這個案例通過在R3上配置與訪問列表結合的正則表達式,以阻止通過BGP發送過來的網絡能通過AS300傳到R4。
當來自一個特定AS的所有路由都需要過濾時,基於AS路徑信息的過濾路由是非常有效的。如果不使用基於AS路徑的過濾,我們不得不一個接一個地
列出所有AS300相關的每個路由。就像上一篇distribute-list中的方法一樣。而AS路徑過濾提供了一種高效的替代方法。
//// r1 ////
int f2/0
ip ad 192.1.1.1 255.255.255.0
int f3/0
ip ad 193.1.1.1 255.255.255.0
int lo0
ip ad 1.1.1.1 255.255.255.0
int lo1
ip ad 2.2.2.2 255.255.255.0
router bgp 100
no syn
neighbor 192.1.1.2 remote-as 200
neighbor 193.1.1.3 remote-as 200
network 1.0.0.0
network 1.0.0.0
neighbor 193.1.1.3 route-map aspath out
neighbor 193.1.1.3 filter-list 1 out
access-list 1 permit 1.0.0.0 0.255.255.255 //這個acc 1與下邊的不同
route-map aspath 10
match ip ad 1
set aspath prepend 300 400
route-map aspath 20
ip as-path access-list 1 deny _300_ //拒絕任何通過AS300的路由
ip as-path access-list 1 permit .*
//// r2 ////
int f2/0
ip ad 192.1.1.2 255.255.255.0
int f4/0
ip ad 194.1.1.2 255.255.255.0
router os 1
netw 0.0.0.0 255.255.255.255 a 0
passive-interface f2/0
router bgp 200
no syn
neighbor 192.1.1.1 remote-as 100
neighbor 194.1.1.4 remote-as 200
neighbor 195.1.1.3 remote-as 200
neighbor 194.1.1.4 next-hop-self
//// r3 ////
int f3/0
ip ad 193.1.1.3 255.255.255.0
int f5/0
ip ad 195.1.1.3 255.255.255.0
router os 1
netw 0.0.0.0 255.255.255.255 a 0
passive-interface f3/0
router bgp 200
no syn
neighbor 193.1.1.1 remote-as 100
neighbor 195.1.1.4 remote-as 200
neighbor 195.1.1.4 next-hop-self
neighbor 194.1.1.2 remote-as 200
//// r4 ////
int f4/0
ip ad 194.1.1.4 255.255.255.0
int f5/0
ip ad 195.1.1.4 255.255.255.0
int lo0
ip ad 4.4.4.4 255.255.255.0
router os 1
netw 0.0.0.0 255.255.255.255 a 0
router bgp 200
no syn
neighbor 194.1.1.2 remote-as 200
neighbor 195.1.1.3 remote-as 200
netw 4.0.0.0
驗證始終都是重頭戲:
驗證結果應該是300這條路由在R3上消失,被過濾。