菊花论坛--IT认证家园 » 『 ITAA 品牌认证中心专区』 » 【BGP挑战实验】希望借此实验大家提出更多实际需求,共同实现！[附模拟器配置文件]

打印

【BGP挑战实验】希望借此实验大家提出更多实际需求,共同实现！[附模拟器配置文件]

yangrubing

普通长老

Rank: 3 Rank: 3

UID: 151388
帖子: 408
精华: 0
积分: 181
菊花元: 181 元
威望: 0 点
阅读权限: 20
在线时间: 128 小时
注册时间: 2007-4-27
最后登录: 2008-12-4

顶楼大中小发表于 2007-8-19 14:36 只看该作者

【BGP挑战实验】希望借此实验大家提出更多实际需求,共同实现！[附模拟器配置文件]

BGP挑战实验

一、实验拓扑图：

二、实验需求：

国际网络技术培训中心ITAA的广告、培训、公司内部的交流以及与世界各地客户的沟通很大程度上都依赖于Internet。因此，公司决定与两家ISP合作，到ISP的连接如拓扑图所示。公司要求它的网络在任何时候都是可用的，而且是可靠的。路由器ISP1和ISP2上的还回地址代表着他们的其他用户，在ITAA内部路由器上面的还回口地址代表连接区域总部和本地分支机构的网络。

三、具体要求：

需求描述	具体措施
1．在ITAA_MAIN、ITAA_LEFT、ITAA_RIGHT和ISP1、ISP2之间分别按照拓扑图配置EBGP邻接关系。	Neighbor X.X.X.X remote-as XXX
2．在ITAA_MAIN、ITAA_LEFT、ITAA_RIGHT之间配置IBGP邻接关系。	Neighbor X.X.X.X remote-as XXX
3．对ISP1和ISP2只通告内部网络192.168.0.0。	使用distribute-list + access-list 控制路由发布
4．ITAA_LEFT可以通过ITAA_MAIN和ISP2通信，同样，ITAA_RIGHT也可以通过ITAA_MAIN和ISP1通信。	在ITAA_LEFT和ITAA_RIGHT上使用BGP的weight属性，并且使用next-hop-self选项
5．ITAA_LEFT以ISP1为主ISP,ITAA_RIGHT以ISP2为主ISP。	同样使用weight属性，使通往主ISP的端口weight属性值最高
6．若ITAA_LEFT或ITAA_RIGHT通往ISP的直连链路失效，则所有数据流可以通过ITAA_MAIN流入ISP1和ISP2。	在ITAA_LEFT和ITAA_RIGHT上分别配置默认路由到ITAA_MAIN
7．AS65000这个私有AS号码不应该被宣告到ISP的其他客户	在ISP上配置remove-private-AS

四、具体配置：

ISP1

ISP1#sh run
Building configuration...
Current configuration : 1504 bytes
!
hostname ISP1

interface Loopback0

ip address 11.0.0.1 255.0.0.0
!
interface Loopback1

ip address 1.1.1.1 255.255.255.0
!
interface Serial2/0

ip address 10.0.0.5 255.255.255.252

serial restart-delay 0

no fair-queue
!
interface Serial2/1

ip address 10.0.0.1 255.255.255.252

serial restart-delay 0
!
router bgp 200

no synchronization

bgp log-neighbor-changes

network 1.1.1.0 mask 255.255.255.0

neighbor 10.0.0.2 remote-as 65000

neighbor 10.0.0.6 remote-as 65000

no auto-summary
!
end

ISP2:

ISP2#sh run
Building configuration...
Current configuration : 1473 bytes
hostname ISP2
interface Loopback0

ip address 12.0.0.1 255.0.0.0
!
interface Loopback1

ip address 2.2.2.2 255.255.255.0
!
interface Serial2/0

ip address 172.16.0.1 255.255.255.252

serial restart-delay 0

no fair-queue
!
interface Serial2/1

ip address 172.6.0.5 255.255.255.252

serial restart-delay 0
!
router bgp 300

no synchronization

bgp log-neighbor-changes

network 2.2.2.0 mask 255.255.255.0

neighbor 172.6.0.6 remote-as 65000

neighbor 172.16.0.2 remote-as 65000

no auto-summary
!
end

ITAA_MAIN:

