实验指南
BGP路由过滤
初始配置
R1
conf t
int l 0
ip ad 1.1.1.1 255.255.255.255
int s2/0
ip ad 10.1.1.1 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.1.2 102 b
no shut
int s 2/1
encap f
no arp f
no frame inver
frame map ip 10.1.4.4 114 b
ip ad 10.1.4.1 255.255.255.0
no shut
exit
router rip
ver 2
no au
net 10.0.0.0
net 1.0.0.0
router bgp 1
bgp router-id 1.1.1.1
no au
no sy
nei 4.4.4.4 remote-as 654
nei 4.4.4.4 up l 0
nei 4.4.4.4 ebgp 255
nei 2.2.2.2 remote-as 11151
nei 2.2.2.2 up l 0
nei 2.2.2.2 ebgp 255
end
R1
conf t
int l 0
ip ad 1.1.1.1 255.255.255.255
int s2/0
ip ad 10.1.1.1 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.1.2 102 b
no shut
int s 2/1
encap f
no arp f
no frame inver
frame map ip 10.1.4.4 114 b
ip ad 10.1.4.1 255.255.255.0
no shut
exit
router rip
ver 2
no au
net 10.0.0.0
net 1.0.0.0
router bgp 1
bgp router-id 1.1.1.1
no au
no sy
nei 4.4.4.4 remote-as 654
nei 4.4.4.4 up l 0
nei 4.4.4.4 ebgp 255
nei 2.2.2.2 remote-as 11151
nei 2.2.2.2 up l 0
nei 2.2.2.2 ebgp 255
end
R2
conf t
int l 0
ip ad 2.2.2.2 255.255.255.255
interface Loopback1
ip address 20.1.1.1 255.255.255.0
interface Loopback2
ip address 20.1.2.1 255.255.255.0
interface Loopback3
ip address 20.1.3.1 255.255.255.0
interface Loopback4
ip address 20.1.4.1 255.255.255.0
interface Loopback5
ip address 20.1.5.1 255.255.255.0
int s2/0
ip ad 10.1.1.2 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.1.1 201 b
no shut
int s2/1
ip ad 10.1.2.2 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.3 213 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 2.0.0.0
router bgp 11151
no au
no sy
bgp router-id 2.2.2.2
nei 1.1.1.1 remote-as 1
nei 1.1.1.1 up l 0
nei 1.1.1.1 ebgp 255
nei 3.3.3.3 remote-as 65001
nei 3.3.3.3 up l 0
nei 3.3.3.3 ebgp 255
end
R3
conf t
int l 0
ip ad 3.3.3.3 255.255.255.255
int l 1
ip ad 23.75.18.1 255.255.255.0
int l 2
ip ad 23.75.19.1 255.255.255.0
int l 3
ip ad 23.75.20.1 255.255.255.0
int l 4
ip ad 23.75.21.1 255.255.255.0
int l 5
ip ad 23.75.22.1 255.255.255.0
int l 6
ip ad 23.75.23.1 255.255.255.0
int l 7
ip ad 23.75.24.1 255.255.255.0
int l 8
ip ad 23.75.25.1 255.255.255.0
int l 9
ip ad 23.75.26.1 255.255.255.0
int s 2/1
ip ad 10.1.2.3 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.2 312 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 3.0.0.0
router bgp 65001
no au
no sy
bgp router-id 3.3.3.3
nei 2.2.2.2 remote-as 11151
nei 2.2.2.2 up l 0
nei 2.2.2.2 e 255
net 23.75.18.0 mask 255.255.255.0
net 23.75.19.0 mask 255.255.255.0
net 23.75.20.0 mask 255.255.255.0
