BGP协议详解

image-20210329143617413
BGP/BGP4:Border Gateway Protocol,边界网关协议
主要作用是在AS之间传递路由信息
目前主要版本是有四个:v1,v2,v3,v4
为什么使用BGP
· 大量路由需要承载,IGP只能容纳千条,BGP可以容纳上万条
· 支持vpn
· 策略能力强,可以实现路由决策与数据控制
BGP使用TCP为传输层协议,TCP端口号为179
BGP路由器之间建立TCP连接,这些路由器称为BGP对等体,也叫BGP邻居:EBGP,IBGP
对等体之间交换整个bgp路由表
BGP路由器只发送增量更新或者触发更新(不会周期更新)
具有丰富的路径属性
BGP通告成千上万的路由,可采用TCP滑动窗口的机制,停止并等待确认前,可以发送65576个字节

拓扑

image-20210329143908084

基础配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
R1#sh run | sec int
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
=========================================
R2#sh run | sec int
mmi polling-interval 60
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
interface Ethernet0/1
ip address 192.168.23.2 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/2
ip address 192.168.24.2 255.255.255.0
ip ospf 1 area 0
=========================================
R3#sh run | sec int
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.23.3 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/1
ip address 192.168.35.3 255.255.255.0
ip ospf 1 area 0
=========================================
R4#sh run | sec int
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.24.4 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/1
ip address 192.168.45.4 255.255.255.0
ip ospf 1 area 0
=========================================
R5#sh run | sec int
interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.35.5 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/1
ip address 192.168.45.5 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/2
ip address 192.168.56.5 255.255.255.0
=========================================
R6#sh run | sec int
interface Loopback0
ip address 6.6.6.6 255.255.255.0
interface Ethernet0/0
ip address 192.168.56.6 255.255.255.0

IBGP配置

1
2
3
4
5
6
7
8
9
10
11
12
13
R2#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes # 开启邻居辩护日志显示,默认存在
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self

R5#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self

EBGP配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
R1#sh run | sec bgp
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
ip route 2.2.2.2 255.255.255.255 192.168.12.2
R2#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
ip route 1.1.1.1 255.255.255.255 192.168.12.1
=========================================
R5#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 300
neighbor 6.6.6.6 ebgp-multihop 255
neighbor 6.6.6.6 update-source Loopback0
ip route 6.6.6.6 255.255.255.255 192.168.56.6
R6#sh run | sec bgp
router bgp 300
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
ip route 5.5.5.5 255.255.255.255 192.168.56.5

BGP邻居

运行BGP的路由器叫做BGP Speaker
BGP对等体也叫BGP邻居,建立基于TCP
IBGP
· 邻居和自己处于同一个AS中
· 通过IBGP学习到的路由管理距离为200
· 从IBGP学到的路由不会再传递给其他的IBGP邻居
· 如果开启了BGP 同步,那么没有在IGP学习到的路由,BGP也不会用
· IBGP邻居传递路由默认不会修改下一条地址为发出的那台路由器
EBGP
· 邻居处于不同的AS中
· 通过EBGP学习到的路由管理距离为20
· EBGP邻居为了安全考虑,传递的数据包中TTL值默认为1
· EBGP邻居传递路由默认会修改下一条地址为发出的那台路由器

BGP消息类型

BGP packet

image-20210329143927469

五种报文

image-20210329143945887

BGP有限状态机

image-20210329144042967

BGP维护

硬重置(不推荐使用)

· 断开所有的tcp连接以及邻居的状态
· 会导致断网
· clear ip bgp *

软重置(推荐使用)

· 不拆除并重建TCP、BGP连接,而是仅仅触发更新的操作以便让新的路由策略生效
· 软重置可以针对出站、入站,也可以同时针对出站和入站
· clear ip bgp * soft [in | out]

BGP表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
R2#sh ip bgp summary 
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 10, main routing table version 10
2 network entries using 288 bytes of memory
2 path entries using 168 bytes of memory
2/2 BGP path/bestpath attribute entries using 320 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 824 total bytes of memory
BGP activity 5/3 prefixes, 5/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 24 23 10 0 0 00:07:32 1
5.5.5.5 4 200 274 280 10 0 0 03:59:34 1
R2#
Neighbor:邻居
AS:邻居的AS号
MsgRcvd:收到的消息数
发送的消息数
TblVer:最后一次邻居表版本号
InQ:入站等到被处理的消息数
OutQ:出站等待被处理的消息数
Up/Down:显示的是建立邻居的时间,如果显示为never的化代表邻居没有建立成功
State:当邻居成功建立进入Established状态的时候,这里显示的是路由的数目,否则就是active状态
R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i IGP, e EGP, ? incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 1.1.1.1 0 0 100 i
*>i 6.6.6.0/24 5.5.5.5 0 100 0 300 i
第一栏可能取值
*:可用的路由(不一定是最优)
s:被抑制的路由条目,比如过了路由汇总抑制了明细
d:被惩罚的路由,在惩罚期结束前是不允许通告
h:被惩罚的路由,有历史信息,但可能没有最佳路由
r:路由没有被装进RIB表,例如由于AD等原因导致的
S:标识过期的路由
第二栏可能取值
>:最佳路由
第三栏可能取值
从EBGP邻居获取则为空
从IBGP邻居获取则为i
Network:网段
Next Hop:吓一跳
Metric:度量值
LocPrf:本地优先级,从ebgp邻居学校的没有本地优先级
Weight:权重
Path:路径

水平分割原则

BGP是通过AS_PATH实现放环的,但是AS_PATH仅仅在离开AS后才会被更改,在AS内部IBGP邻居没有防环能力,为了防止环路出现,BGP路由器不会将从IBGP邻居学习过来的路由通告给自己其他IBGP邻居
由于水平分割原则,在AS内部,需要保证全互联

image-20210329144100437

BGP路由黑洞解决

重发步bgp路由进入igp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
在R2和R5上进行重发步特定的路由条目
R2
route-map b-o permit 10
match ip address 1
!
access-list 1 permit 1.1.1.0 0.0.0.255
!
router ospf 1
redistribute bgp 200 subnets route-map b-o
R5
route-map b-o permit 10
match ip address 1
!
access-list 1 permit 6.6.6.0 0.0.0.255
!
router ospf 1
redistribute bgp 200 subnets route-map b-o
===============================================================
在R3 上检查路由表,发现多了两条OE2的路由条目
R3#sh ip route
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/1] via 192.168.23.2, 00:06:41, Ethernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/11] via 192.168.23.2, 00:11:15, Ethernet0/0
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 3.3.3.0/24 is directly connected, Loopback0
L 3.3.3.3/32 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/21] via 192.168.35.5, 00:11:15, Ethernet0/1
[110/21] via 192.168.23.2, 00:11:15, Ethernet0/0
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/11] via 192.168.35.5, 00:11:15, Ethernet0/1
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/1] via 192.168.35.5, 00:05:36, Ethernet0/1
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, Ethernet0/0
L 192.168.23.3/32 is directly connected, Ethernet0/0
O 192.168.24.0/24 [110/20] via 192.168.23.2, 00:11:15, Ethernet0/0
192.168.35.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.35.0/24 is directly connected, Ethernet0/1
L 192.168.35.3/32 is directly connected, Ethernet0/1
O 192.168.45.0/24 [110/20] via 192.168.35.5, 00:11:15, Ethernet0/1
===============================================================
在R1上ping6.6.6.6检查连通性
R1#ping 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#

