BGP 综合实验1
{Back to Index}
Table of Contents
- 1. 实验拓扑
- 2. OSPF 基本配置
- 3. BGP PEER 的建立
- 4. BGP 路由传递与选择
- 4.1. 调整管理距离/同步规则
- 4.2. 调整管理距离
- 4.3. 自动汇总
- 4.4. 宣告默认路由
- 4.5. route-map 修改 origin
- 4.6. 针对邻居过滤路由
- 4.7.
local-as no-prepend/set as-path prepend - 4.8. 满足同步规则
- 4.9. remove-private-as/allowas-in
- 4.10. 使用 prefix-list 对邻居路由过滤
- 4.11. next-hop-unchanged 特性
- 4.12. 调整路径属性
- 4.13. IBGP 路由重分布进 IGP
- 4.14. 设置缺省 worst MED 值
- 4.15. 使某条路由永远不被优化
1 实验拓扑
初始配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! int s1/0 ip address 1.1.24.2 255.255.255.248 no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.34.3 255.255.255.248 no sh ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.24.4 255.255.255.248 no sh int s1/2 ip address 1.1.34.4 255.255.255.248 no sh int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! end
2 OSPF 基本配置
2.1 虚链路
Area 2 学到其他 Area 的路由是从 R2 学到。
配置清单
=== R1 === router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 === R3 === router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0
2.2 修改接口网络类型
R1-R5 的 loopback0 可以宣告进任何 Area,并在路由表中出现为:24 位路由。
配置清单
=== R1 === int lo0 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 === R5 === int lo0 ip ospf network point-to-point ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0
2.3 distribute-list 过滤路由
在 R5 上做配置,使 R5 只能看到除直连路由以外的三条路由: 10.10.1.0/24 10.10.2.0/24 10.10.3.0/24
配置清单
=== R1 === int lo0 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 === R5 === int lo0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 distribute-list ACL_FILTER in !
3 BGP PEER 的建立
3.1 LOOPBACK 接口建立 IBGP
配置清单
=== R1 === int lo0 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 === R5 === int lo0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 distribute-list ACL_FILTER in ! router bgp 235 bgp router-id 5.5.5.5 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 !
3.2 local-as/主动发起连接的条件/最小EBGP多跳(2)
R4 属于 AS 64512,与 R5 建立一条 EBGP PEER,要求: 1. 要求用两台路由器的 loopback0 建立 2. 在 R4 上做配置,使它与 R5 建立 PEER 时,指向 64513 3. 要求此 PEER 的建立的时候,无伦任何情况,都只能由 R4 主动发起。即通过 R4 的随机高端口到 R5 的 179 端口, R5 不能主动发起与 R4 的 TCP 连接请求 4. 此解决方案不能使用 ACL,或其他任何形式的过滤 5. 使用最小的 EBGP-Multihop
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 === R5 === int lo0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 distribute-list ACL_FILTER in ! router bgp 235 bgp router-id 5.5.5.5 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 !
如果建立 EBGP 时使用的是默认路由,则不会主动发起建立邻居请求。
=== R4 === router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! because of default route R5 will not initiate tcp to R4 to establish ebgp router bgp 235 neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 !
查看 TCP 连接信息
R4#sh tcp brief
TCB Local Address Foreign Address (state)
C7BB9398 10.10.4.4.61825 10.10.5.5.179 ESTAB
R4#
3.3 最大 EBGP 多跳 (255)
R1 属于 AS 1,需要与 R3 建立一条 EBGP PEER,要求只要有一条 Active Path,BGP 邻居不能 Down 。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 bgp router-id 5.5.5.5 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 !
=== R1 === router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! === R3 === router bgp 235 neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop !
3.4 源检测
R1 与 R2 建立一条 EBGP PEER,要求: 1 R1 不能出现 EBGP 关健词 2 R2 不能出现 Update 关健词 3 R2 不能通过 R1 的直连以太口: 1.1.123.1 来建立 PEER 4 在 R1 做配置,当 BGP PEER 建立时,无论如何都是由 R1 的高端口发起到 R2 179 端口。可以使用 ACL,
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 bgp router-id 5.5.5.5 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 !
=== R1 === access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router bgp 1 neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === router bgp 235 neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop !
查看 TCP 信息
R1#sh tcp brief TCB Local Address Foreign Address (state) C7A56BD0 10.10.1.1.31762 1.1.123.2.179 ESTAB C79F6918 10.10.1.1.35132 10.10.3.3.179 ESTAB R1#
这种做法可以省略 ACL 。
也可以考虑关闭源检测
=== R1 ===
router bgp 1
neighbor 10.10.2.2 update-source lo0
neighbor 10.10.2.2 disable-connected-check
!
=== R2 ===
router bgp 235
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop
!
4 BGP 路由传递与选择
4.1 调整管理距离/同步规则
在 R5 上增加一个 loopback5,其 IP ADD=105.1.1.1/24,通过 network 宣告进 OSPF 和 BGP,此路由会传到 R2 和 R3 上,此时在 R2、R3 的路由表及 BGP 表里都可以看到此路由。注意,路由表里看到此路由需要 是 24 的掩码。 R3 上要求: 1. R3 上不可以使用 no synchronization 命令 2. 在 R3 的 BGP 表中,应看到此路由是最优路由 3. 此解决方案只能在 R5 上实施 R2 上要求: 1. R2 上不可以使用 no synchronization 命令 2. 在 R2 上增加一条针对 105.1.1.0/24 指向 null 0 的浮动静态路由,AD 值为 240 3. 在 R2 的路由表里,应看到此静态路由安装进路由表 4. 在 R2 的 BGP 表中,要求看到此路由是最优路由 5. 此解决方案只能在 R2 上实施,不要改变静态路由的任何参数
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 router-id 4.4.4.4 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 bgp router-id 5.5.5.5 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 !
=== R3 === router bgp 235 synchronization ! === R5 === int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! router bgp 235 network 105.1.1.0 mask 255.255.255.0 ! router ospf 5 network 105.1.1.1 0.0.0.0 area 0 !
可以看到 R3 上这条路由不是 best ,因为 IBGP router id 与 OSPF router id 不一致。 1
R3#sh ip bgp 105.1.1.0 BGP routing table entry for 105.1.1.0/24, version 0 Paths: (1 available, no best path) Flag: 0x4100 Not advertised to any peer Refresh Epoch 2 Local 邻居 邻居 router-id 10.10.5.5 (metric 129) from 10.10.5.5 (5.5.5.5) Origin IGP, metric 0, localpref 100, valid, internal, not synchronized rx pathid: 0, tx pathid: 0 R3#sh ip ospf database summary 105.1.1.0 OSPF Router with ID (3.3.3.3) (Process ID 3) Summary Net Link States (Area 1) LS age: 824 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 105.1.1.0 (summary Network Number) Advertising Router: 4.4.4.4 LS Seq Number: 80000002 Checksum: 0x2A55 Length: 28 Network Mask: /24 MTID: 0 Metric: 65 Summary Net Link States (Area 2) LS age: 847 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 105.1.1.0 (summary Network Number) Advertising Router: 2.2.2.2 LS Seq Number: 80000002 Checksum: 0xE85E Length: 28 Network Mask: /24 MTID: 0 Metric: 129
调整 R5 的 bgp router-id :
=== R4 === router bgp 64512 bgp router-id 44.44.44.44 ! 被动调整下,让出 router-id ! === R5 === router bgp 235 bgp router-id 4.4.4.4 !
R2 上为达到要求,必须满足 static_AD < OSPF_AD 与 static_AD < BGP_AD
=== R2 === ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router bgp 235 synchronization distance 242 10.10.5.5 0.0.0.0 1 ! router ospf 2 distance 241 5.5.5.5 0.0.0.0 1 !
4.2 调整管理距离
2. 在 R5 上,把 loopback0 宣告进入 BGP。在 R4 观察此路由,你会发现此路由一直在 FLAPPING,在 R4 上 做配置,来解决此问题。此解决方案不可以对 BGP 进行操作。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 ! network 105.1.1.0 mask 255.255.255.0 !
=== R4 === access-list 5 permit 10.10.5.0 ! router ospf 4 distance 19 5.5.5.5 0.0.0.0 5 !
查看管理距离
R4#sh ip protocols
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "ospf 4"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 4.4.4.4
It is an area border router
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.24.4 0.0.0.0 area 1
1.1.34.4 0.0.0.0 area 1
1.1.45.4 0.0.0.0 area 0
10.10.4.4 0.0.0.0 area 0
Routing Information Sources:
Gateway Distance Last Update
5.5.5.5 19 00:02:05
2.2.2.2 110 00:02:05
3.3.3.3 110 00:02:05
Distance: (default is 110)
Address Wild mask Distance List
5.5.5.5 0.0.0.0 19 5
4.3 自动汇总
3. 在 R5 上, 通过 network 宣告一条 10.0.0.0/8 的路由进入 BGP,使此路由在其他路由器上均可以看到。 不可以在任何地方增加接口或 secondary address,或静态路由,或 OSPF 汇总。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 ! network 105.1.1.0 mask 255.255.255.0 !
