本文档提供使用IPv6的示例配置,帮助您配置基于BGP前缀的出站路由过滤。此功能使用BGP出站路由过滤器(ORF)发送和接收功能,以尽量减少对等路由器之间发送的BGP更新数。配置此功能有助于过滤源处不需要的路由更新。
尝试进行此配置之前,请确保满足以下要求:
了解 BGP 路由协议及其操作
了解 IPv6 编址方案
本文档不限于特定的软件和硬件版本。
本文中的配置基于装有 Cisco IOS® 软件版本 15.0(1) 的 Cisco 7200 系列路由器。
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
在本例中,路由器R1配置为向路由器R2通告基于前缀的ORF发送功能。在另一端路由器R2配置为向路由器R1通告基于前缀的ORF接收功能。在启用基于前缀的BGP出站路由过滤功能以发送或接收基于前缀的ORF通告之前,BGP对等会话必须启动并运行在路由器之前,必须在每台参与的路由器上启用BGP ORF功能。
本文档使用neighbor orf prefix-filter命令以在路由器上启用ORF前缀列表功能。此命令在思科IOS软件版本12.0(11)ST中引入。
注意:使用命令查找工具(仅限注册客户)可查找有关本文档中使用的命令的详细信息。
本文档使用以下网络设置:
本文档使用以下配置:
路由器 R1 |
---|
! hostname R1 ! ipv6 unicast-routing ipv6 cef ! ! interface Loopback1 no ip address ipv6 address 1111::1/128 ! ! interface Loopback2 no ip address ipv6 address 2222::1/128 ! ! interface Serial1/0 no ip address ipv6 address 2011:11:11:11::1/64 serial restart-delay 0 ! ! router bgp 6501 no synchronization no bgp default ipv4-unicast bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2011:11:11:11::2 remote-as 6502 neighbor 2011:11:11:11::2 ebgp-multihop 255 no auto-summary ! address-family ipv6 neighbor 2011:11:11:11::2 activate neighbor 2011:11:11:11::2 capability orf prefix-list send neighbor 2011:11:11:11::2 prefix-list FILTER_IPv6 in exit-address-family ! ! ipv6 prefix-list FILTER_IPv6 seq 10 permit 1111::1/128 ipv6 prefix-list FILTER_IPv6 seq 20 permit 2222::1/128 ! ! end |
路由器 R2 |
---|
! hostname R2 ! ! no ip domain lookup ipv6 unicast-routing ipv6 cef ! interface Loopback1 no ip address ipv6 address 1010::1/128 ! ! interface Loopback2 no ip address ipv6 address 2020::1/128 ! interface Serial1/0 no ip address ipv6 address 2011:11:11:11::2/64 serial restart-delay 0 ! ! router bgp 6502 no synchronization bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 2011:11:11:11::1 remote-as 6501 neighbor 2011:11:11:11::1 ebgp-multihop 255 no auto-summary ! address-family ipv6 network 1010::1/128 network 2020::1/128 neighbor 2011:11:11:11::1 activate neighbor 2011:11:11:11::1 capability orf prefix-list receive neighbor 2011:11:11:11::1 prefix-list R2_list in exit-address-family ! ipv6 prefix-list R2_list seq 10 permit 1010::1/128 ipv6 prefix-list R2_list seq 20 permit 2020::1/128 ! end |
在此场景中,R1的接口loopback 0下配置了环回地址1000::1/45。创建前缀列表以允许任何大于前缀长度::/64的路由。
注意:路由器R2的配置与之前给出的配置相同,R1的配置更改如下所示。这些路由器的IP地址保持不变。
路由器 R1 |
---|
!--- Output omitted. ! interface Loopback0 no ip address ipv6 address 1000::1/45 ! !--- Output omitted. router bgp 6501 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2011:11:11:11::2 remote-as 6502 neighbor 2011:11:11:11::2 ebgp-multihop 255 no auto-summary ! address-family ipv6 network 1000::1/45 network 1111::1/128 network 2222::1/128 neighbor 2011:11:11:11::2 activate neighbor 2011:11:11:11::2 prefix-list IPV6-LONG in !--- Applies the prefix-list and filters !--- the incoming updates from the neighbor 2011:11:11:11::2. exit-address-family ! ipv6 prefix-list IPV6-LONG description Match any prefix longer than /64 ipv6 prefix-list IPV6-LONG seq 1 permit ::/0 ge 64 !--- seq 1 permit ::/0 ge 64 permits anything !--- that is ge /64 subnet mask. ! end |
使用本部分可确认配置能否正常运行。
命令输出解释程序(仅限注册用户)(OIT) 支持某些 show 命令。使用 OIT 可查看对 show 命令输出的分析。
以下show命令用于验证配置:
show running-config |beg bgp
show bgp ipv6 unicast neighbors(show bgp ipv6 unicast neighbors)
在路由器R1中:
show running-config |beg bgp |
---|
router bgp 6501 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2011:11:11:11::2 remote-as 6502 neighbor 2011:11:11:11::2 ebgp-multihop 255 no auto-summary ! address-family ipv6 neighbor 2011:11:11:11::2 activate neighbor 2011:11:11:11::2 capability orf prefix-list send !--- Indicates that the neighbor 2011:11:11:11::2 !--- is configured with the prefix-based !--- ORF feature in send mode. |
show bgp ipv6 unicast neighbors |
---|
