bgp反射器及联邦实验

一.实验要求

1、AS1 存在两个环回，一个地址为 192.168.1.0/24，该地址不能在任何协议中宣告 AS3 存在两个环回，一个地址为 192.168.2.0/24，该地址不能在任何协议中宣告 AS1 还有一个环回地址为 10.1.1.0/24，AS3 另一个环回地址是 11.1.1.0/24 最终要求这两个环回可以互相通讯。

2、整个 AS2 的 IP 地址为 172.16.0.0/16

3、AS 间的骨干链路 IP 地址随意分配

4、使用 BGP 协议让整个网络所有设备的环回可以互相访问

5、减少路由条目数量，避免环路出现

二.实验实现

1.IP地址划分

172.168.0.0/24 建邻

172.168.0.2 --R2

172.168.1.0/24 互联

AR1 - AR2：12.0.0.0/24

AR2 - AR3：172.168.1.1/30

AR3 - AR4：172.168.1.4/30

AR4 - AR7：172.168.1.12/30

AR7 - AR8：78.0.0.0/24

AR2 - AR5：172.168.1.8/30

AR5 - AR6：172.168.1.16/30

AR6 - AR7：172.168.1.20/30

172.168.2.0/24 AR2用户

bash 复制代码

//AR1
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 192.168.1.1 24
[AR1-LoopBack0]interface LoopBack 1
[AR1-LoopBack1] ip address 10.1.1.1 24
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0] ip address 12.0.0.1 24

//AR2
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0] ip address 12.0.0.2 24
[AR2-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1] ip address 172.16.1.1 30
[AR2-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[AR2-GigabitEthernet0/0/2] ip address 172.16.1.9 30
[AR2]INT L 0
[AR2-LoopBack0]ip add 172.16.0.2 32
[AR2-LoopBack0]INT L 1
[AR2-LoopBack1]ip address 172.16.2.1 24

[AR2-LoopBack1]ospf network-type  broadcast


//AR3
[AR3]interface GigabitEthernet 0/0/0
[AR3-GigabitEthernet0/0/0] ip address 172.16.1.2 30
[AR3-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[AR3-GigabitEthernet0/0/1] ip address 172.16.1.5 30
[AR3-GigabitEthernet0/0/1] ip address 172.16.1.5 30
[AR3-LoopBack1]ospf network-type  broadcast

[AR3]int l 0
[AR3-LoopBack0]ip add	
[AR3-LoopBack0]ip address  172.16.0.3 32
[AR3-LoopBack0]int l 1
[AR3-LoopBack1]ip add 172.16.3.1 24

//AR4
[AR4]interface GigabitEthernet 0/0/0
[AR4-GigabitEthernet0/0/0] ip address 172.16.1.6 30
[AR4-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[AR4-GigabitEthernet0/0/1] ip address 172.16.1.13 30

[AR4]int LoopBack 0
[AR4-LoopBack0]ip add 172.16.0.4 32
[AR4-LoopBack0]int LoopBack 1
[AR4-LoopBack1]ip add 172.16.4.1 24

[AR4-LoopBack1]ospf network-type  broadcast

//AR5
[AR5]interface GigabitEthernet 0/0/0
[AR5-GigabitEthernet0/0/0] ip address 172.16.1.10 30
[AR5-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[AR5-GigabitEthernet0/0/1] ip address 172.16.1.17 30

[AR5]int l 0
[AR5-LoopBack0]ip add 172.16.0.5 32
[AR5-LoopBack0]int l 1
[AR5-LoopBack1]ip add 172.16.5.1 24
[AR5-LoopBack1]ospf network-type  broadcast

//AR6
[AR6]interface GigabitEthernet 0/0/0
[AR6-GigabitEthernet0/0/0] ip address 172.16.1.18 30
[AR6-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[AR6-GigabitEthernet0/0/1] ip address 172.16.1.21 30


