100 likes | 265 Views
BGP Filtering (Policy Routing). BGP Filtering. Can Apply our Routing Policy Controlling the sending and receiving updates Prefix Filtering AS_Path Filtering Route-map Filtering Community Filtering. Network Example. AS4. AS1. AS2. 150.10.0.0/16. 160.10.0.0/16.
E N D
BGP Filtering • Can Apply our Routing Policy • Controlling the sending and receiving updates • Prefix Filtering • AS_Path Filtering • Route-map Filtering • Community Filtering
Network Example AS4 AS1 AS2 150.10.0.0/16 160.10.0.0/16 180.10.0.0/16 A B 2.2.2.2 3.3.3.2 160.10.0.0/16 network as-path 150.10.0.0/16 170.10.0.0/16 3 180.10.0.0/16 3 2 4 2.2.2.1 3.3.3.1 network as-path 150.10.0.0/16 1 160.10.0.0/16 2 170.10.0.0/16 180.10.0.0/16 2 4 C 170.10.0.0/16 AS3
Prefix Filtering • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 distribute-list 1 out ip as-path access-list 1 deny 160.10.0.0 0.0.255.255 ip as-path access-list 1 permit any
AS_path Filtering • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 filter-list 1 out ip as-path access-list 1 deny ^2$ ip as-path access-list 1 permit .* • as-path access-list is only applied to AS_path in the bgp entries • sh ip bgp regexp regular-expression • sh ip bgp re ^$ • sh ip bgp re ^2$ • sh ip bgp re ^2 • sh ip bgp re 2
Regular Expression • . • * • + • ? • ^ • $ • _ • [ ] • - match any single char, including white space match 0 or more sequences of the pattern match 1 or more sequences of the pattern match 0 or 1 occurrence of the pattern match the beginning of the input string match the end of the input string match comma, {, }, (, ), ^, $, space designate a range of single-char patterns separate the end points of a range
Regular Expression (cont.) • ^$ • .* • 300 • ^300 • ^300$ • ^300_ • _300$ • _300_ • ^(300_)*$ paths in local AS paths paths including 300 paths announced from AS300 directly paths in AS300 equal to regexp ^300 paths originated from AS300 equal to regexp 300 ^$, ^300$, ^300 300$, ^300 300 300$, ...
Route-map Filtering • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 route-map AS2FILTER 1 out ip as-path access-list 1 deny ^2$ route-map AS2FILTER permit 10 match as-path 1 router-map AS2FILTER permit 20 • route-map is more powerful than filter-list • because route-map can check many things and change many attributes
Community Filtering • RTB’s configuration bgp router 2 network 160.10.0.0 neighbor 3.3.3.1 remote-as 3 neighbor 3.3.3.1 send-community neighbor 3.3.3.1 route-map SETCOMMUNITY out route-map SETCOMMUNITY permit 10 match ip adress 1 set community no-export route-map SETCOMMUNITY permit 20 access-list 1 permit 160.10.0.0 0.0.255.255 • This prevents RTC from announcing the routes received from RTB to other peers.
Community Filtering (cont.) • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 3.3.3.2 route-map check-community in route-map check-community permit 10 match community 1 set weight 20 route-map check-community permit 20 match community 2 exact set weight 10 route-map check-community permit 30 match community 3 ip community-list 1 permit 100 ip community-list 2 permit 200 ip community-list 3 permit internet