H3CBGP路由策略之选路Word文档下载推荐.docx
《H3CBGP路由策略之选路Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《H3CBGP路由策略之选路Word文档下载推荐.docx(8页珍藏版)》请在冰豆网上搜索。
20.20.10.254/24
GO/D/1”
MED100
往10.10.10.254的
I数据包走向
\非对称路径
1J1,9/30
IBGP
local-pref50IBGP
\「1
L1.1.10/30—"
414丿
AR28/2
1.1.1J3/30J、、
AS200
ARt
20.20.20254/24:
20.20.30.254/24
在引入路由的时候只允许引
入20.20.30.0/24的路由,过
滤器使用基^ACL+router-
policy的方式
1修改AS列表的属性只能在EBGP勺出方向上增加这个属性并且只能添加在AS-PATH列表的前面。
同时证实在EBG啲进入方向无法添加AS号码。
2关于缺省路由,在BGP中缺省路由最好是通过一条IGP比如静态的缺省路由,然后network0.0.0.00.0.0.0则可以得到通告。
也可以在BGP下使用1default-routeimported,2import-route
static
3BGP的network只能通告非BGP勺路由,比如R1---R2---R3,R1
上某路由在R2上的BGP路由再次network则不可以生效。
AR18配置
[AR18]discur
Nowcreateconfiguration...
Currentconfiguration
!
version1.74
sysnameAR18
firewallenable
aaa-enable
aaaaccounting-schemeoptional
acl2000match-orderauto
rulenormalpermitsource20.20.30.00.0.0.255
rulenormaldenysourceany
interfaceAux0
asyncmodeflow
flow-controlnone
link-protocolppp
interfaceEthernet0
interfaceSerial0
ipaddress1.1.1.10255.255.255.252
interfaceSerial1
clockDTECLK1
ipaddress1.1.1.14255.255.255.252
interfaceLoopBack1
ipaddress20.20.10.254255.255.255.0
interfaceLoopBack2
ipaddress20.20.20.254255.255.255.0
interfaceLoopBack3
ipaddress20.20.30.254255.255.255.0!
quit
bgp200
undosynchronizafionimport—rouCDdirecf「ou(D—po=cy_<
peerm.9as—number200pee二•n_k3as—number200
一
i
「ou(D—po=cy-<
permi二if—mafchipaddress2000
refurn
AR46碍wsysnameAR46cpu—usagecyc-e亠minradiusschemesysCDmdomainSysCDm
local-useradmin
passwordcipher.]@USE=B,53Q=AQ'
MAF4<
1!
service-typetelnetterminal
level3
service-typeftp
#
interfaceGigabitEthernet0/0/0
ipaddress1.1.1.1255.255.255.252
interfaceGigabitEthernet0/0/1
ipaddress1.1.1.5255.255.255.252
interfaceGigabitEthernet0/0/2
ipaddressdhcp-alloc
interfaceNULL0
ipaddress10.10.10.254255.255.255.0
ipaddress10.10.20.254255.255.255.0
ipaddress10.10.30.254255.255.255.0
bgp100
import-routedirectroute-policylv
undosynchronization
groupto200external
peer1.1.1.2groupto200as-number200
peer1.1.1.6groupto200as-number200
route-policylvpermitnode1
if-matchip-prefixlv
FTPserverenable
ipip-prefixlvindex10permit10.10.10.024
#user-interfacecon0
d#edA^-eoiAjes
£
|0Ae|leuiuuje;
;
eu|e;
edA^-eoiAjes
iiAtdVIAIQv二日二」eqdppjo/v\sseduiuupe」esn-|eoo|
Lue^sAsuieuuop
Lue^sAseuueqossrqpe」
uiuui,epAoe6esn-ncb
148乙占VeiueusAs
#离型"
0阳Vv9论JV>
ujniej
#euueqosepouu-uoqeoque屮nep0心eoepe^ui-jesn
0xneeoepe^ui-jesn
aclnumber2000
rule0permitsource10.10.10.00.0.0.255
interfaceEthernet0/0
ipaddress1.1.1.2255.255.255.252
interfaceEthernet0/1
interfaceSerial0/0
ipaddress1.1.1.9255.255.255.252
groupto100external
那8乙占VeiueusAs
#离型乙愿阳Vujniej
0uooeoepe^ui-jesn
#eiqeue」eAjesdu
#OSeouejejejd-|eoo|A|dde000乙PBqoieuj-j!
IepouiiLUjeda|Aoiiod-e^noj
d6qidno」60|/|/y」"
d
^iodxeA|Aoi|od-eino」d6qi」eed|8oo|-doq-ixeud6qi」eed
|euje;
uid6qidno」6
0(H」eqlunu-seoogdno」6|/|/y」eecl
cpu-usagecycle1min
radiusschemesystem
domainsystem
service-typetelnetterminal
rule0permitsource20.20.30.00.0.0.255
ipaddress1.1.1.6255.255.255.252
ipaddress1.1.1.13255.255.255.252
peerto100route-policylvexport
peer1.1.1.5groupto100as-number100groupibgpinternal
peeribgpnext-hop-local
peer1.1.1.14groupibgp
if-matchacl2000
applycost100
FTPserverenableuser-interfacecon0
user-interfaceaux0
user-interfacevty04authentication-modescheme#
return