
Rack01R06(config-router)#in lo 0
Rack01R06(config-if)#ip router isis 4808
Rack01R06(config-if)#in s1/0
Rack01R06(config-if)#ip router isis 4808
注意R6的S1/1不启用ISIS,这是另外一个运营商的.
这样的话,R4,R5,R6之间的IS-IS就配置完成了。
在R6上 show ip route 如果能看到R4,R5的is-is发布的网络号,
如果出现下图黑体字部分,就说明IS-IS配置成功。
Rack01R06#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
i L2 4.4.4.4 [115/30] via 10.1.56.5, Serial1/0
5.0.0.0/32 is subnetted, 1 subnets
i L2 5.5.5.5 [115/20] via 10.1.56.5, Serial1/0
6.0.0.0/32 is subnetted, 1 subnets
C 6.6.6.6 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 3 subnets
i L2 10.1.45.0 [115/20] via 10.1.56.5, Serial1/0
C 10.1.56.0 is directly connected, Serial1/0
C 10.1.67.0 is directly connected, Serial1/1
有了前面IS-IS的铺垫, 就可以在R4,R5,R6之间运行BGP协议了。
R4
Rack01R04(config)#router bgp 4808
Rack01R04(config-router)#neighbor 5.5.5.5 remote-as 4808
Rack01R04(config-router)#neighbor 5.5.5.5 update-source loopback 0
R5
Rack01R05(config)#router bgp 4808
Rack01R05(config-router)#neighbor 4.4.4.4 remote-as 4808
Rack01R05(config-router)#neighbor 4.4.4.4 update-source loopback 0
Rack01R05(config-router)#neighbor 6.6.6.6 remote-as 4808
Rack01R05(config-router)#neighbor 6.6.6.6 update-source loopback 0
R6
Rack01R06(config)#router bgp 4808
Rack01R06(config-router)#neighbor 5.5.5.5 remote-as 4808
Rack01R06(config-router)#neighbor 5.5.5.5 update-source loopback 0
R4和R5建立邻接关系,R5和R4,R6建立了邻接关系,R6和R5建立了邻接关系。
这里R4和R6之间不需要建立邻接关系,R4和R6只需要和R5建立即可。
这样R4,R5,R6之间的IS-IS的邻接关系已经建立了。
这里假定R5是核心路由,R4和R6是汇聚路由
在这里R5需要做路由反射器,在实际项目中可能会拿2台或多台作为路由反射器。
主要是用来传输路由表和策略的,但不走数据。
【路由反射器在运营商里面是单独的路由器,不承担任何数据流量,只传输路由表和策略】
R5
show ip bgp能看到20.0.0.0/8网段,next hop 3.3.3.3 ,但3.3.3.3在R5上看不到,也就是无法到达3.3.3.3 如下:
Rack01R05#show ip bgp
BGP table version is 2, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.0 4.4.4.4 0 100 0 i
* i20.0.0.0 3.3.3.3 0 100 0 65001 i
并且R3和R4之间的网路号就没有发布到IS-IS中, R3 的loopback 0也没有发布到IS-IS中
解决办法
R4
Rack01R04(config)#router bgp 4808
Rack01R04(config-router)#neighbor 5.5.5.5 next-hop-self
这样的话, 在R5上再次执行show ip bgp ,看到的20网段的next hop变成了4.4.4.4
Rack01R05#show ip bgp
BGP table version is 3, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.0 4.4.4.4 0 100 0 i
*>i20.0.0.0 4.4.4.4 0 100 0 65001 i
在R5上执行show ip route 可以看到20网段的路线,路由表进行了2次递归查询
要去20.0.0.0网段,先到4.4.4.4, 而要去4.4.4.4,则经过网段10.1.45.4
实际上在R4上去往20网段也经过了2次递归查询,执行show ip route后,路由表有所体现。
Rack01R05#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
i L2 4.4.4.4 [115/20] via 10.1.45.4, Serial1/1
B 20.0.0.0/8 [200/0] via 4.4.4.4, 00:03:47
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
i L2 6.6.6.6 [115/20] via 10.1.56.6, Serial1/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.0.0.0/8 [200/0] via 4.4.4.4, 00:18:04
C 10.1.45.0/24 is directly connected, Serial1/1
C 10.1.56.0/24 is directly connected, Serial1/0
在R6上查看是否能看到20网段?
