BGP之过滤,汇聚
?
要求:
1.在R2上過濾22.2.2.0/24? 23.3.16.0/20這兩個網段
2.比較route-map,distribute-list,? ip prefix-list過濾的區別
R1
interface Loopback0
?ip address 1.1.1.1 255.255.255.0
interface Loopback1
?ip address 21.0.0.1 255.255.255.0
interface Loopback2
?ip address 22.2.2.1 255.255.255.0
interface Loopback3
?ip address 23.3.0.1 255.255.240.0
interface Loopback4
?ip address 23.3.16.1 255.255.240.0
interface Loopback5
?ip address 23.3.32.1 255.255.224.0
interface Loopback6
?ip address 23.3.64.1 255.255.192.0
interface Loopback7
?ip address 23.3.128.1 255.255.128.0
interface Ethernet0/0
?ip address 12.1.1.1 255.255.255.0
?half-duplex
router bgp 123
?no synchronization
?bgp router-id 1.1.1.1
?bgp log-neighbor-changes
?network 21.0.0.0 mask 255.255.255.0
?network 22.2.2.0 mask 255.255.255.0
?network 23.3.0.0 mask 255.255.240.0
?network 23.3.16.0 mask 255.255.240.0
?network 23.3.32.0 mask 255.255.224.0
?network 23.3.64.0 mask 255.255.192.0
?network 23.3.128.0 mask 255.255.128.0
?neighbor 12.1.1.2 remote-as 110
?no auto-summary
R2
interface Loopback0
?ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
?ip address 12.1.1.2 255.255.255.0
?half-duplex
!
interface Ethernet0/1
?ip address 23.1.1.2 255.255.255.0
?half-duplex
!
interface Ethernet0/2
?ip address 24.1.1.2 255.255.255.0
?half-duplex
!
interface Ethernet0/3
?ip address 25.1.1.2 255.255.255.0
?half-duplex
!
router ospf 10
?router-id 2.2.2.2
?log-adjacency-changes
?network 2.2.2.2 0.0.0.0 area 0
?network 12.1.1.0 0.0.0.255 area 0
?network 23.1.1.0 0.0.0.255 area 0
?network 24.1.1.0 0.0.0.255 area 0
?network 25.1.1.0 0.0.0.255 area 0
!
router bgp 110
?no synchronization
?bgp log-neighbor-changes
?neighbor 3.3.3.3 remote-as 110
?neighbor 3.3.3.3 update-source Loopback0
?neighbor 3.3.3.3 distribute-list liang out
?neighbor 4.4.4.4 remote-as 110
?neighbor 4.4.4.4 update-source Loopback0
?neighbor 4.4.4.4 route-map liang out
?neighbor 5.5.5.5 remote-as 110
?neighbor 5.5.5.5 update-source Loopback0
?neighbor 5.5.5.5 prefix-list liang out
?neighbor 12.1.1.1 remote-as 123
?no auto-summary
ip prefix-list liang seq 5 deny 22.2.2.0/24
ip prefix-list liang seq 10 deny 23.3.16.0/20
ip prefix-list liang seq 15 permit 0.0.0.0/0 le 32
ip access-list extended liang
?deny?? ip host 22.2.2.0 host 255.255.255.0
?deny?? ip host 23.3.16.0 host 255.255.240.0
?permit ip any any
route-map liang permit 10
?match ip address liang
control-plane
R3#show ip bgp
BGP table version is 24, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i21.0.0.0/24????? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.0.0/20????? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.32.0/19???? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.64.0/18???? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.128.0/17??? 12.1.1.1???????????????? 0??? 100????? 0 123 i
R4#show ip bgp
BGP table version is 24, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i21.0.0.0/24????? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.0.0/20????? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.32.0/19???? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.64.0/18???? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.128.0/17??? 12.1.1.1???????????????? 0??? 100????? 0 123 i
R5#show ip bgp
BGP table version is 34, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i21.0.0.0/24????? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.0.0/20????? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.32.0/19???? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.64.0/18???? 12.1.1.1???????????????? 0??? 100????? 0 123 i
*>i23.3.128.0/17??? 12.1.1.1???????????????? 0??? 100????? 0 123 i
總結:
1.route-map對于多條過濾條目,并沒有任何優勢比起ip prefix-list,distribute,ACL
2.推薦選用prefix過濾路由條目,因為prefix可以匹配mask長度
3.過于路徑的過濾可以選用filter-list 及其正則表達式
4.對于過濾路由條目,R2上不能配置peer-group
?
要求:
1. advertise-map? Set condition to advertise attribute
? as-set???????? Generate AS set path information
? attribute-map? Set attributes of aggregate
? nlri?????????? Nlri aggregate applies to
? route-map????? Set parameters of aggregate
? summary-only?? Filter more specific routes from updates
? suppress-map?? Conditionally filter more specific routes from update 區別及其用途
2.AS2有個10.1.3.0/24? AS3有個10.1.1.0/24,AS4有個10.1.2.0/24
步驟:
在R2上做匯聚
不做匯聚情況
R1#show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
* i10.1.1.0/24????? 24.1.1.4???????????????? 0??? 100????? 0 3 i
* i10.1.2.0/24????? 26.1.1.6???????????????? 0??? 100????? 0 4 i
* i10.1.3.0/24????? 23.1.1.3???????????????? 0??? 100????? 0 2 i
R1#show ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i10.1.1.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 3 i
*>i10.1.2.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 4 i
*>i10.1.3.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 2 i
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0
R1#show ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i10.1.0.0/22????? 2.2.2.2????????????????? 0??? 100????? 0 i
*>i10.1.1.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 3 i
*>i10.1.2.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 4 i
*>i10.1.3.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 2 i
R2#show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*> 10.1.0.0/22????? 0.0.0.0??????????????????????????? 32768 i
*> 10.1.1.0/24????? 24.1.1.4?????????????????????????????? 0 3 i
*> 10.1.2.0/24????? 26.1.1.6???????????????? 0???????????? 0 4 i
*> 10.1.3.0/24????? 23.1.1.3???????????????? 0???????????? 0 2 i
默認的情況下明細聚合路由都傳遞,而聚合路由是0.0.0.0本地起源的。
默認的是原子聚合所謂的原子聚合就是說明路由已經被匯聚,默認的明細路由的屬性消失
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0 summary-only
R1#show ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i10.1.0.0/22????? 2.2.2.2????????????????? 0??? 100????? 0 i
R2#show ip bgp
BGP table version is 8, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*> 10.1.0.0/22????? 0.0.0.0??????????????????????????? 32768 i
s> 10.1.1.0/24????? 24.1.1.4?????????????????????????????? 0 3 i
s> 10.1.2.0/24????? 26.1.1.6???????????????? 0???????????? 0 4 i
s> 10.1.3.0/24????? 23.1.1.3???????????????? 0???????????? 0 2 i
打上summary-only只傳遞聚合路由,在聚合者路由上明細路由被抑制
這時我們說下suppress-map,我們想讓10.1.1.0/24路由不被抑制R2配置如下
access-list 100 permit ip host 10.1.1.0 host 255.255.255.0
route-map liang deny 10
?match ip address 100???
route-map liang permit 20
R2(config-router)#$1.1.0 255.255.252.0 summary-only suppress-map liang??????
