BGP 综合实验2
{Back to Index}
Table of Contents
- 1. 实验拓扑
- 2. OSPF 基本配置
- 3. BGP PEER 建立
- 4. 路由传递,参数修改,路由选择
- 4.1. IBGP multipath
- 4.2. prepend last-as/as-path ignore/路由反射器
- 4.3. default local-preference
- 4.4. MED 比较逻辑
- 4.5. 调整接口开销以满足 multipath 的条件
- 4.6. 优选 oldest 路由
- 4.7. 不向邻居通告任何路由
- 4.8. 默认路由
- 4.9. 条件通告 (advertise-map/exist-map)
- 4.10. 重分布直连
- 4.11. 使用 no-advertise community 过滤路由
- 4.12. 条件聚合(advertis-map)/放行明细(unsuppress-map)
- 4.13. 设置最大可以从邻居接收到路由的数量(maximum-paths)
- 4.14. 基于 AS-Path 长度,限制接收路由(maxas-limit)
1 实验拓扑
初始配置
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
end
----------------- Frame-Relay ----------------------
en
conf t
hostname Frame-Relay
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
frame-relay switching
int s1/2 ! to R2
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 204 interface s1/0 402
no sh
!
int s1/3 ! to R3
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 304 interface s1/0 403
no sh
!
int s1/0 ! to R4
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 402 interface s1/2 204
frame-relay route 403 interface s1/3 304
no sh
!
end
2 OSPF 基本配置
配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! end
3 BGP PEER 建立
配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! end
4 路由传递,参数修改,路由选择
4.1 IBGP multipath
1. 在 R1 上增加一个 loopback101, 其 IP ADD=101.1.1.1/24,通过 network 宣告进 BGP, 此路由不向 R5 这个邻居传递,此时在 R4 的 BGP 表中会看到两条路由。 希望在路由表里也可以看到两条等价路由。不可以在 R4 做 Route-map。
将路由宣告进 R1 BGP :
=== R1 === interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0
此时 R5 上可以看到此路由
R5#sh ip bgp
BGP table version is 2, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 101.1.1.0/24 10.10.4.4 0 234 1 i
*> 10.10.1.1 0 0 1 i
在 R1 上做出方向策略:
=== R1 === ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 neighbor 10.10.5.5 prefix-list R1-R5-OUT out !
再次观察 R5 的 BGP 路由
R5#sh ip bgp
BGP table version is 3, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 10.10.4.4 0 234 1 i
当前 R4 的 BGP 路由表:
R4#sh ip bgp
BGP table version is 3, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 101.1.1.0/24 10.10.1.1 0 100 0 1 i
* i 10.10.1.1 0 100 0 1 i
先尝试在 R2/R3 上修改 next-hop (为了不影响别的路由,这里使用 route-map 只针对指定路由进行设置):
=== R2 === ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R2-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.2.2 route-map R2-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R2-R4-OUT out ! === R3 === ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out !
此时 R4 的 BPG 路由变为:
R4#sh ip bgp 101.1.1.0
BGP routing table entry for 101.1.1.0/24, version 4
Paths: (2 available, best #1, table default)
Flag: 0x100
Advertised to update-groups:
2
Refresh Epoch 1
1
! 65 = 64(R4/s1/0) + 1(R4/lo0)
10.10.2.2 (metric 65) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
1
! 75 = 10(R2/e0/0) + 64(R4/s1/0) + 1(R4/lo0)
10.10.3.3 (metric 75) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
R4#
因为 metric 不同,就算 R4 上执行 maximum-paths ibgp 2 也不会形成负载路由:
=== R4 === router bgp 234 maximum-paths ibgp 2 !
查看下 R4 的路由表
R4#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 5 subnets, 4 masks
C 1.1.45.0/24 is directly connected, Serial1/1
L 1.1.45.4/32 is directly connected, Serial1/1
O IA 1.1.123.0/27 [110/74] via 1.1.234.2, 11:38:40, Serial1/0
C 1.1.234.0/29 is directly connected, Serial1/0
L 1.1.234.4/32 is directly connected, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/75] via 1.1.234.2, 11:38:40, Serial1/0
O IA 10.10.2.2/32 [110/65] via 1.1.234.2, 11:38:40, Serial1/0
O IA 10.10.3.3/32 [110/75] via 1.1.234.2, 11:38:40, Serial1/0
C 10.10.4.0/24 is directly connected, Loopback0
L 10.10.4.4/32 is directly connected, Loopback0
O 10.10.5.5/32 [110/65] via 1.1.45.5, 11:41:12, Serial1/1
101.0.0.0/24 is subnetted, 1 subnets
B 101.1.1.0 [200/0] via 10.10.2.2, 00:20:37
由于去往 10.10.1.1/32 和 10.10.3.3/32 的 metric 相等,所以索性不在 R2 -> R4 方向上修改 next-hop 。取消配置后可以看到:
R4#sh ip ro Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 1.0.0.0/8 is variably subnetted, 5 subnets, 4 masks C 1.1.45.0/24 is directly connected, Serial1/1 L 1.1.45.4/32 is directly connected, Serial1/1 O IA 1.1.123.0/27 [110/74] via 1.1.234.2, 11:42:14, Serial1/0 C 1.1.234.0/29 is directly connected, Serial1/0 L 1.1.234.4/32 is directly connected, Serial1/0 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks O IA 10.10.1.1/32 [110/75] via 1.1.234.2, 11:42:14, Serial1/0 O IA 10.10.2.2/32 [110/65] via 1.1.234.2, 11:42:14, Serial1/0 O IA 10.10.3.3/32 [110/75] via 1.1.234.2, 11:42:14, Serial1/0 C 10.10.4.0/24 is directly connected, Loopback0 L 10.10.4.4/32 is directly connected, Loopback0 O 10.10.5.5/32 [110/65] via 1.1.45.5, 11:44:46, Serial1/1 101.0.0.0/24 is subnetted, 1 subnets B 101.1.1.0 [200/0] via 10.10.3.3, 00:00:03 [200/0] via 10.10.1.1, 00:00:03 R4#sh ip bgp 101.1.1.0 BGP routing table entry for 101.1.1.0/24, version 5 Paths: (2 available, best #1, table default) Multipath: iBGP Flag: 0x100 Advertised to update-groups: 2 Refresh Epoch 3 1 10.10.1.1 (metric 75) from 10.10.2.2 (2.2.2.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best rx pathid: 0, tx pathid: 0x0 Refresh Epoch 1 1 10.10.3.3 (metric 75) from 10.10.3.3 (3.3.3.3) Origin IGP, metric 0, localpref 100, valid, internal, multipath(oldest) rx pathid: 0, tx pathid: 0
完整配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! end
4.2 prepend last-as/as-path ignore/路由反射器
2. 在 R1 上增加一个 loopback102,其 IP ADD=101.1.2.1/24,通过 network 宣告进 BGP,此路由不向 R5 这 个邻居传递,此时要求 在 R2 的 BGP 表里会看到如下两条路由:
Network Next Hop Metric LocPrf Weight Path
*> 101.1.2.0/24 10.10.1.1 0 0 1 1 1 1 i
*i 10.10.4.4 0 100 0 1 i
此解决方案不可以用 set as-path prepend 1 1 1 这条命令,不能改变 Local-Preference 的值,只在 R2 做配 置,不允许接收 R3 发过来的这条路由。
先宣告一下路由:
=== R1 === interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
此时 R2 的 BGP
R2#sh ip bgp
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 101.1.1.0/24 10.10.1.1 0 100 0 1 i
*> 10.10.1.1 0 0 1 i
* i 101.1.2.0/24 10.10.1.1 0 100 0 1 i ! from R3
*> 10.10.1.1 0 0 1 i ! from R2
R2#sh ip bgp 101.1.2.0
BGP routing table entry for 101.1.2.0/24, version 9
Paths: (2 available, best #2, table default)
Advertised to update-groups:
2
Refresh Epoch 1
1
10.10.1.1 (metric 11) from 10.10.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
1
10.10.1.1 (metric 11) from 10.10.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R2#
先调整 AS-PATH (prepend last-as) :
=== R2 === ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in !
R2 BGP
R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 101.1.1.0/24 10.10.1.1 0 100 0 1 i
*> 10.10.1.1 0 0 1 i
*>i 101.1.2.0/24 10.10.1.1 0 100 0 1 i
* 10.10.1.1 0 0 1 1 1 1 i
使用 bgp bestpath as-path ignore 禁用基于 AS-PATH 的选路原则:(隐藏命令,命令行没有提示)
=== R2 === router bgp 234 bgp bestpath as-path ignore !
再次观察 BGP
R2(config-router)#do sh ip bgp
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 101.1.1.0/24 10.10.1.1 0 100 0 1 i
*> 10.10.1.1 0 0 1 i
* i 101.1.2.0/24 10.10.1.1 0 100 0 1 i
*> 10.10.1.1 0 0 1 1 1 1 i
再拒收 R3 发来的此条路由,目的是希望该路由信息从 R4 发来:
=== R2 === ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 router bgp 234 neighbor 10.10.3.3 prefix-list R3-R2-IN in !
由于 IBGP 水平分割原理,R4 收到 R3 的路由,是不会再传给 R1 的。
可以将 R4 设置为路由反射器,
=== R4 === router bgp 234 neighbor 10.10.2.2 route-reflector-client !
查看 R2 BGP 信息
R2#sh ip bgp 101.1.2.0
BGP routing table entry for 101.1.2.0/24, version 3
Paths: (2 available, best #1, table default)
Advertised to update-groups:
5
Refresh Epoch 2
1 1 1 1
10.10.1.1 (metric 11) from 10.10.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
1
10.10.1.1 (metric 11) from 10.10.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 3.3.3.3, Cluster list: 4.4.4.4
rx pathid: 0, tx pathid: 0
R2#sh ip bgp
BGP table version is 3, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 10.10.1.1 0 0 1 i
* i 10.10.1.1 0 100 0 1 i
*> 101.1.2.0/24 10.10.1.1 0 0 1 1 1 1 i
* i 10.10.1.1 0 100 0 1 i
R2#
最后修改下 R4 过来的路由的 next-hop :
=== R2 === route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R4-R2-IN in !
