博客

ensp-BGP

  • Post author:
  • Post category:其他


BGP:边界网关路由协议:

boder gateway protocol



特点:

① 属于外部网关路由协议

② 针对大型网络、大型跨国集团、运营商、国与国之间的路由



路由协议分类

内部网关路由协议IGP:

rip ospf isis (eigrp)

外部网关路由协议EGP:EGP(早期淘汰)BGP



BGP 邻居关系:

在这里插入图片描述


IBGP

:相同的AS路由器邻居


EBGP

:不同AS的路由器邻居

注:

EBGP

建邻居用直连接口

IBGP

建邻居用环回接口

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述



bgp 路由传递:

在这里插入图片描述
在这里插入图片描述



BGP next-hop 属性

BGP 是以AS为个体,路由传递给其EBGP对等体时,下一跳会不变的引入AS的内部。 可能会引起下一跳不可达问题

解决:

R2: 

bgp 200 peer 3.3.3.3 next-hop-local

路由传递给邻居3.3.3.3时将 路由的下一跳改为自己(2.2.2.2) 202 IBGP 水平分割属性:为了防止IBGP环路,默认情况下从IBGP对等体收到的路由不会传给其IBGP邻居。

解决水平分割:配置路由反射器 R3: 

 bgp 200 peer 4.4.4.4 reflect-client  #
 将R4配置为自己的路由反射客户 端

注:从客户端(路由反射客户端)学到的路由可以无条件传递给任何对等体。



全网互通、路由引入、BGP 的路由汇总

在这里插入图片描述



BGP AS-path 属性

在这里插入图片描述

EBGP 防环:As-path 属性

IBGP 防环:ibgp 水平分割



路由聚合的AS-set 参数

在这里插入图片描述
注:一台路由器上面只能运行一个bgp 的进程。



详细命令



AR1

#
 sysname AR1
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
router id 1.1.1.1 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 12.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.0 
#
interface LoopBack1
 ip address 1.1.2.1 255.255.255.0 
#
interface LoopBack2
 ip address 1.1.3.1 255.255.255.0 
#
bgp 100
 peer 12.1.1.2 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  aggregate 1.1.0.0 255.255.252.0 detail-suppressed 
  network 1.1.1.0 255.255.255.0 
  network 1.1.2.0 255.255.255.0 
  network 1.1.3.0 255.255.255.0 
  network 12.1.1.0 255.255.255.0 
  peer 12.1.1.2 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return



AR2

#
 sysname AR2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
router id 2.2.2.2 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 12.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.0 
#
bgp 200
 peer 3.3.3.3 as-number 200 
 peer 3.3.3.3 connect-interface LoopBack0
 peer 12.1.1.1 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 12.1.1.0 255.255.255.0 
  import-route ospf 1
  peer 3.3.3.3 enable
  peer 3.3.3.3 next-hop-local 
  peer 12.1.1.1 enable
#
ospf 1 
 area 0.0.0.0 
  network 2.2.2.0 0.0.0.255 
  network 23.1.1.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return



AR3

#
 sysname AR3
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
router id 3.3.3.3 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 23.1.1.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 34.1.1.3 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.0 
#
bgp 200
 peer 2.2.2.2 as-number 200 
 peer 2.2.2.2 connect-interface LoopBack0
 peer 4.4.4.4 as-number 200 
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 4.4.4.4 enable
  peer 4.4.4.4 reflect-client
#
ospf 1 
 area 0.0.0.0 
  network 3.3.3.0 0.0.0.255 
  network 23.1.1.0 0.0.0.255 
  network 34.1.1.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return



AR4

#
 sysname AR4
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
router id 4.4.4.4 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 34.1.1.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 45.1.1.4 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.0 
#
bgp 200
 peer 3.3.3.3 as-number 200 
 peer 3.3.3.3 connect-interface LoopBack0
 peer 45.1.1.5 as-number 300 
 #
 ipv4-family unicast
  undo synchronization
  aggregate 1.1.0.0 255.255.252.0 as-set detail-suppressed 
  network 45.1.1.0 255.255.255.0 
  peer 3.3.3.3 enable
  peer 45.1.1.5 enable
#
ospf 1 
 area 0.0.0.0 
  network 4.4.4.0 0.0.0.255 
  network 34.1.1.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return



AR5

#
 sysname AR5
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
router id 5.5.5.5 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 45.1.1.5 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.0 
#
bgp 300
 peer 45.1.1.4 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 5.5.5.0 255.255.255.0 
  network 45.1.1.0 255.255.255.0 
  peer 45.1.1.4 enable
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


版权声明:本文为qq_45089570原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。