第15章 BGP典型配置案例
H3C IPV6之IBGP一级RR路由反射器典型组网配置案例
组网说明:本案例采用H3C HCL模拟器来模拟IPV6 IBGP一级RR路由反射器典型组网配置!R1与R2属于AS100,R3属于AS200。
R1是R2的RR路由反射器的客户端。
R2与R3为EBGP邻居关系。
要求R1、R2、R3的loopback0能够互通。
配置思路:1、按照网络拓扑图正确配置IP地址2、R1与R2建立IBGP邻居关系,R2配置RR路由反射器客户端,指向R13、R2与R3建立EBGP邻居关系配置过程:R1:<H3C>sysSystem View: return to User View with Ctrl+Z.[H3C]sysname R1[R1]int loopback 1[R1-LoopBack1]ip address 1.1.1.1 32[R1-LoopBack1]quit[R1]int loopback 0[R1-LoopBack0]ipv6 address 3::1 64[R1-LoopBack0]quit[R1]int gi 0/1[R1-GigabitEthernet0/1]des <connect to R2>[R1-GigabitEthernet0/1]ipv6 address 1::1 64[R1-GigabitEthernet0/1]quit[R1]bgp 100[R1-bgp-default]router-id 1.1.1.1[R1-bgp-default]peer 1::2 as-number 100[R1-bgp-default]address-family ipv6 unicast[R1-bgp-default-ipv6]peer 1::2 enable[R1-bgp-default-ipv6]network 3:: 64[R1-bgp-default-ipv6]quit[R1-bgp-default]quitR2:<H3C>sysSystem View: return to User View with Ctrl+Z. [H3C]sysname R2[R2]int loopback 1[R2-LoopBack1]ip address 2.2.2.2 32[R2-LoopBack1]quit[R2]int loopback 0[R2-LoopBack0]ipv6 address 4::1 64[R2-LoopBack0]quit[R2]int gi 0/1[R2-GigabitEthernet0/1]des <connect to R1> [R2-GigabitEthernet0/1]ipv6 address 1::2 64 [R2-GigabitEthernet0/1]quit[R2]int gi 0/0[R2-GigabitEthernet0/0]des <connect to R3> [R2-GigabitEthernet0/0]ipv6 address 2::1 64 [R2-GigabitEthernet0/0]quit[R2]bgp 100[R2-bgp-default]router-id 2.2.2.2[R2-bgp-default]peer 1::1 as-number 100 [R2-bgp-default]peer 2::2 as-number 200 [R2-bgp-default]address-family ipv6 unicast [R2-bgp-default-ipv6]peer 1::1 enable[R2-bgp-default-ipv6]peer 1::1 reflect-client [R2-bgp-default-ipv6]peer 2::2 enable[R2-bgp-default-ipv6]network 4:: 64[R2-bgp-default-ipv6]import-route direct [R2-bgp-default-ipv6]quit[R2-bgp-default]quitR3:<H3C>sysSystem View: return to User View with Ctrl+Z. [H3C]sysname R3[R3]int loopback 1[R3-LoopBack1]ip address 3.3.3.3 32[R3-LoopBack1]quit[R3]int loopback 0[R3-LoopBack0]ipv6 address 5::1 64[R3-LoopBack0]quit[R3]int gi 0/0[R3-GigabitEthernet0/0]des <connect to R2> [R3-GigabitEthernet0/0]ipv6 address 2::2 64 [R3-GigabitEthernet0/0]quit[R3]bgp 200[R3-bgp-default]router-id 3.3.3.3[R3-bgp-default]peer 2::1 as-number 100 [R3-bgp-default]address-family ipv6 unicast [R3-bgp-default-ipv6]peer 2::1 enable[R3-bgp-default-ipv6]network 5:: 64[R3-bgp-default-ipv6]quit[R3-bgp-default]quit分别查看R1、R2、R3的路由表:查看R1的BGP邻居信息:查看R2的BGP邻居信息:查看R3的BGP邻居信息:查看R1的IPV6 BGP路由表:查看R2的IPV6 BGP路由表:[R2]dis bgp routing-table ipv6Total number of routes: 8BGP local router ID is 2.2.2.2Status codes: * - valid, > - best, d - dampened, h - historys - suppressed, S - stale, i - internal, e - externala - additional-pathOrigin: i - IGP, e - EGP, ? - incomplete* > Network : 1:: PrefixLen : 64 NextHop : :: LocPrf :PrefVal : 32768 OutLabel : NULL MED : 0Path/Ogn: ?* > Network : 1::2 PrefixLen : 128 NextHop : ::1 LocPrf :PrefVal : 32768 OutLabel : NULL MED : 0Path/Ogn: ?* > Network : 2:: PrefixLen : 64 NextHop : :: LocPrf :PrefVal : 32768 OutLabel : NULL MED : 0Path/Ogn: ?* > Network : 2::1 PrefixLen : 128 NextHop : ::1 LocPrf :PrefVal : 32768 OutLabel : NULL MED : 0Path/Ogn: ?* >i Network : 3:: PrefixLen : 64 NextHop : 1::1 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0Path/Ogn: i* > Network : 4:: PrefixLen : 64 NextHop : :: LocPrf :PrefVal : 32768 OutLabel : NULLMED : 0Path/Ogn: i* > Network : 4::1 PrefixLen : 128 NextHop : ::1 LocPrf :PrefVal : 32768 OutLabel : NULL MED : 0Path/Ogn: ?* >e Network : 5:: PrefixLen : 64 NextHop : 2::2 LocPrf :PrefVal : 0 OutLabel : NULL MED : 0Path/Ogn: 200i[R2]查看R3的IPV6 BGP路由表:在R1使用loopback0作为源能PING通R2和R3的loopback0:在R2使用loopback0作为源能PING通R1和R3的loopback0:在R3使用loopback0作为源能PING通R1和R1的loopback0:至此,IPV6之IBGP 一级RR路由反射器典型组网配置案例已完成!。
路由策略典型配置举例与故障排除
路由策略导致网络连接不稳定
如果路由策略导致网络连接不稳定,可能是由于策略 本身存在性能问题,或者网络环境发生变化但路由策 略未及时调整等原因。
