组网需求
如图,AR1与AR2、AR2与AR3之间建立EBGP连接。用户希望AS10的设备和AS30的设备无法相互通信。公众号同名
配置思路
采用如下思路配置BGP的AS_Path过滤器:
- 在AR1和AR2间、AR2和AR3之间分别配置EBGP连接,并引入直连路由,使AS之间通过EBGP连接实现相互通信。
- 在AR2上配置AS_Path过滤器,并应用该过滤规则,使AS20不向AS10发布AS30的路由,也不向AS30发布AS10的路由。
操作步骤
配置IP
AR1
<Huawei>sys [Huawei]sys AR1 [AR1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip add 12.12.12.1 24 [AR1-GigabitEthernet0/0/0]q [AR1]int lo1 [AR1-LoopBack1]ip add 1.1.1.1 24 [AR1-LoopBack1]q
AR2
<Huawei>sys [Huawei]sys AR2 [AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 12.12.12.2 24 [AR2-GigabitEthernet0/0/0]q [AR2]int g0/0/1 [AR2-GigabitEthernet0/0/1]ip add 23.23.23.2 24 [AR2-GigabitEthernet0/0/1]q
AR3
<Huawei>sys [Huawei]sys AR3 [AR3]int g0/0/0 [AR3-GigabitEthernet0/0/1]ip add 23.23.23.3 24 [AR3-GigabitEthernet0/0/1]q [AR3]int lo1 [AR3-LoopBack1]ip add 3.3.3.3 24 [AR3-LoopBack1]q
配置BGP,并引入直连路由
AR1
[AR1]bgp 10 [AR1-bgp]peer 12.12.12.2 as-number 20 #引入该设备直连路由 [AR1-bgp]import-route direct [AR1-bgp]q
AR2
[AR2]b [AR2]bgp 20 [AR2-bgp]peer 12.12.12.1 as-number 10 [AR2-bgp]peer 23.23.23.3 as-number 30 [AR2-bgp]import-route direct [AR2-bgp]q
AR3
[AR3]bgp 30 [AR3-bgp]peer 23.23.23.2 as-number 20 [AR3-bgp]import-route direct [AR3-bgp]q
分别查看AR1、AR2、AR3 BGP路由表
AR1
[AR1]display bgp routing-table BGP Local router ID is 12.12.12.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 6 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.0/24 0.0.0.0 0 0 ? *> 1.1.1.1/32 0.0.0.0 0 0 ? *> 3.3.3.0/24 12.12.12.2 0 20 30? *> 12.12.12.0/24 0.0.0.0 0 0 ? 12.12.12.2 0 0 20? *> 12.12.12.1/32 0.0.0.0 0 0 ? *> 23.23.23.0/24 12.12.12.2 0 0 20? *> 127.0.0.0 0.0.0.0 0 0 ? *> 127.0.0.1/32 0.0.0.0 0 0 ? [AR1]
AR2
[AR2]display bgp routing-table BGP Local router ID is 12.12.12.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 10 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.0/24 12.12.12.1 0 0 10? *> 3.3.3.0/24 23.23.23.3 0 0 30? *> 12.12.12.0/24 0.0.0.0 0 0 ? 12.12.12.1 0 0 10? *> 12.12.12.2/32 0.0.0.0 0 0 ? *> 23.23.23.0/24 0.0.0.0 0 0 ? 23.23.23.3 0 0 30? *> 23.23.23.2/32 0.0.0.0 0 0 ? *> 127.0.0.0 0.0.0.0 0 0 ? *> 127.0.0.1/32 0.0.0.0 0 0 ?
AR3
[AR3]display bgp routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 9 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.0/24 23.23.23.2 0 20 10? *> 3.3.3.0/24 0.0.0.0 0 0 ? *> 3.3.3.3/32 0.0.0.0 0 0 ? *> 12.12.12.0/24 23.23.23.2 0 0 20? *> 23.23.23.0/24 0.0.0.0 0 0 ? 23.23.23.2 0 0 20? *> 23.23.23.3/32 0.0.0.0 0 0 ? *> 127.0.0.0 0.0.0.0 0 0 ? *> 127.0.0.1/32 0.0.0.0 0 0 ?
结果
由以上路由表可以看出AR1、AR3都互相学习到了对方的直连路由
配置AS_Path过滤器
AR2
#创建AS路径过滤器 [AR2]ip as-path-filter deny30 deny _30_ [AR2]ip as-path-filter deny30 permit .* [AR2]ip as-path-filter deny10 deny _10_ [AR2]ip as-path-filter deny10 permit .* [AR2]bgp 20 [AR2-bgp]peer 12.12.12.1 as-path-filter deny30 export [AR2-bgp]peer 23.23.23.3 as-path-filter deny10 export [AR2-bgp]q
验证结果
AR2
#查看AR2发往AS10的发布路由表,可以看到表中没有AR2发布的AS30引入的直连路由 <AR2>display bgp routing-table peer 12.12.12.1 advertised-routes BGP Local router ID is 12.12.12.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 12.12.12.0/24 12.12.12.2 0 0 20? *> 23.23.23.0/24 12.12.12.2 0 0 20? #查看AR2发往AS30的发布路由表,可以看到表中没有AR2发布的AS10引入的直连路由 <AR2>display bgp routing-table peer 23.23.23.3 advertised-routes BGP Local router ID is 12.12.12.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 12.12.12.0/24 23.23.23.2 0 0 20? *> 23.23.23.0/24 23.23.23.2 0 0 20?
AR1
#AR1的BGP路由表里也没有AS30区域的路由 <AR1>display bgp routing-table BGP Local router ID is 12.12.12.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 8 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.0/24 0.0.0.0 0 0 ? *> 1.1.1.1/32 0.0.0.0 0 0 ? *> 12.12.12.0/24 0.0.0.0 0 0 ? 12.12.12.2 0 0 20? *> 12.12.12.1/32 0.0.0.0 0 0 ? *> 23.23.23.0/24 12.12.12.2 0 0 20? *> 127.0.0.0 0.0.0.0 0 0 ? *> 127.0.0.1/32 0.0.0.0 0 0 ?
AR3
#AR3的BGP路由表里也没有AS10区域的路由 <AR3>display bgp routing-table BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number of Routes: 9 Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.1.1.0/24 23.23.23.2 0 20 10? *> 3.3.3.0/24 0.0.0.0 0 0 ? *> 3.3.3.3/32 0.0.0.0 0 0 ? *> 12.12.12.0/24 23.23.23.2 0 0 20? *> 23.23.23.0/24 0.0.0.0 0 0 ? 23.23.23.2 0 0 20? *> 23.23.23.3/32 0.0.0.0 0 0 ? *> 127.0.0.0 0.0.0.0 0 0 ? *> 127.0.0.1/32 0.0.0.0 0 0 ?
