問題意識
- no-advertiseとno-exportの違いがわからない
構成図
- RT3がBGPで192.168.30.0/24を広報
- この際、no-exportまたはno-advertiseをセットする
RT1(AS100)----RT2(AS200)-----RT3(AS300) Loopback 192.168.30.0/24を広報
|
RT5(AS200)-----|
初期状態
- iBGP(RT5)でもeBGP(RT1)でもRT3の経路を受け取っている
RT3#show run | s r b
router bgp 300
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 35.1.1.5 remote-as 300
!
address-family ipv4
no neighbor 35.1.1.5 activate
exit-address-family
!
address-family ipv4 vrf VRF_02
network 192.168.30.0
neighbor 2.3.4.2 remote-as 200
neighbor 2.3.4.2 activate
neighbor 2.3.4.2 send-community
exit-address-family
RT2#show bgp vrf VRF_01 192.168.30.0
BGP routing table entry for 1:1:192.168.30.0/24, version 5
Paths: (1 available, best #1, table VRF_01)
Advertised to update-groups:
2 3
Refresh Epoch 2
300
2.3.4.3 (via vrf VRF_01) from 2.3.4.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
RT1#show bgp vrf VRF_01 192.168.30.0
BGP routing table entry for 1:1:192.168.30.0/24, version 20
Paths: (1 available, best #1, table VRF_01)
Not advertised to any peer
Refresh Epoch 1
200 300
12.1.1.2 (via vrf VRF_01) from 12.1.1.2 (2.2.2.2)
Origin IGP, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
RT5#show bgp vrf VRF_01 192.168.30.0
BGP routing table entry for 1:1:192.168.30.0/24, version 3
Paths: (1 available, best #1, table VRF_01)
Not advertised to any peer
Refresh Epoch 1
300
25.1.1.2 (via vrf VRF_01) from 25.1.1.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
NO_EXPORT
追加設定(初期状態から)
RT3(config)#router bgp 300
RT3(config-router)#add ipv4 vrf VRF_02
RT3(config-router-af)#neighbor 2.3.4.2 send-community
RT3(config-router-af)#neighbor 2.3.4.2 route-map SET_NO_EXPORT out
RT3(config-router-af)#do sh run | s access|route-map
route-map SET_NO_EXPORT permit 10
match ip address 1
set community no-export
access-list 1 permit 192.168.30.0 0.0.0.255
確認
- iBGP(RT5)には経路があるが、eBGP(RT1)には経路がない
RT2#show bgp vrf VRF_01 192.168.30.0
BGP routing table entry for 1:1:192.168.30.0/24, version 7
Paths: (1 available, best #1, table VRF_01, not advertised to EBGP peer)
Advertised to update-groups:
3
Refresh Epoch 2
300
2.3.4.3 (via vrf VRF_01) from 2.3.4.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-export
rx pathid: 0, tx pathid: 0x0
RT1#show bgp vrf VRF_01 192.168.30.0
% Network not in table
RT5#show bgp vrf VRF_01 192.168.30.1
BGP routing table entry for 1:1:192.168.30.0/24, version 5
Paths: (1 available, best #1, table VRF_01)
Not advertised to any peer
Refresh Epoch 1
300
25.1.1.2 (via vrf VRF_01) from 25.1.1.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
NO_ADVERTISE
追加設定(初期状態から)
- 経路広報の際に、no-advertiseを付与する
RT3(config)#router bgp 300
RT3(config-router)#add ipv4 vrf VRF_02
RT3(config-router-af)#neighbor 2.3.4.2 send-community
RT3(config-router-af)#neighbor 2.3.4.2 route-map SET_NO_ADV out
RT3(config-router-af)#do sh run | s access|route-map
route-map SET_NO_ADV permit 10
match ip address 1
set community no-advertise
access-list 1 permit 192.168.30.0 0.0.0.255
確認
RT2#show bgp vrf VRF_01 192.168.30.0
BGP routing table entry for 1:1:192.168.30.0/24, version 6
Paths: (1 available, best #1, table VRF_01, not advertised to any peer)
Not advertised to any peer
Refresh Epoch 2
300
2.3.4.3 (via vrf VRF_01) from 2.3.4.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-advertise
rx pathid: 0, tx pathid: 0x0
RT1#show bgp vrf VRF_01 192.168.30.0
% Network not in table
RT5#show bgp vrf VRF_01 192.168.30.1
% Network not in table
結論
- no-export: eBGPのみ広報しない(iBGPは広報する)
- no-advertise: e/iBGPともに広報しない
参考
BGP Community NO-EXPORT vs NO-ADVERTISE