=== R5 === router bgp 235 auto-summary network 10.0.0.0 !
因为 R2 ,R3 开启了同步,所以这条路由在 R2/R3 上不优化,将 bgp 路由重分布进 OSPF 即可:
=== R4 === router ospf 4 redistribute bgp 64512 ! 不加 subnets 关键词表示只重分布主类路由,满足要求 !
4.4 宣告默认路由 2
4. 在 R5 上,通过 network 宣告一条 0.0.0.0/0 进入 BGP。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 ! !
=== R5 === router bgp 235 network 0.0.0.0 !
4.5 route-map 修改 origin
5. 在 R4 上增加一个 loopback104,其地址如下: interface Loopback104 ip address 104.1.1.1 255.255.255.0 ip address 104.1.2.1 255.255.255.0 secondary ... ip address 104.1.16.1 255.255.255.0 secondary 用最小的命令行,将这些路由引入 BGP,并且使 R5 看到这些路由的 Origine Type 是:IGP
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 ! !
=== R4 === int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! router bgp 64512 redistribute connected route-map RM_LO104 !
4.6 针对邻居过滤路由
6. 在 R4 上做配置,使用最少的命令行,用扩展的 ACL,使 R4 向 R5 传递路由时,只传递下列 4 条路由: 104.1.1.0/24 104.1.3.0/24 104.1.9.0/24 104.1.11.0/24
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 ! !
=== R4 === ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 router bgp 64512 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out !
4.7 local-as no-prepend / set as-path prepend
7. 在 R5 上做配置, 使 R5 收到这四条路由时,BGP 表里如下显示: ROUTE AS-PATH 104.1.1.0/24 64513 64514 64512 104.1.3.0/24 64513 64514 64512 104.1.9.0/24 64513 64514 64512 104.1.11.0/24 64513 64514 64512
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 ! !
当前 R5 上的 BGP 路由
R5#sh ip bgp
BGP table version is 57, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
*> 10.0.0.0 0.0.0.0 0 32768 i
*> 10.10.5.0/24 0.0.0.0 0 32768 i
*> 104.1.1.0/24 10.10.4.4 0 0 64513 64512 i
*> 104.1.3.0/24 10.10.4.4 0 0 64513 64512 i
*> 104.1.9.0/24 10.10.4.4 0 0 64513 64512 i
*> 104.1.11.0/24 10.10.4.4 0 0 64513 64512 i
*> 105.1.1.0/24 0.0.0.0 0 32768 i
首先让 R5 收到的路由不要 prepend 64513 这个 local-as :
=== R5 === router bgp 235 neighbor 10.10.4.4 local-as 64513 no-prepend !
再修改 AS-Path :
=== R5 === ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! router bgp 235 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in !
验证
R5(config-router)#do sh ip bgp
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
*> 10.0.0.0 0.0.0.0 0 32768 i
*> 10.10.5.0/24 0.0.0.0 0 32768 i
*> 104.1.1.0/24 10.10.4.4 0 0 64513 64514 64512 i
*> 104.1.3.0/24 10.10.4.4 0 0 64513 64514 64512 i
*> 104.1.9.0/24 10.10.4.4 0 0 64513 64514 64512 i
*> 104.1.11.0/24 10.10.4.4 0 0 64513 64514 64512 i
*> 105.1.1.0/24 0.0.0.0 0 32768 i
4.8 满足同步规则
8. 在适当的地方做配置,确保在 R2 R3 上能看到上述四条路由为最优路由, 不能使用 no synchronization 命令
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R4 === router ospf 4 redistribute connected subnets route-map RM_R4_TO_R5 !
