18.4 BGP路由策略
18.4.1 基础配置
路由器R1:
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.13.1 255.255.255.0
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#router bgp 100
R1(config-router)#neighbor 10.1.13.3 remote-as 300
路由器R2:
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#router bgp 200
R2(config-router)#neighbor 10.1.23.3 remote-as 300
路由器R3:
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface serial 0/1
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface serial 0/2
R3(config-if)#ip address 10.1.34.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.13.1 remote-as 100
R3(config-router)#neighbor 10.1.23.2 remote-as 200
R3(config-router)#neighbor 10.1.34.4 remote-as 400
路由器R4:
R4(config)#interface serial 0/0
R4(config-if)#ip address 10.1.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#router bgp 400
R4(config-router)#neighbor 10.1.34.3 remote-as 300
18.4.2 BGP路由汇总
18.4.2.1 自动汇总:auto-summary
RIP和EIGRP在进程中配置AUTO-SUMMARY即可
- 情况1:直连或者多协议等重发布方式注入,汇总成主类网络1.0.0.0/8,
- 情况2:NETWORK无类宣告,指定掩码
- 情况3:NETWORK有类宣告
R1(config)#interface loopback 1
R1(config-if)#ip address 172.16.10.1 255.255.255.0
R1(config-if)#no shutdown
R1#show running-config | section router
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.1.13.3 remote-as 300
no auto-summary
可以看出auto-summary默认是关闭的
R1(config)#router bgp 100
R1(config-router)#auto-summary
打开auto-summary
R1(config-router)#network 172.16.10.0 mask 255.255.255.0
使用无类宣告的方式宣告
R3#show ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 10.1.13.1 0 0 100 i
此时R3上就能看到宣告的路由,子网类型。即使开了AUTO-SUMMARY,路由任然以明细方式宣告
R1(config-router)#no network 172.16.10.0 mask 255.255.255.0
R1(config-router)#network 172.16.0.0
关闭无类宣告,接着以有类的方式宣告
R3#show ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 10.1.13.1 0 0 100 i
R3上有了有类路由,做了自动汇总。
R1(config)#ip prefix-list 1 permit 172.16.10.0/24
R1(config)#route-map test permit 10
R1(config-route-map)#match ip address prefix-list 1
R1(config)#router bgp 100
R1(config-router)#redistribute connected route-map test
重发布直连路由
R3#show ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 10.1.13.1 0 0 100 ?
也已经有了汇总路由
进一步验证了自动汇总的三种方式。
18.4.2.2 手动汇总
18.4.2.2.1 Aggretate-address
将R1和R2的路由引入BGP,R3就能学到4条路由。
R1(config)#interface loopback 1
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config)#interface loopback 2
R1(config-if)#ip address 172.16.2.1 255.255.255.0
R1(config)#router bgp 100
R1(config-router)#network 172.16.2.0 mask 255.255.255.0
R2(config)#interface loopback 1
R2(config-if)#ip address 172.16.10.1 255.255.255.0
R2(config)#interface loopback 2
R2(config-if)#ip address 172.16.11.1 255.255.255.0
R2(config)#router bgp 200
R2(config-router)#network 172.16.11.0 mask 255.255.255.0
R3#show ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.1.0/24 10.1.13.1 0 0 100 i
*> 172.16.2.0/24 10.1.13.1 0 0 100 i
*> 172.16.10.0/24 10.1.23.2 0 0 200 i
*> 172.16.11.0/24 10.1.23.2 0 0 200 i
此时,R3上就可以看到4条明细路由了。
接着在R3上做汇总。
R3(config)#router bgp 300
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0
手动汇总后
R3#show ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 0.0.0.0 32768 i
*> 172.16.1.0/24 10.1.13.1 0 0 100 i
*> 172.16.2.0/24 10.1.13.1 0 0 100 i
*> 172.16.10.0/24 10.1.23.2 0 0 200 i
*> 172.16.11.0/24 10.1.23.2 0 0 200 i
除了明细路由外,还能看到汇总路由172.16.0.0,由于是R3产生的,所以NEXT-HOP为0.0.0.0。
这5条路由都是BEST
R4#show ip bgp
BGP table version is 8, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 10.1.34.3 0 0 300 i
*> 172.16.1.0/24 10.1.34.3 0 300 100 i
*> 172.16.2.0/24 10.1.34.3 0 300 100 i
*> 172.16.10.0/24 10.1.34.3 0 300 200 i
