- 浏览: 139893 次
- 性别:
- 来自: 南京
-
文章分类
最新评论
-
weitongyixun:
多谢。。。。。
PL/SQL Developer 高亮括号 -
guojigjkill:
谢了。,对我有用
泛型. -
56148083:
我也看到类似的方式修改oracleXE字符集,安装第一种方法修 ...
Oracle10g Express 版本修改字符集全过程 -
q821424508:
人烟稀少啊
泛型. -
zht110227:
很好,很强大。不过在这个地方:这个是由于VC6.0的INCLU ...
windows XP 调通tuxedo的simpapp所经历的艰苦过程
9.1. Configuring BGP
提问 在网络中启用BGP
回答
Route1在AS 65500中
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#ip address 192.168.55.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 192.168.1.0
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2在AS 65501中
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Serial0
Router2(config-if)#ip address 192.168.55.5 255.255.255.252
Router2(config-if)#exit
Router2(config)#router bgp 65501
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.55.6 remote-as 65500
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
注释 在对BGP验证的时候比较有用的命令是
Router1#show ip bgp summary
BGP router identifier 192.168.99.5, local AS number 65500
BGP table version is 7, main routing table version 7
4 network entries and 4 paths using 484 bytes of memory
2 BGP path attribute entries using 196 bytes of memory
BGP activity 11/7 prefixes, 11/7 paths
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.55.5 4 65501 17 18 7 0 0 00:12:38 2
172.25.2.2 4 65531 527 526 0 0 0 21:05:23 Active
Router1#
需要注意的是理想状态是State里面是数字,尽管是Active也不代表是配置正常,反而是配置出现错误。通过neighbor 172.20.1.2 update-source Loopback0 命令来限制BGP数据包源地址为回环地址,但要确保此地址的连通性
9.2. 使用eBGP Multihop
提问 配置外部BGP,但是不是直连的路由器
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.1.5 2
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 172.20.1.2 remote-as 65530
Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0
Router1(config-router)#neighbor 172.20.1.2 ebgp-multihop 3
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 缺省情况下eBGP的路由器必须是直连的,如果不是直连的就需要使用此命令。一种说法是此跳数越小越好,但是RFC 3682说为了安全还是越大越好,思科在12.3(7)T后也采用了这个建议,使用了neighbor 192.168.55.5 ttl-security hops 1 命令,此命令会丢弃所有TTL小于255-1=254的BGP数据包,这时候如果对端eBGP邻居不支持此特性就必须使用下面的命令来配置neighbor 192.168.55.6 ebgp-multihop 255
9.3. 调整Next-Hop属性值
提问 在iBGP之间宣告路由时候修改下一跳属性值,使其指向内部AS的地址
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.6 remote-as 65500
Router1(config-router)#neighbor 192.168.1.6 next-hop-self
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 正常情况下iBGP之间下一跳属性值是不会修改的,只会在eBGP时会进行修改,而此地址会指向eBGP邻居的地址,而往往内部AS的路由器没有到达此地址的路由。
9.4. 连接两个ISPs
提问 一台路由器连接两个ISP,保证网络冗余
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to ISP #2, ASN 65520
Router1(config-if)#ip address 192.168.2.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 注意此配置不是最佳配置,可能导致内部AS称为两个ISP的transit AS,同时导致自己路由器接收过多路由
9.5. 两台路由器分别连接两个ISP
提问 内部AS有两台路由器,分别连两个ISP保证网络冗余
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 172.18.5.3 remote-as 65500
Router1(config-router)#neighbor 172.18.5.3 next-hop-self
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Serial1
Router2(config-if)#description connection to ISP #2, ASN 65520
Router2(config-if)#ip address 192.168.2.6 255.255.255.252
Router2(config-if)#exit
Router2(config)#interface Ethernet0
Router2(config-if)#description connection to internal network, ASN 65500
Router2(config-if)#ip address 172.18.5.3 255.255.255.0
Router2(config-if)#exit
Router2(config)#ip as-path access-list 15 permit ^$
Router2(config)#router bgp 65500
Router2(config-router)#network 172.18.5.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.2.5 remote-as 65520
Router2(config-router)#neighbor 192.168.2.5 filter-list 15 out
Router2(config-router)#neighbor 172.18.5.2 remote-as 65500
Router2(config-router)#neighbor 172.18.5.2 next-hop-self
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
注释
9.6. 限制向BGP 对端的网络宣告
提问 限制特定的路由公告给对端的AS
回答
有三种方法,第一种是扩展ACL
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 105 deny ip host 172.25.0.0 host 255.255.0.0
Router1(config)#access-list 105 permit ip any any
Router1(config)#route-map ACL-RT-FILTER permit 10
Router1(config-route-map)#match ip address 105
Router1(config-route-map)#exit
Router1(config)#route-map ACL-RT-FILTER deny 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map ACL-RT-FILTER in
Router1(config-router)#exit
Router1(config)#end
Router1#
第二种是使用distribute-list:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 106 deny ip host 172.25.0.0 host 255.255.0.0
Router1(config)#access-list 106 permit ip any any
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 distribute-list 106 in
Router1(config-router)#exit
Router1(config)#end
Router1#
第三种也是最常用的是使用prefix lists
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip prefix-list PREFIX-FILTER seq 10 deny 172.25.0.0/16
Router1(config)#ip prefix-list PREFIX-FILTER seq 20 permit 0.0.0.0/0 le 32
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 prefix-list PREFIX-FILTER in
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 前两种使用的扩展ACL比较奇特,第一个host是子网,第二个host是子网掩码,而不是传统目的地址,所以host 172.25.0.0 host 255.255.0.0 就代表网络172.25.0.0/16,如果用正常的ACL就实现不了对无类网络的控制。所以推荐使用第三种方式prefixlist,此列表支持序列号,可以帮助你修改和插入新的条目 ge是大于,le是小于,控制子网掩码permit 0.0.0.0/0 le 32就是变相的permit any
9.7. 调整Local Preference属性值
提问 调整Local Preference属性值来控制路由选择
回答
第一种全局
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#bgp default local-preference 200
Router1(config-router)#exit
Router1(config)#end
Router1#
第二种使用route map控制
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip prefix-list LOW_LP_PREFIXES seq 10 permit 172.22.0.0/16
Router1(config)#route-map LOCALPREF permit 10
Router1(config-route-map)#match ip address prefix-list LOW_LP_PREFIXES
Router1(config-route-map)#set local-preference 50
Router1(config-route-map)#exit
Router1(config)#route-map LOCALPREF permit 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map LOCALPREF in
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 此local preference属性值只在内部AS有用,选路级别高于AS Path。此值越大优先级越高,缺省值为100。Show ip bgp命令可以看到各个路由的local preference属性值
9.8. 负载均衡
提问 在BGP邻居之间的多链路上负载均衡流量
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#maximum-paths 4
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 正常情况下BGP选路策略会保证只有一条路径,通过此命令可以增加到4条,不过要确保所有属性值相同,包括MED属性。同时注意此负载均衡只针对出流量而不适合入流量
9.9. 在AS Path属性值中清除私有ASNs
提问 避免内网中的私有ASN传播到互联网
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 1
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to private network, ASN 65500
Router1(config-if)#ip address 192.168.5.1 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 2
Router1(config-router)#neighbor 192.168.5.2 remote-as 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 1
Router1(config-router)#neighbor 192.168.1.5 remove-private-AS
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 注意此命令是不能删除那些在公共ASN之间的私有ASN
9.10. 基于AS Path属性值的路由过滤
提问 基于接收或者发送路由的AS Path属性值进行路由过滤
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^65501$
Router1(config)#ip as-path access-list 25 permit _65530_
Router1(config)#ip as-path access-list 25 deny _65531$
Router1(config)#ip as-path access-list 25 permit .*
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 in
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 filter-list 25 out
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 正则表达式过滤
9.11. 减少接收到的路由表大小
提问 通过汇总接收到路由的方式来减少所接收的路由表大小
回答
通过缺省路由的方式来过滤到过多的外部路由
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.0 1
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.102.0 2
Router1(config)#ip prefix-list CREATE-DEFAULT seq 10 permit 192.168.101.0/24
Router1(config)#ip prefix-list CREATE-DEFAULT seq 20 permit 192.168.102.0/24
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#exit
Router1(config)#end
Router1#
注释
9.12. 出方向路由信息汇总
提问 在向下游路由器发送路由表之前进行路由汇总
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#auto-summary
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 这是缺省行为,但是是有类的汇总,并且只能针对再分发过来的路由,不能适用于network命令配置的路由。思科使用了如下命令对出方向路由进行汇总
Router3(config)#router bgp 65530
