23 import&export-map

import-map

export-map

rt的控制

有选择性的导入

用附加的条件去导入路由

有选择性去导出路由

用附加的rt属性去导出路由

vrf route limit

路由限制可以定义最大的路由条目以防止内存耗尽以及dos攻击

vrf import criteria might be more specific than just the match on the rt-for example:

import only routes with specific bgp attributes(communit,and so on)

import routes with specific prefixes or subnet masks (only loopback addresses).

在vrf中用route-map去导入特定路由

router(config-vrf)#

import map route-map

this command attaches a route map to the vrf import process.

import map是在收下所有路由之后再进行过滤,不是对rt做过滤,其本质是对路由条目进行过滤.

ip vrf site_a

rd 115:317

import map rtmap

route-target both 115:317

access-list 20 permit 192.168.30.0 0.0.0.255

route-map rtmap permit 10

match ip address 20

192.168.31.3匹配了rt值但是没有通过import map检查.不会影响vpnv4路由,但影响vrf路由表

路由器条目在导出时可以携带不同同的rt值(可以修改或者追加)

an example would be export management routes with partcular rts.

an export route map can be configured on a vrf:

该route-map可以设定扩展属性rt

no other set operations can be performed by this route map.

router(config)#

route-map name permit seq

match condition

set extcommunity rt extended-community-value [additive]

this command creates a route map that matches routes based on any route map conditions and sets rts.

针对某些条件修改或者追加rt

router(config-vrf)#

export map name

应用到vrf下

all exported routes always get rts configured with the route-target export command in the vrf.

a route that is matche by the export route map will have additional rts attached.

ip vrf site_a

rd 115:317

export map rtmap

route-target both 115:317

access-list 10 permit 192.168.30.0 0.0.0.255

route-map rtmap permit 20

match ip address 10

set extcommunity rt 115:273 additive

针对acl10导出rt时附加上115:273的rt值,对端pe可以import115:273以收取该条路由

mpls vpn_rr+osf&gbp实验继续:

import-map实验:

r6:

traceroute 77.1.1.1

show ip route bgp(下一跳全部是r1)

r1:

ip access-list standard 10

permit 88.1.1.0 0.0.0.255(仅仅匹配了88.1.1.0路由,其他路由全部deny)

route-map yeslab

match ip address 10

ip vrf a

import map yeslab

clear ip bgp * soft

show ip vrf a

r6:

show ip route bgp(除了88.1.1.0路由选择r1,其他路由全部选择r2)

r1:

show ip vrf detail

r6:

show ip bgp

export-map实验:r2:

ip access-list standard 1

permit 66.1.1.0 0.0.0.255

route-map rt

match ip address 1

set extcommunity rt 100:2

ip vrf a

export map rt(为66.1.1.0路由增加一个额外的rt值)

r5:

ip vrf a

route-target import 100:2(设置让r5接收100:2的rt值的路由)

r4:

ip vrf a

no route-target import

clear ip bgp * soft

r5:

ip vrf a

no route-target import 1:1