Bgp case studies in the field
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

BGP Case Studies in the field PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on
  • Presentation posted in: General

BGP Case Studies in the field. Traffic 조절 방안. Inbound Traffic 조절 정보제공업체를 제외한 대부분의 ISP/ 기업들이 Inbound Traffic 조절 필요 Outbound Traffic 조절 정보제공업체들이 외부와 연결된 복수개의 회선을 효율적으로 이용하기 위해 Outbound Traffic 조절 필요 Inbound Traffic 을 조절하기 위해서는 내가 전달하는 라우텅정보를 조절하여야 함 내가 원하는 대로 제어하는 것이 쉽지 않음

Download Presentation

BGP Case Studies in the field

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Bgp case studies in the field

BGP Case Studiesin the field


Traffic

Traffic 조절 방안

  • Inbound Traffic 조절

    • 정보제공업체를 제외한 대부분의 ISP/기업들이 Inbound Traffic 조절 필요

  • Outbound Traffic 조절

    • 정보제공업체들이 외부와 연결된 복수개의 회선을 효율적으로 이용하기 위해 Outbound Traffic 조절 필요

  • Inbound Traffic을 조절하기 위해서는 내가 전달하는 라우텅정보를 조절하여야 함

    • 내가 원하는 대로 제어하는 것이 쉽지 않음

  • Outbound Traffic을 조절하기 위해서는 내가 전달받는 라우팅정보를 조절하여야 함

    • 내가 원하는 대로 거의 100% 제어 가능

  • BGP에서 목적지로 가는 경로는 항상 1개임

    • Best Path는 1개

    • 100% 50:50 traffic 분산은 불가능

  • AS-Path & Prefix Filtering


Traffic1

Traffic 조절 수단

  • Inbound

    • as-path 길이

    • MED 값

    • prefix 길이

  • Outbound

    • weight (only Cisco IOS)

    • local_preference

    • as-path 길이

    • MED 값

  • Wegiht: 값을 클수록 best path

  • Local Preference: 값이 클수록 best path

  • As-path 길이: 길이가 짧을수록 best path

  • MED: 값이 작을수록 best path

  • prefix 길이: 길이가 길수록 best path


Example 1

Example-1

  • as-path 길이가 짧은 것이 우선함

*>10.1.1.0/24 3786 100 i

10.1.1.0/24 4766 3559 100 i

DACOM

AS3786

ISP1

AS2000

CUST

AS100

ISP2

AS3000

10.1.1.0/24

KT

AS3559

KT

AS4766


Example 2

Example-2

  • as-path 길이가 같은 경우는 router-ID가 작은 것을best path로 선택함

*>10.1.1.0/24 3786 100 i

10.1.1.0/24 3976 100 i

DACOM

AS3786

ISP1

AS2000

CUST

AS100

ISP2

AS3000

10.1.1.0/24

INET

AS3976

10.1.1.0/24 3786 100 i

*>10.1.1.0/24 3976 100 i


Example 3

Example-3

  • 다른 두 ISP에게 MED를 조정해서 내보내는 것은 inbound traffic에 거의 영향을 미치지 못함

  • MED는 External BGP Neighbor간에만 교환되며 다른 AS로는 전달되지 않는다.)

Set MED=10 out

for 14.1.1.0/24

12.1.1.0/24로

가는 traffic

DACOM

AS3786

ISP

AS200

CUST

AS100

INET

AS3976

Set MED=10 out

for 12.1.1.0/24

14.1.1.0/24로

가는 traffic

12.1.1.0/24

14.1.1.0/24


Example 4

Example-4

  • ISP가 MED를 받아들인다면 동일 ISP에게 MED를 설정해서 보내는 것은 inbound traffic을 조절할수 있는 수단

Lowest MED

Set MED=10 out

for 14.1.1.0/24

DACOM

AS3786

CUST

AS100

12.1.1.0/24로 가는 traffic

n-h1

*>12.1.1.0/24 n-h1 med=null 100 i

12.1.1.0/24 n-h2 med=10 100 i

14.1.1.0/24 n-h1 med=10 100 i

*>14.1.1.0/24 n-h2 med=null 100 i

n-h2

12.1.1.0/24

14.1.1.0/24

14.1.1.0/24로 가는 traffic

Set MED=10 out

for 12.1.1.0/24


Example 5

Example-5

  • DACOM과 연결된 회선의 Inbound traffic이 100%에 가까운 반면 KT와 연결된 회선의 Inbound traffic이 50% 이하임

