组网需求
如图,AR1与AR2、AR2与AR3之间建立EBGP连接。用户希望AS10的设备和AS30的设备无法相互通信。
配置思路
采用如下思路配置BGP的AS_Path过滤器:
- 在AR1和AR2间、AR2和AR3之间分别配置EBGP连接,并引入直连路由,使AS之间通过EBGP连接实现相互通信。
- 在AR2上配置AS_Path过滤器,并应用该过滤规则,使AS20不向AS10发布AS30的路由,也不向AS30发布AS10的路由。
操作步骤
配置IP
AR1
<Huawei>sys
[Huawei]sys AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 12.12.12.1 24
[AR1-GigabitEthernet0/0/0]q
[AR1]int lo1
[AR1-LoopBack1]ip add 1.1.1.1 24
[AR1-LoopBack1]q
AR2
<Huawei>sys
[Huawei]sys AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 12.12.12.2 24
[AR2-GigabitEthernet0/0/0]q
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 23.23.23.2 24
[AR2-GigabitEthernet0/0/1]q
AR3
<Huawei>sys
[Huawei]sys AR3
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/1]ip add 23.23.23.3 24
[AR3-GigabitEthernet0/0/1]q
[AR3]int lo1
[AR3-LoopBack1]ip add 3.3.3.3 24
[AR3-LoopBack1]q
配置BGP,并引入直连路由
AR1
[AR1]bgp 10
[AR1-bgp]peer 12.12.12.2 as-number 20
#引入该设备直连路由
[AR1-bgp]import-route direct
[AR1-bgp]q
AR2
[AR2]b
[AR2]bgp 20
[AR2-bgp]peer 12.12.12.1 as-number 10
[AR2-bgp]peer 23.23.23.3 as-number 30
[AR2-bgp]import-route direct
[AR2-bgp]q
AR3
[AR3]bgp 30
[AR3-bgp]peer 23.23.23.2 as-number 20
[AR3-bgp]import-route direct
[AR3-bgp]q
分别查看AR1、AR2、AR3 BGP路由表
AR1
[AR1]display bgp routing-table
BGP Local router ID is 12.12.12.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.0/24 0.0.0.0 0 0 ?
*> 1.1.1.1/32 0.0.0.0 0 0 ?
*> 3.3.3.0/24 12.12.12.2 0 20 30?
*> 12.12.12.0/24 0.0.0.0 0 0 ?
12.12.12.2 0 0 20?
*> 12.12.12.1/32 0.0.0.0 0 0 ?
*> 23.23.23.0/24 12.12.12.2 0 0 20?
*> 127.0.0.0 0.0.0.0 0 0 ?
*> 127.0.0.1/32 0.0.0.0 0 0 ?
[AR1]
AR2
[AR2]display bgp routing-table
BGP Local router ID is 12.12.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 10
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.0/24 12.12.12.1 0 0 10?
*> 3.3.3.0/24 23.23.23.3 0 0 30?
*> 12.12.12.0/24 0.0.0.0 0 0 ?
12.12.12.1 0 0 10?
*> 12.12.12.2/32 0.0.0.0 0 0 ?
*> 23.23.23.0/24 0.0.0.0 0 0 ?
23.23.23.3 0 0 30?
*> 23.23.23.2/32 0.0.0.0 0 0 ?
*> 127.0.0.0 0.0.0.0 0 0 ?
*> 127.0.0.1/32 0.0.0.0 0 0 ?
AR3
[AR3]display bgp routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 9
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.0/24 23.23.23.2 0 20 10?
*> 3.3.3.0/24 0.0.0.0 0 0 ?
*> 3.3.3.3/32 0.0.0.0 0 0 ?
*> 12.12.12.0/24 23.23.23.2 0 0 20?
*> 23.23.23.0/24 0.0.0.0 0 0 ?
23.23.23.2 0 0 20?
*> 23.23.23.3/32 0.0.0.0 0 0 ?
*> 127.0.0.0 0.0.0.0 0 0 ?
*> 127.0.0.1/32 0.0.0.0 0 0 ?
结果
由以上路由表可以看出AR1、AR3都互相学习到了对方的直连路由
配置AS_Path过滤器
AR2
#创建AS路径过滤器
[AR2]ip as-path-filter deny30 deny _30_
[AR2]ip as-path-filter deny30 permit .*
[AR2]ip as-path-filter deny10 deny _10_
[AR2]ip as-path-filter deny10 permit .*
[AR2]bgp 20
[AR2-bgp]peer 12.12.12.1 as-path-filter deny30 export
[AR2-bgp]peer 23.23.23.3 as-path-filter deny10 export
[AR2-bgp]q
验证结果
AR2
#查看AR2发往AS10的发布路由表,可以看到表中没有AR2发布的AS30引入的直连路由
<AR2>display bgp routing-table peer 12.12.12.1 advertised-routes
BGP Local router ID is 12.12.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 12.12.12.0/24 12.12.12.2 0 0 20?
*> 23.23.23.0/24 12.12.12.2 0 0 20?
#查看AR2发往AS30的发布路由表,可以看到表中没有AR2发布的AS10引入的直连路由
<AR2>display bgp routing-table peer 23.23.23.3 advertised-routes
BGP Local router ID is 12.12.12.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 12.12.12.0/24 23.23.23.2 0 0 20?
*> 23.23.23.0/24 23.23.23.2 0 0 20?
AR1
#AR1的BGP路由表里也没有AS30区域的路由
<AR1>display bgp routing-table
BGP Local router ID is 12.12.12.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.0/24 0.0.0.0 0 0 ?
*> 1.1.1.1/32 0.0.0.0 0 0 ?
*> 12.12.12.0/24 0.0.0.0 0 0 ?
12.12.12.2 0 0 20?
*> 12.12.12.1/32 0.0.0.0 0 0 ?
*> 23.23.23.0/24 12.12.12.2 0 0 20?
*> 127.0.0.0 0.0.0.0 0 0 ?
*> 127.0.0.1/32 0.0.0.0 0 0 ?
AR3
#AR3的BGP路由表里也没有AS10区域的路由
<AR3>display bgp routing-table
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 9
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 1.1.1.0/24 23.23.23.2 0 20 10?
*> 3.3.3.0/24 0.0.0.0 0 0 ?
*> 3.3.3.3/32 0.0.0.0 0 0 ?
*> 12.12.12.0/24 23.23.23.2 0 0 20?
*> 23.23.23.0/24 0.0.0.0 0 0 ?
23.23.23.2 0 0 20?
*> 23.23.23.3/32 0.0.0.0 0 0 ?
*> 127.0.0.0 0.0.0.0 0 0 ?
*> 127.0.0.1/32 0.0.0.0 0 0 ?