Download ppt - BGP Case Studies in the field

1

BGP Case Studiesin the field

2

Traffic 조절 방안

• Inbound Traffic 조절– 정보제공업체를 제외한 대부분의 ISP/ 기업들이 Inbound Traffic

조절 필요

• Outbound Traffic 조절– 정보제공업체들이 외부와 연결된 복수개의 회선을 효율적으로

이용하기 위해 Outbound Traffic 조절 필요

• Inbound Traffic 을 조절하기 위해서는 내가 전달하는 라우텅정보를 조절하여야 함– 내가 원하는 대로 제어하는 것이 쉽지 않음

• Outbound Traffic 을 조절하기 위해서는 내가 전달받는 라우팅정보를 조절하여야 함– 내가 원하는 대로 거의 100% 제어 가능

• BGP 에서 목적지로 가는 경로는 항상 1 개임– Best Path 는 1 개– 100% 50:50 traffic 분산은 불가능

• AS-Path & Prefix Filtering

3

Traffic 조절 수단

• Inbound– as-path 길이– MED 값– prefix 길이

• Outbound– weight (only Cisco IOS)– local_preference– as-path 길이– MED 값

• Wegiht: 값을 클수록 best path

• Local Preference: 값이 클수록 best path

• As-path 길이 : 길이가 짧을수록 best path

• MED: 값이 작을수록 best path

• prefix 길이 : 길이가 길수록 best path

4

DACOMAS3786

KTAS4766

KTAS3559

CUSTAS100

ISP1AS2000

ISP2AS3000

10.1.1.0/24

*>10.1.1.0/24 3786 100 i 10.1.1.0/24 4766 3559 100 i

Example-1• as-path 길이가 짧은 것이 우선함

5

DACOMAS3786

INETAS3976

CUSTAS100

ISP1AS2000

ISP2AS3000

10.1.1.0/24

*>10.1.1.0/24 3786 100 i 10.1.1.0/24 3976 100 i

10.1.1.0/24 3786 100 i*>10.1.1.0/24 3976 100 i

Example-2

• as-path 길이가 같은 경우는 router-ID 가 작은 것을 best path 로 선택함

6

DACOMAS3786

INETAS3976

CUSTAS100

ISPAS200

12.1.1.0/2414.1.1.0/24

Set MED=10 outfor 12.1.1.0/24

Set MED=10 out for 14.1.1.0/24

Example-3

• 다른 두 ISP 에게 MED 를 조정해서 내보내는 것은 inbound traffic 에 거의 영향을 미치지 못함

12.1.1.0/24 로 가는 traffic


MED 는 External BGP Neighbor 간에만 교환되며 다른 AS 로는 전달되지 않는다 .)

7

Example-4

• ISP 가 MED 를 받아들인다면 동일 ISP 에게 MED 를 설정해서 보내는 것은 inbound traffic 을 조절할수 있는 수단

DACOMAS3786

CUSTAS100

12.1.1.0/2414.1.1.0/24 Set MED=10 out

for 12.1.1.0/24

Set MED=10 out for 14.1.1.0/24

*>12.1.1.0/24 n-h1 med=null 100 i 12.1.1.0/24 n-h2 med=10 100 i 14.1.1.0/24 n-h1 med=10 100 i*>14.1.1.0/24 n-h2 med=null 100 i



n-h1

n-h2

Lowest MED

8

Example-5

• as-path prepend 로 inbound traffic 조절

DACOMAS3786

KTAS4766

KTAS3559

CUSTAS100 Internet

10.1.1.0/24

as-path prepend 100 out

*>10.1.1.0/24 3786 100 10.1.1.0/24 4766 3559 100

10.1.1.0/24 3786 100 100*>10.1.1.0/24 4766 3559 100

•DACOM 과 연결된 회선의 Inbound traffic 이 100% 에 가까운 반면 KT 와 연결된 회선의 Inbound traffic 이 50% 이하임

