大规模路由综合实验
作者:互联网
文章目录
大规模路由综合实验
实验拓扑
实验需求
1.某企业总公司和分公司运行 BGP 实现路由互通,另外还有办事处运行 RIPv2。总公司和分公司之间通过两条线路相 连。企业内有 A 流和 B 流两种流量,如图所示
2.按照图示配置 IP 地址,除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立邻居,地址格式为 X.X.X.X/32,X 为设备编号
3.总公司和分公司内部配置 OSPF,仅用于实现 BGP 的 TCP 可达,不允许宣告业务网段
4.办事处和总公司之间配置 RIPv2
5.适当调整链路 Cost,避免产生等价路由
6.总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002,各自 AS 内部使用对等体组 建立可靠的 IBGP 全连接,AS 之间使用直连接口建立 EBGP 邻居,总公司和分公司的业务网段宣告在 BGP 中
7.为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使 A 流数据经过 R2 和 R4,B 流数据经过 R3 和 R5
8.在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的 A 流和 B 流都能与总公司互通,但办事处与分公司之间只 有 A 流能够互通
9.不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文
10.随着公司业务发展,后续可能会有其他分公司通过 R2 或 R3 接入总公司;不允许分公司之间互访,所以要求总公司只能对分公司发布属于本 AS 的路由
实验步骤
1.配置IP地址略
2.总公司和分公司内部配置OSPF,不能出现业务网段
R1
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.0.1 0.0.0.0
network 10.0.0.5 0.0.0.0
#
R2
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.0.2 0.0.0.0
network 10.0.0.9 0.0.0.0
#
R3
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.0.6 0.0.0.0
network 10.0.0.10 0.0.0.0
#
R4
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.0.21 0.0.0.0
network 10.0.0.25 0.0.0.0
#
R5
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.0.0.22 0.0.0.0
network 10.0.0.29 0.0.0.0
#
R6
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.0.0.26 0.0.0.0
network 10.0.0.30 0.0.0.0
#
3.总公司和分公司内部配置IBGP,业务网段宣告进BGP
R1
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 2.2.2.2 group neibu
peer 3.3.3.3 group neibu
#
address-family ipv4 unicast
network 172.16.0.0 255.255.255.0
network 192.168.0.0 255.255.255.0
peer neibu enable
#
R2
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
#
R3
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 2.2.2.2 group neibu
peer 10.0.0.18 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.18 enable
#
R4
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 5.5.5.5 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.13 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.13 enable
#
R5
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.17 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.17 enable
#
R6
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 5.5.5.5 group neibu
#
address-family ipv4 unicast
network 172.16.1.0 255.255.255.0
network 192.168.1.0 255.255.255.0
peer neibu enable
#
4.总公司和分公司之间配置EBGP
R2
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 3.3.3.3 group neibu
peer 10.0.0.14 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.14 enable
#
R4
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 5.5.5.5 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.13 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.13 enable
#
R3
#
bgp 65001
group neibu internal
peer neibu connect-interface LoopBack0
peer 1.1.1.1 group neibu
peer 2.2.2.2 group neibu
peer 10.0.0.18 as-number 65002
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.18 enable
#
R5
#
bgp 65002
group neibu internal
peer neibu connect-interface LoopBack0
peer 4.4.4.4 group neibu
peer 6.6.6.6 group neibu
peer 10.0.0.17 as-number 65001
#
address-family ipv4 unicast
peer neibu enable
peer neibu next-hop-local
peer 10.0.0.17 enable
#
5.办事处和总公司之间配置RIP
R2
#
rip 1
undo summary
version 2
network 10.0.0.0
#
R7
#
rip 1
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.2.0
#
6.调整链路cost值避免产生等价路由
R1
#
interface GigabitEthernet0/0
ospf cost 300
interface GigabitEthernet0/1
ospf cost 400
#
R2
#
interface GigabitEthernet0/0
ospf cost 300
interface GigabitEthernet0/1
ospf cost 500
#
R3
#
interface GigabitEthernet0/0
ospf cost 400
interface GigabitEthernet0/1
ospf cost 500
#
R4,R5,R6配置类似
7.修改AS_path,A流走R2R4,B流走R3R5
R2
#
acl basic 2000
rule 0 permit source 172.16.0.0 0.0.0.255
#
route-policy bliu permit node 10 入节点
if-match ip address acl 2000
apply as-path 65001
route-policy bliu permit node 20 出节点,这里千万别忘记配置
#
bgp 65001
#
总公司B流走R3R5,那么B流的出口就在R4的10.0.0.14
address-family ipv4 unicast
peer 10.0.0.14 route-policy bliu export
#
R4
#
acl basic 2000
