·掌握如何使用as-path-acl来过滤BGP路由。
·掌握如何使用ip-prefix来过滤BGP路由。
拓扑图:
过程:
IP地址配置:
[H3C]sys RTA
[RTA]int g0/0
[RTA-GigabitEthernet0/0]ip add 10.10.10.1 30
[RTA-GigabitEthernet0/0]int s1/0
[RTA-Serial1/0]ip add 10.10.20.1 30
[RTA-Serial1/0]int loop 0
[RTA-LoopBack0]ip add 1.1.1.1 32
[RTA-LoopBack0]qu
[H3C]sys RTB
[RTB]INT G0/0
[RTB-GigabitEthernet0/0]ip add 10.10.10.2 30
[RTB-GigabitEthernet0/0]int g0/1
[RTB-GigabitEthernet0/1]ip add 10.10.10.6 30
[RTB-GigabitEthernet0/1]int loop 0
[RTB-LoopBack0]ip add 2.2.2.2 32
[RTB-LoopBack0]qu
[H3C]sys RTC
[RTC]int g0/1
[RTC-GigabitEthernet0/1]ip add 10.10.10.5 30
[RTC-GigabitEthernet0/1]int g0/0
[RTC-GigabitEthernet0/0]ip add 10.10.10.9 30
[RTC-GigabitEthernet0/0]int loop 0
[RTC-LoopBack0]ip add 3.3.3.3 32
[RTC-LoopBack0]qu
[H3C]sys RTD
[RTD]INT G0/0
[RTD-GigabitEthernet0/0]ip add 10.10.10.10 30
[RTD-GigabitEthernet0/0]int s1/0
[RTD-Serial1/0]ip add 10.10.20.2 30
[RTD-Serial1/0]int loop0
[RTD-LoopBack0]ip add 4.4.4.4 32
[RTD-LoopBack0]qu
BGP基本配置:
[RTA]bgp 65000
[RTA-bgp]rou
[RTA-bgp]router-id 1.1.1.1
[RTA-bgp]imp
[RTA-bgp]imp
[RTA-bgp]peer 10.10.10.2 as
[RTA-bgp]peer 10.10.10.2 as-number 65002
[RTA-bgp]peer 10.10.20.2 as-number 65002
[RTA-bgp]add
[RTA-bgp]address-family ip
[RTA-bgp]address-family ipv4 un
[RTA-bgp]address-family ipv4 unicast
[RTA-bgp-ipv4]imp
[RTA-bgp-ipv4]import-route dir
[RTA-bgp-ipv4]import-route direct
[RTA-bgp-ipv4]peer 10.10.10.2 en
[RTA-bgp-ipv4]peer 10.10.20.2 en
[RTB]bgp 65002
[RTB-bgp]rou
[RTB-bgp]router-id 2.2.2.2
[RTB-bgp]peer 10.10.10.1 as
[RTB-bgp]peer 10.10.10.1 as-number 65000
[RTB-bgp]peer 10.10.10.5 as-number 65003
[RTB-bgp]add
[RTB-bgp]address-family ip
[RTB-bgp]address-family ipv4 un
[RTB-bgp]address-family ipv4 unicast
[RTB-bgp-ipv4]imp
[RTB-bgp-ipv4]import-route di
[RTB-bgp-ipv4]import-route direct
[RTB-bgp-ipv4]peer 10.10.10.1 en
[RTB-bgp-ipv4]peer 10.10.10.5 en
[RTC]bgp 65003
[RTC-bgp]rou
[RTC-bgp]router-id 3.3.3.3
[RTC-bgp]peer 10.10.10.6 as
[RTC-bgp]peer 10.10.10.6 as-number 65002
[RTC-bgp]peer 10.10.10.10 as-number 65002
[RTC-bgp-ipv4]address-family ipv4 un
[RTC-bgp-ipv4]imp
[RTC-bgp-ipv4]import-route di
[RTC-bgp-ipv4]import-route direct
[RTC-bgp-ipv4]peer 10.10.10.6 en
[RTC-bgp-ipv4]peer 10.10.10.10 en
[RTD]bgp 65002
[RTD-bgp]ro
[RTD-bgp]router-id 4.4.4.4
[RTD-bgp]peer
[RTD-bgp]peer 10.10.10.9 as
[RTD-bgp]peer 10.10.10.9 as-number 65003
[RTD-bgp]pe 10.10.20.1 as
[RTD-bgp]pe 10.10.20.1 as-number 65000
[RTD-bgp]peer
[RTD-bgp]add ipv4 un
[RTD-bgp-ipv4]imp
[RTD-bgp-ipv4]import-route dis
[RTD-bgp-ipv4]import-route die
[RTD-bgp-ipv4]import-route di
[RTD-bgp-ipv4]import-route di
[RTD-bgp-ipv4]import-route direct
[RTD-bgp-ipv4]peer 10.10.10.9 en
[RTD-bgp-ipv4]peer 10.10.20.1 en
静态路由:
[RTA]ip route-static 10.10.10.4 30 10.10.10.2
[RTA]ip route-static 10.10.10.8 30 10.10.10.2
[RTB]ip route-static 10.10.10.8 30 10.10.10.5
[RTC]ip route-static 10.10.10.0 30 10.10.10.6
[RTD]ip route-static 10.10.10.0 30 10.10.10.9
[RTD]ip route-static 10.10.10.4 30 10.10.10.9
配置完成后RTA BGP邻居表:
[RTA]dis bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 65000
