纸箱 2007-11-12 11:40
配置IBGP和EBGP会话,本地优先级和MED属性
[align=center][size=3][font=宋体]实验[/font][font=Times New Roman]9.11.4a
[/font][font=宋体]配置[/font][font=Times New Roman]IBGP[/font][font=宋体]和[/font][font=Times New Roman]EBGP[/font][font=宋体]会话,本地优先级和[/font][font=Times New Roman]MED[/font][font=宋体]属性[/font][/size][/align]
[font=宋体][size=3]一、实验拓扑图:[/size][/font]
[font=Times New Roman][size=3] [img]http://p.blog.csdn.net/images/p_blog_csdn_net/ieeenjoy/291908/o_9114a.JPG[/img][/size][/font]
[font=宋体][size=3]二、实验目的:[/size][/font]
[size=3][font=Times New Roman] [/font][font=宋体]国际互联网培训中心[/font][font=Times New Roman]ITAA[/font][font=宋体]拥有两条通往[/font][font=Times New Roman]ISP[/font][font=宋体]的链路,其中一条链路不受流量限制,另一条需要为流量付额外的费用,所以[/font][font=Times New Roman]ITAA[/font][font=宋体]需要控制[/font][font=Times New Roman]AS[/font][font=宋体]内部和外部的通信,使其使用上面一条流量不受控制的链路。采用[/font][font=Times New Roman]local-preference[/font][font=宋体]和[/font][font=Times New Roman]MED[/font][font=宋体]。[/font][/size]
[font=宋体][size=3]三、具体实验内容:[/size][/font]
[size=3][font=Times New Roman] [/font][font=宋体]步骤:[/font][/size]
[align=center][table=529][tr][td=1,1,529][size=3][font=宋体]-实验基本配置(包括[/font][font=Times New Roman]BGP[/font][font=宋体]和[/font][font=Times New Roman]EIGRP[/font][font=宋体]的基本配置);[/font][/size]
[/td][/tr][tr][td=1,1,529][size=3][font=宋体]-更改[/font][font=Times New Roman]ITAA[/font][font=宋体]和[/font][font=Times New Roman]ITAA_SUB[/font][font=宋体]路由器[/font][font=Times New Roman]BGP[/font][font=宋体]的下一跳属性;[/font][/size]
[/td][/tr][tr][td=1,1,529][size=3][font=宋体]-[/font][font=Times New Roman]ISP[/font][font=宋体]将自身路由通告给[/font][font=Times New Roman]ITAA[/font][font=宋体]使其内部知道如何到达[/font][font=Times New Roman]ISP;[/font][/size]
[/td][/tr][tr][td=1,1,529][size=3][font=宋体]-控制[/font][font=Times New Roman]ITAA[/font][font=宋体]自治系统内流量的出口;(更改[/font][font=Times New Roman]local-preference[/font][font=宋体])[/font][/size]
[/td][/tr][tr][td=1,1,529][size=3][font=宋体]-控制流往[/font][font=Times New Roman]ITAA[/font][font=宋体]自治系统内的入口;(更改[/font][font=Times New Roman]MED[/font][font=宋体])[/font][/size]
[/td][/tr][tr][td=1,1,529][size=3][font=宋体]-在[/font][font=Times New Roman]ITAA[/font][font=宋体]和[/font][font=Times New Roman]ITAA_SUB[/font][font=宋体]分别配置默认路由通往[/font][font=Times New Roman]ISP[/font][font=宋体];[/font][/size]
[/td][/tr][tr][td=1,1,529][font=宋体][size=3]-结论[/size][/font]
[/td][/tr][/table][/align][font=Times New Roman][size=3] [/size][/font]
[font=宋体][size=3]实验基本配置:[/size][/font]
[align=center][table][tr][td][font=Times New Roman][size=3]ISP#sh run[/size][/font]
[font=Times New Roman][size=3]Building configuration...[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Current configuration : 1390 bytes[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]version 12.3[/size][/font]
[font=Times New Roman][size=3]service timestamps debug datetime msec[/size][/font]
[font=Times New Roman][size=3]service timestamps log datetime msec[/size][/font]
[font=Times New Roman][size=3]no service password-encryption[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]hostname ISP[/size][/font]
[font=Times New Roman][size=3]interface Loopback0[/size][/font]
[size=3][font=Times New Roman]
ip address 192.168.100.1 255.255.255.0[/font][/size]
[size=3][font=Times New Roman]!
[/font][/size]
[font=Times New Roman][size=3]interface Serial1/0[/size][/font]
[size=3][font=Times New Roman]
ip address 192.168.1.5 255.255.255.252[/font][/size]
[size=3][font=Times New Roman]
serial restart-delay 0[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]interface Serial1/1[/size][/font]
[size=3][font=Times New Roman]
ip address 192.168.1.1 255.255.255.252[/font][/size]
[size=3][font=Times New Roman]
serial restart-delay 0[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]router bgp 200[/size][/font]
[size=3][font=Times New Roman]
no synchronization[/font][/size]
[size=3][font=Times New Roman]
bgp log-neighbor-changes[/font][/size]
[size=3][font=Times New Roman]
network 192.168.100.0[/font][/size]
[size=3][font=Times New Roman]
neighbor 192.168.1.2 remote-as 64512[/font][/size]
[size=3][font=Times New Roman]
neighbor 192.168.1.6 remote-as 64512[/font][/size]
[size=3][font=Times New Roman]
no auto-summary[/font][/size]
[size=3][font=Times New Roman]!
[/font][/size]
[font=Times New Roman][size=3]end[/size][/font]
[/td][td][font=Times New Roman][size=3]ITAA#sh run[/size][/font]
[font=Times New Roman][size=3]Building configuration...[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Current configuration : 1420 bytes[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]version 12.3[/size][/font]
[font=Times New Roman][size=3]service timestamps debug datetime msec[/size][/font]
[font=Times New Roman][size=3]service timestamps log datetime msec[/size][/font]
[font=Times New Roman][size=3]no service password-encryption[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]hostname ITAA[/size][/font]
[font=Times New Roman][size=3]interface Loopback0[/size][/font]
[size=3][font=Times New Roman]
ip address 172.16.64.1 255.255.255.0[/font][/size]
[size=3][font=Times New Roman]!
[/font][/size]
[font=Times New Roman][size=3]interface Serial1/0[/size][/font]
[size=3][font=Times New Roman]
ip address 172.16.1.1 255.255.255.0[/font][/size]
[size=3][font=Times New Roman]
serial restart-delay 0[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]interface Serial1/1[/size][/font]
[size=3][font=Times New Roman]
ip address 192.168.1.6 255.255.255.252[/font][/size]
[size=3][font=Times New Roman]
serial restart-delay 0[/font][/size]
[font=Times New Roman][size=3]router eigrp 64512[/size][/font]
[size=3][font=Times New Roman]
network 172.16.1.2[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]router bgp 64512[/size][/font]
[size=3][font=Times New Roman]
no synchronization[/font][/size]
[size=3][font=Times New Roman]
bgp log-neighbor-changes[/font][/size]
[size=3][font=Times New Roman]
network 172.16.0.0[/font][/size]
[size=3][font=Times New Roman]
neighbor 172.16.1.2 remote-as 64512[/font][/size]
[size=3][font=Times New Roman]
neighbor 192.168.1.5 remote-as 200[/font][/size]
[size=3][font=Times New Roman]
no auto-summary[/font][/size]
[size=3][font=Times New Roman]!
