Table of Contents
Overview
The following is an example of configuring BGP route filter with prefix-list. Configure the same conditions with prefix-list as with distribut-list filter.
Related articles
The following article describes the prefix-list configuration and verification commands.
The following article is distribute-list configuration example with the same conditions as in this article.
Network Diagram
Configuration Conditions
- R1 advertises only the 192.168.1.0/24 BGP route to R2.
- R1 discards BGP routes advertised from R2 that begin with the network address “172.16.1” and have a subnet mask of “/28” or greater.
Initial Configuration
The BGP-related configuration of R1/R2 is as follows
R1 Initial Configuration(Click)
hostname R1 ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 secondary ip address 192.168.3.1 255.255.255.0 secondary ip address 192.168.1.1 255.255.255.0 ! interface Ethernet0/0 ip address 10.0.0.1 255.255.255.0 ! router bgp 1 bgp router-id 1.1.1.1 bgp log-neighbor-changes network 192.168.1.0 network 192.168.2.0 network 192.168.3.0 neighbor 10.0.0.2 remote-as 2
R2 Initial Configuration (Click)
hostname R2 ! interface Loopback0 ip address 172.16.1.130 255.255.255.192 secondary ip address 172.16.1.194 255.255.255.240 secondary ip address 172.16.1.225 255.255.255.252 secondary ip address 172.16.1.2 255.255.255.128 ! interface Ethernet0/0 ip address 10.0.0.2 255.255.255.0 ! router bgp 2 bgp router-id 2.2.2.2 bgp log-neighbor-changes network 172.16.1.0 mask 255.255.255.128 network 172.16.1.128 mask 255.255.255.192 network 172.16.1.192 mask 255.255.255.240 network 172.16.1.224 mask 255.255.255.252 neighbor 10.0.0.1 remote-as 1
Configuration and Verifycation
Step1: Verify sending and receiving of BGP routes before applying prefix-list
Verify BGP routes sent and received before applying the prefix-list on R1.
show ip bgp neighbor 10.0.0.2 advertised-routes | Displays BGP routes advertised to R2. |
show ip bgp neighbor 10.0.0.2 routes | Displays BGP routes received from R2. |
R1 Sending and receiving BGP routes
R1#show ip bgp neighbors 10.0.0.2 advertised-routes BGP table version is 10, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0 0.0.0.0 0 32768 i *> 192.168.2.0 0.0.0.0 0 32768 i *> 192.168.3.0 0.0.0.0 0 32768 i Total number of prefixes 3 R1#show ip bgp neighbors 10.0.0.2 routes BGP table version is 12, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/25 10.0.0.2 0 0 2 i *> 172.16.1.128/26 10.0.0.2 0 0 2 i *> 172.16.1.192/28 10.0.0.2 0 0 2 i *> 172.16.1.224/30 10.0.0.2 0 0 2 i Total number of prefixes 4
Step2: R1 Configure prefix-list out
Configure the prefix-list to advertise only “192.168.1.0/24” from R1 to R2.
R1 Configure prefix-list out
ip prefix-list TO_R2 seq 5 permit 192.168.1.0/24 ! router bgp 1 neighbor 10.0.0.2 prefix-list TO_R2 out
The BGP route 192.168.1.0/24 is identified and permited under the condition of seq 5 in the prefix-list “TO_R2”. Since both ge and le are omitted, it represents the network address/subnet mask itself.
And the prefix-list “TO_R2” is applied to neighbor 10.0.0.2 (R2) out. This means that the BGP routes advertised from R1 to R2 are limited to only 192.168.1.0/24. After applying the prefix-list, the BGP route must be re-sent.
R1 Resend BGP routes
R1#clear ip bgp 10.0.0.2 out
Step3: R1 Verify prefix-list out
Verify the BGP route to be advertised from R1 to R2. The show ip bgp neighbor 10.0.0.2 advertised-routes command displays the following.
R1 Verify prefix-list out
R1#show ip bgp neighbors 10.0.0.2 advertised-routes BGP table version is 12, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0 0.0.0.0 0 32768 i Total number of prefixes 1
You can see that only the BGP route “192.168.1.0/24” is advertised from R1 to R2.
