CCIE TS3 Internet 题目

发布时间：2019-07-11 09:51:51编辑：auto阅读（1373）

TS3 Internet 题目实验

目录

TS3 Internet 题目实验... 1

一、拓扑... 1

二、需求：... 2

三、配置基本步骤：... 2

步骤1, R2、R3、R4、R5、SW1运行IGP-OSPF，区域请参照图中配置区域0和区域12

步骤3、R1和R2、R3建立eBGP邻居关系，R1上通告其环回口，R2、R3、R4、R5之间建立iBGP邻居关系3

步骤4、让R1得到AS 65001的路由... 4







一、拓扑




请不要关注SW2，模拟环境和SW2无关，SW1采用了3750模拟器，所以为快速以太口

二、需求：

最下面VLAN 11所在主机（R32）10.1.1.100与BGP（65333）区域的R1拥有的地址4.2.2.2通信

三、配置基本步骤：

步骤1, R2、R3、R4、R5、SW1运行IGP-OSPF，区域请参照图中配置区域0和区域1

为了方便期间我们直接在接口下运行OSPF

此处给出R2的配置

R2(config)#router ospf 110 R2(config-router)#router-id 100.2.2.2 R2(config)#int loopback0 R2(config-if)#ip ospf 110 area 0 R2(config-if)#int e0/1 R2(config-if)#ip ospf 110 a 0 R2(config-if)#int e1/1 R2(config-if)#ip ospf 110 a 0 R2(config)#int e0/3  R2(config-if)#ip ospf 110 a 0

检查步骤，查看邻居：

R4#show ip ospf neighbor




Neighbor ID     Pri  State           Dead Time   Address         Interface

100.2.2.2         1  FULL/BDR        00:00:37    10.0.0.17       Ethernet0/0

100.3.3.3         1  FULL/DR         00:00:39    10.0.0.25       Ethernet2/0

100.6.6.6         1  FULL/BDR        00:00:33    10.1.0.2        Ethernet1/1




R3#show ip ospf neighbor




Neighbor ID     Pri  State           Dead Time   Address         Interface

100.2.2.2         1  FULL/BDR        00:00:31    10.0.0.53       Ethernet1/0

100.4.4.4         1  FULL/BDR        00:00:33    10.0.0.26       Ethernet0/3

100.5.5.5         1  FULL/BDR        00:00:35    10.0.0.30       Ethernet0/2




步骤2、最下面的设备模拟主机（R32），以SVI 11作为默认网关。请注意SW1的SVI 11一定要通告进OSPF

R32(config)#no ip routing R32(config)#ip default-gateway 10.1.1.1 R32(config)#interface Ethernet0/0 R32(config-if)# ip address 10.1.1.100  255.255.255.0 R32(config-if)# no ip route-cache SW1的配置： SW1(config)#vlan 11 SW1(config)#interface vlan 11 SW1(config)# no switchport SW1(config)# ip address 10.1.0.10  255.255.255.252 SW1(config-if)#ip ospf 110 area 1

验证步骤：

主机依赖默认网关去通信，我们先查看和网关的通信：

R32#ping 10.1.1.1




Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1,timeout is 2 seconds:

!!!!!

再来验证和其他设备的通信情况

R32#ping 100.2.2.2




Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to100.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5),round-trip min/avg/max = 20/34/72 ms




