- Configure an AS-Path access-list on SW1 so that AS 300 cannot be used as transit for AS 100 to reach AS 200 or vice-versa; this access-list should be applied directly to its neighbors.
- Configure a local-preference modification on R5 such that traffic from AS 200 going to route originated in AS 54 is always sent to R4, while traffic to routes that transit AS 54 but were not originated in AS 54 is always sent to R3.
- Additionally configure R3 so that routes learned from AS 254 are not advertised to R1.
Now the practical examples:
“^$” - means empty AS_PATH attribute, which identifies the prefixes advertised in the local AS.
“^254_” - means prefixes received from the directly adjacent AS 254. Notice that using “_” is important, as there could be another adjacent AS with the number starting with 254.
“_254_” - prefixes transiting AS 254. The “_” characters are needed to clearly separate the AS number.
“_254$” - means prefixes originated in the AS 254. This expression matches the rightmost position in the string, meaning that the expression could be of arbitrary length.
“^([0-9]+)_254” - routes from the AS 254 when it’s just “one-hop” away.
“^254_([0-9]+)” - prefixes from the clients of the directly connected AS 254.
“^(254_)+([0-9]+)” - prefixes from the clients of the adjacent AS 254, accounting for the fact that AS 254 may do AS_PATH prepending.
“^254_([0-9]+_)+” - prefixes from the clients of the adjacent AS 254, accounting for the fact that the clients may do AS_PATH prepending.
^\(65100\) – prefixes learned from the confederation peer 65100.
You configure BGP regular-expression using the IP AS-PATH access-lists:
ip as-path access-list <N> {permit|deny} <Regexp>.
This access-list might be applied as a filter-list to a peer using the syntax: neighbor <IP> filter-list <N> {in|out}. However, the best approach is to match AS_PATH access-lists under a route-map applied to the peer (match aspath), as this allows for flexible policy editing. If you are wondering about the order features are applied, it is as follows:
For inbound updates:
1. route-map
2. filter-list
3. prefix-list OR distribute-list
For outbound updates:
1. prefix-list OR distribute-list
2. filter-list
3. route-map
Keep in mind that you may test regular expression on the BGP table using the command show ip bgp regexp or show ip bgp quote-regexp. The latter command allows using the “|” character to additionally filter the output.
configuration:
R3:
interface Loopback 1
ip address 3.3.3.3 255.255.255.0
!
ip as-path access-list 1 deny 54$
ip as-path access-list 1 permit _54_
!
ip as-path access-list 2 permit 254$
!
route-map FROM_R1 permit 10
match as-path 1
set local-preference 200
!
route-map FROM_R1 permit 100
!
route-map TO_R1 deny 10
match as-path 2
interface Loopback 1
ip address 3.3.3.3 255.255.255.0
!
ip as-path access-list 1 deny 54$
ip as-path access-list 1 permit _54_
!
ip as-path access-list 2 permit 254$
!
route-map FROM_R1 permit 10
match as-path 1
set local-preference 200
!
route-map FROM_R1 permit 100
!
route-map TO_R1 deny 10
match as-path 2
!
route-map TO_R1 permit 100
!
router bgp 200
network 3.3.3.0 mask 255.255.255.0
neighbor 155.1.13.1 route-map FROM_R1 in
neighbor 155.1.13.1 route-map TO_R1 out
route-map TO_R1 permit 100
!
router bgp 200
network 3.3.3.0 mask 255.255.255.0
neighbor 155.1.13.1 route-map FROM_R1 in
neighbor 155.1.13.1 route-map TO_R1 out
R5:
interface Loopback 1
ip address 5.5.5.5 255.255.255.0
!
ip as-path access-list 1 permit _54$
!
route-map FROM_R4 permit 10
match as-path 1
set local-preference 200
!
route-map FROM_R4 permit 100
!
router bgp 200
network 5.5.5.0 mask 255.255.255.0
neighbor 155.1.45.4 route-map FROM_R4 in
interface Loopback 1
ip address 5.5.5.5 255.255.255.0
!
