H3C S9800 路由策略典型配置实例
客户组网需求:
客户公司的两个部门相距较远,Device A和Device F分别作为这两个部门的出口设备,AS 100内部使用OSPF作为IGP。现需要:
· 通过部署BGP,使两个部门可以通信;
· 通过配置路由策略,将Device B<->Device C<->Device D链路作为主链路,负责转发Device A和Device F之间的流量;当主链路断开时,自动切换到Device B<->Device E<->Device D这条路径进行通信。
路由策略配置组网图
配置思路
· 为了使Device B<->Device C<->Device D成为主链路,需要:
在Device B上配置路由策略来调整AS 100前往AS 200两条路径的本地优先级
- Device D-> Device C-> Device B的本地优先级为200;
- Device D-> Device E-> Device B的本地优先级为缺省值100;
在Device D上配置路由策略来调整AS 100前往AS 300两条路径的本地优先级
- Device B-> Device C-> Device D的本地优先级为200;
- Device B-> Device E-> Device D的本地优先级为缺省值100。
· 为了使AS 100内通信的报文使用BGP而不是OSPF选路,需要将IBGP路由优先级配置高于OSPF路由优先级。
设备及版本S9800-CMW710-R2118版本
配置步骤
配置各接口的IP地址
# 配置Device A各接口的IP地址
<DeviceA> system-view
[DeviceA] interface vlan-interface100
[DeviceA-Vlan-interface100] ip address 120.1.0.1 24
[DeviceA-Vlan-interface100] quit
#请参考以上方法配置其它相关接口的IP地址,配置步骤这里省略。
在AS 100内配置OSPF基本功能,保证设备间路由可达
1. 配置Device B
<DeviceB> system-view
[DeviceB] ospf
[DeviceB-ospf-1] import-route direct
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
2. 配置Device C
<DeviceC> system-view
[DeviceC] ospf
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] network 10.2.0.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] quit
[DeviceC-ospf-1] quit
3. 配置Device D
<DeviceD> system-view
[DeviceD] ospf
[DeviceD-ospf-1] import-route direct
[DeviceD-ospf-1] area 0
[DeviceD-ospf-1-area-0.0.0.0] network 10.2.0.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.0] quit
[DeviceD-ospf-1] quit
4. 配置Device E
<DeviceE> system-view
[DeviceE] ospf
[DeviceE-ospf-1] area 0
[DeviceE-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[DeviceE-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255
[DeviceE-ospf-1-area-0.0.0.0] quit
[DeviceE-ospf-1] quit
配置BGP基本功能
1. 配置Device A
# 启动BGP,指定本地AS号为200,指定BGP路由器的Router ID为1.1.1.1。
[DeviceA] bgp 200
[DeviceA-bgp] router-id 1.1.1.1
# 配置Device A和Device B建立EBGP连接。
[DeviceA-bgp] peer 120.1.0.2 as-number 100
# 创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[DeviceA-bgp] address-family ipv4 unicast
# 使能Device A与对等体120.1.0.2交换IPv4单播路由信息的能力。
[DeviceA-bgp-ipv4] peer 120.1.0.2 enable
# 在BGP IPv4单播地址族视图下,将本地路由表中到达120.1.0.0/24网段的路由添加到BGP路由表中。
[DeviceA-bgp-ipv4] network 120.1.0.0 255.255.255.0
[DeviceA-bgp-ipv4] quit
2. 配置Device B
# 启动BGP,指定本地AS号为100,指定BGP路由器的Router ID为2.2.2.2。
[DeviceB] bgp 100
[DeviceB-bgp] router-id 2.2.2.2
# 配置Device B和Device A建立EBGP连接。
[DeviceB-bgp] peer 120.1.0.1 as-number 200
# 配置Device B和Device D建立IBGP连接。
[DeviceB-bgp] peer 10.2.0.101 as-number 100
[DeviceB-bgp] peer 13.1.1.101 as-number 100
# 创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[DeviceB-bgp] address-family ipv4 unicast
# 使能Device B与对等体10.2.0.101交换IPv4单播路由信息的能力。
[DeviceB-bgp-ipv4] peer 10.2.0.101 enable
