交换路由CCIE之路

1、实验多进程OSPF数据分流一实验拓扑TLAH16 10.4. 28. 1TLAK17 10. 5. 28. 1ospf20 area二实验需求实现去往总部生产业务(10.4.0.0 )的数据走左边去往总部办公业务(10.5.0.0)的数据走右边 三实验分析首先全网OSPF这里主要分析R3 R4到R1 R2回环接口的路由因为这对后面BGP分析有用，R3到R1应该 有一条开销为51下一跳指向R1，到R2的有2条，开销为52，下一跳分别为R1,R4。为满 足实验要求后面应该通过改变R1与R2之间开销使到R2下一跳为R4.将不同进程的OSPF重发布进BGP，会发现R3到总部生产，办公网段的路由是BGP

2、路由 下一跳都为R1, R4到总部生产，办公网段的路由是BGP路由下一跳都为日2,为了满足需求， 应该在OSPF重发布进BGP时做策略，使R1发布的生产网段优于R2,R2发布的办公网段 优于R1，可以通过改MED到达效果，因为MED可以在一个AS内传递，所以将从R1发 布的生产网段MED改为100，办公网段改为200，从R2发布的生产网段改为200，办公改 为100，根据BGP优先原则，R3会选生产走R1,办公走R2,R4会选生产走R3，办公走R2, 这样同时结合上面的OSPF路由就达到了要求。当然这里还要考虑不同进程中设备对总部生产办公网段的学习问题，这时候就要把BGP重 发布进OSPF，这

3、里要注意双点双向重分发问题，前面已经分析过就不在重复了。四实验验证全网运行OSPF查路由表r3#show ip routeO 10.0.0.2/32 110/52 via 10.1.1.5, 00:16:39, Serial0110/52 via 10.1.1.14, 00:16:39, Ethernet0这里是不希望看到的负载均衡C10.0.0.3/32 is directly connected, Loopback0O10.0.0.1/32 110/51 via 10.1.1.5, 00:16:39, Serial0O10.0.0.4/32 110/2 via 10.1.1.14, 00:

4、16:40, Ethernet0r4#show ip routeO10.0.0.2/32 110/51 via 10.1.1.9, 00:17:09, Serial0O10.0.0.3/32 110/2 via 10.1.1.13, 00:17:09, Ethernet0O10.0.0.1/32 110/52 via 10.1.1.9, 00:17:09, Serial0110/52 via 10.1.1.13, 00:17:09, Ethernet0建立BGP邻居 为使内部路由器能够都学到两个网段的BGP路由，采用反射器与客户端 r1#show ip bgp suBGP router ide

5、ntifier 10.0.0.1, local AS number 65000BGP table version is 1, main routing table version 1NeighborV AS MsgRcvd MsgSentTblVjrInQ OutQ Up/DownState/PfxRcd10.0.0.24650001515100 00:11:05010.0.0.346500099100 00:05:27010.0.0.446500077100 00:03:290r2#show ip bgp summaryBGP router identifier 10.0.0.2, loca

6、l AS number 65000BGP table version is 1, main routing table version 1NeighborV AS MsgRcvd MsgSentTblVerInQ OutQ Up/DownState/PfxRcd10.0.0.14650001515100 00:11:17010.0.0.346500099100 00:05:16010.0.0.446500088100 00:04:050r3#show ip bgp suBGP router identifier 10.0.0.3, local AS number 65000BGP table

7、version is 1, main routing table version 1NeighborV AS MsgRcvd MsgSentTblVerInQ OutQ Up/DownState/PfxRcd10.0.0.14 6500099100 00:05:49010.0.0.24 6500099100 00:05:260r4#show ip bgp suBGP router identifier 10.0.0.4, local AS number 65000BGP table version is 1, main routing table version 1NeighborV AS M

8、sgRcvd MsgSentTblVjrInQ OutQ Up/DownState/PfxRcd10.0.0.146500088100 00:04:01010.0.0.246500088100 00:04:240将OSPF发布进BGP，会发现由于内部各链路也是OSPF路由，故重发布到BGP时都会存 在，应该作策略不让这些路由发布进BGP，同时实现办公（10.4.0.0）走奇数，业务（10.5.0.0） 走偶数同时链路间路由不发布R3access-list 1 permit 10.4.28.0 0.0.0.255access-list 2 permit 10.5.28.0 0.0.0.255ro

