FRR OSPF Route-MAP 配置指南
概述
Route-Map 是 FRR (FRRouting) 中强大的路由策略工具,用于控制 OSPF 路由的发布和接收。通过 Route-Map,可以实现:
- 路由过滤
- 路由属性修改
- 条件路由发布
基本概念
Route-Map 结构
Route-Map 由一条或多条 sequence 组成,每个 sequence 有:
- 匹配条件 (match):定义哪些路由会被处理
- 动作 (action):
permit(允许)或deny(拒绝) - 设置语句 (set):修改路由属性
顺序执行
Route-Map 按序列号从小到大依次执行:
- 一旦匹配成功,执行对应动作并停止
- 如果所有 sequence 都未匹配,默认拒绝
常用匹配条件
| 匹配类型 | 说明 | 示例 |
|---|---|---|
ip address | 匹配 IP 地址/前缀 | match ip address prefix-list LIST |
interface | 匹配出接口 | match interface eth0 |
metric | 匹配路由开销 | match metric 100 |
protocol | 匹配路由协议类型 | match protocol ospf |
next-hop | 匹配下一跳地址 | match ip next-hop A.B.C.D |
tag | 匹配路由标签 | match tag 100 |
as-path | 匹配 AS 路径(BGP) | match as-path 100 |
支持的协议类型
ospf- OSPF 路由static- 静态路由connected- 直连路由kernel- 内核路由rip- RIP 路由bgp- BGP 路由isis- IS-IS 路由pim- PIM 路由
配置示例
1. 基本路由过滤
场景:只允许特定网段的路由进入 OSPF
router ospf
# 定义前缀列表
ip prefix-list INTERNAL_NETS seq 5 permit 10.0.0.0/8 le 24
ip prefix-list INTERNAL_NETS seq 10 permit 172.16.0.0/12 le 24
ip prefix-list INTERNAL_NETS seq 15 permit 192.168.0.0/16 le 24
ip prefix-list INTERNAL_NETS seq 20 deny any
# 应用到路由重分发
redistribute connected route-map FILTER_CONNECTED
# 定义 route-map
route-map FILTER_CONNECTED permit 10
match ip address prefix-list INTERNAL_NETS
场景:过滤掉特定路由
# 定义要过滤的网段
ip prefix-list BLOCK_NETS seq 5 deny 192.168.100.0/24
ip prefix-list BLOCK_NETS seq 10 permit any
# 应用到路由注入
router ospf
default-information originate route-map FILTER_DEFAULT
route-map FILTER_DEFAULT permit 10
match ip address prefix-list BLOCK_NETS
2. 修改路由属性
场景:修改路由开销值
route-map SET_METRIC permit 10
set metric 100
route-map SET_METRIC permit 20
match ip address prefix-list SPECIAL_NETS
set metric 50
# 应用
router ospf
redistribute static route-map SET_METRIC
场景:根据路由类型设置不同开销
route-map METRIC_BY_TYPE permit 10
match ip address prefix-list CRITICAL_NETS
set metric 10
route-map METRIC_BY_TYPE permit 20
match ip address prefix-list NORMAL_NETS
set metric 100
3. 条件路由发布
场景:只在有特定路由时发布默认路由
# 定义匹配条件
ip prefix-list ISP_ROUTE seq 5 permit 0.0.0.0/0
route-map CONDITIONAL_DEFAULT permit 10
match ip address prefix-list ISP_ROUTE
router ospf
default-information originate route-map CONDITIONAL_DEFAULT always
4. 重分发控制
场景:从 BGP 重分发到 OSPF 时过滤路由
# 只允许特定 BGP 路由进入 OSPF
ip prefix-list FROM_BGP seq 5 permit 203.0.113.0/24
ip prefix-list FROM_BGP seq 10 permit 198.51.100.0/24
ip prefix-list FROM_BGP seq 15 deny any
route-map BGP_TO_OSPF permit 10
match ip address prefix-list FROM_BGP
set metric 50
set metric-type type-1
router ospf
redistribute bgp route-map BGP_TO_OSPF
场景:不同协议间重分发
# 静态路由重分发
route-map STATIC_TO_OSPF permit 10
match ip address prefix-list STATIC_NETS
set metric 20
# 直连路由重分发
route-map CONNECTED_TO_OSPF permit 10
match interface eth0 eth1
set metric 10
router ospf
redistribute connected route-map CONNECTED_TO_OSPF
redistribute static route-map STATIC_TO_OSPF
5. 基于 OSPF 协议的匹配
场景:只处理 OSPF 协议的路由
# 匹配所有 OSPF 路由
route-map ONLY_OSPF permit 10
match protocol ospf
set metric 50
# 在重分发时应用
router ospf
redistribute connected route-map ONLY_OSPF
场景:排除 OSPF 路由,处理其他协议
# 排除 OSPF 路由,只允许其他协议的路由
route-map EXCLUDE_OSPF permit 10
match protocol static
match protocol connected
match protocol kernel
set metric 20
route-map EXCLUDE_OSPF deny 20
match protocol ospf
# 或者使用更简洁的方式
route-map FILTER_PROTOCOL permit 10
match protocol static
set metric 30
!
route-map FILTER_PROTOCOL permit 20
match protocol connected
set metric 10
!
