14.2.6 BGP4 learned route filtering [SL-L3A]
- <Structure of this section>
(1) Learning Conditional Routes Common to All Peers
Configure the switch to learn BGP4 routes to any destination network except the routes in the 192.168.0.0/16 range.
- Points to note
-
The example below shows how to use the distribute-list in command to apply learned route filtering consistently among all peers. To filter routes by destination network, use an ip prefix-list filter.
First, configure an ip prefix-list filter to deny routes in the 192.168.0.0/16 range. Then, by referencing this filter from the distribute-list in command, configure BGP4 to filter learned routes by destination network.
Command examples
-
(config)# ip prefix-list DENY192168LONGER seq 10 deny 192.168.0.0/16 ge 16 le 32
(config)# ip prefix-list DENY192168LONGER seq 20 permit 0.0.0.0/0 ge 0 le 32
Configures prefix-list to deny prefixes in the 192.168.0.0./16 range but permits all other prefixes.
-
(config)# router bgp 65531
(config-router)# distribute-list prefix DENY192168LONGER in
Configures the switch to apply learned route filtering by the specified prefix-list filter to all peers.
-
(config-router)# end
# clear ip bgp * in
Applies the changes to the learned route filtering configuration.
(2) Learning peer-specific conditional routes
The following shows how to configure BGP4 to learn routes received from external peers that have an AS_PATH attribute of 65532 65533 and are not destined for a private address (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). A value of 200 is assigned to the LOCAL_PREF attribute of learned routes. Other routes are not learned.
- Points to note
-
Use the neighbor in command to apply learned route filtering to routes learned from individual BGP4 peers. Use route-map to filter a route by conditions other than its destination network, or to modify some of its attributes.
First, configure a prefix-list filter to permit private addresses, and an ip as-path access-list filter to permit routes with an AS_PATH attribute of 65532 65533. Next, configure route-map to combine these two conditions. Finally, set the neighbor in command for peers that you want to filter by these conditions.
Command examples
-
(config)# ip prefix-list PRIVATE seq 10 permit 10.0.0.0/8 ge 8 le 32
(config)# ip prefix-list PRIVATE seq 20 permit 172.16.0.0/12 ge 12 le 32
(config)# ip prefix-list PRIVATE seq 30 permit 192.168.0.0/16 ge 16 le 32
Configures prefix-list to permit private addresses.
-
(config)# ip as-path access-list 2 permit "^65532_65533$"
Configures an ip as-path access-list filter to permit routes with an AS_PATH attribute of 65532 65533.
-
(config)# route-map BGP65532IN deny 10
(config-route-map)# match ip address prefix-list PRIVATE
(config-route-map)# exit
Configures the route-map filter BGP65532IN, which denies the private addresses.
-
(config)# route-map BGP65532IN permit 20
(config-route-map)# match as-path 2
(config-route-map)# set local-preference 200
(config-route-map)# exit
Configures route-map to assign a value of 200 to the LOCAL_PREF attribute of routes whose AS_PATH attribute matches 65532 65533, and permit those routes. Because BGP65532IN has no other conditions, the filter denies routes that do not match any of the conditions set so far.
-
(config)# router bgp 65531
(config-router)# neighbor 172.17.1.1 remote-as 65532
(config-router)# neighbor 172.17.1.1 route-map BGP65532IN in
Configures BGP4+ to use the route-map filter BGP65532IN to filter routes received from external peers.
-
(config-router)# end
# clear ip bgp * in
Applies the changes to the learned route filtering configuration.