操纵BGP联邦案例

流浪者发表于 2008-06-03 14:01:39

> var $tag='';

分类：~~~　BGP　~~~

//// r1 ////

int lo0

ip ad 1.1.1.1 255.255.255.0

int e2/0

ip ad 192.1.1.1 255.255.255.0

router os 1

net 0.0.0.0 255.255.255.255 //宣告所有接口,内部路由协议IGP先将AS内路由打通

router bgp 65000 //启用BGP,注意此时为子AS号.

no syn //关闭同步.同步是一种过时的技术,当初是用来防止IGP不知道EGP路由条目的情况下做数据转发,会产生黑洞的问题应运而生的.同步的存在要求IGP路由协议必须知道所有EGP路由条目,这就要求将EGP路由条目全部重分发进IGP路由表.最初的网络规模较小,这也许算不上什么问题.但现在全球路由条目已经超过了18万,这样多的路由条目同时出现在一台普通的路由器上,只能说后果很严重了.曾经有过某省的核心骨路器因为错误地注入了EGP路由导致网络大规模断线4个小时的严重后果.

ps:现在我们要求统一关闭同步,并且所有路由器全互连!

neighbor 192.1.1.2 remote-as 65000

network 1.0.0.0

//// r2 ////

int lo0

ip ad 2.2.2.2 255.255.255.0

int e2/0

ip ad 192.1.1.2 255.255.255.0

int e3/0

ip ad 193.1.1.2 255.255.255.0

int e5/0

ip ad 195.1.1.2 255.255.255.0

router os 1

network 0.0.0.0 255.255.255.255 a 0 //宣告所有接口,注意掩码格式的意义

router bgp 65000

no syn //关闭同步

bgp confederation identifier 200

bgp confederation peers 65001

neighbor 192.1.1.1 remote-as 65000

neighbor 193.1.1.3 remote-as 65001

neighbor 193.1.1.3 next-hop-self

neighbor 195.1.1.4 remote-as 100

network 2.0.0.0

//// r3 ////

int lo0

ip ad 3.3.3.3 255.255.255.0

int e3/0

ip ad 193.1.1.3 255.255.255.0

int e4/0

ip ad 194.1.1.3 255.255.255.0

int e6/0

ip ad 196.1.1.3 255.255.255.0

router os 1

network 3.3.3.3 255.255.255.0

router bgp 65001

no syn

bgp confederation identifier 200 //bgp联邦设置,标识出真正的AS

bgp confederation peers 65000 //BGP联邦内部成员

neighbor 193.1.1.2 remote-as 65000

neighbor 193.1.1.2 next-hop-self //从AS100学来的路由下一跳改为自已

neighbor 194.1.1.4 remote-as 65001

neighbor 196.1.1.4 remote-as 100

network 3.0.0.0

//// r4 ////

int lo0

ip ad 4.4.4.4 255.255.255.0

int e4/0

ip ad 194.1.1.4 255.255.255.0

router os 1

network 0.0.0.0 255.255.255.0 area 0

router bgp 65001

no syn

neighbor 194.1.1.3 remote-as 65001

network 4.0.0.0

//// r5 ////

int lo0

ip ad 5.5.5.5 255.255.255.0

int e5/0

ip ad 195.1.1.5 255.255.255.0

int e6/0

ip ad 196.1.1.5 255.255.255.0

router os 1

network 0.0.0.0 255.255.255.255 area 0

router bgp 65001

no syn

neighbor 195.1.1.2 remote-as 200

neighbor 196.1.1.3 remote-as 200

完成以上所有配置后,应看到1.0.0.0 - 5.0.0.0 所有网段都将出现在路由表内,通过PING测试后,全网全通才正确.具体show ip bgp 以及 show ip ro内容有空我会发上来.

r1#sh ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
*> 1.0.0.0          0.0.0.0                  0         32768 i
*>i2.0.0.0          192.1.1.2                0    100      0 i
*>i3.0.0.0          193.1.1.3                0    100      0 (65001) i
*>i4.0.0.0          193.1.1.3                0    100      0 (65001) i
*>i5.0.0.0          195.1.1.5                0    100      0 100 i

