实验任务一:过滤BGP路由
-
建立物理连接
-
建立BGP连接
RTA,RTB建立ebgp邻居
RTB,RTC建立ebgp邻居
RTC,RTD建立ebgp邻居
RTA,RTD建立ebgp邻居
引入直连路由
3.查看BGP路由表
[RTA-bgp-default-ipv4]display bgp routing-table ipv4
Total number of routes: 15
BGP local router ID is 10.0.0.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
-
1.1.1.1/32 127.0.0.1 0 32768 ?
-
e 2.2.2.2/32 10.0.0.2 0 0 200?
-
e 3.3.3.3/32 10.0.0.2 0 200 300?
- e 10.0.0.13 0 200 300?
-
e 4.4.4.4/32 10.0.0.13 0 0 200?
-
10.0.0.0/30 10.0.0.1 0 32768 ?
- e 10.0.0.2 0 0 200?
-
10.0.0.1/32 127.0.0.1 0 32768 ?
-
e 10.0.0.4/30 10.0.0.2 0 0 200?
- e 10.0.0.13 0 200 300?
-
e 10.0.0.8/30 10.0.0.2 0 200 300?
- e 10.0.0.13 0 200 300?
-
10.0.0.12/30 10.0.0.14 0 32768 ?
- e 10.0.0.13 0 0 200?
-
10.0.0.14/32 127.0.0.1 0 32768 ?
由上面可以看到3.3.3.3/32网段,经过了AS200,AS300。
从各个直连网段中,AS短的优先于AS长的路由。
- 配置AS-PATH-ACL过滤路由并验证
[RTB]ip as-path 10 deny 300$
[RTB]ip as-path 10 permit .*
[RTB-bgp-default-ipv4]peer 10.0.0.1 as-path-acl 10 export
[RTA]display bgp routing-table ipv4
Total number of routes: 13
BGP local router ID is 10.0.0.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
-
1.1.1.1/32 127.0.0.1 0 32768 ?
-
e 2.2.2.2/32 10.0.0.2 0 0 200?
-
e 3.3.3.3/32 10.0.0.13 0 200 300?
-
e 4.4.4.4/32 10.0.0.13 0 0 200?
-
10.0.0.0/30 10.0.0.1 0 32768 ?
- e 10.0.0.2 0 0 200?
-
10.0.0.1/32 127.0.0.1 0 32768 ?
-
e 10.0.0.4/30 10.0.0.2 0 0 200?
- e 10.0.0.13 0 200 300?
-
e 10.0.0.8/30 10.0.0.13 0 0 200?
-
10.0.0.12/30 10.0.0.14 0 32768 ?
- e 10.0.0.13 0 0 200?
-
10.0.0.14/32 127.0.0.1 0 32768 ?
可以看出as-path-acl过滤了AS300始发的路由,其他的AS始发的路由允许被通过。
- 配置ip-prefix过滤路由并验证
[RTA]display bgp routing-table ipv4
Total number of routes: 13
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
-
1.1.1.1/32 127.0.0.1 0 32768 ?
-
e 2.2.2.2/32 10.0.0.2 0 0 200?
-
e 3.3.3.3/32 10.0.0.13 0 200 300?
-
e 4.4.4.4/32 10.0.0.13 0 0 200?
-
10.0.0.0/30 10.0.0.1 0 32768 ?
- e 10.0.0.2 0 0 200?
-
10.0.0.1/32 127.0.0.1 0 32768 ?
-
e 10.0.0.4/30 10.0.0.2 0 0 200?
- e 10.0.0.13 0 200 300?
-
e 10.0.0.8/30 10.0.0.13 0 0 200?
-
10.0.0.12/30 10.0.0.14 0 32768 ?
- e 10.0.0.13 0 0 200?
-
10.0.0.14/32 127.0.0.1 0 32768 ?
[RTD]ip prefix-list 10 index 20 permit 0.0.0.0 0 less-equal 32
[RTD]ip prefix-list 10 index 10 deny 4.4.4.4 32
[RTD-bgp-default-ipv4]peer 10.0.0.14 prefix-list 10 export
[RTA]display bgp routing-table ipv4
Total number of routes: 12
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
-
1.1.1.1/32 127.0.0.1 0 32768 ?
-
e 2.2.2.2/32 10.0.0.2 0 0 200?
-
e 3.3.3.3/32 10.0.0.13 0 200 300?
-
10.0.0.0/30 10.0.0.1 0 32768 ?
- e 10.0.0.2 0 0 200?
-
10.0.0.1/32 127.0.0.1 0 32768 ?
-
e 10.0.0.4/30 10.0.0.2 0 0 200?
- e 10.0.0.13 0 200 300?
-
e 10.0.0.8/30 10.0.0.13 0 0 200?
-
10.0.0.12/30 10.0.0.14 0 32768 ?
- e 10.0.0.13 0 0 200?
-
10.0.0.14/32 127.0.0.1 0 32768 ?
1.RTB不把源自AS300的所有路由发布给其BGP邻居。
可以通过BGP团体属性实现。
2.RTD路由表不存在2.2.2.2/32,因为RTD从RTA和RTC学这条路由的时候,发现是同一AS,就会把该条路由丢弃。