全互联

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
以R3的配置为例,AS200里每一台路由器(R2/R4/R5)都需要和其他路由器建立邻居
R3#show run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor eagle peer-group
neighbor eagle remote-as 200
neighbor eagle update-source Loopback0
neighbor eagle next-hop-self
neighbor 2.2.2.2 peer-group eagle
neighbor 4.4.4.4 peer-group eagle
neighbor 5.5.5.5 peer-group eagle
在R3上检查路由表,发现成功学习6.6.6.0的路由条目,解决了路由黑洞
R3#sh ip route bgp
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:18
6.0.0.0/24 is subnetted, 1 subnets
B 6.6.6.0 [200/0] via 5.5.5.5, 00:01:58
在R1上ping6.6.6.6检查连通性
R1#ping 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

路由反射器

指定一台路由器为路由反射器
其他所有路由器和路由反射器建立IBGP邻居
当其他路由器有路由更新时会将更细腻的路由发给路由反射器,路由反射器会将消息全部告诉给其他IBGP邻居

image-20210329144114456

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
选举R3作为路由反射器,R2/R4/R5都和R3建立IBGP理距
R2#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes # 开启邻居变化时日志显示,默认存在
neighbor 3.3.3.3 remote-as 200 # 指定邻居AS号
neighbor 3.3.3.3 update-source Loopback0 # 指定以环回接口进行建立邻居
neighbor 3.3.3.3 next-hop-self # 指定跟新条目时下一条为自己
===============================================================
R3#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor eagle peer-group
neighbor eagle remote-as 200
neighbor eagle update-source Loopback0
neighbor eagle route-reflector-client
neighbor eagle next-hop-self
neighbor 2.2.2.2 peer-group eagle
neighbor 4.4.4.4 peer-group eagle
neighbor 5.5.5.5 peer-group eagle
===============================================================
R4#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 200
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
===============================================================
R5#sh run | sec bgp
router bgp 200
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 200
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self

BGP常见属性

公认属性(Well-Known)

· 公认强制属性Well-Known mandatory
· 公认自由决定属性Well-Known discretionary

可选属性(Optional)

· 可选传递的Optional transitive
· 可选非传递的Optional non-transitive

image-20210329144130454

拓扑

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
基础配置
R1#sh run | sec int
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
interface Ethernet0/1
ip address 192.168.13.1 255.255.255.0
R2#sh run | sec int
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
interface Ethernet0/1
ip address 192.168.24.2 255.255.255.0
R3#sh run | sec int
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface Ethernet0/0
ip address 192.168.13.3 255.255.255.0
interface Ethernet0/1
ip address 192.168.35.3 255.255.255.0
R4#sh run | sec int
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.34.4 255.255.255.0
interface Ethernet0/1
ip address 192.168.45.4 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/2
ip address 192.168.46.4 255.255.255.0
ip ospf 1 area 0
R5#show running-config | section int
interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.35.5 255.255.255.0
interface Ethernet0/1
ip address 192.168.45.5 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/2
ip address 192.168.56.5 255.255.255.0
ip ospf 1 area 0
R6#sh run | sec int
interface Loopback0
ip address 6.6.6.6 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/0
ip address 192.168.46.6 255.255.255.0
ip ospf 1 area 0
interface Ethernet0/1
ip address 192.168.56.6 255.255.255.0
ip ospf 1 area 0
===============================================================
配置BGP
R1#sh run | sec route
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 300
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 3.3.3.3 update-source Loopback0
ip route 2.2.2.2 255.255.255.255 192.168.12.2
ip route 3.3.3.3 255.255.255.255 192.168.13.3
R2#sh run | sec route
router bgp 200
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 ebgp-multihop 255
neighbor 4.4.4.4 update-source Loopback0
ip route 1.1.1.1 255.255.255.255 192.168.12.1
ip route 4.4.4.4 255.255.255.255 192.168.24.4
R3#sh run | sec route
router bgp 300
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 5.5.5.5 remote-as 400
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
ip route 1.1.1.1 255.255.255.255 192.168.13.1
ip route 5.5.5.5 255.255.255.255 192.168.35.5
R4#sh run | sec route
router ospf 1
router bgp 400
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 6.6.6.6 remote-as 400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
ip route 2.2.2.2 255.255.255.255 192.168.24.2
R5#sh run | sec route
router ospf 1
router bgp 400
bgp log-neighbor-changes
network 5.5.5.0
neighbor 3.3.3.3 remote-as 300
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 3.3.3.3 update-source Loopback0
neighbor 6.6.6.6 remote-as 400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
ip route 3.3.3.3 255.255.255.255 192.168.35.3
router bgp 400
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 4.4.4.4 remote-as 400
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 next-hop-self
neighbor 5.5.5.5 remote-as 400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 next-hop-self
===============================================================
在本地修改weight值
R6#sh run
access-list 1 permit 1.1.1.0
router bgp 400
neighbor 5.5.5.5 weight 10 # 这种方式会影响到所有来自邻居5.5.5.5的路由条目的权重
router bgp 400
route-map R6 permit 10
match ip address 1
set weight 100 # 这种方式可以针对具体的路由条目设置权重

权重(weight)

在路由器本地配置,只提供本地路由策略,不会传播给任何bgp邻居
范围:0-65535,越大越优先
路由器本地事发的路径默认权重为32768,从其他bgp邻居学习到的为0

本地优先级(local preference)

公认自由决定属性
告诉AS中的路由器,哪条路径是离开AS的首选路径
LP越高优先级越高
只发送给IBGP邻居,不传递给EBGP邻居
默认本地优先级为100

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
将上面的实验还原
可以看到R6去往1.1.1.0/24可以有两个路线,现在选择的是4.4.4.4。可以在R5上修改本地优先级,再更新给R6
R6#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* i 1.1.1.0/24 5.5.5.5 0 100 0 300 100 i
*>i 4.4.4.4 0 100 0 200 100 i
*>i 2.2.2.0/24 4.4.4.4 0 100 0 200 i
*>i 3.3.3.0/24 5.5.5.5 0 100 0 300 i
*>i 4.4.4.0/24 4.4.4.4 0 100 0 i
*>i 5.5.5.0/24 5.5.5.5 0 100 0 i
*> 6.6.6.0/24 0.0.0.0 0 32768 i
R5(config)#router bgp 450
R5(config-router)#bgp default local-preference 500
R5(config-router)#do clea ip bgp * so out
R6#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 5.5.5.5 0 500 0 300 100 i
*>i 2.2.2.0/24 4.4.4.4 0 100 0 200 i
*>i 3.3.3.0/24 5.5.5.5 0 500 0 300 i
*>i 4.4.4.0/24 4.4.4.4 0 100 0 i
*>i 5.5.5.0/24 5.5.5.5 0 500 0 i
*> 6.6.6.0/24 0.0.0.0 0 32768 i
如果只想针对某条具体的路由可以使用route-map修改优先级
R5(config)#access-list 1 permit 1.1.1.0
R5(config)#route-map R6 per
R5(config-route-map)#mat ip add 1
R5(config-route-map)#set local-preference 110
R5(config-route-map)#exit
R5(config)#route-map R6 per 20
R5(config-route-map)#router bgp 450
R5(config-router)#nei 6.6.6.6 route-map R6 out
R5(config-router)#do clea ip bgp * so out
R6#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 5.5.5.5 0 110 0 300 100 i
*>i 2.2.2.0/24 4.4.4.4 0 100 0 200 i
*>i 3.3.3.0/24 5.5.5.5 0 100 0 300 i
*>i 4.4.4.0/24 4.4.4.4 0 100 0 i
*>i 5.5.5.0/24 5.5.5.5 0 100 0 i
*> 6.6.6.0/24 0.0.0.0 0 32768 i

