bgp與ospf的簡單結合應用

一．實驗需求：
1.完成下方的企業網絡配置；
2.完成上方的運營商網絡配置；
3.企業網絡與ISP網絡的互聯IP地址，如圖配置；
4.企業網絡 OSPF 多區域設置，如圖配置；
5.區域 10 中的 PC-1/2屬於 vlan 12,並且將R1作爲主網關，R2作爲備份網關；
6.區域 20 是專門用於連接 Web Server 的區域，所以，必須確保該區域的穩定性和安全性，避免受到外部網絡以及其他區域的影響，但必須依然確保與外部網絡的互通。

7. OSPF 骨幹區域中的 R4 和 R5 是出口路由器。
   8.內部主機與服務器與外部網絡互通時，優先選擇R5作爲主出口；如果通過 R5 無法訪問外部網絡纔會將 R4 作爲 網絡出口；
   9.在 R5 上 連接 AS 200 的線路，是主鏈路；如果該鏈路不可用，纔會使用 連接 AS 900 的鏈路。
   10.企業網絡與ISP之間，使用的都是靜態路由-默認路由。
   11.企業內網中的 PC-2 可以訪問 Server-1，但是無法訪問外部網絡；
   12.PC-1可以 ping 通位於 AS 200 中的 Server 2；
   13.AS 200 中的客戶端 Clinet-1 可以訪問企業中區域20 中的 web-server (server-1).

二．拓撲圖

三．配置
（一）區域10
SW1
undo t m
sys
sys sw1
vlan 12
port-group 1
group-m g0/0/1 to g0/0/4
port link-type access
port default vlan 12
q

R1
undo t m
sys
sys R1
int g0/0/0
ip addr 192.168.12.251 24
q
int g0/0/1
ip addr 192.168.13.251 24
q
int g0/0/0
vrrp vrid 10 virtual-ip 192.168.12.254
vrrp vrid 10 priority 150
q
ospf 1 router-id 1.1.1.1
area 10
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
q
q

R2
undo t m
sys
sys R2
int g0/0/0
ip addr 192.168.12.252 24
q
int g0/0/2
ip addr 192.168.23.252 24
q
int g0/0/0
vrrp vrid 10 virtual-ip 192.168.12.254
q
ospf 1 router-id 2.2.2.2
area 10
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
q
q

R3
undo t m
sys
sys R3
int g0/0/0
ip addr 192.168.34.3 24
q
int g0/0/1
ip addr 192.168.13.3 24
q
int g0/0/2
ip addr 192.168.23.3 24
q

ospf 1 router-id 3.3.3.3
area 10
network 192.168.13.0 0.0.0.255
network 192.168.23.0 0.0.0.255
q
area 0
network 192.168.34.0 0.0.0.255
q
q

（二）區域0
R4
Undo t m
Sys
Sys r4
Int g0/0/1
ip addr 192.168.34.4 24
q
int g0/0/0
ip address 192.168.45.4 24
q
int g0/0/2
ip address 200.1.40.4 27
q
ip route-static 0.0.0.0 0.0.0.0 200.1.40.10 preference 151
ospf 1 router-id 4.4.4.4
area 0
network 192.168.34.0 0.0.0.255
network 192.168.45.0 0.0.0.255
q
default-route-advertise
q
外網控制
acl 2000
rule 10 deny source 192.168.12.2 0.0.0.0
rule 1000 permit source any
q
int g0/0/2
nat outbound 2000
nat server protocol tcp global 200.1.40.1 12345 inside 192.168.20.8 80
q

R5
Undo t m
Sys
Sys r5
Int g0/0/1
ip addr 192.168.45.5 24
q
int g0/0/0
ip address 192.168.56.5 24
q
int g4/0/0
ip address 110.1.58.5 29
q
int g4/0/1
ip address 100.1.59.5 27
q
ip route-static 0.0.0.0 0.0.0.0 110.1.58.4
ip route-static 0.0.0.0 0.0.0.0 100.1.59.9 preference 100
ospf 1 router-id 5.5.5.5
area 0
network 192.168.56.0 0.0.0.255
network 192.168.45.0 0.0.0.255
q
default-route-advertise type 1
q
外網控制
acl 2000
rule 10 deny source 192.168.12.2 0.0.0.0
rule 1000 permit source any
q
int g4/0/0
nat outbound 2000
nat server protocol tcp global 110.1.58.1 12345 inside 192.168.20.8 80
q
int g4/0/1
nat outbound 2000
nat server protocol tcp global 100.1.59.1 12345 inside 192.168.20.8 80
q

