CCNP课程实验-04-BGP_CFG

目录

  • 实验条件
  • 基础配置
  • 需求实现
    • IGP部分
      • [1. 按照图示配置OSPF区域,RID为Loopback 0地址。其中Area 146要配置为OSPF的特殊区域。](#1. 按照图示配置OSPF区域,RID为Loopback 0地址。其中Area 146要配置为OSPF的特殊区域。)
      • [2. 配置其它路由协议,重分布使得路由互相注入,实现全网互通。](#2. 配置其它路由协议,重分布使得路由互相注入,实现全网互通。)
      • [3. R1配置策略路由,使得R2经R1去往Area 57的数据流走R6;R2经R1去往EIGRP 35的数据流走R4。 (请在R2采用针对3.3.3.3和5.5.5.5进行Traceroute测试)](#3. R1配置策略路由,使得R2经R1去往Area 57的数据流走R6;R2经R1去往EIGRP 35的数据流走R4。 (请在R2采用针对3.3.3.3和5.5.5.5进行Traceroute测试))
      • [4. 在R3的EIGRP 35上增加以下网段:](#4. 在R3的EIGRP 35上增加以下网段:)
    • BGP部分
      • [1. 如图按红色字体规划配置BGP,RID为Loopback 0地址。](#1. 如图按红色字体规划配置BGP,RID为Loopback 0地址。)
      • [2. 配置AS 146的R1为路由反射器,R4/R6为客户端。要求采用peer-group的方式配置。](#2. 配置AS 146的R1为路由反射器,R4/R6为客户端。要求采用peer-group的方式配置。)
      • [3. 在R2上增加以下网段,并发布到BGP:](#3. 在R2上增加以下网段,并发布到BGP:)
      • [4. 在适当路由器上修改BGP路由属性,使得R2前往30.30.30.30/27的路径为:R1-R6-R7-R5-R3。](#4. 在适当路由器上修改BGP路由属性,使得R2前往30.30.30.30/27的路径为:R1-R6-R7-R5-R3。)

实验条件

网络拓朴

拓扑中的IP地址段采用:172.8.AB.X/24,其中AB为两台路由器编号组合。

例如:R3-R5之间的AB为35,X为路由器编号,例如R3的X=3

所有路由器都有一个Loopback 0接口,地址格式为:X.X.X.X/32,其中X为路由器编号。

R1/R4/R6之间的网段为:172.8.146.X/24,其中X为路由器编号。

没有特殊要求,不允许使用静态路由。

基础配置

R1

java 复制代码
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
interface Ethernet0/0
 ip address 172.8.12.1 255.255.255.0
interface Ethernet0/1
 ip address 172.8.146.1 255.255.255.0

R2

java 复制代码
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
interface Ethernet0/0
 ip address 172.8.12.2 255.255.255.0

R3

java 复制代码
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
interface Ethernet0/0
 ip address 172.8.35.3 255.255.255.0

R4

java 复制代码
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
interface Ethernet0/0
 ip address 172.8.47.4 255.255.255.0
interface Ethernet0/1
 ip address 172.8.146.4 255.255.255.0

R5

java 复制代码
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
interface Ethernet0/0
 ip address 172.8.35.5 255.255.255.0
interface Ethernet0/1
 ip address 172.8.57.5 255.255.255.0

R6

java 复制代码
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
interface Ethernet0/1
 ip address 172.8.146.6 255.255.255.0
interface Ethernet0/2
 ip address 172.8.67.6 255.255.255.0

R7

java 复制代码
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
interface Ethernet0/0
 ip address 172.8.47.7 255.255.255.0
interface Ethernet0/1
 ip address 172.8.57.7 255.255.255.0
interface Ethernet0/2
 ip address 172.8.67.7 255.255.255.0