R2/R3 上能显示 best 是因为满足了同步规则,即 OSPF 路由的源 router-id 和 IBGP 路由的源 router-id 相等:
查看 router-id
R2#sh ip os database external 104.1.3.0
OSPF Router with ID (2.2.2.2) (Process ID 2)
Type-5 AS External Link States
LS age: 39
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 104.1.3.0 (External Network Number )
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xF42F
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
R2#sh ip bgp 104.1.3.0
BGP routing table entry for 104.1.3.0/24, version 17
Paths: (1 available, best #1, table default, RIB-failure(17))
Flag: 0x100
Advertised to update-groups:
21
Refresh Epoch 1
64513 64514 64512
10.10.4.4 (metric 65) from 10.10.5.5 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, internal, synchronized, best
rx pathid: 0, tx pathid: 0x0
4.9 remove-private-as/allowas-in
9. 在 R2 R3 上做配置,使 R1 接收这 4 条 BGP 路由时,路由的 AS-PATH 为:235 1 235。使用最小的配置步骤及命令行 10. 在R1上做配置,确保R1的BGP表中看到这四条路由
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R2 === access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router bgp 235 neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out !
此时 R1 上看不到这四条路由,因为 AS-PATH 防环机制,为了接收此条路由,可以使用 allowas-in :
=== R1 === router bgp 1 neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in !
4.10 使用 prefix-list 对邻居路由过滤
11. 在R5上做配置,使R2R3的BGP表中看不到0.0.0.0/0这条路由,此解决要求用最少的Prefix-list命令。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R5 === ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! router bgp 235 neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out !
4.11 next-hop-unchanged 特性
12. 在R1上增加六个loopback接口:
Loopback101 101.1.1.1/24
Loopback102 101.1.2.1/24
Loopback103 101.1.3.1/24
Loopback104 101.1.4.1/24
Loopback105 101.1.5.1/24
Loopback106 101.1.6.1/24
将这些路由引入 BGP,使其在其他路由器上看到这六条路由的 Origine Type 是:IGP。
注意,在某个地方, 可能会出同路由环, 试着解决它。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R1 === int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! router bgp 1 redistribute connected route-map RM_ROUTE_101 !
101.1.00000001.0 101.1.00000010.0 101.1.00000011.0 101.1.00000100.0 101.1.00000101.0 101.1.00000110.0 ----------------- 101.1.00000000.0 => 101.1.0.0 101.1.00000111.0 => 101.1.7.0
环路是出现在 R4 - R5 之间,可以使用 next-hop-unchanged 特性:
=== R5 === router bgp 235 neighbor 10.10.4.4 next-hop-unchanged !
4.12 调整路径属性
4.12.1 weight
13. 在R5上做配置,针对101.1.1.0/24这条路由,要求R5看到的最优路由是从R3学到的。它们是通过Weight 值来决定胜负的。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
当前传递信息
R5#sh ip bgp 101.1.1.0
BGP routing table entry for 101.1.1.0/24, version 4
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
=== R5 === ip prefix-list 101.1 permit 101.1.1.0/24 route-map RM_R3_R5_IN permit 10 set weight 3 route-map RM_R3_R5_IN permit 20 ! router bgp 235 neighbor 10.10.3.3 route-map RM_R3_R5_IN in !
验证
R5#sh ip bgp 101.1.1.0
BGP routing table entry for 101.1.1.0/24, version 21
Paths: (2 available, best #1, table default)
Advertised to update-groups:
1
Refresh Epoch 6
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, weight 3, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 3
1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
4.12.2 local-preference
14. 在 R5 上做配置,针对 101.1.2.0/24 这条路由,要求 R5 看到的最优路由是从 R3 学到的, 它们是通过 Local-Preference 值来决定胜负的。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R5 === ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101
效果
R5#sh ip bgp 101.1.2.0 BGP routing table entry for 101.1.2.0/24, version 5 Paths: (2 available, best #2, table default) Advertised to update-groups: 4 Refresh Epoch 1 1 10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2) Origin IGP, metric 0, localpref 100, valid, internal rx pathid: 0, tx pathid: 0 Refresh Epoch 1 1 10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3) Origin IGP, metric 0, localpref 101, valid, internal, best rx pathid: 0, tx pathid: 0x0 R5#sh ip bgp 101.1.3.0 BGP routing table entry for 101.1.3.0/24, version 6 Paths: (2 available, best #1, table default) Advertised to update-groups: 4 Refresh Epoch 1 1 10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2) Origin IGP, metric 0, localpref 100, valid, internal, best rx pathid: 0, tx pathid: 0x0 Refresh Epoch 1 1 10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3) Origin IGP, metric 0, localpref 100, valid, internal rx pathid: 0, tx pathid: 0 R5#
4.12.3 通告时通过 route-map 修改路径属性
15. 在 R1 上做配置,将 101.1.3.0/24 通过 OSPF 传递过来, 确保在 R5 的路由表可以看到 101.1.3.0/24 这条路由 是从 OSPF 学到的。
在 R5 上将这条 OSPF 路由用 network 引入 BGP,并且通过配置,确保这条路由在 BGP 里是最优路由。
需要确保他们之间的比较是通过 BGP 选路原则的第三项(next-hop)来决定胜负的。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R1 === int lo103 ip ospf network point-to-point ! router ospf 1 network 101.1.3.1 0.0.0.0 area 2 ! === R5 === ip access-list standard ACL_FILTER 5 permit 101.1.3.0 # 调整之前的需求 ! router bgp 235 network 101.1.3.0 mask 255.255.255.0 !
