bgp与ospf的简单结合应用
作者:互联网
一.实验需求:
1.完成下方的企业网络配置;
2.完成上方的运营商网络配置;
3.企业网络与ISP网络的互联IP地址,如图配置;
4.企业网络 OSPF 多区域设置,如图配置;
5.区域 10 中的 PC-1/2属于 vlan 12,并且将R1作为主网关,R2作为备份网关;
6.区域 20 是专门用于连接 Web Server 的区域,所以,必须确保该区域的稳定性和安全性,避免受到外部网络以及其他区域的影响,但必须依然确保与外部网络的互通。
- OSPF 骨干区域中的 R4 和 R5 是出口路由器。
8.内部主机与服务器与外部网络互通时,优先选择R5作为主出口;如果通过 R5 无法访问外部网络才会将 R4 作为 网络出口;
9.在 R5 上 连接 AS 200 的线路,是主链路;如果该链路不可用,才会使用 连接 AS 900 的链路。
10.企业网络与ISP之间,使用的都是静态路由-默认路由。
11.企业内网中的 PC-2 可以访问 Server-1,但是无法访问外部网络;
12.PC-1可以 ping 通位于 AS 200 中的 Server 2;
13.AS 200 中的客户端 Clinet-1 可以访问企业中区域20 中的 web-server (server-1).
二.拓扑图
三.配置
(一)区域10
SW1
undo t m
sys
sys sw1
vlan 12
port-group 1
group-m g0/0/1 to g0/0/4
port link-type access
port default vlan 12
q
R1
undo t m
sys
sys R1
int g0/0/0
ip addr 192.168.12.251 24
q
int g0/0/1
ip addr 192.168.13.251 24
q
int g0/0/0
vrrp vrid 10 virtual-ip 192.168.12.254
vrrp vrid 10 priority 150
q
ospf 1 router-id 1.1.1.1
area 10
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
q
q
R2
undo t m
sys
sys R2
int g0/0/0
ip addr 192.168.12.252 24
q
int g0/0/2
ip addr 192.168.23.252 24
q
int g0/0/0
vrrp vrid 10 virtual-ip 192.168.12.254
q
ospf 1 router-id 2.2.2.2
area 10
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
q
q
R3
undo t m
sys
sys R3
int g0/0/0
ip addr 192.168.34.3 24
q
int g0/0/1
ip addr 192.168.13.3 24
q
int g0/0/2
ip addr 192.168.23.3 24
q
ospf 1 router-id 3.3.3.3
area 10
network 192.168.13.0 0.0.0.255
network 192.168.23.0 0.0.0.255
q
area 0
network 192.168.34.0 0.0.0.255
q
q
(二)区域0
R4
Undo t m
Sys
Sys r4
Int g0/0/1
ip addr 192.168.34.4 24
q
int g0/0/0
ip address 192.168.45.4 24
q
int g0/0/2
ip address 200.1.40.4 27
q
ip route-static 0.0.0.0 0.0.0.0 200.1.40.10 preference 151
ospf 1 router-id 4.4.4.4
area 0
network 192.168.34.0 0.0.0.255
network 192.168.45.0 0.0.0.255
q
default-route-advertise
q
外网控制
acl 2000
rule 10 deny source 192.168.12.2 0.0.0.0
rule 1000 permit source any
q
int g0/0/2
nat outbound 2000
nat server protocol tcp global 200.1.40.1 12345 inside 192.168.20.8 80
q
R5
Undo t m
Sys
Sys r5
Int g0/0/1
ip addr 192.168.45.5 24
q
int g0/0/0
ip address 192.168.56.5 24
q
int g4/0/0
ip address 110.1.58.5 29
q
int g4/0/1
ip address 100.1.59.5 27
q
ip route-static 0.0.0.0 0.0.0.0 110.1.58.4
ip route-static 0.0.0.0 0.0.0.0 100.1.59.9 preference 100
ospf 1 router-id 5.5.5.5
area 0
network 192.168.56.0 0.0.0.255
network 192.168.45.0 0.0.0.255
q
default-route-advertise type 1
q
外网控制
acl 2000
rule 10 deny source 192.168.12.2 0.0.0.0
rule 1000 permit source any
q
int g4/0/0
nat outbound 2000
nat server protocol tcp global 110.1.58.1 12345 inside 192.168.20.8 80
q
int g4/0/1
nat outbound 2000
nat server protocol tcp global 100.1.59.1 12345 inside 192.168.20.8 80
q
R6
Undo t m
Sys
Sys r6
Int g0/0/1
ip addr 192.168.56.6 24
q
int g0/0/0
ip address 192.168.67.6 24
