Re: BGP Prefix-Based Outbound Route Filtering

From: pita40 (pita40@hotmail.com)
Date: Fri Nov 21 2003 - 16:58:50 GMT-3

• Next message: Yinglam Cheung: "IS-IS on Catalyst 3550-12T"
• Previous message: Carter, Lee: "OSPF Authentication"
• Maybe in reply to: pita40: "BGP Prefix-Based Outbound Route Filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Brian.
You always make things clear.

----- Original Message -----
From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
To: <ccielab@groupstudy.com>; "'pita40'" <pita40@hotmail.com>
Sent: Friday, November 21, 2003 2:14 PM
Subject: RE: BGP Prefix-Based Outbound Route Filtering

Here's an example:

R1---R2

R1 = AS 1, R2 = AS 2
R2 originates 1.1.1.1/32 and 2.2.2.2/32
R1 is the downstream client, R2 is the upstream provider

R1:
router bgp 1
 neighbor 10.0.0.2 remote-as 2
 !
 address-family ipv4
 neighbor 10.0.0.2 capability orf prefix-list send
 ! R1 will 'send' the prefix-list upstream
 ! for R2 to use as an outbound filter

R2:
router bgp 2
 neighbor 10.0.0.1 remote-as 1
 !
 address-family ipv4
 neighbor 10.0.0.1 capability orf prefix-list receive
 !
 ! R2 will 'receive' a prefix-list from downstream
 ! to use as an outbound filter
 !
 network 1.1.1.1 mask 255.255.255.255
 network 2.2.2.2 mask 255.255.255.255

BGP adjacency is established, ORF is configured, but no
filtering is applied. R2 is advertising 1.1.1.1/32 + 2.2.2.2/32, and R1
is receiving it:

R1#sh ip bgp | in /32
*> 1.1.1.1/32 10.0.0.2 0 0 2 i
*> 2.2.2.2/32 10.0.0.2 0 0 2 i

R2#sh ip bgp nei 10.0.0.1 adv | in /32
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i

Now we're going to create a filter on R1 that only permits
1.1.1.1/32 and apply it through ORF. The difference is that when R2
does 'sh ip bgp nei 10.0.0.1 adv' the prefixes will be filtered there
outbound instead of on R1 inbound. This is the advantage of ORF.

R1(config)#ip prefix ORF permit 1.1.1.1/32
R1(config)#router bgp 1
R1(config-router)#nei 10.0.0.2 prefix-list ORF in
R1(config-router)#end
R1#clear ip bgp 10.0.0.2 in prefix-filter
R1#sh ip bgp
BGP table version is 4, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.0.0.2 0 0 2 i
R1#

R2#sh ip bgp nei 10.0.0.1 adv | in /32
*> 1.1.1.1/32 0.0.0.0 0 32768 i

Notice that R2 is only sending 1.1.1.1/32 now. Normally R2
would send all prefixes and R1 would have to throw them away after they
come in.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Brian McGahan
> Sent: Friday, November 21, 2003 12:05 PM
> To: ccielab@groupstudy.com
> Subject: RE: BGP Prefix-Based Outbound Route Filtering
>
> The send/receive/both option specifies whether you can send to
> an upstream neighbor a prefix for them to filter with, whether you can
> receive a prefix from a downstream neighbor to filter out to them, or
> both.
>
> The final step which is not as clear as it should be is to apply
> a prefix-list inbound to the upstream peer. You can verify that its
> working by going to the upstream peer and doing a 'sh ip bgp nei
x.x.x.x
> advertised' From this output you should see only what is matched in
the
> downstream peer's prefix-list.
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 708-362-1418 (Outside the US and Canada)
>
> -----Original Message-----
> From: pita40 [mailto:pita40@hotmail.com]
> Sent: Friday, November 21, 2003 10:15 AM
> To: bmcgahan@internetworkexpert.com
> Subject: Fw: BGP Prefix-Based Outbound Route Filtering
>
>
> Can some you post a good example when to use BGP Prefix-Based
Outbound
> Route Filtering. The example in CCO did not do justice to the topic.
> When you configure the command do you need to have a prefix-list
> associated with it? Below is CCO example
>
> router bgp 100
> address-family ipv4 unicast
> neighbor 172.16.1.2 remote-as 200
> neighbor 172.16.1.2 capability orf prefix-list send
>
> router bgp 100
> address-family ipv4 unicast
> neighbor 192.168.1.2 remote-as 200
> neighbor 192.168.1.2 capability orf prefix-list both
>
>
>
> Also what is the difference with the command below from
> capability orf prefix-list send above
>
> router bgp 100
> neighbor 176.16.1.2 capability orf prefix-filter send
>
>

• Next message: Yinglam Cheung: "IS-IS on Catalyst 3550-12T"
• Previous message: Carter, Lee: "OSPF Authentication"
• Maybe in reply to: pita40: "BGP Prefix-Based Outbound Route Filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:15 GMT-3