ITAA_MAIN#sh run
Building configuration...
version 12.3
hostname ITAA_MAIN
interface Loopback0

ip address 192.168.192.1 255.255.255.252
!
interface Loopback1

ip address 192.168.208.1 255.255.255.252
!
interface Loopback2

ip address 192.168.224.1 255.255.255.252
!
interface FastEthernet0/0

ip address 192.168.0.2 255.255.255.0

duplex full
!
interface FastEthernet1/0

ip address 192.168.1.3 255.255.255.0

duplex full
!
interface Serial2/0

ip address 10.0.0.2 255.255.255.252

serial restart-delay 0
!
interface Serial2/1

ip address 172.16.0.2 255.255.255.252

serial restart-delay 0
!
router ospf 100

router-id 192.168.192.1

log-adjacency-changes

redistribute connected subnets

network 192.168.0.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 0
!
router bgp 65000

no synchronization

bgp log-neighbor-changes

redistribute ospf 100

neighbor 10.0.0.1 remote-as 200

neighbor 10.0.0.1 update-source Loopback0

neighbor 10.0.0.1 remove-private-AS

neighbor 10.0.0.1 distribute-list 10 out

neighbor 172.16.0.1 remote-as 300

neighbor 172.16.0.1 update-source Loopback0

neighbor 172.16.0.1 remove-private-AS

neighbor 172.16.0.1 distribute-list 10 out

neighbor 192.168.0.1 remote-as 65000

neighbor 192.168.1.2 remote-as 65000

neighbor 192.168.1.2 next-hop-self

no auto-summary
!
ip route 0.0.0.0 0.0.0.0 172.16.0.1
ip route 0.0.0.0 0.0.0.0 10.0.0.1
access-list 10 permit 192.168.0.0 0.0.255.255
end

ITAA_LEFT:

ITAA_LEFT#sh run
Building configuration...
version 12.3
hostname ITAA_LEFT
interface Loopback0

ip address 192.168.64.1 255.255.255.252
!
interface Loopback1

ip address 192.168.80.1 255.255.255.252
!
interface Loopback2

ip address 192.168.96.1 255.255.255.252
!
interface Loopback3

ip address 192.168.112.1 255.255.255.252
!
interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

duplex full
!
interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.0

duplex full
!
interface Serial2/1

ip address 10.0.0.6 255.255.255.252

serial restart-delay 0
!
router ospf 100

router-id 192.168.64.1

log-adjacency-changes

redistribute connected subnets

network 192.168.0.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 0
!
router bgp 65000

no synchronization

bgp log-neighbor-changes

redistribute ospf 100

neighbor 10.0.0.5 remote-as 200

neighbor 10.0.0.5 update-source Loopback0

neighbor 10.0.0.5 remove-private-AS

neighbor 10.0.0.5 distribute-list 10 out

neighbor 10.0.0.5 weight 200

neighbor 192.168.0.2 remote-as 65000

neighbor 192.168.0.2 next-hop-self

neighbor 192.168.0.2 weight 150

neighbor 192.168.0.3 remote-as 65000

neighbor 192.168.0.3 update-source Loopback0

neighbor 192.168.0.3 next-hop-self

no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.2
access-list 10 permit 192.168.0.0 0.0.255.255
!
end

ITAA_RIGHT:

ITAA_RIGHT#sh run
Building configuration...
hostname ITAA_RIGHT
!
interface Loopback0

ip address 192.168.64.5 255.255.255.252
!
interface Loopback1

ip address 192.168.80.5 255.255.255.252
!
interface Loopback2

ip address 192.168.96.5 255.255.255.252
!
interface Loopback3

ip address 192.168.112.5 255.255.255.252
!
interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex full
!
interface FastEthernet1/0

ip address 192.168.0.3 255.255.255.0

duplex full
!
interface Serial2/0

ip address 172.6.0.6 255.255.255.252

serial restart-delay 0

no fair-queue
!
router ospf 100

router-id 192.168.64.5

log-adjacency-changes

redistribute connected subnets

network 192.168.0.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 0
!
router bgp 65000

no synchronization

bgp log-neighbor-changes

redistribute ospf 100

neighbor 172.6.0.5 remote-as 300

neighbor 172.6.0.5 update-source Loopback0

neighbor 172.6.0.5 remove-private-AS

neighbor 172.6.0.5 distribute-list 10 out

neighbor 172.6.0.5 weight 200

neighbor 192.168.1.1 remote-as 65000

neighbor 192.168.1.1 update-source Loopback0

neighbor 192.168.1.1 next-hop-self

neighbor 192.168.1.3 remote-as 65000

neighbor 192.168.1.3 next-hop-self

neighbor 192.168.1.3 weight 150

no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.3
access-list 10 permit 192.168.0.0 0.0.255.255
!
end

注：两台交换机不用配置，保证物理上的连通就可以。
五、需求验证：

需求一：在ITAA_MAIN、ITAA_LEFT、ITAA_RIGHT和ISP1、ISP2之间分别按照拓扑图配置EBGP邻接关系

ISP1#show ip protocols
Routing Protocol is "bgp 200"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Neighbor(s):

Address
FiltIn FiltOut DistIn DistOut Weight RouteMap

10.0.0.2

10.0.0.6

Maximum path: 1

Routing Information Sources:

Gateway
Distance
Last Update

10.0.0.2
20
01:46:55

10.0.0.6
20
00:09:09

Distance: external 20 internal 200 local 200

ISP2#show ip protocols
Routing Protocol is "bgp 300"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Neighbor(s):

Address
FiltIn FiltOut DistIn DistOut Weight RouteMap

172.6.0.6

172.16.0.2

Maximum path: 1

Routing Information Sources:

Gateway
Distance
Last Update

172.6.0.6
20
02:10:23

172.16.0.2
20
02:06:03

Distance: external 20 internal 200 local 200

2．在ITAA_MAIN、ITAA_LEFT、ITAA_RIGHT之间配置IBGP邻接关系

ITAA_MAIN#show ip protocols
Routing Protocol is "bgp 65000"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Redistributing: ospf 100 (internal)

Neighbor(s):

Address
FiltIn FiltOut DistIn DistOut Weight RouteMap

10.0.0.1
10

172.16.0.1

10

192.168.0.1

192.168.1.2

Maximum path: 1

Routing Information Sources:

Gateway
Distance
Last Update

10.0.0.1
20
00:10:01

192.168.0.1
200
00:10:23

172.16.0.1
20
01:10:48

Distance: external 20 internal 200 local 200

3．对ISP1和ISP2只通告内部网络192.168.0.0

ISP1#show ip bgp
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network
Next Hop
Metric LocPrf Weight Path
*> 1.1.1.0/24
0.0.0.0
0
32768 i
*
192.168.0.0

10.0.0.2
0
0 65000 ?
*>
10.0.0.6
0
0 65000 ?
*
192.168.1.0
10.0.0.2
0
0 65000 ?
*>
10.0.0.6
0
0 65000 ?

ISP2#show ip bgp
BGP table version is 12, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network
Next Hop
Metric LocPrf Weight Path
*> 2.2.2.0/24
0.0.0.0
0
32768 i
*
192.168.0.0
172.6.0.6
0
0 65000 ?
*>
172.16.0.2
0
0 65000 ?
*
192.168.1.0
172.6.0.6
0
0 65000 ?
*>
172.16.0.2
0
0 65000 ?

4．ITAA_LEFT可以通过ITAA_MAIN和ISP2通信，同样，ITAA_RIGHT也可以通过ITAA_MAIN和ISP1通信

可以看到，ITAA_LEFT到达ISP2可以双链路通过ITAA_MAIN:

ITAA_LEFT#show ip route 172.16.0.1
Routing entry for 172.16.0.0/30

Known via "ospf 100", distance 110, metric 20, type extern 2, forward metric 1

Redistributing via bgp 65000

Last update from 192.168.0.2 on FastEthernet0/0, 01:18:31 ago

Routing Descriptor Blocks:

* 192.168.1.3, from 192.168.192.1, 01:18:31 ago, via FastEthernet1/0

Route metric is 20, traffic share count is 1

192.168.0.2, from 192.168.192.1, 01:18:31 ago, via FastEthernet0/0

Route metric is 20, traffic share count is 1

同样，我们看一下ITAA_RIGHT:

ITAA_RIGHT#show ip route 10.0.0.1
Routing entry for 10.0.0.0/30

Known via "ospf 100", distance 110, metric 20, type extern 2, forward metric 1

Redistributing via bgp 65000

Last update from 192.168.1.3 on FastEthernet0/0, 01:20:17 ago

Routing Descriptor Blocks:

