IPv6 BGP首碼型傳出路由過濾配置示例

下載選項

  • PDF     (285.4 KB)
    在多種裝置上使用 Adobe Reader 檢視
  • ePub     (92.2 KB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
  • Mobi (Kindle)     (93.4 KB)
    在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視
已更新: 2012 年 6 月 14 日
文件 ID:113504

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。

簡介

本文檔提供使用IPv6的示例配置,幫助您配置BGP基於字首的出站路由過濾。此功能使用BGP出站路由過濾器(ORF)傳送和接收功能,這些功能可將對等路由器之間傳送的BGP更新數量降至最低。此功能配置有助於在源位置過濾掉不需要的路由更新。

必要條件

需求

嘗試此組態之前,請確保符合以下要求:

  • 瞭解BGP路由協定及其操作

  • 瞭解IPv6編址方案

採用元件

本文件所述內容不限於特定軟體和硬體版本。

本文檔中的配置基於採用Cisco IOS®軟體版本15.0(1)的Cisco 7200系列路由器。

慣例

如需文件慣例的詳細資訊,請參閱思科技術提示慣例。

設定

在本例中,路由器R1配置為向路由器R2通告基於字首的ORF傳送功能。在另一端路由器R2配置為向路由器R1通告基於字首的ORF接收功能。在啟用BGP基於字首的出站路由過濾功能以傳送或接收基於字首的ORF通告之前,必須在每台參與路由器上啟動並運行BGP對等會話,並且必須在路由器之前啟用BGP ORF功能。

本檔案使用neighbor orf prefix-filter命令在路由器上啟用ORF字首清單功能。此命令是在Cisco IOS軟體版本12.0(11)ST中匯入。

註:使Command Lookup Tool(僅限註冊客戶)可以查詢有關本文檔中使用的命令的詳細資訊。

網路圖表

本檔案會使用以下網路設定:

ipv6-bgp-outbound-prefixfilter-01.gif

配置示例

本檔案會使用以下設定:

路由器R1 
!
hostname R1
!
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback1
 no ip address
 ipv6 address 1111::1/128
!
!
interface Loopback2
 no ip address
 ipv6 address 2222::1/128
! 
!
interface Serial1/0
 no ip address
 ipv6 address 2011:11:11:11::1/64
 serial restart-delay 0
!
!
router bgp 6501
 no synchronization
 no bgp default ipv4-unicast
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 2011:11:11:11::2 remote-as 6502
 neighbor 2011:11:11:11::2 ebgp-multihop 255
 no auto-summary
 !
 address-family ipv6
  neighbor 2011:11:11:11::2 activate
  neighbor 2011:11:11:11::2 capability orf prefix-list send
  neighbor 2011:11:11:11::2 prefix-list FILTER_IPv6 in
 exit-address-family
!
!
ipv6 prefix-list FILTER_IPv6 seq 10 permit 1111::1/128
ipv6 prefix-list FILTER_IPv6 seq 20 permit 2222::1/128
!
!
end

路由器R2 
!
hostname R2
!
!
no ip domain lookup
ipv6 unicast-routing
ipv6 cef
!
interface Loopback1
 no ip address
 ipv6 address 1010::1/128
 !
!
interface Loopback2
 no ip address
 ipv6 address 2020::1/128
!
interface Serial1/0
 no ip address
 ipv6 address 2011:11:11:11::2/64
 serial restart-delay 0
!
!
router bgp 6502
 no synchronization
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 2011:11:11:11::1 remote-as 6501
 neighbor 2011:11:11:11::1 ebgp-multihop 255
 no auto-summary
 !
 address-family ipv6

  network 1010::1/128
  network 2020::1/128
  neighbor 2011:11:11:11::1 activate
  neighbor 2011:11:11:11::1 capability orf prefix-list receive
  neighbor 2011:11:11:11::1 prefix-list R2_list in
 exit-address-family
!
ipv6 prefix-list R2_list seq 10 permit 1010::1/128
ipv6 prefix-list R2_list seq 20 permit 2020::1/128
!
end

案例 1:根據帶有表達式的字首清單過濾路由

在此案例中,在R1的介面loopback 0下配置了環回地址1000::1/45。建立字首清單以允許大於字首長度::/64的任何路由。

註:路由器R2的配置與前面給出的配置相同,R1的配置也有所更改,如下所示。這些路由器上的IP地址保持不變。

路由器R1 

!--- Output omitted.
 
