1.过滤BGP路由的方法
2.用AS-path filter控制路由
3.用Community Filter控制路由
enable
conf t
no ip do lo
enable pass cisco
line con 0
logg sync
exec-t 0 0
exit
line vty 0 4
pass cisco
logg sync
exit
host
1.过滤BGP路由的方法
--------------------------------------------------------------------------
多种过滤BGP路由的方法:
直接调用前缀列表过滤路由,neighbor x.x.x.x prefix-list xx
用Distribute-list 加前缀或访问控制列表过滤
针对某个邻居:nenighbor x.x.x.x distribute-list + 前缀/访问列表
针对所有邻居:distribute-list + 前缀/访问列表
用route-map过滤,neighbor x.x.x.x route-map
每种过滤的方法都可以用于in和out两个方向。
R1:
int f0/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
int f1/0
ip add 14.1.1.1 255.255.255.0
no shut
exit
int f2/0
ip add 13.1.1.1 255.255.255.0
no shut
exit
router bgp 100
bgp router-id 11.1.1.1
neighbor 12.1.1.2 remote-as 200
neighbor 13.1.1.3 remote-as 300
neighbor 14.1.1.4 remote-as 400
exit
R2:
int f0/0
ip add 12.1.1.2 255.255.255.0
no shut
exit
router bgp 200
bgp router-id 22.1.1.1
neighbor 12.1.1.1 remote-as 100
exit
R3:
int f0/0
ip add 13.1.1.3 255.255.255.0
no shut
exit
router bgp 300
bgp router-id 33.1.1.1
neighbor 13.1.1.1 remote-as 100
exit
R4:
int f0/0
ip add 14.1.1.4 255.255.255.0
no shut
exit
router bgp 400
bgp router-id 44.1.1.1
neighbor 14.1.1.1 remote-as 100
exit
R2:
int l0
ip add 100.1.0.1 255.255.255.0
exit
int l1
ip add 100.1.1.1 255.255.255.0
exit
int l2
ip add 100.1.2.1 255.255.255.0
exit
int l3
ip add 100.1.3.1 255.255.255.0
exit
router bgp 200
network 100.1.0.0 mask 255.255.255.0
network 100.1.1.0 mask 255.255.255.0
network 100.1.2.0 mask 255.255.255.0
network 100.1.3.0 mask 255.255.255.0
exit
R3:
int l0
ip add 100.1.0.1 255.255.255.128
exit
int l1
ip add 100.1.1.1 255.255.255.128
exit
int l2
ip add 100.1.2.1 255.255.255.128
exit
int l3
ip add 100.1.3.1 255.255.255.128
exit
router bgp 300
network 100.1.0.0 mask 255.255.255.128
network 100.1.1.0 mask 255.255.255.128
network 100.1.2.0 mask 255.255.255.128
network 100.1.3.0 mask 255.255.255.128
exit
R4:
int l0
ip add 100.1.0.1 255.255.255.192
exit
int l1
ip add 100.1.1.1 255.255.255.192
exit
int l2
ip add 100.1.2.1 255.255.255.192
exit
int l3
ip add 100.1.3.1 255.255.255.192
exit
router bgp 300
network 100.1.0.0 mask 255.255.255.192
network 100.1.1.0 mask 255.255.255.192
network 100.1.2.0 mask 255.255.255.192
network 100.1.3.0 mask 255.255.255.192
exit
R1:
show ip bgp
-------------------------------------------------------------------
R1:
ip prefix-list yeslab deny 100.1.0.0/22 ge 24 le 24
/22表示要匹配前缀100.1.0.0的前22位,而第23位和24位可以任意值。
当没有配置ge和le,表示掩码长度等于/length
当配置了ge,没有配置le,表示掩码长度大于等于ge-length,小于等于32
当没有配置ge,但配置了le,表示掩码长度大于等于network-length,小于等于le-length
当同时配置了ge和le,表示前缀长度大于等于ge-length,小于等于le-length
router bgp 100
neighbor 12.1.1.2 prefix-list yeslab in
exit
clear ip bgp * soft in
show ip bgp
------------------------------------------------------------------
R1:
router bgp 100
no neighbor 12.1.1.2 prefix-list yeslab in
distribute-list prefix yeslab in
exit
clear ip bgp * soft in
show ip bgp
------------------------------------------------------------------
R1:
access-list 100 deny ip 100.1.0.0 0.0.3.0 host 255.255.255.0
access-list permit ip any any
以上host前面部分匹配前缀,后面部分匹配掩码长度
router bgp 100
no distribute-list prefix yeslab in
distribute-list 100 in
exit
clear ip bgp * soft in
show ip bgp
---------------------------------------------------------------------
R1:
router bgp 100
no distribute-list 100 in
neighbor 12.1.1.2 distribute-list 100 in
exit
clear ip bgp * soft in
show ip bgp
