bgp AS-path选路

Posted 害怕网络暴力

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了bgp AS-path选路相关的知识,希望对你有一定的参考价值。

## 拓扑


需求

1、按照IP地址规划,配置接口IP地址;
2、RT1、RT2、RT3配置OSPF协议,仅宣告互联网段以及loopback0接口;
3、RT1、RT2、RT3通过loopback0接口建立对等体组IBGP全互联,RT2——RT4通过物理接口建立EBGP对等体,RT3——RT5通过物理接口建立EBGP对等体,RT4——RT6通过物理接口建立EBGP对等体;RT5——RT6通过物理接口库建立IBGP对等体。
4、RT1在BGP中宣告loopback 10、20、30。
5、出于安全角度,要求AS300仅访问192.168.1.0网段时,正常情况下通过专线访问,专线出现问题时通过ISP访问,其他网段通过ISP访问。请在RT2、RT3上通过合适的地址前缀列表、路由策略来修改BGP的AS_PATH属性,以实现上述要求。
6、为防止ISP路由通过企业网络传递,通过在RT3、RT5上配置AS-PATH list仅允许本地始发路由向外传递;

配置地址
R1

[H3C]interface g0/0
[H3C-GigabitEthernet0/0]ip address  10.255.12.1 30
[H3C-GigabitEthernet0/0]in g0/1
[H3C-GigabitEthernet0/1]ip address  10.255.13.1 30
[H3C-GigabitEthernet0/1]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.1 32
[H3C-LoopBack0]qu
[H3C]interface LoopBack  10
[H3C-LoopBack10]ip address  192.168.0.1 24
[H3C-LoopBack10]qu
[H3C]interface  LoopBack  20
[H3C-LoopBack20]ip address
[H3C-LoopBack20]ip address 192.168.1.1 24
[H3C-LoopBack20]qu
[H3C]interface LoopBack  30
[H3C-LoopBack30]ip address  192.168.2.1 24
[H3C-LoopBack30]qu

R2

[H3C]interface g0/0
[H3C-GigabitEthernet0/0]ip address  10.255.12.2 30
[H3C-GigabitEthernet0/0]in g0/2
[H3C-GigabitEthernet0/2]ip address  10.255.23.1 30
[H3C-GigabitEthernet0/2]in s1/0
[H3C-Serial1/0]ip address  10.255.24.1 30
[H3C-Serial1/0]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.2 32
[H3C-LoopBack0]qu

R3

[H3C]interface g0/2
[H3C-GigabitEthernet0/2]ip address  10.255.23.2 30
[H3C-GigabitEthernet0/2]in g0/1
[H3C-GigabitEthernet0/1]ip address  10.255.13.2 30
[H3C-GigabitEthernet0/1]in s1/0
[H3C-Serial1/0]ip address  10.255.35.1 30
[H3C-Serial1/0]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.3 32
[H3C-LoopBack0]qu

R4

[H3C]in s1/0
[H3C-Serial1/0]ip address  10.255.24.2 30
[H3C-Serial1/0]in s2/0
[H3C-Serial2/0]ip address  10.255.46.1 30
[H3C-Serial2/0]qu
[H3C]in
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.4 32
[H3C-LoopBack0]qu

R5

[H3C]interface s1/0
[H3C-Serial1/0]ip address  10.255.35.2 30
[H3C-Serial1/0]in g0/0
[H3C-GigabitEthernet0/0]ip address  10.255.56.1 30
[H3C-GigabitEthernet0/0]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip  address  192.168.255.5 32
[H3C-LoopBack0]qu

R6

[H3C]interface s2/0
[H3C-Serial2/0]ip address  10.255.46.2 30
[H3C-Serial2/0]in g0/0
[H3C-GigabitEthernet0/0]ip address  10.255.56.2 30
[H3C-GigabitEthernet0/0]qu
[H3C]interface LoopBack  0
[H3C-LoopBack0]ip address  192.168.255.6 32
[H3C-LoopBack0]qu

PPP认证
R3

[H3C]local-user r5 class  network
New local user added.
[H3C-luser-network-r5]service-type ppp
[H3C-luser-network-r5]password  simple  123456
[H3C-luser-network-r5]qu
[H3C]interface s1/0
[H3C-Serial1/0]ppp authentication-mode  chap
[H3C-Serial1/0]ppp chap user r3

R5

[H3C]local-user r3 class  network
New local user added.
[H3C-luser-network-r3]password simple 123456
[H3C-luser-network-r3]service-type ppp
[H3C-luser-network-r3]qu
[H3C]interface s1/0
[H3C-Serial1/0]ppp authentication-mode chap
[H3C-Serial1/0]ppp chap user  r5

ospf
R1

[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network  10.255.12.1 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network  10.255.13.1 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network  192.168.255.1 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network 192.168.0.1 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.0
[H3C-ospf-1]qu

R2

[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network  10.255.12.2 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network  10.255.23.1 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network  192.168.255.2 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]qu

R3

[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network  10.255.13.2 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network  10.255.23.2 0.0.0.0
[H3C-ospf-1-area-0.0.0.0]network 192.168.255.3 0.0.0.0

bgp
R1

[H3C]bgp 100
[H3C-bgp-default]router-id 192.168.255.1
[H3C-bgp-default]group 100 internal
[H3C-bgp-default]peer  192.168.255.2 group  100
[H3C-bgp-default]peer  192.168.255.3 group  100
[H3C-bgp-default]peer  100 connect-interface LoopBack  0
[H3C-bgp-default]address-family  ipv4
[H3C-bgp-default-ipv4]peer  100 enable
[H3C-bgp-default-ipv4]network 192.168.0.1 24
[H3C-bgp-default-ipv4]network 192.168.1.1 24
[H3C-bgp-default-ipv4]network 192.168.2.1 24

R2

[H3C]bgp 100
[H3C-bgp-default]router-id 192.168.255.2
[H3C-bgp-default]group 100 internal
[H3C-bgp-default]peer  192.168.255.1 group  100
[H3C-bgp-default]peer  192.168.255.3 group  100
[H3C-bgp-default]peer  100 connect-interface LoopBack  0
[H3C-bgp-default]address-family  ipv4
[H3C-bgp-default-ipv4]peer  100 enable
[H3C-bgp-default-ipv4]qu
[H3C-bgp-default]peer  10.255.24.2 as-number  200
[H3C-bgp-default]address-family ipv4
[H3C-bgp-default-ipv4]peer  10.255.24.2 enable
[H3C-bgp-default-ipv4]peer  100 next-hop-local

R3

[H3C]bgp 100
[H3C-bgp-default]router-id  192.168.255.3
[H3C-bgp-default]group 100 internal
[H3C-bgp-default]peer  192.168.255.1 group 100
[H3C-bgp-default]peer  192.168.255.2 group 100
[H3C-bgp-default]peer  100 connect-interface LoopBack  0
[H3C-bgp-default]address-family ipv4
[H3C-bgp-default-ipv4]peer  100 enable
[H3C-bgp-default-ipv4]qu
[H3C-bgp-default]peer  10.255.35.2 as-number  300
[H3C-bgp-default]address-family ipv4
[H3C-bgp-default-ipv4]peer  10.255.35.2 enable
[H3C-bgp-default-ipv4]peer  100 next-hop-local

R4

[H3C]bgp 200
[H3C-bgp-default]peer  10.255.24.1 as-number  100
[H3C-bgp-default]peer  10.255.46.2 as-number  300
[H3C-bgp-default]address-family ipv4
[H3C-bgp-default-ipv4]peer  10.255.24.1 enable
[H3C-bgp-default-ipv4]peer  10.255.46.2 enable

R5

[H3C]bgp 300
[H3C-bgp-default]peer  10.255.56.2 as-number  300
[H3C-bgp-default]peer  10.255.35.1 as-number  100
[H3C-bgp-default]address-family ipv4
[H3C-bgp-default-ipv4]peer  10.255.56.2 enable
[H3C-bgp-default-ipv4]peer  10.255.35.1 enable

R6

[H3C]bgp 300
[H3C-bgp-default]peer  10.255.46.1 as-number 200
[H3C-bgp-default]peer  10.255.56.1 as-number  300
[H3C-bgp-default]address-family ipv4
[H3C-bgp-default-ipv4]peer  10.255.46.1 enable
[H3C-bgp-default-ipv4]peer  10.255.56.1 enable

AS-path选路
在R3上面匹配0.0和2.0网段,使之在发送给R5的时候加上AS400 500 600,也就是出接口方向
或者在R5上匹配0.0和2.0网段,使之接收到R3发来的路由时,加上as 400 500 600也就是入口方向
R3


[H3C]ip prefix-list 123 index  10 permit  192.168.0.0 24
[H3C]ip prefix-list 123 index  20 permit  192.168.2.0 24
[H3C]route-policy 123 permit  node  10
[H3C-route-policy-123-10]if-match  ip address  prefix-list  123
[H3C-route-policy-123-10]apply  as-path  400 500 600
[H3C-route-policy-123-10]qu
[H3C]bgp 100
[H3C-bgp-default]address-family  ipv4
[H3C-bgp-default-ipv4]peer  10.255.35.2 route-policy 123 export
[H3C-bgp-default-ipv4]qu

始发路由

[H3C]ip as-path 1 permit  ^$
[H3C]route-policy shifa permit  node  10
[H3C-route-policy-shifa-10]if-match  as-path 1
[H3C-route-policy-shifa-10]qu
[H3C]bgp 300
[H3C-bgp-default]address-family  ipv4
[H3C-bgp-default-ipv4]peer  10.255.35.1 route-policy shifa export

以上是关于bgp AS-path选路的主要内容,如果未能解决你的问题,请参考以下文章

BGP选路之AS-PATH

BGP选路之AS-PATH

bgp AS-path选路

bgp AS-path选路

BGP 的选路和属性

BGP反射器联盟属性选路