1、实验拓扑图
2、实验目的
ORF(outbound route filtering),能将本段设备配置的基于前缀的入口策略通过路由刷新报文发送给BGP邻居,BGP邻居根据这些策略构造出口策略,在路由发送时对路由进行过滤。这样不仅避免了本端设备接收大量的无用路由,降低了本段设备的CPU使用率,还有效减少了BGP邻居的配置工作,降低了链路带宽的占有率。
3、配置步骤
1)建立ip-prefix
ip ip-prefix deny-1 index 10 deny 192.168.1.0 24
ip ip-prefix deny-1 index 20 permit 0.0.0.0 0 less-equal 32 //允许所有
2)过滤ip-prefix
peer 1.1.1.1 ip-prefix deny-1 import
3)启用orf
peer 1.1.1.1 capability-advertise orf ip-prefix send
4、实验配置
R1:
<r1>display current-configuration
[V200R003C00]
#
sysname r1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0010.0100.1001.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
isis enable 100
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 100
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.0
isis enable 100
#
bgp 100
router-id 1.1.1.1
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
network 192.168.1.0
peer 2.2.2.2 enable
peer 2.2.2.2 capability-advertise orf ip-prefix receive //接收端
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r1>
R2:
[r2]display current-configuration
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0020.0200.2002.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
isis enable 100
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 100
#
bgp 100
router-id 2.2.2.2
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 ip-prefix deny-1 import
peer 1.1.1.1 capability-advertise orf ip-prefix send //发送端
#
ip ip-prefix deny-1 index 10 deny 192.168.1.0 24
ip ip-prefix deny-1 index 20 permit 0.0.0.0 0 less-equal 32
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r2]
5、实验结果
1)宣告两条路由
2)发送端的路由表
3)接收端收到的宣告路由
注:display bgp routing-table peer 2.2.2.2 advertised-routes