|
一.实验拓扑图
二、实验要求 1.互联链路配置及测试 2.AS65001和AS65002的IGP配置及测试(修改以太网接口网络类型为P2P,修改R2、R3间OSPF链路开销为10,请不要将AS65001的业务网段发布进IGP)。 3.按图示建立BGP邻居关系,并查看BGP邻居表(请不要忘记针对IBGP邻居修改更新源和下一跳)。 4.在R1、R2、R3、R4上用BGP发布各自AS的业务网段路由(Loop1) 5.查看各台路由器的BGP路由表和IP转发表,查看是否有去往其他AS业务网段的路由。请分析R6的BGP路由表中的最优BGP路由是如何选择的? 6.测试各业务网段间的连通性。 7.在合适的位置上通过修改Local-Pre值实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4,使用Tracert命令测试。 8. 还原第7步的配置后,在合适的位置上通过修改MED值实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4使用Tracert命令测试。 三、实验过程 [R1]bgp 65001 [R1-bgp]peer 10.0.1.6 as-num 65002 [R1-bgp]peer 4.4.4.4 as-num 65002 [R1-bgp]peer 4.4.4.4 connect-int lo0 [R1-bgp]peer 4.4.4.4 next-hop-lo
[R4]bgp 65001 [R4-bgp]peer 10.0.1.10 as-num 65002 [R4-bgp]peer 1.1.1.1 as-num 65001 [R4-bgp]peer 1.1.1.1 connect-int lo0 [R4-bgp]peer 1.1.1.1 next-hop-lo
[R2]bgp 65002 [R2-bgp]peer 10.0.1.5 as-num 65001 [R2-bgp]group rr internal [R2-bgp]peer rr next-hop-lo [R2-bgp]peer rr connect-int lo0 [R2-bgp]peer 3.3.3.3 group rr [R2-bgp]peer 5.5.5.5 group rr [R2-bgp]peer 6.6.6.6 group rr
[R3]bgp 65002 [R3-bgp]peer 10.0.1.9 as-num 65001 [R3-bgp]group nn internal [R3-bgp]peer nn next-hop-lo [R3-bgp]peer nn connect-int lo0 [R3-bgp]peer 2.2.2.2 group nn [R3-bgp]peer 5.5.5.5 group nn [R3-bgp]peer 6.6.6.6 group nn
[R5]bgp 65002 [R5-bgp]group mm internal [R5-bgp]peer mm next [R5-bgp]peer mm next-hop-local [R5-bgp]peer mm con [R5-bgp]peer mm connect-interface lo0 [R5-bgp]peer 2.2.2.2 group mm [R5-bgp]peer 3.3.3.3 group mm [R5-bgp]peer 6.6.6.6 group mm
[R6]bgp 65002 [R6-bgp]group ii internal [R6-bgp]peer ii ne [R6-bgp]peer ii next-hop-local [R6-bgp]peer ii con [R6-bgp]peer ii connect-interface lo0 [R6-bgp]peer 2.2.2.2 group ii [R6-bgp]peer 5.5.5.5 group ii [R6-bgp]peer 3.3.3.3 group ii [R6-bgp]
[R2-bgp]net 10.10.5.1 32 [R2-bgp]net 10.10.6.1 32 [R2-bgp]
[R3-bgp]net 10.10.5.1 32 [R3-bgp]net 10.10.6.1 32 [R3-bgp]
[R1-bgp]net 10.30.1.1 32 [R4-bgp]net 10.40.4.1 32
[R2]bgp 65002 [R2-bgp]peer 10.0.1.5 route-po lp import [R2-bgp]q [R2]route-po lp permit node 10 New Sequence of this List [R2-route-policy]if-m acl 2003 [R2-route-policy]apply local-pre 300 [R2-route-policy]qui [R2]acl num 2003 [R2-acl-basic-2003]rule permit source 10.30.1.1 0.0.0.0 [R2-acl-basic-2003]qui
问题: 1.BGP发言者network的路由以及自己使用的路由才会发布到对等体 2.BGP路由表里可用与最优是什么意思? 最优的一定是可用的,可用的不一定是最优的。 在R3上(BGP里)network3.3.3.3 32 之后 [R4]dis ip rout Routing Tables: Public Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/0 10.0.1.2/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/1 10.0.1.9/32 Direct 0 0 127.0.0.1 InLoop0 10.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R4] dis bgp rout
Total Number of Routes: 2
BGP Local router ID is 10.40.4.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn
*> 3.3.3.3/32 10.0.1.10 0 0 65002i *> 10.40.4.1/32 0.0.0.0 0 0 i
<R5> dis bgp rout
Total Number of Routes: 3
BGP Local router ID is 10.10.5.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn
i 3.3.3.3/32 3.3.3.3 0 100 0 i *>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i *>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i