[/font][/size]
[font=Times New Roman][size=3]ip route 172.16.0.0 255.255.0.0 Null0[/size][/font]
[font=Times New Roman][size=3]end[/size][/font]
[/td][/tr][/table][/align][table][tr][td][font=Times New Roman][size=3]ITAA_SUB#sh run[/size][/font]
[font=Times New Roman][size=3]Building configuration...[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Current configuration : 1424 bytes[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]version 12.3[/size][/font]
[font=Times New Roman][size=3]service timestamps debug datetime msec[/size][/font]
[font=Times New Roman][size=3]service timestamps log datetime msec[/size][/font]
[font=Times New Roman][size=3]no service password-encryption[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]hostname ITAA_SUB[/size][/font]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]interface Loopback0[/size][/font]
[size=3][font=Times New Roman]
ip address 172.16.32.1 255.255.255.0[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]interface Serial1/0[/size][/font]
[size=3][font=Times New Roman]
ip address 192.168.1.2 255.255.255.252[/font][/size]
[size=3][font=Times New Roman]
serial restart-delay 0[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]interface Serial1/1[/size][/font]
[size=3][font=Times New Roman]
ip address 172.16.1.2 255.255.255.0[/font][/size]
[size=3][font=Times New Roman]
serial restart-delay 0[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]router eigrp 64512[/size][/font]
[size=3][font=Times New Roman]
network 172.16.1.1[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]router bgp 64512[/size][/font]
[size=3][font=Times New Roman]
no synchronization[/font][/size]
[size=3][font=Times New Roman]
bgp log-neighbor-changes[/font][/size]
[size=3][font=Times New Roman]
network 172.16.0.0[/font][/size]
[size=3][font=Times New Roman]
neighbor 172.16.1.1 remote-as 64512[/font][/size]
[size=3][font=Times New Roman]
neighbor 192.168.1.1 remote-as 200[/font][/size]
[size=3][font=Times New Roman]
no auto-summary[/font][/size]
[font=Times New Roman][size=3]![/size][/font]
[font=Times New Roman][size=3]ip route 172.16.0.0 255.255.0.0 Null0[/size][/font]
[font=Times New Roman][size=3]end[/size][/font]
[/td][/tr][/table][font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[size=3][font=宋体]更改[/font][font=Times New Roman]ITAA[/font][font=宋体]和[/font][font=Times New Roman]ITAA_SUB[/font][font=宋体]路由器[/font][font=Times New Roman]BGP[/font][font=宋体]的下一跳属性[/font][font=Times New Roman]:[/font][/size]
[font=Times New Roman][size=3] [/size][/font]
[table][tr][td][font=Times New Roman][size=3]ITAA(config)#router bgp 64512[/size][/font]
[font=Times New Roman][size=3]ITAA(config-router)#nei 172.16.1.2 next-hop-self[/size][/font]
[/td][/tr][/table][font=Times New Roman][size=3] [/size][/font]
[table][tr][td][font=Times New Roman][size=3]ITAA_SUB(config)#router bgp 64512[/size][/font]
[font=Times New Roman][size=3]ITAA_SUB(config-router)#nei 172.16.1.1 next-hop-self[/size][/font]
[/td][/tr][/table][font=Times New Roman][size=3] [/size][/font]
[size=3][font=宋体]更改下一跳属性之前[/font][font=Times New Roman]:[/font][/size]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA_SUB#sh ip bgp[/size][/font]
[font=Times New Roman][size=3]BGP table version is 3, local router ID is 172.16.32.1[/size][/font]
[size=3][font=Times New Roman]
Network
Next Hop
Metric LocPrf Weight Path[/font][/size]
[font=Times New Roman][size=3]*> 172.16.0.0
0.0.0.0
0
32768 i[/size][/font]
[font=Times New Roman][size=3]* i
172.16.1.1
0
100
0 i[/size][/font]
[font=Times New Roman][size=3]*> 192.168.100.0
