CCIE TS3 Internet 题目

2023-01-31 01:01:29 题目 CCIE TS3

目录

TS3 Internet 题目实验... 1

一、拓扑... 1

二、需求:... 2

三、配置基本步骤:... 2

步骤1, R2、R3、R4、R5、SW1运行IGP-OSPF,区域请参照图中配置区域0和区域12

步骤3、R1和R2、R3建立eBGP邻居关系,R1上通告其环回口,R2、R3、R4、R5之间建立iBGP邻居关系3

步骤4、让R1得到AS 65001的路由... 4



一、拓扑


请不要关注SW2,模拟环境和SW2无关,SW1采用了3750模拟器,所以为快速以太口

二、需求:

最下面VLAN 11所在主机(R32)10.1.1.100与BGP(65333)区域的R1拥有的地址4.2.2.2通信

三、配置基本步骤:

步骤1, R2、R3、R4、R5、SW1运行IGP-OSPF,区域请参照图中配置区域0和区域1

为了方便期间我们直接在接口下运行OSPF

此处给出R2的配置

R2(config)#router ospf 110

R2(config-router)#router-id 100.2.2.2

R2(config)#int loopback0

R2(config-if)#ip ospf 110 area 0

R2(config-if)#int e0/1

R2(config-if)#ip ospf 110 a 0

R2(config-if)#int e1/1

R2(config-if)#ip ospf 110 a 0

R2(config)#int e0/3
 R2(config-if)#ip ospf 110 a 0


检查步骤,查看邻居:

R4#show ip ospf neighbor


Neighbor ID     Pri  State           Dead Time   Address         Interface

100.2.2.2         1  FULL/BDR        00:00:37    10.0.0.17       Ethernet0/0

100.3.3.3         1  FULL/DR         00:00:39    10.0.0.25       Ethernet2/0

100.6.6.6         1  FULL/BDR        00:00:33    10.1.0.2        Ethernet1/1


R3#show ip ospf neighbor


Neighbor ID     Pri  State           Dead Time   Address         Interface

100.2.2.2         1  FULL/BDR        00:00:31    10.0.0.53       Ethernet1/0

100.4.4.4         1  FULL/BDR        00:00:33    10.0.0.26       Ethernet0/3

100.5.5.5         1  FULL/BDR        00:00:35    10.0.0.30       Ethernet0/2


步骤2、最下面的设备模拟主机(R32),以SVI 11作为默认网关。请注意SW1的SVI 11一定要通告进OSPF

R32(config)#no ip routing

R32(config)#ip default-gateway 10.1.1.1

R32(config)#interface Ethernet0/0

R32(config-if)# ip address 10.1.1.100  255.255.255.0

R32(config-if)# no ip route-cache

SW1的配置:


SW1(config)#vlan 11

SW1(config)#interface vlan 11

SW1(config)# no switchport

SW1(config)# ip address 10.1.0.10  255.255.255.252

SW1(config-if)#ip ospf 110 area 1

验证步骤:

主机依赖默认网关去通信,我们先查看和网关的通信:

R32#ping 10.1.1.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1,timeout is 2 seconds:

!!!!!

再来验证和其他设备的通信情况

R32#ping 100.2.2.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to100.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5),round-trip min/avg/max = 20/34/72 ms


步骤3、R1和R2、R3建立eBGP邻居关系,R1上通告其环回口,R2、R3、R4、R5之间建立iBGP邻居关系

部分设备配置如下

R1(config)#router bgp 65333

R1(config-router)#neighbor 201.12.34.2  remote-as 65001

R1(config-router)#neighbor 202.12.34.2  remote-as 65001

R1(config-router)#network  4.2.2.2 mask 255.255.255.255

!

