路由策略典型配置举例与故障排除.doc

1.1 路由策略典型配置举例1.1.1 配置引入其它协议的路由信息1. 组网需求本例说明了一种OSPF协议有选择地引入RIP协议路由的情况。路由器连接了一所大学的校园网和一个地区性网络。校园网使用RIP作为其内部路由协议，地区性网络使用OSPF路由协议，路由器需要将校园网中的某些路由信息在地区性网络中发布。为实现这一功能，路由器上的OSPF协议在引入RIP协议路由信息时通过对一个路由策略的引用实现路由过滤的功能。该路由策略由两个节点组成，实现192.1.0.0/24 和128.2.0.0/16 的路由信息以不同的路由权值被OSPF协议发布。2. 组网图图1-1 配置OSPF引入RIP协议路由的组网图3. 配置步骤# 定义地址前缀列表。Routerip ip-prefix p1 permit 192.1.1.0 24 Routerip ip-prefix p2 permit 128.2.0.0 16 # 配置路由策略。Routerroute-policy r1 permit node 10 Router-route-policy if-match ip-prefix p1 Router-route-policy apply cost 120Router-route-policy route-policy r1 permit node 20 Router-route-policy if-match ip-prefix p2 Router-route-policy apply cost 100Router-route-policy quit # 配置OSPF协议Routerospf Router-ospf-1 area 0Router -ospf-1-area-0.0.0.0 network 128.1.0.0 0.0.0.255Router -ospf-1-area-0.0.0.0 quitRouter-ospf-1 import-route rip route-policy r1 Router-ospf-1 quitRouterinterface ethernet 0/0/0 Router-Ethernet0/0/0ip address 128.1.0.1 255.255.255.0 1.1.2 配置RIP过滤发布的路由信息1. 组网需求本例说明了RIP协议有选择地发布路由信息的情况。路由器连接了校园网A和校园网B，它们都使用RIP作为内部路由协议，路由器仅将校园网A中的192.1.1.0/24和192.1.2.0/24两个网段的路由发布到校园网B中去。为实现这一功能，路由器上的RIP协议使用一条filter-policy命令过滤发布的路由信息，通过对一个地址前缀列表的引用来实现对由路发布路由进行过滤的功能。2. 组网图图1-2 配置过滤发布路由信息的组网图3. 配置步骤# 配置地址前缀列表。Routerip ip-prefix p1 permit 192.1.1.0 24 Routerip ip-prefix p1 permit 192.1.2.0 24# 配置RIP协议。Routerrip Router-ripnetwork 192.1.0.0 Router-ripnetwork 202.1.1.0 Router-ripfilter-policy ip-prefix p1 export1.1.3 配置OSPF过滤接收的路由信息1. 组网需求l Router A与Router B通信，链路层封装PPP，都运行OSPF协议。l 对Router A上的OSPF路由进程进行配置，引入三条静态路由。l 通过在Router B上配置路由过滤规则，使接收到的三条静态路由部分可见，部分被屏蔽掉20.0.0.0和40.0.0.0网段的路由是可见的，30.0.0.0网段的路由则被屏蔽。2. 组网图图1-3 过滤接收的路由信息组网图3. 配置步骤(1) 配置Router A# 配置接口Serial1/0/0的IP地址，封装PPP协议。Router A interface serial 1/0/0Router A-Serial1/0/0 ip address 10.0.0.1 255.0.0.0Router A-Serial1/0/0 link-protocol pppRouter A-Serial1/0/0 quit# 配置三条静态路由。Router A ip route-static 20.0.0.1 32 serial 1/0/0Router A ip route-static 30.0.0.1 32 serial 1/0/0Router A ip route-static 40.0.0.1 32 serial 1/0/0# 启动OSPF协议，指定该接口所属区域号。Router A router id 1.1.1.1Router A ospfRouter A-ospf-1 area 0Router A-ospf-1-area-0.0.0.0 network 10.0.0.0 0.0.0.255# 引入静态路由。Router A-ospf-1 import-route static(2) 配置Router B# 配置接口Serial1/0/0的IP地址，封装PPP协议。Router B interface serial 1/0/0Router B-Serial1/0/0 ip address 10.0.0.2 255.0.0.0Router B-Serial1/0/0 link-protocol pppRouter B-Serial1/0/0 quit# 配置访问控制列表。Router B acl number 2001Router B-acl-basic-2001 rule deny source 30.0.0.0 0.255.255.255Router B-acl-basic-2001 rule permit source any# 启动OSPF协议，指定该接口所属区域号。Router B router id 2.2.2.2Router B ospf Router B-ospf-1 area 0Router A-ospf-1-area-0.0.0.0 network 10.0.0.0 0.0.0.255# 配置OSPF对接收的外部路由进行过滤。Router B-ospf-1 filter-policy 2001 import1.1.4 通过配置BGP的cost属性来选择路径1. 组网需求本例说明怎样通过BGP属性的使用来管理路由选择。所有路由器都配置BGP，AS200中的IGP使用OSPF。路由器A在AS100中，路由器B、路由器C和路由器D在AS200中。路由器A与路由器B和路由器C之间运行EBGP。路由器B和路由器C与路由器D之间运行IBGP。2. 组网图图1-4 配置BGP路径选择的组网图3. 