BGP交换前缀列表的出口路由过滤"ORF"技术
2013-09-21 23:49
381 查看
BGP交换前缀列表的出口路由过滤"ORF"技术
拓扑:
R5------------R7
R5用2个回环口模拟子网(5.5.5.5/32和 55.55.55.55/32)
R7用2个回环口模拟子网(7.7.7.7/32和77.77.77.77/32)
R5和R7之间是192.168.25.x/24
R5的AS号为5
R7的AS号为7
实验目的:
要过滤r7的77.77.77.77/32的条目,可以在r7的out方向做,也可以在r5的in方向做.显然在r7的out方向上做效率高,可以节省两端处理报文的cpu资源和链路负载(这里只有一条,但实际可是几百,千条呵呵).
如果r7是其它isp的路由器,对r5来讲,无权配置r7时,这里提供了一种可选方案:
在r5上配置
r5(config)#ip prefix-list abc seq 5 permit 7.7.7.7/32
r5(config)#ip prefix-list abc seq 10 permit 88.88.88.0/24
将prefix-list abc 用在neighbor 192.168.25.7 prefix-list abc in上(neighbor 192.168.25.7 prefix-list abc in),
仅仅做到这一步是可以实现目的.但意义不大的,因为报文已经是被传到了r5上后被过滤的.造成cpu,链路资源的浪费.这里提供了一种将本端的in方向的prefix-list"推到"对端邻居r7的out方向上去的能力,即ORF,列表不在本地起作用了,而是让对端去过滤.出口路由过滤:
r5(config-router)#nei 192.168.25.7 capability orf prefix-list both/receive/send [启用orf能力,both表示双向,即可以发送orf也可以接收orf,这里r5是发送]
r7(config-router)#nei 192.168.25.5 capability orf prefix-list both/receive/send
[r7也启用orf能力,这里r7为接收,只需要配置receive关键字也可]
r5#clear ip bgp 192.168.25.7 in prefix-filter [作用:向邻居r7推出前缀列表,以用于r7的out方向,地址是neighbor x.x.x.x remote num的建立邻居的地址]
结果:查看r7发给邻居192.168.25.5(r5)的条目,是没有77.77.77.77/32的,说明在出r7时就已经被前缀列表滤掉了.但这个列表却是在r5上配置的.
r7#sh ip bgp nei 192.168.25.5 advertised-routes
show ip bgp neighbors192.168.25.5
received prefix-filter
BGP table version is 14, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 7.7.7.7/32 0.0.0.0 0 32768 i
*> 88.88.88.0/24 0.0.0.0 0 32768 i
hostname r5
!
logging queue-limit 100
!
ip subnet-zero
no ip domain lookup
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
no ip route-cache
no ip mroute-cache
!
interface Loopback1
ip address 55.55.55.55 255.255.255.255
!
interface Ethernet0
ip address 192.168.25.5 255.255.255.0
!
interface Serial0
no ip address
!
interface Serial1
no ip address
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
network 55.55.55.55 mask 255.255.255.255
neighbor 192.168.25.7 remote-as 7
neighbor 192.168.25.7 prefix-list abc in
nei 192.168.25.7
capability orf prefix-list both
no auto-summary
!
no ip http server
ip classless
!
!
!
ip prefix-list abc seq 5 permit 7.7.7.7/32
ip prefix-list abc seq 10 permit 88.88.88.0/24
!
!
!
hostname r7
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Loopback1
ip address 77.77.77.77 255.255.255.255
!
interface Loopback2
ip address 88.88.88.88 255.255.255.0
!
interface Ethernet0
ip address 192.168.25.7 255.255.255.0
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
router bgp 7
no synchronization
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
network 77.77.77.77 mask 255.255.255.255
network 88.88.88.0 mask 255.255.255.0
neighbor 192.168.25.5 remote-as 5
#nei 192.168.25.5
capability orf prefix-list both
no auto-summary
拓扑:
R5------------R7
R5用2个回环口模拟子网(5.5.5.5/32和 55.55.55.55/32)
R7用2个回环口模拟子网(7.7.7.7/32和77.77.77.77/32)
R5和R7之间是192.168.25.x/24
R5的AS号为5
R7的AS号为7
实验目的:
要过滤r7的77.77.77.77/32的条目,可以在r7的out方向做,也可以在r5的in方向做.显然在r7的out方向上做效率高,可以节省两端处理报文的cpu资源和链路负载(这里只有一条,但实际可是几百,千条呵呵).
如果r7是其它isp的路由器,对r5来讲,无权配置r7时,这里提供了一种可选方案:
在r5上配置
r5(config)#ip prefix-list abc seq 5 permit 7.7.7.7/32
r5(config)#ip prefix-list abc seq 10 permit 88.88.88.0/24
将prefix-list abc 用在neighbor 192.168.25.7 prefix-list abc in上(neighbor 192.168.25.7 prefix-list abc in),
仅仅做到这一步是可以实现目的.但意义不大的,因为报文已经是被传到了r5上后被过滤的.造成cpu,链路资源的浪费.这里提供了一种将本端的in方向的prefix-list"推到"对端邻居r7的out方向上去的能力,即ORF,列表不在本地起作用了,而是让对端去过滤.出口路由过滤:
r5(config-router)#nei 192.168.25.7 capability orf prefix-list both/receive/send [启用orf能力,both表示双向,即可以发送orf也可以接收orf,这里r5是发送]
r7(config-router)#nei 192.168.25.5 capability orf prefix-list both/receive/send
[r7也启用orf能力,这里r7为接收,只需要配置receive关键字也可]
r5#clear ip bgp 192.168.25.7 in prefix-filter [作用:向邻居r7推出前缀列表,以用于r7的out方向,地址是neighbor x.x.x.x remote num的建立邻居的地址]
结果:查看r7发给邻居192.168.25.5(r5)的条目,是没有77.77.77.77/32的,说明在出r7时就已经被前缀列表滤掉了.但这个列表却是在r5上配置的.
r7#sh ip bgp nei 192.168.25.5 advertised-routes
show ip bgp neighbors192.168.25.5
received prefix-filter
BGP table version is 14, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 7.7.7.7/32 0.0.0.0 0 32768 i
*> 88.88.88.0/24 0.0.0.0 0 32768 i
hostname r5
!
logging queue-limit 100
!
ip subnet-zero
no ip domain lookup
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
no ip route-cache
no ip mroute-cache
!
interface Loopback1
ip address 55.55.55.55 255.255.255.255
!
interface Ethernet0
ip address 192.168.25.5 255.255.255.0
!
interface Serial0
no ip address
!
interface Serial1
no ip address
!
router bgp 5
no synchronization
bgp router-id 5.5.5.5
bgp log-neighbor-changes
network 5.5.5.5 mask 255.255.255.255
network 55.55.55.55 mask 255.255.255.255
neighbor 192.168.25.7 remote-as 7
neighbor 192.168.25.7 prefix-list abc in
nei 192.168.25.7
capability orf prefix-list both
no auto-summary
!
no ip http server
ip classless
!
!
!
ip prefix-list abc seq 5 permit 7.7.7.7/32
ip prefix-list abc seq 10 permit 88.88.88.0/24
!
!
!
hostname r7
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Loopback1
ip address 77.77.77.77 255.255.255.255
!
interface Loopback2
ip address 88.88.88.88 255.255.255.0
!
interface Ethernet0
ip address 192.168.25.7 255.255.255.0
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
router bgp 7
no synchronization
bgp router-id 7.7.7.7
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
network 77.77.77.77 mask 255.255.255.255
network 88.88.88.0 mask 255.255.255.0
neighbor 192.168.25.5 remote-as 5
#nei 192.168.25.5
capability orf prefix-list both
no auto-summary
相关文章推荐
- BGP交换前缀列表的出口路由过滤"ORF"技术
- BGP交换前缀列表的出口路由过滤"ORF"技术
- 使用前缀列表过滤BGP路由 推荐
- CCNP学习笔记10-路由部分--BGP 前缀列表
- 三层交换技术——精确匹配、最长前缀匹配与最长前缀匹配+主机直接路由
- 建了一个"symbina 技术"邮件列表,欢迎大加入到这个群,讨论symbian C++相关的技术问题!
- OSPF 前缀列表过滤路由
- cf D. "Or" Game (前缀+后缀维护单点更新)
- 使用分发列表过滤BGP路由
- 使用distribute-list(分发列表)过滤BGP路由
- 使用分发列表过滤BGP路由 推荐
- "挨踢攻城师"必备的路由交换技术
- 请不要说"技术不是问题"
- 每日学习心得:未定义的命名空间前缀"xsd"问题和<%%>、<%=%>、<%$%>、<%@%>的区别
- NFS出现 VFS: Cannot open root device "nfs" or unknown-block(2,0)错误的一个原因
- BAM部署视图失败 - OLE DB or ODBC error: Cannot open database "BAMStarSchema". login failed 42000.
- mysql基础(五) Mysql删除表时,报"Connot delete or update a parent row:a foreign key constraint fails"解决方案
- VFS: Cannot open root device "nfs" or unknown-block(0,255)错误解决
- How to create columns like "bigint" or "longtext" in Rails migrations
- "开源"与"Web服务"领跑07上半年软件技术发展