大规模路由综合实验

Posted 养一只金毛呗

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了大规模路由综合实验相关的知识,希望对你有一定的参考价值。

大规模路由综合实验

实验拓扑

实验需求

1.某企业总公司和分公司运行 BGP 实现路由互通,另外还有办事处运行 RIPv2。总公司和分公司之间通过两条线路相 连。企业内有 A 流和 B 流两种流量,如图所示
2.按照图示配置 IP 地址,除 R7 外,所有路由配置 Loopback0 口 IP 地址用于 OSPF 的 Router-id 和 IBGP 建立邻居,地址格式为 X.X.X.X/32,X 为设备编号
3.总公司和分公司内部配置 OSPF,仅用于实现 BGP 的 TCP 可达,不允许宣告业务网段
4.办事处和总公司之间配置 RIPv2
5.适当调整链路 Cost,避免产生等价路由
6.总公司和分公司配置 BGP 实现路由互通,总公司在 AS 65001,分公司在 AS 65002,各自 AS 内部使用对等体组 建立可靠的 IBGP 全连接,AS 之间使用直连接口建立 EBGP 邻居,总公司和分公司的业务网段宣告在 BGP 中
7.为了实现总公司和分公司的流量负载均衡,要求通过修改 AS_path,使 A 流数据经过 R2 和 R4,B 流数据经过 R3 和 R5
8.在 R2 上配置 RIP 和 BGP 的双向引入,要求办事处的 A 流和 B 流都能与总公司互通,但办事处与分公司之间只 有 A 流能够互通
9.不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文
10.随着公司业务发展,后续可能会有其他分公司通过 R2 或 R3 接入总公司;不允许分公司之间互访,所以要求总公司只能对分公司发布属于本 AS 的路由

实验步骤

1.配置IP地址略

2.总公司和分公司内部配置OSPF,不能出现业务网段

R1
#
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.0.0.1 0.0.0.0
  network 10.0.0.5 0.0.0.0
#

R2
#
ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 10.0.0.2 0.0.0.0
  network 10.0.0.9 0.0.0.0
#

R3
#
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 10.0.0.6 0.0.0.0
  network 10.0.0.10 0.0.0.0
#

R4
#
ospf 1 router-id 4.4.4.4
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 10.0.0.21 0.0.0.0
  network 10.0.0.25 0.0.0.0
#

R5
#
ospf 1 router-id 5.5.5.5
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 10.0.0.22 0.0.0.0
  network 10.0.0.29 0.0.0.0
#

R6
#
ospf 1 router-id 6.6.6.6
 area 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 10.0.0.26 0.0.0.0
  network 10.0.0.30 0.0.0.0
#

3.总公司和分公司内部配置IBGP,业务网段宣告进BGP

R1
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 2.2.2.2 group neibu
 peer 3.3.3.3 group neibu
 #
 address-family ipv4 unicast
  network 172.16.0.0 255.255.255.0
  network 192.168.0.0 255.255.255.0
  peer neibu enable
#

R2
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
#

R3
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 2.2.2.2 group neibu
 peer 10.0.0.18 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.18 enable
#

R4
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 5.5.5.5 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.13 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.13 enable
#

R5
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.17 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.17 enable
#

R6
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 5.5.5.5 group neibu
 #
 address-family ipv4 unicast
  network 172.16.1.0 255.255.255.0
  network 192.168.1.0 255.255.255.0
  peer neibu enable
#

4.总公司和分公司之间配置EBGP

R2
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 3.3.3.3 group neibu
 peer 10.0.0.14 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.14 enable
#

R4
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 5.5.5.5 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.13 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.13 enable
#

R3
#
bgp 65001
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 1.1.1.1 group neibu
 peer 2.2.2.2 group neibu
 peer 10.0.0.18 as-number 65002
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.18 enable
#

R5
#
bgp 65002
 group neibu internal
 peer neibu connect-interface LoopBack0
 peer 4.4.4.4 group neibu
 peer 6.6.6.6 group neibu
 peer 10.0.0.17 as-number 65001
 #
 address-family ipv4 unicast
  peer neibu enable
  peer neibu next-hop-local
  peer 10.0.0.17 enable
#

5.办事处和总公司之间配置RIP

R2
#
rip 1
 undo summary
 version 2
 network 10.0.0.0
#

R7
#
rip 1
 version 2
 network 10.0.0.0
 network 172.16.0.0
 network 192.168.2.0
#

6.调整链路cost值避免产生等价路由

R1
#
interface GigabitEthernet0/0
 ospf cost 300
interface GigabitEthernet0/1
 ospf cost 400
#

