320 likes | 527 Views
BGP Case Studies in the field. Traffic 조절 방안. Inbound Traffic 조절 정보제공업체를 제외한 대부분의 ISP/ 기업들이 Inbound Traffic 조절 필요 Outbound Traffic 조절 정보제공업체들이 외부와 연결된 복수개의 회선을 효율적으로 이용하기 위해 Outbound Traffic 조절 필요 Inbound Traffic 을 조절하기 위해서는 내가 전달하는 라우텅정보를 조절하여야 함 내가 원하는 대로 제어하는 것이 쉽지 않음
E N D
Traffic 조절 방안 • Inbound Traffic 조절 • 정보제공업체를 제외한 대부분의 ISP/기업들이 Inbound Traffic 조절 필요 • Outbound Traffic 조절 • 정보제공업체들이 외부와 연결된 복수개의 회선을 효율적으로 이용하기 위해 Outbound Traffic 조절 필요 • Inbound Traffic을 조절하기 위해서는 내가 전달하는 라우텅정보를 조절하여야 함 • 내가 원하는 대로 제어하는 것이 쉽지 않음 • Outbound Traffic을 조절하기 위해서는 내가 전달받는 라우팅정보를 조절하여야 함 • 내가 원하는 대로 거의 100% 제어 가능 • BGP에서 목적지로 가는 경로는 항상 1개임 • Best Path는 1개 • 100% 50:50 traffic 분산은 불가능 • AS-Path & Prefix Filtering
Traffic 조절 수단 • Inbound • as-path 길이 • MED 값 • prefix 길이 • Outbound • weight (only Cisco IOS) • local_preference • as-path 길이 • MED 값 • Wegiht: 값을 클수록 best path • Local Preference: 값이 클수록 best path • As-path 길이: 길이가 짧을수록 best path • MED: 값이 작을수록 best path • prefix 길이: 길이가 길수록 best path
Example-1 • as-path 길이가 짧은 것이 우선함 *>10.1.1.0/24 3786 100 i 10.1.1.0/24 4766 3559 100 i DACOM AS3786 ISP1 AS2000 CUST AS100 ISP2 AS3000 10.1.1.0/24 KT AS3559 KT AS4766
Example-2 • as-path 길이가 같은 경우는 router-ID가 작은 것을best path로 선택함 *>10.1.1.0/24 3786 100 i 10.1.1.0/24 3976 100 i DACOM AS3786 ISP1 AS2000 CUST AS100 ISP2 AS3000 10.1.1.0/24 INET AS3976 10.1.1.0/24 3786 100 i *>10.1.1.0/24 3976 100 i
Example-3 • 다른 두 ISP에게 MED를 조정해서 내보내는 것은 inbound traffic에 거의 영향을 미치지 못함 • MED는 External BGP Neighbor간에만 교환되며 다른 AS로는 전달되지 않는다.) Set MED=10 out for 14.1.1.0/24 12.1.1.0/24로 가는 traffic DACOM AS3786 ISP AS200 CUST AS100 INET AS3976 Set MED=10 out for 12.1.1.0/24 14.1.1.0/24로 가는 traffic 12.1.1.0/24 14.1.1.0/24
Example-4 • ISP가 MED를 받아들인다면 동일 ISP에게 MED를 설정해서 보내는 것은 inbound traffic을 조절할수 있는 수단 Lowest MED Set MED=10 out for 14.1.1.0/24 DACOM AS3786 CUST AS100 12.1.1.0/24로 가는 traffic n-h1 *>12.1.1.0/24 n-h1 med=null 100 i 12.1.1.0/24 n-h2 med=10 100 i 14.1.1.0/24 n-h1 med=10 100 i *>14.1.1.0/24 n-h2 med=null 100 i n-h2 12.1.1.0/24 14.1.1.0/24 14.1.1.0/24로 가는 traffic Set MED=10 out for 12.1.1.0/24
Example-5 • DACOM과 연결된 회선의 Inbound traffic이 100%에 가까운 반면 KT와 연결된 회선의 Inbound traffic이 50% 이하임 • as-path prepend로 inbound traffic 조절 DACOM AS3786 *>10.1.1.0/24 3786 100 10.1.1.0/24 4766 3559 100 Internet as-path prepend 100 out CUST AS100 10.1.1.0/24 10.1.1.0/24 3786 100 100 *>10.1.1.0/24 4766 3559 100 KT AS3559 KT AS4766
Example-6 • as-path prepend로 inbound traffic 조절 DACOM AS3786 Traffic 폭주 CUST AS100 INET AS3976 As-path prepend 100 out DACOM AS3786 CUST AS100 INET AS3976
Example-7 • as-path prepend를 네트웍별로 적용하여 inbound traffic 조절 *>12.1.1.0/24 3786 100 12.1.1.0/24 3976 100 100 DACOM AS3786 As-path prepend 100 for 14.1.1.0/24 CUST AS100 Internet INET AS3976 12.1.1.0/24 14.1.1.0/24 As-path prepend 100 for 12.1.1.0/24 14.1.1.0/24 3786 100 100 *>14.1.1.0/24 3976 100
Example-8 • DACOM과 연결된 회선의 대역은 50%, KT와 연결된 회선의 대역은 100%를 이용(병목현상)하는 상황 발생 • Prefix Length로 inbound traffic을 조절 12.1.128.0/17 DACOM AS3786 12.1.0.0/16 12.1.0.0/17 CUST AS100 Internet 12.1.128.0/17 KT AS3559 12.1.0.0/17 12.1.0.0/16 12.1.0.0/17 12.1.128.0/17 12.1.0.0/16 12.1.128.0/17 12.1.0.0/17
