How to ensure specific subnets within supernet are not leaked to specific neighbor without 'aggregate-address' command ?
假設現在我們的BGP Table中有許多192.168.X.0/24的小網段,不過我們只想要送出192.168.0.0/16這個Supernet給特定的neighbor 3.3.3.3,但是不能使用aggregate-address指令,我們可以設定如下,利用neighbor後面加上route-map參數進行小網段的過濾:
Router(config)#interface loopback 0
Router(config-if)# ip address 192.168.0.254 255.255.255.0
!
Router(config)#interface loopback 1
Router(config-if)# ip address 192.168.1.254 255.255.255.0
!
Router(config)#interface loopback 2
Router(config-if)# ip address 192.168.2.254 255.255.255.0
!
Router(config)#interface loopback 3
Router(config-if)# ip address 192.168.3.254 255.255.255.0
!
Router(config)#router bgp 100
Router(config-router)#network 192.168.0.0 mask 255.255.255.0
Router(config-router)#network 192.168.1.0 mask 255.255.255.0
Router(config-router)#network 192.168.2.0 mask 255.255.255.0
Router(config-router)#network 192.168.3.0 mask 255.255.255.0
Router(config-router)#network 192.168.0.0 mask 255.255.0.0
Router(config-router)#neighbor 3.3.3.3 route-map AGGREGATE out
!
Router(config)#ip route 192.168.0.0 255.255.0.0 null0
!
Router(config)#ip prefix-list AGGREGATE_PREFIX seq 5 permit 192.168.0.0/16
!
Router(config)#route-map AGGREGATE permit 10
Router(config-route-map)# match ip address prefix-list AGGREGATE_PREFIX
Comments