Case 8* I8 A3 ?" u5 G2 U3 y1 g
只允许路由器C把超网160.10.0.0/8发送给路由器A,而过滤掉网络160.10.0.0/16:
+ g c% x2 e8 v路由器C配置如下:
0 F2 h' f) K! S, M3 e4 [+ @!9 e: Y; a7 p$ }
router bgp 300
; J* \" z/ k$ I5 o: ^' o, mnetwork 170.10.0.0 A# b5 G6 _5 B0 l* ?
neighbor 3.3.3.3 remote-as 200
3 g! r0 a( G( F c7 r/ R7 aneighbor 2.2.2.2 remote-as 100
1 S, ` O& J5 r- }+ p+ G4 ]: kneighbor 2.2.2.2 distribute-list 1 out
% m3 u( f6 {( W!' f2 ~/ l6 F3 @* m; @
access-list 101 permit ip 160.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255+ O- O- ^* |9 b( y( G. G+ |
!
3 D/ G0 @6 Z% \3 rAS_PATH Filtering
; p" w3 P) g' J$ T$ M' F; |6 \$ Z使用AS_PATH属性过滤BGP路由的步骤如下:, P" d9 r8 g: @2 X
1.定义AS_PATH ACL:( C' x7 C0 @! E I% _+ R
Aiko(config)#ip as-path access-list {number} {permit|deny} {regex}. N8 A4 q8 v& h& ^
2.调用AS_PATH ACL过滤BGP路由:% q( u( d; W2 p) M
Aiko(config-router)#neighbor {ip-address} filter-list {AS_PATH ACL} {in|out} |
发表于 2012-8-3 20:12:39