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.10.10.2 65002 12 14 0 5 00:04:40 Established
10.10.20.2 65002 11 13 0 6 00:03:11 Established
配置as-path-acl过滤路由:
配置之前RTA上的IP路由表里3.3.3.3/32和10.10.10.4/30的下一跳是10.10.10.2
[RTA]dis ip routing-table
Destinations : 23 Routes : 23
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.2/32 BGP 255 0 10.10.10.2 GE0/0
3.3.3.3/32 BGP 255 0 10.10.10.2 GE0/0
4.4.4.4/32 BGP 255 0 10.10.20.2 Ser1/0
10.10.10.0/30 Direct 0 0 10.10.10.1 GE0/0
10.10.10.0/32 Direct 0 0 10.10.10.1 GE0/0
10.10.10.1/32 Direct 0 0 127.0.0.1 InLoop0
10.10.10.3/32 Direct 0 0 10.10.10.1 GE0/0
10.10.10.4/30 Static 60 0 10.10.10.2 GE0/0
10.10.10.8/30 Static 60 0 10.10.10.2 GE0/0
10.10.20.0/30 Direct 0 0 10.10.20.1 Ser1/0
10.10.20.0/32 Direct 0 0 10.10.20.1 Ser1/0
10.10.20.1/32 Direct 0 0 127.0.0.1 InLoop0
10.10.20.2/32 Direct 0 0 10.10.20.2 Ser1/0
10.10.20.3/32 Direct 0 0 10.10.20.1 Ser1/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
过滤路由:
[RTB-bgp-ipv4]peer 10.10.10.1 as
[RTB-bgp-ipv4]peer 10.10.10.1 as-path-acl 2 imp
[RTB-bgp-ipv4]peer 10.10.10.1 as-path-acl 2 import
[RTB-bgp-ipv4]peer 10.10.10.5 as-path-acl 2 import
[RTB-bgp-ipv4]ip as
[RTB-bgp-ipv4]qu
[RTB-bgp]ip as
[RTB-bgp]qu
[RTB]ip as-path 2 deny 65003$
[RTB]ip as-path 2 permit .*
配置之后的RTA路由表
[RTA]dis ip routing-table
Destinations : 23 Routes : 23
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.2/32 BGP 255 0 10.10.10.2 GE0/0
3.3.3.3/32 BGP 255 0 10.10.20.2 Ser1/0
4.4.4.4/32 BGP 255 0 10.10.20.2 Ser1/0
10.10.10.0/30 Direct 0 0 10.10.10.1 GE0/0
10.10.10.0/32 Direct 0 0 10.10.10.1 GE0/0
10.10.10.1/32 Direct 0 0 127.0.0.1 InLoop0
10.10.10.3/32 Direct 0 0 10.10.10.1 GE0/0
10.10.10.4/30 Static 60 0 10.10.20.2 GE0/0
10.10.10.8/30 Static 60 0 10.10.10.2 GE0/0
10.10.20.0/30 Direct 0 0 10.10.20.1 Ser1/0
10.10.20.0/32 Direct 0 0 10.10.20.1 Ser1/0
10.10.20.1/32 Direct 0 0 127.0.0.1 InLoop0
10.10.20.2/32 Direct 0 0 10.10.20.2 Ser1/0
10.10.20.3/32 Direct 0 0 10.10.20.1 Ser1/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
可以看到3.3.3.3/32和10.10.10.4/30的路由下一跳变为10.10.20.2
配置ip-prefix过滤路由:
在RTA上配置过滤路由使RTD不向RTA发布4.4.4.4/32的路由
[RTA]ip prefix-list abc index 100 deny 4.4.4.4 32
配置完成后RTA的IP路由表和BGP路由表:
[RTA]dis ip routing-table
Destinations : 23 Routes : 23
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.2/32 BGP 255 0 10.10.10.2 GE0/0
3.3.3.3/32 BGP 255 0 10.10.20.2 Ser1/0
4.4.4.4/32 BGP 255 0 10.10.20.2 Ser1/0
10.10.10.0/30 Direct 0 0 10.10.10.1 GE0/0
10.10.10.0/32 Direct 0 0 10.10.10.1 GE0/0
10.10.10.1/32 Direct 0 0 127.0.0.1 InLoop0
10.10.10.3/32 Direct 0 0 10.10.10.1 GE0/0
10.10.10.4/30 Static 60 0 10.10.10.2 GE0/0
10.10.10.8/30 Static 60 0 10.10.10.2 GE0/0
10.10.20.0/30 Direct 0 0 10.10.20.1 Ser1/0
10.10.20.0/32 Direct 0 0 10.10.20.1 Ser1/0
10.10.20.1/32 Direct 0 0 127.0.0.1 InLoop0
10.10.20.2/32 Direct 0 0 10.10.20.2 Ser1/0
10.10.20.3/32 Direct 0 0 10.10.20.1 Ser1/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[RTA]dis bgp routing-table ipv4
Total number of routes: 15
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* > 1.1.1.1/32 127.0.0.1 0 32768 ?