!
interface Loopback0
 no ip address
 ipv6 address 1000::1/45
 !

!--- Output omitted.

  router bgp 6501
 no synchronization
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 2011:11:11:11::2 remote-as 6502
 neighbor 2011:11:11:11::2 ebgp-multihop 255
 no auto-summary
 !
 address-family ipv6
  network 1000::1/45
  network 1111::1/128
  network 2222::1/128
  neighbor 2011:11:11:11::2 activate
  neighbor 2011:11:11:11::2 prefix-list IPV6-LONG in

!--- Applies the prefix-list and filters !--- the incoming updates from the neighbor 2011:11:11:11::2.

 exit-address-family
!
ipv6 prefix-list IPV6-LONG description Match any prefix longer than /64
ipv6 prefix-list IPV6-LONG seq 1 permit ::/0 ge 64

!--- seq 1 permit ::/0 ge 64 permits anything !--- that is ge /64 subnet mask.

!
end

驗證

使用本節內容,確認您的組態是否正常運作。

輸出直譯器工具(僅供已註冊客戶使用)(OIT)支援某些show命令。使用OIT檢視show命令輸出的分析。

以下show命令用於驗證設定:

驗證在傳送模式下配置的IPv6 BGP字首型出站路由過濾

在路由器R1中:

show running-config | beg bgp 
router bgp 6501
 no synchronization
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 2011:11:11:11::2 remote-as 6502
 neighbor 2011:11:11:11::2 ebgp-multihop 255
 no auto-summary
 !
 address-family ipv6
  neighbor 2011:11:11:11::2 activate
  neighbor 2011:11:11:11::2 capability orf prefix-list send

!--- Indicates that the neighbor 2011:11:11:11::2 !--- is configured with the prefix-based !--- ORF feature in send mode.

show bgp ipv6 unicast neighbors 
R1#show bgp ipv6 unicast neighbors 2011:11:11:11::2
BGP neighbor is 2011:11:11:11::2,  remote AS 6502, external link
  BGP version 4, remote router ID 2.2.2.2
  Session state = Established, up for 01:30:36
  Last read 00:00:44, last write 00:00:42, hold time is 180, keepalive interval is 60 seconds 
 BGP multisession with 2 sessions (2 established), first up for 01:31:26
  Neighbor sessions:
    2 active, is multisession capable
  Neighbor capabilities:
    Route refresh: advertised and received(new) on session 1, 2
    Four-octets ASN Capability: advertised and received on session 1, 2
    Address family IPv4 Unicast: advertised and received
    Address family IPv6 Unicast: advertised and received

!--- Output omitted.

 For address family: IPv6 Unicast
  Session: 2011:11:11:11::2 session 2
  BGP table version 1, neighbor version 1/0
  Output queue size : 0
  Index 2
  session 2 member
  2 update-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:

!--- Shows that the neighbor 2011:11:11:11::2 !--- is configured with the prefix-based !--- ORF feature in send mode.

      Send-mode: advertised
      Receive-mode: received
  Outbound Route Filter (ORF): sent;
  Incoming update prefix filter list is FILTER_IPv6
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:               2          4
    Prefixes Total:                 0          0
    Implicit Withdraw:              1          0
    Explicit Withdraw:              1          0
    Used as bestpath:             n/a          0
    Used as multipath:            n/a          0

                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    
  
!--- Output omitted.

