BGP交换前缀列表的出口路由过滤"ORF"技术

拓扑:
R5------------R7
R5用2个回环口模拟子网(5.5.5.5/32和 55.55.55.55/32)
R7用2个回环口模拟子网(7.7.7.7/32和77.77.77.77/32)
R5和R7之间是192.168.25.x/24
R5的AS号为5
R7的AS号为7
实验目的:
要过滤r7的77.77.77.77/32的条目,可以在r7的out方向做,也可以在r5的in方向做.显然在r7的out方向上做效率高,可以节省两端处理报文的cpu资源和链路负载(这里只有一条,但实际可是几百,千条呵呵).
如果r7是其它isp的路由器,对r5来讲,无权配置r7时,这里提供了一种可选方案:
在r5上配置
r5(config)#ip prefix-list abc seq 5 permit 7.7.7.7/32
r5(config)#ip prefix-list abc seq 10 permit 88.88.88.0/24
将prefix-list abc 用在neighbor 192.168.25.7 prefix-list abc in上(neighbor 192.168.25.7 prefix-list abc in),
仅仅做到这一步是可以实现目的.但意义不大的,因为报文已经是被传到了r5上后被过滤的.造成cpu,链路资源的浪费.这里提供了一种将本端的in方向的prefix-list"推到"对端邻居r7的out方向上去的能力,即ORF,列表不在本地起作用了,而是让对端去过滤.出口路由过滤:
r5(config-router)#nei 192.168.25.7 capability orf prefix-list both [启用orf能力,此命令输入后在show run中不可见,不知道为何?]
r7(config-router)#nei 192.168.25.5 capability orf prefix-list both [r7也启用orf能力]
r5#clear ip bgp 192.168.25.7 in prefix-filter    [作用:向邻居r7推出前缀列表,以用于r7的out方向]
结果:查看r7发给邻居192.168.25.5(r5)的条目,是没有77.77.77.77/32的,说明在出r7时就已经被前缀列表滤掉了.但这个列表却是在r5上配置的.
r7#sh ip bgp nei 192.168.25.5 advertised-routes
BGP table version is 14, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 7.7.7.7/32       0.0.0.0                  0         32768 i
*> 88.88.88.0/24    0.0.0.0                  0         32768 i
 
 
hostname r5
!
logging queue-limit 100
!
ip subnet-zero
no ip domain lookup
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
no ip route-cache
no ip mroute-cache
!
interface Loopback1
ip address 55.55.55.55 255.255.255.255
!
interface Ethernet0
ip address 192.168.25.5 255.255.255.0
!
interface Serial0
no ip address
!
interface Serial1
no ip address
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
network 55.55.55.55 mask 255.255.255.255
neighbor 192.168.25.7 remote-as 7
neighbor 192.168.25.7 prefix-list abc in
no auto-summary
!        
no ip http server
ip classless
!
!
!
ip prefix-list abc seq 5 permit 7.7.7.7/32
ip prefix-list abc seq 10 permit 88.88.88.0/24
!
!
 
 

!
hostname r7
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Loopback1
ip address 77.77.77.77 255.255.255.255
!
interface Loopback2
ip address 88.88.88.88 255.255.255.0
!
interface Ethernet0
ip address 192.168.25.7 255.255.255.0
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
router bgp 7
no synchronization
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
network 77.77.77.77 mask 255.255.255.255
network 88.88.88.0 mask 255.255.255.0
neighbor 192.168.25.5 remote-as 5
no auto-summary