Cisco IOS Cookbook 中文精簡版 9-23 BGP

原創 heiheben 2020-02-24 01:42
 9.1.  Configuring BGP
提問 在網絡中啓用BGP
回答
Route1在AS 65500中
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#ip address 192.168.55.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 192.168.1.0
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2在AS 65501中
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#interface Serial0
Router2(config-if)#ip address 192.168.55.5 255.255.255.252
Router2(config-if)#exit
Router2(config)#router bgp 65501
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.55.6 remote-as 65500
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
註釋 在對BGP驗證的時候比較有用的命令是
Router1#show ip bgp summary
BGP router identifier 192.168.99.5, local AS number 65500
BGP table version is 7, main routing table version 7
4 network entries and 4 paths using 484 bytes of memory
2 BGP path attribute entries using 196 bytes of memory
BGP activity 11/7 prefixes, 11/7 paths

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.55.5    4 65501      17      18        7    0    0 00:12:38        2
172.25.2.2      4 65531     527     526        0    0    0 21:05:23 Active
Router1#
需要注意的是理想狀態是State裏面是數字,儘管是Active也不代表是配置正常,反而是配置出現錯誤。通過neighbor 172.20.1.2 update-source Loopback0 命令來限制BGP數據包源地址爲迴環地址,但要確保此地址的連通性
9.2.  使用eBGP Multihop
提問 配置外部BGP,但是不是直連的路由器
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.1.5 2
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 172.20.1.2 remote-as 65530
Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0
Router1(config-router)#neighbor 172.20.1.2 ebgp-multihop 3
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 缺省情況下eBGP的路由器必須是直連的,如果不是直連的就需要使用此命令。一種說法是此跳數越小越好,但是RFC 3682說爲了安全還是越大越好,思科在12.3(7)T後也採用了這個建議,使用了neighbor 192.168.55.5 ttl-security hops 1 命令,此命令會丟棄所有TTL小於255-1=254的BGP數據包,這時候如果對端eBGP鄰居不支持此特性就必須使用下面的命令來配置neighbor 192.168.55.6 ebgp-multihop 255

9.3.  調整Next-Hop屬性值
提問 在iBGP之間宣告路由時候修改下一跳屬性值,使其指向內部AS的地址
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.6 remote-as 65500
Router1(config-router)#neighbor 192.168.1.6 next-hop-self
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 正常情況下iBGP之間下一跳屬性值是不會修改的,只會在eBGP時會進行修改,而此地址會指向eBGP鄰居的地址,而往往內部AS的路由器沒有到達此地址的路由。
9.4.  連接兩個ISPs  
提問 一臺路由器連接兩個ISP,保證網絡冗餘
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to ISP #2, ASN 65520
Router1(config-if)#ip address 192.168.2.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 注意此配置不是最佳配置,可能導致內部AS稱爲兩個ISP的transit AS,同時導致自己路由器接收過多路由
9.5.  兩臺路由器分別連接兩個ISP
提問 內部AS有兩臺路由器,分別連兩個ISP保證網絡冗餘
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 172.18.5.3 remote-as 65500
Router1(config-router)#neighbor 172.18.5.3 next-hop-self
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#interface Serial1
Router2(config-if)#description connection to ISP #2, ASN 65520
Router2(config-if)#ip address 192.168.2.6 255.255.255.252
Router2(config-if)#exit
Router2(config)#interface Ethernet0
Router2(config-if)#description connection to internal network, ASN 65500
Router2(config-if)#ip address 172.18.5.3 255.255.255.0
Router2(config-if)#exit
Router2(config)#ip as-path access-list 15 permit ^$
Router2(config)#router bgp 65500
Router2(config-router)#network 172.18.5.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.2.5 remote-as 65520
Router2(config-router)#neighbor 192.168.2.5 filter-list 15 out
Router2(config-router)#neighbor 172.18.5.2 remote-as 65500
Router2(config-router)#neighbor 172.18.5.2 next-hop-self
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
註釋
9.6.  限制向BGP 對端的網絡宣告
提問 限制特定的路由公告給對端的AS
回答
有三種方法,第一種是擴展ACL
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#access-list 105 deny ip host 172.25.0.0 host 255.255.0.0
Router1(config)#access-list 105 permit ip any any
Router1(config)#route-map ACL-RT-FILTER permit 10
Router1(config-route-map)#match ip address 105
Router1(config-route-map)#exit
Router1(config)#route-map ACL-RT-FILTER deny 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map ACL-RT-FILTER in
Router1(config-router)#exit
Router1(config)#end
Router1#
第二種是使用distribute-list:
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#access-list 106 deny ip host 172.25.0.0 host 255.255.0.0
Router1(config)#access-list 106 permit ip any any
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 distribute-list 106 in
Router1(config-router)#exit
Router1(config)#end
Router1#
第三種也是最常用的是使用prefix lists
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip prefix-list PREFIX-FILTER seq 10 deny 172.25.0.0/16
Router1(config)#ip prefix-list PREFIX-FILTER seq 20 permit 0.0.0.0/0 le 32
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 prefix-list PREFIX-FILTER in
Router1(config-router)#exit
Router1(config)#end
Router1#

