实验13 BGP路由过滤

实验任务一：过滤BGP路由

1. 建立物理连接
   

2. 建立BGP连接
   RTA,RTB建立ebgp邻居
   RTB,RTC建立ebgp邻居
   RTC,RTD建立ebgp邻居
   RTA,RTD建立ebgp邻居
   引入直连路由
   3.查看BGP路由表
   [RTA-bgp-default-ipv4]display bgp routing-table ipv4

Total number of routes: 15

BGP local router ID is 10.0.0.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

 Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

• 1.1.1.1/32 127.0.0.1 0 32768 ?

• e 2.2.2.2/32 10.0.0.2 0 0 200?

• e 3.3.3.3/32 10.0.0.2 0 200 300?

• e 10.0.0.13 0 200 300?

• e 4.4.4.4/32 10.0.0.13 0 0 200?

• 10.0.0.0/30 10.0.0.1 0 32768 ?

• e 10.0.0.2 0 0 200?

• 10.0.0.1/32 127.0.0.1 0 32768 ?

• e 10.0.0.4/30 10.0.0.2 0 0 200?

• e 10.0.0.13 0 200 300?

• e 10.0.0.8/30 10.0.0.2 0 200 300?

• e 10.0.0.13 0 200 300?

• 10.0.0.12/30 10.0.0.14 0 32768 ?

• e 10.0.0.13 0 0 200?

• 10.0.0.14/32 127.0.0.1 0 32768 ?

由上面可以看到3.3.3.3/32网段，经过了AS200，AS300。
从各个直连网段中，AS短的优先于AS长的路由。

1. 配置AS-PATH-ACL过滤路由并验证
   [RTB]ip as-path 10 deny 300$
   [RTB]ip as-path 10 permit .*
   [RTB-bgp-default-ipv4]peer 10.0.0.1 as-path-acl 10 export

[RTA]display bgp routing-table ipv4

Total number of routes: 13

BGP local router ID is 10.0.0.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

 Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

• 1.1.1.1/32 127.0.0.1 0 32768 ?

• e 2.2.2.2/32 10.0.0.2 0 0 200?

• e 3.3.3.3/32 10.0.0.13 0 200 300?

• e 4.4.4.4/32 10.0.0.13 0 0 200?

• 10.0.0.0/30 10.0.0.1 0 32768 ?

• e 10.0.0.2 0 0 200?

• 10.0.0.1/32 127.0.0.1 0 32768 ?

• e 10.0.0.4/30 10.0.0.2 0 0 200?

• e 10.0.0.13 0 200 300?

• e 10.0.0.8/30 10.0.0.13 0 0 200?

• 10.0.0.12/30 10.0.0.14 0 32768 ?

• e 10.0.0.13 0 0 200?

• 10.0.0.14/32 127.0.0.1 0 32768 ?
  可以看出as-path-acl过滤了AS300始发的路由，其他的AS始发的路由允许被通过。
  

1. 配置ip-prefix过滤路由并验证
   [RTA]display bgp routing-table ipv4

Total number of routes: 13

BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

 Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

• 1.1.1.1/32 127.0.0.1 0 32768 ?

• e 2.2.2.2/32 10.0.0.2 0 0 200?

• e 3.3.3.3/32 10.0.0.13 0 200 300?

• e 4.4.4.4/32 10.0.0.13 0 0 200?

• 10.0.0.0/30 10.0.0.1 0 32768 ?

• e 10.0.0.2 0 0 200?

• 10.0.0.1/32 127.0.0.1 0 32768 ?

• e 10.0.0.4/30 10.0.0.2 0 0 200?

• e 10.0.0.13 0 200 300?

• e 10.0.0.8/30 10.0.0.13 0 0 200?

• 10.0.0.12/30 10.0.0.14 0 32768 ?

• e 10.0.0.13 0 0 200?

• 10.0.0.14/32 127.0.0.1 0 32768 ?

[RTD]ip prefix-list 10 index 20 permit 0.0.0.0 0 less-equal 32
[RTD]ip prefix-list 10 index 10 deny 4.4.4.4 32
[RTD-bgp-default-ipv4]peer 10.0.0.14 prefix-list 10 export

[RTA]display bgp routing-table ipv4

Total number of routes: 12

BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

 Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

• 1.1.1.1/32 127.0.0.1 0 32768 ?

• e 2.2.2.2/32 10.0.0.2 0 0 200?

• e 3.3.3.3/32 10.0.0.13 0 200 300?

• 10.0.0.0/30 10.0.0.1 0 32768 ?

• e 10.0.0.2 0 0 200?

• 10.0.0.1/32 127.0.0.1 0 32768 ?

• e 10.0.0.4/30 10.0.0.2 0 0 200?

• e 10.0.0.13 0 200 300?

• e 10.0.0.8/30 10.0.0.13 0 0 200?

• 10.0.0.12/30 10.0.0.14 0 32768 ?

• e 10.0.0.13 0 0 200?

• 10.0.0.14/32 127.0.0.1 0 32768 ?

1.RTB不把源自AS300的所有路由发布给其BGP邻居。
可以通过BGP团体属性实现。
2.RTD路由表不存在2.2.2.2/32，因为RTD从RTA和RTC学这条路由的时候，发现是同一AS，就会把该条路由丢弃。

转载于:https://www.cnblogs.com/akiz/p/11148175.html