AS_PATH

公认强制属性
是前往目标网络的路由经过的自治系统号列表,通告给该路由的资质系统号位于列表末尾
作用:确保无环,通告给EBGP邻居时会加上自己的AS号,通告给IBGP邻居时不修改AS号
只有在AS之间传递的时候AS_PATH才会发生变化,当收到一个路由条目它的AS中包括了自己,说明这个路由条目是从自己出去的,为了避免环路则不学习此路由
有序AS_PATH

· 正常的AS_PATH都是按照顺序进行排列的,称为有序的

无序AS_PATH

· 如果将多个AS的路由条目进行汇总,这个汇总的路由鞋底啊的AS_PATH可能就是无序的
· 450 {300 100} i

联邦内有序AS_PATH
联邦内无序AS_PATH

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
首选在R2上查看1.1.1.0/24的AS_PATH,只有AS100
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 1.1.1.1 0 0 100 i
在R1上配置1.1.1.0离开AS100的route-map追加450,这样R6则不会学习到R1
R1(config)#access-list 1 permit 1.1.1.0
R1(config)#route-map AS100out per
R1(config-route-map)#ma ip add 1
R1(config-route-map)#set as-path prepend 450
R1(config-route-map)#exit
R1(config)#route-map AS100out per 20
R1(config-route-map)#router bgp 100
R1(config-router)#nei 2.2.2.2 route-map AS100out out
R1(config-router)#nei 3.3.3.3 route-map AS100out out
R1(config-router)#do clea ip bgp * so out
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 1.1.1.1 0 0 100 450 i
R6#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 2.2.2.0/24 4.4.4.4 0 100 0 200 i
*>i 3.3.3.0/24 5.5.5.5 0 100 0 300 i
*>i 4.4.4.0/24 4.4.4.4 0 100 0 i
*>i 5.5.5.0/24 5.5.5.5 0 100 0 i
*> 6.6.6.0/24 0.0.0.0 0 32768 i
通过修改AS_PATH的长度,在R2上追加200 200 200 AS_PATH可以影响路线选择
R6#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 4.4.4.4 0 100 0 200 100 i
* i 5.5.5.5 0 100 0 300 100 i
R2(config)#access-list 1 permit 1.1.1.0
R2(config)#route-map R4out per
R2(config-route-map)#ma ip add 1
R2(config-route-map)#set as pre 200 200 200
R2(config-route-map)#route-map R4out per 20
R2(config-route-map)#router bgp 200
R2(config-router)#nei 4.4.4.4 route-map R4out out
R2(config-router)#do clea ip bgp * so out
R4#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 5.5.5.5 0 100 0 300 100 i
* 2.2.2.2 0 200 200 200 200 100 i

ORIGIN

公认强制属性
标识路由的起源

· i:起源于IGP,代表的是内部网关协议
· e:EGP,但是这个协议已经不使用了
· ?:incomplete,从其他渠道学到到的,路由来源不完全,可以理解为不知道该路由的真正来源,通常重发步进bgp的路由会产生此标记
· 路由优先顺序:lowest origin code (IGP > EGP > Incomplete)

1
2
3
4
5
6
7
8
9
10
11
12
13
可以通过修改origin来影响路由的选择
R2(config)#access-list 1 per 1.1.1.0
R2(config)#route-map R4out per
R2(config-route-map)#mat ip ad 1
R2(config-route-map)#set origin incomplete
R2(config-route-map)#route-map R4out per 20
R2(config-route-map)#router bgp 200
R2(config-router)#nei 4.4.4.4 route-map R4out out
R2(config-router)#do clea ip bgp * so out
R4#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 5.5.5.5 0 100 0 300 100 i
* 2.2.2.2 0 200 100 ?

MED

可选非传递属性
是一种度量值,用于外部邻居选出进入AS的首选路径
当有多个入口时,自治系统可以使用MED来动态影响其他AS如果选择进入路径
越小越优
MED是在AS之间交换,MED发送给EBGP对等体,这些路由器在AS内传播MED,不传递给下一个AS

image-20210329144300419

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
在R1上修改med值并通告给2.2.2.2,在R2上查看度量值是否被成功修改(本拓扑不适合展示MED的效果,要
知道MED是告诉外部如何选择最有路径进入AS)
R1(config)#access-list 1 permit 1.1.1.0
R1(config)#route-map R2out per
R1(config-route-map)#ma ip add 1
R1(config-route-map)#set met
R1(config-route-map)#set metric 100
R1(config-route-map)#route-map R2oute per 20
R1(config-route-map)#router bgp 100
R1(config-router)#nei 2.2.2.2 route-map R2out out
R1(config-router)#do clea ip bgp * so
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 1.1.1.1 100 0 100 i
BGP在重发步IGP条目的时候,会将IGP条目的度量值用作MED
R4(config)#access-list 1 permit 192.168.56.0
R4(config)#route-map o-b per
R4(config-route-map)#ma ip ad 1
R4(config-route-map)#router bgp 450
R4(config-router)#redistribute ospf 1 route-map o-b
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 192.168.56.0 4.4.4.4 20 0 450 ?

Next-Hop

公认必遵属性
EBGP邻居之间传递的时候默认会 修改一下条为通告方
IBGP邻居之间传递的时候,默认的下一条是不会修改的
IBGP邻居之间建议使用next-hop-self,否则可能会导致ebgp路由不可达
不同的AS之间是用多路访问网络(MA)相连情况下,可以使用next-hop-unchange做到类似重定向的功能

