CCIE TS3 Internet 题目
TS3 Internet 题目实验
目录
TS3 Internet 题目实验... 1
一、拓扑... 1
二、需求:... 2
三、配置基本步骤:... 2
步骤1, R2、R3、R4、R5、SW1运行IGP-OSPF,区域请参照图中配置区域0和区域12
步骤3、R1和R2、R3建立eBGP邻居关系,R1上通告其环回口,R2、R3、R4、R5之间建立iBGP邻居关系3
步骤4、让R1得到AS 65001的路由... 4
一、拓扑
请不要关注SW2,模拟环境和SW2无关,SW1采用了3750模拟器,所以为快速以太口
二、需求:
最下面VLAN 11所在主机(R32)10.1.1.100与BGP(65333)区域的R1拥有的地址4.2.2.2通信
三、配置基本步骤:
步骤1, R2、R3、R4、R5、SW1运行IGP-OSPF,区域请参照图中配置区域0和区域1
为了方便期间我们直接在接口下运行OSPF
此处给出R2的配置
R2(config)#router ospf 110R2(config-router)#router-id 100.2.2.2R2(config)#int loopback0R2(config-if)#ip ospf 110 area 0R2(config-if)#int e0/1R2(config-if)#ip ospf 110 a 0R2(config-if)#int e1/1R2(config-if)#ip ospf 110 a 0R2(config)#int e0/3 R2(config-if)#ip ospf 110 a 0 |
|---|
检查步骤,查看邻居:
R4#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
100.2.2.2 1 FULL/BDR 00:00:37 10.0.0.17 Ethernet0/0
100.3.3.3 1 FULL/DR 00:00:39 10.0.0.25 Ethernet2/0
100.6.6.6 1 FULL/BDR 00:00:33 10.1.0.2 Ethernet1/1
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
100.2.2.2 1 FULL/BDR 00:00:31 10.0.0.53 Ethernet1/0
100.4.4.4 1 FULL/BDR 00:00:33 10.0.0.26 Ethernet0/3
100.5.5.5 1 FULL/BDR 00:00:35 10.0.0.30 Ethernet0/2
步骤2、最下面的设备模拟主机(R32),以SVI 11作为默认网关。请注意SW1的SVI 11一定要通告进OSPF
R32(config)#no ip routingR32(config)#ip default-gateway 10.1.1.1R32(config)#interface Ethernet0/0R32(config-if)# ip address 10.1.1.100 255.255.255.0R32(config-if)# no ip route-cacheSW1的配置:SW1(config)#vlan 11SW1(config)#interface vlan 11SW1(config)# no switchportSW1(config)# ip address 10.1.0.10 255.255.255.252SW1(config-if)#ip ospf 110 area 1 |
|---|
验证步骤:
主机依赖默认网关去通信,我们先查看和网关的通信:
R32#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1,timeout is 2 seconds:
!!!!!
再来验证和其他设备的通信情况
R32#ping 100.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to100.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),round-trip min/avg/max = 20/34/72 ms
步骤3、R1和R2、R3建立eBGP邻居关系,R1上通告其环回口,R2、R3、R4、R5之间建立iBGP邻居关系
部分设备配置如下
R1(config)#router bgp 65333R1(config-router)#neighbor 201.12.34.2 remote-as 65001R1(config-router)#neighbor 202.12.34.2 remote-as 65001R1(config-router)#network 4.2.2.2 mask 255.255.255.255!R2(config-router)# router bgp 65001R2(config-router)# no synchronizationR2(config-router)# bgp log-neighbor-changesR2(config-router)# neighbor 100.3.3.3 remote-as 65001R2(config-router)# neighbor 100.3.3.3 update-source Loopback0R2(config-router)# neighbor 100.3.3.3 next-hop-selfR2(config-router)# neighbor 100.4.4.4 remote-as 65001R2(config-router)# neighbor 100.4.4.4 update-source Loopback0R2(config-router)# neighbor 100.4.4.4 next-hop-self---不要忘记针对iBGP邻居指定下一跳自我,否则R4和R5不会优化路由,不会放入路由表R2(config-router)# neighbor 100.5.5.5 remote-as 65001R2(config-router)# neighbor 100.5.5.5 update-source Loopback0R2(config-router)# neighbor 100.5.5.5 next-hop-selfR2(config-router)# neighbor 201.12.34.1 remote-as 65333R2(config-router)# no auto-summary!R4(config-router)#router bgp 65001R4(config-router)# no synchronizationR4(config-router)# bgp log-neighbor-changesR4(config-router)# neighbor 100.2.2.2 remote-as 65001R4(config-router)# neighbor 100.2.2.2 update-source Loopback0R4(config-router)# neighbor 100.3.3.3 remote-as 65001R4(config-router)# neighbor 100.3.3.3 update-source Loopback0R4(config-router)# neighbor 100.5.5.5 remote-as 65001R4(config-router)# neighbor 100.5.5.5 update-source Loopback0R4(config-router)# no auto-summary |
|---|
验证步骤:
R2#show ip bgp summary
BGP router identifier 100.2.2.2, local ASnumber 65001
BGP table version is 17, main routing tableversion 17
16 network entries using 1872 bytes ofmemory
32 path entries using 1664 bytes of memory
11/5 BGP path/bestpath attribute entries using1364 bytes of memory
1 BGP AS-PATH entries using 24 bytes ofmemory
0 BGP route-map cache entries using 0 bytesof memory
0 BGP filter-list cache entries using 0bytes of memory
BGP using 4924 total bytes of memory
BGP activity 16/0 prefixes, 32/0 paths,scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.3.3.3 4 65001 33 33 17 0 0 00:23:48 1
100.4.4.4 4 65001 19 24 17 0 0 00:15:45 0
100.5.5.5 4 65001 25 31 17 0 0 00:21:51 0
201.12.34.1 4 65333 37 32 17 0 0 00:25:39 1
步骤4、让R1得到AS 65001的路由
到现在R1还没得到AS 65001的路由,我们可以在R2和R3上重分步OSPF的路由到BGP
R2(config)#router bgp 65001
R2(config-router)#redistribute ospf 110match internal external
!
