BGP基本配置举例

创始人

2024-03-20 13:43:11

0次

BGP基本配置举例

建议食用原文
原文链接

BGP与IGP交互示例

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-bV9zA7wA-1670225013617)(image/image_V0IS8mG4NK.png)]

需求：

用户将网络划分为AS65008和AS65009，在AS65009内，使用IGP协议来计算路由（该例使用OSPF做为IGP协议）。要求实现两个AS之间的互相通信。

配置思路：

采用如下的思路配置BGP与IGP交互：

在Router2、Router3和Router4上配置OSPF协议，使Router2、3、4之间可以互访。
在Router1和Router2上配置EBGP连接，使Router1和Router2之间可以通过BGP相互传递路由。
在Router2上配置BGP与OSPF互相引入，实现两个AS之间的互相通信。
（可选）在Router2上配置BGP路由聚合，可以简化BGP路由表规模。

AR1

#
interface GigabitEthernet0/0/0ip address 100.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 150.1.1.254 255.255.255.0 
#
interface LoopBack0ip address 10.10.10.1 255.255.255.255 
#
bgp 65008peer 10.10.10.2 as-number 65009 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationnetwork 150.1.1.0 255.255.255.0 peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
#

AR2

#
interface LoopBack0ip address 10.10.10.2 255.255.255.255 
#
bgp 65009peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0group 234 internalpeer 234 connect-interface LoopBack0peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 #ipv4-family unicastundo synchronizationimport-route ospf 1peer 10.10.10.1 enablepeer 234 enablepeer 234 next-hop-local peer 10.10.10.3 enablepeer 10.10.10.3 group 234 peer 10.10.10.4 enablepeer 10.10.10.4 group 234 
#
ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.24.0 0.0.0.255 
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#

AR3

#
interface GigabitEthernet0/0/0ip address 192.168.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 192.168.23.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.3 255.255.255.255 
#
bgp 65009group 234 internalpeer 234 connect-interface LoopBack0peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 #ipv4-family unicastundo synchronizationpeer 234 enablepeer 10.10.10.2 enablepeer 10.10.10.2 group 234 peer 10.10.10.4 enablepeer 10.10.10.4 group 234 
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.34.0 0.0.0.255 
#

AR4

#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1ip address 192.168.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/2ip address 192.168.24.4 255.255.255.0 
#
interface LoopBack0ip address 10.10.10.4 255.255.255.255 
#
bgp 65009group 234 internalpeer 234 connect-interface LoopBack0peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 #ipv4-family unicastundo synchronizationpeer 234 enablepeer 10.10.10.2 enablepeer 10.10.10.2 group 234 peer 10.10.10.3 enablepeer 10.10.10.3 group 234 
#
ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 192.168.24.0 0.0.0.255 network 192.168.34.0 0.0.0.255 
#

配置AS_Path过滤器示例

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-c2e9toef-1670225013618)(image/image_gdgvpPO-nY.png)]

组网示意

Router1与Router2、Router4与Router5之间建立EBGP连接。用户希望AS65008的设备和AS65010的设备无法相互通信。

配置思路

采用如下思路配置BGP的AS_Path过滤器：

在Router1和Router2之间、Router4和Router5之间分别配置EBGP连接，并宣告直连路由，使AS之间通过EBGP连接实现相互通信。
在RouterB上配置AS_Path过滤器，并应用该过滤规则，使AS65009不向AS65008发布AS65010的路由，也不向AS65010发布AS65008的路由。

代码段A：实现需求1

AS之间互相通信

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iewE0GFn-1670225013619)(image/image_awVTVm2clo.png)]

查看Router2的发布路由表。以Router2发布给Router1的路由表为例，可以看到RouterB发布了AS65010宣告的路由

# 查看Router2的发布路由表。以Router2发布给Router1的路由表为例，可以看到RouterB发布了AS65010宣告的路由：
[AR2-bgp]display bgp routing-table peer 10.10.10.1 advertised-routesBGP Local router ID is 100.1.1.2 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>i  120.1.1.0/24       10.10.10.2                            0      65009 65010i

同样，查看Router1的路由表，可以看到Router1也通过Router2学习到了这条路由

dis bgp routing-tableBGP Local router ID is 10.10.10.1 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 2Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>   120.1.1.0/24       10.10.10.2                            0      65009 65010i*>   150.1.1.0/24       0.0.0.0         0                     0      i