R2
#
interface GigabitEthernet0/0
 ospf cost 300
interface GigabitEthernet0/1
 ospf cost 500
#

R3
#
interface GigabitEthernet0/0
 ospf cost 400
interface GigabitEthernet0/1
 ospf cost 500
#
R4,R5,R6配置类似

7.修改AS_path,A流走R2R4,B流走R3R5

R2
#
acl basic 2000
 rule 0 permit source 172.16.0.0 0.0.0.255
#
route-policy bliu permit node 10  入节点
 if-match ip address acl 2000
 apply as-path 65001
route-policy bliu permit node 20  出节点,这里千万别忘记配置
#
bgp 65001
 #
 总公司B流走R3R5,那么B流的出口就在R4的10.0.0.14
 address-family ipv4 unicast
  peer 10.0.0.14 route-policy bliu export
#

R4
#
acl basic 2000
 rule 0 permit source 172.16.1.0 0.0.0.255
#
route-policy bliu permit node 10   入节点
 if-match ip address acl 2000
 apply as-path 65002
route-policy bliu permit node 20   出节点,这里千万别忘记配置
#
bgp 65002
 #
 分公司B流走R3R5,那么B流的出口就在R2的10.0.0.13
 address-family ipv4 unicast
  peer 10.0.0.13 route-policy bliu export
#

R3
#
acl basic 2000
 rule 0 permit source 192.168.0.0 0.0.0.255
#
route-policy aliu permit node 10   入节点
 if-match ip address acl 2000
 apply as-path 65001
route-policy aliu permit node 20   出节点,这里千万别忘记配置
#
bgp 65001
 #
 总公司A流走R2R4,那么A流的出口就在R5的10.0.0.18
 address-family ipv4 unicast
  peer 10.0.0.18 route-policy aliu export
#

R5
#
acl basic 2000
 rule 0 permit source 192.168.1.0 0.0.0.255
#
route-policy aliu permit node 10   入节点
 if-match ip address acl 2000
 apply as-path 65002
route-policy aliu permit node 20   出节点,这里千万别忘记配置
#
#
bgp 65002
 #
 分公司A流走R2R4,那么A流的出口就在R3的10.0.0.17
 address-family ipv4 unicast
  peer 10.0.0.17 route-policy aliu export
#

8.R2配置RIP和BGP双向引入

办事处A流B流与总公司互通,办事处A流与分公司互通
R2
#
acl basic 2001
 rule 0 permit source 192.168.0.0 0.0.1.255
 rule 5 permit source 172.16.0.0 0.0.0.255
#
acl basic 2002
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
route-policy b2r permit node 10  这里引入时不用配置出节点
 if-match ip address acl 2001
#
rip 1
 import-route bgp allow-ibgp route-policy b2r  默认引入的是ebgp,所以这里要多加一个参数
#
acl basic 2002
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
bgp 65001
 #
 address-family ipv4 unicast
  import-route rip 1
  peer 10.0.0.14 filter-policy 2002 export  
  办事处B流不能去分公司,一个路由策略在一个接口只能用一次,route-policy用过了
#

R3
#
acl basic 2001
 rule 0 deny source 172.16.2.0 0.0.0.255
 rule 5 permit
#
bgp 65001
 #
 address-family ipv4 unicast
  peer 10.0.0.18 filter-policy 2001 export 没有给路由策略取名字,所以此处就用2001
  分公司B流不能去办事处,一个路由策略在一个接口只能用一次,route-policy用过了
#

9.RIP中配置静默接口

不允许业务网段出现协议报文,不允许出现不相关的 RIP 协议报文
R2
#
rip 1
 silent-interface GigabitEthernet0/0
 silent-interface GigabitEthernet0/1
 silent-interface GigabitEthernet0/2
#

10.分公司不能互访,总公司对分公司发布属于本AS路由

R2
#
bgp 65001
 #
 address-family ipv4 unicast
  peer 10.0.0.14 as-path-acl 1 export
#

R3
#
bgp 65001
 #
 address-family ipv4 unicast
  peer 10.0.0.18 as-path-acl 1 export
#

11.测试

  • 总公司ping分公司

    总公司B流能ping通分公司B流
    [R1]ping -a 172.16.0.1 172.16.1.1
    Ping 172.16.1.1 (172.16.1.1) from 172.16.0.1: 56 data bytes, press CTRL+C to break
    56 bytes from 172.16.1.1: icmp_seq=0 ttl=253 time=2.000 ms
    56 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=4.000 ms
    56 bytes from 172.16.1.1: icmp_seq=2 ttl=253 time=5.000 ms
    56 bytes from 172.16.1.1: icmp_seq=3 ttl=253 time=3.000 ms
    56 bytes from 172.16.1.1: icmp_seq=4 ttl=253 time=3.000 ms
    
    --- Ping statistics for 172.16.1.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 2.000/3.400/5.000/1.020 ms
    
    总公司A流能ping通分公司A流
    [R1]ping -a 192.168.0.1 192.168.1.1
    Ping 192.168.1.1 (192.168.1.1) from 192.168.0.1: 56 data bytes, press CTRL+C to break
    56 bytes from 192.168.1.1: icmp_seq=0 ttl=253 time=1.000 ms
    56 bytes from 192.168.1.1: icmp_seq=1 ttl=253 time=4.000 ms
    56 bytes from 192.168.1.1: icmp_seq=2 ttl=253 time=5.000 ms
    56 bytes from 192.168.1.1: icmp_seq=3 ttl=253 time=1.000 ms
    56 bytes from 192.168.1.1: icmp_seq=4 ttl=253 time=1.000 ms
    
    --- Ping statistics for 192.168.1.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 1.000/2.400/5.000/1.744 ms
    
  • 分公司ping总公司

    分公司A流能ping通总公司A流
    [R6]ping -a 192.168.1.1 192.168.0.1
    Ping 192.168.0.1 (192.168.0.1) from 192.168.1.1: 56 data bytes, press CTRL+C to break
    56 bytes from 192.168.0.1: icmp_seq=0 ttl=253 time=2.000 ms
    56 bytes from 192.168.0.1: icmp_seq=1 ttl=253 time=4.000 ms
    56 bytes from 192.168.0.1: icmp_seq=2 ttl=253 time=2.000 ms
    56 bytes from 192.168.0.1: icmp_seq=3 ttl=253 time=2.000 ms
    56 bytes from 192.168.0.1: icmp_seq=4 ttl=253 time=2.000 ms
    
    --- Ping statistics for 192.168.0.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 2.000/2.400/4.000/0.800 ms
    
    分公司B流能ping通总公司B流
    [R6]ping -a 172.16.1.1 172.16.0.1
    Ping 172.16.0.1 (172.16.0.1) from 172.16.1.1: 56 data bytes, press CTRL+C to break
    56 bytes from 172.16.0.1: icmp_seq=0 ttl=253 time=2.000 ms
    56 bytes from 172.16.0.1: icmp_seq=1 ttl=253 time=3.000 ms
    56 bytes from 172.16.0.1: icmp_seq=2 ttl=253 time=6.000 ms
    56 bytes from 172.16.0.1: icmp_seq=3 ttl=253 time=3.000 ms
    56 bytes from 172.16.0.1: icmp_seq=4 ttl=253 time=6.000 ms
    
    --- Ping statistics for 172.16.0.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 2.000/4.000/6.000/1.673 ms
    
  • 总公司ping办事处

    总公司A流能ping通办事处A流
    [R1]ping -a 192.168.0.1 192.168.2.1
    Ping 192.168.2.1 (192.168.2.1) from 192.168.0.1: 56 data bytes, press CTRL+C to break
    56 bytes from 192.168.2.1: icmp_seq=0 ttl=254 time=1.000 ms
    56 bytes from 192.168.2.1: icmp_seq=1 ttl=254 time=3.000 ms
    56 bytes from 192.168.2.1: icmp_seq=2 ttl=254 time=4.000 ms
    56 bytes from 192.168.2.1: icmp_seq=3 ttl=254 time=2.000 ms
    56 bytes from 192.168.2.1: icmp_seq=4 ttl=254 time=2.000 ms
    
    --- Ping statistics for 192.168.2.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 1.000/2.400/4.000/1.020 ms
    
    总公司B流能ping通办事处B流
    [R1]ping -a 172.16.0.1 172.16.2.1
    Ping 172.16.2.1 (172.16.2.1) from 172.16.0.1: 56 data bytes, press CTRL+C to break
    56 bytes from 172.16.2.1: icmp_seq=0 ttl=254 time=2.000 ms
    56 bytes from 172.16.2.1: icmp_seq=1 ttl=254 time=2.000 ms
    56 bytes from 172.16.2.1: icmp_seq=2 ttl=254 time=4.000 ms
    56 bytes from 172.16.2.1: icmp_seq=3 ttl=254 time=2.000 ms
    56 bytes from 172.16.2.1: icmp_seq=4 ttl=254 time=1.000 ms
    
    --- Ping statistics for 172.16.2.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 1.000/2.200/4.000/0.980 ms
    