192.168.1.1
0
0 200 i[/size][/font]
[font=Times New Roman][size=3]* i
[color=red]
192.168.1.5[/color]
0
100
0 200 i[/size][/font]
[/td][/tr][/table][font=宋体][size=3]更改下一跳之后:[/size][/font]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA_SUB#sh ip bgp[/size][/font]
[font=Times New Roman][size=3]BGP table version is 3, local router ID is 172.16.32.1[/size][/font]
[size=3][font=Times New Roman]
Network
Next Hop
Metric LocPrf Weight Path[/font][/size]
[font=Times New Roman][size=3]* i172.16.0.0
172.16.1.1
0
100
0 i[/size][/font]
[font=Times New Roman][size=3]*>
0.0.0.0
0
32768 i[/size][/font]
[font=Times New Roman][size=3]*> 192.168.100.0
192.168.1.1
0
0 200 i[/size][/font]
[font=Times New Roman][size=3]* i
[color=red]
172.16.1.1
[/color]
0
100
0 200 i[/size][/font]
[/td][/tr][/table][font=Times New Roman][size=3] [/size][/font]
[size=3][font=Times New Roman]ISP[/font][font=宋体]将自身路由通告给[/font][font=Times New Roman]ITAA[/font][font=宋体]使其内部知道如何到达[/font][font=Times New Roman]ISP:[/font][/size]
[size=3][font=宋体]现在有一个问题,我们在[/font][font=Times New Roman]ISP[/font][font=宋体]上[/font][font=Times New Roman]ping ITAA [/font][font=宋体]在[/font][font=Times New Roman]172.16.0.0[/font][font=宋体]段的端口和[/font][font=Times New Roman]ITAA[/font][font=宋体]的还回口地址,结果如下:[/font][/size]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ISP#p 172.16.1.1[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Type escape sequence to abort.[/size][/font]
[font=Times New Roman][size=3]Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:[/size][/font]
[font=Times New Roman][size=3].....[/size][/font]
[font=Times New Roman][size=3]Success rate is 0 percent (0/5)[/size][/font]
[font=Times New Roman][size=3]ISP#p 172.16.64.1[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Type escape sequence to abort.[/size][/font]
[font=Times New Roman][size=3]Sending 5, 100-byte ICMP Echos to 172.16.64.1, timeout is 2 seconds:[/size][/font]
[font=Times New Roman][size=3]U.U.U[/size][/font]
[font=Times New Roman][size=3]Success rate is 0 percent (0/5)[/size][/font]
[/td][/tr][/table][font=Times New Roman][size=3] [/size][/font]
[size=3][color=red][font=宋体]这也就是说,[/font][/color][color=red][font=Times New Roman]ISP[/font][/color][color=red][font=宋体]无法将流量正常传入[/font][/color][color=red][font=Times New Roman]AS64512[/font][/color][color=red][font=宋体]内,原因如下:[/font][/color][color=red][/color][/size]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ISP#sh ip bgp[/size][/font]
[font=Times New Roman][size=3]BGP table version is 7, local router ID is 192.168.100.1[/size][/font]
[font=Times New Roman][size=3]Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,[/size][/font]
[size=3][font=Times New Roman]
r RIB-failure, S Stale[/font][/size]
[font=Times New Roman][size=3]Origin codes: i - IGP, e - EGP, ? - incomplete[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[size=3][font=Times New Roman]
Network
Next Hop
Metric LocPrf Weight Path[/font][/size]
[size=3][font=Times New Roman]*
172.16.0.0
192.168.1.6
0
0 64512 i[/font][/size]
[size=3][font=Times New Roman]*>
192.168.1.2
0
0 64512 i[/font][/size]
[font=Times New Roman][size=3]*> 192.168.100.0
0.0.0.0
0
32768 i[color=red][/color][/size][/font]