9

Example-6

• as-path prepend 로 inbound traffic 조절

DACOMAS3786

INETAS3976

CUSTAS100

Traffic 폭주

DACOMAS3786

INETAS3976

CUSTAS100

As-path prepend100 out

10

Example-7

• as-path prepend 를 네트웍별로 적용하여 inbound traffic 조절

CUSTAS100

12.1.1.0/2414.1.1.0/24 As-path prepend

100 for 12.1.1.0/24

As-path prepend100 for 14.1.1.0/24

*>12.1.1.0/24 3786 100 12.1.1.0/24 3976 100 100

14.1.1.0/24 3786 100 100*>14.1.1.0/24 3976 100

DACOMAS3786

INETAS3976

Internet

11

Example-8

• Prefix Length 로 inbound traffic 을 조절

CUSTAS100

12.1.0.0/16 12.1.0.0/17 12.1.128.0/17

DACOMAS3786

KTAS3559

Internet

12.1.0.0/1612.1.0.0/17

12.1.0.0/1612.1.128.0/17

12.1.128.0/17

12.1.128.0/17

12.1.0.0/17

12.1.0.0/17

•DACOM 과 연결된 회선의 대역은 50%, KT 와 연결된 회선의 대역은 100% 를 이용 (병목현상 ) 하는 상황 발생

12

Example-9

• MED 로 outbound path 를 선택할 수 있음

DACOMAS3786

INETAS3976

CUSTAS100

CUSTAS200

10.1.1.0/24

12.1.1.0/24

InternetSet MED=10 in for AS200

*>12.1.1.0/24 MED=null 3786 200 i 12.1.1.0/24 MED=10 3976 200 i

13

Example-10

• MED 를 선택적으로 적용• outbound 조절용

DACOMAS3786

INETAS3976

CUSTAS100

CUSTAS200

12.1.1.0/2414.1.1.0/24

Set MED=10 in for 12.1.1.0/24

*>12.1.1.0/24 MED=null 3786 200 i 12.1.1.0/24 MED=10 3976 200 i 14.1.1.0/24 MED=10 3786 200 i *>14.1.1.0/24 MED=null 3976 200 i

Set MED=10 in for 14.1.1.0/24

14

Example-11

• Default 만을 설정하여 outbound traffic 을 처리하는 방법– 국내 BGP 정보를 받는 경우– 아무 정보도 받지 않은 경우

DACOMAS3786

INETAS3976

Internet

default

default

15

Example-12

• 2 개의 라우터를 이용하는 경우– unbalanced outbound traffic 가능성이 높음– 그러나 안정적

Internet

default

default

DACOMAS3786

INETAS3976

16

Config-1

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

router bgp 3786 neigh 1.1.1.1 remote-as 100 neigh 1.1.1.1 filter-list 50 in neigh 1.1.1.1 distribute-list 120 in no sync no auto-summary!ip as-path access-list 50 permit ^(100_)+$!access-list 120 permit host 10.1.1.0 host 255.255.255.0

router bgp 3976 neigh 2.2.2.1 remote-as 100 neigh 2.2.2.1 filter-list 11 in neigh 2.2.2.1 distribute-list 130 in no sync no auto-summary!ip as-path access-list 11 permit ^(100_)+$!access-list 130 permit host 10.1.1.0 host 255.255.255.0

17

Config-2

10.1.1.0/241.1.1.2

1.1.1.1

2.2.2.22.2.2.1

AS3559

AS3786AS100

Interface loopback 0 ip address 192.168.1.1 255.255.255.252!router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3559 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 3.3.3.1ip route 192.168.2.1 255.255.255.252 2.2.2.1ip route 192.168.2.1 255.255.255.252 3.3.3.1

