ISIS 综合实验;BGP 实验

Posted yu15

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ISIS 综合实验;BGP 实验相关的知识,希望对你有一定的参考价值。

ISIS 综合实验

实验拓扑

技术图片

实验需求

1、 如图配置 IP 地址
2、 如图配置 IS-IS,要求全网互通,R8的Loop X口暂不宣告
3、 R1和R3直连,要求 R3 成为 DIS,但只允许在 R1上配置
4、 R3与R4之间不允许有 DIS 选举
5、 R8引入 8.8.X.0/24 网段路由
6、 要求区域 49.0010只学习到 8.8.X.0/24 的汇总路由(精确汇总),有数据访问时走最优路径
7、 R6和R8之间需要提高报文交互的安全性
8、 49.0010区域提高安全性

实验步骤

1.配置相应接口IP地址及环回口地址

AR1

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.13.2 24

AR3

[Huawei]int s4/0/0
[Huawei-Serial4/0/0]ip address 10.1.35.1 24
[Huawei-Serial4/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.34.1 24
[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.13.1 24

AR4

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.34.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.46.1 24

AR5

[Huawei]int s4/0/0
[Huawei-Serial4/0/0]ip address 10.1.35.2 24
[Huawei-Serial4/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.56.1 24

AR6

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.56.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.46.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.1.68.2 24

AR7

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.68.1 24
[Huawei-GigabitEthernet0/0/0]int l0
[Huawei-LoopBack0]ip address 8.8.3.1 24
[Huawei-LoopBack1]ip address 8.8.4.1 24
[Huawei-LoopBack1]int l2
[Huawei-LoopBack2]ip address 8.8.5.1 24

2.配置 IS-IS,要求全网互通,R8的Loop X口暂不宣告

AR1

[Huawei]isis
[Huawei-isis-1]network-entity 49.0010.0000.0001.00
[Huawei-isis-1]is-level level-1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1

AR3

[Huawei]isis
[Huawei-isis-1]network-entity 49.0010.0000.0003.00
[Huawei-isis-1]is-level level-1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei]int S4/0/0
[Huawei-S4/0/0]isis enable 1

AR4

[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0010.0000.0004.00
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis enable 1

AR5

[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0010.0000.0005.00
[Huawei-isis-1]int s4/0/0
[Huawei-Serial4/0/0]isis enable 1
[Huawei-Serial4/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis enable 1

AR6

[Huawei]isis 1  
[Huawei-isis-1]network-entity 49.0020.0000.0006.00
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1
[Huawei-GigabitEthernet0/0/0]int g0/0/1 
[Huawei-GigabitEthernet0/0/1]isis enable 1
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]isis enable 1

AR8

[Huawei]isis 1
[Huawei-isis-1]network-entity 49.0020.0000.0008.00  
[Huawei-isis-1]is-level level-2
[Huawei-isis-1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis enable 1

3、 R1和R3直连,要求 R3 成为 DIS,但只允许在 R1上配置

DIS 优先级默认为64,把AR1的优先级改小
AR1上配置优先级

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis dis-priority 0

AR3上查看接口

[Huawei]dis isis interface g0/0/0

                       Interface information for ISIS(1)
                       ---------------------------------
 Interface       Id      IPV4.State          IPV6.State      MTU  Type  DIS   
 GE0/0/0         002         Up                 Down         1497 L1/L2 Yes/

4、 R3与R4之间不允许有 DIS 选举

AR3

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]isis circuit-type p2p

AR4

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]isis circuit-type p2p

在AR3上查看链路类型

[Huawei]dis isis interface 

                       Interface information for ISIS(1)
                       ---------------------------------
 Interface       Id      IPV4.State          IPV6.State      MTU  Type  DIS   
 GE0/0/0         001         Up                 Down         1497 L1/L2 Yes/No 
 GE0/0/1         001         Up                 Down         1497 L1/L2 -- 
 S4/0/0          002         Up                 Down         1500 L1/L2 -- 