最终效果
R2#sh ip bgp
BGP table version is 3, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 101.1.1.0/24 10.10.1.1 0 100 0 1 i
*> 10.10.1.1 0 0 1 i
*> 101.1.2.0/24 10.10.1.1 0 0 1 1 1 1 i
* i 10.10.4.4 0 100 0 1 i
完整配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24 end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 ! route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in neighbor 10.10.3.3 prefix-list R3-R2-IN in neighbor 10.10.4.4 route-map R4-R2-IN in bgp bestpath as-path ignore ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 neighbor 10.10.2.2 route-reflector-client ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! end
4.3 default local-preference
在 R1 上增加一个 loopback103,其 IP ADD=101.1.3.1/24,通过 network 宣告进 BGP: 要求 R4 上的 BGP 表会看到两条路由:
Network Next Hop Metric LocPrf Weight Path
*>i 101.1.3.0/24 10.10.1.1 0 100 0 1 1 1 i
* 10.10.5.5 0 5 1 i
R3 的 BGP 表里会看到两条路由,当需要修改下一跳及路由过滤时,不可以在 R3 上改:
Network Next Hop Metric LocPrf Weight Path
*>i 101.1.3.0/24 10.10.2.2 0 100 0 1 1 1 i
* i 10.10.4.4 0 100 0 1 1 1 i
先通告路由:
=== R1 === interface Loopback103 ip address 101.1.3.1 255.255.255.0 ! router bgp 1 network 101.1.3.0 mask 255.255.255.0 !
根据题目要求,解决方式是 R1 只向 R2 发送路由信息,而不发向 R3 。
=== R1 === ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24 ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 neighbor 10.10.3.3 prefix-list R1-R3-OUT out !
调整 AS-Path :
=== R1 === ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R1-R2-OUT permit 10 match ip address prefix-list 101.1.3 set as-path prepend 1 1 route-map R1-R2-OUT permit 20 ! router bgp 1 neighbor 10.10.2.2 route-map R1-R2-OUT out !
R4 的 BPG 路由
R4#sh ip bgp
BGP table version is 27, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*mi 101.1.1.0/24 10.10.3.3 0 100 0 1 i
*>i 10.10.1.1 0 100 0 1 i
*>i 101.1.2.0/24 10.10.1.1 0 100 0 1 i
* i 10.10.1.1 0 100 0 1 1 1 1 i
*> 101.1.3.0/24 10.10.5.5 0 5 1 i
* i 10.10.1.1 0 100 0 1 1 1 i
将默认 local-preference 调小:
=== R4 === router bgp 234 bgp default local-preference 99 !
这下对了
R4#sh ip bgp
BGP table version is 30, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*mi 101.1.1.0/24 10.10.3.3 0 100 0 1 i
*>i 10.10.1.1 0 100 0 1 i
*>i 101.1.2.0/24 10.10.1.1 0 100 0 1 i
* i 10.10.1.1 0 100 0 1 1 1 1 i
* 101.1.3.0/24 10.10.5.5 0 5 1 i
*>i 10.10.1.1 0 100 0 1 1 1 i
R4#sh ip bgp 101.1.3.0
BGP routing table entry for 101.1.3.0/24, version 30
Paths: (2 available, best #2, table default)
Multipath: iBGP
Advertised to update-groups:
1 3
Refresh Epoch 1
5 1
10.10.5.5 (metric 65) from 10.10.5.5 (5.5.5.5)
Origin IGP, localpref 99, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
1 1 1, (Received from a RR-client)
10.10.1.1 (metric 75) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
最后修改下 next-hop :
=== R2 === ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R2-R3-OUT permit 10 match ip address prefix-list 101.1.3 ! set ip next-hop 10.10.2.2 set ip next-hop self route-map R2-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R2-R3-OUT out ! === R4 === ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.1.3 set ip next-hop self route-map R4-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R4-R3-OUT out !
R3 BGP 信息
R3#sh ip bgp
BGP table version is 39, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 101.1.1.0/24 10.10.1.1 0 100 0 1 i
* i 10.10.1.1 0 100 0 1 i
*> 10.10.1.1 0 0 1 i
* i 101.1.2.0/24 10.10.1.1 0 100 0 1 1 1 1 i
*> 10.10.1.1 0 0 1 i
* i 101.1.3.0/24 10.10.4.4 0 100 0 1 1 1 i
*>i 10.10.2.2 0 100 0 1 1 1 i
完整配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24 ! interface Loopback103 ip address 101.1.3.1 255.255.255.0 ! ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24 ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R1-R2-OUT permit 10 match ip address prefix-list 101.1.3 set as-path prepend 1 1 route-map R1-R2-OUT permit 20 ! router bgp 1 network 101.1.3.0 mask 255.255.255.0 neighbor 10.10.3.3 prefix-list R1-R3-OUT out neighbor 10.10.2.2 route-map R1-R2-OUT out ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 ! route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in neighbor 10.10.3.3 prefix-list R3-R2-IN in neighbor 10.10.4.4 route-map R4-R2-IN in bgp bestpath as-path ignore ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R2-R3-OUT permit 10 match ip address prefix-list 101.1.3 ! set ip next-hop 10.10.2.2 set ip next-hop self route-map R2-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R2-R3-OUT out ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 neighbor 10.10.2.2 route-reflector-client ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.1.3 set ip next-hop self route-map R4-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R4-R3-OUT out bgp default local-preference 99 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! end
4.4 MED 比较逻辑
在 R4 上增加一个 loopback104 ,其 IP ADD=104.1.1.1/24,通过 network 宣告进 BGP,注意只在 R2 上修 改 metric 参数。
希望在 R1 的 BGP 表里会看到如下三条路由,注意顺序不能变:
Network Next Hop Metric LocPrf Weight Path
* 104.1.1.0/24 10.10.2.2 200 0 10 234 i
* 10.10.5.5 500 0 5 234 i
*> 10.10.3.3 300 0 10 234 i
先通告路由:
=== R4 === interface Loopback104 ip address 104.1.1.1 255.255.255.0 ! router bgp 234 network 104.1.1.0 mask 255.255.255.0 !
使用 route-map 针对入方向的路由属性即可:
=== R1 === ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24 ! route-map R2-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 200 set as-path prepend 10 route-map R2-R1-IN permit 20 ! route-map R3-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 300 set as-path prepend 10 route-map R3-R1-IN permit 20 ! route-map R5-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 500 route-map R5-R1-IN permit 20 ! router bgp 1 neighbor 10.10.2.2 route-map R2-R1-IN in neighbor 10.10.3.3 route-map R3-R1-IN in neighbor 10.10.5.5 route-map R5-R1-IN in !
通过重新建立连接来调整顺序,如 clear ip bgp 10.10.2.2 。
查看 R1 BGP 路由
R1#sh ip bgp
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 0.0.0.0 0 32768 i
*> 101.1.2.0/24 0.0.0.0 0 32768 i
*> 101.1.3.0/24 0.0.0.0 0 32768 i
*> 104.1.1.0/24 10.10.2.2 200 0 10 234 i (2)
* 10.10.5.5 500 0 5 234 i (5)
* 10.10.3.3 300 0 10 234 i (3)
R1#sh ip bgp 104.1.1.0
BGP routing table entry for 104.1.1.0/24, version 9
Paths: (3 available, best #1, table default)
Advertised to update-groups:
14 15
Refresh Epoch 1
10 234
10.10.2.2 (metric 11) from 10.10.2.2 (2.2.2.2) (2)
Origin IGP, metric 200, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 3
5 234
10.10.5.5 (metric 139) from 10.10.5.5 (5.5.5.5) (5)
Origin IGP, metric 500, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
10 234
10.10.3.3 (metric 11) from 10.10.3.3 (3.3.3.3) (3)
Origin IGP, metric 300, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
比较逻辑是 (2) 和 (5) 先比较,(2) 胜出 (因为 AS-PATH 不同,所以不比较 MED ,比较的是 next-hop , 且 metric 小的 next-hop 胜出)
然后 (2) 和 (3) 比较,此时因为 AS-PATH 相同,所以比较的是 MED 值,小的 MED 优选
根据上面的分析,如果在 (2) 和 (5) 比较的时候,通过策略,保证 (5) 能够胜出的话,则最终的胜出者就是 (3) ,因此考虑调整 OSPF 接口 cost 值:
=== R2 === int lo0 ip ospf cost 130 !
这样就达到效果了
R1#sh ip bgp
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 0.0.0.0 0 32768 i
*> 101.1.2.0/24 0.0.0.0 0 32768 i
*> 101.1.3.0/24 0.0.0.0 0 32768 i
* 104.1.1.0/24 10.10.2.2 200 0 10 234 i
* 10.10.5.5 500 0 5 234 i
*> 10.10.3.3 300 0 10 234 i
4.4.1 deterministic-med
在上面的配置基础上,不做任何配置,使 R1 的 BGP 表里会看到如下三条路由,注意顺序不能变:
Network Next Hop Metric LocPrf Weight Path
* 104.1.1.0/24 10.10.5.5 500 0 5 234 i
* 10.10.3.3 300 0 10 234 i
*> 10.10.2.2 200 0 10 234 i
体会下为什么? 应用的是第几项比较原则?
当前顺序
R1#sh ip bgp
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 0.0.0.0 0 32768 i
*> 101.1.2.0/24 0.0.0.0 0 32768 i
*> 101.1.3.0/24 0.0.0.0 0 32768 i
* 104.1.1.0/24 10.10.2.2 200 0 10 234 i
* 10.10.5.5 500 0 5 234 i
*> 10.10.3.3 300 0 10 234 i
通过重新建立 BGP session 来调整次序: 1
R1#clear ip bgp 10.10.3.3
R1#clear ip bgp 10.10.5.5
R1#sh ip bgp
...
Network Next Hop Metric LocPrf Weight Path
...
* 104.1.1.0/24 10.10.5.5 500 0 5 234 i
* 10.10.3.3 300 0 10 234 i
*> 10.10.2.2 200 0 10 234 i
思考比较逻辑
R1#sh ip bgp 104.1.1.0
BGP routing table entry for 104.1.1.0/24, version 12
Paths: (3 available, best #3, table default)
Advertised to update-groups:
18 19
Refresh Epoch 2
5 234
10.10.5.5 (metric 139) from 10.10.5.5 (5.5.5.5) (5)
Origin IGP, metric 500, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
10 234
10.10.3.3 (metric 11) from 10.10.3.3 (3.3.3.3) (3)
Origin IGP, metric 300, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
10 234
10.10.2.2 (metric 140) from 10.10.2.2 (2.2.2.2) (2)
Origin IGP, metric 200, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
(5) 和 (3) 先 PK ,基于 next-hop 比较,结果 (3) 胜出
(3) 接着和 (2) PK ,因为 AS-PATH 相同,都是 [10 234] ,因此 (2) 凭借 MED(200) 胜出
在 R1 上实施什么指令后,可使 R1 的 BGP 表稳定出现如下路由:
Network Next Hop Metric LocPrf Weight Path
*> 104.1.1.0/24 10.10.5.5 500 0 5 234 i
* 10.10.2.2 200 0 10 234 i
* 10.10.3.3 300 0 10 234 i
deterministic-med 是基于 MED 分组进行比较,相同的 AS-PATH 分成一组,每组的最优再进行组之间的比较。
=== R1 === router bgp 1 bgp deterministic-med !
