【实验要求】
使用 community 中的No-Export 属性配置AS2,保证AS3与AS1通告的网络之间不能互相访问,
本实验主要为了在多个bgp出口存在的情况下如何不把从一个AS学习的路由传递给其他AS。
【实验拓扑】
【实验基本配置】
|
R1:
interface FastEthernet0/0
ip address 155.1.146.1 255.255.255.0
interface Serial0/0
ip address 155.1.13.1 255.255.255.0
clock rate 2000000
router eigrp 2
network 155.1.13.1 0.0.0.0
no auto-summary
!
router bgp 2
no synchronization
bgp log-neighbor-changes
neighbor 155.1.13.3 remote-as 2
neighbor 155.1.13.3 next-hop-self
neighbor 155.1.23.2 remote-as 2
neighbor 155.1.23.2 next-hop-self
neighbor 155.1.146.4 remote-as 3
no auto-summary
R2:
interface Serial0/0
ip address 155.1.23.2 255.255.255.0
clock rate 2000000
interface Serial0/1
ip address 155.1.0.2 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 155.1.0.5 205 broadcast
network 155.1.23.2 0.0.0.0
auto-summary
!
router bgp 2
no synchronization
bgp log-neighbor-changes
neighbor 155.1.0.5 remote-as 1
neighbor 155.1.13.1 remote-as 2
neighbor 155.1.13.1 next-hop-self
neighbor 155.1.23.3 remote-as 2
neighbor 155.1.23.3 next-hop-self
|
R3:
(注意R3不用配置next-hop-self,因为它不不是边界路由器)
interface Loopback0
ip address 155.1.37.3 255.255.255.0
interface Serial0/0
ip address 155.1.13.3 255.255.255.0
clock rate 2000000
interface Serial0/1
ip address 155.1.23.3 255.255.255.0
clock rate 2000000
router eigrp 2
network 155.1.13.3 0.0.0.0
network 155.1.23.3 0.0.0.0
auto-summary
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 155.1.37.0 mask 255.255.255.0
neighbor 155.1.13.1 remote-as 2
neighbor 155.1.23.2 remote-as 2
no auto-summary
R4:
interface Loopback0
ip address 204.12.1.4 255.255.255.0
!
interface FastEthernet0/0
ip address 155.1.146.4 255.255.255.0
router bgp 3
no synchronization
bgp log-neighbor-changes
network 204.12.1.0
neighbor 155.1.146.1 remote-as 2
no auto-summary
R5:
interface Loopback0
ip address 155.1.5.5 255.255.255.0
interface Serial0/0
ip address 155.1.0.5 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 155.1.0.2 502 broadcast
router bgp 1
no synchronization
bgp log-neighbor-changes
network 155.1.5.0 mask 255.255.255.0
neighbor 155.1.0.2 remote-as 2
no auto-summary
|
【实验前验证】
验证的目的是在同步关闭的情况下,AS1、AS2、AS3 之间通告的网络都可以学习到,而且可以互相ping通
R4:
R4#show ip bgp 我们看到AS3学习到了AS1和AS2通告的路由,如下高亮部分
<省略部分输出结果>
Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.146.1 0 2 1 i
*> 155.1.37.0/24 155.1.146.1 0 2 i
*> 204.12.1.0 0.0.0.0 0 32768 i
R4:
R4#ping 155.1.5.5 source 204.12.1.4 并且R4能够ping通AS1所通告的155.1.5.5 的地址
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds:
Packet sent with a source address of 204.12.1.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/100/124 ms
【实验配置】
R1:
route-map NO_EXPORT permit 10
set community no-export
router bgp 2
neighbor 155.1.146.4 route-map NO_EXPORT in
neighbor 155.1.23.2 send-community
R2:
route-map NO_EXPORT permit 10
set community no-export
router bgp 2
neighbor 155.1.0.5 route-map NO_EXPORT in
neighbor 155.1.13.1 send-community
注意:上面配置为什么是in,因为是为了让学习到的路由进来的时候带上no-export的标记
send community no-export 只发给边界路由器
【实验后验证】
我们此时需要验证,在AS1与AS3之间能否相互学习到对方通告的地址即可
R1#show ip bgp 204.12.1.0
BGP routing table entry for 204.12.1.0/24, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x820
Advertised to update-groups:
2 3
3
155.1.146.4 from 155.1.146.4 (204.12.1.4)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-export
我们在R1上可以看到从AS3学习到的路由带上了 community:no-export 标记
R4#show ip bgp
我们看到AS3无法学习到了AS1所通告的路由,如下高亮部分
<省略部分输出结果>
Network Next Hop Metric LocPrf Weight Path
*> 155.1.37.0/24 155.1.146.1 0 2 i
*> 204.12.1.0 0.0.0.0 0 32768 i
本文转自zcm8483 51CTO博客,原文链接:http://blog.51cto.com/haolun/992833
