路由过滤综合实验
- 0关注
- 0收藏 1312浏览
已知某银行在市行与省行之间共有2条线路,如图所示,并且希望不同的业务使用不同的线路,并且需要相互备份。业务需求如下:
|
业务名称 |
业务网段 |
主用线路 |
备用线路 |
|
(生产)人民币 |
|
① |
② |
|
(OA)办公 |
|
② |
① |
使用设备以及版本:RTA—AR18-63-1 RTB—MSR3040 RTC—MSR3020 RTD—MSR5040
RTB配置:
[RTB]DIS CU
#
version 5.20, Release 2507, Standard
#
sysname RTB
#
router id 2.2.2.2
#
acl number 2000
rule 0 deny source 10.10.1.1 0
rule 1 deny source 20.20.1.1 0
rule 2 permit
acl number 2001
rule 0 permit source 20.20.2.1 0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 172.16.1.2 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
bgp 100
network 192.168.1.0
import-route direct
import-route ospf 1 route-policy aaa//使10.10.1.1回程路由与去时相同,解决ospf的选路问题
undo synchronization
peer 192.168.1.2 as-number 200
peer 3.3.3.3 as-number 100
peer 3.3.3.3 next-hop-local
peer 3.3.3.3 connect-interface LoopBack0
#
ospf 1
filter-policy 2000 import//过滤掉RTB从RTA方向学习到10,20网段的路由,(解决次优路径问题)
import-route direct//引进直连,使RTA学习到192.168.网段路由
import-route bgp//引入bgp路由,使两边10,20网段可互通
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
route-policy aaa permit node 10
if-match acl 2001
apply cost 200
route-policy aaa permit node 20
#
RTC的配置:
[RTC]DIS CU
#
version 5.20, Release 2512P04, Standard
#
sysname RTC
#
router id 3.3.3.3
#
ip ttl-expires enable
ip unreachables enable
#
acl number 2000
rule 0 deny source 10.10.1.1 0
rule 1 deny source 20.20.1.1 0
rule 2 permit
acl number 2001
rule 0 permit source 10.10.1.1 0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 172.16.2.2 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 192.168.2.1 255.255.255.0
#
bgp 100
router-id 3.3.3.3
network 192.168.2.0
import-route ospf 1//全网互通
undo synchronization
peer 192.168.2.2 as-number 200
peer 2.2.2.2 as-number 100
peer 2.2.2.2 next-hop-local
peer 2.2.2.2 connect-interface LoopBack0
#
ospf 1
filter-policy 2000 import//过滤掉RTC从RTA学习到的10,20网段的路由,(解决次优路径问题)
import-route direct
import-route bgp route-policy bbb//修改10.10网段的cost改大,使其走RTB,确保来回路由的路径一致性
area 0.0.0.0
network 172.16.2.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
route-policy bbb permit node 10
if-match acl 2001
apply cost 100
route-policy bbb permit node 20
RTA 的配置:
[RTA]DIS CU
#
sysname RTA
#
router id 1.1.1.1
#
interface GigabitEthernet1/0
ip address 172.16.2.1 255.255.255.0
#
interface GigabitEthernet2/0
ip address 172.16.1.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 10.10.2.1 255.255.255.255
#
interface LoopBack2
ip address 20.20.2.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.10.2.1 0.0.0.0
network 20.20.2.1 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
[RTD]DIS CU
#
version 5.20, Release 2311, Basic
#
sysname RTD
#
router id 4.4.4.4
#
vlan 1
#
interface Ethernet6/0
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface LoopBack1
ip address 10.10.1.1 255.255.255.255
#
interface LoopBack2
ip address 20.20.1.1 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 192.168.1.2 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 192.168.2.2 255.255.255.0
#
interface GigabitEthernet7/0
port link-mode bridge
#
bgp 200
router-id 4.4.4.4
network 10.10.1.0 255.255.255.0
network 10.10.1.1 255.255.255.255
network 20.20.1.0 255.255.255.0
network 20.20.1.1 255.255.255.255
network 192.168.1.0
network 192.168.2.0
undo synchronization
peer 192.168.1.1 as-number 100
peer 192.168.2.1 as-number 100
据需求,10.10.1.1走RTB访问RTA的10.10.2.1,20.20.1.1 走RTC访问RTA的20.20.2.1,这就涉及到选路问题,最后通过修改cost值选路。首先达到全网互通后,发现RTB,RTC的路由表里的业务网段不是从bgp学习到的,而是从ospf学习到的,分析原因得到因为ospf和bgp做双向引入时,路由器学习到ospf的路由优先级小,所以它会选择ospf的进入路由表,这就使得本来通过bgp访问的10,20 网段要从ospf走一圈到,这就产生了次优路径的问题,所以就在RTB上做过滤,不让它从ospf学习到10.10.1.0和20.20.1.0网段的路由。RTC同理做过滤。
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作