4.4.2 完整配置清单
配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24 ! interface Loopback103 ip address 101.1.3.1 255.255.255.0 ! ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24 ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R1-R2-OUT permit 10 match ip address prefix-list 101.1.3 set as-path prepend 1 1 route-map R1-R2-OUT permit 20 ! router bgp 1 network 101.1.3.0 mask 255.255.255.0 neighbor 10.10.3.3 prefix-list R1-R3-OUT out neighbor 10.10.2.2 route-map R1-R2-OUT out !! ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24 ! route-map R2-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 200 set as-path prepend 10 route-map R2-R1-IN permit 20 ! route-map R3-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 300 set as-path prepend 10 route-map R3-R1-IN permit 20 ! route-map R5-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 500 route-map R5-R1-IN permit 20 ! router bgp 1 neighbor 10.10.2.2 route-map R2-R1-IN in neighbor 10.10.3.3 route-map R3-R1-IN in neighbor 10.10.5.5 route-map R5-R1-IN in bgp deterministic-med ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ip ospf cost 130 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 ! route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in neighbor 10.10.3.3 prefix-list R3-R2-IN in neighbor 10.10.4.4 route-map R4-R2-IN in bgp bestpath as-path ignore ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R2-R3-OUT permit 10 match ip address prefix-list 101.1.3 ! set ip next-hop 10.10.2.2 set ip next-hop self route-map R2-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R2-R3-OUT out ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 neighbor 10.10.2.2 route-reflector-client ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.1.3 set ip next-hop self route-map R4-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R4-R3-OUT out bgp default local-preference 99 !! interface Loopback104 ip address 104.1.1.1 255.255.255.0 ! router bgp 234 network 104.1.1.0 mask 255.255.255.0 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! end
4.5 调整接口开销以满足 multipath 的条件
在 R2 上增加一个 loopback102,其 IP ADD=102.1.1.1/24,通过 network 宣告进 BGP,希望在 R3 的路由表中可以看到两条等价路由。不可以在 R3 做 Route-map。
=== R2 === interface Loopback102 ip address 102.1.1.1 255.255.255.0 ! router bgp 234 network 102.1.1.0 mask 255.255.255.0 !
二话不说先配置 multipath :
=== R3 === rouer bgp 234 maximum-paths ibgp 2 !
当前 R3 上 BGP 路由信息
R3#sh ip bgp 102.1.1.0
BGP routing table entry for 102.1.1.0/24, version 49
Paths: (2 available, best #2, table default)
Advertised to update-groups:
10
Refresh Epoch 2
Local
10.10.2.2 (metric 140) from 10.10.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 2.2.2.2, Cluster list: 4.4.4.4
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
Local
10.10.2.2 (metric 140) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
R3#
先要保证下一跳不同:
=== R4 === ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.3.1 102.1.1 set ip next-hop 10.10.4.4 route-map R4-R3-OUT permit 20 !
再看 R3 上 BGP 路由信息
R3#sh ip bgp 102.1.1.0
BGP routing table entry for 102.1.1.0/24, version 50
Paths: (2 available, best #1, table default)
Multipath: iBGP
Advertised to update-groups:
10
Refresh Epoch 3
Local
10.10.4.4 (metric 65) from 10.10.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 2.2.2.2, Cluster list: 4.4.4.4
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 2
Local
10.10.2.2 (metric 140) from 10.10.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal
rx pathid: 0, tx pathid: 0
卑鄙地调整下接口开销:
=== R4 === int lo0 ip ospf cost 76 !
在看下 R3 的 BGP 信息
R3#sh ip bgp
BGP table version is 54, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 10.10.1.1 0 0 1 i
* i 10.10.4.4 0 100 0 1 i
* i 10.10.1.1 0 100 0 1 i
*> 101.1.2.0/24 10.10.1.1 0 0 1 i
* i 10.10.1.1 0 100 0 1 1 1 1 i
*>i 101.1.3.0/24 10.10.2.2 0 100 0 1 1 1 i
*mi 10.10.4.4 0 100 0 1 1 1 i
*mi 102.1.1.0/24 10.10.4.4 0 100 0 i
*>i 10.10.2.2 0 100 0 i
*>i 104.1.1.0/24 10.10.4.4 0 99 0 i
R3#
完整配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24 ! interface Loopback103 ip address 101.1.3.1 255.255.255.0 ! ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24 ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R1-R2-OUT permit 10 match ip address prefix-list 101.1.3 set as-path prepend 1 1 route-map R1-R2-OUT permit 20 ! router bgp 1 network 101.1.3.0 mask 255.255.255.0 neighbor 10.10.3.3 prefix-list R1-R3-OUT out neighbor 10.10.2.2 route-map R1-R2-OUT out !! ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24 ! route-map R2-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 200 set as-path prepend 10 route-map R2-R1-IN permit 20 ! route-map R3-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 300 set as-path prepend 10 route-map R3-R1-IN permit 20 ! route-map R5-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 500 route-map R5-R1-IN permit 20 ! router bgp 1 neighbor 10.10.2.2 route-map R2-R1-IN in neighbor 10.10.3.3 route-map R3-R1-IN in neighbor 10.10.5.5 route-map R5-R1-IN in bgp deterministic-med ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ip ospf cost 130 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 ! route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in neighbor 10.10.3.3 prefix-list R3-R2-IN in neighbor 10.10.4.4 route-map R4-R2-IN in bgp bestpath as-path ignore ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R2-R3-OUT permit 10 match ip address prefix-list 101.1.3 ! set ip next-hop 10.10.2.2 set ip next-hop self route-map R2-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R2-R3-OUT out !! interface Loopback102 ip address 102.1.1.1 255.255.255.0 ! router bgp 234 network 102.1.1.0 mask 255.255.255.0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out maximum-paths ibgp 2 ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ip ospf cost 76 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 neighbor 10.10.2.2 route-reflector-client ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.1.3 set ip next-hop self route-map R4-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R4-R3-OUT out bgp default local-preference 99 !! interface Loopback104 ip address 104.1.1.1 255.255.255.0 ! router bgp 234 network 104.1.1.0 mask 255.255.255.0 ! ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.3.1 102.1.1 set ip next-hop 10.10.4.4 route-map R4-R3-OUT permit 20 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! end
4.6 优选 oldest 路由
在 R5 上 BGP 表里,看到 102.1.1.0 的路由应为:
Network Next Hop Metric LocPrf Weight Path
* 102.1.1.0/24 10.10.4.4 0 1 234 i
*> 10.10.1.1 0 1 234 i
当 Clear 与 R1 的 EBGP PEER 后,R4 传递过来的 BGP 路由最优。
当 Clear 与 R4 的 EBGP PEER 后,R1 传递过来的 BGP 路由最优。
当前 R5 BGP 路由信息
R5#sh ip bgp
BGP table version is 37, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 10.10.4.4 0 234 1 i
*> 101.1.2.0/24 10.10.4.4 0 234 1 i
*> 101.1.3.0/24 10.10.1.1 0 0 1 i
* 10.10.4.4 0 234 1 1 1 i
*> 102.1.1.0/24 10.10.4.4 0 234 i
* 10.10.1.1 0 1 234 i
*> 104.1.1.0/24 10.10.4.4 0 0 234 i
先调整 AS-PATH :
=== R5 === ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R5-IN permit 10 match ip address prefix-list 102.1.1 set as-path prepend 1 route-map R4-R5-IN permit 20 ! router bgp 5 neighbor 10.10.4.4 route-map R4-R5-IN in !
R5 BGP 信息
R5#sh ip bgp
BGP table version is 38, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 101.1.1.0/24 10.10.4.4 0 234 1 i
*> 101.1.2.0/24 10.10.4.4 0 234 1 i
*> 101.1.3.0/24 10.10.1.1 0 0 1 i
* 10.10.4.4 0 234 1 1 1 i
* 102.1.1.0/24 10.10.4.4 0 1 234 i
*> 10.10.1.1 0 1 234 i
*> 104.1.1.0/24 10.10.4.4 0 0 234 i
R5#sh ip bgp 102.1.1.0
BGP routing table entry for 102.1.1.0/24, version 38
Paths: (2 available, best #2, table default)
Advertised to update-groups:
6
Refresh Epoch 6
1 234
10.10.4.4 (metric 140) from 10.10.4.4 (4.4.4.4)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
1 234
10.10.1.1 (metric 139) from 10.10.1.1 (1.1.1.1)
Origin IGP, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R5#
调整接口开销:
=== R1 === int lo0 ip ospf cost 2 !
至此,满足需求。
完整配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ip ospf cost 2 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24 ! interface Loopback103 ip address 101.1.3.1 255.255.255.0 ! ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24 ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R1-R2-OUT permit 10 match ip address prefix-list 101.1.3 set as-path prepend 1 1 route-map R1-R2-OUT permit 20 ! router bgp 1 network 101.1.3.0 mask 255.255.255.0 neighbor 10.10.3.3 prefix-list R1-R3-OUT out neighbor 10.10.2.2 route-map R1-R2-OUT out !! ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24 ! route-map R2-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 200 set as-path prepend 10 route-map R2-R1-IN permit 20 ! route-map R3-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 300 set as-path prepend 10 route-map R3-R1-IN permit 20 ! route-map R5-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 500 route-map R5-R1-IN permit 20 ! router bgp 1 neighbor 10.10.2.2 route-map R2-R1-IN in neighbor 10.10.3.3 route-map R3-R1-IN in neighbor 10.10.5.5 route-map R5-R1-IN in bgp deterministic-med ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ip ospf cost 130 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 ! route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in neighbor 10.10.3.3 prefix-list R3-R2-IN in neighbor 10.10.4.4 route-map R4-R2-IN in bgp bestpath as-path ignore ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R2-R3-OUT permit 10 match ip address prefix-list 101.1.3 ! set ip next-hop 10.10.2.2 set ip next-hop self route-map R2-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R2-R3-OUT out !! interface Loopback102 ip address 102.1.1.1 255.255.255.0 ! router bgp 234 network 102.1.1.0 mask 255.255.255.0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out maximum-paths ibgp 2 ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ip ospf cost 76 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 neighbor 10.10.2.2 route-reflector-client ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.1.3 set ip next-hop self route-map R4-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R4-R3-OUT out bgp default local-preference 99 !! interface Loopback104 ip address 104.1.1.1 255.255.255.0 ! router bgp 234 network 104.1.1.0 mask 255.255.255.0 ! ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.3.1 102.1.1 set ip next-hop 10.10.4.4 route-map R4-R3-OUT permit 20 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R5-IN permit 10 match ip address prefix-list 102.1.1 set as-path prepend 1 route-map R4-R5-IN permit 20 ! router bgp 5 neighbor 10.10.4.4 route-map R4-R5-IN in ! end
4.7 不向邻居通告任何路由
在 R4 上增加一个 loopback1,其 IP ADD=11.11.4.4/24,R5 上增加一个 loopback1,其 IP ADD=11.11.5.5/24, 通过这两个接口在 R4 与 R5 之间再建立一个 EBGP PEER。 在 R5 做配置,使这个 PEER 不发送任何路由
完成建立邻居的配置:
=== R4 === interface Loopback1 ip address 11.11.4.4 255.255.255.0 ! router ospf 4 network 11.11.4.4 0.0.0.0 area 0 ! router bgp 234 neighbor 11.11.5.5 remote-as 5 neighbor 11.11.5.5 ebgp-multihop 255 neighbor 11.11.5.5 update-source Loopback1 ! === R5 === interface Loopback1 ip address 11.11.5.5 255.255.255.0 ! router ospf 5 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 neighbor 11.11.4.4 remote-as 234 neighbor 11.11.4.4 ebgp-multihop 255 neighbor 11.11.4.4 update-source Loopback1 !
不通告路由配置:
=== R5 === ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32 ! router bgp 5 neighbor 11.11.4.4 prefix-list NO-ADV out !
验证
R4#sh ip bgp su
BGP router identifier 4.4.4.4, local AS number 234
BGP table version is 41, main routing table version 41
5 network entries using 720 bytes of memory
8 path entries using 672 bytes of memory
6/4 BGP path/bestpath attribute entries using 960 bytes of memory
4 BGP AS-PATH entries using 112 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2464 total bytes of memory
BGP activity 5/0 prefixes, 29/21 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.2.2 4 234 457 463 41 0 0 06:29:58 4
10.10.3.3 4 234 444 472 41 0 0 06:29:57 2
10.10.5.5 4 5 100 90 41 0 0 01:14:56 1
11.11.5.5 4 5 19 11 41 0 0 00:02:23 0
完整配置清单
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ip ospf cost 2 ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! router bgp 1 no synchronization no auto-summary bgp router-id 1.1.1.1 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 ebgp-multihop 255 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 ebgp-multihop 255 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! interface Loopback101 ip address 101.1.1.1 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24 ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 network 101.1.1.0 mask 255.255.255.0 neighbor 10.10.5.5 prefix-list R1-R5-OUT out ! interface Loopback102 ip address 101.1.2.1 255.255.255.0 ! router bgp 1 network 101.1.2.0 mask 255.255.255.0 ! ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24 ! interface Loopback103 ip address 101.1.3.1 255.255.255.0 ! ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24 ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32 ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R1-R2-OUT permit 10 match ip address prefix-list 101.1.3 set as-path prepend 1 1 route-map R1-R2-OUT permit 20 ! router bgp 1 network 101.1.3.0 mask 255.255.255.0 neighbor 10.10.3.3 prefix-list R1-R3-OUT out neighbor 10.10.2.2 route-map R1-R2-OUT out !! ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24 ! route-map R2-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 200 set as-path prepend 10 route-map R2-R1-IN permit 20 ! route-map R3-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 300 set as-path prepend 10 route-map R3-R1-IN permit 20 ! route-map R5-R1-IN permit 10 match ip address prefix-list 104.1.1 set metric 500 route-map R5-R1-IN permit 20 ! router bgp 1 neighbor 10.10.2.2 route-map R2-R1-IN in neighbor 10.10.3.3 route-map R3-R1-IN in neighbor 10.10.5.5 route-map R5-R1-IN in bgp deterministic-med ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! interface s1/0 ip address 1.1.234.2 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.3 204 broadcast frame-relay map ip 1.1.234.4 204 broadcast no frame-relay inverse-arp no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ip ospf cost 130 ! router ospf 2 router-id 2.2.2.2 area 1 virtual-link 4.4.4.4 network 1.1.123.2 0.0.0.0 area 2 network 1.1.234.2 0.0.0.0 area 1 network 10.10.2.2 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 2.2.2.2 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24 ! route-map R1-R2-IN permit 10 match ip address prefix-list 101.1.2 set as-path prepend last-as 3 route-map R1-R2-IN permit 20 ! ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24 ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32 ! route-map R4-R2-IN permit 10 match ip address prefix-list 101.1.12 set ip next-hop 10.10.4.4 route-map R4-R2-IN permit 20 ! router bgp 234 neighbor 10.10.1.1 route-map R1-R2-IN in neighbor 10.10.3.3 prefix-list R3-R2-IN in neighbor 10.10.4.4 route-map R4-R2-IN in bgp bestpath as-path ignore ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R2-R3-OUT permit 10 match ip address prefix-list 101.1.3 ! set ip next-hop 10.10.2.2 set ip next-hop self route-map R2-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R2-R3-OUT out !! interface Loopback102 ip address 102.1.1.1 255.255.255.0 ! router bgp 234 network 102.1.1.0 mask 255.255.255.0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.234.3 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 304 broadcast frame-relay map ip 1.1.234.4 304 broadcast no frame-relay inverse-arp no sh ! router ospf 3 router-id 3.3.3.3 network 1.1.123.3 0.0.0.0 area 2 network 1.1.234.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 2 ! interface s1/0 ip ospf priority 0 ! router bgp 234 no synchronization bgp router-id 3.3.3.3 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 101.1.1 permit 101.1.1.0/24 route-map R3-R4-OUT permit 10 match ip address prefix-list 101.1.1 set ip next-hop 10.10.3.3 route-map R3-R4-OUT permit 20 ! router bgp 234 neighbor 10.10.4.4 route-map R3-R4-OUT out maximum-paths ibgp 2 ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ip ospf cost 76 ! int s1/0 ip address 1.1.234.4 255.255.255.248 encapsulation frame-relay frame-relay map ip 1.1.234.2 402 broadcast frame-relay map ip 1.1.234.3 403 broadcast no frame-relay inverse-arp no sh ! int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! router ospf 4 router-id 4.4.4.4 area 1 virtual-link 2.2.2.2 network 1.1.45.4 0.0.0.0 area 0 network 1.1.234.4 0.0.0.0 area 1 network 10.10.4.4 0.0.0.0 area 0 network 11.11.4.4 0.0.0.0 area 0 neighbor 1.1.234.2 neighbor 1.1.234.3 ! router bgp 234 no synchronization bgp router-id 4.4.4.4 neighbor 10.10.2.2 remote-as 234 neighbor 10.10.2.2 update-source Loopback0 neighbor 10.10.3.3 remote-as 234 neighbor 10.10.3.3 update-source Loopback0 neighbor 10.10.5.5 remote-as 5 neighbor 10.10.5.5 ebgp-multihop 255 neighbor 10.10.5.5 update-source Loopback0 ! router bgp 234 maximum-paths ibgp 2 neighbor 10.10.2.2 route-reflector-client ! ip prefix-list 101.1.3 permit 101.1.3.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.1.3 set ip next-hop self route-map R4-R3-OUT permit 20 ! router bgp 234 neighbor 10.10.3.3 route-map R4-R3-OUT out bgp default local-preference 99 !! interface Loopback104 ip address 104.1.1.1 255.255.255.0 ! router bgp 234 network 104.1.1.0 mask 255.255.255.0 ! ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R3-OUT permit 10 match ip address prefix-list 101.3.1 102.1.1 set ip next-hop 10.10.4.4 route-map R4-R3-OUT permit 20 ! interface Loopback1 ip address 11.11.4.4 255.255.255.0 ! router ospf 4 network 11.11.4.4 0.0.0.0 area 0 ! router bgp 234 neighbor 11.11.5.5 remote-as 5 neighbor 11.11.5.5 ebgp-multihop 255 neighbor 11.11.5.5 update-source Loopback1 ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! router ospf 5 router-id 5.5.5.5 network 1.1.45.5 0.0.0.0 area 0 network 10.10.5.5 0.0.0.0 area 0 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 no synchronization bgp router-id 5.5.5.5 no auto-summary neighbor 10.10.1.1 remote-as 1 neighbor 10.10.1.1 ebgp-multihop 255 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.10.4.4 remote-as 234 neighbor 10.10.4.4 ebgp-multihop 255 neighbor 10.10.4.4 update-source Loopback0 ! ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24 ! route-map R4-R5-IN permit 10 match ip address prefix-list 102.1.1 set as-path prepend 1 route-map R4-R5-IN permit 20 ! router bgp 5 neighbor 10.10.4.4 route-map R4-R5-IN in ! interface Loopback1 ip address 11.11.5.5 255.255.255.0 ! ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32 ! router ospf 5 network 11.11.5.5 0.0.0.0 area 0 ! router bgp 5 neighbor 11.11.4.4 remote-as 234 neighbor 11.11.4.4 ebgp-multihop 255 neighbor 11.11.4.4 update-source Loopback1 neighbor 11.11.4.4 prefix-list NO-ADV out ! end
4.8 默认路由
4.8.1 向 OSPF 区域注入默认路由
在 R1 上,向 OSPF 区域注入一条 Default Route 。
=== R1 === router ospf 1 default-information originate always !
完整配置清单
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
ip ospf cost 2
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
default-information originate always
!
router bgp 1
no synchronization
no auto-summary
bgp router-id 1.1.1.1
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 ebgp-multihop 255
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 ebgp-multihop 255
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
interface Loopback101
ip address 101.1.1.1 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24
ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
network 101.1.1.0 mask 255.255.255.0
neighbor 10.10.5.5 prefix-list R1-R5-OUT out
!
interface Loopback102
ip address 101.1.2.1 255.255.255.0
!
router bgp 1
network 101.1.2.0 mask 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
!
interface Loopback103
ip address 101.1.3.1 255.255.255.0
!
ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24
ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R1-R2-OUT permit 10
match ip address prefix-list 101.1.3
set as-path prepend 1 1
route-map R1-R2-OUT permit 20
!
router bgp 1
network 101.1.3.0 mask 255.255.255.0
neighbor 10.10.3.3 prefix-list R1-R3-OUT out
neighbor 10.10.2.2 route-map R1-R2-OUT out
!!
ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24
!
route-map R2-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 200
set as-path prepend 10
route-map R2-R1-IN permit 20
!
route-map R3-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 300
set as-path prepend 10
route-map R3-R1-IN permit 20
!
route-map R5-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 500
route-map R5-R1-IN permit 20
!
router bgp 1
neighbor 10.10.2.2 route-map R2-R1-IN in
neighbor 10.10.3.3 route-map R3-R1-IN in
neighbor 10.10.5.5 route-map R5-R1-IN in
bgp deterministic-med
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
ip ospf cost 130
!
router ospf 2
router-id 2.2.2.2
area 1 virtual-link 4.4.4.4
network 1.1.123.2 0.0.0.0 area 2
network 1.1.234.2 0.0.0.0 area 1
network 10.10.2.2 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24
!
route-map R1-R2-IN permit 10
match ip address prefix-list 101.1.2
set as-path prepend last-as 3
route-map R1-R2-IN permit 20
!
ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24
ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32
!
route-map R4-R2-IN permit 10
match ip address prefix-list 101.1.12
set ip next-hop 10.10.4.4
route-map R4-R2-IN permit 20
!
router bgp 234
neighbor 10.10.1.1 route-map R1-R2-IN in
neighbor 10.10.3.3 prefix-list R3-R2-IN in
neighbor 10.10.4.4 route-map R4-R2-IN in
bgp bestpath as-path ignore
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R2-R3-OUT permit 10
match ip address prefix-list 101.1.3
! set ip next-hop 10.10.2.2
set ip next-hop self
route-map R2-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R2-R3-OUT out
!!
interface Loopback102
ip address 102.1.1.1 255.255.255.0
!
router bgp 234
network 102.1.1.0 mask 255.255.255.0
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
router ospf 3
router-id 3.3.3.3
network 1.1.123.3 0.0.0.0 area 2
network 1.1.234.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 3.3.3.3
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.1 permit 101.1.1.0/24
route-map R3-R4-OUT permit 10
match ip address prefix-list 101.1.1
set ip next-hop 10.10.3.3
route-map R3-R4-OUT permit 20
!
router bgp 234
neighbor 10.10.4.4 route-map R3-R4-OUT out
maximum-paths ibgp 2
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
ip ospf cost 76
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
router ospf 4
router-id 4.4.4.4
area 1 virtual-link 2.2.2.2
network 1.1.45.4 0.0.0.0 area 0
network 1.1.234.4 0.0.0.0 area 1
network 10.10.4.4 0.0.0.0 area 0
network 11.11.4.4 0.0.0.0 area 0
neighbor 1.1.234.2
neighbor 1.1.234.3
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
router bgp 234
maximum-paths ibgp 2
neighbor 10.10.2.2 route-reflector-client
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.1.3
set ip next-hop self
route-map R4-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R4-R3-OUT out
bgp default local-preference 99
!!
interface Loopback104
ip address 104.1.1.1 255.255.255.0
!
router bgp 234
network 104.1.1.0 mask 255.255.255.0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.3.1 102.1.1
set ip next-hop 10.10.4.4
route-map R4-R3-OUT permit 20
!
interface Loopback1
ip address 11.11.4.4 255.255.255.0
!
router ospf 4
network 11.11.4.4 0.0.0.0 area 0
!
router bgp 234
neighbor 11.11.5.5 remote-as 5
neighbor 11.11.5.5 ebgp-multihop 255
neighbor 11.11.5.5 update-source Loopback1
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
router ospf 5
router-id 5.5.5.5
network 1.1.45.5 0.0.0.0 area 0
network 10.10.5.5 0.0.0.0 area 0
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 ebgp-multihop 255
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R5-IN permit 10
match ip address prefix-list 102.1.1
set as-path prepend 1
route-map R4-R5-IN permit 20
!
router bgp 5
neighbor 10.10.4.4 route-map R4-R5-IN in
!
interface Loopback1
ip address 11.11.5.5 255.255.255.0
!
ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32
!
router ospf 5
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
neighbor 11.11.4.4 remote-as 234
neighbor 11.11.4.4 ebgp-multihop 255
neighbor 11.11.4.4 update-source Loopback1
neighbor 11.11.4.4 prefix-list NO-ADV out
!
end
4.8.2 将 IGP 默认路由引入 BGP
在 R2 上,将上题中的默认路由从 OSPF 重分布进入 BGP ,使 R2 的 BGP 表中可以看到一条默认路由。
=== R2 === ip prefix-list DEF seq 5 permit 0.0.0.0/0 route-map O-B permit 10 match ip address prefix-list DEF ! router bgp 234 default-information originate ! must have this line redistribute ospf 2 route-map O-B !
完整配置清单
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
ip ospf cost 2
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
default-information originate always
!
router bgp 1
no synchronization
no auto-summary
bgp router-id 1.1.1.1
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 ebgp-multihop 255
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 ebgp-multihop 255
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
interface Loopback101
ip address 101.1.1.1 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24
ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
network 101.1.1.0 mask 255.255.255.0
neighbor 10.10.5.5 prefix-list R1-R5-OUT out
!
interface Loopback102
ip address 101.1.2.1 255.255.255.0
!
router bgp 1
network 101.1.2.0 mask 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
!
interface Loopback103
ip address 101.1.3.1 255.255.255.0
!
ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24
ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R1-R2-OUT permit 10
match ip address prefix-list 101.1.3
set as-path prepend 1 1
route-map R1-R2-OUT permit 20
!
router bgp 1
network 101.1.3.0 mask 255.255.255.0
neighbor 10.10.3.3 prefix-list R1-R3-OUT out
neighbor 10.10.2.2 route-map R1-R2-OUT out
!!
ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24
!
route-map R2-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 200
set as-path prepend 10
route-map R2-R1-IN permit 20
!
route-map R3-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 300
set as-path prepend 10
route-map R3-R1-IN permit 20
!
route-map R5-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 500
route-map R5-R1-IN permit 20
!
router bgp 1
neighbor 10.10.2.2 route-map R2-R1-IN in
neighbor 10.10.3.3 route-map R3-R1-IN in
neighbor 10.10.5.5 route-map R5-R1-IN in
bgp deterministic-med
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
ip ospf cost 130
!
router ospf 2
router-id 2.2.2.2
area 1 virtual-link 4.4.4.4
network 1.1.123.2 0.0.0.0 area 2
network 1.1.234.2 0.0.0.0 area 1
network 10.10.2.2 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24
!
route-map R1-R2-IN permit 10
match ip address prefix-list 101.1.2
set as-path prepend last-as 3
route-map R1-R2-IN permit 20
!
ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24
ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32
!
route-map R4-R2-IN permit 10
match ip address prefix-list 101.1.12
set ip next-hop 10.10.4.4
route-map R4-R2-IN permit 20
!
router bgp 234
neighbor 10.10.1.1 route-map R1-R2-IN in
neighbor 10.10.3.3 prefix-list R3-R2-IN in
neighbor 10.10.4.4 route-map R4-R2-IN in
bgp bestpath as-path ignore
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R2-R3-OUT permit 10
match ip address prefix-list 101.1.3
! set ip next-hop 10.10.2.2
set ip next-hop self
route-map R2-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R2-R3-OUT out
!
interface Loopback102
ip address 102.1.1.1 255.255.255.0
!
router bgp 234
network 102.1.1.0 mask 255.255.255.0
!
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map O-B permit 10
match ip address prefix-list DEF
!
router bgp 234
default-information originate ! must have this line
redistribute ospf 2 route-map O-B
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
router ospf 3
router-id 3.3.3.3
network 1.1.123.3 0.0.0.0 area 2
network 1.1.234.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 3.3.3.3
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.1 permit 101.1.1.0/24
route-map R3-R4-OUT permit 10
match ip address prefix-list 101.1.1
set ip next-hop 10.10.3.3
route-map R3-R4-OUT permit 20
!
router bgp 234
neighbor 10.10.4.4 route-map R3-R4-OUT out
maximum-paths ibgp 2
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
ip ospf cost 76
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
router ospf 4
router-id 4.4.4.4
area 1 virtual-link 2.2.2.2
network 1.1.45.4 0.0.0.0 area 0
network 1.1.234.4 0.0.0.0 area 1
network 10.10.4.4 0.0.0.0 area 0
network 11.11.4.4 0.0.0.0 area 0
neighbor 1.1.234.2
neighbor 1.1.234.3
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
router bgp 234
maximum-paths ibgp 2
neighbor 10.10.2.2 route-reflector-client
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.1.3
set ip next-hop self
route-map R4-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R4-R3-OUT out
bgp default local-preference 99
!!
interface Loopback104
ip address 104.1.1.1 255.255.255.0
!
router bgp 234
network 104.1.1.0 mask 255.255.255.0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.3.1 102.1.1
set ip next-hop 10.10.4.4
route-map R4-R3-OUT permit 20
!
interface Loopback1
ip address 11.11.4.4 255.255.255.0
!
router ospf 4
network 11.11.4.4 0.0.0.0 area 0
!
router bgp 234
neighbor 11.11.5.5 remote-as 5
neighbor 11.11.5.5 ebgp-multihop 255
neighbor 11.11.5.5 update-source Loopback1
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
router ospf 5
router-id 5.5.5.5
network 1.1.45.5 0.0.0.0 area 0
network 10.10.5.5 0.0.0.0 area 0
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 ebgp-multihop 255
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R5-IN permit 10
match ip address prefix-list 102.1.1
set as-path prepend 1
route-map R4-R5-IN permit 20
!
router bgp 5
neighbor 10.10.4.4 route-map R4-R5-IN in
!
interface Loopback1
ip address 11.11.5.5 255.255.255.0
!
ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32
!
router ospf 5
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
neighbor 11.11.4.4 remote-as 234
neighbor 11.11.4.4 ebgp-multihop 255
neighbor 11.11.4.4 update-source Loopback1
neighbor 11.11.4.4 prefix-list NO-ADV out
!
end
4.9 条件通告 (advertise-map/exist-map)
在 R4 上做配置,当 R4 的 BGP 表中有 101.1.1.0/24 这条路由时,R4 才会向 R5 传递这条默认路由的时候。
=== R4 === ip prefix-list 101.1.1 seq 5 permit 101.1.1.0/24 ip prefix-list DEF seq 5 permit 0.0.0.0/0 route-map ADV permit 10 match ip address prefix-list DEF ! route-map EXIST permit 10 match ip address prefix-list 101.1.1 ! router bgp 234 neighbor 10.10.5.5 advertise-map ADV exist-map EXIST !
验证
R4#sh ip bgp neighbors 10.10.5.5 advertised-routes
BGP table version is 51, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 101.1.2.0/24 10.10.1.1 0 100 0 1 i
*>i 101.1.3.0/24 10.10.1.1 0 100 0 1 1 1 i
*>i 102.1.1.0/24 10.10.2.2 0 100 0 i
*>i 102.1.2.0/24 10.10.2.2 0 100 0 i
*> 104.1.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 5
完整配置清单
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
ip ospf cost 2
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
default-information originate always
!
router bgp 1
no synchronization
no auto-summary
bgp router-id 1.1.1.1
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 ebgp-multihop 255
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 ebgp-multihop 255
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
interface Loopback101
ip address 101.1.1.1 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24
ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
network 101.1.1.0 mask 255.255.255.0
neighbor 10.10.5.5 prefix-list R1-R5-OUT out
!
interface Loopback102
ip address 101.1.2.1 255.255.255.0
!
router bgp 1
network 101.1.2.0 mask 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
!
interface Loopback103
ip address 101.1.3.1 255.255.255.0
!
ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24
ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R1-R2-OUT permit 10
match ip address prefix-list 101.1.3
set as-path prepend 1 1
route-map R1-R2-OUT permit 20
!
router bgp 1
network 101.1.3.0 mask 255.255.255.0
neighbor 10.10.3.3 prefix-list R1-R3-OUT out
neighbor 10.10.2.2 route-map R1-R2-OUT out
!!
ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24
!
route-map R2-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 200
set as-path prepend 10
route-map R2-R1-IN permit 20
!
route-map R3-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 300
set as-path prepend 10
route-map R3-R1-IN permit 20
!
route-map R5-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 500
route-map R5-R1-IN permit 20
!
router bgp 1
neighbor 10.10.2.2 route-map R2-R1-IN in
neighbor 10.10.3.3 route-map R3-R1-IN in
neighbor 10.10.5.5 route-map R5-R1-IN in
bgp deterministic-med
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
ip ospf cost 130
!
router ospf 2
router-id 2.2.2.2
area 1 virtual-link 4.4.4.4
network 1.1.123.2 0.0.0.0 area 2
network 1.1.234.2 0.0.0.0 area 1
network 10.10.2.2 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24
!
route-map R1-R2-IN permit 10
match ip address prefix-list 101.1.2
set as-path prepend last-as 3
route-map R1-R2-IN permit 20
!
ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24
ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32
!
route-map R4-R2-IN permit 10
match ip address prefix-list 101.1.12
set ip next-hop 10.10.4.4
route-map R4-R2-IN permit 20
!
router bgp 234
neighbor 10.10.1.1 route-map R1-R2-IN in
neighbor 10.10.3.3 prefix-list R3-R2-IN in
neighbor 10.10.4.4 route-map R4-R2-IN in
bgp bestpath as-path ignore
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R2-R3-OUT permit 10
match ip address prefix-list 101.1.3
! set ip next-hop 10.10.2.2
set ip next-hop self
route-map R2-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R2-R3-OUT out
!
interface Loopback102
ip address 102.1.1.1 255.255.255.0
!
router bgp 234
network 102.1.1.0 mask 255.255.255.0
!
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map O-B permit 10
match ip address prefix-list DEF
!
router bgp 234
default-information originate ! must have this line
redistribute ospf 2 route-map O-B
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
router ospf 3
router-id 3.3.3.3
network 1.1.123.3 0.0.0.0 area 2
network 1.1.234.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 3.3.3.3
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.1 permit 101.1.1.0/24
route-map R3-R4-OUT permit 10
match ip address prefix-list 101.1.1
set ip next-hop 10.10.3.3
route-map R3-R4-OUT permit 20
!
router bgp 234
neighbor 10.10.4.4 route-map R3-R4-OUT out
maximum-paths ibgp 2
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
ip ospf cost 76
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
router ospf 4
router-id 4.4.4.4
area 1 virtual-link 2.2.2.2
network 1.1.45.4 0.0.0.0 area 0
network 1.1.234.4 0.0.0.0 area 1
network 10.10.4.4 0.0.0.0 area 0
network 11.11.4.4 0.0.0.0 area 0
neighbor 1.1.234.2
neighbor 1.1.234.3
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
router bgp 234
maximum-paths ibgp 2
neighbor 10.10.2.2 route-reflector-client
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.1.3
set ip next-hop self
route-map R4-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R4-R3-OUT out
bgp default local-preference 99
!!
interface Loopback104
ip address 104.1.1.1 255.255.255.0
!
router bgp 234
network 104.1.1.0 mask 255.255.255.0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.3.1 102.1.1
set ip next-hop 10.10.4.4
route-map R4-R3-OUT permit 20
!
interface Loopback1
ip address 11.11.4.4 255.255.255.0
!
router ospf 4
network 11.11.4.4 0.0.0.0 area 0
!
router bgp 234
neighbor 11.11.5.5 remote-as 5
neighbor 11.11.5.5 ebgp-multihop 255
neighbor 11.11.5.5 update-source Loopback1
!
ip prefix-list 101.1.1 seq 5 permit 101.1.1.0/24
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map ADV permit 10
match ip address prefix-list DEF
!
route-map EXIST permit 10
match ip address prefix-list 101.1.1
!
router bgp 234
neighbor 10.10.5.5 advertise-map ADV exist-map EXIST
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
router ospf 5
router-id 5.5.5.5
network 1.1.45.5 0.0.0.0 area 0
network 10.10.5.5 0.0.0.0 area 0
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 ebgp-multihop 255
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R5-IN permit 10
match ip address prefix-list 102.1.1
set as-path prepend 1
route-map R4-R5-IN permit 20
!
router bgp 5
neighbor 10.10.4.4 route-map R4-R5-IN in
!
interface Loopback1
ip address 11.11.5.5 255.255.255.0
!
ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32
!
router ospf 5
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
neighbor 11.11.4.4 remote-as 234
neighbor 11.11.4.4 ebgp-multihop 255
neighbor 11.11.4.4 update-source Loopback1
neighbor 11.11.4.4 prefix-list NO-ADV out
!
end
4.10 重分布直连
在R2上增加一个接口loopback200,其地址为: interface Loopback200 ip address 200.1.1.1 255.255.255.128 ip address 200.1.5.1 255.255.255.128 secondary ip address 200.1.9.1 255.255.255.128 secondary ip address 200.1.13.1 255.255.255.128 secondary 把这个接口重分布进 BGP,R4 应能收到这些路由。
=== R2 === interface Loopback200 ip address 200.1.5.1 255.255.255.128 secondary ip address 200.1.9.1 255.255.255.128 secondary ip address 200.1.13.1 255.255.255.128 secondary ip address 200.1.1.1 255.255.255.128 ! route-map LO200 permit 10 match interface Loopback200 ! router bgp 234 redistribute connected route-map LO200 !
完整配置清单
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
ip ospf cost 2
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
default-information originate always
!
router bgp 1
no synchronization
no auto-summary
bgp router-id 1.1.1.1
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 ebgp-multihop 255
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 ebgp-multihop 255
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
interface Loopback101
ip address 101.1.1.1 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24
ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
network 101.1.1.0 mask 255.255.255.0
neighbor 10.10.5.5 prefix-list R1-R5-OUT out
!
interface Loopback102
ip address 101.1.2.1 255.255.255.0
!
router bgp 1
network 101.1.2.0 mask 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
!
interface Loopback103
ip address 101.1.3.1 255.255.255.0
!
ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24
ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R1-R2-OUT permit 10
match ip address prefix-list 101.1.3
set as-path prepend 1 1
route-map R1-R2-OUT permit 20
!
router bgp 1
network 101.1.3.0 mask 255.255.255.0
neighbor 10.10.3.3 prefix-list R1-R3-OUT out
neighbor 10.10.2.2 route-map R1-R2-OUT out
!!
ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24
!
route-map R2-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 200
set as-path prepend 10
route-map R2-R1-IN permit 20
!
route-map R3-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 300
set as-path prepend 10
route-map R3-R1-IN permit 20
!
route-map R5-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 500
route-map R5-R1-IN permit 20
!
router bgp 1
neighbor 10.10.2.2 route-map R2-R1-IN in
neighbor 10.10.3.3 route-map R3-R1-IN in
neighbor 10.10.5.5 route-map R5-R1-IN in
bgp deterministic-med
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
ip ospf cost 130
!
router ospf 2
router-id 2.2.2.2
area 1 virtual-link 4.4.4.4
network 1.1.123.2 0.0.0.0 area 2
network 1.1.234.2 0.0.0.0 area 1
network 10.10.2.2 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24
!
route-map R1-R2-IN permit 10
match ip address prefix-list 101.1.2
set as-path prepend last-as 3
route-map R1-R2-IN permit 20
!
ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24
ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32
!
route-map R4-R2-IN permit 10
match ip address prefix-list 101.1.12
set ip next-hop 10.10.4.4
route-map R4-R2-IN permit 20
!
router bgp 234
neighbor 10.10.1.1 route-map R1-R2-IN in
neighbor 10.10.3.3 prefix-list R3-R2-IN in
neighbor 10.10.4.4 route-map R4-R2-IN in
bgp bestpath as-path ignore
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R2-R3-OUT permit 10
match ip address prefix-list 101.1.3
! set ip next-hop 10.10.2.2
set ip next-hop self
route-map R2-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R2-R3-OUT out
!
interface Loopback102
ip address 102.1.1.1 255.255.255.0
!
router bgp 234
network 102.1.1.0 mask 255.255.255.0
!
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map O-B permit 10
match ip address prefix-list DEF
!
router bgp 234
default-information originate ! must have this line
redistribute ospf 2 route-map O-B
!
interface Loopback200
ip address 200.1.5.1 255.255.255.128 secondary
ip address 200.1.9.1 255.255.255.128 secondary
ip address 200.1.13.1 255.255.255.128 secondary
ip address 200.1.1.1 255.255.255.128
!
route-map LO200 permit 10
match interface Loopback200
!
router bgp 234
redistribute connected route-map LO200
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
router ospf 3
router-id 3.3.3.3
network 1.1.123.3 0.0.0.0 area 2
network 1.1.234.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 3.3.3.3
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.1 permit 101.1.1.0/24
route-map R3-R4-OUT permit 10
match ip address prefix-list 101.1.1
set ip next-hop 10.10.3.3
route-map R3-R4-OUT permit 20
!
router bgp 234
neighbor 10.10.4.4 route-map R3-R4-OUT out
maximum-paths ibgp 2
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
ip ospf cost 76
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
router ospf 4
router-id 4.4.4.4
area 1 virtual-link 2.2.2.2
network 1.1.45.4 0.0.0.0 area 0
network 1.1.234.4 0.0.0.0 area 1
network 10.10.4.4 0.0.0.0 area 0
network 11.11.4.4 0.0.0.0 area 0
neighbor 1.1.234.2
neighbor 1.1.234.3
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
router bgp 234
maximum-paths ibgp 2
neighbor 10.10.2.2 route-reflector-client
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.1.3
set ip next-hop self
route-map R4-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R4-R3-OUT out
bgp default local-preference 99
!!
interface Loopback104
ip address 104.1.1.1 255.255.255.0
!
router bgp 234
network 104.1.1.0 mask 255.255.255.0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.3.1 102.1.1
set ip next-hop 10.10.4.4
route-map R4-R3-OUT permit 20
!
interface Loopback1
ip address 11.11.4.4 255.255.255.0
!
router ospf 4
network 11.11.4.4 0.0.0.0 area 0
!
router bgp 234
neighbor 11.11.5.5 remote-as 5
neighbor 11.11.5.5 ebgp-multihop 255
neighbor 11.11.5.5 update-source Loopback1
!
ip prefix-list 101.1.1 seq 5 permit 101.1.1.0/24
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map ADV permit 10
match ip address prefix-list DEF
!
route-map EXIST permit 10
match ip address prefix-list 101.1.1
!
router bgp 234
neighbor 10.10.5.5 advertise-map ADV exist-map EXIST
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
router ospf 5
router-id 5.5.5.5
network 1.1.45.5 0.0.0.0 area 0
network 10.10.5.5 0.0.0.0 area 0
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 ebgp-multihop 255
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R5-IN permit 10
match ip address prefix-list 102.1.1
set as-path prepend 1
route-map R4-R5-IN permit 20
!
router bgp 5
neighbor 10.10.4.4 route-map R4-R5-IN in
!
interface Loopback1
ip address 11.11.5.5 255.255.255.0
!
ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32
!
router ospf 5
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
neighbor 11.11.4.4 remote-as 234
neighbor 11.11.4.4 ebgp-multihop 255
neighbor 11.11.4.4 update-source Loopback1
neighbor 11.11.4.4 prefix-list NO-ADV out
!
end
4.11 使用 no-advertise community 过滤路由
在R4上做配置,使它向R5传递200网段的路由时,只传200.1.0.0/20这条路由,其他的名细路由不能向任何 PEER 传递, 此解决方案不能出现 Summary,Suppress 参数或其他过滤技术,要求使用最小的命令行。
=== R4 === access-list 100 permit ip 200.1.1.0 0.0.12.0 host 255.255.255.128 route-map R2-R4-IN permit 10 match ip address 100 set community no-advertise route-map R2-R4-IN permit 20 ! router bgp 234 neighbor 10.10.2.2 route-map R2-R4-IN in aggregate-address 200.1.0.0 255.255.240.0 !
验证
R4#sh ip bgp neighbors 10.10.5.5 advertised-routes
BGP table version is 63, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r>i 0.0.0.0 1.1.123.1 1 100 0 ?
*>i 101.1.1.0/24 10.10.3.3 0 100 0 1 i
*>i 101.1.2.0/24 10.10.1.1 0 100 0 1 i
*>i 101.1.3.0/24 10.10.1.1 0 100 0 1 1 1 i
*>i 102.1.1.0/24 10.10.2.2 0 100 0 i
*>i 102.1.2.0/24 10.10.2.2 0 100 0 i
*> 104.1.1.0/24 0.0.0.0 0 32768 i
*> 200.1.0.0/20 0.0.0.0 32768 i
Total number of prefixes 8
R4#
完整配置清单
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
ip ospf cost 2
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
default-information originate always
!
router bgp 1
no synchronization
no auto-summary
bgp router-id 1.1.1.1
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 ebgp-multihop 255
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 ebgp-multihop 255
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
interface Loopback101
ip address 101.1.1.1 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24
ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
network 101.1.1.0 mask 255.255.255.0
neighbor 10.10.5.5 prefix-list R1-R5-OUT out
!
interface Loopback102
ip address 101.1.2.1 255.255.255.0
!
router bgp 1
network 101.1.2.0 mask 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
!
interface Loopback103
ip address 101.1.3.1 255.255.255.0
!
ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24
ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R1-R2-OUT permit 10
match ip address prefix-list 101.1.3
set as-path prepend 1 1
route-map R1-R2-OUT permit 20
!
router bgp 1
network 101.1.3.0 mask 255.255.255.0
neighbor 10.10.3.3 prefix-list R1-R3-OUT out
neighbor 10.10.2.2 route-map R1-R2-OUT out
!!
ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24
!
route-map R2-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 200
set as-path prepend 10
route-map R2-R1-IN permit 20
!
route-map R3-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 300
set as-path prepend 10
route-map R3-R1-IN permit 20
!
route-map R5-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 500
route-map R5-R1-IN permit 20
!
router bgp 1
neighbor 10.10.2.2 route-map R2-R1-IN in
neighbor 10.10.3.3 route-map R3-R1-IN in
neighbor 10.10.5.5 route-map R5-R1-IN in
bgp deterministic-med
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
ip ospf cost 130
!
router ospf 2
router-id 2.2.2.2
area 1 virtual-link 4.4.4.4
network 1.1.123.2 0.0.0.0 area 2
network 1.1.234.2 0.0.0.0 area 1
network 10.10.2.2 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24
!
route-map R1-R2-IN permit 10
match ip address prefix-list 101.1.2
set as-path prepend last-as 3
route-map R1-R2-IN permit 20
!
ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24
ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32
!
route-map R4-R2-IN permit 10
match ip address prefix-list 101.1.12
set ip next-hop 10.10.4.4
route-map R4-R2-IN permit 20
!
router bgp 234
neighbor 10.10.1.1 route-map R1-R2-IN in
neighbor 10.10.3.3 prefix-list R3-R2-IN in
neighbor 10.10.4.4 route-map R4-R2-IN in
bgp bestpath as-path ignore
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R2-R3-OUT permit 10
match ip address prefix-list 101.1.3
! set ip next-hop 10.10.2.2
set ip next-hop self
route-map R2-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R2-R3-OUT out
!
interface Loopback102
ip address 102.1.1.1 255.255.255.0
!
router bgp 234
network 102.1.1.0 mask 255.255.255.0
!
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map O-B permit 10
match ip address prefix-list DEF
!
router bgp 234
default-information originate ! must have this line
redistribute ospf 2 route-map O-B
!
interface Loopback200
ip address 200.1.5.1 255.255.255.128 secondary
ip address 200.1.9.1 255.255.255.128 secondary
ip address 200.1.13.1 255.255.255.128 secondary
ip address 200.1.1.1 255.255.255.128
!
route-map LO200 permit 10
match interface Loopback200
!
router bgp 234
redistribute connected route-map LO200
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
router ospf 3
router-id 3.3.3.3
network 1.1.123.3 0.0.0.0 area 2
network 1.1.234.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 3.3.3.3
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.1 permit 101.1.1.0/24
route-map R3-R4-OUT permit 10
match ip address prefix-list 101.1.1
set ip next-hop 10.10.3.3
route-map R3-R4-OUT permit 20
!
router bgp 234
neighbor 10.10.4.4 route-map R3-R4-OUT out
maximum-paths ibgp 2
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
ip ospf cost 76
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
router ospf 4
router-id 4.4.4.4
area 1 virtual-link 2.2.2.2
network 1.1.45.4 0.0.0.0 area 0
network 1.1.234.4 0.0.0.0 area 1
network 10.10.4.4 0.0.0.0 area 0
network 11.11.4.4 0.0.0.0 area 0
neighbor 1.1.234.2
neighbor 1.1.234.3
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
router bgp 234
maximum-paths ibgp 2
neighbor 10.10.2.2 route-reflector-client
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.1.3
set ip next-hop self
route-map R4-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R4-R3-OUT out
bgp default local-preference 99
!!
interface Loopback104
ip address 104.1.1.1 255.255.255.0
!
router bgp 234
network 104.1.1.0 mask 255.255.255.0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.3.1 102.1.1
set ip next-hop 10.10.4.4
route-map R4-R3-OUT permit 20
!
interface Loopback1
ip address 11.11.4.4 255.255.255.0
!
router ospf 4
network 11.11.4.4 0.0.0.0 area 0
!
router bgp 234
neighbor 11.11.5.5 remote-as 5
neighbor 11.11.5.5 ebgp-multihop 255
neighbor 11.11.5.5 update-source Loopback1
!
ip prefix-list 101.1.1 seq 5 permit 101.1.1.0/24
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map ADV permit 10
match ip address prefix-list DEF
!
route-map EXIST permit 10
match ip address prefix-list 101.1.1
!
router bgp 234
neighbor 10.10.5.5 advertise-map ADV exist-map EXIST
!
access-list 100 permit ip 200.1.1.0 0.0.12.0 host 255.255.255.128
!
route-map R2-R4-IN permit 10
match ip address 100
set community no-advertise
route-map R2-R4-IN permit 20
!
router bgp 234
neighbor 10.10.2.2 route-map R2-R4-IN in
aggregate-address 200.1.0.0 255.255.240.0
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
router ospf 5
router-id 5.5.5.5
network 1.1.45.5 0.0.0.0 area 0
network 10.10.5.5 0.0.0.0 area 0
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 ebgp-multihop 255
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R5-IN permit 10
match ip address prefix-list 102.1.1
set as-path prepend 1
route-map R4-R5-IN permit 20
!
router bgp 5
neighbor 10.10.4.4 route-map R4-R5-IN in
!
interface Loopback1
ip address 11.11.5.5 255.255.255.0
!
ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32
!
router ospf 5
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
neighbor 11.11.4.4 remote-as 234
neighbor 11.11.4.4 ebgp-multihop 255
neighbor 11.11.4.4 update-source Loopback1
neighbor 11.11.4.4 prefix-list NO-ADV out
!
end
4.12 条件聚合(advertis-map)/放行明细(unsuppress-map)
在 R1 上做配置,当 R1 发送200网段的路由给R5时,只传200.1.0.0/16和200.1.5.0/25这两条路由。 此解决方案不可以使用 Community,Suppress 参数或其他过滤技术。 并且当 200.1.1.0/25 和 200.1.5.0/25 两条路由在 R1 的 BGP 表中消失时,R1 的 BGP 表中不应有 200.1.0.0/16 这条聚合路由。
=== R1 === ip prefix-list 200.1.1 seq 5 permit 200.1.1.0/25 ip prefix-list 200.1.5 seq 5 permit 200.1.5.0/25 ! route-map ADV permit 10 match ip address prefix-list 200.1.1 200.1.5 ! router bgp 1 aggregate-address 200.1.0.0 255.255.0.0 as-set summary-only advertise-map ADV ! route-map UNS permit 10 match ip address prefix-list 200.1.5 ! router bgp 1 neighbor 10.10.5.5 unsuppress-map UNS !
