注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

欢迎光临shaying110的博客

RSed-ISPing

 
 
 

日志

 
 

BGP交换前缀列表的出口路由过滤"ORF"技术  

2011-04-15 16:15:22|  分类: CISCO网络 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

R1------------R2

R1、R2运行EBGP,R1是R2的ISP的路由器,R1上有很多BGP前缀,而现在R2只想接受其中的几条,现在在R2上做路由控制,但是这时候R1已经把更新发过来了,占用的R2的带宽和CPU等资源,现在想一办法,不让R1发不想接收的更新,但又没有权限去配置ISP的R1路由器,这时候就在R2上对邻居启用ORF前缀路由过滤功能,让ISP的R1也启用些功能,然后用clear ip bgp nei in prefix命令向R1推送前缘列表,但又不多做其它的设置

R1关键配置:
interface Loopback0
 ip address 10.10.1.1 255.255.255.255
!
interface Loopback1
 ip address 192.168.1.1 255.255.255.255
!
interface Loopback2
 ip address 192.168.2.1 255.255.255.255
!
interface Loopback3
 ip address 192.168.3.1 255.255.255.255
!
interface Loopback4
 ip address 192.168.13.1 255.255.255.255
!
interface Loopback5
 ip address 192.168.23.1 255.255.255.255
!
interface Loopback6
 ip address 192.168.11.1 255.255.255.0
!
interface Loopback7
 ip address 192.168.12.1 255.255.255.0
 
 interface Serial1/0
 ip address 10.10.12.1 255.255.255.0
 serial restart-delay 0
!
router bgp 21
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.10.12.2 remote-as 12
 neighbor 10.10.12.2 capability orf prefix-list both
 no auto-summary
!

R2关键配置:
interface Serial1/0
 ip address 10.10.12.2 255.255.255.0
 serial restart-delay 0

router bgp 12
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.12.1 remote-as 21
 neighbor 10.10.12.1 capability orf prefix-list both
 neighbor 10.10.12.1 prefix-list deny in
 no auto-summary
 
 ip prefix-list deny seq 5 permit 192.168.1.1/32
ip prefix-list deny seq 10 permit 192.168.2.1/32
ip prefix-list deny seq 11 permit 192.168.11.0/24
ip prefix-list deny seq 12 permit 192.168.13.0/32

验证:
没有启用ORF时,R2收到了所有的更新
r2(config-router)#do sh ip bgp
BGP table version is 72, local router ID is 10.10.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.1.1/32     10.10.12.1               0             0 21 ?
r> 10.10.12.0/24    10.10.12.1               0             0 21 ?
*> 192.168.1.1/32   10.10.12.1               0             0 21 ?
*> 192.168.2.1/32   10.10.12.1               0             0 21 ?
*> 192.168.3.1/32   10.10.12.1               0             0 21 ?
*> 192.168.11.0     10.10.12.1               0             0 21 ?
*> 192.168.12.0     10.10.12.1               0             0 21 ?
*> 192.168.13.1/32  10.10.12.1               0             0 21 ?
*> 192.168.23.1/32  10.10.12.1               0             0 21 ?
r2(config-router)#

向对方推送前缀列表及验证:
r1#deb ip bgp up
BGP updates debugging is on for address family: IPv4 Unicast
r1#
r1#
*Mar  1 01:58:56.071: BGP(0): 10.10.12.2 send UPDATE (format) 192.168.11.0/24, next 10.10.12.1, metric 0, path Local
*Mar  1 01:58:56.079: BGP(0): 10.10.12.2 send UPDATE (prepend, chgflags: 0x0) 192.168.2.1/32, next 10.10.12.1, metric 0, path Local
*Mar  1 01:58:56.087: BGP(0): 10.10.12.2 send UPDATE (prepend, chgflags: 0x0) 192.168.1.1/32, next 10.10.12.1, metric 0, path Local
r1#
r1#sh ip bgp nei 10.10.12.2 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 10.10.12.2: 4 entries
   seq 5 permit 192.168.1.1/32
   seq 10 permit 192.168.2.1/32
   seq 11 permit 192.168.11.0/24
   seq 12 permit 192.168.13.0/32
  
  
  
  
   2#deb ip bgp up
BGP updates debugging is on for address family: IPv4 Unicast
r2#
r2#
r2#
r2#
r2#clear ip bgp 10.10.12.1 in prefix-filter
r2#
*Mar  1 01:59:35.339: BGP(0): 10.10.12.1 rcvd UPDATE w/ attr: nexthop 10.10.12.1, origin ?, metric 0, path 21
*Mar  1 01:59:35.347: BGP(0): 10.10.12.1 rcvd 192.168.11.0/24...duplicate ignored
*Mar  1 01:59:35.351: BGP(0): 10.10.12.1 rcvd 192.168.2.1/32...duplicate ignored
*Mar  1 01:59:35.351: BGP(0): 10.10.12.1 rcvd 192.168.1.1/32...duplicate ignored
r2#
r2#sh ip bgp
BGP table version is 78, local router ID is 10.10.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.1/32   10.10.12.1               0             0 21 ?
*> 192.168.2.1/32   10.10.12.1               0             0 21 ?
*> 192.168.11.0     10.10.12.1               0             0 21 ?
r2#
从上面可以看出启用ORF时,R2只收到了需要的更新,而R1也只发送了R2需要的更新,没有发送其它的更新

  评论这张
 
阅读(374)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018