net 23.75.21.0 mask 255.255.255.0
net 23.75.22.0 mask 255.255.255.0
net 23.75.23.0 mask 255.255.255.0
net 23.75.24.0 mask 255.255.255.0
net 23.75.25.0 mask 255.255.255.0
net 23.75.26.0 mask 255.255.255.0
end
conf t
int l 0
ip ad 3.3.3.3 255.255.255.255
int l 1
ip ad 23.75.18.1 255.255.255.0
int l 2
ip ad 23.75.19.1 255.255.255.0
int l 3
ip ad 23.75.20.1 255.255.255.0
int l 4
ip ad 23.75.21.1 255.255.255.0
int l 5
ip ad 23.75.22.1 255.255.255.0
int l 6
ip ad 23.75.23.1 255.255.255.0
int l 7
ip ad 23.75.24.1 255.255.255.0
int l 8
ip ad 23.75.25.1 255.255.255.0
int l 9
ip ad 23.75.26.1 255.255.255.0
int s 2/1
ip ad 10.1.2.3 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.2.2 312 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 3.0.0.0
router bgp 65001
no au
no sy
bgp router-id 3.3.3.3
nei 2.2.2.2 remote-as 11151
nei 2.2.2.2 up l 0
nei 2.2.2.2 e 255
net 23.75.18.0 mask 255.255.255.0
net 23.75.19.0 mask 255.255.255.0
net 23.75.20.0 mask 255.255.255.0
net 23.75.21.0 mask 255.255.255.0
net 23.75.22.0 mask 255.255.255.0
net 23.75.23.0 mask 255.255.255.0
net 23.75.24.0 mask 255.255.255.0
net 23.75.25.0 mask 255.255.255.0
net 23.75.26.0 mask 255.255.255.0
end
R4
conf t
int l 0
ip ad 4.4.4.4 255.255.255.255
int l 1
ip ad 189.168.56.1 255.255.254.0
int l 2
ip ad 189.168.58.1 255.255.254.0
int l3
ip ad 189.168.60.1 255.255.254.0
int l4
ip ad 189.168.62.1 255.255.254.0
int l5
ip ad 189.168.64.1 255.255.254.0
int l6
ip ad 189.168.66.1 255.255.254.0
int l7
ip ad 189.168.68.1 255.255.254.0
int l8
ip ad 189.168.70.1 255.255.254.0
int l9
ip ad 189.168.72.1 255.255.254.0
int l10
ip ad 189.168.74.1 255.255.254.0
int l11
ip ad 189.168.76.1 255.255.254.0
int l12
ip ad 189.168.78.1 255.255.254.0
int l13
ip ad 189.168.80.1 255.255.254.0
int l14
ip ad 189.168.82.1 255.255.254.0
int l15
ip ad 189.168.84.1 255.255.254.0
int l16
ip ad 189.168.86.1 255.255.254.0
int l17
ip ad 189.168.88.1 255.255.254.0
int s 2/1
ip ad 10.1.4.4 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.4.1 411 b
no shut
router rip
ver 2
no au
net 10.0.0.0
net 4.0.0.0
router bgp 654
no au
no sy
bgp router-id 4.4.4.4
nei 1.1.1.1 remote 1
nei 1.1.1.1 up l 0
nei 1.1.1.1 e 255
net 189.168.56.0 mask 255.255.254.0
net 189.168.58.0 mask 255.255.254.0
net 189.168.60.0 mask 255.255.254.0
net 189.168.62.0 mask 255.255.254.0
net 189.168.64.0 mask 255.255.254.0
net 189.168.66.0 mask 255.255.254.0
net 189.168.68.0 mask 255.255.254.0
net 189.168.70.0 mask 255.255.254.0
net 189.168.72.0 mask 255.255.254.0
