BGP综合实验拓扑

Feb 25th 22 PNETLab 11 minutes read (About 1689 words)

This is an article that was created 1000 days ago, and the information may have evolved or changed.

在B站看了一个UP主（155和150）上传的视频，感觉挺有意思的，就搭拓扑玩一玩。现在这个视频已经不见了，视频里使用的eNSP模拟器搭建的，我用PNET搭建，模拟器类型不关键。已经删减了一些内容，并加了一些实验需求。

实验主要涉及到的BGP技术的运用，包括有BGP邻居建立、路由加载、路由传递、BGP联盟、路由聚合、路由拆分、团体属性、路由选路、正则表达式、路由过滤、BGP特性、路由阻尼等。

拓扑如图：

实验需求

BGP邻居建立

eBGP之间使用接口建立(联盟内部子AS eBGP除外)，iBGP使用环回接口Lo0建立
R2、R7、R9使用对等体组方式配置
R4、R7、R9为路由反射器

BGP路由加载

R5将ISIS重分布进BGP，R6、R7、R8将ISIS重分布进BGP

R5
router bgp 64100
 redistribute isis level-1

R6、R7、R8
router bgp 64200
 redistribute isis level-2

R5能够正常接收到100.1.1.X的路由，R4不能使用next-hop-self

R4
route-map SET_NH permit 10
 set ip next-hop 120.1.4.4
router bgp 64100
 neighbor iBGP route-map SET_NH out

BGP路由传递

100.1.1.x之间可以通信

R3
neighbor 200.1.103.10 as-override
R6
neighbor 200.1.116.11 as-override
R7
neighbor 200.1.127.12 as-override

R3、R6、R7针对AS 64520移除私有AS号

R3
router bgp 64100
 neighbor 200.1.103.10 remove-private-as all replace-as
R6
router bgp 64200
 neighbor 200.1.116.11 remove-private-as all replace-as
R7
router bgp 64200
 neighbor 200.1.127.12 remove-private-as all replace-as

AS 64540 内部联邦配置

R11
router bgp 64530
 bgp log-neighbor-changes
 bgp confederation identifier 64540
 bgp confederation peers 64531 
 neighbor 100.1.1.12 remote-as 64531
 neighbor 100.1.1.12 disable-connected-check
 neighbor 100.1.1.12 update-source Loopback0
 neighbor 100.1.1.12 next-hop-self
 neighbor 200.1.116.6 remote-as 64200
 
R12
router bgp 64531
 bgp log-neighbor-changes
 bgp confederation identifier 64540
 bgp confederation peers 64530 
 redistribute eigrp 90
 neighbor 100.1.1.11 remote-as 64530
 neighbor 100.1.1.11 disable-connected-check
 neighbor 100.1.1.11 update-source Loopback0
 neighbor 100.1.1.11 next-hop-self
 neighbor 100.1.1.13 remote-as 64531
 neighbor 100.1.1.13 update-source Loopback0
 neighbor 100.1.1.13 next-hop-self
 neighbor 200.1.127.7 remote-as 64200
 
R13
router bgp 64531
 bgp log-neighbor-changes
 bgp confederation identifier 64540
 network 111.1.2.0 mask 255.255.255.0
 network 111.1.3.0 mask 255.255.255.0
 aggregate-address 111.1.0.0 255.255.0.0 as-set summary-only
 neighbor 100.1.1.12 remote-as 64531
 neighbor 100.1.1.12 update-source Loopback0

BGP路由聚合、路由拆分

R5、R6、R7、R8对AS内的互联地址与主机路由汇总为子网掩码为16位的聚合路由（例如：120.1.0.0/16），并防止路由回愦

R5
router bgp 64100
 aggregate-address 123.1.0.0 255.255.0.0 as-set summary-only
 aggregate-address 120.1.0.0 255.255.0.0 as-set summary-only
R6、R7、R8
router bgp 64200
 aggregate-address 145.1.0.0 255.255.0.0 as-set summary-only
 aggregate-address 140.1.0.0 255.255.0.0 as-set summary-only

