彙總設置:
1.bgp是無類路由協議,支持VLSM,但會要求最長匹配,一般它默認啓動自動彙總的,但我們要求關閉自動彙總,不然就會像EIGRP那樣出現問題,命令:
no auto-summary
2.手工彙總方法1:
1) network 彙總路由 mask 彙總後的子網掩碼
2) ip route 彙總路由 彙總後的子網掩碼 null0
network命令本身不能彙總路由,它只是把經過igp彙總後的路由發佈出去,然後還要手工指定一條靜態彙總路由,指向null接口,不僅發佈彙總路由,也會把具體的路由發佈出去,如果不想把具體路由發佈出去,需要路由過濾。
3.手工彙總方法2:
aggregate-address ip地址 子網掩碼 參數
參數:
summary-only:只發送彙總的路由,具體的路由不會發布出去
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
1.bgp是無類路由協議,支持VLSM,但會要求最長匹配,一般它默認啓動自動彙總的,但我們要求關閉自動彙總,不然就會像EIGRP那樣出現問題,命令:
no auto-summary
2.手工彙總方法1:
1) network 彙總路由 mask 彙總後的子網掩碼
2) ip route 彙總路由 彙總後的子網掩碼 null0
network命令本身不能彙總路由,它只是把經過igp彙總後的路由發佈出去,然後還要手工指定一條靜態彙總路由,指向null接口,不僅發佈彙總路由,也會把具體的路由發佈出去,如果不想把具體路由發佈出去,需要路由過濾。
3.手工彙總方法2:
aggregate-address ip地址 子網掩碼 參數
參數:
summary-only:只發送彙總的路由,具體的路由不會發布出去
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
B 199.1.3.0/24 [20/0] via 192.1.1.1, 00:00:09 //要彙總的條目
B 199.1.2.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.1.0/24 [20/0] via 192.1.1.1, 00:00:09
C 193.1.1.0/24 is directly connected, Ethernet0
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.4.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09 //這是彙總之後的路由
加入參數後
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
B 199.1.2.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.1.0/24 [20/0] via 192.1.1.1, 00:00:09
C 193.1.1.0/24 is directly connected, Ethernet0
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.4.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09 //這是彙總之後的路由
加入參數後
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 193.1.1.0/24 is directly connected, Ethernet0
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09
r1#show ip bgp
BGP table version is 18, local router ID is 192.168.194.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 18, local router ID is 192.168.194.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.1.1.0 0.0.0.0 0 32768 ?
*> 193.1.1.0 0.0.0.0 2 32768 ?
s> 199.1.2.0 0.0.0.0 0 32768 ? //抑制住的路由
*> 192.168.192.0/21 0.0.0.0 32768 i
s> 199.1.1.0 0.0.0.0 0 32768 ?
s> 199.1.3.0 0.0.0.0 0 32768 ?
s> 199.1.4.0 0.0.0.0 2 32768 ?
*> 192.1.1.0 0.0.0.0 0 32768 ?
*> 193.1.1.0 0.0.0.0 2 32768 ?
s> 199.1.2.0 0.0.0.0 0 32768 ? //抑制住的路由
*> 192.168.192.0/21 0.0.0.0 32768 i
s> 199.1.1.0 0.0.0.0 0 32768 ?
s> 199.1.3.0 0.0.0.0 0 32768 ?
s> 199.1.4.0 0.0.0.0 2 32768 ?
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.192.0/21 10.1.1.9 100 0 {50,200} i
*> 200.200.200.0 0.0.0.0 0 32768 i
修改加參數:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 as-set summary-only advertise-map cisco
......
!
ip as-path access-list 1 permit ^200$
!
route-map cisco permit 10
match as-path 1
!
*>i192.168.192.0/21 10.1.1.9 100 0 {50,200} i
*> 200.200.200.0 0.0.0.0 0 32768 i
修改加參數:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 as-set summary-only advertise-map cisco
......
!
ip as-path access-list 1 permit ^200$
!
route-map cisco permit 10
match as-path 1
!
r4#show ip bgp
BGP table version is 17, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 17, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.192.0/21 10.1.1.9 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
*>i192.168.192.0/21 10.1.1.9 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
suppress-map:抑制彙總路由指定的條目
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
!
access-list 1 permit 192.168.195.0
access-list 1 permit 192.168.197.0
route-map supmap permit 10
match ip address 1
!
r3#show ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
!
access-list 1 permit 192.168.195.0
access-list 1 permit 192.168.197.0
route-map supmap permit 10
match ip address 1
!
r3#show ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
----------------------------------------------------------------------------------
路由策略:
1.distribute-list過濾列表
命令:
neighbor 鄰居 distribute-list 訪控號 [in | out]
router bgp 100
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 distribute-list 1 out
......
!
access-list 1 deny 192.168.196.0
access-list 1 permit any
*> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
----------------------------------------------------------------------------------
路由策略:
1.distribute-list過濾列表
命令:
neighbor 鄰居 distribute-list 訪控號 [in | out]
router bgp 100
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 distribute-list 1 out
......