查看Router4的发布路由表。以Router4发布给Router5的路由表为例，可以看到Router4发布了AS65008宣告的路由

dis bgp routing-table peer 10.10.10.5 advertised-routes BGP Local router ID is 10.10.10.4 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>i  150.1.1.0/24       10.10.10.4                            0      65009 6500
8i

同样，查看Router5的路由表，可以看到Router5也通过Router4学习到了这条路由

dis bgp routing-table BGP Local router ID is 200.1.1.5 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 2Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>   120.1.1.0/24       0.0.0.0         0                     0      i*>   150.1.1.0/24       10.10.10.4                            0      65009 65008i

AR1

#
interface GigabitEthernet0/0/0ip address 100.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 150.1.1.254 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.1 255.255.255.255 
#
bgp 65008peer 10.10.10.2 as-number 65009 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationsummary automaticnetwork 150.1.1.0 255.255.255.0 peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#

AR2

#
interface GigabitEthernet0/0/0ip address 192.168.23.2 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2ip address 192.168.24.2 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.2 255.255.255.255 
#
bgp 65009peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0group 234 internalpeer 234 connect-interface LoopBack0peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 #ipv4-family unicastundo synchronizationpeer 10.10.10.1 enablepeer 234 enablepeer 234 next-hop-local peer 10.10.10.3 enablepeer 10.10.10.3 group 234 peer 10.10.10.4 enablepeer 10.10.10.4 group 234 
#
ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.24.0 0.0.0.255 
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR3


#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 192.168.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 192.168.23.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.3 255.255.255.255 
#
bgp 65009group 234 internalpeer 234 connect-interface LoopBack0peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.4 as-number 65009 peer 10.10.10.4 group 234 #ipv4-family unicastundo synchronizationpeer 234 enablepeer 10.10.10.2 enablepeer 10.10.10.2 group 234 peer 10.10.10.4 enablepeer 10.10.10.4 group 234 
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 192.168.23.0 0.0.0.255 network 192.168.34.0 0.0.0.255 
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR4

#
interface GigabitEthernet0/0/0ip address 200.1.1.4 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 192.168.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/2ip address 192.168.24.4 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.4 255.255.255.255 
#
bgp 65009peer 10.10.10.5 as-number 65010 peer 10.10.10.5 ebgp-max-hop 255 peer 10.10.10.5 connect-interface LoopBack0group 234 internalpeer 234 connect-interface LoopBack0peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 234 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 234 #ipv4-family unicastundo synchronizationpeer 10.10.10.5 enablepeer 234 enablepeer 234 next-hop-local peer 10.10.10.2 enablepeer 10.10.10.2 group 234 peer 10.10.10.3 enablepeer 10.10.10.3 group 234 
#
ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 192.168.24.0 0.0.0.255 network 192.168.34.0 0.0.0.255 
#
ip route-static 10.10.10.5 255.255.255.255 200.1.1.5
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR5

#
interface GigabitEthernet0/0/0ip address 200.1.1.5 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 120.1.1.254 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.5 255.255.255.255 
#
bgp 65010peer 10.10.10.4 as-number 65009 peer 10.10.10.4 ebgp-max-hop 255 peer 10.10.10.4 connect-interface LoopBack0#ipv4-family unicastundo synchronizationsummary automaticnetwork 120.1.1.0 255.255.255.0 peer 10.10.10.4 enable
#
ip route-static 10.10.10.4 255.255.255.255 200.1.1.4
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

代码段B：实现需求2

AR2：

在Router2上配置AS_Path过滤器，并在Router2的出方向上应用该过滤器创建编号为as65008的AS_Path过滤器，拒绝包含AS号65010的路由通过（正则表达式"65010"表示任何包含AS65010的AS列表，". *"表示与任何字符匹配）。
```
[AR2]ip as-path-filter as65008 deny _65010_ 
[AR2]ip as-path-filter as65008 permit .*[AR2]bgp 65009  
[AR2-bgp]peer 10.10.10.1 as-path-filter as65008 export 
```
AR4:

在Router4上配置AS_Path过滤器，并在Router4的出方向上应用该过滤器创建编号为as65010的AS_Path过滤器 **，拒绝包含AS号65008的路由通过（正则表达式"65010"表示任何包含AS65008的AS列表，". "表示与任何字符匹配） *。
```
[AR4]ip as-path-filter as65010 deny _65008_
[AR4]ip as-path-filter as65010 permit .*[AR4]bgp 65009
[AR4-bgp]peer 10.10.10.5 as-path-filter as65010 export 
```