首先,需要检查路由策略的代码是否存在性能问题, 例如循环语句、过于复杂的算法等。其次,需要确认 当前的网络环境是否与路由策略相匹配,例如是否需 要更改路由策略的地址段或端口范围。此外,还需要 对网络环境进行监控和分析,找出可能影响路由策略 性能的其他因素。
路由策略无法正确识别源/目的地址
如果路由策略无法正确识别源地址或目的地 址,很可能是由于地址掩码设置不正确或地 址类型选择不当等原因。
首先,需要检查地址掩码的设置是否正确, 掩码位数是否与网络环境相匹配。其次,需 要确认地址类型是否选择恰当,例如是否需 要将私有地址转换为公网地址。此外,还需 要检查路由策略是否添加了其他过滤条件,
根据网络状态、应用需求和用户行为等因素进行自动优化和调整。
03
多路径路由的应用
多路径路由是一种可以利用多种路径进行数据传输的技术,可以提供更
高的可靠性和容错能力。未来,多路径路由的应用将会越来越广泛。
THANKS
感谢观看
03
CATALOGUE
故障排除
路由策略无法正常工作
当路由策略无法正常工作时,可能存在以下几种情况:策略本身存在错误、配置过程中出现失误、网 络环境发生变化等。
首先,需要检查路由策略的代码是否正确,是否存在语法错误、逻辑错误等问题。其次,需要核对配 置过程中的各项参数是否正确,包括源地址、目的地址、端口号等。最后,需要确认当前的网络环境 是否与路由策略相匹配,例如是否需要更改路由策略的地址段或端口范围。
路由策略的故障排除
当网络出现故障时,需要分析故障原因,并根据路由策略 的配置逐一排查,确定故障点并进行修复。
CISCO+OSPF+MPLS+BGP配置实例加讲解
CISCO 路由器OSPF+MPLS+BGP配置实例二OO八年九月四日目录一、网络环境 (3)二、网络描述 (3)三、网络拓扑图 (4)四、P路由器配置 (4)五、PE1路由器配置 (6)六、PE2路由器配置 (9)七、CE1路由器配置 (11)八、CE2路由器配置 (13)九、业务测试 (14)一、网络环境由5台CISCO7204组成的网络,一台为P路由器,两台PE路由器,两台CE 路由器;二、网络描述在P和两台PE路由器这间通过OSPF动态路由协议完成MPLS网络的建立,两台PE路由器这间启用BGP路由协议,在PE路由器上向所属的CE路由器指VPN 路由,在CE路由器中向PE路由器配置静态路由。
配置思路:1、在P和两台PE路由器这间通过OSPF动态路由协议,在P和PE路由器两两互连的端口上启用MPLS,两台PE之间的路为备份路由,这属公网路由。
2、两台PE路由器这间启用BGP路由协议,这使得属于VPN的IP地址能在两个网络(两台CE所属的网络)互相发布,这属私网(VPN)路由。
3、在PE路由器上向所属的CE路由器指VPN路由,这打通了两个网络(两台CE所属的网络)之间的路由。
三、网络拓扑图P路由器(r1)(r4) CE1路由器(r5)LOOP0:192.168.3.1/24LOOP0:192.168.4.1/24四、P路由器配置p#SHOW RUNBuilding configuration...Current configuration : 1172 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname p!boot-start-markerboot-end-marker!!no aaa new-modelip subnet-zero!!!ip cefip audit po max-events 100!!interface Loopback0ip address 202.98.4.3 255.255.255.255 !interface FastEthernet0/0description to_r2ip address 10.1.1.10 255.255.255.252 ip ospf cost 20duplex fulltag-switching mtu 1508tag-switching ip!interface FastEthernet1/0description to_r3ip address 10.1.1.6 255.255.255.252 ip ospf cost 20duplex fulltag-switching mtu 1508tag-switching ip!interface FastEthernet2/0no ip addressshutdownduplex half!interface FastEthernet3/0no ip addressshutdownduplex half!router ospf 100log-adjacency-changesredistribute connected subnets redistribute static subnetsnetwork 10.1.1.6 0.0.0.0 area 0 network 10.1.1.10 0.0.0.0 area 0!ip classlessno ip http serverno ip http secure-server!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4login!!endp#五、PE1路由器配置pe1#show runBuilding configuration...Current configuration : 1813 bytes!version 12.3service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption!hostname pe1!boot-start-markerboot-end-marker!!no aaa new-modelip subnet-zero!!!ip vrf vpnard 1:100route-target export 200:1route-target import 200:1!ip cefip audit po max-events 100!!interface Loopback0ip address 202.98.4.1 255.255.255.255!interface FastEthernet0/0description to_r5ip vrf forwarding vpnaip address 172.16.1.1 255.255.255.252 duplex fulltag-switching ip!interface FastEthernet1/0description to_r1ip address 10.1.1.5 255.255.255.252ip ospf cost 20duplex fulltag-switching mtu 1508tag-switching ip!interface FastEthernet2/0ip address 10.1.1.1 255.255.255.252ip ospf cost 100duplex fulltag-switching mtu 1508tag-switching ip!interface FastEthernet3/0no ip addressshutdownduplex half!router ospf 100log-adjacency-changesredistribute connected metric-type 1 subnetsnetwork 10.1.1.0 0.0.0.255 area 0network 202.98.4.0 0.0.0.255 area 0!router bgp 100no bgp default ipv4-unicastbgp log-neighbor-changesneighbor 202.98.4.2 remote-as 100neighbor 202.98.4.2 update-source Loopback0 neighbor 202.98.4.2 version 4!address-family vpnv4neighbor 202.98.4.2 activateneighbor 202.98.4.2 send-community extendedexit-address-family!address-family ipv4 vrf vpnaredistribute connectedredistribute staticno auto-summaryno synchronizationexit-address-family!ip classlessip route vrf vpna 192.168.3.0 255.255.255.0 172.16.1.2 no ip http serverno ip http secure-server!ip ospf name-lookup!!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4login!!endpe1#六、PE2路由器配置pe2#show runBuilding configuration...Current configuration : 1725 bytes!version 12.3service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption!hostname pe2!boot-start-markerboot-end-marker!!no aaa new-modelip subnet-zero!!!ip vrf vpnard 1:100route-target export 200:1route-target import 200:1!ip cefip audit po max-events 100!!interface Loopback0ip address 202.98.4.2 255.255.255.255 !interface FastEthernet0/0description to_r1ip address 10.1.1.9 255.255.255.252ip ospf cost 20duplex fulltag-switching ip!interface FastEthernet1/0ip vrf forwarding vpnaip address 172.16.2.1 255.255.255.0duplex fulltag-switching ip!interface FastEthernet2/0ip address 10.1.1.2 255.255.255.252ip ospf cost 100duplex fulltag-switching ip!interface FastEthernet3/0no ip addressshutdownduplex half!router ospf 100log-adjacency-changesredistribute connected metric 1 subnets redistribute static metric-type 1 subnets network 10.1.1.0 0.0.0.255 area 0!router bgp 100no bgp default ipv4-unicastbgp log-neighbor-changesneighbor 202.98.4.1 remote-as 100neighbor 202.98.4.1 update-source Loopback0 neighbor 202.98.4.1 version 4!address-family vpnv4neighbor 202.98.4.1 activateneighbor 202.98.4.1 send-community extended exit-address-family!address-family ipv4 vrf vpnaredistribute connectedredistribute staticno auto-summaryno synchronizationexit-address-family!ip classlessip route vrf vpna 192.168.4.0 255.255.255.0 172.16.2.2 no ip http serverno ip http secure-server!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4login!!End七、CE1路由器配置ce1#show runBuilding configuration...Current configuration : 892 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ce1!boot-start-markerboot-end-marker!!no aaa new-modelip subnet-zero!!!ip cefip audit po max-events 100!!interface Loopback0ip address 192.168.3.1 255.255.255.0 !interface FastEthernet0/0description to_r3ip address 172.16.1.2 255.255.255.252 duplex full!interface FastEthernet1/0no ip addressshutdownduplex half!interface FastEthernet2/0no ip addressshutdownduplex half!interface FastEthernet3/0no ip addressshutdownduplex half!ip classlessip route 0.0.0.0 0.0.0.0 172.16.1.1no ip http serverno ip http secure-server!!!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4login!!end八、CE2路由器配置Ce2#show runBuilding configuration...*Sep 3 13:53:56.167: %SYS-5-CONFIG_I: Configured from console by console Current configuration : 888 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ce2!boot-start-markerboot-end-marker!!no aaa new-modelip subnet-zero!!!ip cefip audit po max-events 100!!interface Loopback0ip address 10.10.13.1 255.255.255.0!interface FastEthernet0/0no ip addressshutdownduplex half!interface FastEthernet1/0description to_r2ip address 10.10.12.2 255.255.255.0duplex full!interface FastEthernet2/0no ip addressshutdownduplex half!interface FastEthernet3/0no ip addressshutdownduplex half!ip classlessip route 0.0.0.0 0.0.0.0 172.16.2.1no ip http serverno ip http secure-server!!gatekeepershutdown!!line con 0exec-timeout 0 0logging synchronousstopbits 1line aux 0stopbits 1line vty 0 4login!!end九、业务测试ce1# ping 172.16.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 96/190/324 ms ce1#ce2#ping 192.168.3.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 336/468/588 ms ce2#。
BGP的基本配置案例
peer 10.10.10.1 as-number 65000
peer 4.4.4.4 connect-interface LoopBack0
#
ip route-static 3.3.3.3 255.255.255.255 10.10.10.5
Origin : i - IGP, e - EGP, ? - inplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 10.10.10.1 0 0 65000i
i 10.10.20.1 0 100 0 65000i
*> 2.2.2.2/32 0.0.0.0 0 0 i
#
port-security enable
#
vlan 1
#
domain system
RTB上面路由查看:
[R2]dis bgp routing-table
Total Number of Routes: 4
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
#
RTB上network命令发布路由:
#
bgp 65300
network 2.2.2.2 255.255.255.255
#
RTD上network命令发布路由:
#
bgp 65300
network 4.4.4.4 255.255.255.255
BGP配置实验案例
BGP配置实验案例BGP(边界网关协议)是一个用于在互联网中交换路由信息的协议。
在本篇文章中,我们将探讨一个BGP配置实验案例,其中包括两个自治系统(AS)之间的BGP邻居关系的建立和路由的传递。
这个实验案例可以帮助读者更好地理解BGP协议的工作原理和配置步骤。
在这个实验案例中,我们有两个自治系统:AS1和AS2、AS1拥有IP 地址段192.168.0.0/24,AS2拥有IP地址段10.0.0.0/24、我们的目标是在两个自治系统之间建立BGP邻居关系,并实现路由的传递。
首先,我们需要在两个自治系统中配置BGP路由器。
在AS1中,我们选择一个路由器作为BGP路由器,并配置其Loopback接口的IP地址为192.168.0.1、在AS2中,选择另一个路由器作为BGP路由器,并配置其Loopback接口的IP地址为10.0.0.1、这些Loopback接口的IP地址将用作BGP邻居之间的通信地址。
接下来,我们开始配置BGP邻居关系。
在AS1中,我们需要告诉BGP 路由器与AS2的BGP路由器建立邻居关系。
假设AS2的BGP路由器的IP 地址为10.0.0.2,我们将在AS1的BGP路由器上执行以下命令:``````同样地,在AS2的BGP路由器上,我们需要告诉其与AS1的BGP路由器建立邻居关系。
假设AS1的BGP路由器的IP地址为192.168.0.1,我们将在AS2的BGP路由器上执行以下命令:``````配置完BGP邻居关系后,我们可以开始传递路由信息。
在AS1中,我们希望将本地的IP地址段192.168.0.0/24传输给AS2、我们需要在AS1的BGP路由器上执行以下命令:```network 192.168.0.0 mask 255.255.255.0```这些命令告诉AS1的BGP路由器将地址段192.168.0.0/24传输给BGP邻居。
同样地,在AS2中,我们希望将本地的IP地址段10.0.0.0/24传输给AS1、我们需要在AS2的BGP路由器上执行以下命令:```network 10.0.0.0 mask 255.255.255.0```这些命令告诉AS2的BGP路由器将地址段10.0.0.0/24传输给BGP邻居。
bgp,vpn实例
去年12月的时候做了一个项目,中间碰到一个问题,今天写出来跟大家分享一下。
项目概况是这样的,国家电网的一市局,市局里放了两台NE20E-8的路由器,做为全市的核心路由器,每台NE20E-8用一个CPOS口通过传输设备复用出多个2M线路,下接多个变电所,变电所路由器为cisco的2811路由器。
cisco 2811路由器与两台NE20E-8组成一个链路双归网络,cisco 2811、两台NE20E-8路由器均为PE设备,两台NE20E-8做为全市的路由反射器,变电所的cisco2811路由器只与两台NE20E-8路由器建立BGP邻居关系。
全市存在两个VPN(MPLS/VPN),分别以VRF A和VRF B表示,两台NE20E-8使用upe 方式向cisco2811下发缺省路由引导上行流量,在cisco 2811中重分布直连路由。
以下为网络示意图:以下为三台设备的配置文件NE20E-8A:dis cu#sysname HZLA-NE20E-8A#router id 33.10.191.11#diffserv domain#ip vpn-instance realtimeroute-distinguisher 2007:1vpn-target 30033:11 export-extcommunityvpn-target 30033:1 30033:11 30033:13 import-extcommunity #ip vpn-instance nrtroute-distinguisher 2007:2vpn-target 30033:12 export-extcommunityvpn-target 30033:2 30033:12 30033:14 import-extcommunity #mpls lsr-id 33.10.191.11mpls#mpls ldp#controller Cpos3/0/0e1 6 channel-set 0 timeslot-list 1-31#interface Aux0async mode flowlink-protocol ppp#interface Ethernet1/0/0#interface Ethernet1/0/1#interface Ethernet1/0/2#interface Ethernet1/0/3#interface Ethernet1/0/4description LINK_TO_HZ-NE20-8Aip address 33.10.190.6 255.255.255.252mplsmpls ldp#interface Ethernet1/0/5#interface Ethernet1/0/6#interface Ethernet1/0/7#interface Ethernet2/0/0#interface Ethernet2/0/1#interface Ethernet2/0/2description LINK_TO_HZLA-NE20-8Bip address 33.10.190.61 255.255.255.252 mplsmpls ldp#interface Ethernet2/0/3#interface Ethernet2/0/4#interface Ethernet2/0/5#interface Ethernet2/0/6#interface Ethernet2/0/6.100vlan-type dot1q 100description LINK_TO_HZLA-S3328TP-RT ip binding vpn-instance realtimeip address 33.10.190.209 255.255.255.252 #interface Ethernet2/0/6.200vlan-type dot1q 200description realtimeip binding vpn-instance realtimeip address 10.33.177.94 255.255.255.224 vrrp vrid 200 virtual-ip 10.33.177.94#interface Ethernet2/0/7#interface Ethernet4/0/0#interface Ethernet4/0/1#interface Ethernet4/0/2#interface Ethernet4/0/3#interface Ethernet4/0/4#interface Ethernet4/0/5#interface Ethernet4/0/6#interface Ethernet4/0/6.300#interface Ethernet4/0/6.400description nrt#interface Ethernet4/0/7#interface Serial3/0/0/6:0link-protocol pppdescription xiushuiip address 33.10.177.217 255.255.255.252 mplsmpls ldp#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0ip address 33.10.191.11 255.255.255.255 #bgp 30033group 500 internalpeer 500 connect-interface LoopBack0 peer 33.10.191.131 as-number 30033 peer 33.10.191.131 group 500group 300 internalpeer 300 connect-interface LoopBack0 peer 33.10.191.1 as-number 30033peer 33.10.191.1 group 300peer 33.10.191.12 