13 Nisan 2018 Cuma

BGP PART 2

BGP Prefix List


2.2.2.3 ipsini R2 'ye duyurmayacağız bunun için 2.2.2.2 ipsine sadece prefix te izin veriyoruz çıkış yönünde.

R1:

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
 ip address 2.2.2.3 255.255.255.255
!
interface FastEthernet1/0
 ip address 1.1.1.1 255.255.255.252
!
router bgp 200
 redistribute connected
 no auto-summary
 neighbor 1.1.1.2 remote-as 300
 neighbor 1.1.1.2 prefix-list ALLOW out
!
ip prefix-list ALLOW seq 10 permit 2.2.2.2/32

R2:

interface FastEthernet1/0
 ip address 1.1.1.2 255.255.255.252
!
router bgp 300
 neighbor 1.1.1.1 remote-as 200
 no auto-summary


Neighbor Allowas-in



Eğer kendi as numarasından bir network anonsu alırsa cihaz drop edecektir. Bu yuzden allowas-in komutu ile aynı as den de gelse networkleri öğrenmiş olacağız. Altaki topolojide R2 AS 201 Diğer routerlar as 200 numarasına sahip.



R1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0
 ip address 2.2.2.1 255.255.255.0
!
router bgp 200
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 2.2.2.2 remote-as 201

R2

interface FastEthernet0/0
 ip address 3.3.3.2 255.255.255.0
!
interface FastEthernet1/0
 ip address 2.2.2.2 255.255.255.0
!
router bgp 201
 redistribute connected
 neighbor 2.2.2.1 remote-as 200
 neighbor 3.3.3.3 remote-as 200

R3

interface FastEthernet0/0
 ip address 3.3.3.3 255.255.255.0
!
router bgp 200
 neighbor 3.3.3.2 remote-as 201
 neighbor 3.3.3.2 allowas-in


BGP Backdoor


Anlamı artık bu rotayı benden gönderme backdoor'um ben demektir.




R2'i 3.3.3.3 ipsine ulaşmak için EBGP metriği 20 olduğu için R4 üzerinden gidecektir ancak fa1/0 direk olarak erişmesini ospf kullanmasını istersek;

R2:
router bgp 2
 network 3.3.3.3 mask 255.255.255.255 backdoor
artık ospf üzerinden ulaşacaktır.

 redistribute connected ile tüm üzerindeki ipleri anos ediyoruz.

R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/1
 ip address 1.1.1.6 255.255.255.252
!
interface FastEthernet1/0
 ip address 1.1.1.9 255.255.255.252
!
router ospf 1
 network 1.1.1.8 0.0.0.3 area 0
 network 2.2.2.2 0.0.0.0 area 0
!
router bgp 2
 bgp log-neighbor-changes
 network 3.3.3.3 mask 255.255.255.255 backdoor
 redistribute connected
 neighbor 1.1.1.5 remote-as 4

R3

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 1.1.1.2 255.255.255.252
!
interface FastEthernet1/0
 ip address 1.1.1.10 255.255.255.252
!
router ospf 1
 network 1.1.1.8 0.0.0.3 area 0
 network 3.3.3.3 0.0.0.0 area 0
!
router bgp 3
 bgp log-neighbor-changes
 network 3.3.3.3 mask 255.255.255.255
 neighbor 1.1.1.1 remote-as 4

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0/1
 ip address 1.1.1.5 255.255.255.252
!
router bgp 4
 bgp log-neighbor-changes
 redistribute connected
 neighbor 1.1.1.2 remote-as 3
 neighbor 1.1.1.2 update-source FastEthernet0/0
 neighbor 1.1.1.6 remote-as 2
 neighbor 1.1.1.6 update-source FastEthernet0/1
------

AS PATH PREPEND




ISP-A ve ISP-B olarak iki adet ISP miz var ve bgp ile konuşuyoruz. Hattın 100 megabit üzerinden çalışması bekleniyor. 

