4个路由器,实验室环境。试图过滤掉源自 AS2 的路由(不是利用 AS2 作为中转)。我遵循的过程是:
Bakers#sh ip bgp regex _2_
BGP table version is 41, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.0/24 192.168.23.2 0 0 2 i
* 4.4.4.0/24 192.168.23.2 0 2 1 i
*> 22.22.22.0/24 192.168.23.2 0 0 2 i
* 44.44.44.0/24 192.168.23.2 0 2 1 i
*> 192.168.12.0 192.168.23.2 0 0 2 i
* 192.168.14.0 192.168.23.2 0 2 1 i
* 192.168.23.0 192.168.23.2 0 0 2 i
Bakers#sh ip bgp regex _2$
BGP table version is 41, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.0/24 192.168.23.2 0 0 2 i
*> 22.22.22.0/24 192.168.23.2 0 0 2 i
*> 192.168.12.0 192.168.23.2 0 0 2 i
* 192.168.23.0 192.168.23.2 0 0 2 i
在这一点上,我在想,好的 - 有我需要的东西来制作一个作为路径的 ACL 来过滤掉源自 AS2 的东西,因为正则表达式搜索按照上述检查。我创建并应用以下内容:
Bakers#sh run | i as-path
ip as-path access-list 10 deny _2$
ip as-path access-list 10 permit .*
router bgp 3
no synchronization
bgp log-neighbor-changes
<truncated>
neighbor 192.168.23.2 remote-as 2
neighbor 192.168.34.4 remote-as 4
neighbor 192.168.34.4 filter-list 10 out
no auto-summary
然后,我希望广告的路由模仿之前的“sh ip bgp regex 2 ”输出(给我所需的结果),使用“sh ip bgp regex _2$”路由输出路由。不幸的是,我得到了这个:
Bakers#sh ip bgp neigh 192.168.34.4 advertised-routes
BGP table version is 41, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.0/24 0.0.0.0 0 32768 i
*> 33.33.33.0/24 0.0.0.0 0 32768 i
*> 192.168.23.0 0.0.0.0 0 32768 i
*> 192.168.34.0 0.0.0.0 0 32768 i
它过滤掉了所有源自 AS1 的路由(意味着下游,该路由器不能再使用 AS3 作为到 AS1 的传输 - 打破我的用例)。我在这里错过了什么?