BGP ORF
初期設定
before
iosv-3#sh ip bgp | b Origin
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 150.1.23.2 0 100 i
*> 2.2.2.2/32 150.1.23.2 0 0 100 i
*> 10.10.10.10/32 150.1.23.2 0 100 200 iprefix-list設定(iosv-3)
#prefix-list作成
iosv-3(config)#ip prefix-list ORF deny 10.10.10.10/32
iosv-3(config)#ip prefix-list ORF permit 0.0.0.0/0 le 32
#prefix-listの適用
iosv-3(config)#router bgp 300
iosv-3(config-router)#neighbor 150.1.23.2 prefix-list ORF in
#bgpプロセスの再起動
iosv-3(config-router)#do clear ip bgp *
*Jul 6 12:04:17.301: %BGP-3-NOTIFICATION_MANY: sent to 1 sessions 6/4 (Administrative Reset) for all peers
*Jul 6 12:04:17.327: %BGP-5-ADJCHANGE: neighbor 150.1.23.2 Down User reset
*Jul 6 12:04:17.328: %BGP_SESSION-5-ADJCHANGE: neighbor 150.1.23.2 IPv4 Unicast topology base removed from session User reset
*Jul 6 12:04:25.485: %BGP-5-ADJCHANGE: neighbor 150.1.23.2 Up
#確認
iosv-3(config-router)#do sh ip bgp sum
<略>
BGP activity 5/3 prefixes, 5/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
150.1.23.2 4 100 7 4 3 0 0 00:00:07 2
iosv-3(config-router)#do sh ip bgp
<略>
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 150.1.23.2 0 100 i
*> 2.2.2.2/32 150.1.23.2 0 0 100 i10.10.10.10/32が消えた。しかし、
iosv-2#sh ip bgp neighbor 150.1.23.3 advertised-routes
BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r>i 1.1.1.1/32 150.1.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
r>i 10.10.10.10/32 150.1.12.1 0 100 0 200 i
Total number of prefixes 3 iosv-2は依然としてiosv-3へ向けて10.10.10.10/32を広告し続けている。これでは帯域が勿体ない。
ORF(Outbound Route Filtering)
iosv-2(config-router)#neighbor 150.1.23.3 capability orf prefix-list receive
iosv-3(config-router)#neighbor 150.1.23.2 capability orf prefix-list send↑設定 確認↓
iosv-2#sh run | sec bgp
router bgp 100
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 150.1.12.1 remote-as 100
neighbor 150.1.12.1 next-hop-self
neighbor 150.1.23.3 remote-as 300
neighbor 150.1.23.3 capability orf prefix-list receive
iosv-2#sh ip bgp neighbor 150.1.23.3 advertised-routes
<略>
Network Next Hop Metric LocPrf Weight Path
r>i 1.1.1.1/32 150.1.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
Total number of prefixes 2 isov-2にはprefix-listが設定されていないけど、iosv-3からprefix-listの情報を受け取ってフィルタリングを行っている。
iosv-2#sh ip bgp neighbor 150.1.23.3 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 150.1.23.3: 2 entries
seq 5 deny 10.10.10.10/32
seq 10 permit 0.0.0.0/0 le 32