再次查看Router2和Router4的发布路由表，为空

[AR2]display bgp routing-table peer 10.10.10.1 advertised-routes
[AR2][AR4]display bgp routing-table peer 10.10.10.5 advertised-routes
[AR4]

查看Router1和Router5的bgp路由表，没有过滤之后的路由

dis bgp routing-table BGP Local router ID is 10.10.10.1 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>   150.1.1.0/24       0.0.0.0         0                     0      i

-------------------------------------------------------------------------------
dis bgp routing-table BGP Local router ID is 200.1.1.5 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 1Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>   120.1.1.0/24       0.0.0.0         0                     0      i

没有路由后PC之间自然不同

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iQyJttix-1670225013619)(image/image_zRw77wYCvK.png)]

AS_Path过滤器配置文件

拓扑：

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Kreaxndw-1670225013620)(image/image_ENXo-v0MOH.png)]

BGP AS过滤配置文件.zip

使用方法：
1. 下载压缩包解压
2. 建立好拓扑后右击路由器导入配置
3. 选择对应的Router导入
4. 启动路由器

配置BGP的MED属性控制路由

拓扑：

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-02BpNsCV-1670225013621)(image/image_x6Oj7L0V4t.png)]

组网需求：

所有路由器配置BGP，AR1与AR2、AR3之间建立EBGP邻居，AR2与AR3建立IBGP关系，需求从65008到65009的流量优先通过AR3
配置思路：
1. 采用如下的思路配置BGP的MED属性控制路由选择：
2. 通过使用路由策略增大AR2发送给AR1的MED值，这样可以使AR1选择AR3作为流量发往AS65009的入口设备。

配置：

AR1

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 120.1.1.254 255.255.255.0 
#
interface GigabitEthernet0/0/2ip address 200.1.1.1 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.1 255.255.255.255 
#
bgp 65008group 009 externalpeer 009 as-number 65009 peer 009 ebgp-max-hop 255 peer 009 connect-interface LoopBack0peer 10.10.10.2 as-number 65009 peer 10.10.10.2 group 009 peer 10.10.10.3 as-number 65009 peer 10.10.10.3 group 009 #ipv4-family unicastundo synchronizationnetwork 120.1.1.0 255.255.255.0 peer 009 enablepeer 10.10.10.2 enablepeer 10.10.10.2 group 009 peer 10.10.10.3 enablepeer 10.10.10.3 group 009 
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
ip route-static 10.10.10.3 255.255.255.255 200.1.1.3
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR2

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 192.168.23.2 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2ip address 150.1.1.254 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.2 255.255.255.255 
#
bgp 65009peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0peer 10.10.10.3 as-number 65009 peer 10.10.10.3 connect-interface LoopBack0#ipv4-family unicastundo synchronizationnetwork 150.1.1.0 255.255.255.0 peer 10.10.10.1 enablepeer 10.10.10.3 enable
#
ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 150.1.1.0 0.0.0.255 network 192.168.23.0 0.0.0.255 
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR3

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 192.168.23.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2ip address 200.1.1.3 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.3 255.255.255.255 
#
bgp 65009peer 10.10.10.1 as-number 65008 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0peer 10.10.10.2 as-number 65009 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.10.10.1 enablepeer 10.10.10.2 enable
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 192.168.23.0 0.0.0.255 
#
ip route-static 10.10.10.1 255.255.255.255 200.1.1.1
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

查看AR1的路由表

路由表AR1

dis bgp routing-table BGP Local router ID is 10.10.10.1 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 3Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>   120.1.1.0/24       0.0.0.0         0                     0      i*>   150.1.1.0/24       10.10.10.2      0                     0      65009i*                       10.10.10.3                            0      65009i

从路由表可以看出，到达目的地址150.1.1.0/24有两条有效路由，其中下一跳为10.10.10.2的路由是最优路由。

配置MED属性

通过策略配置AR2发个AR1的MED值

AR2

[AR2]route-policy 10 permit node 10
Info: New Sequence of this List.
[AR2-route-policy]apply cost 100
[AR2]bgp 65009 
[AR2-bgp]peer 10.10.10.1 route-policy 10 export 
[AR2-bgp]

