学习精彩网络技术老师:华为、华三、锐捷、WLAN、IPv6等全套视频课程
网络中可根据通信需求,对接收和发布的路由通过XPL的过滤策略进行过滤。本举例用行编辑的方式对集合和过滤策略进行配置。
组网需求
如图1,运行BGP协议的网络中,DeviceA和DeviceB属于AS 100,DeviceC、DeviceD、DeviceE属于AS 200。DeviceA引入四条路由2.2.2.0/24、3.3.3.0/24、4.4.4.0/24、5.5.5.0/24。要求:
- DeviceA仅发布2.2.2.0/24、3.3.3.0/24和4.4.4.0/24路由给DeviceB;
- DeviceC接收到这三条路由后,向DeviceE发送全部路由,而DeviceD只向E发布2.2.2.0/24和3.3.3.0/24路由且需要路由2.2.2.0/24的MED值大于DeviceC发来的2.2.2.0/24,使DeviceE选择DeviceC作为发送去往2.2.2.0/24网段的流量的出口设备。
对于以上两点要求,在路由发布端配置发布策略或在路由接收端配置接收策略均能实现,在下面的举例中,将在DeviceA上配置发布策略,在DeviceE上配置接收策略来实现此功能。
| 设备名称 | 接口 | IP地址 |
| DeviceA | GE 0/3/0 | 1.1.5.2/24 |
| DeviceB | GE 0/3/0 | 1.1.5.1/24 |
| DeviceB | GE 0/3/1 | 1.1.4.2/24 |
| DeviceB | GE 0/3/2 | 1.1.3.2/24 |
| DeviceC | GE 0/3/1 | 1.1.1.2/24 |
| DeviceC | GE 0/3/2 | 1.1.3.1/24 |
| DeviceD | GE 0/3/1 | 1.1.2.2/24 |
| DeviceD | GE 0/3/2 | 1.1.4.1/24 |
| DeviceE | GE 0/3/1 | 1.1.2.1/24 |
| DeviceE | GE 0/3/2 | 1.1.1.1/24 |
配置注意事项
在配置过程中,需注意以下事项:
配置思路
采用如下的思路配置对路由进行过滤:
在DeviceA、DeviceB、DeviceC、DeviceD和DeviceE上配置BGP基本功能。
在DeviceA上配置静态路由,并将这些路由引入BGP路由。
在DeviceA上配置路由发布策略,在DeviceB上查看过滤结果。
在DeviceE上配置路由接收策略,在DeviceE上查看过滤结果。
数据准备
为完成此配置例,需准备如下数据:
DeviceA引入的4条静态路由。
DeviceA、DeviceB位于AS 100,DeviceC、DeviceD和DeviceE位于AS 200。
IPv4地址前缀集合表名称,待过滤路由。
操作步骤
- 配置各接口的IP地址,请参见配置文件。
- 配置BGP协议
# DeviceA的配置。
<DeviceA> system-view
[~DeviceA] bgp 100
[*DeviceA-bgp] peer 1.1.5.1 as-number 100
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
# DeviceB的配置。
<DeviceB> system-view
[~DeviceB] bgp 100
[*DeviceB-bgp] peer 1.1.5.2 as-number 100
[*DeviceB-bgp] peer 1.1.3.1 as-number 200
[*DeviceB-bgp] peer 1.1.4.1 as-number 200
[*DeviceB-bgp] commit
[~DeviceB-bgp] quit
# DeviceC的配置。
<DeviceC> system-view
[~DeviceC] bgp 200
[*DeviceC-bgp] peer 1.1.1.1 as-number 200
[*DeviceC-bgp] peer 1.1.3.2 as-number 100
[*DeviceC-bgp] commit
[~DeviceC-bgp] quit
# DeviceD的配置。
<DeviceD> system-view
[~DeviceD] bgp 200
[*DeviceD-bgp] peer 1.1.2.1 as-number 200
[*DeviceD-bgp] peer 1.1.4.2 as-number 100
[*DeviceD-bgp] commit
[~DeviceD-bgp] quit
# DeviceE的配置。
<DeviceE> system-view
[~DeviceE] bgp 200
[*DeviceE-bgp] peer 1.1.1.2 as-number 200
[*DeviceE-bgp] peer 1.1.2.2 as-number 200
[*DeviceE-bgp] commit
[~DeviceE-bgp] quit
- 在DeviceA上配置4条静态路由,并将这些静态路由引入到BGP协议中。
[~DeviceA] ip route-static 2.2.2.0 255.255.255.0 NULL0
[*DeviceA] ip route-static 3.3.3.0 255.255.255.0 NULL0
[*DeviceA] ip route-static 4.4.4.0 255.255.255.0 NULL0
[*DeviceA] ip route-static 5.5.5.0 255.255.255.0 NULL0
[*DeviceA] bgp 100
[*DeviceA-bgp] import-route static
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
# 在DeviceB上查看BGP路由表,可以看到BGP引入的4条静态路由。
[~DeviceB] display bgp routing-table
BGP Local router ID is 1.1.5.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 2.2.2.0/24 1.1.5.2 0 100 0 ?