*> 172.16.11.0/24 10.1.34.3 0 300 200 i
R4上也有明细过来,NEXT-HOP都是R3,这就没有启到路由汇总的目的。
限制明细,减少路由条目。
18.4.2.2.2 Summary-only
R3(config)#router bgp 300
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 summary-only
R3#show ip bgp
BGP table version is 12, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 0.0.0.0 32768 i
s> 172.16.1.0/24 10.1.13.1 0 0 100 i
s> 172.16.2.0/24 10.1.13.1 0 0 100 i
s> 172.16.10.0/24 10.1.23.2 0 0 200 i
s> 172.16.11.0/24 10.1.23.2 0 0 200 i
也有路由明细,但是是s,表示明细被抑制。
R4#show ip bgp
BGP table version is 12, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 10.1.34.3 0 0 300 i
这时R4上就只有一条汇总路由了。
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
B 172.16.0.0/16 [20/0] via 10.1.34.3, 00:46:06
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.34.0 is directly connected, Serial0/0
R4路由表中也只有一条汇总路由。
R4#show ip bgp 172.16.0.0
BGP routing table entry for 172.16.0.0/16, version 8
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
300, (aggregated by 300 3.3.3.3)
10.1.34.3 from 10.1.34.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
可以看出,丢弃了路由明细属性,容易打环。R3产生的汇总路由丢失了之前的明细路径属性,AS-PATH丢失严重。全新的汇总路由重新传回AS100,会产生路由环路。
18.4.2.2.3 As-set
汇总路由能够继承明细
R3(config-router)#aggregate-address 172.16.0.0 255.255.0.0 summary-only as-set
值传递汇总路由,抑制本地明细,还要继承明细路径属性
R3#show ip bgp
BGP table version is 13, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 0.0.0.0 100 32768 {100,200} i
s> 172.16.1.0/24 10.1.13.1 0 0 100 i
s> 172.16.2.0/24 10.1.13.1 0 0 100 i
s> 172.16.10.0/24 10.1.23.2 0 0 200 i
s> 172.16.11.0/24 10.1.23.2 0 0 200 i
AS-PATH之前为空,因为本地产生,现在{100,200},无序AS号列表,继承明细路由的AS号,避免防环。
R4#show ip bgp
BGP table version is 13, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 10.1.34.3 0 0 300 {100,200} i
R4的AS-PATH上就有了明细了300 {100,200}。
R4#show ip bgp 172.16.0.0
BGP routing table entry for 172.16.0.0/16, version 13
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
300 {100,200}, (aggregated by 300 3.3.3.3)
10.1.34.3 from 10.1.34.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
详细信息300 {100,200},(aggregated by 300 3.3.3.3)
18.4.2.2.4 Supress-map
希望不像SUMMAYR-ONLY抑制所有,而是希望指定抑制部分地址。
Route-map只能用于匹配,不能用于设置属性,即只能match,不能set。
Permit则抑制,deny则放行。
隐藏了deny any
对部分邻居值传递汇总路由且抑制明细,同时对特定部分希望传递汇总路由和明细。
18.4.2.2.5 Advertise-map
只希望继承部分明细的属性。
18.4.2.2.6 Attribute-map
对汇总路由做属性控制
18.4.3 正则表达式
18.4.3.1 介绍
原子字符
原子字符示例
乘法字符
乘法字符示例
范围字符
范围字符示例
18.4.3.2 AS_PATH
18.4.3.3 示例
18.4.3.3.1 基础配置
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#router bgp 100
R1(config-router)#neighbor 10.1.13.3 remote-as 300
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#router bgp 200
R2(config-router)#neighbor 10.1.23.3 remote-as 300
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface serial 0/1
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.13.1 remote-as 100
R3(config-router)#neighbor 10.1.23.2 remote-as 200
18.4.3.3.2 示例1:filter-list
在R2上设置两个LOOPBACK接口,
R2(config)#interface loopback 1
R2(config-if)#ip address 172.16.10.1 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface loopback 2
R2(config-if)#ip address 172.16.11.1 255.255.255.0
R2(config-if)#no shutdown
假设172.16.10是R2过来的,172.16.11是AS 600过来的。
R2(config)#ip prefix-list 10 permit 172.16.10.0/24
R2(config)#ip prefix-list 11 permit 172.16.11.0/24
R2(config)#router bgp 200
R2(config-router)#network 172.16.11.0 mask 255.255.255.0
R2(config)#route-map test permit 10
R2(config-route-map)#match ip address prefix-list 11
R2(config-route-map)#set as-path prepend 600
将11的路由更新给R3之前插入AS600
R2(config)#route-map test permit 20