R1#show bgp ipv6 unicast neighbors 2011:11:11:11::2 BGP neighbor is 2011:11:11:11::2, remote AS 6502, external link BGP version 4, remote router ID 2.2.2.2 Session state = Established, up for 01:30:36 Last read 00:00:44, last write 00:00:42, hold time is 180, keepalive interval is 60 seconds BGP multisession with 2 sessions (2 established), first up for 01:31:26 Neighbor sessions: 2 active, is multisession capable Neighbor capabilities: Route refresh: advertised and received(new) on session 1, 2 Four-octets ASN Capability: advertised and received on session 1, 2 Address family IPv4 Unicast: advertised and received Address family IPv6 Unicast: advertised and received !--- Output omitted. For address family: IPv6 Unicast Session: 2011:11:11:11::2 session 2 BGP table version 1, neighbor version 1/0 Output queue size : 0 Index 2 session 2 member 2 update-group member AF-dependant capabilities: Outbound Route Filter (ORF) type (128) Prefix-list: !--- Shows that the neighbor 2011:11:11:11::2 !--- is configured with the prefix-based !--- ORF feature in send mode. Send-mode: advertised Receive-mode: received Outbound Route Filter (ORF): sent; Incoming update prefix filter list is FILTER_IPv6 Sent Rcvd Prefix activity: ---- ---- Prefixes Current: 2 4 Prefixes Total: 0 0 Implicit Withdraw: 1 0 Explicit Withdraw: 1 0 Used as bestpath: n/a 0 Used as multipath: n/a 0 Outbound Inbound Local Policy Denied Prefixes: -------- ------- !--- Output omitted. |
在路由器R2中:
show running-config |beg bgp |
---|
router bgp 6502 no synchronization bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 2011:11:11:11::1 remote-as 6501 neighbor 2011:11:11:11::1 ebgp-multihop 255 no auto-summary ! address-family ipv6 network 1010::1/128 network 2020::1/128 neighbor 2011:11:11:11::1 activate neighbor 2011:11:11:11::1 capability orf prefix-list receive !--- Indicates that the neighbor 2011:11:11:11::1 !--- is configured with the prefix-based !--- ORF feature in receive mode. |
show bgp ipv6 unicast neighbors |
---|
R2#show bgp ipv6 unicast nei 2011:11:11:11::1 BGP neighbor is 2011:11:11:11::1, remote AS 6501, external link BGP version 4, remote router ID 1.1.1.1 Session state = Established, up for 01:47:11 Last read 00:00:44, last write 00:00:32, hold time is 180, keepalive interval is 60 seconds multisession with 2 sessions (2 established), first up for 01:48:02 Neighbor sessions: 2 active, is multisession capable Neighbor capabilities: Route refresh: advertised and received(new) on session 1, 2 Four-octets ASN Capability: advertised and received on session 1, 2 Address family IPv4 Unicast: advertised and received Address family IPv6 Unicast: advertised and received Multisession Capability: advertised and received !--- Output omitted. For address family: IPv6 Unicast Session: 2011:11:11:11::1 session 2 BGP table version 3, neighbor version 3/0 Output queue size : 0 Index 3 session 2 member 3 update-group member AF-dependant capabilities: Outbound Route Filter (ORF) type (128) Prefix-list: !--- Shows that the neighbor 2011:11:11:11::1 !--- is configured with the prefix-based !--- ORF feature in receive mode. Send-mode: received Receive-mode: advertised Outbound Route Filter (ORF): received (2 entries) Incoming update prefix filter list is R2_list Sent Rcvd Prefix activity: ---- ---- Prefixes Current: 2 5 Prefixes Total: 0 0 Implicit Withdraw: 0 0 Explicit Withdraw: 2 0 !--- Output omitted. |
在路由器R1中发出show ipv6 route bgp命令,以显示IPv6 BGP路由表的当前内容。
show ipv6 route bgp |
---|
在路由器R1中: R1#show ipv6 route bgp IPv6 Routing Table - default - 9 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 B 1010::1/128 [20/0] via 2011:11:11:11::2 B 2020::1/128 [20/0] via 2011:11:11:11::2 !--- In this ouput, 1000::1/45 is not !--- displayed because the network is lesser !--- than ::/64 prefix and its filtered. |
使用show ipv6 prefix-list命令可显示有关IPv6前缀列表或IPv6前缀列表条目的信息。
show ipv6 prefix-list |
---|
在路由器R1中: R1#show ipv6 prefix-list detail Prefix-list with the last deletion/insertion: IPV6-LONG ipv6 prefix-list IPV6-LONG: Description: Match any prefix longer than /64 count: 1, range entries: 1, sequences: 1 - 1, refcount: 3 seq 1 permit ::/0 ge 64 (hit count: 14, refcount: 1) R1#show ipv6 prefix-list summary Prefix-list with the last deletion/insertion: IPV6-LONG ipv6 prefix-list IPV6-LONG: Description: Match any prefix longer than /64 count: 1, range entries: 1, sequences: 1 - 1, refcount: 3 R1#show ipv6 prefix-list IPV6-LONG ipv6 prefix-list IPV6-LONG: 1 entries seq 1 permit ::/0 ge 64 |
版本 | 发布日期 | 备注 |
---|---|---|
1.0 |
14-Jun-2012 |
初始版本 |