当前状态
R5#sh ip bgp 101.1.3.0
BGP routing table entry for 101.1.3.0/24, version 34
Paths: (3 available, best #1, table default)
Advertised to update-groups:
3 4
Refresh Epoch 1
Local
0.0.0.0 from 0.0.0.0 (4.4.4.4)
Origin IGP, metric 139, localpref 100, weight 32768, valid, sourced, local, best ! 通过 weight 选举出来的
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 2
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
=== R5 === route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO !
再次检查
R5#sh ip bgp 101.1.3.0
BGP routing table entry for 101.1.3.0/24, version 35
Paths: (3 available, best #1, table default)
Advertised to update-groups:
3 4
Refresh Epoch 1
Local
0.0.0.0 from 0.0.0.0 (4.4.4.4)
Origin IGP, metric 139, localpref 100, valid, sourced, local, best
rx pathid: 1, tx pathid: 0x0
Refresh Epoch 2
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
4.12.4 AS-PATH
16. 在R1上做配置,只针对R2的BGP邻居,针对101.1.4.0/24这条路由,要求R5看到的最优路由是从R3学 到的, 它们是通过 AS-Path 来决定胜负的。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! int lo103 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 network 101.1.3.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! ip access-list standard ACL_FILTER 5 permit 101.1.3.0 ! route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R1 === access-list 4 permit 101.1.4.0 route-map RM_R1_R2 permit 10 match ip address 4 set as-path prepend 1 route-map RM_R1_R2 permit 20 ! router bgp 1 neighbor 1.1.123.2 route-map RM_R1_R2 out !
验证
R5#sh ip bgp 101.1.4.0
BGP routing table entry for 101.1.4.0/24, version 5
Paths: (2 available, best #1, table default)
Advertised to update-groups:
6
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
1 1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
4.12.5 Origin
17. 在R1上做配置,只针对R2的BGP邻居,针对101.1.5.0/24这条路由,要求R5看到的最优路由是从R3学到的, 它们是通过 Origine Type 来决定胜负的。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! int lo103 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 network 101.1.3.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! access-list 4 permit 101.1.4.0 route-map RM_R1_R2 permit 10 match ip address 4 set as-path prepend 1 route-map RM_R1_R2 permit 20 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 neighbor 1.1.123.2 route-map RM_R1_R2 out ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! ip access-list standard ACL_FILTER 5 permit 101.1.3.0 ! route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R1 === access-list 5 permit 101.1.5.0 route-map RM_R1_R2 permit 15 match ip address 5 set origin incomplete !
验证
R5#sh ip bgp 101.1.5.0
BGP routing table entry for 101.1.5.0/24, version 71
Paths: (2 available, best #1, table default)
Advertised to update-groups:
8
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
4.12.6 MED
18. 在R1上做配置,只针对R2的BGP邻居,针对101.1.6.0/24这条路由,要求R5看到的最优路由是从R3学 到的, 它们是通过 Med 来决定胜负的。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! int lo103 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 network 101.1.3.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! access-list 4 permit 101.1.4.0 access-list 5 permit 101.1.5.0 ! route-map RM_R1_R2 permit 10 match ip address 4 set as-path prepend 1 route-map RM_R1_R2 permit 15 match ip address 5 set origin incomplete route-map RM_R1_R2 permit 20 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 neighbor 1.1.123.2 route-map RM_R1_R2 out ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! ip access-list standard ACL_FILTER 5 permit 101.1.3.0 ! route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO ! auto-summary network 10.0.0.0 network 0.0.0.0 !
