1、配置基于IPv6 的访问管制列表。
2、配置路由图实现MP-BGP4 的路由过滤。
实验拓扑图:
配置各台路由器的IPv6 地址,确认互连可达。
配置各台路由器的MP-BGP4 路由协议,确认协议工作正常。
在各路由器上的BGP配置:
R1(config)#router bgp 64512
R1(config-router)#no synchronization
R1(config-router)#bgp router-id 1.1.1.1
R1(config-router)#neighbor 2001:AB1:0:2::2 remote-as 64512
R1(config-router)#no auto-summary
R1(config-router)#address-family ipv6
R1(config-router-af)#neighbor 2001:AB1:0:2::2 activate
R1(config-router-af)#network 2001:AB1:0:8::/64
R1(config-router-af)#network 2001:AB1:0:9::/64
R1(config-router-af)#network 2001:AB1:0:A::/64
R1(config-router-af)#network 2001:AB1:0:B::/64
R1(config-router-af)#end
R2(config)#router bgp 64512
R2(config-router)#no syn
R2(config-router)#no au
R2(config-router)#bgp router-id 2.2.2.2
R2(config-router)#neighbor 2001:ab1:0:2::1 remote 64512
R2(config-router)#neighbor 2001:ab1:0:3::2 remote 64513
R2(config-router)#address-family ipv6
R2(config-router-af)#neighbor 2001:ab1:0:2::1 activate
R2(config-router-af)#neighbor 2001:ab1:0:3::2 activate
R2(config-router-af)#network 2001:ab1:0:2::/64
R2(config-router-af)#network 2001:ab1:0:3::/64
R2(config-router-af)#end
R3(config)#router bgp 64513
R3(config-router)#no synchronization
R3(config-router)#bgp router-id 3.3.3.3
R3(config-router)#neighbor 2001:AB1:0:3::1 remote-as 64512
R3(config-router)#no auto-summary
R3(config-router)#address-family ipv6
R3(config-router-af)#neighbor 2001:AB1:0:3::1 activate
R3(config-router-af)#network 2001:AB1:0:3::/64
R3(config-router-af)#network 2001:AB1:0:4::/64
R3(config-router-af)#exit
按要求,64512中的的 2001:AB1:0:9::/64 和 2001:AB1:0:B::/64 两个网络前缀不会发布到64513中。
先查看R3的路由表:
R3#show ipv6 route
IPv6 Routing Table - 10 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
B 2001:AB1:0:2::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
C 2001:AB1:0:3::/64 [0/0]
via ::, Serial1/0
L 2001:AB1:0:3::2/128 [0/0]
via ::, Serial1/0
C 2001:AB1:0:4::/64 [0/0]
via ::, Loopback0
L 2001:AB1:0:4::1/128 [0/0]
via ::, Loopback0
B 2001:AB1:0:8::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
B 2001:AB1:0:9::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
B 2001:AB1:0:A::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
B 2001:AB1:0:B::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
L FF00::/8 [0/0]
via ::, Null0
在R2上配置ACL,标识需要过滤的两个IPv6网络前缀:
R2(config)#ipv6 access-list block_prefix ----->访问列表名字
R2(config-ipv6-acl)#permit ipv6 2001:ab1:0:9::/64 any
R2(config-ipv6-acl)#permit ipv6 2001:ab1:0:b::/64 any ---->要匹配的前缀,被过滤的
R2(config-ipv6-acl)#exit
R2(config)#route-map bgp_filter deny 10 ---->路由映射表
R2(config-route-map)#match ipv6 address block_prefix --->引用地址
R2(config-route-map)#exit
R2(config)#route-map bgp_filter permit 20 ---->放行其它的
R2(config-route-map)#exit
配置路由过滤:
R2(config)#router bgp 64512
R2(config-router)#address-family ipv6
R2(config-router-af)#neighbor 2001:ab1:0:3::2 route-map bgp_filter out --->out,说明不要往外发
R2(config-router-af)#exit
再去R3看看:
R3#show ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
B 2001:AB1:0:2::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
C 2001:AB1:0:3::/64 [0/0]
via ::, Serial1/0
L 2001:AB1:0:3::2/128 [0/0]
via ::, Serial1/0
C 2001:AB1:0:4::/64 [0/0]
via ::, Loopback0
L 2001:AB1:0:4::1/128 [0/0]
via ::, Loopback0
B 2001:AB1:0:8::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0
B 2001:AB1:0:A::/64 [20/0]
via FE80::C801:AFF:FECC:0, Serial1/0 --->剩下这两个,过滤正常
L FF00::/8 [0/0]
via ::, Null0
完成。