※noteから引っ越してきた記事
初期設定
iosv-1
en
terminal length 0
conf t
hostname iosv-1
line console 0
logging synchronous
exit
!
int lo0
ip address 1.1.1.1 255.255.255.0
!
int lo1
ip address 2.2.2.2 255.255.255.0
!
int lo2
ip address 3.3.3.3 255.255.255.0
!
int lo3
ip address 4.4.4.4 255.255.255.0
!
int gi0/0
ip address 192.168.12.1 255.255.255.0
no shut
exit
!
access-list 1 permit 1.1.1.0
access-list 1 permit 2.2.2.0
access-list 2 permit 3.3.3.0
access-list 2 permit 4.4.4.0
!
ip bgp-community new-format
!
route-map COMMUNITY permit 10
match ip address 1
set community 100:1
exit
!
route-map COMMUNITY permit 20
match ip address 2
set community 100:2
exit
!
route-map COMMUNITY permit 30
exit
!
router bgp 1
neighbor 192.168.12.2 remote-as 100
neighbor 192.168.12.2 send-community
neighbor 192.168.12.2 route-map COMMUNITY out
network 1.1.1.0 mask 255.255.255.0
network 2.2.2.0 mask 255.255.255.0
network 3.3.3.0 mask 255.255.255.0
network 4.4.4.0 mask 255.255.255.0
end
!
iosv-2
en
terminal length 0
conf t
hostname iosv-2
line console 0
logging synchronous
exit
!
ip bgp-community new-format
!
ip community-list 1 permit 100;1
ip community-list 2 permit 100:2
!
route-map COM-TO-R3 permit 10
match community 1
exit
!
route-map COM-TO-R3 permit 20
exit
!
route-map COM-TO-R4 permit 10
match community 2
set as-path prepend 100
exit
!
route-map COM-TO-R4 permit 20
!
int gi0/0
ip address 192.168.12.2 255.255.255.0
no shut
!
int gi0/1
ip address 192.168.23.2 255.255.255.0
no shut
!
int gi0/2
ip address 192.168.24.2 255.255.255.0
no shut
exit
!
router bgp 100
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.23.3 remote-as 300
neighbor 192.168.23.3 send-community
neighbor 192.168.23.3 route-map COM-TO-R3 out
neighbor 192.168.24.4 remote-as 400
neighbor 192.168.24.4 send-community
neighbor 192.168.24.4 route-map COM-TO-R4 out
end
!
iosv-3
en
terminal length 0
conf t
hostname iosv-3
line console 0
logging synchronous
exit
!
int gi0/0
ip address 192.168.23.3 255.255.255.0
no shut
exit
!
router bgp 300
neighbor 192.168.23.2 remote-as 100
end
!
iosv-4
en
terminal length 0
conf t
hostname iosv-4
line console 0
logging synchronous
exit
!
int gi0/0
ip address 192.168.24.4 255.255.255.0
no shut
exit
!
router bgp 400
neighbor 192.168.24.2 remote-as 100
end
!
パスプリペンド
iosv-1
・BGPが2つ重なってる
・community値100:1と100:2それぞれでヘッダが作られている
・そしてそれぞれでcommunity値が付与されるルートも確認できる
iosv-3#sh ip bgp
BGP table version is 21, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 192.168.23.2 0 100 1 i
*> 2.2.2.0/24 192.168.23.2 0 100 1 i
*> 3.3.3.0/24 192.168.23.2 0 100 1 i
*> 4.4.4.0/24 192.168.23.2 0 100 1 i
iosv-4#sh ip bgp
BGP table version is 23, local router ID is 192.168.24.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 192.168.24.2 0 100 1 i
*> 2.2.2.0/24 192.168.24.2 0 100 1 i
*> 3.3.3.0/24 192.168.24.2 0 100 100 1 i
*> 4.4.4.0/24 192.168.24.2 0 100 100 1 i
・iosv-4側にだけASパスがルートマップに設定されているので、同じ経路情報でもiosv-3と4でアトリビュートが異なる
iosv-4
経路制御
iosv-2(config)#no route-map COM-TO-R3 permit 20
iosv-2(config)#no route-map COM-TO-R4 permit 20
iosv-3#sh ip bgp | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 192.168.23.2 0 100 1 i
*> 2.2.2.0/24 192.168.23.2 0 100 1 i
iosv-4#sh ip bgp | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.0/24 192.168.24.2 0 100 100 1 i
*> 4.4.4.0/24 192.168.24.2 0 100 100 1 i
・explicit denyを削除してコミュニティリストに該当するルートのみ広告
iosv-3
iosv-4
・NLRIからWithdrawn routesへ移されていることがそれぞれで確認できる
・経路制御もできて、中々便利そう
・とはいえ、削除されたルートがパケットキャプチャでは見れてしまうのがネック