[/td][/tr][/table][size=3][color=red][font=宋体]注意加粗的两条[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]信息,[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]在选路上有个原则,在所有属性条件都相同的情况下,取到[/font][/color][color=red][font=Times New Roman]IP[/font][/color][color=red][font=宋体]地址最小的路径(这是课本中说的),[/font][/color][/size][font=宋体][size=14pt]但是[/size][/font][size=3][color=red][font=宋体]:实验证明,相同属性值的[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]邻居哪个先起机(先形成邻接关系),[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]表就选择哪条。(在上图情况下,手动[/font][/color][color=red][font=Times New Roman]down[/font][/color][color=red][font=宋体]掉[/font][/color][color=red][font=Times New Roman]192.168.1.2[/font][/color][color=red][font=宋体]的口再[/font][/color][color=red][font=Times New Roman]no shutdown[/font][/color][color=red][font=宋体],就会选择[/font][/color][color=red][font=Times New Roman]192.168.1.6[/font][/color][color=red][font=宋体]了)。[/font][/color][color=red][/color][/size]
[size=3][color=red][font=Times New Roman] [/font][/color][color=red][font=宋体]书归正传,现在来解决[/font][/color][color=red][font=Times New Roman]ISP[/font][/color][color=red][font=宋体]无法[/font][/color][color=red][font=Times New Roman]ping[/font][/color][color=red][font=宋体]通[/font][/color][color=red][font=Times New Roman]AS64512[/font][/color][color=red][font=宋体]的问题:我们在[/font][/color][color=red][font=Times New Roman]ISP[/font][/color][color=red][font=宋体]的[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]会话中通告网络:[/font][/color][color=red][/color][/size]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ISP(config)#router bgp 200[/size][/font]
[font=Times New Roman][size=3]ISP(config-router)#net 192.168.1.0 mask 255.255.255.252[/size][/font]
[size=3][font=Times New Roman]ISP(config-router)#net 192.168.1.4 mask 255.255.255.252[color=red][/color][/font][/size]
[/td][/tr][/table][font=Times New Roman][size=3] [/size][/font]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ISP#sh ip rou[/size][/font]
[font=Times New Roman][size=3]Gateway of last resort is not set[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]B
172.16.0.0/16 [20/0] via 192.168.1.2, 00:17:16[/size][/font]
[size=3][font=Times New Roman]
192.168.1.0/30 is subnetted, 2 subnets[/font][/size]
[font=Times New Roman][size=3]C
192.168.1.0 is directly connected, Serial1/1[/size][/font]
[font=Times New Roman][size=3]C
192.168.1.4 is directly connected, Serial1/0[/size][/font]
[font=Times New Roman][size=3]C
192.168.100.0/24 is directly connected, Loopback0[/size][/font]
[/td][/tr][/table][color=red][font=Times New Roman][size=3] [/size][/font][/color]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ISP#ping 172.16.1.1[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Type escape sequence to abort.[/size][/font]
[font=Times New Roman][size=3]Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:[/size][/font]
[font=Times New Roman][size=3]!!!!![/size][/font]
[font=Times New Roman][size=3]Success rate is 100 percent (5/5), round-trip min/avg/max = 164/200/288 ms[/size][/font]
[font=Times New Roman][size=3]ISP#ping 172.16.64.1[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Type escape sequence to abort.[/size][/font]
[font=Times New Roman][size=3]Sending 5, 100-byte ICMP Echos to 172.16.64.1, timeout is 2 seconds:[/size][/font]
[font=Times New Roman][size=3]!!!!![/size][/font]
[size=3][font=Times New Roman]Success rate is 100 percent (5/5), round-trip min/avg/max = 124/194/264 ms[color=red][/color][/font][/size]
[/td][/tr][/table][size=3][color=red][font=宋体]这样就可以[/font][/color][color=red][font=Times New Roman]ping[/font][/color][color=red][font=宋体]通了。但同时会引入一个严重的隐患,那就是[/font][/color][color=red][font=Times New Roman]ISP[/font][/color][color=red][font=宋体]将自己的内部路由发布进入了[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体],也同时给了[/font][/color][color=red][font=Times New Roman]AS64512[/font][/color][color=red][font=宋体]的[/font][/color][color=red][font=Times New Roman]ITAA[/font][/color][color=red][font=宋体]企业内部,以后如果[/font][/color][color=red][font=Times New Roman]ITAA[/font][/color][color=red][font=宋体]接入其他[/font][/color][color=red][font=Times New Roman]ISP[/font][/color][color=red][font=宋体],那么就可能会引起渡越的危险隐患,所以如果采用这样的方法,在其他出口处一定要做过滤控制。[/font][/color][color=red][/color][/size]