Router3(config-router)#aggregate-address 172.20.0.0 255.252.0.0 summary-only
Summaryonly选项只发布汇总路由,去掉后会发送汇总路由和子网路由,而为了避免回环建议添加as-set选项
9.13. 在AS Path属性值中添加更多ASN
提问 通过增加AS Path属性中ASN的数目来影响BGP选路
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#match as-path 15
Router1(config-route-map)#set as-path prepend 65500 65500 65500
Router1(config-route-map)#exit
Router1(config)#route-map PREPEND permit 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map PREPEND out
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 通过这种方式来影响入流量
9.14. 再发布路由到BGP
提问 IGP和BGP之间的再分发
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 100
Router1(config-router)#network 172.26.0.0 0.0.255.255 area 0
Router1(config-router)#redistribute bgp 65500 metric 500 subnets
Router1(config-router)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#network 172.26.0.0
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2(config)#route-map REDIST permit 5
Router2(config-route-map)#match tag 123
Router2(config-route-map)#exit
Router2(config)#route-map REDIST deny 10
Router2(config-route-map)#match route-type external
Router2(config-route-map)#exit
Router2(config)#route-map REDIST permit 20
Router2(config-route-map)#exit
Router2(config)#router bgp 65520
Router2(config-router)#redistribute eigrp 99 route-map REDIST metric 500
注释
9.15. 使用Peer Groups
提问 使用组的形式来简化对多个相同属性邻居的配置
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor EBGP-PEERS peer-group
Router1(config-router)#neighbor EBGP-PEERS prefix-list PRE-RTFILTER in
Router1(config-router)#neighbor EBGP-PEERS filter-list 15 out
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.9 remote-as 65521
Router1(config-router)#neighbor 192.168.1.9 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.13 remote-as 65522
Router1(config-router)#neighbor 192.168.1.13 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.17 remote-as 65523
Router1(config-router)#neighbor 192.168.1.17 peer-group EBGP-PEERS
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 当然也可以针对iBGP邻居
Router1(config)#router bgp 6550
Router1(config-router)#neighbor IBGP-PEERS peer-group
Router1(config-router)#neighbor IBGP-PEERS update-source Loopback0
Router1(config-router)#neighbor IBGP-PEERS route-reflector-client
Router1(config-router)#neighbor 192.168.101.5 remote-as 65500
Router1(config-router)#neighbor 192.168.101.5 peer-group IBGP-PEERS
Router1(config-router)#neighbor 192.168.101.9 remote-as 65500
Router1(config-router)#neighbor 192.168.101.9 peer-group IBGP-PEERS
9.16. BGP邻居认证
提问 使用认证增加安全性
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#neighbor 192.168.55.5 password password-1234
Router1(config-router)#exit
Router1(config)#end
Router1#
注释
9.17. 使用BGP Communities
提问 使用BGP Communities来对路由进行控制
回答
首先要通过route map的方式针对邻居设定希望的Communities值
Router3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#ip prefix-list 10.101/16 seq 5 permit 10.101.0.0/16
Router3(config)#ip prefix-list 10.102/16 seq 5 permit 10.102.0.0/16
Router3(config)#ip prefix-list 10.103/16 seq 5 permit 10.103.0.0/16
Router3(config)#ip prefix-list 10.104/16 seq 5 permit 10.104.0.0/16
Router3(config)#ip prefix-list 10.105/16 seq 5 permit 10.105.0.0/16
Router3(config)#route-map APPLY_COMMUNITY_A permit 10
Router3(config-route-map)#match ip address prefix-list 10.101/16
Router3(config-route-map)#set community no-advertise
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 20
Router3(config-route-map)#match ip address prefix-list 10.102/16
Router3(config-route-map)#set community no-export
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 30
Router3(config-route-map)#match ip address prefix-list 10.103/16
Router3(config-route-map)#set community local-AS
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 40
Router3(config-route-map)#match ip address prefix-list 10.104/16
Router3(config-route-map)#set community internet
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 50
Router3(config-route-map)#match ip address prefix-list 10.105/16
