BGP Regular Expressions(正则表达式)

原创

zcm8483 2012-06-23 21:30:25 博主文章分类：BGP ©著作权

文章标签 正则表达式 BGP Regular Expressions 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者zcm8483的原创作品，请联系作者获取转载授权，否则将追究法律责任

【实验要求】

在R1与R2上配置AS-Path 访问控制列表，确保R3通告的BGP网络能够访问AS1与AS3通告的网络，但是不能让AS1与As3通告的网络互相访问

【实验分析】

我们需要利用正则表达啥在R1上过滤 AS1的流量，在R2上过滤AS3的流量即可实现要求

【实验拓扑】

【实验基本配置】

R1：

interface FastEthernet0/0

ip address 155.1.146.1 255.255.255.0

interface Serial0/0

ip address 155.1.13.1 255.255.255.0

clock rate 2000000

router eigrp 2

network 155.1.13.1 0.0.0.0

no auto-summary

router bgp 2

neighbor 155.1.13.3 remote-as 2

neighbor 155.1.13.3 next-hop-self

neighbor 155.1.23.2 remote-as 2

neighbor 155.1.23.2 next-hop-self

neighbor 155.1.146.4 remote-as 3

no auto-summary

R2：

interface Serial0/0

ip address 155.1.23.2 255.255.255.0

clock rate 2000000

interface Serial0/1

ip address 155.1.0.2 255.255.255.0

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 155.1.0.5 205 broadcast

router eigrp 2

network 155.1.23.2 0.0.0.0

auto-summary

router bgp 2

neighbor 155.1.0.5 remote-as 1

neighbor 155.1.13.1 remote-as 2

neighbor 155.1.13.1 next-hop-self

neighbor 155.1.23.3 remote-as 2

neighbor 155.1.23.3 next-hop-self

R3：(注意R3不用配置next-hop-self，因为它不不是边界路由器)

interface Loopback0

ip address 155.1.37.3 255.255.255.0

interface Serial0/0

ip address 155.1.13.3 255.255.255.0

clock rate 2000000

interface Serial0/1

ip address 155.1.23.3 255.255.255.0

clock rate 2000000

router eigrp 2

network 155.1.13.3 0.0.0.0

network 155.1.23.3 0.0.0.0

auto-summary

router bgp 2

network 155.1.37.0 mask 255.255.255.0

neighbor 155.1.13.1 remote-as 2

neighbor 155.1.23.2 remote-as 2

R4：

interface Loopback0

ip address 204.12.1.4 255.255.255.0

interface FastEthernet0/0

ip address 155.1.146.4 255.255.255.0

router bgp 3

network 204.12.1.0

neighbor 155.1.146.1 remote-as 2

R5：

interface Loopback0

ip address 155.1.5.5 255.255.255.0

interface Serial0/0

ip address 155.1.0.5 255.255.255.0

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 155.1.0.2 502 broadcast

router bgp 1

network 155.1.5.0 mask 255.255.255.0

neighbor 155.1.0.2 remote-as 2

【实验前验证】

下面命令验证了在实验之前AS1、AS2、AS3 之间能够互相学习到对方通告地址

R4#show ip bgp

<隐藏部分输出结果>

Network Next Hop Metric LocPrf Weight Path

*> 155.1.5.0/24 155.1.146.1 0 2 1 i

*> 155.1.37.0/24 155.1.146.1 0 2 i

*> 204.12.1.0 0.0.0.0 0 32768 i

R5#show ip bgp

<隐藏部分输出结果>

Network Next Hop Metric LocPrf Weight Path

*> 155.1.5.0/24 0.0.0.0 0 32768 i

*> 155.1.37.0/24 155.1.0.2 0 2 i

*> 204.12.1.0 155.1.0.2 0 2 3 i

R3#show ip bgp

<隐藏部分输出结果>

Network Next Hop Metric LocPrf Weight Path

*>i155.1.5.0/24 155.1.23.2 0 100 0 1 i

*> 155.1.37.0/24 0.0.0.0 0 32768 i

*>i204.12.1.0 155.1.13.1 0 100 0 3 i

【实验配置】

R1:

ip as-path access-list 1 permit ^$

router bgp 2

neighbor 155.1.146.4 filter-list 1 out

R2:

ip as-path access-list 1 permit ^$

neighbor 155.1.0.5 filter-list 1 out

实验中用到的正则表达式^$ 代表任意字符，为什么会这样呢？

其实在R1与R2上只需要接受 as-path ，不需要相邻EBGP发送任何含as-path信息即可满足实验要求。

【实验验证】

我们看到下发列出 R4与R5都无法学习到对方通告的BGP路由，但R3都可以学习到，验证了实验的正确性

R4#show ip bgp

BGP table version is 5, local router ID is 204.12.1.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 155.1.37.0/24 155.1.146.1 0 2 i

*> 204.12.1.0 0.0.0.0 0 32768 i

R5#show ip bgp

BGP table version is 5, local router ID is 155.1.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 155.1.5.0/24 0.0.0.0 0 32768 i

*> 155.1.37.0/24 155.1.0.2 0 2 i

R3#show ip bgp

BGP table version is 4, local router ID is 155.1.37.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i155.1.5.0/24 155.1.23.2 0 100 0 1 i

*> 155.1.37.0/24 0.0.0.0 0 32768 i

*>i204.12.1.0 155.1.13.1 0 100 0 3 i

R3#ping 155.1.5.5 source 155.1.37.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds:

Packet sent with a source address of 155.1.37.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/47/56 ms

上面实验对于正则表达式应用的较少，如果想看正则表达式相关的文章请看下发的推介文章

【相关文章推介】

http://haolun.blog.51cto.com/173913/p-5 基于AS-Path路径过滤

上一篇：BGP Outbound Route Filtering (ORF)理论

下一篇：BGP Communities – Local AS

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