bgp综合实验答案.docx

1、bgp综合实验答案BGP综合实验1. AS 65001内建立IBGP对等体关系,尽可能的克服AS内IBGP会话过多,BGP更新冗余的问题. 2. 要求IBGP对等体关系最大限度的稳定.3. 要求IBGP会话高安全性. 4. AS 65002成为AS 65001的邻居AS. 5. 要求EBGP对等体关系最大限度的稳定. 6. 要求外部AS 65003成为AS 65002的邻居AS,并且要求AS 65002里的路由器从外部AS 65003接收的BGP更新能看到AS_PATH属性包含65004一项. 7. 要求AS 65001优先选择R3到达外部AS 65003;但对于去往AS 65002的流量,优

2、先经过R1. 8. 要求R6不传递来自外部AS 65003的任何更新.IP地址自行规划，各路由器起回环接口rx的为x.x.x.x/32一：本来想让AS65001里建立全互联的IBGP，必须在每一台路由器，分别指定另外所有的路由器为邻居，但图中，R8和所有的路由相联，这样由题意知，我们可以配置路由映射器，在R8上指明R4,R5,R6为映射器的客户端。命令如下：neighbor 4.4.4.4 route-reflector-client neighbor 5.5.5.5 route-reflector-client neighbor 6.6.6.6 route-reflector-client这

3、样呢R4,R5,R6只要和R8建立邻居关系，就可以通过R8的其它所有路由器建立邻居了。二：IBGP要求最大限度的稳定性，也就是通过回环口来建立邻居关系，也就是在建立邻居关系时要指明更新是自己的回环口：neighbor 4.4.4.4 update-source loopback 0三：要求IBGP会话高安全性，就是要指定邻居时配置认证：neighbor 4.4.4.4 password 0 sfgo （其中0是加密类型，不加密）四：BGP建立邻居关系时可以跟上路由图，用来作一些策略。BGP选路策略顺序如下：BGP的选路原则1）BGP的路径属性A 路径属性的分类1、well-known vs o

4、ptional well-known：表示该路径属性能够被所有的BGP实现者支持 optional：表示该路径属性不一定能够被所有的BGP实现者支持说明：FRC(request for comment），should be、must be、may be2、mandatory vs discretionary mandatory：要求在每个BGP更新中，必须包含该路径属性 discretionary：在BGP更新中，可以包含也可以不包含该路径属性常见的BGP路径属性：well-known mandatory ：公认强制属性well-known discretionary：公认自由选择属性opti

5、onal transitive：可选传递属性optional nontransitive：可选传递属性3、transitive vs nontransitive a transitive：若一个BGP的实现者收到无法识别的optional 属性，若该属性为transitive保留并传给其他的BGP实现者 b nontransitive：若一个BGP的实现者收到无法识别的optional 属性，若该属性为nontransitive，则丢弃。4 partial： 若一个BGP的实现者收到无法识别的optional 属性，若该属性为transitive保留并传给其他的BGP实现者同时将该属性标为pa

6、rtial B BGP路径属性：1、AS-path（公认强制属性）防止AS间的路由环路。as-path 当一个BGP路由器向EBGP邻居通告路由时，会将本路由器所属的AS添加在AS-PATH的最左边当一个BGP路由器向IBGP邻居通告路由时，AS-PATH保持不变2、next-hop（公认强制）nexthop当一个BGP路由器向EBGP邻居通告路由时，next-hop修改为本路由器的某个接口IP地址当一个BGP路由器向IBGP邻居通告路由时，next-hop保持不变3、origin（公认强制）i/e/？i：表示该BGP路由是通过network命令引入的e: 表示该BGP路由是通过redistr

7、ibute 命令从EGP引入的？：表示该BGP路由是通过redistribute 命令从IGP引入的4、local preference（公认自由选择）目的：控制离开本AS的流量loc pref 属性只能在ibgp中的邻居传播在BGP中，LOCpref 越高，路由越优先。缺省情况下。local pref 的值为100（先讲这个）5、med（cisco设备-metric，可选非传递）目的：控制进入本AS的流量MED属性传播给EBGP邻居，并在EBGP所属的AS中传播（注：对方AS不能将MED再发送其他AS）在BGP中，MED越小，路由越优先。缺省情况下。local pref 的值为100注：缺省

8、情况下，BGP路由器只会比较来自同一个AS，不比较来自不同的AS6、weight (cisco私有属性）weight属性不传播给任何BGP邻居，只能在同一个路由器上使用。weight越大，路由越优先。其他。 注：数据流量的方向-路由的学习方向是相反的 BGP的选路原则 注意：BGP设计不是为了负载均衡，它的选路是根据策略来进行的。它的选路最终与带宽无关，BGP将为每个目标网络选择出一条最优的路由（若希望进行负载均衡，需要额外的命令配置）首先BGP只考虑同步（如果同步原则开启的话）b、无AS环路、c、有效的下一跳（基本条件）1、优先选择weight最大的注：cisco路由器上，本地路由器起源的路

9、由weight为32768，而从其他路由器学习的均为0 （因为weight属性不传播给任何BGP邻居）(假设未作任何策略）2、优先选择local preference 最高3、优先选择本路由器起源（nexthop为0.0.0.0）4、优先选择AS-PATH最短5、优先选择origin code 最小 :i（igp）e（egp）?（incomplete)6、优先选择MED最小7、优先选择从EBGP邻居学习的路由。8、优先选择从最近的IGP邻居学习的路由9、优先选择最老的路由（即最稳定的路由）10、优先选择从具有最小BGP router ID的邻居学习的路由11、优先选择从具有最小的接口IP地址b