步骤3、R1和R2、R3建立eBGP邻居关系，R1上通告其环回口，R2、R3、R4、R5之间建立iBGP邻居关系

部分设备配置如下

R1(config)#router bgp 65333 R1(config-router)#neighbor 201.12.34.2  remote-as 65001 R1(config-router)#neighbor 202.12.34.2  remote-as 65001 R1(config-router)#network  4.2.2.2 mask 255.255.255.255 ! R2(config-router)#  router bgp 65001 R2(config-router)# no synchronization R2(config-router)# bgp  log-neighbor-changes R2(config-router)# neighbor 100.3.3.3  remote-as 65001 R2(config-router)# neighbor 100.3.3.3  update-source Loopback0 R2(config-router)# neighbor 100.3.3.3  next-hop-self R2(config-router)# neighbor 100.4.4.4  remote-as 65001 R2(config-router)# neighbor 100.4.4.4  update-source Loopback0 R2(config-router)#  neighbor 100.4.4.4 next-hop-self---不要忘记针对iBGP邻居指定下一跳自我，否则R4和R5不会优化路由，不会放入路由表 R2(config-router)# neighbor 100.5.5.5  remote-as 65001 R2(config-router)# neighbor 100.5.5.5  update-source Loopback0 R2(config-router)#  neighbor 100.5.5.5 next-hop-self R2(config-router)# neighbor 201.12.34.1  remote-as 65333 R2(config-router)# no auto-summary ! R4(config-router)#router bgp 65001 R4(config-router)# no synchronization R4(config-router)# bgp  log-neighbor-changes R4(config-router)# neighbor 100.2.2.2  remote-as 65001 R4(config-router)# neighbor 100.2.2.2  update-source Loopback0 R4(config-router)# neighbor 100.3.3.3  remote-as 65001 R4(config-router)# neighbor 100.3.3.3  update-source Loopback0 R4(config-router)# neighbor 100.5.5.5  remote-as 65001 R4(config-router)# neighbor 100.5.5.5  update-source Loopback0 R4(config-router)# no auto-summary

验证步骤：

R2#show ip bgp summary

BGP router identifier 100.2.2.2, local ASnumber 65001

BGP table version is 17, main routing tableversion 17

16 network entries using 1872 bytes ofmemory

32 path entries using 1664 bytes of memory

11/5 BGP path/bestpath attribute entries using1364 bytes of memory

1 BGP AS-PATH entries using 24 bytes ofmemory

0 BGP route-map cache entries using 0 bytesof memory

0 BGP filter-list cache entries using 0bytes of memory

BGP using 4924 total bytes of memory

BGP activity 16/0 prefixes, 32/0 paths,scan interval 60 secs




Neighbor        V   AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

100.3.3.3       4 65001      33     33       17    0   0 00:23:48        1

100.4.4.4       4 65001      19     24       17    0   0 00:15:45        0

100.5.5.5       4 65001      25     31       17    0   0 00:21:51        0

201.12.34.1     4 65333      37     32       17    0   0 00:25:39        1




步骤4、让R1得到AS 65001的路由

到现在R1还没得到AS 65001的路由，我们可以在R2和R3上重分步OSPF的路由到BGP

R2(config)#router bgp 65001

R2(config-router)#redistribute ospf 110match internal external

!

R3(config)#router bgp 65001

R3(config-router)#redistribute ospf 110match internal external




注意此时SW1其实没有任何路由去往4.2.2.2，因为我们没有在R4或这R5上进行重分步。为了让SW1得到路由，我们可以在R4和R5产生一条OSPF的默认路由：

R4(config)#router ospf 110

R4(config-router)#default-informationoriginate always

!

R5(config-router)#router ospf 110

R5(config-router)#default-informationoriginate always

查看SW1的路由：




SW1#show ip route ospf

   100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O IA   100.4.4.4/32 [110/2] via 10.1.0.1, 01:20:11, FastEthernet1/0

O IA   100.5.5.5/32 [110/2] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   100.2.2.2/32 [110/12] via 10.1.0.9, 01:04:34, FastEthernet1/1

                    [110/12] via 10.1.0.1,01:04:34, FastEthernet1/0

O IA   100.3.3.3/32 [110/12] via 10.1.0.9, 01:15:05, FastEthernet1/1

                    [110/12] via 10.1.0.1,01:20:11, FastEthernet1/0

   10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks

O      10.1.0.12/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   10.0.0.24/30 [110/11] via 10.1.0.1, 01:20:11, FastEthernet1/0

O IA   10.0.0.28/30 [110/11] via 10.1.0.9, 01:15:00, FastEthernet1/1

O IA   10.0.0.16/30 [110/11] via 10.1.0.1, 01:20:02, FastEthernet1/0

O IA   10.0.0.20/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   10.0.0.32/30 [110/11] via 10.1.0.9, 01:20:11, FastEthernet1/1

