<a href="http://blog.51cto.com/attachment/201105/145114264.png" target="_blank"></a>
要求:
1.在R2上過濾22.2.2.0/24 23.3.16.0/20這兩個網段
2.比較route-map,distribute-list, ip prefix-list過濾的差別
R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Loopback1
ip address 21.0.0.1 255.255.255.0
interface Loopback2
ip address 22.2.2.1 255.255.255.0
interface Loopback3
ip address 23.3.0.1 255.255.240.0
interface Loopback4
ip address 23.3.16.1 255.255.240.0
interface Loopback5
ip address 23.3.32.1 255.255.224.0
interface Loopback6
ip address 23.3.64.1 255.255.192.0
interface Loopback7
ip address 23.3.128.1 255.255.128.0
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
half-duplex
router bgp 123
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 21.0.0.0 mask 255.255.255.0
network 22.2.2.0 mask 255.255.255.0
network 23.3.0.0 mask 255.255.240.0
network 23.3.16.0 mask 255.255.240.0
network 23.3.32.0 mask 255.255.224.0
network 23.3.64.0 mask 255.255.192.0
network 23.3.128.0 mask 255.255.128.0
neighbor 12.1.1.2 remote-as 110
no auto-summary
R2
ip address 2.2.2.2 255.255.255.255
!
ip address 12.1.1.2 255.255.255.0
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
interface Ethernet0/2
ip address 24.1.1.2 255.255.255.0
interface Ethernet0/3
ip address 25.1.1.2 255.255.255.0
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 12.1.1.0 0.0.0.255 area 0
network 23.1.1.0 0.0.0.255 area 0
network 24.1.1.0 0.0.0.255 area 0
network 25.1.1.0 0.0.0.255 area 0
router bgp 110
neighbor 3.3.3.3 remote-as 110
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 distribute-list liang out
neighbor 4.4.4.4 remote-as 110
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-map liang out
neighbor 5.5.5.5 remote-as 110
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 prefix-list liang out
neighbor 12.1.1.1 remote-as 123
ip prefix-list liang seq 5 deny 22.2.2.0/24
ip prefix-list liang seq 10 deny 23.3.16.0/20
ip prefix-list liang seq 15 permit 0.0.0.0/0 le 32
ip access-list extended liang
deny ip host 22.2.2.0 host 255.255.255.0
deny ip host 23.3.16.0 host 255.255.240.0
permit ip any any
route-map liang permit 10
match ip address liang
control-plane
R3#show ip bgp
BGP table version is 24, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i21.0.0.0/24 12.1.1.1 0 100 0 123 i
*>i23.3.0.0/20 12.1.1.1 0 100 0 123 i
*>i23.3.32.0/19 12.1.1.1 0 100 0 123 i
*>i23.3.64.0/18 12.1.1.1 0 100 0 123 i
*>i23.3.128.0/17 12.1.1.1 0 100 0 123 i
R4#show ip bgp
BGP table version is 24, local router ID is 4.4.4.4
R5#show ip bgp
BGP table version is 34, local router ID is 5.5.5.5
總結:
1.route-map對于多條過濾條目,并沒有任何優勢比起ip prefix-list,distribute,ACL
2.推薦選用prefix過濾路由條目,因為prefix可以比對mask長度
3.過于路徑的過濾可以選用filter-list 及其正規表達式
4.對于過濾路由條目,R2上不能配置peer-group
<a href="http://blog.51cto.com/attachment/201105/150327394.png" target="_blank"></a>
1. advertise-map Set condition to advertise attribute
as-set Generate AS set path information
attribute-map Set attributes of aggregate
nlri Nlri aggregate applies to
route-map Set parameters of aggregate
summary-only Filter more specific routes from updates
suppress-map Conditionally filter more specific routes from update 差別及其用途
2.AS2有個10.1.3.0/24 AS3有個10.1.1.0/24,AS4有個10.1.2.0/24
步驟:
在R2上做彙聚
不做彙聚情況
R1#show ip bgp
BGP table version is 1, local router ID is 1.1.1.1
* i10.1.1.0/24 24.1.1.4 0 100 0 3 i
* i10.1.2.0/24 26.1.1.6 0 100 0 4 i
* i10.1.3.0/24 23.1.1.3 0 100 0 2 i
BGP table version is 4, local router ID is 1.1.1.1
