6.1 过滤BGP路由
![图片[1]-第6章 BGP路由控制-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片28-9-1024x601.png)
1.BGP基本配置
1)R1配置BGP
[R1]bgp 100
[R1-bgp]router-id 1.1.1.1
[R1-bgp]peer 12.1.1.2 as-number 200
[R1-bgp]peer 13.1.1.3 as-number 300
[R1-bgp]peer 14.1.1.4 as-number 4002)R2配置BGP
[R2]bgp 200
[R2-bgp]router-id 2.2.2.2
[R2-bgp]peer 12.1.1.1 as-number 100
[R2-bgp]network 2.2.2.2 32
[R2-bgp]network 2.2.1.1 32
[R2-bgp]network 2.2.3.1 323)R3配置BGP
[R3]bgp 300
[R3-bgp]router-id 3.3.3.3
[R3-bgp]peer 13.1.1.1 as-number 100
[R3-bgp]network 3.3.3.3 32
[R3-bgp]network 3.3.1.1 32
[R3-bgp]network 3.3.2.1 324)R4配置BGP
[R4]bgp 400
[R4-bgp]router-id 4.4.4.4
[R4-bgp]peer 14.1.1.1 as-number 100
[R4-bgp]network 4.4.4.4 32
[R4-bgp]network 4.4.1.1 32
[R4-bgp]network 4.4.2.1 325)R1查看BGP路由信息
[R1]display bgp routing-table
*> 2.2.1.1/32 12.1.1.2 0 0 200i
*> 2.2.2.2/32 12.1.1.2 0 0 200i
*> 2.2.3.1/32 12.1.1.2 0 0 200i
*> 3.3.1.1/32 13.1.1.3 0 0 300i
*> 3.3.2.1/32 13.1.1.3 0 0 300i
*> 3.3.3.3/32 13.1.1.3 0 0 300i
*> 4.4.1.1/32 14.1.1.4 0 0 400i
*> 4.4.2.1/32 14.1.1.4 0 0 400i
*> 4.4.4.4/32 14.1.1.4 0 0 400i2.过滤2.2.2.2/32、2.2.1.1/32、2.2.3.1/32三条路由
1)方法1:R1配置使用peer命令,查看BGP路由
[R1]ip ip-prefix dsrw.com deny 2.2.0.0 22 greater-equal 32 less-equal 32
[R1]ip ip-prefix dsrw.com permit 0.0.0.0 0 less-equal 32
[R1]bgp 100
[R1-bgp]peer 12.1.1.2 ip-prefix dsrw.com import
[R1-bgp]quit
[R1]quit
<R1>refresh bgp all import
<R1>display bgp routing-table
*> 3.3.1.1/32 13.1.1.3 0 0 300i
*> 3.3.2.1/32 13.1.1.3 0 0 300i
*> 3.3.3.3/32 13.1.1.3 0 0 300i
*> 4.4.1.1/32 14.1.1.4 0 0 400i
*> 4.4.2.1/32 14.1.1.4 0 0 400i
*> 4.4.4.4/32 14.1.1.4 0 0 400i2)方法2:filter-policy,针对所有邻居有效
[R1]bgp 100
[R1-bgp]undo peer 12.1.1.2 ip-prefix dsrw.com import
[R1-bgp]filter-policy ip-prefix dsrw.com import
[R1-bgp]quit
[R1]quit
<R1>refresh bgp all import
<R1>display bgp routing-table
*> 3.3.1.1/32 13.1.1.3 0 0 300i
*> 3.3.2.1/32 13.1.1.3 0 0 300i
*> 3.3.3.3/32 13.1.1.3 0 0 300i
*> 4.4.1.1/32 14.1.1.4 0 0 400i
*> 4.4.2.1/32 14.1.1.4 0 0 400i
*> 4.4.4.4/32 14.1.1.4 0 0 400i3)方法3:peer命令+filter-policy,针对一个邻居有效,只能跟访问控制列表
[R1]bgp 100
[R1-bgp]undo filter-policy ip-prefix dsrw.com import
[R1]acl 2000
[R1-acl-basic-2000]rule deny source 2.2.0.0 0.0.0.0
[R1-acl-basic-2000]rule 10 permit source any
[R1-acl-basic-2000]quit
[R1]bgp 100
[R1-bgp]peer 12.1.1.2 filter-policy 2000 import 4)方法4:peer命令+route-polic
[R1]ip ip-prefix dsrw.com permit 2.2.0.0 22 greater-equal 32 less-equal 32
[R1]route-policy dsrw deny node 10
[R1-route-policy]if-match ip-prefix dsrw.com
[R1-route-policy]quit
[R1]route-policy dsrw permit node 20
[R1]bgp 100
[R1-bgp]peer 12.1.1.2 route-policy dsrw import
[R1-bgp]quit
[R1]quit
<R1>refresh bgp all import
<R1>display bgp routing-table
*> 3.3.1.1/32 13.1.1.3 0 0 300i
*> 3.3.2.1/32 13.1.1.3 0 0 300i
*> 3.3.3.3/32 13.1.1.3 0 0 300i
*> 4.4.1.1/32 14.1.1.4 0 0 400i
*> 4.4.2.1/32 14.1.1.4 0 0 400i
*> 4.4.4.4/32 14.1.1.4 0 0 400i5)只接受掩码长度大于等于26位的路由
[R2]bgp 200
[R2-bgp]network 2.2.4.1 24
[R2-bgp]network 2.2.5.1 26
[R1]ip ip-prefix dsrw1 permit 0.0.0.0 0 greater-equal 26
[R1]bgp 100
[R1-bgp]filter-policy ip-prefix dsrw1 import
[R1-bgp]quit
[R1]quit
<R1>refresh bgp all import
<R1>display bgp routing-table
*> 2.2.1.1/32 12.1.1.2 0 0 200i
*> 2.2.2.2/32 12.1.1.2 0 0 200i
*> 2.2.3.1/32 12.1.1.2 0 0 200i
*> 2.2.5.0/26 12.1.1.2 0 0 200i
*> 3.3.1.1/32 13.1.1.3 0 0 300i
*> 3.3.2.1/32 13.1.1.3 0 0 300i
*> 3.3.3.3/32 13.1.1.3 0 0 300i
*> 4.4.1.1/32 14.1.1.4 0 0 400i
*> 4.4.2.1/32 14.1.1.4 0 0 400i
*> 4.4.4.4/32 14.1.1.4 0 0 400i5)只接受掩码长度小于等于24位的路由
[R1]ip ip-prefix dsrw2 permit 0.0.0.0 0 less-equal 24
[R1]bgp 100
[R1-bgp]filter-policy ip-prefix dsrw2 import
[R1-bgp]quit
[R1]quit
<R1>refresh bgp all import
<R1>display bgp routing-table
*> 2.2.4.0/24 12.1.1.2 0 0 200i© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容