先不要看路由表(show ip route),先看数据库(show ip bgp),数据库里面没有,路由表中一定没有。
如果数据库中有,则继续看next hop能不能到,如果next hop到不了,那么路由表中也没有。
show ip bgp 看不到10.20网段, 这里邻居关系都建好了。
这里就涉及到水平分割的问题:通过IBGP内部邻居学习到的网络号永远不会送给其他的内部邻居。
那这个问题如何解决呢?
R5
Rack01R05(config)#router bgp 4808
Rack01R05(config-router)#neighbor 4.4.4.4 route-reflector-client
Rack01R05(config-router)#neighbor 6.6.6.6 route-reflector-client
这样
R6上执行 show ip bgp发现20.0.0和10.0.0.0网段,他们的next hop都是4.4.4.4
执行show ip route发现20网段存在,说明可以到达,也是经过了2次路由表查询。
Rack01R06#show ip bgp
BGP table version is 7, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.0 4.4.4.4 0 100 0 i
*>i20.0.0.0 4.4.4.4 0 100 0 65001 i
R6在看一下路由表是否包含20.0.0.0/8网段,如果包含,则可以到达
Rack01R06#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
i L2 4.4.4.4 [115/30] via 10.1.56.5, Serial1/0
B 20.0.0.0/8 [200/0] via 4.4.4.4, 00:04:01
5.0.0.0/32 is subnetted, 1 subnets
i L2 5.5.5.5 [115/20] via 10.1.56.5, Serial1/0
6.0.0.0/32 is subnetted, 1 subnets
C 6.6.6.6 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.0.0.0/8 [200/0] via 4.4.4.4, 00:04:01
i L2 10.1.45.0/24 [115/20] via 10.1.56.5, Serial1/0
C 10.1.56.0/24 is directly connected, Serial1/0
C 10.1.67.0/24 is directly connected, Serial1/1
R6和R7之间跑EBGP,在配置EBGP之前先做静态路由
R6
Rack01R06(config)#ip route 7.7.7.7 255.255.255.255 10.1.67.7
R7
Rack01R07(config)#ip route 6.6.6.6 255.255.255.255 10.1.67.6
R6和R7之间配置EBGP
R6
Rack01R06(config)#router bgp 4808
Rack01R06(config-router)#bgp router-id 6.6.6.6
R5
Rack01R05(config)#router bgp 4808
Rack01R05(config-router)#bgp router-id 5.5.5.5
R6
Rack01R06(config)#router bgp 4808
Rack01R06(config-router)#neighbor 7.7.7.7 remote-as 65002
Rack01R06(config-router)#neighbor 7.7.7.7 update-source loopback 0
Rack01R06(config-router)#neighbor 7.7.7.7 ebgp-multihop 2
R7
Rack01R07(config)#router bgp 65002
Rack01R07(config-router)#bgp router-id 7.7.7.7
Rack01R07(config-router)#neighbor 6.6.6.6 remote-as 4808
Rack01R07(config-router)#neighbor 6.6.6.6 update-source loopback 0
Rack01R07(config-router)#neighbor 6.6.6.6 ebgp-multihop 2
Rack01R07(config-router)#network 30.0.0.0 mask 255.0.0.0 [路由欺骗]
Rack01R07(config)-router#ip route 30.0.0.0 255.0.0.0 null 0 [路由欺骗]
R6
Rack01R06(config-router)#neighbor 5.5.5.5 next-hop-self
Rack01R06(config-router)#wr
然后R7上执行show ip bgp, 发现 10网段和20网段已经有了.
Rack01R07#show ip bgp
BGP table version is 4, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 6.6.6.6 0 4808 i
*> 20.0.0.0 6.6.6.6 0 4808 65001 i
*> 30.0.0.0 0.0.0.0 0 32768 i
R4上执行show ip bgp, 发现 30网段已经有了.
