一、实验拓扑
二、实验要求
三、实验思路
1.基于172.16.0.0/16根据实验拓扑图进行IP地址规划,规划过程如下:
2.根据上述的IP地址的规划进行配置,配置完后在AS2中配置OSPF使其内部实现全网通(互相建邻的条件)。
3.在AS2内部分别创建两个联盟AS64512和AS64513,在这两个联盟内部分别建立IBGP全连接(也可以在R3&R6上分别配置反射器,使得AS64512&AS64513内部的路由信息可以相互学习),在这两个联盟间建立EBGP邻居关系,在AS1与AS2之以及AS2与AS3分别建立EBGP邻居关系。建立起相应的邻居关系后将各AS内部的业务网段分别宣告进BGP协议内(注意:不能宣告建邻的环回ip地址)。
4.要实现不能在BGP协议上宣告R1和R8上的190网段也要实现两个可以PING通,则需要在这两个路由器上建立gre隧道,实现这两个设备的私网通(注意:不能使用这两个设备上的公网IP作为源IP,因为BGP路由表中并没有公网网段,即这两个IP地址并不能PING通,则隧道的逻辑接口将无法正常启动。针对这个问题,解法一是在网络规划是对R1和R8预留的建邻的环回接口宣告进BGP协议中,使运行BGP协议的设备都可以学习到这两个网址,即这两IP地址可以PING通,则这两个IP地址可以做这两个隧道的源地址,最后可以实现这两个设备的私网通;解法二,配置静态路由;解法三,将R2&R7的直连网段引入到bgp协议内部,但是需要做路由策略,仅筛选出190的网段将其引入到bgp路由表中)。
以上即为本实验的实验思路。
四、实验配置及测试结果
1.配置拓扑中所有设备的IP地址:
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[r1-GigabitEthernet0/0/0]int l0
[r1-LoopBack0]ip add 172.16.0.1 32
[r1-LoopBack0]int l1
[r1-LoopBack1]ip add 192.168.1.1 24[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[r2-GigabitEthernet0/0/0]int g0/0/1
[r2-GigabitEthernet0/0/1]ip add 172.16.1.21 30
[r2-GigabitEthernet0/0/1]int g0/0/2
[r2-GigabitEthernet0/0/2]ip add 172.16.1.1 30
[r2-GigabitEthernet0/0/2]int l0
[r2-LoopBack0]ip add 172.16.0.2 32
[r2-LoopBack0]int l1
[r2-LoopBack1]ip add 172.16.2.2 24r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 172.16.1.2 30
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 172.16.1.5 30
[r3-GigabitEthernet0/0/1]int l0
[r3-LoopBack0]ip add 172.16.0.3 32
[r3-LoopBack0]int l1
[r3-LoopBack1]ip add 172.16.3.3 24
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 172.16.1.6 30
[r4-GigabitEthernet0/0/0]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 172.16.1.9 30
[r4-GigabitEthernet0/0/1]int l0
[r4-LoopBack0]ip add 172.16.0.4 32
[r4-LoopBack0]int l1
[r4-LoopBack1]ip add 172.16.4.4 24
[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ip add 172.16.1.22 30
[r5-GigabitEthernet0/0/0]int g0/0/1
[r5-GigabitEthernet0/0/1]ip add 172.16.1.17 30
[r5-GigabitEthernet0/0/1]int l0
[r5-LoopBack0]ip add 172.16.0.5 32
[r5-LoopBack0]int l1
[r5-LoopBack1]ip add 172.16.5.5 24[r6]int g0/0/1
[r6-GigabitEthernet0/0/1]ip add 172.16.1.18 30
[r6-GigabitEthernet0/0/1]int g0/0/0
[r6-GigabitEthernet0/0/0]ip add 172.16.1.13 30
[r6-GigabitEthernet0/0/0]int l0
[r6-LoopBack0]ip add 172.16.0.6 32
[r6-LoopBack0]int l1
[r6-LoopBack1]ip add 172.16.6.6 24
[r7]int g0/0/1
[r7-GigabitEthernet0/0/1]ip add 172.16.1.14 30
[r7-GigabitEthernet0/0/1]int g0/0/0
[r7-GigabitEthernet0/0/0]ip add 172.16.1.10 30
[r7-GigabitEthernet0/0/0]int g0/0/2
[r7-GigabitEthernet0/0/2]ip add 34.1.1.7 24
[r7-GigabitEthernet0/0/2]int l0
[r7-LoopBack0]ip add 172.16.0.7 32
[r7-LoopBack0]int l1
[r7-LoopBack1]ip add 172.16.7.7 24
[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ip add 34.1.1.8 24
[r8-GigabitEthernet0/0/0]int l0
[r8-LoopBack0]ip add 172.16.0.8 32
[r8-LoopBack0]int l1
[r8-LoopBack1]ip add 192.16.2.8 242.AS2中配置OSPF实现该区域内部内网通
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 0
[r2-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a 0
[r3-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]a 0
[r4-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]a 0
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]a 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255查看通过ospf协议路由器的学习情况
[r6]disp ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 14 Routes : 16
OSPF routing table status : <Active>
Destinations : 14 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
172.16.0.2/32 OSPF 10 2 D 172.16.1.17 GigabitEthernet
0/0/1
