BGP社团是指共享一个公共属性的一组路由器。社团属性是可选的和可传递的。“传递”表示社团属性可以传递给BGP邻居。
有两种类型的社团:1 已知社团 它是保留的
2 私有社团 定义于本地使用
已知社团包括:1 NO-EXPORT:带有此社团属性的路由不应该通告到本地AS或本地联邦外
2 NO-ADVERTISE:带有此社团属性的路由不应该通告给任何的BGP对等点
实验说明:1 本实验是为了验证如何使用社团简化路由策略
2 所有路由器配置为BGP
3 R2配置为路由反射器
4 OSPF运行在AS 200 中
路由器配置:
R1#sh run
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0
ip address 152.1.1.10 255.255.255.252
clockrate 64000
!
interface Serial1
ip address 152.1.2.6 255.255.255.252
clockrate 64000
!
router bgp 100
no synchronization
network 1.1.1.1 mask 255.255.255.255
neighbor 152.1.1.9 remote-as 200
neighbor 152.1.2.5 remote-as 200
no auto-summary
!
R2#sh run
interface Loopback0
ip address 152.1.1.2 255.255.255.255
!
interface Ethernet0
ip address 152.1.1.66 255.255.255.192
!
interface Serial0
ip address 152.1.1.9 255.255.255.252
! 
interface Serial1
ip address 152.1.1.6 255.255.255.252
clock rate 64000
!
router ospf 64
log-adjacency-changes
passive-interface Serial0
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 152.1.1.2 mask 255.255.255.255
neighbor 152.1.1.1 remote-as 200
neighbor 152.1.1.1 update-source Loopback0
neighbor 152.1.1.1 route-reflector-client
neighbor 152.1.1.10 remote-as 100
neighbor 152.1.2.1 remote-as 200
neighbor 152.1.2.1 update-source Loopback0
neighbor 152.1.2.1 route-reflector-client
neighbor 152.1.2.2 remote-as 200
neighbor 152.1.2.2 update-source Loopback0
neighbor 152.1.2.2 route-reflector-client
no auto-summary
!
R3#sh run
interface Loopback0
ip address 152.1.1.1 255.255.255.255
!
interface Serial1
ip address 152.1.1.5 255.255.255.252
!
router ospf 64
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 152.1.1.1 mask 255.255.255.255
neighbor 152.1.1.2 remote-as 200
neighbor 152.1.1.2 update-source Loopback0
no auto-summary
!
R4#sh run
interface Loopback0
ip address 152.1.2.1 255.255.255.255
!
interface Ethernet0
ip address 152.1.1.65 255.255.255.192
!
interface Serial0
ip address 152.1.2.129 255.255.255.128
clock rate 64000
!
interface Serial1
ip address 152.1.2.5 255.255.255.252
!
router ospf 64
log-adjacency-changes
passive-interface Serial1
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 152.1.2.1 mask 255.255.255.255
neighbor 152.1.1.2 remote-as 200
neighbor 152.1.1.2 update-source Loopback0
neighbor 152.1.2.6 remote-as 100
no auto-summary
!
R5#sh run
interface Loopback0
ip address 152.1.2.2 255.255.255.255
!
interface Serial0
ip address 152.1.2.130 255.255.255.128
!
router ospf 64
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 152.1.2.2 mask 255.255.255.255
neighbor 152.1.1.2 remote-as 200
neighbor 152.1.1.2 update-source Loopback0
no auto-summary
!