r1#sh ip ro

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O       2.2.2.2/32 [110/11] via 192.1.1.2, 00:04:37, Ethernet1/0
B       2.0.0.0/8 [200/0] via 192.1.1.2, 00:04:52
     3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O       3.3.3.3/32 [110/21] via 192.1.1.2, 00:04:37, Ethernet1/0
B       3.0.0.0/8 [200/0] via 193.1.1.3, 00:04:26
     4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O       4.4.4.4/32 [110/31] via 192.1.1.2, 00:04:37, Ethernet1/0
B       4.0.0.0/8 [200/0] via 193.1.1.3, 00:04:31
B    5.0.0.0/8 [200/0] via 195.1.1.5, 00:04:37
O    196.1.1.0/24 [110/84] via 192.1.1.2, 00:04:37, Ethernet1/0
O    193.1.1.0/24 [110/20] via 192.1.1.2, 00:04:38, Ethernet1/0
C    192.1.1.0/24 is directly connected, Ethernet1/0
O    195.1.1.0/24 [110/74] via 192.1.1.2, 00:04:39, Ethernet1/0
O    194.1.1.0/24 [110/30] via 192.1.1.2, 00:04:39, Ethernet1/0

r1#sh ip ro bgp
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       2.0.0.0/8 [200/0] via 192.1.1.2, 00:05:21
     3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       3.0.0.0/8 [200/0] via 193.1.1.3, 00:04:55
     4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       4.0.0.0/8 [200/0] via 193.1.1.3, 00:05:01
B    5.0.0.0/8 [200/0] via 195.1.1.5, 00:05:07

r5#sh ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
* 1.0.0.0          195.1.1.2                              0 200 i
*>                  196.1.1.3                              0 200 i
* 2.0.0.0          195.1.1.2                0             0 200 i
*>                  196.1.1.3                              0 200 i
* 3.0.0.0          195.1.1.2                              0 200 i
*>                  196.1.1.3                0             0 200 i
* 4.0.0.0          195.1.1.2                              0 200 i
*>                  196.1.1.3                              0 200 i
*> 5.0.0.0          0.0.0.0                  0         32768 i

r5#sh ip ro

Gateway of last resort is not set

B    1.0.0.0/8 [20/0] via 196.1.1.3, 00:03:41
B    2.0.0.0/8 [20/0] via 196.1.1.3, 00:03:41
B    3.0.0.0/8 [20/0] via 196.1.1.3, 00:03:41
B    4.0.0.0/8 [20/0] via 196.1.1.3, 00:03:41
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
C    196.1.1.0/24 is directly connected, Serial3/0
C    195.1.1.0/24 is directly connected, Serial2/0

这个实验最后一步,建议可以在R5上改变发往AS200的路由条目的METRIC值.发往r3的metric设置为50,观察对AS内部路由器的选路影响.

命令如下:

//// r5 ////

access-list 1 permit 5.0.0.0 0.255.255.255 //定义出路由条目

route-map MED permit 10

match ip address 1

set metric 50

route-map MED permit 10

router bgp 100

neighbor 196.1.1.3 route-map MED out

r3#sh ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.0.0.0          193.1.1.2                0    100      0 (65000) i
*> 2.0.0.0          193.1.1.2                0    100      0 (65000) i
*> 3.0.0.0          0.0.0.0                  0         32768 i
*>i4.0.0.0          194.1.1.4                0    100      0 i
*> 5.0.0.0          193.1.1.2                0    100      0 (65000) 100 i
*                   196.1.1.5               50             0 100 i

r3#sh ip ro bgp
     1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       1.0.0.0/8 [200/0] via 193.1.1.2, 00:06:29
     2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       2.0.0.0/8 [200/0] via 193.1.1.2, 00:06:29
     4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B       4.0.0.0/8 [200/0] via 194.1.1.4, 00:06:53
B    5.0.0.0/8 [200/0] via 193.1.1.2, 00:06:29

r4#sh ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.0.0.0          193.1.1.2                0    100      0 (65000) i
*>i2.0.0.0          193.1.1.2                0    100      0 (65000) i
*>i3.0.0.0          194.1.1.3                0    100      0 i
*> 4.0.0.0          0.0.0.0                  0         32768 i
*>i5.0.0.0          193.1.1.2                0    100      0 (65000) 100 i

r2#sh ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.0.0.0          192.1.1.1                0    100      0 i
*> 2.0.0.0          0.0.0.0                  0         32768 i
*> 3.0.0.0          193.1.1.3                0    100      0 (65001) i
*> 4.0.0.0          193.1.1.3                0    100      0 (65001) i
*> 5.0.0.0          195.1.1.5                0             0 100 i

关键词(Tag): bgp

阅读47次评论个人主页扔小纸条文件夹: ~~~　BGP　~~~

收藏: QQ书签 del.icio.us 订阅: Google 抓虾

发表评论

* 昵称
	已经注册过? 请登录新用户请先注册以便能显示头像及追踪评论回复
Email
网址
* 评论
表情
* 验证码	请输入您看到的数字 (注册登录就不用每次输入讨厌的验证码了)