30.2.7 BGP4 + advertised route filtering [SL-L3A]
- <Structure of this section>
(1) Advertise other protocol routes
Among directly connected and static routes, you can configure BGP4+ to advertise only those routes whose destination network is in the local AS (3ffe:501::/32).
- Points to note
-
The example below shows how to use the redistribute command to advertise routes that would not be advertised by default. In the redistribute command, specify the protocols that you want advertised.
To define conditions for route advertisement, specify route-map in the redistribute command. Use a prefix-list filter to supply the destination network conditions for the route-map.
Command examples
-
(config)# ipv6 prefix-list LONGER3ffe0501 seq 10 permit 3ffe:501::/32 ge 32 le 128
Configures prefix-list to permit only routes in the 3ffe:501::/32 range.
-
(config)# route-map LONGER3ffe0501PERMIT permit 10
(config-route-map)# match ipv6 address prefix-list LONGER3ffe0501
(config-route-map)# exit
Configures route-map to permit routes in the 3ffe:501::/32 range.
-
(config)# router bgp 65531
(config-router)# address-family ipv6
(config-router-af)# redistribute connected route-map LONGER3ffe0501PERMIT
(config-router-af)# redistribute static route-map LONGER3ffe0501PERMIT
Configures the redistribute function to only advertise static and directly connected routes permitted by the route-map filter LONGER3ffe0501PERMIT.
-
(config-router-af)# end
# clear ipv6 bgp * out
Applies the changes to the advertised route filtering configuration.
(2) Changing advertised routes for each peer
You can restrict which routes are advertised to external peers. This example restricts route advertisement to BGP4+ routes received from AS100 that have one AS path, and directly connected routes and static routes destined for networks in the local AS (3ffe:501::/32). When advertising routes, the switch adds two AS numbers to the AS_PATH of peer 3ffe:502:812:1::1. Only BGP4+ routes are advertised to internal peers.
- Points to note
-
The example below shows how to use the neighbor out command if you need to apply route filtering to individual peers.
Here, configure a total of four route-map filters: one to redistribute static and directly connected routes, one for advertising to peer 3ffe:502:812:1::1, one for advertising to external peers other than 3ffe:502:812:1::1, and one for internal peers.
For static and directly connected routes, configure an ipv6 prefix-list filter to permit routes in the 3ffe:501::/32 range and a route-map filter from which to call the filter.
For peer 3ffe:502:812:1::1, configure a route-map filter to add two AS numbers to direct and static routes.
For external peers other than 3ffe:502:812:1::1, configure an ip as-path access-list filter to permit routes whose AS_PATH attribute contains one AS, and a route-map filter that references the ip as-path access-list filter.
For internal peers, configure route-map to permit BGP4+ routes and denies all others.
Command examples
-
(config)# ipv6 prefix-list LONGER3ffe0501 seq 10 permit 3ffe:501::/32 ge 32 le 128
(config)# route-map LONGER3ffe0501PERMIT permit 10
(config-route-map)# match ipv6 address prefix-list LONGER3ffe0501
(config-route-map)# exit
Configures route-map to permit routes in the 3ffe:501::/32 range. This filter is used to redistribute static and direct routes.
-
(config)# ip as-path access-list 1 permit "^[0-9]+$"
(config)# route-map BGPEXTOUT permit 10
(config-route-map)# match protocol connected static
(config-route-map)# exit
(config)# route-map BGPEXTOUT permit 20
(config-route-map)# match protocol bgp
(config-route-map)# match as-path 1
(config-route-map)# exit
Configures route-map to permit direct routes, static routes, and only those BGP4+ routes whose AS_PATH attribute contains one AS. This route-map filter is used to filter advertisement to external peers.
-
(config)# route-map BGP81211OUT permit 10
(config-route-map)# match protocol connected static
(config-route-map)# set as-path prepend count 2
(config-route-map)# exit
(config)# route-map BGP81211OUT permit 20
(config-route-map)# match protocol bgp
(config-route-map)# match as-path 1
(config-route-map)# set as-path prepend count 2
(config-route-map)# exit
Configures route-map to permit direct routes, static routes, and only those BGP4+ routes whose AS_PATH attribute contains one AS, and adds two AS numbers to those routes. This filter is used to filter advertisement to peer 3ffe:502:812:1::1.
-
(config)# route-map BGPINTOUT permit 10
(config-route-map)# match protocol bgp
(config-route-map)# exit
Configures route-map to permit only BGP4+ routes. This filter is used to filter advertisement to internal peers.
-
(config)# router bgp 65531
(config-router)# address-family ipv6
(config-router-af)# redistribute connected route-map LONGER3ffe0501PERMIT
(config-router-af)# redistribute static route-map LONGER3ffe0501PERMIT
(config-router-af)# exit
Configures the redistribute function to advertise only those static and directly connected routes permitted by the route-map filter LONGER3ffe0501PERMIT.
-
(config-router)# neighbor 3ffe:502:811:1::1 remote-as 65532
(config-router)# address-family ipv6
(config-router-af)# neighbor 3ffe:502:811:1::1 route-map BGPEXTOUT out
(config-router-af)# exit
Applies the filter BGPEXTOUT when advertising routes to external peers.
-
(config-router)# neighbor 3ffe:502:812:1::1 remote-as 65533
(config-router)# address-family ipv6
(config-router-af)# neighbor 3ffe:502:812:1::1 route-map BGP81211OUT out
(config-router-af)# exit
Applies the filter GP81211OUT when advertising routes to external peer 3ffe:502:812:1::1.
-
(config-router)# neighbor 3ffe:501:811:ff01::1 remote-as 65531
(config-router)# address-family ipv6
(config-router-af)# neighbor 3ffe:501:811:ff01::1 route-map BGPINTOUT out
Applies the filter BGPINTOUT when advertising routes to internal peers.
-
(config-router-af)# end
# clear ipv6 bgp * out
Applies the changes to the advertised route filtering configuration.