需求实现

IGP部分

1. 按照图示配置OSPF区域,RID为Loopback 0地址。其中Area 146要配置为OSPF的特殊区域。

R1

java 复制代码
router eigrp 12
 network 172.8.12.1 0.0.0.0
 eigrp router-id 1.1.1.1
router ospf 100
 router-id 1.1.1.1
 area 146 nssa	// 非ABR,配置NSSA区域,只要配置成nssa即可
 network 1.1.1.1 0.0.0.0 area 146

interface Ethernet0/1
 ip ospf 100 area 146

R2

java 复制代码
router eigrp 12
 network 2.2.2.2 0.0.0.0
 network 172.8.12.2 0.0.0.0
 eigrp router-id 2.2.2.2

R3

java 复制代码
router eigrp 35
 network 3.3.3.3 0.0.0.0
 network 172.8.35.3 0.0.0.0
 eigrp router-id 3.3.3.3

R4

java 复制代码
router ospf 100
 router-id 4.4.4.4
 //需要引入外部的路由。所以特殊区域只能选择NSSA,由于NSSA默认不会下发默认路由,这样的话,会影响访问外部路由
 //因此,需要配置成Totally NSSA, 或是配置default-information-originate, 
 area 146 nssa default-information-originate
 network 4.4.4.4 0.0.0.0 area 0

R5

java 复制代码
router eigrp 35
 network 172.8.35.5 0.0.0.0
 eigrp router-id 5.5.5.5
router ospf 100
 router-id 5.5.5.5
 network 5.5.5.5 0.0.0.0 area 57

interface Ethernet0/1
 ip ospf 100 area 57

R6

java 复制代码
router ospf 100
 router-id 6.6.6.6
 //需要引入外部的路由。所以特殊区域只能选择NSSA,由于NSSA默认不会下发默认路由,这样的话,会影响访问外部路由
 //因此,需要配置成Totally NSSA, 或是配置default-information-originate, 
 area 146 nssa default-information-originate
 network 6.6.6.6 0.0.0.0 area 0

interface Ethernet0/1
 ip ospf 100 area 146
interface Ethernet0/2
 ip ospf 100 area 0

R7

java 复制代码
router ospf 100
 network 7.7.7.7 0.0.0.0 area 0

interface Ethernet0/0
 ip ospf 100 area 0
interface Ethernet0/1
 ip ospf 100 area 57
interface Ethernet0/2
 ip ospf 100 area 0

2. 配置其它路由协议,重分布使得路由互相注入,实现全网互通。

R1 ASBR配置 双向重分布路由

OSPF重分布进eigrp的时候,默认的metric值无穷大,导致路由无效,因此需要特别指定引入的路由的metric计算值。

java 复制代码
router eigrp 12
 redistribute ospf 100 metric 10000 100 255 255 1500
router ospf 100
 redistribute eigrp 12 metric-type 1 subnets

R5 ASBR配置双向重分布路由

java 复制代码
router eigrp 35
 redistribute ospf 100 metric 10000 100 255 255 1500
router ospf 100
 redistribute eigrp 35 metric-type 1 subnets

全网互通结果检测

java 复制代码
R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 2.2.2.2 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
R3#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 7.7    
% Unrecognized host or address, or protocol not running.

R3#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

3. R1配置策略路由,使得R2经R1去往Area 57的数据流走R6;R2经R1去往EIGRP 35的数据流走R4。 (请在R2采用针对3.3.3.3和5.5.5.5进行Traceroute测试)

  1. R2经R1去往Area 57的数据流走R6;
    R2的ip是2.2.2.2,AREA 57的目标网段是:172.8.57.0 0.0.0.255
    access-list 125 permit ip host 2.2.2.2 172.8.57.0 0.0.0.255
    access-list 125 permit ip host 2.2.2.2 host 5.5.5.5
  2. R2经R1去往EIGRP 35的数据流走R4;
    R2的ip是2.2.2.2,EIGRP 35的目标网段是:172.8.35.0 0.0.0.255
    access-list 123 permit ip host 2.2.2.2 172.8.35.0 0.0.0.255
    access-list 123 permit ip host 2.2.2.2 host 3.3.3.3

