概述:BGP路由可以携各种各样的路由属性,例如PreferredValue属性、LocalPreference 属性、AS Path属性、Origin属性、MED属性、Next Hop 属性、团体属性等。路由属性的丰富性可以为实现路由过滤、路由引入等路由策略和控制提供非常有利的条件。
掌握:利用BGP路由的AS Path属性、Community属性、Next hop属性进行路由过滤的方法
一、实验内容
实验拓扑如图 3-15所示,实验编址如表3-14所示。本实验网络中,AS 100模拟了企业总部,AS 200、AS 300、AS 400、AS 500分别模拟了企业的分支机构1、分支机构2、分支机构3、分支机构4。网络需求是:
1.各个分支机构都需要与企业总部进行通信,同时要求分支机构1(AS200)不能接收其他分支机构的路由;
2.分支机构2(AS300)不能将自己的路由信息通告给其他分支机构;
3.分支机构4(AS500)不能接收分支机构3(AS400)的路由。
这些需求都需要针对BGP路由的某些属性进行路由过滤来实现。
二、实验拓扑
实验编制表
三、实验步骤
1.基本端口IP地址配置
2.配置BGP路由协议
配置BGP 路由协议,每台路由器均使用直连物理接口建立BGP邻居关系,并通告自己的loopback接口到BGP进程中。
[R1]bgp 100
[R1-bgp]router-id 1.1.1.1
[R1-bgp]peer 10.0.12.2 as 100
[R1-bgp]peer 10.0.12.2 next-hop-local
[R1-bgp]peer 10.0.13.3 as-number 200
[R1-bgp]peer 10.0.14.4 as 300
[R1-bgp]network 1.1.1.1 32
R2
bgp 100
router-id 2.2.2.2
peer 10.0.12.1 as-number 200
peer 10.0.25.5 as-number 400
peer 10.0.26.6 as-number 500
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 10.0.12.1 enable
peer 10.0.12.1 next-hop-local
peer 10.0.25.5 enable
peer 10.0.26.6 enable
R3
bgp 200
router-id 3.3.3.3
peer 10.0.13.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 3.3.3.3 255.255.255.255
network 192.168.1.0
peer 10.0.13.1 enable
R4
bgp 300
router-id 4.4.4.4
peer 10.0.14.1 as-number 100
#
ipv4-family unicast
undo synchronization
network 4.4.4.4 255.255.255.255
network 192.168.2.0
peer 10.0.14.1 enable
R5
bgp 400
router-id 5.5.5.5
peer 10.0.25.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 5.5.5.5 255.255.255.255
network 192.168.3.0
peer 10.0.25.2 enable
R6
bgp 500
router-id 6.6.6.6
peer 10.0.26.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 6.6.6.6 255.255.255.255
network 192.168.4.0
peer 10.0.26.2 enable
配置完成后,在R1上使用PING命令检测 R1的Loopback 0 接口与R2的Loopback 0接口之间的连通性
[R1]ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/30 ms
3.利用AS_Path属性进行路由过滤
目前的情况是,每台路由器都接收到了其他路由器的Loopback接口的路由信息,然而公司要求分支机构1(AS200)是不能接收其他分支机构的路由的,但允许与企业总部(AS 100)进行通信。为了实现这一需求,可以利用ASPath属性来进行路由过滤,即只允许ASPath列表中只存在AS100的路由才能被R3接收。为此,可以使用as-path-filter 结合正则表达式来对 BGP路由的 AS Path属性进行匹配,实现路由的过滤。
[R3]ip as-path-filter 1 permit 100$
[R3]bgp 200
[R3-bgp]peer 10.0.13.1 as-path-filter 1 import
[R3]dis bgp routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 10.0.13.1 0 0 100i
*> 2.2.2.2/32 10.0.13.1 0 100i
*> 3.3.3.3/32 0.0.0.0 0 0 i
*> 192.168.1.0 0.0.0.0 0 0 i
可以看到,AS200中的R3上已经没有了涉及到分支机构2(AS300)、分支机构3(AS400)和分支机构4(AS500)的路由了。
4. 利用Community属性进行路由过滤
公司还要求分支机构2(AS300)不能将自己的路由信息通告给其他分支机构,但需要将自己的路由信息通告给企业总部(AS100)。为此,可利用团体属性中的No-Expor来方便而有效地实现这一需求。
[R4]route-policy 1 permit node 10
[R4-route-policy]apply community no-export
