Configuring BGP Route Filtering.ppt_第1页
Configuring BGP Route Filtering.ppt_第2页
Configuring BGP Route Filtering.ppt_第3页
Configuring BGP Route Filtering.ppt_第4页
Configuring BGP Route Filtering.ppt_第5页
已阅读5页,还剩23页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

1、Configuring BGP Route Filtering,实现BGP路由过滤的几种方法,distribute-list 用于过滤由ACL定义的路由 route-map 与distribute-list一样过滤ACL定义的路由 prefix-list 用于过滤由ip prefix-list定义的路由 filter-list 用于过滤由ip as-path access-list定义的路由 具体配置方法请查看,LAB 1 : 使用distribute-list过滤BGP路由,131.130.0.1/24131.130.1.1/24131.130.2.1/24131.130.3.1/24,R1

2、,R3,R2,172.16.0.1/24172.16.1.1/24172.16.2.1/24172.16.3.1/24,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,access-list 1 deny 131.130.0.0 0.0.0.255 access-list 1 deny 131.130.1.0 0.0.0.255 access-list 1 permit any access-list 2 deny 172.16.2.0 0.0.0.255

3、 access-list 2 deny 172.16.3.0 0.0.0.255 access-list 2 permit any!router bgp 1 neighbor 192.168.2.2 distribute-list 2 in neighbor 192.168.2.2 distribute-list 1 out,LAB 2 : 使用route-map过滤BGP路由,131.130.0.1/24131.130.1.1/24131.130.2.1/24131.130.3.1/24,R1,R3,R2,172.16.0.1/24172.16.1.1/24172.16.2.1/24172.

4、16.3.1/24,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,access-list 1 deny 131.130.0.0 0.0.0.255 access-list 1 deny 131.130.1.0 0.0.0.255 access-list 1 permit any access-list 2 deny 172.16.2.0 0.0.0.255 access-list 2 deny 172.16.3.0 0.0.0.255 access-li

5、st 2 permit any! route-map from_as_64513 permit 10 match ip address 2 ! route-map to_as_64513 permit 10 match ip address 1!router bgp 1 neighbor 192.168.2.2 route-map from_as_64513 in neighbor 192.168.2.2 route-map to_as_64513 out,LAB 3 : 使用prefix-list过滤BGP路由一,131.130.0.1/24131.130.1.1/24131.130.2.1

6、/24131.130.3.1/24,R1,R3,R2,172.16.0.1/24172.16.1.1/24172.16.2.1/24172.16.3.1/24,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,ip prefix-list from_64513 seq 5 permit 172.16.0.0/24 ip prefix-list from_64513 seq 10 permit 172.16.1.0/24 ! ip prefix-list to

7、_64513 seq 5 permit 131.130.2.0/24 ip prefix-list to_64513 seq 10 permit 131.130.3.0/24!router bgp 1 neighbor 192.168.2.2 prefix-list from_64513 in neighbor 192.168.2.2 prefix-list to_64513 out,LAB 4 : 使用prefix-list过滤BGP路由二,131.130.0.1/24131.130.1.1/25131.130.2.1/26131.130.3.1/27131.130.4.1/28,R1,R3

8、,R2,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,ip prefix-list test_prefix seq 5 permit 131.130.0.0/24! router bgp 1 neighbor 192.168.2.1 prefix-list test_prefix out,131.130.0.0/24,LAB 5 : 使用prefix-list过滤BGP路由三,131.130.0.1/24131.130.1.1/25131.130.2.1

9、/26131.130.3.1/27131.130.4.1/28,R1,R3,R2,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,ip prefix-list test_prefix permit 131.130.0.0/22 ge 26! router bgp 1 neighbor 192.168.2.1 prefix-list to_as_2 out,131.130.2.0/26131.130.3.0/27,LAB 4 : 使用prefix-list过

10、滤BGP路由四,131.130.0.1/24131.130.1.1/25131.130.2.1/26131.130.3.1/27131.130.4.1/28,R1,R3,R2,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,ip prefix-list test_prefix permit 131.130.0.0/22 le 26! router bgp 1 neighbor 192.168.2.2 prefix-list to_as_2 out,131.