Router3(config-route-map)#set community 4293328976
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 100
Router3(config-route-map)#exit
Router3(config)#router bgp 65500
Router3(config-router)#no synchronization
Router3(config-router)#neighbor 172.18.5.3 remote-as 65500
Router3(config-router)#neighbor 172.18.5.3 next-hop-self
Router3(config-router)#neighbor 172.18.5.3 send-community both
Router3(config-router)#neighbor 172.18.5.10 remote-as 65500
Router3(config-router)#neighbor 172.18.5.10 next-hop-self
Router3(config-router)#neighbor 172.18.5.10 send-community both
Router3(config-router)#neighbor 192.168.1.9 remote-as 65520
Router3(config-router)#neighbor 192.168.1.9 send-community both
Router3(config-router)#neighbor 192.168.1.9 route-map APPLY_COMMUNITY_A in
Router3(config-router)#exit
Router3(config)#end
Router3#
在下游路由器上配置命令使其可以分发此Community值
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#router bgp 65500
Router2(config-router)#no synchronization
Router2(config-router)#neighbor 172.18.5.4 remote-as 65500
Router2(config-router)#neighbor 172.18.5.4 send-community both
Router2(config-router)#neighbor 172.18.5.10 remote-as 65500
Router2(config-router)#neighbor 172.18.5.10 send-community both
Router2(config-router)#no auto-summary
Router2(config-router)#exit
Router2(config)#end
Router2#
注释 通过定义local-as,no-advertise,no-export,internet四种不同community属性值的方式来限制路由公告的范围
9.18. 使用BGP Route Reflectors
提问 通过路由反射器的方式来简化iBGP邻居关系
回答
只要针对三种不同角色路由器的配置
Router1是Client Peer:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Ethernet0/0
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Loopback0
Router1(config-if)#ip address 172.18.6.1 255.255.255.255
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#no synchronization
Router1(config-router)#neighbor 172.18.6.2 remote-as 65500
Router1(config-router)#neighbor 172.18.6.2 next-hop-self
Router1(config-router)#neighbor 172.18.6.2 update-source Loopback0
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#exit
Router1(config)#ip route 172.18.6.2 255.255.255.255 172.18.5.3
Router1(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router1(config)#ip route 172.18.6.4 255.255.255.255 172.18.5.10
Router1(config)#end
Router1#
Router4 是Nonclient Peer:
Router4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router4(config)#interface Ethernet0
Router4(config-if)#ip address 172.18.5.10 255.255.255.0
Router4(config-if)#exit
Router4(config)#interface Loopback0
Router4(config-if)#ip address 172.18.6.4 255.255.255.255
Router4(config-if)#exit
Router4(config)#router bgp 65500
Router4(config-router)#no synchronization
Router4(config-router)#neighbor 172.18.6.2 remote-as 65500
Router4(config-router)#neighbor 172.18.6.2 update-source Loopback0
Router4(config-router)#exit
Router4(config)#ip route 172.18.6.1 255.255.255.255 172.18.5.2
Router4(config)#ip route 172.18.6.2 255.255.255.255 172.18.5.3
Router4(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router4(config)#end
Router4#
R2是 Route Reflector
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 172.18.5.3 255.255.255.0
Router2(config-if)#exit
Router2(config)#interface Loopback0
Router2(config-if)#ip address 172.18.6.2 255.255.255.255
Router2(config-if)#exit
Router2(config)#router bgp 65500
Router2(config-router)#no synchronization
Router2(config-router)#neighbor 172.18.6.1 remote-as 65500
Router2(config-router)#neighbor 172.18.6.1 route-reflector-client
Router2(config-router)#neighbor 172.18.6.1 update-source Loopback0
Router2(config-router)#neighbor 172.18.6.3 remote-as 65500
Router2(config-router)#neighbor 172.18.6.3 route-reflector-client
Router2(config-router)#neighbor 172.18.6.3 update-source Loopback0
Router2(config-router)#neighbor 172.18.6.4 remote-as 65500
Router2(config-router)#neighbor 172.18.6.4 update-source Loopback0
Router2(config-router)#no auto-summary
Router2(config-router)#exit
