H3C BGP路由策略之选路

goodluck

1 修改AS列表的属性只能在EBGP的出方向上增加这个属性并且只能添加在AS-PATH列表的前面。同时证实在EBGP的进入方向无法添加AS号码。
2 关于缺省路由，在BGP中缺省路由最好是通过一条IGP比如静态的缺省路由，然后network 0.0.0.0 0.0.0.0则可以得到通告。
也可以在BGP下使用1 default-route imported,2 import-route static。
3 BGP的network只能通告非BGP的路由，比如R1---R2---R3，R1上某路由在R2上的BGP路由再次network则不可以生效。

AR18配置

[AR18]dis cur
  Now create configuration...
  Current configuration
  !
    version 1.74
    sysname AR18
    firewall enable
    aaa-enable
    aaa accounting-scheme optional
  !
  acl 2000 match-order auto
    rule normal permit source 20.20.30.0 0.0.0.255
    rule normal deny source any
  !
  interface Aux0
    async mode flow
    flow-control none
    link-protocol ppp
  !
  interface Ethernet0
  !
  interface Serial0
    link-protocol ppp
    ip address 1.1.1.10 255.255.255.252
  !                                       
  interface Serial1
    clock DTECLK1
    link-protocol ppp
    ip address 1.1.1.14 255.255.255.252
  !
  interface LoopBack1
    ip address 20.20.10.254 255.255.255.0
  !
  interface LoopBack2
    ip address 20.20.20.254 255.255.255.0
  !
  interface LoopBack3
    ip address 20.20.30.254 255.255.255.0
  !
  quit
  bgp 200
    undo synchronization
    import-route direct route-policy lv
    peer 1.1.1.9 as-number 200
    peer 1.1.1.13 as-number 200
  !
  quit
  !
  quit
  route-policy lv permit 1
    if-match ip address 2000              
  !
  return

AR46配置

#
sysname AR46
#
cpu-usage cycle 1min
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface GigabitEthernet0/0/0
ip address 1.1.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 1.1.1.5 255.255.255.252
#
interface GigabitEthernet0/0/2            
ip address dhcp-alloc
#
interface NULL0
#
interface LoopBack1
ip address 10.10.10.254 255.255.255.0
#
interface LoopBack2
ip address 10.10.20.254 255.255.255.0
#
interface LoopBack3
ip address 10.10.30.254 255.255.255.0
#
bgp 100
import-route direct route-policy lv
undo synchronization
group to200 external
peer 1.1.1.2 group to200 as-number 200
peer 1.1.1.6 group to200 as-number 200
#
route-policy lv permit node 1
if-match ip-prefix lv
#
FTP server enable                        
#
ip ip-prefix lv index 10 permit 10.10.10.0 24
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
<AR46>

AR2811配置

#
sysname AR2811
#
cpu-usage cycle 1min
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
acl number 2000
rule 0 permit source 10.10.10.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 1.1.1.2 255.255.255.252
#
interface Ethernet0/1                     
ip address dhcp-alloc
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address 1.1.1.9 255.255.255.252
#
interface NULL0
#
bgp 200
undo synchronization
group to100 external
peer 1.1.1.1 group to100 as-number 100
group ibgp internal
peer ibgp next-hop-local
peer ibgp route-policy lv export
peer 1.1.1.10 group ibgp
#
route-policy lv permit node 1
if-match acl 2000
apply local-preference 50
#
FTP server enable
#                                         
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return

AR2812配置

#
sysname AR2812
#
cpu-usage cycle 1min
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
acl number 2000
rule 0 permit source 20.20.30.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 1.1.1.6 255.255.255.252
#
interface Ethernet0/1                     
ip address dhcp-alloc
#
interface Serial0/0
link-protocol ppp
ip address 1.1.1.13 255.255.255.252
#
interface NULL0
#
bgp 200
undo synchronization
group to100 external
peer to100 route-policy lv export
peer 1.1.1.5 group to100 as-number 100
group ibgp internal
peer ibgp next-hop-local
peer 1.1.1.14 group ibgp
#
route-policy lv permit node 1
if-match acl 2000
apply cost 100
#
FTP server enable
#
user-interface con 0                     
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return

                               
登录/注册后可看大图

该贴已经同步到 goodluck的微博

xuexue705

www.gd560.com

我来学习了………………