as-number 30033peer 33.10.191.12 group 300#ipv4-family unicastundo synchronizationreflector cluster-id 100.100.100.100peer 300 enablepeer 33.10.191.1 enablepeer 33.10.191.1 group 300peer 33.10.191.12 enablepeer 33.10.191.12 group 300peer 500 enablepeer 500 reflect-clientpeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpnv4reflector cluster-id 100.100.100.100policy vpn-targetpeer 300 enablepeer 33.10.191.1 enablepeer 33.10.191.1 group 300peer 33.10.191.12 enablepeer 33.10.191.12 group 300peer 500 enablepeer 500 reflect-clientpeer 500 upepeer 500 default-originate vpn-instance realtimepeer 500 default-originate vpn-instance nrtpeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpn-instance realtimeimport-route directimport-route static#ipv4-family vpn-instance nrtimport-route directimport-route static#aaalocal-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! local-user admin service-type telnetlocal-user admin level 15authentication-scheme default#authorization-scheme default#accounting-scheme default#domain default##ospf 1area 0.0.0.21network 33.10.191.11 0.0.0.0network 33.10.190.4 0.0.0.3network 33.10.190.60 0.0.0.3network 33.10.177.216 0.0.0.3#nqa-jitter tag-version 1#snmp-agentsnmp-agent local-engineid 000007DB7F00000100004E8Bsnmp-agent community write Zpepbdc@sjwsnmp-agent community read huaWei8zjepsnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.33.223.178 params securityname huaWei8zjepsnmp-agent target-host trap address udp-domain 10.33.223.179 params securityname huaWei8zjepsnmp-agent trap enable standardsnmp-agent trap source LoopBack0#user-interface con 0user-interface aux 0user-interface vty 0 4authentication-mode aaa#returnNE20—B:dis cu#sysname HZLA-NE20E-8B#router id 33.10.191.12#diffserv domain#ip vpn-instance realtimeroute-distinguisher 2008:1vpn-target 30033:11 export-extcommunityvpn-target 30033:1 30033:11 30033:13 import-extcommunity#ip vpn-instance nrtroute-distinguisher 2008:2vpn-target 30033:12 export-extcommunityvpn-target 30033:2 30033:12 30033:14 import-extcommunitympls lsr-id 33.10.191.12mpls#mpls ldp#controller Cpos3/0/0e1 6 channel-set 0 timeslot-list 1-31#interface Aux0async mode flowlink-protocol ppp#interface Ethernet1/0/0#interface Ethernet1/0/1#interface Ethernet1/0/2#interface Ethernet1/0/3#interface Ethernet1/0/4#interface Ethernet1/0/5#interface Ethernet1/0/6#interface Ethernet1/0/7#interface Ethernet2/0/0#interface Ethernet2/0/1#interface Ethernet2/0/2description LINK_TO_HZLA-NE20-8A ip address 33.10.190.62 255.255.255.252 mplsmpls ldp#interface Ethernet2/0/3#interface Ethernet2/0/4#interface Ethernet2/0/5interface Ethernet2/0/6#interface Ethernet2/0/6.300vlan-type dot1q 300description LINK_TO_HZLA-S3328TP-NRT ip binding vpn-instance nrtip address 33.10.190.217 255.255.255.252#interface Ethernet2/0/6.400vlan-type dot1q 400description nrtip binding vpn-instance nrtip address 10.33.177.126 255.255.255.224 vrrp vrid 40 virtual-ip 10.33.177.126#interface Ethernet2/0/7#interface Ethernet4/0/0#interface Ethernet4/0/1#interface Ethernet4/0/2#interface Ethernet4/0/3#interface Ethernet4/0/4description LINK_TO_HZFY-NE20-8Aip address 33.10.190.58 255.255.255.252 mplsmpls ldp#interface Ethernet4/0/5#interface Ethernet4/0/6#interface Ethernet4/0/6.100#interface Ethernet4/0/6.200description realtime#interface Ethernet4/0/7#interface Serial3/0/0/6:0link-protocol pppdescription xiushuiip address 33.10.226.217 255.255.255.252 mplsmpls ldp#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0ip address 33.10.191.12 255.255.255.255 #bgp 30033group 500 internalpeer 500 connect-interface LoopBack0 peer 33.10.191.131 as-number 30033 peer 33.10.191.131 group 500group 300 internalpeer 300 connect-interface LoopBack0 peer 33.10.191.11 as-number 30033peer 33.10.191.11 group 300peer 33.10.191.9 as-number 30033peer 33.10.191.9 group 300#ipv4-family unicastundo synchronizationreflector cluster-id 100.100.100.100peer 300 enablepeer 33.10.191.11 enablepeer 33.10.191.11 group 300peer 33.10.191.9 enablepeer 33.10.191.9 group 300peer 500 enablepeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpnv4reflector cluster-id 100.100.100.100 policy vpn-targetpeer 300 enablepeer 33.10.191.11 enablepeer 33.10.191.11 group 300peer 33.10.191.9 enablepeer 33.10.191.9 group 300peer 500 enablepeer 500 reflect-clientpeer 500 upepeer 500 default-originate vpn-instance realtimepeer 500 default-originate vpn-instance nrtpeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpn-instance realtimeimport-route directimport-route static#ipv4-family vpn-instance nrtimport-route directimport-route static#aaalocal-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! local-user admin service-type telnetlocal-user admin level 15authentication-scheme default#authorization-scheme default#accounting-scheme default#domain default##ospf 1import-route directarea 0.0.0.21network 33.10.191.12 0.0.0.0network 33.10.190.60 0.0.0.3network 33.10.190.56 0.0.0.3network 33.10.226.216 0.0.0.3#nqa-jitter tag-version 1#snmp-agentsnmp-agent local-engineid 000007DB7F00000100004E8Bsnmp-agent community write Zpepbdc@sjwsnmp-agent community read huaWei8zjepsnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.33.223.178 params securityname huaWei8zjepsnmp-agent target-host trap address udp-domain 10.33.223.179 params securityname huaWei8zjepsnmp-agent trap enable standardsnmp-agent trap source LoopBack0#user-interface con 0user-interface aux 0user-interface vty 0 4authentication-mode aaa#returncisco 2811LAXIUSHUI-R2811-1#sho runBuilding configuration...Current configuration : 3511 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname LAXIUSHUI-R2811-1!boot-start-markerboot-end-marker!card type e1 0 1logging message-counter syslogenable secret 5 $1$0LKz$71.irTxS.bL56D.GD74lD/!no aaa new-modelclock timezone CST 8no network-clock-participate wic 1!dot11 syslogno ip source-routeno ip gratuitous-arps!!ip cefip vrf nrtrd 2406:2route-target export 30033:14route-target import 30033:2route-target import 30033:12!ip vrf realtimerd 2406:1route-target export 30033:13route-target import 30033:1route-target import 30033:11!!!no ipv6 cef!multilink bundle-name authenticated !!!!!!!!!!!!!!!!!!!!!!!voice-card 0!!!!!archivelog confighidekeys!!!!!controller E1 0/1/0framing NO-CRC4clock source internalchannel-group 0 timeslots 1-31!controller E1 0/1/1framing NO-CRC4clock source internalchannel-group 0 timeslots 1-31!!!!!interface Loopback0ip address 33.10.191.131 255.255.255.255 !interface FastEthernet0/0ip address 192.168.1.1 255.255.255.0 duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!interface FastEthernet0/0/0description ***TO LAXIUSHUI-C2918-01 G0/24*** switchport mode trunk!interface FastEthernet0/0/1description ***TO LAXIUSHUI-C2918-02 G0/24*** switchport mode trunk!interface FastEthernet0/0/2!interface FastEthernet0/0/3!interface Serial0/1/0:0description ***TO LINAN-NE20-A ....***ip address 33.10.177.218 255.255.255.252 encapsulation pppmpls ip!interface Serial0/1/1:0description ***TO LINAN-NE20-B ....***ip address 33.10.226.218 255.255.255.252 encapsulation pppmpls ip!interface Vlan1no ip address!interface Vlan10ip vrf forwarding realtimeip address 33.10.234.97 255.255.255.248!interface Vlan20ip vrf forwarding nrtip address 33.10.234.105 255.255.255.248!interface Vlan30description management-realtimeip vrf forwarding realtimeip address 33.10.185.218 255.255.255.252ip access-group 100 in!interface Vlan40description management-nrtip vrf forwarding nrtip address 33.10.189.218 255.255.255.252!router ospf 1router-id 33.10.191.131log-adjacency-changesnetwork 33.10.177.216 0.0.0.3 area 21 network 33.10.191.131 0.0.0.0 area 21 network 33.10.226.216 0.0.0.3 area 21 !router bgp 30033bgp router-id 33.10.191.131no bgp default ipv4-unicastbgp log-neighbor-changesneighbor 500 peer-groupneighbor 500 remote-as 30033 neighbor 500 update-source Loopback0 neighbor 33.10.191.11 peer-group 500 neighbor 33.10.191.12 peer-group 500 !address-family ipv4neighbor 33.10.191.11 activate neighbor 33.10.191.12 activateno auto-summaryno synchronizationexit-address-family!address-family vpnv4neighbor 500 send-community extended neighbor 33.10.191.11 activate neighbor 33.10.191.12 activateexit-address-family!address-family ipv4 vrf realtime redistribute connectedredistribute staticno synchronizationexit-address-family!address-family ipv4 vrf nrt redistribute connectedredistribute staticno synchronizationexit-address-family!ip forward-protocol ndno ip http serverno ip http secure-server!!!!!!!!!control-plane!!!!!!!!!!line con 0line aux 0line vty 0 4exec-timeout 5 0password 7 1511021F07257A767Blogin!scheduler allocate 20000 1000end正常情况下,按照上面的配置,网络是不会有问题的,但当天做完后,发现网络不通,经检查,发现cisco 2811中每个vrf中均上存在一条缺省路由,为bgp路由是指向NE20-A 的(优选router-ID小的),这条路由是正常的。
操纵BGP路径选择---local preference属性案例
操纵BGP路径选择---local preference属性案例本地优先级(local pref)属性是分配给路由的一种优先级度量,用于和到同一目的地的其他路由相比较。
这是BGP路由处理中的第二优先属性(WEIGHT是第一优先属性)。
Local Pref属性只在本AS内部有效,不会被传送到EBGP邻居上。
本地优先级越高,路由优先级越高。
以上案例中,我们通过对R3的配置,设置从R1学到的1.0.0.0的本地优先级(Localpref)设置为200,由于缺省的值为100,AS200中所有的路由器都会选择R3到达1.0.0.0。
//// r1 ////int f2/0ip ad 192.1.1.1 255.255.255.0int f3/0ip ad 193.1.1.1 255.255.255.0int lo0ip ad 1.1.1.1 255.255.255.0int lo1ip ad 2.2.2.2 255.255.255.0router bgp 100no synneighbor 192.1.1.2 remote-as 200neighbor 193.1.1.3 remote-as 200network 1.0.0.0network 1.0.0.0//// r2 ////int f2/0ip ad 192.1.1.2 255.255.255.0int f4/0ip ad 194.1.1.2 255.255.255.0router os 1netw 0.0.0.0 255.255.255.255 a 0passive-interface f2/0router bgp 200no synneighbor 192.1.1.1 remote-as 100neighbor 194.1.1.4 remote-as 200neighbor 195.1.1.3 remote-as 200neighbor 194.1.1.4 next-hop-self//// r3 ////int f3/0ip ad 193.1.1.3 255.255.255.0int f5/0ip ad 195.1.1.3 255.255.255.0router os 1netw 0.0.0.0 255.255.255.255 a 0passive-interface f3/0router bgp 200no synneighbor 193.1.1.1 remote-as 100neighbor 195.1.1.4 remote-as 200neighbor 195.1.1.4 next-hop-selfneighbor 194.1.1.2 remote-as 200 neighbor 193.1.1.1 route-map localpref inaccess-list 1 permit 1.0.0.0 0.255.255.255route-map localpref permit 10match ip ad 1set local-pref 200route-map localpref permit 20set local-pref 100//// r4 ////int f4/0ip ad 194.1.1.4 255.255.255.0int f5/0ip ad 195.1.1.4 255.255.255.0int lo0ip ad 4.4.4.4 255.255.255.0router os 1netw 0.0.0.0 255.255.255.255 a 0router bgp 200no synneighbor 194.1.1.2 remote-as 200neighbor 195.1.1.3 remote-as 200netw 4.0.0.0验证://// r4 ////r4#sh ip bgpNetwork Next Hop Metric LocPrf Weight Path *>i1.0.0.0 195.1.1.3 0 200 0 100 i * i2.0.0.0 195.1.1.3 0 100 0 100 i *>i 194.1.1.2 0 100 0 100 i *> 4.0.0.0 0.0.0.0 0 32768 ir4#sh ip roB 1.0.0.0/8 [200/0] via 195.1.1.3, 00:02:20B 2.0.0.0/8 [200/0] via 194.1.1.2, 00:02:244.0.0.0/24 is subnetted, 1 subnetsC 4.4.4.0 is directly connected, Loopback0O 193.1.1.0/24 [110/128] via 195.1.1.3, 00:04:35, Serial5/0O 192.1.1.0/24 [110/128] via 194.1.1.2, 00:04:35, Serial4/0C 195.1.1.0/24 is directly connected, Serial5/0C 194.1.1.0/24 is directly connected, Serial4/0r2#sh ip bgpNetwork Next Hop Metric LocPrf Weight Path *>i1.0.0.0 193.1.1.1 0 200 0 100 i * 192.1.1.1 0 0 100 i * i2.0.0.0 193.1.1.1 0 100 0 100 i *> 192.1.1.1 0 0 100 i *>i4.0.0.0 194.1.1.4 0 100 0 ir2#sh ip roB 1.0.0.0/8 [200/0] via 193.1.1.1, 00:06:00B 2.0.0.0/8 [20/0] via 192.1.1.1, 00:06:044.0.0.0/8 is variably subnetted, 2 subnets, 2 masksO 4.4.4.4/32 [110/65] via 194.1.1.4, 00:08:20, Serial4/0B 4.0.0.0/8 [200/0] via 194.1.1.4, 00:06:55O 193.1.1.0/24 [110/192] via 194.1.1.4, 00:08:20, Serial4/0C 192.1.1.0/24 is directly connected, Serial2/0O 195.1.1.0/24 [110/128] via 194.1.1.4, 00:08:20, Serial4/0C 194.1.1.0/24 is directly connected, Serial4/0。
