OK, Peering双方已经达成共识,前置条件均已完成:
1、Peering某一方提供了互联地址(IPV4和IPV6),AS号
2、IX里的Cross Connecting 已下单并实施完成,光纤到位并连接到了ODF
3、从ODF到路由器的光口的尾纤已经连好了
4、点对点互联地址能ping通
我方互联设备是CISCO NCS55A1, 100G以太口。
详解一下NCS55A1上的配置
1、端口配置/LACP(如对端不要求可以直接配置在100G口上)
interface Bundle-Ether4
description XXX-PNI
ipv4 address XX.XX.XXX.79 255.255.255.254
ipv6 address XXXX:107:XXXX:XXX::2/64
lldp
enable
!
#Netflew 配置
flow ipv4 monitor NETFLOW-MONITOR-IN sampler NETFLOW-SAMPLER ingress
flow ipv6 monitor NETFLOW-MONITOR-IN-V6 sampler NETFLOW-SAMPLER ingress
flow mpls monitor NETFLOW-MONITOR-IN-MPLS sampler NETFLOW-SAMPLER ingress
!
interface HundredGigE0/0/0/18
description XXX-PNI
bundle id 4 mode active
bundle port-priority 5
lldp
enable
2、BGP配置:
neighbor xx.xx.xxx.78
remote-as xxx
description #xxxx#
address-family ipv4 unicast
route-policy xxxx-PEER-IMPORT in
#允许最多25000条路由,通常不会太多
maximum-prefix 25000 75 discard-extra-paths
route-policy xxxx-PEER-EXPORT out
!
neighbor xx:xx:5:xxx::1
remote-as xxxx
description #xxxx#
address-family ipv6 unicast
route-policy xxxx-PEER-IMPORT-V6 in
route-policy xxxx-PEER-EXPORT-V6 out
!
CISCO XR要求BGP 应用路由策略,因此对出和入方向都做了路由策略。
3、 Route Policy:
route-policy AMAZON-PEER-IMPORT
if destination in PFX_RFC-5735_DENY then
#过滤掉私有地址
drop
else
#PNI一般设置150
set local-preference 150
#这里XXX是对端AS号,把接收的路由打上标签
set large-community (201838:44020:666,201838:44020:XXX) additive
endif
end-policy
route-policy AMAZON-PEER-EXPORT
if large-community matches-any (201838:44020:666) then
#防环
drop
endif
if destination in TOO-SMALL-FOR-INTERNET then
#高于/24的路由不宣告
drop
endif
if large-community matches-any (201838:44020:111) and as-path is-local then
pass
else
drop
endif
end-policy
route-policy AMAZON-PEER-IMPORT-V6
if destination in PFX-RFC-5156-DENY then
drop
else
set local-preference 150
set large-community (201838:44020:666, 201838:44020:16509) additive
endif
end-policy
route-policy AMAZON-PEER-EXPORT-V6
if large-community matches-any (201838:44020:666) then
drop
endif
if destination in TOO-SMALL-FOR-INTERNET-V6 then
drop
endif
if large-community matches-any (201838:44020:111) and as-path is-local then
pass
else
drop
endif
end-policy
!
4、prefix-set说明
#过滤掉ipv4的私网路由
RP/0/RP0/CPU0:NCS-55A1-THN#sh run prefix-set PFX_RFC-5735_DENY
Fri Sep 20 07:52:57.659 UTC
prefix-set PFX_RFC-5735_DENY
0.0.0.0/8 le 32,
10.0.0.0/8 le 32,
100.64.0.0/10 le 32,
127.0.0.0/8 le 32,
169.254.0.0/16 le 32,
172.16.0.0/12 le 32,
192.0.0.0/24 le 32,
192.0.2.0/24 le 32,
192.42.172.0/24 le 32,
192.88.99.0/24 le 32,
192.168.0.0/16 le 32,
192.175.48.0/24 le 32,
198.18.0.0/15 le 32,
198.51.100.0/24 le 32,
203.0.113.0/24 le 32,
224.0.0.0/4 le 32,
240.0.0.0/4 le 32
end-set
过滤IPV6的私网路由
prefix-set PFX-RFC-5156-DENY
# IETF reserved Address (formerly IPv4-compatible IPv6 Address)
::/96 le 128,
# Unspecified Address
::/128,
# Loop back Address
::1/128,
# IPv4-mapped IPv6 Address
::ffff:0.0.0.0/96 le 128,
# Discard-Only Address
100::/64 le 128,
# TEREDO Address
2001::/32 le 128,
# Benchmarking Address
2001:2::/48 le 128,
# ORCHID Address
2001:10::/28 le 128,
# Documentation Address
2001:db8::/32 le 128,
# Unique-local Address
fc00::/7 le 128,
# Link-local Address
fe80::/10 le 128,
# IETF reserved Address(formerly Site-local Address)
fec0::/10 le 128,
# Multicast Address
ff00::/8 le 128
end-set
!
TOO-SMALL-FOR-INTERNET:
prefix-set TOO-SMALL-FOR-INTERNET
0.0.0.0/0 ge 25
end-set
!
查看bgp邻居及发送给邻居的路由条目:
sh bgp summary
sh bgp ipv4 unicast neighbors xx.xxx.xx.xxx
......
Processed 17 prefixes, 17 paths
sh bgp ipv6 unicast summary | inc XXX
Fri Sep 20 09:24:05.629 UTC
0 xxx 47259 46370 3431215 0 0 1w1d 203
Tips: 在设置路由策略时,惯例是:
对于IP Transit, Local-preference 设置100
set local-preference 100
对于PNI, Local-preference 设置150
set local-preference 140
对于类似Linx的Peering, local-preference设置为140.