Overview

The following is an example of configuring BGP route filter with prefix-list. Configure the same conditions with prefix-list as with distribut-list filter.

Network Diagram

図 BGP プレフィクスリスト設定例 ネットワーク構成
Figure BGP prefix-list Configuration Example Network Diagram

Configuration Conditions

  • R1 advertises only the 192.168.1.0/24 BGP route to R2.
  • R1 discards BGP routes advertised from R2 that begin with the network address “172.16.1” and have a subnet mask of “/28” or greater.

Initial Configuration

The BGP-related configuration of R1/R2 is as follows

R1 Initial Configuration(Click)

hostname R1
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.0 secondary
 ip address 192.168.3.1 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/0
 ip address 10.0.0.1 255.255.255.0
!
router bgp 1
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
 neighbor 10.0.0.2 remote-as 2

R2 Initial Configuration (Click)

hostname R2
!
interface Loopback0
 ip address 172.16.1.130 255.255.255.192 secondary
 ip address 172.16.1.194 255.255.255.240 secondary
 ip address 172.16.1.225 255.255.255.252 secondary
 ip address 172.16.1.2 255.255.255.128
!
interface Ethernet0/0
 ip address 10.0.0.2 255.255.255.0
!
router bgp 2
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 network 172.16.1.0 mask 255.255.255.128
 network 172.16.1.128 mask 255.255.255.192
 network 172.16.1.192 mask 255.255.255.240
 network 172.16.1.224 mask 255.255.255.252
 neighbor 10.0.0.1 remote-as 1

Configuration and Verifycation

Step1: Verify sending and receiving of BGP routes before applying prefix-list

Verify BGP routes sent and received before applying the prefix-list on R1.

show ip bgp neighbor 10.0.0.2 advertised-routesDisplays BGP routes advertised to R2.
show ip bgp neighbor 10.0.0.2 routesDisplays BGP routes received from R2.

R1 Sending and receiving BGP routes

R1#show ip bgp neighbors 10.0.0.2 advertised-routes
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  192.168.1.0      0.0.0.0                  0         32768 i
 *>  192.168.2.0      0.0.0.0                  0         32768 i
 *>  192.168.3.0      0.0.0.0                  0         32768 i

Total number of prefixes 3
R1#show ip bgp neighbors 10.0.0.2 routes
BGP table version is 12, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  172.16.1.0/25    10.0.0.2                 0             0 2 i
 *>  172.16.1.128/26  10.0.0.2                 0             0 2 i
 *>  172.16.1.192/28  10.0.0.2                 0             0 2 i
 *>  172.16.1.224/30  10.0.0.2                 0             0 2 i

Total number of prefixes 4

Step2: R1 Configure prefix-list out

Configure the prefix-list to advertise only “192.168.1.0/24” from R1 to R2.

R1 Configure prefix-list out

ip prefix-list TO_R2 seq 5 permit 192.168.1.0/24
!
router bgp 1
 neighbor 10.0.0.2 prefix-list TO_R2 out

The BGP route 192.168.1.0/24 is identified and permited under the condition of seq 5 in the prefix-list “TO_R2”. Since both ge and le are omitted, it represents the network address/subnet mask itself.

And the prefix-list “TO_R2” is applied to neighbor 10.0.0.2 (R2) out. This means that the BGP routes advertised from R1 to R2 are limited to only 192.168.1.0/24. After applying the prefix-list, the BGP route must be re-sent.

R1 Resend BGP routes

R1#clear ip bgp 10.0.0.2 out

Step3: R1 Verify prefix-list out

Verify the BGP route to be advertised from R1 to R2. The show ip bgp neighbor 10.0.0.2 advertised-routes command displays the following.

R1 Verify prefix-list out

R1#show ip bgp neighbors 10.0.0.2 advertised-routes
BGP table version is 12, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  192.168.1.0      0.0.0.0                  0         32768 i

Total number of prefixes 1

You can see that only the BGP route “192.168.1.0/24” is advertised from R1 to R2.

Figure R1 prefix-list out
Figure R1 prefix-list out

Step4: R1 Configure prefix-list in

Filter BGP routes received from R2 on R1. The following BGP routes are discarded

  • Network address starting with “172.16.1.”
  • Subnet mask “/28” or greater

The commands for configuring prefix-list on R1 are as follows

R1 Configure prefix-list in

ip prefix-list FROM_R2 seq 5 deny 172.16.1.0/24 ge 28
ip prefix-list FROM_R2 seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
 neighbor 10.0.0.2 prefix-list FROM_R2 in

In seq 5 of the prefix list “FROM_R2”, it identifies a route with the first 24 bits of the network address “172.16.1.” and a subnet mask of /28 or greater. Then, it denies the route.

If only a sequence of deny is used, eventually everything will be denied by implicit deny. Permit all other routes in seq 10 to avoid implicit deny. Note that all (any) in the prefix-list is “0.0.0.0/0 le 32”.

Then, the prefix list “FROM_R2” is applied to neighbor R2 (10.0.0.2) in. That is, R1 discards BGP routes received from R2 that start with “172.16.1.” and have a subnet mask of /28 or greater. After applying the prefix-list, R2 will receive BGP routes from R2 again.

R1 Receive BGP route again

R1#clear ip bgp 10.0.0.2 in

Step5: R1 Verify prefix-list in

Verify the BGP routes received from R2 on R1 using the show ip bgp neighbor 10.0.0.2 routes command.

R1 Verify prefix-list in

R1#show ip bgp neighbors 10.0.0.2 routes
BGP table version is 14, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  172.16.1.0/25    10.0.0.2                 0             0 2 i
 *>  172.16.1.128/26  10.0.0.2                 0             0 2 i

Total number of prefixes 2

You can see that “172.16.1.192/28” and “192.16.1.224/30” are discarded among the BGP routes received from R2.

図 BGPプレフィクスリスト in
Figure BGP prefix-list in

Configuration Summary

The commands related to the prefix-list on R1, configured from the initial configuration, are as follows.

R1 prefix-list Configuration Summary

ip prefix-list TO_R2 seq 5 permit 192.168.1.0/24
!
ip prefix-list FROM_R2 seq 5 deny 172.16.1.0/24 ge 28
ip prefix-list FROM_R2 seq 10 permit 0.0.0.0/0 le 32
!
router bgp 1
 neighbor 10.0.0.2 prefix-list TO_R2 out
 neighbor 10.0.0.2 prefix-list FROM_R2 in