汇总设置:
1.bgp是无类路由协议,支持VLSM,但会要求最长匹配,一般它默认启动自动汇总的,但我们要求关闭自动汇总,不然就会像EIGRP那样出现问题,命令:
no auto-summary
2.手工汇总方法1:
1) network 汇总路由 mask 汇总后的子网掩码
2) ip route 汇总路由 汇总后的子网掩码 null0
network命令本身不能汇总路由,它只是把经过igp汇总后的路由发布出去,然后还要手工指定一条静态汇总路由,指向null接口,不仅发布汇总路由,也会把具体的路由发布出去,如果不想把具体路由发布出去,需要路由过滤。
3.手工汇总方法2:
aggregate-address ip地址 子网掩码 参数
参数:
summary-only:只发送汇总的路由,具体的路由不会发布出去
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
1.bgp是无类路由协议,支持VLSM,但会要求最长匹配,一般它默认启动自动汇总的,但我们要求关闭自动汇总,不然就会像EIGRP那样出现问题,命令:
no auto-summary
2.手工汇总方法1:
1) network 汇总路由 mask 汇总后的子网掩码
2) ip route 汇总路由 汇总后的子网掩码 null0
network命令本身不能汇总路由,它只是把经过igp汇总后的路由发布出去,然后还要手工指定一条静态汇总路由,指向null接口,不仅发布汇总路由,也会把具体的路由发布出去,如果不想把具体路由发布出去,需要路由过滤。
3.手工汇总方法2:
aggregate-address ip地址 子网掩码 参数
参数:
summary-only:只发送汇总的路由,具体的路由不会发布出去
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
B 199.1.3.0/24 [20/0] via 192.1.1.1, 00:00:09 //要汇总的条目
B 199.1.2.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.1.0/24 [20/0] via 192.1.1.1, 00:00:09
C 193.1.1.0/24 is directly connected, Ethernet0
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.4.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09 //这是汇总之后的路由
加入参数后
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
B 199.1.2.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.1.0/24 [20/0] via 192.1.1.1, 00:00:09
C 193.1.1.0/24 is directly connected, Ethernet0
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.4.0/24 [20/0] via 192.1.1.1, 00:00:09
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09 //这是汇总之后的路由
加入参数后
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 193.1.1.0/24 is directly connected, Ethernet0
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09
C 192.1.1.0/24 is directly connected, Serial1
B 199.1.0.0/22 [20/0] via 192.1.1.1, 00:00:09
r1#show ip bgp
BGP table version is 18, local router ID is 192.168.194.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 18, local router ID is 192.168.194.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.1.1.0 0.0.0.0 0 32768 ?
*> 193.1.1.0 0.0.0.0 2 32768 ?
s> 199.1.2.0 0.0.0.0 0 32768 ? //抑制住的路由
*> 192.168.192.0/21 0.0.0.0 32768 i
s> 199.1.1.0 0.0.0.0 0 32768 ?
s> 199.1.3.0 0.0.0.0 0 32768 ?
s> 199.1.4.0 0.0.0.0 2 32768 ?
*> 192.1.1.0 0.0.0.0 0 32768 ?
*> 193.1.1.0 0.0.0.0 2 32768 ?
s> 199.1.2.0 0.0.0.0 0 32768 ? //抑制住的路由
*> 192.168.192.0/21 0.0.0.0 32768 i
s> 199.1.1.0 0.0.0.0 0 32768 ?
s> 199.1.3.0 0.0.0.0 0 32768 ?
s> 199.1.4.0 0.0.0.0 2 32768 ?
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.192.0/21 10.1.1.9 100 0 {50,200} i
*> 200.200.200.0 0.0.0.0 0 32768 i
修改加参数:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 as-set summary-only advertise-map cisco
......
!
ip as-path access-list 1 permit ^200$
!
route-map cisco permit 10
match as-path 1
!
*>i192.168.192.0/21 10.1.1.9 100 0 {50,200} i
*> 200.200.200.0 0.0.0.0 0 32768 i
修改加参数:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 as-set summary-only advertise-map cisco
......
!
ip as-path access-list 1 permit ^200$
!
route-map cisco permit 10
match as-path 1
!
r4#show ip bgp
BGP table version is 17, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 17, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.192.0/21 10.1.1.9 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
*>i192.168.192.0/21 10.1.1.9 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
suppress-map:抑制汇总路由指定的条目
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
!
access-list 1 permit 192.168.195.0
access-list 1 permit 192.168.197.0
route-map supmap permit 10
match ip address 1
!
r3#show ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
!
access-list 1 permit 192.168.195.0
access-list 1 permit 192.168.197.0
route-map supmap permit 10
match ip address 1
!
r3#show ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
----------------------------------------------------------------------------------
路由策略:
1.distribute-list过滤列表
命令:
neighbor 邻居 distribute-list 访控号 [in | out]
router bgp 100
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 distribute-list 1 out
......
!
access-list 1 deny 192.168.196.0
access-list 1 permit any
*> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
----------------------------------------------------------------------------------
路由策略:
1.distribute-list过滤列表
命令:
neighbor 邻居 distribute-list 访控号 [in | out]
router bgp 100
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 distribute-list 1 out
......
!
access-list 1 deny 192.168.196.0
access-list 1 permit any
2.prefix-list前缀列表过滤
命令:
ip prefix-list 列表号 [seq 序号] {deny | permit} 网络号/len匹配长度 [ge 最小匹配值] [le 最大匹配值]
其中:
len < ge <= le
如果存在ge和le,则len匹配长度将会被忽略
应用:
neighbor 邻居 prefix-list 名称 [in | out]
注意:prefix-list和distribute-list不能同时应用在同一个邻居上,但distribute-list可以调用prefix-list定义的列表
例如:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 prefix-list cisco out
......
