BGP选路实验（重点是各种策略）

news2024/9/21 20:25:17

实验拓扑
在这里插入图片描述基础配置(完成IGP的配置)
首先完成各个接口IP地址,环回接口地址等一些基本配置，实现直连之间的互相通信
在R4，R5上的配置类似
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[Huawei-GigabitEthernet0/0/1]int loop 0
[Huawei-LoopBack0]ip add 192.168.3.1 32
[Huawei-LoopBack0]q
[Huawei]ip route-static 2.2.2.2 32 192.168.1.1
[Huawei]ip route-static 3.3.3.3 32 192.168.2.1
接着是在AS123内启用OSPF协议，实现区域内部的通信
在R2，R3，R1的配置是类似的
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.20.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.20.2 24
[Huawei-GigabitEthernet0/0/1]int loop0
[Huawei-LoopBack0]ip add 2.2.2.2 32
[Huawei-LoopBack0]q
[Huawei]ip route-static 1.1.1.1 32 192.168.1.1
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.255.255

启用BGP协议，建立对等体关系，实现不同AS区域的通信
在R4，R5上的配置类似
[Huawei]bgp 400
[Huawei-bgp]router-id 4.4.4.4
[Huawei-bgp]peer 2.2.2.2 as-number 123
[Huawei-bgp]peer 3.3.3.3 as-number 123
[Huawei-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[Huawei-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[Huawei-bgp]peer 2.2.2.2 ebgp-max-hop 2
[Huawei-bgp]peer 3.3.3.3 ebgp-max-hop 2
[Huawei-bgp]net 1.1.1.1 32
[Huawei-bgp]net 2.2.2.2 32
[Huawei-bgp]net 3.3.3.3 32

在R2，R3，R1上的配置类似
[Huawei]bgp 123
[Huawei-bgp]router-id 2.2.2.2
[Huawei-bgp]peer 1.1.1.1 as-number 400
[Huawei-bgp]peer 4.4.4.4 as-number 123
[Huawei-bgp]peer 3.3.3.3 as-number 123
[Huawei-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[Huawei-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[Huawei-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[Huawei-bgp]peer 1.1.1.1 ebgp-max-hop 2
[Huawei-bgp]peer 3.3.3.3 next-hop-local
[Huawei-bgp]peer 4.4.4.4 next-hop-local
[Huawei-bgp]net 1.1.1.1 32
[Huawei-bgp]net 2.2.2.2 32
[Huawei-bgp]net 3.3.3.3 32
[Huawei-bgp]net 4.4.4.4 32

在当IGP和EGP都配置完成后，来完成策略的实现
使用preference value属性的配置
在R2上进行配置
[Huawei]route-policy bbb permit node 20 //创建路由策略名bbb
[Huawei-route-policy]apply local-preference 777 设置本地优先级为777
[Huawei-route-policy]q
[Huawei]bgp 123 应用bbb策略
[Huawei-bgp]peer 192.168.10.0 route-policy bbb export

AS_Path属性的配置
在R3上进行配置
[Huawei]route-policy aaa permit node 10 //创建名为aaa的路由策略
[Huawei-route-policy]apply as-path 666 666 additive //设置as-path属性为666 666
[Huawei-route-policy]q
[Huawei]bgp 123 bgp应用策略
[Huawei-bgp]peer 192.168.11.0 route-policy aaa export

MED属性的配置
在R3上进行配置
[Huawei]route-policy ccc permit node 30 //创建ccc路由策略
[Huawei-route-policy]apply cost + 300 //修改MED值为300
[Huawei-route-policy]q
[Huawei]bgp123 //bgp应用策略
[Huawei-bgp]peer 192.168.12.0 route-policy ccc export

Local preference属性的配置
在R2上进行配置
[Huawei]acl number 2000 创建acl 192.168.1.0网段
[Huawei-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2000]q
[Huawei]route-policy zzz permit node 99 //创建路由策略zzz 99
[Huawei-route-policy]if-match acl 2000 //匹配acl 2000
[Huawei-route-policy]apply local-preference 2000 //设置加优先级2000
[Huawei-route-policy]q
[Huawei]route-policy zzz permit node 20 //创建路由策略 zzz 20
[Huawei-route-policy]apply local-preference 999 // 设置优先级999
[Huawei-route-policy]q
[Huawei]bgp 123
[Huawei-bgp]peer 192.168.100.1 route-policy zzz import //应用规则

在R3上进行配置
[Huawei]acl number 2000 创建acl 192.168.2.0网段
[Huawei-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2000]q
[Huawei]route-policy aaaa permit node 88 //创建路由策略aaaa 99
[Huawei-route-policy]if-match acl 2000 //匹配acl 2000
[Huawei-route-policy]apply local-preference 2000 //设置加优先级2000
[Huawei-route-policy]q
[Huawei]route-policy aaaa permit node 22 //创建路由策略 aaaa 22
[Huawei-route-policy]apply local-preference 888 // 设置优先级888
[Huawei-route-policy]q
[Huawei]bgp 123
[Huawei-bgp]peer 192.168.100.2 route-policy aaaa import //应用规则

在R1上配置负载均衡
[R1-bgp]maximum load-balancing ?
[R1-bgp]maximum load-balancing 2

使用As策略，AS 500不接受任何始发于AS 123的路由
在R1上进行配置
[r3]ip as-path-filter 1 deny _123$
[r3]ip as-path-filter 1 permit .*
[r3-bgp]peer 192.168.100.100 as-path-filter 1 export

使用自定义Community策略，确保192.168.3.0/24路由不会被发布到AS 500
1、设定策略，定义社团属性标记
[R4]route-policy com-1 permit node 10
[R4-route-policy]apply community 100:111
2、在发布路由时调用策略
[R4-bgp]network 1192.168.3.0 24 route-policy com-1
3、开启社团属性传播功能
[R4-bgp]peer 192.168.1.1 advertise-community
4、抓取流量
[R2]ip community-filter 1 permit 100:111
5、做策略
[R2]route-policy com deny node 10
[R2-route-policy]if-match community-filter 1
[R2-route-policy]apply community no-export additive
6、调用策略
[R2-bgp]peer 192.168.1.1 route-policy com import