7.42 BGP Conditional Route Injection
• Configure R2 with four new Loopback interfaces with the IP addresses 10.0.0.1/24, 10.0.1.1/24, 10.0.2.1/24 & 10.0.3.1/24 and advertise them into BGP.
• Configure R2 to originate an aggregate route for these networks that does not overlap any address space. Ensure no other devices in the BGP network see the individual subnet routes of this aggregate.
• Configure BGP Conditional Route Injection on R4 and R6 in such a way that traffic from AS 54 going to the subnet 10.0.1.0/24 enters via R4, while traffic to the subnet 10.0.2.0/24 enters via R6.
• Do not allow the more specific routes to be advertised to R1 from either R6 or R4, and prevent the formation of a routing loop on SW1.
--------------------
R2產生四筆Loopback INT...注入BGP Table
R2將這四筆路由Aggregate...起來
使用BGP Conditional Route Injection:
從AS54到10.0.1.0/24將透過R4
從AS54到10.0.2.0/24將透過R6
R4,R6不要將特定的路由(10.0.1.0/24,10.0.2.0/24)advertised給R1
記得跟SW1不要產生routeing loop
P.S其實R5也要注意不要產生routeing loop
-----------------------
Conditional Route Injection (CRI) is special feature that allows a BGP speaker to “de-aggregate” a particular prefix.
In order to configure CRI, you need two route-maps.
The first route-map specifies the prefixes to be injected into the BGP table by means of set ip address prefix-list <MAP1> command. The le and ge keywords in the prefix-list entries are ignored.
In addition to setting the prefixes, you may also set other BGP attributes, such as Weight, Local Preference, Origin, Metric, Community list and so on.
he AS_PATH attribute is reset to an empty list, to reflect the fact that prefixes were originated in the local AS. By default, the new prefixes don’t have a Local Preference value assigned and the Weight attribute is reset to zero (unlike 32768 for locally originated prefixes). This could be changed by setting these values manually.
The second route-map defines the conditions that must be met for the new prefixes to be injected.
This route-map must have two match statements.
The first statement is match ip address prefix-list <MAP2> and it matches the prefix list defining the aggregated prefix.
The second statement is match ip route-source prefix-list <NAME>. This prefixlist should match the IP address of the BGP peer that advertised the aggregate to the local router.
Keep in mind that this is NOT the NEXT_HOP attribute of the aggregate prefix. It is the IP address used to establish the BGP session with a peer that sent the update to the local system. The two route-maps are then used as follows:
route bgp <AS#>
bgp inject-map <MAP1> exist-map <MAP2>
The result is that prefixes matching MAP1 are injected in the local BGP table if the conditions specified by MAP2 have been met.
---------------------------
說明,當exist-map條件成立時,才inject-map入BGP
所以就是當R1釋放出aggregate的prefix 10.0.0.0/22成立時,
我們才會注入10.0.1.0/24的路由進BGP...
所以就是當R1釋放出aggregate的prefix 10.0.0.0/22成立時,
我們才會注入10.0.2.0/24的路由進BGP...
---------------------------
R2:
int loopback 100
ip address 10.0.0.1 255.255.255.0
int loopback 101
ip address 10.0.1.1 255.255.255.0
int loopback 102
ip address 10.0.2.1 255.255.255.0
int loopback 103
ip address 10.0.3.1 255.255.255.0
!
router bgp 200
network 10.0.0.0 mask 255.255.255.0
network 10.0.1.0 mask 255.255.255.0
network 10.0.2.0 mask 255.255.255.0
network 10.0.3.0 mask 255.255.255.0
aggregate-address 10.0.0.0 255.255.252.0 summary-only
R4:
ip prefix-list INJECT_PREFIX permit 10.0.1.0/24
ip prefix-list AGGREGATE permit 10.0.0.0/22
ip prefix-list ROUTE_SOURCE permit 155.1.146.1/32
!
route-map INJECT_MAP permit 10
set ip address prefix-list INJECT_PREFIX
set origin igp
!
route-map EXIST_MAP permit 10
match ip address prefix-list AGGREGATE
match ip route-source ROUTE_SOURCE
!
route-map DENY_INJECT_PREFIX deny 10
match ip address prefix-list INJECT_PREFIX
route-map DENY_INJECT_PREFIX permit 100
!
router bgp 100
bgp inject-map INJECT_MAP exist-map EXIST_MAP
neighbor 155.1.45.5 route-map DENY_INJECT_PREFIX out
neighbor 155.1.146.1 route-map DENY_INJECT_PREFIX out
R6:
ip prefix-list INJECT_PREFIX permit 10.0.2.0/24
ip prefix-list AGGREGATE permit 10.0.0.0/22
ip prefix-list ROUTE_SOURCE permit 155.1.146.1/32
!
route-map INJECT_MAP permit 10
set ip address prefix-list INJECT_PREFIX
set origin igp
!
route-map EXIST_MAP permit 10
match ip address prefix-list AGGREGATE
match ip route-source ROUTE_SOURCE
!
route-map DENY_INJECT_PREFIX deny 10
match ip address prefix-list INJECT_PREFIX
route-map DENY_INJECT_PREFIX permit 100
!
router bgp 100
bgp inject-map INJECT_MAP exist-map EXIST_MAP
neighbor 155.1.67.7 route-map DENY_INJECT_PREFIX out
neighbor 155.1.146.1 route-map DENY_INJECT_PREFIX out
--------------------------------------
Rack1R4#show ip bgp neighbors 204.12.1.254 advertised-routes | include 10.0
*> 10.0.0.0/22 155.1.45.5 0 200 i
*> 10.0.1.0/24 155.1.45.5 0 i
Rack1R4#
Rack1R6#show ip bgp neighbors 54.1.1.254 advertised-routes | include 10.0
*>i10.0.0.0/22 155.1.13.3 0 100 0 200 i
*> 10.0.2.0/24 155.1.67.7 0 i
Rack1R6#
RS.1.1.BB3>traceroute 10.0.1.1
Type escape sequence to abort.
Tracing the route to 10.0.1.1
1 204.12.1.4 36 msec 12 msec 4 msec
2 155.1.45.5 [AS 100] 32 msec 8 msec 8 msec
3 155.1.0.2 [AS 100] 40 msec 32 msec 36 msec
RS.1.1.BB3>
RS.1.1.BB1>traceroute 10.0.2.1
Type escape sequence to abort.
Tracing the route to 10.0.2.1
1 54.1.1.6 16 msec 12 msec 0 msec
2 155.1.67.7 [AS 100] 8 msec 12 msec 24 msec
3 155.1.37.3 [AS 100] 8 msec 24 msec 8 msec
4 155.1.23.2 [AS 100] 28 msec 16 msec 32 msec
RS.1.1.BB1>
沒有留言:
張貼留言