实验验证:
1 在R1上用sh ip bgp验证
R1#sh ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 152.1.1.1/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 200 i
* 152.1.1.2/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 0 200 i
* 152.1.2.1/32 152.1.1.9 0 200 i
*> 152.1.2.5 0 0 200 i
* 152.1.2.2/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 200 i
通过输出可以看到R1通过R2和R4各有一条到152.1.1.1的路由 。
2 配置R3 使它在宣告152.1.1.1时应用NO_EXPORT社团属性。
R3(config)#access-list 1 permit 152.1.1.1 0.0.0.0
R3(config)#route-map set_community
R3(config-route-map)#match ip add 1
R3(config-route-map)#set community no-export
R3(config-route-map)#exi
R3(config)#router bgp 200
R3(config-router)#neighbor 152.1.1.2 route-map set_community out
R3(config-router)#neighbor 152.1.1.2 send-community //将社团属性发送给邻居
R2#sh ip bgp community //查看BGP中具有社团属性的网络
BGP table version is 9, local router ID is 152.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r>i152.1.1.1/32 152.1.1.1 0 100 0 i //网络152.1.1.1/32 具有一个社团属性
这时再到R1验证
R1#sh ip bgp
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 152.1.1.1/32 152.1.2.5 0 200 i
* 152.1.1.2/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 0 200 i
* 152.1.2.1/32 152.1.1.9 0 200 i
*> 152.1.2.5 0 0 200 i
* 152.1.2.2/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 200 i
这时看到R1只能通过R4到达网络152.1.1.1 证明R2不再向R1通告152.1.1.1网络了。社团属性起了作用
R4还在通告该网络,这是因为社团属性还没有发给它。现在让R2将社团属性传递给R4和R5
R2(config)#router bgp 200
R2(config-router)#neighbor 152.1.2.1 send-community
R2(config-router)#neighbor 152.1.2.2 send-community
R4#sh ip bgp community no-export
BGP table version is 31, local router ID is 152.1.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r>i152.1.1.1/32 152.1.1.1 0 100 0 i
说明R4已收到了社团属性
再回到R1上验证
R1#sh ip bgp
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 152.1.1.2/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 0 200 i
* 152.1.2.1/32 152.1.1.9 0 200 i
*> 152.1.2.5 0 0 200 i
* 152.1.2.2/32 152.1.2.5 0 200 i
*> 152.1.1.9 0 200 i
通过输出,看到现在R1已经没有到达152.1.1.1的路由了
3 配置路由器R5,使它在通告网络152.1.2.2时应用NO_ADVERTISE属性
首先到R3上查看BGP路由表
R3#sh ip bgp
BGP table version is 20, local router ID is 152.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 152.1.1.10 0 100 0 100 i
*> 152.1.1.1/32 0.0.0.0 0 32768 i
r>i152.1.1.2/32 152.1.1.2 0 100 0 i
r>i152.1.2.1/32 152.1.2.1 0 100 0 i
r>i152.1.2.2/32 152.1.2.2 0 100 0 i
可以看到R3的路由表中还有网络152.1.2.2
现在对R5进行配置:
R5(config)#access-list 1 permit 152.1.2.2 0.0.0.0
R5(config)#route-map no_advertise
R5(config-route-map)#match ip add 1
R5(config-route-map)#set community no-advertise
R5(config-route-map)#exi
R5(config)#router bgp 200
R5(config-router)#neighbor 152.1.1.2 route-map no_advertise out
R5(config-router)#neighbor 152.1.1.2 send-community
在R2上进行验证
R2#sh ip bgp community no-advertise
BGP table version is 12, local router ID is 152.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r>i152.1.2.2/32 152.1.2.2 0 100 0 i //网络152.1.2.2/32具有了社团属性
在R3和R4上查看BGP路由表
R3#sh ip bgp
BGP table version is 21, local router ID is 152.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 152.1.1.10 0 100 0 100 i
*> 152.1.1.1/32 0.0.0.0 0 32768 i
r>i152.1.1.2/32 152.1.1.2 0 100 0 i
r>i152.1.2.1/32 152.1.2.1 0 100 0 i
输出显示R3上已经没有152.1.2.2的路由了,说明R2已经不向R3发送152.1.2.2的路由了
R4#sh ip bgp
BGP table version is 32, local router ID is 152.1.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 152.1.1.10 0 100 0 100 i
*> 152.1.2.6 0 0 100 i
r>i152.1.1.1/32 152.1.1.1 0 100 0 i
r>i152.1.1.2/32 152.1.1.2 0 100 0 i
*> 152.1.2.1/32 0.0.0.0 0 32768 i
R4也没有152.1.2.2的路由了。综上,当R2接受到具有NO_ADVERTISE社团属性的152.1.2.2这条路由时,作为路由反射器的它将不会把这条路由发布给它的任何客户端。
2534
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