配置步骤配置路由器Router A：Router A interface serial 2/0/0Router A-Serial2/0/0 ip address 192.1.1.1 255.255.255.0Router A-Serial2/0/0 interface serial 1/0/0Router A-Serial1/0/0 ip address 193.1.1.1 255.255.255.0Router A-Serial1/0/0 quitRouter A bgp 100Router A-bgp network 1.0.0.0Router A-bgp group ex192 externalRouter A-bgp peer 192.1.1.2 group ex192 as-number 200Router A-bgp group ex193 externalRouter A-bgp peer 193.1.1.2 group ex193 as-number 200Router A-bgp quit# 配置路由器A的MED属性# 增加访问列表到路由器A上，允许网络1.0.0.0Router A acl number 2001Router A-acl-basic-2001 rule permit source 1.0.0.0 0.255.255.255# 定义两个Route-policy，一个名为apply_med_50，另一个名为apply_med_100，第一个Route-policy为网络1.0.0.0设置的MED属性为50，第二个Route-policy设置的MED属性为100。Router A route-policy apply_med_50 permit node 10Router A-route-policy if-match acl 2001Router A-route-policy apply cost 50Router A-route-policy quitRouter A route-policy apply_med_100 permit node 10Router A-route-policy if-match acl 2001Router A-route-policy apply cost 100Router A-route-policy quit# 应用apply_med_50到邻居Router C（193.1.1.2）出口路由更新上，应用apply_med_100到邻居Router B（192.1.1.2）的出口路由更新上。Router A bgp 100Router A-bgp peer ex193 route-policy apply_med_50 exportRouter A-bgp peer ex192 route-policy apply_med_100 export配置路由器Router B：Router B interface serial 2/0/0Router B-Serial2/0/0 ip address 192.1.1.2 255.255.255.0Router B-Serial2/0/0 interface serial 1/0/0Router B-Serial1/0/0 ip address 194.1.1.2 255.255.255.0Router B-Serial1/0/0 quitRouter B ospfRouter B-ospf-1 import-route bgpRouter B-ospf-1 area 0Router B-ospf-1-area-0.0.0.0 network 194.1.1.0 0.0.0.255 Router B-ospf-1-area-0.0.0.0 network 192.1.1.0 0.0.0.255Router B bgp 200Router B-bgp undo synchronizationRouter B-bgp group ex externalRouter B-bgp peer 192.1.1.1 group ex as-number 100Router B-bgp group in internal Router B-bgp peer 194.1.1.1 group inRouter B-bgp import-route ospf配置路由器Router C：Router C interface serial 1/0/0Router C-Serial1/0/0 ip address 193.1.1.2 255.255.255.0Router C-Serial1/0/0 interface serial 2/0/0Router C-Serial2/0/0 ip address 195.1.1.2 255.255.255.0Router C-Serial2/0/0 quitRouterC ospfRouter C-ospf-1 import-route bgpRouter C-ospf-1 area 0Router C-ospf-1-area-0.0.0.0 network 193.1.1.0 0.0.0.255Router C-ospf-1-area-0.0.0.0 network 195.1.1.0 0.0.0.255Router C bgp 200Router C-bgp group ex externalRouter C-bgp peer 193.1.1.1 group ex as-number 100Router C-bgp group in internalRouter C-bgp peer 195.1.1.1 group inRouter C-bgp import-route ospf# 配置路由器Router D：RouterD interface serial 1/0/0RouterD-Serial1/0/0 ip address 194.1.1.1 255.255.255.0RouterD-Serial1/0/0 interface serial 2/0/0RouterD-Serial2/0/0 ip address 195.1.1.1 255.255.255.0RouterD-Serial2/0/0 quitRouterD ospfRouter D-ospf-1 import-route bgpRouter D-ospf-1 area 0Router D-ospf-1-area-0.0.0.0 network 194.1.1.0 0.0.0.255Router D-osp-1f-area-0.0.0.0 network 195.1.1.0 0.0.0.255Router D-ospf-1-area-0.0.0.0 network 4.0.0.0 0.255.255.255Router D bgp 200Router D-bgp group in internalRouter D-bgp peer 195.1.1.2 group in as-number 200Router D-bgp peer 194.1.1.2 group in as-number 200Router D-bgp import-route ospf为使配置生效，需要使用reset bgp all命令复位所有的BGP邻居。