ページ1に含まれる内容の要旨
Technical Guide
How To | Use Route Maps and Other Filters to Filter and Alter
BGP and OSPF Routes
Introduction
ISPs transport large volumes of data. They often have to pay large amounts of money to
transport their data through hired links, or through other providers' networks. Similarly, they
can also charge money for transporting other ISPs' data through their network.
Where significant amounts of money are involved, there are typically complex negotiations
involved, and agreements made
ページ2に含まれる内容の要旨
Introduction Contents Introduction ..................................................................................................................................................................................................................1 Related How To Notes................................................................................................................................................................................3 Which products and software version does it apply to?..
ページ3に含まれる内容の要旨
Introduction BGP: Route Map Filtering Example ..............................................................................................................................................................48 BGP configuration.........................................................................................................................................................................................48 Route map configuration.................................................................
ページ4に含まれる内容の要旨
BGP: Concepts and Terminology BGP: Concepts and Terminology Before moving on to look at the filtering processes, it is important to first have some understanding of certain aspects of how BGP works. The following sections describe: BGP peers BGP updates Update attributes BGP peers Definition Within the BGP protocol, the exchange of routing information is carried out between pairs of routers. Two routers create a TCP connection with each other, and exchange routing information as specifi
ページ5に含まれる内容の要旨
BGP: Concepts and Terminology Update attributes As mentioned above, each BGP update message contains a set of attributes. These attributes describe some of the properties of the routes, and can be used in making decisions about which routes to accept and which to reject. Some of the attributes are: Origin How a prefix came to be routed by BGP at the origin Autonomous System (AS). Prefixes are learned from various sources such as directly connected interfaces, manually configured static route
ページ6に含まれる内容の要旨
BGP: Overview of the Available Filter Types BGP: Overview of the Available Filter Types The following sections describe the various types of filters that can be applied to BGP updates and the hierarchy of the filters. Filter types There are a number of filter types that can be applied to the BGP updates being exchanged between BGP peers: Distribute filters Distribute list can filter the routing information between the routing protocol (RIP, RIPng, OSPF, OSPFv3 or BGP) and its IP route table (
ページ7に含まれる内容の要旨
BGP: Overview of the Available Filter Types Difference and Relationship in BGP KEY WORD IN COMMAND DEFINABLE FILTER WAY TO APPLY FILTERING ACL access-list Yes Distribute list distribute-list Yes Prefix list prefix-list Yes Yes AS path list as-path Yes Filter list filter-list Yes Route map route-map Yes Yes DEFINABLE WAY TO APPLY FILTERING FILTER DISTRIBUTE LIST PREFIX LIST FILTER LIST ROUTE MAP ACL YES YES Prefix list YES YES AS path list YES YES Route map YES Examples for filtering BGP Update
ページ8に含まれる内容の要旨
Hierarchy of the Different Filters Hierarchy of the Different Filters For distribute filters (ACLs), path filters, and prefix filters, the order of application is not important. If an update is denied by any given filter, it is discarded immediately, and is not run through any of the other filters. If an update is permitted by one filter, it is passed through to the next filter to be considered. At the end, you end up with the set of updates that all the filters agree should not be discarded
ページ9に含まれる内容の要旨
Hierarchy of the Different Filters Basic configuration This configuration gets the neighbor relationship established and some routes exchanged. AlliedWare Plus Create the second VLAN and associate port1.0.2 with it; assign IP addresses; and configure switch BGP. vlan database vlan 64 name v64 interface port1.0.2 switchport access vlan 64 interface vlan1 ip address 45.45.45.45/24 interface vlan64 ip address 64.64.64.64/4 router bgp 34567 redistribute connected neighbor 45.45.45.46 remote-as 345
ページ10に含まれる内容の要旨