R5的汇总主机路由，不抑制120.1.4.4/32和 120.1.5.5/32

R5
ip prefix-list UNSUPPRESS seq 5 permit 120.1.4.4/32
ip prefix-list UNSUPPRESS seq 10 permit 120.1.5.5/32

route-map UNSUPPRESS permit 10
 match ip address prefix-list UNSUPPRESS

router bgp 64100
 neighbor 120.1.4.4 unsuppress-map UNSUPPRESS

R6、R7、R8的汇总主机路由，仅抑制145.1.9.9/32 ，并调整聚合路由起源属性为 igp

R6、R7、R8
ip prefix-list SUPPRESS seq 5 permit 140.1.9.9/32

route-map SUPPRESS permit 10
 match ip address prefix-list SUPPRESS
route-map SET_IGP permit 10
 set origin igp

router bgp 64200
 aggregate-address 140.1.0.0 255.255.0.0 as-set summary-only attribute-map SET_IGP suppress-map SUPPRESS

R1去往111.1.0.0/24和111.1.1.0/24下一跳走R5；R2去往111.1.2.0/24和111.1.3.0/24下一跳走R8

R1
ip prefix-list SOURCE_AS64100 seq 5 permit 200.1.15.5/32
ip prefix-list huizong seq 5 permit 111.1.0.0/16
ip prefix-list mingxi seq 5 permit 111.1.0.0/24
ip prefix-list mingxi seq 10 permit 111.1.1.0/24

route-map mingxi permit 10
 set ip address prefix-list mingxi
 set community no-export

route-map huizong permit 10
 match ip address prefix-list huizong
 match ip route-source prefix-list SOURCE_AS64100
 
router bgp 64520
 bgp inject-map mingxi exist-map huizong copy-attributes

R2
ip prefix-list SOURCE_AS64200 seq 5 permit 200.1.28.8/32
ip prefix-list huizong seq 5 permit 111.1.0.0/16
ip prefix-list mingxi seq 5 permit 111.1.2.0/24
ip prefix-list mingxi seq 10 permit 111.1.3.0/24

route-map mingxi permit 10
 set ip address prefix-list mingxi
 set community no-export
route-map huizong permit 10
 match ip address prefix-list huizong
 match ip route-source prefix-list SOURCE_AS64200
 
router bgp 64520
 bgp inject-map mingxi exist-map huizong copy-attributes

BGP选路(MED、AS-Path、Local-Pref)

R8上配置，实现AS 64200访问 120.1.X.X，X为偶数，走R4和R8互联链路；X为奇数，走R3和R6互联链路

R8
access-list 10 permit 120.1.0.0 0.0.254.254
access-list 20 permit 120.1.1.1 0.0.254.254

route-map SET_LP permit 10
 match ip address 10
 set local-preference 120
route-map SET_LP permit 20
 match ip address 20
 set local-preference 99
route-map SET_LP permit 30

router bgp 64200
 neighbor 200.1.48.4 route-map SET_LP in

R6、R8上配置，实现AS 64100 访问 140.1.X.X/32，X为偶数，走R4和R8互联链路；X为奇数，走R3和R6互联链路

R6
access-list 30 permit 140.1.0.0 0.0.254.254
access-list 40 permit 140.1.1.1 0.0.254.254

route-map SET_MED permit 10
 match ip address 30
 set metric 200
route-map SET_MED permit 20
 match ip address 40
 set metric 100
route-map SET_MED permit 30

router bgp 64200
 neighbor 200.1.36.3 route-map SET_MED out

R8
access-list 30 permit 140.1.0.0 0.0.254.254
access-list 40 permit 140.1.1.1 0.0.254.254

route-map SET_MED permit 10
 match ip address 30
 set metric 100
route-map SET_MED permit 20
 match ip address 40
 set metric 200
route-map SET_MED permit 30