驗證在接收模式下配置的IPv6 BGP字首型出站路由過濾

在路由器R2中:

show running-config | beg bgp 
router bgp 6502
 no synchronization
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 2011:11:11:11::1 remote-as 6501
 neighbor 2011:11:11:11::1 ebgp-multihop 255
 no auto-summary
 !
 address-family ipv6
  network 1010::1/128
  network 2020::1/128
  neighbor 2011:11:11:11::1 activate
  neighbor 2011:11:11:11::1 capability orf prefix-list receive

!--- Indicates that the neighbor 2011:11:11:11::1 !--- is configured with the prefix-based !--- ORF feature in receive mode.

show bgp ipv6 unicast neighbors 
R2#show bgp ipv6 unicast nei 2011:11:11:11::1
BGP neighbor is 2011:11:11:11::1,  remote AS 6501, external link
  BGP version 4, remote router ID 1.1.1.1
  Session state = Established, up for 01:47:11
  Last read 00:00:44, last write 00:00:32, hold time is 180, keepalive interval is 60 seconds  
multisession with 2 sessions (2 established), first up for 01:48:02
  Neighbor sessions:
    2 active, is multisession capable
  Neighbor capabilities:
    Route refresh: advertised and received(new) on session 1, 2
    Four-octets ASN Capability: advertised and received on session 1, 2
    Address family IPv4 Unicast: advertised and received
    Address family IPv6 Unicast: advertised and received
    Multisession Capability: advertised and received
 
!--- Output omitted.


 For address family: IPv6 Unicast
  Session: 2011:11:11:11::1 session 2
  BGP table version 3, neighbor version 3/0
  Output queue size : 0
  Index 3
  session 2 member
  3 update-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:

!--- Shows that the neighbor 2011:11:11:11::1 !--- is configured with the prefix-based !--- ORF feature in receive mode.

      Send-mode: received
      Receive-mode: advertised
  Outbound Route Filter (ORF): received (2 entries)
Incoming update prefix filter list is R2_list
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:               2          5
    Prefixes Total:                 0          0
    Implicit Withdraw:              0          0
    Explicit Withdraw:              2          0
    

!--- Output omitted.

驗證案例1:根據帶有表達式的字首清單過濾路由

在路由器R1中發出show ipv6 route bgp命令,以顯示IPv6 BGP路由表的當前內容。

show ipv6 route bgp
在路由器R1上: 
R1#show ipv6 route bgp
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B   1010::1/128 [20/0]
     via 2011:11:11:11::2
B   2020::1/128 [20/0]
     via 2011:11:11:11::2

!--- In this ouput, 1000::1/45 is not !--- displayed because the network is lesser !--- than ::/64 prefix and its filtered.

使用show ipv6 prefix-list命令以顯示有關IPv6字首清單或IPv6字首清單條目的資訊。

show ipv6 prefix-list
在路由器R1上: 
R1#show ipv6 prefix-list detail

Prefix-list with the last deletion/insertion: IPV6-LONG
ipv6 prefix-list IPV6-LONG:
   Description: Match any prefix longer than /64
   count: 1, range entries: 1, sequences: 1 - 1, refcount: 3
   seq 1 permit ::/0 ge 64 (hit count: 14, refcount: 1)

R1#show ipv6 prefix-list summary

Prefix-list with the last deletion/insertion: IPV6-LONG
ipv6 prefix-list IPV6-LONG:
   Description: Match any prefix longer than /64
   count: 1, range entries: 1, sequences: 1 - 1, refcount: 3

R1#show ipv6 prefix-list IPV6-LONG

ipv6 prefix-list IPV6-LONG: 1 entries
   seq 1 permit ::/0 ge 64

相關資訊

修訂記錄

修訂 發佈日期 意見
1.0
14-Jun-2012
初始版本

這份文件是否有所幫助?

Feedback意見

讓思科協助您

本文件適用於這些產品