Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing     - The lambda expression Java8 (constructor references) (Programming)

- Nginx load balancing configuration (http proxy) (Server)

- Manager Docker browser (Server)

- Android Studio Clear Project or Rebuild Project Error (Linux)

- C language Bubble Sort - integer sort (Programming)

- GNU / Linux enable Intel Rapid Start (Linux)

- CentOS7 yum install third-party source EPEL (Linux)

- How to create a cloud encrypted file system in Linux systems (Linux)

- Java rewrite the hashcode method (Programming)

- FastDFS installation and deployment (Server)

- RM Environment Database RMAN Backup Strategy Formulation (Database)

- CentOS 6.5 installation using a data recovery software extundelete (Linux)

- Oracle PL / SQL based cursor (Database)

- Spring next ActiveMQ combat (Programming)

- MySQL uses Federate engine mapping table to achieve operation of the local remote operation table (Database)

- 64 Ubuntu 15.04 Linux kernel upgrade to Linux 4.1.0 (Linux)

- Zabbix configuration external network mail alarm (Server)

- Linux garbled file delete method (Linux)

- Oracle Shared Server Configuration (Database)

- ActiveMQ configuration Getting Started Tutorial (Server)

 
         
  How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing
     
  Add Date : 2017-01-08      
         
       
         
  How to use Quagga CentOS server to become a BGP router, also introduced BGP peers and exchange prefix settings. In this tutorial, we will focus on how to use the prefix list (prefix-list) and route maps (route-map) to control the injection data and data output.

Previous articles have said, BGP routing decision is based on the broadcast prefix and prefix of charge. To avoid the wrong route, you need to use some filtering mechanism to control the transmission of these prefixes. For example, if one of your BGP neighbors started to broadcast a do not belong to their prefixes, and you will be wrong received these unusual prefix, and will forward it to the network, the forwarding process will continue to go on forever do not stop (the so-called "black hole" thus produced). So make sure this prefix is not received or is not forwarded to any network, to achieve this purpose, you can use the prefix list, and route maps. The former is based on the filtering mechanism prefix, which is more common prefix-based policy can be used to fine-tune the filtering mechanism.

This article will show you how to use the prefix list in Quagga routing and mapping.

Topology and demand

This tutorial uses the following topology.

Service Provider A and B have other suppliers set to eBGP peers, communicate with each other. Their autonomous system numbers and prefixes are shown below.

Peer sections: 192.168.1.0/24
Service Provider A: AS number 100, prefix 10.10.0.0/16
Service Provider B: AS number 200, prefix 10.20.0.0/16
In this scenario, the vendor B want to receive 10.10.10.0/23, 10.10.10.0/24 and 10.10.11.0/24 three prefixes from A.

Installation and setup Quagga BGP peer

In the previous tutorial, we have written and set to install Quagga BGP peer method, therefore will not be described in detail, and only a brief introduction and configure BGP prefix advertisement

Description BGP peer has been opened. Router-A in to the router-B broadcast multiple prefixes, and Router-B is also a prefix to the router-A broadcast 10.20.0.0/16. Two routers can send and receive the correct prefix.

 

Create a prefix list

You can use the router ACL or prefix list to filter a prefix. Prefix list is more common than ACL, because the former fewer processing steps, and easy to create and maintain.

ip prefix-list DEMO-PRFX permit 192.168.0.0/23
The above command to create the prefix list named "DEMO-FRFX" and allows only 192.168.0.0/23 prefix.

Another powerful feature list is support prefix subnet mask range, see the following example:

ip prefix-list DEMO-PRFX permit 192.168.0.0/23 le 24
This command creates prefix list contains a prefix between 192.168.0.0/23 and / or 24, respectively, 192.168.0.0/23, 192.168.0.0/24 and 192.168.1.0/24. Operators "le" indicates less, you can also use "ge" means greater than equal.

A prefix list statements can have multiple allow or deny the operation. Each statement is automatically or manually assigned a serial number.

If more than one prefix list statements exist, these statements will be executed in sequence order of the sequence number. Configured prefix list, we need to pay attention after all prefix list statements are implicit denial statement, that those who are not allowed to clear, will be rejected.

If you want to set to allow all prefixes, prefix list statements are set as follows:

ip prefix-list DEMO-PRFX permit 0.0.0.0/0 le 32
We already know how to create a prefix list statements, and now we want to create a prefix list named "PRFX-LST" and to meet the needs of our test scene.

router-b # conf t
router-b (config) #ip prefix-list PRFX-LST permit 10.10.10.0/23 le 24
 

Create route map

In addition to the list of prefixes and ACL, there's another mechanism, called a route map can be controlled prefix BGP router. In fact, the route map for the prefix match for fine-tuning effects are stronger than the prefix list, and ACL.