[size=3][color=red][font=宋体]下面就开始正式的流量进出控制:[/font][/color][color=red][/color][/size]
[size=3][font=宋体]控制[/font][font=Times New Roman]ITAA[/font][font=宋体]自治系统内流量的出口;(更改[/font][font=Times New Roman]local-preference[/font][font=宋体]):[/font][/size]
[font=宋体][size=3]一条命令:[/size][/font]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA(config)#route-map ITAA_MAIN_OUT per 10[/size][/font]
[font=Times New Roman][size=3]ITAA(config-route-map)#set local-preference 100[/size][/font]
[font=Times New Roman][size=3]ITAA(config-route-map)#exi[/size][/font]
[font=Times New Roman][size=3]ITAA(config)#router bgp 64512[/size][/font]
[font=Times New Roman][size=3]ITAA(config-router)#nei 192.168.1.5 route-map ITAA_MAIN_OUT out[/size][/font]
[/td][/tr][/table][color=red][font=Times New Roman][size=3] [/size][/font][/color]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA_SUB(config)#route-map ITAA_SUB_OUT per 10[/size][/font]
[font=Times New Roman][size=3]ITAA_SUB(config-route-map)#set local-preference 75 [/size][/font]
[size=3][font=Times New Roman]ITAA_SUB(config-router)#nei 192.168.1.1 route-map ITAA_SUB_OUT out[color=red][/color][/font][/size]
[/td][/tr][/table][size=3][color=red][font=宋体]验证结果如下:[/font][/color][color=red][/color][/size]
[table][tr][td=1,1,568][size=3][font=Times New Roman]ITAA_SUB#sh ip bgp
[/font][/size]
[font=Times New Roman][size=3]BGP table version is 6, local router ID is 172.16.32.1[/size][/font]
[font=Times New Roman][size=3]Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,[/size][/font]
[size=3][font=Times New Roman]
r RIB-failure, S Stale[/font][/size]
[font=Times New Roman][size=3]Origin codes: i - IGP, e - EGP, ? - incomplete[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[size=3][font=Times New Roman]
Network
Next Hop
Metric LocPrf Weight Path[/font][/size]
[font=Times New Roman][size=3]* i172.16.0.0
172.16.1.1
0
100
0 i[/size][/font]
[font=Times New Roman][size=3]*>
0.0.0.0
0
32768 i[/size][/font]
[font=Times New Roman][size=3]r
192.168.1.0/30
192.168.1.1
0
75
0 200 i[/size][/font]
[font=Times New Roman][size=3]r>i
172.16.1.1
0
100
0 200 i[/size][/font]
[font=Times New Roman][size=3]*
192.168.1.4/30
192.168.1.1
0
75
0 200 i[/size][/font]
[font=Times New Roman][size=3]*>i
172.16.1.1
0
100
0 200 i[/size][/font]
[size=3][font=Times New Roman]*
192.168.100.0
192.168.1.1
0
75
0 200 i[/font][/size]
[size=3][font=Times New Roman]*>i
172.16.1.1
0
100
0 200 i[color=red][/color][/font][/size]
[/td][/tr][/table][size=3][color=red][font=宋体]我们从路由表中可以看到,已经可以控制[/font][/color][color=red][font=Times New Roman]AS64512[/font][/color][color=red][font=宋体]内到[/font][/color][color=red][font=Times New Roman]ISP[/font][/color][color=red][font=宋体]的路由路径,但是否可以控制进入[/font][/color][color=red][font=Times New Roman]AS[/font][/color][color=red][font=宋体]的流量路径呢?看下面的现象:[/font][/color][color=red][/color][/size]
[table][tr][td=1,1,568][size=3][font=Times New Roman]ITAA_SUB#p
[/font][/size]
[font=Times New Roman][size=3]Protocol [ip]: [/size][/font]
[font=Times New Roman][size=3]Target IP address: 192.168.100.1[/size][/font]
[font=Times New Roman][size=3]Loose, Strict, Record, Timestamp, Verbose[none]: record[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Reply to request 4 (356 ms).