R2(config-router)#  router bgp 65001

R2(config-router)# no synchronization

R2(config-router)# bgp  log-neighbor-changes

R2(config-router)# neighbor 100.3.3.3  remote-as 65001

R2(config-router)# neighbor 100.3.3.3  update-source Loopback0

R2(config-router)# neighbor 100.3.3.3  next-hop-self

R2(config-router)# neighbor 100.4.4.4  remote-as 65001

R2(config-router)# neighbor 100.4.4.4  update-source Loopback0

R2(config-router)#  neighbor 100.4.4.4 next-hop-self---不要忘记针对iBGP邻居指定下一跳自我,否则R4和R5不会优化路由,不会放入路由表

R2(config-router)# neighbor 100.5.5.5  remote-as 65001

R2(config-router)# neighbor 100.5.5.5  update-source Loopback0

R2(config-router)#  neighbor 100.5.5.5 next-hop-self

R2(config-router)# neighbor 201.12.34.1  remote-as 65333

R2(config-router)# no auto-summary

!

R4(config-router)#router bgp 65001

R4(config-router)# no synchronization

R4(config-router)# bgp  log-neighbor-changes

R4(config-router)# neighbor 100.2.2.2  remote-as 65001

R4(config-router)# neighbor 100.2.2.2  update-source Loopback0

R4(config-router)# neighbor 100.3.3.3  remote-as 65001

R4(config-router)# neighbor 100.3.3.3  update-source Loopback0

R4(config-router)# neighbor 100.5.5.5  remote-as 65001

R4(config-router)# neighbor 100.5.5.5  update-source Loopback0

R4(config-router)# no auto-summary

验证步骤:

R2#show ip bgp summary

BGP router identifier 100.2.2.2, local ASnumber 65001

BGP table version is 17, main routing tableversion 17

16 network entries using 1872 bytes ofmemory

32 path entries using 1664 bytes of memory

11/5 BGP path/bestpath attribute entries using1364 bytes of memory

1 BGP AS-PATH entries using 24 bytes ofmemory

0 BGP route-map cache entries using 0 bytesof memory

0 BGP filter-list cache entries using 0bytes of memory

BGP using 4924 total bytes of memory

BGP activity 16/0 prefixes, 32/0 paths,scan interval 60 secs


Neighbor        V   AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

100.3.3.3       4 65001      33     33       17    0   0 00:23:48        1

100.4.4.4       4 65001      19     24       17    0   0 00:15:45        0

100.5.5.5       4 65001      25     31       17    0   0 00:21:51        0

201.12.34.1     4 65333      37     32       17    0   0 00:25:39        1


步骤4、让R1得到AS 65001的路由

到现在R1还没得到AS 65001的路由,我们可以在R2和R3上重分步OSPF的路由到BGP

R2(config)#router bgp 65001

R2(config-router)#Redistribute ospf 110match internal external

!

R3(config)#router bgp 65001

R3(config-router)#redistribute ospf 110match internal external


注意此时SW1其实没有任何路由去往4.2.2.2,因为我们没有在R4或这R5上进行重分步。为了让SW1得到路由,我们可以在R4和R5产生一条OSPF的默认路由:

R4(config)#router ospf 110

R4(config-router)#default-infORMationoriginate always

!

R5(config-router)#router ospf 110

R5(config-router)#default-informationoriginate always

查看SW1的路由:


SW1#show ip route ospf

   100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O IA   100.4.4.4/32 [110/2] via 10.1.0.1, 01:20:11, FastEthernet1/0

O IA   100.5.5.5/32 [110/2] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   100.2.2.2/32 [110/12] via 10.1.0.9, 01:04:34, FastEthernet1/1

                    [110/12] via 10.1.0.1,01:04:34, FastEthernet1/0

O IA   100.3.3.3/32 [110/12] via 10.1.0.9, 01:15:05, FastEthernet1/1

                    [110/12] via 10.1.0.1,01:20:11, FastEthernet1/0

   10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks

O      10.1.0.12/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   10.0.0.24/30 [110/11] via 10.1.0.1, 01:20:11, FastEthernet1/0

O IA   10.0.0.28/30 [110/11] via 10.1.0.9, 01:15:00, FastEthernet1/1

O IA   10.0.0.16/30 [110/11] via 10.1.0.1, 01:20:02, FastEthernet1/0

O IA   10.0.0.20/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   10.0.0.32/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   10.0.0.52/30 [110/21] via 10.1.0.9, 01:20:11, FastEthernet1/1

                    [110/21] via 10.1.0.1,01:20:11, FastEthernet1/0

O*E2 0.0.0.0/0 [110/1] via 10.1.0.9,00:35:23, FastEthernet1/1

              [110/1] via 10.1.0.1, 00:36:04,FastEthernet1/0

查看R1的路由(R1在考试时不能配置):

R1#show ip route bgp

   100.0.0.0/32 is subnetted, 5 subnets

B       100.4.4.4 [20/11] via 202.12.34.2, 00:38:09

B      100.5.5.5 [20/11] via 202.12.34.2, 00:38:09

B      100.6.6.6 [20/21] via 202.12.34.2, 00:38:09

B      100.2.2.2 [20/0] via 201.12.34.2, 00:38:40

B      100.3.3.3 [20/0] via 202.12.34.2, 00:38:09

    10.0.0.0/8 is variably subnetted, 10 subnets,2 masks

B      10.1.0.8/30 [20/20] via 202.12.34.2, 00:38:10

B      10.1.0.12/30 [20/20] via 202.12.34.2, 00:38:10

B      10.1.1.0/24 [20/21] via 202.12.34.2, 00:38:10

B      10.1.0.0/30 [20/20] via 202.12.34.2, 00:38:10

B      10.0.0.24/30 [20/0] via 202.12.34.2, 00:38:10

B      10.0.0.28/30 [20/0] via 202.12.34.2, 00:38:10

B      10.0.0.16/30 [20/0] via 201.12.34.2, 00:38:40

B      10.0.0.20/30 [20/0] via 201.12.34.2, 00:38:40

B      10.0.0.32/30 [20/20] via 202.12.34.2, 00:38:10

B      10.0.0.52/30 [20/0] via 201.12.34.2, 00:38:40


验证:


SW1#ping 4.2.2.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2,timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-tripmin/avg/max = 36/91/180 ms


SW1#traceroute 4.2.2.2


Type escape sequence to abort.

Tracing the route to 4.2.2.2


 110.1.0.9 76 msec

  10.1.0.1 80 msec

  10.1.0.9 16 msec

 210.0.0.17 72 msec

  10.0.0.21 72 msec

  10.0.0.17 24 msec

 3201.12.34.1 148 msec

如果要达到数据包负载的效果,请在交换机上关掉CEF:

SW1(config)#no ip cef

R32#traceroute 4.2.2.2


Type escape sequence to abort.

Tracing the route to 4.2.2.2


 110.1.1.1 64 msec 76 msec 28 msec

 210.1.0.9 64 msec

  10.1.0.1 32 msec

  10.1.0.9 32 msec

 310.0.0.17 60 msec

  10.0.0.21 28 msec

  10.0.0.17 20 msec

 4201.12.34.1 80 msec *  152 msec

当然在R2和R3上其实也可以采用通告的方式让R1得到路由,请去掉之前的重分步

R2(config)#router bgp 65001

R2(config-router)#no redistribute ospf  110 match internal external

R2(config-router)#network 10.1.1.0 mask  255.255.255.0

R2(config-router)#network 10.1.0.0 mask  255.255.255.252

R2(config-router)#network 10.1.0.8 mask  255.255.255.252

!

R2(config)#router bgp 65001

R3(config-router)#no redistribute ospf  110 match internal external

R3(config-router)#network 10.1.1.0 mask  255.255.255.0

R3(config-router)#network 10.1.0.0 mask  255.255.255.252

R3(config-router)#network 10.1.0.8 mask  255.255.255.252

这里可以汇总BGP路由,查看summary-only的情况其实没有影响:

R3(config-router)#aggregate-address  10.0.0.0 255.0.0.0 summary-only

R2(config-router)#aggregate-address  10.0.0.0 255.0.0.0 summary-only

最后的验证:

查看R1:

R1#sh ip bgp

BGP table version is 88, local router ID is4.2.2.2

Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? -incomplete


 Network          Next Hop            Metric LocPrf Weight Path

*> 4.2.2.2/32       0.0.0.0                  0         32768 i

* 10.0.0.0         202.12.34.2              0            0 65001 i

*>                  201.12.34.2              0             0 65001 i

R1#show ip route bgp

B   10.0.0.0/8 [20/0] via 201.12.34.2, 00:03:52


R32#ping 4.2.2.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2,timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5),round-trip min/avg/max = 12/55/128 ms

R32#trac

R32#traceroute 4.2.2.2


Type escape sequence to abort.