避免默认的隐含DENY ANY,否则只放了11,没有放10
R2(config)#router bgp 200
R2(config-router)#neighbor 10.1.23.3 route-map test out
R3#show ip bgp
BGP table version is 6, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 10.1.23.2 0 0 200 i
*> 172.16.11.0/24 10.1.23.2 0 0 200 600 i
R3收到两条路由,其中10是始发AS200,11则包含了始发AS600,经过了AS200
R3(config)#ip as-path access-list 1 deny _600$
匹配以600结束的AS-PATH,即始发于600的,过滤了所欲路由。
R3(config)#ip as-path access-list 1 permit .*
允许其他通过
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.23.2 filter-list 1 in
R3#clear ip b * s
R3#show ip bgp
BGP table version is 7, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 10.1.23.2 0 0 200 i
这就没有了600的信息了
18.4.3.3.3 示例2:route-map
R3(config)#router bgp 300
R3(config-router)#no neighbor 10.1.23.2 filter-list 1 in
先把11放进来,不冲突
R3(config)#ip as-path access-list 11 permit _600$
匹配只始发600的路由
R3(config)#route-map setCommunity permit 10
R3(config-route-map)#match as-path 11
R3(config-route-map)#set community local-AS
R3(config)#route-map setCommunity permit 20
设置为LOCAL-AS,只控制11,10和其他路由放行
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.23.2 route-map setCommunity in
应用在和R2连接的IN放行
R3#show ip bgp
BGP table version is 3, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 10.1.23.2 0 0 200 i
*> 172.16.11.0/24 10.1.23.2 0 0 200 600 i
R3#show ip bgp 172.16.11.0
BGP routing table entry for 172.16.11.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS)
Not advertised to any peer
200 600
10.1.23.2 from 10.1.23.2 (172.16.11.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: local-AS
存在Community: local-AS
18.4.3.4 命令
18.4.4 Community操控路由
18.4.4.1 介绍
Community为BGP众多路径属性中的一个。
如ACL,PREFIX-LIST等不可传递。
4B:归属AS号+自定义编号,16进制数存于UPDATE更新包中。
No-advertise,路由不通告给任何邻居,只能自己用
No-export不通告给任何EBGP邻居,不会传出AS。
Local-as只能在本AS内部传递
18.4.4.2 试验准备
配置R1接口和LOOPBACK地址
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 1
R1(config-if)#ip address 11.11.11.11 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 2
R1(config-if)#ip address 12.12.12.12 255.255.255.0
R1(config-if)#no shutdown
建立R1的BGP邻居管理,同时引入LOOPBACK路由
R1(config)#router bgp 100
R1(config-router)#network 11.11.11.0 mask 255.255.255.0
配置R2的接口IP地址
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2和R1、R3建立邻居关系
R2(config)#router bgp 200
R2(config-router)#neighbor 10.1.12.1 remote-as 100
R2(config-router)#neighbor 10.1.23.3 remote-as 300
配置R3的地址和BGP邻居
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.23.2 remote-as 200
R2#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
100
10.1.12.1 from 10.1.12.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, external, best
R2学到了11的路由,
18.4.4.3 试验1:为路由前缀分配community值
在R1的11路由分配100:11的community属性,传递个R2和R3
R1(config)#ip prefix-list 11 permit 11.11.11.0/24
前缀列表匹配11
R1(config)#route-map test permit 10
R1(config-route-map)#match ip address prefix-list 11
R1(config-route-map)#set community 100:11
定义ROUTE-MAP,设置COMMUNITY值100:11
R1(config)#route-map test permit 20
为了放行其他
R1(config)#router bgp 100
R1(config-router)#neighbor 10.1.12.2 route-map test out
R2#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
100
10.1.12.1 from 10.1.12.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, external, best
没有COMMUNITY属性,因为还缺少发送send-community
R1(config)#router bgp 100
R1(config-router)#neighbor 10.1.12.2 send-community
R1(config-router)#end
R2#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x880
Advertised to update-groups:
1
100
10.1.12.1 from 10.1.12.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 6553611
可以看到COMMUNITY属性了,6553611对应16进制0064000B,即100:11
