ISP经典配置

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

ROUTER TELECOM-SP GATEWAY 01 (GW01)

hostname GW01

router eigrp 7341

network 212.18.22.0

redistribute static route-map ONLY_DEFAULT

passive-interface serial 1

passive-interface serial 2

passive-interface serial 3

passive-interface serial 7

router bgp 7341

no synchronization

no auto-summary

network 212.18.22.0 mask 255.255.252.0

network 212.18.12.0 mask 255.255.248.0

network 201.9.110.0 mask 255.255.240.0

network 173.41.220.0 mask 255.255.248.0

network 200.5.32.0 mask 255.255.224.0

network 200.23.7.0 mask 255.255.224.0

network 172.22.0.0 mask 255.255.0.0

neighbor PEER_MAP peer-group

neighbor PEER_MAP remote-as 921

neighbor PEER_MAP filter-list 20 out

neighbor PEER_MAP distribute-list 2 in

neighbor PEER_MAP distribute-list 2 out

neighbor a.a.a.1 peer-group PEER_MAP

neighbor b.b.b.1 peer-group PEER_MAP

neighbor c.c.c.1 peer-group PEER_MAP

neighbor a.a.a.1 route-map SET_COMMUNITY_1 out

neighbor b.b.b.1 route-map SET_COMMUNITY_2 out

neighbor c.c.c.1 route-map SET_COMMUNITY_3 out

neighbor a.a.a.1 send-community

neighbor b.b.b.1 send-community

neighbor c.c.c.1 send-community

neighbor j.j.j.1 remote-as 1121

neighbor j.j.j.1 filter-list 21 in

neighbor j.j.j.1 distribute-list 2 in

neighbor j.j.j.1 distribute-list 2 out

neighbor y.y.y.2 remote-as 7341

! Access list summary:

! #2 Used for Ingress to filter private space prefixes as well

! as any other prefixes desired.

! #3 Used for redistribution into EIGRP process to permit only

! static route to default 0/0 to be redistributed.

! #10 Used to set community attribute for CIMR sessions and to

! implicitly filter prefixes out to CIMR peers other than

! those specified.

! #11 Used to set community attribute for CIMR sessions and to

! implicitly filter prefixes out to CIMR peers other than

! those specified.

! #12 Used to set community attribute for CIMR sessions and to

! implicitly filter prefixes out to CIMR peers other than

! those specified.

! #20 AS Path filter to ensure that AS7341 serve only as transit

! to AS1121 and not to any other neighboring AS.

! #21 AS Path filter to ensure that only prefixes originating

! from AS1121 are allowed to be propagated throughout AS7341.

! Ingress filtering to prevent 1918 private address space from

! being injected into AS7341. This access-list can be used to

! add other filters which TELECOM-SP wishes to impose at the ingress

! to their AS.

access-list 2 deny 10.0.0.0 0.255.255.255

access-list 2 deny 172.6.0.0 0.15.255.255

access-list 2 deny 192.168.0.0 0.0.255.255

access-list 2 permit any

! Access list to permit default only being injected into EIGRP

! process.

access-list 3 permit 0.0.0.0 0.0.0.0

access-list 3 deny any

! Prefixes A, B, C, D and E.

access-list 10 permit 212.18.22.0 255.255.252.0

access-list 10 permit 212.18.12.0 255.255.248.0

access-list 10 permit 201.9.110.0 255.255.240.0

access-list 10 permit 200.5.32.0 255.255.224.0

access-list 10 permit 173.41.220.0 255.255.248.0

access-list 10 deny any

! Prefixes F and G.

access-list 11 permit 200.23.7.0 255.255.224.0

access-list 11 permit 172.22.0.0 255.255.0.0

access-list 11 deny any

! AS Path filter list for outgoing prefixes. This filter can be

! used on all peering sessions with CIMR, OBERON, INTEX and

! ACSNET. In each case there may be overlap but it will still

! work. It is intended to prevent AS7341 from acting as a transit

! network for everyone except XPAC (AS1121).

ip as-path access-list 20 deny ^432_

ip as-path access-list 20 deny ^5037_

ip as-path access-list 20 deny ^1399_

ip as-path access-list 20 deny _854_

ip as-path access-list 20 permit .*

! AS Path filter list for incoming prefixes. This filter is

! used on the XPAC peering session.

ip as-path access-list 21 permit _1121$

ip as-path access-list 21 deny any

! Permit A, B, C, D and E to be propagated - they will default

! to Local_Pref of 100 in the upstream neighbor.

route-map SET_COMMUNITY_1 permit 10

match ip address 10

! Explicitly deny all other prefixes from being

! propagated to the associated peer router.

route-map SET_COMMUNITY_1 deny 20

route-map SET_COMMUNITY_2 permit 10

match ip address 10

match ip address 11

set community 0x0DE9005A

route-map SET_COMMUNITY_2 deny 20

route-map SET_COMMUNITY_3 permit 10

match ip address 11

route-map SET_COMMUNITY_3 deny 20

! This route-map is necessary to permit only the redistribution

! of the default route into the EIGRP process 7341. There is

! no need to introdUCe the other “place-holder” routes to null0

! into the EIGRP process.

route-map ONLY_DEFAULT permit 10

match ip address 3

route-map ONLY_DEFAULT deny 20

! Static route definitions.

ip route 0.0.0.0 0.0.0.0 b.b.b.1

ip route 0.0.0.0 0.0.0.0 a.a.a.1 210

ip route 212.18.22.0 255.255.252.0 null0

ip route 212.18.12.0 255.255.248.0 null0

ip route 201.9.110.0 255.255.240.0 null0

ip route 173.41.220.0 255.255.248.0 null0

ip route 200.5.32.0 255.255.224.0 null0

ip route 200.23.7.0 255.255.224.0 null0

ip route 172.22.0.0 255.255.0.0 null0

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航