HCIP-BGP综合实验
一:拓扑图
二:需求分析
1,AS1存在两个环回,一个地址为192.168.1.0/24该地址不能在任何协议中宣告,AS3中存在俩个环回,一个地址为192.168.2.0/24该地址不能在任何协议中宣告,最终要求这两个环回可以互相通讯
- 使用VPN技术,在R1和R8之间搭建一条虚拟链路,约等于直连,此时无需宣告。
2,整个AS2的IP地址为172.16.0.0/16,请合理划分
- 为了便于管理,使用172.16.0.0/24进行分配:
- 172.16.0.0/25---骨干链路;172.16.1.0/25---环回地址
- 骨干链路只需要两个地址
- 172.16.0.0/30:R2--R3
- 172.16.0.4/30:R3--R4
- 172.16.0.8/30:R4--R5
- 172.16.0.12/30:R5--R6
- 172.16.0.16/30:R6--R7
- 172.16.0.20/30:R7--R2
- 环回地址只需要一个地址
- 172.16.1.0/30:R2
- 172.16.1.4/30:R3
- 172.16.1.8/30:R4
- 172.16.1.12/30:R5
- 172.16.1.16/30:R6
- 172.16.1.20/30:R7
3,使用BGP协议让整个网络所有设备的环回可以互相访问
- 结合 IGP协议,BGP协议,联邦,反射器实现互相访问
4,减少路由条目数量,避免环路出现
- 在R2和R7上做路由汇总
三:具体配置
1.配置IP
R1:
GigabitEthernet0/0/0 12.0.0.1/24 up up
LoopBack0 192.168.1.1/24 up up(s)
LoopBack1 10.1.1.1/24 up up(s) R2:
GigabitEthernet0/0/0 12.0.0.2/24 up up
GigabitEthernet0/0/1 172.16.0.1/30 up up
GigabitEthernet0/0/2 172.16.0.21/30 up up
LoopBack0 172.16.1.1/30 up up(s)
R3:
GigabitEthernet0/0/0 172.16.0.2/30 up up
GigabitEthernet0/0/1 172.16.0.5/30 up up
LoopBack0 172.16.1.5/30 up up(s) R4:
GigabitEthernet0/0/0 172.16.0.6/30 up up
GigabitEthernet0/0/1 172.16.0.9/30 up up
LoopBack0 172.16.1.9/30 up up(s) R5:
GigabitEthernet0/0/0 172.16.0.22/30 up up
GigabitEthernet0/0/1 172.16.0.17/30 up up
LoopBack0 172.16.1.21/30 up up(s) R6:
GigabitEthernet0/0/0 172.16.0.18/30 up up
GigabitEthernet0/0/1 172.16.0.13/30 up up
LoopBack0 172.16.1.17/30 up up(s)R7;
GigabitEthernet0/0/0 172.16.0.10/30 up up
GigabitEthernet0/0/1 172.16.0.14/30 up up
GigabitEthernet0/0/2 78.0.0.7/24 up up
LoopBack0 172.16.1.13/30 up up(s) R8:
GigabitEthernet0/0/0 78.0.0.8/24 up up
LoopBack0 192.168.2.1/24 up up(s)
LoopBack1 11.1.1.1/24 up up(s) 2.配置SOPF
R2
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255R3
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255R4
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]a 0
[R4-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255R5
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]a 0
[R5-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]a 0
[R6-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.255R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]a 0
[R7-ospf-1-area-0.0.0.0]net 172.16.0.0 0.0.255.2553.配置BGP
1)联邦配置
R1:直连配置EBGP
[r1]bgp
[r1-bgp]router-id 1.1.1.1
[r1-bgp]peer 12.0.0.2 as-number 2R2:
--- 前期准备 ---
[R2]bgp 64512
[R2-bgp]router-id 2.2.2.2
[R2-bgp]confederation id 2--- 与R2直连配置EBGP对等体 ---
[R2-bgp]peer 12.0.0.1 as 1--- 与R3环回配置IBGP对等体 ---
[R2-bgp]peer 172.16.1.5 as-number 64512
[R2-bgp]peer 172.16.1.5 connect-interface l0 --- 用环回接口连接
[R2-bgp]peer 172.16.1.5 next-hop-local --- 通过本地接口转发--- 与R5环回配置EBGP对等体 ---
[R2-bgp]confederation peer-as 64513 --- 指定邻居所属的AS 号
[R2-bgp]peer 172.16.1.21 as 64513
[R2-bgp]peer 172.16.1.21 connect-interface LoopBack 0
[r2-bgp]peer 172.16.1.21 ebgp-max-hop --- EBGP建邻要改TTL值R3
--- 前期准备 ---
[r3]bgp 64512
[r3-bgp]router-id 3.3.3.3
[r3-bgp]confederation id 2--- 与R2建立邻居 ---
[r3-bgp]peer 172.16.1.1 as-number 64512
[r3-bgp]peer 172.16.1.1 connect-interface LoopBack 0--- 与R4建立邻居 ---
[r3-bgp]peer 172.16.1.9 as-number 64512
[r3-bgp]peer 172.16.1.9 connect-interface LoopBack 0R4
--- 前期准备 ---
[r4]bgp 64512
[r4-bgp]router-id 4.4.4.4
[r4-bgp]confederation id 2--- 与R3连接 ---
[r4-bgp]peer 172.16.1.5 as-number 64512
[r4-bgp]peer 172.16.1.5 connect-interface LoopBack 0--- 与R7连接 ---
[r4-bgp]confederation peer-as 64513
[r4-bgp]peer 172.16.1.13 as-number 64513
[r4-bgp]peer 172.16.1.13 connect-interface LoopBack 0
[r4-bgp]peer 172.16.1.13 ebgp-max-hopR5
[r5]bgp 64513
[r5-bgp]router-id 5.5.5.5
[r5-bgp]confederation id 2[r5-bgp]confederation peer-as 64512
[r5-bgp]peer 172.16.1.1 as-number 64512
[r5-bgp]peer 172.16.1.1 connect-interface LoopBack 0
[r5-bgp]peer 172.16.1.1 ebgp-max-hop [r5-bgp]peer 172.16.1.17 as-number 64513
[r5-bgp]peer 172.16.1.17 connect-interface LoopBack 0R6
[r6]bgp 64513
[r6-bgp]router-id 6.6.6.6
[r6-bgp]confederation id 2[r6-bgp]peer 172.16.1.21 as-number 64513
[r6-bgp]peer 172.16.1.21 connect-interface LoopBack 0[r6-bgp]peer 172.16.1.13 as-number 64513
[r6-bgp]peer 172.16.1.13 connect-interface LoopBack 0R7
[r7]bgp 64513
[r7-bgp]router-id 7.7.7.7
[r7-bgp]confederation id 2[r7-bgp]peer 172.16.1.17 as-number 64513
[r7-bgp]peer 172.16.1.17 connect-interface LoopBack 0
[r7-bgp]peer 172.16.1.17 next-hop-local[r7-bgp]confederation peer-as 64512
[r7-bgp]peer 172.16.1.9 as-number 64512
[r7-bgp]peer 172.16.1.9 connect-interface LoopBack 0
[r7-bgp]peer 172.16.1.9 next-hop-local
[r7-bgp]peer 172.16.1.9 ebgp-max-hop [r7]bgp 64513
[r7-bgp]peer 78.0.0.8 as-number 3R8
[r8]bgp 3
[r8-bgp]router-id 8.8.8.8
[r8-bgp]peer 78.0.0.7 as-number 22)配置反射器
R2收到的路由传给R3和R5,但是R3因为水平分割规则,无法传给R4,故配置R4为R3的客户端。
R3
[r3]bgp 64512
[r3-bgp]peer 172.16.1.9 reflect-client 同理:
R6
[r6]bgp 64513
[r6-bgp]peer 172.16.1.21 reflect-client 3)测试
4.路由宣告
1)路由宣告
R1与R8直接宣告
R1
[r1]bgp 1
[r1-bgp]network 10.1.1.0 24R8
[r8]bgp 3
[r8-bgp]network 11.1.1.0 24R2-R7通过在BGP重发布
[r2]bgp 64512
[r2-bgp]import-route ospf 15.配置VPN
R1
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 192.168.3.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre
[r1-Tunnel0/0/0]source 10.0.0.1
[r1-Tunnel0/0/0]destination 11.1.1.1R8
[r8]interface Tunnel 0/0/0
[r8-Tunnel0/0/0]ip address 192.168.3.2 24
[r8-Tunnel0/0/0]tunnel-protocol gre
[r8-Tunnel0/0/0]source 11.1.1.1
[r8-Tunnel0/0/0]destination 10.1.1.1补充路由
[r1]ip route-static 192.168.2.0 24 192.168.3.2
[r8]ip route-static 192.168.1.0 24 192.168.3.1四:测试
全网可达,试验结束。