9、ute-map fuckjiuge permit 10match ip address 1/只有匹配ACL才会发布set metric 100生产网段 MED 改为 100 route-map fuckjiuge permit 20match ip address 2set metric 200办公改为 200router bgp 65000由于route-map有默认拒绝所有，故其它网redistribute ospf 10 route-map fuckjiuge 段不会发布r4(config)#access-list 1 permit 10.5.28.0 0.0.0.255 r4(conf

10、ig)#access-list 2 permit 10.4.28.0 0.0.0.255 r4(config)#route-map fuckjiuge permit 10 r4(config-route-map)#match ip ad 1 r4(config-route-map)#set metric 100 r4(config-route-map)#exitr4(config)#route-map fuckjiuge permit 20 r4(config-route-map)#match ip ad 2 r4(config-route-map)#set metric 200 router

11、 bgp 65000redistribute ospf 10 route-map fuckjiuger1(config)#access-list 1 permit 10.4.12.0 0.0.0.255 r1(config)#access-list 2 permit 10.5.12.0 0.0.0.255 r1(config)#route-map fuckjiuge permit 10 r1(config-route-map)#match ip ad 1 r1(config-route-map)#set metric 100 r1(config-route-map)#exitr1(config

12、)#route-map fuckjiuge permit 20 r1(config-route-map)#match ip ad 2 r1(config-route-map)#set metric 200 r1(config-route-map)#exit router bgp 65000redistribute ospf 20 route-map fuckjiuger2(config)#access-list 1 permit 10.5.12.0 0.0.0.255 r2(config)#access-list 2 permit 10.4.12.0 0.0.0.255 r2(config)#

13、route-map fuckjiuge permit 10 r2(config-route-map)#match ip ad 1 r2(config-route-map)#set metric 100 r2(config-route-map)#exitr2(config)#route-map fuckjiuge permit 20 r2(config-route-map)#match ip ad 2 r2(config-route-map)#set metric 200 r2(config-route-map)#exitrouter bgp 65000redistribute ospf 20

14、route-map fuckjiuger1#show ip bgpBGP table version is 36, local router ID is 10.0.0.1NetworkNext HopMetric LocPrf Weight Path* i10.4.12.0/2410.0.0.22001000 ?*10.1.9.510032768 ?* i10.4.28.0/2410.0.0.42001000 ?*i10.0.0.31001000 ?* i10.5.12.0/2410.0.0.21001000 ?*10.1.9.520032768 ? 这里虽然MED大，但优选权重大的，所以自己

15、始发的优先*i10.5.28.0/2410.0.0.41001000 ?* i10.0.0.32001000 ?r1#show ip route bgp10.0.0.0/8 is variably subnetted, 29 subnets, 3 masks B10.4.28.0/24 200/100 via 10.0.0.3, 00:02:10B10.5.28.0/24 200/100 via 10.0.0.4, 00:02:10 r2#show ip bgpBGP table version is 50, local router ID is 10.0.0.2NetworkNext Hop

16、Metric LocPrf Weight Path* 10.4.12.0/2410.1.9.920032768 ?* i10.0.0.11001000 ?* i10.4.28.0/2410.0.0.42001000 ?*i10.0.0.31001000 ?* 10.5.12.0/2410.1.9.910032768 ?* i10.0.0.12001000 ?*i10.5.28.0/2410.0.0.41001000 ?* i10.0.0.32001000 ?r2#show ip route bgp10.0.0.0/8 is variably subnetted, 29 subnets, 3 m

17、asks B10.4.28.0/24 200/100 via 10.0.0.3, 00:02:27B10.5.28.0/24 200/100 via 10.0.0.4, 00:02:27r3#show ip bgp BGP table version is 47, local router ID is 10.0.0.3NetworkNext HopMetric LocPrf Weight Path* i10.4.12.0/2410.0.0.22001000 ?*i10.0.0.11001000 ?* 10.4.28.0/2410.1.25.610032768 ?*i10.5.12.0/2410

18、.0.0.21001000 ?* i10.0.0.12001000 ?* i10.5.28.0/2410.0.0.41001000 ?* i10.0.0.41001000 ?*10.1.25.620032768 ?r3#show ip route bgp10.0.0.0/8 is variably subnetted, 27 subnets, 3 masksB10.4.12.0/24 200/100 via 10.0.0.1, 00:05:26B10.5.12.0/24 200/100 via 10.0.0.2, 00:05:26r4#show ip bgpBGP table version