*>i 3.3.3.0/24 1.1.5.2 0 100 0 ?
*>i 4.4.4.0/24 1.1.5.2 0 100 0 ?
*>i 5.5.5.0/24 1.1.5.2 0 100 0 ?
# 在DeviceE上查看BGP路由表,可以看到BGP引入的4条静态路由并且这4条路由都分别来自DeviceC和DeviceD各一条。
[~DeviceE] display bgp routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found
Total Number of Routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
i 2.2.2.0/24 1.1.3.2 100 0 100?
i 1.1.4.2 100 0 100?
i 3.3.3.0/24 1.1.4.2 100 0 100?
i 1.1.3.2 100 0 100?
i 4.4.4.0/24 1.1.3.2 100 0 100?
i 1.1.4.2 100 0 100?
i 5.5.5.0/24 1.1.4.2 100 0 100?
i 1.1.3.2 100 0 100?
- 在DeviceA上配置路由发布策略。
# 在DeviceA上配置IPv4地址前缀集合prefix1。
[~DeviceA] xpl ip-prefix-list prefix1
[~DeviceA-xpl-pfx] 2.2.2.0 24,
[~DeviceA-xpl-pfx] 3.3.3.0 24,
[~DeviceA-xpl-pfx] 4.4.4.0 24
[~DeviceA-xpl-pfx] end-list
[*DeviceA] commit
# 在DeviceA上配置过滤策略r1,目的地址为2.2.2.0/24、3.3.3.0/24和4.4.4.0/24的路由通过过滤策略。
[~DeviceA] xpl route-filter r1
[~DeviceA-xpl-filter] if ip route-destination in prefix1 then
[~DeviceA-xpl-filter-if] approve
[~DeviceA-xpl-filter-if] else
[~DeviceA-xpl-filter-else] refuse
[~DeviceA-xpl-filter-else] endif
[~DeviceA-xpl-filter] end-filter
[*DeviceA] commit
# 在DeviceA上配置发布策略,引用过滤策略r1对向DeviceB发布的路由进行过滤。
<DeviceA> system-view
[~DeviceA] bgp 100
[~DeviceA-bgp] peer 1.1.5.1 route-filter r1 export
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
# 在DeviceB上查看BGP路由表,可以看到DeviceB的BGP路由表中没有了5.5.5.0/24这条路由。
[~DeviceB] display bgp routing-table
BGP Local router ID is 1.1.5.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 2.2.2.0/24 1.1.5.2 0 100 0 ?
*>i 3.3.3.0/24 1.1.5.2 0 100 0 ?
*>i 4.4.4.0/24 1.1.5.2 0 100 0 ?
- 在DeviceE上配置路由接收策略
# 在DeviceE上配置带参数的过滤策略appmed,用来给路由设置MED值。
[~DeviceE] xpl route-filter appmed($med)
[~DeviceE-xpl-filter] apply med $med
[~DeviceE-xpl-filter] end-filter
[*DeviceE] commit
# 在DeviceE上配置过滤策略r2,只允许2.2.2.0/24、3.3.3.0/24通过策略并引用过滤策略appmed给2.2.2.0/24设置MED值为200。
[~DeviceE] xpl route-filter r2
[~DeviceE-xpl-filter] if ip route-destination in {2.2.2.0 24} then
[~DeviceE-xpl-filter-if] call route-filter appmed(200)
[~DeviceE-xpl-filter-if] elseif ip route-destination in {2.2.2.0 24, 3.3.3.0 24} then
[~DeviceE-xpl-filter-elif] approve
[~DeviceE-xpl-filter-elif] else
[~DeviceE-xpl-filter-else] refuse
[~DeviceE-xpl-filter-else] endif
[~DeviceE-xpl-filter] end-filter
[*DeviceE] commit
# 在DeviceE上配置过滤策略r3,通过策略并给2.2.2.0/24设置MED值为100。
[~DeviceE] xpl route-filter r3
[~DeviceE-xpl-filter] if ip route-destination in {2.2.2.0 24} then
[~DeviceE-xpl-filter-if] call route-filter appmed(100)
[~DeviceE-xpl-filter-if] else
[~DeviceE-xpl-filter-else] approve
[~DeviceE-xpl-filter-else] endif
[~DeviceE-xpl-filter] end-filter
[*DeviceE] commit
# 在DeviceE上配置入口策略,对DeviceD发来的路由的出口策略引用r2,对DeviceC发来的路由的出口策略引用r3。
<DeviceE> system-view
[~DeviceE] bgp 200
[~DeviceE-bgp] peer 1.1.2.2 route-filter r2 import
[*DeviceE-bgp] peer 1.1.1.2 route-filter r3 import
[*DeviceE-bgp] commit
[~DeviceE-bgp] quit
# 查看DeviceE的BGP路由表,可以看到DeviceE的BGP路由表中没有了来自DeviceD的4.4.4.0/24,且来自DeviceC和DeviceD的2.2.2.0/24的MED值分别为100和200。
[~DeviceE] display bgp routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found
Total Number of Routes: 5
Network NextHop MED LocPrf PrefVal Path/Ogn
i 2.2.2.0/24 1.1.4.2 200 100 0 100?