Received packet has options[/size][/font]
[size=3][font=Times New Roman]
Total option bytes= 40, padded length=40[/font][/size]
[size=3][font=Times New Roman]
Record route:[/font][/size]
[size=3][font=Times New Roman]
(172.16.1.2)[/font][/size]
[size=3][font=Times New Roman]
(192.168.1.6)[/font][/size]
[size=3][font=Times New Roman]
(192.168.100.1)[/font][/size]
[size=3][font=Times New Roman]
[color=red](192.168.1.1)[/color][/font][/size]
[size=3][font=Times New Roman]
(172.16.1.2) <*>[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
End of list[/font][/size]
[size=3][font=Times New Roman]Success rate is 100 percent (5/5), round-trip min/avg/max = 528/804/980 ms[color=red][/color][/font][/size]
[/td][/tr][/table][size=3][color=red][font=宋体]可以看到,回来的数据包依然走的[/font][/color][color=red][font=Times New Roman]ITAA_SUB[/font][/color][color=red][font=宋体]个入口,依然是限制流量的链路。所以我们就要控制[/font][/color][color=red][font=Times New Roman]MED[/font][/color][color=red][font=宋体]属性值来达到进入的入口:[/font][/color][color=red][/color][/size]
[size=3][font=宋体]控制流往[/font][font=Times New Roman]ITAA[/font][font=宋体]自治系统内的入口;(更改[/font][font=Times New Roman]MED[/font][font=宋体]):[/font][/size]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA(config)#route-map ITAA_MAIN_MED per 10[/size][/font]
[font=Times New Roman][size=3]ITAA(config-route-map)#set metric 100[/size][/font]
[font=Times New Roman][size=3]ITAA(config-route-map)#exi[/size][/font]
[font=Times New Roman][size=3]ITAA(config)#router bgp 64512[/size][/font]
[size=3][font=Times New Roman]ITAA(config-router)#nei 192.168.1.5 route-map ITAA_MAIN_MED out
[color=red][/color][/font][/size]
[/td][/tr][/table][color=red][font=Times New Roman][size=3] [/size][/font][/color]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA_SUB#p[/size][/font]
[font=Times New Roman][size=3]Protocol [ip]: [/size][/font]
[font=Times New Roman][size=3]Target IP address: 192.168.100.1[/size][/font]
[font=Times New Roman][size=3]Extended commands [n]: y[/size][/font]
[font=Times New Roman][size=3]Loose, Strict, Record, Timestamp, Verbose[none]: record[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[font=Times New Roman][size=3]Reply to request 0 (800 ms).
