BGP路由策略實驗（H3C）

BGP路由策略實驗

一．實驗拓撲圖

二、實驗要求

1.互聯鏈路配置及測試

2.AS65001和AS65002的IGP配置及測試(修改以太網接口網絡類型爲P2P，修改R2、R3間OSPF鏈路開銷爲10，請不要將AS65001的業務網段發佈進IGP)。

3.按圖示建立BGP鄰居關係，並查看BGP鄰居表(請不要忘記針對IBGP鄰居修改更新源和下一跳)。

4.在R1、R2、R3、R4上用BGP發佈各自AS的業務網段路由（Loop1）

5.查看各臺路由器的BGP路由表和IP轉發表，查看是否有去往其他AS業務網段的路由。請分析R6的BGP路由表中的最優BGP路由是如何選擇的？

6.測試各業務網段間的連通性。

7.在合適的位置上通過修改Local-Pre值實現AS65002的業務網段去往10.30.1.1的主路徑走R1-R2，去往10.40.4.1的主路徑走R3-R4，使用Tracert命令測試。

8. 還原第7步的配置後，在合適的位置上通過修改MED值實現AS65002的業務網段去往10.30.1.1的主路徑走R1-R2，去往10.40.4.1的主路徑走R3-R4使用Tracert命令測試。

三、實驗過程

[R1]bgp 65001

[R1-bgp]peer 10.0.1.6 as-num 65002

[R1-bgp]peer 4.4.4.4 as-num 65002

[R1-bgp]peer 4.4.4.4 connect-int lo0

[R1-bgp]peer 4.4.4.4 next-hop-lo

[R4]bgp 65001

[R4-bgp]peer 10.0.1.10 as-num 65002

[R4-bgp]peer 1.1.1.1 as-num 65001

[R4-bgp]peer 1.1.1.1 connect-int lo0

[R4-bgp]peer 1.1.1.1 next-hop-lo

[R2]bgp 65002

[R2-bgp]peer 10.0.1.5 as-num 65001

[R2-bgp]group rr internal

[R2-bgp]peer rr next-hop-lo

[R2-bgp]peer rr connect-int lo0

[R2-bgp]peer 3.3.3.3 group rr

[R2-bgp]peer 5.5.5.5 group rr

[R2-bgp]peer 6.6.6.6 group rr

[R3]bgp 65002

[R3-bgp]peer 10.0.1.9 as-num 65001

[R3-bgp]group nn internal

[R3-bgp]peer nn next-hop-lo

[R3-bgp]peer nn connect-int lo0

[R3-bgp]peer 2.2.2.2 group nn

[R3-bgp]peer 5.5.5.5 group nn

[R3-bgp]peer 6.6.6.6 group nn

[R5]bgp 65002

[R5-bgp]group mm internal

[R5-bgp]peer mm next

[R5-bgp]peer mm next-hop-local

[R5-bgp]peer mm con

[R5-bgp]peer mm connect-interface lo0

[R5-bgp]peer 2.2.2.2 group mm

[R5-bgp]peer 3.3.3.3 group mm

[R5-bgp]peer 6.6.6.6 group mm

[R6]bgp 65002

[R6-bgp]group ii internal

[R6-bgp]peer ii ne

[R6-bgp]peer ii next-hop-local

[R6-bgp]peer ii con

[R6-bgp]peer ii connect-interface lo0

[R6-bgp]peer 2.2.2.2 group ii

[R6-bgp]peer 5.5.5.5 group ii

[R6-bgp]peer 3.3.3.3 group ii

[R6-bgp]

[R2-bgp]net 10.10.5.1 32

[R2-bgp]net 10.10.6.1 32

[R2-bgp]

[R3-bgp]net 10.10.5.1 32

[R3-bgp]net 10.10.6.1 32

[R3-bgp]

