BGP策略实验

实验要求：

1、使用PreVa1策略，确保R4通过R2到达192.168.10.0/24
2、使用AS_Path策略，确保R4通过R3到达192.168.11.0/24
3、配置MED策略，确保R4通过R3到达192.168.12.0/24
4、使用Local Preference策略，确保R1通过R2到达192.168.1.0/24
5、使用Local Preference策略，确保R1通过R3到达192.168.2.0/24
6、配置负载均衡，确保R1通过R2和R3到达192.168.3.0/24
7、使用As策略，AS 500不接受任何始发于AS 123的路由
8、使用自定义Community策略，确保192.168.3.0/24路由不会被发布到AS 500
9、IBGP使用环回接口建邻，EBGP使用物理接口建邻
10、修改AS 123中的用户网段为Broadcast,方便后续在BGP中宣告
11、BGP宣告路由时，仅宣告24网段的用户路由

实验分析：

首先最基础的是接口IP地址的配置，配置完之后测试物理地址的联通性。

然后起IGP协议（OSPF），使得AS 123内部跑通，依然需要测试联通性。内网跑通。

接着修改环回接口网络类型为Broadcast，

然后，起BGP协议，使得建邻成功。

然后宣告路由，互相学习到所有私网路由信息。

最后，做策略实现以上要求。

实验开始：

第一步：接口IP地址配置。


[R1]int l0
[R1-LoopBack0]ip add 1.1.1.1 32
[R1-LoopBack0]int l1
[R1-LoopBack1]ip add 192.168.100.1 24
[R1-LoopBack1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 13.0.0.2 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 15.0.0.1 24

[R2]int l0
[R2-LoopBack0]ip add 2.2.2.2 32
[R2-LoopBack0]int l1
[R2-LoopBack1]ip add 192.168.20.1 24
[R2-LoopBack1]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 24.0.0.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 12.0.0.1 24

[R3]int l0
[R3-LoopBack0]ip add 3.3.3.3 32
[R3-LoopBack0]int l1
[R3-LoopBack1]ip add 192.168.30.1 24
[R3-LoopBack1]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 34.0.0.2 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 13.0.0.1 24


[R4]int l0
[R4-LoopBack0]ip add 192.168.1.1 24
[R4-LoopBack0]int l1
[R4-LoopBack1]ip add 192.168.2.1 24
[R4-LoopBack1]int l2
[R4-LoopBack2]ip add 192.168.3.1 24
[R4-LoopBack2]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 24.0.0.1 24
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 34.0.0.1 24

[R5]int l0
[R5-LoopBack0]ip add 192.168.10.1 24
[R5-LoopBack0]int l1
[R5-LoopBack1]ip add 192.168.11.1 24
[R5-LoopBack1]int l2
[R5-LoopBack2]ip add 192.168.12.1 24
[R5-LoopBack2]int g0/0/0
[R5-GigabitEthernet0/0/0]ip add 15.0.0.2 24

配置完，需要测试联通性，即在路由器上ping自己的直连接口IP。

第二步、IGP协议（OSPF）

[R1]ospf 1 rou 1.1.1.1
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]net 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 12.0.0.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 13.0.0.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 192.168.100.1 0.0.0.0

[R2]ospf 1 rou 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 192.168.20.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 12.0.0.1 0.0.0.0

[R3]ospf 1 rou 3.3.3.3
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 192.168.30.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 13.0.0.1 0.0.0.0

依然需要测试联通性。

同时环回相互ping通，也是为了协议不BGP建邻做准备

第四步、修改环回接口网络类型

[R1]int l1	
[R1-LoopBack1]ospf network-type broadcast 

[R2]int l1
[R2-LoopBack1]ospf network-type broadcast 

[R3]int l1
[R3-LoopBack1]ospf network-type broadcast

第五步、起BGP协议

[R4]bgp 400
[R4-bgp]router-id 4.4.4.4
[R4-bgp]peer 24.0.0.2 as 123
[R4-bgp]peer 34.0.0.2 as 123

[R2]bgp 123
[R2-bgp]router-id 2.2.2.2
[R2-bgp]peer 24.0.0.1 as 400
[R2-bgp]peer 1.1.1.1 as 123
[R2-bgp]peer 1.1.1.1 con l0
[R2-bgp]peer 1.1.1.1 next-hop-local

[R3]bgp 123
[R3-bgp]router-id 3.3.3.3
[R3-bgp]peer 34.0.0.1 as 400
[R3-bgp]peer 1.1.1.1 as 123
[R3-bgp]peer 1.1.1.1 con l0
[R3-bgp]peer 1.1.1.1 next-hop-local

[R1]bgp 123
[R1-bgp]router-id 1.1.1.1
[R1-bgp]peer 2.2.2.2 as 123
[R1-bgp]peer 2.2.2.2 con l0
[R1-bgp]peer 2.2.2.2 next-hop-local
[R1-bgp]peer 3.3.3.3 as 123
[R1-bgp]peer 3.3.3.3 con l0
[R1-bgp]peer 3.3.3.3 next-hop-local
[R1-bgp]peer 15.0.0.2 as 500

[R5]bgp 500
[R5-bgp]router-id 5.5.5.5
[R5-bgp]peer 15.0.0.1 as 123

查看建邻情况

第六步、BGP路由宣告

[R4]bgp 400
[R4-bgp]net 192.168.1.0 24
[R4-bgp]net 192.168.2.0 24
[R4-bgp]net 192.168.3.0 24

[R2]bgp 123
[R2-bgp]net 192.168.20.0 24

[R3]bgp 123
[R3-bgp]net 192.168.30.0 24

[R1]bgp 123
[R1-bgp]net 192.168.100.0 24

[R5]bgp 500
[R5-bgp]net 192.168.10.0 24
[R5-bgp]net 192.168.11.0 24
[R5-bgp]net 192.168.12.0 24

第七步、路由策略

先查看一下路由学习情况

1）使用PreVa1策略，确保R4通过R2到达192.168.10.0/24

[R4]ip ip-p	
[R4]ip ip-prefix pv permit 192.168.10.0 24
[R4]route-policy pv permit node 10
Info: New Sequence of this List.
[R4-route-policy]if-match ip-prefix pv
[R4-route-policy]apply preferred-value 100
[R4-route-policy]q
[R4]route-policy pv permit node 100
Info: New Sequence of this List.
[R4-route-policy]q
[R4]bgp 400
[R4-bgp]peer 24.0.0.2 route-policy pv import

2）使用AS_Path策略，确保R4通过R3到达192.168.11.0/24

[R4]ip ip-prefix ap permit 192.168.11.0 24
[R4]route-policy pv permit node 20
Info: New Sequence of this List.
[R4-route-policy]if-match ip-prefix ap
[R4-route-policy]apply as-path 123 additive
[R4-route-policy]q

3）配置MED策略，确保R4通过R3到达192.168.12.0/24

[R4]ip ip-prefix med permit 192.168.12.0 24
[R4]route-policy pv permit node 30
Info: New Sequence of this List.
[R4-route-policy]if-match ip-prefix med
[R4-route-policy]apply cost 20
[R4-route-policy]q

上三条配置完成后，查看此时的R1的BGP路由表。

4）使用Local Preference策略，确保R1通过R2到达192.168.1.0/24

[R1]ip ip-prefix lp1 permit 192.168.1.0 24
[R1]route-policy lp1 permit node 10
Info: New Sequence of this List.
[R1-route-policy]if-match ip-prefix lp1
[R1-route-policy]apply local-preference 200
[R1-route-policy]q
[R1]route-policy lp1 permit node 100
Info: New Sequence of this List.
[R1-route-policy]q
[R1]bgp 123
[R1-bgp]peer 2.2.2.2 route-policy lp1 import

5）使用Local Preference策略，确保R1通过R3到达192.168.2.0/24

[R1]ip ip-prefix lp2 permit 192.168.2.0 24
[R1]route-policy lp2 permit node 10
Info: New Sequence of this List.
[R1-route-policy]if-match ip-prefix lp2
[R1-route-policy]apply local-preference 200
[R1-route-policy]q
[R1]route-policy lp2 permit node 100
Info: New Sequence of this List.
[R1-route-policy]q
[R1]bgp 123
[R1-bgp]peer 3.3.3.3 route-policy lp2 import

6）配置负载均衡，确保R1通过R2和R3到达192.168.3.0/24

未开启BGP负载分担功能时，R1的BGP路由

仅有一条

开启负载分担功能

[R1]bgp 123
[R1-bgp]maximum load-balancing 2

此时的路由表

配置结束，查看一下R1的BGP表。

7）使用As策略，AS 500不接受任何始发于AS 123的路由

未限制时，R5的BGP表

[R5]ip as-path-filter 1 deny _123$
[R5]ip as-path-filter 1 permit .*
[R5]bgp 500
[R5-bgp]peer 15.0.0.1 as-path-filter 1 import

8）使用自定义Community策略，确保192.168.3.0/24路由不会被发布到AS 500

[R4]route-policy com-1 permit node 10
Info: New Sequence of this List.
[R4-route-policy]apply community 400:111    //设定策略，定义社团属性标记
[R4-route-policy]q
[R4]bgp 400
[R4-bgp]net 192.168.3.0 24 route-policy com-1    //在发布路由时调用策略

[R4-bgp]peer 24.0.0.2 advertise-community    //开启社团属性传播功能
[R4-bgp]peer 34.0.0.2 advertise-community

[R2]bgp 123
[R2-bgp]peer 1.1.1.1 advertise-community

[R3]bgp 123
[R3-bgp]peer 1.1.1.1 advertise-community

[R2]ip community-filter 1 permit 400:111    //抓取流量
[R2]route-policy com permit node 10        //做策略
Info: New Sequence of this List.
[R2-route-policy]if-match community-filter 1
[R2-route-policy]apply community no-export additive
[R2-route-policy]q
[R2]route-policy com permit node 100
Info: New Sequence of this List.
[R2-route-policy]q

[R3]ip community-filter 1 permit 400:111    //抓取流量
[R3]route-policy com permit node 10        //做策略
Info: New Sequence of this List.
[R3-route-policy]if-match community-filter 1
[R3-route-policy]apply community no-export additive
[R3-route-policy]q
[R3]route-policy com permit node 100
Info: New Sequence of this List.
[R3-route-policy]q

[R2]bgp 123                                 //调用策略
[R2-bgp]peer 24.0.0.1 route-policy com import

[R3]bgp 123                                //调用策略
[R3-bgp]peer 34.0.0.1 route-policy com import

查看R5，R2，R3以及R1的BGP表，是否成功