BGP路由过滤

 

 

（在这个实验中，基础的配置就不再多配了，跟前面几个实验差不多）

在没有使用路由过滤之前，所有的从R3 R2上过来的路由都可以看到：
R1#show ip bgp
BGP table version is 25, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 i
*  2.2.2.0/24       172.16.2.3                             0 100 i
*>                  172.16.1.2               0             0 100 i
*  3.3.3.0/24       172.16.1.2                             0 100 i
*>                  172.16.2.3               0             0 100 i
*  4.4.4.0/24       172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  5.5.5.0/24       172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  10.1.1.0/24      172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  11.1.1.0/24      172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  192.168.192.0    172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  192.168.192.0/21 172.16.2.3                             0 100 200 i
*>                  172.16.1.2                             0 100 200 i
   Network          Next Hop            Metric LocPrf Weight Path
*  192.168.193.0    172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  192.168.194.0    172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  192.168.195.0    172.16.1.2                             0 100 200 i
*>                  172.16.2.3                             0 100 200 i
*  192.168.196.0    172.16.2.3                             0 100 200 i
*>                  172.16.1.2                             0 100 200 i
*  192.168.197.0    172.16.2.3                             0 100 200 i
*>                  172.16.1.2                             0 100 200 i
*  192.168.198.0    172.16.2.3                             0 100 200 i
*>                  172.16.1.2                             0 100 200 i
*  192.168.199.0    172.16.2.3                             0 100 200 i
*>                  172.16.1.2                             0 100 200 i

第一种方法：
使用AS-PATH过滤路由：
先用Ip as-path access-list定义
再在路由模式下使用：neighbor ___ .___ .___ .____ filter-list # out

当在R2上使用：
!
ip as-path access-list 1 permit ^$
再在路由配置模式下使用：
 neighbor 172.16.1.1 filter-list 1 out
在这里的意思是即通告自已AS的路由而不通告别的AS过来的路由，也就是不让自已做为别的AS的转发区

R1#show ip bgp        
BGP table version is 30, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 i
*  2.2.2.0/24       172.16.2.3                             0 100 i
*>                  172.16.1.2               0             0 100 i
*  3.3.3.0/24       172.16.1.2                             0 100 i
*>                  172.16.2.3               0             0 100 i
*> 4.4.4.0/24       172.16.2.3                             0 100 200 i
*> 5.5.5.0/24       172.16.2.3                             0 100 200 i
*> 10.1.1.0/24      172.16.2.3                             0 100 200 i
*> 11.1.1.0/24      172.16.2.3                             0 100 200 i
*> 192.168.192.0    172.16.2.3                             0 100 200 i
*> 192.168.192.0/21 172.16.2.3                             0 100 200 i
*> 192.168.193.0    172.16.2.3                             0 100 200 i
*> 192.168.194.0    172.16.2.3                             0 100 200 i
*> 192.168.195.0    172.16.2.3                             0 100 200 i
*> 192.168.196.0    172.16.2.3                             0 100 200 i
*> 192.168.197.0    172.16.2.3                             0 100 200 i
*> 192.168.198.0    172.16.2.3                             0 100 200 i
   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.199.0    172.16.2.3                             0 100 200 i

当在R3上也使用这个方法后，可以看到：

R1#show ip bgp
BGP table version is 43, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 i
*  2.2.2.0/24       172.16.2.3                             0 100 i
*>                  172.16.1.2               0             0 100 i
*  3.3.3.0/24       172.16.1.2                             0 100 i
*>                  172.16.2.3               0             0 100 i

第二种方法：使用route-map过滤路由：

就是跟route-map一起使用：

!
ip as-path access-list 1 permit ^$
!
route-map as-path permit 10
 match as-path 1

 neighbor 172.16.1.1 route-map as-path out

可以在R1上看到相同的结果。

以下有几个例子：

本文出自 “xiaomu205.com” 博客，转载请与作者联系！