对接收和发布的路由进行过滤示例(行编辑)
网络中可根据通信需求,对接收和发布的路由通过XPL的过滤策略进行过滤。本举例用行编辑的方式对集合和过滤策略进行配置。
组网需求
- DeviceA仅发布2.2.2.0/24、3.3.3.0/24和4.4.4.0/24路由给DeviceB;
- DeviceC接收到这三条路由后,向DeviceE发送全部路由,而DeviceD只向E发布2.2.2.0/24和3.3.3.0/24路由且需要路由2.2.2.0/24的MED值大于DeviceC发来的2.2.2.0/24,使DeviceE选择DeviceC作为发送去往2.2.2.0/24网段的流量的出口设备。
对于以上两点要求,在路由发布端配置发布策略或在路由接收端配置接收策略均能实现,在下面的举例中,将在DeviceA上配置发布策略,在DeviceE上配置接收策略来实现此功能。
设备名称 |
接口 |
IP地址 |
---|---|---|
DeviceA |
GE 0/3/0 |
1.1.5.2/24 |
DeviceB |
GE 0/3/0 |
1.1.5.1/24 |
DeviceB |
GE 0/3/1 |
1.1.4.2/24 |
DeviceB |
GE 0/3/2 |
1.1.3.2/24 |
DeviceC |
GE 0/3/1 |
1.1.1.2/24 |
DeviceC |
GE 0/3/2 |
1.1.3.1/24 |
DeviceD |
GE 0/3/1 |
1.1.2.2/24 |
DeviceD |
GE 0/3/2 |
1.1.4.1/24 |
DeviceE |
GE 0/3/1 |
1.1.2.1/24 |
DeviceE |
GE 0/3/2 |
1.1.1.1/24 |
配置思路
采用如下的思路配置对路由进行过滤:
在DeviceA、DeviceB、DeviceC、DeviceD和DeviceE上配置BGP基本功能。
在DeviceA上配置静态路由,并将这些路由引入BGP路由。
在DeviceA上配置路由发布策略,在DeviceB上查看过滤结果。
在DeviceE上配置路由接收策略,在DeviceE上查看过滤结果。
数据准备
为完成此配置例,需准备如下数据:
DeviceA引入的4条静态路由。
DeviceA、DeviceB位于AS 100,DeviceC、DeviceD和DeviceE位于AS 200。
IPv4地址前缀集合表名称,待过滤路由。
操作步骤
- 配置各接口的IP地址,请参见配置文件。
- 配置BGP协议
# DeviceA的配置。
<DeviceA> system-view
[~DeviceA] bgp 100
[*DeviceA-bgp] peer 1.1.5.1 as-number 100
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
# DeviceB的配置。
<DeviceB> system-view
[~DeviceB] bgp 100
[*DeviceB-bgp] peer 1.1.5.2 as-number 100
[*DeviceB-bgp] peer 1.1.3.1 as-number 200
[*DeviceB-bgp] peer 1.1.4.1 as-number 200
[*DeviceB-bgp] commit
[~DeviceB-bgp] quit
# DeviceC的配置。
<DeviceC> system-view
[~DeviceC] bgp 200
[*DeviceC-bgp] peer 1.1.1.1 as-number 200
[*DeviceC-bgp] peer 1.1.3.2 as-number 100
[*DeviceC-bgp] commit
[~DeviceC-bgp] quit
# DeviceD的配置。
<DeviceD> system-view
[~DeviceD] bgp 200
[*DeviceD-bgp] peer 1.1.2.1 as-number 200
[*DeviceD-bgp] peer 1.1.4.2 as-number 100
[*DeviceD-bgp] commit
[~DeviceD-bgp] quit
# DeviceE的配置。
<DeviceE> system-view
[~DeviceE] bgp 200
[*DeviceE-bgp] peer 1.1.1.2 as-number 200
[*DeviceE-bgp] peer 1.1.2.2 as-number 200
[*DeviceE-bgp] commit
[~DeviceE-bgp] quit
- 在DeviceA上配置4条静态路由,并将这些静态路由引入到BGP协议中。
[~DeviceA] ip route-static 2.2.2.0 255.255.255.0 NULL0
[*DeviceA] ip route-static 3.3.3.0 255.255.255.0 NULL0
[*DeviceA] ip route-static 4.4.4.0 255.255.255.0 NULL0
[*DeviceA] ip route-static 5.5.5.0 255.255.255.0 NULL0
[*DeviceA] bgp 100
[*DeviceA-bgp] import-route static
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
# 在DeviceB上查看BGP路由表,可以看到BGP引入的4条静态路由。
[~DeviceB] display bgp routing-table
BGP Local router ID is 1.1.5.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found Total Number of Routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 2.2.2.0/24 1.1.5.2 0 100 0 ? *>i 3.3.3.0/24 1.1.5.2 0 100 0 ? *>i 4.4.4.0/24 1.1.5.2 0 100 0 ? *>i 5.5.5.0/24 1.1.5.2 0 100 0 ?
