如图所示,PE1和PE2都属于AS100。目前需要PE2不必维护出库策略即可实现PE2设备之发送给符合PE1设备入口策略的路由。
我们在14.8.5节介绍到:如果设备希望只接收自己需要的路由,但对端设备有无法针对每个与它连接的设备维护不同的出口策略时,可用过配置基于前缀的ORF来满足两端设备的需求。而本示例中,PE1是希望只接收自己需要的路由,但对端设备PE2又没有配置、维护向对等体PE1发布BGP路由的相关策略,此时就可以在PE1上配置基于前缀的ORF来使得对端PE2只向PE1发布PE1所需的路由。
1) 配置各路由器的接口IP地址和BGP基本功能
l 【PE1上的配置】
interface GigabitEthernet1/0/0
ip address 111.1.1.1 255.255.255.0
bgp 100
peer 111.1.1.2 as-number 100
l 【PE2上的配置】
interface GigabitEthernet1/0/0
ip address 111.1.1.2 255.255.255.0
bgp 100
peer 111.1.1.1 as-number 100
2) 在PE-2 上配置静态路由并引入到BGP中,在PE-1 上应用基于前缀的入口过滤,仅收到部分路由
l 【PE2上的配置】
配置3条以NULL0接口为出接口的黑洞主机静态路由(仅用于实验),然后把这些静态路由全引入到BGP路由表中。
[PE-2]ip route-static 3.3.3.3 255.255.255.255 NULL 0
[PE-2]ip route-static 4.4.4.4 255.255.255.255 NULL 0
[PE-2]ip route-static 5.5.5.5 255.255.255.255 NULL 0
[PE-2]bgp 100
[PE-2-bgp]import-route static
l 【PE1上的配置】
仅从PE-2接收网络地址为4.4.4.0,子网掩码在24-32之间的路由。根据PE-2上引入的静态路由,可以得知此时PE-1只接收来自PE-2的4.4.4.4的路由。
[PE-1]ip ip-prefix 1 permit 4.4.4.0 24 greater-equal 32
[PE-1]bgp 100
[PE-1-bgp]peer 111.1.1.2 ip-prefix 1 import
以上配置好后,在PE-2上执行display bgp routing peer 1.1.1.1 advertised-routes命令,查看向PE-1发布的路由情况,发现PE-2把引入的3条静态路由全部发给PE-1了。
<PE-2>dis bgp routing-table peer 111.1.1.1 advertised-routes
BGP Local router ID is 111.1.1.2
Status codes: * – valid, > – best, d – damped,
h – history, i – internal, s – suppressed, S – Stale
Origin : i – IGP, e – EGP, ? – incomplete
Total Number of Routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 3.3.3.3/32 111.1.1.2 0 100 0 ?
*> 4.4.4.4/32 111.1.1.2 0 100 0 ?
*> 5.5.5.5/32 111.1.1.2 0 100 0 ?
<PE-2>
同时,也可以在PE-1上执行display bpg routing-table peer 111.1.1.2 received-routes命令,查看从PE-2接收路由的情况,发现PE-1仅接收了4.4.4.4/32这一条路由。
<PE-1>display bgp routing-table peer 111.1.1.2 received-routes
BGP Local router ID is 111.1.1.1
Status codes: * – valid, > – best, d – damped,
h – history, i – internal, s – suppressed, S – Stale
Origin : i – IGP, e – EGP, ? – incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 4.4.4.4/32 111.1.1.2 0 100 0 ?
<PE-1>
由此可以看出,在未使能基于前缀的BGP ORF功能时,PE-2发送了3.3.3.3、4.4.4.4、5.5.5.5 三条路由,PE-1的基于前缀列表的入口策略只接收了4.4.4.4的路由。
3) 使能基于前缀的BGP ORF功能。
l 【在PE-1上针对PE-2使能基于前缀的发送方向BGP ORF功能】
[PE-1]bgp 100
[PE-1-bgp]peer 111.1.1.2 capability-advertise orf ip-prefix send
l 【在PE-2上针对PE-1使能基于前缀的接收方向BGP ORF功能】
[PE-2]bgp 100
[PE-2-bgp]peer 111.1.1.1 capability-advertise orf ip-prefix receive
此时再PE-2上执行display bpg peer 111.1.1.1 orf ip-prefix命令可查看到来自对等体PE-1基于地址前缀的ORF信息,仅允许网络地址我4.4.4.0、子网掩码在24-32之间的路由。
[PE-2]display bgp peer 111.1.1.1 orf ip-prefix
Total number of ip-prefix received: 1
Index Action Prefix MaskLen MinLen MaxLen
10 Permit 4.4.4.0 24 32 32
也可以在PE-2 上执行display bgp peer 111.1.1.1 verbose命令,会发现此时PE2已使能了出方向路由过滤功能,这是在使能了ORF功能后产生的,参见输出信息中的粗体字部分。
<PE-2>display bgp peer 111.1.1.1 verbose
BGP Peer is 111.1.1.1, remote AS 100
Type: IBGP link
BGP version 4, Remote router ID 111.1.1.1
Update-group ID: 0
BGP current state: Established, Up for 00h03m05s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
BGP Peer Up count: 3
Received total routes: 0
Received active routes total: 0
Advertised total routes: 1
Port: Local – 51080 Remote – 179
Configured: Connect-retry Time: 32 sec
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp outbound route filter capability
Support Address-Prefix: IPv4-UNC address-family, rfc-compatible, send!–PE-1已使能了IPv4通用地址族、RFC兼容标准的发送ORF报文的能力。
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
Received: Total 6 messages
Update messages 0
Open messages 1
KeepAlive messages 4
Notification messages 0
Refresh messages 1
Sent: Total 6 messages
Update messages 1
Open messages 1
KeepAlive messages 4
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2023/12/29 18:58:54 UTC-08:00
Last keepalive sent : 2023/12/29 18:58:54 UTC-08:00
Last update sent : 2023/12/29 18:55:54 UTC-08:00
Minimum route advertisement interval is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
Outbound route filter capability has been enabled ##本端已使能了出方向路由过滤功能
Enable Address-Prefix: IPv4-UNC address-family, rfc-compatible, receive##使能了IPv4通用地址族、RFC兼容标准和ORF报文接收能力。
4-byte-as capability has been enabled
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
<PE-2>
此时再在PE-2上执行display bgp routing peer 111.1.1.1 advertised-routes命令,查看其发布给PE-1的路由情况,会发现PE-2此时向PE-1仅发布了PE-1入口前缀列表接受的路由4.4.4.4/32。但并没有在PE2配置任何BGP路由发布策略。
<PE-2>display bgp routing peer 111.1.1.1 advertised-routes
BGP Local router ID is 111.1.1.2
Status codes: * – valid, > – best, d – damped,
h – history, i – internal, s – suppressed, S – Stale
Origin : i – IGP, e – EGP, ? – incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 4.4.4.4/32 111.1.1.2 0 100 0 ?
在PE-1上执行display bgp routing peer 111.1.1.2 received-routes命令,查看其从个PE-2上接收路由的情况,发现也的确仅接收了4.4.4.4/32这一条路由。
<PE-1>display bgp routing peer 111.1.1.2 received-routes
BGP Local router ID is 111.1.1.1
Status codes: * – valid, > – best, d – damped,
h – history, i – internal, s – suppressed, S – Stale
Origin : i – IGP, e – EGP, ? – incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 4.4.4.4/32 111.1.1.2 0 100 0 ?
<PE-1>
© 版权声明
文章版权归作者所有,未经允许请勿转载。
相关文章
暂无评论...