<R5>dis ip rout Routing Tables: Public Destinations : 17 Routes : 20
Destination/Mask Proto Pre Cost NextHop Interface
2.2.2.2/32 OSPF 10 10 10.0.1.17 Eth0/1/0 3.3.3.3/32 OSPF 10 20 10.0.1.17 Eth0/1/0 OSPF 10 20 10.0.1.26 Eth0/1/2 5.5.5.5/32 Direct 0 0 127.0.0.1 InLoop0 6.6.6.6/32 OSPF 10 10 10.0.1.26 Eth0/1/2 10.0.1.4/30 OSPF 10 20 10.0.1.17 Eth0/1/0 10.0.1.8/30 OSPF 10 30 10.0.1.17 Eth0/1/0 OSPF 10 30 10.0.1.26 Eth0/1/2 10.0.1.12/30 OSPF 10 20 10.0.1.17 Eth0/1/0 10.0.1.16/30 Direct 0 0 10.0.1.18 Eth0/1/0 10.0.1.18/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.20/30 OSPF 10 20 10.0.1.26 Eth0/1/2 10.0.1.24/30 Direct 0 0 10.0.1.25 Eth0/1/2 10.0.1.25/32 Direct 0 0 127.0.0.1 InLoop0 10.10.5.1/32 Direct 0 0 127.0.0.1 InLoop0 10.30.1.1/32 BGP 255 0 2.2.2.2 Eth0/1/0 10.40.4.1/32 BGP 255 0 3.3.3.3 Eth0/1/0 BGP 255 0 3.3.3.3 Eth0/1/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R3]dis ip rout Routing Tables: Public Destinations : 18 Routes : 19
Destination/Mask Proto Pre Cost NextHop Interface
2.2.2.2/32 OSPF 10 10 10.0.1.13 S0/2/0 3.3.3.3/32 Direct 0 0 127.0.0.1 InLoop0 5.5.5.5/32 OSPF 10 20 10.0.1.13 S0/2/0 OSPF 10 20 10.0.1.22 Eth0/1/1 6.6.6.6/32 OSPF 10 10 10.0.1.22 Eth0/1/1 10.0.1.4/30 OSPF 10 20 10.0.1.13 S0/2/0 10.0.1.8/30 Direct 0 0 10.0.1.10 Eth0/1/3 10.0.1.10/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.12/30 Direct 0 0 10.0.1.14 S0/2/0 10.0.1.13/32 Direct 0 0 10.0.1.13 S0/2/0 10.0.1.14/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.16/30 OSPF 10 20 10.0.1.13 S0/2/0 10.0.1.20/30 Direct 0 0 10.0.1.21 Eth0/1/1 10.0.1.21/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.24/30 OSPF 10 20 10.0.1.22 Eth0/1/1 10.30.1.1/32 BGP 255 0 2.2.2.2 S0/2/0 10.40.4.1/32 BGP 255 0 10.0.1.9 Eth0/1/3 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R3]dis bgp rout Total Number of Routes: 3 BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 3.3.3.3/32 0.0.0.0 0 0 i *>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i *> 10.40.4.1/32 10.0.1.9 0 0 65001i 3.R1和R4互相收不到路由。 <R1>dis ip rout Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.0/30 Direct 0 0 10.0.1.1 Eth0/1/2 10.0.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.4/30 Direct 0 0 10.0.1.5 Eth0/1/0 10.0.1.5/32 Direct 0 0 127.0.0.1 InLoop0 10.10.5.1/32 BGP 255 10 10.0.1.6 Eth0/1/0 10.30.1.1/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 <R4>dis ip rout Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost NextHop Interface 3.3.3.3/32 BGP 255 0 10.0.1.10 Eth0/1/1 4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/0 10.0.1.2/32 Direct 0 0 127.0.0.1 InLoop0 10.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/1 10.0.1.9/32 Direct 0 0 127.0.0.1 InLoop0 10.10.5.1/32 BGP 255 20 10.0.1.10 Eth0/1/1 10.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 查看邻居是否建立 <R1> dis bgp peer BGP local router ID : 10.30.1.1 Local AS number : 65001 Total number of peers : 2 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 4.4.4.4 4 65002 0 0 0 0 00:45:19 Active 10.0.1.6 4 65002 49 61 0 1 00:44:48 Established <R4> dis bgp peer BGP local router ID : 10.40.4.1 Local AS number : 65001 Total number of peers : 2 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 1.1.1.1 4 65001 0 0 0 0 01:02:43 Active 10.0.1.10 4 65002 84 84 0 2 01:02:11 Established 邻居未建立,停在了Active状态。为什么。 排错:BGP邻居通过对比open消息建立连接关系,并进行了参数协商。内容包括:BGP版本号,自己所属的AS号,路由器ID,hold time值、认证信息。 1) 于是首先发现R1配对等体时AS号错了。改正之后还是不行。 2)后来发现建邻居用的是loopback接口,TCP三次握手需要路由才能到,由于没有到对方loopback口的路由,所以无法建立TCP连接,所以建立不了邻居。 配了到各自的静态的路由之后,可以建立邻居。 问题,不配静态路由,R1,R4能否通过跨越AS 65002建邻居。前提在BGP里network了loopback网段。 [R1]undo ip rout 10.40.4.1 255.255.255.255 10.0.1.2 [R1]dis bgp peer BGP local router ID : 10.30.1.1 Local AS number : 65001 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10.0.1.6 4 65002 246 315 0 1 03:58:23 Established 10.40.4.1 4 65001 25 19 0 2 00:15:15 Established [R1] (BGP连接隔了一两分钟才断开,可以通过重启进程) %Aug 31 15:29:07:438 2012 R1 RM/3/RMLOG: BGP.: 10.40.4.1 State is changed from ESTABLISHED to IDLE. [R1] [R1] [R1]dis bgp peer BGP local router ID : 10.30.1.1 Local AS number : 65001 Total number of peers : 2 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10.0.1.6 4 65002 250 320 0 1 04:02:01 Established 10.40.4.1 4 65001 0 0 0 0 00:01:51 Active 4.R4 ping 10.10.5.1 要带源ping,并且源是在BGP里发布了的10.40.4.1 ,否则不通,因为要保证对端有回来的路由。 <R4>trace -a 10.40.4.1 10.10.5.1 traceroute to 10.10.5.1(10.10.5.1) 30 hops max,40 bytes packet, press CTRL_C to break 1 10.0.1.1 4294967291 ms 20 ms <1 ms 2 10.0.1.6 10 ms 20 ms 20 ms 3 10.10.5.1 30 ms 25 ms 5 ms <R5> trace -a 10.10.5.1 10.40.4.1 traceroute to 10.40.4.1(10.40.4.1) 30 hops max,40 bytes packet, press CTRL_C to break 1 10.0.1.26 30 ms 10.0.1.17 4 ms 10.0.1.26 15 ms 2 10.0.1.14 15 ms 10.0.1.21 25 ms 10.0.1.14 21 ms 3 10.40.4.1 14 ms 10 ms 35 ms 5.修改路由信息属性来控制数据流方向 修改local-pre值,实现AS65002的业务网段去往10.30.1.1的主路径走R1-R2,去往10.40.4.1的主路径走R3-R4,使用Tracert命令测试。 1) local-pre该配在哪里?根据BGP的路由选路规则,R2,R3,R5去往10.30.1.1的路径都是R1-R2 现在只有 [R2]acl num 2003 [R2-acl-basic-2003]rule 1 permit source 10.30.1.1 0.0.0.0 [R2-acl-basic-2003]q [R2]route-policy R1-R2 permit node 10 New Sequence of this List [R2-route-policy]if-match acl 2003 [R2-route-policy]apply local-pre 200 [R2-route-policy]q [R2]bgp 65002 [R2-bgp]peer 10.0.1.5 route-policy R1-R2 import [R3]acl num 2003 [R3-acl-basic-2003]rule 1 permit source 10.40.4.1 0.0.0.0 [R3-acl-basic-2003]q [R3]route-policy R3-R4 permit node 10 New Sequence of this List [R3-route-policy]if-match acl 2003 [R3-route-policy]apply ? as-path Prepend the as-path string to the AS path comm-list Set BGP community list (for deletion) community BGP community attribute cost Set cost of the matched route cost-type Type of metric for destination routing protocol extcommunity BGP extended community attribute ip-address IP information ipv6 IPv6 Information isis IS-IS routing protocol defined by ISO local-preference BGP local preference mpls-label Match MPLS label origin BGP origin code preference Give the Preference (Route Preference) preferred-value BGP Preferred-value (weight) for routing table tag Set tag of route [R3-route-policy]apply local-pre 300 [R3-route-policy]q [R3]bgp 65002 [R3-bgp]peer 10.0.1.9 route-policy R3-R4 ? export Specify export policy import Specify import policy [R3-bgp]peer 10.0.1.9 route-policy R3-R4 import 修改后的效果 <R6>dis bgp rout Total Number of Routes: 7 BGP Local router ID is 6.6.6.6 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 3.3.3.3/32 3.3.3.3 0 100 0 i * i 10.10.5.1/32 2.2.2.2 10 100 0 i * i 3.3.3.3 20 100 0 i * i 10.10.6.1/32 3.3.3.3 10 100 0 i * i 2.2.2.2 20 100 0 i *>i 10.30.1.1/32 2.2.2.2 0 200 0 65001i *>i 10.40.4.1/32 3.3.3.3 0 300 0 65001i 6.<R2> dis bgp rout Total Number of Routes: 8 BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 3.3.3.3/32 3.3.3.3 0 100 0 i *> 10.10.5.1/32 0.0.0.0 10 0 i * i 3.3.3.3 20 100 0 i *> 10.10.6.1/32 0.0.0.0 20 0 i *> 0.0.0.0 20 0 i * i 3.3.3.3 10 100 0 i *> 10.30.1.1/32 10.0.1.5 0 200 0 65001i *>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i 这里的i是指从本自治系统收到的。 疑问:为什么R2收不到来自R1发来的10.40.4.1这条路由? R3也收不到来自R4发来的10.30.1.1这条路由? 原因是:原来配错了,导致R1与R4邻居建立不起来。 [R3]dis bgp rout Total Number of Routes: 10 BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 3.3.3.3/32 0.0.0.0 0 0 i *> 10.10.5.1/32 0.0.0.0 20 0 i *> 0.0.0.0 20 0 i * i 2.2.2.2 10 100 0 i *> 10.10.6.1/32 0.0.0.0 10 0 i * i 2.2.2.2 20 100 0 i *> 10.30.1.1/32 10.0.1.9 0 65001i * i 2.2.2.2 0 100 0 65001i *> 10.40.4.1/32 10.0.1.9 0 0 65001i * i 2.2.2.2 100 0 65001i
<R2>dis bgp rout Total Number of Routes: 10 BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 3.3.3.3/32 3.3.3.3 0 100 0 i *> 10.10.5.1/32 0.0.0.0 10 0 i * i 3.3.3.3 20 100 0 i *> 10.10.6.1/32 0.0.0.0 20 0 i *> 0.0.0.0 20 0 i * i 3.3.3.3 10 100 0 i *> 10.30.1.1/32 10.0.1.5 0 0 65001i * i 3.3.3.3 100 0 65001i *> 10.40.4.1/32 10.0.1.5 0 65001i * i 3.3.3.3 0 100 0 65001i
2) 配置MED值 [R2]acl num 2004 [R2-acl-basic-2004]rule 1 permit source %Aug 31 22:04:15:00 2012 R2 RM/3/RMLOG: BGP.: 6.6.6.6 State is changed from OPENCONFIRM to ESTABLISHED. 10.40.4.1 0.0.0.0 [R2-acl-basic-2004]q [R2] %Aug 31 22:04:35:968 2012 R2 RM/3/RMLOG: BGP.: 5.5.5.5 State is changed from OPENCONFIRM to ESTABLISHED. [R2]route-policy R3-R4 permit node 10 New Sequence of this List [R2-route-policy]if-match acl 2004 [R2-route-policy]apply cost 100 [R2]bgp 65002 [R2-bgp]peer 10.0.1.5 route-policy R3-R4 import [R3]acl num 2004 [R3-acl-basic-2004]rule 1 permit source 10.30.1.1 0.0.0.0 [R3-acl-basic-2004]q [R3] [R3]route-policy R3-R4 permit node 10 New Sequence of this List [R3-route-policy]if-match acl 2004 [R3-route-policy]apply cost 100 [R3]bgp 65002 [R3-bgp]peer 10.0.1.5 route-policy R1-R2 import 模拟器问题,敲下apply cost 100,自动关闭了路由器的模拟窗口? 只在各自上配一条就行了,相对提高值! 四、实验总结 小结: 1.有些路由会显示本地优先级,有些不会,是因为没有发过来? 2.BGP发言者只将自己使用的路由(BGP路由表里的路由)发布给对等体 3.只有在自己全局路由表里存在有的路由,才能通告BGP network 出去! 4.H3C MSR路由器默认关闭了同步,R3上从R5上收到了10.10.5.1的路由,会直接发给自己EBGP R4,由于R3所在区域配置了全互联,所以不会产生路由“黑洞”。 5.全局路由表里显示的直连网段下一跳是自己的出接口 6.EBGP之间建邻居为什么用物理接口?IBGP之间建邻居为什么用loopback0接口? 7.断开R1、R4的连接关系、10.40.4.1 这条路由不会发给R1,因为防环机制,AS号重复了。
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2013-6-3 08:36:21
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