[R4-route-policy]bgp 300
[R4-bgp]peer 10.0.14.1 route-policy 1 export
[R4-bgp]peer 10.0.14.1 advertise-community
[R1]bgp 100
[R1-bgp]peer 10.0.12.2 advertise-community
配置完成后,查看R1和R2的BGP路由
[R1]dis bgp routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 9
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 0.0.0.0 0 0 i
*>i 2.2.2.2/32 10.0.12.2 0 100 0 i
*> 3.3.3.3/32 10.0.13.3 0 0 200i
*> 4.4.4.4/32 10.0.14.4 0 0 300i
*>i 6.6.6.6/32 10.0.12.2 0 100 0 500i
*> 192.168.1.0 10.0.13.3 0 0 200i
*> 192.168.2.0 10.0.14.4 0 0 300i
*>i 192.168.3.0 10.0.12.2 0 100 0 400i
*>i 192.168.4.0 10.0.12.2 0 100 0 500i
<R2>dis bgp routing-table
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 9
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 1.1.1.1/32 10.0.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 0 i
*>i 3.3.3.3/32 10.0.12.1 0 100 0 200i
*>i 4.4.4.4/32 10.0.12.1 0 100 0 300i
*> 6.6.6.6/32 10.0.26.6 0 0 500i
*>i 192.168.1.0 10.0.12.1 0 100 0 200i
*>i 192.168.2.0 10.0.12.1 0 100 0 300i
*> 192.168.3.0 10.0.25.5 0 0 400i
*> 192.168.4.0 10.0.26.6 0 0 500i
在R5和R6上查看BGP路由
<R5>dis bgp routing-table
BGP Local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 10.0.25.2 0 100i
*> 2.2.2.2/32 10.0.25.2 0 0 100i
*> 3.3.3.3/32 10.0.25.2 0 100 200i
*> 5.5.5.5/32 0.0.0.0 0 0 i
*> 6.6.6.6/32 10.0.25.2 0 100 500i
*> 192.168.1.0 10.0.25.2 0 100 200i
*> 192.168.3.0 0.0.0.0 0 0 i
*> 192.168.4.0 10.0.25.2 0 100 500i
<R6>dis bgp routing-table
BGP Local router ID is 6.6.6.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 7
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 10.0.26.2 0 100i
*> 2.2.2.2/32 10.0.26.2 0 0 100i
*> 3.3.3.3/32 10.0.26.2 0 100 200i
*> 6.6.6.6/32 0.0.0.0 0 0 i
*> 192.168.1.0 10.0.26.2 0 100 200i
*> 192.168.3.0 10.0.26.2 0 100 400i
*> 192.168.4.0 0.0.0.0 0 0 i
可以看到除了总部的R1和R2外,其他分支结构都没有涉及分支2的路由信息(192.168.2.0)
5. 利用Next Hop属性进行路由过滤
公司要求分支机构4(AS500)不能接收分支机构3(AS400)的路由。为此可以利用Next Hop属性进行路由过滤
[R2]ip ip-prefix 1 permit 10.0.25.5 32
[R2]route-policy 1 deny node 10
[R2-route-policy]if-match ip next-hop ip-prefix 1
[R2]route-policy 1 permit node 20
[R2]bgp 100
[R2-bgp]peer 10.0.26.6 route-policy 1 export 接下来查看R6的BGP路由信息
<R6>dis bgp routing-table
BGP Local router ID is 6.6.6.6
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.1/32 10.0.26.2 0 100i
*> 2.2.2.2/32 10.0.26.2 0 0 100i
*> 3.3.3.3/32 10.0.26.2 0 100 200i
*> 6.6.6.6/32 0.0.0.0 0 0 i
*> 192.168.1.0 10.0.26.2 0 100 200i
*> 192.168.4.0 0.0.0.0 0 0 i
从R6的BGP路由信息中可以看到分支四没有分支三的路由信息(192.168.3.0)
标签:10.0,32,3.14,BGP,2.2,100,bgp,路由 From: https://blog.csdn.net/Csdn_1123_/article/details/145011662