  • as-path prepend로 inbound traffic 조절

DACOM

AS3786

*>10.1.1.0/24 3786 100

10.1.1.0/24 4766 3559 100

Internet

as-path prepend 100 out

CUST

AS100

10.1.1.0/24

10.1.1.0/24 3786 100 100

*>10.1.1.0/24 4766 3559 100

KT

AS3559

KT

AS4766


Example 6

Example-6

  • as-path prepend로 inbound traffic 조절

DACOM

AS3786

Traffic 폭주

CUST

AS100

INET

AS3976

As-path prepend

100 out

DACOM

AS3786

CUST

AS100

INET

AS3976


Example 7

Example-7

  • as-path prepend를 네트웍별로 적용하여 inbound traffic 조절

*>12.1.1.0/24 3786 100

12.1.1.0/24 3976 100 100

DACOM

AS3786

As-path prepend

100 for 14.1.1.0/24

CUST

AS100

Internet

INET

AS3976

12.1.1.0/24

14.1.1.0/24

As-path prepend

100 for 12.1.1.0/24

14.1.1.0/24 3786 100 100

*>14.1.1.0/24 3976 100


Example 8

Example-8

  • DACOM과 연결된 회선의 대역은 50%, KT와 연결된 회선의 대역은 100%를 이용(병목현상)하는 상황 발생

  • Prefix Length로 inbound traffic을 조절

12.1.128.0/17

DACOM

AS3786

12.1.0.0/16

12.1.0.0/17

CUST

AS100

Internet

12.1.128.0/17

KT

AS3559

12.1.0.0/17

12.1.0.0/16

12.1.0.0/17

12.1.128.0/17

12.1.0.0/16

12.1.128.0/17

12.1.0.0/17


Example 9

Example-9

  • MED로 outbound path를 선택할 수 있음

DACOM

AS3786

CUST

AS200

10.1.1.0/24

CUST

AS100

INET

AS3976

12.1.1.0/24

Internet

Set MED=10 in

for AS200

*>12.1.1.0/24 MED=null 3786 200 i

12.1.1.0/24 MED=10 3976 200 i


Example 10

Example-10

  • MED를 선택적으로 적용

  • outbound 조절용

DACOM

AS3786

Set MED=10 in

for 14.1.1.0/24

CUST

AS200

CUST

AS100

INET

AS3976

12.1.1.0/24

14.1.1.0/24

Set MED=10 in

for 12.1.1.0/24

*>12.1.1.0/24 MED=null 3786 200 i

12.1.1.0/24 MED=10 3976 200 i

14.1.1.0/24 MED=10 3786 200 i

*>14.1.1.0/24 MED=null 3976 200 i


Example 11

Example-11

  • Default만을 설정하여 outbound traffic을 처리하는 방법

    • 국내BGP정보를 받는 경우

    • 아무 정보도 받지 않은 경우

DACOM

AS3786

default

Internet

INET

AS3976

default


Example 12

Example-12

  • 2개의 라우터를 이용하는 경우

    • unbalanced outbound traffic 가능성이 높음

    • 그러나 안정적

default

DACOM

AS3786

Internet

INET

AS3976

default


Config 1

Config-1

router bgp 3786

neigh 1.1.1.1 remote-as 100

neigh 1.1.1.1 filter-list 50 in

neigh 1.1.1.1 distribute-list 120 in

no sync

no auto-summary

!

ip as-path access-list 50 permit ^(100_)+$

!

access-list 120 permit host 10.1.1.0 host 255.255.255.0

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1

router bgp 3976

neigh 2.2.2.1 remote-as 100

neigh 2.2.2.1 filter-list 11 in

neigh 2.2.2.1 distribute-list 130 in

no sync

no auto-summary

!

ip as-path access-list 11 permit ^(100_)+$

!

access-list 130 permit host 10.1.1.0 host 255.255.255.0

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1


Config 2

Config-2

Interface loopback 0

ip address 192.168.1.1 255.255.255.252

!

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3559

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 192.168.2.1 remote-as 3786

neigh 192.168.2.1 ebgp-multihop 3

neigh 192.168.2.1 update-source loopback0

neigh 192.168.2.1 filter-list 10 out

neigh 192.168.2.1 distribute-list 100 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

ip route 0.0.0.0 0.0.0.0 3.3.3.1

ip route 192.168.2.1 255.255.255.252 2.2.2.1

ip route 192.168.2.1 255.255.255.252 3.3.3.1

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3559

2.2.2.2

2.2.2.1

AS100

3.3.3.2

AS3786

3.3.3.1

192.168.1.1/30

192.168.2.1/30

Interface loopback 0

ip address 192.168.2.1 255.255.255.252

!

router bgp 3786

neigh 192.168.1.1 remote-as 100

neigh 192.168.1.1 ebgp-multihop 3

neigh 192.168.1.1 update-source loopback0

neigh 192.168.1.1 filter-list 10 in

neigh 192.168.1.1 distribute-list 100 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 192.168.2.1 255.255.255.252 2.2.2.2

ip route 192.168.2.1 255.255.255.252 3.3.3.2


Config 3

Config-3

  • AS3786 회선에 inbound traffic이 많을때

router bgp 100

network 10.1.0.0 mask 255.255.0.0

network 10.1.128.0 mask 255.255.128.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 110 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.0.0 host 255.255.0.0

!

access-list 110 permit host 10.1.0.0 host 255.255.0.0

access-list 110 permit host 10.1.128.0 host 255.255.128.0

!

ip route 10.1.0.0 255.255.0.0 null0

ip route 10.1.128.0 255.255.128.0 null0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

10.1.0.0/16

1.1.1.1

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 4

Config-4

  • AS3786 회선에 inbound traffic이 많을때

router bgp 100

network 10.1.0.0 mask 255.255.0.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 1.1.1.1 route-map PREPEND out

neigh 2.2.2.1 remote-as 3559

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.0.0 host 255.255.0.0

!

route-map PREPEND permit 10

set as-path prepend 100

!

ip route 10.1.0.0 255.255.0.0 null0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

10.1.0.0/16

1.1.1.1

1.1.1.2

AS3786

AS3559

2.2.2.2

AS100

2.2.2.1


Config 5

Config-5

router bgp 100

network 10.1.0.0 mask 255.255.0.0

network 10.1.128.0 mask 255.255.128.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 1.1.1.1 route-map PREPEND out

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.0.0 host 255.255.0.0

access-list 100 permit host 10.1.128.0 host 255.255.128.0

!

access-list 110 permit host 10.1.128.0 host 255.255.128.0

!

route-map PREPEND permit 10

match ip address 110

set as-path prepend 100

route-map PREPEND permit 20

!

ip route 10.1.0.0 255.255.0.0 null0

ip route 10.1.128.0 255.255.128.0 null0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • AS3786 회선에 inbound traffic이 많을때

10.1.0.0/16

1.1.1.1

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 6

Config-6

router bgp 100

network 10.1.0.0 mask 255.255.0.0

network 10.1.0.0 mask 255.255.128.0

network 10.1.128.0 mask 255.255.128.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 110 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.0.0 host 255.255.0.0

access-list 100 permit host 10.1.128.0 host 255.255.128.0

!

access-list 110 permit host 10.1.0.0 host 255.255.0.0

access-list 110 permit host 10.1.0.0 host 255.255.128.0

!

ip route 10.1.0.0 255.255.0.0 null0

ip route 10.1.0.0 255.255.128.0 null0

ip route 10.1.128.0 255.255.128.0 null0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • Network별로 inbound traffic을 분리/조절하기 위해

10.1.0.0/16

1.1.1.1

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 7

Config-7

Interface loopback 0

ip address 192.168.0.1 255.255.255.252

!

router bgp 100

network 10.1.0.0 mask 255.255.0.0

network 10.1.0.0 mask 255.255.192.0

network 10.1.64.0 mask 255.255.192.0

neigh 192.168.2.1 remote-as 3786

neigh 192.168.2.1 ebgp-multihop 3

neigh 192.168.2.1 update-source loopback 0

neigh 192.168.2.1 filter-list 10 out

neigh 192.168.2.1 distribute-list 100 out

neigh 10.1.0.2 remote-as 100

neigh 10.1.0.2 next-hop-self

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.0.0 host 255.255.0.0

access-list 100 permit host 10.1.0.0 host 255.255.192.0

access-list 100 permit host 10.1.64.0 host 255.255.192.0

!

ip route 10.1.0.0 255.255.0.0 null0

ip route 10.1.0.0 255.255.192.0 null0

ip route 10.1.64.0 255.255.192.0 null0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

ip route 0.0.0.0 0.0.0.0 10.1.0.2 10

ip route 192.168.2.1 255.255.255.252 1.1.1.1

ip route 192.168.2.1 255.255.255.252 2.2.2.1

  • 데이콤에 여러 개의 회선을 안정성을 위해 분리 접속할 경우

AS100

192.168.2.1

192.168.0.1

1.1.1.1

1.1.1.2

10.1.0.1

10.1.0.0/16

10.1.0.0/18

10.1.64.0/18

10.1.128.0/18

10.1.192.0/18

2.2.2.1

2.2.2.2

AS3786

3.3.3.1

3.3.3.2

10.1.0.2

4.4.4.1

4.4.4.2

192.168.3.1

192.168.1.1


Config 8

Config-8

Interface loopback 0

ip address 192.168.0.1 255.255.255.252

!

router bgp 100

network 10.1.0.0 mask 255.255.0.0

network 10.1.0.0 mask 255.255.192.0

network 10.1.64.0 mask 255.255.192.0

neigh 192.168.2.1 remote-as 3786

neigh 192.168.2.1 ebgp-multihop 3

neigh 192.168.2.1 update-source loopback 0

neigh 192.168.2.1 filter-list 10 out

neigh 192.168.2.1 distribute-list 100 out

neigh 10.1.0.2 remote-as 100

neigh 10.1.0.2 next-hop-self

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.0.0 host 255.255.0.0

access-list 100 permit host 10.1.0.0 host 255.255.192.0

access-list 100 permit host 10.1.64.0 host 255.255.192.0

access-list 100 permit host 10.1.128.0 host 255.255.192.0

!

ip route 10.1.0.0 255.255.0.0 null0

ip route 10.1.0.0 255.255.192.0 null0

ip route 10.1.64.0 255.255.192.0 null0

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

ip route 0.0.0.0 0.0.0.0 10.1.0.2 10

ip route 192.168.2.1 255.255.255.252 1.1.1.1

ip route 192.168.2.1 255.255.255.252 2.2.2.1

  • 데이콤에 여러 개의 회선을 안정성을 위해 분리 접속할 경우

AS100

192.168.2.1

192.168.0.1

1.1.1.1

1.1.1.2

10.1.0.1

10.1.0.0/16

10.1.0.0/18

10.1.64.0/18

10.1.128.0/18

10.1.192.0/18

2.2.2.1

2.2.2.2

AS3786

3.3.3.1

3.3.3.2

10.1.0.2

4.4.4.1

4.4.4.2

192.168.3.1

192.168.1.1


Config 9

Config-9

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • 양 사업자가 주는 국내정보를 받을때

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 10

Config-10

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 1.1.1.1 filter-list 20 in

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

neigh 2.2.2.1 filter-list 20 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

ip as-path access-list 20 deny .*

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • 양 사업자로부터 아무 정보도 받지 않고 default로 outbound traffic 분산

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 11

Config-11

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

no neigh 1.1.1.1 filter-list 20 in

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

neigh 2.2.2.1 filter-list 20 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

ip as-path access-list 20 deny .*

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • 국내는 AS3786을 통해 가게하고, 해외는 양사업자로 분산해서 가게 할떄

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 12

Config-12

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 1.1.1.1 filter-list 20 in

neigh 2.2.2.1 remote-as 3559

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

neigh 2.2.2.1 filter-list 30 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

ip as-path access-list 20 3786$

ip as-path access-list 30 3559$

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • AS3559, AS3786 영역은 직회선을 이용하게 하고, 나머지는 임의로 분산해서 가도록 함

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3559

2.2.2.2

AS100

2.2.2.1


Config 13

Config-13

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 1.1.1.1 filter-list 20 in

neigh 2.2.2.1 remote-as 3559

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

neigh 2.2.2.1 filter-list 30 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

ip as-path access-list 20 permit 3786$

ip as-path access-list 30 permit .*

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • AS3786으로는 직회선 이용, 나머지는 KT회선 이용, 해외는 임의로 분산

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3559

2.2.2.2

AS100

2.2.2.1


Config 14

Config-14

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 2.2.2.1 remote-as 3559

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

neigh 2.2.2.1 filter-list 30 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

ip as-path access-list 30 deny (3786|3976)

ip as-path access-list 30 permit .*

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • AS3786,AS3976으로 가는 것은 AS3786과의 직회선을 이용하게 하고, 나머지는 임의 분산

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3559

2.2.2.2

AS100

2.2.2.1


Config 15

Config-15

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3786

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 2.2.2.1 remote-as 3976

neigh 2.2.2.1 filter-list 10 out

neigh 2.2.2.1 distribute-list 100 out

neigh 2.2.2.1 route-map INET in

no sync

no auto-summary

!

Ip as-path access-list 10 permit ^$

ip as-path access-list 20 permit (4766|2563|1237|3608)

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

route-map INET permit 10

match ip as-path 20

set metric 100

route-map INET permit 20

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

  • AS4766,2563,1237,3608로 가는 traffic은 AS3786과의 직회선을 이용하게 하고, 나머지는 임의 분산

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3786

AS3976

2.2.2.2

AS100

2.2.2.1


Config 16

Config-16

Interface loopback 0

ip address 192.168.1.1 255.255.255.252

!

router bgp 100

network 10.1.1.0 mask 255.255.255.0

neigh 1.1.1.1 remote-as 3559

neigh 1.1.1.1 filter-list 10 out

neigh 1.1.1.1 distribute-list 100 out

neigh 1.1.1.1 filter-list 20 in

neigh 192.168.2.1 remote-as 3786

neigh 192.168.2.1 ebgp-multihop 3

neigh 192.168.2.1 update-source loopback0

neigh 192.168.2.1 filter-list 10 out

neigh 192.168.2.1 distribute-list 100 out

neigh 192.168.2.1 filter-list 30 in

no sync

no auto-summary

!

ip as-path access-list 10 permit ^$

ip as-path access-list 20 permit (3559|4766|7563)

ip as-path access-list 30 permit (3786|1237|2563)

!

access-list 100 permit host 10.1.1.0 host 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.1

ip route 0.0.0.0 0.0.0.0 3.3.3.1

ip route 192.168.2.1 255.255.255.252 2.2.2.1

ip route 192.168.2.1 255.255.255.252 3.3.3.1

  • Outbound가 많은 site에서 ISP와 연결된 회선대역이 틀릴 경우

1.1.1.1

10.1.1.0/24

1.1.1.2

AS3559

2.2.2.2

2.2.2.1

AS100

3.3.3.2

AS3786

3.3.3.1

192.168.1.1/30

192.168.2.1/30


  • Login