O IA   10.0.0.52/30 [110/21] via 10.1.0.9, 01:20:11, FastEthernet1/1

                    [110/21] via 10.1.0.1,01:20:11, FastEthernet1/0

O*E2 0.0.0.0/0 [110/1] via 10.1.0.9,00:35:23, FastEthernet1/1

              [110/1] via 10.1.0.1, 00:36:04,FastEthernet1/0

查看R1的路由（R1在考试时不能配置）：

R1#show ip route bgp

   100.0.0.0/32 is subnetted, 5 subnets

B       100.4.4.4 [20/11] via 202.12.34.2, 00:38:09

B      100.5.5.5 [20/11] via 202.12.34.2, 00:38:09

B      100.6.6.6 [20/21] via 202.12.34.2, 00:38:09

B      100.2.2.2 [20/0] via 201.12.34.2, 00:38:40

B      100.3.3.3 [20/0] via 202.12.34.2, 00:38:09

    10.0.0.0/8 is variably subnetted, 10 subnets,2 masks

B      10.1.0.8/30 [20/20] via 202.12.34.2, 00:38:10

B      10.1.0.12/30 [20/20] via 202.12.34.2, 00:38:10

B      10.1.1.0/24 [20/21] via 202.12.34.2, 00:38:10

B      10.1.0.0/30 [20/20] via 202.12.34.2, 00:38:10

B      10.0.0.24/30 [20/0] via 202.12.34.2, 00:38:10

B      10.0.0.28/30 [20/0] via 202.12.34.2, 00:38:10

B      10.0.0.16/30 [20/0] via 201.12.34.2, 00:38:40

B      10.0.0.20/30 [20/0] via 201.12.34.2, 00:38:40

B      10.0.0.32/30 [20/20] via 202.12.34.2, 00:38:10

B      10.0.0.52/30 [20/0] via 201.12.34.2, 00:38:40




验证：




SW1#ping 4.2.2.2




Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2,timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-tripmin/avg/max = 36/91/180 ms




SW1#traceroute 4.2.2.2




Type escape sequence to abort.

Tracing the route to 4.2.2.2




 110.1.0.9 76 msec

  10.1.0.1 80 msec

  10.1.0.9 16 msec

 210.0.0.17 72 msec

  10.0.0.21 72 msec

  10.0.0.17 24 msec

 3201.12.34.1 148 msec

如果要达到数据包负载的效果，请在交换机上关掉CEF：

SW1(config)#no ip cef

R32#traceroute 4.2.2.2




Type escape sequence to abort.

Tracing the route to 4.2.2.2




 110.1.1.1 64 msec 76 msec 28 msec

 210.1.0.9 64 msec

  10.1.0.1 32 msec

  10.1.0.9 32 msec

 310.0.0.17 60 msec

  10.0.0.21 28 msec

  10.0.0.17 20 msec

 4201.12.34.1 80 msec *  152 msec

当然在R2和R3上其实也可以采用通告的方式让R1得到路由，请去掉之前的重分步

R2(config)#router bgp 65001 R2(config-router)#no redistribute ospf  110 match internal external R2(config-router)#network 10.1.1.0 mask  255.255.255.0 R2(config-router)#network 10.1.0.0 mask  255.255.255.252 R2(config-router)#network 10.1.0.8 mask  255.255.255.252 ! R2(config)#router bgp 65001 R3(config-router)#no redistribute ospf  110 match internal external R3(config-router)#network 10.1.1.0 mask  255.255.255.0 R3(config-router)#network 10.1.0.0 mask  255.255.255.252 R3(config-router)#network 10.1.0.8 mask  255.255.255.252 这里可以汇总BGP路由，查看summary-only的情况其实没有影响： R3(config-router)#aggregate-address  10.0.0.0 255.0.0.0 summary-only R2(config-router)#aggregate-address  10.0.0.0 255.0.0.0 summary-only

最后的验证：

查看R1：

R1#sh ip bgp

BGP table version is 88, local router ID is4.2.2.2

Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? -incomplete




 Network          Next Hop            Metric LocPrf Weight Path

*> 4.2.2.2/32       0.0.0.0                  0         32768 i

* 10.0.0.0         202.12.34.2              0            0 65001 i

*>                  201.12.34.2              0             0 65001 i

R1#show ip route bgp

B   10.0.0.0/8 [20/0] via 201.12.34.2, 00:03:52




R32#ping 4.2.2.2




Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2,timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5),round-trip min/avg/max = 12/55/128 ms

R32#trac

R32#traceroute 4.2.2.2




Type escape sequence to abort.