  • 办事处ping总公司

    办事处A流能ping通总公司A流
    [R7]ping -a 192.168.2.1 192.168.0.1
    Ping 192.168.0.1 (192.168.0.1) from 192.168.2.1: 56 data bytes, press CTRL+C to break
    56 bytes from 192.168.0.1: icmp_seq=0 ttl=254 time=0.000 ms
    56 bytes from 192.168.0.1: icmp_seq=1 ttl=254 time=2.000 ms
    56 bytes from 192.168.0.1: icmp_seq=2 ttl=254 time=2.000 ms
    56 bytes from 192.168.0.1: icmp_seq=3 ttl=254 time=2.000 ms
    56 bytes from 192.168.0.1: icmp_seq=4 ttl=254 time=2.000 ms
    
    --- Ping statistics for 192.168.0.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 0.000/1.600/2.000/0.800 ms
    
    办事处B流能ping通总公司B流
    [R7]ping -a 172.16.2.1 172.16.0.1
    Ping 172.16.0.1 (172.16.0.1) from 172.16.2.1: 56 data bytes, press CTRL+C to break
    56 bytes from 172.16.0.1: icmp_seq=0 ttl=254 time=2.000 ms
    56 bytes from 172.16.0.1: icmp_seq=1 ttl=254 time=2.000 ms
    56 bytes from 172.16.0.1: icmp_seq=2 ttl=254 time=2.000 ms
    56 bytes from 172.16.0.1: icmp_seq=3 ttl=254 time=1.000 ms
    56 bytes from 172.16.0.1: icmp_seq=4 ttl=254 time=2.000 ms
    
    --- Ping statistics for 172.16.0.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms
    
  • 办事处和分公司A流能互通

    办事处A流能ping通分公司A流
    [R7]ping -a 192.168.2.1 192.168.1.1
    Ping 192.168.1.1 (192.168.1.1) from 192.168.2.1: 56 data bytes, press CTRL+C to break
    56 bytes from 192.168.1.1: icmp_seq=0 ttl=252 time=3.000 ms
    56 bytes from 192.168.1.1: icmp_seq=1 ttl=252 time=6.000 ms
    56 bytes from 192.168.1.1: icmp_seq=2 ttl=252 time=4.000 ms
    56 bytes from 192.168.1.1: icmp_seq=3 ttl=252 time=4.000 ms
    56 bytes from 192.168.1.1: icmp_seq=4 ttl=252 time=3.000 ms
    
    --- Ping statistics for 192.168.1.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 3.000/4.000/6.000/1.095 ms
    
    分公司A流能ping通办事处A流
    [R6]ping -a 192.168.1.1 192.168.2.1
    Ping 192.168.2.1 (192.168.2.1) from 192.168.1.1: 56 data bytes, press CTRL+C to break
    56 bytes from 192.168.2.1: icmp_seq=0 ttl=253 time=3.000 ms
    56 bytes from 192.168.2.1: icmp_seq=1 ttl=253 time=3.000 ms
    56 bytes from 192.168.2.1: icmp_seq=2 ttl=253 time=4.000 ms
    56 bytes from 192.168.2.1: icmp_seq=3 ttl=253 time=6.000 ms
    56 bytes from 192.168.2.1: icmp_seq=4 ttl=253 time=3.000 ms
    
    --- Ping statistics for 192.168.2.1 ---
    5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 3.000/3.800/6.000/1.166 ms
    
  • 办事处和分公司B流不能互通

    办事处B流不能ping通分公司B流
    [R7]ping -a 172.16.2.1 172.16.1.1
    Ping 172.16.1.1 (172.16.1.1) from 172.16.2.1: 56 data bytes, press CTRL+C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
    
    --- Ping statistics for 172.16.1.1 ---
    5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
    
    分公司B流不能ping通办事处B流
    [R6]ping -a 172.16.1.1 172.16.2.1
    Ping 172.16.2.1 (172.16.2.1) from 172.16.1.1: 56 data bytes, press CTRL+C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
    
    --- Ping statistics for 172.16.2.1 ---
    5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
    

    如果到这里测试都没问题了,这个实验才算做完了,这个实验并不难,就是配置的时候要注意里面的一些小细节。

以上是关于大规模路由综合实验的主要内容,如果未能解决你的问题,请参考以下文章

CCNP路由综合实验(201912月新版)

OSPFVLANRIP单臂路由综合实验,实现全网互通

交换机路由器综合实验

单臂路由综合实验

单臂路由综合实验

基于LInux系统的路由综合实验