11、130.0.0/24131.130.1.0/25131.130.2.0/26,LAB 4 : 使用prefix-list过滤BGP路由五,131.130.0.1/24131.130.1.1/25131.130.2.1/26131.130.3.1/27131.130.4.1/28,R1,R3,R2,192.168.1.1/24S1/1,S1/0192.168.1.2/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,AS 64512,AS 64513,ip prefix-list test_prefix permit 131.130.0.0/22 ge 25 le

12、 26! router bgp 1 neighbor 192.168.2.2 prefix-list to_as_2 out,131.130.1.0/25131.130.2.0/26,END,Configuring advanced BGP,Overview,Peer Group 路由反射器 Filter-list Suppress-map Attribute-map Advertise-map BGP backdoor BGP团体 BGP联盟,本PPT为新版NP扩展内容,已超出NP的大纲要求,仅供有志于获得CCIE的学员学习.具体内容如下:,Peer Group,neighbor peer-

13、group-name peer-group,Router(config-router)#,创建对等体组,neighbor ip-address peer-group peer-group-name,Router(config-router)#,为一组邻居定义相同参数设置的模板用于替代逐个的配置. 通常使用在多个邻居需要相同的出站策略. 成员可以拥有不同的进站策略. 一次更新组内的多个邻居. 简单易于配置.,Example: Peer Group,Router C Using a Peer Group,Router C Without a Peer Group,router bgp 65100

14、neighbor 192.168.24.1 remote-as 65100 neighbor 192.168.24.1 update-source loopback 0 neighbor 192.168.24.1 next-hop-self neighbor 192.168.24.1 distribute-list 20 out neighbor 192.168.25.1 remote-as 65100 neighbor 192.168.25.1 update-source loopback 0 neighbor 192.168.25.1 next-hop-self neighbor 198.

15、101.25.1 distribute-list 20 out neighbor 192.168.26.1 remote-as 65100 neighbor 192.168.26.1 update-source loopback 0 neighbor 192.168.26.1 next-hop-self neighbor 198.101.26.1 distribute-list 20 out,router bgp 65100 neighbor internal peer-group neighbor internal remote-as 65100 neighbor internal upda

16、te-source loopback 0 neighbor internal next-hop-self neighbor internal distribute-list 20 out neighbor 192.168.24.1 peer-group internal neighbor 192.168.25.1 peer-group internal neighbor 192.168.26.1 peer-group internal,路由反射器,AS 64513,l0172.16.1.1/24172.16.2.1/24172.16.3.1/24172.16.4.1/24,192.168.2.

17、2/24S1/0,S1/1192.168.2.1/24,R2,R1,S1/1192.168.1.1/24,192.168.1.2/24S1/0,router bgp 64513 neighbor 192.168.2.1 route-reflector-client neighbor 192.168.3.2 route-reflector-client,IBGP,R3,R4,AS 64512,S1/1192.168.3.1/24,S1/0192.168.3.2/24,Filter-list,Suppress-map,Attribute-map,Advertise-map,BGP backdoor

18、,BGP团体,BGP团体属性主要包含如下四种: no-export:该属性的路由不通告给AS以外的对等体 no-advertise:该属性的路由不通告给任何BGP的对等体 internet:该属性的路由会通告所有BGP对等体 local-as:该属性的路由仅仅会通告给本地AS的对等体,BGP Community : internet,AS 64512,AS 64513,l0172.16.1.1/24172.16.2.1/24172.16.3.1/24172.16.4.1/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,R3,R1,S1/1192.168.1.1

19、/24,192.168.1.2/24S1/0,R2,R4,FA0/0192/168.3.1/24,FA0/0192/168.3.2/24,172.16.1.1/24 (internet)172.16.2.1/24 (internet)172.16.3.1/24 (internet)172.16.4.1/24 (internet),BGP Community : no-export,AS 64512,AS 64513,l0172.16.1.1/24172.16.2.1/24172.16.3.1/24172.16.4.1/24,192.168.2.2/24S1/0,S1/1192.168.2.1/

20、24,R3,R1,S1/1192.168.1.1/24,192.168.1.2/24S1/0,172.16.1.1/24 (no-export)172.16.2.1/24172.16.3.1/24 (no-export)172.16.4.1/24,172.16.2.1/24172.16.4.1/24,R2,R4,FA0/0192/168.3.1/24,FA0/0192/168.3.2/24,172.16.1.1/24 (no-export)172.16.2.1/24172.16.3.1/24 (no-export)172.16.4.1/24,如果有BGP联盟存在,则no-export会通告给联

21、盟的其它的AS.而不会向联盟以外的AS进行通告.,BGP Community : no-advertise,AS 64512,AS 64513,l0172.16.1.1/24172.16.2.1/24172.16.3.1/24172.16.4.1/24,192.168.2.2/24S1/0,S1/1192.168.2.1/24,R3,R1,S1/1192.168.1.1/24,192.168.1.2/24S1/0,R2,R4,FA0/0192/168.3.1/24,FA0/0192/168.3.2/24,172.16.1.1/24 (no-advertise)172.16.2.1/24 (no-advertise)172.16.3.1/24 (no-advertise)172.16.4.1/24 (no-advertise),BGP Community : local-as,AS 64512,AS 64513,l0172.16.1.1/24172.16.2.1/24172.16.3.1/24172.16.4.1/24,192.168.2.2

人人文库> 全部分类> 教育资料 > 作文作品

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论