i 1.1.3.2 100 100 0 100?
i 3.3.3.0/24 1.1.4.2 100 0 100?
i 1.1.3.2 100 0 100?
i 4.4.4.0/24 1.1.3.2 100 0 100?
配置文件
#
sysname DeviceA
#
interface GigabitEthernet0/3/0
undo shutdown
ip address 1.1.5.2 255.255.255.0
#
bgp 100
peer 1.1.5.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route static
peer 1.1.5.1 enable
peer 1.1.5.1 route-filter r1 export
#
ip route-static 2.2.2.0 255.255.255.0 NULL0
ip route-static 3.3.3.0 255.255.255.0 NULL0
ip route-static 4.4.4.0 255.255.255.0 NULL0
ip route-static 5.5.5.0 255.255.255.0 NULL0
#
xpl route-filter r1
if ip route-destination in prefix1 then
approve
else
refuse
endif
end-filter
#
xpl ip-prefix-list prefix1
2.2.2.0 24,
3.3.3.0 24,
4.4.4.0 24
end-list
#
return
#
sysname DeviceB
#
interface GigabitEthernet0/3/0
undo shutdown
ip address 1.1.5.1 255.255.255.0
#
interface GigabitEthernet0/3/1
undo shutdown
ip address 1.1.4.2 255.255.255.0
#
interface GigabitEthernet0/3/2
undo shutdown
ip address 1.1.3.2 255.255.255.0
#
bgp 100
peer 1.1.3.1 as-number 200
peer 1.1.4.1 as-number 200
peer 1.1.5.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 1.1.3.1 enable
peer 1.1.4.1 enable
peer 1.1.5.2 enable
#
return
#
sysname DeviceC
#
interface GigabitEthernet0/3/1
undo shutdown
ip address 1.1.1.2 255.255.255.0
#
interface GigabitEthernet0/3/2
undo shutdown
ip address 1.1.3.1 255.255.255.0
#
bgp 200
peer 1.1.1.1 as-number 200
peer 1.1.3.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.3.2 enable
#
return
#
sysname DeviceD
#
interface GigabitEthernet0/3/1
undo shutdown
ip address 1.1.2.2 255.255.255.0
#
interface GigabitEthernet0/3/2
undo shutdown
ip address 1.1.4.1 255.255.255.0
#
bgp 200
peer 1.1.2.1 as-number 200
peer 1.1.4.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 1.1.2.1 enable
peer 1.1.4.2 enable
#
return
#
sysname DeviceE
#
interface GigabitEthernet0/3/1
undo shutdown
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet0/3/2
undo shutdown
ip address 1.1.1.1 255.255.255.0
#
bgp 200
peer 1.1.1.2 as-number 200
peer 1.1.2.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 1.1.1.2 enable
peer 1.1.1.2 route-filter r3 import
peer 1.1.2.2 enable
peer 1.1.2.2 route-filter r2 import
#
xpl route-filter appmed($med)
apply med $med
end-filter
#
xpl route-filter r2
if ip route-destination in {2.2.2.0 24} then
call route-filter appmed(200)
elseif ip route-destination in {2.2.2.0 24, 3.3.3.0 24} then
approve
else
refuse
endif
end-filter
#
xpl route-filter r3
if ip route-destination in {2.2.2.0 24} then
call route-filter appmed(100)
else
approve
endif
end-filter
#
return
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