R3(config)#router bgp 65001
R3(config-router)#redistribute ospf 110match internal external
注意此时SW1其实没有任何路由去往4.2.2.2,因为我们没有在R4或这R5上进行重分步。为了让SW1得到路由,我们可以在R4和R5产生一条OSPF的默认路由:
R4(config)#router ospf 110
R4(config-router)#default-informationoriginate always
!
R5(config-router)#router ospf 110
R5(config-router)#default-informationoriginate always
查看SW1的路由:
SW1#show ip route ospf
100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA 100.4.4.4/32 [110/2] via 10.1.0.1, 01:20:11, FastEthernet1/0
O IA 100.5.5.5/32 [110/2] via 10.1.0.9, 01:20:11, FastEthernet1/1
O IA 100.2.2.2/32 [110/12] via 10.1.0.9, 01:04:34, FastEthernet1/1
[110/12] via 10.1.0.1,01:04:34, FastEthernet1/0
O IA 100.3.3.3/32 [110/12] via 10.1.0.9, 01:15:05, FastEthernet1/1
[110/12] via 10.1.0.1,01:20:11, FastEthernet1/0
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
O 10.1.0.12/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1
O IA 10.0.0.24/30 [110/11] via 10.1.0.1, 01:20:11, FastEthernet1/0
O IA 10.0.0.28/30 [110/11] via 10.1.0.9, 01:15:00, FastEthernet1/1
O IA 10.0.0.16/30 [110/11] via 10.1.0.1, 01:20:02, FastEthernet1/0
O IA 10.0.0.20/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1
O IA 10.0.0.32/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1
O IA 10.0.0.52/30 [110/21] via 10.1.0.9, 01:20:11, FastEthernet1/1
[110/21] via 10.1.0.1,01:20:11, FastEthernet1/0
O*E2 0.0.0.0/0 [110/1] via 10.1.0.9,00:35:23, FastEthernet1/1
[110/1] via 10.1.0.1, 00:36:04,FastEthernet1/0
查看R1的路由(R1在考试时不能配置):
R1#show ip route bgp
100.0.0.0/32 is subnetted, 5 subnets
B 100.4.4.4 [20/11] via 202.12.34.2, 00:38:09
B 100.5.5.5 [20/11] via 202.12.34.2, 00:38:09
B 100.6.6.6 [20/21] via 202.12.34.2, 00:38:09
B 100.2.2.2 [20/0] via 201.12.34.2, 00:38:40
B 100.3.3.3 [20/0] via 202.12.34.2, 00:38:09
10.0.0.0/8 is variably subnetted, 10 subnets,2 masks
B 10.1.0.8/30 [20/20] via 202.12.34.2, 00:38:10
B 10.1.0.12/30 [20/20] via 202.12.34.2, 00:38:10
B 10.1.1.0/24 [20/21] via 202.12.34.2, 00:38:10
B 10.1.0.0/30 [20/20] via 202.12.34.2, 00:38:10
B 10.0.0.24/30 [20/0] via 202.12.34.2, 00:38:10
B 10.0.0.28/30 [20/0] via 202.12.34.2, 00:38:10
B 10.0.0.16/30 [20/0] via 201.12.34.2, 00:38:40
B 10.0.0.20/30 [20/0] via 201.12.34.2, 00:38:40
B 10.0.0.32/30 [20/20] via 202.12.34.2, 00:38:10
B 10.0.0.52/30 [20/0] via 201.12.34.2, 00:38:40
验证:
SW1#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2,timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-tripmin/avg/max = 36/91/180 ms
SW1#traceroute 4.2.2.2
Type escape sequence to abort.
Tracing the route to 4.2.2.2
110.1.0.9 76 msec
10.1.0.1 80 msec
10.1.0.9 16 msec
210.0.0.17 72 msec
10.0.0.21 72 msec
10.0.0.17 24 msec
3201.12.34.1 148 msec
如果要达到数据包负载的效果,请在交换机上关掉CEF:
SW1(config)#no ip cef
R32#traceroute 4.2.2.2
Type escape sequence to abort.
Tracing the route to 4.2.2.2
110.1.1.1 64 msec 76 msec 28 msec
210.1.0.9 64 msec
10.1.0.1 32 msec
10.1.0.9 32 msec
310.0.0.17 60 msec
10.0.0.21 28 msec
10.0.0.17 20 msec
4201.12.34.1 80 msec * 152 msec
当然在R2和R3上其实也可以采用通告的方式让R1得到路由,请去掉之前的重分步
R2(config)#router bgp 65001R2(config-router)#no redistribute ospf 110 match internal external R2(config-router)#network 10.1.1.0 mask 255.255.255.0R2(config-router)#network 10.1.0.0 mask 255.255.255.252R2(config-router)#network 10.1.0.8 mask 255.255.255.252!R2(config)#router bgp 65001R3(config-router)#no redistribute ospf 110 match internal external R3(config-router)#network 10.1.1.0 mask 255.255.255.0R3(config-router)#network 10.1.0.0 mask 255.255.255.252R3(config-router)#network 10.1.0.8 mask 255.255.255.252这里可以汇总BGP路由,查看summary-only的情况其实没有影响:R3(config-router)#aggregate-address 10.0.0.0 255.0.0.0 summary-onlyR2(config-router)#aggregate-address 10.0.0.0 255.0.0.0 summary-only |
|---|
最后的验证:
查看R1:
R1#sh ip bgp
BGP table version is 88, local router ID is4.2.2.2
Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.2.2.2/32 0.0.0.0 0 32768 i
* 10.0.0.0 202.12.34.2 0 0 65001 i
*> 201.12.34.2 0 0 65001 i
R1#show ip route bgp
B 10.0.0.0/8 [20/0] via 201.12.34.2, 00:03:52
R32#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2,timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),round-trip min/avg/max = 12/55/128 ms
R32#trac
R32#traceroute 4.2.2.2
Type escape sequence to abort.
Tracing the route to 4.2.2.2
110.1.1.1 72 msec 76 msec 12 msec
210.1.0.9 24 msec
10.1.0.1 104 msec
10.1.0.9 36 msec
310.0.0.17 20 msec
10.0.0.21 72 msec
10.0.0.17 664 msec
4201.12.34.1 88 msec
错误点总结:
A、注意查看policy-map,R5有一个错误点是用PBR把下一跳指向了null 0
B、R1和R2或者(R3)BGP邻居指错, R2 R3上的BGP进程下的10.0.0.0/8的summary-only汇总,no掉summary-only,保持汇总(这个其实没有任何影响)
C、R13(或者R5)有一个和PC相同的地址(通告到了OSPF或者重分步)影响路由,去掉该通告
D、SW1上的VLAN11没宣告导致没有该网段的路由(强烈建议在主机所在网段的SVI接口下做ip ospf XXarea 1)
E、SW1 SVI 11接口“no ip route-cache cef”要保留该配置,因为图片要求负载均衡
F、R2和R3没有针对R4、R5做下一跳自我,导致R4和R5没有4.2.2.2的路由
附上所有设备的参考配置:
R1:hostname R1!ip cefinterface Loopback0 ip address 4.2.2.2 255.255.255.255!!interface Serial2/0 ip address 201.12.34.1 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable!interface Serial2/1 ip address 202.12.34.1 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable!router bgp 65333 no synchronization bgp log-neighbor-changes network 4.2.2.2 mask 255.255.255.255 neighbor 201.12.34.2 remote-as 65001 neighbor 202.12.34.2 remote-as 65001 no auto-summaryR2的配置:hostname R2ip cef!interface Loopback0 ip address 100.2.2.2 255.255.255.255 ip ospf 110 area 0!!interface Ethernet0/1 ip address 10.0.0.21 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet0/2 no ip address shutdown half-duplex!interface Ethernet0/3 ip address 10.0.0.17 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet1/1 ip address 10.0.0.53 255.255.255.252 ip ospf 110 area 0 half-duplex!!interface Serial2/0 ip address 201.12.34.2 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable!!interface Serial2/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!router ospf 110 router-id 100.2.2.2 log-adjacency-changes!router bgp 65001 no synchronization bgp log-neighbor-changes network 10.1.0.0 mask 255.255.255.252 network 10.1.0.8 mask 255.255.255.252 network 10.1.1.0 mask 255.255.255.0 redistribute ospf 110 neighbor 100.3.3.3 remote-as 65001 neighbor 100.3.3.3 update-source Loopback0 