R6
Undo t m
Sys
Sys r6
Int g0/0/1
ip addr 192.168.56.6 24
q
int g0/0/0
ip address 192.168.67.6 24
q
ospf 1 router-id 6.6.6.6
area 0
network 192.168.56.0 0.0.0.255
q
area 20
network 192.168.67.0 0.0.0.255
stub no-summary
q
q

（三）區域20
R7
Undo t m
Sys
Sys r7
Int g0/0/1
ip addr 192.168.67.7 24
q
int g0/0/2
ip address 192.168.20.254 24
q
ospf 1 router-id 7.7.7.7
area 20
network 192.168.67.0 0.0.0.255
network 192.168.20.0 0.0.0.255
stub
q
q

（四）as 900
R9
undo t m
sys
sys R9
int g0/0/0
ip address 100.1.59.9 27
undo sh
q
int g0/0/1
ip address 120.1.129.9 24
undo sh
q
int g0/0/2
ip address 120.1.89.9 24
undo sh
q
bgp 900
router-id 9.9.9.9
peer 120.1.89.8 as-number 200
peer 120.1.129.12 as-number 200
network 100.1.59.0 255.255.255.224
q

（五）as 200
r8
undo t m
sys
sys r8
int g0/0/0
ip address 110.1.58.4 29
undo sh
q
int g0/0/1
ip address 10.10.58.8 24
undo sh
q
int g0/0/2
ip address 120.1.89.8 24
undo sh
q
ospf 1 router-id 8.8.8.8
area 0
network 10.10.58.0 0.0.0.255
q
q
bgp 200
router-id 8.8.8.8
peer 10.10.58.12 as-number 200
peer 10.10.58.12 next-hop-local
peer 120.1.89.9 as-number 900
network 110.1.58.0 255.255.255.248
q

r11
undo t m
sys
sys r11
int g0/0/0
ip address 10.10.13.11 24
undo sh
q
int g0/0/1
ip address 130.1.110.1 30
undo sh
q
ospf 1 router-id 11.11.11.11
area 0
network 10.10.13.0 0.0.0.255
q
q
bgp 200
router-id 11.11.11.11
peer 10.10.13.13 as-number 200
peer 10.10.13.13 next-hop-local
peer 130.1.110.10 as-number 100
q

r12
undo t m
sys
sys r12
int g0/0/0
ip address 10.10.58.12 24
undo sh
q
int g0/0/1
ip address 10.10.23.12 24
undo sh
q
int g0/0/2
ip address 120.1.129.12 24
undo sh
q
ospf 1 router-id 12.12.12.12
area 0
network 10.10.23.0 0.0.0.255
network 10.10.58.0 0.0.0.255
q
q
bgp 200
router-id 12.12.12.12
peer 10.10.23.13 as-number 200
peer 10.10.23.13 next-hop-local
peer 10.10.58.8 as-number 200
peer 10.10.58.8 next-hop-local
peer 10.10.58.8 reflect-client
peer 120.1.129.9 as-number 900
q

r13
undo t m
sys
sys r13
int g0/0/0
ip address 10.10.23.13 24
undo sh
q
int g0/0/1
ip address 10.10.13.13 24
undo sh
q
int g0/0/2
ip address 66.1.1.13 24
undo sh
q
int g4/0/0
ip address 88.1.1.13 24
undo sh
q
ospf 1 router-id 13.13.13.13
area 0
network 10.10.23.0 0.0.0.255
network 10.10.13.0 0.0.0.255
network 10.10.66.0 0.0.0.255
network 10.10.88.0 0.0.0.255
q
q
bgp 200
router-id 13.13.13.13
peer 10.10.23.12 as-number 200
peer 10.10.13.11 as-number 200
network 66.1.1.0 255.255.255.0
network 88.1.1.0 255.255.255.0
q

（六）as300
r10
undo t m
sys
sys r10
int g0/0/0
ip address 130.1.110.2 30
undo sh
q
int g0/0/2
ip address 200.1.40.10 27
undo sh
q
bgp 100
router-id 10.10.10.10
peer 130.1.110.1 as-number 200
network 200.1.40.0 255.255.255.224
q

四．驗證
Pc1可以ping通外部、Pc2不可以，且抓包流量首選通過R5進入外部，並且是進入AS200

AS 200 中的客戶端 Clinet-1 可以訪問企業中區域20 中的 web-server (server-1).