其他分享
首页 > 其他分享> > 大规模路由综合实验

大规模路由综合实验

作者:互联网

文章目录

大规模路由综合实验

实验拓扑

在这里插入图片描述

实验需求

1.某企业总公司和分公司运行 BGP 实现路由互通,另外还有办事处运行 RIPv2。总公司和分公司之间通过两条线路相 连。企业内有 A 流和 B 流两种流量,如图所示
2.按照图示配置 IP 地址,除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立邻居,地址格式为 X.X.X.X/32,X 为设备编号
3.总公司和分公司内部配置 OSPF,仅用于实现 BGP 的 TCP 可达,不允许宣告业务网段
4.办事处和总公司之间配置 RIPv2
5.适当调整链路 Cost,避免产生等价路由
6.总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002,各自 AS 内部使用对等体组 建立可靠的 IBGP 全连接,AS 之间使用直连接口建立 EBGP 邻居,总公司和分公司的业务网段宣告在 BGP 中
7.为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使 A 流数据经过 R2 和 R4,B 流数据经过 R3 和 R5
8.在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的 A 流和 B 流都能与总公司互通,但办事处与分公司之间只 有 A 流能够互通
9.不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文
10.随着公司业务发展,后续可能会有其他分公司通过 R2 或 R3 接入总公司;不允许分公司之间互访,所以要求总公司只能对分公司发布属于本 AS 的路由

实验步骤

1.配置IP地址略

2.总公司和分公司内部配置OSPF,不能出现业务网段

R1
#
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.0.0.1 0.0.0.0
  network 10.0.0.5 0.0.0.0
#

R2
#
ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 10.0.0.2 0.0.0.0
  network 10.0.0.9 0.0.0.0
#

R3
#
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 10.0.0.6 0.0.0.0
  network 10.0.0.10 0.0.0.0
#

R4
#
ospf 1 router-id 4.4.4.4
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 10.0.0.21 0.0.0.0
  network 10.0.0.25 0.0.0.0
#

R5
#
ospf 1 router-id 5.5.5.5
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 10.0.0.22 0.0.0.0
  network 10.0.0.29 0.0.0.0
#

R6
#
ospf 1 router-id 6.6.6.6
 area 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 10.0.0.26 0.0.0.0
  network 10.0.0.30 0.0.0.0
#

3.总公司和分公司内部配置IBGP,业务网段宣告进BGP

R1
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 2.2.2.2 group neibu
 peer 3.3.3.3 group neibu
 #
 address-family ipv4 unicast
  network 172.16.0.0 255.255.255.0
  network 192.168.0.0 255.255.255.0
  peer neibu enable
#

R2
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
#

R3
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 2.2.2.2 group neibu
 peer 10.0.0.18 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.18 enable
#

R4
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 5.5.5.5 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.13 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.13 enable
#

R5
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.17 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.17 enable
#

R6
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 5.5.5.5 group neibu
 #
 address-family ipv4 unicast
  network 172.16.1.0 255.255.255.0
  network 192.168.1.0 255.255.255.0
  peer neibu enable
#

4.总公司和分公司之间配置EBGP

R2
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
#

R4
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 5.5.5.5 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.13 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.13 enable
#

R3
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 2.2.2.2 group neibu
 peer 10.0.0.18 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.18 enable
#

R5
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.17 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.17 enable
#

5.办事处和总公司之间配置RIP

R2
#
rip 1
 undo summary
 version 2
 network 10.0.0.0
#

R7
#
rip 1
 version 2
 network 10.0.0.0
 network 172.16.0.0
 network 192.168.2.0
#

6.调整链路cost值避免产生等价路由

R1
#
interface GigabitEthernet0/0
 ospf cost 300
interface GigabitEthernet0/1
 ospf cost 400
#

R2
#
interface GigabitEthernet0/0
 ospf cost 300
interface GigabitEthernet0/1
 ospf cost 500
#