*>i10.1.1.0/24 2.2.2.2 0 100 0 3 i
*>i10.1.2.0/24 2.2.2.2 0 100 0 4 i
*>i10.1.3.0/24 2.2.2.2 0 100 0 2 i
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0
BGP table version is 5, local router ID is 1.1.1.1
*>i10.1.0.0/22 2.2.2.2 0 100 0 i
R2#show ip bgp
BGP table version is 5, local router ID is 2.2.2.2
*> 10.1.0.0/22 0.0.0.0 32768 i
*> 10.1.1.0/24 24.1.1.4 0 3 i
*> 10.1.2.0/24 26.1.1.6 0 0 4 i
*> 10.1.3.0/24 23.1.1.3 0 0 2 i
預設的情況下明細聚合路由都傳遞,而聚合路由是0.0.0.0本地起源的。
預設的是原子聚合所謂的原子聚合就是說明路由已經被彙聚,預設的明細路由的屬性消失
R2(config-router)#aggregate-address 10.1.1.0 255.255.252.0 summary-only
BGP table version is 8, local router ID is 1.1.1.1
BGP table version is 8, local router ID is 2.2.2.2
s> 10.1.1.0/24 24.1.1.4 0 3 i
s> 10.1.2.0/24 26.1.1.6 0 0 4 i
s> 10.1.3.0/24 23.1.1.3 0 0 2 i
打上summary-only隻傳遞聚合路由,在聚合者路由上明細路由被抑制
這時我們說下suppress-map,我們想讓10.1.1.0/24路由不被抑制R2配置如下
access-list 100 permit ip host 10.1.1.0 host 255.255.255.0
route-map liang deny 10
match ip address 100
route-map liang permit 20
R2(config-router)#$1.1.0 255.255.252.0 summary-only suppress-map liang
BGP table version is 15, local router ID is 2.2.2.2
BGP table version is 15, local router ID is 1.1.1.1
假如我們把10.1.1.0/24抑制掉
Access-list 101 permit ip host 10.1.1.0 mask 255.255.255.0
route-map liang premit 10
Match ip add 101
記着在這不能再打 route-map liang permit 20如果這樣就是允許了就不能把這個條目抑制掉了
as-set
R2(config-router)#$ddress 10.1.1.0 255.255.252.0 summary-only as-set
BGP table version is 22, local router ID is 1.1.1.1
*>i10.1.0.0/22 2.2.2.2 0 100 0 {3,4,2} i
還原原來的明細路由屬性
attribute-map/route-map 定義控制聚合的屬性隻對聚合後的路由起作用
Extended IP access list 100
10 permit ip host 10.1.1.0 host 255.255.255.0 (1 match)
R2(config)#route-map test permit 10
R2(config-route-map)#ma
R2(config-route-map)#match ip add 101
R2(config-route-map)#set ?
as-path Prepend string for a BGP AS-path attribute
automatic-tag Automatically compute TAG value
comm-list set BGP community list (for deletion)
community BGP community attribute
dampening Set BGP route flap dampening parameters
default Set default information
extcommunity BGP extended community attribute
interface Output interface
ip IP specific information
ipv6 IPv6 specific information
level Where to import route
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric for destination routing protocol
mpls-label Set MPLS label for prefix
nlri BGP NLRI type
origin BGP origin code
tag Tag value for destination routing protocol
traffic-index BGP traffic classification number for accounting
vrf Define VRF name
weight BGP weight for routing table
設定聚合後的屬性值
Advertise-map----隻對advertise-map裡面比對的路由進行聚合。當advertise-map裡面比對的明細路由全部消失後,即使聚合路由範圍内還有其他明細路由,聚合路由也将消失。當與as-set合用時,隻繼承advertise-map裡面比對的明細路由的屬性。
定義宣告沒有進來之前那些明細路由應該被聚合
As-set----讓聚合路由繼承明細路由的屬性,包括:as-path,local_preference,community,origin-code。與advertise-map合用,隻繼承advertise-map裡面比對的明細路由的屬性。
預設是産生的彙聚路由是本地始發的 也就是下一跳0.0.0.0的路由,他會抑制掉彙聚之前AS路徑的資訊
打上AS-SET 會繼承明細路由的屬性
Attribute-map和route-map----這兩個參數一樣,可以将聚合路由的屬性清除掉(除了as-path屬性),添加自己需要添加的屬性。
隻影響聚合後的路由的屬性也就是給聚合路由加屬性不加as-set 預設是原子聚合
Summary-only----将聚合路由所包括的所有明細路由都抑制掉,被抑制的路由在bgp的轉發表裡,顯示為s,代表suppress的意思。發送更新時,隻發送聚合路由。可以與neighbor 1.1.1.1 unsuppress-map XX合用,對特定鄰居漏過特定的明細路由。
Suppress-map----将suppress-map裡面比對的路由抑制掉,被抑制的路由在bgp的轉發表裡,顯示為s,代表suppress的意思。發送更新時,隻發送聚合路由和沒有被抑制的明細路由。可以neighbor 1.1.1.1 unsuppress-map XX合用,對特定鄰居漏過特定的明細路由。
permit為抑制不轉發 deny為不抑制也就是轉發
本文轉自q狼的誘惑 51CTO部落格,原文連結:http://blog.51cto.com/liangrui/572745,如需轉載請自行聯系原作者
![淡入淡出垂直頁籤[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)