要求:
1.在R2上过滤22.2.2.0/24 23.3.16.0/20这两个网段
2.比较route-map,distribute-list, ip prefix-list过滤的区别
R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Loopback1
ip address 21.0.0.1 255.255.255.0
interface Loopback2
ip address 22.2.2.1 255.255.255.0
interface Loopback3
ip address 23.3.0.1 255.255.240.0
interface Loopback4
ip address 23.3.16.1 255.255.240.0
interface Loopback5
ip address 23.3.32.1 255.255.224.0
interface Loopback6
ip address 23.3.64.1 255.255.192.0
interface Loopback7
ip address 23.3.128.1 255.255.128.0
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
half-duplex
router bgp 123
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 21.0.0.0 mask 255.255.255.0
network 22.2.2.0 mask 255.255.255.0
network 23.3.0.0 mask 255.255.240.0
network 23.3.16.0 mask 255.255.240.0
network 23.3.32.0 mask 255.255.224.0
network 23.3.64.0 mask 255.255.192.0
network 23.3.128.0 mask 255.255.128.0
neighbor 12.1.1.2 remote-as 110
no auto-summary
R2
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/2
ip address 24.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/3
ip address 25.1.1.2 255.255.255.0
half-duplex
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.1.1.0 0.0.0.255 area 0
network 23.1.1.0 0.0.0.255 area 0
network 24.1.1.0 0.0.0.255 area 0
network 25.1.1.0 0.0.0.255 area 0
!
router bgp 110
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 110
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 distribute-list liang out
neighbor 4.4.4.4 remote-as 110
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-map liang out
neighbor 5.5.5.5 remote-as 110
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 prefix-list liang out
neighbor 12.1.1.1 remote-as 123
no auto-summary
ip prefix-list liang seq 5 deny 22.2.2.0/24
ip prefix-list liang seq 10 deny 23.3.16.0/20
ip prefix-list liang seq 15 permit 0.0.0.0/0 le 32
ip access-list extended liang
deny ip host 22.2.2.0 host 255.255.255.0
deny ip host 23.3.16.0 host 255.255.240.0
permit ip any any
route-map liang permit 10
match ip address liang
control-plane
R3#show ip bgp
BGP table version is 24, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
R4#show ip bgp
BGP table version is 24, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
R5#show ip bgp
BGP table version is 34, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
总结:
1.route-map对于多条过滤条目,并没有任何优势比起ip prefix-list,distribute,ACL
2.推荐选用prefix过滤路由条目,因为prefix可以匹配mask长度
3.过于路径的过滤可以选用filter-list 及其正则表达式
4.对于过滤路由条目,R2上不能配置peer-group
要求:
1. advertise-map Set condition to advertise attribute
as-set Generate AS set path information
attribute-map Set attributes of aggregate
nlri Nlri aggregate applies to
route-map Set parameters of aggregate
summary-only Filter more specific routes from updates
suppress-map Conditionally filter more specific routes from update 区别及其用途
2.AS2有个10.1.3.0/24 AS3有个10.1.1.0/24,AS4有个10.1.2.0/24
步骤:
在R2上做汇聚
不做汇聚情况
R1#show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i10.1.1.0/24 24.1.1.4 0 100 0 3 i
* i10.1.2.0/24 26.1.1.6 0 100 0 4 i
* i10.1.3.0/24 23.1.1.3 0 100 0 2 i
R1#show ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0
R1#show ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i
R2#show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
*> 10.1.2.0/24 26.1.1.6 0 0 4 i
*> 10.1.3.0/24 23.1.1.3 0 0 2 i
默认的情况下明细聚合路由都传递,而聚合路由是0.0.0.0本地起源的。
默认的是原子聚合所谓的原子聚合就是说明路由已经被汇聚,默认的明细路由的属性消失
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0 summary-only
R1#show ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
R2#show ip bgp
BGP table version is 8, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
s> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i
打上summary-only只传递聚合路由,在聚合者路由上明细路由被抑制
这时我们说下suppress-map,我们想让10.1.1.0/24路由不被抑制R2配置如下
access-list 100 permit ip host 10.1.1.0 host 255.255.255.0
route-map liang deny 10
match ip address 100
route-map liang permit 20
R2(config-router)#$1.1.0 255.255.252.0 summary-only suppress-map liang
R2#show ip bgp
BGP table version is 15, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i
R1#show ip bgp
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
假如我们把10.1.1.0/24抑制掉
Access-list 101 permit ip host 10.1.1.0 mask 255.255.255.0
route-map liang premit 10
Match ip add 101
记着在这不能再打 route-map liang permit 20如果这样就是允许了就不能把这个条目抑制掉了
as-set
R2(config-router)#$ddress 10.1.1.0 255.255.252.0 summary-only as-set
R1#show ip bgp
BGP table version is 22, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 {3,4,2} i
还原原来的明细路由属性
attribute-map/route-map 定义控制聚合的属性只对聚合后的路由起作用
Extended IP access list 100
10 permit ip host 10.1.1.0 host 255.255.255.0 (1 match)
R2(config)#route-map test permit 10
R2(config-route-map)#ma
R2(config-route-map)#match ip add 101
R2(config-route-map)#set ?
as-path Prepend string for a BGP AS-path attribute
automatic-tag Automatically compute TAG value
comm-list set BGP community list (for deletion)
community BGP community attribute
dampening Set BGP route flap dampening parameters
default Set default information
extcommunity BGP extended community attribute
interface Output interface
ip IP specific information
ipv6 IPv6 specific information
level Where to import route
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric for destination routing protocol
mpls-label Set MPLS label for prefix
nlri BGP NLRI type
origin BGP origin code
tag Tag value for destination routing protocol
traffic-index BGP traffic classification number for accounting
vrf Define VRF name
weight BGP weight for routing table
设置聚合后的属性值
总结:
Advertise-map----只对advertise-map里面匹配的路由进行聚合。当advertise-map里面匹配的明细路由全部消失后,即使聚合路由范围内还有其他明细路由,聚合路由也将消失。当与as-set合用时,只继承advertise-map里面匹配的明细路由的属性。
定义宣告没有进来之前那些明细路由应该被聚合
As-set----让聚合路由继承明细路由的属性,包括:as-path,local_preference,community,origin-code。与advertise-map合用,只继承advertise-map里面匹配的明细路由的属性。
默认是产生的汇聚路由是本地始发的 也就是下一跳0.0.0.0的路由,他会抑制掉汇聚之前AS路径的信息
打上AS-SET 会继承明细路由的属性
Attribute-map和route-map----这两个参数一样,可以将聚合路由的属性清除掉(除了as-path属性),添加自己需要添加的属性。
只影响聚合后的路由的属性也就是给聚合路由加属性不加as-set 默认是原子聚合
Summary-only----将聚合路由所包括的所有明细路由都抑制掉,被抑制的路由在bgp的转发表里,显示为s,代表suppress的意思。发送更新时,只发送聚合路由。可以与neighbor 1.1.1.1 unsuppress-map XX合用,对特定邻居漏过特定的明细路由。
Suppress-map----将suppress-map里面匹配的路由抑制掉,被抑制的路由在bgp的转发表里,显示为s,代表suppress的意思。发送更新时,只发送聚合路由和没有被抑制的明细路由。可以neighbor 1.1.1.1 unsuppress-map XX合用,对特定邻居漏过特定的明细路由。
permit为抑制不转发 deny为不抑制也就是转发
本文转自q狼的诱惑 51CTO博客,原文链接:http://blog.51cto.com/liangrui/572745,如需转载请自行联系原作者