Rack01R04#show ip bgp
BGP table version is 4, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 0.0.0.0 0 32768 i
*> 20.0.0.0 3.3.3.3 0 0 65001 i
*>i30.0.0.0 6.6.6.6 0 100 0 65002 i
现在R7和R8上配置OSPF
R7
Rack01R07(config)#router ospf 65002
Rack01R07(config-router)#router-id 7.7.7.7
Rack01R07(config-router)#network 7.7.7.7 0.0.0.0 area 0
Rack01R07(config-router)#network 30.1.78.0 0.0.0.255 area 0
R8
Rack01R08(config)#router ospf 65002
Rack01R08(config-router)#router-id 8.8.8.8
Rack01R08(config-router)#network 8.8.8.8 0.0.0.0 area 0
Rack01R08(config-router)#network 30.1.78.0 0.0.0.255 area 0
Rack01R08(config-router)#exit
Rack01R08(config)#ip route 30.1.99.0 255.255.255.0 30.1.89.9
R9
Rack01R09(config)#ip route 0.0.0.0 0.0.0.0 30.1.89.8
R8别忘了配置路由重分布
Rack01R08(config)#router ospf 65002
Rack01R08(config-router)#redistribute connected subnets
Rack01R08(config-router)#redistribute static subnets metric 10
现在从R1 ping R9通不通?
ping 30.1.99.9 source 20.1.11.1
最终是不通的.
因为在R3上能看到30网段,这是BGP传递过来的,但是R2上show ip route是看不到的.
R3千万不能把BGP注入到OSPF,所以R3应该有如下操作:
R3
Rack01R03(config)#router ospf 65001
Rack01R03(config-router)#default-information originate always
然后R2上show ip route发现了去往R3的缺省路由,R3有BGP可以将数据包送往R7
而R7上有30.1.99.0网段,因此可以将数据包送往R8, R8最后将数据包送往R9
R2的路由表信息如下:
Rack01R02#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 20.1.23.3 to network 0.0.0.0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 20.1.23.3, 00:01:11, Serial1/1
20.0.0.0/24 is subnetted, 3 subnets
C 20.1.23.0 is directly connected, Serial1/1
C 20.1.12.0 is directly connected, Serial1/0
S 20.1.11.0 [1/0] via 20.1.12.1
O*E2 0.0.0.0/0 [110/1] via 20.1.23.3, 00:01:11, Serial1/1
R7和R3做同样的设置
Rack01R03(config)#router ospf 65002
Rack01R03(config-router)#default-information originate always
然后R8执行show ip route 发现有去往R7的缺省路由了.
R2的路由表信息如下:
Rack01R08#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 30.1.78.7 to network 0.0.0.0
7.0.0.0/32 is subnetted, 1 subnets
O 7.7.7.7 [110/65] via 30.1.78.7, 00:00:03, Serial1/0
8.0.0.0/32 is subnetted, 1 subnets
C 8.8.8.8 is directly connected, Loopback0
30.0.0.0/24 is subnetted, 3 subnets
C 30.1.89.0 is directly connected, Serial1/1
C 30.1.78.0 is directly connected, Serial1/0
S 30.1.99.0 [1/0] via 30.1.89.9
O*E2 0.0.0.0/0 [110/1] via 30.1.78.7, 00:00:03, Serial1/0
R1上再次ping 30.1.99.9 source 20.1.11.1发现是通的,如下:
Rack01R01#ping 30.1.99.9
至此配置完成.
实验小结:
R2需要把静态路由注入到OSPF,发布给R3
R3需要发布缺省路由给R2
R3和R4之间跑的是EBGP,EBGP创建之前一定要建立静态路由, EBGP创建成成需要满足4个条件
[1.邻接关系,2满足同步条件3,设置欺骗路由],就没有其他问题了.
R4,R5,R6之间跑的是IS-IS协议, R3和R4之间的接口以及R6和R7之间的接口不能跑IS-IS协议
IS-IS第一步主要是做R4和R5 以及R5和R6之间的BGP邻接关系(这里指的是IBGP),
第二步,设置一下欺骗路由满足同步条件.
第三步,如果有IBGP,需要考虑做路由反射器,用来解决水平分割的问题.
第四步,如果有next hop不可到达的情况下, 要调整next hop
这4步考虑到了就没问题.
另外注意: IBGP不需要设置最大跳数, EBGP要设置最大跳数.
