BGP community和联邦实验
Lab Community(可选传递属性)
一个对BGP路由进行标记的32bit的数值!
分为标准和扩展两种
一、标准community为ipv4前缀作标记又分为以下两种
<1>well-know communities(熟知团体),包括以下4种
NO_EXPORT = 0xFFFFFFF01----不传出大AS(如果接收到的路由携带该数值,不通告到EBGP对等体。如果配置了联盟,则不能将此路由宣告到联盟之外。)
LOCAL_AS = 0xFFFFFFF03----不传出小AS
NO_ASVERTISE = 0xFFFFFFF02----不通告出本路由器
INTERNET = 0
<2>Private communities(私有团体):通常需要用一种新的格式表示(即aa:nn,其中aa用来表示一个AS号,nn表示一个任意的16位数字以标识一个路由选择策略或管理策略)
command:ip bgp-community new-format
二、扩展community是为vpnv4/vpnv6路由做标记
<1>RT
<2>SoO(Site of Origin / 站点起源)—— 用来标识客户站点,防止从某一点离开该站点又从另外一个点被发送回同一站点——set extcommunity soo
10.1.1.0/24-------no advertise
100.1.1.1/24------local-as
200.1.1.0/24------no export
1.底层配置
2.2/3/4 IGP (OSPF)
3.BGP
4.通告路由
5.R1出向配置community(R1并且要对R2邻居send-community,因为community是可选传递属性,需要手工指定邻居发送)
ip prefix-list F1-10 seq 5 permit 10.1.1.0/24
!
ip prefix-list F1-100 seq 5 permit 100.1.1.0/24
!
ip prefix-list F1-200 seq 5 permit 200.1.1.0/24
!
route-map F1 permit 10
match ip address prefix-list F1-10
set community no-advertise
!
route-map F1 permit 20
match ip address prefix-list F1-100
set community local-AS
!
route-map F1 permit 30
match ip address prefix-list F1-200
set community no-export
6.R2对R3,R3对R4 sent-community
7.R4对R5 sent-community
9.可以用community-list匹配community值ip community-list 1 permit 2:2
10.在R5上使用filter-list 入方向
第5步作完之后,R3只能受到100.1.1.0/24和200.1.1.0/24,在R3上查看community并不携带community值,需要使用命令
nei 3.3.3.3 send-community,是因为community作为可选传递属性,所以需要手工设置该值传递
做完第6步之后R4只有200.1.1.0/24条目,因为100.1.1.0/24是local-as,则不能传出小AS号(即是联邦内的AS号)
因此R5没有收到任何一条路由,因为no export是不传出大AS号
可以使用ip bgp new-format进行换算数值,set community 2:2
ip as-path access-list 1 deny _1$ (表示以as-path 1结尾的)
ip as-path access-list 1 permit * (*表示所有)
ip as-path access-list 1 permit ^100$ (表示AS 100)
neighbor 45.1.1.4 filter-list in
R1================================
hostname R1
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Loopback1
ip address 100.1.1.1 255.255.255.0
!
interface Loopback2
ip address 200.1.1.1 255.255.255.0
!
interface Ethernet0/0
no ip address
no shut
!
interface Ethernet0/0.12
encapsulation dot1Q 12
ip address 12.1.1.1 255.255.255.0
!
!
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
network 100.1.1.0 mask 255.255.255.0
network 200.1.1.0
neighbor 12.1.1.2 remote-as 200
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
exception data-corruption buffer truncate
end
R2====================================
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone EST -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip source-route
!
!
!
!
ip cef
no ip domain lookup
no ipv6 traffic interface-statistics
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
no ip address
no shut
!
interface Ethernet0/0.12
encapsulation dot1Q 12
ip address 12.1.1.2 255.255.255.0
!
interface Ethernet0/0.23
encapsulation dot1Q 23
ip address 23.1.1.2 255.255.255.0
!
!
router ospf 100
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 23.1.1.2 0.0.0.0 area 0
!
router bgp 65512
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200
neighbor 3.3.3.3 remote-as 65512
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 12.1.1.1 remote-as 100
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
exception data-corruption buffer truncate
end
R3======================================
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone EST -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip source-route
!
!
!
!
ip cef
no ip domain lookup
no ipv6 traffic interface-statistics
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
no ip address
no shut
!
interface Ethernet0/0.23
encapsulation dot1Q 23
ip address 23.1.1.3 255.255.255.0
!
interface Ethernet0/0.34
encapsulation dot1Q 34
ip address 34.1.1.3 255.255.255.0
!
!
router ospf 100
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 23.1.1.3 0.0.0.0 area 0
!
router bgp 65512
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200
bgp confederation peers 65513
neighbor 2.2.2.2 remote-as 65512
neighbor 2.2.2.2 update-source Loopback0
neighbor 2.2.2.2 next-hop-self
neighbor 34.1.1.4 remote-as 65513
neighbor 34.1.1.4 next-hop-self
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
exception data-corruption buffer truncate
end
R4==============================
hostname R4
!
no aaa new-model
clock timezone EST -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip source-route
!
!
!
!
ip cef
no ip domain lookup
no ipv6 traffic interface-statistics
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
no ip address
no shut
!
interface Ethernet0/0.34
encapsulation dot1Q 34
ip address 34.1.1.4 255.255.255.0
!
interface Ethernet0/0.45
encapsulation dot1Q 45
ip address 45.1.1.4 255.255.255.0
!
!
router bgp 65513
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 200
bgp confederation peers 65512
neighbor 34.1.1.3 remote-as 65512
neighbor 34.1.1.3 next-hop-self
neighbor 45.1.1.5 remote-as 300
no auto-summary
!
ip forward-protocol nd
R5=============================================
hostname R5
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0/0
no ip address
no shut
!
interface Ethernet0/0.45
encapsulation dot1Q 45
ip address 45.1.1.5 255.255.255.0
!
!
router bgp 300
no synchronization
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
neighbor 45.1.1.4 remote-as 200
no auto-summary