7.56 BGP Outbound Route Filtering
• R1 and R4 should filter out the prefixes 112.0.0.0/8 and 114.0.0.0/8 from being advertised to R3 and R5 respectively.
• The filtering configuration should be applied to routers R3 and R5.
--------------------------------------------------------------
ORF or outbound route filtering is the technique that allows a BGP peer to “push”
a filter to the remote neighbor. The neighbor then applies the prefix filter to the
outbound updates sent to the peer that pushed the filter. This feature is
particularly helpful in situations when BGP peers exchange large amount of BGP
information. Applying filtering outbound on the remote peer instead of inbound on
the local peer significantly decreases the amount of routing information send
across the link. There are two types of ORF filters defined in IETF’s draft – prefixlist
based and community based. Cisco IOS supports only the prefix-list ORFs.
In BGP terms, ORF is a special capability negotiated during the establishment of
a BGP session. A peer may either advertise its willingness to send, receive or
both send and receive the ORFs. You have to enable this capability on peering
routers prior to configuring ORFs. The command to enable the feature in the IOS
routers is neighbor <IP> capability orf prefix-list {send|receive|both}.
You need to reset the BGP session in order to negotiate the new capabilities.
In order to configure and push an ORF, you need to define a prefix list and apply
it to the peer’s session using the command neighbor <IP> prefix-list <NAME> in.
The list must be inbound, as this is the natural direction for ORF. If
the session has ORF send capability enabled, the list will be pushed to the
remote peer and installed as and outbound filter after you do a session refresh
using the clear ip bgp <IP> soft in prefix-filter command. This
command pushes the prefix list and requires route refresh (re-advertisement)
from the peer.
--------------------------------------------------------------
R1:
router bgp 100
neighbor 155.1.13.3 capability orf prefix-list both
R4:
router bgp 100
neighbor 155.1.45.5 capability orf prefix-list both
R3:
ip prefix-list ORF deny 112.0.0.0/8
ip prefix-list ORF deny 114.0.0.0/8
ip prefix-list ORF permit 0.0.0.0/0 le 32
!
router bgp 200
neighbor 155.1.13.1 capability orf prefix-list both
neighbor 155.1.13.1 prefix-list ORF in
R5:
ip prefix-list ORF deny 112.0.0.0/8
ip prefix-list ORF deny 114.0.0.0/8
ip prefix-list ORF permit 0.0.0.0/0 le 32
!
router bgp 200
neighbor 155.1.45.4 capability orf prefix-list both
neighbor 155.1.45.4 prefix-list ORF in
--------------------------------------------------------------
Rack1R3#show ip bgp neighbors 155.1.13.1
BGP neighbor is 155.1.13.1, remote AS 100, external link
Fall over configured for session
BGP version 4, remote router ID 150.1.1.1
BGP state = Established, up for 00:01:44
Last read 00:00:44, last write 00:00:44, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 3 3
Notifications: 0 0
Updates: 15 13
Keepalives: 30 30
Route Refresh: 0 1
Total: 49 47
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 59, neighbor version 59/0
Output queue size: 0
Index 4, Offset 0, Mask 0x10
4 update-group member
AF-dependant capabilities:
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode: advertised, received
Receive-mode: advertised, received
Outbound Route Filter (ORF): sent;
Incoming update prefix filter list is ORF Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 5 9 (Consumes 468 bytes)
Prefixes Total: 16 9
Implicit Withdraw: 2 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 9
Used as multipath: n/a 0
Get to the other side of the connection and check the prefix list received by R1.
Notice the name for the list, constructed from the peer’s IP address.
Rack1R1#show ip bgp neighbors 155.1.13.3 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 155.1.13.3: 3 entries
seq 5 deny 112.0.0.0/8
seq 10 deny 114.0.0.0/8
seq 15 permit 0.0.0.0/0 le 32
Rack1R1#
Rack1R1#show ip bgp neighbors 155.1.13.3 advertised-routes
BGP table version is 74, local router ID is 150.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i28.119.16.0/24 204.12.1.254 0 100 0 54 i
*>i28.119.17.0/24 204.12.1.254 0 100 0 54 i
*>i113.0.0.0 204.12.1.254 0 100 0 54 50 60 i
*>i115.0.0.0 204.12.1.254 0 100 0 54 i
*>i116.0.0.0 204.12.1.254 0 100 0 54 i
*>i117.0.0.0 204.12.1.254 0 100 0 54 i
*>i118.0.0.0 204.12.1.254 0 100 0 54 i
*>i119.0.0.0 204.12.1.254 0 100 0 54 i
*>i155.1.0.0 155.1.146.4 0 100 0 i
Total number of prefixes 9
Rack1R1#
Rack1R3#show ip bgp
BGP table version is 59, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i28.119.16.0/24 155.1.45.4 0 100 0 100 54 i
*> 155.1.13.1 0 100 54 i
* 155.1.37.7 0 300 100 54 i
* i28.119.17.0/24 155.1.45.4 0 100 0 100 54 i
*> 155.1.13.1 0 100 54 i
* 155.1.37.7 0 300 100 54 i
*> 112.0.0.0 155.1.37.7 0 300 100 54 50 60 i
* i113.0.0.0 155.1.45.4 0 100 0 100 54 50 60 i
*> 155.1.13.1 0 100 54 50 60 i
* 155.1.37.7 0 300 100 54 50 60 i
*> 114.0.0.0 155.1.37.7 0 300 100 54 i
* i115.0.0.0 155.1.45.4 0 100 0 100 54 i
Rack1R4#show ip bgp neighbors 155.1.45.5 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 155.1.45.5: 3 entries
seq 5 deny 112.0.0.0/8
seq 10 deny 114.0.0.0/8
seq 15 permit 0.0.0.0/0 le 32
Rack1R4#
Rack1R4#show ip bgp neighbors 155.1.45.5 advertised-routes
BGP table version is 65, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 28.119.16.0/24 204.12.1.254 0 0 54 i
*> 28.119.17.0/24 204.12.1.254 0 0 54 i
*> 113.0.0.0 204.12.1.254 0 54 50 60 i
*> 115.0.0.0 204.12.1.254 0 54 i
*> 116.0.0.0 204.12.1.254 0 54 i
*> 117.0.0.0 204.12.1.254 0 54 i
*> 118.0.0.0 204.12.1.254 0 54 i
*> 119.0.0.0 204.12.1.254 0 54 i
*> 155.1.0.0 0.0.0.0 32768 i
Total number of prefixes 9
Rack1R4#
Rack1R5#show ip bgp
BGP table version is 145, local router ID is 150.1.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 28.119.16.0/24 155.1.45.4 0 100 54 i
* i 155.1.13.1 0 100 0 100 54 i
*> 28.119.17.0/24 155.1.45.4 0 100 54 i
* i 155.1.13.1 0 100 0 100 54 i
*>i112.0.0.0 155.1.37.7 0 100 0 300 100 54 50 60 i
*> 113.0.0.0 155.1.45.4 0 100 54 50 60 i
* i 155.1.13.1 0 100 0 100 54 50 60 i
*>i114.0.0.0 155.1.37.7 0 100 0 300 100 54 i
*> 115.0.0.0 155.1.45.4 0 100 54 i
沒有留言:
張貼留言