注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

乾颐堂_安德(Ender)的博客

学无前后达者为先,此博客是一个有态度网络技术共享平台,共享给大家更多知识和经验

 
 
 

日志

 
 
关于我

Ender“老湿”:双CCIE(R&S CCIE、ISP CCIE),思科认证讲师#34XXX,HCIE v2.0第一人。毕业于东北大学电子商务专业。在原公司及其他企业参与的重点项目和培训有: R&S CCIE专题课 SP CCIE专题课 思科支蜀援川项目 索尼中国(无锡)NP课程 能在这里找到我:QQ群106111081 我的微博:weibo.com/enderjoe

网易考拉推荐

BGP联邦和团体属性探析以及在AS内部修改下一跳行为(上)  

2017-03-03 19:21:27|  分类: BGP视频和文档 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

 

 

BGP联邦和团体属性探析以及在AS内部修改下一跳行为 - ender.joe - 乾颐堂_安德(Ender)的博客

 

一、BGP联邦的实施

R1#sh run | s bgp

router bgp 64512

bgp asnotation dot

bgp log-neighbor-changes

network 11.1.1.1 mask 255.255.255.255

network 11.1.1.2 mask 255.255.255.255

neighbor 12.1.1.2 remote-as 200

neighbor 12.1.1.2 local-as 1

neighbor 12.1.1.2 transport connection-mode active

//R2建立eBGP

 

R2#sh run | s bgp

router bgp 20

//以州为单位构建AS20

bgp log-neighbor-changes

bgp confederation identifier 200

//表明AS属于国家”AS200

bgp confederation peers 21

//表明和其他州AS的联邦内部的eBGP关系

neighbor 12.1.1.1 remote-as 1

neighbor 12.1.1.1 transport connection-mode passive

//R1建立eBGP邻居

neighbor 33.1.1.1 remote-as 21

neighbor 33.1.1.1 ebgp-multihop 255

neighbor 33.1.1.1 update-source Loopback0

//R3建立联邦内的eBGP

 

R3#sh run | s bgp

router bgp 21

//以州为单位构建AS21

bgp log-neighbor-changes

bgp confederation identifier 200

//表明AS属于国家”AS200

bgp confederation peers 20

//表明和其他州AS的联邦内部的eBGP关系

neighbor 10.1.1.4 remote-as 21

neighbor 10.1.1.4 route-reflector-client

//设置为RR,指定R4为客户端

neighbor 22.1.1.1 remote-as 20

neighbor 22.1.1.1 ebgp-multihop 255

neighbor 22.1.1.1 update-source Loopback0

//R2建立联邦内的eBGP

 

R4#sh run | s bgp

router bgp 21

//以州为单位构建AS21

bgp log-neighbor-changes

bgp confederation identifier 200

//表明AS属于国家”AS200

neighbor 10.1.1.3 remote-as 21

//R3构建iBGP

neighbor 10.1.1.5 remote-as 327685

neighbor 10.1.1.5 local-as 500

//R5构建eBGP

 

R5#sh run | s bgp

router bgp 5.5

bgp asnotation dot

//还原AS号显示

bgp log-neighbor-changes

no bgp default ipv4-unicast

neighbor 10.1.1.4 remote-as 500

//R4构建eBGP

!

address-family ipv4

network 5.5.5.5 mask 255.255.255.255

network 55.1.1.1 mask 255.255.255.255

neighbor 10.1.1.4 activate

exit-address-family

 

 

验证:

 

R3#sh ip bgp

BGP table version is 12, local router ID is 33.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*>i 5.5.5.5/32 10.1.1.5 0 100 0 500 327685 i

* 11.1.1.1/32 12.1.1.1 0 100 0 (20) 1 64512 i

* 11.1.1.2/32 12.1.1.1 0 100 0 (20) 1 64512 i

//并非最优路由,需要添加下一跳

 

R2(config)#router bgp 20

R2(config-router)#neighbor 33.1.1.1 next-hop-self

//在联邦内部下一跳是保持的

此时R3不需要对R4指下一跳,不需要联邦内部(州之间)指定

 

R3#sh ip bgp

BGP table version is 14, local router ID is 33.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*>i 5.5.5.5/32 10.1.1.5 0 100 0 500 327685 i

*> 11.1.1.1/32 22.1.1.1 0 100 0 (20) 1 64512 i

*> 11.1.1.2/32 22.1.1.1 0 100 0 (20) 1 64512 i

 

R5#sh ip bgp

BGP table version is 4, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 11.1.1.1/32 10.1.1.3 0 500 200 1 64512 i

*> 11.1.1.2/32 10.1.1.3 0 500 200 1 64512 i

 

R4(config)#router bgp 21

R4(config-router)#neighbor 10.1.1.3 next-hop-self

//R4最好也要对R3做下一跳,不做也可以的

 

R4(config-router)#neighbor 10.1.1.5 remove-private-as all

R4(config-router)#bgp asnotation dot

R2(config-router)#neighbor 12.1.1.1 remove-private-as all

R2(config-router)#bgp asnotation dot

//为了方便观察还原AS和移除私有AS

 