Similar to the prefix list, the route map statement can also be specified to allow and deny actions, but also need to assign a serial number. Each route can have multiple matching allow or deny the operation. E.g:

route-map DEMO-RMAP permit 10
The above statement creates a route map called "DEMO-RMAP", add the number of 10 allowed to operate. Now we use the match command in the serial number corresponding to the route map to match.

router-a (config-route-map) # match (press? in the keyboard)
as-path Match BGP AS path list
community Match BGP community list
extcommunity Match BGP / VPN extended community list
interface match first hop interface of route
ip IP information
ipv6 IPv6 information
metric Match metric of route
origin BGP origin code
peer Match peer address
probability Match portion of routes defined by percentage value
tag Match tag of route
As you can see, the route map can match many properties in this tutorial is a prefix match.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
Prefix list before this match will match command built in to allow the IP address (ie prefix 192.168.0.0/23, 192.168.0.0/24 and 192.168.1.0/24).

Next, we can use the set command to modify these properties. Examples are:

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
set (press? in keyboard)

aggregator BGP aggregator attribute
as-path Transform BGP AS-path attribute
atomic-aggregate BGP atomic aggregate attribute
comm-listset BGP community list (for deletion)
community BGP community attribute
extcommunity BGP extended community attribute
forwarding-address ForwardingAddress
ip IP information
ipv6 IPv6 information
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric
origin BGP origin code
originator-id BGP originator ID attribute
src src address forroute
tag Tag value for routing protocol
vpnv4 VPNv4 information
weight BGP weight for routing table
As you can see, set commands can also modify many attributes. In order to make a demonstration, we modify the BGP local-preference this property.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
setlocal-preference 500
As prefix list, at the end of the route map statement also implicit deny action. So we need a permit to add another statement (serial number 20) to allow all prefixes.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
setlocal-preference 500
!
route-map DEMO-RMAP permit 20
SERIES 20 command specifies no matches, so the default matches all prefixes. In this route map statement, all prefixes are allowed.

Recall that our needs are only allowed to refuse or only some of the prefix, so the above set command should not exist in this scenario. We only need a permit statement, as shown below:

router-b # conf t
router-b (config) # route-map RMAP permit 10
router-b (config-route-map) # match ip address prefix-list PRFX-LST
The route map is the effect we need.

Application route map

Note that, before being applied to an interface or a BGP neighbor, ACL, prefix lists, and route maps will not take effect. And ACL and prefix lists, a route map statement can also be multiple interfaces or neighbors use. However, an interface or a neighbor can have only one route map statement applied to the input terminal, and a route map statement applied to the output terminal.

Let this be applied by the route map statement BGP configuration router-B for neighbor 192.168.1.1 router-B is set to enter a prefix broadcast.

router-b # conf terminal
router-b (config) # router bgp 200
router-b (config-router) # neighbor 192.168.1.1route-map RMAP in
Now broadcast routing and routing charged under examination.

Show broadcast routing command:

show ip bgp neighbor-IP advertised-routes
Displays the command to receive routes:

show ip bgp neighbor-IP routes


You can see, router-A has four routes prefix reach router-B, while the router-B receives only three. Look at the context, we can only know the route map is allowed prefixes can be displayed on the router-B, other prefixes Yigai discarded.

Tip: If you receive a prefix does not refresh the content, try to reset the BGP session, use this command: clear ip bgp neighbor-IP. This tutorial command is as follows:

clearip bgp 192.168.1.1
We can see that the system has met our request. Then we can create a similar prefix list and route map statement on the router-A router-B and to better control the prefix input and output.

Here the configuration process summarize for easy viewing.

router bgp 200
network 10.20.0.0/16
neighbor 192.168.1.1 remote-as100
neighbor 192.168.1.1route-map RMAP in
!
ip prefix-list PRFX-LST seq 5 permit 10.10.10.0/23 le 24
!
route-map RMAP permit 10
match ip address prefix-list PRFX-LST
 

To sum up

In this tutorial we demonstrate how to set prefix list, and route maps to filter in Quagga BGP routes. We also show how the prefix list incorporated into the route map to fine-tune function input prefix. You can refer to these methods to set meet their needs prefix list, and route maps. These tools are to protect networks from poison routing and routing from bogon: Broadcast (LCTT Annotation refers to the address in the internet routing table should not appear) in.
     
         
       
         
  More:      
 
- Installation and configuration of phpMyAdmin under CentOS (Database)
- Linux centos rm directory does not prompt (Linux)
- Oracle conditional select statements and looping statements (Database)
- Oracle delete table space prompted ORA-00604 and ORA-38301 (Database)
- The most common and most effective security settings under linux (Linux)
- How VirtualBox and VMware virtual machine conversion (Linux)
- Use of the storage-level replication technology will quickly clone a ASM database to the target environment (Database)
- MySQL time field based partitioning scheme summary (Database)
- Ubuntu 14.04 build Hadoop 2.5.1 standalone and pseudo-distributed environment (32-bit) (Server)
- The Java Properties class action (Programming)
- Installation through the network Debian 7 (Wheezy) (Linux)
- MySQL + Heartbeat + DRBD deployment architecture (Server)
- Figlet use (Linux)
- ElasticSearch basic usage and cluster structures (Server)
- grep command Series: grep command to search for multiple words (Linux)
- Ubuntu 14.10 installation SecureCRT 7.3 (Linux)
- CentOS yum install LAMP (Server)
- How to monitor Linux system performance Nmon (Linux)
- Relationship between Linux permissions with the command (Linux)
- grep command Series: How to Use the grep command in Linux / UNIX (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.