某地市农行网络架构运维分析

二次信任 提交于 2020-01-21 10:52:15

1、先上拓扑图
某地市农行网络架构运维分析
2、拓扑介绍

AR01、AR02 是市上联省行上联路由器
DS01、DS02 是地市数据中心核心交换机
AS01、AS02 是下联网点的核心交换机

3、路由分析

网点路由发往省行二级中心

AS交换机与地市网点路由器建立ospf 邻居。学习到地市的生产以及办公路由
AS路由器是完全stub 区域,向网点发送默认路由,而不是明细路由。减少网点路由器的压力。
配置:
ospf 400 router-id 10.1.1.1
area 0.0.0.0
network 10.1.1.1 0.0.0.0
network 10.36.1.4 0.0.0.3
area 0.0.0.1
network 10.36.1.0 0.0.0.3
stub no-summary

AS01 ospf 500 中重分发ospf 400 的生产路由,设置开销值100
AS02 ospf 500 中重分发ospf 400 的生产路由,设置开销值200
办公路由设置相反的开销值即可
配置
AS01:
ospf 500 router-id 10.31.129.252
import-route ospf 400 route-policy yywd
preference ase 190
area 0.0.0.0
network 10.31.129.24 0.0.0.3
network 10.31.129.32 0.0.0.3
network 10.31.129.252 0.0.0.0

route-policy yywd permit node 1

if-match ip address prefix-list yywd
apply cost 100
apply cost-type type-1

实现的目的,使生产路由走左侧AS01 ,办公网段的路由走右侧AS02

DS交换机中可以看到左侧生产路由开销值比右侧大DS01 ospf 外部路由开销值是100,DS02 学习到的生产路由开销值是200所以优选DS01

分行路由通过ibgp 传给对应的生产和办公路由,如拓扑图所示

ds1bgp配置

router bgp 65317
neighbor IBGP peer-group
neighbor IBGP remote-as 65317
neighbor IBGP update-source loopback3
neighbor IBGP send-community
neighbor IBGP route-map shengchan out
neighbor bangongup peer-group
neighbor bangongup remote-as 65317
neighbor bangongup update-source loopback33
neighbor bangongup send-community
neighbor bangongup route-map bangong out
neighbor 10.244.4.113 peer-group IBGP
neighbor 10.244.4.114 peer-group IBGP
neighbor 10.244.8.57 peer-group bangongup
neighbor 10.244.8.58 peer-group bangongup
distance bgp 170 170 170
maximum-paths ibgp 2
exit
ds2 bgp配置

router bgp 65317
neighbor IBGP peer-group
neighbor IBGP remote-as 65317
neighbor IBGP update-source loopback3
neighbor IBGP send-community
neighbor IBGP route-map shengchan out
neighbor bangongup peer-group
neighbor bangongup remote-as 65317
neighbor bangongup update-source loopback33
neighbor bangongup send-community
neighbor bangongup route-map bangong out
neighbor 10.244.4.113 peer-group IBGP
neighbor 10.244.4.114 peer-group IBGP
neighbor 10.244.8.57 peer-group bangongup
neighbor 10.244.8.58 peer-group bangongup
distance bgp 170 170 170
maximum-paths ibgp 2
exit

DS01 发送办公网络的路由给AR1-AR2

route-map bangong permit 10
match ip address prefix-list bangong
set community 202:1
set local-preference 800
exit

DS02

发送办公网络的路由给AR1-AR2

route-map bangong permit 10
match ip address prefix-list bangong
set community 202:1
set local-preference 700
exit

DS01 发送生产网络的路由给AR3-AR4

route-map shengchan permit 10
match ip address prefix-list shengchan
set community 102:11508 201:0
set local-preference 800
exit

route-map shengchan permit 20
match ip address prefix-list wdhl
set local-preference 800
exit

DS02 发送生产网络的路由给AR3-AR4

route-map shengchan permit 10
match ip address prefix-list shengchan
set community 102:11508 201:0
set local-preference 700
exit

route-map shengchan permit 20
match ip address prefix-list wdhl
set local-preference 700
exit

因为本地优先级不传递出本AS内所以最终的选路结果是
AR1 收到本地优先级800的办公路由最优
AR3 收到本地优先级800的生产路由最优

办公网的路由从ar1 转发,生产网络从ar3 转发

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!