【基本知识】
BGP出口路由过滤功能,以最大限度地减少对等路由器之间发送的BGP更新的数量。该功能,可以帮助减少过滤掉不必要的路由更新以及源路由更新的生成和处理所需的资源量。例如,这个功能可以使用,以减少处理路由条目的数量量,不接受那些来自ISP的不完整的路由。
ORF 功能通过公告 ORF capabilityes 到对等路由器时启用。ORF capability 公告表示,一个BGP发言者路由器将接受来自邻居的前缀列表并应用前缀列表到本地的ORF配置。当capability启用时,BGP发言者可以安装入站的前缀列表过滤器到BGP对等体,而对等体会把它当做出站列表,以此来减少不必要的路由更新。
基于BGP的前缀出站路由过滤功能,可以配置为发送、接收、发送和接收三种ORF能力。本地对等体公告 ORF capability 于 send 模式下。远程对等体接收到ORFcapability 于 receive模式,并且应用过滤器当做自己的出站策略本地和远程的对等体交换更新,以保持每个路由器的ORF。通过 address family (依赖 被公告 ORF 前缀列表 capability)在对等体之间交换更新信息当远端对等体接收到路由更新请求或即时ORF前缀列表状态时,开始发送更新到本地对等体在发言者推送入站列表到远程对等体之前,BGP发言人将继续应用入站前缀列表接收更新
1. enable
2. configure terminal
3. router bgp as-number
4. address-family {ipv4 | ipv6 | ***v4| [multicast | unicast | vrf {vrf-name}]
5. neighbor ip-address remote-as as-number
6. neighbor ip-address capability prefixlist-orf [send | receive | both]
7. exit
详细配置
|
Command or Action |
Purpose |
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. ?Enter your password if prompted. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
router bgp as-number Example: Router(config)# router bgp 100 |
Enters router configuration mode, and creates a BGP routing process. |
Step 4 |
address-family ipv4 |ipv6 |***v4 [multicast |unicast | vrf {vrf-name}] Example: Router(config-router-af)# address-family ipv4 unicast |
进入 address family configuration mode to configure BGP peers to accept address family specific configurations. ?The example command creates an IPv4 unicast address family session. |
Step 5 |
neighbor ip-addressremote-as as-number Example: Router(config-router)# neighbor 10.1.1.1 remote-as 200 |
Establishes peering with the specified neighbor or peer-group. ?In this step, you are establishing an eBGP session with the peer router to exchange ORF capabilities. |
Step 6 |
neighbor ip-addresscapability prefixlist-orf [send | receive |both] Example: Router(config-router)# neighbor 10.1.1.1 capability prefixlist-orf both |
Enables the ORF prefix list capability on a router. ?The ORF capability can be enabled in send or receive mode with the corresponding keywords. ORF capabilities can also be enabled in send and receive mode with the bothkeyword. |
Step 7 |
exit Example: Router(config)# exit |
Exits router configuration mode, and enters global configuration mode. |
Step 8 |
access-list access-list-number {deny|permit} Example: Router(config)# eaccess-list 10 permit 192.168.1.0 0.0.0.255 |
Defines the access list for prefix based filtering. ?This feature supports prefix length matching, wild-card based prefix matching, and exact address prefix matching for address family support. |
Step 9 |
exit Example: Router(config)# exit |
Exits global configuration mode, and enters privileged EXEC mode. |
Step 10 |
clear ip bgp {ip-address| *} in prefix-filter Example: Router(config)# clear ip bgp 192.168.1.2 in prefix-filter |
(Optional) Clears BGP ORFs and initiates an inbound soft reset. A single neighbor or all neighbors can be specified. ?When this command is used without the prefix-filter keyword, a normal route refresh is performed. This command should be used when inbound routing policy changes other than a prefix list filter occur, such as a route map change. |
5、配置举例
The following example configures Router-A to advertise prefix-based ORF send capabilities to Router-B (172.16.1.2):
router bgp 100
address-family ipv4 unicast
neighbor 172.16.1.2 remote-as 200
neighbor 172.16.1.2 capability orf prefix-list send
exit
The following example configures Router-B to advertise prefix-based ORF receive capabilities to Router-A (10.1.1.1). This example also creates the prefix filter to permit route from the 192.168.1.0 network.
router bgp 200
address-family ipv4 unicast
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 capability orf prefix-filter receive
neighbor 10.1.1.1 distribute-list 10 in
exit
access-list 10 permit 192.168.1.0 0.0.0.255
!