3.3.3.23.3.3.1

192.168.1.1/30192.168.2.1/30

Interface loopback 0 ip address 192.168.2.1 255.255.255.252!router bgp 3786 neigh 192.168.1.1 remote-as 100 neigh 192.168.1.1 ebgp-multihop 3 neigh 192.168.1.1 update-source loopback0 neigh 192.168.1.1 filter-list 10 in neigh 192.168.1.1 distribute-list 100 in no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 192.168.2.1 255.255.255.252 2.2.2.2ip route 192.168.2.1 255.255.255.252 3.3.3.2

18

10.1.0.0/16

1.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

Config-3

• AS3786 회선에 inbound traffic 이 많을때

router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 110 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0!access-list 110 permit host 10.1.0.0 host 255.255.0.0access-list 110 permit host 10.1.128.0 host 255.255.128.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.128.0 255.255.128.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

19

10.1.0.0/16

1.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3559

AS100

Config-4


router bgp 100 network 10.1.0.0 mask 255.255.0.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 route-map PREPEND out neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0!route-map PREPEND permit 10 set as-path prepend 100!ip route 10.1.0.0 255.255.0.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

20

10.1.0.0/16/16

1.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

Config-5


router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 route-map PREPEND out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.128.0 host 255.255.128.0!access-list 110 permit host 10.1.128.0 host 255.255.128.0!route-map PREPEND permit 10 match ip address 110 set as-path prepend 100route-map PREPEND permit 20!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.128.0 255.255.128.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

21

Config-6

• Network 별로 inbound traffic 을 분리 / 조절하기 위해

10.1.0.0/16

1.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.128.0 network 10.1.128.0 mask 255.255.128.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 110 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.128.0 host 255.255.128.0!access-list 110 permit host 10.1.0.0 host 255.255.0.0access-list 110 permit host 10.1.0.0 host 255.255.128.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.0.0 255.255.128.0 null0ip route 10.1.128.0 255.255.128.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

22

1.1.1.2

2.2.2.2

3.3.3.2

4.4.4.2

1.1.1.1

2.2.2.1

3.3.3.1

4.4.4.1

10.1.0.0/1610.1.0.0/1810.1.64.0/1810.1.128.0/1810.1.192.0/18

AS100 192.168.0.1

192.168.1.1

192.168.2.1

192.168.3.1

Interface loopback 0 ip address 192.168.0.1 255.255.255.252!router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.192.0 network 10.1.64.0 mask 255.255.192.0 neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback 0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 10.1.0.2 remote-as 100 neigh 10.1.0.2 next-hop-self no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.0.0 host 255.255.192.0access-list 100 permit host 10.1.64.0 host 255.255.192.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.0.0 255.255.192.0 null0ip route 10.1.64.0 255.255.192.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 10.1.0.2 10ip route 192.168.2.1 255.255.255.252 1.1.1.1ip route 192.168.2.1 255.255.255.252 2.2.2.1

AS3786

10.1.0.1

10.1.0.2

Config-7

• 데이콤에 여러 개의 회선을 안정성을 위해 분리 접속할 경우

23

Config-8

1.1.1.2

2.2.2.2

3.3.3.2

4.4.4.2

1.1.1.1

2.2.2.1

3.3.3.1

4.4.4.1

10.1.0.0/1610.1.0.0/1810.1.64.0/1810.1.128.0/1810.1.192.0/18

AS100 192.168.0.1

192.168.1.1

192.168.2.1

192.168.3.1

Interface loopback 0 ip address 192.168.0.1 255.255.255.252!router bgp 100 network 10.1.0.0 mask 255.255.0.0 network 10.1.0.0 mask 255.255.192.0 network 10.1.64.0 mask 255.255.192.0 neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback 0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 10.1.0.2 remote-as 100 neigh 10.1.0.2 next-hop-self no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.0.0 host 255.255.0.0access-list 100 permit host 10.1.0.0 host 255.255.192.0access-list 100 permit host 10.1.64.0 host 255.255.192.0access-list 100 permit host 10.1.128.0 host 255.255.192.0!ip route 10.1.0.0 255.255.0.0 null0ip route 10.1.0.0 255.255.192.0 null0ip route 10.1.64.0 255.255.192.0 null0ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 10.1.0.2 10ip route 192.168.2.1 255.255.255.252 1.1.1.1ip route 192.168.2.1 255.255.255.252 2.2.2.1

AS3786

10.1.0.1

10.1.0.2

• 데이콤에 여러 개의 회선을 안정성을 위해 분리 접속할 경우

24

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out no sync no auto-summary!ip as-path access-list 10 permit ^$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-9

• 양 사업자가 주는 국내정보를 받을때

25

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 20 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 deny .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-10

• 양 사업자로부터 아무 정보도 받지 않고 default 로 outbound traffic 분산

26

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out no neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 20 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 deny .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-11

• 국내는 AS3786 을 통해 가게하고 , 해외는 양사업자로 분산해서 가게 할떄

27

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3559

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 3786$ip as-path access-list 30 3559$!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-12

• AS3559, AS3786 영역은 직회선을 이용하게 하고 , 나머지는 임의로 분산해서 가도록 함

28

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3559

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 permit 3786$ip as-path access-list 30 permit .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-13

• AS3786 으로는 직회선 이용 , 나머지는 KT 회선 이용 , 해외는 임의로 분산

29

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3559

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3559 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 30 deny (3786|3976)ip as-path access-list 30 permit .*!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-14

• AS3786,AS3976으로 가는 것은 AS3786 과의 직회선을 이용하게 하고 , 나머지는 임의 분산

30

10.1.1.0/24/241.1.1.2

1.1.1.1

2.2.2.2

2.2.2.1

AS3786

AS3976

AS100

router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3786 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 2.2.2.1 remote-as 3976 neigh 2.2.2.1 filter-list 10 out neigh 2.2.2.1 distribute-list 100 out neigh 2.2.2.1 route-map INET in no sync no auto-summary!Ip as-path access-list 10 permit ^$ip as-path access-list 20 permit (4766|2563|1237|3608)!access-list 100 permit host 10.1.1.0 host 255.255.255.0!route-map INET permit 10 match ip as-path 20 set metric 100route-map INET permit 20!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1

Config-15

• AS4766,2563,1237,3608 로 가는 traffic은 AS3786 과의 직회선을 이용하게 하고 , 나머지는 임의 분산

31

Config-16

• Outbound 가 많은 site 에서 ISP 와 연결된 회선대역이 틀릴 경우

10.1.1.0/241.1.1.2

1.1.1.1

2.2.2.22.2.2.1

AS3559

AS3786AS100 3.3.3.2

3.3.3.1192.168.1.1/30

192.168.2.1/30

Interface loopback 0 ip address 192.168.1.1 255.255.255.252!router bgp 100 network 10.1.1.0 mask 255.255.255.0 neigh 1.1.1.1 remote-as 3559 neigh 1.1.1.1 filter-list 10 out neigh 1.1.1.1 distribute-list 100 out neigh 1.1.1.1 filter-list 20 in neigh 192.168.2.1 remote-as 3786 neigh 192.168.2.1 ebgp-multihop 3 neigh 192.168.2.1 update-source loopback0 neigh 192.168.2.1 filter-list 10 out neigh 192.168.2.1 distribute-list 100 out neigh 192.168.2.1 filter-list 30 in no sync no auto-summary!ip as-path access-list 10 permit ^$ip as-path access-list 20 permit (3559|4766|7563)ip as-path access-list 30 permit (3786|1237|2563)!access-list 100 permit host 10.1.1.0 host 255.255.255.0!ip route 0.0.0.0 0.0.0.0 1.1.1.1ip route 0.0.0.0 0.0.0.0 2.2.2.1ip route 0.0.0.0 0.0.0.0 3.3.3.1ip route 192.168.2.1 255.255.255.252 2.2.2.1ip route 192.168.2.1 255.255.255.252 3.3.3.1