背景:
世界和平時,某大國和其餘國家和平相處,網絡暢通無阻
[R1]dis bgp routing-table
Total Number of Routes: 9
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.1/32 0.0.0.0 0 0 i
*> 10.2.2.2/32 0.0.0.0 0 0 i
*> 10.3.3.3/32 0.0.0.0 0 0 i
*> 20.1.1.1/32 12.12.12.2 0 0 20i
*> 20.2.2.2/32 12.12.12.2 0 0 20i
*> 20.3.3.3/32 12.12.12.2 0 0 20i
*> 40.1.1.1/32 12.12.12.2 0 20 40i
*> 40.2.2.2/32 12.12.12.2 0 20 40i
*> 40.3.3.3/32 12.12.12.2 0 20 40i
後來:
大國與鬼子之間產生矛盾,鬼子的網絡上充滿了對大國的反動言論!所以大國政府希望“和諧”了鬼子網絡言論,使大國人民無法訪問鬼子們的信息
[R2]dis cu | be bgp
bgp 20
network 20.1.1.1 255.255.255.255
network 20.2.2.2 255.255.255.255
network 20.3.3.3 255.255.255.255
undo synchronization
peer 12.12.12.1 as-number 10
peer 24.24.24.4 as-number 40
peer 24.24.24.4 route-policy as40 import
#
route-policy as40 permit node 10
if-match as-path 1
#
ip as-path 1 deny 40$(拒絕as40始發路由)
ip as-path 1 permit .*(允許其他as的路由)
#
Return
[R2]dis bgp routing-table
Total Number of Routes: 6
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.1/32 12.12.12.1 0 0 10i
*> 10.2.2.2/32 12.12.12.1 0 0 10i
*> 10.3.3.3/32 12.12.12.1 0 0 10i
*> 20.1.1.1/32 0.0.0.0 0 0 i
*> 20.2.2.2/32 0.0.0.0 0 0 i
*> 20.3.3.3/32 0.0.0.0 0 0 i
從大國的bgp路由表可見,鬼子的網絡信息以及被“和諧”了
後來大國希望與鬼子和平商討,以促進世界和平發展,要求可以接受鬼子們的網絡信息,但是必須進過as30的檢查
[R2]dis cu | be bgp
bgp 20
network 20.1.1.1 255.255.255.255
network 20.2.2.2 255.255.255.255
network 20.3.3.3 255.255.255.255
undo synchronization
peer 12.12.12.1 as-number 10
peer 24.24.24.4 as-number 40
peer 23.23.23.3 as-number 30
peer 24.24.24.4 route-policy as40 import
peer 23.23.23.3 route-policy as40 import
#
route-policy as40 permit node 10
if-match as-path 1
#
ip as-path 1 deny 40$
ip as-path 1 permit .*
ip as-path 1 permit _40 30$
ip as-path 1 permit _40 .+30$
#
Return
[R2]dis bgp routing-table
Total Number of Routes: 18
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.1/32 12.12.12.1 0 0 10i
*> 10.2.2.2/32 12.12.12.1 0 0 10i
*> 10.3.3.3/32 12.12.12.1 0 0 10i
*> 20.1.1.1/32 0.0.0.0 0 0 i
*> 20.2.2.2/32 0.0.0.0 0 0 i
*> 20.3.3.3/32 0.0.0.0 0 0 i
*> 30.1.1.1/32 23.23.23.3 0 0 30i
* 24.24.24.4 0 40 30i
*> 30.2.2.2/32 23.23.23.3 0 0 30i
* 24.24.24.4 0 40 30i
*> 30.3.3.3/32 23.23.23.3 0 0 30i
* 24.24.24.4 0 40 30i
*> 40.1.1.1/32 23.23.23.3 0 30 40i
*> 40.2.2.2/32 23.23.23.3 0 30 40i
*> 40.3.3.3/32 23.23.23.3 0 30 40i
可見來自as40的路由,都進過as30
As30網絡設備性能有差異,能以接受大量路由表,所以僅僅接受大國和鬼子的路由!
[R3]dis cu | be bgp
bgp 30
network 30.1.1.1 255.255.255.255
network 30.2.2.2 255.255.255.255
network 30.3.3.3 255.255.255.255
undo synchronization
peer 34.34.34.4 as-number 40
peer 23.23.23.2 as-number 20
peer 34.34.34.4 route-policy 1 import
peer 23.23.23.2 route-policy 1 import
#
route-policy 1 permit node 10
if-match as-path 1
#
ip as-path 1 permit 20$(允許as20)
ip as-path 1 permit 40$(允許as40)
ip as-path 1 deny .$(拒絕所有)
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
return
[R3]dis bgp routing-table
Total Number of Routes: 12
BGP Local router ID is 30.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 20.1.1.1/32 23.23.23.2 0 0 20i
* 34.34.34.4 0 40 20i
*> 20.2.2.2/32 23.23.23.2 0 0 20i
* 34.34.34.4 0 40 20i
*> 20.3.3.3/32 23.23.23.2 0 0 20i
* 34.34.34.4 0 40 20i
*> 30.1.1.1/32 0.0.0.0 0 0 i
*> 30.2.2.2/32 0.0.0.0 0 0 i
*> 30.3.3.3/32 0.0.0.0 0 0 i
*> 40.1.1.1/32 34.34.34.4 0 0 40i
*> 40.2.2.2/32 34.34.34.4 0 0 40i
*> 40.3.3.3/32 34.34.34.4 0 0 40i