实战 | F1060 IPV6 BGP4+与静态路由重分布典型组网配置案例
实战 | F1060 IPV6 BGP4+与静态路由重分布典型组网配置案例
网络技术联盟站
发布于 2020-05-19 17:57:54
发布于 2020-05-19 17:57:54
文章被收录于专栏:网络技术联盟站
组网及说明
组网说明:
本案例采用H3C HCL模拟器的F1060来模拟IPV6 BGP4+与静态路由重分布的典型组网配置。FW1与FW2运行BGP4+路由协议,FW2与FW3运行静态路由协议,为了实现物理机能够PING通FW3,因此需要在FW2配置BGP4+与静态路由重分布。
配置步骤
1. 按照网络拓扑图正确配置IP地址
2. FW1与FW2运行BGP4+路由协议
3. FW2与FW3运行静态路由协议
4. FW2配置BGP4+与静态路由重分布
配置关键点
FW1:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname FW1
[FW1]acl ipv6 basic 2001
[FW1-acl-ipv6-basic-2001]rule 0 permit source any
[FW1-acl-ipv6-basic-2001]quit
[FW1]zone-pair security source trust destination untrust
[FW1-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001
[FW1-zone-pair-security-Trust-Untrust]quit
[FW1]
[FW1]zone-pair security source untrust destination trust
[FW1-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001
[FW1-zone-pair-security-Untrust-Trust]quit
[FW1]
[FW1]zone-pair security source trust destination local
[FW1-zone-pair-security-Trust-Local]packet-filter ipv6 2001
[FW1-zone-pair-security-Trust-Local]quit
[FW1]
[FW1]zone-pair security source local destination trust
[FW1-zone-pair-security-Local-Trust]packet-filter ipv6 2001
[FW1-zone-pair-security-Local-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination local
[FW1-zone-pair-security-Untrust-Local]packet-filter ipv6 2001
[FW1-zone-pair-security-Untrust-Local]quit
[FW1]
[FW1]zone-pair security source local destination untrust
[FW1-zone-pair-security-Local-Untrust]packet-filter ipv6 2001
[FW1-zone-pair-security-Local-Untrust]quit
[FW1]
[FW1]zone-pair security source trust destination trust
[FW1-zone-pair-security-Trust-Trust]packet-filter ipv6 2001
[FW1-zone-pair-security-Trust-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination untrust
[FW1-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001
[FW1-zone-pair-security-Untrust-Untrust]quit
[FW1]int gi 1/0/2
[FW1-GigabitEthernet1/0/2]ipv6 address 1::1 64
[FW1-GigabitEthernet1/0/2]quit
[FW1]int gi 1/0/3
[FW1-GigabitEthernet1/0/3]des <connect to FW2>
[FW1-GigabitEthernet1/0/3]ipv6 address 2::1 64
[FW1-GigabitEthernet1/0/3]quit
[FW1]int loopback 0
[FW1-LoopBack0]ip address 1.1.1.1 32
[FW1-LoopBack0]quit
[FW1]int loopback 1
[FW1-LoopBack1]ipv6 address 4::1 64
[FW1-LoopBack1]quit
[FW1]security-zone name Trust
[FW1-security-zone-Trust]import interface GigabitEthernet 1/0/2
[FW1-security-zone-Trust]quit
[FW1]security-zone name Untrust
[FW1-security-zone-Untrust]import interface GigabitEthernet 1/0/3
[FW1-security-zone-Untrust]import interface LoopBack 0
[FW1-security-zone-Untrust]import interface LoopBack 1
[FW1-security-zone-Untrust]quitFW1 BGP4+配置关键点:
[FW1]bgp 100
[FW1-bgp-default]router-id 1.1.1.1
[FW1-bgp-default]peer 2::2 as-number 200
[FW1-bgp-default]address-family ipv6 unicast
[FW1-bgp-default-ipv6]peer 2::2 enable
[FW1-bgp-default-ipv6]import-route direct
[FW1-bgp-default-ipv6]network 1:: 64
[FW1-bgp-default-ipv6]quit
[FW1-bgp-default]quitFW2:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname FW2
[FW2]acl ipv6 basic 2001
[FW2-acl-ipv6-basic-2001]rule 0 permit source any
[FW2-acl-ipv6-basic-2001]quit
[FW2]zone-pair security source trust destination untrust
[FW2-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001
[FW2-zone-pair-security-Trust-Untrust]quit
[FW2]
[FW2]zone-pair security source untrust destination trust
[FW2-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001
