☆ 搭建BGP测试环境 https://scz.617.cn/network/200908281045.txt 拓扑图如下: -------------------------------------------------------------------------- Internet | +-----+----+ +------------------+ +----------+ | AS 65001 | | AS 65002 | | AS 65003 | | +--+ +--+ | | (R1, R2) | | (R3, R4, R5, R6) | | (R7, R8) | +----------+ +------------------+ +----------+ 193.17.2.3 193.17.4.4 | | 193.17.6.6 193.17.0.2 193.17.1.3 | 193.17.2.4 | | | | | | | 193.17.4.6| 193.17.0.1 | 193.17.1.2 | | F1/0 F0/0 | | 193.17.7.7 193.17.8.8 | | | | | ------R4------ | | | | 193.17.255.1 | | | | F0/1 / (OSPF) \ F0/0 | 193.17.6.7 | 193.17.7.8| | | | | | / \ | | | | | L1 F1/0 F1/0 S2/0 S2/0 / (OSPF) (OSPF) \ S2/0 S1/0 F0/0 F0/0 L0 ----R1-----------R2-----------R3 (BGP)・・・・・(BGP) R6-----------R7-----------R8---- (OSPF) (OSPF)|(BGP) \ (RIP) (RIP) / (RIP) (RIP) | \ / (BGP) F0/0 | F0/0 \ (RIP) / F1/0 | | | ------R5------ | 10.17.2.4 | | F0/0 F1/0 | | 193.17.3.3 | | 193.17.5.6 | | | Internet 193.17.3.5 | | 193.17.5.5 -------------------------------------------------------------------------- 要求R1、R2之间运行RIP,R2、R3之间运行eBGP,R3、R4、R6之间运行OSPF,R3、R5、 R6之间运行RIP,R3、R6之间运行iBGP,R6、R7之间运行eBGP,R7、R8之间运行RIP。 最终达到的目标是,所有的Rn的所有接口之间互相可达,可通过R2的F0/0接口到达 Internet(不考虑源IP无效带来的问题)。 这个拓扑存在很多问题,我们是人为刻意设计成这个样子,以方便后续的其他实验。 下面用Dynamips搭建测试环境,由于我对Cisco设备配置以及相关路由协议并不熟悉, 配置方案并不科学,只是达到了最终目标而已,不是最优配置,分享出来仅供初学者 入门时参考,请高手多多指教。 bgp.net如下: -------------------------------------------------------------------------- autostart = false ghostios = true sparsemem = true [localhost:7200] udp = 10000 workingdir = /opt/dynagen/labs/bgp/working [[7200]] # Specify IOS image on *nix here: image = /opt/dynagen/image/c7200-jk9o3s-mz.124-12 npe = npe-400 ram = 160 disk0 = 0 disk1 = 0 mmap = true [[Router R1]] model = 7200 console = 2000 F1/0 = R2 F1/0 cnfg = /opt/dynagen/labs/bgp/config/R1.txt [[Router R2]] model = 7200 console = 2001 F0/0 = NIO_linux_eth:eth0 S2/0 = R3 S2/0 cnfg = /opt/dynagen/labs/bgp/config/R2.txt [[Router R3]] model = 7200 console = 2002 F0/0 = R5 F0/0 F0/1 = R4 F1/0 cnfg = /opt/dynagen/labs/bgp/config/R3.txt [[Router R4]] model = 7200 console = 2003 F0/0 = R6 F0/0 cnfg = /opt/dynagen/labs/bgp/config/R4.txt [[Router R5]] model = 7200 console = 2004 F1/0 = R6 F1/0 cnfg = /opt/dynagen/labs/bgp/config/R5.txt [[Router R6]] model = 7200 console = 2005 S2/0 = R7 S1/0 cnfg = /opt/dynagen/labs/bgp/config/R6.txt [[Router R7]] model = 7200 console = 2006 F0/0 = R8 F0/0 cnfg = /opt/dynagen/labs/bgp/config/R7.txt [[Router R8]] model = 7200 console = 2007 cnfg = /opt/dynagen/labs/bgp/config/R8.txt -------------------------------------------------------------------------- R1.txt如下: -------------------------------------------------------------------------- hostname R1 enable password R1 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero interface loopback 1 ip address 193.17.255.1 255.255.255.0 no cdp enable interface FastEthernet1/0 ip address 193.17.0.1 255.255.255.0 router ospf 1 router-id 1.0.0.1 network 193.17.255.0 0.0.0.255 area 1 network 193.17.0.0 0.0.0.255 area 0 line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R2.txt如下: -------------------------------------------------------------------------- hostname R2 enable password R2 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero ip route 0.0.0.0 0.0.0.0 10.17.255.254 interface loopback 0 ip address 1.0.0.2 255.255.255.255 interface FastEthernet1/0 ip address 193.17.0.2 255.255.255.0 interface Serial2/0 ip address 193.17.1.2 255.255.255.0 interface FastEthernet0/0 ip address 10.17.2.4 255.255.0.0 no cdp enable no ip proxy-arp no ip redirects router ospf 1 network 193.17.0.0 0.0.0.255 area 0 ! ! always的作用在于即使没有"ip route 0.0.0.0 0.0.0.0"的配合,也让自己成为缺 ! 