注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

乾颐堂_安德(Ender)的博客

学无前后达者为先,此博客是一个有态度网络技术共享平台,共享给大家更多知识和经验

 
 
 

日志

 
 
关于我

Ender“老湿”:双CCIE(R&S CCIE、ISP CCIE),思科认证讲师#34XXX,HCIE v2.0第一人。毕业于东北大学电子商务专业。在原公司及其他企业参与的重点项目和培训有: R&S CCIE专题课 SP CCIE专题课 思科支蜀援川项目 索尼中国(无锡)NP课程 能在这里找到我:QQ群106111081 我的微博:weibo.com/enderjoe

网易考拉推荐

BGP联邦和团体属性探析以及在AS内部修改下一跳行为(下)  

2017-03-03 19:22:01|  分类: BGP视频和文档 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

B. local-as(也不出口、连本州都不传出去)

仅仅在本AS更新,对联邦AS和真正的AS都有效!(联邦AS)

 

R1(config)#route-map NO-EX permit 10

R1(config-route-map)#set community no-export local-AS

//增加local-as属性

 

验证:

R2#sh ip bgp 11.1.1.1

BGP routing table entry for 11.1.1.1/32, version 13

Paths: (1 available, best #1, table default, not advertised to EBGP peer)

Not advertised to any peer

Refresh Epoch 35

1 64512

12.1.1.1 from 12.1.1.1 (11.1.1.2)

Origin IGP, metric 0, localpref 100, valid, external, best

Community: no-export local-AS

 

 

R3#sh ip bgp 11.1.1.1

% Network not in table

R3#sh ip bgp

R3#sh ip bgp 11.1.1.2

BGP routing table entry for 11.1.1.2/32, version 11

Paths: (1 available, best #1, table default)

Advertised to update-groups:

3

Refresh Epoch 32

(20) 1 64512

22.1.1.1 (metric 2297856) from 22.1.1.1 (22.1.1.1)

Origin IGP, metric 0, localpref 100, valid, confed-external, best

rx pathid: 0, tx pathid: 0x0

//11.1.1.1/32的路由只能在AS20内传递,应为local-as属性

 

改通过模式下

R1(config)#router bgp 64512

R1(config-router)#network 11.1.1.1 mask 255.255.255.255 route-map NO-EX

验证:

R2#sh ip bgp 11.1.1.1

% Network not in table

R2#sh ip bgp

R2#sh ip bgp 11.1.1.2

BGP routing table entry for 11.1.1.2/32, version 10

Paths: (1 available, best #1, table default)

Advertised to update-groups:

4

Refresh Epoch 43

1 64512

12.1.1.1 from 12.1.1.1 (11.1.1.2)

Origin IGP, metric 0, localpref 100, valid, external, best

//11.1.1.2没有团体属性,无法收到11.1.1.1的路由

 

C. no-advertise(不通告)

不通告给任何邻居(本设备AS)

R3新增换回口33.1.1.2/32地址

 

R3(config)#access-list 10 permit 33.1.1.1

R3(config)#route-map NO-AD permit 10

R3(config-route-map)#match ip address 10

R3(config-route-map)#set community no-advertise

R3(config-route-map)#exit

R3(config)#route-map NO-AD permit 20

R3(config)#router bgp 21

R3(config-router)#neighbor 10.1.1.4 route-map NO-AD out

 

验证:

 

R3#show access-lists

Standard IP access list 10

10 permit 33.1.1.1 (15 matches)

 

R4#sh ip bgp 33.1.1.1/32

BGP routing table entry for 33.1.1.1/32, version 7

Paths: (1 available, best #1, table default, not advertised to any peer, RIB-failure(17))

Not advertised to any peer

Refresh Epoch 15

Local

10.1.1.3 from 10.1.1.3 (33.1.1.2)

Origin IGP, metric 0, localpref 100, valid, confed-internal, best

Community: no-advertise

rx pathid: 0, tx pathid: 0x0

R4#sh ip bgp 33.1.1.2/32

BGP routing table entry for 33.1.1.2/32, version 5

Paths: (1 available, best #1, table default, RIB-failure(17))

Advertised to update-groups:

2

Refresh Epoch 15

Local

10.1.1.3 from 10.1.1.3 (33.1.1.2)

Origin IGP, metric 0, localpref 100, valid, confed-internal, best

rx pathid: 0, tx pathid: 0x0

 

R5#sh ip bgp

BGP table version is 7, local router ID is 55.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 11.1.1.2/32 10.1.1.3 0 500 200 1 i

*> 33.1.1.2/32 10.1.1.3 0 500 200 i

*> 55.1.1.1/32 0.0.0.0 0 32768 i

 

R4#sh ip bgp neighbors 10.1.1.5 advertised-routes

BGP table version is 7, local router ID is 44.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*>i 11.1.1.2/32 22.1.1.1 0 100 0 (20) 1 64512 i

r>i 33.1.1.2/32 10.1.1.3 0 100 0 i

 

Total number of prefixes 2

 

//R5无法获取33.1.1.1/32的路由,R4不会通告33.1.1.1/32给任何邻居

 

 

2.2 自定义的标准团体属性

可以用数字来表示300:300AS:NN,345632

清空之前的R1团体属性

R1R5开启邻居

R1#sh run | s bgp

router bgp 64512

bgp asnotation dot

bgp log-neighbor-changes

network 11.1.1.1 mask 255.255.255.255

network 11.1.1.2 mask 255.255.255.255

neighbor 12.1.1.2 remote-as 200

neighbor 12.1.1.2 local-as 1

neighbor 12.1.1.2 transport connection-mode active

neighbor 12.1.1.2 send-community

neighbor 15.1.1.5 remote-as 5.5

neighbor 15.1.1.5 password QYT

neighbor 15.1.1.5 send-community

 