在R1上进行配置

java 复制代码
access-list 123 permit ip host 2.2.2.2 172.8.35.0 0.0.0.255
access-list 123 permit ip host 2.2.2.2 host 3.3.3.3
access-list 125 permit ip host 2.2.2.2 172.8.57.0 0.0.0.255
access-list 125 permit ip host 2.2.2.2 host 5.5.5.5

 ip policy route-map PBR
route-map PBR permit 10
 match ip address 123
 // 配置策略,由2.2.2.2发起,前往EIGRP35区域的,走R4
 set ip next-hop 172.8.146.4
route-map PBR permit 20
 match ip address 125
 // 配置策略,由2.2.2.2发起,前往AREA57区域的,走R6 
 set ip next-hop 172.8.146.6
route-map PBR permit 30

//在R1入口方向配置策略
interface Ethernet0/0
 ip policy route-map PBR

效果测试

java 复制代码
R2#traceroute 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 172.8.12.1 0 msec 1 msec 0 msec
  2 172.8.146.4 0 msec 0 msec 0 msec
  3 172.8.47.7 0 msec 0 msec 1 msec
  4 172.8.57.5 0 msec 1 msec 0 msec
  5 172.8.35.3 1 msec *  1 msec
R2#traceroute 5.5.5.5 source 2.2.2.2
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 172.8.12.1 1 msec 0 msec 0 msec
  2 172.8.146.6 0 msec 1 msec 0 msec
  3 172.8.67.7 1 msec 0 msec 0 msec
  4 172.8.57.5 1 msec *  1 msec
R2#

4. 在R3的EIGRP 35上增加以下网段:

		Loopback17:17.17.17.17/32,Loopback101:100.100.100.101/32
		Loopback18:18.18.18.18/32,Loopback102:100.100.100.102/32
a.配置使得Loopback 18网段只能在EIGRP 35内传输,其它地址要求全网Ping通。
b.配置Loopback 100和Loopback 101最精确的路由汇总,隐藏明细路由,且汇总路由不允许在EIGRP 35出现。

R3配置环回口地址

java 复制代码
interface Loopback1
 ip address 17.17.17.17 255.255.255.255
interface Loopback2
 ip address 18.18.18.18 255.255.255.255
interface Loopback3
 ip address 100.100.100.101 255.255.255.255
interface Loopback4
 ip address 100.100.100.102 255.255.255.255

宣告到EIGRP

java 复制代码
router eigrp 35
 network 17.17.17.17 0.0.0.0
 network 18.18.18.18 0.0.0.0
 network 100.100.100.101 0.0.0.0
 network 100.100.100.102 0.0.0.0

a.配置使得Loopback 18网段只能在EIGRP 35内传输,其它地址要求全网Ping通。

在重分布进ospf时拦截掉18网段路由
在R5的路由器上配置

java 复制代码
access-list 18 permit 18.18.18.18

route-map R3-18 deny 10
 match ip address 18
route-map R3-18 permit 20

router ospf 100
 redistribute eigrp 35 metric-type 1 subnets route-map R3-18

在R1上测试网络结果

java 复制代码
R1#ping 18.18.18.18
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 18.18.18.18, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R1#ping 17.17.17.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.17.17.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping 100.100.100.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping 100.100.100.102
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.102, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#

b.配置Loopback 100和Loopback 101最精确的路由汇总,隐藏明细路由,且汇总路由不允许在EIGRP 35出现。
在R5的路由器上配置

java 复制代码
ip prefix-list deny_100 seq 5 permit 100.100.100.100/30

route-map deny_100 deny 10
 match ip address prefix-list deny_100
route-map deny_100 permit 20

router eigrp 35
 redistribute ospf 100 metric 10000 100 255 255 1500 route-map deny_100

