要求:
1.在R2上過濾22.2.2.0/24 23.3.16.0/20這兩個網段
2.比較route-map,distribute-list, ip prefix-list過濾的區別
R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Loopback1
ip address 21.0.0.1 255.255.255.0
interface Loopback2
ip address 22.2.2.1 255.255.255.0
interface Loopback3
ip address 23.3.0.1 255.255.240.0
interface Loopback4
ip address 23.3.16.1 255.255.240.0
interface Loopback5
ip address 23.3.32.1 255.255.224.0
interface Loopback6
ip address 23.3.64.1 255.255.192.0
interface Loopback7
ip address 23.3.128.1 255.255.128.0
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
half-duplex
router bgp 123
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 21.0.0.0 mask 255.255.255.0
network 22.2.2.0 mask 255.255.255.0
network 23.3.0.0 mask 255.255.240.0
network 23.3.16.0 mask 255.255.240.0
network 23.3.32.0 mask 255.255.224.0
network 23.3.64.0 mask 255.255.192.0
network 23.3.128.0 mask 255.255.128.0
neighbor 12.1.1.2 remote-as 110
no auto-summary
R2
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/2
ip address 24.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/3
ip address 25.1.1.2 255.255.255.0
half-duplex
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.1.1.0 0.0.0.255 area 0
network 23.1.1.0 0.0.0.255 area 0
network 24.1.1.0 0.0.0.255 area 0
network 25.1.1.0 0.0.0.255 area 0
!
router bgp 110
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 110
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 distribute-list liang out
neighbor 4.4.4.4 remote-as 110
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-map liang out
neighbor 5.5.5.5 remote-as 110
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 prefix-list liang out
neighbor 12.1.1.1 remote-as 123
no auto-summary
ip prefix-list liang seq 5 deny 22.2.2.0/24
ip prefix-list liang seq 10 deny 23.3.16.0/20
ip prefix-list liang seq 15 permit 0.0.0.0/0 le 32
ip access-list extended liang
deny ip host 22.2.2.0 host 255.255.255.0
deny ip host 23.3.16.0 host 255.255.240.0
permit ip any any
route-map liang permit 10
match ip address liang
control-plane
R3#show ip bgp
BGP table version is 24, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
R4#show ip bgp
BGP table version is 24, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
R5#show ip bgp
BGP table version is 34, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
總結:
1.route-map對於多條過濾條目,並沒有任何優勢比起ip prefix-list,distribute,ACL
2.推薦選用prefix過濾路由條目,因爲prefix可以匹配mask長度
3.過於路徑的過濾可以選用filter-list 及其正則表達式
4.對於過濾路由條目,R2上不能配置peer-group
要求:
1. advertise-map Set condition to advertise attribute
as-set Generate AS set path information
attribute-map Set attributes of aggregate
nlri Nlri aggregate applies to
route-map Set parameters of aggregate
summary-only Filter more specific routes from updates
suppress-map Conditionally filter more specific routes from update 區別及其用途
2.AS2有個10.1.3.0/24 AS3有個10.1.1.0/24,AS4有個10.1.2.0/24
步驟:
在R2上做匯聚
不做匯聚情況
R1#show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i10.1.1.0/24 24.1.1.4 0 100 0 3 i
* i10.1.2.0/24 26.1.1.6 0 100 0 4 i
* i10.1.3.0/24 23.1.1.3 0 100 0 2 i
R1#show ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0
R1#show ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i
R2#show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
*> 10.1.2.0/24 26.1.1.6 0 0 4 i
*> 10.1.3.0/24 23.1.1.3 0 0 2 i
默認的情況下明細聚合路由都傳遞,而聚合路由是0.0.0.0本地起源的。
默認的是原子聚合所謂的原子聚合就是說明路由已經被匯聚,默認的明細路由的屬性消失
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0 summary-only
R1#show ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
R2#show ip bgp
BGP table version is 8, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
s> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i
打上summary-only只傳遞聚合路由,在聚合者路由上明細路由被抑制
這時我們說下suppress-map,我們想讓10.1.1.0/24路由不被抑制R2配置如下
access-list 100 permit ip host 10.1.1.0 host 255.255.255.0
route-map liang deny 10
match ip address 100
route-map liang permit 20
R2(config-router)#$1.1.0 255.255.252.0 summary-only suppress-map liang
R2#show ip bgp
BGP table version is 15, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i
R1#show ip bgp
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
假如我們把10.1.1.0/24抑制掉
Access-list 101 permit ip host 10.1.1.0 mask 255.255.255.0
route-map liang premit 10
Match ip add 101
記着在這不能再打 route-map liang permit 20如果這樣就是允許了就不能把這個條目抑制掉了
as-set
R2(config-router)#$ddress 10.1.1.0 255.255.252.0 summary-only as-set
R1#show ip bgp
BGP table version is 22, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 {3,4,2} i
還原原來的明細路由屬性
attribute-map/route-map 定義控制聚合的屬性只對聚合後的路由起作用
Extended IP access list 100
10 permit ip host 10.1.1.0 host 255.255.255.0 (1 match)
R2(config)#route-map test permit 10
R2(config-route-map)#ma
R2(config-route-map)#match ip add 101
R2(config-route-map)#set ?
as-path Prepend string for a BGP AS-path attribute
automatic-tag Automatically compute TAG value
comm-list set BGP community list (for deletion)
community BGP community attribute
dampening Set BGP route flap dampening parameters
default Set default information
extcommunity BGP extended community attribute
interface Output interface
ip IP specific information
ipv6 IPv6 specific information
level Where to import route
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric for destination routing protocol
mpls-label Set MPLS label for prefix
nlri BGP NLRI type
origin BGP origin code
tag Tag value for destination routing protocol
traffic-index BGP traffic classification number for accounting
vrf Define VRF name
weight BGP weight for routing table
設置聚合後的屬性值
總結:
Advertise-map----只對advertise-map裏面匹配的路由進行聚合。當advertise-map裏面匹配的明細路由全部消失後,即使聚合路由範圍內還有其他明細路由,聚合路由也將消失。當與as-set合用時,只繼承advertise-map裏面匹配的明細路由的屬性。
定義宣告沒有進來之前那些明細路由應該被聚合
As-set----讓聚合路由繼承明細路由的屬性,包括:as-path,local_preference,community,origin-code。與advertise-map合用,只繼承advertise-map裏面匹配的明細路由的屬性。
默認是產生的匯聚路由是本地始發的 也就是下一跳0.0.0.0的路由,他會抑制掉匯聚之前AS路徑的信息
打上AS-SET 會繼承明細路由的屬性
Attribute-map和route-map----這兩個參數一樣,可以將聚合路由的屬性清除掉(除了as-path屬性),添加自己需要添加的屬性。
隻影響聚合後的路由的屬性也就是給聚合路由加屬性不加as-set 默認是原子聚合
Summary-only----將聚合路由所包括的所有明細路由都抑制掉,被抑制的路由在bgp的轉發表裏,顯示爲s,代表suppress的意思。發送更新時,只發送聚合路由。可以與neighbor 1.1.1.1 unsuppress-map XX合用,對特定鄰居漏過特定的明細路由。
Suppress-map----將suppress-map裏面匹配的路由抑制掉,被抑制的路由在bgp的轉發表裏,顯示爲s,代表suppress的意思。發送更新時,只發送聚合路由和沒有被抑制的明細路由。可以neighbor 1.1.1.1 unsuppress-map XX合用,對特定鄰居漏過特定的明細路由。
permit爲抑制不轉發 deny爲不抑制也就是轉發