neighbor 100.3.3.3 next-hop-self neighbor 100.4.4.4 remote-as 65001 neighbor 100.4.4.4 update-source Loopback0 neighbor 100.4.4.4 next-hop-self neighbor 100.5.5.5 remote-as 65001 neighbor 100.5.5.5 update-source Loopback0 neighbor 100.5.5.5 next-hop-self neighbor 201.12.34.1 remote-as 65333 no auto-summaryR3的配置:hostname R3ip cefinterface Loopback0 ip address 100.3.3.3 255.255.255.255 ip ospf 110 area 0!!interface Ethernet0/2 ip address 10.0.0.29 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet0/3 ip address 10.0.0.25 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet1/0 ip address 10.0.0.54 255.255.255.252 ip ospf 110 area 0 half-duplex!!interface Serial2/0 ip address 202.12.34.2 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable!!router ospf 110 log-adjacency-changes!router bgp 65001 no synchronization bgp log-neighbor-changes network 10.1.0.0 mask 255.255.255.252 network 10.1.0.8 mask 255.255.255.252 network 10.1.1.0 mask 255.255.255.0 redistribute ospf 110 neighbor 100.2.2.2 remote-as 65001 neighbor 100.2.2.2 update-source Loopback0 neighbor 100.2.2.2 next-hop-self neighbor 100.4.4.4 remote-as 65001 neighbor 100.4.4.4 update-source Loopback0 neighbor 100.4.4.4 next-hop-self neighbor 100.5.5.5 remote-as 65001 neighbor 100.5.5.5 update-source Loopback0 neighbor 100.5.5.5 next-hop-self neighbor 202.12.34.1 remote-as 65333 no auto-summaryR4的配置:hostname R4!ip cefinterface Loopback0 ip address 100.4.4.4 255.255.255.255 ip ospf 110 area 0!interface Ethernet0/0 ip address 10.0.0.18 255.255.255.252 ip ospf 110 area 0 half-duplexinterface Ethernet1/1 ip address 10.1.0.1 255.255.255.252 ip ospf 110 area 1 half-duplex!!interface Ethernet1/3 ip address 10.0.0.33 255.255.255.252 half-duplex!interface Ethernet2/0 ip address 10.0.0.26 255.255.255.252 ip ospf 110 area 0 half-duplex!router ospf 110 log-adjacency-changes default-information originate always!router bgp 65001 no synchronization bgp log-neighbor-changes neighbor 100.2.2.2 remote-as 65001 neighbor 100.2.2.2 update-source Loopback0 neighbor 100.3.3.3 remote-as 65001 neighbor 100.3.3.3 update-source Loopback0 neighbor 100.5.5.5 remote-as 65001 neighbor 100.5.5.5 update-source Loopback0 no auto-summaryR5的配置:hostname R5!ip cefinterface Loopback0 ip address 100.5.5.5 255.255.255.255 ip ospf 110 area 0!interface Ethernet0/0 ip address 10.0.0.22 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet0/1 ip address 10.0.0.30 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet0/2 ip address 10.0.0.34 255.255.255.252 ip ospf 110 area 0 half-duplex!interface Ethernet0/3 ip address 10.1.0.9 255.255.255.252 ip ospf 110 area 1 half-duplex!interface Ethernet1/0 ip address 10.1.0.13 255.255.255.252 ip ospf 110 area 1 half-duplex!!router ospf 110 log-adjacency-changes default-information originate always!router bgp 65001 no synchronization bgp log-neighbor-changes neighbor 100.2.2.2 remote-as 65001 neighbor 100.2.2.2 update-source Loopback0 neighbor 100.3.3.3 remote-as 65001 neighbor 100.4.4.4 remote-as 65001 no auto-summarySW1的配置:hostname SW1!no ip cef!!!!!interface Loopback0 ip address 100.6.6.6 255.255.255.252 ip ospf 110 area 1!interface FastEthernet1/0 no switchport ip address 10.1.0.2 255.255.255.252 ip ospf 110 area 1 no cdp enable!interface FastEthernet1/1 no switchport ip address 10.1.0.10 255.255.255.252 ip ospf 110 area 1 no cdp enable!!interface Vlan11 ip address 10.1.1.1 255.255.255.0 ip ospf 110 area 1!router ospf 110 router-id 100.6.6.6 log-adjacency-changes主机的配置:hostname R32!no ip cefinterface Ethernet0/0 ip address 10.1.1.100 255.255.255.0 no ip route-cache half-duplex!ip default-gateway 10.1.1. |
|---|
腾讯云开发者