image-20210329144319781

Community

团体属性
可选传递属性
一种标记,用于监护路由策略的执行
可以将某些路由分配一个特定的community属性,之后可以基于community值进行路由设置
格式

· rfc格式:100:1
· cisco格式:十进制数字

image-20210329144341824

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
针对R1的1.1.1.0/24和10.10.10.0/24打上不同的标记
R1(config)#access-list 1 per 1.1.1.0
R1(config)#access-list 2 per 10.10.10.0
R1(config)#route-map R2R3out per
R1(config-route-map)#ma ip ad 1
R1(config-route-map)#set community 100:1
R1(config-route-map)#route-map R2R3out per 20
R1(config-route-map)#ma ip ad 2
R1(config-route-map)#set community 100:2
R1(config-route-map)#route-map R2R3oute per 30
R1(config-route-map)#router bgp 100
R1(config-router)#nei 2.2.2.2 route-map R2R3out out
R1(config-router)#nei 3.3.3.3 route-map R2R3out out
R1(config-router)#nei 2.2.2.2 send-community
R1(config-router)#nei 3.3.3.3 send-community
# 别忘了开启团体属性的发送
R3(config)#ip bgp-community new-format
R3(config)#do sh ip bgp 10.10.10.0
BGP routing table entry for 10.10.10.0/24, version 11
Paths: (1 available, best #1, table default)
Advertised to update-groups:
1
Refresh Epoch 1
100
1.1.1.1 from 1.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 100:2
rx pathid: 0, tx pathid: 0x0
在R3上根据community值设置策略
如果想让R5彻底没有办法学习,则需要在R2上做类似的操作
R3(config)#ip community-list 1 permit 100:1
R3(config)#route-map R5out deny
R3(config-route-map)#match community 1
R3(config-route-map)#route-map R5out per 20
R3(config-route-map)#router bgp 300
R3(config-router)#nei 5.5.5.5 route-map R5out out
R3(config-router)#do clea ip bgp * so
R5#sh ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 14
Paths: (1 available, best #1, table default)
Advertised to update-groups:
1
Refresh Epoch 1
200 100
4.4.4.4 (metric 11) from 6.6.6.6 (6.6.6.6)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 4.4.4.4, Cluster list: 6.6.6.6
rx pathid: 0, tx pathid: 0x0
community存在一些默认属性,每一个默认的属性有具体的对应的功能
<1-4294967295> community number
# 正常的团体属性
aa:nn community number in aa:nn format
# 正常的团体属性
internet Internet (well-known community)
# 表示所有的条目,如果想匹配any,可以用这个
local-AS Do not send outside local AS (well-known community)
# 不要让这个条目离开自己这个AS,也就是不会对EBGP邻居更新这个条目
no-advertise Do not advertise to any peer (well-known community)
# 告知下一个AS,不要让这个条目给第三个路由器知道
no-export Do not export to next AS (well-known community)
# 告知下一个AS,不要让这个条目给第三个AS知道
none No community attribute
# 去除所有community标签
local-AS的设置
R6(config)#access-list 1 permit 6.6.6.0
R6(config)#route-map R4R5out per
R6(config-route-map)#ma ip ad 1
R6(config-route-map)#set commu local-AS
R6(config-route-map)#route-map R4R5out per 20
R6(config-route-map)#router bgp 450
R6(config-router)#nei 4.4.4.4 route-map R4R5out out
R6(config-router)#nei 5.5.5.5 route-map R4R5out out
R6(config-router)#nei 4.4.4.4 send-comm
R6(config-router)#nei 5.5.5.5 send-comm
R6(config-router)#do clea ip bgp * so
R4#sh ip bgp 6.6.6.0
BGP routing table entry for 6.6.6.0/24, version 12
Paths: (1 available, best #1, table default, not advertised outside local AS)
Not advertised to any peer
Refresh Epoch 2
Local
6.6.6.6 (metric 11) from 6.6.6.6 (6.6.6.6)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: local-AS
rx pathid: 0, tx pathid: 0x0
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 1.1.1.1 0 0 100 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
* 3.3.3.0/24 4.4.4.4 0 450 300 i
*> 1.1.1.1 0 100 300 i
*> 4.4.4.0/24 4.4.4.4 0 0 450 i
*> 5.5.5.0/24 4.4.4.4 0 450 i
* 1.1.1.1 0 100 300 450 i
no-advertise的设置
R6(config)#route-map R4R5out per 10
R6(config-route-map)#no set commu local-AS
R6(config-route-map)#set commu no-adv
R4#sh ip bgp 6.6.6.0
BGP routing table entry for 6.6.6.0/24, version 13
Paths: (1 available, best #1, table default, not advertised to any peer)
Not advertised to any peer
Refresh Epoch 4
Local
6.6.6.6 (metric 11) from 6.6.6.6 (6.6.6.6)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: no-advertise
rx pathid: 0, tx pathid: 0x0
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 1.1.1.1 0 0 100 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
* 3.3.3.0/24 4.4.4.4 0 450 300 i
*> 1.1.1.1 0 100 300 i
*> 4.4.4.0/24 4.4.4.4 0 0 450 i
*> 5.5.5.0/24 4.4.4.4 0 450 i
* 1.1.1.1 0 100 300 450 i
no-export的设置
R4(config)#access-list 1 per 6.6.6.0
R4(config)#route-map R2 per
R4(config-route-map)#ma ip ad 1
R4(config-route-map)#set commu no-ex
R4(config-route-map)#route-map R2 per 20
R4(config-route-map)#router bgp 450
R4(config-router)#nei 2.2.2.2 route-map R2 out
R4(config-router)#nei 2.2.2.2 send-comm
R4(config-router)#do clea ip bgp * so
R2#sh ip bgp 6.6.6.0
BGP routing table entry for 6.6.6.0/24, version 8
Paths: (2 available, best #2, table default, not advertised to EBGP peer)
Not advertised to any peer
Refresh Epoch 1
100 300 450
1.1.1.1 from 1.1.1.1 (1.1.1.1)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
450
4.4.4.4 from 4.4.4.4 (4.4.4.4)
Origin IGP, localpref 100, valid, external, best
Community: no-export
rx pathid: 0, tx pathid: 0x0
R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 2.2.2.0/24 2.2.2.2 0 0 200 i
*> 3.3.3.0/24 3.3.3.3 0 0 300 i
* 4.4.4.0/24 3.3.3.3 0 300 450 i
*> 2.2.2.2 0 200 450 i
* 5.5.5.0/24 2.2.2.2 0 200 450 i
*> 3.3.3.3 0 300 450 i
*> 6.6.6.0/24 3.3.3.3 0 300 450 i
如果想要删除no-export
R2(config)#ip community-list 1 per no-export
R2(config)#access-list 1 per 6.6.6.0
R2(config)#route-map R4 per
R2(config-route-map)#ma ip add 1
R2(config-route-map)#set comm-list 1 delete
R2(config-route-map)#route-map R4 per 20
R2(config-route-map)#router bgp 200
R2(config-router)#nei 4.4.4.4 route-map R4 in
R2(config-router)#do clea ip bgp * so in
R2#sh ip bgp 6.6.6.0
BGP routing table entry for 6.6.6.0/24, version 9
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1
Refresh Epoch 3
100 300 450
1.1.1.1 from 1.1.1.1 (1.1.1.1)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 3
450
4.4.4.4 from 4.4.4.4 (4.4.4.4)
Origin IGP, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R1#sh ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i IGP, e EGP, ? incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 2.2.2.0/24 2.2.2.2 0 0 200 i
*> 3.3.3.0/24 3.3.3.3 0 0 300 i
* 4.4.4.0/24 3.3.3.3 0 300 450 i
*> 2.2.2.2 0 200 450 i
* 5.5.5.0/24 2.2.2.2 0 200 450 i
*> 3.3.3.3 0 300 450 i
* 6.6.6.0/24 2.2.2.2 0 200 450 i
*> 3.3.3.3 0 300 450 i

路由汇总

当明细和汇总路由全部可以被学习的时候,可以添加summary-omly参数来抑制全部明细
针对某个邻居取消抑制,可以使用unsuppress-map

· R3(config-router)#nei 192.168.13.1 unsuppress-map unsupp

如果想要针对某些路由进行抑制,可以使用suppress-map

· R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 as-set suppress-map supp

如果明细消失,汇总路由也应该跟着消失,可以使用advertise-map

· R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 as-set advertise-map adv