电信运营商里面用IS-IS或OSPF做IGP,然后上面跑的是BGP, BGP做策略, IGP做负载均衡,
BGP控制流量怎么出去,流量怎么走.在去往其它AS的时候是用BGP选路, 但是在自己AS内部
支撑BGP选路的话是通过IS-IS协议. IS-IS支撑BGP建立会话.R3和R4之间的EBGP靠的是
静态路由做支撑.二级运营商里面可能跑的是OSPF,也可能 是IS-IS.
核心网和一级运营商之间跑得是EBGP, 一级运营商和二级运营商之间也可能跑EBGP, 再往
下面可能会OSPF, 这是以网络规模而定的.
实际环境比实验环境, 设备数量多, 路由表条数多 ,BGP的策略多,BGP策略是基于AS号控制的.
除了以上内容,运营商还使用了MPLS.
附录: R1到R9的配置文件
R1:
ip route 0.0.0.0 0.0.0.0 20.1.12.2
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R2:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R02
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 20.1.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 20.1.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65001
router-id 2.2.2.2
log-adjacency-changes
redistribute connected subnets
redistribute static metric 10 subnets
network 2.2.2.2 0.0.0.0 area 0
network 20.1.23.0 0.0.0.255 area 0
!
ip route 20.1.11.0 255.255.255.0 20.1.12.1
!
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R3:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R03
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.34.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 20.1.23.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65001
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 20.1.23.0 0.0.0.255 area 0
default-information originate always
!
router bgp 65001
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 20.0.0.0
neighbor 4.4.4.4 remote-as 4808
neighbor 4.4.4.4 ebgp-multihop 2
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
ip route 4.4.4.4 255.255.255.255 10.1.34.4
ip route 20.0.0.0 255.0.0.0 Null0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R4:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R04
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip router isis 4808
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.34.4 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.45.4 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis 4808
net 49.4808.0040.0400.4004.00
is-type level-2-only
!
router bgp 4808
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 10.0.0.0
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 ebgp-multihop 2
neighbor 3.3.3.3 update-source Loopback0
neighbor 5.5.5.5 remote-as 4808
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
no auto-summary
!
ip route 3.3.3.3 255.255.255.255 10.1.34.3
ip route 10.0.0.0 255.0.0.0 Null0
!
!
ip http server
no ip http secure-server
!
!!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R5:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R05
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis 4808
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.56.5 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.45.5 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis 4808
net 49.4808.0050.0500.5005.00
is-type level-2-only
!
router bgp 4808
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 4808
neighbor 4.4.4.4 route-reflector-client
neighbor 6.6.6.6 remote-as 4808
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 route-reflector-client
no auto-summary
!
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R6:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R06
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ip router isis 4808
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.56.6 255.255.255.0
ip router isis 4808
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.67.6 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis 4808
net 49.4808.0060.0600.6006.00
is-type level-2-only
!
router bgp 4808
no synchronization
bgp router-id 6.6.6.6
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 4808
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
neighbor 7.7.7.7 remote-as 65002
neighbor 7.7.7.7 ebgp-multihop 2
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
ip route 7.7.7.7 255.255.255.255 10.1.67.7
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R7:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R07
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 30.1.78.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.67.7 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65002
router-id 7.7.7.7
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
network 30.1.78.0 0.0.0.255 area 0
default-information originate always
!
router bgp 65002
no synchronization
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 30.0.0.0
neighbor 6.6.6.6 remote-as 4808
neighbor 6.6.6.6 ebgp-multihop 2
neighbor 6.6.6.6 update-source Loopback0
no auto-summary
!
ip route 6.6.6.6 255.255.255.255 10.1.67.6
ip route 30.0.0.0 255.0.0.0 Null0
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R8:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R08
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 30.1.78.8 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 30.1.89.8 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 65002
router-id 8.8.8.8
log-adjacency-changes
redistribute connected subnets
redistribute static metric 10 subnets
network 8.8.8.8 0.0.0.0 area 0
network 30.1.78.0 0.0.0.255 area 0
!
ip route 30.1.99.0 255.255.255.0 30.1.89.9
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R9:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack01R09
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
interface FastEthernet0/0
ip address 30.1.99.9 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 30.1.89.9 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip route 0.0.0.0 0.0.0.0 30.1.89.8
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end