The following example configures Router-A to advertise both send and receive prefix-based ORF capabilities to Router-B (192.168.1.2) and to initiate an inbound soft reset with Router-B:
router bgp 100
address-family ipv4 unicast
neighbor 192.168.1.2 remote-as 200
neighbor 192.168.1.2 capability orf prefix-list both
exit
clear ip bgp 192.168.1.2 in prefix-filter
!
6、配置校验
Verifying BGP Prefix-Based Outbound Route Filtering Configured in Send Mode
The following example output from the show running-config privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in send mode:
Router# show running-config | begin bgp
router bgp 1
bgp log-neighbor-changes
network 10.0.0.0
network 172.16.1.2
neighbor 192.168.20.72 remote-as 2
neighbor 192.168.20.72 capability orf prefix-list send
!
The following example output from the show ip bgp neighbors privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in send mode:
Router# show ip bgp neighbors 192.168.20.72
BGP neighbor is 192.168.20.72, remote AS 2, external link
BGP version 4, remote router ID 172.16.1.2
BGP state = Established, up for 00:13:27
Last read 00:00:27, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh:advertised and received(new)
Address family IPv4 Unicast:advertised and received
Received 36 messages, 0 notifications, 0 in queue
Sent 36 messages, 0 notifications, 0 in queue
Default minimum time between advertisement runs is 30 seconds
For address family:IPv4 Unicast
BGP table version 13, neighbor version 13
Index 1, Offset 0, Mask 0x2
AF-dependant capabilities:
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode:advertised, received
Receive-mode:received
Route refresh request:received 4, sent 2
2 accepted prefixes consume 80 bytes
Prefix advertised 8, suppressed 0, withdrawn 2
Verifying BGP Prefix-Based Outbound Route Filtering Configured in Receive Mode
The following example output from the show running-config privileged EXEC command shows that neighbor 172.16.1.2 is configured with the prefix-based ORF feature in receive mode:
Router# show running-config | begin bgp
router bgp 1
bgp log-neighbor-changes
network 10.0.0.0
network 192.168.20.72
neighbor 172.16.1.2 remote-as 2
neighbor 172.16.1.2 capability orf prefix-list receive
!
The following example output from the show ip bgp neighbors privileged EXEC command shows that neighbor 172.16.1. 2 is configured with the prefix-based ORF feature in receive mode:
Router# show ip bgp neighbors 172.16.1.2
BGP neighbor is 172.16.1.2, remote AS 2, external link
BGP version 4, remote router ID 192.168.20.72
BGP state = Established, up for 00:02:47
Last read 00:00:46, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh:advertised and received(new)
Address family IPv4 Unicast:advertised and received
Received 45 messages, 0 notifications, 0 in queue
Sent 44 messages, 0 notifications, 0 in queue
Default minimum time between advertisement runs is 30 seconds
For address family:IPv4 Unicast
BGP table version 17, neighbor version 17
Index 1, Offset 0, Mask 0x2
AF-dependant capabilities:
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode:received
Receive-mode:advertised, received
Route refresh request:received 5, sent 2
2 accepted prefixes consume 80 bytes
Prefix advertised 10, suppressed 0, withdrawn 2
Verifying BGP Prefix-Based Outbound Route Filtering Configured in Send and Receive Modes
The following example output from the show running-config privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in both send and receive modes:
Router# show running-config | begin bgp
router bgp 1
bgp log-neighbor-changes
network 10.0.0.0
network 172.16.1.2
neighbor 192.168.20.72 remote-as 2
neighbor 192.168.20.72 capability orf prefix-list both
!
The following example output from the show ip bgp neighbors privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in both send and receive modes:
Router# show ip bgp neighbors 192.168.20.72
BGP neighbor is 192.168.20.72, remote AS 2, external link
BGP version 4, remote router ID 172.16.1.2
BGP state = Established, up for 00:00:09
Last read 00:00:09, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh:advertised and received(new)
Address family IPv4 Unicast:advertised and received
Received 57 messages, 0 notifications, 0 in queue
Sent 56 messages, 0 notifications, 0 in queue
Default minimum time between advertisement runs is 30 seconds
For address family:IPv4 Unicast
BGP table version 21, neighbor version 19
Index 1, Offset 0, Mask 0x2
AF-dependant capabilities:
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode:advertised, received
Receive-mode:advertised, received
Route refresh request:received 6, sent 3
2 accepted prefixes consume 80 bytes
Prefix advertised 12, suppressed 0, withdrawn 2