# 在DeviceE上查看BGP路由表,可以看到BGP引入的4条静态路由并且这4条路由都分别来自DeviceC和DeviceD各一条。
[~DeviceE] display bgp routing-table
BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found Total Number of Routes: 8 Network NextHop MED LocPrf PrefVal Path/Ogn i 2.2.2.0/24 1.1.3.2 100 0 100? i 1.1.4.2 100 0 100? i 3.3.3.0/24 1.1.4.2 100 0 100? i 1.1.3.2 100 0 100? i 4.4.4.0/24 1.1.3.2 100 0 100? i 1.1.4.2 100 0 100? i 5.5.5.0/24 1.1.4.2 100 0 100? i 1.1.3.2 100 0 100?
- 在DeviceA上配置路由发布策略。
# 在DeviceA上配置IPv4地址前缀集合prefix1。
[~DeviceA] xpl ip-prefix-list prefix1
[~DeviceA-xpl-pfx] 2.2.2.0 24,
[~DeviceA-xpl-pfx] 3.3.3.0 24,
[~DeviceA-xpl-pfx] 4.4.4.0 24
[~DeviceA-xpl-pfx] end-list
[*DeviceA] commit
# 在DeviceA上配置过滤策略r1,目的地址为2.2.2.0/24、3.3.3.0/24和4.4.4.0/24的路由通过过滤策略。
[~DeviceA] xpl route-filter r1
[~DeviceA-xpl-filter] if ip route-destination in prefix1 then
[~DeviceA-xpl-filter-if] approve
[~DeviceA-xpl-filter-if] else
[~DeviceA-xpl-filter-else] refuse
[~DeviceA-xpl-filter-else] endif
[~DeviceA-xpl-filter] end-filter
[*DeviceA] commit
# 在DeviceA上配置发布策略,引用过滤策略r1对向DeviceB发布的路由进行过滤。
<DeviceA> system-view
[~DeviceA] bgp 100
[~DeviceA-bgp] peer 1.1.5.1 route-filter r1 export
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
# 在DeviceB上查看BGP路由表,可以看到DeviceB的BGP路由表中没有了5.5.5.0/24这条路由。
[~DeviceB] display bgp routing-table
BGP Local router ID is 1.1.5.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found Total Number of Routes: 3 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 2.2.2.0/24 1.1.5.2 0 100 0 ? *>i 3.3.3.0/24 1.1.5.2 0 100 0 ? *>i 4.4.4.0/24 1.1.5.2 0 100 0 ?
- 在DeviceE上配置路由接收策略
# 在DeviceE上配置带参数的过滤策略appmed,用来给路由设置MED值。
[~DeviceE] xpl route-filter appmed($med)
[~DeviceE-xpl-filter] apply med $med
[~DeviceE-xpl-filter] end-filter
[*DeviceE] commit
# 在DeviceE上配置过滤策略r2,只允许2.2.2.0/24、3.3.3.0/24通过策略并引用过滤策略appmed给2.2.2.0/24设置MED值为200。
[~DeviceE] xpl route-filter r2
[~DeviceE-xpl-filter] if ip route-destination in {2.2.2.0 24} then
[~DeviceE-xpl-filter-if] call route-filter appmed(200)
[~DeviceE-xpl-filter-if] elseif ip route-destination in {2.2.2.0 24, 3.3.3.0 24} then
[~DeviceE-xpl-filter-elif] approve
[~DeviceE-xpl-filter-elif] else
[~DeviceE-xpl-filter-else] refuse
[~DeviceE-xpl-filter-else] endif
[~DeviceE-xpl-filter] end-filter
[*DeviceE] commit
# 在DeviceE上配置过滤策略r3,通过策略并给2.2.2.0/24设置MED值为100。
[~DeviceE] xpl route-filter r3
[~DeviceE-xpl-filter] if ip route-destination in {2.2.2.0 24} then
[~DeviceE-xpl-filter-if] call route-filter appmed(100)
[~DeviceE-xpl-filter-if] else
[~DeviceE-xpl-filter-else] approve
[~DeviceE-xpl-filter-else] endif
[~DeviceE-xpl-filter] end-filter
[*DeviceE] commit
# 在DeviceE上配置入口策略,对DeviceD发来的路由的出口策略引用r2,对DeviceC发来的路由的出口策略引用r3。
<DeviceE> system-view
[~DeviceE] bgp 200
[~DeviceE-bgp] peer 1.1.2.2 route-filter r2 import
[*DeviceE-bgp] peer 1.1.1.2 route-filter r3 import
[*DeviceE-bgp] commit
[~DeviceE-bgp] quit
# 查看DeviceE的BGP路由表,可以看到DeviceE的BGP路由表中没有了来自DeviceD的4.4.4.0/24,且来自DeviceC和DeviceD的2.2.2.0/24的MED值分别为100和200。
[~DeviceE] display bgp routing-table
BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found Total Number of Routes: 5 Network NextHop MED LocPrf PrefVal Path/Ogn i 2.2.2.0/24 1.1.4.2 200 100 0 100? i 1.1.3.2 100 100 0 100? i 3.3.3.0/24 1.1.4.2 100 0 100? i 1.1.3.2 100 0 100? i 4.4.4.0/24 1.1.3.2 100 0 100?