迈普路由器BGP基本配置示例
迈普路由器BGP基本配置示例随着互联网的发展,网络规模逐渐扩大,大型企事业单位的网络也越来越复杂。
在这样的背景下,BGP(边界网关协议)作为一种最常用的外部网关协议,被广泛应用于企业网络中。
本文将为你介绍迈普路由器BGP基本配置示例,帮助你更好地理解和应用BGP协议。
1. 路由器基本设置首先,我们需要对迈普路由器进行基本设置。
打开终端连接迈普路由器,进入路由器的全局配置模式。
输入以下命令完成路由器的基本设置:hostname RouterAip address 192.168.1.1 255.255.255.0interface GigabitEthernet 0/0/0ip address 10.0.0.1 255.255.255.0以上命令中,设置了路由器的主机名为RouterA,配置了路由器的管理IP地址为192.168.1.1/24,同时设置了路由器的接口GigabitEthernet 0/0/0的IP地址为10.0.0.1/24。
2. BGP协议配置接下来,我们需要配置BGP协议。
BGP协议是一种路由选择协议,用于跨自治系统的路由选择。
输入以下命令完成BGP协议的基本配置:router bgp 65001bgp router-id 192.168.1.1neighbor 10.0.0.2 remote-as 65002network 192.168.1.0 mask 255.255.255.0以上命令中,设置了本路由器的自治系统号为65001,指定了本路由器的BGP路由器ID为192.168.1.1,同时配置了邻居路由器的IP地址为10.0.0.2,邻居路由器的自治系统号为65002。
最后,我们将本路由器的192.168.1.0/24网段添加到BGP路由表中。
3. BGP邻居关系建立在上一步中,我们配置了本路由器的邻居路由器的信息。
接下来,我们需要建立BGP邻居关系。
输入以下命令完成邻居关系的建立:neighbor 10.0.0.2 activateneighbor 10.0.0.2 next-hop-self以上命令中,首先激活邻居路由器10.0.0.2,然后指定本路由器作为下一跳地址。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
[RouterB-bgp] peer 3.3.3.3 connect-interface loopback 0
[RouterB-bgp] quit [RouterB] ospf 1 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 32 [RouterB-ospf-1-area-0.0.0.0] network 9.1.1.1 24 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit
Peer
2.2.2.2
AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
65009 7 10 0 0 00:06:09 Established
以上显示信息表明Router B和Router C之间的IBGP连接已经建立。
3) l l
配置EBGP连接 EBGP邻居关系的两台路由器(通常属于两个不同运营商),处于不同的AS域,对端的Loopback接口一般路 因为要求Router C能够访问Router A直连的8.1.1.0/24网段,所以,建立EBGP连接后,需要将8.1.1.0/24网段
# 配置Router C。 <RouterC> system-view [RouterC] bgp 65009 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 2.2.2.2 as-number 65009 [RouterC-bgp] peer 2.2.2.2 connect-interface loopback 0 [RouterC-bgp] quit [RouterC] ospf 1 [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.3 32 [RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 24 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit [RouterC] display bgp peer BGP local router ID : 3.3.3.3 Local AS number : 65009 Total number of peers : 1 Peers in established state : 1
由不可达,所以一般使用直连地址建立BGP邻居。 路由通告到BGP路由表中。 # 配置Router A。 <RouterA> system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] network 8.1.1.1 24 [RouterA-bgp] quit # 配置Router B。 [RouterB] bgp 65009 [RouterB-bgp] peer 3.1.1.2 as-number 65008 [RouterB-bgp] quit
AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 65009 65008 12 3 10 0 3 0 3 00:09:16 Established 1 00:00:08 Established
可以看出,Router B与Router C、Router B与Router A之间的BGP连接均已建立。
(1) (2)
配置各接口的IP地址(略) 配置IBGP连接
l
l l
为了防止端口状态不稳定引起路由震荡,本举例使用Loopback接口来创建IBGP对等体。
使用Loopback接口创建IBGP对等体时,因为Loopback接口不是两对等体实际连接的接口,所以,必须使 在AS 65009内部,使用OSPF协议,保证Router B到Router C的Loopback接口路由可达, Router B到
# 查看Router B的BGP对等体的连接状态。 [RouterB] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 2 Peer 3.3.3.3 3.1.1.2 Peers in established state : 2
h - history, i - internal, s - suppressed, S - Stale
# 查看Router A的BGP路由表。 [RouterA] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped,
BGP典型配置案例
日期:
杭州华三通信技术有限公司 版权所有,未经授权不得使用与传播
BGP基本配置
组网需求
所有路由器均运行BGP协议,Router A和Router B之间建立EBGP连接,Router B和Router C之间建立 IBGP连接。要求Router C能够访问Router A直连的8.1.1.0/24网段。
用peer connect-interface命令将Loopback接口配置为BGP连接的源接口。 Router C的Loopback接口路由可达。
# 配置Router B。
<RouterB> system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 3.3.3.3 as-number 65009