目录
BGP的路由过滤
1,通过路由策略来进行过滤
2,通过前缀列表进行过滤
3,通过filter-policy来进行过滤
BGP的社团属性
公有的社团属性
配置社团属性的策略:
自定义社团属性:
BGP的路由过滤
1,通过路由策略来进行过滤
1,抓取流量
[r1]ip ip-prefix aa permit 172.16.1.0 24
2,配置路由策略
[r1]route-policy aa deny node 10
Info: New Sequence of this List.
[r1-route-policy]if-match ip-prefix aa
[[r1]route-policy aa permit node 20
Info: New Sequence of this List.
3,在BGP进程中进行调用
[r1-bgp]peer 12.0.0.2 route-policy aa export
2,通过前缀列表进行过滤
1,配置前缀列表
[r1]ip ip-prefix bb deny 172.16.2.0 24
[r1]ip ip-prefix bb permit 0.0.0.0 0 less-equal 32
2,在BGP进程中进行调用
[r1-bgp]peer 12.0.0.2 ip-prefix bb export
3,通过filter-policy来进行过滤
1,配置ACL列表 --- 在BGP中调用过滤策略时,他只能调用ACL列表,所以我们必须使用ACL列表来抓取流量
[r2-acl-basic-2000]rule deny source 172.16.3.0 0 --- ACL列表在抓取流量时,因为过滤策略本身没有拒绝动作,所以,动作必须选择拒绝
[r2-acl-basic-2000]rule permit source any
2,在BGP进程中调用
[r2-bgp]peer 12.0.0.1 filter-policy 2000 import
BGP的社团属性
BGP的社团属性就类似于路由的一个标记,本质上由32位二进制构成 --- 1,直接使用十进制来标志;2,十六位二进制:十六位二进制 ---- 一条BGP路由当中不一定只打一个社团属性,可以打多个。
公有的社团属性
1,0X00000000 --- “Internet” --- 默认情况下,所有的BGP路由缺省属于这个社团当中,即抓取社团属性为0的路由将会抓到所有的BGP路由。
2,0XFFFFFF02 --- “no - advertise” --- 如果将某条BGP路由打上这个社团属性,则这条路由将不会被通告给自己的任何BGP对等体。
3,0XFFFFFF01 --- “no - export” --- 如果将某条BGP路由打上这个社团属性,则这条路由将不会被通告给自己的任何EBGP对等体。(这个不通告不包括联邦的EBGP对等体)
4,0XFFFFFF03 --- “no - export - subconfed” --- 如果将某条BGP路由打上这个社团属性,则这条路由将不会被通告给自己的任何EBGP对等体,包含联邦的EBGP对等体
配置社团属性的策略:
[r1]route-policy com permit node 10
[r1-route-policy]apply community ?
INTEGER<0-4294967295> Specify community number
STRING<3-11> Specify aa<0-65535>:nn<0-65535>
internet Internet(well-known community attributes)
no-advertise Do not advertise to any peer (well-known community attributes)
no-export Do not export to external peers(well-known community attributes)
no-export-subconfed Do not send outside a sub-confederation(well-known community attributes)
none No community attribute
[r1-route-policy]apply community no-advertise
[r1-bgp]peer 12.0.0.2 route-policy com export --- 在BGP进程中调用
[r1-bgp]peer 12.0.0.2 advertise-community ---- 在进程中开启社团属性的传递性,华为默认关闭了其传递性。
自定义社团属性:
1,做路由策略
[r1]route-policy com1 permit node 10
Info: New Sequence of this List.
[r1-route-policy]apply community ?
INTEGER<0-4294967295> Specify community number
STRING<3-11> Specify aa<0-65535>:nn<0-65535>
internet Internet(well-known community attributes)
no-advertise Do not advertise to any peer (well-known community attributes)
no-export Do not export to external peers(well-known community attributes)
no-export-subconfed Do not send outside a sub-confederation(well-known community attributes)
none No community attribute
[r1-route-policy]apply community 1:11
2,在发布路由时调用路由策略
[r1-bgp]network 172.16.4.0 24 route-policy com2
3,根据社团属性抓取流量
使用社团属性过滤器来抓取 --- community-filter
[r1]ip community-filter 1 permit 1:11
4,根据抓取到的流量配置策略
[r1]route-policy aaa deny node 10
Info: New Sequence of this List.
[r1-route-policy]if-match community-filter 1
[r1-route-policy]q
[r1]route-policy aaa permit node 20
Info: New Sequence of this List.
[r1-route-policy]if-match community-filter 2
[r1-route-policy]ap
[r1-route-policy]apply community no-export ?
INTEGER<0-4294967295> Specify community number
STRING<3-11> Specify aa<0-65535>:nn<0-65535>
additive Add to the existing community
internet Internet(well-known community attributes)
no-advertise Do not advertise to any peer (well-known community attributes)
no-export Do not export to external peers(well-known community attributes)
no-export-subconfed Do not send outside a sub-confederation(well-known community attributes)
<cr> Please press ENTER to execute command
[r1-route-policy]apply community no-export additive --- 在原有社团属性的基础上增加社团属性
[r1-route-policy]q
[r1]route-policy aaa permit node 30
Info: New Sequence of this List.
5,在BGP进程中调用路由策略
[r1-bgp]peer 12.0.0.2 route-policy aaa export
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
