R1和R2有两根线路相连,使用BGP,R1有两组路由,192.168.1.0/24和192.168.2.0/24,当两根线都通的状态下,两组路由流量分散平衡在两个线路上,当其中任意一根断的情况下,只通192.168.1.0/24流量。
方法1
【R1配置】
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.2.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.12.1 255.255.255.0
duplex auto
speed auto
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 ebgp-multihop 2
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 timers 1 3
neighbor 10.1.12.2 remote-as 2
neighbor 10.1.12.2 timers 1 3
neighbor 10.2.12.2 remote-as 2
neighbor 10.2.12.2 timers 1 3
maximum-paths 2
!
address-family ipv4
neighbor 2.2.2.2 activate
neighbor 10.1.12.2 activate
neighbor 10.2.12.2 activate
maximum-paths 2
no auto-summary
no synchronization
network 192.168.1.0
network 192.168.2.0
exit-address-family
!
no ip http server
no ip http secure-server
ip route 2.2.2.2 255.255.255.255 FastEthernet0/0 10.2.12.2
ip route 2.2.2.2 255.255.255.255 FastEthernet1/0 10.1.12.2
!
【R2配置】
!
ip sla monitor 1
type echo protocol ipIcmpEcho 10.2.12.1 source-interface FastEthernet0/0
ip sla monitor schedule 1 start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 10.1.12.1 source-interface FastEthernet1/0
ip sla monitor schedule 2 start-time now
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 list boolean and
object 1
object 2
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.2.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 timers 1 3
neighbor 10.1.12.1 remote-as 1
neighbor 10.1.12.1 timers 1 3
neighbor 10.2.12.1 remote-as 1
neighbor 10.2.12.1 timers 1 3
maximum-paths 2
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 distribute-list 1 in
neighbor 10.1.12.1 activate
neighbor 10.1.12.1 distribute-list 2 in
neighbor 10.2.12.1 activate
neighbor 10.2.12.1 distribute-list 2 in
maximum-paths 2
no auto-summary
no synchronization
exit-address-family
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 10.2.12.1 track 3
ip route 1.1.1.1 255.255.255.255 10.1.12.1 track 3
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
方法2
R2修改方案,为企业方
ip sla monitor 1
type echo protocol ipIcmpEcho 10.2.12.1 source-interface FastEthernet0/0
ip sla monitor schedule 1 start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 10.1.12.1 source-interface FastEthernet1/0
ip sla monitor schedule 2 start-time now
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 list boolean and
object 1
object 2
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.2.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 timers 1 3
neighbor 10.1.12.1 remote-as 1
neighbor 10.1.12.1 timers 1 3
neighbor 10.2.12.1 remote-as 1
neighbor 10.2.12.1 timers 1 3
maximum-paths 2
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 distribute-list 1 out
neighbor 10.1.12.1 activate
neighbor 10.1.12.1 distribute-list 2 out
neighbor 10.2.12.1 activate
neighbor 10.2.12.1 distribute-list 2 out
maximum-paths 2
no auto-summary
no synchronization
network 192.168.1.0
network 192.168.2.0
exit-address-family
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 10.2.12.1 track 3
ip route 1.1.1.1 255.255.255.255 10.1.12.1 track 3
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
R1上down其中一个接口
R2提示
R2#
*Mar 1 02:34:50.951: %BGP-5-ADJCHANGE: neighbor 10.1.12.1 Down BGP Notification sent
R2#
*Mar 1 02:34:50.955: %BGP-3-NOTIFICATION: sent to neighbor 10.1.12.1 4/0 (hold time expired) 0 bytes
R2#
R2#
R2#
R2#
R2#
*Mar 1 02:35:00.387: %TRACKING-5-STATE: 2 rtr 2 reachability Up->Down
*Mar 1 02:35:00.555: %TRACKING-5-STATE: 3 list boolean and Up->Down
R2#
*Mar 1 02:35:02.939: %BGP-3-NOTIFICATION: received from neighbor 1.1.1.1 4/0 (hold time expired) 0 bytes
R2#
*Mar 1 02:35:02.947: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down BGP Notification received
R1的路由表
R1#sh ip ro b
B 192.168.1.0/24 [20/0] via 10.2.12.2, 00:03:24
方法3
使用advertise-map来解决,但有些IOS不支持。
(R1) Config:
router bgp 1
no synchronization
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.2.0
redistribute connected route-map redis_conn (目的是想将两条外线路由弄进bgp 路由表,方便后面的advertise-map检测这两条路由的存在性来决定是否要发布次要网段)
neighbor 12.1.1.2 remote-as 2
neighbor 12.1.1.2 update-source Serial1/0
neighbor 12.1.1.2 advertise-map dist_out2 exist-map line2(如果外线2正常,外线2的路由就会重分发进bgpl路由表,就通告出次要路由,此时如果2正常,且能从s1/0【一线端口】通告给邻居路由,说明1先也正常,即都正常。如果2线断线,端口就会down,route-map redis_conn,也就不会将line2这条路有分布进bgp路由表,就不会宣告次要路由,也是有点类似交叉建邻居的方法,下面同理)
neighbor 12.1.2.2 remote-as 2
neighbor 12.1.2.2 update-source Serial1/1
neighbor 12.1.2.2 advertise-map dist_out2 exist-map line1
no auto-summary
!
ip prefix-list dist_out2 seq 5 permit 192.168.2.0/24
!
ip prefix-list line1 seq 5 permit 12.1.1.0/30(外线一路由)
!
ip prefix-list line2 seq 5 permit 12.1.2.0/30(外线二路由)
!
route-map redis_conn permit 10
match interface Serial1/0 Serial1/1
route-map dist_out2 permit 10
match ip address prefix-list dist_out2
!
route-map line2 permit 10
match ip address prefix-list line2
!
route-map line1 permit 10
match ip address prefix-list line1
!
ISP(R2) Config: (ISP的配置很简单,基本什么都不做,实际来说,用户有什么需求,最好做在CE上面,PE上在能满足的要求的情况下,尽量精简配置,节约资源)
router bgp 2
no synchronization
bgp log-neighbor-changes
neighbor 12.1.1.1 remote-as 1
neighbor 12.1.1.1 update-source Serial1/0
neighbor 12.1.2.1 remote-as 1
neighbor 12.1.2.1 update-source Serial1/1
no auto-summar
本文出自 “天才没有那1%是万万不行的” 博客,请务必保留此出处http://xushen.blog.51cto.com/1673219/1617890
原文地址:http://xushen.blog.51cto.com/1673219/1617890
