文章目錄
- 大規模路由綜合實驗
- 實驗拓撲
- 實驗需求
- 實驗步驟
- 1.配置IP地址略
- 2.總公司和分公司內部配置OSPF,不能出現業務網段
- 3.總公司和分公司內部配置IBGP,業務網段宣告進BGP
- 4.總公司和分公司之間配置EBGP
- 5.辦事處和總公司之間配置RIP
- 6.調整鏈路cost值避免產生等價路由
- 7.修改AS_path,A流走R2R4,B流走R3R5
- 8.R2配置RIP和BGP雙向引入
- 9.RIP中配置靜默介面
- 10.分公司不能互訪,總公司對分公司發布屬于本AS路由
- 11.測驗
大規模路由綜合實驗
實驗拓撲
實驗需求
1.某企業總公司和分公司運行 BGP 實作路由互通,另外還有辦事處運行 RIPv2,總公司和分公司之間通過兩條線路相 連,企業內有 A 流和 B 流兩種流量,如圖所示
2.按照圖示配置 IP 地址,除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立鄰居,地址格式為 X.X.X.X/32,X 為設備編號
3.總公司和分公司內部配置 OSPF,僅用于實作 BGP 的 TCP 可達,不允許宣告業務網段
4.辦事處和總公司之間配置 RIPv2
5.適當調整鏈路 Cost,避免產生等價路由
6.總公司和分公司配置 BGP 實作路由互通,總公司在 AS 65001,分公司在 AS 65002,各自 AS 內部使用對等體組 建立可靠的 IBGP 全連接,AS 之間使用直連介面建立 EBGP 鄰居,總公司和分公司的業務網段宣告在 BGP 中
7.為了實作總公司和分公司的流量負載均衡,要求通過修改 AS_path,使 A 流資料經過 R2 和 R4,B 流資料經過 R3 和 R5
8.在 R2 上配置 RIP 和 BGP 的雙向引入,要求辦事處的 A 流和 B 流都能與總公司互通,但辦事處與分公司之間只 有 A 流能夠互通
9.不允許業務網段出現協議報文,不允許出現不相關的 RIP 協議報文
10.隨著公司業務發展,后續可能會有其他分公司通過 R2 或 R3 接入總公司;不允許分公司之間互訪,所以要求總公司只能對分公司發布屬于本 AS 的路由
實驗步驟
1.配置IP地址略
2.總公司和分公司內部配置OSPF,不能出現業務網段
R1
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.0.1 0.0.0.0
network 10.0.0.5 0.0.0.0
#
R2
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.0.2 0.0.0.0
network 10.0.0.9 0.0.0.0
#
R3
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.0.6 0.0.0.0
network 10.0.0.10 0.0.0.0
#
R4
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.0.21 0.0.0.0
network 10.0.0.25 0.0.0.0
#
R5
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.0.0.22 0.0.0.0
network 10.0.0.29 0.0.0.0
#
R6
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.0.0.26 0.0.0.0
network 10.0.0.30 0.0.0.0
#
3.總公司和分公司內部配置IBGP,業務網段宣告進BGP
R1
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 2.2.2.2 group neibu
peer 3.3.3.3 group neibu
#
address-family ipv4 unicast
network 172.16.0.0 255.255.255.0
network 192.168.0.0 255.255.255.0
peer neibu enable
#
R2
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
#
R3
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 2.2.2.2 group neibu
peer 10.0.0.18 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.18 enable
#
R4
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 5.5.5.5 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.13 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.13 enable
#
R5
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.17 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.17 enable
#
R6
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 5.5.5.5 group neibu
#
address-family ipv4 unicast
network 172.16.1.0 255.255.255.0
network 192.168.1.0 255.255.255.0
peer neibu enable
#
4.總公司和分公司之間配置EBGP
R2
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
#
R4
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 5.5.5.5 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.13 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.13 enable
#
R3
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 2.2.2.2 group neibu
peer 10.0.0.18 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.18 enable
#
R5
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.17 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.17 enable
#
5.辦事處和總公司之間配置RIP
R2
#
rip 1
undo summary
version 2
network 10.0.0.0
#
R7
#
rip 1
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
#
6.調整鏈路cost值避免產生等價路由
R1
#
interface GigabitEthernet0/0
ospf cost 300
interface GigabitEthernet0/1
ospf cost 400
#
R2
#
interface GigabitEthernet0/0
ospf cost 300
interface GigabitEthernet0/1
ospf cost 500
#
R3
#
interface GigabitEthernet0/0
ospf cost 400
interface GigabitEthernet0/1
ospf cost 500
#
R4,R5,R6配置類似
7.修改AS_path,A流走R2R4,B流走R3R5
R2
#
acl basic 2000
rule 0 permit source 172.16.0.0 0.0.0.255
#
route-policy bliu permit node 10 入節點
if-match ip address acl 2000
apply as-path 65001
route-policy bliu permit node 20 出節點,這里千萬別忘記配置
#
bgp 65001
#
總公司B流走R3R5,那么B流的出口就在R4的10.0.0.14
address-family ipv4 unicast
peer 10.0.0.14 route-policy bliu export
#
R4
