BGP към 3 доставчика
Веселин Николов септември 16th, 2009
В тази статия ще покажем примерна BGP конфигурация към 3 интернет доставчика. Идеята ми е конфигурацията да e максимално опростена, като целият трафик ще минава през основният доставчик ISP1. ISP2 е backup провайдер, а с ISP3 ще имаме само peering, което ще бъде постигнато, като ISP3 ни изпраща само локалните си пътища. Естествено мержите, които принадлежат на ISP2 и ISP3 ще бъдат с най-голяма тежест, така че техните маршрути да бъде предпочитани през съответният доставчик. От ISP1 и ISP2 ще получаваме пълни рутинг таблици.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service dhcp
!
hostname Gate
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9_ivs-mz.124-22.T.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 16000 notifications
enable secret password
!
aaa new-model
!
aaa authentication login default local
aaa authorization console
!
aaa session-id common
clock timezone GMT 2
!
dot11 syslog
no ip source-route
!
ip cef
!
no ip bootp server
ip domain name your.domain.name
ip name-server your.dns.server
!
multilink bundle-name authenticated
!
username your.username secret your.password
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
interface GigabitEthernet0/0
description <To DMZ>
ip address x.y.z 255.255.255.0
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description <To Switch>
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.252
!
interface GigabitEthernet0/1.10
description <ISP1>
encapsulation dot1Q 10
ip address x.y.z 255.255.255.252
no ip proxy-arp
!
interface GigabitEthernet0/1.20
description <To ISP2>
encapsulation dot1Q 20
ip address x.y.z 255.255.255.252
no ip proxy-arp
!
interface GigabitEthernet0/1.30
description <To ISP3>
encapsulation dot1Q 30
ip address x.y.z 255.255.255.252
no ip proxy-arp
!
router bgp as.number
no synchronization
bgp router-id 192.168.168.1
bgp log-neighbor-changes
bgp dampening
network your.network mask 255.255.255.0
neighbor ip.address.neighbor.2 remote-as isp2.as
neighbor ip.address.neighbor.2 description ISP2
neighbor ip.address.neighbor.2 route-map PreferISP2Out in
neighbor ip.address.neighbor.2 route-map Prepend out
neighbor ip.address.neighbor.2 filter-list 20 out
neighbor ip.address.neighbor.1 remote-as isp1.as
neighbor ip.address.neighbor.1 description ISP1
neighbor ip.address.neighbor.1 weight 200
neighbor ip.address.neighbor.1 filter-list 20 out
neighbor ip.address.neighbor.3 remote-as 34569
neighbor ip.address.neighbor.3 description ISP3
neighbor ip.address.neighbor.3 weight 300
neighbor ip.address.neighbor.3 maximum-prefix 40
neighbor ip.address.neighbor.3 filter-list 20 out
no auto-summary
!
ip forward-protocol nd
ip route your.network 255.255.255.0 Null0
no ip http server
no ip http secure-server
!
ip as-path access-list 20 permit ^$
ip as-path access-list 25 permit ^as.isp.2$
!
logging history size 150
!
route-map ISP2 permit 10
match as-path 25
set weight 250
!
route-map PreferISP2Out permit 20
!
route-map Prepend permit 10
match as-path 20
set as-path prepend your.as.number. your.as.number
!
control-plane
!
banner motd ^C
Disconnect IMMEDIATELY as you are not an authorized user.
All of your activities monitored and recorded!^C
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server x.y.z
end