Router2(config)#ip route 172.18.6.1 255.255.255.255 172.18.5.2
Router2(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router2(config)#ip route 172.18.6.4 255.255.255.255 172.18.5.10
Router2(config)#end
Router2#
注释 路由反射器是解决要求iBGP全互联的问题。不过为了保证冗余性还是要配置多个路由反射器,使用bgp cluster-id 1234命令来定义cluster
9.19. 汇总实验
提问 结合前面的方法,重新配置一台路由器两个冗余链路的情况
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to ISP #2, ASN 65520
Router1(config-if)#ip address 192.168.2.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.0 1
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.102.0 2
Router1(config)#ip prefix-list CREATE-DEFAULT seq 10 permit 192.168.101.0/24
Router1(config)#ip prefix-list CREATE-DEFAULT seq 20 permit 192.168.102.0/24
Router1(config)#ip prefix-list BLOCK-DEFAULT seq 10 permit 0.0.0.0/0 ge 1
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#set as-path prepend 65500 65500
Router1(config-route-map)#exit
Router1(config)#route-map LOCALPREF permit 10
Router1(config-route-map)#set local-preference 75
Router1(config-route-map)#exit
Router1(config)#route-map DEFAULT-ROUTE permit 10
Router1(config-route-map)#match ip address prefix-list CREATE-DEFAULT
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 172.18.5.3 remote-as 65500
Router1(config-router)#neighbor 172.18.5.3 password password_number1
Router1(config-router)#neighbor 172.18.5.3 default-origniate route-map DEFAULT-ROUTE
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 password password_number2
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
Router1(config-router)#neighbor 192.168.1.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#neighbor 192.168.1.5 prefix-list BLOCK-DEFAULT out
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 password password_number3
Router1(config-router)#neighbor 192.168.2.5 filter-list 15 out
Router1(config-router)#neighbor 192.168.2.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#neighbor 192.168.2.5 prefix-list BLOCK-DEFAULT out
Router1(config-router)#neighbor 192.168.2.5 route-map PREPEND out
Router1(config-router)#neighbor 192.168.2.5 route-map LOCALPREF in
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
发表评论
-
E1端口与E1-F端口连接
2008-08-03 03:26 1280E1端口与E1-F端口连接 2008年05月06日 星期 ... -
cisco show interface详解 翻译中文
2008-08-03 16:34 1616Router#show interface e0/0 Et ... -
Cisco E1配置白皮书
2008-08-03 16:40 1414E1知识点总结 1、一条E1是2.048M的链路,用PC ... -
cisco IOS cookbook 中文精简版 1-23 路由器配置和文件管理
2008-08-03 17:26 1262第一章路由器配置和文件管理路由器配置和文件管理1.1. 通 ... -
cisco IOS cookbook 中文精简版 2-23 路由器管理
2008-08-03 17:31 10432.1. 创建命令别名 提问 为常用的命令创建简洁的别名回 ... -
Cisco IOS Cookbook 中文精简版 3-23 用户访问和权限管理
2008-08-03 17:36 12033.1. 设置用户名和密码 提问 为每个单独的人员设置不同 ... -
Cisco IOS Cookbook 中文精简版 4-23 TACAS+
2008-08-03 17:38 10674.1. 用户登录集中鉴权提问 使用集中的鉴权方式对用户登 ... -
Cisco IOS Cookbook 中文精简版 5-23 IP路由
2008-08-03 17:39 11775.1. 查找路由条目提问 在路由表中查找特定的路由条目回 ... -
Cisco IOS Cookbook 中文精简版 6-23 RIP
2008-08-03 17:40 9496.1. 配置RIP(V1)提问 在简单的网络中启用RIP ... -
Cisco IOS Cookbook 中文精简版 7-23 EIGRP
2008-08-03 17:41 821发表于:2007-3-13 14:20 7. ... -
Cisco IOS Cookbook 中文精简版 8-23 OSPF
2008-08-03 17:42 9598.1. 配置OSPF提问 NT-F ... -
Cisco IOS Cookbook 中文精简版 10-23 帧中继
2008-08-03 17:46 97010.1. 使用点对点子接口的方式配置帧中继提问 &quo ... -
Cisco IOS Cookbook 中文精简版 11-23 队列和拥塞
2008-08-03 17:48 1370第十一章队列和拥塞11.1. Fast Switching ... -
Cisco IOS Cookbook 中文精简版 13-23 拨号备份
2008-08-03 17:50 954提问 当广域网链路中断 得时候自动拨号恢复备份链路回答Rou ... -
Cisco IOS Cookbook 中文精简版 12-23 隧道和VPN
2008-08-03 17:50 126112.1. 创建Tunnel 提问 ="FONT ... -
Cisco IOS Cookbook 中文精简版 14-23 NTP和时钟
2008-08-03 17:51 137314.1. 路由器日志显示时间戳提问 在路由器 的日志和排 ... -
Cisco IOS Cookbook 中文精简版 17-23 SNMP
2008-08-03 17:53 170517.1. 配置SNMP 提问 FONT-FAMILY: ... -
Cisco IOS Cookbook 中文精简版 16-23 路由器接口
2008-08-03 17:53 123216.1. 查看接口状态 ... -
Cisco IOS Cookbook 中文精简版 18-23 日志
2008-08-03 17:55 145718.1. 启用本地路由器日志提问 实现路由器自身保存日志 ... -
Cisco IOS Cookbook 中文精简版 19-23 访问列表
2008-08-03 17:56 114419.1. 基于源或者目的地址过滤提问 阻止来自某地址或者 ...