[FW2-zone-pair-security-Untrust-Trust]quit
[FW2]
[FW2]zone-pair security source trust destination local
[FW2-zone-pair-security-Trust-Local]packet-filter ipv6 2001
[FW2-zone-pair-security-Trust-Local]quit
[FW2]
[FW2]zone-pair security source local destination trust
[FW2-zone-pair-security-Local-Trust]packet-filter ipv6 2001
[FW2-zone-pair-security-Local-Trust]quit
[FW2]
[FW2]zone-pair security source untrust destination local
[FW2-zone-pair-security-Untrust-Local]packet-filter ipv6 2001
[FW2-zone-pair-security-Untrust-Local]quit
[FW2]
[FW2]zone-pair security source local destination untrust
[FW2-zone-pair-security-Local-Untrust]packet-filter ipv6 2001
[FW2-zone-pair-security-Local-Untrust]quit
[FW2]
[FW2]zone-pair security source trust destination trust
[FW2-zone-pair-security-Trust-Trust]packet-filter ipv6 2001
[FW2-zone-pair-security-Trust-Trust]quit
[FW2]
[FW2]zone-pair security source untrust destination untrust
[FW2-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001
[FW2-zone-pair-security-Untrust-Untrust]quit
[FW2]int gi 1/0/3
[FW2-GigabitEthernet1/0/3]des <connect to FW1>
[FW2-GigabitEthernet1/0/3]ipv6 address 2::2 64
[FW2-GigabitEthernet1/0/3]quit
[FW2]int gi 1/0/4
[FW2-GigabitEthernet1/0/4]des <connect to FW3>
[FW2-GigabitEthernet1/0/4]ipv6 address 3::2 64
[FW2-GigabitEthernet1/0/4]quit
[FW2]int loopback 0
[FW2-LoopBack0]ip address 2.2.2.2 32
[FW2-LoopBack0]quit
[FW2]int loopback 1
[FW2-LoopBack1]ipv6 address 5::1 64
[FW2-LoopBack1]quit
[FW2]security-zone name Trust
[FW2-security-zone-Trust]import interface GigabitEthernet 1/0/3
[FW2-security-zone-Trust]quit
[FW2]security-zone name Untrust
[FW2-security-zone-Untrust]import interface GigabitEthernet 1/0/4
[FW2-security-zone-Untrust]import interface LoopBack 0
[FW2-security-zone-Untrust]import interface LoopBack 1
[FW2-security-zone-Untrust]quitFW2 BGP4+与静态重分布配置关键点:
[FW2]bgp 200
[FW2-bgp-default]router-id 2.2.2.2
[FW2-bgp-default]peer 2::1 as-number 100
[FW2-bgp-default]address-family ipv6 unicast
[FW2-bgp-default-ipv6]import-route direct
[FW2-bgp-default-ipv6]import-route static
[FW2-bgp-default-ipv6]peer 2::1 enable
[FW2-bgp-default-ipv6]quit
[FW2-bgp-default]quit
[FW2]ipv6 route-static 6:: 64 3::1FW3:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname FW3
[FW3]acl ipv6 basic 2001
[FW3-acl-ipv6-basic-2001]rule 0 permit source any
[FW3-acl-ipv6-basic-2001]quit
[FW3]zone-pair security source trust destination untrust
[FW3-zone-pair-security-Trust-Untrust]packet-filter ipv6 2001
[FW3-zone-pair-security-Trust-Untrust]quit
[FW3]
[FW3]zone-pair security source untrust destination trust
[FW3-zone-pair-security-Untrust-Trust]packet-filter ipv6 2001
[FW3-zone-pair-security-Untrust-Trust]quit
[FW3]
[FW3]zone-pair security source trust destination local
[FW3-zone-pair-security-Trust-Local]packet-filter ipv6 2001
[FW3-zone-pair-security-Trust-Local]quit
[FW3]
[FW3]zone-pair security source local destination trust
[FW3-zone-pair-security-Local-Trust]packet-filter ipv6 2001
[FW3-zone-pair-security-Local-Trust]quit
[FW3]
[FW3]zone-pair security source untrust destination local
[FW3-zone-pair-security-Untrust-Local]packet-filter ipv6 2001
[FW3-zone-pair-security-Untrust-Local]quit
[FW3]
[FW3]zone-pair security source local destination untrust
[FW3-zone-pair-security-Local-Untrust]packet-filter ipv6 2001
[FW3-zone-pair-security-Local-Untrust]quit
[FW3]