R3
#
interface GigabitEthernet0/0
 ospf cost 400
interface GigabitEthernet0/1
 ospf cost 500
#
R4,R5,R6配置类似

7.修改AS_path,A流走R2R4,B流走R3R5

R2
#
acl basic 2000
 rule 0 permit source 172.16.0.0 0.0.0.255
#
route-policy bliu permit node 10  入节点
 if-match ip address acl 2000
 apply as-path 65001
route-policy bliu permit node 20  出节点,这里千万别忘记配置
#
bgp 65001
 #
 总公司B流走R3R5,那么B流的出口就在R4的10.0.0.14
 address-family ipv4 unicast
  peer 10.0.0.14 route-policy bliu export
#

R4
#
acl basic 2000
 rule 0 permit source 172.16.1.0 0.0.0.255
#
route-policy bliu permit node 10   入节点
 if-match ip address acl 2000
 apply as-path 65002
route-policy bliu permit node 20   出节点,这里千万别忘记配置
#
bgp 65002
 #
 分公司B流走R3R5,那么B流的出口就在R2的10.0.0.13
 address-family ipv4 unicast
  peer 10.0.0.13 route-policy bliu export
#

R3
#
acl basic 2000
 rule 0 permit source 192.168.0.0 0.0.0.255
#
route-policy aliu permit node 10   入节点
 if-match ip address acl 2000
 apply as-path 65001
route-policy aliu permit node 20   出节点,这里千万别忘记配置
#
bgp 65001
 #
 总公司A流走R2R4,那么A流的出口就在R5的10.0.0.18
 address-family ipv4 unicast
  peer 10.0.0.18 route-policy aliu export
#

R5
#
acl basic 2000
 rule 0 permit source 192.168.1.0 0.0.0.255
#
route-policy aliu permit node 10   入节点
 if-match ip address acl 2000
 apply as-path 65002
route-policy aliu permit node 20   出节点,这里千万别忘记配置
#
#
bgp 65002
 #
 分公司A流走R2R4,那么A流的出口就在R3的10.0.0.17
 address-family ipv4 unicast
  peer 10.0.0.17 route-policy aliu export
#

8.R2配置RIP和BGP双向引入

办事处A流B流与总公司互通,办事处A流与分公司互通
R2
#
acl basic 2001
 rule 0 permit source 192.168.0.0 0.0.1.255
 rule 5 permit source 172.16.0.0 0.0.0.255
#
acl basic 2002
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
route-policy b2r permit node 10  这里引入时不用配置出节点
 if-match ip address acl 2001
#
rip 1
 import-route bgp allow-ibgp route-policy b2r  默认引入的是ebgp,所以这里要多加一个参数
#
acl basic 2002
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
bgp 65001
 #
 address-family ipv4 unicast
  import-route rip 1
  peer 10.0.0.14 filter-policy 2002 export  
  办事处B流不能去分公司,一个路由策略在一个接口只能用一次,route-policy用过了
#

R3
#
acl basic 2001
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
bgp 65001
 #
 address-family ipv4 unicast
  peer 10.0.0.18 filter-policy 2001 export 没有给路由策略取名字,所以此处就用2001
  分公司B流不能去办事处,一个路由策略在一个接口只能用一次,route-policy用过了
#

9.RIP中配置静默接口

不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文
R2
#
rip 1
 silent-interface GigabitEthernet0/0
 silent-interface GigabitEthernet0/1
 silent-interface GigabitEthernet0/2
#

10.分公司不能互访,总公司对分公司发布属于本AS路由

R2
#
bgp 65001
 #
 address-family ipv4 unicast
  peer 10.0.0.14 as-path-acl 1 export
#

R3
#
bgp 65001
 #
 address-family ipv4 unicast
  peer 10.0.0.18 as-path-acl 1 export
#

11.测试

标签:0.0,56,bytes,192.168,大规模,实验,172.16,peer,路由
来源: https://blog.csdn.net/wuhan_aaa/article/details/121210370