#
acl basic 2000
rule 0 permit source 172.16.1.0 0.0.0.255
#
route-policy bliu permit node 10 入節點
if-match ip address acl 2000
apply as-path 65002
route-policy bliu permit node 20 出節點,這里千萬別忘記配置
#
bgp 65002
#
分公司B流走R3R5,那么B流的出口就在R2的10.0.0.13
address-family ipv4 unicast
peer 10.0.0.13 route-policy bliu export
#
R3
#
acl basic 2000
rule 0 permit source 192.168.0.0 0.0.0.255
#
route-policy aliu permit node 10 入節點
if-match ip address acl 2000
apply as-path 65001
route-policy aliu permit node 20 出節點,這里千萬別忘記配置
#
bgp 65001
#
總公司A流走R2R4,那么A流的出口就在R5的10.0.0.18
address-family ipv4 unicast
peer 10.0.0.18 route-policy aliu export
#
R5
#
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
#
route-policy aliu permit node 10 入節點
if-match ip address acl 2000
apply as-path 65002
route-policy aliu permit node 20 出節點,這里千萬別忘記配置
#
#
bgp 65002
#
分公司A流走R2R4,那么A流的出口就在R3的10.0.0.17
address-family ipv4 unicast
peer 10.0.0.17 route-policy aliu export
#
8.R2配置RIP和BGP雙向引入
辦事處A流B流與總公司互通,辦事處A流與分公司互通
R2
#
acl basic 2001
rule 0 permit source 192.168.0.0 0.0.1.255
rule 5 permit source 172.16.0.0 0.0.0.255
#
acl basic 2002
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
route-policy b2r permit node 10 這里引入時不用配置出節點
if-match ip address acl 2001
#
rip 1
import-route bgp allow-ibgp route-policy b2r 默認引入的是ebgp,所以這里要多加一個引數
#
acl basic 2002
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
bgp 65001
#
address-family ipv4 unicast
import-route rip 1
peer 10.0.0.14 filter-policy 2002 export
辦事處B流不能去分公司,一個路由策略在一個介面只能用一次,route-policy用過了
#
R3
#
acl basic 2001
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
bgp 65001
#
address-family ipv4 unicast
peer 10.0.0.18 filter-policy 2001 export 沒有給路由策略取名字,所以此處就用2001
分公司B流不能去辦事處,一個路由策略在一個介面只能用一次,route-policy用過了
#
9.RIP中配置靜默介面
不允許業務網段出現協議報文,不允許出現不相關的 RIP 協議報文
R2
#
rip 1
silent-interface GigabitEthernet0/0
silent-interface GigabitEthernet0/1
silent-interface GigabitEthernet0/2
#
10.分公司不能互訪,總公司對分公司發布屬于本AS路由
R2
#
bgp 65001
#
address-family ipv4 unicast
peer 10.0.0.14 as-path-acl 1 export
#
R3
#
bgp 65001
#
address-family ipv4 unicast
peer 10.0.0.18 as-path-acl 1 export
#
11.測驗
-
總公司ping分公司
總公司B流能ping同分公司B流 [R1]ping -a 172.16.0.1 172.16.1.1 Ping 172.16.1.1 (172.16.1.1) from 172.16.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.1.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 172.16.1.1: icmp_seq=2 ttl=253 time=5.000 ms 56 bytes from 172.16.1.1: icmp_seq=3 ttl=253 time=3.000 ms 56 bytes from 172.16.1.1: icmp_seq=4 ttl=253 time=3.000 ms --- Ping statistics for 172.16.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/3.400/5.000/1.020 ms 總公司A流能ping同分公司A流 [R1]ping -a 192.168.0.1 192.168.1.1 Ping 192.168.1.1 (192.168.1.1) from 192.168.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.1.1: icmp_seq=0 ttl=253 time=1.000 ms 56 bytes from 192.168.1.1: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 192.168.1.1: icmp_seq=2 ttl=253 time=5.000 ms 56 bytes from 192.168.1.1: icmp_seq=3 ttl=253 time=1.000 ms 56 bytes from 192.168.1.1: icmp_seq=4 ttl=253 time=1.000 ms --- Ping statistics for 192.168.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.400/5.000/1.744 ms -
分公司ping總公司
分公司A流能ping同總公司A流 [R6]ping -a 192.168.1.1 192.168.0.1 Ping 192.168.0.1 (192.168.0.1) from 192.168.1.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.0.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 192.168.0.1: icmp_seq=2 ttl=253 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=3 ttl=253 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=4 ttl=253 time=2.000 ms --- Ping statistics for 192.168.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/2.400/4.000/0.800 ms 分公司B流能ping同總公司B流 [R6]ping -a 172.16.1.1 172.16.0.1 Ping 172.16.0.1 (172.16.0.1) from 172.16.1.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.0.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=1 ttl=253 time=3.000 ms 56 bytes from 172.16.0.1: icmp_seq=2 ttl=253 time=6.000 ms 56 bytes from 172.16.0.1: icmp_seq=3 ttl=253 time=3.000 ms 56 bytes from 172.16.0.1: icmp_seq=4 ttl=253 time=6.000 ms --- Ping statistics for 172.16.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/4.000/6.000/1.673 ms -
