BGP路由重分发过滤
以下图为例
https://blog.gnuers.org/?attachment_id=1386
){kind=link}
R1 配置
在R1给R2发送路由时,把6.6.6.0/24去掉。对应的配置为
log file /var/log/quagga/bgpd.log
password bgp
router bgp 65001
distance bgp 250 200 150
bgp router-id 10.10.0.22
neighbor 10.10.0.23 remote-as 65010
neighbor 10.10.0.23 password DOCKER
neighbor 10.10.0.23 ebgp-multihop
neighbor 10.10.0.23 prefix-list r1-out out
neighbor 10.10.0.23 next-hop-self
redistribute connected metric 121
access-list all permit any
ip prefix-list r1-out seq 5 permit 4.4.4.0/24
ip prefix-list r1-out seq 6 permit 5.5.5.0/24
!ip prefix-list r1-out seq 10 permit 6.6.6.0/24
ip prefix-list r1-out seq 11 permit 8.8.8.0/24
ip prefix-list r1-out seq 15 permit 100.100.100.0/23 ge 24 le 32
ip prefix-list r1-out seq 25 permit 10.0.0.0/8
ip prefix-list r1-out seq 50 deny any
可以看到R1给R2发送的路由中把本地的 6.6.6.6去掉了
094846cab3a9# show ip bgp neighbors 10.10.0.23 advertised-routes
BGP table version is 0, local router ID is 10.10.0.22
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 10.10.0.22 121 32768 ?
*> 5.5.5.0/24 10.10.0.22 121 32768 ?
*> 8.8.8.0/24 10.10.0.22 121 32768 ?
*> 100.100.100.1/32 10.10.0.22 121 32768 ?
Total number of prefixes 4
R2配置
log file /var/log/quagga/bgpd.log
password bgp
router bgp 65010
distance bgp 250 200 150
bgp router-id 10.10.0.23
neighbor 10.10.0.22 remote-as 65001
neighbor 10.10.0.24 remote-as 65002
neighbor 10.10.0.22 password DOCKER
neighbor 10.10.0.24 password DOCKER
neighbor 10.10.0.22 prefix-list from-r1-in in
neighbor 10.10.0.22 ebgp-multihop
neighbor 10.10.0.24 ebgp-multihop
neighbor 10.10.0.22 next-hop-self
neighbor 10.10.0.24 next-hop-self
redistribute connected metric 121
access-list all permit any
ip prefix-list from-r1-in seq 5 permit 4.4.4.0/24
ip prefix-list from-r1-in seq 6 permit 5.5.5.0/24
!ip prefix-list from-r1-in seq 11 permit 8.8.8.0/24
ip prefix-list from-r1-in seq 15 permit 100.100.100.0/24 le 32
ip prefix-list from-r1-in seq 20 permit 10.0.0.0/8
ip prefix-list from-r1-in seq 50 deny any
R2 上查看从R1接受到的路由无8.8.8.8
05fe39a5b056# show ip bgp neighbors 10.10.0.22 routes
BGP table version is 0, local router ID is 10.10.0.23
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.0/24 10.10.0.22 121 0 65001 ?
*> 5.5.5.0/24 10.10.0.22 121 0 65001 ?
*> 100.100.100.1/32 10.10.0.22 121 0 65001 ?
Displayed 3 out of 9 total prefixes
R2如果想用route-map做控制,相应的配置如下
log file /var/log/quagga/bgpd.log
password bgp
router bgp 65010
distance bgp 250 200 150
bgp router-id 10.10.0.23
neighbor 10.10.0.22 remote-as 65001
neighbor 10.10.0.24 remote-as 65002
neighbor 10.10.0.22 password DOCKER
neighbor 10.10.0.24 password DOCKER
neighbor 10.10.0.22 route-map myfilter in
neighbor 10.10.0.22 ebgp-multihop
neighbor 10.10.0.24 ebgp-multihop
neighbor 10.10.0.22 next-hop-self
neighbor 10.10.0.24 next-hop-self
redistribute connected metric 121
access-list all permit any
ip prefix-list from-r1-in seq 5 permit 4.4.4.0/24
ip prefix-list from-r1-in seq 6 permit 5.5.5.0/24
ip prefix-list from-r1-in seq 15 permit 100.100.100.0/24 le 32
ip prefix-list from-r1-in seq 20 permit 10.0.0.0/8
##因为route-map是默认deny的,未匹配的都被deny了。
route-map myfilter permit 10
match ip address prefix-list from-r1-in
R3配置
log file /var/log/quagga/bgpd.log
password bgp
router bgp 65002
distance bgp 250 200 150
bgp router-id 10.10.0.24
neighbor 10.10.0.23 remote-as 65010
neighbor 10.10.0.23 password DOCKER
neighbor 10.10.0.23 ebgp-multihop
neighbor 10.10.0.23 next-hop-self
redistribute connected metric 121
access-list all permit any