=== R1 === access-list 6 permit 101.1.6.0 route-map RM_R1_R2 permit 16 match ip address 6 set metric 1 !
验证
R5#sh ip bgp 101.1.6.0
BGP routing table entry for 101.1.6.0/24, version 72
Paths: (2 available, best #1, table default)
Advertised to update-groups:
8
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
1
10.10.1.1 (metric 139) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 1, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
R5#
4.13 IBGP 路由重分布进 IGP
19. 在 R5 上做配置,将 101.1.1.0/24 这条路由重分布进入 OSPF,并且重分布时设置此路由的 TAG 值为 235。 此解决方案不可以使用 set tag 235 这条命令。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! int lo103 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 network 101.1.3.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! access-list 4 permit 101.1.4.0 access-list 5 permit 101.1.5.0 access-list 6 permit 101.1.6.0 ! route-map RM_R1_R2 permit 10 match ip address 4 set as-path prepend 1 route-map RM_R1_R2 permit 15 match ip address 5 set origin incomplete route-map RM_R1_R2 permit 16 match ip address 6 set metric 1 route-map RM_R1_R2 permit 20 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 neighbor 1.1.123.2 route-map RM_R1_R2 out ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! ip access-list standard ACL_FILTER 5 permit 101.1.3.0 ! route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO ! auto-summary network 10.0.0.0 network 0.0.0.0 !
IBGP 路由默认不允许重分布进 IGP ,必须使用 redistribute-internal :
=== R5 ===
route-map RM_B_O permit 10
match ip address prefix-list 101.1.1
!
router bgp 235
bgp redistribute-internal ! must have this line
!
router ospf 5
redistribute bgp 235 subnets route-map RM_B_O tag 235
!
验证
R5#sh ip ospf database topology | in 101.1.1 101.1.1.0 5.5.5.5 135 0x80000001 0x00EB60 235 R5#
4.14 设置缺省 worst MED 值
20. 在 R4 上做配置,针对 BGP 表里的有些路由,如果没有 Med 值,将它们改为:4294967294,此解决方案不可以用 Route-map。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! int lo103 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 network 101.1.3.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! access-list 4 permit 101.1.4.0 access-list 5 permit 101.1.5.0 access-list 6 permit 101.1.6.0 ! route-map RM_R1_R2 permit 10 match ip address 4 set as-path prepend 1 route-map RM_R1_R2 permit 15 match ip address 5 set origin incomplete route-map RM_R1_R2 permit 16 match ip address 6 set metric 1 route-map RM_R1_R2 permit 20 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 neighbor 1.1.123.2 route-map RM_R1_R2 out ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! ip access-list standard ACL_FILTER 5 permit 101.1.3.0 ! route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO ! auto-summary network 10.0.0.0 network 0.0.0.0 ! route-map RM_B_O permit 10 match ip address prefix-list 101.1.1 ! router bgp 235 bgp redistribute-internal ! must have this line ! router ospf 5 redistribute bgp 235 subnets route-map RM_B_O tag 235 !
R4(config-router)#bgp bestpath med ? confed Compare MED among confederation paths missing-as-worst Treat missing MED as the least preferred one
=== R4 === router bgp 64512 bgp bestpath med missing-as-worst !