R2#show ip bgp
BGP table version is 15, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*> 10.1.0.0/22????? 0.0.0.0??????????????????????????? 32768 i
*> 10.1.1.0/24????? 24.1.1.4?????????????????????????????? 0 3 i
s> 10.1.2.0/24????? 26.1.1.6???????????????? 0???????????? 0 4 i
s> 10.1.3.0/24????? 23.1.1.3???????????????? 0???????????? 0 2 i
R1#show ip bgp
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i10.1.0.0/22????? 2.2.2.2????????????????? 0??? 100????? 0 i
*>i10.1.1.0/24????? 2.2.2.2????????????????? 0??? 100????? 0 3 i
假如我們把10.1.1.0/24抑制掉
Access-list 101 permit ip host 10.1.1.0 mask 255.255.255.0
route-map liang premit 10
Match ip add 101
記著在這不能再打 route-map liang permit 20如果這樣就是允許了就不能把這個條目抑制掉了
as-set
R2(config-router)#$ddress 10.1.1.0 255.255.252.0 summary-only as-set
R1#show ip bgp
BGP table version is 22, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
????????????? r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
?? Network????????? Next Hop??????????? Metric LocPrf Weight Path
*>i10.1.0.0/22????? 2.2.2.2????????????????? 0??? 100????? 0 {3,4,2} i
還原原來的明細路由屬性
attribute-map/route-map??? 定義控制聚合的屬性只對聚合后的路由起作用
Extended IP access list 100
??? 10 permit ip host 10.1.1.0 host 255.255.255.0 (1 match)
R2(config)#route-map test permit 10
R2(config-route-map)#ma
R2(config-route-map)#match ip add 101
R2(config-route-map)#set ?
? as-path?????????? Prepend string for a BGP AS-path attribute
? automatic-tag???? Automatically compute TAG value
? comm-list???????? set BGP community list (for deletion)
? community???????? BGP community attribute
? dampening???????? Set BGP route flap dampening parameters
? default?????????? Set default information
? extcommunity????? BGP extended community attribute
? interface???????? Output interface
? ip??????????????? IP specific information
? ipv6????????????? IPv6 specific information
? level???????????? Where to import route
? local-preference? BGP local preference path attribute
? metric??????????? Metric value for destination routing protocol
? metric-type?????? Type of metric for destination routing protocol
? mpls-label??????? Set MPLS label for prefix
? nlri????????????? BGP NLRI type
? origin??????????? BGP origin code
? tag?????????????? Tag value for destination routing protocol
? traffic-index???? BGP traffic classification number for accounting
? vrf?????????????? Define VRF name
? weight??????????? BGP weight for routing table
設置聚合后的屬性值
總結:
Advertise-map----只對advertise-map里面匹配的路由進行聚合。當advertise-map里面匹配的明細路由全部消失后,即使聚合路由范圍內還有其他明細路由,聚合路由也將消失。當與as-set合用時,只繼承advertise-map里面匹配的明細路由的屬性。
定義宣告沒有進來之前那些明細路由應該被聚合
As-set----讓聚合路由繼承明細路由的屬性,包括:as-path,local_preference,community,origin-code。與advertise-map合用,只繼承advertise-map里面匹配的明細路由的屬性。
默認是產生的匯聚路由是本地始發的 也就是下一跳0.0.0.0的路由,他會抑制掉匯聚之前AS路徑的信息
打上AS-SET 會繼承明細路由的屬性
Attribute-map和route-map----這兩個參數一樣,可以將聚合路由的屬性清除掉(除了as-path屬性),添加自己需要添加的屬性。
只影響聚合后的路由的屬性也就是給聚合路由加屬性不加as-set 默認是原子聚合
Summary-only----將聚合路由所包括的所有明細路由都抑制掉,被抑制的路由在bgp的轉發表里,顯示為s,代表suppress的意思。發送更新時,只發送聚合路由。可以與neighbor 1.1.1.1 unsuppress-map XX合用,對特定鄰居漏過特定的明細路由。
Suppress-map----將suppress-map里面匹配的路由抑制掉,被抑制的路由在bgp的轉發表里,顯示為s,代表suppress的意思。發送更新時,只發送聚合路由和沒有被抑制的明細路由。可以neighbor 1.1.1.1 unsuppress-map XX合用,對特定鄰居漏過特定的明細路由。
permit為抑制不轉發?? deny為不抑制也就是轉發
?
轉載于:https://blog.51cto.com/liangrui/572745
總結
- 上一篇: 2015. A New Year Gif
- 下一篇: 为了拥有一个能在家好好工作的网络环境 适