router bgp 64200
 neighbor 200.1.48.4 route-map SET_MED out

R1上对起始于AS 64540的任意前缀，AS 64520总是通过R2转发（路由拆分的明细条目除外）

配置 ip as-path列表，匹配AS 64540 开头的路径路由条目，route-map 设置追加AS号使路径变长
R1
ip as-path access-list 100 permit _64540$

route-map AS_PREPEND permit 10
 match as-path 100
 set as-path prepend last-as 3
 
router bgp 64520
 neighbor 200.1.15.5 route-map AS_PREPEND in

BGP路由过滤

R6、R7仅通告 200.1.XY.0/24 与 100.1.1.X/32的路由到 R11、R12

route-map 设置匹配，向R11，R12通告路由进行过滤
R6
ip prefix-list ADV_TO_64540 seq 5 permit 200.1.0.0/16 le 24
ip prefix-list ADV_TO_64540 seq 10 permit 100.1.1.0/24 le 32

route-map ADV_TO_64540 permit 10
 match ip address prefix-list ADV_TO_64540
 
router bgp 64200
 neighbor 200.1.116.11 route-map ADV_TO_64540 out
 
R7
ip prefix-list ADV_TO_64540 seq 5 permit 200.1.0.0/16 le 24
ip prefix-list ADV_TO_64540 seq 10 permit 100.1.1.0/24 le 32

route-map ADV_TO_64540 permit 10
 match ip address prefix-list ADV_TO_64540
 
router bgp 64200
 neighbor 200.1.127.12 route-map ADV_TO_64540 out

R3、R10上配置ORF，使AS 64100仅通告 200.1.XY.0/24 与 100.1.1.X/32的前缀到R10

通过向对等体通告ORF能力可以激活这一feature。表示接受从对等体来的，前缀列表，并把这个前缀列表应用到针对对等体的出站方向。
R10
ip prefix-list FROM_64100 seq 5 permit 200.1.0.0/16 le 24
ip prefix-list FROM_64100 seq 10 permit 100.1.1.0/24 le 32

router bgp 64540
 neighbor 200.1.103.3 capability orf prefix-list send
 neighbor 200.1.103.3 prefix-list FROM_64100 in
 
R3
router bgp 64100
 neighbor 200.1.103.10 capability orf prefix-list receive

BGP 特性

AS 64520 不作为传输型AS 不能使用BGP路由过滤

no-export团体属性
R1
route-map SET_COMM permit 10
 set community no-export
 
router bgp 64520
 neighbor 10.1.2.2 send-community
 neighbor 10.1.2.2 route-map SET_COMM out
 
R2
route-map SET_COMM permit 10
 set community no-export
 
router bgp 64520
 neighbor 10.1.1.1 send-community
 neighbor 10.1.1.1 route-map SET_COMM out

R1与R2之间的iBGP邻居启用MD5认证，密码为cisco

R1
neighbor 10.1.1.1 password cisco

R2
neighbor 10.1.2.2 password cisco

R3上配置，若100.1.1.10/32不稳定，震荡2次抑制传递，并在5min后自动恢复

配置BGP路由惩罚
R3
ip prefix-list DAMPENING seq 5 permit 100.1.1.10/32

route-map DAMPENING permit 10
 match ip address prefix-list DAMPENING
 set dampening 4 750 2000 16
 
router bgp 64100
 bgp dampening route-map DAMPENING

R1上配置，若100.1.1.10路由条目存在，通告默认路由到R2

R1
ip prefix-list EXIST_10 seq 5 permit 100.1.1.10/32

route-map DEFAULT_CONDITION permit 10
 match ip address prefix-list EXIST_10
 set community no-export
 
router bgp 64520
 neighbor 10.1.2.2 default-originate route-map DEFAULT_CONDITION

Ending

文中可能有些配置未提及或内容术语表述的不规范，请见谅。
配置存阿里云盘了，这是链接：[分享的文件]
欢迎“来电”来函探讨。

#Network Emulator #PNETLab #Cisco #BGP