验证
R4#sh ip bgp
BGP table version is 256, local router ID is 44.44.44.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.10.5.5 0 0 64513 235 i
*> 10.0.0.0 10.10.5.5 0 0 64513 235 i
r> 101.1.1.0/24 10.10.1.1 4294967295 0 64513 235 1 i
*> 101.1.2.0/24 10.10.1.1 4294967295 0 64513 235 1 i
r> 101.1.3.0/24 10.10.5.5 139 0 64513 235 i
*> 101.1.4.0/24 10.10.1.1 4294967295 0 64513 235 1 i
*> 101.1.5.0/24 10.10.1.1 4294967295 0 64513 235 1 i
*> 101.1.6.0/24 10.10.1.1 4294967295 0 64513 235 1 i
*> 104.1.1.0/24 0.0.0.0 0 32768 i
*> 104.1.2.0/24 0.0.0.0 0 32768 i
*> 104.1.3.0/24 0.0.0.0 0 32768 i
*> 104.1.4.0/24 0.0.0.0 0 32768 i
*> 104.1.5.0/24 0.0.0.0 0 32768 i
Network Next Hop Metric LocPrf Weight Path
*> 104.1.6.0/24 0.0.0.0 0 32768 i
*> 104.1.7.0/24 0.0.0.0 0 32768 i
*> 104.1.8.0/24 0.0.0.0 0 32768 i
*> 104.1.9.0/24 0.0.0.0 0 32768 i
*> 104.1.10.0/24 0.0.0.0 0 32768 i
*> 104.1.11.0/24 0.0.0.0 0 32768 i
*> 104.1.12.0/24 0.0.0.0 0 32768 i
*> 104.1.13.0/24 0.0.0.0 0 32768 i
*> 104.1.14.0/24 0.0.0.0 0 32768 i
*> 104.1.15.0/24 0.0.0.0 0 32768 i
*> 104.1.16.0/24 0.0.0.0 0 32768 i
r> 105.1.1.0/24 10.10.5.5 0 0 64513 235 i
4.15 使某条路由永远不被优化 3
21. 在 R4 上再增加一个接口 loopback204,其 IP ADD=204.1.1.1/24,将此路由宣告进 BGP,并设置该路由的 Med 值为 4294967295 。
day0 配置清单
=== R1 === int lo0 ip ospf network point-to-point ! access-list 100 deny tcp host 1.1.123.2 host 10.10.1.1 eq bgp access-list 100 permit ip any any int e0/0 ip access-group 100 in ! int lo103 ip ospf network point-to-point ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 network 101.1.3.1 0.0.0.0 area 2 ! int lo101 ip add 101.1.1.1 255.255.255.0 ! int lo102 ip add 101.1.2.1 255.255.255.0 ! int lo103 ip add 101.1.3.1 255.255.255.0 ! int lo104 ip add 101.1.4.1 255.255.255.0 ! int lo105 ip add 101.1.5.1 255.255.255.0 ! int lo106 ip add 101.1.6.1 255.255.255.0 ! access-list 10 permit 101.1.0.0 101.1.7.0 route-map RM_ROUTE_101 permit 10 match ip address 10 set origin igp ! access-list 4 permit 101.1.4.0 access-list 5 permit 101.1.5.0 access-list 6 permit 101.1.6.0 ! route-map RM_R1_R2 permit 10 match ip address 4 set as-path prepend 1 route-map RM_R1_R2 permit 15 match ip address 5 set origin incomplete route-map RM_R1_R2 permit 16 match ip address 6 set metric 1 route-map RM_R1_R2 permit 20 ! router bgp 1 bgp router-id 1.1.1.1 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.3.3 update-source lo0 neighbor 10.10.3.3 ebgp-multihop ! neighbor 1.1.123.2 remote-as 235 neighbor 1.1.123.2 update-source lo0 neighbor 1.1.123.2 route-map RM_R1_R2 out ! neighbor 1.1.123.2 allowas-in neighbor 10.10.3.3 allowas-in ! redistribute connected route-map RM_ROUTE_101 ! === R2 === int lo0 ip ospf network point-to-point ! ip route 105.1.1.0 255.255.255.0 Null0 240 ! access-list 1 permit 105.1.1.0 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R2_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R2_TO_R1 permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 1 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 distance 241 5.5.5.5 0.0.0.0 1 ! router bgp 235 bgp router-id 2.2.2.2 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop ! synchronization distance 242 10.10.5.5 0.0.0.0 1 ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R2_TO_R1 out ! === R3 === int lo0 ip ospf network point-to-point ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! access-list 2 permit 104.1.1.0 0.0.10.0 ! route-map RM_R3_TO_R1 permit 10 match ip address 2 set as-path prepend 1 235 route-map RM_R3_TO_R1 permit 20 ! router bgp 235 bgp router-id 3.3.3.3 neighbor 10.10.5.5 remote-as 235 neighbor 10.10.5.5 update-source lo0 ! neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 update-source lo0 neighbor 10.10.1.1 ebgp-multihop ! synchronization ! neighbor 