BGP路由策略实验(H3C)
一.实验拓扑图二、实验要求1.互联链路配置及测试2.AS65001和AS65002的IGP配置及测试(修改以太网接口网络类型为P2P,修改R2、R3间OSPF链路开销为10,请不要将AS65001的业务网段发布进IGP)。3.按图示建立BGP邻居关系,并查看BGP邻居表(请不要忘记针对IBGP邻居修改更新源和下一跳)。4.在R1、R2、R3、R4上用BGP发布各自AS的业务网段路由(Loop1)5.查看各台路由器的BGP路由表和IP转发表,查看是否有去往其他AS业务网段的路由。请分析R6的BGP路由表中的最优BGP路由是如何选择的?6.测试各业务网段间的连通性。7.在合适的位置上通过修改Local-Pre值实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4,使用Tracert命令测试。8. 还原第7步的配置后,在合适的位置上通过修改MED值实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4使用Tracert命令测试。三、实验过程bgp 65001peer 10.0.1.6 as-num 65002peer 4.4.4.4 as-num 65002peer 4.4.4.4 connect-int lo0peer 4.4.4.4 next-hop-lo
bgp 65001peer 10.0.1.10 as-num 65002peer 1.1.1.1 as-num 65001peer 1.1.1.1 connect-int lo0peer 1.1.1.1 next-hop-lo
bgp 65002peer 10.0.1.5 as-num 65001group rr internal peer rr next-hop-lopeer rr connect-int lo0peer 3.3.3.3 group rrpeer 5.5.5.5 group rrpeer 6.6.6.6 group rr
bgp 65002peer 10.0.1.9 as-num 65001group nn internalpeer nn next-hop-lopeer nn connect-int lo0peer 2.2.2.2 group nnpeer 5.5.5.5 group nnpeer 6.6.6.6 group nn
bgp 65002group mm internal peer mm nextpeer mm next-hop-local peer mm conpeer mm connect-interface lo0peer 2.2.2.2 group mmpeer 3.3.3.3 group mmpeer 6.6.6.6 groupmm
bgp 65002group ii internal peer ii nepeer ii next-hop-local peer ii con peer ii connect-interface lo0peer 2.2.2.2 group iipeer 5.5.5.5 group iipeer 3.3.3.3 group ii
net 10.10.5.1 32net 10.10.6.1 32
net 10.10.5.1 32net 10.10.6.1 32
net 10.30.1.1 32net 10.40.4.1 32
bgp 65002peer 10.0.1.5 route-po lp import qroute-po lp permit node 10New Sequence of this Listif-m acl 2003apply local-pre 300quiacl num 2003rule permit source 10.30.1.1 0.0.0.0 qui
问题:1.BGP发言者network的路由以及自己使用的路由才会发布到对等体2.BGP路由表里可用与最优是什么意思?最优的一定是可用的,可用的不一定是最优的。在R3上(BGP里)network3.3.3.3 32 之后dis ip routRouting Tables: Public Destinations : 8 Routes : 8
Destination/Mask ProtoPreCost NextHop Interface
4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop010.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/010.0.1.2/32 Direct 0 0 127.0.0.1 InLoop010.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/110.0.1.9/32 Direct 0 0 127.0.0.1 InLoop010.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
dis bgp rout
Total Number of Routes: 2
BGP Local router ID is 10.40.4.1 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn
*>3.3.3.3/32 10.0.1.10 0 0 65002i*>10.40.4.1/32 0.0.0.0 0 0 i
<R5> dis bgp rout
Total Number of Routes: 3
BGP Local router ID is 10.10.5.1 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn
i 3.3.3.3/32 3.3.3.3 0 100 0 i*>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i*>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i
<R5>dis ip routRouting Tables: Public Destinations : 17 Routes : 20
Destination/Mask ProtoPreCost NextHop Interface
