华为BGP ORF(Outbound Route Filtering)
作者:互联网
RFC5291、RFC5292规定了BGP基于前缀的ORF能力,能将本端设备配置的基于前缀的入口策略通过路由刷新报文发送给BGP邻居。BGP邻居根据这些策略构造出口策略,在路由发送时对路由条目进行过滤。这样不仅避免了本端设备接收大量无用的路由,降低了本端设备的CPU使用率,还有效减少了BGP邻居的配置工作,降低了链路带宽的占用率。
配置基于前缀的BGP ORF示例
组网需求:
如图所示,AR1属于AS100,AR3属于AS200。需求AR3不必维护出口策略即可实现AR3设备只发送符合AR1设备入口策略的路由。
一、完成接口及EBGP配置。(略)
二、在AR3上应用基于前缀的入口过滤
R3:
ip ip-prefix 10 index 10 permit 100.1.1.0 24
bgp 200
peer 123.1.1.1 ip-prefix 10 import
在AR3上查看路由表:
[AR3]dis bgp routing-table
BGP Local router ID is 33.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 100.1.1.0/24 123.1.1.1 0 0 100i
在AR3上查看路由接收情况:
[AR3]dis bgp routing-table peer 123.1.1.1 received-routes
BGP Local router ID is 33.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 100.1.1.0/24 123.1.1.1 0 0 100i
在AR1上查看路由发送情况:
[AR1]dis bgp routing-table peer 123.1.1.3 advertised-routes
BGP Local router ID is 123.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 11.1.1.0/24 123.1.1.1 0 0 100i
*> 100.1.1.0/24 123.1.1.1 0 0 100i
*> 111.1.1.0/24 123.1.1.1 0 0 100 i
未使能基于前缀的BGP ORF功能时,AR1发送了11.1.1.0、100.1.1.0、111.1.0三条直连环回口路由,AR3的基于前缀列表的入口策略只接收了100.1.1.0的路由。
三、使能基于前缀的BGP ORF功能
# 在AR1上使能基于前缀的BGP ORF功能。
[AR1] bgp 100
[AR1-bgp] peer 123.1.1.3 capability-advertise orf ip-prefix both
[AR1-bgp] quit
# 在AR3上使能基于前缀的BGP ORF功能。
[AR3] bgp 200
[AR3-bgp] peer 123.1.1.1 capability-advertise orf ip-prefix both
[AR3-bgp] quit
注意:配置完成以后,会导致邻居shutdown掉,重新建立BGP邻居关系。
此时查看AR1通告的路由,AR1只通告100.1.1.0/24的路由,不会通告其他的路由条目,可以减少路由条目的发送。
[AR1]dis bgp routing-table peer 123.1.1.3 advertised-routes //查看BGP通告的路由条目
BGP Local router ID is 123.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 100.1.1.0/24 123.1.1.1 0 0 100i
<AR1>dis bgp peer 123.1.1.3 verbose //查看基于前缀的BGP ORF协商信息。
BGP Peer is 123.1.1.3, remote AS 200
Type: EBGP link
BGP version 4, Remote router ID 33.1.1.1
Update-group ID: 0
BGP current state: Established, Up for 00h13m07s
BGP current event: RecvKeepalive
BGP last state: OpenConfirm
BGP Peer Up count: 2
Received total routes: 1
Received active routes total: 1
Advertised total routes: 4
Port: Local - 179 Remote - 51051
Configured: Connect-retry Time: 32 sec
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp outbound route filter capability
Support Address-Prefix: IPv4-UNC address-family, rfc-compatible, both
Peer supports bgp 4-byte-as capability
Address family IPv4 Unicast: advertised and received
wireshark抓包显示如下:
标签:bgp,Filtering,Outbound,1.1,Route,123.1,BGP,AR3,路由 来源: https://blog.51cto.com/3965485/2444174