Technical documentation
发布日期:2023-10-20 浏览次数:1295 来源:WOLF-LAB杨广成
EI CCNP培训企业基础架构-BGP协议AS-Path属性实验详解
思科认证EI CCNP培训企业基础架构课程咨询联系WOLF-LAB网络技术实验室,免费试听!
一、 思科认证EI CCNP培训企业基础架构课程-地址描述
1. R1-R6都有一个loopback0 IP ADD = 10.10.X.X/24,X=ROUTER NUMBER,比如R1的LO0 =10.10.1.1/24。
2. R1-R2接口地址为:1.1.12.X/24,X=ROUTER NUMBER。
3. R3-R4接口地址为:1.1.34.X/24,X=ROUTER NUMBER。
4. R2-R3接口地址为:1.1.23.X/24,X=ROUTER NUMBER。
5. R1 R4 R5以太接口地址为:1.1.145.X/24,X=ROUTER NUMBER。
6. R2-R6接口地址为:1.1.26.X/24,X=ROUTER NUMBER。
二、 思科认证EI CCNP培训企业基础架构课程-底层IGP基本配置
1. 如图所示, 配置R2-R3之间运行RIPv2,并将loopback接口宣告进RIP。
R2: router rip version 2 network 1.0.0.0 network 10.0.0.0 no auto-summary | R3: router rip version 2 network 1.0.0.0 network 10.0.0.0 no auto-summary |
2. 如图所示, 配置R1 R4 R5之间运行EIGRP 90,并将loopback接口宣告进EIGRP 90。
R1: router eigrp 90 network 1.1.145.1 0.0.0.0 network 10.10.1.1 0.0.0.0 no auto-summary | R4: router eigrp 90 network 1.1.145.4 0.0.0.0 network 10.10.4.4 0.0.0.0 no auto-summary |
R5: router eigrp 90 network 1.1.145.5 0.0.0.0 network 10.10.5.5 0.0.0.0 no auto-summary | |
三、 BGP
1. 建立BGP邻居:
所有的BGP PEER的建立,都用loopback0,都要no synchronization。
R1、R4、R5属于AS 145, 建立三条IBGP PEER:
R1与R4,R1与R5,R4与R5。
R2、R3属于AS 23,建立IBGP PEER。
R2、R3属于AS23,R1、R4属于AS145,R6属于AS600,建立,三条EBGP PEER:
R3与R4,R1与R2,R2与R6。
R1: router bgp 145 no synchronization bgp router-id 1.1.1.1 neighbor 1.1.12.2 remote-as 23 neighbor 10.10.4.4 remote-as 145 neighbor 10.10.4.4 update-source Loopback0 neighbor 10.10.5.5 remote-as 145 neighbor 10.10.5.5 update-source Loopback0 no auto-summary | R4: router bgp 145 no synchronization bgp router-id 4.4.4.4 neighbor 1.1.34.3 remote-as 23 neighbor 10.10.1.1 remote-as 145 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.5.5 remote-as 145 neighbor 10.10.5.5 update-source Loopback0 no auto-summary |
R2: router bgp 23 no synchronization bgp router-id 2.2.2.2 neighbor 1.1.12.1 remote-as 145 neighbor 10.10.3.3 remote-as 23 neighbor 10.10.3.3 update-source Loopback0 neighbor 1.1.26.6 remote-as 600 no auto-summary | R3: router bgp 23 no synchronization bgp router-id 3.3.3.3 neighbor 1.1.34.4 remote-as 145 neighbor 10.10.2.2 remote-as 23 neighbor 10.10.2.2 update-source Loopback0 no auto-summary |
R5: router bgp 145 no synchronization bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 10.10.1.1 remote-as 145 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 145 neighbor 10.10.4.4 update-source Loopback0 no auto-summary | R6: router bgp 600 no synchronization bgp router-id 6.6.6.6 neighbor 1.1.26.2 remote-as 23 no auto-summary
|
2. 在R2上将1.1.23.0/24宣告进BGP,要求在R5的BGP表中看到关于1.1.23.0/24的2条BGP路由,并且来自R1的这条路由能出现在R5的路由表中。
R2: router bgp 23 network 1.1.23.0 mask 255.255.255.0 | |
R1: router bgp 145 neighbor 10.10.4.4 next-hop-self neighbor 10.10.5.5 next-hop-self | R4: router bgp 145 neighbor 10.10.1.1 next-hop-self neighbor 10.10.5.5 next-hop-self |
R5: R5#show ip bgp Network Next Hop Metric LocPrf Weight Path *>i1.1.23.0/24 10.10.1.1 0 100 0 23 i * i 10.10.4.4 0 100 0 23 i | |
3. 在R1上做配置,来自于R2传递过来的1.1.23.0/24路由,AS-Path增加500,600这两个AS号,请使用前缀列表。
R1: ip prefix-list 23 seq 5 permit 1.1.23.0/24
route-map R2-R1-IN permit 10 match ip address prefix-list 23 set as-path prepend 500 600 route-map R2-R1-IN permit 20
router bgp 145 neighbor 1.1.12.2 route-map R2-R1-IN in
R1#show ip bgp Network Next Hop Metric LocPrf Weight Path * 1.1.23.0/24 1.1.12.2 0 0 500 600 23 i *>i 10.10.4.4 0 100 0 23 i |
4. 在R2上做配置,针对1.1.23.0/24的路由,向R1发出路由的时候,增加700,800这两个AS号。结合第3题,分析这两种方式在R1上的显示有何不同?
R2: ip prefix-list 23 seq 5 permit 1.1.23.0/24
route-map R2-R1-OUT permit 10 match ip address prefix-list 23 set as-path prepend 700 800 route-map R2-R1-OUT permit 20
router bgp 23 neighbor 1.1.12.1 route-map R2-R1-OUT out |
R1: show ip bgp Network Next Hop Metric LocPrf Weight Path * 1.1.23.0/24 1.1.12.2 0 0 500 600 23 700 800 i *>i 10.10.4.4 0 100 0 23 i
解析:若出向配置AS-Path,顺序是先添加策略中的AS号,再添加本AS号;若是入向配置AS-Path,顺序是先添加AS号,再添加策略中的AS号。简单的说,出向添加的AS号靠右,入向添加的AS号靠左。 |
5. 在第3题和第4题中添加的AS号,例如500,600,700,800这些AS号是有风险的。请删除第3题和第4题的配置。在R2上请使用更合适的方法来加长AS-Path。
R1: router bgp 145 no neighbor 1.1.12.2 route-map R2-R1-IN in
R2: router bgp 23 no neighbor 1.1.12.1 route-map R2-R1-OUT out |
R2: route-map R2-R1-OUT permit 10 match ip address prefix-list 23 set as-path prepend 23 23 23 //加长AS-Path时,设置为自身的AS号 route-map R2-R1-OUT permit 20
router bgp 23 neighbor 1.1.12.1 route-map R2-R1-OUT out |
R1: show ip bgp Network Next Hop Metric LocPrf Weight Path * 1.1.23.0/24 1.1.12.2 0 0 23 23 23 23 i *>i 10.10.4.4 0 100 0 23 i |
6. 针对第5题,如果在R2上set as-path prepend 145 145 145来增加AS-Path长度的话,那么R1将不接收这条路由,通过在R1上配置,使R1能够接收这条路由。
R2: route-map R2-R1-OUT permit 10 match ip address prefix-list 23 set as-path prepend 145 145 145 route-map R2-R1-OUT permit 20
router bgp 23 neighbor 1.1.12.1 route-map R2-R1-OUT out |
R1: router bgp 145 neighbor 1.1.12.2 allowas-in //即使AS-Path中包含自身的AS号,也接收该路由
show ip bgp Network Next Hop Metric LocPrf Weight Path * 1.1.23.0/24 1.1.12.2 0 0 23 145 145 145 i *>i 10.10.4.4 0 100 0 23 i |
7. 在R6上,将10.10.6.0/24宣告进BGP,在R2上使用前缀列表匹配10.10.6.0/24,使用set as-path prepend last-as 3,来增加AS-Path长度。
R6: router bgp 600 network 10.10.6.0 mask 255.255.255.0 |
R2: ip prefix-list 6 permit 10.10.6.0/24
route-map R2-R1-OUT permit 20 match ip address prefix-list 6 set as-path prepend last-as 3 //临近的AS号重复3次 route-map R2-R1-OUT permit 30
router bgp 23 neighbor 1.1.12.1 route-map R2-R1-OUT out |
R1: show ip bgp Network Next Hop Metric LocPrf Weight Path *>i10.10.6.0/24 10.10.4.4 0 100 0 23 600 i * 1.1.12.2 0 23 600 600 600 600 i |
8. 删除R2上针对R1出向的所有策略。在R1上将10.10.6.0/24路由重分布进EIGRP 90,在R1上观察EIGRP的拓扑表,这条从BGP重分布进来的路由有什么特征?
R2: router bgp 23 no neighbor 1.1.12.1 route-map R2-R1-OUT out |
R1: ip prefix-list 6 permit 10.10.6.0/24
route-map B-E permit 10 match ip address prefix-list 6
router eigrp 90 redistribute bgp 145 metric 100000 10 255 1 1500 route-map B-E
R1: show ip eigrp topology P 10.10.6.0/24, 1 successors, FD is 28160, tag is 23 //该tag值正是BGP路由临近的AS号 via Redistributed (28160/0) |
9. 在R1上管理性关闭R1与R4,R1与R5的BGP邻居关系,在R2上管理性关闭R2与R3的邻居关系。此时在R4的路由表中可以看到一条DEX 10.10.6.0/24路由,将此路由再重分布进BGP。请使用一条命令,使得R4上此BGP路由AS-Path属性值为23。注意,此时R3的BGP表中能看到此路由么?
R2: router bgp 23 neighbor 10.10.3.3 shutdown |
R1: router bgp 145 neighbor 10.10.4.4 shutdown neighbor 10.10.5.5 shutdown |
R4: ip prefix-list 6 seq 5 permit 10.10.6.0/24
route-map E-B permit 10 match ip address prefix-list 6 set as-path tag //将tag值作为BGP路由AS-Path的属性值
router bgp 145 redistribute eigrp 90 route-map E-B
R4: show ip bgp Network Next Hop Metric LocPrf Weight Path *> 10.10.6.0/24 1.1.145.1 30720 32768 23 ?
解析:此时R3的BGP表中是看不到此路由的,EBGP防环,AS-Path属性中包含R3自身的AS号23。 |
10. 删除第9题的所有配置。针对1.1.23.0/24路由,在R2上修改Origin codes为egp,此时在R1上观察1.1.23.0/24路由的选路?在R4上修改Origin codes为incomplete,观察R1上1.1.23.0/24的选路?
R2: router bgp 23 no neighbor 10.10.3.3 shutdown R1: router bgp 145 no neighbor 10.10.4.4 shutdown no neighbor 10.10.5.5 shutdown
router eigrp 90 no redistribute bgp 145
R4: router bgp 145 no redistribute eigrp 90 route-map E-B |
R2: ip prefix-list 23 seq 5 permit 1.1.23.0/24 route-map SetO permit 10 match ip address prefix-list 23 set origin egp 23 route-map SetO permit 20
router bgp 23 neighbor 1.1.12.1 route-map SetO out |
R1: show ip bgp Network Next Hop Metric LocPrf Weight Path *>i1.1.23.0/24 10.10.4.4 0 100 0 23 i * 1.1.12.2 0 0 23 e |
R4: ip prefix-list 23 seq 5 permit 1.1.23.0/24
route-map SetO permit 10 match ip address prefix-list 23 set origin incomplete route-map SetO permit 20
router bgp 145 neighbor 10.10.1.1 route-map SetO out |
R1: show ip bgp Network Next Hop Metric LocPrf Weight Path * i1.1.23.0/24 10.10.4.4 0 100 0 23 ? *> 1.1.12.2 0 0 23 e |
11. 在R4上做配置,针对1.1.23.0/24路由,配置local-preference值为101,确保AS145中的路由器去往1.1.23.0/24下一跳都走R4;在R1上做配置,针对10.10.6.0/24路由,配置local-preference为101,确保AS145中的路由器去往10.10.6.0/24下一跳都走R1。
R4: ip prefix-list 23 seq 5 permit 1.1.23.0/24
route-map R3-R4-IN permit 10 match ip address prefix-list 23 set local-preference 101 route-map R3-R4-IN permit 20
router bgp 145 neighbor 1.1.34.3 route-map R3-R4-IN in |
R1: show ip bgp Network Next Hop Metric LocPrf Weight Path *>i1.1.23.0/24 10.10.4.4 0 101 0 23 ? * 1.1.12.2 0 0 23 e |
R5: Show ip bgp Network Next Hop Metric LocPrf Weight Path *>i1.1.23.0/24 10.10.4.4 0 101 0 23 i |
R1: ip prefix-list 6 seq 5 permit 10.10.6.0/24
route-map R2-R1-IN permit 10 match ip address prefix-list 6 set local-preference 101 route-map R2-R1-IN permit 20
router bgp 145 neighbor 1.1.12.2 route-map R2-R1-IN in |
R4: show ip bgp *>i10.10.6.0/24 10.10.1.1 0 101 0 23 600 i * 1.1.34.3 0 23 600 i |
R5: show ip bgp Network Next Hop Metric LocPrf Weight Path *>i10.10.6.0/24 10.10.1.1 0 101 0 23 600 i |
WOLFLAB官方微信:17316362402
WOLFLAB官方QQ:2569790740
思科认证EI CCNP培训课程循环开班,联系WOLF-LAB网络技术实验室
电话:173-1636-2402
邮箱:wolflab@wolf-lab.com
地址:上海市徐汇区漕宝路82号E座1902室WOLFLAB实验室
提供: CCNA/HCIA培训 | CCNP/HCIP培训 | HCIE/CCIE培训 | WOLF | 华为认证咨询 | 思科认证咨询 |
官方微信
关注微信公众号