Tracing the route to 4.2.2.2




 110.1.1.1 72 msec 76 msec 12 msec

 210.1.0.9 24 msec

  10.1.0.1 104 msec

  10.1.0.9 36 msec

 310.0.0.17 20 msec

  10.0.0.21 72 msec

  10.0.0.17 664 msec

 4201.12.34.1 88 msec




错误点总结：

A、注意查看policy-map，R5有一个错误点是用PBR把下一跳指向了null 0

B、R1和R2或者（R3）BGP邻居指错， R2 R3上的BGP进程下的10.0.0.0/8的summary-only汇总,no掉summary-only，保持汇总（这个其实没有任何影响）

C、R13（或者R5）有一个和PC相同的地址（通告到了OSPF或者重分步）影响路由，去掉该通告

D、SW1上的VLAN11没宣告导致没有该网段的路由（强烈建议在主机所在网段的SVI接口下做ip ospf XXarea 1）

E、SW1 SVI 11接口“no ip route-cache cef”要保留该配置，因为图片要求负载均衡

F、R2和R3没有针对R4、R5做下一跳自我，导致R4和R5没有4.2.2.2的路由

附上所有设备的参考配置：

R1： hostname R1 ! ip cef interface Loopback0 ip  address 4.2.2.2 255.255.255.255 ! ! interface Serial2/0 ip  address 201.12.34.1 255.255.255.252 serial restart-delay 0 no  dce-terminal-timing-enable ! interface Serial2/1 ip  address 202.12.34.1 255.255.255.252 serial restart-delay 0 no  dce-terminal-timing-enable ! router bgp 65333 no  synchronization bgp log-neighbor-changes network 4.2.2.2 mask 255.255.255.255 neighbor 201.12.34.2 remote-as 65001 neighbor 202.12.34.2 remote-as 65001 no  auto-summary R2的配置： hostname R2 ip cef ! interface Loopback0 ip  address 100.2.2.2 255.255.255.255 ip  ospf 110 area 0 ! ! interface Ethernet0/1 ip  address 10.0.0.21 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet0/2 no  ip address shutdown half-duplex ! interface Ethernet0/3 ip  address 10.0.0.17 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet1/1 ip  address 10.0.0.53 255.255.255.252 ip  ospf 110 area 0 half-duplex ! ! interface Serial2/0 ip  address 201.12.34.2 255.255.255.252 serial restart-delay 0 no  dce-terminal-timing-enable ! ! interface Serial2/3 no  ip address shutdown serial restart-delay 0 no  dce-terminal-timing-enable ! router ospf 110 router-id 100.2.2.2 log-adjacency-changes ! router bgp 65001 no  synchronization bgp log-neighbor-changes network 10.1.0.0 mask 255.255.255.252 network 10.1.0.8 mask 255.255.255.252 network 10.1.1.0 mask 255.255.255.0 redistribute ospf 110 neighbor 100.3.3.3 remote-as 65001 neighbor  100.3.3.3 update-source Loopback0 neighbor 100.3.3.3 next-hop-self neighbor 100.4.4.4 remote-as 65001 neighbor 100.4.4.4 update-source Loopback0 neighbor 100.4.4.4 next-hop-self neighbor 100.5.5.5 remote-as 65001 neighbor 100.5.5.5 update-source Loopback0 neighbor 100.5.5.5 next-hop-self neighbor 201.12.34.1 remote-as 65333 no  auto-summary R3的配置： hostname R3 ip cef interface Loopback0 ip  address 100.3.3.3 255.255.255.255 ip  ospf 110 area 0 ! ! interface Ethernet0/2 ip  address 10.0.0.29 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet0/3 ip  address 10.0.0.25 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet1/0 ip  address 10.0.0.54 255.255.255.252 ip  ospf 110 area 0 half-duplex ! ! interface Serial2/0 ip  address 202.12.34.2 255.255.255.252 serial restart-delay 0 no  dce-terminal-timing-enable ! ! router ospf 110 log-adjacency-changes ! router bgp 