# 默认拒绝其他协议(包括 ospf)
场景:根据 OSPF 路由类型处理
# 区分 OSPF 内部路由和外部路由
route-map OSPF_INTERNAL permit 10
match protocol ospf
match ip address prefix-list INTERNAL_PREFIX
set metric 10
route-map OSPF_EXTERNAL permit 20
match protocol ospf
set metric 100
router ospf
redistribute ospf route-map OSPF_EXTERNAL
6. 区域间路由控制
# 区域间路由过滤
router ospf
area 1 filter-list prefix IN_AREA1 in
area 1 filter-list prefix OUT_AREA1 out
ip prefix-list IN_AREA1 seq 5 deny 192.168.10.0/24
ip prefix-list IN_AREA1 seq 10 permit 10.0.0.0/8 le 24
ip prefix-list IN_AREA1 seq 15 permit 172.16.0.0/12 le 24
ip prefix-list IN_AREA1 seq 20 permit 192.168.0.0/16 le 24
常用命令
查看配置
# 显示 route-map 配置
show route-map
# 显示前缀列表
show ip prefix-list
# 显示 OSPF 路由表
show ip ospf route
# 显示 OSPF 数据库
show ip ospf database
# 显示 route-map 统计信息
show ip protocols ospf
调试命令
# 启用 OSPF 调试
debug ospf lsa
debug ospf zebra
# 查看路由重分发情况
show ip ospf redistribute
# 查看各协议路由
show ip route ospf
show ip route static
show ip route connected
show ip route bgp
# 查看 route-map 匹配统计
show ip route-map detail
最佳实践
1. 命名规范
# 使用描述性的名称
route-map FILTER_EXTERNAL_STATIC permit 10
route-map SET_METRIC_INTERNAL permit 10
route-map BGP_TO_OSPF permit 10
2. 序列号规划
# 使用 10 的倍数,方便插入新规则
route-map EXAMPLE permit 10
route-map EXAMPLE permit 20
route-map EXAMPLE permit 30
# 后续可以在 10 和 20 之间插入
route-map EXAMPLE permit 15
3. 默认拒绝策略
# 总是添加最后的拒绝规则
route-map EXAMPLE permit 10
match ip address prefix-list ALLOW_NETS
!
route-map EXAMPLE deny 20
!
# 隐含的 deny any 在最后
4. 测试配置
# 临时设置为 permit 观察效果
route-map TEMP_DEBUG permit 100
set metric 999
# 确认无误后调整
no route-map TEMP_DEBUG permit 100
故障排查
问题 1:路由未按预期发布
# 检查 route-map 配置
show route-map
# 检查前缀列表匹配
show ip prefix-list
# 检查 OSPF 进程
show ip ospf
show running-config | section router ospf
问题 2:路由开销未生效
# 检查 route-map 是否正确应用
show ip protocols ospf
# 验证 set 语句
show route-map <name>
# 检查路由表
show ip route ospf
问题 3:所有路由都被过滤
# 检查是否忘记 permit 规则
show route-map
# 确认最后一条规则
route-map EXAMPLE permit 100
问题 4:协议匹配不生效
# 检查路由协议类型
show ip route
# 确认 route-map 中的 protocol 匹配
show route-map
show running-config | section route-map
# 验证特定协议的路由
show ip route ospf
show ip route static
show ip route connected
# 检查匹配统计
show ip route-map detail
实战案例
案例:多出口路由选路
# 定义 ISP1 的路由
ip prefix-list ISP1_ROUTES seq 5 permit 203.0.113.0/24
# 定义 ISP2 的路由
ip prefix-list ISP2_ROUTES seq 5 permit 198.51.100.0/24
# 修改 ISP1 路由开销
route-map PREFER_ISP1 permit 10
match ip address prefix-list ISP1_ROUTES
set metric 10
route-map PREFER_ISP1 permit 20
match ip address prefix-list ISP2_ROUTES
set metric 100
router ospf
redistribute static route-map PREFER_ISP1
案例:路由聚合
# 创建聚合路由
ip route 10.0.0.0/8 Null0
# 控制聚合路由发布
route-map AGGREGATE_ROUTE permit 10
set metric 50
set metric-type type-1
router ospf
redistribute static route-map AGGREGATE_ROUTE
还有一条命令,全局过滤prefix-list BLOCKNET中匹配的路由条目
ip protocol ospf route-map BLOCKNET