q
ospf 1 router-id 6.6.6.6
area 0
network 192.168.56.0 0.0.0.255
q
area 20
network 192.168.67.0 0.0.0.255
stub no-summary
q
q
(三)区域20
R7
Undo t m
Sys
Sys r7
Int g0/0/1
ip addr 192.168.67.7 24
q
int g0/0/2
ip address 192.168.20.254 24
q
ospf 1 router-id 7.7.7.7
area 20
network 192.168.67.0 0.0.0.255
network 192.168.20.0 0.0.0.255
stub
q
q
(四)as 900
R9
undo t m
sys
sys R9
int g0/0/0
ip address 100.1.59.9 27
undo sh
q
int g0/0/1
ip address 120.1.129.9 24
undo sh
q
int g0/0/2
ip address 120.1.89.9 24
undo sh
q
bgp 900
router-id 9.9.9.9
peer 120.1.89.8 as-number 200
peer 120.1.129.12 as-number 200
network 100.1.59.0 255.255.255.224
q
(五)as 200
r8
undo t m
sys
sys r8
int g0/0/0
ip address 110.1.58.4 29
undo sh
q
int g0/0/1
ip address 10.10.58.8 24
undo sh
q
int g0/0/2
ip address 120.1.89.8 24
undo sh
q
ospf 1 router-id 8.8.8.8
area 0
network 10.10.58.0 0.0.0.255
q
q
bgp 200
router-id 8.8.8.8
peer 10.10.58.12 as-number 200
peer 10.10.58.12 next-hop-local
peer 120.1.89.9 as-number 900
network 110.1.58.0 255.255.255.248
q
r11
undo t m
sys
sys r11
int g0/0/0
ip address 10.10.13.11 24
undo sh
q
int g0/0/1
ip address 130.1.110.1 30
undo sh
q
ospf 1 router-id 11.11.11.11
area 0
network 10.10.13.0 0.0.0.255
q
q
bgp 200
router-id 11.11.11.11
peer 10.10.13.13 as-number 200
peer 10.10.13.13 next-hop-local
peer 130.1.110.10 as-number 100
q
r12
undo t m
sys
sys r12
int g0/0/0
ip address 10.10.58.12 24
undo sh
q
int g0/0/1
ip address 10.10.23.12 24
undo sh
q
int g0/0/2
ip address 120.1.129.12 24
undo sh
q
ospf 1 router-id 12.12.12.12
area 0
network 10.10.23.0 0.0.0.255
network 10.10.58.0 0.0.0.255
q
q
bgp 200
router-id 12.12.12.12
peer 10.10.23.13 as-number 200
peer 10.10.23.13 next-hop-local
peer 10.10.58.8 as-number 200
peer 10.10.58.8 next-hop-local
peer 10.10.58.8 reflect-client
peer 120.1.129.9 as-number 900
q
r13
undo t m
sys
sys r13
int g0/0/0
ip address 10.10.23.13 24
undo sh
q
int g0/0/1
ip address 10.10.13.13 24
undo sh
q
int g0/0/2
ip address 66.1.1.13 24
undo sh
q
int g4/0/0
ip address 88.1.1.13 24
undo sh
q
ospf 1 router-id 13.13.13.13
area 0
network 10.10.23.0 0.0.0.255
network 10.10.13.0 0.0.0.255
network 10.10.66.0 0.0.0.255
network 10.10.88.0 0.0.0.255
q
q
bgp 200
router-id 13.13.13.13
peer 10.10.23.12 as-number 200
peer 10.10.13.11 as-number 200
network 66.1.1.0 255.255.255.0
network 88.1.1.0 255.255.255.0
q
(六)as300
r10
undo t m
sys
sys r10
int g0/0/0
ip address 130.1.110.2 30
undo sh
q
int g0/0/2
ip address 200.1.40.10 27
undo sh
q
bgp 100
router-id 10.10.10.10
peer 130.1.110.1 as-number 200
network 200.1.40.0 255.255.255.224
q
四.验证
Pc1可以ping通外部、Pc2不可以,且抓包流量首选通过R5进入外部,并且是进入AS200
AS 200 中的客户端 Clinet-1 可以访问企业中区域20 中的 web-server (server-1).
标签:g0,0.0,0.255,192.168,bgp,结合,address,10.10,ospf 来源: http://blog.51cto.com/14162269/2347731