172.16.0.3/32 OSPF 10 3 D 172.16.1.17 GigabitEthernet
0/0/1
OSPF 10 3 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.0.4/32 OSPF 10 2 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.0.5/32 OSPF 10 1 D 172.16.1.17 GigabitEthernet
0/0/1
172.16.0.7/32 OSPF 10 1 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.1.0/30 OSPF 10 3 D 172.16.1.17 GigabitEthernet
0/0/1
172.16.1.4/30 OSPF 10 3 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.1.8/30 OSPF 10 2 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.1.20/30 OSPF 10 2 D 172.16.1.17 GigabitEthernet
0/0/1
172.16.2.2/32 OSPF 10 2 D 172.16.1.17 GigabitEthernet
0/0/1
172.16.3.3/32 OSPF 10 3 D 172.16.1.17 GigabitEthernet
0/0/1
OSPF 10 3 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.4.4/32 OSPF 10 2 D 172.16.1.14 GigabitEthernet
0/0/0
172.16.5.5/32 OSPF 10 1 D 172.16.1.17 GigabitEthernet
0/0/1
172.16.7.7/32 OSPF 10 1 D 172.16.1.14 GigabitEthernet
0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
3.配置AS2内部as联盟
[r2]bgp 64512
[r2-bgp]confederation id 2
[r2-bgp]confederation peer-as 64513
[r2-bgp]peer 12.1.1.1 as-number 1
[r2-bgp]peer 172.16.0.3 as-number 64512
[r2-bgp]peer 172.16.0.3 connect-interface l0
[r2-bgp]peer 172.16.0.3 next-hop-local
[r2-bgp]peer 172.16.1.22 as-number 64513
[r2-bgp]peer 172.16.1.22 next-hop-local[r3]bgp 64512
[r3-bgp]confederation id 2
[r3-bgp]peer 172.16.0.2 as-number 64512
[r3-bgp]peer 172.16.0.4 as-number 64512
[r3-bgp]peer 172.16.0.2 connect-interface l0
[r3-bgp]peer 172.16.0.4 connect-interface l0[r4]bgp 64512
[r4-bgp]confederation id 2
[r4-bgp]peer 172.16.0.3 as-number 64512
[r4-bgp]peer 172.16.0.3 connect-interface l0[r5]bgp 64513
[r5-bgp]confederation id 2
[r5-bgp]confederation peer-as 64512
[r5-bgp]peer 172.16.1.21 as-number 64512
[r5-bgp]peer 172.16.0.6 as-number 64513
[r5-bgp]peer 172.16.0.6 connect-interface l0
[r5-bgp]peer 172.16.0.6 next-hop-local
[r6]bgp 64513
[r6-bgp]confederation id 2
[r6-bgp]peer 172.16.0.5 as-number 64513
[r6-bgp]peer 172.16.0.5 connect-interface l0
[r6-bgp]peer 172.16.0.7 as-number 64513
[r6-bgp]peer 172.16.0.7 connect-interface l0[r7]bgp 64513
[r7-bgp]confederation id 2
[r7-bgp]peer 172.16.0.6 as-number 64513
[r7-bgp]peer 172.16.0.6 connect-interface l0
[r7-bgp]peer 172.16.0.6 next-hop-local
[r7-bgp]peer 34.1.1.8 as-number 3[r8]bgp 3
[r8-bgp]peer 34.1.1.7 as-number 2配置AS1和AS3分别与AS2建立EBGP邻居
[r1-bgp]peer 12.1.1.2 as-number 2
[r8-bgp]peer 34.1.1.7 as-number 2分别在R3&R6上配置反射器:让联盟内部(非全连接)的设备都可以共享学习路由表
[r3-bgp]peer 172.16.0.2 reflect-client
[r3-bgp]peer 172.16.0.4 reflect-client
[r6-bgp]peer 172.16.0.5 reflect-client
[r6-bgp]peer 172.16.0.7 reflect-client 查看其中两个设备上bgp建邻情况
4.将业务网段宣告进bgp协议中
[r2]bgp 64512
[r2-bgp]network 172.16.2.0 24
[r3]bgp 64512
[r3-bgp]network 172.16.3.0 24
[r4]bgp 64512
[r4-bgp]network 172.16.4.0 24
[r5]bgp 64513
[r5-bgp]network 172.16.5.0 24
[r6]bgp 64513
[r6-bgp]network 172.16.6.0 24
[r7]bgp 64513
[r7-bgp]network 172.16.7.0 24查看其中一个设备上的bgp路由表
5.在R1&R8之间配置GRE隧道,此外可以参考实验分析中的其他思路也可实现非宣告的业务网段通讯
前提:将172.16.0.1 & 172.16.0.8 这两个网段宣告进bgp协议内
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]ip add 10.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre
[r1-Tunnel0/0/0]source 172.16.0.1
[r1-Tunnel0/0/0]destination 172.16.0.8[r8-Tunnel0/0/0]ip add 10.1.1.8 24
[r8-Tunnel0/0/0]tunnel-protocol gre
[r8-Tunnel0/0/0]source 10.1.1.8
[r8-Tunnel0/0/0]source 172.16.0.8
[r8-Tunnel0/0/0]destination 172.16.0.1
到此,所有配置结束。
![NSS [SWPUCTF 2022 新生赛]file_master](https://img-blog.csdnimg.cn/img_convert/140f1d0eb9ba727ae1e5e7974bc89208.png)