註釋 前兩種使用的擴展ACL比較奇特,第一個host是子網,第二個host是子網掩碼,而不是傳統目的地址,所以host 172.25.0.0 host 255.255.0.0 就代表網絡172.25.0.0/16,如果用正常的ACL就實現不了對無類網絡的控制。所以推薦使用第三種方式prefixlist,此列表支持序列號,可以幫助你修改和插入新的條目 ge是大於,le是小於,控制子網掩碼permit 0.0.0.0/0 le 32就是變相的permit any
9.7.  調整Local Preference屬性值
提問 調整Local Preference屬性值來控制路由選擇
回答
第一種全局
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#bgp default local-preference 200
Router1(config-router)#exit
Router1(config)#end
Router1#
第二種使用route map控制
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip prefix-list LOW_LP_PREFIXES seq 10 permit 172.22.0.0/16
Router1(config)#route-map LOCALPREF permit 10
Router1(config-route-map)#match ip address prefix-list LOW_LP_PREFIXES
Router1(config-route-map)#set local-preference 50
Router1(config-route-map)#exit
Router1(config)#route-map LOCALPREF permit 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map LOCALPREF in
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 此local preference屬性值只在內部AS有用,選路級別高於AS Path。此值越大優先級越高,缺省值爲100。Show ip bgp命令可以看到各個路由的local preference屬性值
9.8.  負載均衡
提問 在BGP鄰居之間的多鏈路上負載均衡流量
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#maximum-paths 4
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 正常情況下BGP選路策略會保證只有一條路徑,通過此命令可以增加到4條,不過要確保所有屬性值相同,包括MED屬性。同時注意此負載均衡只針對出流量而不適合入流量
9.9.  在AS Path屬性值中清除私有ASNs
提問 避免內網中的私有ASN傳播到互聯網
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 1
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to private network, ASN 65500
Router1(config-if)#ip address 192.168.5.1 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 2
Router1(config-router)#neighbor 192.168.5.2 remote-as 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 1
Router1(config-router)#neighbor 192.168.1.5 remove-private-AS
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 注意此命令是不能刪除那些在公共ASN之間的私有ASN
9.10.  基於AS Path屬性值的路由過濾  
提問 基於接收或者發送路由的AS Path屬性值進行路由過濾
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^65501$
Router1(config)#ip as-path access-list 25 permit _65530_
Router1(config)#ip as-path access-list 25 deny _65531$
Router1(config)#ip as-path access-list 25 permit .*
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 in
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 filter-list 25 out
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 正則表達式過濾
9.11.  減少接收到的路由表大小
提問 通過彙總接收到路由的方式來減少所接收的路由表大小
回答
通過缺省路由的方式來過濾到過多的外部路由
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.0 1
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.102.0 2
Router1(config)#ip prefix-list CREATE-DEFAULT seq 10 permit 192.168.101.0/24
Router1(config)#ip prefix-list CREATE-DEFAULT seq 20 permit 192.168.102.0/24
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋
9.12.  出方向路由信息彙總
提問 在向下遊路由器發送路由表之前進行路由彙總
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#auto-summary
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 這是缺省行爲,但是是有類的彙總,並且只能針對再分發過來的路由,不能適用於network命令配置的路由。思科使用瞭如下命令對出方向路由進行彙總
Router3(config)#router bgp 65530
Router3(config-router)#aggregate-address 172.20.0.0 255.252.0.0 summary-only
Summaryonly選項只發布彙總路由,去掉後會發送彙總路由和子網路由,而爲了避免迴環建議添加as-set選項
9.13.  在AS Path屬性值中添加更多ASN
提問 通過增加AS Path屬性中ASN的數目來影響BGP選路
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#match as-path 15
Router1(config-route-map)#set as-path prepend 65500 65500 65500
Router1(config-route-map)#exit
Router1(config)#route-map PREPEND permit 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map PREPEND out
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 通過這種方式來影響入流量
9.14.  再發布路由到BGP
提問 IGP和BGP之間的再分發
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router ospf 100
Router1(config-router)#network 172.26.0.0 0.0.255.255 area 0
Router1(config-router)#redistribute bgp 65500 metric 500 subnets
Router1(config-router)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#network 172.26.0.0
Router1(config-router)#exit
Router1(config)#end
Router1#