ip as-path access-list 1 permit _54$
!
route-map FROM_R4 permit 10
match as-path 1
set local-preference 200
!
route-map FROM_R4 permit 100
!
router bgp 200
network 5.5.5.0 mask 255.255.255.0
neighbor 155.1.45.4 route-map FROM_R4 in
SW1:
ip as-path access-list 1 permit ^$
!
route-map NO_TRANSIT permit 100
match as-path 1
!
router bgp 300
neighbor 155.1.67.6 route-map NO_TRANSIT out
neighbor 155.1.37.3 route-map NO_TRANSIT out
Rack1SW1#show ip bgp regexp ^100
BGP table version is 71, local router ID is 150.1.77.77
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 155.1.67.6 0 100 i
* 2.2.2.0/24 155.1.67.6 0 100 200 i
*> 4.4.4.0/24 155.1.67.6 0 100 i
*> 6.6.6.0/24 155.1.67.6 0 0 100 i
* 10.0.0.0/24 155.1.67.6 0 100 200 i
* 10.0.0.0/22 155.1.67.6 0 100 200 i
* 10.0.1.0/24 155.1.67.6 0 100 200 i
* 10.0.2.0/24 155.1.67.6 0 100 200 i
* 10.0.3.0/24 155.1.67.6 0 100 200 i
*> 28.119.16.0/24 155.1.67.6 0 100 54 i
*> 28.119.17.0/24 155.1.67.6 0 100 54 i
*> 112.0.0.0 155.1.67.6 0 100 54 50 60 i
*> 113.0.0.0 155.1.67.6 0 100 54 50 60 i
*> 114.0.0.0 155.1.67.6 0 100 54 i
*> 115.0.0.0 155.1.67.6 0 100 54 i
*> 116.0.0.0 155.1.67.6 0 100 54 i
*> 117.0.0.0 155.1.67.6 0 100 54 i
Network Next Hop Metric LocPrf Weight Path
*> 118.0.0.0 155.1.67.6 0 100 54 i
*> 119.0.0.0 155.1.67.6 0 100 54 i
*> 155.1.0.0 155.1.67.6 0 0 100 i
*> 205.90.31.0 155.1.67.6 0 100 200 254 ?
*> 220.20.3.0 155.1.67.6 0 100 200 254 ?
*> 222.22.0.0/22 155.1.67.6 0 0 100 {200,254} ?
Rack1SW1#show ip bgp neighbors 155.1.67.6 advertised-routes
BGP table version is 71, local router ID is 150.1.77.77
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i222.22.3.0 155.1.79.9 0 100 0 i
Total number of prefixes 1
BGP table version is 71, local router ID is 150.1.77.77
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i222.22.3.0 155.1.79.9 0 100 0 i
Total number of prefixes 1
Rack1SW1#show ip bgp neighbors 155.1.37.3 advertised-routes
BGP table version is 88, local router ID is 150.1.77.77
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i222.22.3.0 155.1.79.9 0 100 0 i
Total number of prefixes 1
BGP table version is 88, local router ID is 150.1.77.77
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i222.22.3.0 155.1.79.9 0 100 0 i
Total number of prefixes 1
BGP table version is 64, local router ID is 222.22.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i28.119.16.0/24 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
*>i28.119.17.0/24 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
* i112.0.0.0 155.1.13.1 0 200 0 100 54 50 60 i
*>i 155.1.13.1 0 200 0 100 54 50 60 i
* i113.0.0.0 155.1.13.1 0 200 0 100 54 50 60 i
*>i 155.1.13.1 0 200 0 100 54 50 60 i
*>i114.0.0.0 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
*>i115.0.0.0 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
*>i116.0.0.0 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
*>i117.0.0.0 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
*>i118.0.0.0 155.1.45.4 0 200 0 100 54 i
Network Next Hop Metric LocPrf Weight Path
* i 155.1.45.4 0 200 0 100 54 i
*>i119.0.0.0 155.1.45.4 0 200 0 100 54 i
* i 155.1.45.4 0 200 0 100 54 i
No comments:
Post a Comment