溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

利用BGP origin-code 屬性修改BGP選路

發(fā)布時(shí)間:2020-07-06 06:20:18 來源:網(wǎng)絡(luò) 閱讀:1404 作者:717465139 欄目:網(wǎng)絡(luò)安全

實(shí)驗(yàn)拓?fù)?br />

利用BGP origin-code 屬性修改BGP選路


基本配置:

R1

L0:1.1.1.1/32

L1:11.1.1.1/32

E1/0:10.1.12.1/24

E1/1:10.1.14.1/24


R2

L0:2.2.2.2/32

L1:22.2.2.2/32

E1/0:10.1.12.2/24

E1/1:10.1.24.2/24


R4

L0:4.4.4.4/32

L1:44.4.4.4/32

E1/0:10.1.24.4/24

E1/1:10.1.14.4/24


配置IGP(RIP):

R1

router rip

 version 2

 network 1.0.0.0

 network 10.0.0.0

 no auto-summary

R2

router rip

 version 2

 network 2.0.0.0

 network 10.0.0.0

 no auto-summary

R4

router rip

 version 2

 network 4.0.0.0

 network 10.0.0.0

 no auto-summary


配置BGP:

router bgp 1

 bgp router-id 1.1.1.1

 bgp log-neighbor-changes

 network 1.1.1.1 mask 255.255.255.255

 network 2.2.2.2 mask 255.255.255.255 backdoor

 network 4.4.4.4 mask 255.255.255.255 backdoor

 network 11.1.1.1 mask 255.255.255.255

 neighbor 2.2.2.2 remote-as 23

 neighbor 2.2.2.2 ebgp-multihop 2

 neighbor 2.2.2.2 update-source Loopback0

 neighbor 4.4.4.4 remote-as 23

 neighbor 4.4.4.4 ebgp-multihop 2

 neighbor 4.4.4.4 update-source Loopback0

 

R2

router bgp 23

 bgp router-id 2.2.2.2

 bgp log-neighbor-changes

 network 1.1.1.1 mask 255.255.255.255 backdoor

 network 2.2.2.2 mask 255.255.255.255

 network 22.2.2.2 mask 255.255.255.255

 neighbor 1.1.1.1 remote-as 1

 neighbor 1.1.1.1 ebgp-multihop 2

 neighbor 1.1.1.1 update-source Loopback0

 neighbor 4.4.4.4 remote-as 23

 neighbor 4.4.4.4 update-source Loopback0

R4

router bgp 23

 bgp router-id 4.4.4.4

 bgp log-neighbor-changes

 network 1.1.1.1 mask 255.255.255.255 backdoor

 network 4.4.4.4 mask 255.255.255.255

 network 44.4.4.4 mask 255.255.255.255

 neighbor 1.1.1.1 remote-as 1

 neighbor 1.1.1.1 ebgp-multihop 2

 neighbor 1.1.1.1 update-source Loopback0

 neighbor 2.2.2.2 remote-as 23

 neighbor 2.2.2.2 update-source Loopback0


查看R1路由表:origin 為i,表示從IGP 學(xué)來的路由。

R1#sh ip bgp

BGP table version is 5, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 

              x best-external, a additional-path, c RIB-compressed, 

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found


     Network          Next Hop            Metric LocPrf Weight Path

 r   2.2.2.2/32       4.4.4.4                                0 23 i

 r>                   2.2.2.2                  0             0 23 i

 r   4.4.4.4/32       4.4.4.4                  0             0 23 i

 r>                   2.2.2.2                                0 23 i

 *   22.2.2.2/32      4.4.4.4                                0 23 i

 *>                   2.2.2.2                  0             0 23 i

 *   44.4.4.4/32      4.4.4.4                  0             0 23 i

 *>                   2.2.2.2                                0 23 i


查看22.2.2.2 44.4.4.4的路由表:

R1#sh ip bgp 22.2.2.2

BGP routing table entry for 22.2.2.2/32, version 4

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     18        

  Refresh Epoch 1

  23

    4.4.4.4 (metric 1) from 4.4.4.4 (4.4.4.4)