Example-9 • MED로 outbound path를 선택할 수 있음 DACOM AS3786 CUST AS200 10.1.1.0/24 CUST AS100 INET AS3976 12.1.1.0/24 Internet Set MED=10 in for AS200 *>12.1.1.0/24 MED=null 3786 200 i 12.1.1.0/24 MED=10 3976 200 i
Example-10 • MED를 선택적으로 적용 • outbound 조절용 DACOM AS3786 Set MED=10 in for 14.1.1.0/24 CUST AS200 CUST AS100 INET AS3976 12.1.1.0/24 14.1.1.0/24 Set MED=10 in for 12.1.1.0/24 *>12.1.1.0/24 MED=null 3786 200 i 12.1.1.0/24 MED=10 3976 200 i 14.1.1.0/24 MED=10 3786 200 i *>14.1.1.0/24 MED=null 3976 200 i
Example-11 • Default만을 설정하여 outbound traffic을 처리하는 방법 • 국내BGP정보를 받는 경우 • 아무 정보도 받지 않은 경우 DACOM AS3786 default Internet INET AS3976 default
Example-12 • 2개의 라우터를 이용하는 경우 • unbalanced outbound traffic 가능성이 높음 • 그러나 안정적 default DACOM AS3786 Internet INET AS3976 default
Config-1 router bgp 3786 neigh 1.1.1.1 remote-as 100 neigh 1.1.1.1 filter-list 50 in neigh 1.1.1.1 distribute-list 120 in no sync no auto-summary ! ip as-path access-list 50 permit ^(100_)+$ ! access-list 120 permit host 10.1.1.0 host 255.255.255.0 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1 router bgp 3976 neigh 2.2.2.1 remote-as 100 neigh 2.2.2.1 filter-list 11 in neigh 2.2.2.1 distribute-list 130 in no sync no auto-summary ! ip as-path access-list 11 permit ^(100_)+$ ! access-list 130 permit host 10.1.1.0 host 255.255.255.0 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1
Config-2 Interface loopback 0 ip address 192.168.1.1 255.255.255.252 ! router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3559 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 ip route 0.0.0.0 0.0.0.0 3.3.3.1 ip route 192.168.2.1 255.255.255.252 2.2.2.1 ip route 192.168.2.1 255.255.255.252 3.3.3.1 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3559 2.2.2.2 2.2.2.1 AS100 3.3.3.2 AS3786 3.3.3.1 192.168.1.1/30 192.168.2.1/30 Interface loopback 0 ip address 192.168.2.1 255.255.255.252 ! router bgp 3786 neigh 192.168.1.1 remote-as 100 neigh 192.168.1.1 ebgp-multihop 3 neigh 192.168.1.1 update-source loopback0 neigh 192.168.1.1 filter-list 10 in neigh 192.168.1.1 distribute-list 100 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 192.168.2.1 255.255.255.252 2.2.2.2 ip route 192.168.2.1 255.255.255.252 3.3.3.2
Config-3 • AS3786 회선에 inbound traffic이 많을때 router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 110 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.0.0 host 255.255.0.0 ! access-list 110 permit host 10.1.0.0 host 255.255.0.0 access-list 110 permit host 10.1.128.0 host 255.255.128.0 ! ip route 10.1.0.0 255.255.0.0 null0 ip route 10.1.128.0 255.255.128.0 null0 ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 10.1.0.0/16 1.1.1.1 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-4 • AS3786 회선에 inbound traffic이 많을때 router bgp 100 network 10.1.0.0 mask 255.255.0.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 route-map PREPEND out neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.0.0 host 255.255.0.0 ! route-map PREPEND permit 10 set as-path prepend 100 ! ip route 10.1.0.0 255.255.0.0 null0 ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 10.1.0.0/16 1.1.1.1 1.1.1.2 AS3786 AS3559 2.2.2.2 AS100 2.2.2.1
