R1~R2是有双链路,假定R1是用户端路由器,R2是ISP端路由器,之间起EBGP。
现用户提出需求,我出R1有192.168.1.0/24~192.168.10.0/24十个网段
①其中192.168.1.0/24是重要网段,要求两根链路中任何一根down都不能影响
②其中192.168.2.0/24~192.168.10.0/24是不重要网段,两根链路任何一根down了就要不能转发。
③所有网段在双链路上负载均衡
当然这种需求在IOS中可以使用条件分发condition advertisment的特性去做,但用户使用的是IOX的新设备,没有此属性请各位尝试。
静态路由你的方法可行。
【R1配置】
track 1 interface FastEthernet0/0 line-protocol
!
track 2 interface FastEthernet0/1 line-protocol
!
track 3 list boolean and
object 1
object 2
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.2.12.1 255.255.255.0
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.12.2 remote-as 2
neighbor 10.2.12.2 remote-as 2
maximum-paths 2
!
address-family ipv4
neighbor 10.1.12.2 activate
neighbor 10.2.12.2 activate
maximum-paths 2
no auto-summary
no synchronization
network 192.168.1.0
network 192.168.2.0
exit-address-family
!
ip route 192.168.2.0 255.255.255.0 Null0 track 3
ip route 192.168.1.0 255.255.255.0 Null0
【R2配置】
interface FastEthernet0/0
ip address 10.2.12.2 255.255.255.0
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.12.1 remote-as 1
neighbor 10.2.12.1 remote-as 1
maximum-paths 2
!
address-family ipv4
neighbor 10.1.12.1 activate
neighbor 10.2.12.1 activate
maximum-paths 2
no auto-summary
no synchronization
exit-address-family
先解释一下吧,否则把配置拿出来也很难看懂,通常我们直连建邻居都用自己的端口地址作update-soruce,而这个实现的思路是借用另一个端口的地址作为update soruce,这样无论哪个链路端口down了都能使两端直连链路失效。再用distribute list把非重要网段的通告匹配进来,对不同邻居关系进行宣告。重要网段用环回接口的邻居,非重要网段用直连。
【R1】
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
no ip address
!
interface FastEthernet0/0
ip address 10.2.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
router bgp 1
no bgp default ipv4-unicast //关闭全局配置默认激活ipv4 unicast 邻居,为了使配置结构更清晰
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 ebgp-multihop 2 //ebgp默认直连建邻居,增加邻居建立跳数为2
neighbor 2.2.2.2 update-source Loopback0 //自己环回口与R2的环回口建邻居,用于通告重要网段
neighbor 2.2.2.2 timers 1 3 //验证时候需要关闭一条链路,为了加速收敛,验证试验结果,以后这条命令相同
neighbor 10.1.12.2 remote-as 2
neighbor 10.1.12.2 update-source FastEthernet0/0 //用自己本端f0/0作为源地址与对端R2的F0/1建立邻居
neighbor 10.1.12.2 timers 1 3
neighbor 10.2.12.2 remote-as 2 //用自己本端f0/1作为源地址与对端R2的F0/0建立邻居
neighbor 10.2.12.2 update-source FastEthernet0/1
neighbor 10.2.12.2 timers 1 3
maximum-paths 2 //更改maximum path用以直连端口两条链路的负载均衡
!
address-family ipv4
neighbor 2.2.2.2 activate //ipv4 unicast下激活邻居
neighbor 10.1.12.2 activate
neighbor 10.2.12.2 activate
maximum-paths 2
no auto-summary
no synchronization
network 192.168.1.0 //发布路由
network 192.168.2.0
exit-address-family
!
ip route 2.2.2.2 255.255.255.255 FastEthernet0/1 10.1.12.2 //配置静态路由用以支持环回接口建立邻居
ip route 2.2.2.2 255.255.255.255 FastEthernet0/0 10.2.12.2
【R2】
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.2.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 timers 1 3
neighbor 10.1.12.1 remote-as 1
neighbor 10.1.12.1 update-source FastEthernet0/0
neighbor 10.1.12.1 timers 1 3
neighbor 10.2.12.1 remote-as 1
neighbor 10.2.12.1 update-source FastEthernet0/1
neighbor 10.2.12.1 timers 1 3
maximum-paths 2
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 distribute-list 1 in //环回接口的邻居关系,只收重要网段的路由更新
neighbor 10.1.12.1 activate
neighbor 10.1.12.1 distribute-list 2 in //直连接口邻居关系,只收非重要网段的路由更新
neighbor 10.2.12.1 activate
neighbor 10.2.12.1 distribute-list 2 in
maximum-paths 2
no auto-summary
no synchronization
exit-address-family
!
ip route 1.1.1.1 255.255.255.255 FastEthernet0/1 10.1.12.1
ip route 1.1.1.1 255.255.255.255 FastEthernet0/0 10.2.12.1
!
!
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.1.0 0.0.0.255 //匹配出重要网段
access-list 2 permit 192.168.2.0 0.0.0.255 //匹配出非重要网段
!
第二种法子:
!
router bgp 200
neighbor 10.0.1.1 remote-as 100
neighbor 10.0.1.1 route-map setnext1 in
neighbor 10.0.2.1 remote-as 100
neighbor 10.0.2.1 route-map setnext2 in
maximum-paths 16
!
!
ip prefix-list setnext seq 5 permit 192.168.2.0/24
!
route-map setnext1 permit 10
match ip address prefix-list setnext
set ip next-hop 10.0.2.1
!
route-map setnext1 permit 20
!
route-map setnext2 permit 10
match ip address prefix-list setnext
set ip next-hop 10.0.1.1
!
route-map setnext2 permit 20
!
在R2的入方向使用。这样不过R1的路由如何来的,都没有问题。比MEBGP的方法简单。
!
router bgp 200
neighbor 10.0.1.1 remote-as 100
neighbor 10.0.1.1 route-map setnext1 in
neighbor 10.0.2.1 remote-as 100
neighbor 10.0.2.1 route-map setnext2 in
maximum-paths 16
!
!
ip prefix-list setnext seq 5 permit 192.168.2.0/24
!
route-map setnext1 permit 10
match ip address prefix-list setnext
set ip next-hop 10.0.2.1
!
route-map setnext1 permit 20
!
route-map setnext2 permit 10
match ip address prefix-list setnext
set ip next-hop 10.0.1.1
!
route-map setnext2 permit 20
!
在R2的入方向使用。这样不过R1的路由如何来的,都没有问题。比MEBGP的方法简单。