相关推荐
《Cisco IOS Cookbook 中文精简版 完全版》是一本深入浅出的Cisco网络设备配置指南,旨在帮助网络管理员和工程师快速掌握Cisco IOS(Internetwork Operating System)的使用技巧和配置方法。这本书以实例为主,提供...
《Cisco IOS Cookbook中文精简版》是一本专为网络管理员量身打造的实践指南,它涵盖了Cisco路由器和交换机操作系统的各种使用技巧和解决方案。这本书深入浅出地讲解了Cisco IOS(Internetwork Operating System)中...
- **Cisco IOS Cookbook™**:收集了一系列Cisco设备的配置示例。 - **DNS & BIND Cookbook™**:针对DNS服务器的配置指南。 - **Essential SNMP**:介绍简单网络管理协议(SNMP)的基础知识和高级应用。 - **Ethernet...
晋城市-晋城市-街道行政区划_140500_Shp数据-wgs84坐标系.rar
内容概要:本文档汇总了46个经典的Linux面试题及其答案,涵盖了Linux系统操作的基本命令和概念。内容涉及路径表示与目录切换、进程管理、文件和目录操作、权限设置、文件内容查看等多个方面。每个问题都给出了明确的答案,旨在帮助面试者全面掌握Linux命令行操作技能,同时加深对Linux系统原理的理解。 适合人群:准备Linux相关职位面试的求职者,尤其是有一定Linux基础但缺乏实战经验的技术人员。 使用场景及目标:①用于个人自学或面试前复习,巩固Linux基础知识;②作为企业内部培训资料,帮助员工提升Linux操作水平;③为初学者提供系统化的学习指南,快速入门Linux命令行操作。 其他说明:文档内容侧重于实际操作命令的讲解,对于每个命令不仅提供了基本语法,还解释了具体应用场景,有助于读者更好地理解和记忆。建议读者在学习过程中多加练习,将理论知识转化为实际操作能力。
街道级行政区划shp数据,wgs84坐标系,直接下载使用。
内容概要:本文提供了10道华中杯C++竞赛真题的详细解析,涵盖多种基础编程技能与高级特性。每道题目不仅包含详细的解题思路和代码实现,还附带了完整的运行结果。具体包括:函数参数传递(指针实现)、宏定义比较、数组元素打印、几何图形面积计算、字符串拼接、素数判断、多态的实现、文件操作、简单计算器和学生信息管理。这些题目帮助读者深入理解C++语言的核心概念和技术应用。 适合人群:对C++有一定了解的编程初学者和中级开发者,尤其是准备参加编程竞赛的学生或程序员。 使用场景及目标:①作为编程练习和竞赛备考资料,帮助读者掌握C++的基本语法和常用算法;②通过实际代码示例加深对C++特性的理解,如指针、宏定义、面向对象编程等;③提供完整的源码供读者参考和调试,增强动手能力和问题解决能力。 阅读建议:建议读者按照题目难度逐步学习,先理解题目背景和解题思路,再仔细研读代码实现,并尝试独立编写和调试代码。同时,鼓励读者扩展思考,探索更多可能的解决方案,以提高编程水平。
街道级行政区划shp数据,wgs84坐标系,直接使用。
街道级行政区划shp数据,wgs84坐标系,直接使用。
通用计算器的设计FPGA.doc
晋城市-沁水县-街道行政区划_140521_Shp数据-wgs84坐标系.rar
赤峰市-松山区-街道行政区划_150404_Shp数据-wgs84坐标系.rar
JAVA中Stream编程常见的方法分类
街道级行政区划shp数据,wgs84坐标系,直接使用。
大同市-浑源县-街道行政区划_140225_Shp数据-wgs84坐标系.rar
包头市-昆都仑区-街道行政区划_150203_Shp数据-wgs84坐标系.rar
街道级行政区划shp矢量数据,wgs84坐标系,下载直接使用
街道级行政区划shp数据,wgs84坐标系,直接下载使用。