10、gp邻居学习的路由就题目来说，我们可以在65002中也可以在65003中配置，只是方向不同而已，这里我们只配置下R2指R1邻居时的命令：route-map sfset as-path prepend 65004 定义好路由图和相关策略，然后把这策略应用到路由进程下：neighbor 1.1.1.1 route-map sf out （注意此时65004是出现在65003的右边，而如果应用的是in方向，也就是说在R1上指R2为邻居时，则65004是出现在65003左边的）五：ip as-path access-list Defines an access list based on autono

11、mous system path information.Syntax: no ip as-path access-list list-namepermit|denyas-regular-expression. list-nameUnique alpha-numeric name that identifies the regular expression access list. List names can be up to 255 characters in length and contain the following characters: A-Z, a-z, 0-9, _, an

12、d -. Use the show ip as-path-access-list to display the names of all defined as-path access lists. permitPermits access for matching conditions.denyDenies access for matching conditions.as-regular-expressionAutonomous system in the access list that uses a regular expression.Description: Access lists

13、 are filters that enable you to restrict the routing information a router learns or advertises to and from a neighbor. Multiple BGP peers or route maps can reference a single access list. You can apply access lists to both inbound route updates and outbound route updates. Each route update is passed

14、 through the access-list. BGP applies each rule in the access list in the order it appears in the list. When a route matches any rule, the decision to permit the route through the filter or deny is made, and no further rules are processedAccess lists based on autonomous system path enable you to con

15、trol routing updates based on BGP autonomous paths information. If you want to control updates for all the routes to or from an autonomous system, filtering based on autonomous system path is more efficient than listing each route individually. A regular expression is a pattern used to match against

16、 an input string. In BGP, you can build a regular expression to match information about an autonomous system path. Regular expressions can include:Table 5-3. Characters and Components of Regular ExpressionsComponent Character Description RangesA sequence of characters within square brackets: 1234Ato

17、msA single character with special meaning. Atoms include:.Matches any single character.Matches the beginning of an input string.$Matches the end of an input string._ (underscore)Matches a comma, left brace, right brace, the beginning of an input string, the end of an input string, or a space.PiecesA

18、toms followed by a special character listed below:Branches0 or more concatenated pieces.The following table provides sample regular expressions:Table 5-4. Sample Regular ExpressionsRegular Expression Description nnn$Indicates the route originated in autonomous system nnn. The means the expression mu

19、st start with the next character. The $ means the expression must end with the preceding character.100$ matches: 100aaa_bbb$The autonomous system list must contain both aaa and bbb with aaa appearing before the bbb. For example:123_456$ matches: 123 456868 123 999 456nnn.*nnn$The expression must beg

20、in with a specific autonomous system and end with a specific autonomous system, but can have anything in between. For example: 123 456 123 123 456 123.*456$ (matches: 123 123 123 456) 123 868 999 456 1234 1456 _nnn_Indicates the route was via autonomous system nnn.$Indicates the route originated in

21、this autonomous system.NOTE Regular expressions are matched against the autonomous system path as if it is a string - not a sequence of numbers. Enclose autonomous system numbers within underscores to match a specific autonomous system number. Permit and deny apply only when there is an exact match

22、between the regular expression and the autonomous system path. Use the ip as-path access list command to create an access list to filter routes based on their autonomous system path. Add entries to the access list by repeating the command for different autonomous system paths.Use the neighbor or mat

23、ch as-path commands to apply an autonomous system path based access list.Use the no ip as-path access-list command to delete an entire autonomous system path based access list. Use the no ip as-path access-list list-name permit|deny as-regular-expression to delete a specific filter from an autonomou

24、s system path access list.Factory Default: No access lists.Command Mode: Configuration.Example 1: In the following example, the ip as-path access-list commands create an as-path access list named 1 to permit only those routes that include paths from or through autonomous systems 234 and 345: router(

25、config)#ip as-path access-list 1 permit _234_router(config)#ip as-path access-list 1 permit _345_router(config)#ip as-path access-list 1 deny anyNote the last line of the access list is a deny any statement to remind your reader that all other access is denied. Example 2: In the following example, t

26、he neighbor filter-list command specifies that only paths from or through autonomous systems 234 and 345 (as specified by access list 1) are advertised to BGP neighbor 125.181.1.5 and the weight for those routes is set to 30. router(config)#router bgp 100router(config-router)#network 170.100.0.0.rou

27、ter(config-router)#neighbor 170.100.205.5 remote-as 234router(config-router)#neighbor 121.180.1.4 remote-as 345router(config-router)#neighbor 125.181.1.5 remote-as 171router(config-router)#neighbor 125.181.1.5 filter-list 1 weight 30依题意我们建两个正规表达式来分别匹配AS 65003 的流量和 AS 65002的流量，命令如下：R6上ip as-path acce

28、ss-list 1 permit 65002$ip as-path access-list 2 permit 65002_65003$ 然后把这两个正规表达式通过路由应用到进程中neighbor 1.1.1.1 route-map sf inroute-map sf permit 10match as-path 1set weight 200match as-path 2set weight 100六：BGP的COMMUNITY我们同样做一个正规列表来匹配AS65003neighbor 3.3.3.3 route-map sf inroute-map go permit 10match as-path 1set weight 100match as-path 2set weight 200ip as-path access-list 2 permit 65002_65003$ 然后 set community no-advertise