10.10.1.1 remove-private-as neighbor 10.10.1.1 route-map RM_R3_TO_R1 out ! === R4 === int lo0 ip ospf network point-to-point ! access-list 5 permit 10.10.5.0 ! int lo104 ip add 104.1.1.1 255.255.255.0 ip add 104.1.2.1 255.255.255.0 secondary ip add 104.1.3.1 255.255.255.0 secondary ip add 104.1.4.1 255.255.255.0 secondary ip add 104.1.5.1 255.255.255.0 secondary ip add 104.1.6.1 255.255.255.0 secondary ip add 104.1.7.1 255.255.255.0 secondary ip add 104.1.8.1 255.255.255.0 secondary ip add 104.1.9.1 255.255.255.0 secondary ip add 104.1.10.1 255.255.255.0 secondary ip add 104.1.11.1 255.255.255.0 secondary ip add 104.1.12.1 255.255.255.0 secondary ip add 104.1.13.1 255.255.255.0 secondary ip add 104.1.14.1 255.255.255.0 secondary ip add 104.1.15.1 255.255.255.0 secondary ip add 104.1.16.1 255.255.255.0 secondary ! route-map RM_LO104 permit 10 match interface lo104 set origin igp ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 ! router ospf 4 ! router-id 4.4.4.4 router-id 44.44.44.44 network 1.1.24.4 0.0.0.0 area 1 network 1.1.34.4 0.0.0.0 area 1 network 1.1.45.4 0.0.0.0 area 0 network 10.10.4.4 0.0.0.0 area 0 area 1 virtual-link 2.2.2.2 distance 19 5.5.5.5 0.0.0.0 5 redistribute bgp 64512 redistribute connected subnets route-map RM_R4_TO_R5 ! router bgp 64512 bgp router-id 4.4.4.4 neighbor 10.10.5.5 remote-as 64513 neighbor 10.10.5.5 update-sourc lo0 neighbor 10.10.5.5 ebgp-multihop 2 redistribute connected route-map RM_LO104 neighbor 10.10.5.5 route-map RM_R4_TO_R5 out bgp bestpath med missing-as-worst ! === R5 === int lo0 ip ospf network point-to-point ! int lo5 ip add 105.1.1.1 255.255.255.0 ip ospf network point-to-point ! ip access-list standard ACL_FILTER permit 10.10.0.0 0.0.3.0 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 network 105.1.1.1 0.0.0.0 area 0 distribute-list ACL_FILTER in ! ip route 0.0.0.0 0.0.0.0 1.1.45.4 ! ip access-list extended ACL_104 10 permit ip 104.1.1.0 0.0.10.0 255.255.255.0 0.0.0.0 ! route-map RM_R4_TO_R5 permit 10 match ip address ACL_104 set as-path prepend 64513 64514 route-map RM_R4_TO_R5 permit 20 ! ip prefix-list PFL_NO_DEF seq 5 permit 0.0.0.0/0 ge 1 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 ip prefix-list 101.1.2 permit 101.1.2.0/24 route-map RM_R3_R5_IN permit 9 match ip address prefix-list 101.1.2 set local-preference 101 route-map RM_R3_R5_IN permit 10 match ip address prefix-list 101.1.1 set weight 3 route-map RM_R3_R5_IN permit 20 ! ip access-list standard ACL_FILTER 5 permit 101.1.3.0 ! route-map RM_SET_WEIGHT_ZERO permit 10 set weight 0 ! router bgp 235 ! bgp router-id 5.5.5.5 bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 235 neighbor 10.10.3.3 remote-as 235 neighbor 10.10.2.2 update-source lo0 neighbor 10.10.3.3 update-source lo0 ! neighbor 10.10.2.2 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 prefix-list PFL_NO_DEF out neighbor 10.10.3.3 route-map RM_R3_R5_IN in ! neighbor 10.10.4.4 remote-as 64512 neighbor 10.10.4.4 local-as 64513 no-prepend neighbor 10.10.4.4 update-source lo0 neighbor 10.10.4.4 ebgp-multihop 2 neighbor 10.10.4.4 route-map RM_R4_TO_R5 in neighbor 10.10.4.4 next-hop-unchanged ! network 105.1.1.0 mask 255.255.255.0 network 101.1.3.0 mask 255.255.255.0 route-map RM_SET_WEIGHT_ZERO ! auto-summary network 10.0.0.0 network 0.0.0.0 ! route-map RM_B_O permit 10 match ip address prefix-list 101.1.1 ! router bgp 235 bgp redistribute-internal ! must have this line ! router ospf 5 redistribute bgp 235 subnets route-map RM_B_O tag 235 !
将 MED 设为最大值,可以使路由条目不再会被优化:
=== R4 === int lo204 ip add 204.1.1.1 255.255.255.0 ! ip access-list standard ACL_204 permit 204.1.1.0 ! route-map MED permit 10 set metric 4294967295 ! router bgp 64512 network 204.1.1.0 mask 255.255.255.0 route-map MED !