Config-5 router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 route-map PREPEND out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.0.0 host 255.255.0.0 access-list 100 permit host 10.1.128.0 host 255.255.128.0 ! access-list 110 permit host 10.1.128.0 host 255.255.128.0 ! route-map PREPEND permit 10 match ip address 110 set as-path prepend 100 route-map PREPEND permit 20 ! ip route 10.1.0.0 255.255.0.0 null0 ip route 10.1.128.0 255.255.128.0 null0 ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • AS3786 회선에 inbound traffic이 많을때 10.1.0.0/16 1.1.1.1 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-6 router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.128.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 110 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.0.0 host 255.255.0.0 access-list 100 permit host 10.1.128.0 host 255.255.128.0 ! access-list 110 permit host 10.1.0.0 host 255.255.0.0 access-list 110 permit host 10.1.0.0 host 255.255.128.0 ! ip route 10.1.0.0 255.255.0.0 null0 ip route 10.1.0.0 255.255.128.0 null0 ip route 10.1.128.0 255.255.128.0 null0 ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • Network별로 inbound traffic을 분리/조절하기 위해 10.1.0.0/16 1.1.1.1 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-7 Interface loopback 0 ip address 192.168.0.1 255.255.255.252 ! router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.192.0 network 10.1.64.0 mask 255.255.192.0 neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback 0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 10.1.0.2 remote-as 100 neigh 10.1.0.2 next-hop-self no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.0.0 host 255.255.0.0 access-list 100 permit host 10.1.0.0 host 255.255.192.0 access-list 100 permit host 10.1.64.0 host 255.255.192.0 ! ip route 10.1.0.0 255.255.0.0 null0 ip route 10.1.0.0 255.255.192.0 null0 ip route 10.1.64.0 255.255.192.0 null0 ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 ip route 0.0.0.0 0.0.0.0 10.1.0.2 10 ip route 192.168.2.1 255.255.255.252 1.1.1.1 ip route 192.168.2.1 255.255.255.252 2.2.2.1 • 데이콤에 여러 개의 회선을 안정성을 위해 분리 접속할 경우 AS100 192.168.2.1 192.168.0.1 1.1.1.1 1.1.1.2 10.1.0.1 10.1.0.0/16 10.1.0.0/18 10.1.64.0/18 10.1.128.0/18 10.1.192.0/18 2.2.2.1 2.2.2.2 AS3786 3.3.3.1 3.3.3.2 10.1.0.2 4.4.4.1 4.4.4.2 192.168.3.1 192.168.1.1
Config-8 Interface loopback 0 ip address 192.168.0.1 255.255.255.252 ! router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.192.0 network 10.1.64.0 mask 255.255.192.0 neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback 0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 10.1.0.2 remote-as 100 neigh 10.1.0.2 next-hop-self no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.0.0 host 255.255.0.0 access-list 100 permit host 10.1.0.0 host 255.255.192.0 access-list 100 permit host 10.1.64.0 host 255.255.192.0 access-list 100 permit host 10.1.128.0 host 255.255.192.0 ! ip route 10.1.0.0 255.255.0.0 null0 ip route 10.1.0.0 255.255.192.0 null0 ip route 10.1.64.0 255.255.192.0 null0 ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 ip route 0.0.0.0 0.0.0.0 10.1.0.2 10 ip route 192.168.2.1 255.255.255.252 1.1.1.1 ip route 192.168.2.1 255.255.255.252 2.2.2.1 • 데이콤에 여러 개의 회선을 안정성을 위해 분리 접속할 경우 AS100 192.168.2.1 192.168.0.1 1.1.1.1 1.1.1.2 10.1.0.1 10.1.0.0/16 10.1.0.0/18 10.1.64.0/18 10.1.128.0/18 10.1.192.0/18 2.2.2.1 2.2.2.2 AS3786 3.3.3.1 3.3.3.2 10.1.0.2 4.4.4.1 4.4.4.2 192.168.3.1 192.168.1.1