!
ip prefix-list cisco seq 5 permit 192.168.192.0/21 ge 22 le 24
命令:
ip prefix-list 列表号 [seq 序号] {deny | permit} 网络号/len匹配长度 [ge 最小匹配值] [le 最大匹配值]
其中:
len < ge <= le
如果存在ge和le,则len匹配长度将会被忽略
应用:
neighbor 邻居 prefix-list 名称 [in | out]
注意:prefix-list和distribute-list不能同时应用在同一个邻居上,但distribute-list可以调用prefix-list定义的列表
例如:
router bgp 100
aggregate-address 192.168.192.0 255.255.248.0 suppress-map supmap
neighbor 10.1.1.1 remote-as 50
neighbor 10.1.1.5 remote-as 200
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 prefix-list cisco out
......
!
ip prefix-list cisco seq 5 permit 192.168.192.0/21 ge 22 le 24
r3#show ip bgp
BGP table version is 17, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 17, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
s> 192.168.192.0 10.1.1.1 0 0 50 i
*> 192.168.192.0/21 0.0.0.0 32768 i
*> 192.168.193.0 10.1.1.1 0 0 50 i
*> 192.168.194.0 10.1.1.1 0 0 50 i
*> 192.168.196.0 10.1.1.5 0 0 200 i
s> 192.168.197.0 10.1.1.5 0 0 200 i
*> 192.168.198.0 10.1.1.5 0 0 200 i
*>i200.200.200.0 10.1.1.10 0 100 0 i
3.AS-PATH过滤
命令:
ip as-path access-list 编号 { permit | deny } 正则表达式
其中表达式的原则:
. 任何单一字符,包括空格
[] 在方括号中罗列的任何字符
[^] 除了在方括号中所罗列字符外的任何字符(^必须放在字符列表之前)
- (连字符)在由连字符所分配的两个字符之间的任意字符
? 字符或模式出现 0次或 1次
* 字符或模式出现 0次或多次
+ 字符或模式出现 1次或多次
^ 一行的开始
$ 一行的结束
| 由元字符特殊字符分隔的字之一
_ (下划线)一个逗号,行的开始,行的结束或空格
例如:
ip as-path access-list 1 permit ^(850|860)*$
将在AS-PATH中匹配重复多次的AS号为850或860列表,如(850),(850,850,850),(850,850,888)或(860),(860,860,860)等
应用:
neighbor 邻居 filter-list as-path定义的编号 [ in | out ]
案例:
r4#show ip bgp
BGP table version is 16, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
命令:
ip as-path access-list 编号 { permit | deny } 正则表达式
其中表达式的原则:
. 任何单一字符,包括空格
[] 在方括号中罗列的任何字符
[^] 除了在方括号中所罗列字符外的任何字符(^必须放在字符列表之前)
- (连字符)在由连字符所分配的两个字符之间的任意字符
? 字符或模式出现 0次或 1次
* 字符或模式出现 0次或多次
+ 字符或模式出现 1次或多次
^ 一行的开始
$ 一行的结束
| 由元字符特殊字符分隔的字之一
_ (下划线)一个逗号,行的开始,行的结束或空格
例如:
ip as-path access-list 1 permit ^(850|860)*$
将在AS-PATH中匹配重复多次的AS号为850或860列表,如(850),(850,850,850),(850,850,888)或(860),(860,860,860)等
应用:
neighbor 邻居 filter-list as-path定义的编号 [ in | out ]
案例:
r4#show ip bgp
BGP table version is 16, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*>i192.168.196.0 10.1.1.9 0 100 0 200 i
*>i192.168.198.0 10.1.1.9 0 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
r3上修改
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 filter-list 1 out
no auto-summary
!
ip as-path access-list 1 permit ^50$ //只允许as号为50的通过
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*>i192.168.196.0 10.1.1.9 0 100 0 200 i
*>i192.168.198.0 10.1.1.9 0 100 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
r3上修改
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 filter-list 1 out
no auto-summary
!
ip as-path access-list 1 permit ^50$ //只允许as号为50的通过
r4#show ip bgp
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
4.route-map过滤:
命令:
route-map 名称 [permit | deny ] 编号
match 匹配
应用:
neighbor 邻居 route-map 名称
案例:
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 route-map mapcisco out
no auto-summary
!
ip as-path access-list 1 permit ^50$
access-list 1 permit 192.168.193.0
access-list 1 permit 192.168.195.0
route-map mapcisco permit 10
match ip address 1
命令:
route-map 名称 [permit | deny ] 编号
match 匹配
应用:
neighbor 邻居 route-map 名称
案例:
router bgp 100
......
neighbor 10.1.1.10 remote-as 100
neighbor 10.1.1.10 next-hop-self
neighbor 10.1.1.10 send-community
neighbor 10.1.1.10 route-map mapcisco out
no auto-summary
!
ip as-path access-list 1 permit ^50$
access-list 1 permit 192.168.193.0
access-list 1 permit 192.168.195.0
route-map mapcisco permit 10
match ip address 1
r4#show ip bgp
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 22, local router ID is 200.200.200.201
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
----------------------------------------------------------------------------------
*>i192.168.193.0 10.1.1.9 0 100 0 50 i
*>i192.168.194.0 10.1.1.9 0 100 0 50 i
*> 200.200.200.0 0.0.0.0 0 32768 i
----------------------------------------------------------------------------------
转载于:https://blog.51cto.com/hellome/31194