Tracing the route to 4.2.2.2


 110.1.1.1 72 msec 76 msec 12 msec

 210.1.0.9 24 msec

  10.1.0.1 104 msec

  10.1.0.9 36 msec

 310.0.0.17 20 msec

  10.0.0.21 72 msec

  10.0.0.17 664 msec

 4201.12.34.1 88 msec


错误点总结

A、注意查看policy-map,R5有一个错误点是用PBR把下一跳指向了null 0

B、R1和R2或者(R3)BGP邻居指错, R2 R3上的BGP进程下的10.0.0.0/8的summary-only汇总,no掉summary-only,保持汇总(这个其实没有任何影响)

C、R13(或者R5)有一个和PC相同的地址(通告到了OSPF或者重分步)影响路由,去掉该通告

D、SW1上的VLAN11没宣告导致没有该网段的路由(强烈建议在主机所在网段的SVI接口下做ip ospf XXarea 1

E、SW1 SVI 11接口“no ip route-cache cef”要保留该配置,因为图片要求负载均衡

F、R2和R3没有针对R4、R5做下一跳自我,导致R4和R5没有4.2.2.2的路由

附上所有设备的参考配置:

R1:

hostname R1

!

ip cef


interface Loopback0

ip  address 4.2.2.2 255.255.255.255

!

!

interface Serial2/0

ip  address 201.12.34.1 255.255.255.252

serial restart-delay 0

no  dce-terminal-timing-enable

!

interface Serial2/1

ip  address 202.12.34.1 255.255.255.252

serial restart-delay 0

no  dce-terminal-timing-enable


!

router bgp 65333

no  synchronization

bgp log-neighbor-changes

network 4.2.2.2 mask 255.255.255.255

neighbor 201.12.34.2 remote-as 65001

neighbor 202.12.34.2 remote-as 65001

no  auto-summary

R2的配置:

hostname R2


ip cef


!

interface Loopback0

ip  address 100.2.2.2 255.255.255.255

ip  ospf 110 area 0

!


!

interface Ethernet0/1

ip  address 10.0.0.21 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

interface Ethernet0/2

no  ip address

shutdown

half-duplex

!

interface Ethernet0/3

ip  address 10.0.0.17 255.255.255.252

ip  ospf 110 area 0

half-duplex


!

interface Ethernet1/1

ip  address 10.0.0.53 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

!

interface Serial2/0

ip  address 201.12.34.2 255.255.255.252

serial restart-delay 0

no  dce-terminal-timing-enable

!


!

interface Serial2/3

no  ip address

shutdown

serial restart-delay 0

no  dce-terminal-timing-enable

!

router ospf 110

router-id 100.2.2.2

log-adjacency-changes

!

router bgp 65001

no  synchronization

bgp log-neighbor-changes

network 10.1.0.0 mask 255.255.255.252

network 10.1.0.8 mask 255.255.255.252

network 10.1.1.0 mask 255.255.255.0

redistribute ospf 110

neighbor 100.3.3.3 remote-as 65001

neighbor  100.3.3.3 update-source Loopback0

neighbor 100.3.3.3 next-hop-self

neighbor 100.4.4.4 remote-as 65001

neighbor 100.4.4.4 update-source Loopback0

neighbor 100.4.4.4 next-hop-self

neighbor 100.5.5.5 remote-as 65001

neighbor 100.5.5.5 update-source Loopback0

neighbor 100.5.5.5 next-hop-self

neighbor 201.12.34.1 remote-as 65333

no  auto-summary

R3的配置:

hostname R3


ip cef



interface Loopback0

ip  address 100.3.3.3 255.255.255.255

ip  ospf 110 area 0

!


!

interface Ethernet0/2

ip  address 10.0.0.29 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

interface Ethernet0/3

ip  address 10.0.0.25 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

interface Ethernet1/0

ip  address 10.0.0.54 255.255.255.252

ip  ospf 110 area 0

half-duplex

!