查看R7的路由表信息

java 复制代码
R7(config-router)#do show ip route
......
O E1     17.17.17.17 [110/30] via 172.8.57.5, 00:56:47, Ethernet0/1
      100.0.0.0/30 is subnetted, 1 subnets
O E1     100.100.100.100 [110/30] via 172.8.57.5, 00:24:01, Ethernet0/1
      172.8.0.0/16 is variably subnetted, 9 subnets, 2 masks
......
R7(config-router)#

查看EIGRP 35内的路由表信息

java 复制代码
R3(config)#do show ip route          
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
D EX     1.1.1.1 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
      2.0.0.0/32 is subnetted, 1 subnets
D EX     2.2.2.2 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
      3.0.0.0/32 is subnetted, 1 subnets
C        3.3.3.3 is directly connected, Loopback0
      4.0.0.0/32 is subnetted, 1 subnets
D EX     4.4.4.4 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
      5.0.0.0/32 is subnetted, 1 subnets
D EX     5.5.5.5 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
      6.0.0.0/32 is subnetted, 1 subnets
D EX     6.6.6.6 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
      7.0.0.0/32 is subnetted, 1 subnets
D EX     7.7.7.7 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
      17.0.0.0/32 is subnetted, 1 subnets
C        17.17.17.17 is directly connected, Loopback1
      18.0.0.0/32 is subnetted, 1 subnets
C        18.18.18.18 is directly connected, Loopback2
      100.0.0.0/32 is subnetted, 2 subnets
C        100.100.100.101 is directly connected, Loopback3
C        100.100.100.102 is directly connected, Loopback4
      172.8.0.0/16 is variably subnetted, 7 subnets, 2 masks
D EX     172.8.12.0/24 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
C        172.8.35.0/24 is directly connected, Ethernet0/0
L        172.8.35.3/32 is directly connected, Ethernet0/0
D EX     172.8.47.0/24 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
D EX     172.8.57.0/24 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
D EX     172.8.67.0/24 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
D EX     172.8.146.0/24 [170/307200] via 172.8.35.5, 00:18:35, Ethernet0/0
R3(config)#

R3的路由表并没有汇总的100网段路由。

BGP部分

1. 如图按红色字体规划配置BGP,RID为Loopback 0地址。

R1

java 复制代码
router bgp 146
 bgp router-id 1.1.1.1
 neighbor IBGP peer-group
 neighbor IBGP remote-as 146
 neighbor IBGP update-source Loopback0
 neighbor IBGP route-reflector-client
 neighbor IBGP next-hop-self
 neighbor 4.4.4.4 peer-group IBGP
 neighbor 6.6.6.6 peer-group IBGP
 neighbor 172.8.12.2 remote-as 22

R2

java 复制代码
router bgp 22
 bgp router-id 2.2.2.2
 neighbor 172.8.12.1 remote-as 146

R3

java 复制代码
router bgp 33
 bgp router-id 3.3.3.3
 neighbor 172.8.35.5 remote-as 57

R4

java 复制代码
router bgp 146
 bgp router-id 4.4.4.4
 neighbor IBGP peer-group
 neighbor IBGP remote-as 146
 neighbor IBGP update-source Loopback0
 neighbor IBGP next-hop-self
 neighbor 1.1.1.1 peer-group IBGP
 neighbor 6.6.6.6 peer-group IBGP
 neighbor 172.8.47.7 remote-as 57

R5

java 复制代码
router bgp 57
 bgp router-id 5.5.5.5
 neighbor 7.7.7.7 remote-as 57
 neighbor 7.7.7.7 update-source Loopback0
 neighbor 7.7.7.7 next-hop-self
 neighbor 172.8.35.3 remote-as 33

R6

java 复制代码
router bgp 146
 bgp router-id 6.6.6.6
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 146
 neighbor IBGP update-source Loopback0
 neighbor IBGP next-hop-self
 neighbor 1.1.1.1 peer-group IBGP
 neighbor 4.4.4.4 peer-group IBGP
 neighbor 172.8.67.7 remote-as 57

