【实验要求】
在R1与R2上配置AS-Path 访问控制列表,确保R3通告的BGP网络能够访问AS1与AS3通告的网络,但是不能让AS1与As3通告的网络互相访问
【实验分析】
我们需要利用正则表达啥在R1上过滤 AS1的流量,在R2上过滤AS3的流量即可实现要求
【实验拓扑】
【实验基本配置】
|
R1:
interface FastEthernet0/0
ip address 155.1.146.1 255.255.255.0
interface Serial0/0
ip address 155.1.13.1 255.255.255.0
clock rate 2000000
router eigrp 2
network 155.1.13.1 0.0.0.0
no auto-summary
!
router bgp 2
neighbor 155.1.13.3 remote-as 2
neighbor 155.1.13.3 next-hop-self
neighbor 155.1.23.2 remote-as 2
neighbor 155.1.23.2 next-hop-self
neighbor 155.1.146.4 remote-as 3
no auto-summary
R2:
interface Serial0/0
ip address 155.1.23.2 255.255.255.0
clock rate 2000000
interface Serial0/1
ip address 155.1.0.2 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 155.1.0.5 205 broadcast
network 155.1.23.2 0.0.0.0
auto-summary
!
router bgp 2
neighbor 155.1.0.5 remote-as 1
neighbor 155.1.13.1 remote-as 2
neighbor 155.1.13.1 next-hop-self
neighbor 155.1.23.3 remote-as 2
neighbor 155.1.23.3 next-hop-self
|
R3:
(注意R3不用配置next-hop-self,因为它不不是边界路由器)
interface Loopback0
ip address 155.1.37.3 255.255.255.0
interface Serial0/0
ip address 155.1.13.3 255.255.255.0
clock rate 2000000
interface Serial0/1
ip address 155.1.23.3 255.255.255.0
clock rate 2000000
router eigrp 2
network 155.1.13.3 0.0.0.0
network 155.1.23.3 0.0.0.0
auto-summary
!
router bgp 2
network 155.1.37.0 mask 255.255.255.0
neighbor 155.1.13.1 remote-as 2
neighbor 155.1.23.2 remote-as 2
R4:
interface Loopback0
ip address 204.12.1.4 255.255.255.0
!
interface FastEthernet0/0
ip address 155.1.146.4 255.255.255.0
router bgp 3
network 204.12.1.0
neighbor 155.1.146.1 remote-as 2
R5:
interface Loopback0
ip address 155.1.5.5 255.255.255.0
interface Serial0/0
ip address 155.1.0.5 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 155.1.0.2 502 broadcast
router bgp 1
network 155.1.5.0 mask 255.255.255.0
neighbor 155.1.0.2 remote-as 2
|
【实验前验证】
下面命令验证了在实验之前AS1、AS2、AS3 之间能够互相学习到对方通告地址
R4#show ip bgp
<隐藏部分输出结果>
Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.146.1 0 2 1 i
*> 155.1.37.0/24 155.1.146.1 0 2 i
*> 204.12.1.0 0.0.0.0 0 32768 i
R5#show ip bgp
<隐藏部分输出结果>
Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 0.0.0.0 0 32768 i
*> 155.1.37.0/24 155.1.0.2 0 2 i
*> 204.12.1.0 155.1.0.2 0 2 3 i
R3#show ip bgp
<隐藏部分输出结果>
Network Next Hop Metric LocPrf Weight Path
*>i155.1.5.0/24 155.1.23.2 0 100 0 1 i
*> 155.1.37.0/24 0.0.0.0 0 32768 i
*>i204.12.1.0 155.1.13.1 0 100 0 3 i
【实验配置】
R1:
ip as-path access-list 1 permit ^$
router bgp 2
neighbor 155.1.146.4 filter-list 1 out
R2:
ip as-path access-list 1 permit ^$
neighbor 155.1.0.5 filter-list 1 out
实验中用到的正则表达式^$ 代表任意字符,为什么会这样呢?
其实在R1与R2上只需要接受 as-path ,不需要相邻EBGP发送任何含as-path信息即可满足实验要求。
【实验验证】
我们看到下发列出 R4与R5都无法学习到对方通告的BGP路由,但R3都可以学习到,验证了实验的正确性
R4#show ip bgp
BGP table version is 5, local router ID is 204.12.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.1.37.0/24 155.1.146.1 0 2 i
*> 204.12.1.0 0.0.0.0 0 32768 i
R5#show ip bgp
BGP table version is 5, local router ID is 155.1.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 0.0.0.0 0 32768 i
*> 155.1.37.0/24 155.1.0.2 0 2 i
R3#show ip bgp
BGP table version is 4, local router ID is 155.1.37.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i155.1.5.0/24 155.1.23.2 0 100 0 1 i
*> 155.1.37.0/24 0.0.0.0 0 32768 i
*>i204.12.1.0 155.1.13.1 0 100 0 3 i
R3#ping 155.1.5.5 source 155.1.37.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds:
Packet sent with a source address of 155.1.37.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/47/56 ms
上面实验对于正则表达式应用的较少,如果想看正则表达式相关的文章请看下发的推介文章
【相关文章推介】
http://haolun.blog.51cto.com/173913/p-5 基于AS-Path路径过滤
本文转自zcm8483 51CTO博客,原文链接:http://blog.51cto.com/haolun/992763
