Ho fatto un test con gns3 e le mie perplessità erano fondate. Ho usato tre router in cascata:
R1 (AS 1) <--> R2 (AS 2) <--> R3 (AS 3)
su R1 ho inserito in bgp 3 rotte:
Codice: Seleziona tutto
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
!
interface Loopback3
ip address 3.3.3.3 255.255.255.255
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
network 2.2.2.2 mask 255.255.255.255
network 3.3.3.3 mask 255.255.255.255
neighbor 10.0.0.2 remote-as 2
neighbor 10.0.0.2 route-map ADD-AS out
no auto-summary
!
tramite la route-map ho aggiunto un po' di AS:
Codice: Seleziona tutto
ip access-list extended L1
permit ip host 1.1.1.1 host 255.255.255.255
ip access-list extended L2
permit ip host 2.2.2.2 host 255.255.255.255
ip access-list extended L3
permit ip host 3.3.3.3 host 255.255.255.255
!
!
route-map ADD-AS permit 10
match ip address L1
match as-path 1
set as-path prepend 1 1 1 1
!
route-map ADD-AS permit 20
match ip address L2
set as-path prepend 1
!
route-map ADD-AS permit 30
set as-path prepend [b]55[/b]
In modo che i prefissi annunciati a R2 fossero:
Codice: Seleziona tutto
R2#sh ip bgp regexp _1_
BGP table version is 11, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.0.0.1 0 0 1 1 1 1 1 i
*> 2.2.2.2/32 10.0.0.1 0 0 1 1 i
*> 3.3.3.3/32 10.0.0.1 0 0 1 [b]55[/b] i
Da ciò che avevo detto, io mi sarei aspettato che usando su R2 il filtro seguente:
Codice: Seleziona tutto
ip as-path access-list 1 permit ^1*$
route-map TEST deny 10
match as-path 1
!
route-map TEST permit 20
R2 filtrasse tutti prefissi con AS nullo (generati da lui) e quelli con un 1 solo
Per avere AS nulli ho inserito nel bgp di R2 la rete 4.4.4.4/32:
Codice: Seleziona tutto
interface Loopback4
ip address 4.4.4.4 255.255.255.255
router bgp 2
no synchronization
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
neighbor 10.0.0.1 remote-as 1
neighbor 172.16.0.2 remote-as 3
neighbor 172.16.0.2 route-map TEST out
no auto-summary
!
!
ip as-path access-list 1 permit ^1*$
!
route-map TEST deny 10
match as-path 1
!
route-map TEST permit 20
!
Ora la tabella bgp in R2 è:
Codice: Seleziona tutto
R2#sh ip bgp
BGP table version is 11, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.0.0.1 0 0 1 1 1 1 1 i
*> 2.2.2.2/32 10.0.0.1 0 0 1 1 i
*> 3.3.3.3/32 10.0.0.1 0 0 1 [b]55[/b] i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
e in R3 ritrovo:
Codice: Seleziona tutto
R3#sh ip bgp
BGP table version is 13, local router ID is 172.16.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.16.0.1 0 2 1 1 1 1 1 i
*> 2.2.2.2/32 172.16.0.1 0 2 1 1 i
*> 3.3.3.3/32 172.16.0.1 0 2 1 55 i
che sono esattamente le sole rotte che imi aspettavo.
Se invece su R2 uso come ACL la seguente:
Questa mi elimina tutti i prefissi che in R2 o hanno AS_PATH nullo o è una ripetizione di 1:
Codice: Seleziona tutto
R3#sh ip bgp
BGP table version is 15, local router ID is 172.16.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.3/32 172.16.0.1 0 2 1 55 i