Router2(config)#route-map REDIST permit 5
Router2(config-route-map)#match tag 123
Router2(config-route-map)#exit
Router2(config)#route-map REDIST deny 10
Router2(config-route-map)#match route-type external
Router2(config-route-map)#exit
Router2(config)#route-map REDIST permit 20
Router2(config-route-map)#exit
Router2(config)#router bgp 65520
Router2(config-router)#redistribute eigrp 99 route-map REDIST metric 500
註釋
9.15. 使用Peer Groups
提問 使用組的形式來簡化對多個相同屬性鄰居的配置
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor EBGP-PEERS peer-group
Router1(config-router)#neighbor EBGP-PEERS prefix-list PRE-RTFILTER in
Router1(config-router)#neighbor EBGP-PEERS filter-list 15 out
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.9 remote-as 65521
Router1(config-router)#neighbor 192.168.1.9 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.13 remote-as 65522
Router1(config-router)#neighbor 192.168.1.13 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.17 remote-as 65523
Router1(config-router)#neighbor 192.168.1.17 peer-group EBGP-PEERS
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋 當然也可以針對iBGP鄰居
Router1(config)#router bgp 6550
Router1(config-router)#neighbor IBGP-PEERS peer-group
Router1(config-router)#neighbor IBGP-PEERS update-source Loopback0
Router1(config-router)#neighbor IBGP-PEERS route-reflector-client
Router1(config-router)#neighbor 192.168.101.5 remote-as 65500
Router1(config-router)#neighbor 192.168.101.5 peer-group IBGP-PEERS
Router1(config-router)#neighbor 192.168.101.9 remote-as 65500
Router1(config-router)#neighbor 192.168.101.9 peer-group IBGP-PEERS