總公司ping辦事處
總公司A流能ping通辦事處A流 [R1]ping -a 192.168.0.1 192.168.2.1 Ping 192.168.2.1 (192.168.2.1) from 192.168.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.2.1: icmp_seq=0 ttl=254 time=1.000 ms 56 bytes from 192.168.2.1: icmp_seq=1 ttl=254 time=3.000 ms 56 bytes from 192.168.2.1: icmp_seq=2 ttl=254 time=4.000 ms 56 bytes from 192.168.2.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 192.168.2.1: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 192.168.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.400/4.000/1.020 ms 總公司B流能ping通辦事處B流 [R1]ping -a 172.16.0.1 172.16.2.1 Ping 172.16.2.1 (172.16.2.1) from 172.16.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.2.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 172.16.2.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 172.16.2.1: icmp_seq=2 ttl=254 time=4.000 ms 56 bytes from 172.16.2.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 172.16.2.1: icmp_seq=4 ttl=254 time=1.000 ms --- Ping statistics for 172.16.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.200/4.000/0.980 ms -
辦事處ping總公司
辦事處A流能ping通總公司A流 [R7]ping -a 192.168.2.1 192.168.0.1 Ping 192.168.0.1 (192.168.0.1) from 192.168.2.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.0.1: icmp_seq=0 ttl=254 time=0.000 ms 56 bytes from 192.168.0.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 192.168.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/1.600/2.000/0.800 ms 辦事處B流能ping通總公司B流 [R7]ping -a 172.16.2.1 172.16.0.1 Ping 172.16.0.1 (172.16.0.1) from 172.16.2.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.0.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 172.16.0.1: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 172.16.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms -
辦事處和分公司A流能互通
辦事處A流能ping通分公司A流 [R7]ping -a 192.168.2.1 192.168.1.1 Ping 192.168.1.1 (192.168.1.1) from 192.168.2.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.1.1: icmp_seq=0 ttl=252 time=3.000 ms 56 bytes from 192.168.1.1: icmp_seq=1 ttl=252 time=6.000 ms 56 bytes from 192.168.1.1: icmp_seq=2 ttl=252 time=4.000 ms 56 bytes from 192.168.1.1: icmp_seq=3 ttl=252 time=4.000 ms 56 bytes from 192.168.1.1: icmp_seq=4 ttl=252 time=3.000 ms --- Ping statistics for 192.168.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.000/4.000/6.000/1.095 ms 分公司A流能ping通辦事處A流 [R6]ping -a 192.168.1.1 192.168.2.1 Ping 192.168.2.1 (192.168.2.1) from 192.168.1.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.2.1: icmp_seq=0 ttl=253 time=3.000 ms 56 bytes from 192.168.2.1: icmp_seq=1 ttl=253 time=3.000 ms 56 bytes from 192.168.2.1: icmp_seq=2 ttl=253 time=4.000 ms 56 bytes from 192.168.2.1: icmp_seq=3 ttl=253 time=6.000 ms 56 bytes from 192.168.2.1: icmp_seq=4 ttl=253 time=3.000 ms --- Ping statistics for 192.168.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.000/3.800/6.000/1.166 ms -
辦事處和分公司B流不能不同
辦事處B流不能ping通分公司B流 [R7]ping -a 172.16.2.1 172.16.1.1 Ping 172.16.1.1 (172.16.1.1) from 172.16.2.1: 56 data bytes, press CTRL+C to break Request time out Request time out Request time out Request time out Request time out --- Ping statistics for 172.16.1.1 --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss 分公司B流不能ping通辦事處B流 [R6]ping -a 172.16.1.1 172.16.2.1 Ping 172.16.2.1 (172.16.2.1) from 172.16.1.1: 56 data bytes, press CTRL+C to break Request time out Request time out Request time out Request time out Request time out --- Ping statistics for 172.16.2.1 --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss如果到這里測驗都沒問題了,這個實驗才算做完了,這個實驗并不難,就是配置的時候要注意里面的一些小細節,
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/353338.html
標籤:其他