net 189.168.74.0 mask 255.255.254.0
net 189.168.76.0 mask 255.255.254.0
net 189.168.78.0 mask 255.255.254.0
net 189.168.80.0 mask 255.255.254.0
net 189.168.82.0 mask 255.255.254.0
net 189.168.84.0 mask 255.255.254.0
net 189.168.86.0 mask 255.255.254.0
net 189.168.88.0 mask 255.255.254.0
end
1,过滤私有AS
在R1上BGP表的状态
R1(config-router)#do sh ip bgp
BGP table version is 145, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 20.1.1.0/24 2.2.2.2 0 0 11151 i
*> 20.1.2.0/24 2.2.2.2 0 0 11151 i
*> 20.1.3.0/24 2.2.2.2 0 0 11151 i
*> 20.1.4.0/24 2.2.2.2 0 0 11151 i
*> 20.1.5.0/24 2.2.2.2 0 0 11151 i
*> 23.75.18.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.19.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.20.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.21.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.22.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.23.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.24.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.25.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.26.0/24 2.2.2.2 0 11151 65001 i
*> 189.168.56.0/23 4.4.4.4 0 0 654 i
*> 189.168.58.0/23 4.4.4.4 0 0 654 i
*> 189.168.60.0/23 4.4.4.4 0 0 654 i
Network Next Hop Metric LocPrf Weight Path
*> 189.168.62.0/23 4.4.4.4 0 0 654 i
*> 189.168.64.0/23 4.4.4.4 0 0 654 i
*> 189.168.66.0/23 4.4.4.4 0 0 654 i
*> 189.168.68.0/23 4.4.4.4 0 0 654 i
*> 189.168.70.0/23 4.4.4.4 0 0 654 i
*> 189.168.72.0/23 4.4.4.4 0 0 654 i
*> 189.168.74.0/23 4.4.4.4 0 0 654 i
*> 189.168.76.0/23 4.4.4.4 0 0 654 i
*> 189.168.78.0/23 4.4.4.4 0 0 654 i
*> 189.168.80.0/23 4.4.4.4 0 0 654 i
*> 189.168.82.0/23 4.4.4.4 0 0 654 i
*> 189.168.84.0/23 4.4.4.4 0 0 654 i
*> 189.168.86.0/23 4.4.4.4 0 0 654 i
*> 189.168.88.0/23 4.4.4.4 0 0 654 i
*> 20.1.1.0/24 2.2.2.2 0 0 11151 i
*> 20.1.2.0/24 2.2.2.2 0 0 11151 i
*> 20.1.3.0/24 2.2.2.2 0 0 11151 i
*> 20.1.4.0/24 2.2.2.2 0 0 11151 i
*> 20.1.5.0/24 2.2.2.2 0 0 11151 i
*> 23.75.18.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.19.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.20.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.21.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.22.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.23.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.24.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.25.0/24 2.2.2.2 0 11151 65001 i
*> 23.75.26.0/24 2.2.2.2 0 11151 65001 i
*> 189.168.56.0/23 4.4.4.4 0 0 654 i
*> 189.168.58.0/23 4.4.4.4 0 0 654 i