9.16.  BGP鄰居認證
提問 使用認證增加安全性
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#neighbor 192.168.55.5 password password-1234
Router1(config-router)#exit
Router1(config)#end
Router1#
註釋
9.17.  使用BGP Communities
提問 使用BGP Communities來對路由進行控制
回答
首先要通過route map的方式針對鄰居設定希望的Communities值
Router3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router3(config)#ip prefix-list 10.101/16 seq 5 permit 10.101.0.0/16
Router3(config)#ip prefix-list 10.102/16 seq 5 permit 10.102.0.0/16
Router3(config)#ip prefix-list 10.103/16 seq 5 permit 10.103.0.0/16
Router3(config)#ip prefix-list 10.104/16 seq 5 permit 10.104.0.0/16
Router3(config)#ip prefix-list 10.105/16 seq 5 permit 10.105.0.0/16
Router3(config)#route-map APPLY_COMMUNITY_A permit 10
Router3(config-route-map)#match ip address prefix-list 10.101/16
Router3(config-route-map)#set community no-advertise
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 20
Router3(config-route-map)#match ip address prefix-list 10.102/16
Router3(config-route-map)#set community no-export
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 30
Router3(config-route-map)#match ip address prefix-list 10.103/16
Router3(config-route-map)#set community local-AS
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 40
Router3(config-route-map)#match ip address prefix-list 10.104/16
Router3(config-route-map)#set community internet
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 50
Router3(config-route-map)#match ip address prefix-list 10.105/16
Router3(config-route-map)#set community 4293328976
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 100
Router3(config-route-map)#exit
Router3(config)#router bgp 65500
Router3(config-router)#no synchronization
Router3(config-router)#neighbor 172.18.5.3 remote-as 65500
Router3(config-router)#neighbor 172.18.5.3 next-hop-self
Router3(config-router)#neighbor 172.18.5.3 send-community both
Router3(config-router)#neighbor 172.18.5.10 remote-as 65500
Router3(config-router)#neighbor 172.18.5.10 next-hop-self
Router3(config-router)#neighbor 172.18.5.10 send-community both
Router3(config-router)#neighbor 192.168.1.9 remote-as 65520
Router3(config-router)#neighbor 192.168.1.9 send-community both
Router3(config-router)#neighbor 192.168.1.9 route-map APPLY_COMMUNITY_A in
Router3(config-router)#exit
Router3(config)#end
Router3#
在下游路由器上配置命令使其可以分發此Community值
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#router bgp 65500
Router2(config-router)#no synchronization
Router2(config-router)#neighbor 172.18.5.4 remote-as 65500
Router2(config-router)#neighbor 172.18.5.4 send-community both
Router2(config-router)#neighbor 172.18.5.10 remote-as 65500
Router2(config-router)#neighbor 172.18.5.10 send-community both
Router2(config-router)#no auto-summary
Router2(config-router)#exit
Router2(config)#end
Router2#
註釋 通過定義local-as,no-advertise,no-export,internet四種不同community屬性值的方式來限制路由公告的範圍
9.18.  使用BGP Route Reflectors
提問 通過路由反射器的方式來簡化iBGP鄰居關係
回答
只要針對三種不同角色路由器的配置
Router1是Client Peer:
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Ethernet0/0
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Loopback0
Router1(config-if)#ip address 172.18.6.1 255.255.255.255
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#no synchronization
Router1(config-router)#neighbor 172.18.6.2 remote-as 65500
Router1(config-router)#neighbor 172.18.6.2 next-hop-self
Router1(config-router)#neighbor 172.18.6.2 update-source Loopback0
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#exit
Router1(config)#ip route 172.18.6.2 255.255.255.255 172.18.5.3
Router1(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router1(config)#ip route 172.18.6.4 255.255.255.255 172.18.5.10
Router1(config)#end
Router1#
Router4 是Nonclient Peer:
Router4#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router4(config)#interface Ethernet0
Router4(config-if)#ip address 172.18.5.10 255.255.255.0
Router4(config-if)#exit
Router4(config)#interface Loopback0
Router4(config-if)#ip address 172.18.6.4 255.255.255.255
Router4(config-if)#exit
Router4(config)#router bgp 65500
Router4(config-router)#no synchronization
Router4(config-router)#neighbor 172.18.6.2 remote-as 65500
Router4(config-router)#neighbor 172.18.6.2 update-source Loopback0
Router4(config-router)#exit
Router4(config)#ip route 172.18.6.1 255.255.255.255 172.18.5.2
Router4(config)#ip route 172.18.6.2 255.255.255.255 172.18.5.3
Router4(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router4(config)#end
Router4#
R2是 Route Reflector
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 172.18.5.3 255.255.255.0
Router2(config-if)#exit
Router2(config)#interface Loopback0
Router2(config-if)#ip address 172.18.6.2 255.255.255.255
Router2(config-if)#exit
Router2(config)#router bgp 65500
Router2(config-router)#no synchronization
Router2(config-router)#neighbor 172.18.6.1 remote-as 65500
Router2(config-router)#neighbor 172.18.6.1 route-reflector-client
Router2(config-router)#neighbor 172.18.6.1 update-source Loopback0
Router2(config-router)#neighbor 172.18.6.3 remote-as 65500
Router2(config-router)#neighbor 172.18.6.3 route-reflector-client
Router2(config-router)#neighbor 172.18.6.3 update-source Loopback0
Router2(config-router)#neighbor 172.18.6.4 remote-as 65500
Router2(config-router)#neighbor 172.18.6.4 update-source Loopback0
Router2(config-router)#no auto-summary
Router2(config-router)#exit
Router2(config)#ip route 172.18.6.1 255.255.255.255 172.18.5.2
Router2(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router2(config)#ip route 172.18.6.4 255.255.255.255 172.18.5.10
Router2(config)#end
Router2#

