如何配置FortiGate BGP路由聚合
2012-12-21 16:55:13 来源: 评论:0 点击:
1、文档用途本文描述的是如何配置BGP协议的路由会聚功能从而通过宣告聚合路由来达到通告多条详细路由的具体步骤。2、适应范围所有的运行在NAT模式下面的FortiGate或VDOM。3、预期结果本文将把如下三条详细路由通...
1、文档用途
本文描述的是如何配置BGP协议的路由会聚功能从而通过宣告聚合路由来达到通告多条详细路由的具体步骤。
2、适应范围
所有的运行在NAT模式下面的FortiGate或VDOM。
3、预期结果
本文将把如下三条详细路由通过BGP会聚功能通告成聚合路由:* 10.162.0.0/16
* 10.162.0.0/255.255.254.0
* 10.162.2.0/255.255.254.0
* 10.162.4.0/255.255.254.0
4、具体配置
具体配置如下显示,名称FGT-AS162是本地FortiGate:
FGT-AS162 (bgp) # show
config router bgp
config aggregate-address
edit 1
set prefix 10.162.0.0 255.255.0.0
set summary-only enable
next
end
set as 162
config neighbor
edit 10.142.0.110
set remote-as 1
next
end
config network
edit 1
set prefix 10.162.0.0 255.255.254.0
next
edit 2
set prefix 10.162.2.0 255.255.254.0
next
edit 3
set prefix 10.162.4.0 255.255.254.0
next
end
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
set router-id 10.142.0.114
end
5、配置验证
名称FGT_ISP是模拟的ISP边界路由器:
FGT-AS162启用了BGP路由聚合功能
5.1 在FGT-AS162上验证
FGT-AS162 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 192.168.183.254, port1
B 1.1.1.1/32 [20/0] via 10.142.0.110, port2, 01:03:29
C 10.142.0.0/23 is directly connected, port2
B 10.160.0.0/23 [20/0] via 10.142.0.110, port2, 00:02:07
B 10.162.0.0/16 [20/0] is a summary, Null, 00:12:16
C 10.162.0.0/23 is directly connected, port3
C 10.162.2.0/23 is directly connected, port5
C 10.162.4.0/23 is directly connected, port6
B 192.168.0.0/16 [20/0] via 10.142.0.110, port2, 01:03:29
B 192.168.0.0/21 [20/0] via 10.142.0.205, port2, 01:03:29
B 192.168.168.0/24 [20/0] via 10.142.0.110, port2, 01:03:29
C 192.168.182.0/23 is directly connected, port1
可以看到上面路由表里面有条“null”的路由可以避免路由环路产生
FGT-AS162 # get router info bgp network
BGP table version is 9, local router ID is 10.142.0.114
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.142.0.110 0 0 1
*> 10.160.0.0/23 10.142.0.110 0 0 1 i
*> 10.162.0.0/16 0.0.0.0 32768 i <<<< 这就是将要通过BGP宣告出去的路由
s> 10.162.0.0/23 0.0.0.0 100 32768 i
s> 10.162.2.0/23 0.0.0.0 100 32768 i
s> 10.162.4.0/23 0.0.0.0 100 32768 i
*> 192.168.0.0/16 10.142.0.110 0 0 1
*> 192.168.0.0/21 10.142.0.205 0 0 1 2 i
*> 192.168.168.0 10.142.0.110 0 0 1
Total number of prefixes 9
可以看到BGP摘要路由下面有三条路由有 's' 标记,指的是摘要路由来源于这3条详细路由。
5.2 在FGT_ISP上验证
获取本地路由表: FGT_ISP (bgp) # get router info bgp networkBGP table version is 18, local router ID is 10.142.0.110
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.183.254 32768
*> 10.160.0.0/23 0.0.0.0 100 32768 i
*> 10.162.0.0/16 10.142.0.114 0 0 162 i
*> 192.168.0.0/16 192.168.183.254 32768
*> 192.168.0.0/21 10.142.0.205 0 0 2 i
*> 192.168.168.0 192.168.183.254 32768 Total number of prefixes 6 FGT_ISP (bgp) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default S 1.1.1.1/32 [10/0] via 192.168.183.254, port1
C 10.142.0.0/23 is directly connected, port6
C 10.160.0.0/23 is directly connected, port2
B 10.162.0.0/16 [20/0] via 10.142.0.114, port6, 01:04:08
这条就是BGP对端宣告过来的摘要路由
S 192.168.0.0/16 [10/0] via 192.168.183.254, port1
B 192.168.0.0/21 [20/0] via 10.142.0.205, port6, 19:30:25
S 192.168.168.0/24 [10/0] via 192.168.183.254, port1
C 192.168.182.0/23 is directly connected, port1
相关热词搜索:
上一篇:如何配置FortiGate双出口
下一篇:如何重发布特定的路由
分享到:
收藏
收藏
评论排行
- ·VMware部署FortiGate VM和VMX详解(66)
- ·FortiClient Windows系统安装包(21)
- ·SSL VPN Client For Windows(SSL ...(10)
- ·FortiClient Mac系统安装包(4)
- ·FortiClient 安卓安装包(3)
- ·FortiOS 5.6系统演示(2)
- ·飞塔防火墙配置手册5.0(2)
- ·给拨号VPN的用户分配固定IP地址(2)
- ·Fortinet无线网络接入配置步骤 4.2(2)
- ·FortiGate FortiOS最佳版本建议书(1)
- ·FortiWLC控制器系统恢复操作介绍(1)
- ·FortiClient 安卓系统安装包(1)
- ·设置FortiGate 双网关(1)
- ·FortiGate产品实施中文一本通7.0(1)
- ·SSL VPN Client for Linux(SSL VP...(1)
- ·如何配置FortiGate双出口(1)
- ·FortiConvertor配置转换工具(1)
- ·FortiGate 4.2 中文管理员使用手册(1)
- ·设置FortiGate DHCP地址保留(1)
- ·Fortinet技术服务和支持体系(1)