Hierarchy of the Different Filters Confirming the neighbor relationship Check that each switch sees the interface route advertised from the other switch. On both the AlliedWare Plus and AlliedWare switches, use the command show ip route. AlliedWare Plus switch awplus#show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external typ
ページ11に含まれる内容の要旨
BGP: Configuring Distribute Filters BGP: Configuring Distribute Filters Distribute filters use ACLs (Access Control Lists) to filter particular routes on the basis of their prefixes. Distribute filters and prefix filters both filter individual routes out of BGP update packets. They are mutually exclusive. About ACLs From the point of view of route filtering, an ACL is one or more simple unnumbered filter entries, each with a prefix and an action of deny or permit. You can use any of the follo
ページ12に含まれる内容の要旨
BGP: Configuring Distribute Filters Using ACLs as filters When you have created an ACL, you can use it to filter incoming or outgoing update messages for a particular BGP peer, by using the following commands in BGP router mode for the AS. Filter incoming updates (received from a particular neighbor): awplus(config-router)# neighbor distribute-list in Filter outgoing updates (destined for a particular neighbor): awplus(config-router)#neighbor distribute-list
ページ13に含まれる内容の要旨
BGP: Configuring Distribute Filters 3. Renew the route exchange by shutting down the neighbor, then bring it up again. awplus(config-router)# neighbor 45.45.45.46 shutdown awplus(config-router)#neighbor 45.45.45.46 no shutdown 4. Check that the IP route table no longer includes 52.0.0.0/8. awplus(config-router)# do show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1
ページ14に含まれる内容の要旨
BGP: Configuring Distribute Filters 3. Check that the IP route table now includes all the routes. awplus(config-router)# do show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate default B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:01:57 C 45.45.45.0/24 is directly connected, vlan1 B 52.0.
ページ15に含まれる内容の要旨
BGP: Configuring Distribute Filters 7. Check that the IP route table no longer includes 52.0.0.0/8. awplus(config-router)# do show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate default B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:00:08 C 45.45.45.0/24 is directly connected, vlan1 C
ページ16に含まれる内容の要旨
BGP: Configuring Distribute Filters 4. Check that the IP route table no longer includes 52.0.0.0/8. awplus(config-router)# do show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate default B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:05:30 C 45.45.45.0/24 is directly connected, vlan1 C
ページ17に含まれる内容の要旨
BGP: Configuring AS Path Filters BGP: Configuring AS Path Filters To configure path filters we need to first understand something about AS path lists and how to use them. AS path lists Path filters use a construct known as an AS path list. An AS path list has a name and consists of one or more (unnumbered) entries. Each entry specifies: which AS paths to consider. whether the AS paths in question should be included or excluded from the list. The set of paths to consider is specified using
ページ18に含まれる内容の要旨
BGP: Configuring AS Path Filters Using AS path lists as path filters When an AS path list has been created, it can be applied to filter incoming or outgoing update messages for a particular BGP peer, by using the following commands in BGP router mode for the AS. Filter incoming updates (received from a particular neighbor): awplus(config-router)# neighbor filter-list in Filter outgoing updates (destined for a particular neighbor): awplus(config-router)#neighbor
ページ19に含まれる内容の要旨
BGP: Configuring AS Path Filters 4. Shut down the neighbor, and then bring it up again. awplus(config-router)# neighbor 45.45.45.46 shutdown awplus(config-router)#neighbor 45.45.45.46 no shutdown 5. Check that the IP route table does not have the BGP routes from the AlliedWare neighbor in AS 34568 any more. awplus(config-router)# do show ip route Codes: C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA externa
ページ20に含まれる内容の要旨
BGP: Configuring AS Path Filters 9. Check that the AS path list shows the two filter entries: awplus(config-router)# do show ip as-path-access-list AS path access list list1 deny 23456 permit 34568 Another example An outgoing filter that uses 1. Create an AS-PATH list that denies empty AS Paths, but allows AS Paths that an AS-path list contain the AS number 34567. ip as-path access-list example deny ^$ ip as-path access-list example permit 34567 2. Apply this as the out route map for nei