R7

java 复制代码
router bgp 57
 bgp router-id 7.7.7.7
 neighbor 5.5.5.5 remote-as 57
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 5.5.5.5 next-hop-self
 neighbor 172.8.47.4 remote-as 146
 neighbor 172.8.67.6 remote-as 146

2. 配置AS 146的R1为路由反射器,R4/R6为客户端。要求采用peer-group的方式配置。

R1配置路由反射器

java 复制代码
router bgp 146
 neighbor IBGP route-reflector-client
 或
 neighbor 4.4.4.4 route-reflector-client
 neighbor 6.6.6.6 route-reflector-client

3. 在R2上增加以下网段,并发布到BGP:

	Loopback24:192.168.24.1/24			Loopback25:192.168.25.1/24			Loopback26:192.168.26.1/24
	在R3上增加以下网段,Loopback30:30.30.30.30/27,并发布到BGP:
	配置使得R2的BGP表如下:


R2配置3个环回口

java 复制代码
interface Loopback24
 ip address 192.168.24.1 255.255.255.0
interface Loopback25
 ip address 192.168.25.1 255.255.255.0
interface Loopback26
 ip address 192.168.26.1 255.255.255.0

R3配置1个环回口

java 复制代码
interface Loopback30
 ip address 30.30.30.30 255.255.255.224

查看R2的BGP路由表

java 复制代码
R2(config-router)#do show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   30.30.30.0/27    172.8.12.1                             0 146 57 33 i
 *>   192.168.24.0     0.0.0.0                  0         32768 i
 *>   192.168.25.0     0.0.0.0                  0         32768 i
 *>   192.168.26.0     0.0.0.0

对比截图,发现在多了一条掩码长度为22的汇聚路由。而24,25,26三条路由被镇压。第3字节的二进制如下:
24的二进制为 00001100
25的二进制为 00001101
26的二进制为 00001110

变动的位数是最后的2位,固定不变的高6位的值为:24,因此聚合的路由就为:192.168.24.0/22。

执行以下命令

java 复制代码
router bgp 22
 // 不带参数summary-only的话,不会镇压其它明细路由,根据图片的要求,所以需要带上summary-only
 aggregate-address 192.168.24.0 255.255.252.0 as-set summary-only

再次查看BGP路由表

java 复制代码
R2(config-router)#do show ip bgp      
BGP table version is 19, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   30.30.30.0/27    172.8.12.1                             0 146 57 33 i
 s>   192.168.24.0     0.0.0.0                  0         32768 i
 *>   192.168.24.0/22  0.0.0.0                       100  32768 i
 s>   192.168.25.0     0.0.0.0                  0         32768 i
 s>   192.168.26.0     0.0.0.0                  0         32768 i
R2(config-router)#

比对图片,目的达到。

4. 在适当路由器上修改BGP路由属性,使得R2前往30.30.30.30/27的路径为:R1-R6-R7-R5-R3。

注:此时R2的BGP表仍如上面所示不变,并且不改变R4路由器的BGP选路。

查看当前R2到R3的选路路径。

java 复制代码
R2#traceroute 30.30.30.30
Type escape sequence to abort.
Tracing the route to 30.30.30.30
VRF info: (vrf in name/id, vrf out name/id)
  1 172.8.12.1 0 msec 0 msec 1 msec
  2 172.8.146.4 0 msec 0 msec 1 msec
  3 172.8.47.7 0 msec 0 msec 0 msec
  4 172.8.57.5 0 msec 1 msec 0 msec
  5 172.8.35.3 1 msec *  2 msec

当前的路径为:R1-R4-R7-R5-R3

要达成目标则可以以下的几个策略来达到目的

  1. 修改Weight权重值
    修改邻居R6的weight权重值
java 复制代码
router bgp 146
 neighbor 6.6.6.6 weight 1000