查看AR1的路由表

路由表AR1

[AR1-bgp]dis bgp routing-table BGP Local router ID is 10.10.10.1 Status codes: * - valid, > - best, d - damped,h - history,  i - internal, s - suppressed, S - StaleOrigin : i - IGP, e - EGP, ? - incompleteTotal Number of Routes: 3Network            NextHop        MED        LocPrf    PrefVal Path/Ogn*>   120.1.1.0/24       0.0.0.0         0                     0      i*>   150.1.1.0/24       10.10.10.3                            0      65009i*                       10.10.10.2      100                   0      65009i
[AR1-bgp]

从路由表中可以看出，由于下一跳为10.10.10.2 32（SwitchB）的路由MED值为100，而下一跳为10.10.10.3 32的MED值为0，所以BGP优先选择MED值较小的路由。

在PC机上路由追踪：去往去往AS 65009的流量优先经过AR3

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-i2lGa4Wy-1670225013621)(image/image_186qVVz4X-.png)]

MED属性控制配置文件

BGP MED属性控制.zip

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-r6raqhiE-1670225013622)(image/image_tLIxSCvYn2.png)]

配置BGP路由反射器

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fFiXiZpA-1670225013623)(image/image_DWiGkp9j6R.png)]

组网需求

4台设备分属两个不同AS，AR1和AR2之间建立EBGP邻居，AR3分别和AR2及AR4建立IBGP邻居。为了避免IBGP全连接，达到简化网络配置的目的，用户希望AR2和AR4间在不建立IBGP连接的情况下实现两个AS之间的互通。

配置思路

采用如下的思路配置BGP路由反射器：

配置BGP基本功能，实现BGP邻居间的互通。
配置AR3为路由反射器，AR2和AR3是它的两个客户机。这样可以使得AR2和AR4之间不需要建立IBGP连接即可学习到AR1发布的路由，达到简化配置的目的。

配置：

AR1：

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2ip address 150.1.1.254 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.1 255.255.255.255 
#
bgp 100peer 10.10.10.2 as-number 200 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationnetwork 150.1.1.0 255.255.255.0 peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.1.2
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR2：

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 200.1.23.2 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.2 255.255.255.255 
#
bgp 200peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0peer 10.10.10.3 as-number 200 peer 10.10.10.3 connect-interface LoopBack0#ipv4-family unicastimport-route ospf 1undo synchronizationpeer 10.10.10.1 enablepeer 10.10.10.3 enablepeer 10.10.10.3 next-hop-local 
#
ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 200.1.23.0 0.0.0.255 
#
ip route-static 10.10.10.1 255.255.255.255 100.1.1.1
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR3

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 200.1.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 200.1.23.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.3 255.255.255.255 
#
bgp 200group 200 internalpeer 200 connect-interface LoopBack0peer 10.10.10.2 as-number 200 peer 10.10.10.2 group 200 peer 10.10.10.4 as-number 200 peer 10.10.10.4 group 200 #ipv4-family unicastundo synchronizationpeer 200 enablepeer 200 reflect-clientpeer 10.10.10.2 enablepeer 10.10.10.2 group 200 peer 10.10.10.4 enablepeer 10.10.10.4 group 200 
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 200.1.23.0 0.0.0.255 network 200.1.34.0 0.0.0.255 
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR4

#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1ip address 200.1.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.4 255.255.255.255 
#
bgp 200peer 10.10.10.3 as-number 200 peer 10.10.10.3 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.10.10.3 enable
#
ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 200.1.34.0 0.0.0.255 
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

在AR2查看路由表

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iIpw6fhN-1670225013624)(image/image_GZrQb_9npf.png)]
在AR3查看路由表

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-mvVVKcry-1670225013624)(image/image_2FfKSq9ksU.png)]
在AR4查看路由表

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-dyCGk7tG-1670225013625)(image/image_SaeHZ2V7lg.png)]
在PC机上pingAR4的回环口

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-1gvsVRkC-1670225013625)(image/image_CU2P2dz1BZ.png)]

BGP路由反射器配置文件

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-f30ZzWcK-1670225013626)(image/image_TLgtto9-PN.png)]

配置文件BGP路由反射器.zip

配置BGP联盟

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SLpP97ea-1670225013626)(image/image_3vxWLFIMkw.png)]