R2(config)#ip bgp-community new-format
或者直接修改格式
R2#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
100
10.1.12.1 from 10.1.12.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 100:11
这会直接显示就是100:11
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200 100
10.1.23.2 from 10.1.23.2 (10.1.23.2)
Origin IGP, localpref 100, valid, external, best
此时R3上依旧没有COMMUNITY属性,因为R2没有对R3进行SEND-COMMUNITY
R2(config)#router bgp 200
R2(config-router)#neighbor 10.1.23.3 send-community
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x880
Not advertised to any peer
200 100
10.1.23.2 from 10.1.23.2 (10.1.23.2)
Origin IGP, localpref 100, valid, external, best
Community: 6553611
这时R3上就有了
R3(config)#ip bgp-community new-format
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x880
Not advertised to any peer
200 100
10.1.23.2 from 10.1.23.2 (10.1.23.2)
Origin IGP, localpref 100, valid, external, best
Community: 100:11
重新设置一下16进制格式。
18.4.4.4 试验2:为路由前缀分配多个community值
在试验1的基础上,R2上匹配100:11路由,用ROTE-MAP添加NO-EXPORT属性,在传递给R3,R3将不能传递给任何其他EBGP邻居。
R2(config)#ip community-list 11 permit 100:11
匹配携带了属性100:11的路由
2(config)#route-map test permit 10
R2(config-route-map)#match community 11
R2(config-route-map)#set community no-export additive
在COMMUNITY上添加NO-EXPORT属性
R2(config)#route-map test permit 20
R2(config)#router bgp 200
R2(config-router)#neighbor 10.1.23.3 route-map test out
关联OUT方向
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x880
Not advertised to any peer
200 100
10.1.23.2 from 10.1.23.2 (10.1.23.2)
Origin IGP, localpref 100, valid, external, best
Community: 100:11 no-export
这时,COMMUNITY属性上增加了NO-EXPORT属性了。
18.4.4.5 试验3: 匹配
通过设置METRIC值查看现象。
R3#show ip bgp
BGP table version is 4, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 200 100 i
初始学到的METRIC为空
测试1:匹配1个值
R3(config)#ip community-list 11 permit 100:11
R3(config)#route-map test permit 10
R3(config-route-map)#match community 11
R3(config-route-map)#set metric 1111
R3(config)#route-map test permit 20
设置ROUTE-MAP,匹配COMMUNITY,设置METRIC值
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.23.2 route-map test in
R3对R2应用ROUTE-MAP,用在入口方向,因为对自己设备生效
R3#show ip bgp
BGP table version is 5, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 1111 0 200 100 i
结果,METRIC值被修改了,说明多个值中,只要有一个匹配上,就可以
测试2:一个一样,一个不一样的情况
R3(config)#no ip community-list 11
R3(config)#ip community-list 11 permit 100:11 no-advertise
R3#show ip bgp
BGP table version is 6, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 200 100 i
METRIC值没有被修改,说明没有匹配上
测试3:换行时匹配,一个一样,一个不一样的情况
R3(config)#no ip community-list 11
R3(config)#ip community-list 11 permit 100:11
R3(config)#ip community-list 11 permit 1234:1234
R3#show ip bgp
BGP table version is 7, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 1111 0 200 100 i
实验结果可以了,说明是一个或的关系
18.4.4.6 测试4:测试INTERNET
R3(config)#no ip community-list 11
R3(config)#ip community-list 11 permit internet
R3#show ip community-list
Community standard list 11
permit internet
R3#show ip bgp
BGP table version is 9, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
METRIC值还在,说明匹配上了
测试5:严格匹配
两条路由都有NO-EXPORT标签,如果想过滤只携带了NO-EXPORT的路由,则在MATCH时,添加严格匹配关键字EXACT-MATCH。
R1(config)#router bgp 100
R1(config-router)#network 12.12.12.0 mask 255.255.255.0
引入12的路由
R2#show ip bgp
BGP table version is 4, local router ID is 10.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.12.1 0 0 100 i
*> 12.12.12.0/24 10.1.12.1 0 0 100 i
R2中已经有了BGP路由
R3#show ip bgp
BGP table version is 10, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 1111 0 200 100 i