rule 0 permit source 172.16.1.0 0.0.0.255
#
route-policy bliu permit node 10 入节点
if-match ip address acl 2000
apply as-path 65002
route-policy bliu permit node 20 出节点,这里千万别忘记配置
#
bgp 65002
#
分公司B流走R3R5,那么B流的出口就在R2的10.0.0.13
address-family ipv4 unicast
peer 10.0.0.13 route-policy bliu export
#
R3
#
acl basic 2000
rule 0 permit source 192.168.0.0 0.0.0.255
#
route-policy aliu permit node 10 入节点
if-match ip address acl 2000
apply as-path 65001
route-policy aliu permit node 20 出节点,这里千万别忘记配置
#
bgp 65001
#
总公司A流走R2R4,那么A流的出口就在R5的10.0.0.18
address-family ipv4 unicast
peer 10.0.0.18 route-policy aliu export
#
R5
#
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
#
route-policy aliu permit node 10 入节点
if-match ip address acl 2000
apply as-path 65002
route-policy aliu permit node 20 出节点,这里千万别忘记配置
#
#
bgp 65002
#
分公司A流走R2R4,那么A流的出口就在R3的10.0.0.17
address-family ipv4 unicast
peer 10.0.0.17 route-policy aliu export
#
8.R2配置RIP和BGP双向引入
办事处A流B流与总公司互通,办事处A流与分公司互通
R2
#
acl basic 2001
rule 0 permit source 192.168.0.0 0.0.1.255
rule 5 permit source 172.16.0.0 0.0.0.255
#
acl basic 2002
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
route-policy b2r permit node 10 这里引入时不用配置出节点
if-match ip address acl 2001
#
rip 1
import-route bgp allow-ibgp route-policy b2r 默认引入的是ebgp,所以这里要多加一个参数
#
acl basic 2002
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
bgp 65001
#
address-family ipv4 unicast
import-route rip 1
peer 10.0.0.14 filter-policy 2002 export
办事处B流不能去分公司,一个路由策略在一个接口只能用一次,route-policy用过了
#
R3
#
acl basic 2001
rule 0 deny source 172.16.2.0 0.0.0.255
rule 5 permit
#
bgp 65001
#
address-family ipv4 unicast
peer 10.0.0.18 filter-policy 2001 export 没有给路由策略取名字,所以此处就用2001
分公司B流不能去办事处,一个路由策略在一个接口只能用一次,route-policy用过了
#
9.RIP中配置静默接口
不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文
R2
#
rip 1
silent-interface GigabitEthernet0/0
silent-interface GigabitEthernet0/1
silent-interface GigabitEthernet0/2
#
10.分公司不能互访,总公司对分公司发布属于本AS路由
R2
#
bgp 65001
#
address-family ipv4 unicast
peer 10.0.0.14 as-path-acl 1 export
#
R3
#
bgp 65001
#
address-family ipv4 unicast
peer 10.0.0.18 as-path-acl 1 export
#
11.测试
-
总公司ping分公司
总公司B流能ping同分公司B流 [R1]ping -a 172.16.0.1 172.16.1.1 Ping 172.16.1.1 (172.16.1.1) from 172.16.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.1.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 172.16.1.1: icmp_seq=2 ttl=253 time=5.000 ms 56 bytes from 172.16.1.1: icmp_seq=3 ttl=253 time=3.000 ms 56 bytes from 172.16.1.1: icmp_seq=4 ttl=253 time=3.000 ms --- Ping statistics for 172.16.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/3.400/5.000/1.020 ms 总公司A流能ping同分公司A流 [R1]ping -a 192.168.0.1 192.168.1.1 Ping 192.168.1.1 (192.168.1.1) from 192.168.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.1.1: icmp_seq=0 ttl=253 time=1.000 ms 56 bytes from 192.168.1.1: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 192.168.1.1: icmp_seq=2 ttl=253 time=5.000 ms 56 bytes from 192.168.1.1: icmp_seq=3 ttl=253 time=1.000 ms 56 bytes from 192.168.1.1: icmp_seq=4 ttl=253 time=1.000 ms --- Ping statistics for 192.168.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.400/5.000/1.744 ms -
分公司ping总公司
分公司A流能ping同总公司A流 [R6]ping -a 192.168.1.1 192.168.0.1 Ping 192.168.0.1 (192.168.0.1) from 192.168.1.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.0.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=1 ttl=253 time=4.000 ms 56 bytes from 192.168.0.1: icmp_seq=2 ttl=253 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=3 ttl=253 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=4 ttl=253 time=2.000 ms --- Ping statistics for 192.168.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/2.400/4.000/0.800 ms 分公司B流能ping同总公司B流 [R6]ping -a 172.16.1.1 172.16.0.1 Ping 172.16.0.1 (172.16.0.1) from 172.16.1.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.0.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=1 ttl=253 time=3.000 ms 56 bytes from 172.16.0.1: icmp_seq=2 ttl=253 time=6.000 ms 56 bytes from 172.16.0.1: icmp_seq=3 ttl=253 time=3.000 ms 56 bytes from 172.16.0.1: icmp_seq=4 ttl=253 time=6.000 ms --- Ping statistics for 172.16.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/4.000/6.000/1.673 ms -
