Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing     - RealVNC Server 5.2.3 Installation and Configuration In Fedora (Server)

- 10 Best Swift Tutorial examples (Programming)

- Nine artifact control disk partition under Linux (Linux)

- Fast Sort Algorithms (Programming)

- What is the Docker (Linux)

- Python2.7.7 source code analysis (Programming)

- Cobbler remotely install CentOS system (Linux)

- Linux Network Programming - raw socket programming (Programming)

- Linux security settings Basics (Linux)

- Install and manage Java under mac (Linux)

- Enterprise Hadoop cluster architecture - DNS installation (Server)

- Share useful bash aliases and functions (Linux)

- Oracle 11g user rights management study notes (Database)

- Linux firewall iptables beginner tutorial (Linux)

- Use PuTTY to access the virtual machine Linux under Windows xp (Programming)

- Vim custom color (Linux)

- Build and verify MongoDB3.0.7 version (shard + replica) Cluster (Database)

- Cobbler batch install Ubuntu / CentOS system (Linux)

- The YUM package management under Linux (Linux)

- Linux system security Comments (Linux)

 
         
  How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing
     
  Add Date : 2017-01-08      
         
       
         
  How to use Quagga CentOS server to become a BGP router, also introduced BGP peers and exchange prefix settings. In this tutorial, we will focus on how to use the prefix list (prefix-list) and route maps (route-map) to control the injection data and data output.

Previous articles have said, BGP routing decision is based on the broadcast prefix and prefix of charge. To avoid the wrong route, you need to use some filtering mechanism to control the transmission of these prefixes. For example, if one of your BGP neighbors started to broadcast a do not belong to their prefixes, and you will be wrong received these unusual prefix, and will forward it to the network, the forwarding process will continue to go on forever do not stop (the so-called "black hole" thus produced). So make sure this prefix is not received or is not forwarded to any network, to achieve this purpose, you can use the prefix list, and route maps. The former is based on the filtering mechanism prefix, which is more common prefix-based policy can be used to fine-tune the filtering mechanism.

This article will show you how to use the prefix list in Quagga routing and mapping.

Topology and demand

This tutorial uses the following topology.

Service Provider A and B have other suppliers set to eBGP peers, communicate with each other. Their autonomous system numbers and prefixes are shown below.

Peer sections: 192.168.1.0/24
Service Provider A: AS number 100, prefix 10.10.0.0/16
Service Provider B: AS number 200, prefix 10.20.0.0/16
In this scenario, the vendor B want to receive 10.10.10.0/23, 10.10.10.0/24 and 10.10.11.0/24 three prefixes from A.

Installation and setup Quagga BGP peer

In the previous tutorial, we have written and set to install Quagga BGP peer method, therefore will not be described in detail, and only a brief introduction and configure BGP prefix advertisement

Description BGP peer has been opened. Router-A in to the router-B broadcast multiple prefixes, and Router-B is also a prefix to the router-A broadcast 10.20.0.0/16. Two routers can send and receive the correct prefix.

 

Create a prefix list

You can use the router ACL or prefix list to filter a prefix. Prefix list is more common than ACL, because the former fewer processing steps, and easy to create and maintain.

ip prefix-list DEMO-PRFX permit 192.168.0.0/23
The above command to create the prefix list named "DEMO-FRFX" and allows only 192.168.0.0/23 prefix.

Another powerful feature list is support prefix subnet mask range, see the following example:

ip prefix-list DEMO-PRFX permit 192.168.0.0/23 le 24
This command creates prefix list contains a prefix between 192.168.0.0/23 and / or 24, respectively, 192.168.0.0/23, 192.168.0.0/24 and 192.168.1.0/24. Operators "le" indicates less, you can also use "ge" means greater than equal.

A prefix list statements can have multiple allow or deny the operation. Each statement is automatically or manually assigned a serial number.

If more than one prefix list statements exist, these statements will be executed in sequence order of the sequence number. Configured prefix list, we need to pay attention after all prefix list statements are implicit denial statement, that those who are not allowed to clear, will be rejected.

If you want to set to allow all prefixes, prefix list statements are set as follows:

ip prefix-list DEMO-PRFX permit 0.0.0.0/0 le 32
We already know how to create a prefix list statements, and now we want to create a prefix list named "PRFX-LST" and to meet the needs of our test scene.

router-b # conf t
router-b (config) #ip prefix-list PRFX-LST permit 10.10.10.0/23 le 24
 

Create route map

In addition to the list of prefixes and ACL, there's another mechanism, called a route map can be controlled prefix BGP router. In fact, the route map for the prefix match for fine-tuning effects are stronger than the prefix list, and ACL.

Similar to the prefix list, the route map statement can also be specified to allow and deny actions, but also need to assign a serial number. Each route can have multiple matching allow or deny the operation. E.g:

route-map DEMO-RMAP permit 10
The above statement creates a route map called "DEMO-RMAP", add the number of 10 allowed to operate. Now we use the match command in the serial number corresponding to the route map to match.

router-a (config-route-map) # match (press? in the keyboard)
as-path Match BGP AS path list
community Match BGP community list
extcommunity Match BGP / VPN extended community list
interface match first hop interface of route
ip IP information
ipv6 IPv6 information
metric Match metric of route
origin BGP origin code
peer Match peer address
probability Match portion of routes defined by percentage value
tag Match tag of route
As you can see, the route map can match many properties in this tutorial is a prefix match.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
Prefix list before this match will match command built in to allow the IP address (ie prefix 192.168.0.0/23, 192.168.0.0/24 and 192.168.1.0/24).