* >e 2.2.2.2/32 10.10.10.2 0 0 65002?
* >e 3.3.3.3/32 10.10.20.2 0 65002
65003?
* >e 4.4.4.4/32 10.10.20.2 0 0 65002?
* > 10.10.10.0/30 10.10.10.1 0 32768 ?
* e 10.10.10.2 0 0 65002?
* > 10.10.10.1/32 127.0.0.1 0 32768 ?
* >e 10.10.10.4/30 10.10.10.2 0 0 65002?
* e 10.10.20.2 0 65002
65003?
* >e 10.10.10.8/30 10.10.20.2 0 0 65002?
* > 10.10.20.0/30 10.10.20.1 0 32768 ?
* e 10.10.20.2 0 0 65002?
* > 10.10.20.1/32 127.0.0.1 0 32768 ?
* e 10.10.20.2 0 0 65002?
* > 10.10.20.2/32 10.10.20.2 0 32768 ?
此时RTB的IP路由表里已经没有4.4.4.4/32的路由了
[RTB]dis ip routing-table
Destinations : 21 Routes : 21
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.1/32 BGP 255 0 10.10.10.1 GE0/0
2.2.2.2/32 Direct 0 0 127.0.0.1 InLoop0
10.10.10.0/30 Direct 0 0 10.10.10.2 GE0/0
10.10.10.0/32 Direct 0 0 10.10.10.2 GE0/0
10.10.10.2/32 Direct 0 0 127.0.0.1 InLoop0
10.10.10.3/32 Direct 0 0 10.10.10.2 GE0/0
10.10.10.4/30 Direct 0 0 10.10.10.6 GE0/1
10.10.10.4/32 Direct 0 0 10.10.10.6 GE0/1
10.10.10.6/32 Direct 0 0 127.0.0.1 InLoop0
10.10.10.7/32 Direct 0 0 10.10.10.6 GE0/1
10.10.10.8/30 Static 60 0 10.10.10.5 GE0/1
10.10.20.0/30 BGP 255 0 10.10.10.1 GE0/0
10.10.20.2/32 BGP 255 0 10.10.10.1 GE0/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
路由器BGP配置:
RTA:
bgp 65000
router-id 1.1.1.1
peer 10.10.10.2 as-number 65002
peer 10.10.20.2 as-number 65002
#
address-family ipv4 unicast
import-route direct
peer 10.10.10.2 enable
peer 10.10.20.2 enable
#
ip prefix-list abc index 100 deny 4.4.4.4 32
#
ip route-static 10.10.10.4 30 10.10.10.2
ip route-static 10.10.10.8 30 10.10.10.2
RTB:
bgp 65002
router-id 2.2.2.2
peer 10.10.10.1 as-number 65000
peer 10.10.10.5 as-number 65003
#
address-family ipv4 unicast
import-route direct
peer 10.10.10.1 enable
peer 10.10.10.1 as-path-acl 2 import
peer 10.10.10.5 enable
peer 10.10.10.5 as-path-acl 2 import
#
ip as-path 2 deny 65003$
ip as-path 2 permit .*
#
ip route-static 10.10.10.8 30 10.10.10.5
RTC:
bgp 65003
router-id 3.3.3.3
peer 10.10.10.6 as-number 65002
peer 10.10.10.10 as-number 65002
#
address-family ipv4 unicast
import-route direct
peer 10.10.10.6 enable
peer 10.10.10.10 enable
#
ip route-static 10.10.10.0 30 10.10.10.6
RTD:
bgp 65002
router-id 4.4.4.4
peer 10.10.10.9 as-number 65003
peer 10.10.20.1 as-number 65000
#
address-family ipv4 unicast
import-route direct
peer 10.10.10.9 enable
peer 10.10.20.1 enable
#
ip route-static 10.10.10.0 30 10.10.10.9
ip route-static 10.10.10.4 30 10.10.10.9
#