总公司ping办事处
总公司A流能ping通办事处A流 [R1]ping -a 192.168.0.1 192.168.2.1 Ping 192.168.2.1 (192.168.2.1) from 192.168.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.2.1: icmp_seq=0 ttl=254 time=1.000 ms 56 bytes from 192.168.2.1: icmp_seq=1 ttl=254 time=3.000 ms 56 bytes from 192.168.2.1: icmp_seq=2 ttl=254 time=4.000 ms 56 bytes from 192.168.2.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 192.168.2.1: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 192.168.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.400/4.000/1.020 ms 总公司B流能ping通办事处B流 [R1]ping -a 172.16.0.1 172.16.2.1 Ping 172.16.2.1 (172.16.2.1) from 172.16.0.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.2.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 172.16.2.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 172.16.2.1: icmp_seq=2 ttl=254 time=4.000 ms 56 bytes from 172.16.2.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 172.16.2.1: icmp_seq=4 ttl=254 time=1.000 ms --- Ping statistics for 172.16.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/2.200/4.000/0.980 ms -
办事处ping总公司
办事处A流能ping通总公司A流 [R7]ping -a 192.168.2.1 192.168.0.1 Ping 192.168.0.1 (192.168.0.1) from 192.168.2.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.0.1: icmp_seq=0 ttl=254 time=0.000 ms 56 bytes from 192.168.0.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 192.168.0.1: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 192.168.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/1.600/2.000/0.800 ms 办事处B流能ping通总公司B流 [R7]ping -a 172.16.2.1 172.16.0.1 Ping 172.16.0.1 (172.16.0.1) from 172.16.2.1: 56 data bytes, press CTRL+C to break 56 bytes from 172.16.0.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 172.16.0.1: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 172.16.0.1: icmp_seq=4 ttl=254 time=2.000 ms --- Ping statistics for 172.16.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms -
办事处和分公司A流能互通
办事处A流能ping通分公司A流 [R7]ping -a 192.168.2.1 192.168.1.1 Ping 192.168.1.1 (192.168.1.1) from 192.168.2.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.1.1: icmp_seq=0 ttl=252 time=3.000 ms 56 bytes from 192.168.1.1: icmp_seq=1 ttl=252 time=6.000 ms 56 bytes from 192.168.1.1: icmp_seq=2 ttl=252 time=4.000 ms 56 bytes from 192.168.1.1: icmp_seq=3 ttl=252 time=4.000 ms 56 bytes from 192.168.1.1: icmp_seq=4 ttl=252 time=3.000 ms --- Ping statistics for 192.168.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.000/4.000/6.000/1.095 ms 分公司A流能ping通办事处A流 [R6]ping -a 192.168.1.1 192.168.2.1 Ping 192.168.2.1 (192.168.2.1) from 192.168.1.1: 56 data bytes, press CTRL+C to break 56 bytes from 192.168.2.1: icmp_seq=0 ttl=253 time=3.000 ms 56 bytes from 192.168.2.1: icmp_seq=1 ttl=253 time=3.000 ms 56 bytes from 192.168.2.1: icmp_seq=2 ttl=253 time=4.000 ms 56 bytes from 192.168.2.1: icmp_seq=3 ttl=253 time=6.000 ms 56 bytes from 192.168.2.1: icmp_seq=4 ttl=253 time=3.000 ms --- Ping statistics for 192.168.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.000/3.800/6.000/1.166 ms -
办事处和分公司B流不能不同
办事处B流不能ping通分公司B流 [R7]ping -a 172.16.2.1 172.16.1.1 Ping 172.16.1.1 (172.16.1.1) from 172.16.2.1: 56 data bytes, press CTRL+C to break Request time out Request time out Request time out Request time out Request time out --- Ping statistics for 172.16.1.1 --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss 分公司B流不能ping通办事处B流 [R6]ping -a 172.16.1.1 172.16.2.1 Ping 172.16.2.1 (172.16.2.1) from 172.16.1.1: 56 data bytes, press CTRL+C to break Request time out Request time out Request time out Request time out Request time out --- Ping statistics for 172.16.2.1 --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss如果到这里测试都没问题了,这个实验才算做完了,这个实验并不难,就是配置的时候要注意里面的一些小细节。
标签:0.0,56,bytes,192.168,大规模,实验,172.16,peer,路由 来源: https://blog.csdn.net/wuhan_aaa/article/details/121210370