MPLS解决BGP路由黑洞

Posted on by hackdl

需求

1、as200TCP连接采用isis

2、r3不配置BGP

3、在R1上发布1.1.1.1,在r5上发布5.5.5.5

4、通过route recursive-lookup tunnel,解决BGP黑洞

配置

R1

display current-configuration

[V200R003C00]

#

sysname r1

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 12.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

bgp 100

router-id 1.1.1.1

undo default ipv4-unicast

peer 12.1.1.2 as-number 200

#

ipv4-family unicast

undo synchronization

network 1.1.1.1 255.255.255.255

peer 12.1.1.2 enable

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

R2

display current-configuration

[V200R003C00]

#

sysname r2

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

mpls lsr-id 2.2.2.2

mpls

#

mpls ldp

#

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#

local-user admin service-type http

#

isis 100

is-level level-2

network-entity 49.0001.0020.0200.2002.00

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 12.1.1.2 255.255.255.0

isis enable 100

#

interface GigabitEthernet0/0/1

ip address 23.1.1.2 255.255.255.0

isis enable 100

mpls

mpls ldp

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

isis enable 100

#

bgp 200

router-id 2.2.2.2

undo default ipv4-unicast

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack0

peer 12.1.1.1 as-number 100

#

ipv4-family unicast

undo synchronization

peer 4.4.4.4 enable

peer 4.4.4.4 next-hop-local

peer 12.1.1.1 enable

#

route recursive-lookup tunnel

#

user-interface con 0

authentication-mode pass服务器托管网word

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

R3

display current-configuration

[V200R003C00]

#

sysname r3

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

mpls lsr-id 3.3.3.3

mpls

#

mpls ldp

#

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user服务器托管网 admin password cipher %$%$K8m.Nt84DZ}e#

local-user admin service-type http

#

isis 100

is-level level-2

network-entity 49.0001.0030.0300.3003.00

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 23.1.1.3 255.255.255.0

isis enable 100

mpls

mpls ldp

#

interface GigabitEthernet0/0/1

ip address 34.1.1.3 255.255.255.0

isis enable 100

mpls

mpls ldp

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

isis enable 100

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

R4

display current-configuration

[V200R003C00]

#

sysname r4

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

mpls lsr-id 4.4.4.4

mpls

#

mpls ldp

#

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#

local-user admin service-type http

#

isis 100

is-level level-2

network-entity 49.0001.0040.0400.4004.00

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 34.1.1.4 255.255.255.0

isis enable 100

isis dis-priority 100

mpls

mpls ldp

#

interface GigabitEthernet0/0/1

ip address 45.1.1.4 255.255.255.0

isis enable 100

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

isis enable 100

#

bgp 200

router-id 4.4.4.4

undo default ipv4-unicast

peer 2.2.2.2 as-number 200

peer 2.2.2.2 connect-interface LoopBack0

peer 45.1.1.5 as-number 300

#

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

peer 2.2.2.2 next-hop-local

peer 45.1.1.5 enable

#

route recursive-lookup tunnel

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

R5

display current-configuration

[V200R003C00]

#

sysname r5

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %$%$K8m.Nt84DZ}e#

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 45.1.1.5 255.255.255.0

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

#

bgp 300

undo default ipv4-unicast

peer 45.1.1.4 as-number 200

#

ipv4-family unicast

undo synchronization

network 5.0.0.0

network 5.5.5.5 255.255.255.255

peer 45.1.1.4 enable

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

特别注意事项,

以上接口都需要配置为isis,IBGP采用环回接口建立邻居peer

这两台设备需要配置:peer 4.4.4.4 next-hop-local,根据BGP水平分割的原理,只能传给相邻设备,不能传送给间隔设别,同时两端还需要配置route recursive-lookup tunnel

服务器托管,北京服务器托管,服务器租用 http://www.fwqtg.net
机房租用,北京机房租用,IDC机房托管, http://www.fwqtg.net

相关推荐: GaussDB整体性能慢-视图分析

问题描述 整体性能慢。不满足客户作业对时延要求或者不满足客户预期。 问题现象 业务反馈业务接口时延高;或者数据库P80/P95等指标升高;有可能会出现大量慢SQL。 告警 业务侧相关接口时延、成功率等告警。 数据库内核P80/P95相关告警。 业务影响 业务时…

服务器托管,北京服务器托管,服务器租用,机房机柜带宽租用

服务器托管

咨询:董先生

电话13051898268 QQ/微信93663045!

上一篇:
下一篇: