注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

乾颐堂_安德(Ender)的博客

学无前后达者为先,此博客是一个有态度网络技术共享平台,共享给大家更多知识和经验

 
 
 

日志

 
 
关于我

Ender“老湿”:双CCIE(R&S CCIE、ISP CCIE),思科认证讲师#34XXX,HCIE v2.0第一人。毕业于东北大学电子商务专业。在原公司及其他企业参与的重点项目和培训有: R&S CCIE专题课 SP CCIE专题课 思科支蜀援川项目 索尼中国(无锡)NP课程 能在这里找到我:QQ群106111081 我的微博:weibo.com/enderjoe

网易考拉推荐

BGP Community属性及其应用  

2012-10-30 17:55:30|  分类: BGP视频和文档 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

BGP Community属性及其应用

Yeslab Ender(安德)制作,更多内容请关注:

http://www.yeslab.net/ender

http://blog.sina.com.cn/andrew14

BGP Community属性及其应用

1BGP Community属性描述

2、拓扑描述

3、实验步骤

②自定义Community

③重点演示几种定义好的community属性:

ANO_EXPORT:表示携带该值的路由不能通告给真正的EBGP邻居

BNO_ADVERTISE:表示携带该值的路由不能再通告给任何其他BGP邻居

CLOCAL_AS:携带该值的路由可以公布给联盟内的AS,不再通告给联邦内的eBGP

 

1BGP Community属性描述

BGPCOMMUNITY属性是用来标识一组具有共同性质的路由

1 community是一个transitive optional(传输可选)属性,它可以定义一组路由即给路由条目打上标记,用于确保路由过滤和选择的连续性

2 BGP路由器可以在重分布、发送、接收路由更新的时候给路由条目打上community

默认情况下,在update路由的时候community被剥离。

4 community值可以自定义(通常是ASNN,比如1001),另外有几个已经定义好的标准的团体属性:

NO_ADVERTISE:表示携带该值的路由不能再通告给任何其他BGP邻居

NO_EXPORT:表示携带该值的路由不能通告给真正的EBGP邻居

LOCAL_AS:携带该值的路由可以公布给联盟内的AS,不再通告给联邦内的eBGP

INTERNET:默认情况下就是该值

5、很多应用依赖于BGP的扩展Community属性,比如MPLS VPNRTiBGP的非等价负载均衡等

2、拓扑描述

拓扑如下图所示。老规矩老习惯,R1s1/0地址为12.1.1.1(符合XY.1.1.X的规则,XY代表设备号),R2s1/0=12.1.1.2。同时每个设备上有一个环回口=XX.1.1.1,如R1的环回口=11.1.1.1/24

BGP Community属性及其应用 - ender.joe - Yeslab_Ender的博客
 

BGP Community属性及其应用 - ender.joe - Yeslab_Ender的博客
 

3、实验步骤

①如上图完成三个AS基本的配置,AS200内的邻居关系为R2R3R3R4,其中R3RR

在此仅仅给出R2R3的配置,其他请自行配置

R2

router eigrp 90

 network 22.1.1.1 0.0.0.0

 network 23.1.1.2 0.0.0.0

 no auto-summary

!

router bgp 200

 no synchronization

 bgp log-neighbor-changes

 neighbor 33.1.1.1 remote-as 200

 neighbor 33.1.1.1 update-source Loopback0

 neighbor 33.1.1.1 next-hop-self

 no auto-summary

R3

router eigrp 90

 network 0.0.0.0

 no auto-summary

!

router bgp 200

 no synchronization

 bgp log-neighbor-changes

 neighbor 22.1.1.1 remote-as 200

 neighbor 22.1.1.1 update-source Loopback0

 neighbor 22.1.1.1 route-reflector-client

 neighbor 44.1.1.1 remote-as 200

 neighbor 44.1.1.1 update-source Loopback0

 neighbor 44.1.1.1 route-reflector-client

 no auto-summary

验证邻居关系:

R2为例:

R2#sh ip bgp summary

BGP router identifier 172.16.1.1, local AS number 200

BGP table version is 7, main routing table version 7

6 network entries using 702 bytes of memory

7 path entries using 364 bytes of memory

4/3 BGP path/bestpath attribute entries using 496 bytes of memory

1 BGP rrinfo entries using 24 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

1 BGP community entries using 24 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 1658 total bytes of memory

BGP activity 6/0 prefixes, 7/0 paths, scan interval 60 secs

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

12.1.1.1        4   100       6       5        7    0    0 00:00:43        0

33.1.1.1        4   200       9       8        7    0    0 00:03:30        0

44.1.1.1        4   200       7       8        7    0    0 00:03:55        0

R1上通告路由11.1.1.0/2411.1.0.0/24(可新进lo1=11.1.0.1/24),在R5通告路由55.1.1.0/24

R1(config-router)# network 11.1.1.0 mask 255.255.255.0

R1(config-router)# network 11.1.0.0 mask 255.255.255.0

 

R5(config-router)#network 55.1.1.0 mask 255.255.255.0

②自定义Community

R2上针对11.1.1.0这条路由设置Community2002

R2(config)#access-list 1 permit 11.1.1.0 0.0.0.255

R2(config)#route-map COMM permit 10

R2(config-route-map)#match ip address 1

R2(config-route-map)#set community 200:2

R2(config)#route-map COMM permit 20----不要忘记这条route-map,否则仅仅通告ACL1 匹配的路由

R2(config)#router bgp 200

R2(config-router)#neighbor 33.1.1.1 route-map COMM out

R2(config-router)#neighbor 33.1.1.1 send-community ----必须配置,否则community属性无法传递

R2#clear ip bgp * s

查看R2通告给R3的路由:

R2#sh ip bgp neighbors 33.1.1.1 advertised-routes

BGP table version is 17, local router ID is 172.16.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 11.1.0.0/24      12.1.1.1                 0             0 100 i

*> 11.1.1.0/24      12.1.1.1                 0             0 100 i

查看R3的情况:

R3#sh ip bgp

BGP table version is 18, local router ID is 33.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*>i11.1.0.0/24      22.1.1.1                 0    100      0 100 i

*>i11.1.1.0/24      22.1.1.1                 0    100      0 100 i

*>i55.1.1.0/24      44.1.1.1                 0    100      0 300 i

查看具体的携带路由属性的条目:

R3#sh ip bgp 11.1.1.0

BGP routing table entry for 11.1.1.0/24, version 16

Paths: (1 available, best #1, table Default-IP-Routing-Table)

  Advertised to update-groups:

     2        

  100, (Received from a RR-client)

    22.1.1.1 (metric 409600) from 22.1.1.1 (172.16.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Community: 13107202---该条路由已经携带community属性

R3#sh ip bgp 11.1.0.0---没有携带community

BGP routing table entry for 11.1.0.0/24, version 18

Paths: (1 available, best #1, table Default-IP-Routing-Table)

  Advertised to update-groups:

     2        

  100, (Received from a RR-client)

    22.1.1.1 (metric 409600) from 22.1.1.1 (172.16.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

可以用R3(config)#ip bgp-community new-format进一步验证:

R3#sh ip bgp 11.1.1.0

BGP routing table entry for 11.1.1.0/24, version 16

Paths: (1 available, best #1, table Default-IP-Routing-Table)

  Advertised to update-groups:

     2        

  100, (Received from a RR-client)

    22.1.1.1 (metric 409600) from 22.1.1.1 (172.16.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Community: 200:2

之后我们可以针对这些community过路由过滤或者修改修改路由选路属性,不在此实验手册,敬请继续关注

③重点演示几种定义好的community属性:

ANO_EXPORT:表示携带该值的路由不能通告给真正的EBGP邻居

R2(config)#route-map NO_ADV permit 10

R2(config-route-map)#match ip address 1

R2(config-route-map)#set community no-advertise

R2(config)#route-map NO_ADV permit 20---不要忘记这条

R2(config-route-map)#router bgp 200

R2(config-router)#neighbor 33.1.1.1 route-map NO_ADV out-----应用!

 

查看R3的情况:

R3#sh ip bgp 11.1.1.0

BGP routing table entry for 11.1.1.0/24, version 19

Paths: (2 available, best #2, table Default-IP-Routing-Table, not advertised to any peer)

Flag: 0x880

  Not advertised to any peer

  300 100, (Received from a RR-client)

    44.1.1.1 (metric 409600) from 44.1.1.1 (44.1.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal

  100, (Received from a RR-client)

    22.1.1.1 (metric 409600) from 22.1.1.1 (172.16.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Community: no-advertise

 

注意此时R3没有发送community属性给R4,因为R3没有配置发送community的属性,必须:

R3(config-router)#neighbor 44.1.1.1 send-community

查看R3发出的路由,并没有44.1.1.0

R3#sh ip bgp neighbors 44.1.1.1 ad

R3#sh ip bgp neighbors 44.1.1.1 advertised-routes

BGP table version is 19, local router ID is 33.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*>i11.1.0.0/24      22.1.1.1                 0    100      0 100 i

R4的情况,也只能从R5得到路由:

R4#sh ip bgp 11.1.1.0

BGP routing table entry for 11.1.1.0/24, version 26

Paths: (1 available, best #1, table Default-IP-Routing-Table)

  Advertised to update-groups:

     1        

  300 100

    45.1.1.5 from 45.1.1.5 (55.1.1.1)

      Origin IGP, localpref 100, valid, external, best

BNO_ADVERTISE:表示携带该值的路由不能再通告给任何其他BGP邻居

R2上去掉之前的community属性,然后改为no-export

R2(config)#route-map NO_ADV permit 10

R2(config-route-map)#no set community 

R2(config-route-map)#set community no-export

查看R4的情况:

R4#sh ip bgp

BGP table version is 29, local router ID is 44.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*>i11.1.0.0/24      22.1.1.1                 0    100      0 100 i

*                   45.1.1.5                               0 300 100 i

*>i11.1.1.0/24      22.1.1.1                 0    100      0 100 i---已经从R3得到路由

*                   45.1.1.5                               0 300 100 i

*> 55.1.1.0/24      45.1.1.5                 0             0 300 i

此时还是之前的问题,要添加命令才不能传递给R5

R4(config-router)#neighbor 45.1.1.5 send-community

验证:

R4#sh ip bgp 11.1.1.0

BGP routing table entry for 11.1.1.0/24, version 28

Paths: (2 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)

  Not advertised to any peer

  100

    22.1.1.1 (metric 435200) from 33.1.1.1 (33.1.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Community: no-export

      Originator: 172.16.1.1, Cluster list: 33.1.1.1

  300 100

    45.1.1.5 from 45.1.1.5 (55.1.1.1)

      Origin IGP, localpref 100, valid, external

R5上也没有从R4收到该路由

R5#sh ip bgp

BGP table version is 120, local router ID is 55.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*  11.1.0.0/24      45.1.1.4                               0 200 100 i

*>                  15.1.1.1                 0             0 100 i

*> 11.1.1.0/24      15.1.1.1                 0             0 100 i

*> 55.1.1.0/24      0.0.0.0                  0         32768 i

CLOCAL_AS:携带该值的路由可以公布给联盟内的AS,不再通告给联邦内的eBGP

 

我们需要改造拓扑如下:R2R3R4在联邦200内,R2AS20R3R4AS21

在此给出R2R3R4的配置,也有助于大家复习联邦命令:

R2

router bgp 20

 no synchronization

 bgp log-neighbor-changes

 bgp confederation identifier 200

 bgp confederation peers 21

 neighbor 12.1.1.1 remote-as 100

 neighbor 23.1.1.3 remote-as 21

 neighbor 23.1.1.3 next-hop-self

 no auto-summary

R3

router bgp 21

 no synchronization

 bgp log-neighbor-changes

 bgp confederation identifier 200

 bgp confederation peers 20

 neighbor 23.1.1.2 remote-as 20

 neighbor 44.1.1.1 remote-as 21

 neighbor 44.1.1.1 update-source Loopback0

 no auto-summary

R4

router bgp 21

 no synchronization

 bgp log-neighbor-changes

 bgp confederation identifier 200

 neighbor 33.1.1.1 remote-as 21

 neighbor 33.1.1.1 update-source Loopback0

 neighbor 33.1.1.1 next-hop-self

 neighbor 45.1.1.5 remote-as 300

 no auto-summary

先来R3查看路由的情况:

R3#sh ip bgp

BGP table version is 5, local router ID is 33.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 11.1.0.0/24      23.1.1.2                 0    100      0 (20) 100 i

*> 11.1.1.0/24      23.1.1.2                 0    100      0 (20) 100 i----从联邦(iBGPR2收到了路由

*>i55.1.1.0/24      44.1.1.1                 0    100      0 300 i

 

我们在R1来做local-as的情况:

R1(config)#access-list 1 permit 11.1.1.0 0.0.0.255

R1(config)#  route-map LOCAL_AS permit 10

R1(config-route-map)# match ip address 1

R1(config-route-map)# set community local-AS---R2收到之后仅在R2所在AS内传播

R1(config-route-map)#route-map LOCAL_AS permit 20

R1(config)#router bgp 100

R1(config-router)#neighbor 12.1.1.2 route-map LOCAL_AS out

R1(config-router)#neighbor 12.1.1.2 send-community

 

验证R2的情况:

R2#sh ip bgp 11.1.1.0

BGP routing table entry for 11.1.1.0/24, version 6

Paths: (2 available, best #2, table Default-IP-Routing-Table, not advertised outside local AS)

  Not advertised to any peer

  (21) 300 100

    44.1.1.1 (metric 435200) from 23.1.1.3 (33.1.1.1)

      Origin IGP, metric 0, localpref 100, valid, confed-external

  100

    12.1.1.1 from 12.1.1.1 (11.1.3.1)

      Origin IGP, metric 0, localpref 100, valid, external, best

      Community: local-AS

R2没有把路由通告给R3

R2#sh ip bgp nei 23.1.1.3 advertised-routes

BGP table version is 6, local router ID is 172.16.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 11.1.0.0/24      12.1.1.1                 0             0 100 i

 

Total number of prefixes 1

实验完成。欢迎继续关注Yeslab Ender(安德)推出的实验

  评论这张
 
阅读(580)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017