1 / 10

BGP Filtering (Policy Routing)

BGP Filtering (Policy Routing). BGP Filtering. Can Apply our Routing Policy Controlling the sending and receiving updates Prefix Filtering AS_Path Filtering Route-map Filtering Community Filtering. Network Example. AS4. AS1. AS2. 150.10.0.0/16. 160.10.0.0/16.

baker-york
Télécharger la présentation

BGP Filtering (Policy Routing)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BGP Filtering(Policy Routing)

  2. BGP Filtering • Can Apply our Routing Policy • Controlling the sending and receiving updates • Prefix Filtering • AS_Path Filtering • Route-map Filtering • Community Filtering

  3. Network Example AS4 AS1 AS2 150.10.0.0/16 160.10.0.0/16 180.10.0.0/16 A B 2.2.2.2 3.3.3.2 160.10.0.0/16 network as-path 150.10.0.0/16 170.10.0.0/16 3 180.10.0.0/16 3 2 4 2.2.2.1 3.3.3.1 network as-path 150.10.0.0/16 1 160.10.0.0/16 2 170.10.0.0/16 180.10.0.0/16 2 4 C 170.10.0.0/16 AS3

  4. Prefix Filtering • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 distribute-list 1 out ip as-path access-list 1 deny 160.10.0.0 0.0.255.255 ip as-path access-list 1 permit any

  5. AS_path Filtering • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 filter-list 1 out ip as-path access-list 1 deny ^2$ ip as-path access-list 1 permit .* • as-path access-list is only applied to AS_path in the bgp entries • sh ip bgp regexp regular-expression • sh ip bgp re ^$ • sh ip bgp re ^2$ • sh ip bgp re ^2 • sh ip bgp re 2

  6. Regular Expression • . • * • + • ? • ^ • $ • _ • [ ] • - match any single char, including white space match 0 or more sequences of the pattern match 1 or more sequences of the pattern match 0 or 1 occurrence of the pattern match the beginning of the input string match the end of the input string match comma, {, }, (, ), ^, $, space designate a range of single-char patterns separate the end points of a range

  7. Regular Expression (cont.) • ^$ • .* • 300 • ^300 • ^300$ • ^300_ • _300$ • _300_ • ^(300_)*$ paths in local AS paths paths including 300 paths announced from AS300 directly paths in AS300 equal to regexp ^300 paths originated from AS300 equal to regexp 300 ^$, ^300$, ^300 300$, ^300 300 300$, ...

  8. Route-map Filtering • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 route-map AS2FILTER 1 out ip as-path access-list 1 deny ^2$ route-map AS2FILTER permit 10 match as-path 1 router-map AS2FILTER permit 20 • route-map is more powerful than filter-list • because route-map can check many things and change many attributes

  9. Community Filtering • RTB’s configuration bgp router 2 network 160.10.0.0 neighbor 3.3.3.1 remote-as 3 neighbor 3.3.3.1 send-community neighbor 3.3.3.1 route-map SETCOMMUNITY out route-map SETCOMMUNITY permit 10 match ip adress 1 set community no-export route-map SETCOMMUNITY permit 20 access-list 1 permit 160.10.0.0 0.0.255.255 • This prevents RTC from announcing the routes received from RTB to other peers.

  10. Community Filtering (cont.) • RTC’s configuration bgp router 3 network 170.10.0.0 neighbor 3.3.3.2 remote-as 2 neighbor 3.3.3.2 route-map check-community in route-map check-community permit 10 match community 1 set weight 20 route-map check-community permit 20 match community 2 exact set weight 10 route-map check-community permit 30 match community 3 ip community-list 1 permit 100 ip community-list 2 permit 200 ip community-list 3 permit internet

More Related