BGP之过滤，汇聚

要求：

1.在R2上过滤22.2.2.0/24 23.3.16.0/20这两个网段

2.比较route-map，distribute-list， ip prefix-list过滤的区别

R1

interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Loopback1
ip address 21.0.0.1 255.255.255.0
interface Loopback2
ip address 22.2.2.1 255.255.255.0
interface Loopback3
ip address 23.3.0.1 255.255.240.0
interface Loopback4
ip address 23.3.16.1 255.255.240.0
interface Loopback5
ip address 23.3.32.1 255.255.224.0
interface Loopback6
ip address 23.3.64.1 255.255.192.0
interface Loopback7
ip address 23.3.128.1 255.255.128.0
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
half-duplex
router bgp 123
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 21.0.0.0 mask 255.255.255.0
network 22.2.2.0 mask 255.255.255.0
network 23.3.0.0 mask 255.255.240.0
network 23.3.16.0 mask 255.255.240.0
network 23.3.32.0 mask 255.255.224.0
network 23.3.64.0 mask 255.255.192.0
network 23.3.128.0 mask 255.255.128.0
neighbor 12.1.1.2 remote-as 110
no auto-summary

R2

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/2
ip address 24.1.1.2 255.255.255.0
half-duplex
!
interface Ethernet0/3
ip address 25.1.1.2 255.255.255.0
half-duplex
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.1.1.0 0.0.0.255 area 0
network 23.1.1.0 0.0.0.255 area 0
network 24.1.1.0 0.0.0.255 area 0
network 25.1.1.0 0.0.0.255 area 0
!
router bgp 110
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 110
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 distribute-list liang out
neighbor 4.4.4.4 remote-as 110
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-map liang out
neighbor 5.5.5.5 remote-as 110
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 prefix-list liang out
neighbor 12.1.1.1 remote-as 123
no auto-summary
ip prefix-list liang seq 5 deny 22.2.2.0/24
ip prefix-list liang seq 10 deny 23.3.16.0/20
ip prefix-list liang seq 15 permit 0.0.0.0/0 le 32
ip access-list extended liang
deny ip host 22.2.2.0 host 255.255.255.0
deny ip host 23.3.16.0 host 255.255.240.0
permit ip any any
route-map liang permit 10
match ip address liang
control-plane

R3#show ip bgp
BGP table version is 24,local router ID is 3.3.3.3
Status codes: s suppressed,d damped,h history,* valid,> best,i - internal,
r RIB-failure,S Stale
Origin codes: i - IGP,e - EGP,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i

R4#show ip bgp
BGP table version is 24,local router ID is 4.4.4.4
Status codes: s suppressed,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i

R5#show ip bgp
BGP table version is 34,local router ID is 5.5.5.5
Status codes: s suppressed,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i

总结：

1.route-map对于多条过滤条目，并没有任何优势比起ip prefix-list，distribute，ACL

2.推荐选用prefix过滤路由条目，因为prefix可以匹配mask长度

3.过于路径的过滤可以选用filter-list 及其正则表达式

4.对于过滤路由条目，R2上不能配置peer-group

要求：

1. advertise-map Set condition to advertise attribute
as-set Generate AS set path information
attribute-map Set attributes of aggregate
nlri Nlri aggregate applies to
route-map Set parameters of aggregate
summary-only Filter more specific routes from updates
suppress-map Conditionally filter more specific routes from update 区别及其用途

2.AS2有个10.1.3.0/24 AS3有个10.1.1.0/24，AS4有个10.1.2.0/24

步骤：

在R2上做汇聚

不做汇聚情况

R1#show ip bgp
BGP table version is 1,local router ID is 1.1.1.1
Status codes: s suppressed,? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i10.1.1.0/24 24.1.1.4 0 100 0 3 i
* i10.1.2.0/24 26.1.1.6 0 100 0 4 i
* i10.1.3.0/24 23.1.1.3 0 100 0 2 i
R1#show ip bgp
BGP table version is 4,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i

R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0

R1#show ip bgp
BGP table version is 5,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i

R2#show ip bgp
BGP table version is 5,local router ID is 2.2.2.2
Status codes: s suppressed,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
*> 10.1.2.0/24 26.1.1.6 0 0 4 i
*> 10.1.3.0/24 23.1.1.3 0 0 2 i
默认的情况下明细聚合路由都传递，而聚合路由是0.0.0.0本地起源的。

默认的是原子聚合所谓的原子聚合就是说明路由已经被汇聚，默认的明细路由的属性消失

R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0 summary-only

R1#show ip bgp
BGP table version is 8,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i

R2#show ip bgp
BGP table version is 8,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
s> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i

打上summary-only只传递聚合路由，在聚合者路由上明细路由被抑制

这时我们说下suppress-map，我们想让10.1.1.0/24路由不被抑制R2配置如下

access-list 100 permit ip host 10.1.1.0 host 255.255.255.0
route-map liang deny 10
match ip address 100
route-map liang permit 20

R2(config-router)#$1.1.0 255.255.252.0 summary-only suppress-map liang
R2#show ip bgp
BGP table version is 15,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i

R1#show ip bgp
BGP table version is 15,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i

假如我们把10.1.1.0/24抑制掉
Access-list 101 permit ip host 10.1.1.0 mask 255.255.255.0
route-map liang premit 10
Match ip add 101
记着在这不能再打 route-map liang permit 20如果这样就是允许了就不能把这个条目抑制掉了
as-set

R2(config-router)#$ddress 10.1.1.0 255.255.252.0 summary-only as-set

R1#show ip bgp
BGP table version is 22,? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i10.1.0.0/22 2.2.2.2 0 100 0 {3,4,2} i

还原原来的明细路由属性

attribute-map/route-map 定义控制聚合的属性只对聚合后的路由起作用

Extended IP access list 100
10 permit ip host 10.1.1.0 host 255.255.255.0 (1 match)

（编辑：安卓应用网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!