Beruflich Dokumente
Kultur Dokumente
Fryguy's Blog
INDEX OF POSTS
RESUME OR CV
ABOUT FRYGUY
GUERRI
PUBLISHED WORKBOOKS
ARCHIVES
READING LIST
DISNEY (UPDATE)
J. GIMENO
RSS FEED
JUNOS, WORKBOOK
And now the final post before the whole workbook is posted, Route Filtering
converted by Web2PDFConvert.com
Ok, lets discuss Route Filtering in this lab, and to keep is simple, we will use eBGP for the
routing protocol. For this lab we will need to create another loopback on R4 for
44.44.44.44/32.
The goal of this lab is in 3 parts.
Part 1: Full reachability
Part 2: Filter 44.44.44.44/32 in on J1
Part 3: Filter 1.1.1.1/32, 2.2.2.2/32, and 3.3.3.3/32 to R4
The first step is yours as we need to reset all configs to the rollback/base configurations.
Ok, lets get started!
On R4 we will need to create Loopback1 and configure BGP to peer with J1:
R4# config t
R4(config)#int lo1
R4(config-if)#ip add 44.44.44.44 255.255.255.255
R4(config-if)# router bgp 4
R4(config-router)#no auto-summary
R4(config-router)#nei 192.168.14.1 remote-as 123
R4(config-router)#net 4.4.4.4 mask 255.255.255.255
R4(config-router)#net 44.44.44.44 mask 255.255.255.255
R4(config-router)#^Z
R4#
Ok, we will start with J2, then J3, and finally J1 for the configuration.
J2:
jfry@J2> edit
Entering configuration mode
[edit]
jfry@J2# set policy-options policy-statement Connected term 1 from protocol direct
[edit]
jfry@J2# set policy-options policy-statement Connected term 1 then accept
[edit]
jfry@J2# set routing-options autonomous-system 123
[edit]
jfry@J2# edit protocols bgp group ibgp
[edit protocols bgp group ibgp]
jfry@J2# set type internal
[edit protocols bgp group ibgp]
jfry@J2# set neighbor 192.168.23.3
[edit protocols bgp group ibgp]
jfry@J2# set neighbor 192.168.12.1
[edit protocols bgp group ibgp]
jfry@J2# up
[edit protocols bgp]
jfry@J2# set export Connected
[edit protocols bgp]
jfry@J2# commit and-quit
commit complete
Exiting configuration mode
converted by Web2PDFConvert.com
jfry@J2>
Ok, onto J3:
jfry@J3> edit
Entering configuration mode
[edit]
jfry@J3# set policy-options policy-statement Connected term 1 from protocol direct
[edit]
jfry@J3# set policy-options policy-statement Connected term 1 then accept
[edit]
jfry@J3# set routing-options autonomous-system 123
[edit]
jfry@J3# edit protocols bgp group ibgp
[edit protocols bgp group ibgp]
jfry@J3# set type internal
[edit protocols bgp group ibgp]
jfry@J3# set neighbor 192.168.23.2
[edit protocols bgp group ibgp]
jfry@J3# set neighbor 192.168.13.1
[edit protocols bgp group ibgp]
jfry@J3# up
[edit protocols bgp]
jfry@J3# set export Connected
[edit protocols bgp]
jfry@J3# commit and-quit
converted by Web2PDFConvert.com
Now time to do some filtering. First up, we will filter R4 Loop1 (44.44.44.44/32) inbound on
J1:
jfry@J1> edit
Entering configuration mode
First we will create a prefix-list matching 44.44.44.44/32:
[edit]
jfry@J1# set policy-options prefix-list R4ASN 44.44.44.44/32
Now we will create our policy statement to Reject the 44.44.44.44/32:
[edit]
jfry@J1# set policy-options policy-statement FromR4 term 1 from prefix-list R4ASN
[edit]
jfry@J1# set policy-options policy-statement FromR4 term 1 then reject
Then we will set our next statement to permit everything else:
[edit]
jfry@J1# set policy-options policy-statement FromR4 term 2 then accept
converted by Web2PDFConvert.com
[edit]
jfry@J1# set policy-options prefix-list JLoopbacks 2.2.2.2/32
[edit]
jfry@J1# set policy-options prefix-list JLoopbacks 3.3.3.3/32
Now to create out policy statement to reject JLoopbacks and then permit everything else.
[edit]
jfry@J1# set policy-options policy-statement ToR4 term 1 from prefix-list JLoopbacks
[edit]
jfry@J1# set policy-options policy-statement ToR4 term 1 then reject
[edit]
jfry@J1# set policy-options policy-statement ToR4 term 2 then accept
Then, in one command, we will apply the export map:
[edit]
jfry@J1# set protocols bgp group ebgp neighbor 192.168.14.4 export ToR4
[edit]
jfry@J1# commit and-quit
Now back to look at R4 Routing table:
R4#sh ip route
Codes: C connected, S static, R RIP, M mobile, B BGP
D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area
N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2
E1 OSPF external type 1, E2 OSPF external type 2
i IS-IS, su IS-IS summary, L1 IS-IS level-1, L2 IS-IS level-2
ia IS-IS inter area, * candidate default, U per-user static route
o ODR, P periodic downloaded static route
Gateway of last resort is not set
B 192.168.12.0/24 [20/0] via 192.168.14.1, 00:07:04
B 192.168.13.0/24 [20/0] via 192.168.14.1, 00:07:04
C 192.168.14.0/24 is directly connected, Ethernet0
4.0.0.0/32 is subnetted, 1 subnets
C
4.4.4.4 is directly connected, Loopback0
B 192.168.23.0/24 [20/0] via 192.168.14.1, 00:07:04
44.0.0.0/32 is subnetted, 1 subnets
C
44.44.44.44 is directly connected, Loopback1
R4#
There you go, routes filter to R4!
Share this:
Twitter
More
Send
converted by Web2PDFConvert.com
1 Comment
Recommend
1 Login
Fryguy
Share
Sort by Best
I've been loving these posts! Are you currently going for a Juniper cert?
Reply Share
ALSO ON FRYGUY
Mike Courtney I picked one of these up - really cool! Thanks for the
TiO The publication of the IOS XRv was by error. It has been
removed.
anything that runs Junos. The only differences will be the interfaces
you use on your device. You will also need some type of EX switch
Subscribe
Privacy
BEFORE
AFTER
COMMERCIAL
Search
RSS Feed
NETWORKING
Amy Engineer
Broken Network
CCIE Flyer
CCIE In 3 Months
CCIE Journey
CHesapeake Netcraftsman Blogs
Ethereal Mind
Firewall.cx
Gestlalt IT
Herding Packets
INE All Access
IP Space (Ivan Pepelnjak)
Lame Journal
Marko's Blog
Networking Nerd
Orhan Ergun CCDE
Packet Life
Packet Queue
Tech Field Day
The Data Center Overlords
PODCAST
No Strings Attached
Packet Pushers
converted by Web2PDFConvert.com
converted by Web2PDFConvert.com