19、is 55, local router ID is 10.0.0.4NetworkNext HopMetric LocPrf Weight Path* i10.4.12.0/2410.0.0.22001000 ?*i10.0.0.11001000 ?没做策略时上面那条为最佳，根据下一跳IGP开销小选出，现在根据MED小选出最佳* i10.4.28.0/2410.0.0.31001000 ?* i10.0.0.31001000 ?*10.1.25.1020032768 ?*i10.5.12.0/2410.0.0.21001000 ?* i10.0.0.12001000 ?* 10.5.28.0/

20、2410.1.25.1010032768 ?r4#show ip route bgp10.0.0.0/8 is variably subnetted, 27 subnets, 3 masksB10.4.12.0/24 200/100 via 10.0.0.1, 00:06:02B10.5.12.0/24 200/100 via 10.0.0.2, 00:06:02由于BGP可以通过非直连建邻居，所以上面的BGP下一跳可能不是直指下一台路由器的， 还要通过下面的OSPF路由选路，所以必须保证BGP所指的下一跳在OSPF路由没有负载 均衡。实现三层数据按需分流r1(config)#int s6r1

21、(config-if)#ip ospf co 100r1(config-if)#endr2(config)#int s0r2(config-if)#ip ospf co 100r2(config-if)#end(r3(config)#int e0r3(config-if)#ip ospf c 50r3(config-if)#endr4(config)#int e0r4(config-if)#ip ospf c 50这里cost的更改是为下面服务，这里没有利用到就不分析了r4(config-if)#end )r3#show ip route ospfO 10.0.0.2/32 110/101 v

22、ia 10.1.1.14, 00:01:14, Ethernet0O 10.0.0.1/32 110/51 via 10.1.1.5, 00:01:14, Serial0O 10.0.0.4/32 110/51 via 10.1.1.14, 00:01:14, Ethernet0r4#show ip route ospfO 10.0.0.2/32 110/51 via 10.1.1.9, 00:01:28, Serial0O 10.0.0.3/32 110/51 via 10.1.1.13, 00:01:28, Ethernet0O 10.0.0.1/32 110/101 via 10.1.1

23、.13, 00:01:28, Ethernet。/ 解决了上面的负载均衡问 题为了使OSPF10 OSPF20学到各自的路由，从而达到连通，这里要将IBGP发布进OSPF , 但是由于OSPF管理距离是110而IBGP管理距离是200，要是重发布的话，BGP就不在路 由表中了，因此一般情况是不允许这样发布的。如果一定要发布的话，要在BGP进程中利 用 bgp redistribute-internal 命令。将BGP发布进OSPF注意双点双向重发布，同时使SW8，SW15,SW16生产走左边，办公 走右边r1(config)#router bgp 65000r1(config-router)#

24、bgp redistribute-internalr1(config-router)#exitr1(config)#router ospf 20r1(config-router)#redistribute bgp 65000 subnetsr1(config-router)#distance ospf external 210使从另一边重分发来的 OSPF 路由进不了路由表r2(config)#router bgp 65000r2(config-router)#bgp redistribute-internal r2(config-router)#exitr2(config)#router o

25、spf 20r2(config-router)#redistribute bgp 65000 subnetsr2(config-router)#distance ospf external 210r2(config-router)#exitr2(config)#endr3(config)#router bgp 65000r3(config-router)#bgp redistribute-internalr3(config-router)#exitr3(config)#router ospf 10r3(config-router)#redistribute bgp 65000 subnetsr

26、3(config-router)#distance ospf external 210r4(config)#router bgp 65000r4(config-router)#bgp redistribute-internalr4(config-router)#exitr4(config)#router ospf 10r4(config-router)#redistribute bgp 65000 subnetsr4(config-router)#distance ospf external 210r4(config-router)#exitr1(config)#access-list 3 p

27、ermit 10.4.28.0 0.0.0.255r1(config)#access-list 4 permit 10.5.28.0 0.0.0.255r1(config)#route-map fuckjiuge1 permit 10r1(config-route-map)#match ip ad 3r1(config-route-map)#set m 100r1(config-route-map)#exitr1(config)#route-map fuckjiuge1 permit 20r1(config-route-map)#ma ip ad 4r1(config-route-map)#s

28、et m 200r1(config-route-map)#exitr1(config)#router ospf 20r1(config-router)#redistribute bgp 65000 subnets route-map fuckjiuge1r2(config)#access-list 3 permit 10.5.28.0 0.0.0.255r2(config)#access-list 4 permit 10.4.28.0 0.0.0.255r2(config)#route-map fuckjiuge1 permit 10r2(config-route-map)#ma ip ad