      Origin IGP, localpref 100, valid, external

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  23

    2.2.2.2 (metric 1) from 2.2.2.2 (2.2.2.2)

      Origin IGP, metric 0, localpref 100, valid, external, best

      rx pathid: 0, tx pathid: 0x0

R1#sh ip bgp 44.4.4.4

BGP routing table entry for 44.4.4.4/32, version 5

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     18        

  Refresh Epoch 1

  23

    4.4.4.4 (metric 1) from 4.4.4.4 (4.4.4.4)

      Origin IGP, metric 0, localpref 100, valid, external

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  23

    2.2.2.2 (metric 1) from 2.2.2.2 (2.2.2.2)

      Origin IGP, localpref 100, valid, external, best

      rx pathid: 0, tx pathid: 0x0


origin皆為IGP。修改 bgp origin-clde 屬性,使R1到R2的22.2.2.2 永久的從R4走,到R4的44.4.4.4永久的從R2走。

在R1上配置:

第一步:配置prefix-list

ip prefix-list 22 seq 5 permit 22.2.2.2/32

ip prefix-list 44 seq 5 permit 44.4.4.4/32


第二步:配置route-map

route-map ori-r2 permit 10

 match ip address prefix-list 22

 set origin incomplete

route-map ori-r2 permit 20


route-map ori-r4 permit 10

 match ip address prefix-list 44

 set origin incomplete

route-map ori-r4 permit 20


第三步:在BGP中,對(duì)相應(yīng)的鄰居in方向調(diào)用route-map。

neighbor 2.2.2.2 route-map ori-r2 in

neighbor 4.4.4.4 route-map ori-r4 in


第四步:重置BGP鄰居,重新學(xué)習(xí)路由

clea ip bgp *


查看R1 BGP路由表:

R1#sh ip bgp

BGP table version is 16, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 

              x best-external, a additional-path, c RIB-compressed, 

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found


     Network          Next Hop            Metric LocPrf Weight Path

 *>  1.1.1.1/32       0.0.0.0                  0         32768 i

 r   2.2.2.2/32       4.4.4.4                                0 23 i

 r>                   2.2.2.2                  0             0 23 i

 r   4.4.4.4/32       4.4.4.4                  0             0 23 i

 r>                   2.2.2.2                                0 23 i

 *>  11.1.1.1/32      0.0.0.0                  0         32768 i

 *>  22.2.2.2/32      4.4.4.4                                0 23 i

 *                    2.2.2.2                  0             0 23 ?

 *   44.4.4.4/32      4.4.4.4                  0             0 23 ?

 *>                   2.2.2.2                                0 23 i


此是,BGP表顯示從R2學(xué)來的22.2.2.2路由,origin-code屬性已改為?(incomplete),從R4學(xué)來的44.4.4.4路由,屬性也改為?(incomplete),優(yōu)先選擇origin-clde為i的路由。


IGP(i)優(yōu)于EGP(e)優(yōu)于incomplete(?)的路由。


R1#sh ip bgp 22.2.2.2

BGP routing table entry for 22.2.2.2/32, version 16

Paths: (2 available, best #1, table default)

  Advertised to update-groups:

     18        

  Refresh Epoch 1

  23

    4.4.4.4 (metric 1) from 4.4.4.4 (4.4.4.4)

      Origin IGP, localpref 100, valid, external, best

      rx pathid: 0, tx pathid: 0x0

  Refresh Epoch 1

  23

    2.2.2.2 (metric 1) from 2.2.2.2 (2.2.2.2)

      Origin incomplete, metric 0, localpref 100, valid, external

      rx pathid: 0, tx pathid: 0

R1#sh ip bgp 44.4.4.4

BGP routing table entry for 44.4.4.4/32, version 15

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     18        

  Refresh Epoch 1

  23

    4.4.4.4 (metric 1) from 4.4.4.4 (4.4.4.4)

      Origin incomplete, metric 0, localpref 100, valid, external

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  23

    2.2.2.2 (metric 1) from 2.2.2.2 (2.2.2.2)

      Origin IGP, localpref 100, valid, external, best

      rx pathid: 0, tx pathid: 0x0

實(shí)驗(yàn)完成。

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI