BGP route-map 政策路由通告測試報告

今天給客戶做了一個bgp基于route-map來進行過濾通過不同路由到不同的對端跨域鄰居那裡去的一個測試報告。

功能點很小，不過對于初級的同學來說希望有幫助。

BGP實際上對于路由選擇過濾是相當強大的一個路由協定。也是CCIE中考試的重點,其實有一本很好的書想推薦給大家： <CISCO BGP-4 指令與配置手冊>,曾經有人給我說過，把這本書的指令敲3遍，終身難忘，，可惜我隻敲了一遍，哈哈哈，，很多東西隻是在腦子裡留了一個概念，等到要用的時候再去查.....真的是一本很好的書，敲了一遍，我就成菜鳥了，至少知道别人在說bgp的時候我不會很茫然了。:)

希望對初學bgp的同學有用。

1, Testing topology:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496793fgOS.png"></a>

2, Testing target:

L3 switch as the ASBR, connect two different Service provider.

Here for example switch port 1 connect to TATA ISP. Port 2 connect to Reliance ISP.

On L3 switch enable the BGP, make the neighbor ship with TATA and reliance router, from AS 17483 internal routing-router, will advertise loopback 0 and loopback 1 all of the network to L3 switch ASBR by IGP, then need enable the route-map on switch, the interface loopback 0 networks will only advertise to TATA router, and interface looback 1 only advertise to Reliance router by BGP.

3, Testing snapshots:

On MAIPU L3 switch switch first we can check all of the internal routes are already learned by IGP OSPF from routing router:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496801CJ06.jpg"></a>

And now we can check on switch should be has 2 BGP neighbor ship:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496804Fw9f.jpg"></a>

For BGP neighbor 111.93.11.249, the switch only advertise interface loopback 0 networks:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496807gmgb.jpg"></a>

And for neighbor 115.248.84.66 only advertise interface loopback 1 networks:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496810JiJZ.jpg"></a>

Finally let’s check on TATA router how many routes was learned from MAIPU 4128F V3 switch:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496814KWF6.jpg"></a>

And on Reliance router:

<a href="http://361531.blog.51cto.com/attachment/201207/5/351531_1341496818tlvm.jpg"></a>

4, Testing configuration:

<b>Routing-router of AS 17483:</b>

interface loopback0

ip address 49.156.130.1 255.255.255.0

ip address 49.156.131.1 255.255.255.0 secondary

ip address 49.156.132.1 255.255.255.0 secondary

ip address 49.156.133.1 255.255.255.0 secondary

ip address 49.156.134.1 255.255.255.0 secondary

ip address 49.156.135.1 255.255.255.0 secondary

ip address 49.156.136.1 255.255.255.0 secondary

ip address 49.156.137.1 255.255.255.0 secondary

ip address 49.156.138.1 255.255.255.0 secondary

ip address 49.156.139.1 255.255.255.0 secondary

ip address 49.156.140.1 255.255.255.0 secondary

ip address 49.156.141.1 255.255.255.0 secondary

ip address 49.156.142.1 255.255.255.0 secondary

ip address 49.156.143.1 255.255.255.0 secondary

ip address 49.156.144.1 255.255.255.0 secondary

ip address 49.156.145.1 255.255.255.0 secondary

ip address 49.156.146.1 255.255.255.0 secondary

ip address 49.156.147.1 255.255.255.0 secondary

ip address 49.156.155.1 255.255.255.0 secondary

ip address 49.156.128.1 255.255.255.0 secondary

ip address 49.156.129.1 255.255.255.0 secondary

ip address 202.62.72.1 255.255.255.0 secondary

ip address 202.62.85.1 255.255.255.0 secondary

ip address 202.62.67.1 255.255.255.0 secondary

ip address 202.62.74.1 255.255.255.0 secondary

ip address 202.62.90.1 255.255.255.0 secondary

ip ospf network point-to-point

exit

interface loopback1

ip address 49.156.158.1 255.255.255.0

ip address 103.5.18.1 255.255.255.0 secondary

interface fastethernet0

ip address 1.1.1.2 255.255.255.0

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

<b>L3 switch:</b>

!

vlan 1-4;4094

ip access-list standard TATA

permit 49.156.130.0 0.0.0.255

permit 49.156.131.0 0.0.0.255

permit 49.156.132.0 0.0.0.255

permit 49.156.133.0 0.0.0.255

permit 49.156.134.0 0.0.0.255

permit 49.156.135.0 0.0.0.255

permit 49.156.136.0 0.0.0.255

permit 49.156.137.0 0.0.0.255

permit 49.156.138.0 0.0.0.255

permit 49.156.139.0 0.0.0.255

permit 49.156.140.0 0.0.0.255

permit 49.156.141.0 0.0.0.255

permit 49.156.142.0 0.0.0.255

permit 49.156.143.0 0.0.0.255

permit 49.156.144.0 0.0.0.255

permit 49.156.145.0 0.0.0.255

permit 49.156.146.0 0.0.0.255

permit 49.156.147.0 0.0.0.255

permit 49.156.155.0 0.0.0.255

permit 49.156.128.0 0.0.0.255

permit 49.156.129.0 0.0.0.255

permit 202.62.72.0 0.0.0.255

permit 202.62.85.0 0.0.0.255

permit 202.62.67.0 0.0.0.255

permit 202.62.74.0 0.0.0.255

permit 202.62.90.0 0.0.0.255

ip access-list standard reliance

permit 103.5.18.0 0.0.0.255

permit 49.156.158.0 0.0.0.255

Interface Ethernet1/0/1

switchport access vlan 2

Interface Ethernet1/0/2

switchport access vlan 3

Interface Ethernet1/0/3

switchport access vlan 4

Interface Ethernet1/0/4

Interface Ethernet1/0/5

Interface Ethernet1/0/6

Interface Ethernet1/0/7

Interface Ethernet1/0/8

Interface Ethernet1/0/9

Interface Ethernet1/0/10

Interface Ethernet1/0/11

Interface Ethernet1/0/12

Interface Ethernet1/0/13

Interface Ethernet1/0/14

Interface Ethernet1/0/15

Interface Ethernet1/0/16

Interface Ethernet1/0/17

Interface Ethernet1/0/18

Interface Ethernet1/0/19

Interface Ethernet1/0/20

switchport access vlan 4094

Interface Ethernet1/0/21

Interface Ethernet1/0/22

Interface Ethernet1/0/23

Interface Ethernet1/0/24

Interface Ethernet1/0/25

Interface Ethernet1/0/26

Interface Ethernet1/0/27

Interface Ethernet1/0/28

interface Vlan2

description connect-to-TATA-router

ip address 111.93.11.250 255.255.255.252

interface Vlan3

description connect-to-Reliance-router

ip address 115.248.84.65 255.255.255.252

interface Vlan4

description connect-to-LAN-router

ip address 1.1.1.1 255.255.255.0

interface Vlan4094

ip address 192.168.2.83 255.255.252.0

network 1.1.1.0 0.0.0.255 area 0

router bgp 17483

network 49.156.128.0/24

network 49.156.129.0/24

network 49.156.130.0/24

network 49.156.131.0/24

network 49.156.132.0/24

network 49.156.133.0/24

network 49.156.134.0/24

network 49.156.135.0/24

network 49.156.136.0/24

network 49.156.137.0/24

network 49.156.138.0/24

network 49.156.139.0/24

network 49.156.140.0/24

network 49.156.141.0/24

network 49.156.142.0/24

network 49.156.143.0/24

network 49.156.144.0/24

network 49.156.145.0/24

network 49.156.146.0/24

network 49.156.147.0/24

network 49.156.155.0/24

network 49.156.158.0/24

network 103.5.18.0/24

network 202.62.67.0/24

network 202.62.72.0/24

network 202.62.74.0/24

network 202.62.85.0/24

network 202.62.90.0/24

neighbor 111.93.11.249 remote-as 45820

neighbor 111.93.11.249 update-source 111.93.11.250

neighbor 111.93.11.249 route-map TATA-OUT out

neighbor 115.248.84.66 remote-as 18101

neighbor 115.248.84.66 update-source 115.248.84.65

neighbor 115.248.84.66 route-map RIL-OUT out

route-map RIL-OUT permit 10

match ip address reliance

route-map TATA-OUT permit 10

match ip address TATA

<b>TATA-router:</b>

ip address 111.93.11.249 255.255.255.252

router bgp 45820

no auto-summary

no synchronization

neighbor 111.93.11.250 remote-as 17483

<b>Reliance router:</b>

ip address 115.248.84.66 255.255.255.252

router bgp 18101

neighbor 115.248.84.65 remote-as 17483

本文轉自 hny2000 51CTO部落格，原文連結:http://blog.51cto.com/361531/921178