*> 12.12.12.0/24 10.1.23.2 1111 0 200 100 i
R3中也有了新路由,且新路由没有任何COMMUNITY属性
给新路由也加上EXPORT标签
R2(config)#no ip community-list 11
R2(config)#ip community-list 11 permit internet
都放行
R3#show ip bgp 12.12.12.0
BGP routing table entry for 12.12.12.0/24, version 11
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x880
Not advertised to any peer
200 100
10.1.23.2 from 10.1.23.2 (10.1.23.2)
Origin IGP, metric 1111, localpref 100, valid, external, best
Community: no-export
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 9
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Not advertised to any peer
200 100
10.1.23.2 from 10.1.23.2 (10.1.23.2)
Origin IGP, metric 1111, localpref 100, valid, external, best
Community: 100:11 no-export
11上有两个属性值,12上有一个属性值
严格匹配NO-EXPORT,并设置METRIC1111值,结果应该是只有12改了METRIC值
R3(config)#no ip community-list 11
R3(config)#ip community-list 11 permit no-export
R3#show ip bgp
BGP table version is 11, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 1111 0 200 100 i
*> 12.12.12.0/24 10.1.23.2 1111 0 200 100 i
目前是两个都匹配了,因为都包含了NO-EXPORT
R3(config)#route-map test permit 10
R3(config-route-map)#no match community 11
R3(config-route-map)#match community 11 exact-match
严格匹配
R3#show ip bgp
BGP table version is 14, local router ID is 10.1.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 200 100 i
*> 12.12.12.0/24 10.1.23.2 1111 0 200 100 i
可以看出严格匹配过滤了。
18.4.5 Prefix-list
BGP过滤器
18.4.5.1 应用示例
18.4.5.1.1 基础配置
定义前缀列表,先DENY路由,再PERMIT方向其他,即路由前缀为0-32,等同于PERMIT ANY。
接着在R2的BGP进程中,OUT方向定义。
R1配置接口地址和LOOPBAKC地址
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#no shutdown
R1(config-if)#interface loopback 1
R1(config-if)#ip address 11.11.11.11 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 2
R1(config-if)#ip address 12.12.12.12 255.255.255.0
R1(config-if)#no shutdown
R1和R2间运行IGP协议OSPF,互相学习对方LOOPBACK接口,基于LOOPBACK建立IBGP邻居关系。R2和R3建立在EBGP的直接接口上。
R1(config)#router ospf 1
R1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R2配置接口地址和LOOPBACK地址
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#no shutdown
运行IGP协议OSPF,
R2(config)#router ospf 1
R2(config-router)#network 10.1.12.2 0.0.0.0 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.12.2, 00:00:29, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.12.0 is directly connected, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
C 11.11.11.0 is directly connected, Loopback1
12.0.0.0/24 is subnetted, 1 subnets
运行OSPF后R1就能学到R2的LOOPBACK地址2.2.2.2了
接着R1运行BGP协议,利用LOOPBACK0建立IBGP邻居关系,同时引入LP1和LP2
R1(config)#router bgp 12
R1(config-router)#neighbor 2.2.2.2 remote 12
R1(config-router)#neighbor 2.2.2.2 update-source loopback 0
R1(config-router)#network 11.11.11.0 mask 255.255.255.0
R1(config-router)#network 12.12.12.0 mask 255.255.255.0
R2运行BGP协议,和R1利用LP0建立IBGP邻居关系,同时和R3建立直连EBGP关系
R2(config)#router bgp 12
R2(config-router)#neighbor 1.1.1.1 remote 12
R2(config-router)#neighbor 1.1.1.1 update-source loopback 0
R2(config-router)#neighbor 10.1.23.3 remote-as 300
R3设置接口地址和LOOPBACK地址
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R3(config-if)#no shutdown
配置直连接口的EBGP关系
R3(config)#router bgp 300
R3(config-router)#bgp router-id 3.3.3.3
R3(config-router)#neighbor 10.1.23.2 remote-as 12
R1#show ip bgp summary
BGP router identifier 12.12.12.12, local AS number 12
BGP table version is 3, main routing table version 3
2 network entries using 234 bytes of memory
2 path entries using 104 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 586 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 12 9 10 3 0 0 00:06:00 0