Next, we can use the set command to modify these properties. Examples are:

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
set (press? in keyboard)

aggregator BGP aggregator attribute
as-path Transform BGP AS-path attribute
atomic-aggregate BGP atomic aggregate attribute
comm-listset BGP community list (for deletion)
community BGP community attribute
extcommunity BGP extended community attribute
forwarding-address ForwardingAddress
ip IP information
ipv6 IPv6 information
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric
origin BGP origin code
originator-id BGP originator ID attribute
src src address forroute
tag Tag value for routing protocol
vpnv4 VPNv4 information
weight BGP weight for routing table
As you can see, set commands can also modify many attributes. In order to make a demonstration, we modify the BGP local-preference this property.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
setlocal-preference 500
As prefix list, at the end of the route map statement also implicit deny action. So we need a permit to add another statement (serial number 20) to allow all prefixes.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
setlocal-preference 500
!
route-map DEMO-RMAP permit 20
SERIES 20 command specifies no matches, so the default matches all prefixes. In this route map statement, all prefixes are allowed.

Recall that our needs are only allowed to refuse or only some of the prefix, so the above set command should not exist in this scenario. We only need a permit statement, as shown below:

router-b # conf t
router-b (config) # route-map RMAP permit 10
router-b (config-route-map) # match ip address prefix-list PRFX-LST
The route map is the effect we need.

Application route map

Note that, before being applied to an interface or a BGP neighbor, ACL, prefix lists, and route maps will not take effect. And ACL and prefix lists, a route map statement can also be multiple interfaces or neighbors use. However, an interface or a neighbor can have only one route map statement applied to the input terminal, and a route map statement applied to the output terminal.

Let this be applied by the route map statement BGP configuration router-B for neighbor 192.168.1.1 router-B is set to enter a prefix broadcast.

router-b # conf terminal
router-b (config) # router bgp 200
router-b (config-router) # neighbor 192.168.1.1route-map RMAP in
Now broadcast routing and routing charged under examination.

Show broadcast routing command:

show ip bgp neighbor-IP advertised-routes
Displays the command to receive routes:

show ip bgp neighbor-IP routes


You can see, router-A has four routes prefix reach router-B, while the router-B receives only three. Look at the context, we can only know the route map is allowed prefixes can be displayed on the router-B, other prefixes Yigai discarded.

Tip: If you receive a prefix does not refresh the content, try to reset the BGP session, use this command: clear ip bgp neighbor-IP. This tutorial command is as follows:

clearip bgp 192.168.1.1
We can see that the system has met our request. Then we can create a similar prefix list and route map statement on the router-A router-B and to better control the prefix input and output.

Here the configuration process summarize for easy viewing.

router bgp 200
network 10.20.0.0/16
neighbor 192.168.1.1 remote-as100
neighbor 192.168.1.1route-map RMAP in
!
ip prefix-list PRFX-LST seq 5 permit 10.10.10.0/23 le 24
!
route-map RMAP permit 10
match ip address prefix-list PRFX-LST
 

To sum up

In this tutorial we demonstrate how to set prefix list, and route maps to filter in Quagga BGP routes. We also show how the prefix list incorporated into the route map to fine-tune function input prefix. You can refer to these methods to set meet their needs prefix list, and route maps. These tools are to protect networks from poison routing and routing from bogon: Broadcast (LCTT Annotation refers to the address in the internet routing table should not appear) in.
     
         
       
         
  More:      
 
- Linux install the Java Runtime Environment and the output Hello World under (CentOS) (Linux)
- Kubernetes (k8s) environment to build combat (Server)
- C ++ based foundation: the difference between C and C ++ (Programming)
- MySQL high availability cluster fragmentation of deployment uses Cobar (Database)
- Modify Linux SSH default port 22 in several ways (Linux)
- IntelliJ IDEA run in Mac10.9 and JDK7 environment (Linux)
- Let your PHP 7 faster (GCC PGO) (Linux)
- You know the difference between URL, URI and URN among you (Linux)
- Use backup-manager system backup on Linux (Linux)
- Android source code compiled fatal error solutions (Programming)
- Redis configuration file interpretation (Database)
- Linux Getting Started tutorial: hard disk partition and to deal with traps (Linux)
- Linux command execution judge sentences -;, &&, || (Linux)
- Compression software on a simple comparison of zip and gz (Linux)
- Linux firewall settings instance (Linux)
- Ubuntu Gitolite management Git Server code base permissions (Server)
- How to modify the SQL Server auto-increment value and the corresponding solution (Database)
- Linux hybrid character device (Linux)
- The direct insertion sort algorithm (Programming)
- Scala REPL Shell call (Programming)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.