两台路由器的BGP实战策略路由分发需求实战方案设计

R1R2有两根线路相连,使用BGPR1有两组路由,192.168.1.0/24192.168.2.0/24,当两根线都通的状态下,两组路由流量分散平衡在两个线路上,当其中任意一根断的情况下,只通192.168.1.0/24流量。

方法1

【R1配置】
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.2.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 ebgp-multihop 2
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 timers 1 3
neighbor 10.1.12.2 remote-as 2
neighbor 10.1.12.2 timers 1 3
neighbor 10.2.12.2 remote-as 2
neighbor 10.2.12.2 timers 1 3
maximum-paths 2
!
address-family ipv4
  neighbor 2.2.2.2 activate
  neighbor 10.1.12.2 activate
  neighbor 10.2.12.2 activate
  maximum-paths 2
  no auto-summary
  no synchronization
  network 192.168.1.0
  network 192.168.2.0
exit-address-family
!
no ip http server
no ip http secure-server
ip route 2.2.2.2 255.255.255.255 FastEthernet0/0 10.2.12.2
ip route 2.2.2.2 255.255.255.255 FastEthernet1/0 10.1.12.2
!

【R2配置】
!
ip sla monitor 1
type echo protocol ipIcmpEcho 10.2.12.1 source-interface FastEthernet0/0
ip sla monitor schedule 1 start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 10.1.12.1 source-interface FastEthernet1/0
ip sla monitor schedule 2 start-time now
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 list boolean and
object 1
object 2
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.2.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 timers 1 3
neighbor 10.1.12.1 remote-as 1
neighbor 10.1.12.1 timers 1 3
neighbor 10.2.12.1 remote-as 1
neighbor 10.2.12.1 timers 1 3
maximum-paths 2
!
address-family ipv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 distribute-list 1 in
  neighbor 10.1.12.1 activate
  neighbor 10.1.12.1 distribute-list 2 in
  neighbor 10.2.12.1 activate
  neighbor 10.2.12.1 distribute-list 2 in
  maximum-paths 2
  no auto-summary
  no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 10.2.12.1 track 3
ip route 1.1.1.1 255.255.255.255 10.1.12.1 track 3
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255

方法2

R2修改方案,为企业方

ip sla monitor 1
type echo protocol ipIcmpEcho 10.2.12.1 source-interface FastEthernet0/0
ip sla monitor schedule 1 start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 10.1.12.1 source-interface FastEthernet1/0
ip sla monitor schedule 2 start-time now
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 list boolean and
object 1
object 2
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.2.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 timers 1 3
neighbor 10.1.12.1 remote-as 1
neighbor 10.1.12.1 timers 1 3
neighbor 10.2.12.1 remote-as 1
neighbor 10.2.12.1 timers 1 3
maximum-paths 2
!
address-family ipv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 distribute-list 1 out
  neighbor 10.1.12.1 activate
  neighbor 10.1.12.1 distribute-list 2 out
  neighbor 10.2.12.1 activate
  neighbor 10.2.12.1 distribute-list 2 out
  maximum-paths 2
  no auto-summary
  no synchronization
  network 192.168.1.0
  network 192.168.2.0
exit-address-family
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 10.2.12.1 track 3
ip route 1.1.1.1 255.255.255.255 10.1.12.1 track 3
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255

R1上down其中一个接口
R2提示
R2#
*Mar  1 02:34:50.951: %BGP-5-ADJCHANGE: neighbor 10.1.12.1 Down BGP Notification sent
R2#
*Mar  1 02:34:50.955: %BGP-3-NOTIFICATION: sent to neighbor 10.1.12.1 4/0 (hold time expired) 0 bytes
R2#
R2#
R2#
R2#
R2#
*Mar  1 02:35:00.387: %TRACKING-5-STATE: 2 rtr 2 reachability Up->Down
*Mar  1 02:35:00.555: %TRACKING-5-STATE: 3 list boolean and Up->Down
R2#
*Mar  1 02:35:02.939: %BGP-3-NOTIFICATION: received from neighbor 1.1.1.1 4/0 (hold time expired) 0 bytes
R2#
*Mar  1 02:35:02.947: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down BGP Notification received
R1的路由表
R1#sh ip ro b
B    192.168.1.0/24 [20/0] via 10.2.12.2, 00:03:24

方法3

使用advertise-map来解决,但有些IOS不支持。

(R1)  Config:
router bgp 1
no synchronization
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.2.0
redistribute connected route-map redis_conn (目的是想将两条外线路由弄进bgp 路由表,方便后面的advertise-map检测这两条路由的存在性来决定是否要发布次要网段)
neighbor 12.1.1.2 remote-as 2
neighbor 12.1.1.2 update-source Serial1/0
neighbor 12.1.1.2 advertise-map dist_out2 exist-map line2(如果外线2正常,外线2的路由就会重分发进bgpl路由表,就通告出次要路由,此时如果2正常,且能从s1/0【一线端口】通告给邻居路由,说明1先也正常,即都正常。如果2线断线,端口就会down,route-map  redis_conn,也就不会将line2这条路有分布进bgp路由表,就不会宣告次要路由,也是有点类似交叉建邻居的方法,下面同理)
neighbor 12.1.2.2 remote-as 2
neighbor 12.1.2.2 update-source Serial1/1
neighbor 12.1.2.2 advertise-map dist_out2 exist-map line1
no auto-summary
!

ip prefix-list dist_out2 seq 5 permit 192.168.2.0/24
!
ip prefix-list line1 seq 5 permit 12.1.1.0/30(外线一路由)
!         
ip prefix-list line2 seq 5 permit 12.1.2.0/30(外线二路由)
!

route-map redis_conn permit 10
match interface Serial1/0 Serial1/1

route-map dist_out2 permit 10
match ip address prefix-list dist_out2
!

route-map line2 permit 10
match ip address prefix-list line2
!
route-map line1 permit 10
match ip address prefix-list line1
!

ISP(R2)  Config:     (ISP的配置很简单,基本什么都不做,实际来说,用户有什么需求,最好做在CE上面,PE上在能满足的要求的情况下,尽量精简配置,节约资源)
router bgp 2
no synchronization
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 1
neighbor 12.1.1.1 update-source Serial1/0
neighbor 12.1.2.1 remote-as 1
neighbor 12.1.2.1 update-source Serial1/1
no auto-summar

本文出自 “天才没有那1%是万万不行的” 博客,请务必保留此出处http://xushen.blog.51cto.com/1673219/1617890


发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注