BGP route filtering 03/29 Update SLTechnology News&Howtos

BGP route filtering

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

This lab comes from the HCNP routing Lab Guide

Experimental requirements: 1. AS200 cannot receive routes from other branches

two。 Branch 2 (AS300) cannot advertise its routing information to other branch offices

3. Branch 4 (AS500) cannot receive routes from Branch 3 (AS400)

Experimental addressing table

GE0/0/0:10.0.12.1/ 24

GE0/0/1:10.0.13.1/ 24

GE0/0/2:10.0.14.1 / 24

Lo0:10.0.1.1 32

GE0/0/0:10.0.12.2 / 24

GE0/0/1:10.0.25.2/ 24

GE0/0/2:10.0.26.2 / 24

Lo0:10.0.2.2 32

GE0/0/0:10.0.13.3 / 24

Lo0: 10.0.3.3/32

Link network segment under lo1:192.168.1.1/24 simulation

GE0/0/0:10.0.14.4 / 24

Lo0: 10.0.4.4/32

Link network segment under lo1:192.168.2.1/24 simulation

GE0/0/0:10.0.25.5 / 24

Lo0: 10.0.5.5/32

Link network segment under lo1:192.168.3.1/24 simulation

GE0/0/0:10.0.26.6 / 24

Lo0: 10.0.6.6/32

Link network segment under lo1:192.168.4./24 simulation

All establish BGP neighbor relationships through directly connected interfaces

1. AS200 (R3) cannot receive routes from other branch offices

Only receive headquarters, that is, AS100, train of thought: regular expression!

View routing tabl

Define an as-path filter 1 that only allows 100 originating routes, 100$ should understand

Apply in bgp view, apply in import direction of 10.0.13.1

The first requirement is successful.

two。 Branch 2 (AS300 (AR4)) cannot advertise its routing information to other branch offices.

Make use of the group attribute no-export

First check the routing table R1 headquarters

R5 branch

Next, configure on R4

Define a route-policy 1

Label the routes published by R4 with the community attribute no-export

Next, apply

Peer 10.0.14.1 advertise-community means to advertise community attributes to neighbors

The AR1 of AS100 is also advertised to AR2 in AS100.

Next, look at the routing tables on R1 and R6

Check the community attribute on R1.

You can see that there are no routes for 4.4 and 192.168.2.0 on R6.

3. Branch 4 (AS500) cannot receive routes from Branch 3 (AS400)

Idea: AS500 receives AS400 from the routing information published by AS100, as long as the route of AS400 is not published to AS500 on AS100.

Here I didn't use 10.0.25.5 24 before I read the book, but it was released to AS500.

Here, if the next hop of the route is 10.0.25.5, deny will drop.

Then the application is released to AR6

View the routing table on AR6

No routing information such as 10.0.4.4 192.168.3.1

Attachment: http://down.51cto.com/data/2367467

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.