上述后面跟的都是一个route-map(抓取你要针对的路由),具体需要是什么再具体选择哪一个

拓扑

image-20210329144412387

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
在R1上配置172.16.10.1/24、172.16.11.1/24两个环回接口
在R2上配置172.16.20.1/24、172.16.21.1/24两个环回接口
基础配置
===============R1=============
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback10
ip address 172.16.10.1 255.255.255.0
!
interface Loopback11
ip address 172.16.11.1 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.13.1 255.255.255.0
!
router bgp 100
bgp log-neighbor-changes
network 172.16.10.0 mask 255.255.255.0
network 172.16.11.0 mask 255.255.255.0
neighbor 192.168.13.3 remote-as 300
===============R2=============
interface Loopback10
ip address 172.16.20.1 255.255.255.0
!
interface Loopback11
ip address 172.16.21.1 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.23.2 255.255.255.0
!
router bgp 200
bgp log-neighbor-changes
network 172.16.20.0 mask 255.255.255.0
network 172.16.21.0 mask 255.255.255.0
neighbor 192.168.23.3 remote-as 300
===============R3=============
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.13.3 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.23.3 255.255.255.0
!
interface Ethernet0/2
ip address 192.168.34.3 255.255.255.0
!
router bgp 300
bgp log-neighbor-changes
neighbor 192.168.13.1 remote-as 100
neighbor 192.168.23.2 remote-as 200
neighbor 192.168.34.4 remote-as 400
===============R4=============
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.34.4 255.255.255.0
!
router bgp 400
bgp log-neighbor-changes
neighbor 192.168.34.3 remote-as 300
检查在R4上可以学习到明细的BGP路由条目
R4#sh ip route bgp
172.16.0.0/24 is subnetted, 4 subnets
B 172.16.10.0 [20/0] via 192.168.34.3, 00:02:35
B 172.16.11.0 [20/0] via 192.168.34.3, 00:02:35
B 172.16.20.0 [20/0] via 192.168.34.3, 00:02:35
B 172.16.21.0 [20/0] via 192.168.34.3, 00:02:35
在R上进行汇总
R3(config)#router bgp 300
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0
R4#sh ip route bgp
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
B 172.16.0.0/16 [20/0] via 192.168.34.3, 00:00:22
B 172.16.10.0/24 [20/0] via 192.168.34.3, 00:03:38
B 172.16.11.0/24 [20/0] via 192.168.34.3, 00:03:38
B 172.16.20.0/24 [20/0] via 192.168.34.3, 00:03:38
B 172.16.21.0/24 [20/0] via 192.168.34.3, 00:03:38
发下没有抑制明细路由,使用summary-only参数
R3(config)#router bgp 300
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 summary-only
R3(config-router)#do sh ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i IGP, e EGP, ? incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 0.0.0.0 32768 i
s> 172.16.10.0/24 192.168.13.1 0 0 100 i
s> 172.16.11.0/24 192.168.13.1 0 0 100 i
s> 172.16.20.0/24 192.168.23.2 0 0 200 i
s> 172.16.21.0/24 192.168.23.2 0 0 200 i
R4#sh ip route bgp
B 172.16.0.0/16 [20/0] via 192.168.34.3, 00:03:06
R4#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 192.168.34.3 0 0 300 i
2#sh ip route bgp
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
B 172.16.0.0/16 [20/0] via 192.168.23.3, 00:04:47
由于汇总路由会去掉原来的AS-PAT,可能会导致环路风险,所以在汇总的时候加上as-set,
产生无序AS-PATH
R3(config)#router bgp 300
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 summary-only as-set
R4#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 192.168.34.3 0 0 300 {100,200} i
R2#show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 172.16.20.0/24 0.0.0.0 0 32768 i
*> 172.16.21.0/24 0.0.0.0 0 32768 i
针对不同的邻居,使用unsuppress-map来取消抑制
R3(config)#access-list 1 permit 172.16.20.0
R3(config)#access-list 1 permit 172.16.21.0
R3(config)#access-list 2 permit 172.16.10.0
R3(config)#access-list 2 permit 172.16.11.0
R3(config)#route-map unsupp per
R3(config-route-map)#ma ip add 1
R3(config-route-map)#route-map unsup
R3(config-route-map)#route-map unsupp per 20
R3(config-route-map)#ma ip add 2
R3(config-route-map)#exit
R3(config)#route-map unsupp per 30
R3(config-route-map)#router bgp 300
R3(config-router)#nei 192.168.13.1 unsuppress-map unsupp
R3(config-router)#nei 192.168.23.2 unsuppress-map unsupp
R1#sh ip route bgp
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
B 172.16.20.0/24 [20/0] via 192.168.13.3, 00:00:25
B 172.16.21.0/24 [20/0] via 192.168.13.3, 00:00:25
R2#sh ip route bgp
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
B 172.16.10.0/24 [20/0] via 192.168.23.3, 00:00:58
B 172.16.11.0/24 [20/0] via 192.168.23.3, 00:00:58
针对具体的路由条目进行抑制,可以使用suppress-map
R3(config)#access-list 1 per 172.16.11.0
R3(config)#access-list 1 per 172.16.21.0
R3(config)#route-map supp per
R3(config-route-map)#ma ip ad 1
R3(config-route-map)#router bgp 300
R3(config-router)#ag
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 as-set suppress-map supp
R3#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 0.0.0.0 100 32768 {100,200} i
*> 172.16.10.0/24 192.168.13.1 0 0 100 i
s> 172.16.11.0/24 192.168.13.1 0 0 100 i
*> 172.16.20.0/24 192.168.23.2 0 0 200 i
s> 172.16.21.0/24 192.168.23.2 0 0 200 i
如果汇总消失了,明细也要跟着消失,使用advertise-map
R3(config)#access-list 1 per 172.16.11.0
R3(config)#access-list 1 per 172.16.21.0
R3(config)#route-map adv per
R3(config-route-map)#ma ip ad 1
R3(config-route-map)#router bgp 300
R3(config-router)#ag
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 as-set advertise-map adv
这个时候可以模拟关闭掉R1/R2shutdown,观察R4 上的汇总路由是否消失

正则匹配

image-20210329144438886

1
2
3
4
R4(config)#ip as-path access-list 1 deny _200$
R4(config)#ip as-path access-list 1 permit .*
R4(config)#router bgp 400
R4(config-router)#nei 192.168.34.3 filter-list 1 in

过滤路由的手段

image-20210329144451049

汇总路由拆分

R6上的环回接口时172.16.1.1,R7上的环回接口是172.16.2.1
第一步,在R4,R5上进行汇总,有添加summary-only参数—–>R4没有办法学习到172.16.2.0/24,R5没有办法学习到172.16.1.0/24
第二步,R4针对R5做取消抑制,让R5可以学习到172.16.1.0/24;R5针对R4做取消抑制,让R4可以学习到172.16.2.0/24。现在问题是R6没有学习到172.16.2.0/24,R7没有学习到172.16.1.0/24
第三步,R4针对R6做取消抑制,让R6可以学习到172.16.2.0/24;R5针对R7做取消抑制,让R7可以学习到172.16.1.0/24

image-20210329144500614

需求:

1.按照拓扑配置好全网,要求用环回接口建立邻居,R1是AS100的反射器,每个路由器都将lo0宣告进BGP
2.R6上配置172.16.1.0/24环回接口,R7上配置172.16.2.1/24环回接口,并且宣告进BGP
3.在AS200中对172.16开头的地址进行汇总,要求AS100能学到汇总路由
4.在R2和R3上对汇总路由进行拆分,让R1又能学习到明细路由