[AR6]int l 0
[AR6-LoopBack0]ip address 172.16.0.6 32
[AR6-LoopBack0]int l 1
[AR6-LoopBack1]ip address 172.16.6.1 24
[AR6-LoopBack1]ospf network-type  broadcast

//AR7
[AR7]int GigabitEthernet  0/0/0
[AR7-GigabitEthernet0/0/0]ip add 172.16.1.14 30
[AR7-GigabitEthernet0/0/0]int GigabitEthernet 0/0/1
[AR7-GigabitEthernet0/0/1]ip add 172.16.1.22 30
[AR7]int g 0/0/2
[AR7-GigabitEthernet0/0/2]ip add 78.0.0.7 24


[AR7]int l 0
[AR7-LoopBack0]ip add 172.16.0.7 32
[AR7-LoopBack0]int l 1
[AR7-LoopBack1]ip add 172.16.7.1 24
[AR7-LoopBack1]ospf network-type  broadcast

//AR8
[AR8]int g 0/0/0

[AR8-GigabitEthernet0/0/0]ip address  78.0.0.8 24

[AR8-GigabitEthernet0/0/0]int l 0
[AR8-LoopBack0]ip add 192.168.2.1 24
[AR8-LoopBack0]int l 1
[AR8-LoopBack1]ip add 11.1.1.1 24

IGP

bash 复制代码

[AR2]ospf 1 router-id 2.2.2.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[AR3]ospf 1 router-id  3.3.3.3
[AR3-ospf-1]a 0
[AR3-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[AR4]ospf 1 router-id  4.4.4.4
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[AR5]ospf 1 router-id  5.5.5.5
[AR5-ospf-1]area 0 
[AR5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[AR6]ospf 1 router-id  6.6.6.6
[AR6-ospf-1]area 0
[AR6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[AR7]ospf 1 router-id 7.7.7.7
[AR7-ospf-1]area 0
[AR7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

BGP配置

建邻

bash 复制代码

//AR2
[AR2]bgp 64512

[AR2-bgp]router-id 2.2.2.2
	
[AR2-bgp]confederation id  2

[AR2-bgp]confederation  peer-as 64513

[AR2-bgp]peer 12.0.0.1 as-number  1

[AR2-bgp]peer 172.16.0.3 as-number 64512


[AR2-bgp]peer 172.16.0.5 as-number 64513
[AR2-bgp]peer 172.16.0.3  connect-interface  LoopBack 0
[AR2-bgp]peer 172.16.0.5 connect-interface LoopBack 0
	
[AR2-bgp]peer 172.16.0.5 ebgp-max-hop

[AR2-bgp]peer 172.16.0.3 next-hop-local
[AR2-bgp]peer 172.16.0.5 next-hop-local


//AR3
[AR3]bgp 64512

[AR3-bgp]router-id 3.3.3.3
	
[AR3-bgp]confederation  id 2

[AR3-bgp]peer 172.16.0.2 as-number 64512
[AR3-bgp]peer 172.16.0.4 as-number 64512
	
[AR3-bgp]peer 172.16.0.2 connect-interface LoopBack  0
[AR3-bgp]peer 172.16.0.4 connect-interface LoopBack  0


//AR4
[AR4-bgp]dis th
[V200R003C00]
#
bgp 64512
 router-id 4.4.4.4
 confederation id 2
 confederation peer-as 64513
 peer 172.16.0.3 as-number 64512 
 peer 172.16.0.3 connect-interface LoopBack0
 peer 172.16.0.7 as-number 64513 
 peer 172.16.0.7 ebgp-max-hop 255 
 peer 172.16.0.7 connect-interface LoopBack0
 #



//AR5
[AR5-bgp]dis th
[V200R003C00]
#
bgp 64513
 router-id 5.5.5.5
 confederation id 2
 confederation peer-as 64512
 peer 172.16.0.2 as-number 64512 
 peer 172.16.0.2 ebgp-max-hop 255 
 peer 172.16.0.2 connect-interface LoopBack0
 peer 172.16.0.6 as-number 64513 
 peer 172.16.0.6 connect-interface LoopBack0