R5#sh ip bgp

BGP table version is 6, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 11.1.1.1/32 10.1.1.3 0 500 200 1 i

*> 11.1.1.2/32 10.1.1.3 0 500 200 1 i

 

R1#sh ip bgp

BGP table version is 5, local router ID is 11.1.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 12.1.1.2 0 1 200 500 5.5 i

*> 11.1.1.1/32 0.0.0.0 0 32768 i

*> 11.1.1.2/32 0.0.0.0 0 32768 i

*> 55.1.1.1/32 12.1.1.2 0 1 200 500 5.5 i

 

-------------------------------------------------------------------------------------------

二、团体属性

2.1 众所周知的已经定义完毕的用于过滤的团体属性

 

A. no-export(不出口)

不更新给真正的eBGP(国家AS

R1(config)#route-map NO-EX permit 10

R1(config-route-map)#set community no-export

//定义route-map,设置团体属性值为不更新到其他AS,在本AS更新

R1(config)#router bgp 64512

R1(config-router)#network 11.1.1.1 mask 255.255.255.255 route-map NO-EX

//通告路由的时候应用route-map

 

验证:

R1#sh ip bgp 11.1.1.1/32

BGP routing table entry for 11.1.1.1/32, version 6

Paths: (1 available, best #1, table default, not advertised to EBGP peer)

Not advertised to any peer

Refresh Epoch 1

Local

0.0.0.0 from 0.0.0.0 (11.1.1.2)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

Community: no-export

rx pathid: 0, tx pathid: 0x0

 

R2#sh ip bgp

BGP table version is 6, local router ID is 22.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 10.1.1.4 0 100 0 (21) 500 5.5 i

*> 11.1.1.2/32 12.1.1.1 0 0 1 64512 i

*> 55.1.1.1/32 10.1.1.4 0 100 0 (21) 500 5.5 i

//R2无法获得11.1.1.1/32路由

 

R1(config)#router bgp 64512

R1(config-router)#neighbor 12.1.1.2 send-community

//发送团体属性

R1(config-router)#no network 11.1.1.1 mask 255.255.255.255 route-map NO-EX

R1(config-router)#neighbor 12.1.1.2 route-map NO-EX out

//改为针对邻居使用route-map

 

R2(config-router)#neighbor 33.1.1.1 send-community

R3(config-router)#neighbor 10.1.1.4 send-community

  

验证:

R2#sh ip bgp

BGP table version is 8, local router ID is 22.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 10.1.1.4 0 100 0 (21) 500 5.5 i

*> 11.1.1.1/32 12.1.1.1 0 0 1 64512 i

*> 11.1.1.2/32 12.1.1.1 0 0 1 64512 i

*> 55.1.1.1/32 10.1.1.4 0 100 0 (21) 500 5.5 i

 

R2#sh ip bgp 11.1.1.1

BGP routing table entry for 11.1.1.1/32, version 8

Paths: (1 available, best #1, table default, not advertised to EBGP peer)

Advertised to update-groups:

1

Refresh Epoch 27

1 64512

12.1.1.1 from 12.1.1.1 (11.1.1.2)

Origin IGP, metric 0, localpref 100, valid, external, best

Community: no-export

 

R4#sh ip bgp 11.1.1.1

BGP routing table entry for 11.1.1.1/32, version 8

Paths: (1 available, best #1, table default, not advertised to EBGP peer)

Not advertised to any peer

Refresh Epoch 9

(20) 1 64512

22.1.1.1 (metric 2323456) from 10.1.1.3 (33.1.1.1)

Origin IGP, metric 0, localpref 100, valid, confed-internal, best

Community: no-export

rx pathid: 0, tx pathid: 0x0

 

R5#sh ip bgp

BGP table version is 11, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 55.1.1.1/32 0.0.0.0 0 32768 i

 

可以添加ACL增加控制性

R1(config)#access-list 10 permit 11.1.1.1

R1(config)#route-map NO-EX permit 10

//该序列号允许放行

R1(config-route-map)#match ip address 10

//匹配ACL10的路由

R1(config-route-map)#exit

R1(config)#route-map NO-EX permit 20

//匹配其他路由

 

验证:

R1#sh route-map

route-map NO-EX, permit, sequence 10

Match clauses:

ip address (access-lists): 10

Set clauses:

community no-export

Policy routing matches: 0 packets, 0 bytes

route-map NO-EX, permit, sequence 20

Match clauses:

Set clauses:

Policy routing matches: 0 packets, 0 bytes

 

R2#sh ip bgp 11.1.1.2

BGP routing table entry for 11.1.1.2/32, version 10

Paths: (1 available, best #1, table default)

Advertised to update-groups:

4

Refresh Epoch 34

1 64512

12.1.1.1 from 12.1.1.1 (11.1.1.2)

Origin IGP, metric 0, localpref 100, valid, external, best

//11.1.1.2没有团体属性

 

R5#sh ip bgp

BGP table version is 12, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 11.1.1.2/32 10.1.1.3 0 500 200 1 i

*> 55.1.1.1/32 0.0.0.0 0 32768 i

//R5可以收到11.1.1.2的路由不能收到11.1.1.1的路由

 


 

 

  评论这张
 
阅读(28)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017