完整配置清单
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.1 255.255.255.224
no sh
exit
int lo0
ip address 10.10.1.1 255.255.255.0
ip ospf cost 2
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
default-information originate always
!
router bgp 1
no synchronization
no auto-summary
bgp router-id 1.1.1.1
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 ebgp-multihop 255
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 ebgp-multihop 255
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
interface Loopback101
ip address 101.1.1.1 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 5 deny 101.1.1.0/24
ip prefix-list R1-R5-OUT seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
network 101.1.1.0 mask 255.255.255.0
neighbor 10.10.5.5 prefix-list R1-R5-OUT out
!
interface Loopback102
ip address 101.1.2.1 255.255.255.0
!
router bgp 1
network 101.1.2.0 mask 255.255.255.0
!
ip prefix-list R1-R5-OUT seq 8 deny 101.1.2.0/24
!
interface Loopback103
ip address 101.1.3.1 255.255.255.0
!
ip prefix-list R1-R3-OUT seq 5 deny 101.1.3.0/24
ip prefix-list R1-R3-OUT seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R1-R2-OUT permit 10
match ip address prefix-list 101.1.3
set as-path prepend 1 1
route-map R1-R2-OUT permit 20
!
router bgp 1
network 101.1.3.0 mask 255.255.255.0
neighbor 10.10.3.3 prefix-list R1-R3-OUT out
neighbor 10.10.2.2 route-map R1-R2-OUT out
!!
ip prefix-list 104.1.1 seq 5 permit 104.1.1.0/24
!
route-map R2-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 200
set as-path prepend 10
route-map R2-R1-IN permit 20
!
route-map R3-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 300
set as-path prepend 10
route-map R3-R1-IN permit 20
!
route-map R5-R1-IN permit 10
match ip address prefix-list 104.1.1
set metric 500
route-map R5-R1-IN permit 20
!
router bgp 1
neighbor 10.10.2.2 route-map R2-R1-IN in
neighbor 10.10.3.3 route-map R3-R1-IN in
neighbor 10.10.5.5 route-map R5-R1-IN in
bgp deterministic-med
!
ip prefix-list 200.1.1 seq 5 permit 200.1.1.0/25
ip prefix-list 200.1.5 seq 5 permit 200.1.5.0/25
!
route-map ADV permit 10
match ip address prefix-list 200.1.1 200.1.5
!
router bgp 1
aggregate-address 200.1.0.0 255.255.0.0 as-set summary-only advertise-map ADV
!
route-map UNS permit 10
match ip address prefix-list 200.1.5
!
router bgp 1
neighbor 10.10.5.5 unsuppress-map UNS
!
end
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int e0/0
ip address 1.1.123.2 255.255.255.224
no sh
!
interface s1/0
ip address 1.1.234.2 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.3 204 broadcast
frame-relay map ip 1.1.234.4 204 broadcast
no frame-relay inverse-arp
no sh
!
int lo0
ip add 10.10.2.2 255.255.255.0
ip ospf cost 130
!
router ospf 2
router-id 2.2.2.2
area 1 virtual-link 4.4.4.4
network 1.1.123.2 0.0.0.0 area 2
network 1.1.234.2 0.0.0.0 area 1
network 10.10.2.2 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 2.2.2.2
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.2 seq 5 permit 101.1.2.0/24
!
route-map R1-R2-IN permit 10
match ip address prefix-list 101.1.2
set as-path prepend last-as 3
route-map R1-R2-IN permit 20
!
ip prefix-list R3-R2-IN seq 5 deny 101.1.2.0/24
ip prefix-list R3-R2-IN seq 10 permit 0.0.0.0/0 le 32
!
route-map R4-R2-IN permit 10
match ip address prefix-list 101.1.12
set ip next-hop 10.10.4.4
route-map R4-R2-IN permit 20
!
router bgp 234
neighbor 10.10.1.1 route-map R1-R2-IN in
neighbor 10.10.3.3 prefix-list R3-R2-IN in
neighbor 10.10.4.4 route-map R4-R2-IN in
bgp bestpath as-path ignore
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R2-R3-OUT permit 10
match ip address prefix-list 101.1.3
! set ip next-hop 10.10.2.2
set ip next-hop self
route-map R2-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R2-R3-OUT out
!
interface Loopback102
ip address 102.1.1.1 255.255.255.0
!
router bgp 234
network 102.1.1.0 mask 255.255.255.0
!
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map O-B permit 10
match ip address prefix-list DEF
!
router bgp 234
default-information originate ! must have this line
redistribute ospf 2 route-map O-B
!
interface Loopback200
ip address 200.1.5.1 255.255.255.128 secondary
ip address 200.1.9.1 255.255.255.128 secondary
ip address 200.1.13.1 255.255.255.128 secondary
ip address 200.1.1.1 255.255.255.128
!
route-map LO200 permit 10
match interface Loopback200
!
router bgp 234
redistribute connected route-map LO200
!
end
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.3.3 255.255.255.0
!
int e0/0
ip address 1.1.123.3 255.255.255.224
no sh
int s1/0
ip address 1.1.234.3 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 304 broadcast
frame-relay map ip 1.1.234.4 304 broadcast
no frame-relay inverse-arp
no sh
!
router ospf 3
router-id 3.3.3.3
network 1.1.123.3 0.0.0.0 area 2
network 1.1.234.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 2
!
interface s1/0
ip ospf priority 0
!
router bgp 234
no synchronization
bgp router-id 3.3.3.3
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 101.1.1 permit 101.1.1.0/24
route-map R3-R4-OUT permit 10
match ip address prefix-list 101.1.1
set ip next-hop 10.10.3.3
route-map R3-R4-OUT permit 20
!
router bgp 234
neighbor 10.10.4.4 route-map R3-R4-OUT out
maximum-paths ibgp 2
!
end
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.4.4 255.255.255.0
ip ospf cost 76
!
int s1/0
ip address 1.1.234.4 255.255.255.248
encapsulation frame-relay
frame-relay map ip 1.1.234.2 402 broadcast
frame-relay map ip 1.1.234.3 403 broadcast
no frame-relay inverse-arp
no sh
!
int s1/1
ip add 1.1.45.4 255.255.255.0
encapsulation ppp
no peer neighbor-route ! no /32 route in route table and there is /24 instead
no sh
!
router ospf 4
router-id 4.4.4.4
area 1 virtual-link 2.2.2.2
network 1.1.45.4 0.0.0.0 area 0
network 1.1.234.4 0.0.0.0 area 1
network 10.10.4.4 0.0.0.0 area 0
network 11.11.4.4 0.0.0.0 area 0
neighbor 1.1.234.2
neighbor 1.1.234.3
!
router bgp 234
no synchronization
bgp router-id 4.4.4.4
neighbor 10.10.2.2 remote-as 234
neighbor 10.10.2.2 update-source Loopback0
neighbor 10.10.3.3 remote-as 234
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.5.5 remote-as 5
neighbor 10.10.5.5 ebgp-multihop 255
neighbor 10.10.5.5 update-source Loopback0
!
router bgp 234
maximum-paths ibgp 2
neighbor 10.10.2.2 route-reflector-client
!
ip prefix-list 101.1.3 permit 101.1.3.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.1.3
set ip next-hop self
route-map R4-R3-OUT permit 20
!
router bgp 234
neighbor 10.10.3.3 route-map R4-R3-OUT out
bgp default local-preference 99
!!
interface Loopback104
ip address 104.1.1.1 255.255.255.0
!
router bgp 234
network 104.1.1.0 mask 255.255.255.0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R3-OUT permit 10
match ip address prefix-list 101.3.1 102.1.1
set ip next-hop 10.10.4.4
route-map R4-R3-OUT permit 20
!
interface Loopback1
ip address 11.11.4.4 255.255.255.0
!
router ospf 4
network 11.11.4.4 0.0.0.0 area 0
!
router bgp 234
neighbor 11.11.5.5 remote-as 5
neighbor 11.11.5.5 ebgp-multihop 255
neighbor 11.11.5.5 update-source Loopback1
!
ip prefix-list 101.1.1 seq 5 permit 101.1.1.0/24
ip prefix-list DEF seq 5 permit 0.0.0.0/0
route-map ADV permit 10
match ip address prefix-list DEF
!
route-map EXIST permit 10
match ip address prefix-list 101.1.1
!
router bgp 234
neighbor 10.10.5.5 advertise-map ADV exist-map EXIST
!
access-list 100 permit ip 200.1.1.0 0.0.12.0 host 255.255.255.128
!
route-map R2-R4-IN permit 10
match ip address 100
set community no-advertise
route-map R2-R4-IN permit 20
!
router bgp 234
neighbor 10.10.2.2 route-map R2-R4-IN in
aggregate-address 200.1.0.0 255.255.240.0
!
end
----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
exec-timeout 0 0
logging synchronous
exit
int lo0
ip address 10.10.5.5 255.255.255.0
!
int s1/1
ip address 1.1.45.5 255.255.255.0
encapsulation ppp
no peer neighbor-route
no sh
!
router ospf 5
router-id 5.5.5.5
network 1.1.45.5 0.0.0.0 area 0
network 10.10.5.5 0.0.0.0 area 0
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
no auto-summary
neighbor 10.10.1.1 remote-as 1
neighbor 10.10.1.1 ebgp-multihop 255
neighbor 10.10.1.1 update-source Loopback0
neighbor 10.10.4.4 remote-as 234
neighbor 10.10.4.4 ebgp-multihop 255
neighbor 10.10.4.4 update-source Loopback0
!
ip prefix-list 102.1.1 seq 5 permit 102.1.1.0/24
!
route-map R4-R5-IN permit 10
match ip address prefix-list 102.1.1
set as-path prepend 1
route-map R4-R5-IN permit 20
!
router bgp 5
neighbor 10.10.4.4 route-map R4-R5-IN in
!
interface Loopback1
ip address 11.11.5.5 255.255.255.0
!
ip prefix-list NO-ADV seq 5 deny 0.0.0.0/0 le 32
!
router ospf 5
network 11.11.5.5 0.0.0.0 area 0
!
router bgp 5
neighbor 11.11.4.4 remote-as 234
neighbor 11.11.4.4 ebgp-multihop 255
neighbor 11.11.4.4 update-source Loopback1
neighbor 11.11.4.4 prefix-list NO-ADV out
!
end
4.13 设置最大可以从邻居接收到路由的数量(maximum-paths)
在R5上做配置,使R5从PEER10.10.4.4接收的路由最多10条,超过8条开始报警,超过10条断开连接。
=== R5 === router bgp 5 neighbor 10.10.4.4 maximum-prefix 10 80 restart 1 !
针对 10.10.4.4 这个邻居,最多接收 10 条路由,超过 80% 就断开 BGP 连接,并在 1 秒后重新建立连接。
4.14 基于 AS-Path 长度,限制接收路由(maxas-limit)
在R5上做配置,使R5只接收AS-Path长度在10以内的路由。
=== R5 === router bgp 5 bgp maxas-limit 10 !
Footnotes:
1
最新的邻居在最上面