//AR6
[AR6-bgp]dis th
[V200R003C00]
#
bgp 64513
 router-id 6.6.6.6
 confederation id 2
 peer 172.16.0.5 as-number 64513 
 peer 172.16.0.5 connect-interface LoopBack0
 peer 172.16.0.7 as-number 64517 
 peer 172.16.0.7 connect-interface LoopBack0

//AR7
[AR7-bgp]display  th
[V200R003C00]
#
bgp 64513
 router-id 7.7.7.7
 confederation id 2
 confederation peer-as 64512
 peer 78.0.0.8 as-number 3 
 peer 172.16.0.4 as-number 64512 
 peer 172.16.0.4 ebgp-max-hop 255 
 peer 172.16.0.4 connect-interface LoopBack0
 peer 172.16.0.6 as-number 64513 
 peer 172.16.0.6 ebgp-max-hop 255 
 peer 172.16.0.6 connect-interface LoopBack0
 #

///AR8
[AR8]bgp 3
[AR8-bgp]router-id 8.8.8.8
[AR8-bgp]peer 78.0.0.7 as-number 2

查看是否成功建立

AR3 AR6当RR

bash 复制代码

//AR3
[AR3-bgp]peer 172.16.0.2 reflect-client
[AR3-bgp]peer 172.16.0.4 reflect-client


[AR6-bgp]peer 172.16.0.5 reflect-client
[AR6-bgp]peer 172.16.0.7 reflect-client

发布路由

bash 复制代码

//AR1
[AR1-bgp]network 10.1.1.0 24

//AR8
[AR8-bgp]network 11.1.1.0 24

此时

bash 复制代码

[AR2]ip ip-prefix aa permit 172.16.0.0 16 greater-equal  24 less-equal 24

[AR2]route-policy aa permit  node 10
Info: New Sequence of this List.

[AR2-route-policy]if-match ip-prefix  aa
[AR2-route-policy]q
[AR2]bgp 64512
[AR2-bgp]import-route ospf  1 route-policy aa




[AR7]ip ip-prefix aa permit 172.16.0.0 16 greater-equal  24 less-equal 24
[AR7]route-policy aa permit  node 10
Info: New Sequence of this List.
[AR7-route-policy]if-match ip-prefix  aa
[AR7-route-policy]q
[AR7]bgp 64513
[AR7-bgp]import-route ospf  1 route-policy aa

路由优选后才会进行传递

此时AR1pingAR6环回数据可通

vpn实现两环回互通

bash 复制代码

[AR1]int Tunnel  0/0/0
[AR1-Tunnel0/0/0]ip address  18.0.0.1 24
[AR1-Tunnel0/0/0]tunnel-protocol  gre
[AR1-Tunnel0/0/0]source 10.1.1.1
[AR1-Tunnel0/0/0]destination 11.1.1.1


[AR8]int Tunnel 0/0/0
[AR8-Tunnel0/0/0]ip address 18.0.0.8 24
[AR8-Tunnel0/0/0]tunnel-protocol  gre 
[AR8-Tunnel0/0/0]source 11.1.1.1
[AR8-Tunnel0/0/0]description 10.1.1.1

此时

$AR1$ ip route-static 192.168.2.0 24 18.0.0.8

$AR8$ ip route-static 192.168.1.0 24 18.0.0.1

两环回互通

优化：减少路由条目数量，避免环路出现

汇总

bash 复制代码

[AR2]bgp 64512

[AR2-bgp]aggregate 172.16.0.0  255.255.248.0

$AR2-bgp$ aggregate 172.16.0.0 255.255.248.0 detail-suppressed as-set

detail-suppressed 抑制明细路由

as-set 继承AS-path

AR7也要汇总

bash 复制代码

[AR7-bgp]aggregate 172.16.0.0 255.255.248.0 detail-suppressed as-set