Cem Kemal Erbaş Cem Kemal Erbaş
Cihazlarımızın genel yapılandırma ayarlarını yapalım ve ip addreslerini verelim.
Huawei :
[USG6300]sysname huawei-USG[huawei-USG]interface GigabitEthernet 1/0/1
[huawei-USG-GigabitEthernet1/0/1]ip address 192.168.1.1 24
[huawei-USG-GigabitEthernet1/0/1]interface loopback0
[huawei-USG-LoopBack0]ip address 1.1.1.1 24
[huawei-USG-LoopBack0]interface loopback10
[huawei-USG-LoopBack10]ip address 10.10.10.10 24
Cisco:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname cisco-R2
cisco-R2(config)#interface gigabitEthernet 0/0
cisco-R2(config-if)#ip address 192.168.1.2 255.255.255.0
cisco-R2(config-if)#no sh
cisco-R2(config-if)#interface loopback0
cisco-R2(config-if)#ip address 2.2.2.2 255.255.255.0
Cihazların haberleşebilmeleri için static route yazalım.
[huawei-USG]ip route-static 2.2.2.2 255.255.255.255 192.168.1.2
cisco-R2(config)#ip route 1.1.1.1 255.255.255.255 192.168.1.1
Fiziksel cihazlarımızın ip addresslerini kullanarak dogrudan BGP bağlantılarımızı kuralım.
[huawei-USG]bgp 100
[huawei-USG-bgp]peer 2.2.2.2 as-number 200
[huawei-USG-bgp]peer 2.2.2.2 ebgp-max-hop 2
[huawei-USG-bgp]peer 2.2.2.2 connect-interface LoopBack 0
cisco-R2(config)#router bgp 200
cisco-R2(config-router)#no synchronization
cisco-R2(config-router)#bgp log-neighbor-changes
cisco-R2(config-router)#network 1.1.1.1 mask 255.255.255.255
cisco-R2(config-router)#neighbor 2.2.2.2 remote-as 100
cisco-R2(config-router)#neighbor 2.2.2.2 ebgp-multihop 2
cisco-R2(config-router)#neighbor 2.2.2.2 update-source loopback 0
Konfigürasyonu yazdıktan sonra BGP komşuluğu hemen gelmez.
[huawei-USG]display bgp peer
BGP local router ID : 192.168.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 0
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 200 0 0 0 00:00:19 Idle 0
Firewall cihazımızda kullandıgımız interfaceyi untrust yapalım.
[huawei-USG-zone-untrust] set priority 5
[huawei-USG-zone-untrust] add interface GigabitEthernet1/0/1
USG cihazımız da policiy oluşturalım komşulukların kurulabilmesi için.
[huawei-USG]security-policy
[huawei-USG-policy-security] rule name permit_any
[huawei-USG-policy-security-rule-permit_any] action permit
Konfigürasyonu oluşturduktan sonra BGPyi kontrol edelim.
display bgp peer
BGP local router ID : 192.168.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 200 8 7 0 00:03:14 Established 1
cisco-R2# show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i – IGP, e – EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.1.1 0 32768 i
*> 10.10.10.10/32 1.1.1.1 0 0 100 i
İki cihazımızdada BGP komşulukları kurulmuş durumdadır.
AS-PATH görüntülemek için cihazların BGP route tablolarına bakalım.
display bgp routing-table
BGP Local router ID is 192.168.1.1
Status codes: * – valid, > – best, d – damped,
h – history, i – internal, s – suppressed, S – Stale
Origin : i – IGP, e – EGP, ? – incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 2.2.2.2 0 0 200i
*> 10.10.10.10/32 0.0.0.0 0 0 i
cisco-R2>sh ip bgp summary
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 5, main routing table version 5
2 network entries using 296 bytes of memory
2 path entries using 128 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 720 total bytes of memory
BGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 9 12 5 0 0 00:06:17 1
Son olarak cihazlarımızın ekran çıktılarına görüntüleyelim.
display current-configuration
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.0
alias 0
#
interface LoopBack10
ip address 10.10.10.10 255.255.255.255
alias 1
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
bgp 100
peer 2.2.2.2 as-number 200
peer 2.2.2.2 ebgp-max-hop 2
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 10.10.10.10 255.255.255.255
peer 2.2.2.2 enable
#
ip route-static 2.2.2.2 255.255.255.255 192.168.1.2
#
security-policy
rule name permit_any
action permit
nat-policy
#
Return
cisco-R2# show running-config
!
hostname cisco-R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.0
!
router bgp 200
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
!
ip route 1.1.1.1 255.255.255.255 192.168.1.1
!
end