*> 189.168.60.0/23 4.4.4.4 0 0 654 i
Network Next Hop Metric LocPrf Weight Path
*> 189.168.62.0/23 4.4.4.4 0 0 654 i
*> 189.168.64.0/23 4.4.4.4 0 0 654 i
*> 189.168.66.0/23 4.4.4.4 0 0 654 i
*> 189.168.68.0/23 4.4.4.4 0 0 654 i
*> 189.168.70.0/23 4.4.4.4 0 0 654 i
*> 189.168.72.0/23 4.4.4.4 0 0 654 i
*> 189.168.74.0/23 4.4.4.4 0 0 654 i
*> 189.168.76.0/23 4.4.4.4 0 0 654 i
*> 189.168.78.0/23 4.4.4.4 0 0 654 i
*> 189.168.80.0/23 4.4.4.4 0 0 654 i
*> 189.168.82.0/23 4.4.4.4 0 0 654 i
*> 189.168.84.0/23 4.4.4.4 0 0 654 i
*> 189.168.86.0/23 4.4.4.4 0 0 654 i
*> 189.168.88.0/23 4.4.4.4 0 0 654 i
因为65001是私有AS(范围64512~65535),有时并不希望把私有AS发布到对端,所以在R2上配置
router bgp 11151
router bgp 11151
nei 1.1.1.1 remove-private-AS
R2#clear ip bgp * s
R2#clear ip bgp * s
R1#sh ip bgp
BGP table version is 45, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
BGP table version is 45, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 23.75.18.0/24 2.2.2.2 0 11151 i
*> 23.75.19.0/24 2.2.2.2 0 11151 i
*> 23.75.20.0/24 2.2.2.2 0 11151 i
*> 23.75.21.0/24 2.2.2.2 0 11151 i
*> 23.75.22.0/24 2.2.2.2 0 11151 i
*> 23.75.23.0/24 2.2.2.2 0 11151 i
*> 23.75.24.0/24 2.2.2.2 0 11151 i
*> 23.75.25.0/24 2.2.2.2 0 11151 i
*> 23.75.26.0/24 2.2.2.2 0 11151 i
(略去4.4.4.4发布的路由条目)
已经把AS65001过滤了
*> 23.75.18.0/24 2.2.2.2 0 11151 i
*> 23.75.19.0/24 2.2.2.2 0 11151 i
*> 23.75.20.0/24 2.2.2.2 0 11151 i
*> 23.75.21.0/24 2.2.2.2 0 11151 i
*> 23.75.22.0/24 2.2.2.2 0 11151 i
*> 23.75.23.0/24 2.2.2.2 0 11151 i
*> 23.75.24.0/24 2.2.2.2 0 11151 i
*> 23.75.25.0/24 2.2.2.2 0 11151 i
*> 23.75.26.0/24 2.2.2.2 0 11151 i
(略去4.4.4.4发布的路由条目)
已经把AS65001过滤了
2,使用distribute-list 进行路由过滤
To filter all routes, except for routes to the prefix 23.75.0.0/16, you create an access list specifying the 23.75.0.0/16 network prefix and use that access list with a distribute list to filter all incoming routes
R1
access-list 1 permit 23.75.0.0 0.0.255.255
router bgp 1
distribute-list 1 in
access-list 1 permit 23.75.0.0 0.0.255.255
router bgp 1
distribute-list 1 in
R1上BGP表
R1(config-router)#do clear ip bgp * s
R1(config-router)#do sh ip bgp
BGP table version is 80, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
R1(config-router)#do clear ip bgp * s
R1(config-router)#do sh ip bgp
BGP table version is 80, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 23.75.18.0/24 2.2.2.2 0 11151 i
*> 23.75.19.0/24 2.2.2.2 0 11151 i
*> 23.75.20.0/24 2.2.2.2 0 11151 i
*> 23.75.21.0/24 2.2.2.2 0 11151 i
*> 23.75.22.0/24 2.2.2.2 0 11151 i