[R1-bgp]net 10.30.1.1 32

[R4-bgp]net 10.40.4.1 32

[R2]bgp 65002

[R2-bgp]peer 10.0.1.5 route-po lp import

[R2-bgp]q

[R2]route-po lp permit node 10

New Sequence of this List

[R2-route-policy]if-m acl 2003

[R2-route-policy]apply local-pre 300

[R2-route-policy]qui

[R2]acl num 2003

[R2-acl-basic-2003]rule permit source 10.30.1.1 0.0.0.0

[R2-acl-basic-2003]qui

問題：

1.BGP發言者network的路由以及自己使用的路由纔會發佈到對等體

2.BGP路由表裏可用與最優是什麼意思？

最優的一定是可用的，可用的不一定是最優的。

在R3上（BGP裏）network3.3.3.3 32 之後

[R4]dis ip rout

Routing Tables: Public

Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost NextHop Interface

4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/0

10.0.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/1

10.0.1.9/32 Direct 0 0 127.0.0.1 InLoop0

10.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

[R4] dis bgp rout

Total Number of Routes: 2

BGP Local router ID is 10.40.4.1

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

*> 3.3.3.3/32 10.0.1.10 0 0 65002i

*> 10.40.4.1/32 0.0.0.0 0 0 i

<R5> dis bgp rout

Total Number of Routes: 3

BGP Local router ID is 10.10.5.1

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

i 3.3.3.3/32 3.3.3.3 0 100 0 i

*>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i

*>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i

<R5>dis ip rout

Routing Tables: Public

Destinations : 17 Routes : 20

Destination/Mask Proto Pre Cost NextHop Interface

2.2.2.2/32 OSPF 10 10 10.0.1.17 Eth0/1/0

3.3.3.3/32 OSPF 10 20 10.0.1.17 Eth0/1/0

OSPF 10 20 10.0.1.26 Eth0/1/2

5.5.5.5/32 Direct 0 0 127.0.0.1 InLoop0

6.6.6.6/32 OSPF 10 10 10.0.1.26 Eth0/1/2

10.0.1.4/30 OSPF 10 20 10.0.1.17 Eth0/1/0

10.0.1.8/30 OSPF 10 30 10.0.1.17 Eth0/1/0

OSPF 10 30 10.0.1.26 Eth0/1/2

10.0.1.12/30 OSPF 10 20 10.0.1.17 Eth0/1/0

10.0.1.16/30 Direct 0 0 10.0.1.18 Eth0/1/0

10.0.1.18/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.20/30 OSPF 10 20 10.0.1.26 Eth0/1/2

10.0.1.24/30 Direct 0 0 10.0.1.25 Eth0/1/2

10.0.1.25/32 Direct 0 0 127.0.0.1 InLoop0

10.10.5.1/32 Direct 0 0 127.0.0.1 InLoop0

10.30.1.1/32 BGP 255 0 2.2.2.2 Eth0/1/0

10.40.4.1/32 BGP 255 0 3.3.3.3 Eth0/1/0

BGP 255 0 3.3.3.3 Eth0/1/2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

[R3]dis ip rout

Routing Tables: Public

Destinations : 18 Routes : 19

Destination/Mask Proto Pre Cost NextHop Interface

2.2.2.2/32 OSPF 10 10 10.0.1.13 S0/2/0

3.3.3.3/32 Direct 0 0 127.0.0.1 InLoop0

5.5.5.5/32 OSPF 10 20 10.0.1.13 S0/2/0

OSPF 10 20 10.0.1.22 Eth0/1/1

6.6.6.6/32 OSPF 10 10 10.0.1.22 Eth0/1/1

10.0.1.4/30 OSPF 10 20 10.0.1.13 S0/2/0

10.0.1.8/30 Direct 0 0 10.0.1.10 Eth0/1/3

10.0.1.10/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.12/30 Direct 0 0 10.0.1.14 S0/2/0

10.0.1.13/32 Direct 0 0 10.0.1.13 S0/2/0

10.0.1.14/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.16/30 OSPF 10 20 10.0.1.13 S0/2/0

10.0.1.20/30 Direct 0 0 10.0.1.21 Eth0/1/1

10.0.1.21/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.24/30 OSPF 10 20 10.0.1.22 Eth0/1/1

