© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Filtering with Prefix-Lists.

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Chapter 9: Access Control Lists
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
Calculating Subnet Masks
Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.
CCNP – Advanced Routing
Cabrillo College Building Scalable Cisco Networks Ch. 9 Scaling BGP Rick Graziani, Instructor with Mark McGregor December 12, 2000.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Configuring and Monitoring Route Reflectors.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring Small-Scale Routing Protocols Between PE and CE Routers.
BGP Policy Control.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
Manipulating Routing Updates Controlling Routing Update Traffic.
BGP Overview Sumanta Das Gajendra Mahapatra. Content 1.Introduction 2.Session Establishment 3.Route processing 4.Basic Configuration 5.BGP Police.
© 2002, Cisco Systems, Inc. All rights reserved..
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Chapter 9. Implementing Scalability Features in Your Internetwork.
Access-Lists Securing Your Router and Protecting Your Network.
ACLs ACLs are hard. Read, read, read. Practice, practice, practice ON TEST4.
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 2 – 6 IP Access Lists 1.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
BGP Filtering (Policy Routing). BGP Filtering Can Apply our Routing Policy Controlling the sending and receiving updates Prefix Filtering AS_Path Filtering.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Route Filtering and Route Selection in BGP
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Employing AS-Path Filters.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
Route Selection Using Policy Controls
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Using BGP Route Dampening.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Outbound Route Filtering.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Implementing BGP Peer Groups.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Forwarding Packets in a Transit AS.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Module Summary The multihomed customer network must exchange BGP information with both ISP.
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Monitoring and Troubleshooting BGP.
Route Selection Using Attributes
© 2002, Cisco Systems, Inc. All rights reserved..
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.
Optimizing Routing 1. Using Multiple Routing Protocols
Chapter 4: Manipulating Routing Updates
Instructor Materials Chapter 7: Access Control Lists
Instructor Materials Chapter 4: Access Control Lists
Scaling Service Provider Networks
Chapter 4: Access Control Lists (ACLs)
Chapter 4: Access Control Lists
Presentation transcript:

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Filtering with Prefix-Lists

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-2 Outline Overview Requirements for Prefix-Based Filters Prefix-Lists vs. IP Access-Lists Configuring Prefix-Lists BGP Filters Implementation Implementing Prefix-Lists in the BGP Process Modifying Prefix-Lists Monitoring Prefix-Lists Summary

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-3 Requirements for Prefix-Based Filters Service providers have to filter customer updates to ensure that the customers announce only their assigned address space.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-4 Prefix-Lists vs. IP Access-Lists Traditional prefix filters Traditional IP prefix filters were implemented with IP access- lists configured with the distribute-list command. IP access-lists used as route filters have several drawbacks: –Subnet mask cannot be easily matched. –Access-lists are evaluated sequentially for every IP prefix in the routing update. –Access-lists are hard to edit. –Extended access-lists can be cumbersome to configure.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-5 Prefix-Lists vs. IP Access-Lists (Cont.) Prefix-lists New route-filtering mechanism Significant performance improvement on long filters –Inside Cisco IOS software, the prefix-list is a tree structure and is not scanned sequentially. Support for incremental updates –Individual entries in prefix-lists can be inserted or deleted. More user-friendly CLI –The CLI for using access-lists to filter BGP updates is difficult to understand and use, because it uses the packet-filtering format. Greater flexibility; can match on subnet masks

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-6 Prefix-Lists vs. IP Access-Lists (Cont.) Key access-list features are preserved. –Filtering using “permit” or “deny” –Order dependency (first match wins) –Security-focused: no match means “deny” The matching mechanism has changed. –Matches routes in a part of address space with subnet mask longer or shorter than a set number

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-7 Configuring Prefix-Lists ip prefix-list list-name [seq seq] {permit|deny} network/len [ge value] [le value] router(config)# Prefix-lists have names and sequence numbers (like route- maps). An entry with no le or ge parameter matches exactly the specified prefix. An entry with an le or ge parameter matches any route within the address space of address/prefix with prefix longer or equal to ge value and shorter than or equal to le value.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-8 Configuring Prefix-Lists (Cont.) Prefix-list matching rules Prefix-list entries with no ge or le option match only the specified route. –Similar to IP access-lists with no wildcard bits –Matching also considers subnet mask Which of the following routes will be matched by: ip prefix-list MyList permit /16? / / /24  XX

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-9 Configuring Prefix-Lists (Cont.) A prefix-list entry with ge or le option matches any prefix within specified address space where the subnet mask falls within specified limits. Which of the following routes will be matched by: ip prefix-list MyList permit /16 le 20? / / /24 ip prefix-list MyList permit /16 ge 18? / / /24   XX  

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-10 Configuring Prefix-Lists (Cont.) What will be matched by: a)ip prefix-list A permit /0 ge 32 b)ip prefix-list B permit /2 ge 17 c)ip prefix-list C permit /0 le 32 d)ip prefix-list D permit /0 e)ip prefix-list E permit /1 le 24 a)All host routes b)Any subnet in class B address space c)All routes d)Just the default route e)Any prefix in class A address space covering at least 256 addresses

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-11 BGP Filters Implementation

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-12 Implementing Prefix-Lists in the BGP Process neighbor {ip-address|peer-group-name} prefix-list prefix-listname {in|out} router(config-router)# Filters inbound or outbound BGP routing updates for a configured neighbor session distribute-list prefix-list prefix-list out routing-process router(config-router)# Filters routes redistributed from specified routing process into BGP

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-13 Prefix-List Example: Filtering Customer Prefixes Requirement: The customer will announce prefixes only from assigned address space ( /16), with subnet masks no longer than /24.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-14 Prefix-List Example: Filtering Peer Prefixes Requirement: The ISP will not accept routes with subnet masks longer than /24; subnet masks from class B address space will be no longer than /20.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-15 Modifying Prefix-Lists show ip prefix-list list-name [detail|summary] router# Displays the prefix-list and the sequence numbers no ip prefix-list seq seq condition router(config)# Erases the line with the specified sequence number from the prefix-list ip prefix-list seq seq condition router(config)# Inserts the line into the prefix-list at the specified point

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-16 Monitoring Prefix-Lists show ip prefix-list [detail | summary] prefix-list-name [network/length] [seq sequence-number] [longer] [first- match] router# To display information about a prefix-list or prefix-list entries show ip bgp prefix-list prefix-list-name router# Displays all routes in the BGP table matching the prefix-list Used for easier monitoring of a desired network prefix group in the BGP table

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-17 Monitoring Prefix-Lists (Cont.)

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-18 Monitoring Prefix-Lists (Cont.)

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-19 Summary Customers with multihomed networks are responsible for announcing their own networks using BGP, and service providers with multihomed customers must take precautions not to accept, use, or forward any erroneous routing information that is received from their customers. Prefix-lists have a number of advantages over access-lists, including faster “permit” or “deny” determinations and easier CLI editing. Prefix-lists are configured using the ip prefix-list global configuration command. Filter-lists and prefix-lists can be optionally applied on either incoming or outgoing neighbors in any combination.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-20 Summary (Cont.) Prefix-lists can filter incoming or outgoing BGP updates to neighbors and filter routes that are being redistributed into the BGP process from other routing protocols. Use the neighbor prefix-list router configuration command to distribute BGP neighbor information as specified in a prefix-list. Certain Cisco IOS commands (such as the show ip prefix-list command) are used to modify configured prefix-list filters. To display or monitor statistics about a prefix-list or prefix- list entries, you can use the show ip prefix-list EXEC command.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.