* 192.168.0.2, from 192.168.192.1, 01:20:17 ago, via FastEthernet1/0

Route metric is 20, traffic share count is 1

192.168.1.3, from 192.168.192.1, 01:20:17 ago, via FastEthernet0/0

Route metric is 20, traffic share count is 1

5．ITAA_LEFT以ISP1为主ISP,ITAA_RIGHT以ISP2为主ISP

我们分别从ITAA_LEFT和ITAA_RIGHT traceroute到各自ISP的内部还回口：

ITAA_LEFT#traceroute 1.1.1.1

Type escape sequence to abort.
Tracing the route to 1.1.1.1

1 10.0.0.5 504 msec *
844 msec

ITAA_RIGHT#traceroute 2.2.2.2

Type escape sequence to abort.
Tracing the route to 2.2.2.2

1 172.6.0.5 464 msec 308 msec *

6．若ITAA_LEFT或ITAA_RIGHT通往ISP的直连链路失效，则所有数据流可以通过ITAA_MAIN流入ISP1和ISP2

在采取动作验证前，我们知道，ITAA_LEFT通往ISP1是通过直连链路的，现在我们手动关掉这条链路：

ISP1(config)#int s 2/0
ISP1(config-if)#shutdown
*Apr 12 06:34:38.721: %BGP-5-ADJCHANGE: neighbor 10.0.0.6 Down Interface flap
*Apr 12 06:34:39.705: %LINK-5-CHANGED: Interface Serial2/0, changed state to administratively down

随后我们到ITAA_LEFT上traceroute到1.1.1.1(ISP1的内部还回口)

ITAA_LEFT#traceroute 1.1.1.1

Type escape sequence to abort.
Tracing the route to 1.1.1.1

1 192.168.1.3 28 msec

192.168.0.2 92 msec

192.168.1.3 704 msec

2 10.0.0.1 720 msec *
832 msec

结果显而易见，确实通过了ITAA_MAIN到达了ISP1

7．AS65000这个私有AS号码不应该被宣告到ISP的其他客户

这个需求由于拓扑图中应该在ISP内多加入一台路由器才可以验证，具体配置是：
ISP1(config)#router bgp 200
ISP1(config-router)#neighbor X.X.X.X remove-private-AS
ISP1(config-router)#exi

X.X.X.X代表ISP1内部、外部的所有其他BGP对等体

六、最后总结：

对于一个大型企业来说，以上的配置仅仅是链路上做通，满足最基本的一些要求，涉及安全、过滤、Qos等内容不在本实验涉及范围。
七、本人注释：
本实验可扩展很强，我也仅仅是按照基本需求完成的，没有过多扩展，而且可能存在很多纰漏错误，希望大家指正，更希望大家借助此拓扑扩展更多知识点，大家讨论，一起进步。

附：模拟器配置文件：

# Simple lab
autostart = false
[localhost]
port = 7200
udp = 10000
[[3640]]
image = c:\Program Files\Dynamips\images\unzip-c3640-js-mz.124-10.bin
# On Linux / Unix use forward slashes:
# image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image
ram = 128
confreg = 0x2142
[[7200]]
image = c:\Program Files\Dynamips\images\C7200.BIN
npe = npe-400
ram = 120
[[ROUTER SW1]]
model = 3640
slot1 = NM-16ESW
fa1/0 = ITAA_MAIN fa0/0
fa1/1 = ITAA_RIGHT fa1/0
fa1/2 = ITAA_LEFT fa0/0
[[router SW2]]
model = 3640
slot1 = NM-16ESW
fa1/0 = ITAA_MAIN fa1/0
fa1/1 = ITAA_RIGHT fa0/0
fa1/2 = ITAA_LEFT fa1/0
[[router ISP1]]
model = 7200
slot1 = PA-FE-TX
s2/0 = ITAA_LEFT s2/1
s2/1 = ITAA_MAIN s2/0
[[router ISP2]]
model = 7200
slot1 = PA-FE-TX
s2/1 = ITAA_RIGHT s2/0
[[router ITAA_MAIN]]
model = 7200
slot1 = PA-FE-TX
s2/1 = ISP2 s2/0
[[router ITAA_LEFT]]
model = 7200
slot1 = PA-FE-TX
[[router ITAA_RIGHT]]
model = 7200
slot1 = PA-FE-TX

搜索更多相关主题的帖子: BGP 实验需求文件模拟

汤姆一通网络技术论坛
QQ：383506128
MSN：yangrubing.itaa@hotmail.com
能够在狼群里生存的只有狼；能走多远在乎于谁同行！

TOP

‹‹ 上一主题 | 下一主题 ››

本功能由奇虎搜索实现

标题	作者	最后发表
[站外] 航母飞行甲板的"一站式保障区概念" [转帖]	hmsh	2008-12-01
[站外] 我有考博的资料 [转帖]	牛人	2008-12-01
[站外] 学生物工程的大学生毕业后的就业问题 [转帖]	1125blx	2008-12-01