BGP no-export-白红宇

【实验要求】

使用 community 中的No-Export 属性配置AS2，保证AS3与AS1通告的网络之间不能互相访问，

本实验主要为了在多个bgp出口存在的情况下如何不把从一个AS学习的路由传递给其他AS。

【实验拓扑】

【实验基本配置】

R1：

interface FastEthernet0/0

ip address 155.1.146.1 255.255.255.0

interface Serial0/0

ip address 155.1.13.1 255.255.255.0

clock rate 2000000

router eigrp 2

network 155.1.13.1 0.0.0.0

no auto-summary

router bgp 2

no synchronization

bgp log-neighbor-changes

neighbor 155.1.13.3 remote-as 2

neighbor 155.1.13.3 next-hop-self

neighbor 155.1.23.2 remote-as 2

neighbor 155.1.23.2 next-hop-self

neighbor 155.1.146.4 remote-as 3

no auto-summary

R2：

interface Serial0/0

ip address 155.1.23.2 255.255.255.0

clock rate 2000000

interface Serial0/1

ip address 155.1.0.2 255.255.255.0

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 155.1.0.5 205 broadcast

router eigrp 2

network 155.1.23.2 0.0.0.0

auto-summary

router bgp 2

no synchronization

bgp log-neighbor-changes

neighbor 155.1.0.5 remote-as 1

neighbor 155.1.13.1 remote-as 2

neighbor 155.1.13.1 next-hop-self

neighbor 155.1.23.3 remote-as 2

neighbor 155.1.23.3 next-hop-self

R3：

(注意R3不用配置next-hop-self，因为它不不是边界路由器)

interface Loopback0

ip address 155.1.37.3 255.255.255.0

interface Serial0/0

ip address 155.1.13.3 255.255.255.0

clock rate 2000000

interface Serial0/1

ip address 155.1.23.3 255.255.255.0

clock rate 2000000

router eigrp 2

network 155.1.13.3 0.0.0.0

network 155.1.23.3 0.0.0.0

auto-summary

router bgp 2

no synchronization

bgp log-neighbor-changes

network 155.1.37.0 mask 255.255.255.0

neighbor 155.1.13.1 remote-as 2

neighbor 155.1.23.2 remote-as 2

no auto-summary

R4：

interface Loopback0

ip address 204.12.1.4 255.255.255.0

interface FastEthernet0/0

ip address 155.1.146.4 255.255.255.0

router bgp 3

no synchronization

bgp log-neighbor-changes

network 204.12.1.0

neighbor 155.1.146.1 remote-as 2

no auto-summary

R5：

interface Loopback0

ip address 155.1.5.5 255.255.255.0

interface Serial0/0

ip address 155.1.0.5 255.255.255.0

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 155.1.0.2 502 broadcast

router bgp 1

no synchronization

bgp log-neighbor-changes

network 155.1.5.0 mask 255.255.255.0

neighbor 155.1.0.2 remote-as 2

no auto-summary

【实验前验证】

验证的目的是在同步关闭的情况下，AS1、AS2、AS3 之间通告的网络都可以学习到，而且可以互相ping通

R4：

R4#show ip bgp 我们看到AS3学习到了AS1和AS2通告的路由，如下高亮部分

<省略部分输出结果>

Network Next Hop Metric LocPrf Weight Path

*> 155.1.5.0/24 155.1.146.1 0 2 1 i

*> 155.1.37.0/24 155.1.146.1 0 2 i

*> 204.12.1.0 0.0.0.0 0 32768 i

R4：

R4#ping 155.1.5.5 source 204.12.1.4 并且R4能够ping通AS1所通告的155.1.5.5 的地址

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds:

Packet sent with a source address of 204.12.1.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/100/124 ms

【实验配置】

R1:

route-map NO_EXPORT permit 10

set community no-export

router bgp 2

neighbor 155.1.146.4 route-map NO_EXPORT in

neighbor 155.1.23.2 send-community

R2:

route-map NO_EXPORT permit 10

set community no-export

router bgp 2

neighbor 155.1.0.5 route-map NO_EXPORT in

neighbor 155.1.13.1 send-community

注意：上面配置为什么是in，因为是为了让学习到的路由进来的时候带上no-export的标记

send community no-export 只发给边界路由器

【实验后验证】

我们此时需要验证，在AS1与AS3之间能否相互学习到对方通告的地址即可

R1#show ip bgp 204.12.1.0

BGP routing table entry for 204.12.1.0/24, version 4

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)

Flag: 0x820

Advertised to update-groups:

2 3

155.1.146.4 from 155.1.146.4 (204.12.1.4)

Origin IGP, metric 0, localpref 100, valid, external, best

Community: no-export

我们在R1上可以看到从AS3学习到的路由带上了 community：no-export 标记

R4#show ip bgp

我们看到AS3无法学习到了AS1所通告的路由，如下高亮部分

<省略部分输出结果>

Network Next Hop Metric LocPrf Weight Path

*> 155.1.37.0/24 155.1.146.1 0 2 i

*> 204.12.1.0 0.0.0.0 0 32768 i

本文转自zcm8483 51CTO博客，原文链接:http://blog.51cto.com/haolun/992833