Filtering Routes in BGP using Route-maps and Prefix-list

Order of preference of attributes in BGP
The order of preference varies based on whether the attributes are applied for inbound updates or outbound updates.
For inbound updates the order of preference is:
  •     route-map
  •     filter-list
  •     prefix-list, distribute-list
For outbound updates the order of preference is:
  •     prefix-list, distribute-list
  •     filter-list
  •     route-map
NOTE: The attributes prefix-list and distribute-list are mutually exclusive, and only one command (neighbor distribute-list or neighbor prefix-list) can be applied to each inbound or outbound direction for a particular neighbor.


Scenario:
We own the AS500 and advertising a network block of 192.0.2.0/24 and 180.179.179.0/16 to two different ISPs.


Objectives:
  • Configure router R1 to establish eBGP neighbor relationship with ISP1.
  • Configure router R1 to establish eBGP neighbor relationship with ISP2.
  • Advertise  192.0.2.0/24 network to ISP1 only.
  • Advertise 180.179.179.0/16 network to ISP2 only.
  • Receive routes having network prefix of less than 20 from ISP1.
  • Receive routes having network prefix of greater than 20 from ISP2.


Topology:


Download the gns3 topology here:

BGP route filetering.rar
BGP route filetering_Solved.rar

IOS: c3725-advipservicesk9-mz.124-17.bin


Solution:

Configuring eBGP neighbor relationship with ISP1 and ISP2
router bgp 500
 neighbor 172.16.1.1 remote-as 200
 neighbor 192.168.1.1 remote-as 100
 Let's verify the routes received from both the ISPs on router R1.

Routes received from ISP1:
Routes received from ISP1

 Routes received from ISP2:
Routes received from ISP2



Advertising routes to ISPs as per objective
ip prefix-list ISP1_OUT seq 10 permit 192.0.0.0/16
!
ip prefix-list ISP2_OUT seq 10 permit 180.179.0.0/16
!
route-map ISP1_OUT permit 10
 match ip address prefix-list ISP1_OUT
!
route-map ISP2_OUT permit 10
 match ip address prefix-list ISP2_OUT
!
router bgp 500
 network 180.179.0.0
 network 192.0.0.0 mask 255.255.0.0
 neighbor 172.16.1.1 remote-as 200
 neighbor 192.168.1.1 remote-as 100
 neighbor 192.168.1.1 route-map ISP1_OUT out
 neighbor 172.16.1.1 route-map ISP2_OUT out
 Now let's verify what routes we are advertising to both the ISPs.
Routes advertised to ISPs


Filtering incoming routes using Route-map
ip prefix-list ISP1_IN seq 10 permit 0.0.0.0/0 le 19
!
ip prefix-list ISP2_IN seq 10 permit 0.0.0.0/0 ge 20
!
route-map ISP2_IN permit 10
 match ip address prefix-list ISP2_IN
!
route-map ISP1_IN permit 10
 match ip address prefix-list ISP1_IN
!
router bgp 500
 neighbor 192.168.1.1 remote-as 100
 neighbor 172.16.1.1 remote-as 200
 neighbor 172.16.1.1 route-map ISP2_IN in
 neighbor 192.168.1.1 route-map ISP1_IN in
Let's verify the routes received from both ISPs after filtering.
Filtered routes from ISPs


Filtering incoming routes using prefix-list
ip prefix-list ISP1_IN seq 10 permit 0.0.0.0/0 le 19
!
ip prefix-list ISP2_IN seq 10 permit 0.0.0.0/0 ge 20
!
router bgp 500
 neighbor 192.168.1.1 remote-as 100
 neighbor 172.16.1.1 remote-as 200
 neighbor 172.16.1.1 prefix-list ISP2_IN in
 neighbor 192.168.1.1 prefix-list ISP1_IN in



Comments

Post a Comment

Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration