BGP 选路实验

一、实验拓扑

二、实验要求及分析

实验要求：

1、使用preva1策略，确保R4通过R2到达192.168.10.0/24

2、使用AS_Path策略，确保R4通过R3到达192.168.11.0/24

3、配置MED策略，确保R4通过R3到达192.168.12.0/24

4、使用Local Preference策略，确保R1通过R2到达192.168.1.0/24

5、使用Local Preference策略，确保R1通过R3到达192.168.2.0/24

6、配置负载均衡，确保R1通过R2和R3到达192.168.3.0/24

7、使用AS策略，AS 500不接受任何始发于AS 123的路由

8、使用自定义community策略，确保192.168.3.0/24路由不会被发布到AS 500

9、IBGP使用环回接口建邻，EBGP使用物理接口建邻

10、修改AS 123中的用户网段为Broadcast，方便后续在BGP中宣告

11、BGP宣告路由时，仅宣告24网段的用户路由

实验分析：

1、先对各设备的物理接口和环回接口设置IP地址

2、对于AS 123区域的三个设备之间，使用OSPF协议对三台设备进行网络互通

3、构建BGP环境，使各AS区域实现网络互通

4、对各设备进行策略编写，实现相应的要求

三、实验基础配置

R1

R2

R3

R4

R5

修改R1、R2、R3的环回接口1的接口类型：
[r1-LoopBack1]ospf network-type broadcast 
[r2-LoopBack1]ospf network-type broadcast 
[r3-LoopBack1]ospf network-type broadcast 

AS 123内部启动IGP协议（OSPF），使R1、R2、R3之间相互通信：

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 192.168.100.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 12.0.0.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 13.0.0.1 0.0.0.0

[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 12.0.0.2 0.0.0.0
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[r2-ospf-1-area-0.0.0.0]network 192.168.20.1 0.0.0.0

[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 192.168.30.1 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 13.0.0.3 0.0.0.0

四、BGP环境搭建

R1

[r1]bgp 123
[r1-bgp]router-id 1.1.1.1
[r1-bgp]peer 15.0.0.5 as-number 500
[r1-bgp]peer 2.2.2.2 as-number 123
[r1-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r1-bgp]peer 2.2.2.2 next-hop-local
[r1-bgp]peer 3.3.3.3 as-number 123
[r1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[r1-bgp]peer 3.3.3.3 next-hop-local

R2

[r2]bgp 123
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 24.0.0.4 as-number 400
[r2-bgp]peer 1.1.1.1 as-number 123
[r2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[r2-bgp]peer 1.1.1.1 next-hop-local

R3

[r3]bgp 123
[r3-bgp]router-id 3.3.3.3
[r3-bgp]peer 34.0.0.4 as-number 400
[r3-bgp]peer 1.1.1.1 as-number 123	
[r3-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[r3-bgp]peer 1.1.1.1 next-hop-local

R4

[r4]bgp 400
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 24.0.0.2 as-number 123
[r4-bgp]peer 34.0.0.3 as-number 123

R5

[r5]bgp 500
[r5-bgp]peer 15.0.0.1 as-number 123

路由宣告

[r1-bgp]network 192.168.20.0 24
[r1-bgp]network 192.168.30.0 24
[r1-bgp]network 192.168.100.0 24

[r2-bgp]network 192.168.20.0 24
[r2-bgp]network 192.168.30.0 24
[r2-bgp]network 192.168.100.0 24

[r3-bgp]network 192.168.20.0 24
[r3-bgp]network 192.168.30.0 24
[r3-bgp]network 192.168.100.0 24

[r4-bgp]network 192.168.1.0 24
[r4-bgp]network 192.168.2.0 24
[r4-bgp]network 192.168.3.0 24

[r5-bgp]network 192.168.10.0 24
[r5-bgp]network 192.168.11.0 24
[r5-bgp]network 192.168.12.0 24

查看BGP路由表：（以R4、R5为例）

五、选路规则实现

1、使用preval策略，确保R4通过R2到达192.168.10.0/24

[r4]ip ip-prefix aa permit 192.168.10.0 24   ----抓取流量
[r4]route-policy aa permit node 10
[r4-route-policy]if-match ip-prefix aa
[r4-route-policy]apply preferred-value 100

[r4]route-policy aa permit node 20    ------放通所有

[r4-bgp]peer 24.0.0.2 route-policy aa import ----调用

2、使用AS_Path策略，确保R4通过R3到达192.168.11.0/24

[r4]ip ip-prefix bb permit 192.168.11.0 24
[r4]route-policy aa permit node 15
[r4-route-policy]if-match ip-prefix bb
[r4-route-policy]apply as-path 123 123 500 overwrite 
前面已经调用过了，这里不需要再次调用。

3、配置MED策略，确保R4通过R3到达192.168.12.0/24

[r2]ip ip-prefix aa permit 192.168.12.0 24
[r2]route-policy aa permit node 10
[r2-route-policy]if-match ip-prefix aa 
[r2-route-policy]apply cost 200
[r2]route-policy aa permit node 20
[r2-bgp]peer 24.0.0.4 route-policy aa export 

[r3]ip ip-prefix aa permit 192.168.12.0 24
[r3]route-policy aa permit node 10
[r3-route-policy]if-match ip-prefix aa
[r3-route-policy]apply cost 20
[r3]route-policy aa permit node 20
[r3-bgp]peer 34.0.0.4 route-policy aa export 

4、使用Local Preference策略，确保R1通过R2到达192.168.1.0/24；使用Local Preference策略，确保R1通过R3到达192.168.2.0/24：

[r1]ip ip-prefix aa permit 192.168.1.0 24
[r1]route-policy aa permit node 10
[r1-route-policy]if-match ip-prefix aa
[r1-route-policy]apply local-preference 200
[r1]route-policy aa permit node 20
[r1-bgp]peer 2.2.2.2 route-policy aa import 

[r1]ip ip-prefix bb permit 192.168.2.0 24
[r1]route-policy bb permit node 10
[r1-route-policy]if-match ip-prefix bb
[r1-route-policy]apply local-preference 200
[r1]route-policy bb permit node 20
[r1-bgp]peer 3.3.3.3 route-policy bb import 

5、配置负载均衡，确保R1通过R2和R3到达192.168.3.0/24

[r1-bgp]maximum load-balancing 2         ------修改最大负载条目

6、使用AS策略，AS 500不接受任何始发于AS 123的路由

[r5]ip as-path-filter 1 deny ^123$
[r5]ip as-path-filter 1 permit .*
[r5]bgp 500
[r5-bgp]peer 15.0.0.1 as-path-filter 1 import 

7、使用自定义community策略，确保192.168.3.0/24路由不会被发布到AS 500

方法一：简单配置思路，通过no-export配置
[r1]ip ip-prefix cc permit 192.168.3.0 24
[r1]route-policy aa permit node 15
[r1-route-policy]if-match ip-prefix cc
[r1-route-policy]apply community no-export
[r1]route-policy bb permit node 15
[r1-route-policy]if-match ip-prefix cc
[r1-route-policy]apply community no-export

方法二：使用自定义的社团属性策略
[r4]route-policy com permit node 10     ------定义一个路由策略
[r4-route-policy]apply community 400:500  ------执行的动作
[r4-bgp]network 192.168.3.0 24 route-policy com    ------再宣告网段时，添加路由策略

[r4-bgp]peer 24.0.0.2 advertise-community  ------开启社团属性传播功能
[r4-bgp]peer 34.0.0.3 advertise-community
[r2-bgp]peer 1.1.1.1 advertise-community
[r3-bgp]peer 1.1.1.1 advertise-community
[r1-bgp]peer 15.0.0.5 advertise-community     ------R1传播给R5

[r1]ip community-filter 1 permit 400:500
[r1]route-policy com deny node 10
[r1-route-policy]if-match community-filter 1     ------匹配社团属性过滤器
[r1]route-policy com permit node 20     ------放通所有
[r1-bgp]peer 15.0.0.5 route-policy com export