BGP GTSM示例

组网需求

1. Router A属于AS 10，Router B、Router C、Router D属于AS 20
2. 所有路由器运行BGP协议，要求Router B免受CPU利用类型的攻击

组网拓扑

配置思路

1. 在AS 20的路由器Router B、Router C、Router D上配置OSPF协议，实现AS 20内部互通
2. 在Router A和Router B之间建立EBGP连接
3. 在Router B、Router C、Router D之间使用Loop Back 接口建立IBGP全连接，实现各个AS互通
4. 在Router A、Router B、Router C和Router D上配置GTSM功能，保障Router B免受CPU利用类型的攻击

配置命令

1. 配置各个路由器基本功能以及各个接口IP地址

   • Router A配置

     sys
     sys Router A
     int g0/0/0
       ip add 10.1.1.1 30
     int LoopBack 
       ip add 1.1.1.9 32

• Router B配置

  sys
  sys Router B
  int g0/0/0
    ip add 10.1.1.2 30
  int g0/0/1
    ip add 20.1.2.1 30
  int LoopBack 0
    ip add 2.2.2.9 32

• Router C配置

  sys
  sys Router C
  int g0/0/1
    ip add 20.1.2.2 30
  int g0/0/2
    ip add 20.1.3.1 30
  int LoopBack 0
    ip add 3.3.3.9 32

• Router D配置

  sys
  sys Router D
  int g0/0/0
    ip add 20.1.4.1 30
  int g0/0/2
    ip add 20.1.3.2 30
  int LoopBack 0
    ip add 4.4.4.9 32

2. 配置OSPF协议

   • Router B配置

     sys
     ospf 1 router-id 2.2.2.9
       area 0
         network 20.1.1.0 0.0.0.3
         network 2.2.2.9 0.0.0.0

• Router C配置

  sys
  ospf 1 router-id 3.3.3.9
    area 0
      network 20.1.1.0 0.0.0.3
      network 20.1.2.0 0.0.0.3
      network 3.3.3.9 0.0.0.0

• Router D配置

  sys
  ospf 1 router-id 4.4.4.9
    area 0
      network 20.1.2.0 0.0.0.3
      network 20.1.3.0 0.0.0.3
      network 4.4.4.9 0.0.0.0

3. 配置IBGP全连接

   • Router B配置

     sys
     bgp 20
       router-id 2.2.2.9
       peer 3.3.3.9 as-number 20
       peer 3.3.3.9 connect-interface LoopBack 0
       peer 3.3.3.9 next-hop-local
       peer 4.4.4.9 as-number 20
       peer 4.4.4.9 connect-interface LoopBack 0
       peer 4.4.4.9 next-hop-local

• Router C配置

  sys
  bgp 20
    router-id 3.3.3.9
    peer 2.2.2.9 as-number 20
    peer 2.2.2.9 connect-interface LoopBack 0
    peer 4.4.4.9 as-number 20
    peer 4.4.4.9 connect-interface LoopBack 0

• Router D配置

  sys
  bgp 20
    router-id 4.4.4.9
    peer 2.2.2.9 as-number 20
    peer 2.2.2.9 connect-interface LoopBack 0
    peer 3.3.3.9 as-number 20
    peer 3.3.3.9 connect-interface LoopBack 0

4. 配置EBGP连接

   • Router A配置

     sys
     bgp 10
       router-id 1.1.1.9
       peer 10.1.1.2 as-number 20

• Router B配置

  sys
  bgp 10
    peer 10.1.1.1 as-number 10

5. 配置Router A与Router B之间的GTSM

   • Router A配置

     sys
     bgp 10
       peer 10.1.1.2 valid-ttl-hops 1

• Router B配置

  sys
  bgp 20
    peer 10.1.1.1 valid-ttl-hops 1

6. 配置Router B与Router C之间的GTSM

   • Router B配置

     sys
     bgp 20
       peer 20.1.1.2 valid-ttl-hops 1

• Router C配置

  sys
  bgp 20
    peer 20.1.1.1 valid-ttl-hops 1

7. 配置Router B与Router D之间的GTSM

   • Router B配置

     sys
     bgp 20
       peer 20.1.2.2 valid-ttl-hops 2

• Router D配置

  sys
  bgp 20
    peer 20.1.1.1 valid-ttl-hops 2

8. 配置Router C与Router D之间的GTSM

   • Router C配置

     sys
     bgp 20
       peer 20.1.2.2 valid-ttl-hops 1

• Router D配置

  sys
  bgp 20
    peer 20.1.2.1 valid-ttl-hops 1

查看结果

1. 查看BGP的对等体（以Router B为例）

   display bgp peer
   
   <Router B>dis bgp peer
   
    BGP local router ID : 2.2.2.2
    Local AS number : 20
    Total number of peers : 3		  Peers in established state : 3
   
     Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State Pre
   fRcv
   
     3.3.3.9         4          20       26       27     0 00:24:02 Established    
      0
     4.4.4.9         4          20       25       26     0 00:23:58 Established    
      0
     10.1.1.1        4          10       26       26     0 00:24:37 Established    
      0

2. 查看GTSM功能配置情况（以Router B为例）

   display bgp peer 20.1.1.1 verbose
   
   <Router B>dis bgp peer 10.1.1.1 verbose 
   
   	BGP Peer is 10.1.1.1,  remote AS 10  
   	Type: EBGP link
   	BGP version 4, Remote router ID 1.1.1.1
   	Update-group ID: 0  
   	BGP current state: Established, Up for 00h27m05s 
   	BGP current event: KATimerExpired
   	BGP last state: OpenConfirm
   	BGP Peer Up count: 1
   	Received total routes: 0
   	Received active routes total: 0
   	Advertised total routes: 0
   	Port:  Local - 50063	Remote - 179
   	Configured: Connect-retry Time: 32 sec
   	Configured: Active Hold Time: 180 sec	Keepalive Time:60 sec
   	Received  : Active Hold Time: 180 sec
   	Negotiated: Active Hold Time: 180 sec	Keepalive Time:60 sec
   	Peer optional capabilities:
   	Peer supports bgp multi-protocol extension
   	Peer supports bgp route refresh capability
   	Peer supports bgp 4-byte-as capability
   	Address family IPv4 Unicast: advertised and received
    Received: Total 29 messages
   		 Update messages 		0 
   		 Open messages 			1 
   		 KeepAlive messages 		28 
   		 Notification messages  	0 
   		 Refresh messages 		0
    Sent: Total 29 messages
   		 Update messages 		0 
   		 Open messages 			1 
   		 KeepAlive messages 		28 
   		 Notification messages  	0 
   		 Refresh messages 		0
    Authentication type configured: None
    Last keepalive received: 2022/03/30 20:59:30 UTC-08:00    
    Last keepalive sent    : 2022/03/30 20:59:31 UTC-08:00    
    Minimum route advertisement interval is 30 seconds
    Optional capabilities:
    Route refresh capability has been enabled
    4-byte-as capability has been enabled
        // GTSM功能已经配置
    GTSM has been enabled, valid-ttl-hops: 1
    Peer Preferred Value: 0
    Routing policy configured:
    No routing policy is configured

3. 查看GTSM统计信息

   display gtsm statistics all