註釋 路由反射器是解決要求iBGP全互聯的問題。不過爲了保證冗餘性還是要配置多個路由反射器,使用bgp cluster-id 1234命令來定義cluster
9.19.       彙總實驗
提問 結合前面的方法,重新配置一臺路由器兩個冗餘鏈路的情況
回答
Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to ISP #2, ASN 65520
Router1(config-if)#ip address 192.168.2.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.0 1
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.102.0 2
Router1(config)#ip prefix-list CREATE-DEFAULT seq 10 permit 192.168.101.0/24
Router1(config)#ip prefix-list CREATE-DEFAULT seq 20 permit 192.168.102.0/24
Router1(config)#ip prefix-list BLOCK-DEFAULT seq 10 permit 0.0.0.0/0 ge 1
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#set as-path prepend 65500 65500
Router1(config-route-map)#exit
Router1(config)#route-map LOCALPREF permit 10
Router1(config-route-map)#set local-preference 75
Router1(config-route-map)#exit
Router1(config)#route-map DEFAULT-ROUTE permit 10
Router1(config-route-map)#match ip address prefix-list CREATE-DEFAULT
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 172.18.5.3 remote-as 65500
Router1(config-router)#neighbor 172.18.5.3 password password_number1
Router1(config-router)#neighbor 172.18.5.3 default-origniate route-map DEFAULT-ROUTE
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 password password_number2
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
Router1(config-router)#neighbor 192.168.1.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#neighbor 192.168.1.5 prefix-list BLOCK-DEFAULT out
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 password password_number3
Router1(config-router)#neighbor 192.168.2.5 filter-list 15 out
Router1(config-router)#neighbor 192.168.2.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#neighbor 192.168.2.5 prefix-list BLOCK-DEFAULT out
Router1(config-router)#neighbor 192.168.2.5 route-map PREPEND out
Router1(config-router)#neighbor 192.168.2.5 route-map LOCALPREF in
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

看似簡單實際上作用十分強大的短鏈接到底有何作用

很多很多人都不知道短鏈接存在的意義,也不知道他是什麼時候發展起來的。很長的鏈接雖然在打開速度上和短鏈接沒什麼區 別, 但是一條好幾十個字母甚至更長的網址,不方便記憶吧? 你只能是用特殊的方式去記住 放在收藏夾或者用一個記事本,下 次 使

qq_38472635 2020-07-08 03:40:47

磁盤陣列(Disk Array) 及磁盤陣列常用技術術語

磁盤陣列(Disk Array) 及磁盤陣列常用技術術語 1.爲什麼需要磁盤陣列 如何增加磁盤的存取(access)速度,如何防止數據因磁盤的故障而失落及如何有效的利用磁盤空間,一直是電腦專業人員和用戶的困擾;而大容量磁盤的價格非常昂貴,

opl001 2020-07-08 01:57:31

怎樣成爲一個合格的程序員

成爲程序員就意味着要開啓程序生涯,開始敲代碼,如果說做程序員僅僅爲了高工資,那麼就不必做了。一天天干坐着只爲等工資那麼奉勸你,另謀高就。   學編程應該在編程中感受到快樂,不然每天對着沒有表情的字母,很是枯燥,代碼編輯很需要謹慎切記不能粗

weixin_45820912 2020-07-08 00:05:15

華爲eNSP的端口隔離模式配置

我們將採用eNSP進行拓撲圖的搭建: 接下來,進行端口隔離模式配置 完成!!!