# 在BGP IPv4单播地址族视图下,配置向对等体10.2.0.101发布BGP路由时,将下一跳属性修改为自身的地址。
[DeviceB-bgp-ipv4] peer 10.2.0.101 next-hop-local
# 使能Device B与对等体13.1.1.101交换IPv4单播路由信息的能力。
[DeviceB-bgp-ipv4] peer 13.1.1.101 enable
# 在BGP IPv4单播地址族视图下,配置向对等体13.1.1.101发布BGP路由时,将下一跳属性修改为自身的地址。
[DeviceB-bgp-ipv4] peer 13.1.1.101 next-hop-local
# 使能Device B与对等体120.1.0.1交换IPv4单播路由信息的能力。
[DeviceB-bgp-ipv4] peer 120.1.0.1 enable
[DeviceB-bgp-ipv4] quit
3. 配置Device D
# 启动BGP,指定本地AS号为100,指定BGP路由器的Router ID为4.4.4.4。
[DeviceD] bgp 100
[DeviceD-bgp] router-id 4.4.4.4
# 配置Device D和Device B建立IBGP连接。
[DeviceD-bgp] peer 10.1.0.101 as-number 100
[DeviceD-bgp] peer 192.168.0.101 as-number 100
# 配置Device D和Device F建立EBGP连接。
[DeviceD-bgp] peer 120.2.0.1 as-number 300
# 创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[DeviceD-bgp] address-family ipv4 unicast
# 使能Device D与对等体10.1.0.101交换IPv4单播路由信息的能力。
[DeviceD-bgp-ipv4] peer 10.1.0.101 enable
# 在BGP IPv4单播地址族视图下,配置向对等体10.1.0.101发布BGP路由时,将下一跳属性修改为自身的地址。
[DeviceD-bgp-ipv4] peer 10.1.0.101 next-hop-local
# 使能Device D与对等体192.168.0.101交换IPv4单播路由信息的能力。
[DeviceD-bgp-ipv4] peer 192.168.0.101 enable
# 在BGP IPv4单播地址族视图下,配置向对等体192.168.0.101发布BGP路由时,将下一跳属性修改为自身的地址。
[DeviceD-bgp-ipv4] peer 192.168.0.101 next-hop-local
# 使能Device D与对等体120.2.0.1交换IPv4单播路由信息的能力。
[DeviceD-bgp-ipv4] peer 120.2.0.1 enable
[DeviceD-bgp-ipv4] quit
4. 配置Device F
#启动BGP,指定本地AS号为300,指定BGP路由器的Router ID为6.6.6.6。
<DeviceF> system-view
[DeviceF] bgp 300
[DeviceF-bgp] router-id 6.6.6.6
# 配置Device F和Device D建立EBGP连接。
[DeviceF-bgp] peer 120.2.0.2 as-number 100
# 创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[DeviceF-bgp] address-family ipv4 unicast
# 在BGP IPv4单播地址族视图下,将本地路由表中到达120.2.0.0/24网段的路由添加到BGP路由表中。
[DeviceF-bgp-ipv4] network 120.2.0.0 255.255.255.0
# 使能Device F与对等体120.2.0.2交换IPv4单播路由信息的能力。
[DeviceF-bgp-ipv4] peer 120.2.0.2 enable
[DeviceF-bgp-ipv4] quit
# 完成以上配置后,在Device B上通过命令display bgp peer查看BGP对等体信息。
[DeviceB] display bgp peer ipv4
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 3 Peers in established state: 3
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.2.0.101 100 6 4 0 1 00:00:56 Established
13.1.1.101 100 6 5 0 1 00:00:56 Established
120.1.0.1 200 6 5 0 1 00:00:56 Established
以上信息可以看到Device B与Device D建立IBGP连接,Device B与Device A建立EBGP连接,且均处于Established状态。
# 完成以上配置后,从Device A上ping Device F的IP地址。
[DeviceA] ping 120.2.0.1
Ping 120.2.0.1 (120.2.0.1): 56 data bytes, press CTRL_C to break
56 bytes from 120.2.0.1: icmp_seq=0 ttl=252 time=1.189 ms
56 bytes from 120.2.0.1: icmp_seq=1 ttl=252 time=1.095 ms
56 bytes from 120.2.0.1: icmp_seq=2 ttl=252 time=1.086 ms
56 bytes from 120.2.0.1: icmp_seq=3 ttl=252 time=1.097 ms
56 bytes from 120.2.0.1: icmp_seq=4 ttl=252 time=1.089 ms
--- Ping statistics for 120.2.0.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.086/1.111/1.189/0.039 ms
以上显示信息表明Device A和Device F之间路由可达。
配置路由策略
1. 配置Device B
# 创建ACL 2000,允许源IP地址为120.1.0.0/24的报文通过。
[DeviceB] acl number 2000
[DeviceB-acl-basic-2000] rule permit source 120.1.0.0 0.0.0.255
[DeviceB-acl-basic-2000] quit
# 配置路由策略,将从对等体120.1.0.1学习到的路由发布给对等体10.2.0.101时,设置本地优先级为200。
[DeviceB] route-policy local-pre permit node 10
[DeviceB-route-policy-local-pre-10] if-match ip address acl 2000
[DeviceB-route-policy-local-pre-10] apply local-preference 200
[DeviceB-route-policy-local-pre-10] quit
[DeviceB] bgp 100
[DeviceB-bgp] address-family ipv4 unicast
[DeviceB-bgp-ipv4] peer 10.2.0.101 route-policy local-pre export
# 配置EBGP路由优先级为255,配置IBGP路由优先级为100,配置本地路由优先级为130,使IBGP路由优先级优于OSPF路由。
[DeviceB-bgp-ipv4] preference 255 100 130
[DeviceB-bgp-ipv4] quit
2. 配置Device D
# 创建ACL 2000,允许源IP地址为120.2.0.0/24的报文通过。
[DeviceD] acl number 2000
[DeviceD-acl-basic-2000] rule permit source 120.2.0.0 0.0.0.255
[DeviceD-acl-basic-2000] quit
# 配置路由策略,将从对等体120.2.0.1学习到的路由发布给对等体10.1.0.101时,设置本地优先级为200。
[DeviceD] route-policy local-pre permit node 10
[DeviceD-route-policy-local-pre-10] if-match ip address acl 2000
[DeviceD-route-policy-local-pre-10] apply local-preference 200
[DeviceD-route-policy-local-pre-10] quit
[DeviceD] bgp 100
[DeviceD-bgp] address-family ipv4 unicast
[DeviceD-bgp-ipv4] peer 10.1.0.101 route-policy local-pre export
#配置EBGP路由优先级为255,配置IBGP路由优先级为100,配置本地路由优先级为130,使IBGP路由优先级优于OSPF路由。
[DeviceD-bgp-ipv4] preference 255 100 130
[DeviceD-bgp-ipv4] quit
验证配置
# 在Device B上使用display bgp routing-table ipv4命令查看BGP路由表,可以看到2条120.2.0.0/24的路由,本地路由优先级分别为100和200。
[DeviceB]display bgp routing-table ipv4
Total number of routes: 3
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 120.1.0.0/24 120.1.0.1 0 0 200i
* >i 120.2.0.0/24 10.2.0.101 0 200 0 300i
* i 13.1.1.101 0 100 0 300i
# 在Device A上tracert Device F,查看到报文传输路径是Device A-> Device B-> Device C-> Device D-> Device F
[DeviceA] tracert 120.2.0.1
traceroute to 120.2.0.1 (120.2.0.1), 30 hops at most, 52 bytes each packet, pres
s CTRL_C to break
1 120.1.0.2 (120.1.0.2) 2.208 ms 1.119 ms 1.085 ms
2 10.1.0.102 (10.1.0.102) 1.083 ms 1.100 ms 1.085 ms
3 10.2.0.101 (10.2.0.101) 2.364 ms 1.099 ms 1.086 ms
4 120.2.0.1 (120.2.0.1) 3.825 ms 3.693 ms 4.008 ms
# 主链路断开后再查看Device B的BGP路由表,存在1条120.2.0.0/24的路由。
[DeviceB]display bgp routing-table ipv4
Total number of routes: 2
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 120.1.0.0/24 120.1.0.1 0 0 200i
* >i 120.2.0.0/24 13.1.1.101 0 100 0 300i
# 再次在Device A上tracert Device F,查看到报文传输路径是Device A-> Device B-> Device E-> Device D-> Device F
[DeviceA] tracert 120.2.0.1
traceroute to 120.2.0.1 (120.2.0.1), 30 hops at most, 52 bytes each packet, pres
s CTRL_C to break
1 120.1.0.2 (120.1.0.2) 2.308 ms 1.127 ms 1.091 ms
2 192.168.0.102 (192.168.0.102) 1.086 ms 1.102 ms 1.096 ms