至此R1上已经能看到邻居关系了
R2#show ip bgp
BGP table version is 3, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i11.11.11.0/24 1.1.1.1 0 100 0 i
*>i12.12.12.0/24 1.1.1.1 0 100 0 i
R2中也有了R1宣告的BGP路由
R3#show ip bgp
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
*> 12.12.12.0/24 10.1.23.2 0 12 i
R3中也有了路由
接着在R2上做PREFIX-LIST过滤路由,
18.4.5.1.2 策略应用
R2(config)#ip prefix-list 12 deny 12.12.12.0/24
R2(config)#ip prefix-list 12 permit 0.0.0.0/0 le 32
R2(config)#router bgp 12
R2(config-router)#neighbor 10.1.23.3 prefix-list 12 out
定义PREFIX-LIST,禁止12.12.12.0通过R2进入R3。
R3#show ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
这时可以看到策略剩下了,R3上没有了12.12.12.0的路由。
18.4.6 Distribute-list
18.4.6.1 配置方法1
使用方法1类似PREFIX-LIST:创建ACL,在BGP进程中使用
在PREFIX试验的基础上
R2(config)#router bgp 12
R2(config-router)#no neighbor 10.1.23.3 prefix-list 12 out
R2(config)#no ip prefix-list 12
去除之前的PREFIX-LIST 配置
R3#show ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
*> 12.12.12.0/24 10.1.23.2 0 12 i
PREFIX-LIST策略取出后,R3上两条路由都能看见。
R2(config)#access-list 1 deny 12.12.12.0
R2(config)#access-list 1 permit any
R2(config)#router bgp 12
R2(config-router)#neighbor 10.1.23.3 distribute-list 1 out
定义ACL,并应用在R2的出口方向
R3#show ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
分发列表生效后,R3上没有了12.12.12.0的路由。
18.4.6.2 配置方法2
R2(config)#router bgp 12
R2(config-router)#no neighbor 10.1.23.3 distribute-list 1 out
R2(config)#no access-list 1
去除之前配置
R3#show ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
*> 12.12.12.0/24 10.1.23.2 0 12 i
这时R3又可以看到两条路由了
R2(config)#ip prefix-list 12 deny 12.12.12.0/24
R2(config)#ip prefix-list 12 permit 0.0.0.0/0 le 32
R2(config)#router bgp 12
R2(config-router)#distribute-list prefix 12 out
创建PREFIX-LIST,直接分发列表。
R3#show ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
可以看出,12.12.12.0路由被过滤掉了。
18.4.6.3 配置方法3
测试分发列表对重发布路由的过滤效果。
在R2上开个LP接口,并重发布进BGP,并过滤掉该接口地址。
18.4.6.4 配置方法4
R1和R2之间运行OSPF,R2通过OSPF学到路由。R2和R3位EBGP邻居关系。R2上将两条路由重发布进BGP。
18.4.7 Route-map
BGP对ROUTE-MAP的支持是多方面的。
定义好的ROUTE-MAP,还可以被一下命令调用
ROUTE-MAP中的强大MATCH语句
集中在路劲属性把控上
18.4.7.1 配置:NETWORK
R1通告两条路由给R2时,给两条路由打上COMMUNITY标记,R2就可以利用COMMUNITY值做策略。
NETWORK宣告路由时,关联ROUTE-MAP。
部署ROUTE-MAP,将R1中LP1和LP2设置COMMUNITY并带入R2.
R2(config)#router bgp 12
R2(config-router)#no distribute-list prefix 12 out
删除之前的重分布策略。
R3#show ip bgp
BGP table version is 9, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.0/24 10.1.23.2 0 12 i
*> 12.12.12.0/24 10.1.23.2 0 12 i
R3又可以看到两条路由了。
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
12
10.1.23.2 from 10.1.23.2 (2.2.2.2)
Origin IGP, localpref 100, valid, external, best
11.11.11.0这条路由也不携带COMMUNITY值。
R1#show running-config | section router
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.1 0.0.0.0 area 0
router bgp 12
no synchronization
bgp log-neighbor-changes
network 11.11.11.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 12
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
查看R1上已有的ROUTER属性
R1(config)#ip prefix-list 11 permit 11.11.11.0/24
R1(config)#ip prefix-list 12 permit 12.12.12.0/24
R1(config)#route-map RP1
R1(config-route-map)#set community 12:11
R1(config)#route-map RP2
R1(config-route-map)#set community 12:12
R1(config)#router bgp 12
R1(config-router)#network 11.11.11.0 mask 255.255.255.0 route-map RP1
R1(config-router)#network 12.12.12.0 mask 255.255.255.0 route-map RP2
R1(config-router)#neighbor 2.2.2.2 send-community
设置PREFIX-LIST及ROUTE-MAP,在NETWORK宣告后加入ROUTE-MAP,同时使用send-community发送路由携带COMMUNITY值
R2#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x880