在AR4上查看链路类型

[Huawei]dis isis interface 

                       Interface information for ISIS(1)
                       ---------------------------------
 Interface       Id      IPV4.State          IPV6.State      MTU  Type  DIS   
 GE0/0/0         001         Up                 Down         1497 L1/L2 -- 
 GE0/0/1         001         Up                 Down         1497 L1/L2 No/No 

5. R8引入 8.8.X.0/24 网段路由

AR8

[Huawei-isis-1]import-route direct

6、 要求区域 49.0010只学习到 8.8.X.0/24 的汇总路由(精确汇总),有数据访问时走最优路径

AR8

[Huawei-isis-1] summary 8.8.0.0 255.255.248.0

AR4

[Huawei]isis 1
[Huawei-isis-1]import-route isis level-2 into level-1 

AR5

[Huawei]isis 1
[Huawei-isis-1]import-route isis level-2 into level-1 

在AR5上改变开销,默认为10

[Huawei]int g0/0/1  
[Huawei-GigabitEthernet0/0/1]isis cost 30

在AR3上查看路由表,去往8.8.0.0的路由,下一跳是10.1.34.2,为最优路径。

[Huawei]dis ip routing-table protocol isis 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : ISIS
         Destinations : 4        Routes : 4        

ISIS routing table status : <Active>
         Destinations : 4        Routes : 4

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        8.8.0.0/21  ISIS-L2 15   94          D   10.1.34.2       GigabitEthernet
0/0/1
      10.1.46.0/24  ISIS-L1 15   20          D   10.1.34.2       GigabitEthernet
0/0/1
      10.1.56.0/24  ISIS-L1 15   40          D   10.1.35.2       Serial4/0/0
      10.1.68.0/24  ISIS-L2 15   30          D   10.1.34.2       GigabitEthernet
0/0/1

在AR1上路由跟踪,进行检验

[Huawei]tracert 8.8.3.1

 traceroute to  8.8.3.1(8.8.3.1), max hops: 30 ,packet length: 40,press CTRL_C t
o break 

 1 10.1.13.1 40 ms  10 ms  20 ms 

 2 10.1.34.2 20 ms  10 ms  30 ms 

 3 10.1.46.2 40 ms  30 ms  20 ms 

 4 10.1.68.1 20 ms  20 ms  30 ms 

7、R6和R8之间需要提高报文交互的安全性

AR6

[Huawei-GigabitEthernet0/0/2]isis authentication-mode md5 huawei

AR8

[Huawei-GigabitEthernet0/0/0]isis authentication-mode md5 huawei

8、 49.0010区域提高安全性

AR1

[Huawei]isis    
[Huawei-isis-1]area-authentication-mode md5 123

AR3

[Huawei]isis    
[Huawei-isis-1]area-authentication-mode md5 123

AR4

[Huawei]isis        
[Huawei-isis-1]area-authentication-mode md5 123

AR5

[Huawei]isis    
[Huawei-isis-1]area-authentication-mode md5 123

BGP 基础实验

实验拓扑

技术图片

实验要求

  1. 按照图示配置 IP 地址,R1 和 R5 上使用环回口模拟业务网段,R2,R3,R4 的环回口用于配置 Router-id 和建立 IBGP 邻居
  2. AS 200 运行 OSPF 实现内部网络互通
  3. 所有设备都运行 BGP 协议,要求 R1 和 R2 利用直连接口建立 EBGP 邻居,R4 和 R5 利用直连接口建立EBGP 邻居,AS 200 内形成 IBGP 全互连,IBGP 邻居使用环回口建立邻居
  4. R1 和 R5 把业务网段宣告进 BGP,解决业务网段互连互通

    实验步骤

    配置IP地址及环回口地址

    AR1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.2 24

AR2

[Huawei]int l0
[Huawei-LoopBack0]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.23.1 24
[Huawei-GigabitEthernet0/0/1]int l0
[Huawei-LoopBack0]ip address 2.2.2.2 32

AR3

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.23.2 24
[Huawei-GigabitEthernet0/0/1]int l0
[Huawei-LoopBack0]ip address 3.3.3.3 32
[Huawei-LoopBack0]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.34.2 24

AR4

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.1.34.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.1.45.1 24
[Huawei-GigabitEthernet0/0/1]int l0
[Huawei-LoopBack0]ip address 4.4.4.4 32

AR5

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]i add 10.1.45.2 24

AS 200 利用 OSPF 协议解决内部网络互通

R2

[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255

R3

[Huawei]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 10.1.34.0 0.0.0.255

R4

[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.34.0 0.0.0.255

所有设备都运行 BGP 协议

在 R1 与 R2 上利用直连接口建立 EBGP 邻居关系

R1

[Huawei]BGP 100
[Huawei-bgp]peer 10.1.12.1 as-number 200

R2

[Huawei]BGP 200
[Huawei-bgp]peer 10.1.12.2 as-number 100
在 R4与 R5 上利用直连接口建立 EBGP 邻居关系

R4

[Huawei]BGP 200
[Huawei-bgp]peer 10.1.45.2 as-number 300

R5

[Huawei]bgp 300
[Huawei-bgp]peer 10.1.45.1 as-number 200

在 R2,R3 与 R4 上利用环回接口建立 IBGP 邻居关系

R2

[Huawei]BGP 200
[Huawei-bgp]peer 3.3.3.3 as-number 200
[Huawei-bgp]peer 3.3.3.3 connect-interface LoopBack 0  //修改更新源为环回口
[Huawei-bgp]peer 3.3.3.3 next-hop-local   //修改 IBGP 邻居下一跳为本机

[Huawei-bgp]peer 4.4.4.4 as-number 200
[Huawei-bgp]PEER 4.4.4.4 connect-interface LoopBack 0
[Huawei-bgp]peer 4.4.4.4 next-hop-local 

R3

[Huawei]bgp 200
[Huawei-bgp]peer 2.2.2.2 as-number 200  
[Huawei-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[Huawei-bgp]peer 4.4.4.4 as-number 200
[Huawei-bgp]peer 4.4.4.4 connect-interface LoopBack 0

R4

[Huawei]BGP 200
[Huawei-bgp]peer 2.2.2.2 as-number 200  
[Huawei-bgp]PEER 2.2.2.2 connect-interface LoopBack 0
[Huawei-bgp]peer 2.2.2.2 next-hop-local 

[Huawei-bgp]PEER 3.3.3.3 as-number 200
[Huawei-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[Huawei-bgp]peer 3.3.3.3 next-hop-local

R1 和 R5 把业务网段宣告进 BGP

AR1

  network 192.168.1.0 255.255.255.0 

AR5

network 192.168.2.0 255.255.255.0 

在AR2上查看邻居

[Huawei]dis bgp peer

 BGP local router ID : 10.1.12.1
 Local AS number : 200
 Total number of peers : 3        Peers in established state : 3

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State Pre
fRcv

  3.3.3.3         4         200       40       41     0 00:38:11 Established   0
  4.4.4.4         4         200       41       41     0 00:38:11 Established   1
  10.1.12.2       4         100       48       46     0 00:43:31 Established   1

在AR4上查看邻居

[Huawei]dis bgp peer 

 BGP local router ID : 10.1.34.1
 Local AS number : 200
 Total number of peers : 3        Peers in established state : 3

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State Pre
fRcv

  2.2.2.2         4         200       25       25     0 00:21:00 Established    
   0
  3.3.3.3         4         200       59       61     0 00:57:23 Established    
   0
  10.1.45.2       4         300       22       22     0 00:18:09 Established    
   0

AR 1 PING AR5,业务网段带源PING

[Huawei]ping -a 192.168.1.1 192.168.2.2
  PING 192.168.2.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=252 time=40 ms
    Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=252 time=60 ms
    Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=252 time=50 ms
    Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=252 time=50 ms
    Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=252 time=40 ms

  --- 192.168.2.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/60 ms

以上是关于ISIS 综合实验;BGP 实验的主要内容,如果未能解决你的问题,请参考以下文章

HCIE大师之路——BGP路由综合实验

HCIE大师之路——BGP路由综合实验

《深入浅出 —— BGP邻居联盟路由反射器综合配置》

大规模路由综合实验

L3***+VRRP综合实验

HCIP 中期综合实验