5,优选OGN属性最佳的路由。I > e > ?
1,抓流量
[r4]ip ip-prefix OGN permit 10.0.0.0 24
2,做路由策略
[r4]route-policy OGN permit node 10
Info: New Sequence of this List.
[r4-route-policy]if-match ip-prefix OGN
[r4-route-policy]apply origin ?
egp Remote EGP
igp Local IGP
incomplete Unknown heritage
[r4-route-policy]apply origin incomplete
[r4]route-policy OGN permit node 20
Info: New Sequence of this List.
3,调用
[r4-bgp]peer 2.2.2.2 route-policy OGN import
6,优选MED值属性最小的路由
多出口鉴别属性 --- BGP在宣告时,是宣告本地路由表中任意路由,不关注这些路由条目的产生方式,默认将携带这些路由的开销值到MED属性中,该路由传递给自己的IBGP对等体以及EBGP对等体都将携带MED属性,便于本地的EBGP对等体邻居根据本AS的内部情况进行选路,此属性也可以通过干涉修改,起到控制其他流量进入本AS的出口。若,从自己IBGP对等体处学习到一条路由中包含MED属性,则在传递给自己的EBGP对等体时将不携带。为了避免出现选路不佳,建议,所有运行BGP的边界设备发布路由时,都同时宣告内部的路由。
注意:MED属性一定要保证在同一个AS中,如果收到两条路由信息到达相同的网段,但是AS_PATH中最左边的AS号不一致,则将不比较MED属性,直接比较下一条。
1,抓流量
[r2]ip ip-prefix MED p 4.4.4.0 24
2,做路由策略
[r2]route-policy MED permit node 10
Info: New Sequence of this List.
[r2-route-policy]if-match ip-prefix MED
[r2-route-policy]apply cost 10
[r2-route-policy]qu
[r2]route-policy MED permit node 20
Info: New Sequence of this List.
3,调用
[r2-bgp]peer 12.0.0.1 route-policy MED export
7,EBGP对等体的路由信息优于IBGP对等体
8,优选到下一跳的IGP开销值最小的路由
9,优选簇列表最短的路由
10,优选RID(起源者ID)最小的设备通告的路由
如果存在起源者ID,则比较起源者ID,如果不存在,则比较RID。
11,优选对等体IP地址最小的
BGP的路由过滤
1,使用前缀列表进行过滤
[r1]ip ip-prefix aa deny 192.168.1.0 24
[r1]ip ip-prefix aa permit 0.0.0.0 0 less-equal 32
[r1-bgp]peer 12.0.0.2 ip-prefix aa export
2,使用路由策略来进行过滤
1,抓流量
[r1]ip ip-prefix bb permit 192.168.2.0 24
2,做策略
[r1]route-policy bb deny node 10
Info: New Sequence of this List.
[r1-route-policy]if-match ip-prefix bb
[r1-route-policy]qu
[r1]route-policy bb permit node 20
Info: New Sequence of this List.
3,调用
[r1-bgp]peer 12.0.0.2 route-policy bb export
3,使用过滤列表进行过滤
1,抓流量
[r3-acl-basic-2000]rule deny source 192.168.3.0 0.0.0.0
[r3-acl-basic-2000]rule permit source any
2,调用
[r3-bgp]peer 13.0.0.1 filter-policy 2000 import
BGP的社团属性
社团属性 --- 4个字节 --- 32位 --- AS:NN --- 可以同时存在多个社团属性 --- 类似于路由标记,用来区分不同的路由信息
公有社团属性
0 --- 0X00000000 --- 全0的社团属性 --- "internet"
默认所有的路由都属于“internet”
0XFFFFFF02 --- “no - advertise”
如果路由打上该属性,则将不能通告给自己的对等体
0xFFFFFFF01 --- "no - export"
如果路由打上该属性,则将不能通告给自己的EBGP对等体(但是,可以通告给自己的联
邦的EBGP对等体)
0XFFFFFF03 --- "no - export - subconfed"
如果路由打上该属性,则将不能通告给自己的EBGP对等体,包括联邦的对等体
[r1]route-policy COM permit node 10
Info: New Sequence of this List.
[r1-route-policy]apply community ?
INTEGER<0-4294967295> Specify community number
STRING<3-11> Specify aa<0-65535>:nn<0-65535>
internet Internet(well-known community attributes)
no-advertise Do not advertise to any peer (well-known community attributes)
no-export Do not export to external peers(well-known community attributes)
no-export-subconfed Do not send outside a sub-confederation(well-known community
attributes)
none No community attribute
[r1-route-policy]apply community no-advertise
[r1-bgp]peer 12.0.0.2 route-policy COM export
[r1-bgp]peer 12.0.0.2 advertise-community --- 注意:华为默认没有开启社团属性的传递功能, 所以,需要使用该命令手工开启
自定义社团属性的用法:
做策略
[r1]route-policy com1 permit node 10
Info: New Sequence of this List.
[r1-route-policy]apply community 1:11
[r1]route-policy com2 permit node 10
Info: New Sequence of this List.
[r1-route-policy]apply community 1:22
[r1-route-policy]
调用
[r1-bgp]network 172.16.1.0 24 route-policy com1
[r1-bgp]network 172.16.2.0 24 route-policy com1
[r1-bgp]network 172.16.3.0 24 route-policy com2
[r1-bgp]network 172.16.4.0 24 route-policy com2
针对社团属性做策略
1,抓流量 --- 社团属性过滤器 --- Community-filter
[r1]ip community-filter 1 permit 1:11
[r1]ip community-filter 2 permit 1:22
2,做策略
[r1]route-policy aa deny node 10
Info: New Sequence of this List.
[r1-route-policy]if-match community-filter 1
[r1-route-policy]qu
[r1]route-policy aa permit node 20
Info: New Sequence of this List.
[r1-route-policy]if-match community-filter 2
[r1-route-policy]apply community no-export additive
[r1-route-policy]qu
[r1]route-policy aa permit node 30
Info: New Sequence of this List.
3,调用
[r1-bgp]peer 12.0.0.2 route-policy aa export