需求1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
=========R1===========
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.13.1 255.255.255.0
ip ospf 1 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
=========R2===========
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.23.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/2
ip address 192.168.24.2 255.255.255.0
!
router bgp 100
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 ebgp-multihop 255
neighbor 4.4.4.4 update-source Loopback0
!
ip route 4.4.4.0 255.255.255.0 192.168.24.4
=========R3===========
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.13.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.23.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/2
ip address 192.168.35.3 255.255.255.0
!
router bgp 100
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
!
ip route 5.5.5.0 255.255.255.0 192.168.35.5
=========R4===========
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.24.4 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.46.4 255.255.255.0
!
interface Ethernet0/2
ip address 192.168.45.4 255.255.255.0
ip router isis
!
router isis
net 49.0001.0000.0000.0004.00
is-type level-2-only
!
router bgp 200
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 next-hop-self
neighbor 6.6.6.6 remote-as 300
neighbor 6.6.6.6 ebgp-multihop 255
neighbor 6.6.6.6 update-source Loopback0
!
ip route 2.2.2.0 255.255.255.0 192.168.24.2
ip route 6.6.6.0 255.255.255.0 192.168.46.6
=========R5===========
interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.35.5 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.57.5 255.255.255.0
!
interface Ethernet0/2
ip address 192.168.45.5 255.255.255.0
ip router isis
!
router isis
net 49.0001.0000.0000.0005.00
is-type level-2-only
!
router bgp 200
bgp log-neighbor-changes
network 5.5.5.0 mask 255.255.255.0
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 3.3.3.3 update-source Loopback0
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 7.7.7.7 remote-as 400
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
!
ip route 3.3.3.0 255.255.255.0 192.168.35.3
ip route 7.7.7.0 255.255.255.0 192.168.57.7
=========R6===========
interface Loopback0
ip address 6.6.6.6 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.46.6 255.255.255.0
!
router bgp 300
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 ebgp-multihop 255
neighbor 4.4.4.4 update-source Loopback0
!
ip route 4.4.4.0 255.255.255.0 192.168.46.4
=========R7===========
interface Loopback0
ip address 7.7.7.7 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.57.7 255.255.255.0
!
router bgp 400
bgp log-neighbor-changes
network 7.7.7.0 mask 255.255.255.0
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
!
ip route 5.5.5.0 255.255.255.0 192.168.57.5

需求2

1
2
3
4
5
6
7
8
R6(config)#int lo10
R6(config-if)#ip add 172.16.1.1 255.255.255.0
R6(config-if)#router bgp 300
R6(config-router)#net 172.16.1.0 mask 255.255.255.0
R7(config)#int lo10
R7(config-if)#ip add 172.16.2.1 255.255.255.0
R7(config-if)#router bgp 400
R7(config-router)#net 172.16.2.0 mask 255.255.255.0

需求3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
R4
router bgp 200
aggregate-address 172.16.0.0 255.255.0.0 as-set summary-only
R5
router bgp 200
aggregate-address 172.16.0.0 255.255.0.0 as-set summary-only
R4
access-list 1 permit 172.16.1.0
route-map R5out permit 10
match ip address 1
router bgp 200
neighbor 5.5.5.5 unsuppress-map R5out
R5
access-list 1 permit 172.16.2.0
route-map R4out permit 10
match ip address 1
router bgp 200
neighbor 4.4.4.4 unsuppress-map R4out
R4
access-list 2 permit 172.16.2.0
route-map R6out permit 10
match ip address 2
router bgp 200
neighbor 6.6.6.6 unsuppress-map R6out
R5
access-list 2 permit 172.16.1.0
route-map R7out permit 10
match ip address 2
router bgp 200
neighbor 7.7.7.7 unsuppress-map R7out

需求4

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
R2
ip prefix-list huizong seq 5 permit 172.16.0.0/16
ip prefix-list mingxi seq 5 permit 172.16.1.0/24
ip prefix-list xiayitiao seq 5 permit 4.4.4.4/32
route-map RP_huizong permit 10
match ip address prefix-list huizong
match ip route-source xiayitiao
route-map RP_mingxi permit 10
set ip address prefix-list mingxi
set community 100:200 no-export
router bgp 100
bgp inject-map RP_mingxi exist-map RP_huizong copy-attributes
R3
ip prefix-list huizong seq 5 permit 172.16.0.0/16
ip prefix-list mingxi seq 5 permit 172.16.2.0/24
ip prefix-list xiayitiao seq 5 permit 5.5.5.5/32
route-map RP_huizong permit 10
match ip address prefix-list huizong
match ip route-source xiayitiao
route-map RP_mingxi permit 10
set ip address prefix-list mingxi
set community 100:200 no-export
router bgp 100
bgp inject-map RP_mingxi exist-map RP_huizong copy-attributes

BGP选路原则

  1. 最大weight
  2. 最大local preference
  3. 优先起源于本地的路由
  4. 优选AS_PATH最短的路由
  5. ORIGIN
  6. 优选MED最小的路由
  7. 优选EBGP邻居的路由
  8. 优选next_hop最近的路由
  9. BGP负载均衡(默认bgp不开启)
  10. 优选最老的RBGP邻居的路由(根据建立时间判断)
  11. 优选Router-ID最小的BGP邻居的路由
  12. 优选CLUSTER_LIST最短的路由
  13. 选择邻居IP地址最小的路由

BGP非等价负载均衡

image-20210329144517555

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
初始配置
========R1=========
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.123.1 255.255.255.0
ip ospf 1 area 0
!
router bgp 123
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 remote-as 123
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
========R2=========
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.123.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.24.2 255.255.255.0
!
router bgp 123
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 123
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 192.168.24.4 remote-as 400
========R3=========
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.123.3 255.255.255.0
ip ospf 1 area 0
!
interface Serial1/0
ip address 192.168.34.3 255.255.255.0
!
router bgp 123
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 123
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 192.168.34.4 remote-as 400
========R4=========
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.24.4 255.255.255.0
!
interface Serial1/0
ip address 192.168.34.4 255.255.255.0
!
router bgp 400
bgp log-neighbor-changes
network 4.4.4.0 mask 255.255.255.0
neighbor 192.168.24.2 remote-as 123
neighbor 192.168.34.3 remote-as 123
R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
* i 4.4.4.0/24 3.3.3.3 0 100 0 400 i
*>i 2.2.2.2 0 100 0 400 i
R4#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.0/24 192.168.34.3 0 123 i
*> 192.168.24.2 0 123 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
实现EBGP非等价负载均衡,让R4根据邻居接口带宽来分配流量
R4
router bgp 400
bgp dmzlink-bw
neighbor 192.168.24.2 dmzlink-bw
neighbor 192.168.34.3 dmzlink-bw
maximum-paths 2
R4#show ip route bgp
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 192.168.34.3, 00:01:56
[20/0] via 192.168.24.2, 00:01:56
R4#show ip route 1.1.1.0
Routing entry for 1.1.1.0/24
Known via "bgp 400", distance 20, metric 0
Tag 123, type external
Last update from 192.168.24.2 00:02:13 ago
Routing Descriptor Blocks:
* 192.168.34.3, from 192.168.34.3, 00:02:13 ago
Route metric is 0, traffic share count is 37
AS Hops 1
Route tag 123
MPLS label: none
192.168.24.2, from 192.168.24.2, 00:02:13 ago
Route metric is 0, traffic share count is 240
AS Hops 1
Route tag 123
MPLS label: none
实现IBGP等价负载均衡,要让R1知道R2、R3对AS400的带宽,才能作出非等价负载均衡的判断
R2
router bgp 123
bgp dmzlink-bw
neighbor 1.1.1.1 send-community extended
neighbor 192.168.24.4 dmzlink-bw
R3
router bgp 123
bgp dmzlink-bw
neighbor 1.1.1.1 send-community extended
neighbor 192.168.34.4 dmzlink-bw
R1
router bgp 123
bgp dmzlink-bw
maximum-paths ibgp 2
R1#show ip route bgp
4.0.0.0/24 is subnetted, 1 subnets
B 4.4.4.0 [200/0] via 3.3.3.3, 00:00:10
[200/0] via 2.2.2.2, 00:00:10
R1#show ip route 4.4.4.0
Routing entry for 4.4.4.0/24
Known via "bgp 123", distance 200, metric 0
Tag 400, type internal
Last update from 2.2.2.2 00:00:27 ago
Routing Descriptor Blocks:
* 3.3.3.3, from 3.3.3.3, 00:00:27 ago
Route metric is 0, traffic share count is 37
AS Hops 1
Route tag 400
MPLS label: none
2.2.2.2, from 2.2.2.2, 00:00:27 ago
Route metric is 0, traffic share count is 240
AS Hops 1
Route tag 400
MPLS label: none

