Table of Contents
It is possible to filter when advertising and receiving route information to and from a specified neighbor with BGP. “How to identify the route information” is important in route filtering with BGP.
This section describes the different types of BGP route filters.
BGP Route Filter Types
To filter route information sent to and received from a specified neighbor with BGP, the following methods are available.
The route map can add or change path attributes as well as simple filters.
Route Filter Points
There are two important points in the route filter.
- Specifying the route to be filtered
- Timing to filter
In the case of BGP, the important thing is “how to identify route information” because the timing of filtering is fixed by sending/receiving with the neighbor. In the following sections, focusing on “how to identify route information,” each filtering method will be explained.
Specifying the route to be filtered
The distribution-list specifies the BGP route information to be filtered by ACL. The network address of the route information is referenced by a standard ACL. Standard ACLs essentially configure conditions for the source IP address of an IP packet. However, when used in distribution-list, standard ACLs configure conditions for network addresses.
Extended ACLs are used to specify route information to be filtered by referencing not only network addresses but also subnet masks. The source IP address condition of the extended ACL is interpreted as a network address. And the destination IP address condition is interpreted as a subnet mask.
The standard/extended ACL permit/deny is the action of allowing or denying route information. Specifically, when applied in, permit means receive route information; when applied out, permit means advertise route information. Also, when applied in, deny discards route information; when applied out, deny does not advertise route information.
See also the following article about configuration and verification commands for BGP route filter by distribute-list.
Here is an example of concrete configuration of BGP route filtering by distribute-list.
The prefix list identifies the BGP route information to be filtered and determines the action to be taken. The prefix list can be configured according to the bit pattern of the network address and the range of the subnet mask.
And, permit/deny in the prefix-list is the action of allowing or denying route information.
See also the following article about configuration and verification commands for BGP route filter by prefix-list.
Here is an example of concrete configuration of BGP route filtering by prefix-list.
The filter list identifies the BGP route information to be filtered by AS_PATH ACL. The AS_PATH ACL refers to the AS_PATH attribute specific to the BGP route; the string of AS numbers contained in AS_PATH is configured as a regular expression condition.
AS_PATH ACL permit/deny is the action of allowing or denying route information.
See also the following article about configuring and verifying commands for BGP route filtering by filter-list (AS_PATH ACL).
Here is an example of concrete configuration of BGP route filter by filter-list (AS_PATH ACL).
The route map will eventually refer to the above distribute-list/prefix-list/filter-list. Associating distribute-list/prefix-list/filter-list with a route map match condition identifies the BGP routes to be filtered.
If a route map is used, routes can also be specified using AND and OR conditions that combine distribute-list/prefix-list/filter-list.
It is of course OK to configure conditions other than distribute-list/prefix-list/filter-list in match condition.
The route-map permit/deny is the action of allowing or denying route information. Note that the combination of permit/deny of the route map and permit/deny of the distribution list/prefix list/filter list referenced in the route map can be a bit complicated. Finally, please clarify that the route-map permit/deny allows or denies route information.Then, additional path attributes can be set for the BGP routes that have been permitted.
See also the following article about configuring and verifying commands for BGP route filtering by route-map.
Here is an example of concrete configuration of BGP route filter by route-map.
Summary of route information specification
The following table summarizes the information referenced and how to specify the route for each filter method.
|Filter method||Referenced information||Specify the route|
|distribute-list||Network address||Standard ACL|
|Network address + subnet mask||Extended ACL|
|prefix-list||Network address + subnet mask||prefix-list|
|filter-list||AS_PATH attribute||AS_PATH ACL|
|route-map||All above||All above|
The following figure also summarizes which parts of the BGP route information are referenced by each route filter.
Route maps are the most flexible, allowing for filtering of BGP routes based on a variety of information. The route map is, to put it plainly, versatile, like a joker. But to use the route map properly, it is a prerequisite to understand the distribute-list/prefix-list/filter-list.
- You can filter BGP routes sent to and received from specified neighbors.
- The point of filtering BGP routes is “how to identify route information”.
- BGP Basic Configuration and Verification Commands
- BGP Neighbor Status
- BGP Neighbor Authentication
- BGP Well Known Mandatory Attributes
- BGP Route Filter Overview
- BGP Route Filter : distribute-list
- BGP Route Filter : distribute-list Configuration Example
- BGP Route Filter : prefix-list
- BGP Route Filter : prefix-list Configuration Example
- BGP local-as
- bgp fast-external-fallover
- BGP Prefix Limitation