配置文件
DeviceA的配置文件
# sysname DeviceA # interface GigabitEthernet0/3/0 undo shutdown ip address 1.1.5.2 255.255.255.0 # bgp 100 peer 1.1.5.1 as-number 100 # ipv4-family unicast undo synchronization import-route static peer 1.1.5.1 enable peer 1.1.5.1 route-filter r1 export # ip route-static 2.2.2.0 255.255.255.0 NULL0 ip route-static 3.3.3.0 255.255.255.0 NULL0 ip route-static 4.4.4.0 255.255.255.0 NULL0 ip route-static 5.5.5.0 255.255.255.0 NULL0 # xpl route-filter r1 if ip route-destination in prefix1 then approve else refuse endif end-filter # xpl ip-prefix-list prefix1 2.2.2.0 24, 3.3.3.0 24, 4.4.4.0 24 end-list # return
DeviceB的配置文件
# sysname DeviceB # interface GigabitEthernet0/3/0 undo shutdown ip address 1.1.5.1 255.255.255.0 # interface GigabitEthernet0/3/1 undo shutdown ip address 1.1.4.2 255.255.255.0 # interface GigabitEthernet0/3/2 undo shutdown ip address 1.1.3.2 255.255.255.0 # bgp 100 peer 1.1.3.1 as-number 200 peer 1.1.4.1 as-number 200 peer 1.1.5.2 as-number 100 # ipv4-family unicast undo synchronization peer 1.1.3.1 enable peer 1.1.4.1 enable peer 1.1.5.2 enable # return
DeviceC的配置文件
# sysname DeviceC # interface GigabitEthernet0/3/1 undo shutdown ip address 1.1.1.2 255.255.255.0 # interface GigabitEthernet0/3/2 undo shutdown ip address 1.1.3.1 255.255.255.0 # bgp 200 peer 1.1.1.1 as-number 200 peer 1.1.3.2 as-number 100 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 1.1.3.2 enable # return
DeviceD的配置文件
# sysname DeviceD # interface GigabitEthernet0/3/1 undo shutdown ip address 1.1.2.2 255.255.255.0 # interface GigabitEthernet0/3/2 undo shutdown ip address 1.1.4.1 255.255.255.0 # bgp 200 peer 1.1.2.1 as-number 200 peer 1.1.4.2 as-number 100 # ipv4-family unicast undo synchronization peer 1.1.2.1 enable peer 1.1.4.2 enable # return
DeviceE的配置文件
# sysname DeviceE # interface GigabitEthernet0/3/1 undo shutdown ip address 1.1.2.1 255.255.255.0 # interface GigabitEthernet0/3/2 undo shutdown ip address 1.1.1.1 255.255.255.0 # bgp 200 peer 1.1.1.2 as-number 200 peer 1.1.2.2 as-number 200 # ipv4-family unicast undo synchronization peer 1.1.1.2 enable peer 1.1.1.2 route-filter r3 import peer 1.1.2.2 enable peer 1.1.2.2 route-filter r2 import # xpl route-filter appmed($med) apply med $med end-filter # xpl route-filter r2 if ip route-destination in {2.2.2.0 24} then call route-filter appmed(200) elseif ip route-destination in {2.2.2.0 24, 3.3.3.0 24} then approve else refuse endif end-filter # xpl route-filter r3 if ip route-destination in {2.2.2.0 24} then call route-filter appmed(100) else approve endif end-filter # return