*> 23.75.23.0/24 2.2.2.2 0 11151 i
*> 23.75.24.0/24 2.2.2.2 0 11151 i
*> 23.75.25.0/24 2.2.2.2 0 11151 i
*> 23.75.26.0/24 2.2.2.2 0 11151 i
已经过滤掉189.168.0.0/16网段的路由条目
*> 23.75.18.0/24 2.2.2.2 0 11151 i
*> 23.75.19.0/24 2.2.2.2 0 11151 i
*> 23.75.20.0/24 2.2.2.2 0 11151 i
*> 23.75.21.0/24 2.2.2.2 0 11151 i
*> 23.75.22.0/24 2.2.2.2 0 11151 i
*> 23.75.23.0/24 2.2.2.2 0 11151 i
*> 23.75.24.0/24 2.2.2.2 0 11151 i
*> 23.75.25.0/24 2.2.2.2 0 11151 i
*> 23.75.26.0/24 2.2.2.2 0 11151 i
已经过滤掉189.168.0.0/16网段的路由条目
也可以使用neighbor命令来过滤路由条目
R1
access-list 2 permit 189.168.56.0 0.0.1.255
access-list 2 permit 189.168.58.0 0.0.1.255
router bgp 1
nei 4.4.4.4 distribute-list 2 in
end
R1
access-list 2 permit 189.168.56.0 0.0.1.255
access-list 2 permit 189.168.58.0 0.0.1.255
router bgp 1
nei 4.4.4.4 distribute-list 2 in
end
R1上BGP表状态
R1(config-router)#do clear ip bgp * s
R1(config-router)#do sh ip bgp
BGP table version is 82, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
R1(config-router)#do clear ip bgp * s
R1(config-router)#do sh ip bgp
BGP table version is 82, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 20.1.1.0/24 2.2.2.2 0 0 11151 i
*> 20.1.2.0/24 2.2.2.2 0 0 11151 i
*> 20.1.3.0/24 2.2.2.2 0 0 11151 i
*> 20.1.4.0/24 2.2.2.2 0 0 11151 i
*> 20.1.5.0/24 2.2.2.2 0 0 11151 i
*> 23.75.18.0/24 2.2.2.2 0 11151 i
*> 23.75.19.0/24 2.2.2.2 0 11151 i
*> 23.75.20.0/24 2.2.2.2 0 11151 i
*> 23.75.21.0/24 2.2.2.2 0 11151 i
*> 23.75.22.0/24 2.2.2.2 0 11151 i
*> 23.75.23.0/24 2.2.2.2 0 11151 i
*> 23.75.24.0/24 2.2.2.2 0 11151 i
*> 23.75.25.0/24 2.2.2.2 0 11151 i
*> 23.75.26.0/24 2.2.2.2 0 11151 i
*> 189.168.56.0/23 4.4.4.4 0 0 654 i
*> 189.168.58.0/23 4.4.4.4 0 0 654 i
*> 20.1.1.0/24 2.2.2.2 0 0 11151 i
*> 20.1.2.0/24 2.2.2.2 0 0 11151 i
*> 20.1.3.0/24 2.2.2.2 0 0 11151 i
*> 20.1.4.0/24 2.2.2.2 0 0 11151 i
*> 20.1.5.0/24 2.2.2.2 0 0 11151 i
*> 23.75.18.0/24 2.2.2.2 0 11151 i
*> 23.75.19.0/24 2.2.2.2 0 11151 i
*> 23.75.20.0/24 2.2.2.2 0 11151 i
*> 23.75.21.0/24 2.2.2.2 0 11151 i
*> 23.75.22.0/24 2.2.2.2 0 11151 i
*> 23.75.23.0/24 2.2.2.2 0 11151 i
*> 23.75.24.0/24 2.2.2.2 0 11151 i
*> 23.75.25.0/24 2.2.2.2 0 11151 i
*> 23.75.26.0/24 2.2.2.2 0 11151 i
*> 189.168.56.0/23 4.4.4.4 0 0 654 i
*> 189.168.58.0/23 4.4.4.4 0 0 654 i
3,使用prefix-list进行路由过滤
在R2上做路由过滤,发送20.1.1.0/24网段到R1
R2
ip prefix FILTER seq 10 permit 20.1.0.0/16 le 23
router bgp 11151
nei 1.1.1.1 prefix-list FILTER out
end
R1上BGP表状态
R1(config)#do clear ip bgp * s
R1(config)#do sh ip bgp