省路由(宣告出去) ! default-information originate always ! ! [64512,65535] ! router bgp 65001 ! ! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由 ! redistribute ospf 1 !redistribute connected bgp log-neighbor-changes bgp dampening neighbor 193.17.1.3 remote-as 65002 neighbor 193.17.1.3 default-originate no auto-summary line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R3.txt如下: -------------------------------------------------------------------------- hostname R3 enable password R3 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero interface loopback 0 ip address 1.0.0.3 255.255.255.255 interface Serial2/0 ip address 193.17.1.3 255.255.255.0 interface FastEthernet0/1 ip address 193.17.2.3 255.255.255.0 interface FastEthernet0/0 ip address 193.17.3.3 255.255.255.0 router rip version 2 ! ! 不指定正确的metric的话,不能如想像的那样工作,可查看R5的路由表 ! redistribute bgp 65002 metric 15 !redistribute connected passive-interface FastEthernet0/1 network 193.17.2.0 network 193.17.3.0 ! ! RIP可以用这条命令让自己成为缺省路由,并且不需要ip route 0.0.0.0 0.0.0.0 ! 的配合 ! !default-information originate router ospf 1 redistribute bgp 65002 subnets !redistribute connected subnets passive-interface FastEthernet0/0 network 193.17.2.0 0.0.0.255 area 0 network 193.17.3.0 0.0.0.255 area 0 ! ! always的作用在于即使没有"ip route 0.0.0.0 0.0.0.0"的配合,也让自己成为缺 ! 省路由(宣告出去) ! default-information originate always router bgp 65002 ! ! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由 ! redistribute ospf 1 redistribute rip !redistribute connected bgp log-neighbor-changes !no synchronization bgp dampening ! ! The networks we want to advertise ! network 193.17.1.0 mask 255.255.255.0 neighbor 193.17.1.2 remote-as 65001 ! ! 如果不建立iBGP,R2通过BGP只能看到2、3、4、5网段,看不到6、7、8,同理R7通 ! 过BGP只能看到2、3、4、5网段,看不到255、0、1。 ! neighbor 193.17.4.6 remote-as 65002 no auto-summary line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R4.txt如下: -------------------------------------------------------------------------- hostname R4 enable password R4 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero interface loopback 0 ip address 1.0.0.4 255.255.255.255 interface FastEthernet1/0 ip address 193.17.2.4 255.255.255.0 interface FastEthernet0/0 ip address 193.17.4.4 255.255.255.0 router ospf 1 network 193.17.2.0 0.0.0.255 area 0 network 193.17.4.0 0.0.0.255 area 1 line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R5.txt如下: -------------------------------------------------------------------------- hostname R5 enable password R5 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero interface FastEthernet0/0 ip address 193.17.3.5 255.255.255.0 interface FastEthernet1/0 ip address 193.17.5.5 255.255.255.0 router rip version 2 network 193.17.3.0 network 193.17.5.0 line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R6.txt如下: -------------------------------------------------------------------------- hostname R6 enable password R6 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero interface loopback 0 ip address 1.0.0.6 255.255.255.255 interface FastEthernet0/0 ip address 193.17.4.6 255.255.255.0 interface FastEthernet1/0 ip address 193.17.5.6 255.255.255.0 interface Serial2/0 ip address 193.17.6.6 255.255.255.0 router rip version 2 ! ! 