BGP联邦

image-20210329144533925

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
基础配置
=======R1========
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.13.1 255.255.255.0
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 192.168.13.3 remote-as 345
=======R2========
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.25.2 255.255.255.0
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
neighbor 192.168.25.5 remote-as 345
=======R3========
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.13.3 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.34.3 255.255.255.0
ip ospf 1 area 0
!
router bgp 64512
bgp log-neighbor-changes
bgp confederation identifier 345
neighbor 4.4.4.4 remote-as 64512
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 next-hop-self
neighbor 192.168.13.1 remote-as 100
=======R4========
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.34.4 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.45.4 255.255.255.0
!
router bgp 64512
bgp log-neighbor-changes
bgp confederation identifier 345
bgp confederation peers 64513
neighbor 3.3.3.3 remote-as 64512
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 192.168.45.5 remote-as 64513
neighbor 192.168.45.5 next-hop-self
=======R5========
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.45.5 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.25.5 255.255.255.0
!
router bgp 64513
bgp log-neighbor-changes
bgp confederation identifier 345
bgp confederation peers 64512
neighbor 192.168.25.2 remote-as 200
neighbor 192.168.45.4 remote-as 64512
neighbor 192.168.45.4 next-hop-self
在联邦内部的AS_PATH会用括号显示为内部的AS,当离开联邦的时候括号会被替换成真正对外的AS号

R5#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.0/24 3.3.3.3 0 100 0 (64512) 100 i
*> 2.2.2.0/24 192.168.25.2 0 0 200 i
R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 192.168.25.5 0 345 100 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i

综合小实验

image-20210329144554104

1、按照如图所示配置好接口的IP地址,在每台路由器上配置loopback0接口,地址为x.x.x.x(x为路由器编号)。所有的PC和Server的IP地址,都要通过8.8.8.8来DHCP获得。

2、路由器R1、R2、R3配置ospf保障loopback0可达性。路由器R4、R5、R6配置ospf保障loopback0可达性。

3、路由器R7、R8、R9、R10配置IS-IS区域为49.0001,保障loopback0可达性。路由器R12、R13配置IS-IS区域为49.0001,保障loopback0可达性。

4、按照如图所示配置好BGP区域20001、20002、10001、10002、10003,要求全部使用loopback0作为bgp的router-id,和用来建立邻居关系。

5、其中AS10002内部含有两个联邦成员,分别为65111和65112。

6、在R14上宣告192.168.114.0/24进BGP。R6、R11、R13分别向BGP宣告PC所在的网段。R8宣告loopback0进BGP。

7、在R14上做NAT,保障Server1和Server2可以访问8.8.8.8,并且当telnet 192.168.114.14的1111端口的时候,是Server1来回应,2222端口是Server2来回应。

8、在R8上添加A类解析domain.com域名到192.168.114.14。在每台PC上测试telnet domain.com 1111和2222。确保可以正常访问Server1和Server2。

9、在R13上添加loopback10接口,地址为130.130.130.130/24,并且宣告进BGP。要求该路由不能被除了AS10002以外的区域学习到。

10、在R14上创建lo10、lo20、lo30、地址为172.16.10.1/24、172.16.20.1/24、172.16.30.1/24。要求在AS10002中只能看到汇总路由,并且该汇总路由保留as_path属性。其他AS可以看到明细路由。

11、通过as-path access-list在R11上过滤起源于AS10001的路由。并且在R6和R1上重分布外部路由进行测试。

12、在AS10001中,默认所有的路由都从R4离开AS,只有8.8.8.0/24这条路由是从R5离开AS的,在PC1上进行测试。

13、要求R13能学习到172.16.0.0这条汇总路由的明细,并且当172.16.0.0/16出现故障的时候,R13上的明细也能消失。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.13.1 255.255.255.0
ip ospf 1 area 0
!
router bgp 20001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 20001
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 remote-as 20001
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client

R2
interface Loopback0
ip address 2.2.2.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.27.2 255.255.255.0
!
router bgp 20001
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 20001
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 7.7.7.7 remote-as 20002
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
!
ip route 7.7.7.7 255.255.255.255 192.168.27.7

R3
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.13.3 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.34.3 255.255.255.0
!
router bgp 20001
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 20001
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 4.4.4.4 remote-as 10001
neighbor 4.4.4.4 ebgp-multihop 255
neighbor 4.4.4.4 update-source Loopback0
!
ip route 4.4.4.4 255.255.255.255 192.168.34.4

R4
interface Loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.34.4 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.46.4 255.255.255.0
ip ospf 1 area 0
!
router bgp 10001
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 20001
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-map R3 in
neighbor 6.6.6.6 remote-as 10001
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 route-map R6 out
!
ip route 3.3.3.3 255.255.255.255 192.168.34.3
!
!
route-map R3 permit 10
match ip address 1
set weight 10
!
route-map R3 permit 20
!
route-map R6 permit 10
match ip address 1
set extcommunity cost pre-bestpath 1 10
!
route-map R6 permit 20
!
access-list 1 deny 8.8.8.0
access-list 1 permit any

R5
interface Loopback0
ip address 5.5.5.5 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.56.5 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.59.5 255.255.255.0
!
router bgp 10001
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 10001
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 next-hop-self
neighbor 9.9.9.9 remote-as 20002
neighbor 9.9.9.9 ebgp-multihop 255
neighbor 9.9.9.9 update-source Loopback0
!
ip route 9.9.9.9 255.255.255.255 192.168.59.9

R6
interface Loopback0
ip address 6.6.6.6 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.46.6 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.56.6 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/2
ip address 192.168.10.1 255.255.255.0
ip helper-address 8.8.8.8
!
router bgp 10001
bgp router-id 6.6.6.6
bgp log-neighbor-changes
network 192.168.10.0
neighbor 4.4.4.4 remote-as 10001
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-reflector-client
neighbor 5.5.5.5 remote-as 10001
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 send-community extended

R7
interface Loopback0
ip address 7.7.7.7 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.27.7 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.78.7 255.255.255.0
ip router isis
!
interface Ethernet0/2
ip address 192.168.79.7 255.255.255.0
ip router isis
!
router isis
net 49.0001.0000.0000.0007.00
is-type level-2-only
!
router bgp 20002
bgp router-id 7.7.7.7
bgp log-neighbor-changes
neighbor ibgp peer-group
neighbor ibgp remote-as 20002
neighbor ibgp update-source Loopback0
neighbor ibgp route-reflector-client
neighbor ibgp next-hop-self
neighbor 2.2.2.2 remote-as 20001
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 8.8.8.8 peer-group ibgp
neighbor 9.9.9.9 peer-group ibgp
neighbor 10.10.10.10 peer-group ibgp
!
ip route 2.2.2.2 255.255.255.255 192.168.27.2