Step4: R1 Configure prefix-list in
Filter BGP routes received from R2 on R1. The following BGP routes are discarded
- Network address starting with “172.16.1.”
- Subnet mask “/28” or greater
The commands for configuring prefix-list on R1 are as follows
R1 Configure prefix-list in
ip prefix-list FROM_R2 seq 5 deny 172.16.1.0/24 ge 28 ip prefix-list FROM_R2 seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 neighbor 10.0.0.2 prefix-list FROM_R2 in
In seq 5 of the prefix list “FROM_R2”, it identifies a route with the first 24 bits of the network address “172.16.1.” and a subnet mask of /28 or greater. Then, it denies the route.
If only a sequence of deny is used, eventually everything will be denied by implicit deny. Permit all other routes in seq 10 to avoid implicit deny. Note that all (any) in the prefix-list is “0.0.0.0/0 le 32”.
Then, the prefix list “FROM_R2” is applied to neighbor R2 (10.0.0.2) in. That is, R1 discards BGP routes received from R2 that start with “172.16.1.” and have a subnet mask of /28 or greater. After applying the prefix-list, R2 will receive BGP routes from R2 again.
R1 Receive BGP route again
R1#clear ip bgp 10.0.0.2 in
Step5: R1 Verify prefix-list in
Verify the BGP routes received from R2 on R1 using the show ip bgp neighbor 10.0.0.2 routes command.
R1 Verify prefix-list in
R1#show ip bgp neighbors 10.0.0.2 routes BGP table version is 14, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/25 10.0.0.2 0 0 2 i *> 172.16.1.128/26 10.0.0.2 0 0 2 i Total number of prefixes 2
You can see that “172.16.1.192/28” and “192.16.1.224/30” are discarded among the BGP routes received from R2.
Configuration Summary
The commands related to the prefix-list on R1, configured from the initial configuration, are as follows.
R1 prefix-list Configuration Summary
ip prefix-list TO_R2 seq 5 permit 192.168.1.0/24 ! ip prefix-list FROM_R2 seq 5 deny 172.16.1.0/24 ge 28 ip prefix-list FROM_R2 seq 10 permit 0.0.0.0/0 le 32 ! router bgp 1 neighbor 10.0.0.2 prefix-list TO_R2 out neighbor 10.0.0.2 prefix-list FROM_R2 in
How the BGP works
- BGP Basic Configuration and Verification Commands
- BGP Neighbor Status
- BGP Neighbor Authentication
- BGP Well Known Mandatory Attributes
- Illustration: BGP Best Path Selection
- BGP KEEPALIVE timer/Hold time Configuration
- BGP Route Minimum Advertisement Interval Configuration
- BGP Route Dampening
- BGP Route Filter Overview
- BGP Route Filter : distribute-list
- BGP Route Filter : distribute-list Configuration Example
- BGP Route Filter : prefix-list
- BGP Route Filter : prefix-list Configuration Example
- BGP Route Filter : filter-list(AS_PATH ACL)-
- BGP Route Filter : filter-list(AS_PATH ACL) Configuration Example
- BGP Route Filter : Route-map
- BGP Route Filter : route-map Configuration Example
- BGP neighbor allowas-in command
- BGP neighbor as-override command
- BGP Route RIB Failure
- BGP Route Administrative Distance Adjustment
- BGP Route Load Balancing
- BGP Auto Summary
- BGP Route Summary : network command
- BGP Route Summarization : network command configuration example
- BGP Route Summary aggregate-address command
- aggregte-address command : summary-only opiton
- aggregte-address command : attribute-map opiton
- aggregte-address command : as-set opiton
- aggregte-address command : advertise-map opiton
- BGP Selective Aggregation Overview
- BGP Selective Aggregation : suppress-map
- BGP Selective Aggregation : unsuppress-map
- BGP local-as
- BGP neighbor remove-private-AS
- bgp fast-external-fallover
- BGP Prefix Limitation