【old】BGP community 2

※noteから引っ越してきた記事

初期設定

iosv-1

en
terminal length 0
conf t
hostname iosv-1
line console 0
logging synchronous
exit
!
int lo0
ip address 1.1.1.1 255.255.255.0
!
int lo1
ip address 2.2.2.2 255.255.255.0
!
int lo2
ip address 3.3.3.3 255.255.255.0
!
int lo3
ip address 4.4.4.4 255.255.255.0
!
int gi0/0
ip address 192.168.12.1 255.255.255.0
no shut
exit
!
access-list 1 permit 1.1.1.0
access-list 1 permit 2.2.2.0
access-list 2 permit 3.3.3.0
access-list 2 permit 4.4.4.0
!
ip bgp-community new-format
!
route-map COMMUNITY permit 10
match ip address 1
set community 100:1
exit
!
route-map COMMUNITY permit 20
match ip address 2
set community 100:2
exit
!
route-map COMMUNITY permit 30
exit
!
router bgp 1
neighbor 192.168.12.2 remote-as 100
neighbor 192.168.12.2 send-community
neighbor 192.168.12.2 route-map COMMUNITY out
network 1.1.1.0 mask 255.255.255.0
network 2.2.2.0 mask 255.255.255.0
network 3.3.3.0 mask 255.255.255.0
network 4.4.4.0 mask 255.255.255.0
end
!

iosv-2

en
terminal length 0
conf t
hostname iosv-2
line console 0
logging synchronous
exit
!
ip bgp-community new-format
!
ip community-list 1 permit 100;1
ip community-list 2 permit 100:2
!
route-map COM-TO-R3 permit 10
match community 1
exit
!
route-map COM-TO-R3 permit 20
exit
!
route-map COM-TO-R4 permit 10
match community 2
set as-path prepend 100
exit
!
route-map COM-TO-R4 permit 20
!
int gi0/0
ip address 192.168.12.2 255.255.255.0
no shut
!
int gi0/1
ip address 192.168.23.2 255.255.255.0
no shut
!
int gi0/2
ip address 192.168.24.2 255.255.255.0
no shut
exit
!
router bgp 100
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.23.3 remote-as 300
neighbor 192.168.23.3 send-community
neighbor 192.168.23.3 route-map COM-TO-R3 out
neighbor 192.168.24.4 remote-as 400
neighbor 192.168.24.4 send-community
neighbor 192.168.24.4 route-map COM-TO-R4 out
end
!

iosv-3

en
terminal length 0
conf t
hostname iosv-3
line console 0
logging synchronous
exit
!
int gi0/0
ip address 192.168.23.3 255.255.255.0
no shut
exit
!
router bgp 300
neighbor 192.168.23.2 remote-as 100
end
!

iosv-4

en
terminal length 0
conf t
hostname iosv-4
line console 0
logging synchronous
exit
!
int gi0/0
ip address 192.168.24.4 255.255.255.0
no shut
exit
!
router bgp 400
neighbor 192.168.24.2 remote-as 100
end
!

パスプリペンド

iosv-1

・BGPが2つ重なってる
・community値100:1と100:2それぞれでヘッダが作られている
・そしてそれぞれでcommunity値が付与されるルートも確認できる

・iosv-4側にだけASパスがルートマップに設定されているので、同じ経路情報でもiosv-3と4でアトリビュートが異なる

iosv-4

経路制御

・explicit denyを削除してコミュニティリストに該当するルートのみ広告

iosv-3

iosv-4

・NLRIからWithdrawn routesへ移されていることがそれぞれで確認できる
・経路制御もできて、中々便利そう
・とはいえ、削除されたルートがパケットキャプチャでは見れてしまうのがネック

BGP community 2【old】