Advertised to update-groups:
1
Local
1.1.1.1 (metric 65) from 1.1.1.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: 786443
这时R2查看LP1就有了COMMUNITY值
切换格式
R2(config)#ip bgp-community new-format
R2#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
Local
1.1.1.1 (metric 65) from 1.1.1.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: 12:11
这时LP1的COMMUNITY格式就转换过来了
R2#show ip bgp 12.12.12.0
BGP routing table entry for 12.12.12.0/24, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
Local
1.1.1.1 (metric 65) from 1.1.1.1 (12.12.12.12)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: 12:12
LP2也有设置的COMMUNITY值了
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
12
10.1.23.2 from 10.1.23.2 (2.2.2.2)
Origin IGP, localpref 100, valid, external, best
但是R3中没有,也就是R2的COMMUNITY属性没有传递给R3,需要再R2中增加send-community
R2(config)#router bgp 12
R2(config-router)#neighbor 10.1.23.3 send-community
R3(config)#ip bgp-community new-format
R3#show ip bgp 11.11.11.0
*Mar 1 00:21:13.223: %SYS-5-CONFIG_I: Configured from console by console
R3#show ip bgp 11.11.11.0
BGP routing table entry for 11.11.11.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x880
Not advertised to any peer
12
10.1.23.2 from 10.1.23.2 (2.2.2.2)
Origin IGP, localpref 100, valid, external, best
Community: 12:11
这时R3上就有了带COMMUNITY值的LP1和LP2
18.4.7.2 配置:NEIGHBOR
上面实验中的NETWORK会把COMMUNITY值传递给R1的所有BGP邻居。
本部分试验指定给BGP邻居传递COMMUNITY值。
在NEIGHBOR后面部署ROUTE-MAP策略。
接着之前的试验,修改之前R1的配置,改回直接宣告,不关联ROUTE-MAP
R1(config)#router bgp 12
R1(config-router)#no network 11.11.11.0 mask 255.255.255.0 route-map RP1
R1(config-router)#no network 12.12.12.0 mask 255.255.255.0 route-map RP2
R1(config-router)#network 11.11.11.0 mask 255.255.255.0
R1(config-router)#network 12.12.12.0 mask 255.255.255.0
PREFIX-LIST就用已有的,不需要新建
R1(config)#route-map test permit 10
R1(config-route-map)#match ip address prefix-list 11
R1(config-route-map)#set metric 1000
R1(config)#route-map test permit 20
R1(config-route-map)#match ip address prefix-list 12
R1(config-route-map)#set metric 2000
R1(config)#router bgp 12
R1(config-router)#neighbor 2.2.2.2 route-map test out
新建ROUTE-MAP,应用在R1出口
R2#show ip bgp
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i11.11.11.0/24 1.1.1.1 1000 100 0 i
*>i12.12.12.0/24 1.1.1.1 2000 100 0 i
查看R2,对应路由的METRIC值已经修改为1000和2000
18.4.7.3 配置:REDISTRIBUTE
R1和R2建立EBGP邻居关系,R2和R3跑OSPF。把R2上的OSPF路由重发布进R1,让R1能学到。
R1上放一条外部路由LP3进来。
R1(config)#interface loopback 3
R1(config-if)#ip address 13.13.13.13 255.255.255.255
R1上重发布直连
R1(config)#router ospf 1
R1(config-router)#redistribute connected subnets
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.12.1, 00:00:14, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
11.0.0.0/24 is subnetted, 1 subnets
O E2 11.11.11.0 [110/20] via 10.1.12.1, 00:00:14, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
O E2 12.12.12.0 [110/20] via 10.1.12.1, 00:00:16, Serial0/0
13.0.0.0/32 is subnetted, 1 subnets
O E2 13.13.13.13 [110/20] via 10.1.12.1, 00:00:16, Serial0/0
这时R2就能学到LP3的外部路由了。
接着在R2将OSPF重发布进BGP。
R2(config)#router bgp 12
R2(config-router)#redistribute ospf 1
R3#show ip bgp
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.23.2 65 0 12 ?
*> 2.2.2.2/32 10.1.23.2 0 0 12 ?
*> 10.1.12.0/24 10.1.23.2 0 0 12 ?
*> 11.11.11.0/24 10.1.23.2 0 12 i
*> 12.12.12.0/24 10.1.23.2 0 12 i
没有LP3的路由,redistribute ospf 1不会直接把外部路由注入
R2(config-router)#redistribute ospf 1 match external
R3#show ip bgp
BGP table version is 14, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.23.2 65 0 12 ?
*> 2.2.2.2/32 10.1.23.2 0 0 12 ?
