實驗指南：BGP路由過濾

實驗指南

BGP路由過濾

初始配置
R1
conf t
int l 0
ip ad 1.1.1.1 255.255.255.255
int s2/0
ip ad 10.1.1.1 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.1.2 102 b
no shut
int s 2/1
encap f
no arp f
no frame inver
frame map ip 10.1.4.4 114 b
ip ad 10.1.4.1 255.255.255.0
no shut
exit
router rip
ver 2
no au
net 10.0.0.0
net 1.0.0.0
router bgp 1
bgp router-id 1.1.1.1
no au
no sy
nei 4.4.4.4 remote-as 654
nei 4.4.4.4 up l 0
nei 4.4.4.4 ebgp 255
nei 2.2.2.2 remote-as 11151
nei 2.2.2.2 up l 0
nei 2.2.2.2 ebgp 255
end

R2
conf t
int l 0
ip ad 2.2.2.2 255.255.255.255
interface Loopback1
ip address 20.1.1.1 255.255.255.0
interface Loopback2
ip address 20.1.2.1 255.255.255.0
interface Loopback3
ip address 20.1.3.1 255.255.255.0
interface Loopback4
ip address 20.1.4.1 255.255.255.0
interface Loopback5
ip address 20.1.5.1 255.255.255.0
int s2/0
ip ad 10.1.1.2 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.1.1 201 b
no shut
int s2/1
ip ad 10.1.2.2 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.3 213 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 2.0.0.0
router bgp 11151
no au
no sy
bgp router-id 2.2.2.2
nei 1.1.1.1 remote-as 1
nei 1.1.1.1 up l 0
nei 1.1.1.1 ebgp 255
nei 3.3.3.3 remote-as 65001
nei 3.3.3.3 up l 0
nei 3.3.3.3 ebgp 255
end

R3
conf t
int l 0
ip ad 3.3.3.3 255.255.255.255
int l 1
ip ad 23.75.18.1 255.255.255.0
int l 2
ip ad 23.75.19.1 255.255.255.0
int l 3
ip ad 23.75.20.1 255.255.255.0
int l 4
ip ad 23.75.21.1 255.255.255.0
int l 5
ip ad 23.75.22.1 255.255.255.0
int l 6
ip ad 23.75.23.1 255.255.255.0
int l 7
ip ad 23.75.24.1 255.255.255.0
int l 8
ip ad 23.75.25.1 255.255.255.0
int l 9
ip ad 23.75.26.1 255.255.255.0
int s 2/1
ip ad 10.1.2.3 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.2 312 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 3.0.0.0
router bgp 65001
no au
no sy
bgp router-id 3.3.3.3
nei 2.2.2.2 remote-as 11151
nei 2.2.2.2 up l 0
nei 2.2.2.2 e 255
net 23.75.18.0 mask 255.255.255.0
net 23.75.19.0 mask 255.255.255.0
net 23.75.20.0 mask 255.255.255.0
net 23.75.21.0 mask 255.255.255.0
net 23.75.22.0 mask 255.255.255.0
net 23.75.23.0 mask 255.255.255.0
net 23.75.24.0 mask 255.255.255.0
net 23.75.25.0 mask 255.255.255.0
net 23.75.26.0 mask 255.255.255.0
end

R4
conf t
int l 0
ip ad 4.4.4.4 255.255.255.255
int l 1
ip ad 189.168.56.1 255.255.254.0
int l 2
ip ad 189.168.58.1 255.255.254.0
int l3
ip ad 189.168.60.1 255.255.254.0
int l4
ip ad 189.168.62.1 255.255.254.0
int l5
ip ad 189.168.64.1 255.255.254.0
int l6
ip ad 189.168.66.1 255.255.254.0
int l7
ip ad 189.168.68.1 255.255.254.0
int l8
ip ad 189.168.70.1 255.255.254.0
int l9
ip ad 189.168.72.1 255.255.254.0
int l10
ip ad 189.168.74.1 255.255.254.0
int l11
ip ad 189.168.76.1 255.255.254.0
int l12
ip ad 189.168.78.1 255.255.254.0
int l13
ip ad 189.168.80.1 255.255.254.0
int l14
ip ad 189.168.82.1 255.255.254.0
int l15
ip ad 189.168.84.1 255.255.254.0
int l16
ip ad 189.168.86.1 255.255.254.0
int l17
ip ad 189.168.88.1 255.255.254.0
int s 2/1
ip ad 10.1.4.4 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.4.1 411 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 4.0.0.0
router bgp 654
no au
no sy
bgp router-id 4.4.4.4
nei 1.1.1.1 remote 1
nei 1.1.1.1 up l 0
nei 1.1.1.1 e 255
net 189.168.56.0 mask 255.255.254.0
net 189.168.58.0 mask 255.255.254.0
net 189.168.60.0 mask 255.255.254.0
net 189.168.62.0 mask 255.255.254.0
net 189.168.64.0 mask 255.255.254.0
net 189.168.66.0 mask 255.255.254.0
net 189.168.68.0 mask 255.255.254.0
net 189.168.70.0 mask 255.255.254.0
net 189.168.72.0 mask 255.255.254.0
net 189.168.74.0 mask 255.255.254.0
net 189.168.76.0 mask 255.255.254.0
net 189.168.78.0 mask 255.255.254.0
net 189.168.80.0 mask 255.255.254.0
net 189.168.82.0 mask 255.255.254.0
net 189.168.84.0 mask 255.255.254.0
net 189.168.86.0 mask 255.255.254.0
net 189.168.88.0 mask 255.255.254.0
end

1，過濾私有AS
在R1上BGP表的狀態
R1(config-router)#do sh ip bgp
BGP table version is 145, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.1.1.0/24      2.2.2.2                  0             0 11151 i
*> 20.1.2.0/24      2.2.2.2                  0             0 11151 i
*> 20.1.3.0/24      2.2.2.2                  0             0 11151 i
*> 20.1.4.0/24      2.2.2.2                  0             0 11151 i
*> 20.1.5.0/24      2.2.2.2                  0             0 11151 i
*> 23.75.18.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.19.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.20.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.21.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.22.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.23.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.24.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.25.0/24    2.2.2.2                                0 11151 65001 i
*> 23.75.26.0/24    2.2.2.2                                0 11151 65001 i
*> 189.168.56.0/23 4.4.4.4                  0             0 654 i
*> 189.168.58.0/23 4.4.4.4                  0             0 654 i
*> 189.168.60.0/23 4.4.4.4                  0             0 654 i
   Network          Next Hop            Metric LocPrf Weight Path
*> 189.168.62.0/23 4.4.4.4                  0             0 654 i
*> 189.168.64.0/23 4.4.4.4                  0             0 654 i
*> 189.168.66.0/23 4.4.4.4                  0             0 654 i
*> 189.168.68.0/23 4.4.4.4                  0             0 654 i
*> 189.168.70.0/23 4.4.4.4                  0             0 654 i
*> 189.168.72.0/23 4.4.4.4                  0             0 654 i
*> 189.168.74.0/23 4.4.4.4                  0             0 654 i
*> 189.168.76.0/23 4.4.4.4                  0             0 654 i
*> 189.168.78.0/23 4.4.4.4                  0             0 654 i
*> 189.168.80.0/23 4.4.4.4                  0             0 654 i
*> 189.168.82.0/23 4.4.4.4                  0             0 654 i
*> 189.168.84.0/23 4.4.4.4                  0             0 654 i
*> 189.168.86.0/23 4.4.4.4                  0             0 654 i
*> 189.168.88.0/23 4.4.4.4                  0             0 654 i

因爲65001是私有AS（範圍64512～65535），有時並不希望把私有AS發佈到對端，所以在R2上配置
router bgp 11151

nei 1.1.1.1 remove-private-AS
R2#clear ip bgp * s

R1#sh ip bgp
BGP table version is 45, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 23.75.18.0/24    2.2.2.2                                0 11151 i
*> 23.75.19.0/24    2.2.2.2                                0 11151 i
*> 23.75.20.0/24    2.2.2.2                                0 11151 i
*> 23.75.21.0/24    2.2.2.2                                0 11151 i
*> 23.75.22.0/24    2.2.2.2                                0 11151 i
*> 23.75.23.0/24    2.2.2.2                                0 11151 i
*> 23.75.24.0/24    2.2.2.2                                0 11151 i
*> 23.75.25.0/24    2.2.2.2                                0 11151 i
*> 23.75.26.0/24    2.2.2.2                                0 11151 i
（略去4.4.4.4發佈的路由條目）
已經把AS65001過濾了

2，使用distribute-list 進行路由過濾
To filter all routes, except for routes to the prefix 23.75.0.0/16, you create an access list specifying the 23.75.0.0/16 network prefix and use that access list with a distribute list to filter all incoming routes

R1
access-list 1 permit 23.75.0.0 0.0.255.255
router bgp 1
distribute-list 1 in

R1上BGP表
R1(config-router)#do clear ip bgp * s
R1(config-router)#do sh ip bgp
BGP table version is 80, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

也可以使用neighbor命令來過濾路由條目
R1
access-list 2 permit 189.168.56.0 0.0.1.255
access-list 2 permit 189.168.58.0 0.0.1.255
router bgp 1
nei 4.4.4.4 distribute-list 2 in
end

R1上BGP表狀態
R1(config-router)#do clear ip bgp * s
R1(config-router)#do sh ip bgp
BGP table version is 82, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

3，使用prefix-list進行路由過濾
在R2上做路由過濾，發送20.1.1.0/24網段到R1
R2
ip prefix FILTER seq 10 permit 20.1.0.0/16 le 23
router bgp 11151
nei 1.1.1.1 prefix-list FILTER out
end

R1上BGP表狀態
R1(config)#do clear ip bgp * s
R1(config)#do sh ip bgp
BGP table version is 188, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

4，使用route-map進行路由過濾
在R1上做路由過濾，只發送189.168.56.0/23，189.168.68.0/23，189.168.86.0/23網段到R2
R1
access-list 1 permit 189.168.56.0 0.0.1.255
access-list 1 permit 189.168.68.0 0.0.1.255
access-list 1 permit 189.168.86.0 0.0.1.255
route-map FILTER permit 10
match ip ad 1
router bgp 1
nei 2.2.2.2 route-map FILTER out
end

在做路由過濾前，R2上BGP表的狀態
R2#sh ip bgp
BGP table version is 168, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.1.1.0/24      0.0.0.0                  0         32768 i
*> 20.1.2.0/24      0.0.0.0                  0         32768 i
*> 20.1.3.0/24      0.0.0.0                  0         32768 i
*> 20.1.4.0/24      0.0.0.0                  0         32768 i
*> 20.1.5.0/24      0.0.0.0                  0         32768 i
*> 23.75.18.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.19.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.20.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.21.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.22.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.23.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.24.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.25.0/24    3.3.3.3                  0             0 65001 i
*> 23.75.26.0/24    3.3.3.3                  0             0 65001 i
*> 189.168.56.0/23 1.1.1.1                                0 1 654 i
*> 189.168.58.0/23 1.1.1.1                                0 1 654 i
*> 189.168.60.0/23 1.1.1.1                                0 1 654 i
   Network          Next Hop            Metric LocPrf Weight Path
*> 189.168.62.0/23 1.1.1.1                                0 1 654 i
*> 189.168.64.0/23 1.1.1.1                                0 1 654 i
*> 189.168.66.0/23 1.1.1.1                                0 1 654 i
*> 189.168.68.0/23 1.1.1.1                                0 1 654 i
*> 189.168.70.0/23 1.1.1.1                                0 1 654 i
*> 189.168.72.0/23 1.1.1.1                                0 1 654 i
*> 189.168.74.0/23 1.1.1.1                                0 1 654 i
*> 189.168.76.0/23 1.1.1.1                                0 1 654 i
*> 189.168.78.0/23 1.1.1.1                                0 1 654 i
*> 189.168.80.0/23 1.1.1.1                                0 1 654 i
*> 189.168.82.0/23 1.1.1.1                                0 1 654 i
*> 189.168.84.0/23 1.1.1.1                                0 1 654 i
*> 189.168.86.0/23 1.1.1.1                                0 1 654 i
*> 189.168.88.0/23 1.1.1.1                                0 1 654 i

做路由過濾後，R2上BGP表狀態
R2#clear ip bgp * s
R2#sh ip bgp
BGP table version is 182, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

route-map的功能十分強大，而且使用方法也十分靈活；不但可以做路由過濾，還可以做路由策略。在前面所講的BGP路由匯聚中也用到過。關於route-map的使用方法，後續關於BGP的文章會陸續講到。

實驗指南：BGP路由過濾

實驗指南：BGP基本配置

GRE & IPSEC ×××

實驗指南：BGP路由過濾

Practice Lab 3:多路由環境在CISCO路由器上的應用

實驗指南：BGP路徑選擇

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結