飞琼君·WebOS

=== 信不信由你 ===

HCIE 实验LABv1

发布于 2020-12-08 | 分类于 HCIE备考 | 11分钟 | 1935字数 | 浏览量

二层、WAN、生成树、IPv4 IGP、BGP和V2相同,区别是isis和ospf双向引入v1放在isis题中,v2放在mpls vpn题中(第9题,已经将其提前到isis中)主要区别是跨域部分,BGP没区别,下面主要是区别点

V1

MPLS VPNV1-MPLS

  1. 在ASBR上,将isis的loopback0的路由引入BGP
# V2是打tag,V1是明细(允许本区域内的)
# ASBR1/2
ip ip-prefix 172 permit 172.16.1.1/20/3/4/5/6 32
route-policy 172 permit no 10
    if-match ip-prefix 172
bgp 100
    import isis 1 route-policy 172
# ASBR3/4
ip ip-prefix 172 permit 172.16.1.7/8/9/10/11/2 32
route-policy 172 permit no 10
    if-match ip-prefix 172
bgp 200
    import isis 1 route-policy 172
  1. 如图3,AS100、AS200内各网元配置MPLS LSR ID,全局使能MPLS,MPLS LDP(已预配置)。AS100、AS200内各直连链路建立LDP邻居。(除PE1-RR1之外的逻辑链路外,已预配置)
# 9--------------------要求相同,ASBR之间还是只能开启mpls
  1. 如图4,各站点,通过MPLS BGP VPN跨域OptionC方案一,能够相互学习路由。MPLS域不能出现次优路径
#  -----------路由处理
# RR1/P1:isis路由渗透
# 路由渗透V2是全部,V1只渗透ASBR1/2的
ip ip-prefix ASBR12 permit 172.16.1.5 32
ip ip-prefix ASBR12 permit 172.16.1.6 32
isis 1
    import isis level-2 into level-1 filter-policy ip-prefix ASBR12

# PE3/PE4:vpn路由的相互引入(与v2相同)
bgp 200
    ipv4-family vpn-instance VPN1
    import-route ospf 2
ospf 2
    import-route bgp type 1

# 不需要:将bgp路由导入IGP同时优选IGP,修改bgp优先级


# ---------vpnv4邻居:比V2多开启了label能力
# PE1/2:PE3/4
bgp 100
	# 比v2多label
    peer 172.16.1.3:9 label-route-capability 
    ipv4-family vpnv4
        peer 172.16.1.3:9 enable
        
# RR1:RR2
bgp 100:200
	# 比v2多label
    peer 172.16.1.1/20:11/2 label-route-capability 
    ipv4-family vpnv4
        peer 172.16.1.1/20:11/2 enable
        peer 172.16.1.1/20:11/2 re
        peer 172.16.1.1/20:11/2 next-hop-invariable

#  -----------标签能力
# 与V2相比:
# 1. 不需要:开启mpls进程下的标签携带能力
# 2. ASBR需要开启针对RR的label
# 3. ASBR的EBGP邻居之间变成 label+policy
# 4. ASBR与RR之间 label+双层标签
# ASBR1/2:ASBR3/4
route-policy mpls1 permit node 10  # ASBR的EBGP邻居之间
    apply mpls-label
route-policy mpls2 permit node 10  #ASBR与RR之间
    if-match mpls-label
    apply mpls-label  # 如果有标签,再给个标签
bgp 100:200
	# 对ebgp邻居加标签
    peer 10.1.57/68.2 label-route-capability
    peer 10.1.57/68.2 route-policy mpls1 export  
	# 对RR有标签再加一层
    peer 172.16.1.3:9 label-route-capability 
    peer 172.16.1.3:9 route-policy mpls2 export  
    
# RR1:RR2
bgp 100:200
    peer 172.16.1.5/6:7/8 label-route-capability

# 检查------
# RR1/RR2/PE1/PE2/PE3/PE4
dis bgp vpnv4 all peer
# RR/PE/CE
dis bgp vpnv4 all rou  # 需要有10.3.1.0、10.3.2.0、10.3.3.3、10.4.4.4
  1. 在CE1、CE2上配置EBGP的协议优先级为120
  2. 在CE1、CE2上面,将BGP导入OSPF。保证配置有最好的扩展性(和4、5要求重合)
  3. 在PE3、PE4上修改BGP local preference属性。实现CE3、CE4访问直连的10.3.x.0/24网段时,若x为奇数,PE3、PE4优选下一跳为PE1,若x为偶数,PE3、PE4优选下一跳为PE2,不用考虑来回路径是否一致
# 整个大题最后的测试
# CE3/4
tracert -a 10.3.3.3 10.4.4.4 # CE4:9hop
tracert -a 10.3.3.3 10.3.1.10 # PC1:8hop
tracert -a 10.3.3.3 10.3.2.20 # PC2:8hop
# CE4
tracert -vpn-instance VPN1 -a 10.4.4.4 10.3.3.3  # CE3:9hop
tracert -vpn-instance VPN1 -a 10.4.4.4 10.3.1.10 # PC1:8hop
tracert -vpn-instance VPN1 -a 10.4.4.4 10.3.2.20 # PC2:8hop
# PC1/2
tracert 10.3.3.3 # 3hop
tracert 10.4.4.4
# PC1
tracert 10.3.2.20 # 2hop
# PC2
tracert 10.3.1.10 # 2hop

4. FeatureV1-HA+V1-NAT

4.1 HA

  1. CE2配置静态的默认路由访问ISP,下一跳IP为200.0.2.2.该默认路由要与CE2-ISP链路的NQA ICMP测试绑定,间隔3S测试执行1次只有一点区别,就是将"间隔5秒"改为"间隔3秒",配置方法相同

4.3 Qos

  1. CE4-PE4的Qos规则如下表所示:
    Qos
    在CE4的g0/0/1出方向对流量进行802.1p标记。在PE4的g0/0/1的入方向,继承CE4的802.1p值
# CE4
acl 3001
    rule permit ip destination 10.3.1.0 0.0.0.255
traffic classifier re
    if-match acl 3001  
traffic behavior re
    remark 8021p 5

acl 3002
    rule permit  ip destination  10.3.2.0 0.0.0.255
traffic classifier si
    if-match acl 3002
traffic behavior si
    remark 8021p 4

acl 3003
    rule permit  ip destination  10.3.3.0 0.0.0.255
traffic classifier mo
    if-match acl 3003
traffic behavior mo
    remark 8021p 3

acl 3004
    rule permit  ip destination  10.3.4.0 0.0.0.255
traffic classifier of
    if-match acl 3004 
traffic behavior of
    remark 8021p 2

traffic behavior BE  # 其他
    remark 8021p 0

traffic policy Qos
    classifier re behavior re
    classifier si behavior si
    classifier mo behavior mo
    classifier of behavior of
    classifier default-class behavior BE

int g0/0/1
    traffic-policy Qos outbound

# PE4
qos map-table dot1p-dscp  # 在PE4的g0/0/1的入方向上,继承CE4的802.1p值,并将802.1p映射为DSCP。dis th之后只显示5,其他为默认,可以只配置5
    input 5 output 46
    # input 4 output 32
    # input 3 output 24
    # input 2 output 16
    # input 0 output 0
int g0/0/1
    trust 8021p
  1. PE4的g0/0/0和g0/0/2匹配DSCP值,根据表1,配置拥塞管理和拥塞避免
# PE4
drop-profile cs4
    wred dscp
    dscp cs4 low-limit 70 high-limit 100 discard-percentage 50
drop-profile cs3
    wred dscp
    dscp cs3 low-limit 50 high-limit 90 discard-percentage 50
drop-profile cs2
    wred dscp
    dscp cs2 low-limit 50 high-limit 80 discard-percentage 50
drop-profile default
    wred dscp
    dscp default low-limit 50 high-limit 80 discard-percentage 50
qos queue-profile QP
    schedule wfq 0 to 4 pq 5  # 必须先做
    queue 4 weight 63
    queue 4 drop-profile cs4
    queue 3 weight 21
    queue 3 drop-profile cs3
    queue 2 weight 9
    queue 2 drop-profile cs2
    queue 0 weight 1
    queue 0 drop-profile default
int g0/0/0
    qos queue-profile QP
int g0/0/2
    qos queue-profile QP   

# 检查------
dis qos queue-profile QP

5. IPv6

5.2 IPv6 ISIS

  1. 如图6,PE1、PE2、RR1、P1、ASBR1、ASBR2运行isis协议,各直连网段通告入isis,配置各链路cost

5.3 IPv6 BGP

  1. 如图7,ASBR1-ASBR3通过直连链路建立eBGP4+邻居,PE1、PE2、P1是RR1的BGP4+客户端(已预配置)
# --------ASBR1/3之间的EBGP
# ASBR1/ASBR3
ipv6 #开启IPv6,需要在ASBR3上做
bgp 100
    peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:5700/1 as 200/100
    ipv6-family unicast
        peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:5700/1 enable  # ipv6需要手动en

#-----------------IBGP+反射 
# ASBR1/ASBR2/P1/PE1/PE2
bgp 100
    peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA3 as 100
    peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA3 co lo 0
    ipv6-family unicast
        peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA3 enable

# ASBR1/ASBR2 :设置下一跳自我
bgp 100
    ipv6-family unicast
        peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA3 next-hop-local

# RR1
bgp 100
    peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA1/2/4/5/6 as 100
     peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA1/2/4/5/6 co lo 0
    ipv6-family unicast
        peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA1/2/3/4/6 enable
        # 注意ASBR不需要设置反射客户端
        peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA1/2/4 reflect-client

# 检查-----------
# ASBR1/3
dis bgp ipv6 peer 
# RR1
dis bgp ipv6 peer
  1. 在ASBR1将ISIS IPv6的路由导入BGP4+,只向ASBR3通告前缀为xxxxxxxxxx(loo0)的路由,不能使用route-policy,将ASBR3的loopback0通告入BGP4+
# ASBR1:所有lo 接口地址
ip ipv6-prefix 66 permit 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA0 124 gr 128 
bgp 100
    ipv6-family unicast
        import isis 1   # 需要引入isis路由
        peer 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:5700 ipv6-prefix 66 export

# ASBR3:BGP中宣告lo 0
bgp 200
    ipv6-family unicast
        network  2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA7 128

# 检查--------
# ASBR1/3
dis bgp ipv6 rou # 有DCA1-7的地址
  1. PE1、PE2学习到ASBR3 loopback0的BGP4+明细路由
# RR1/P1 : IPv6的路由渗透
ip ip-prefix 66 permit 2000:EAD8:99EF:CC3E:B2AD:9EFF:A2DD:DCA0 124 gr 128 
isis 1
    ipv6 import-route isis level-2 into level-1 filter-policy ipv6-prefix 66

# 检查---------
dis bgp ipv6 rou #有DCA7的明细路由
  1. 请在PE1使能某特性,以确保PE1在启动过程(从物理接口up,到协议xx建立)中,PE2-ASBR3的IPv6 ping不丢包
# PE1
switchover mode nonstop-routing
isis
    graceful-restart
    set-overload on-startup wait-for-bgp
bgp 100
    ipv6-family unicast
        auto-frr
# HCIE备考
HCIE 实验LABv2步骤分解 上一篇
Python之执行命令(subprocess) 下一篇
0%