AS Path List

AS Path List使用正则表达式来匹配BGP路由的AS_PATH属性。可用于从BGP邻居筛选入站或出站路由,或者作为Route Map中的匹配条件,以匹配BGP路由中的AS_PATH属性。

配置方法

config router aspath-list
    edit <name>
        config rule
            edit <id>
                set action {deny | permit}
                set regexp <string>
            next
        end
    next
end

引用AS Path List

被BGP引用

config router bgp
    config neighbor
        edit <ip>
            set filter-list-in <string>
            set filter-list-in6 <string>
            set filter-list-out <string>
            set filter-list-out6 <string>
        next
    end
end
  • filter-list-in <string>:针对该邻居引用AS Path List过滤入方向的IPv4路由。
  • filter-list-in6 <string>:针对该邻居引用AS Path List过滤入方向的IPv6路由。
  • filter-list-out <string>:针对该邻居引用AS Path List过滤出方向的IPv4路由。
  • filter-list-out6 <string>:针对该邻居引用AS Path List过滤出方向的IPv6路由。

被Rout Map引用

config router route-map
    edit <name>
        config rule
            edit <id>
                set match-as-path <string>
            next
        end
    next
end
  • match-as-path <string>:引用AS Path List匹配路由条目。

配置举例

  1. 查看设备BGP学习到的路由属性,学习到两条BGP路由,需要过滤掉AS Path起源是100的路由。

    get router info bgp neighbors 169.254.1.2 routes
    VRF 0 BGP table version is 1, local router ID is 4.4.4.4
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
    Network Next Hop Metric LocPrf Weight RouteTag Path
    *> 100.100.100.0/24 169.254.1.2 0 0 300 100 i <-/->    //过滤AS Path起源是100的路由//
    *> 200.200.200.0/24 169.254.1.2 0 0 300 200 i <-/->
    
  2. 配置AS Path List,使用正则表达式匹配AS Path末尾是100结尾的AS Path。

    config router aspath-list
        edit "AS100"
            config rule
                edit 1
                    set action permit
                    set regexp "_100$"
                next
            end
        next
    end
    
  3. 在Route Map中引用该AS Path List,禁止接收匹配该AS Path List的路由,其他路由可以正常接收。

    config router route-ma
        edit "RM_INBOUND"
            config rule
                edit 1
                    set action deny
                    set match-as-path "AS100"
                next
                edit 2
                    set action permit
                next
            end
        next
    end
    
  4. 在BGP邻居中引用该Route Map。

    config router bgp
        config neighbor
            edit "169.254.1.2"
                set route-map-in "RM_INBOUND"
            next
        end
    end
    
  5. 刷新入方向的BGP路由,再次查看学习到的BGP路由,可以看到起源为AS 100的BGP路由已经被过滤掉。

    FortiGate # get router info bgp neighbors 169.254.1.2 routes
    VRF 0 BGP table version is 1, local router ID is 4.4.4.4
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
    Network Next Hop Metric LocPrf Weight RouteTag Path
    *> 200.200.200.0/24 169.254.1.2 0 0 0 300 200 i <-/1>
    
    Total number of prefixes 1
    

Copyright © 2024 Fortinet Inc. All rights reserved. Powered by Fortinet TAC Team.
📲扫描下方二维码分享此页面👇
该页面修订于: 2024-01-29 16:50:29

results matching ""

    No results matching ""