华为bgp路由的各种控制和团体属性及orf使用案例

需求分析
1、ar4的loopback1接口上打no-advertise团体属性
2、ar4的loopback2接口上打no-export团体属性
3、ar4的loopback1接口上打no-advertise团体属性
4、总部只接收ar5的loopbak1路由
5、分支2不接收分支1的所有路由
6、ar6和ar3配orf特性，用于限制ar3只接收ar6的loopbak1路由
7、bgp之间开认证功能及GTMS跳数限制
8、分支1使用GTMS限制跳数(GTMS内外bgp都能用)
9、分支2使用ebgp-max-hop，这个只能用于EBGP（和GTMD是互斥的功能一样）

orf路由解释
传统 BGP 中，路由过滤通常是 “接收方自行过滤”—— 即邻居发送所有路由，本地设备再根据进口策略（如前缀列表）过滤掉不需要的路由。这种方式会导致大量无用路由在网络中传输，浪费带宽和设备的 CPU / 内存资源。
ORF 则实现了 “源头过滤”：
接收方将自己的进口过滤规则（如前缀列表）通过 BGP 能力协商告知发送方，发送方在发布路由时直接应用这些规则，只发送接收方需要的路由。
例如：若设备 A 仅需要 10.0.0.0/8 网段的路由，可通过 ORF 将此规则告知邻居 B，B 在向 A 发布路由时会自动过滤掉非 10.0.0.0/8 的路由，避免无效数据传输。

R1

router id 1.1.1.1

interface GigabitEthernet0/0/0
ip address 10.0.14.1 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.0.12.1 255.255.255.0
ospf enable 1 area 0.0.0.0

interface GigabitEthernet0/0/2
ip address 10.0.13.1 255.255.255.0
ospf enable 1 area 0.0.0.0

interface NULL0

interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 10.0.14.4 as-number 65001
peer 10.0.14.4 password cipher %%E;=&8’ZGO"u.=$DZ)fU0V+NY$%$
peer 10.0.14.4 valid-ttl-hops 1
group rr internal
peer rr connect-interface LoopBack0
peer rr valid-ttl-hops 1 //bgp之间开认证功能及GTMS跳数限制
peer rr password cipher %%l<~-0cg*o4I;C(@7G`_#V&H2%%
peer 2.2.2.2 as-number 100
peer 2.2.2.2 group rr
peer 3.3.3.3 as-number 100
peer 3.3.3.3 group rr

ipv4-family unicast
undo synchronization
peer 10.0.14.4 enable
peer 10.0.14.4 route-policy D export
peer rr enable
peer rr reflect-client
peer rr next-hop-local
peer rr advertise-community
peer 2.2.2.2 enable
peer 2.2.2.2 group rr
peer 3.3.3.3 enable
peer 3.3.3.3 group rr

ospf 1
area 0.0.0.0

route-policy D permit node 10
if-match community-filter 1

ip community-filter 1 permit 65002:1
//总部只接收ar5的loopbak1路由
//community-filter主要作用是基于路由的团体属性对 BGP 路由进行精细化控制

R2

router id 2.2.2.2

interface GigabitEthernet0/0/0
ip address 10.0.25.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.0.12.2 255.255.255.0
ospf enable 1 area 0.0.0.0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 1.1.1.1 password cipher %%~cug3NJ8mRfe#zImLupWV’Mg%%
peer 1.1.1.1 valid-ttl-hops 1
peer 5.5.5.5 as-number 65002
peer 5.5.5.5 connect-interface LoopBack0
peer 5.5.5.5 password cipher %%}7nb>ww*8F96<y#wLPXRV,4O%%
peer 5.5.5.5 valid-ttl-hops 1

ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-local
peer 1.1.1.1 advertise-community
peer 5.5.5.5 enable

ospf 1
area 0.0.0.0

ip route-static 5.5.5.5 255.255.255.255 10.0.25.5

R3

router id 3.3.3.3

interface GigabitEthernet0/0/0
ip address 10.0.36.3 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.0.13.3 255.255.255.0
ospf enable 1 area 0.0.0.0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 1.1.1.1 password cipher %%P1cuL8P[;5’>X`<UYFp’V)PT%%
peer 1.1.1.1 valid-ttl-hops 1
peer 6.6.6.6 as-number 65003
peer 6.6.6.6 ebgp-max-hop 2
//分支2使用ebgp-max-hop，这个只能用于EBGP（和GTMD是互斥的功能一样）
peer 6.6.6.6 connect-interface LoopBack0
peer 6.6.6.6 password cipher %%HvNwO*o".3;>P:MN9+9JV/]=%%

ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-local
peer 6.6.6.6 enable
peer 6.6.6.6 ip-prefix F import
peer 6.6.6.6 route-policy E export
peer 6.6.6.6 capability-advertise orf ip-prefix send
// ar6和ar3配orf特性，用于限制ar3只接收ar6的loopbak1路由

ospf 1
area 0.0.0.0

route-policy E deny node 10
if-match as-path-filter E

route-policy E permit node 20

ip as-path-filter E permit _65002$
//分支2不接收分支1的所有路由

ip ip-prefix F index 10 permit 6.0.0.0 24
//基于前缀进行路由过滤,opr的前置条件

ip route-static 6.6.6.6 255.255.255.255 10.0.36.6

R4

router id 4.4.4.4

interface GigabitEthernet0/0/0
ip address 10.0.14.4 255.255.255.0

interface LoopBack0
ip address 4.4.4.4 255.255.255.255

interface LoopBack1
ip address 4.0.0.1 255.255.255.0

interface LoopBack2
ip address 4.0.1.1 255.255.255.0

bgp 65001
peer 10.0.14.1 as-number 100
peer 10.0.14.1 password cipher %$%$5J@/Abf]3@/ydFxI5k7V+yR$%$
peer 10.0.14.1 valid-ttl-hops 1

ipv4-family unicast
undo synchronization
network 4.0.0.0 255.255.255.0
network 4.0.1.0 255.255.255.0
peer 10.0.14.1 enable
peer 10.0.14.1 route-policy AB export
peer 10.0.14.1 advertise-community

route-policy AB permit node 10
if-match ip-prefix A
apply community no-advertise

route-policy AB permit node 20
if-match ip-prefix B
apply community no-export

route-policy AB permit node 30

ip ip-prefix A index 10 permit 4.0.0.0 24
ip ip-prefix B index 10 permit 4.0.1.0 24

R5

router id 5.5.5.5

interface GigabitEthernet0/0/0
ip address 10.0.25.5 255.255.255.0

interface LoopBack0
ip address 5.5.5.5 255.255.255.255

interface LoopBack1
ip address 5.0.0.1 255.255.255.0

interface LoopBack2
ip address 5.0.1.1 255.255.255.0

bgp 65002
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 2.2.2.2 password cipher %%😮{LQnxhz,K’C,"(s6OQV-@%%
peer 2.2.2.2 valid-ttl-hops 1

ipv4-family unicast
undo synchronization
network 5.0.0.0 255.255.255.0 route-policy C
network 5.0.1.0 255.255.255.0
peer 2.2.2.2 enable
peer 2.2.2.2 advertise-community

route-policy C permit node 10
apply community 65002:1

ip route-static 2.2.2.2 255.255.255.255 10.0.25.2

R6
router id 6.6.6.6

interface GigabitEthernet0/0/0
ip address 10.0.36.6 255.255.255.0

interface LoopBack0
ip address 6.6.6.6 255.255.255.255

interface LoopBack1
ip address 6.0.0.1 255.255.255.0

interface LoopBack2
ip address 6.0.1.1 255.255.255.0

bgp 65003
peer 3.3.3.3 as-number 100
peer 3.3.3.3 ebgp-max-hop 2
peer 3.3.3.3 connect-interface LoopBack0
peer 3.3.3.3 password cipher %%l){4d69FIc[@S;)&LxMV1#G%%

ipv4-family unicast
undo synchronization
network 6.0.0.0 255.255.255.0
network 6.0.1.0 255.255.255.0
peer 3.3.3.3 enable
peer 3.3.3.3 capability-advertise orf ip-prefix receive
//ar6和ar3配orf特性，用于限制ar3只接收ar6的loopbak1路由

ip route-static 3.3.3.3 255.255.255.255 10.0.36.3

查看团体属性

no-adv那条只会给r1不会给r2和r3


查看r5改的团体属性



R4只接收R5 loopback 1

前后过滤对比R6的r4的bgp路由没了

r6查看orf路由

r3上查看学到的路由