3 13.1.1.101 (13.1.1.101) 2.451 ms 2.087 ms 1.092 ms
4 120.2.0.1 (120.2.0.1) 3.533 ms 3.818 ms 4.002 ms
以上信息表明主备链路切换成功。
配置文件
· Device A:
#
vlan 100
#
interface Vlan-interface100
ip address 120.1.0.1 255.255.255.0
#
bgp 200
router-id 1.1.1.1
peer 120.1.0.2 as-number 100
#
address-family ipv4 unicast
network 120.1.0.0 255.255.255.0
peer 120.1.0.2 enable
#
· Device B:
#
ospf 1
import-route direct
area 0.0.0.0
network 10.1.0.0 0.0.0.255
network 192.168.0.0 0.0.0.255
#
vlan 10
#
vlan 30
#
vlan 100
#
interface Vlan-interface10
ip address 10.1.0.101 255.255.255.0
#
interface Vlan-interface30
ip address 192.168.0.101 255.255.255.0
#
interface Vlan-interface100
ip address 120.1.0.2 255.255.255.0
#
bgp 100
router-id 2.2.2.2
peer 10.2.0.101 as-number 100
peer 13.1.1.101 as-number 100
peer 120.1.0.1 as-number 200
#
address-family ipv4 unicast
preference 255 100 130
peer 10.2.0.101 enable
peer 10.2.0.101 next-hop-local
peer 10.2.0.101 route-policy local-pre export
peer 13.1.1.101 enable
peer 13.1.1.101 next-hop-local
peer 120.1.0.1 enable
#
route-policy local-pre permit node 10
if-match ip address acl 2000
apply local-preference 200
#
acl number 2000
rule 0 permit source 120.1.0.0 0.0.0.255
#
· Device C:
#
ospf 1
area 0.0.0.0
network 10.1.0.0 0.0.0.255
network 10.2.0.0 0.0.0.255
#
vlan 10
#
vlan 20
#
interface Vlan-interface10
ip address 10.1.0.102 255.255.255.0
#
interface Vlan-interface20
ip address 10.2.0.102 255.255.255.0
#
· Device D
#
ospf 1
import-route direct
area 0.0.0.0
network 10.2.0.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 20
#
vlan 40
#
vlan 100
#
interface Vlan-interface20
ip address 10.2.0.101 255.255.255.0
#
interface Vlan-interface40
ip address 13.1.1.101 255.255.255.0
#
interface Vlan-interface100
ip address 120.2.0.2 255.255.255.0
#
bgp 100
router-id 4.4.4.4
peer 10.1.0.101 as-number 100
peer 120.2.0.1 as-number 100
peer 192.168.0.101 as-number 300
#
address-family ipv4 unicast
preference 255 100 130
peer 10.1.0.101 enable
peer 10.1.0.101 next-hop-local
peer 10.1.0.101 route-policy local-pre export
peer 192.168.0.101 enable
peer 192.168.0.101 next-hop-local
peer 120.2.0.1 enable
#
route-policy local-pre permit node 10
if-match ip address acl 2000
apply local-preference 200
#
#
acl number 2000
rule 0 permit source 120.2.0.0 0.0.0.255
#
· Device E:
#
ospf 1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
network 192.168.0.0 0.0.0.255
#
vlan 30
#
vlan 40
#
interface Vlan-interface30
ip address 192.168.0.102 255.255.255.0
#
interface Vlan-interface40
ip address 13.1.1.102 255.255.255.0
#
· Device F:
#
vlan 100
#
interface Vlan-interface100
ip address 120.2.0.1 255.255.255.0
#
bgp 300
router-id 6.6.6.6
peer 120.2.0.2 as-number 100
#
address-family ipv4 unicast
network 120.2.0.0 255.255.255.0
peer 120.2.0.2 enable
#