通过上述配置后，由于路由器C学到的路由1.0.0.0的MED属性比路由器B学到的更小，路由器D优选来自路由器C的路由1.0.0.0。如果在配置路由器A时，不配置路由器A的MED属性，而在路由器C上配置本地优先级如下：# 在路由器C上加上访问列表2001，允许网络1.0.0.0Router C acl number 2001Router C-acl-basic-2001 rule permit source 1.0.0.0 0.255.255.255# 定义名为localpref的路由策略，设置匹配acl 2001的路由的本地优先级为200，不匹配的为100。Router C route-policy localpref permit node 10Router C-route-policy if-match acl 2001Router C-route-policy apply local-preference 200Router C-route-policy route-policy localpref permit node 20Router C-route-policy apply local-preference 100Router C quit# 应用此路由策略到来自BGP邻居193.1.1.1（路由器A）的路由信息上。RouterC bgp 200RouterC-bgp peer 193.1.1.1 route-policy localpref import此时，由于路由器C学到的路由1.0.0.0的Local preference属性值为200，比路由器B学到的路由1.0.0.0的Local preference属性值（路由器B没有配置Local preference属性，默认为100）更大，路由器D依然优选来自路由器C的路由1.0.0.0。1.1.5 基于BGP next-hop/as-path/origin/ local-preference属性的路由策略配置举例1. 组网需求RouterA和RouterB在AS300，RouterD在AS100，RouterC在AS200。配置RouterA与D、RouterB与C、RouterC与D均为EBGP peer。RouterA与B为IBGP peer；RouterA与B间的IGP协议为RIP。2. 组网图图1-5 基于BGP next-hop/as-path/origin/ local-preference属性的路由策略配置举例3. 配置步骤(1) 配置RouterA：# 配置接口IP地址。RouterA interface serial 0/0/0RouterA-serial 0/0/0 ip address 172.16.1.1 255.255.255.0 RouterA-serial 0/0/0 interface ethernet 1/0/0RouterA-ethernet 1/0/0 ip address 129.102.1.6 255.255.0.0RouterA-ethernet 1/0/0 quit# 配置RIP协议。RouterA ripRouterA-rip network 129.102.1.6RouterA-rip quit# 配置BGP内部邻居和外部邻居。RouterA bgp 300RouterA-bgp undo synchronizationRouterA-bgp import-route ripRouterA-bgp group ex100 externalRouterA-bgp peer 172.16.1.2 group ex100 as-number 100RouterA-bgp group in300 internalRouterA-bgp peer 129.102.1.1 group in300 (2) 配置RouterB：RouterB interface serial 0/0/0RouterB-serial 0/0/0 ip address 10.0.0.1 255.255.255.0RouterB-serial 0/0/0 interface ethernet 1/0/0RouterB-ethernet 1/0/0 ip address 129.102.1.1 255.255.0.0RouterB-ethernet 1/0/0 quitRouterB ripRouterB-rip network 129.102.1.1RouterB-rip quitRouterB bgp 300RouterB-bgp import-route ripRouterB-bgp undo synchronizationRouterB-bgp group in300 internalRouterB-bgp peer 129.102.1.6 group in300RouterB-bgp group ex200 externalRouterB-bgp peer 10.0.0.2 group ex200 as-number 200(3) 配置RouterC：RouterC interface serial 0/0/0RouterC-interface serial 0/0/0 ip address 10.0.0.2 255.255.255.0 RouterC-interface serial 0/0/0 interface serial 0/0/1RouterC-interface serial 0/0/1 ip address 120.56.0.2 255.255.255.0RouterC-interface serial 0/0/1 quitRouterC bgp 200RouterC-bgp group ex100 externalRouterC-bgp peer 120.56.0.1 group ex100 as-number 100RouterC-bgp group ex300 externalRouterC-bgp peer 10.0.0.1 group ex300 as-number 300(4) 配置RouterD：RouterD interface serial 0/0/0RouterD-serial 0/0/0 ip address 172.16.1.2 255.255.255.0RouterD-serial 0/0/0 interface serial 0/0/1RouterD-serial 0/0/1 ip address 120.56.0.1 255.255.255.0RouterD-serial 0/0/1 interface ethernet 1/0/0RouterD-ethernet 1/0/0 ip address 192.168.1.1 255.255.255.0RouterD-ethernet 1/0/0 quitRouterD bgp 100RouterD-bgp network 192.168.1.0RouterD-bgp group ex300 externalRouterD-bgp peer 172.16.1.1 group ex300 as-number 300 RouterD-bgp group ex200 externalRouterD-bgp peer 120.56.0.2 group ex200 as-number 200RouterD-bgp network 192.168.1.0 255.255.255.0RouterD-bgp quitRouterD quit完成上面配置在RouterA/B上执行display bgp routing，可以看到到192.168.1.0的路由下一跳为172.16.1.2，Origin属性为igp。