解决AS内部的IBGP网络连接激增问题，除了使用路由反射器之外，还可以使用联盟（Confederation）。联盟将一个AS划分为若干个子AS。每个子AS内部建立IBGP全连接关系，子AS之间建立联盟EBGP连接关系，但联盟外部AS仍认为联盟是一个AS。配置联盟后，原AS号将作为每个路由器的联盟ID。这样有两个好处：一是可以保留原有的IBGP属性，包括Local Preference属性、MED属性和NEXT_HOP属性等；二是联盟相关的属性在传出联盟时会自动被删除，即管理员无需在联盟的出口处配置过滤子AS号等信息的操作。

路由反射器	联盟
不需要更改现有的网络拓扑，兼容性好。	需要改变逻辑拓扑。
配置方便，只需要对作为反射器的设备进行配置，客户机并不需要知道自己是客户机。	所有设备需要重新进行配置。
集群与集群之间仍然需要全连接。	联盟的子AS之间是特殊的EBGP连接，不需要全连接。
适用于中、大规模网络。	适用于大规模网络。

配置命令：

AR1

#sysname AR1
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.12.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2ip address 192.168.1.254 255.255.255.0 
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.1 255.255.255.255 
#
bgp 100peer 10.10.10.2 as-number 200 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationnetwork 192.168.1.0 peer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.12.2
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR2

#sysname AR2
#board add 0/5 4GET 
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standad-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.24.2 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.12.2 255.255.255.0 
#
interface GigabitEthernet0/0/2ip address 100.1.23.2 255.255.255.0 
#
interface GigabitEthernet5/0/0
#
interface GigabitEthernet5/0/1ip address 100.1.25.2 255.255.255.0 
#
interface GigabitEthernet5/0/2ip address 100.1.26.2 255.255.255.0 
#
interface GigabitEthernet5/0/3
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.2 255.255.255.255 
#
bgp 65001router-id 2.2.2.2confederation id 200confederation peer-as 65002 65003peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0peer 10.10.10.5 as-number 65002 peer 10.10.10.5 ebgp-max-hop 255 peer 10.10.10.5 connect-interface LoopBack0peer 10.10.10.6 as-number 65003 peer 10.10.10.6 ebgp-max-hop 255 peer 10.10.10.6 connect-interface LoopBack0group ibgp internalpeer ibgp connect-interface LoopBack0peer 10.10.10.3 as-number 65001 peer 10.10.10.3 group ibgp peer 10.10.10.4 as-number 65001 peer 10.10.10.4 group ibgp #ipv4-family unicastundo synchronizationpeer 10.10.10.1 enablepeer 10.10.10.5 enablepeer 10.10.10.5 next-hop-local peer 10.10.10.6 enablepeer 10.10.10.6 next-hop-local peer ibgp enablepeer ibgp next-hop-local peer 10.10.10.3 enablepeer 10.10.10.3 group ibgp peer 10.10.10.4 enablepeer 10.10.10.4 group ibgp 
#
ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.10.10.2 0.0.0.0 network 100.1.23.0 0.0.0.255 network 100.1.24.0 0.0.0.255 
#
ip route-static 10.10.10.1 255.255.255.255 100.1.12.1
ip route-static 10.10.10.5 255.255.255.255 100.1.25.5
ip route-static 10.10.10.6 255.255.255.255 100.1.26.6
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR3

#sysname AR3
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.23.3 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.3 255.255.255.255 
#
bgp 65001router-id 3.3.3.3group ibgp internalpeer ibgp connect-interface LoopBack0peer 10.10.10.2 as-number 65001 peer 10.10.10.2 group ibgp peer 10.10.10.4 as-number 65001 peer 10.10.10.4 group ibgp #ipv4-family unicastundo synchronizationpeer ibgp enablepeer 10.10.10.2 enablepeer 10.10.10.2 group ibgp peer 10.10.10.4 enablepeer 10.10.10.4 group ibgp 
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.10.10.3 0.0.0.0 network 100.1.23.0 0.0.0.255 network 100.1.34.0 0.0.0.255 
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR4

#sysname AR4
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.24.4 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.4 255.255.255.255 
#
bgp 65001router-id 4.4.4.4group ibgp internalpeer ibgp connect-interface LoopBack0peer 10.10.10.2 as-number 65001 peer 10.10.10.2 group ibgp peer 10.10.10.3 as-number 65001 peer 10.10.10.3 group ibgp #ipv4-family unicastundo synchronizationpeer ibgp enablepeer 10.10.10.2 enablepeer 10.10.10.2 group ibgp peer 10.10.10.3 enablepeer 10.10.10.3 group ibgp 
#
ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.10.10.4 0.0.0.0 network 100.1.24.0 0.0.0.255 network 100.1.34.0 0.0.0.255 
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR5