29、3r2(config-route-map)#set m 100r2(config-route-map)#exitr2(config)#route-map fuckjiuge1 permit 20r2(config-route-map)#ma ip ad 4r2(config-route-map)#set m 200r2(config-route-map)#exitr2(config)#router ospf 20r2(config-router)#redistribute bgp 65000 subnets route-map fuckjiugel r3(config)#access-list

30、 3 permit 10.4.12.0 0.0.0.255r3(config)#access-list 4 permit 10.5.12.0 0.0.0.255r3(config)#route-map fuckjiuge1 permit 10r3(config-route-map)#match ip ad 3r3(config-route-map)#set me 100r3(config-route-map)#exitr3(config)#route-map fuckjiuge1 permit 20r3(config-route-map)#match ip ad 4r3(config-rout

31、e-map)#set m 200r3(config-route-map)#exitr3(config)#router ospf 10r3(config-router)#redistribute bgp 65000 subnets route-map fuckjiuge1r4(config)#access-list 3 permit 10.5.12.0 0.0.0.255r4(config)#access-list 4 permit 10.4.12.0 0.0.0.255r4(config)#route-map fuckjiuge1 permit 10r4(config-route-map)#m

32、atch ip ad 3r4(config-route-map)#se metric 100r4(config-route-map)#exitr4(config)#route-map fuckjiuge1 permit 20r4(config-route-map)#mat ip ad 4r4(config-route-map)#set metric 200r4(config-route-map)#exitr4(config)#endr4(config)#router ospf 10r4(config-router)#redistribute bgp 65000 subnets route-ma

33、p fuckjiuge1r4(config-router)#end其实上面的策略本来应该是一次发布的，但为了分析就分开做了。查路由表sw15#show ip routeO E210.4.28.0/24 110/100via10.1.9.6, 00:00:36, FastEthernet0/2O E210.5.28.0/24 110/100via10.1.9.14, 00:00:37, Vlan901sw16#show ip routeO E210.4.28.0/24 110/100via10.1.9.13, 00:00:44, Vlan901O E210.5.28.0/24 110/100vi

34、a10.1.9.10, 00:00:44, FastEthernet0/2 sw8#show ip routeO E2 10.4.12.0/24 110/200 via 10.1.25.9, 00:15:45, Ethernet1/1 C10.0.24.2/32isdirectlyconnected,Loopback0C10.4.28.0/24isdirectlyconnected,Ethernet1/2C10.5.28.0/24isdirectlyconnected,Ethernet1/3C10.1.25.4/30isdirectlyconnected,Ethernet1/0C10.1.25

35、.8/30isdirectlyconnected,Ethernet1/1发现SW8中少了一条路由，10.5.12.0没有查看R3 R4的BGP路由 r3#show ip route bgp10.0.0.0/8 is variably subnetted, 27 subnets, 3 masks B10.4.12.0/24 200/100 via 10.0.0.1, 01:01:29B10.5.12.0/24 200/100 via 10.0.0.2, 01:41:24r4#show ip route bgp10.0.0.0/8 is variably subnetted, 27 subnets

36、, 3 masks B10.4.12.0/24 200/100 via 10.0.0.1, 00:02:42B10.5.12.0/24 200/100 via 10.0.0.2, 00:43:07BGP路由存在，问题不在这，查OSPF信息 r4#sh ip ospf 10 databaseOSPF Router with ID (10.1.41.9) (Process ID 10)Router Link States (Area 0)Link IDADV RouterAgeSeq#Checksum Link count10.0.24.210.0.24.2590 x80000023 0 x00E

37、FDE 710.1.41.510.1.41.5780 x8000000B 0 x005CD5 210.1.41.910.1.41.9590 x80000012 0X009E7C 2Type-5 AS External Link StatesLink IDADV RouterAgeSeq#Checksum Tag10.4.12.010.1.41.510660 x80000003 0 x002FCB 010.4.12.010.1.41.96480 x80000003 0X00038F 0发现没有发布进来查ACL匹配情况r4#sh ip access-listsStandard IP access list 1permit 10.5.28.0, wildcard bits 0.0.0.255 (223 matches) Standard IP access list 2permit 10.4.28.0, wildcard bits 0.0.0.255 (223 matches)Standard IP access list 3permit 10.5.12.0, wildcard bits 0.0.0.255/没有进行匹配Standard IP access list 4permit 10.4.12.0, wildcard