Config-9 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary ! ip as-path access-list 10 permit ^$ ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • 양 사업자가 주는 국내정보를 받을때 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-10 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 20 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 deny .* ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • 양 사업자로부터 아무 정보도 받지 않고 default로 outbound traffic 분산 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-11 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out no neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 20 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 deny .* ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • 국내는 AS3786을 통해 가게하고, 해외는 양사업자로 분산해서 가게 할떄 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-12 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 3786$ ip as-path access-list 30 3559$ ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • AS3559, AS3786 영역은 직회선을 이용하게 하고, 나머지는 임의로 분산해서 가도록 함 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3559 2.2.2.2 AS100 2.2.2.1
Config-13 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit 3786$ ip as-path access-list 30 permit .* ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • AS3786으로는 직회선 이용, 나머지는 KT회선 이용, 해외는 임의로 분산 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3559 2.2.2.2 AS100 2.2.2.1
Config-14 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ip as-path access-list 30 deny (3786|3976) ip as-path access-list 30 permit .* ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • AS3786,AS3976으로 가는 것은 AS3786과의 직회선을 이용하게 하고, 나머지는 임의 분산 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3559 2.2.2.2 AS100 2.2.2.1
Config-15 router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 route-map INET in no sync no auto-summary ! Ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit (4766|2563|1237|3608) ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! route-map INET permit 10 match ip as-path 20 set metric 100 route-map INET permit 20 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 • AS4766,2563,1237,3608로 가는 traffic은 AS3786과의 직회선을 이용하게 하고, 나머지는 임의 분산 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3786 AS3976 2.2.2.2 AS100 2.2.2.1
Config-16 Interface loopback 0 ip address 192.168.1.1 255.255.255.252 ! router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3559 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 192.168.2.1 filter-list 30 in no sync no auto-summary ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit (3559|4766|7563) ip as-path access-list 30 permit (3786|1237|2563) ! access-list 100 permit host 10.1.1.0 host 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 0.0.0.0 0.0.0.0 2.2.2.1 ip route 0.0.0.0 0.0.0.0 3.3.3.1 ip route 192.168.2.1 255.255.255.252 2.2.2.1 ip route 192.168.2.1 255.255.255.252 3.3.3.1 • Outbound가 많은 site에서 ISP와 연결된 회선대역이 틀릴 경우 1.1.1.1 10.1.1.0/24 1.1.1.2 AS3559 2.2.2.2 2.2.2.1 AS100 3.3.3.2 AS3786 3.3.3.1 192.168.1.1/30 192.168.2.1/30