吱ang张 2020-07-07 15:12:48

華爲eNSP的SSH遠程登陸配置

我們將採用eNSP進行拓撲圖的搭建: 首先,我們將進行路由器的簡單配置,確認IP地址在同一網段 接下來,我們將配置SSH遠程登陸 完成!!!

吱ang张 2020-07-07 15:12:48

用Post方式抓取一個網頁

這段時間接到一個抓取任務,任務的目標是,對Http://www.hzti.com網站的違章數據進行抓取,剛接到這個任務粗略的分析了一下網站代碼的格式,

suacker 2020-07-07 14:35:34

企業電話系統的選擇

先解釋幾個術語。 外線 從電信申請的線路,一條線路對應一個電話號碼,通常說有幾個電話號碼就是有幾條外線線路,簡稱外線。 內線 從程控交換機到每個座位的線路,一條線路對應一個分機號碼,通常說接幾部分機就必須要有幾條分機線路。 中繼線

Yusa.Yan 2020-07-07 14:31:57

雙網卡下添加靜態路由

系統平臺:WIN8.1 情況描述 電腦上安裝了2個網卡,一個連接外網(自動分配IP,路由地址爲192.168.0.1) 一個連接單位內網; 網卡靜態IP爲10.37.130.130 網關10.37.130.129 子網掩碼255.

Yusa.Yan 2020-07-07 14:31:56

PDU會話管理簡介(二)

SMF是PDU會話管理的核心,其他控制面網元配合SMF完成PDU會話管理。 SMF精心管控着PDU會話,SMF與AMF、PCF和UPF的聯繫最爲基本。 1、AMF與SMF的關聯 SM Context AMF是UE唯一的移動錨點,UE的會話

Jupiter_CD_lenovo 2020-07-07 13:04:17

winrar5.7.1商業版 無廣告 註冊下載

引用:https://blog.csdn.net/tanaya/article/details/90114772   下載地址大全:https://www.rarlab.com/download.htm    博客一:https://bl

风雨无阻fywz 2020-07-06 20:46:44

關於wish平臺收款方式的比較,哪個更好?

Wish 2011年成立於硅谷,是一家高科技獨角獸公司,有90%的賣家來自中國,也是北美和歐洲最大的移動電商平臺。Wish使用優化算法大規模獲取數據,並快速瞭解如何爲每個客戶提供最相關的商品,讓消費者在移動端便捷購物的同時享受購物的樂趣,

qq_38504461 2020-07-06 15:49:58

【轉載】TCP&UDP僞首部詳解

最近在讀Stevens 的tcp/ip詳解,其中介紹到了UDP和TCP僞首部但是介紹的不夠詳細,只說是爲了UDP和TCP校驗和存在的,同時給出了一個僞首部的圖,是直接加在UDP首部前面的,給我的困惑貌似是真實存在的,其實這個圖應該用虛線表

sandaojushi 2020-07-06 05:51:51

【轉】PPP數據幀的格式

PPP數據幀的格式 [ 2007-5-17 11:43:00   ]   PPP協議也許大家都聽說過,可以說現在家裏的ADSL都是通過PPP協議進行鏈路的搭建,今天就說說PPP到底是個啥東東。    想要了解PPP,個人認爲有3個關鍵

sandaojushi 2020-07-06 05:51:51

PDU會話管理簡介(一)

1、PDU會話的作用 PDU會話爲5G UE與DN之間提供數據連通性, UE的所有數據流量都必須通過PDU會話來承載。換句話說,UE發送數據流量之前,應當先建立PDU會話。 PDU會話必須由UE發起創建,核心網接受UE的請求並分配相應的控

Jupiter_CD_lenovo 2020-07-06 04:16:58

華爲eNSP的Telnet遠程管理配置

我們將採用eNSP進行拓撲圖的搭建 進入R1的GE口進行IP配置: 進入R2進行IP配置,確保與R1在同一網段: 配置Telnet遠程登陸 然後在R1上去登陸R2 完成!!!

吱ang张 2020-07-05 14:14:48