65001 no  synchronization bgp log-neighbor-changes network  10.1.0.0 mask 255.255.255.252 network 10.1.0.8 mask 255.255.255.252 network 10.1.1.0 mask 255.255.255.0 redistribute ospf 110 neighbor 100.2.2.2 remote-as 65001 neighbor 100.2.2.2 update-source Loopback0 neighbor 100.2.2.2 next-hop-self neighbor 100.4.4.4 remote-as 65001 neighbor 100.4.4.4 update-source Loopback0 neighbor 100.4.4.4 next-hop-self neighbor 100.5.5.5 remote-as 65001 neighbor 100.5.5.5 update-source Loopback0 neighbor 100.5.5.5 next-hop-self neighbor 202.12.34.1 remote-as 65333 no  auto-summary R4的配置： hostname R4 ! ip cef interface Loopback0 ip  address 100.4.4.4 255.255.255.255 ip  ospf 110 area 0 ! interface Ethernet0/0 ip  address 10.0.0.18 255.255.255.252 ip  ospf 110 area 0 half-duplex interface Ethernet1/1 ip  address 10.1.0.1 255.255.255.252 ip  ospf 110 area 1 half-duplex ! ! interface Ethernet1/3 ip  address 10.0.0.33 255.255.255.252 half-duplex ! interface Ethernet2/0 ip  address 10.0.0.26 255.255.255.252 ip  ospf 110 area 0 half-duplex ! router ospf 110 log-adjacency-changes default-information originate always ! router bgp 65001 no  synchronization bgp log-neighbor-changes neighbor 100.2.2.2 remote-as 65001 neighbor 100.2.2.2 update-source Loopback0 neighbor 100.3.3.3 remote-as 65001 neighbor 100.3.3.3 update-source Loopback0 neighbor 100.5.5.5 remote-as 65001 neighbor 100.5.5.5 update-source Loopback0 no  auto-summary R5的配置： hostname R5 ! ip cef interface Loopback0 ip  address 100.5.5.5 255.255.255.255 ip  ospf 110 area 0 ! interface Ethernet0/0 ip  address 10.0.0.22 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet0/1 ip  address 10.0.0.30 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet0/2 ip  address 10.0.0.34 255.255.255.252 ip  ospf 110 area 0 half-duplex ! interface Ethernet0/3 ip  address 10.1.0.9 255.255.255.252 ip  ospf 110 area 1 half-duplex ! interface Ethernet1/0 ip  address 10.1.0.13 255.255.255.252 ip  ospf 110 area 1 half-duplex ! ! router ospf 110 log-adjacency-changes default-information originate always ! router bgp 65001 no  synchronization bgp log-neighbor-changes neighbor 100.2.2.2 remote-as 65001 neighbor 100.2.2.2 update-source Loopback0 neighbor 100.3.3.3 remote-as 65001 neighbor 100.4.4.4 remote-as 65001 no  auto-summary SW1的配置： hostname SW1 ! no ip cef ! ! ! ! ! interface Loopback0 ip  address 100.6.6.6 255.255.255.252 ip  ospf 110 area 1 ! interface FastEthernet1/0 no  switchport ip  address 10.1.0.2 255.255.255.252 ip  ospf 110 area 1 no  cdp enable ! interface FastEthernet1/1 no  switchport ip  address 10.1.0.10 255.255.255.252 ip  ospf 110 area 1 no  cdp enable ! ! interface Vlan11 ip  address 10.1.1.1 255.255.255.0 ip  ospf 110 area 1 ! router ospf 110 router-id 100.6.6.6 log-adjacency-changes 主机的配置： hostname R32 ! no ip cef interface Ethernet0/0 ip  address 10.1.1.100 255.255.255.0 no  ip route-cache half-duplex ! ip default-gateway 10.1.1.

关键字：