华为bgp之多级RR及团体属性、正则表达式多种应用案例
- 互联网
- 2025-08-06 16:33:03
1、实现总部和分部的oa、财务网段互通 2、分部之间oa也能互通 3、分部之间不能互通财务
主要用到bgp自定义团体属性、一级二级RR配置、bgp正则表达式匹配规则
R1router id 1.1.1.1 //配全局地址池,又可以给ospf用也可以给bgp用
interface GigabitEthernet0/0/0 ip address 10.0.12.1 255.255.255.0 ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1 ip address 10.0.11.1 255.255.255.0
interface GigabitEthernet0/0/2
interface LoopBack0 ip address 1.1.1.1 255.255.255.255 ospf enable 1 area 0.0.0.0
bgp 65100 peer 10.0.11.2 as-number 65001 peer 10.0.11.2 password cipher admin peer 10.0.11.2 valid-ttl-hops 255 //开启ttl最大限制,为了安全 group ibgp internal //igp设备太多了,用组省事 peer ibgp connect-interface LoopBack0 peer 2.2.2.2 as-number 65100 peer 2.2.2.2 group ibgp peer 4.4.4.4 as-number 65100 peer 4.4.4.4 group ibgp
ipv4-family unicast undo synchronization peer 10.0.11.2 enable peer 10.0.11.2 route-policy finance export //发去分公司路由进行策略匹配 peer 10.0.11.2 advertise-community //开启传递团队属性功能 peer ibgp enable peer ibgp next-hop-local peer ibgp advertise-community //开启传递团队属性功能 peer 2.2.2.2 enable peer 2.2.2.2 group ibgp peer 4.4.4.4 enable peer 4.4.4.4 group ibgp
ospf 1 area 0.0.0.0
route-policy finance permit node 10 //先检测调用匹配到的oa包策略并放行 if-match community-filter oa
route-policy finance deny node 20 //再匹配财务的策略 if-match as-path-filter finance
route-policy finance permit node 30 //其它没有匹配的放行
ip as-path-filter finance permit 65002$ //把起源结尾标签bgp号是65002的财务给正则出来
ip community-filter basic oa permit 65002:2 //把带有这个标签的oa办公包给匹配出来
R2router id 2.2.2.2
interface GigabitEthernet0/0/0 ip address 10.0.23.2 255.255.255.0 ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1 ip address 10.0.12.2 255.255.255.0 ospf enable 1 area 0.0.0.0
interface LoopBack0 ip address 2.2.2.2 255.255.255.255 ospf enable 1 area 0.0.0.0
bgp 65100 group ibgp internal peer ibgp connect-interface LoopBack0 peer 1.1.1.1 as-number 65100 peer 1.1.1.1 group ibgp peer 3.3.3.3 as-number 65100 peer 3.3.3.3 group ibgp peer 4.4.4.4 as-number 65100 peer 4.4.4.4 group ibgp peer 5.5.5.5 as-number 65100 peer 5.5.5.5 group ibgp
ipv4-family unicast undo synchronization reflector cluster-id 24.24.24.24 //用于标识二级RR peer ibgp enable peer ibgp reflect-client //把学到的路由RR给所有的对等体 peer ibgp advertise-community //所有的IBGP对开启团体属性传递 peer 1.1.1.1 enable peer 1.1.1.1 group ibgp peer 3.3.3.3 enable peer 3.3.3.3 group ibgp peer 4.4.4.4 enable peer 4.4.4.4 group ibgp peer 5.5.5.5 enable peer 5.5.5.5 group ibgp
ospf 1 area 0.0.0.0
R3router id 3.3.3.3
interface GigabitEthernet0/0/0 ip address 10.0.23.3 255.255.255.0 ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1 ip address 10.0.34.3 255.255.255.0 ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/2 ip address 10.0.33.3 255.255.255.0
interface LoopBack0 ip address 3.3.3.3 255.255.255.255 ospf enable 1 area 0.0.0.0
bgp 65100 peer 10.0.33.1 as-number 65003 peer 10.0.33.1 password cipher admin peer 10.0.33.1 valid-ttl-hops 255 group ibgp internal peer ibgp connect-interface LoopBack0 peer 2.2.2.2 as-number 65100 peer 2.2.2.2 group ibgp peer 4.4.4.4 as-number 65100 peer 4.4.4.4 group ibgp
ipv4-family unicast undo synchronization peer 10.0.33.1 enable peer 10.0.33.1 advertise-community //开启bgp团体属性传递功能 peer ibgp enable peer ibgp reflect-client peer ibgp next-hop-local peer ibgp advertise-community //开启bgp团体属性传递功能 peer 2.2.2.2 enable peer 2.2.2.2 group ibgp peer 4.4.4.4 enable peer 4.4.4.4 group ibgp
ospf 1 area 0.0.0.0
R4router id 4.4.4.4
interface GigabitEthernet0/0/0 ip address 10.0.34.4 255.255.255.0 ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1 ip address 10.0.45.4 255.255.255.0 ospf enable 1 area 0.0.0.0
interface LoopBack0 ip address 4.4.4.4 255.255.255.255 ospf enable 1 area 0.0.0.0
bgp 65100 group ibgp internal peer ibgp connect-interface LoopBack0 peer 1.1.1.1 as-number 65100 peer 1.1.1.1 group ibgp peer 2.2.2.2 as-number 65100 peer 2.2.2.2 group ibgp peer 3.3.3.3 as-number 65100 peer 3.3.3.3 group ibgp peer 5.5.5.5 as-number 65100 peer 5.5.5.5 group ibgp