10.30.1.1/32 BGP 255 0 2.2.2.2 S0/2/0

10.40.4.1/32 BGP 255 0 10.0.1.9 Eth0/1/3

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

[R3]dis bgp rout

Total Number of Routes: 3

BGP Local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

*> 3.3.3.3/32 0.0.0.0 0 0 i

*>i 10.30.1.1/32 2.2.2.2 0 100 0 65001i

*> 10.40.4.1/32 10.0.1.9 0 0 65001i

3.R1和R4互相收不到路由。

<R1>dis ip rout

Routing Tables: Public

Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.0/30 Direct 0 0 10.0.1.1 Eth0/1/2

10.0.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.4/30 Direct 0 0 10.0.1.5 Eth0/1/0

10.0.1.5/32 Direct 0 0 127.0.0.1 InLoop0

10.10.5.1/32 BGP 255 10 10.0.1.6 Eth0/1/0

10.30.1.1/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

<R4>dis ip rout

Routing Tables: Public

Destinations : 10 Routes : 10

Destination/Mask Proto Pre Cost NextHop Interface

3.3.3.3/32 BGP 255 0 10.0.1.10 Eth0/1/1

4.4.4.4/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.0/30 Direct 0 0 10.0.1.2 Eth0/1/0

10.0.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.0.1.8/30 Direct 0 0 10.0.1.9 Eth0/1/1

10.0.1.9/32 Direct 0 0 127.0.0.1 InLoop0

10.10.5.1/32 BGP 255 20 10.0.1.10 Eth0/1/1

10.40.4.1/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

查看鄰居是否建立

<R1> dis bgp peer

BGP local router ID : 10.30.1.1

Local AS number : 65001

Total number of peers : 2 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

4.4.4.4 4 65002 0 0 0 0 00:45:19 Active

10.0.1.6 4 65002 49 61 0 1 00:44:48 Established

<R4> dis bgp peer

BGP local router ID : 10.40.4.1

Local AS number : 65001

Total number of peers : 2 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

1.1.1.1 4 65001 0 0 0 0 01:02:43 Active

10.0.1.10 4 65002 84 84 0 2 01:02:11 Established

鄰居未建立，停在了Active狀態。爲什麼。

排錯：BGP鄰居通過對比open消息建立連接關係，並進行了參數協商。內容包括：BGP版本號，自己所屬的AS號，路由器ID，hold time值、認證信息。

1）於是首先發現R1配對等體時AS號錯了。改正之後還是不行。

2）後來發現建鄰居用的是loopback接口，TCP三次握手需要路由才能到，由於沒有到對方loopback口的路由，所以無法建立TCP連接，所以建立不了鄰居。

配了到各自的靜態的路由之後，可以建立鄰居。

問題，不配靜態路由，R1，R4能否通過跨越AS 65002建鄰居。前提在BGP裏network了loopback網段。

[R1]undo ip rout 10.40.4.1 255.255.255.255 10.0.1.2

[R1]dis bgp peer

BGP local router ID : 10.30.1.1

Local AS number : 65001

Total number of peers : 2 Peers in established state : 2

Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

10.0.1.6 4 65002 246 315 0 1 03:58:23 Established

10.40.4.1 4 65001 25 19 0 2 00:15:15 Established

[R1]

（BGP連接隔了一兩分鐘才斷開，可以通過重啓進程）

%Aug 31 15:29:07:438 2012 R1 RM/3/RMLOG:

BGP.: 10.40.4.1 State is changed from ESTABLISHED to IDLE.

[R1]

[R1]dis bgp peer

BGP local router ID : 10.30.1.1

Local AS number : 65001

Total number of peers : 2 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

10.0.1.6 4 65002 250 320 0 1 04:02:01 Established

10.40.4.1 4 65001 0 0 0 0 00:01:51 Active

4.R4 ping 10.10.5.1 要帶源ping，並且源是在BGP裏發佈了的10.40.4.1 ，否則不通，因爲要保證對端有回來的路由。

<R4>trace -a 10.40.4.1 10.10.5.1

traceroute to 10.10.5.1(10.10.5.1) 30 hops max,40 bytes packet, press CTRL_C to break

1 10.0.1.1 4294967291 ms 20 ms <1 ms

2 10.0.1.6 10 ms 20 ms 20 ms

3 10.10.5.1 30 ms 25 ms 5 ms

<R5> trace -a 10.10.5.1 10.40.4.1

traceroute to 10.40.4.1(10.40.4.1) 30 hops max,40 bytes packet, press CTRL_C to break

1 10.0.1.26 30 ms 10.0.1.17 4 ms 10.0.1.26 15 ms

2 10.0.1.14 15 ms 10.0.1.21 25 ms 10.0.1.14 21 ms

3 10.40.4.1 14 ms 10 ms 35 ms

5.修改路由信息屬性來控制數據流方向

修改local-pre值，實現AS65002的業務網段去往10.30.1.1的主路徑走R1-R2，去往10.40.4.1的主路徑走R3-R4，使用Tracert命令測試。

1） local-pre該配在哪裏？根據BGP的路由選路規則，R2，R3，R5去往10.30.1.1的路徑都是R1-R2

現在只有

[R2]acl num 2003

[R2-acl-basic-2003]rule 1 permit source 10.30.1.1 0.0.0.0

[R2-acl-basic-2003]q

[R2]route-policy R1-R2 permit node 10

New Sequence of this List

[R2-route-policy]if-match acl 2003

[R2-route-policy]apply local-pre 200

[R2-route-policy]q

[R2]bgp 65002

[R2-bgp]peer 10.0.1.5 route-policy R1-R2 import

[R3]acl num 2003

[R3-acl-basic-2003]rule 1 permit source 10.40.4.1 0.0.0.0

[R3-acl-basic-2003]q

[R3]route-policy R3-R4 permit node 10

New Sequence of this List

[R3-route-policy]if-match acl 2003

[R3-route-policy]apply ?

as-path Prepend the as-path string to the AS path

comm-list Set BGP community list (for deletion)

community BGP community attribute

cost Set cost of the matched route

cost-type Type of metric for destination routing protocol

extcommunity BGP extended community attribute

ip-address IP information

ipv6 IPv6 Information

isis IS-IS routing protocol defined by ISO

local-preference BGP local preference

mpls-label Match MPLS label

origin BGP origin code

preference Give the Preference (Route Preference)

preferred-value BGP Preferred-value (weight) for routing table

tag Set tag of route

[R3-route-policy]apply local-pre 300

[R3-route-policy]q

[R3]bgp 65002

[R3-bgp]peer 10.0.1.9 route-policy R3-R4 ?

