BGP前缀过滤(正则表达式)
BGP的正则表达式一般用在as-path中,常用的如下:
.(点):表示匹配任意一个字符,包括空格。
*:表示匹配零个或多个模式的出现。即前一个字符出现0次或多次。
+:表示匹配一个或多个模式的出现。即前一个字符出现1次或多次。
?:表示匹配零个或一个模式的出现。即前一个字符出现0次或一次。
^:表示匹配字符串的开始。
$:表示匹配字符串的结束。
_(下划线):匹配逗号、左大括号、右大括号、左小括号、右小括号、字符串的开始、字符串的结束或空格.
[]:匹配中括号中的任意字符之一。如[AB],则表示匹配A或B
|:匹配其中之一。如A|B,则表示匹配A或B。
-:表示的是范围。如[1-3],则表示匹配的是1、2、3中的单个字符。
有的时候,我们需要根据需求去过滤某些从其他AS学习来的BGP前缀,不传递到自己的peer。例如如下如:AS4上不需要学习AS1和AS12学习来的1.1.1.1/24、2.2.2.2/24和10.1.1.0/24
我们可以在R3上看出,邻居建立完成。
R3#sho ip b summ
BGP router identifier 3.3.3.3, local AS number 3
BGP table version is 6, main routing table version 6
5 network entries using 585 bytes of memory
5 path entries using 260 bytes of memory
5/4 BGP path/bestpath attribute entries using 620 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1537 total bytes of memory
BGP activity 5/0 prefixes, 5/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
13.1.1.1 4 1 19 22 6 0 0 00:14:13 2
23.1.1.2 4 12 18 22 6 0 0 00:14:10 1
34.1.1.4 4 4 18 18 6 0 0 00:14:16 1
且在R3上可以看到从AS1和AS12学习来的BGP前缀。
R3#sho ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 13.1.1.1 0 0 1 i <<<<<<<
*> 2.2.2.0/24 23.1.1.2 0 0 12 i <<<<<<<<<
*> 3.3.3.0/24 0.0.0.0 0 32768 i
*> 4.4.4.0/24 34.1.1.4 0 0 4 i
*> 10.1.1.0/24 13.1.1.1 0 0 1 i <<<<<<<<<<
此时在R4上也可以看到对应的BGP前缀:
R4#sho ip bgp
BGP table version is 6, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 34.1.1.3 0 3 1 i
*> 2.2.2.0/24 34.1.1.3 0 3 12 i
*> 3.3.3.0/24 34.1.1.3 0 0 3 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
*> 10.1.1.0/24 34.1.1.3 0 3 1 i
此时可以使用多种方式过滤,下列是使用route-map匹配local产生的BGP前缀的方式:
R3#sho run | s route-map
neighbor 34.1.1.4 route-map cisco out
route-map cisco permit 10
match route-type local
R3#sho run | s r b
router bgp 3
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.0 mask 255.255.255.0
neighbor 13.1.1.1 remote-as 1
neighbor 23.1.1.2 remote-as 12
neighbor 34.1.1.4 remote-as 4
neighbor 34.1.1.4 route-map cisco out
no auto-summary
显示效果如下:
R4#cle ip b * soft
R4#sho ip bgp
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.0/24 34.1.1.3 0 0 3 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
其他的两种方式:
在R3上配置:
1、直接使用filter-list调用as-path access-list
R3(config)#ip as-path access-list 1 permit ^$
R3(config)#router bgp 3
R3(config-router)#nei 34.1.1.4 filter-list 1 out
PS:也可以使用route-map匹配as-path access-list:
R3(config)#route-map Test per 10
R3(config-route-map)#match as-path 1
R3(config-route-map)#exit
R3(config)#router bgp 3
R3(config-router)#nei 34.1.1.4 route-map Test out
2、使用deny不需要的AS的前缀,然后permit所有。
R3(config)#ip as-path access-list 1 deny _1_
R3(config)#ip as-path access-list 1 deny _12_
R3(config)#ip as-path access-list 1 permit .*
R3(config)#router bgp 3
R3(config-router)#nei 34.1.1.4 filter-list 1 out
Other:测试正则表达式匹配的前缀:
命令
R3#sho ip bg regexp ?
LINE A regular-expression to match BGP AS paths. Use "ctrl-v ?" to enter "?"
R3#sho ip bgp ?
A.B.C.D IP prefix <network>/<length>, e.g., 35.0.0.0/8
A.B.C.D Network in the BGP routing table to display
all All address families
cidr-only Display only routes with non-natural netmasks
community Display routes matching the communities
community-list Display routes matching the community-list
dampening Display detailed information about dampening
extcommunity-list Display routes matching the extcommunity-list
filter-list Display routes conforming to the filter-list
inconsistent-as Display only routes with inconsistent origin ASs
injected-paths Display all injected paths
ipv4 Address family
ipv6 Address family
labels Display Labels for IPv4 NLRI specific information
neighbors Detailed information on TCP and BGP neighbor connections
nsap Address family
oer-paths Display all oer controlled paths
paths Path information
peer-group Display information on peer-groups
pending-prefixes Display prefixes pending deletion
prefix-list Display routes matching the prefix-list
quote-regexp Display routes matching the AS path "regular expression"
regexp Display routes matching the AS path regular expression
replication Display replication status of update-group(s)
rib-failure Display bgp routes that failed to install in the routing
table (RIB)
route-map Display routes matching the route-map
summary Summary of BGP neighbor status
template Display peer-policy/peer-session templates
update-group Display information on update-groups
vpnv4 Address family
| Output modifiers
<cr>