Download presentation
Presentation is loading. Please wait.
1
BGP Filtering (Policy Routing)
2
BGP Filtering Can Apply our Routing Policy Controlling the sending and receiving updates Prefix Filtering AS_Path Filtering Route-map Filtering Community Filtering
3
Network Example AS1 2.2.2.2 A C B AS2 AS3 AS4 2.2.2.13.3.3.1 3.3.3.2 150.10.0.0/16160.10.0.0/16 170.10.0.0/16 180.10.0.0/16 160.10.0.0/16 networkas-path 150.10.0.0/16 170.10.0.0/163 180.10.0.0/16 3 2 4 networkas-path 150.10.0.0/16 170.10.0.0/163 180.10.0.0/16 3 2 4 networkas-path 150.10.0.0/16 1 160.10.0.0/16 2 170.10.0.0/16 180.10.0.0/16 2 4 networkas-path 150.10.0.0/16 1 160.10.0.0/16 2 170.10.0.0/16 180.10.0.0/16 2 4
4
Prefix Filtering RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 distribute-list 1 out ip as-path access-list 1 deny 160.10.0.0 0.0.255.255 ip as-path access-list 1 permit any
5
AS_path Filtering RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 filter-list 1 out ip as-path access-list 1 deny ^2$ ip as-path access-list 1 permit.* as-path access-list is only applied to AS_path in the bgp entries sh ip bgp regexp regular-expression –sh ip bgp re ^$ –sh ip bgp re ^2$ –sh ip bgp re ^2 –sh ip bgp re 2
6
Regular Expression. * + ? ^ $ _ [ ] - match any single char, including white space match 0 or more sequences of the pattern match 1 or more sequences of the pattern match 0 or 1 occurrence of the pattern match the beginning of the input string match the end of the input string match comma, {, }, (, ), ^, $, space designate a range of single-char patterns separate the end points of a range
7
Regular Expression (cont.) ^$.* 300 ^300 ^300$ ^300_ _300$ _300_ ^(300_)*$ paths in local AS paths paths including 300 paths announced from AS300 directly paths in AS300 equal to regexp ^300 paths originated from AS300 equal to regexp 300 ^$, ^300$, ^300 300$, ^300 300 300$,...
8
Route-map Filtering RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 route-map AS2FILTER 1 out ip as-path access-list 1 deny ^2$ route-map AS2FILTER permit 10 match as-path 1 router-map AS2FILTER permit 20 route-map is more powerful than filter-list –because route-map can check many things and change many attributes
9
Community Filtering RTB’s configuration bgp router 2 network 160.10.0.0 neighbor 3.3.3.1 remote-as 3 neighbor 3.3.3.1 send-community neighbor 3.3.3.1 route-map SETCOMMUNITY out route-map SETCOMMUNITY permit 10 match ip adress 1 set community no-export route-map SETCOMMUNITY permit 20 access-list 1 permit 160.10.0.0 0.0.255.255 This prevents RTC from announcing the routes received from RTB to other peers.
10
Community Filtering (cont.) RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 3.3.3.2 route-map check-community in route-map check-community permit 10 match community 1 set weight 20 route-map check-community permit 20 match community 2 exact set weight 10 route-map check-community permit 30 match community 3 ip community-list 1 permit 100 ip community-list 2 permit 200 ip community-list 3 permit internet
Similar presentations
