• Modify R2’2 configuration so that AS254 prefixes are constrained to stay within AS 200 only.
-------------------------------------------------------------------
修改一下R2,將所學習到的AS254 prefix僅僅留在AS200內
------------------------------------------------------------------
部分設定,因為這樣的設定還不足夠...讓我們繼續看下去
R2:
route-map SET_COMMUNITY permit 10
no set community no-advertise
set community no-export
!
router bgp 200
neighbor 192.10.1.254 route-map SET_COMMUNITY in
------------------------------------------------------------------
Rack1R2#show ip bgp regexp 254$
BGP table version is 53, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.2.0 192.10.1.254 0 0 254 ?
Rack1R2#show ip bgp 222.22.2.0
BGP routing table entry for 222.22.2.0/24, version 51
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Advertised to update-groups:
2
254
192.10.1.254 from 192.10.1.254 (222.22.2.1)
Origin incomplete, metric 0, localpref 100, valid, external, best
Community: no-export
Rack1R2#
Rack1R2#show ip bgp neighbors 155.1.23.3 advertised-routes
BGP table version is 53, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.2.0 192.10.1.254 0 0 254 ?
Total number of prefixes 3
Rack1R2#
Rack1R2#show ip bgp neighbors 155.1.0.5 advertised-routes
BGP table version is 53, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.2.0 192.10.1.254 0 0 254 ?
Total number of prefixes 3
Rack1R2#
奇怪了R3, R5除了從R2學到之外,也會從iBGP Peer互相學到
Rack1R3#show ip bgp 222.22.2.0
BGP routing table entry for 222.22.2.0/24, version 58
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2 3
254
192.10.1.254 (metric 2560512256) from 155.1.0.5 (150.1.5.5)
Origin incomplete, metric 0, localpref 100, valid, internal
Originator: 150.1.2.2, Cluster list: 150.1.5.5
254, (Received from a RR-client)
192.10.1.254 (metric 2560512256) from 155.1.23.2 (150.1.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Rack1R3#
Rack1R5#show ip bgp 222.22.2.0
BGP routing table entry for 222.22.2.0/24, version 26
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2 3
254
192.10.1.254 (metric 2560512256) from 155.1.23.3 (150.1.3.3)
Origin incomplete, metric 0, localpref 100, valid, internal
Originator: 150.1.2.2, Cluster list: 150.1.3.3
254, (Received from a RR-client)
192.10.1.254 (metric 2560512256) from 155.1.0.2 (150.1.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Rack1R5#
-------------------------------------
所以我們需要從R2將community export給peer R3,R5,但是..............
R2:
route-map SET_COMMUNITY permit 10
no set community
set community no-export
!
router bgp 200neighbor 155.1.23.3 send-community
neighbor 155.1.0.5 send-community
neighbor 192.10.1.254 route-map SET_COMMUNITY in
-------------------------------------------------------------------------------------------------------------------
Rack1R3#show ip bgp 222.22.2.0
BGP routing table entry for 222.22.2.0/24, version 61
Paths: (2 available, best #2, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x880
Advertised to update-groups:
1 3
254
192.10.1.254 (metric 2560512256) from 155.1.0.5 (150.1.5.5)
Origin incomplete, metric 0, localpref 100, valid, internal
Originator: 150.1.2.2, Cluster list: 150.1.5.5
254, (Received from a RR-client)
192.10.1.254 (metric 2560512256) from 155.1.23.2 (150.1.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Community: no-export
Rack1R3#
Rack1R5#show ip bgp 222.22.2.0
BGP routing table entry for 222.22.2.0/24, version 29
Paths: (2 available, best #2, table Default-IP-Routing-Table, not advertised to EBGP peer)
Advertised to update-groups:
2 3
254
192.10.1.254 (metric 2560512256) from 155.1.23.3 (150.1.3.3)
Origin incomplete, metric 0, localpref 100, valid, internal
Originator: 150.1.2.2, Cluster list: 150.1.3.3
254, (Received from a RR-client)
192.10.1.254 (metric 2560512256) from 155.1.0.2 (150.1.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Community: no-export
Rack1R5#
Rack1R3#show ip bgp neighbors 155.1.13.1 advertised-routes | include 254
Rack1R3#
Rack1R3#show ip bgp neighbors 155.1.37.7 advertised-routes | include 254
Rack1R3#
Rack1R5#show ip bgp neighbors 155.1.45.4 advertised-routes | include 254
Rack1R5#
---------------------------------------------
手冊裡說要做完整設定:
R2:
route-map SET_COMMUNITY permit 10
no set community
set community no-export
!
router bgp 200
neighbor 155.1.23.3 send-community
neighbor 155.1.0.5 send-community
neighbor 192.10.1.254 route-map SET_COMMUNITY in
R3:
router bgp 200
neighbor 155.1.0.5 send-community
R5:
router bgp 200
neighbor 155.1.23.3 send-community
關於R3與R5的設定,是蠻奇怪的
IEOC裡頭是說,為了避免iBGP Peer裡將路由往eBGP peer送,但我確認了很多次,R1,R4,SW1都沒有收到AS254的路由...
This is quite straight forward - in BGP AS path is used for loop prevention - however this can't work within an AS - the AS path isn't changed as an update traverses within an AS. So if you advertise an update via an iBGP peering to another router that router cannot advertise that update to any other iBGP peers. Note this rule is broken by a route reflector by design. Thats why we get into the full mesh requirement within and AS or use route reflector/Confederations to simplify peering relationships within large ASs.
If you advertise a prefix via iBGP to another router - this router will be able to advertise it to it's eBGP peers.
AmericanDreamer:
Also, why does R3 and R5 need to advertise the community to each other if it is advertised to them from R1
If R2 to R3 and R3 to R5 is iBGP peerings then there is little value in this configuration. You can confirm this by looking at the number of paths you have on R3 and R5. The only way to solve would be to make R5 ad route reflector client from the perspective of R3 and R5.
HTH
沒有留言:
張貼留言