l 如在RouterD上增加as-pathRouterD bgp 100RouterD-bgp peer ex300 route-policy AS300 exportRouterD-bgp quitRouterD route-policy AS300 permit node10RouterD- route-policy if-match acl 2001RouterD-route-policy apply as-path 300RouterD- route-policy quitRouterD acl number 2001 match-order autoRouterD-acl-2001 rule permit source anyRouterD-acl-2001 quitRouterD quit观察到192.168.1.0的路由下一跳变为10.0.0.2，as-path为200，100，原来的到AS300的路由被过滤掉了。l 如在RouterA上指定下一跳地址RouterA bgp 300RouterA-bgp peer ex100 route-policy AS100 exportRouterA-bgp quitRouterA route-policy AS100 permit node 10RouterA-route-policy if-match acl 2001RouterA-route-policy apply ip-address 10.0.0.2RouterA-route-policy quit RouterA acl number 3001RouterA-acl-3001 rule permit ip destination 192.168.1.0RouterA-acl-3001 quitRouterA quit观察到192.168.1.0的路由下一跳变为10.0.0.2。l 如在RouterD上设置Origin属性RouterD bgp 100RouterD-bgp peer ex300 route-policy AS300 exportRouterD quitRouterD route-policy AS300 permit node10RouterD-route-policy if-match acl 2001RouterD-route-policy apply origin IncompleteRouterD-route-policy quitRouterD acl number 2001 match-order autoRouterD-acl-2001 rule permit source 192.168.1.0RouterD-acl-2001 quitRouterD quit此时Origin属性变为Incomplete。l 如在RouterB上配置local-preference属性RouterB bgp 200RouterB-bgp peer ex200 route-policy AS200 exportRouterB-bgp quitRouterB route-policy AS200 permit node10RouterB-route-policy if-match acl 2001RouterB-route-policy apply local-preference 150RouterB-route-policy quitRouterB acl number 2001 match-order autoRouterB-acl-2001 rule permit ip destination 192.168.1.0RouterB-acl-2001 quitRouterB quit观察到192.168.1.0的路由下一跳变为10.0.0.2。1.1.6 基于BGP团体属性的路由策略配置举例1. 组网需求RTA，RTB，RTC互为BGP peer，其中RTB，RTC向对等体发布带有团体属性的路由信息，RTA根据团体属性设置该路由不向对等体发布。2. 组网图图1-6 基于BGP团体属性的路由策略配置举例3. 配置步骤(1) 配置RTARouterA bgp 100# 配置对等体ex200，并对收到的路由按照策略SETNOEXP进行过滤。RouterA-bgp group ex200 externalRouterA-bgp peer 16.10.10.2 group ex200 as-number 200RouterA-bgp peer ex200 route-policy SETNOEXP import# 配置对等体ex300，并对收到的路由进行过滤。RouterA-bgp group ex300 externalRouterA-bgp peer 120.56.0.2 group ex300 as-number 300RouterA-bgp peer ex300 route-policy SETNOEXP importRouterA-bgp quit# 配置团体列表。RouterA ip community-list 10 permit 100:200RouterA ip community-list 20 permit 100:300# 配置针对对等体ex200及ex300的路由策略。RouterA route-policy SETNOEXP permit node 10RouterA- route-policy if-match community 10RouterA- route-policy apply community no-exportRouterA- route-policy route-policy SETNOEXP permit node 20RouterA- route-policy if-match community 20RouterA- route-policy apply community no-export(2) 配置RTBRTB bgp 200# 配置对等体ex100，并向对等体发布团体属性。RTB-bgp group ex100 externalRTB-bgp peer 16.10.10.1 group ex100 as-number 100RTB-bgp peer ex100 advertise-community#配置向ex100发布路由时的路由策略。RTB-bgp peer ex100 route-policy SET_COMM e