续接上(2)的实验。其拓扑如下:
路由聚合的负向也就是拆分,在有双出口的情况下,在多出口做流量分担是优选方法之一。
BGP可以根据指定来源而聚合路由,在产生该聚合路由的范围内的条目注入到本地BGP表后再向外分发出去。
实施BGP路由拆分实验,需要注意的是其本质上仍然属于条件性通告,这是Cisco IOS对条件性通告做了大量支持。之所以这种方式被称为路由拆分,是因为其特性上仅仅是对条件性通告的一个非常形象的称呼而已。
实现拆分路由的配置清单如下:
- 首先在iBGP与eBGP的边界上,配置前缀列表,定义需要拆分出来的明细条目;
- 再配置可以匹配汇总的路由前缀;
- 定义前缀列表边界路由器的邻居来源;
- 对准备要拆分出来的条目设置周知团体属性no-export以用于防环(防止传递出本AS);
- 定义聚合前缀及来源;
- 在边界路由器的进程下对其配置iBGP邻居可传递的BGP团体属性;
- 最后设置注入列表的条进行通告及复制属性。(copy-attributes——将从聚合路由中复制路径属性到注入的路由条目中)
PS://这里先把上个实验(2)的完整配置附上,如做完上个实验保存了配置可忽略以下R1~R5这个为添加拆分实验的配置。添加完成R1~R5的基本配后对上述清单做添加配置附在其后。
R1的基本配置如下:
hostname R1
!
interface Loopback0ip address 172.22.0.1 255.255.255.0
!
interface Loopback1ip address 172.22.1.1 255.255.255.0
!
interface Ethernet0/0ip address 10.0.12.1 255.255.255.0no sh
!
interface Ethernet0/1ip address 10.1.13.1 255.255.255.0no sh
!
ip prefix-list IFN3 seq 5 permit 172.22.3.0/24
!
ip prefix-list IFN3ADV seq 5 permit 172.22.0.0/22
ipv6 ioam timestamp
!
route-map IFN3ADV permit 10match ip address prefix-list IFN3ADV
!
route-map IFN3 permit 10match ip address prefix-list IFN3
!
router bgp 111bgp router-id 1.1.1.1bgp aggregate-timer 0network 172.22.0.0 mask 255.255.255.0network 172.22.1.0 mask 255.255.255.0aggregate-address 172.22.0.0 255.255.252.0 summary-onlyneighbor 10.0.12.2 remote-as 222neighbor 10.1.13.3 remote-as 345neighbor 10.1.13.3 advertise-map IFN3ADV exist-map IFN3
!
endR2的基本配置如下:
hostname R2
!
interface Loopback0ip address 172.22.2.2 255.255.255.0
!
interface Loopback1ip address 172.22.3.2 255.255.255.0
!
interface Ethernet0/0ip address 10.0.12.2 255.255.255.0no sh
!
interface Ethernet0/1ip address 10.2.24.2 255.255.255.0no sh
!
ip prefix-list IFN3E seq 5 permit 172.22.3.0/24
!
route-map LEAK3 permit 10match ip address prefix-list IFN3E
!
router bgp 222bgp router-id 2.2.2.2bgp aggregate-timer 0network 172.22.2.0 mask 255.255.255.0network 172.22.3.0 mask 255.255.255.0aggregate-address 172.22.0.0 255.255.252.0 summary-onlyneighbor 10.0.12.1 remote-as 111neighbor 10.0.12.1 unsuppress-map LEAK3neighbor 10.2.24.4 remote-as 345
!
endR3的基本配置如下:
hostname R3
!
interface Loopback3ip address 192.168.3.3 255.255.255.255
!
interface Ethernet0/0ip address 10.1.13.3 255.255.255.0no sh
!
interface Ethernet0/1ip address 10.3.35.3 255.255.255.0no sh
!
router eigrp 5network 0.0.0.0passive-interface Ethernet0/0
!
router bgp 345bgp router-id 3.3.3.3neighbor IBGP peer-groupneighbor IBGP remote-as 345neighbor IBGP update-source Loopback3neighbor IBGP next-hop-selfneighbor 10.1.13.1 remote-as 111neighbor 192.168.4.4 peer-group IBGPneighbor 192.168.5.5 peer-group IBGP
!
endR4的基本配置如下:
hostname R4
!
interface Loopback4ip address 192.168.4.4 255.255.255.255
!
interface Ethernet0/0ip address 10.2.24.4 255.255.255.0no sh
!
interface Ethernet0/1ip address 10.3.45.4 255.255.255.0no sh
!
router eigrp 5network 0.0.0.0passive-interface Ethernet0/0
!
router bgp 345bgp router-id 4.4.4.4neighbor IBGP peer-groupneighbor IBGP remote-as 345neighbor IBGP update-source Loopback4neighbor IBGP next-hop-selfneighbor 10.2.24.2 remote-as 222neighbor 192.168.3.3 peer-group IBGPneighbor 192.168.5.5 peer-group IBGP
!
endR5的基本配置如下:
hostname R5
!
interface Loopback3ip address 172.23.3.5 255.255.255.0
!
interface Loopback5ip address 192.168.5.5 255.255.255.255
!
interface Ethernet0/0ip address 10.3.35.5 255.255.255.0no sh
!
interface Ethernet0/1ip address 10.3.45.5 255.255.255.0no sh
!
router eigrp 5network 0.0.0.0passive-interface defaultno passive-interface Ethernet0/0no passive-interface Ethernet0/1
!
route-map REDCONN permit 10match interface Loopback3
!
router bgp 345bgp router-id 5.5.5.5bgp listen range 192.168.0.0/21 peer-group IBGPredistribute connected route-map REDCONNneighbor IBGP peer-groupneighbor IBGP remote-as 345neighbor IBGP update-source Loopback5
!
end以上添加完成R1~R5的基本配后对上述清单做添加配置如下:
注释:定义前缀列表的名称——LONG是相对掩码较长的定义;SHORT是聚合后变短的定义;LS是Left Source,即此拓扑图左侧邻居的路由来源;RS则是Right Source,右侧邻居的来源。
R3添加的配置如下:
ip prefix-list LONG seq 5 permit 172.22.1.0/24
!
ip prefix-list SHORT seq 5 permit 172.22.0.0/22
!
ip prefix-list LS seq 5 permit 10.1.13.1/32
!
route-map LONG permit 10set ip address prefix-list LONGset community no-export
!
route-map SHORT permit 10match ip address prefix-list SHORTmatch ip route-source prefix-list LS
!
router bgp 345bgp inject-map LONG exist-map SHORT copy-attributesneighbor IBGP send-community
!
endR4添加的配置如下:
ip prefix-list LONG seq 5 permit 172.22.3.0/24
!
ip prefix-list SHORT seq 5 permit 172.22.0.0/22
!
ip prefix-list RS seq 5 permit 10.2.24.2/32
!
route-map LONG permit 10set ip address prefix-list LONGset community no-export
!
route-map SHORT permit 10match ip address prefix-list SHORTmatch ip route-source prefix-list RS
!
router bgp 345bgp inject-map LONG exist-map SHORT copy-attributesneighbor IBGP send-community
!
end添加完成以上配置查看注入的BGP表和邻居来源的表项如下:
应用路由拆分部署后在对等AS可操控的情况下,在本地注入确定的明细路由条目可实现最长匹配原则的选路控制。
PS://在通常情况下,eBGP的防环规则就是不允许as-path属性中有包含本地ASN的路由进入本AS内。
)
)
,并添加小目标检测层(四头检测),适合目标检测、分割等任务)
 T1 简单 MST题解)
