BGP和NAT的问题

sdasdf

如图，在R2上做了NAT，把内网的12.12.12.1映射为210.22.146.217。
现在R2要和R4做EBGP，但是要求要向对端宣告210.22.146.217这个地址。

由于在BGP里面network，我只能在R2上写了个静态路由
ip route 210.22.146.217 255.255.255.255 Null0
这样最终才能宣告出去

此时R4学习到了210.22.146.217的路由，BGP表里面也有了，但是在R4上ping不通210.22.146.217。
但是我在R3上ping210.22.146.217是通的。发现不同点就是R2连接R4的接口S1/0上少了ip nat outside，加上去然后就通了。

请问一下，我这个思路和解决方法应该没问题吧。

R1:
——————————————————————————————————-——————
R1#show run
Building configuration...

Current configuration : 720 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
no ip domain lookup
!
!

interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
!         
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 12.12.12.2
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!         
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end



R2:
——————————————————————————————————-——————
R2#SHOW RUN
Building configuration...

Current configuration : 1368 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
no ip domain lookup
!
!
!
interface FastEthernet0/0
ip address 23.23.23.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial1/0
ip address 24.24.24.2 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 210.22.146.217 mask 255.255.255.255
neighbor 24.24.24.4 remote-as 200
no auto-summary
!
ip forward-protocol nd
ip route 210.22.146.217 255.255.255.255 Null0
!
no ip http server
no ip http secure-server
!
ip nat inside source static 12.12.12.1 210.22.146.217
!         
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!         
!
end



R3:
——————————————————————————————————-——————
R3#SHOW RUN
Building configuration...

Current configuration : 720 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
no ip domain lookup
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 23.23.23.3 255.255.255.0
duplex auto
speed auto
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 23.23.23.2
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!         
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

R4:
——————————————————————————————————-——————
R4#show run
Building configuration...

Current configuration : 1083 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
no ip domain lookup
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 24.24.24.4 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 24.24.24.2 remote-as 100
no auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!         
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end



——————————————————————————————————-——————
R2#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 210.22.146.217     12.12.12.1         ---                ---
R2#
R2#show ip bgp sum
R2#show ip bgp summary
BGP router identifier 24.24.24.2, local AS number 100
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
24.24.24.4      4   200      23      23        2    0    0 00:19:31        0
R2#
R2#
R2#show ip bg
R2#show ip bgp
BGP table version is 2, local router ID is 24.24.24.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 210.22.146.217/32
                    0.0.0.0                  0         32768 i
R2#

——————————————————————————————————-——————

R3#ping 210.22.146.217

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.22.146.217, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/108 ms
R3#


——————————————————————————————————-——————

R4#ping 210.22.146.217

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 210.22.146.217, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/60/180 ms
R4#show ip bg
R4#show ip bgp sum
R4#show ip bgp summary
BGP router identifier 24.24.24.4, local AS number 200
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 441 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
24.24.24.2      4   100      24      24        2    0    0 00:20:35        1
R4#        
R4#show ip bg
R4#show ip bgp
BGP table version is 2, local router ID is 24.24.24.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 210.22.146.217/32
                    24.24.24.2               0             0 100 i

ssffzz1

没问题啊。不是做通了吗？？？？？

ssffzz1

再说了到底有无问题要看应用和要求。

单纯的配置上并不冲突。

sdasdf

嗯 好的 这个是客户的需求 我做了下模拟 因为从没碰到过BGP发布NAT后的地址

为了能发布出去 我在R2上加了下面这个命令
ip route 210.22.146.217 255.255.255.255 Null0

为了能ping通我在R2上连接R4的接口上又加了ip nat outside
这个接口其他流量还是要走路由不走NAT的

到时候就直接上了

我再跟客户确认确认