查看BGP路由表

java 复制代码
R1(config-router)#do show ip bgp
BGP table version is 40, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i  30.30.30.0/27    6.6.6.6                  0    100   1000 57 33 i
 * i                   4.4.4.4                  0    100      0 57 33 i
 *>   192.168.24.0/22  172.8.12.2               0             0 22 i

测试R2到R3的路径

java 复制代码
R2#traceroute 30.30.30.30
Type escape sequence to abort.
Tracing the route to 30.30.30.30
VRF info: (vrf in name/id, vrf out name/id)
  1 172.8.12.1 1 msec 0 msec 0 msec
  2 172.8.146.6 0 msec 0 msec 0 msec
  3 172.8.67.7 1 msec 0 msec 1 msec
  4 172.8.57.5 0 msec 1 msec 0 msec
  5 172.8.35.3 1 msec *  2 msec
  1. 修改local-preference
    确定30网段路由传递方向。R3 -> R5 -> R7 -> [ R4或R6 ] -> R1 -> R2
    将来数据的传递方向则是反过来,因此在R1将会有多条可选路径去往R3,那么要影响R1选择R4和R6(除了上面的weight)就是调整R4和R6传递过来的路由在R1上的local-preference值。默认是不传递该值的。直接就是默认值100,可以进行的操作有如下方法
    a. 调小R4或调大R6的bgp default local-preference 值。不过这样的话,R4所有过来的路由的local-preference都会受到影响。范围太大。
    b. 使用route-map调整R4/R6,对R1出方向的local-preference值
    c. 因为要求对R4不做改动,因此可以在R1路由器上对R4-R1-in方向 或 R6-R1-in方向的local-preference值。
    R1上配置in方向的local-preference值修改
java 复制代码
ip prefix-list 30 seq 5 permit 30.30.30.0/27

route-map R4-R1-in permit 10
 match ip address prefix-list 30
 set local-preference 99
route-map R4-R1-in permit 20

router bgp 146
 neighbor 4.4.4.4 route-map R4-R1-in in

查询local-preference值

java 复制代码
R1(config-router)#do show ip bgp
BGP table version is 58, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 * i  30.30.30.0/27    4.4.4.4                  0     99      0 57 33 i
 *>i                   6.6.6.6                  0    100      0 57 33 i
 *>   192.168.24.0/22  172.8.12.2               0             0 22 i
R1(config-router)# 

在R2测试配置结果

java 复制代码
R2#traceroute 30.30.30.30
Type escape sequence to abort.
Tracing the route to 30.30.30.30
VRF info: (vrf in name/id, vrf out name/id)
  1 172.8.12.1 0 msec 0 msec 1 msec
  2 172.8.146.6 0 msec 0 msec 1 msec
  3 172.8.67.7 0 msec 1 msec 0 msec
  4 172.8.57.5 1 msec 1 msec 0 msec
  5 172.8.35.3 1 msec *  1 msec
R2#

目标达成:R1-> R6-> R7-> R5-> R3

相关推荐
黑客Ash1 小时前
【D01】网络安全概论
网络·安全·web安全·php
->yjy1 小时前
计算机网络(第一章)
网络·计算机网络·php
摘星星ʕ•̫͡•ʔ2 小时前
计算机网络 第三章:数据链路层(关于争用期的超详细内容)
网络·计算机网络
.Ayang3 小时前
SSRF漏洞利用
网络·安全·web安全·网络安全·系统安全·网络攻击模型·安全架构
好想打kuo碎3 小时前
1、HCIP之RSTP协议与STP相关安全配置
网络·安全
虚拟网络工程师4 小时前
【网络系统管理】Centos7——配置主从mariadb服务器案例(下半部分)
运维·服务器·网络·数据库·mariadb
JosieBook5 小时前
【网络工程】查看自己电脑网络IP,检查网络是否连通
服务器·网络·tcp/ip
黑客Ash6 小时前
计算机中的网络安全
网络·安全·web安全
PersistJiao7 小时前
Spark 分布式计算中网络传输和序列化的关系(二)
大数据·网络·spark·序列化·分布式计算