From: Brian McGahan (brian@cyscoexpert.com)
Date: Fri Oct 18 2002 - 16:36:07 GMT-3
Nate,
Another tool that is worth mentioning in this thread is a
feature called "BGP Outbound Route Filtering". BGP ORF works as
follows:
Internet--R1--R2
R1 is sending his customer, R2, a full BGP table of over 100k
prefixes. R2 does not want a full view however, but instead wants only
a few hundred prefixes. Normal implementation would call for two
solutions:
1. R2 allows the few hundred prefixes inbound, and denies everything
else
2. R1 allows only the few hundred prefixes outbound that R2 wants
There are problems with both of these solutions however. The
problem with R2 filtering inbound is that R1 must send 100k prefixes,
and R2 must still process all of the prefixes before filtering them out.
The second solution is problematic because R1's AS must keep track of
R2's AS's routing policy, which adds extra red tape. This is where ORF
comes in.
With ORF, you can get the advantages of both of the previous
solutions, and avoid the disadvantages. R2 defines the prefix-list that
specifies what prefixes are allowed, however instead of applying it
inbound as seen before, it is sent upstream to R1, and R1 applies it
outbound. This means that the filtering is done outbound on R1, however
the administration of the filter is still maintained by R2.
For more info and configuration examples:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_
guide09186a0080087c26.html
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
Voice: 847.674.3392
Fax: 847.674.2625
> -----Original Message-----
> From: Nathan Chessin [mailto:nchessin@cisco.com]
> Sent: Friday, October 18, 2002 10:48 AM
> To: 'Brian McGahan'
> Subject: RE: BGP inbound route-map
>
> Brian,
>
> Thanks for your reply. Please see the link below, a few paragraphs
down.
> http://www.cisco.com/warp/customer/459/13.html#A7.0 It says the
> restriction
> has been liften in 11.2 and later, but I am getting mixed signals from
> people on the list. I am not sure, but will try it and let you know.
>
> Nate
>
>
>
> > -----Original Message-----
> > From: Brian McGahan [mailto:brian@cyscoexpert.com]
> > Sent: Friday, October 18, 2002 6:25 AM
> > To: 'Erling Bjxntegerd (Privat)'; 'Nathan Chessin'
> > Cc: ccielab@groupstudy.com
> > Subject: RE: BGP inbound route-map
> >
> >
> > Nate,
> >
> > Could you clarify your question some more? If you are asking if
> > you can filter prefixes based on address in an inbound route-map,
then
> > yes you can. You can not match on address directly, but must
instead
> > must match an access-list or prefix-list.
> >
> > The following syntax accepts only the prefix 1.2.3.0/24 from the
> > BGP neighbor 10.20.30.40.
> >
> > Ip prefix-list X permit 1.2.3.0/24
> > !
> > route-map Y permit 10
> > match ip address prefix-list X
> > !
> > router bgp 10
> > neighbor 10.20.30.40 route-map Y in
> >
> >
> > Is this what you are asking?
> >
> > HTH
> >
> > Brian McGahan, CCIE #8593
> > Director of Design and Implementation
> > brian@cyscoexpert.com
> >
> > CyscoExpert Corporation
> > Internetwork Consulting & Training
> > Voice: 847.674.3392
> > Fax: 847.674.2625
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> > Of
> > > Erling Bjxntegerd (Privat)
> > > Sent: Friday, October 18, 2002 4:34 AM
> > > To: Nathan Chessin
> > > Cc: ccielab@groupstudy.com
> > > Subject: Re: BGP inbound route-map
> > >
> > > Hi,
> > > look at following link
> > >
> > http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.h
> tm#xtocid2
> 04
> > 3934
> > where it is stated:
> >
> > Route Map Filtering
> > The neighbor route-map router configuration command can be used to
> apply a
> > route map to incoming and outgoing routes.
> >
>
------------------------------------------------------------------------
> --
> > ------
> > Note The neighbor route-map command has no effect on incoming
updates
> when
> > matching is based on IP address.
> >
>
------------------------------------------------------------------------
> --
> > ------
> >
> > You can find the document on the UniverCD at 'Internetworking Case
> > Studies' and then 'Using the Border Gateway Protocol for Interdomain
> > Routing'.
> >
> > Regards
> > Erling Bjontegard
> >
> > ----- Original Message -----
> > From: "Nathan Chessin" <nchessin@cisco.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Friday, October 18, 2002 7:09 AM
> > Subject: BGP inbound route-map
> >
> >
> > > Hi all,
> > >
> > > Is it still true that you can not filter inbound BGP updates with
a
> > > route-maps that matches on ip address in the BGP neighbor command?
> > >
> > >
> > > Nate
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:51 GMT-3