Çözüm :

R1 'den çıkan paketlere 3 hop as path ekleyerek toplamada as number sayısı 4 yapıyoruz ISPB için bu yüzden artık 2 hopluk(2,1) ISPA üzerinden gidecektir paketler.

R1:

access-list 1 permit 3.3.3.0 0.0.0.255
!
route-map addpath permit 10
 match ip address 1
 set as-path prepend 1 1 1
!
router bgp 1
 neighbor 2.2.2.2 route-map addpath out

R1:

interface Loopback0
 ip address 3.3.3.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0/1
 ip address 2.2.2.1 255.255.255.252
!
router bgp 1
 bgp log-neighbor-changes
 redistribute connected
 neighbor 1.1.1.2 remote-as 2
 neighbor 1.1.1.2 update-source FastEthernet0/0
 neighbor 2.2.2.2 remote-as 3
 neighbor 2.2.2.2 update-source FastEthernet0/1
 neighbor 2.2.2.2 route-map addpath out
!
access-list 1 permit 3.3.3.0 0.0.0.255
!
route-map addpath permit 10
 match ip address 1
 set as-path prepend 1 1 1


ISPA:

interface FastEthernet0/0
 ip address 1.1.1.2 255.255.255.252
!
interface FastEthernet1/1
 ip address 4.4.4.1 255.255.255.252
!
router bgp 2
 bgp log-neighbor-changes
 redistribute connected
 neighbor 1.1.1.1 remote-as 1
 neighbor 1.1.1.1 update-source FastEthernet0/0
 neighbor 4.4.4.2 remote-as 3
 neighbor 4.4.4.2 update-source FastEthernet1/1

ISPB:

interface FastEthernet0/1
 ip address 2.2.2.2 255.255.255.252
!
interface FastEthernet1/1
 ip address 4.4.4.2 255.255.255.252
!
router bgp 3
 bgp log-neighbor-changes
 redistribute connected
 neighbor 2.2.2.1 remote-as 1
 neighbor 2.2.2.1 update-source FastEthernet0/1
 neighbor 4.4.4.1 remote-as 2
 neighbor 4.4.4.1 update-source FastEthernet1/1



-----

mBGP (Multicast BGP)




Multicast trafik ile unicast trafiği ayırmak için;
ayrıca R2 'DE 20.20.20.1 ve 2.2.2.2 iplerini 224.2.1.1 ipsine statik olarak join ettim.

R1:

interface Loopback1
 ip address 10.10.10.1 255.255.255.0
 ip pim sparse-mode
!
interface FastEthernet1/0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet1/1
 ip address 2.2.2.1 255.255.255.0
 ip pim sparse-mode
!
router bgp 1
 no bgp default ipv4-unicast
 neighbor 1.1.1.2 remote-as 2
 neighbor 2.2.2.2 remote-as 2
 !
 address-family ipv4
  network 10.10.10.0 mask 255.255.255.0
  neighbor 1.1.1.2 activate
  no auto-summary
 !
 address-family ipv4 multicast
  network 10.10.10.0 mask 255.255.255.0
  neighbor 2.2.2.2 activate
  no auto-summary
!
ip pim rp-address 10.10.10.1

R2:

interface Loopback1
 ip address 20.20.20.1 255.255.255.255
 ip pim sparse-mode
 ip igmp join-group 224.2.1.1
!
interface FastEthernet1/0
 description unicast traffic only
 ip address 1.1.1.2 255.255.255.0
!
interface FastEthernet1/1
 description multicast traffic only
 ip address 2.2.2.2 255.255.255.0
 ip pim sparse-mode
 ip igmp static-group 224.2.1.1
!
router bgp 2
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 1
 neighbor 2.2.2.1 remote-as 1
 !
 address-family ipv4
  neighbor 1.1.1.1 activate
no auto-summary
 !
 address-family ipv4 multicast
  neighbor 2.2.2.1 activate
no auto-summary
!
ip pim rp-address 10.10.10.1

Gönderen zaman:

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)