2.2.2.2/32 OSPF 10 10 10.0.1.17 Eth0/1/03.3.3.3/32 OSPF 10 20 10.0.1.17 Eth0/1/0 OSPF 10 20 10.0.1.26 Eth0/1/25.5.5.5/32 Direct 0 0 127.0.0.1 InLoop06.6.6.6/32 OSPF 10 10 10.0.1.26 Eth0/1/210.0.1.4/30 OSPF 10 20 10.0.1.17 Eth0/1/010.0.1.8/30 OSPF 10 30 10.0.1.17 Eth0/1/0 OSPF 10 30 10.0.1.26 Eth0/1/210.0.1.12/30 OSPF 10 20 10.0.1.17 Eth0/1/010.0.1.16/30 Direct 0 0 10.0.1.18 Eth0/1/010.0.1.18/32 Direct 0 0 127.0.0.1 InLoop010.0.1.20/30 OSPF 10 20 10.0.1.26 Eth0/1/210.0.1.24/30 Direct 0 0 10.0.1.25 Eth0/1/210.0.1.25/32 Direct 0 0 127.0.0.1 InLoop010.10.5.1/32 Direct 0 0 127.0.0.1 InLoop010.30.1.1/32 BGP 2550 2.2.2.2 Eth0/1/010.40.4.1/32 BGP 2550 3.3.3.3 Eth0/1/0 BGP 2550 3.3.3.3 Eth0/1/2127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
dis ip routRouting Tables: Public Destinations : 18 Routes : 19
Destination/Mask ProtoPreCost NextHop Interface
2.2.2.2/32 OSPF 10 10 10.0.1.13 S0/2/03.3.3.3/32 Direct 0 0 127.0.0.1 InLoop05.5.5.5/32 OSPF 10 20 10.0.1.13 S0/2/0 OSPF 10 20 10.0.1.22 Eth0/1/16.6.6.6/32 OSPF 10 10 10.0.1.22 Eth0/1/110.0.1.4/30 OSPF 10 20 10.0.1.13 S0/2/010.0.1.8/30 Direct 0 0 10.0.1.10 Eth0/1/310.0.1.10/32 Direct 0 0 127.0.0.1 InLoop010.0.1.12/30 Direct 0 0 10.0.1.14 S0/2/010.0.1.13/32 Direct 0 0 10.0.1.13 S0/2/010.0.1.14/32 Direct 0 0 127.0.0.1 InLoop010.0.1.16/30 OSPF 10 20 10.0.1.13 S0/2/010.0.1.20/30 Direct 0 0 10.0.1.21 Eth0/1/110.0.1.21/32 Direct 0 0 127.0.0.1 InLoop010.0.1.24/30 OSPF 10 20 10.0.1.22 Eth0/1/110.30.1.1/32 BGP 2550 2.2.2.2 S0/2/010.40.4.1/32 BGP 2550 10.0.1.9 Eth0/1/3127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
dis bgp routTotal Number of Routes: 3BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn*>3.3.3.3/32 0.0.0.0 0 0 i*>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i*>10.40.4.1/32 10.0.1.9 0 0 65001i3.R1和R4互相收不到路由。<R1>dis ip routRouting Tables: Public Destinations : 9 Routes : 9Destination/Mask ProtoPreCost NextHop Interface1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop010.0.1.0/30 Direct 0 0 10.0.1.1 Eth0/1/210.0.1.1/32 Direct 0 0 127.0.0.1 InLoop010.0.1.4/30 Direct 0 0 10.0.1.5 Eth0/1/010.0.1.5/32 Direct 0 0 127.0.0.1 InLoop010.10.5.1/32 BGP 25510 10.0.1.6 Eth0/1/010.30.1.1/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0<R4>dis ip routRouting Tables: Public Destinations : 10 Routes : 10Destination/Mask ProtoPreCost NextHop Interface3.3.3.3/32 BGP 2550 10.0.1.10 Eth0/1/14.4.4.4/32 Direct 0 0 127.0.0.1 InLoop010.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/010.0.1.2/32 Direct 0 0 127.0.0.1 InLoop010.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/110.0.1.9/32 Direct 0 0 127.0.0.1 InLoop010.10.5.1/32 BGP 25520 10.0.1.10 Eth0/1/110.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0查看邻居是否建立<R1> dis bgp peerBGP local router ID : 10.30.1.1Local AS number : 65001Total number of peers : 2 Peers in established state : 1Peer V ASMsgRcvdMsgSentOutQ PrefRcv Up/DownState4.4.4.4 4 65002 0 0 0 0 00:45:19 Active 10.0.1.6 4 65002 49 61 0 1 00:44:48 Established<R4>dis bgp peerBGP local router ID : 10.40.4.1Local AS number : 65001Total number of peers : 2 Peers in established state : 1Peer V ASMsgRcvdMsgSentOutQ PrefRcv Up/DownState1.1.1.1 4 65001 0 0 0 0 01:02:43 Active10.0.1.10 4 65002 84 84 0 2 01:02:11 Established邻居未建立,停在了Active状态。为什么。排错:BGP邻居通过对比open消息建立连接关系,并进行了参数协商。内容包括:BGP版本号,自己所属的AS号,路由器ID,hold time值、认证信息。 1) 于是首先发现R1配对等体时AS号错了。改正之后还是不行。2)后来发现建邻居用的是loopback接口,TCP三次握手需要路由才能到,由于没有到对方loopback口的路由,所以无法建立TCP连接,所以建立不了邻居。配了到各自的静态的路由之后,可以建立邻居。问题,不配静态路由,R1,R4能否通过跨越AS 65002建邻居。前提在BGP里network了loopback网段。undo ip rout 10.40.4.1 255.255.255.255 10.0.1.2dis bgp peerBGP local router ID : 10.30.1.1Local AS number : 65001Total number of peers : 2 Peers in established state : 2Peer V ASMsgRcvdMsgSentOutQ PrefRcv Up/DownState10.0.1.6 4 65002 246 315 0 1 03:58:23 Established10.40.4.1 4 65001 25 19 0 2 00:15:15 Established (BGP连接隔了一两分钟才断开,可以通过重启进程)%Aug 31 15:29:07:438 2012 R1 RM/3/RMLOG:BGP.: 10.40.4.1 State is changed from ESTABLISHED to IDLE.dis bgp peerBGP local router ID : 10.30.1.1Local AS number : 65001Total number of peers : 2 Peers in established state : 1Peer V ASMsgRcvdMsgSentOutQ PrefRcv Up/DownState10.0.1.6 4 65002 250 320 0 1 04:02:01 Established10.40.4.1 4 65001 0 0 0 0 00:01:51 Active 4.R4 ping 10.10.5.1 要带源ping,并且源是在BGP里发布了的10.40.4.1 ,否则不通,因为要保证对端有回来的路由。<R4>trace -a 10.40.4.1 10.10.5.1traceroute to 10.10.5.1(10.10.5.1) 30 hops max,40 bytes packet, press CTRL_C to break110.0.1.1 4294967291 ms 20 ms <1 ms210.0.1.6 10 ms 20 ms 20 ms310.10.5.1 30 ms 25 ms 5 ms<R5> trace -a 10.10.5.1 10.40.4.1traceroute to 10.40.4.1(10.40.4.1) 30 hops max,40 bytes packet, press CTRL_C to break110.0.1.26 30 ms 10.0.1.17 4 ms 10.0.1.26 15 ms210.0.1.14 15 ms 10.0.1.21 25 ms 10.0.1.14 21 ms310.40.4.1 14 ms 10 ms 35 ms5.修改路由信息属性来控制数据流方向修改local-pre值,实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4,使用Tracert命令测试。1) local-pre该配在哪里?根据BGP的路由选路规则,R2,R3,R5去往10.30.1.1的路径都是R1-R2现在只有acl num 2003rule 1 permit source 10.30.1.1 0.0.0.0qroute-policy R1-R2 permit node 10New Sequence of this Listif-match acl 2003apply local-pre 200qbgp 65002peer 10.0.1.5 route-policy R1-R2 importacl num 2003rule 1 permit source 10.40.4.1 0.0.0.0 qroute-policy R3-R4 permit node 10New Sequence of this Listif-match acl 2003apply ?as-path Prepend the as-path string to the AS pathcomm-list Set BGP community list (for deletion)community BGP community attributecost Set cost of the matched routecost-type Type of metric for destination routing protocolextcommunity BGP extended community attributeip-address IP informationipv6 IPv6 Information isis IS-IS routing protocol defined by ISOlocal-preferenceBGP local preferencempls-label Match MPLS labelorigin BGP origin code preference Give the Preference(Route Preference)preferred-value BGP Preferred-value (weight) for routing tabletag Set tag of routeapply local-pre 300qbgp 65002peer 10.0.1.9 route-policy R3-R4 ?exportSpecify export policyimportSpecify import policypeer 10.0.1.9 route-policy R3-R4 import修改后的效果<R6>dis bgp routTotal Number of Routes: 7BGP Local router ID is 6.6.6.6 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 3.3.3.3/32 3.3.3.3 0 100 0 i* i 10.10.5.1/32 2.2.2.2 10 100 0 i* i 3.3.3.3 20 100 0 i* i 10.10.6.1/32 3.3.3.3 10 100 0 i* i 2.2.2.2 20 100 0 i*>i 10.30.1.1/32 2.2.2.2 0 200 0 65001i*>i 10.40.4.1/32 3.3.3.3 0 300 0 65001i6.<R2> dis bgp routTotal Number of Routes: 8BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 3.3.3.3/32 3.3.3.3 0 100 0 i*>10.10.5.1/32 0.0.0.0 10 0 i* i 3.3.3.3 20 100 0 i*>10.10.6.1/32 0.0.0.0 20 0 i*> 0.0.0.0 20 0 i* i 3.3.3.3 10 100 0 i*>10.30.1.1/32 10.0.1.5 0 200 0 65001i*>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i这里的i是指从本自治系统收到的。疑问:为什么R2收不到来自R1发来的10.40.4.1这条路由?R3也收不到来自R4发来的10.30.1.1这条路由?原因是:原来配错了,导致R1与R4邻居建立不起来。dis bgp routTotal Number of Routes: 10BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn*>3.3.3.3/32 0.0.0.0 0 0 i*>10.10.5.1/32 0.0.0.0 20 0 i*> 0.0.0.0 20 0 i* i 2.2.2.2 10 100 0 i*>10.10.6.1/32 0.0.0.0 10 0 i* i 2.2.2.2 20 100 0 i*>10.30.1.1/32 10.0.1.9 0 65001i* i 2.2.2.2 0 100 0 65001i*>10.40.4.1/32 10.0.1.9 0 0 65001i* i 2.2.2.2 100 0 65001i
<R2>dis bgp routTotal Number of Routes: 10BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history,i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 3.3.3.3/32 3.3.3.3 0 100 0 i*>10.10.5.1/32 0.0.0.0 10 0 i* i 3.3.3.3 20 100 0 i*>10.10.6.1/32 0.0.0.0 20 0 i*> 0.0.0.0 20 0 i* i 3.3.3.3 10 100 0 i*>10.30.1.1/32 10.0.1.5 0 0 65001i* i 3.3.3.3 100 0 65001i*>10.40.4.1/32 10.0.1.5 0 65001i* i 3.3.3.3 0 100 0 65001i
2) 配置MED值acl num 2004rule 1 permit source %Aug 31 22:04:15:00 2012 R2 RM/3/RMLOG:BGP.: 6.6.6.6 State is changed from OPENCONFIRM to ESTABLISHED.10.40.4.1 0.0.0.0 q%Aug 31 22:04:35:968 2012 R2 RM/3/RMLOG:BGP.: 5.5.5.5 State is changed from OPENCONFIRM to ESTABLISHED.route-policy R3-R4 permit node 10New Sequence of this Listif-match acl 2004apply cost 100bgp 65002peer 10.0.1.5 route-policy R3-R4 importacl num 2004rule 1 permit source 10.30.1.1 0.0.0.0 qroute-policy R3-R4 permit node 10New Sequence of this Listif-match acl 2004apply cost 100bgp 65002peer 10.0.1.5 route-policy R1-R2 import模拟器问题,敲下apply cost 100,自动关闭了路由器的模拟窗口?只在各自上配一条就行了,相对提高值!四、实验总结小结:1.有些路由会显示本地优先级,有些不会,是因为没有发过来?2.BGP发言者只将自己使用的路由(BGP路由表里的路由)发布给对等体3.只有在自己全局路由表里存在有的路由,才能通告BGP network 出去! 4.H3C MSR路由器默认关闭了同步,R3上从R5上收到了10.10.5.1的路由,会直接发给自己EBGP R4,由于R3所在区域配置了全互联,所以不会产生路由“黑洞”。 5.全局路由表里显示的直连网段下一跳是自己的出接口 6.EBGP之间建邻居为什么用物理接口?IBGP之间建邻居为什么用loopback0接口? 7.断开R1、R4的连接关系、10.40.4.1 这条路由不会发给R1,因为防环机制,AS号重复了。
所有的男人生来平等,结婚的除外。 只要不下流,我们就是主流! 我在马路边丢了一分钱 修养的艺术,其实就是说谎的艺术。 沒有激情的亲吻,哪來床上的翻滾? 走,MM,咱们化蝶去……
页:
[1]