!

interface Serial2/0

ip  address 202.12.34.2 255.255.255.252

serial restart-delay 0

no  dce-terminal-timing-enable

!


!

router ospf 110

log-adjacency-changes

!

router bgp 65001

no  synchronization

bgp log-neighbor-changes

network  10.1.0.0 mask 255.255.255.252

network 10.1.0.8 mask 255.255.255.252

network 10.1.1.0 mask 255.255.255.0

redistribute ospf 110

neighbor 100.2.2.2 remote-as 65001

neighbor 100.2.2.2 update-source Loopback0

neighbor 100.2.2.2 next-hop-self

neighbor 100.4.4.4 remote-as 65001

neighbor 100.4.4.4 update-source Loopback0

neighbor 100.4.4.4 next-hop-self

neighbor 100.5.5.5 remote-as 65001

neighbor 100.5.5.5 update-source Loopback0

neighbor 100.5.5.5 next-hop-self

neighbor 202.12.34.1 remote-as 65333

no  auto-summary

R4的配置:

hostname R4

!

ip cef


interface Loopback0

ip  address 100.4.4.4 255.255.255.255

ip  ospf 110 area 0

!

interface Ethernet0/0

ip  address 10.0.0.18 255.255.255.252

ip  ospf 110 area 0

half-duplex


interface Ethernet1/1

ip  address 10.1.0.1 255.255.255.252

ip  ospf 110 area 1

half-duplex

!

!

interface Ethernet1/3

ip  address 10.0.0.33 255.255.255.252

half-duplex

!

interface Ethernet2/0

ip  address 10.0.0.26 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

router ospf 110

log-adjacency-changes

default-information originate always

!

router bgp 65001

no  synchronization

bgp log-neighbor-changes

neighbor 100.2.2.2 remote-as 65001

neighbor 100.2.2.2 update-source Loopback0

neighbor 100.3.3.3 remote-as 65001

neighbor 100.3.3.3 update-source Loopback0

neighbor 100.5.5.5 remote-as 65001

neighbor 100.5.5.5 update-source Loopback0

no  auto-summary

R5的配置:

hostname R5

!

ip cef


interface Loopback0

ip  address 100.5.5.5 255.255.255.255

ip  ospf 110 area 0

!

interface Ethernet0/0

ip  address 10.0.0.22 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

interface Ethernet0/1

ip  address 10.0.0.30 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

interface Ethernet0/2

ip  address 10.0.0.34 255.255.255.252

ip  ospf 110 area 0

half-duplex

!

interface Ethernet0/3

ip  address 10.1.0.9 255.255.255.252

ip  ospf 110 area 1

half-duplex

!

interface Ethernet1/0

ip  address 10.1.0.13 255.255.255.252

ip  ospf 110 area 1

half-duplex


!



!

router ospf 110

log-adjacency-changes

default-information originate always

!

router bgp 65001

no  synchronization

bgp log-neighbor-changes

neighbor 100.2.2.2 remote-as 65001

neighbor 100.2.2.2 update-source Loopback0

neighbor 100.3.3.3 remote-as 65001

neighbor 100.4.4.4 remote-as 65001

no  auto-summary

SW1的配置:

hostname SW1

!

no ip cef


!

!

!

!

!

interface Loopback0

ip  address 100.6.6.6 255.255.255.252

ip  ospf 110 area 1

!


interface FastEthernet1/0

no  switchport

ip  address 10.1.0.2 255.255.255.252

ip  ospf 110 area 1

no  cdp enable

!

interface FastEthernet1/1

no  switchport

ip  address 10.1.0.10 255.255.255.252

ip  ospf 110 area 1

no  cdp enable

!


!

interface Vlan11

ip  address 10.1.1.1 255.255.255.0

ip  ospf 110 area 1

!

router ospf 110

router-id 100.6.6.6

log-adjacency-changes

主机的配置:

hostname R32

!

no ip cef


interface Ethernet0/0

ip  address 10.1.1.100 255.255.255.0

no  ip route-cache

half-duplex

!

ip default-gateway 10.1.1.



相关文章