BGP Filtering (Policy Routing)

BGP Filtering Can Apply our Routing Policy Controlling the sending and receiving updates Prefix Filtering AS_Path Filtering Route-map Filtering Community Filtering

Network Example AS A C B AS2 AS3 AS / / / / /16 networkas-path / / / networkas-path / / / networkas-path / / / / networkas-path / / / /16 2 4

Prefix Filtering RTC’s configuration bgp router 3 network neighbor remote-as 2 neighbor remote-as 1 neighbor distribute-list 1 out ip as-path access-list 1 deny ip as-path access-list 1 permit any

AS_path Filtering RTC’s configuration bgp router 3 network neighbor remote-as 2 neighbor remote-as 1 neighbor filter-list 1 out ip as-path access-list 1 deny ^2$ ip as-path access-list 1 permit.* as-path access-list is only applied to AS_path in the bgp entries sh ip bgp regexp regular-expression –sh ip bgp re ^$ –sh ip bgp re ^2$ –sh ip bgp re ^2 –sh ip bgp re 2

Regular Expression. * + ? ^ $ _ [ ] - match any single char, including white space match 0 or more sequences of the pattern match 1 or more sequences of the pattern match 0 or 1 occurrence of the pattern match the beginning of the input string match the end of the input string match comma, {, }, (, ), ^, $, space designate a range of single-char patterns separate the end points of a range

Regular Expression (cont.) ^$.* 300 ^300 ^300$ ^300_ _300$ _300_ ^(300_)*$ paths in local AS paths paths including 300 paths announced from AS300 directly paths in AS300 equal to regexp ^300 paths originated from AS300 equal to regexp 300 ^$, ^300$, ^ $, ^ $,...

Route-map Filtering RTC’s configuration bgp router 3 network neighbor remote-as 2 neighbor remote-as 1 neighbor route-map AS2FILTER 1 out ip as-path access-list 1 deny ^2$ route-map AS2FILTER permit 10 match as-path 1 router-map AS2FILTER permit 20 route-map is more powerful than filter-list –because route-map can check many things and change many attributes

Community Filtering RTB’s configuration bgp router 2 network neighbor remote-as 3 neighbor send-community neighbor route-map SETCOMMUNITY out route-map SETCOMMUNITY permit 10 match ip adress 1 set community no-export route-map SETCOMMUNITY permit 20 access-list 1 permit This prevents RTC from announcing the routes received from RTB to other peers.

Community Filtering (cont.) RTC’s configuration bgp router 3 network neighbor remote-as 2 neighbor route-map check-community in route-map check-community permit 10 match community 1 set weight 20 route-map check-community permit 20 match community 2 exact set weight 10 route-map check-community permit 30 match community 3 ip community-list 1 permit 100 ip community-list 2 permit 200 ip community-list 3 permit internet