BGP table version is 188, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
R1(config)#do clear ip bgp * s
R1(config)#do sh ip bgp
BGP table version is 188, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 20.1.1.0/24 2.2.2.2 0 0 11151 i
*> 20.1.2.0/24 2.2.2.2 0 0 11151 i
*> 20.1.3.0/24 2.2.2.2 0 0 11151 i
*> 20.1.4.0/24 2.2.2.2 0 0 11151 i
*> 20.1.5.0/24 2.2.2.2 0 0 11151 i
(略去4.4.4.4发布的路由条目)
*> 20.1.1.0/24 2.2.2.2 0 0 11151 i
*> 20.1.2.0/24 2.2.2.2 0 0 11151 i
*> 20.1.3.0/24 2.2.2.2 0 0 11151 i
*> 20.1.4.0/24 2.2.2.2 0 0 11151 i
*> 20.1.5.0/24 2.2.2.2 0 0 11151 i
(略去4.4.4.4发布的路由条目)
4,使用route-map进行路由过滤
在R1上做路由过滤,只发送189.168.56.0/23,189.168.68.0/23,189.168.86.0/23网段到R2
R1
access-list 1 permit 189.168.56.0 0.0.1.255
access-list 1 permit 189.168.68.0 0.0.1.255
access-list 1 permit 189.168.86.0 0.0.1.255
route-map FILTER permit 10
match ip ad 1
router bgp 1
nei 2.2.2.2 route-map FILTER out
end
在做路由过滤前,R2上BGP表的状态
R2#sh ip bgp
BGP table version is 168, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
R2#sh ip bgp
BGP table version is 168, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 20.1.1.0/24 0.0.0.0 0 32768 i
*> 20.1.2.0/24 0.0.0.0 0 32768 i
*> 20.1.3.0/24 0.0.0.0 0 32768 i
*> 20.1.4.0/24 0.0.0.0 0 32768 i
*> 20.1.5.0/24 0.0.0.0 0 32768 i
*> 23.75.18.0/24 3.3.3.3 0 0 65001 i
*> 23.75.19.0/24 3.3.3.3 0 0 65001 i
*> 23.75.20.0/24 3.3.3.3 0 0 65001 i
*> 23.75.21.0/24 3.3.3.3 0 0 65001 i
*> 23.75.22.0/24 3.3.3.3 0 0 65001 i
*> 23.75.23.0/24 3.3.3.3 0 0 65001 i
*> 23.75.24.0/24 3.3.3.3 0 0 65001 i
*> 23.75.25.0/24 3.3.3.3 0 0 65001 i
*> 23.75.26.0/24 3.3.3.3 0 0 65001 i
*> 189.168.56.0/23 1.1.1.1 0 1 654 i
*> 189.168.58.0/23 1.1.1.1 0 1 654 i
*> 189.168.60.0/23 1.1.1.1 0 1 654 i
Network Next Hop Metric LocPrf Weight Path
*> 189.168.62.0/23 1.1.1.1 0 1 654 i
*> 189.168.64.0/23 1.1.1.1 0 1 654 i
*> 189.168.66.0/23 1.1.1.1 0 1 654 i
*> 189.168.68.0/23 1.1.1.1 0 1 654 i
*> 189.168.70.0/23 1.1.1.1 0 1 654 i
*> 189.168.72.0/23 1.1.1.1 0 1 654 i
*> 189.168.74.0/23 1.1.1.1 0 1 654 i
*> 189.168.76.0/23 1.1.1.1 0 1 654 i
*> 189.168.78.0/23 1.1.1.1 0 1 654 i
*> 189.168.80.0/23 1.1.1.1 0 1 654 i
*> 189.168.82.0/23 1.1.1.1 0 1 654 i
*> 189.168.84.0/23 1.1.1.1 0 1 654 i
*> 189.168.86.0/23 1.1.1.1 0 1 654 i
*> 189.168.88.0/23 1.1.1.1 0 1 654 i
*> 20.1.1.0/24 0.0.0.0 0 32768 i
*> 20.1.2.0/24 0.0.0.0 0 32768 i
*> 20.1.3.0/24 0.0.0.0 0 32768 i
*> 20.1.4.0/24 0.0.0.0 0 32768 i
*> 20.1.5.0/24 0.0.0.0 0 32768 i
*> 23.75.18.0/24 3.3.3.3 0 0 65001 i
*> 23.75.19.0/24 3.3.3.3 0 0 65001 i
*> 23.75.20.0/24 3.3.3.3 0 0 65001 i
*> 23.75.21.0/24 3.3.3.3 0 0 65001 i
*> 23.75.22.0/24 3.3.3.3 0 0 65001 i
*> 23.75.23.0/24 3.3.3.3 0 0 65001 i
*> 23.75.24.0/24 3.3.3.3 0 0 65001 i
*> 23.75.25.0/24 3.3.3.3 0 0 65001 i
*> 23.75.26.0/24 3.3.3.3 0 0 65001 i
*> 189.168.56.0/23 1.1.1.1 0 1 654 i
*> 189.168.58.0/23 1.1.1.1 0 1 654 i
*> 189.168.60.0/23 1.1.1.1 0 1 654 i
Network Next Hop Metric LocPrf Weight Path
*> 189.168.62.0/23 1.1.1.1 0 1 654 i
*> 189.168.64.0/23 1.1.1.1 0 1 654 i
*> 189.168.66.0/23 1.1.1.1 0 1 654 i
*> 189.168.68.0/23 1.1.1.1 0 1 654 i
*> 189.168.70.0/23 1.1.1.1 0 1 654 i
*> 189.168.72.0/23 1.1.1.1 0 1 654 i
*> 189.168.74.0/23 1.1.1.1 0 1 654 i
*> 189.168.76.0/23 1.1.1.1 0 1 654 i
*> 189.168.78.0/23 1.1.1.1 0 1 654 i
*> 189.168.80.0/23 1.1.1.1 0 1 654 i
*> 189.168.82.0/23 1.1.1.1 0 1 654 i
*> 189.168.84.0/23 1.1.1.1 0 1 654 i
*> 189.168.86.0/23 1.1.1.1 0 1 654 i
*> 189.168.88.0/23 1.1.1.1 0 1 654 i
做路由过滤后,R2上BGP表状态
R2#clear ip bgp * s
R2#sh ip bgp
BGP table version is 182, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
R2#clear ip bgp * s
R2#sh ip bgp
BGP table version is 182, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 20.1.1.0/24 0.0.0.0 0 32768 i
*> 20.1.2.0/24 0.0.0.0 0 32768 i
*> 20.1.3.0/24 0.0.0.0 0 32768 i
*> 20.1.4.0/24 0.0.0.0 0 32768 i
*> 20.1.5.0/24 0.0.0.0 0 32768 i
*> 23.75.18.0/24 3.3.3.3 0 0 65001 i
*> 23.75.19.0/24 3.3.3.3 0 0 65001 i
*> 23.75.20.0/24 3.3.3.3 0 0 65001 i
*> 23.75.21.0/24 3.3.3.3 0 0 65001 i
*> 23.75.22.0/24 3.3.3.3 0 0 65001 i
*> 23.75.23.0/24 3.3.3.3 0 0 65001 i
*> 23.75.24.0/24 3.3.3.3 0 0 65001 i
*> 23.75.25.0/24 3.3.3.3 0 0 65001 i
*> 23.75.26.0/24 3.3.3.3 0 0 65001 i
*> 189.168.56.0/23 1.1.1.1 0 1 654 i
*> 189.168.68.0/23 1.1.1.1 0 1 654 i
*> 189.168.86.0/23 1.1.1.1 0 1 654 i
只有允许的路由条目发送到R2
*> 20.1.1.0/24 0.0.0.0 0 32768 i
*> 20.1.2.0/24 0.0.0.0 0 32768 i
*> 20.1.3.0/24 0.0.0.0 0 32768 i
*> 20.1.4.0/24 0.0.0.0 0 32768 i
*> 20.1.5.0/24 0.0.0.0 0 32768 i
*> 23.75.18.0/24 3.3.3.3 0 0 65001 i
*> 23.75.19.0/24 3.3.3.3 0 0 65001 i
*> 23.75.20.0/24 3.3.3.3 0 0 65001 i
*> 23.75.21.0/24 3.3.3.3 0 0 65001 i
*> 23.75.22.0/24 3.3.3.3 0 0 65001 i
*> 23.75.23.0/24 3.3.3.3 0 0 65001 i
*> 23.75.24.0/24 3.3.3.3 0 0 65001 i
*> 23.75.25.0/24 3.3.3.3 0 0 65001 i
*> 23.75.26.0/24 3.3.3.3 0 0 65001 i
*> 189.168.56.0/23 1.1.1.1 0 1 654 i
*> 189.168.68.0/23 1.1.1.1 0 1 654 i
*> 189.168.86.0/23 1.1.1.1 0 1 654 i
只有允许的路由条目发送到R2
route-map的功能十分强大,而且使用方法也十分灵活;不但可以做路由过滤,还可以做路由策略。在前面所讲的BGP路由汇聚中也用到过。关于route-map的使用方法,后续关于BGP的文章会陆续讲到。