不指定正确的metric的话,不能如想像的那样工作,可查看R5的路由表 ! redistribute bgp 65002 metric 15 !redistribute connected ! ! 下面这两条不加也可以,加上可以优化从R5到193.17.4.6的路由 ! passive-interface FastEthernet0/0 network 193.17.4.0 network 193.17.5.0 ! ! 可以用"clear ip ospf process"重启OSPF进程 ! router ospf 1 redistribute bgp 65002 subnets !redistribute connected subnets passive-interface FastEthernet1/0 network 193.17.4.0 0.0.0.255 area 1 network 193.17.5.0 0.0.0.255 area 1 router bgp 65002 ! ! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由 ! redistribute ospf 1 redistribute rip !redistribute connected bgp log-neighbor-changes !no synchronization bgp dampening ! ! The networks we want to advertise ! network 193.17.6.0 mask 255.255.255.0 neighbor 193.17.2.3 remote-as 65002 ! ! 如果不建立iBGP,R2通过BGP只能看到2、3、4、5网段,看不到6、7、8,同理R7通 ! 过BGP只能看到2、3、4、5网段,看不到255、0、1。 ! neighbor 193.17.6.7 remote-as 65003 neighbor 193.17.6.7 default-originate no auto-summary line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R7.txt如下: -------------------------------------------------------------------------- hostname R7 enable password R7 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero !ip route 0.0.0.0 0.0.0.0 193.17.6.6 key chain password_group_0 key 1 key-string password_1 interface loopback 0 ip address 1.0.0.7 255.255.255.255 interface Serial1/0 ip address 193.17.6.7 255.255.255.0 interface FastEthernet0/0 ip address 193.17.7.7 255.255.255.0 ip rip authentication key-chain password_group_0 ip rip authentication mode md5 router rip version 2 network 193.17.7.0 ! ! RIP可以用这条命令让自己成为缺省路由,并且不需要ip route 0.0.0.0 0.0.0.0 ! 的配合 ! default-information originate ! ! [64512,65535] ! router bgp 65003 ! ! IGP路由一般注入BGP。我们不用network命令重新发布IGP路由 ! redistribute rip !redistribute connected bgp log-neighbor-changes bgp dampening neighbor 193.17.6.6 remote-as 65002 no auto-summary line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end -------------------------------------------------------------------------- R8.txt如下: -------------------------------------------------------------------------- hostname R8 enable password R8 no ip domain-lookup no exception crashinfo ip classless ip subnet-zero key chain password_group_0 key 1 key-string password_1 interface FastEthernet0/0 ip address 193.17.7.8 255.255.255.0 ip rip authentication key-chain password_group_0 ip rip authentication mode md5 interface loopback 0 ip address 193.17.8.8 255.255.255.0 ip rip authentication key-chain password_group_0 ip rip authentication mode md5 no cdp enable router rip version 2 network 193.17.7.0 network 193.17.8.0 line console 0 no exec-timeout logging synchronous line vty 0 4 password nsfocus login transport input telnet end --------------------------------------------------------------------------