ipv4-family unicast undo synchronization reflector cluster-id 24.24.24.24 peer ibgp enable peer ibgp reflect-client peer ibgp advertise-community peer 1.1.1.1 enable peer 1.1.1.1 group ibgp peer 2.2.2.2 enable peer 2.2.2.2 group ibgp peer 3.3.3.3 enable peer 3.3.3.3 group ibgp peer 5.5.5.5 enable peer 5.5.5.5 group ibgp
ospf 1 area 0.0.0.0
R5router id 5.5.5.5
interface GigabitEthernet0/0/0 ip address 10.0.45.5 255.255.255.0 ospf enable 1 area 0.0.0.0
interface GigabitEthernet0/0/1 ip address 10.0.52.5 255.255.255.0
interface LoopBack0 ip address 5.5.5.5 255.255.255.255 ospf enable 1 area 0.0.0.0
bgp 65100 peer 10.0.52.2 as-number 65002 peer 10.0.52.2 password cipher % % ;^^:7p’wdXiw4.Pc;G9+<*7i% % peer 10.0.52.2 valid-ttl-hops 255 group ibgp internal peer ibgp connect-interface LoopBack0 peer 2.2.2.2 as-number 65100 peer 2.2.2.2 group ibgp peer 4.4.4.4 as-number 65100 peer 4.4.4.4 group ibgp
ipv4-family unicast undo synchronization peer 10.0.52.2 enable peer 10.0.52.2 route-policy finance export peer 10.0.52.2 advertise-community peer ibgp enable peer ibgp next-hop-local peer ibgp advertise-community peer 2.2.2.2 enable peer 2.2.2.2 group ibgp peer 4.4.4.4 enable peer 4.4.4.4 group ibgp
ospf 1 area 0.0.0.0
route-policy finance permit node 10 if-match community-filter oa
route-policy finance deny node 20 if-match as-path-filter finance
route-policy finance permit node 30
ip as-path-filter finance permit 65001$
ip community-filter basic oa permit 65001:1
sw1interface Vlanif1 ip address 10.0.11.2 255.255.255.0
interface GigabitEthernet0/0/1 port link-type access
interface LoopBack0 ip address 11.1.1.1 255.255.255.0
interface LoopBack1 ip address 21.1.1.1 255.255.255.0
bgp 65001 peer 10.0.11.1 as-number 65100 peer 10.0.11.1 password cipher admin
ipv4-family unicast undo synchronization network 11.0.0.0 network 11.1.1.0 255.255.255.0 network 21.1.1.0 255.255.255.0 peer 10.0.11.1 enable peer 10.0.11.1 route-policy attr export //发出去对端时调用策略 peer 10.0.11.1 advertise-community //开启bgp团体属性传递功能
route-policy attr permit node 10 //调用匹配出的oa网段 if-match ip-prefix com apply community 65001:1 //打上标签
route-policy attr permit node 20 //其它放行
ip ip-prefix com index 10 permit 11.1.1.0 24 //匹配出oa的数据网段
SW2interface Vlanif1 ip address 10.0.52.2 255.255.255.0
interface MEth0/0/1
interface GigabitEthernet0/0/1 port link-type access
interface LoopBack0 ip address 22.1.1.1 255.255.255.0
interface LoopBack1 ip address 32.1.1.1 255.255.255.0
bgp 65002 peer 10.0.52.5 as-number 65100 peer 10.0.52.5 password cipher admin
ipv4-family unicast undo synchronization network 22.1.1.0 255.255.255.0 network 32.1.1.0 255.255.255.0 peer 10.0.52.5 enable peer 10.0.52.5 route-policy attr export peer 10.0.52.5 advertise-community
route-policy attr permit node 10 if-match ip-prefix com apply community 65002:2
route-policy attr permit node 20
ip ip-prefix com index 10 permit 22.1.1.0 24
SW3interface Vlanif1 ip address 10.0.33.1 255.255.255.0
interface MEth0/0/1
interface GigabitEthernet0/0/1 port link-type access
interface LoopBack0 ip address 33.1.1.1 255.255.255.0
interface LoopBack1 ip address 43.1.1.1 255.255.255.0
bgp 65003 peer 10.0.33.3 as-number 65100 peer 10.0.33.3 password cipher Q`OT=C0XP2sPddVIN=17t&I#
ipv4-family unicast undo synchronization network 33.1.1.0 255.255.255.0 network 43.1.1.0 255.255.255.0 peer 10.0.33.3 enable peer 10.0.33.3 route-policy attr export peer 10.0.33.3 advertise-community
route-policy attr permit node 10 if-match ip-prefix com apply community 65003:3
route-policy attr permit node 20
ip ip-prefix com index 10 permit 33.1.1.0 24
华为bgp之多级RR及团体属性、正则表达式多种应用案例由讯客互联互联网栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“华为bgp之多级RR及团体属性、正则表达式多种应用案例”
上一篇
有趣的前端知识(二)
下一篇
Java解决动态口令问题