[FW3]zone-pair security source trust destination trust
[FW3-zone-pair-security-Trust-Trust]packet-filter ipv6 2001
[FW3-zone-pair-security-Trust-Trust]quit
[FW3]
[FW3]zone-pair security source untrust destination untrust
[FW3-zone-pair-security-Untrust-Untrust]packet-filter ipv6 2001
[FW3-zone-pair-security-Untrust-Untrust]quit
[FW3]int loopback 0
[FW3-LoopBack0]ip address 3.3.3.3 32
[FW3-LoopBack0]quit
[FW3]int loopback 1
[FW3-LoopBack1]ipv6 address 6::1 64
[FW3-LoopBack1]quit
[FW3]int gi 1/0/4
[FW3-GigabitEthernet1/0/4]des <connect to FW2>
[FW3-GigabitEthernet1/0/4]ipv6 address 3::1 64
[FW3-GigabitEthernet1/0/4]quit
[FW3]security-zone name Untrust
[FW3-security-zone-Untrust]import interface GigabitEthernet 1/0/4
[FW3-security-zone-Untrust]import interface LoopBack 0
[FW3-security-zone-Untrust]import interface LoopBack 1
[FW3-security-zone-Untrust]quitFW3 静态路由关键配置点:
[FW3]ipv6 route-static 2:: 64 3::2
[FW3]ipv6 route-static 1:: 64 3::2测试:
物理机填写IPV6地址:
物理机能PING通FW3的loopback1:
分别查看FW1、FW2的BGP4+邻居信息:
分别查看FW1、FW2、FW3的IPV6路由表:
[FW1]dis ipv6 routing-table
Destinations : 12 Routes : 12
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/2 Cost : 0
Destination: 1::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 2::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/3 Cost : 0
Destination: 2::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 3::/64 Protocol : BGP4+
NextHop : 2::2 Preference: 255
Interface : GE1/0/3 Cost : 0
Destination: 4::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop1 Cost : 0
Destination: 4::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 5::/64 Protocol : BGP4+
NextHop : 2::2 Preference: 255
Interface : GE1/0/3 Cost : 0
Destination: 6::/64 Protocol : BGP4+
NextHop : 2::2 Preference: 255
Interface : GE1/0/3 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[FW1]
[FW2]dis ipv6 routing-table
Destinations : 12 Routes : 12
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : BGP4+
NextHop : 2::1 Preference: 255
Interface : GE1/0/3 Cost : 0
Destination: 2::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/3 Cost : 0
Destination: 2::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 3::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/4 Cost : 0
Destination: 3::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 4::/64 Protocol : BGP4+
NextHop : 2::1 Preference: 255
Interface : GE1/0/3 Cost : 0
Destination: 5::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop1 Cost : 0
Destination: 5::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 6::/64 Protocol : Static
NextHop : 3::1 Preference: 60
Interface : GE1/0/4 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[FW2][FW3]dis ipv6 routing-table
Destinations : 9 Routes : 9
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : Static
NextHop : 3::2 Preference: 60
Interface : GE1/0/4 Cost : 0
Destination: 2::/64 Protocol : Static
NextHop : 3::2 Preference: 60
Interface : GE1/0/4 Cost : 0
Destination: 3::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE1/0/4 Cost : 0
Destination: 3::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 6::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop1 Cost : 0
Destination: 6::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
[FW3]至此,F1060 IPV6 BGP4+与静态路由重分布典型组网配置案例已完成!
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2020-05-12,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
