码迷,mamicode.com
首页 > 其他好文 > 详细

LAB - CCNP Using the BGP AS_PATH Attribute

时间:2015-08-08 21:15:19      阅读:299      评论:0      收藏:0      [点我收藏+]

标签:

Topology

 

技术分享

 

 

Objectives:

  • Use BGP commands to prevent private AS numbers from being advertised to the outside world.
  • Use the AS_PATH attribute to filter BGP routes based on their source AS numbers.

 

Step 1: Configure IP address and Hostname

 

Step 2: Configure BGP

SanJose(config)#router bgp 100

SanJose(config-router)#neighbor 192.168.1.6 remote-as 300

SanJose(config-router)#netwrok 10.1.1.0 mask 255.255.255.0

 

ISP(config)#router bgp 300

ISP(config-router)#neighbor 192.168.1.5 remote-as 100

ISP(config-router)#neighbor 172.24.1.18 remote-as 65000

ISP(config-router)#network 10.2.2.0 mask 255.255.255.0

 

CustRtr(config)#router bgp 65000

CustRtr(config-router)#neighbor 172.24.1.17 remote-as 300

CustRtr(config-router)#network 10.3.3.0 mask 255.255.255.0

 

ISP#show ip bgp

BGP table version is 4, local router ID is 10.2.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 192.168.1.5 0 0 100 i
*> 10.2.2.0/24 0.0.0.0 0 32768 i
*> 10.3.3.0/24 172.24.1.18 0 0 65000 i

 

Step 3: Remove the Private AS

R1#show ip route bgp
10.0.0.0/24 is subnetted, 3 subnets
B 10.3.3.0 [20/0] via 192.168.1.6, 00:03:01
B 10.2.2.0 [20/0] via 192.168.1.6, 00:03:01

 

R1#ping 10.3.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 

Question?

Why Does this ping fail?

 

R1#ping 10.3.3.1 sou 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/88 ms

 

R1#show ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.2.0/24 192.168.1.6 0 0 300 i
*> 10.3.3.0/24 192.168.1.6 0 300 65000 i

 

Question? Why is this a probrem?

 

ISP(config)#router bgp 300

ISP(config-router)#neighbor 192.168.1.5 remove-private-as

 

R1#show ip bgp | begin Net
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 10.2.2.0/24 192.168.1.6 0 0 300 i
*> 10.3.3.0/24 192.168.1.6 0 300 i

 

Step 4: 使用AS-PATH过滤路由

use the AS_PATH attribute to filter routes based on their origin.

在R3上过滤掉R1的loopback 0: 10.1.1.1/24 的路由

 

AS-path access lists are read like regular access lists. The statements are read sequentially, and there is an implicit deny at the end. Rather than matching an address in each statement like a conventional access list, AS path access lists match on something called a regular expression. Regular expressions are a way of matching text patterns and have many uses. In this case, you will be using them in the AS path access list to match text patterns in AS paths.

 

ISP(config)#ip as-path access-list 1 deny ^100$

ISP(config)#ip as-apth access-list 1 permit .*

 

^ 表示AS PATH 必须以100开始

& 表示AS PATH 必须以100结尾

. 是反掩码通配符

* 是重复的反掩码通配符

.* 表示匹配任意AS PATH 属性

http://www.cisco.com/en/US/docs/ios/12_2/termserv/configuration/guide/tcfaapre_ps1835_TSD_Products_Configuration_Guide_Chapter.html

 

ISP(config)#router bgp 300

ISP(config-router)#neighbor 172.24.1.18 filter-list 1 out

 

R2#show ip bgp regexp ^100$
BGP table version is 4, local router ID is 10.2.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 192.168.1.5 0 0 100 i

 

R3#show ip route | b Ga
Gateway of last resort is not set

172.24.0.0/30 is subnetted, 1 subnets
C 172.24.1.16 is directly connected, Serial1/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.3.3.0 is directly connected, Loopback0
B 10.2.2.0 [20/0] via 172.24.1.17, 00:00:24

 

foreach address {
10.1.1.1
10.2.2.1
10.3.3.1
192.168.1.5
192.168.1.6
172.24.1.17
172.24.1.18
} {
ping $address }

 

LAB - CCNP Using the BGP AS_PATH Attribute

标签:

原文地址:http://www.cnblogs.com/elewei/p/4713845.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!