Received packet has options[/size][/font]
[size=3][font=Times New Roman]
Total option bytes= 40, padded length=40[/font][/size]
[size=3][font=Times New Roman]
Record route:[/font][/size]
[size=3][font=Times New Roman]
(172.16.1.2)[/font][/size]
[size=3][font=Times New Roman]
(192.168.1.6)[/font][/size]
[size=3][font=Times New Roman]
(192.168.100.1)[/font][/size]
[size=3][font=Times New Roman]
[color=red]
(192.168.1.5)[/color][/font][/size]
[size=3][font=Times New Roman]
(172.16.1.1)[/font][/size]
[size=3][font=Times New Roman]
(172.16.1.2) <*>[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
(0.0.0.0)[/font][/size]
[size=3][font=Times New Roman]
End of list[color=red][/color][/font][/size]
[/td][/tr][/table][size=3][color=red][font=宋体]我们可以清楚的看到,进入[/font][/color][color=red][font=Times New Roman]AS64512[/font][/color][color=red][font=宋体]的数据已经流入了[/font][/color][color=red][font=Times New Roman]ITAA[/font][/color][color=red][font=宋体]这条主链路![/font][/color][color=red][/color][/size]
[color=red][font=Times New Roman][size=3] [/size][/font][/color]
[size=3][font=宋体]在[/font][font=Times New Roman]ITAA[/font][font=宋体]和[/font][font=Times New Roman]ITAA_SUB[/font][font=宋体]分别配置默认路由通往[/font][font=Times New Roman]ISP[/font][font=宋体]:[/font][font=Times New Roman] [/font][/size]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA_SUB(config)#ip default-network 192.168.100.0[/size][/font]
[/td][/tr][/table]
[font=Times New Roman][size=3]
[/size][/font]
[table][tr][td=1,1,568][font=Times New Roman][size=3]ITAA_SUB#sh ip
rou[/size][/font]
[font=Times New Roman][size=3] [/size][/font]
[color=red][size=3][font=Times New Roman]Gateway of last resort is 172.16.1.1 to network 192.168.100.0[/font][/size][/color]
[font=Times New Roman][size=3] [/size][/font]
[size=3][font=Times New Roman]
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks[/font][/size]
[font=Times New Roman][size=3]C
172.16.32.0/24 is directly connected, Loopback0[/size][/font]
[font=Times New Roman][size=3]S
172.16.0.0/16 is directly connected, Null0[/size][/font]
[font=Times New Roman][size=3]C
172.16.1.0/24 is directly connected, Serial1/1[/size][/font]
[font=Times New Roman][size=3]D
172.16.64.0/24 [90/2297856] via 172.16.1.1, 01:34:31, Serial1/1[/size][/font]
[size=3][font=Times New Roman]
192.168.1.0/30 is subnetted, 2 subnets[/font][/size]
[font=Times New Roman][size=3]C
192.168.1.0 is directly connected, Serial1/0[/size][/font]
[font=Times New Roman][size=3]B
192.168.1.4 [200/0] via 172.16.1.1, 00:07:55[/size][/font]
[color=red][size=3][font=Times New Roman]B*
192.168.100.0/24 [200/0] via 172.16.1.1, 00:07:55[/font][/size][/color]
[font=Times New Roman][size=3] [/size][/font]
[/td][/tr][/table]
[size=3][font=Times New Roman]ITAA[/font][font=宋体]上采取相同设置!全部搞定![/font][/size]
[font=Times New Roman][size=3] [/size][/font]
[font=宋体][size=3]结论:[/size][/font]
[font=Times New Roman][size=3]1.[/size]
[size=3]Local-preference[/size][/font][size=3][font=宋体]控制出口,[/font][font=Times New Roman]MED[/font][font=宋体]属性控制入口;[/font][/size]
[font=Times New Roman][size=3]2.[/size]
[size=3]Local-preference[/size][/font][size=3][font=宋体]属性值越高优先级越高,[/font][font=Times New Roman]MED[/font][font=宋体]属性值越低优先级越高(相当于[/font][font=Times New Roman]IGP[/font][font=宋体]中的[/font][font=Times New Roman]Metic[/font][font=宋体])[/font][font=Times New Roman];[/font][/size]
[font=Times New Roman][size=3]3.[/size]
[/font][size=3][color=red][font=宋体]实验证明,相同属性值的[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]邻居哪个先起机(先形成邻接关系),[/font][/color][color=red][font=Times New Roman]BGP[/font][/color][color=red][font=宋体]表就选择哪条[/font][/color][color=red][font=Times New Roman];[/font][/color][/size]
[font=Times New Roman][size=3]4.[/size]
[/font][size=3][font=宋体]配置[/font][font=Times New Roman]eBGP[/font][font=宋体]时一定要注意预防渡越的潜在危险,[/font][font=Times New Roman]BGP[/font][font=宋体]是基于策略的,属性的设置很重要。[/font][/size]