[V200R003C00]
#sysname AR5
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.25.5 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.5 255.255.255.255 
#
bgp 65002router-id 5.5.5.5confederation id 200confederation peer-as 65001peer 10.10.10.2 as-number 65001 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.25.2
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR6

#sysname AR6
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.26.6 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.6 255.255.255.255 
#
bgp 65003router-id 6.6.6.6confederation id 200confederation peer-as 65001peer 10.10.10.2 as-number 65001 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.10.10.2 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.26.2
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

BGP联盟配置文件

拓扑：

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-cdKq7qxm-1670225013627)(image/image_uQ6AjQHeQH.png)]

BGP 联盟配置文件.zip

配置BGP负载分担

组网需求

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6clPg1JY-1670225013627)(image/image_VirktNsmEj.png)]

所有路由器都配置BGP，R2在AS100中，R2和RouterC在AS300中，R4在AS200中。要求减少充分利用网络资源R4到目的地址10.10.10.10/32网络拥塞，充分利用网络资源

配置思路

采用如下的思路配置BGP负载分担：

在R1和R2、R1和R3、R4和R2、R4和R3之间配置EBGP连接，实现AS之间使用BGP协议相互通信。
在R4上配置负载分担功能，使从RouterA发送的流量可以经过RouterB和RouterC两条路径到达R1，实现对网络资源的充分利用。

配置：

AR1


#sysname AR1
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.12.1 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.13.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.1 255.255.255.255 
#
interface LoopBack10ip address 10.10.10.10 255.255.255.255 
#
bgp 100peer 10.10.10.2 as-number 300 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0peer 10.10.10.3 as-number 300 peer 10.10.10.3 ebgp-max-hop 255 peer 10.10.10.3 connect-interface LoopBack0#ipv4-family unicastundo synchronizationnetwork 10.0.0.0 network 10.10.10.10 255.255.255.255 peer 10.10.10.2 enablepeer 10.10.10.3 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.12.2
ip route-static 10.10.10.3 255.255.255.255 100.1.13.3
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR2

#sysname AR2
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.24.2 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.12.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.2 255.255.255.255 
#
bgp 300peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0peer 10.10.10.4 as-number 200 peer 10.10.10.4 ebgp-max-hop 255 peer 10.10.10.4 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.10.10.1 enablepeer 10.10.10.4 enable
#
ip route-static 10.10.10.1 255.255.255.255 100.1.12.1
ip route-static 10.10.10.4 255.255.255.255 100.1.24.4
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR3

#sysname AR3
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.13.3 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.34.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.3 255.255.255.255 
#
bgp 300peer 10.10.10.1 as-number 100 peer 10.10.10.1 ebgp-max-hop 255 peer 10.10.10.1 connect-interface LoopBack0peer 10.10.10.4 as-number 200 peer 10.10.10.4 ebgp-max-hop 255 peer 10.10.10.4 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.10.10.1 enablepeer 10.10.10.4 enable
#
ip route-static 10.10.10.1 255.255.255.255 100.1.13.1
ip route-static 10.10.10.4 255.255.255.255 100.1.34.4
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR4


#sysname AR4
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 100.1.34.4 255.255.255.0 
#
interface GigabitEthernet0/0/1ip address 100.1.24.4 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.10.10.4 255.255.255.255 
#
bgp 200peer 10.10.10.2 as-number 300 peer 10.10.10.2 ebgp-max-hop 255 peer 10.10.10.2 connect-interface LoopBack0peer 10.10.10.3 as-number 300 peer 10.10.10.3 ebgp-max-hop 255 peer 10.10.10.3 connect-interface LoopBack0#ipv4-family unicastundo synchronizationmaximum load-balancing 2peer 10.10.10.2 enablepeer 10.10.10.3 enable
#
ip route-static 10.10.10.2 255.255.255.255 100.1.24.2
ip route-static 10.10.10.3 255.255.255.255 100.1.34.3
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

BGP问题汇总

词库加载错误:未能找到文件“E:\highferrum_mysql\Configuration\Dict_Stopwords.txt”。

上一篇：库克，又来上海了！外滩“偶遇”郑恺

下一篇： 重大通报“GMG辅助软件”!(确实真的有挂)-知乎

BGP基本配置举例

BGP基本配置举例

需求：

配置思路：

组网示意

配置思路

组网需求

配置思路

组网需求

配置思路

相关内容

热门资讯