BGP大型企業網工程案例一《來源于網際網路》

BGP大型企業網工程案例一

實驗需求分析

某公司,總部在北京,在全國每個省都設有分公司（本實驗模拟出兩個省網）。現在要求各省的分公司能與總公司實作通信。公司的業務主要分為辦公和生産兩種。要求高品質的傳輸，是以建議将網絡資料流量運作在兩個平面上，一個生産平面，以及一個辦公平面。生産平面在左邊，辦公平面在右邊。要求嚴格控制。考慮到此公司的規模較大，将網絡分為多個自治系統，每個省占一個，其中總部單獨劃出一個，進行全國的資料彙總,為此網絡的骨幹核心網絡。每個自治系統間靠 BGP傳遞路由,自治系統内運作 OSPF。(因為是模拟器實驗，是以有關廣域網的技術就不做了，這裡主是要做 BGP的組網)

實驗組網需求：

實驗拓撲如上圖所示.其中 BGP AS 65000為全國骨幹網,下面的兩個省網從左到右分别為湖北和湖南。全國骨幹網内部運作 OSPF，以及 BGP。R1和 R2為同簇雙 RR，分别與所有省連接配接點路由器建立 RRC關系．資料中心運作 OSPF區域 1,在 RT1和 RT2釋出彙總路由到區域

0.在 RT1、RT2上，釋出全國骨幹網彙總的鍊路及網管路由，及釋出資料中心彙總的生産、辦公、鍊路及網管的路由到 BGP中。

AS65001為湖北省網，RT9、RT10為省網出口路由器，運作 BGP，釋出湖北省省網彙總的生産、辦公、鍊路及網管的路由，并使用 EBGP上聯全國骨幹網湖北省節點 RT3、RT4；RT9、RT10向省網釋出 OSPF預設路由。

AS65002為湖南省網，RT13、RT14為省網出口路由器，運作 BGP，釋出湖南省省網彙總的生産、辦公、鍊路及網管的路由，并使用 EBGP上聯全國骨幹網湖南省節點 RT5、RT6； RT13、RT14向省網釋出 OSPF預設路由。

資料中心、湖北、湖南省網中的核心交換機運作 HSRP/VRRP，其中生産業務的主網關在左邊(編号為奇數的裝置)，辦公業務的網關在右邊(編号為偶數的裝置)。整網使用路由政策進行業務分流；生産業務主路徑走左邊，辦公業務主路徑走右邊。

OSPF配置規範：在任何不需要形成 OSPF鄰居的接口上，配置 OSPF被動接口，配置點對點以太網的 OSPF網絡類型為點對點，以加快收斂速度；各區域必須依據 IP位址規劃做好路由彙總。

BGP配置要求：no synchronization;no auto-summary;使用 loopback0建立 IBGP鄰居；IBGP鄰居上配置 next-hop-self。WAN鍊路都是 8Mbps，平面間鍊路 OSPF COST都修改為 400,網絡類型為點對點。

IP位址規劃：

本網采用先業務後地區配置設定方法進行 IP位址規劃因為是全國性的網絡我們使用 10.0.0.0/8位址段進行配置設定，這裡的業務隻有生産業務和辦公業務再加上互聯鍊路及網管，隻需借 2位就夠用，全國共有 30多個省，我們配置設定 6位為地區位，64個足夠用的。

10.業務位（2位）地區位（6位）.子業務位（8位）.子網位主機位

各地區 IP位址段

IP位址配置設定表

配置步驟：全國骨幹網調測

1 全國骨幹網基本連通性調測：RT1、RT2、RT3、RT4、RT5、RT6的基本資訊、鍊路、IGP配置及測試。

2 OSPF配置配置接口 bandwith與實體帶寬一緻（全國骨幹網的廣域網鍊路都是 8Mbps）；調整平面間鍊路的 OSPF Cost為 400；RT1－RT2、RT3－RT4、RT5－RT6；在各省節點路由器（RT3、RT4、RT5、RT6）上，network邊界網段至 OSPF，

并配置被動接口。

一.各鍊路基本配置及調測（略）二.各區域 IGP調測

骨幹網及資料中心 IGP調測：

RT1：

router ospf 1

router-id 10.0.0.1

area 1 range 10.1.0.0 255.255.0.0

area 1 range 10.65.0.0 255.255.0.0//為區域 1路由彙總

area 1 range 10.129.0.0 255.255.0.0

network 10.0.0.1 0.0.0.0 area 0

network 10.0.1.0 0.0.0.3 area 0

network 10.0.1.4 0.0.0.3 area 0

network 10.0.1.20 0.0.0.3 area 0

network 10.1.1.0 0.0.0.3 area 1

default-information originate always metric 1000 //下發預設路由

int f1/0

ip ospf network point-to-point//修改網絡類型為點對點平面間開銷為 400

ip ospf cost 400

int f2/0

ip ospf network point-to-point

RT2：

router-id 10.0.0.2

network 10.0.0.2 0.0.0.0 area 0

network 10.0.1.8 0.0.0.3 area 0

network 10.0.1.24 0.0.0.3 area 0

network 10.1.1.4 0.0.0.3 area 1 default-information originate always metric 1000 //下發預設路由 int f1/0 ip ospf network point-to-point//修改網絡類型為點對點平面間開銷為 400 ip ospf cost 400 int f2/0 ip ospf network point-to-point

SW15： router ospf 1

router-id 10.1.0.1

passive-interface default

no passive-interface f1/0

no passive-interface vlan 901

network 10.1.0.1 0.0.0.0 area 1

network 10.1.1.8 0.0.0.3 area 1

network 10.65.1.0 0.0.0.255 area 1

network 10.129.1.0 0.0.0.255 area 1

int vlan 901

SW16： router ospf 1

router-id 10.1.0.2

network 10.1.0.2 0.0.0.0 area 1

network 10.1.1.4 0.0.0.3 area 1

ip ospf cost 400 RT3: router ospf 1

router-id 10.0.0.3

redistribute connected metric 1000 metric-type 1 subnets

passive-interface FastEthernet2/0//不能與其它 AS形成 OSPF鄰居

network 10.0.0.3 0.0.0.0 area 0

network 10.0.1.12 0.0.0.3 area 0RT4： router ospf 1

router-id 10.0.0.4

redistribute connected metric 1000 metric-type 1 subnets //重分布直連

passive-interface FastEthernet2/0

network 10.0.0.4 0.0.0.0 area 0

network 10.0.1.12 0.0.0.3 area 0 RT5: router ospf 1

router-id 10.0.0.5

network 10.0.0.5 0.0.0.0 area 0

network 10.0.1.28 0.0.0.3 area 0RT6： router ospf 1

router-id 10.0.0.6

network 10.0.0.6 0.0.0.0 area 0

network 10.0.1.28 0.0.0.3 area 0湖北網 IGP調測：RT9： router ospf 1

router-id 10.3.0.1

network 10.3.0.1 0.0.0.0 area 0

network 10.3.1.0 0.0.0.3 area 0

network 10.3.1.4 0.0.0.3 area 0

default-information originate always metric 3000 metric-type 1

int f3/0

ip ospf cost 400 RT10：

router ospf 1 router-id 10.3.0.2 redistribute connected metric 1000 metric-type 1 subnets passive-interface FastEthernet2/0 network 10.3.0.2 0.0.0.0 area 0 network 10.3.1.0 0.0.0.3 area 0 network 10.3.1.8 0.0.0.3 area 0 default-information originate always metric 3000 metric-type 1 int f3/0 ip ospf network point-to-point int f1/0 ip ospf network point-to-point ip ospf cost 400

SW7:

router ospf 1 router-id 10.3.0.3 passive-interface default no passive-interface FastEthernet1/1 no passive-interface Vlan901 network 10.3.0.3 0.0.0.0 area 0 network 10.3.1.4 0.0.0.3 area 0 network 10.3.1.12 0.0.0.3 area 0 network 10.67.1.0 0.0.0.255 area 0 network 10.131.1.0 0.0.0.255 area 0 int f1/1 ip ospf network point-to-point int vlan 901 ip ospf network point-to-point ip ospf cost 400

SW8:

router ospf 1 router-id 10.3.0.4 passive-interface default no passive-interface FastEthernet1/1 no passive-interface Vlan901 network 10.3.0.4 0.0.0.0 area 0 network 10.3.1.8 0.0.0.3 area 0 network 10.3.1.12 0.0.0.3 area 0 network 10.67.1.0 0.0.0.255 area 0 network 10.131.1.0 0.0.0.255 area 0 int f1/1

ip ospf cost 400湖南省網調測： RT13: router ospf 1

router-id 10.4.0.1

network 10.4.0.1 0.0.0.0 area 0

network 10.4.1.0 0.0.0.3 area 0

network 10.4.1.4 0.0.0.3 area 0

RT14:

router-id 14.14.14.14

network 10.4.0.2 0.0.0.0 area 0

network 10.4.1.8 0.0.0.3 area 0

SW11:

router-id 10.4.0.3

no passive-interface f1/1

network 10.4.0.3 0.0.0.0 area 0

neighbor as65000-rrc update-source Loopback0 neighbor as65000-rrc route-reflector-client neighbor as65000-rrc next-hop-self neighbor 10.0.0.3 peer-group as65000-rrc neighbor 10.0.0.4 peer-group as65000-rrc neighbor 10.0.0.5 peer-group as65000-rrc neighbor 10.0.0.6 peer-group as65000-rrc no auto-summary

ip route 10.0.0.0 255.255.0.0 Null0RT3： router bgp 65000

no synchronization neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.2 next-hop-self neighbor 10.0.9.2 remote-as 65001 no auto-summary

RT4：

router bgp 65000 no synchronization neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.2 next-hop-self neighbor 10.0.9.6 remote-as 65001 no auto-summary

RT5: router bgp 65000

no synchronization neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.2 next-hop-self neighbor 10.0.9.10 remote-as 65002 no auto-summary

RT6:

router bgp 65000 no synchronization neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.2 next-hop-self neighbor 10.0.9.14 remote-as 65002 no auto-summary

湖北省出口 BGP配置：

RT9:

router bgp 65001 no synchronization network 10.3.0.0 mask 255.255.0.0 network 10.67.0.0 mask 255.255.0.0 network 10.131.0.0 mask 255.255.0.0 neighbor 10.0.9.1 remote-as 65000 neighbor 10.3.0.2 remote-as 65001 neighbor 10.3.0.2 update-source Loopback0 neighbor 10.3.0.2 next-hop-self no auto-summary

ip route 10.3.0.0 255.255.0.0 Null0 ip route 10.67.0.0 255.255.0.0 Null0 ip route 10.131.0.0 255.255.0.0 Null0

RT10:

router bgp 65001 no synchronization network 10.3.0.0 mask 255.255.0.0 network 10.67.0.0 mask 255.255.0.0 network 10.131.0.0 mask 255.255.0.0 neighbor 10.0.9.5 remote-as 65000 neighbor 10.3.0.1 remote-as 65001 neighbor 10.3.0.1 update-source Loopback0 neighbor 10.3.0.2 next-hop-self no auto-summary

湖南省出口 BGP配置：

RT13：

router bgp 65002 no synchronization network 10.68.0.0 mask 255.255.0.0 network 10.132.0.0 mask 255.255.0.0 network 10.4.0.0 mask 255.255.0.0 neighbor 10.0.9.9 remote-as 65000 neighbor 10.4.0.2 remote-as 65002 neighbor 10.4.0.2 update-source Loopback0 no auto-summary

ip route 10.4.0.0 255.255.0.0 Null0 ip route 10.68.0.0 255.255.0.0 Null0 ip route 10.132.0.0 255.255.0.0 Null0RT14： router bgp 65002

no synchronization network 10.4.0.0 mask 255.255.0.0 network 10.68.0.0 mask 255.255.0.0 network 10.132.0.0 mask 255.255.0.0 neighbor 10.0.9.13 remote-as 65000 neighbor 10.4.0.1 remote-as 65002 neighbor 10.4.0.1 update-source Loopback0 no auto-summary

ip route 10.4.0.0 255.255.0.0 Null0 ip route 10.68.0.0 255.255.0.0 Null0 ip route 10.132.0.0 255.255.0.0 Null0

四、路由傳播控制

省網隻向全國骨幹通告本 AS的路由

RT9： ip as-path access-list 10 permit ^$ router bgp 65001 neighbor 10.0.9.1 filter-list 10 out RT10: ip as-path access-list 10 permit ^$ router bgp 65001 neighbor 10.0.9.5 filter-list 10 out RT13:ip as-path access-list 10 permit ^$

router bgp 65002 neighbor 10.0.9.9 filter-list 10 out RT14: ip as-path access-list 10 permit ^$ router bgp 65002 neighbor 10.0.9.13 filter-list 10 out

全國骨幹網隻允許省網通告該省的路由

RT3： ip prefix-list hubei seq 5 permit 10.3.0.0/16 ip prefix-list hubei seq 10 permit 10.67.0.0/16 ip prefix-list hubei seq 15 permit 10.131.0.0/16 router bgp 65000 neighbor 10.0.9.2 prefix-list hubei in RT4: ip prefix-list hubei seq 5 permit 10.3.0.0/16 ip prefix-list hubei seq 10 permit 10.67.0.0/16 ip prefix-list hubei seq 15 permit 10.131.0.0/16 router bgp 65000 neighbor 10.0.9.6 prefix-list hubei in RT5: ip prefix-list hunan seq 5 permit 10.4.0.0/16 ip prefix-list hunan seq 10 permit 10.68.0.0/16 ip prefix-list hunan seq 15 permit 10.132.0.0/16 router bgp 65000 neighbor 10.0.9.10 prefix-list hunan in RT6: ip prefix-list hunan seq 5 permit 10.4.0.0/16 ip prefix-list hunan seq 10 permit 10.68.0.0/16 ip prefix-list hunan seq 15 permit 10.132.0.0/16 router bgp 65000 neighbor 10.0.9.14 prefix-list hunan in

五、BGP業務分流

RT9： ip prefix-list BG seq 5 permit 10.129.0.0/16 ip prefix-list BG seq 10 permit 10.132.0.0/16 ip prefix-list SC seq 5 permit 10.65.0.0/16 ip prefix-list SC seq 10 permit 10.68.0.0/16 route-map hubei permit 10

match ip address prefix-list SC set local-preference 500 route-map hubei permit 20

match ip address prefix-list BG

set metric 1000 route-map hubei permit 30 router bgp 65001 neighbor 10.0.9.1 route-map hubei inRT13： ip prefix-list BG seq 5 permit 10.129.0.0/16 ip prefix-list BG seq 10 permit 10.131.0.0/16 ip prefix-list SC seq 5 permit 10.65.0.0/16 ip prefix-list SC seq 10 permit 10.67.0.0/16 route-map hunan permit 10

match ip address prefix-list SC set local-preference 500

route-map hunan permit 20 match ip address prefix-list BG set metric 1000

route-map hunan permit 30 router bgp 65002

neighbor 10.0.9.9 route-map hunan in RT3: ip prefix-list BG seq 5 permit 10.131.0.0/16 ip prefix-list SC seq 5 permit 10.67.0.0/16 route-map hubei-in permit 10

route-map hubei-in permit 20 match ip address prefix-list BG set metric 1000

route-map hubei-in permit 30 router bgp 65000

neighbor 10.0.9.2 route-map hubei-in in RT5: ip prefix-list BG seq 5 permit 10.132.0.0/16 ip prefix-list SC seq 5 permit 10.68.0.0/16 route-map hunan-in permit 10

route-map hunan-in permit 20 match ip address prefix-list BG set metric 1000

route-map hunan-in permit 30 router bgp 65000 neighbor 10.0.9.2 route-map hunan-in in