R8
ip dhcp pool 100031
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
ip dhcp pool 100032
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8
!
ip dhcp pool 10001
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
!
ip dhcp pool 1000220
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
!
ip dhcp pool 1000230
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8
!
ip host domain.com 192.168.114.14
!
interface Loopback0
ip address 8.8.8.8 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.78.8 255.255.255.0
ip router isis
!
interface Ethernet0/1
ip address 192.168.80.8 255.255.255.0
ip router isis
!
interface Ethernet0/2
ip address 192.168.114.8 255.255.255.0
!
router isis
net 49.0001.0000.0000.0008.00
is-type level-2-only
!
router bgp 20002
bgp router-id 8.8.8.8
bgp log-neighbor-changes
network 8.8.8.0 mask 255.255.255.0
neighbor 7.7.7.7 remote-as 20002
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
neighbor 14.14.14.14 remote-as 10003
neighbor 14.14.14.14 ebgp-multihop 255
neighbor 14.14.14.14 update-source Loopback0
!
ip dns server
ip route 14.14.14.14 255.255.255.255 192.168.114.14
ip route 192.168.1.0 255.255.255.0 192.168.114.14
ip route 192.168.2.0 255.255.255.0 192.168.114.14

R9
interface Loopback0
ip address 9.9.9.9 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.59.9 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.90.9 255.255.255.0
ip router isis
!
interface Ethernet0/2
ip address 192.168.79.9 255.255.255.0
ip router isis
!
router isis
net 49.0001.0000.0000.0009.00
is-type level-2-only
!
router bgp 20002
bgp router-id 9.9.9.9
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 10001
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
neighbor 7.7.7.7 remote-as 20002
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
!
ip route 5.5.5.5 255.255.255.255 192.168.59.5

R10
interface Loopback0
ip address 10.10.10.10 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.90.10 255.255.255.0
ip router isis
!
interface Ethernet0/1
ip address 192.168.110.10 255.255.255.0
!
interface Ethernet0/2
ip address 192.168.80.10 255.255.255.0
ip router isis
!
router isis
net 49.0001.0000.0000.0010.00
is-type level-2-only
!
router bgp 20002
bgp router-id 10.10.10.10
bgp log-neighbor-changes
aggregate-address 172.16.0.0 255.255.0.0 as-set summary-only
neighbor 7.7.7.7 remote-as 20002
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 next-hop-self
neighbor 7.7.7.7 prefix-list 1 out
neighbor 11.11.11.11 remote-as 10002
neighbor 11.11.11.11 ebgp-multihop 255
neighbor 11.11.11.11 update-source Loopback0
!
ip route 11.11.11.11 255.255.255.255 192.168.110.11
!
ip prefix-list 1 seq 5 deny 172.16.0.0/16
ip prefix-list 1 seq 10 permit 0.0.0.0/0 le 32

R11
interface Loopback0
ip address 11.11.11.11 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.110.11 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.112.11 255.255.255.0
!
interface Ethernet0/2
ip address 192.168.20.1 255.255.255.0
ip helper-address 8.8.8.8
!
router bgp 65111
bgp router-id 11.11.11.11
bgp log-neighbor-changes
bgp confederation identifier 10002
bgp confederation peers 65112
network 192.168.20.0
neighbor 10.10.10.10 remote-as 20002
neighbor 10.10.10.10 ebgp-multihop 255
neighbor 10.10.10.10 update-source Loopback0
neighbor 10.10.10.10 filter-list 1 in
neighbor 12.12.12.12 remote-as 65112
neighbor 12.12.12.12 ebgp-multihop 255
neighbor 12.12.12.12 update-source Loopback0
neighbor 12.12.12.12 next-hop-self
!
ip as-path access-list 1 deny _10001$
ip as-path access-list 1 permit .*
!
ip route 10.10.10.10 255.255.255.255 192.168.110.10
ip route 12.12.12.12 255.255.255.255 192.168.112.12

R12
interface Loopback0
ip address 12.12.12.12 255.255.255.0
ip router isis
!
interface Ethernet0/0
ip address 192.168.112.12 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.113.12 255.255.255.0
ip router isis
!
router isis
net 49.0001.0000.0000.0012.00
is-type level-2-only
!
router bgp 65112
bgp router-id 12.12.12.12
bgp log-neighbor-changes
bgp confederation identifier 10002
bgp confederation peers 65111
bgp inject-map mingxi exist-map huizong copy-attributes
neighbor 11.11.11.11 remote-as 65111
neighbor 11.11.11.11 ebgp-multihop 255
neighbor 11.11.11.11 update-source Loopback0
neighbor 11.11.11.11 next-hop-self
neighbor 11.11.11.11 send-community
neighbor 11.11.11.11 route-map R11 out
neighbor 13.13.13.13 remote-as 65112
neighbor 13.13.13.13 update-source Loopback0
neighbor 13.13.13.13 next-hop-self
!
ip route 11.11.11.11 255.255.255.255 192.168.112.11
!
!
ip prefix-list huizong seq 5 permit 172.16.0.0/16
!
ip prefix-list mingxi seq 5 permit 172.16.10.0/24
ip prefix-list mingxi seq 10 permit 172.16.20.0/24
ip prefix-list mingxi seq 15 permit 172.16.30.0/24
!
ip prefix-list xiayitiao seq 5 permit 11.11.11.11/32
!
route-map mingxi permit 10
set ip address prefix-list mingxi
set community no-export
!
route-map R11 permit 10
match ip address 1
set community no-export
!
route-map R11 permit 20
!
route-map huizong permit 10
match ip address prefix-list huizong
match ip route-source xiayitiao
!
access-list 1 permit 130.130.130.0

R13
interface Loopback0
ip address 13.13.13.13 255.255.255.0
ip router isis
!
interface Loopback10
ip address 130.130.130.130 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.113.13 255.255.255.0
ip router isis
!
interface Ethernet0/1
ip address 192.168.30.1 255.255.255.0
ip helper-address 8.8.8.8
!
router isis
net 49.0001.0000.0000.0013.00
is-type level-2-only
!
router bgp 65112
bgp router-id 13.13.13.13
bgp log-neighbor-changes
bgp confederation identifier 10002
network 130.130.130.0 mask 255.255.255.0
network 192.168.30.0
neighbor 12.12.12.12 remote-as 65112
neighbor 12.12.12.12 update-source Loopback0

R14
interface Loopback0
ip address 14.14.14.14 255.255.255.0
!
interface Loopback10
ip address 172.16.10.1 255.255.255.0
!
interface Loopback20
ip address 172.16.20.1 255.255.255.0
!
interface Loopback30
ip address 172.16.30.1 255.255.255.0
!
interface Ethernet0/0
ip address 192.168.114.14 255.255.255.0
ip nat outside
!
interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0
ip helper-address 8.8.8.8
ip nat inside
!
interface Ethernet0/2
ip address 192.168.2.1 255.255.255.0
ip helper-address 8.8.8.8
ip nat inside
!
router bgp 10003
bgp router-id 14.14.14.14
bgp log-neighbor-changes
network 172.16.10.0 mask 255.255.255.0
network 172.16.20.0 mask 255.255.255.0
network 172.16.30.0 mask 255.255.255.0
network 192.168.114.0
neighbor 8.8.8.8 remote-as 20002
neighbor 8.8.8.8 ebgp-multihop 255
neighbor 8.8.8.8 update-source Loopback0
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 192.168.1.2 23 interface Ethernet0/0 1111
ip nat inside source static tcp 192.168.2.2 23 interface Ethernet0/0 2222
ip route 8.8.8.8 255.255.255.255 192.168.114.8
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

PC和服务器配置模板
no ip routing
ip domain lookup
int ex/x
ip add dhcp
no sh
=======服务器开启telnet=======
line vty 0 4
password cisco
login
  • 版权声明: 本博客所有文章除特别声明外,著作权归作者所有。转载请注明出处!

请我喝杯咖啡吧~

支付宝
微信