*> 10.1.12.0/24 10.1.23.2 0 0 12 ?
*> 11.11.11.0/24 10.1.23.2 20 0 12 ?
*> 12.12.12.0/24 10.1.23.2 20 0 12 ?
*> 13.13.13.13/32 10.1.23.2 20 0 12 ?
使用EXTERNAL可以重发布E1和E2的路由。这时就有LP3的路由了。
R2#show running-config | section router
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.1.12.2 0.0.0.0 area 0
router bgp 12
no synchronization
bgp log-neighbor-changes
redistribute ospf 1 match internal external 1 external 2
neighbor 1.1.1.1 remote-as 12
neighbor 1.1.1.1 update-source Loopback0
neighbor 10.1.23.3 remote-as 300
neighbor 10.1.23.3 send-community
no auto-summary
查看配置,相当于redistribute ospf 1 match internal external 1 external 2
18.4.7.4 Policy-list
大型网络环境中,ROUTE-MAP庞大,维护困难,这时POLICY-LIST提供模块大脚本,更易于维护。
18.4.7.4.1 示例
红色的两条路由METRIC值设置为1000,右边过来的metric不动。
18.4.8 Advertise-map
当A活动时由A通告,当A不活动时由B通告。
当12路由正常时,把12更新给R2,当12挂了,就把11更新给R2。
需要两个ROUTE-MAP分别匹配两条路由,当RP2存在时就通告RP2的,不存在时才通告RP1
18.4.9 ORF
R1通告了10000条给R2,但是R2只需要其中的100条。可以再R2本地部署IN方向的策略过滤路由,但是R1已经发出去10000条了,以来占用了带宽,而来R2其实已经收了10000条,然后再过滤,不仅增加了链路负担,还增加了R2的处理负担。
理想的方式就是R1只更新出100条,可以通过ORF实现。
在R1和R2间支持ORF能力,在R1和R2上部署ORF,重建邻居关系。
R1是路由的接受者,也是ORF的发送者。干掉1.1的路由,其他放行。R2会把干掉1.1.的消息发给R1,R1收到消息后会在本地执行,结果是R1通过给R2的消息里面把1.1给干掉。
R3#show ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.23.2 65 0 12 ?
*> 2.2.2.2/32 10.1.23.2 0 0 12 ?
*> 10.1.12.0/24 10.1.23.2 0 0 12 ?
*> 11.11.11.0/24 10.1.23.2 20 0 12 ?
*> 12.12.12.0/24 10.1.23.2 20 0 12 ?
*> 13.13.13.13/32 10.1.23.2 20 0 12 ?
过滤掉12.12.12..0路由
R3(config)#ip prefix-list 12 deny 12.12.12.0/24
R3(config)#ip prefix-list 12 permit 0.0.0.0/0 le 32
禁止12.12.12.0,允许其他
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.23.2 prefix-list 12 in
R3#show ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.23.2 65 0 12 ?
*> 2.2.2.2/32 10.1.23.2 0 0 12 ?
*> 10.1.12.0/24 10.1.23.2 0 0 12 ?
*> 11.11.11.0/24 10.1.23.2 20 0 12 ?
*> 13.13.13.13/32 10.1.23.2 20 0 12 ?
这时没有12.12.12.0路由了。
但是这个动作是在R2已经发送过来了,R3接收后过滤的。
R2(config)#router bgp 12
R2(config-router)#address-family ipv4 unicast
R2(config-router-af)#neighbor 10.1.23.3 capability orf prefix-list receive
R2配置为接受者
R3(config)#router bgp 300
R3(config-router)#neighbor 10.1.23.2 capability orf prefix-list send
R3配置为发送者
R2#show ip bgp neighbors 10.1.23.3 advertised-routes
BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.12.1 65 32768 ?
*> 2.2.2.2/32 0.0.0.0 0 32768 ?
*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*> 11.11.11.0/24 10.1.12.1 20 32768 ?
*> 13.13.13.13/32 10.1.12.1 20 32768 ?
这时R2已经不将12.12.12.0的路由发送给R3了。
18.4.10 Deaggregation路由拆分
明细会有汇总后,带来好处的同时,也丢弃了路由颗粒度,直接带来了下游路由器不知道明细。
R1收到两条汇总路由,希望1.0走左边,2.0走右边,但是R1上由于没有明细路由,导致无法实现。
这时可以再R2和R3上部署BGP的路由拆分.
R2会将汇总路由和拆分后的明细路由都通告给R1,R3也类似。