!
access-list 1 deny 192.168.196.0
access-list 1 permit any
2.prefix-list前綴列表過濾
命令:
ip prefix-list 列表號 [seq 序號] {deny | permit} 網絡號/len匹配長度 [ge 最小匹配值] [le 最大匹配值]
其中:
len < ge <= le
如果存在ge和le,則len匹配長度將會被忽略
應用:
neighbor 鄰居 prefix-list 名稱 [in | out]
注意:prefix-list和distribute-list不能同時應用在同一個鄰居上,但distribute-list可以調用prefix-list定義的列表
例如:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 prefix-list cisco out
......
!
ip prefix-list cisco seq 5 permit 192.168.192.0/21 ge 22 le 24
命令:
ip prefix-list 列表號 [seq 序號] {deny | permit} 網絡號/len匹配長度 [ge 最小匹配值] [le 最大匹配值]
其中:
len < ge <= le
如果存在ge和le,則len匹配長度將會被忽略
應用:
neighbor 鄰居 prefix-list 名稱 [in | out]
注意:prefix-list和distribute-list不能同時應用在同一個鄰居上,但distribute-list可以調用prefix-list定義的列表
例如:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 prefix-list cisco out
......
!
ip prefix-list cisco seq 5 permit 192.168.192.0/21 ge 22 le 24
r3#show ip bgp
BGP table version is 17, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 17, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
s> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
3.AS-PATH過濾
命令:
ip as-path access-list 編號 { permit | deny } 正則表達式
其中表達式的原則:
. 任何單一字符,包括空格
[] 在方括號中羅列的任何字符
[^] 除了在方括號中所羅列字符外的任何字符(^必須放在字符列表之前)
- (連字符)在由連字符所分配的兩個字符之間的任意字符
? 字符或模式出現 0次或 1次
* 字符或模式出現 0次或多次
+ 字符或模式出現 1次或多次
^ 一行的開始
$ 一行的結束
| 由元字符特殊字符分隔的字之一
_ (下劃線)一個逗號,行的開始,行的結束或空格
例如:
ip as-path access-list 1 permit ^(850|860)*$
將在AS-PATH中匹配重複多次的AS號爲850或860列表,如(850),(850,850,850),(850,850,888)或(860),(860,860,860)等
應用:
neighbor 鄰居 filter-list as-path定義的編號 [ in | out ]
案例:
r4#show ip bgp
BGP table version is 16, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
命令:
ip as-path access-list 編號 { permit | deny } 正則表達式
其中表達式的原則:
. 任何單一字符,包括空格
[] 在方括號中羅列的任何字符
[^] 除了在方括號中所羅列字符外的任何字符(^必須放在字符列表之前)
- (連字符)在由連字符所分配的兩個字符之間的任意字符
? 字符或模式出現 0次或 1次
* 字符或模式出現 0次或多次
+ 字符或模式出現 1次或多次
^ 一行的開始
$ 一行的結束
| 由元字符特殊字符分隔的字之一
_ (下劃線)一個逗號,行的開始,行的結束或空格
例如:
ip as-path access-list 1 permit ^(850|860)*$
將在AS-PATH中匹配重複多次的AS號爲850或860列表,如(850),(850,850,850),(850,850,888)或(860),(860,860,860)等
應用:
neighbor 鄰居 filter-list as-path定義的編號 [ in | out ]
案例:
r4#show ip bgp
BGP table version is 16, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*>i192.168.196.0 10.1.1.9 0 100 0 200 i
*>i192.168.198.0 10.1.1.9 0 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
r3上修改
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 filter-list 1 out
no auto-summary
!
ip as-path access-list 1 permit ^50$ //只允許as號爲50的通過
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*>i192.168.196.0 10.1.1.9 0 100 0 200 i
*>i192.168.198.0 10.1.1.9 0 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
r3上修改
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 filter-list 1 out
no auto-summary
!
ip as-path access-list 1 permit ^50$ //只允許as號爲50的通過
r4#show ip bgp
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
4.route-map過濾:
命令:
route-map 名稱 [permit | deny ] 編號
match 匹配
應用:
neighbor 鄰居 route-map 名稱
案例:
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 route-map mapcisco out
no auto-summary
!
ip as-path access-list 1 permit ^50$
access-list 1 permit 192.168.193.0
access-list 1 permit 192.168.195.0
route-map mapcisco permit 10
match ip address 1
命令:
route-map 名稱 [permit | deny ] 編號
match 匹配
應用:
neighbor 鄰居 route-map 名稱
案例:
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 route-map mapcisco out
no auto-summary
!
ip as-path access-list 1 permit ^50$
access-list 1 permit 192.168.193.0
access-list 1 permit 192.168.195.0
route-map mapcisco permit 10
match ip address 1
r4#show ip bgp
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
----------------------------------------------------------------------------------
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
----------------------------------------------------------------------------------