R5(config-router)#do sh run | s bgp

router bgp 5.5

bgp asnotation dot

bgp log-neighbor-changes

no bgp default ipv4-unicast

neighbor 10.1.1.4 remote-as 500

neighbor 15.1.1.1 remote-as 64512

neighbor 15.1.1.1 password QYT

!

address-family ipv4

network 5.5.5.5 mask 255.255.255.255

network 55.1.1.1 mask 255.255.255.255

neighbor 10.1.1.4 activate

neighbor 15.1.1.1 activate

exit-address-family

 

R1(config)#ip prefix-list 1 permit 11.1.1.2/32

//只配前缀列表匹配路由

R1(config)#route-map Comm permit 10

R1(config-route-map)#match ip address prefix-list 1

R1(config-route-map)#set community 64512:1111

//route-map针对路由自定义团团属性名

R1(config-route-map)#exit

R1(config)#route-map Comm permit 20

R1(config)#router bgp 64512

R1(config-router)#neighbor 12.1.1.2 route-map Comm out

R1(config-router)#neighbor 15.1.1.5 route-map Comm out

//BGP指定邻居出方向使用

R5(config)#ip bgp new-format

//还原自定义团体属性

验证:

R5#sh ip bgp 11.1.1.2

BGP routing table entry for 11.1.1.2/32, version 19

Paths: (2 available, best #1, table default)

Advertised to update-groups:

1

Refresh Epoch 4

64512

15.1.1.1 from 15.1.1.1 (11.1.1.2)

Origin IGP, metric 0, localpref 100, valid, external, best

Community: 64512:1111

rx pathid: 0, tx pathid: 0x0

Refresh Epoch 25

500 200 1

10.1.1.3 from 10.1.1.4 (44.1.1.1)

Origin IGP, localpref 100, valid, external

Community: 64512:1111

rx pathid: 0, tx pathid: 0

 

2.3 针对团体属性操控路由

R5(config)#ip community-list 10 permit 64512:1111

//设置团体属性列表

R5(config)#route-map KZLY permit 10

R5(config-route-map)#match community 10

//设置route-map匹配路由

R5(config-route-map)#set as-path prepend 64512 64512 64512

//针对匹配路由增长AS-PATH

R5(config-route-map)#exit

R5(config)#route-map KZLY permit 20

//放行其他路由

R5(config)#router bgp 5.5

R5(config-router)#address-family ipv4

R5(config-router-af)#neighbor 15.1.1.1 route-map KZLY in

//针对从R1收到的11.1.1.2路由AS-PATH增长

 

验证:

R5#sh ip bgp

BGP table version is 21, local router ID is 55.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 11.1.1.1/32 15.1.1.1 0 0 64512 i

* 10.1.1.3 0 500 200 1 i

* 11.1.1.2/32 15.1.1.1 0 0 64512 64512 64512 64512 i

*> 10.1.1.3 0 500 200 1 i

* 22.1.1.1/32 15.1.1.1 0 64512 1 200 i

*> 10.1.1.3 0 500 200 i

*> 33.1.1.1/32 15.1.1.1 0 64512 1 200 i

* 33.1.1.2/32 15.1.1.1 0 64512 1 200 i

*> 10.1.1.3 0 500 200 i

* 44.1.1.1/32 15.1.1.1 0 64512 1 200 i

*> 10.1.1.4 0 0 500 200 i

*> 55.1.1.1/32 0.0.0.0 0 32768 i

//去往11.1.1.1/32发往R5,去往11.1.1.2/32发往R3

 

-------------------------------------------------------------------------------------------

三、在AS内部如何改变下一跳

3.1 联邦的情况

在整个AS内部,可以在ASBRR2)针对联邦内部的ebgpR3)做下一跳自我,整个AS内部看到的下一跳都是ASBR的更新源。

 在成员AS内还可以继续做下一跳自我(R3针对R4实施)

3.2 RR的情况下

R4上看到的下一跳为33.1.1.1

RR直接修改下一跳自我,无效!

RR设备上:

R3(config)#route-map XYT permit 10

R3(config-route-map)#set ip next-hop 33.1.1.1

R3(config)#router bgp 21

R3(config-router)#neighbor 10.1.1.4 route-map XYT out

//设置route-map针对所有路由传给R4修改下一跳为R3

验证:

R4#sh ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 5.5.5.5/32 10.1.1.5 0 0 500 5.5 i

* 11.1.1.1/32 10.1.1.5 0 500 5.5 64512 i

*>i 33.1.1.1 0 100 0 (20) 1 64512 i

*>i 11.1.1.2/32 33.1.1.1 0 100 0 (20) 1 64512 i

r>i 22.1.1.1/32 33.1.1.1 0 100 0 (20) i

r>i 33.1.1.1/32 33.1.1.1 0 100 0 i

r>i 33.1.1.2/32 33.1.1.1 0 100 0 i

*> 44.1.1.1/32 0.0.0.0 0 32768 i

*> 55.1.1.1/32 10.1.1.5 0 0 500 5.5 i

 

R4#sh ip cef 33.1.1.1 detail

33.1.1.1/32, epoch 0

1 RR source [no flags]

nexthop 10.1.1.3 Ethernet0/2

  评论这张
 
阅读(42)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017