export Specify export policy

import Specify import policy

[R3-bgp]peer 10.0.1.9 route-policy R3-R4 import

修改後的效果

<R6>dis bgp rout

Total Number of Routes: 7

BGP Local router ID is 6.6.6.6

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

i 3.3.3.3/32 3.3.3.3 0 100 0 i

* i 10.10.5.1/32 2.2.2.2 10 100 0 i

* i 3.3.3.3 20 100 0 i

* i 10.10.6.1/32 3.3.3.3 10 100 0 i

* i 2.2.2.2 20 100 0 i

*>i 10.30.1.1/32 2.2.2.2 0 200 0 65001i

*>i 10.40.4.1/32 3.3.3.3 0 300 0 65001i

6.<R2> dis bgp rout

Total Number of Routes: 8

BGP Local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

i 3.3.3.3/32 3.3.3.3 0 100 0 i

*> 10.10.5.1/32 0.0.0.0 10 0 i

* i 3.3.3.3 20 100 0 i

*> 10.10.6.1/32 0.0.0.0 20 0 i

*> 0.0.0.0 20 0 i

* i 3.3.3.3 10 100 0 i

*> 10.30.1.1/32 10.0.1.5 0 200 0 65001i

*>i 10.40.4.1/32 3.3.3.3 0 100 0 65001i

這裏的i是指從本自治系統收到的。

疑問：爲什麼R2收不到來自R1發來的10.40.4.1這條路由？

R3也收不到來自R4發來的10.30.1.1這條路由？

原因是：原來配錯了，導致R1與R4鄰居建立不起來。

[R3]dis bgp rout

Total Number of Routes: 10

BGP Local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

*> 3.3.3.3/32 0.0.0.0 0 0 i

*> 10.10.5.1/32 0.0.0.0 20 0 i

*> 0.0.0.0 20 0 i

* i 2.2.2.2 10 100 0 i

*> 10.10.6.1/32 0.0.0.0 10 0 i

* i 2.2.2.2 20 100 0 i

*> 10.30.1.1/32 10.0.1.9 0 65001i

* i 2.2.2.2 0 100 0 65001i

*> 10.40.4.1/32 10.0.1.9 0 0 65001i

* i 2.2.2.2 100 0 65001i

<R2>dis bgp rout

Total Number of Routes: 10

BGP Local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

i 3.3.3.3/32 3.3.3.3 0 100 0 i

*> 10.10.5.1/32 0.0.0.0 10 0 i

* i 3.3.3.3 20 100 0 i

*> 10.10.6.1/32 0.0.0.0 20 0 i

*> 0.0.0.0 20 0 i

* i 3.3.3.3 10 100 0 i

*> 10.30.1.1/32 10.0.1.5 0 0 65001i

* i 3.3.3.3 100 0 65001i

*> 10.40.4.1/32 10.0.1.5 0 65001i

* i 3.3.3.3 0 100 0 65001i

2）配置MED值

[R2]acl num 2004

[R2-acl-basic-2004]rule 1 permit source

%Aug 31 22:04:15:00 2012 R2 RM/3/RMLOG:

BGP.: 6.6.6.6 State is changed from OPENCONFIRM to ESTABLISHED.

10.40.4.1 0.0.0.0

[R2-acl-basic-2004]q

[R2]

%Aug 31 22:04:35:968 2012 R2 RM/3/RMLOG:

BGP.: 5.5.5.5 State is changed from OPENCONFIRM to ESTABLISHED.

[R2]route-policy R3-R4 permit node 10

New Sequence of this List

[R2-route-policy]if-match acl 2004

[R2-route-policy]apply cost 100

[R2]bgp 65002

[R2-bgp]peer 10.0.1.5 route-policy R3-R4 import

[R3]acl num 2004

[R3-acl-basic-2004]rule 1 permit source 10.30.1.1 0.0.0.0

[R3-acl-basic-2004]q

[R3]

[R3]route-policy R3-R4 permit node 10

New Sequence of this List

[R3-route-policy]if-match acl 2004

[R3-route-policy]apply cost 100

[R3]bgp 65002

[R3-bgp]peer 10.0.1.5 route-policy R1-R2 import

模擬器問題，敲下apply cost 100，自動關閉了路由器的模擬窗口？

只在各自上配一條就行了，相對提高值！

四、實驗總結

小結： 1.有些路由會顯示本地優先級，有些不會，是因爲沒有發過來？

2.BGP發言者只將自己使用的路由（BGP路由表裏的路由）發佈給對等體

3.只有在自己全局路由表裏存在有的路由，才能通告BGP network 出去！

4.H3C MSR路由器默認關閉了同步，R3上從R5上收到了10.10.5.1的路由，會直接發給自己EBGP R4，由於R3所在區域配置了全互聯，所以不會產生路由“黑洞”。

5.全局路由表裏顯示的直連網段下一跳是自己的出接口

6.EBGP之間建鄰居爲什麼用物理接口？IBGP之間建鄰居爲什麼用loopback0接口？

7.斷開R1、R4的連接關係、10.40.4.1 這條路由不會發給R1，因爲防環機制，AS號重複了。

BGP路由策略實驗（H3C）

IPsec ×××基本實驗

配置光盤爲本地yum源(rhel6.1)

我的友情鏈接

Cisco IOS 的登錄密碼以及權限分配以及log時間設置

IPsec ***基本實驗

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結