Overview

This section describes the configuration and verification commands for BGP route filtering using route-map. The route map allows you to identify BGP routes to filter by reference to standard/extended ACLs, prefix lists, AS_PATH ACLs, etc. In addition to filters, additional path attributes can be set for BGP routes.

Flow of Configuring route filter using route-map

The configuration flow for filtering BGP routes using route-map is as follows.

  1. Identify route information to be filtered by route-map
  2. Applying route-map to a specific neighbor
  3. Re-sent/Re-recieve BGP routes

Configuration Commands for BGP route filter using route-map

Create a route map to filter and apply to a specific BGP neighbor. The configuration commands are as follows

BGP route filter route-map

(config)#route-map <mat-tag> {permit | deny} [<seq-num>]
(config-route-map)#match <condition>
(config-route-map)#set <action>

(config)#router bgp <AS>
(config-router)#neighbor <ip-address> route-map <map-tag> {in|out}

<map-tag> : Arbitrary route-map name
permit | deny : Specify permit or deny
<seq-num> : Sequence number. If omitted, “10.”
<condition> : Condition
<action> : Additional Processes
<AS> : AS number
<ip-address> : BGP neighbor IP address

is the name of the route-map. Decide on route-map name that is easy to understand and not too long.is the order of processing. Processing is performed in the order of decreasing .

permit | deny to permit or deny BGP routes. Then, match identifies the BGP routes to be filtered. Standard/extended ACLs, distribute-lists, and AS_PATH ACLs can be referenced.Other conditions can also be configured; if match is omitted, it is all.

In addition, set sets additional actions for the permitted BGP routes. It mainly sets path attributes.

In the following sections, we will look at the permit | deny, match, and set configurations in more detail.

permit | deny

How BGP routes are handled is the permit|deny behind the . Make sure you understand this properly. The permit|deny of standard/extended ACLs, prefix-list, and AS_PATH ACL only mean whether they match the route-map match condition. BGP routes that meet the match condition are processed as permit | deny after <map-tag>.

“permit” means to allow route information. That is, if it is applied out, BGP routes are advertised; if it is applied in, BGP routes are received. “deny” means discard route information. That is, if it is applied out, the corresponding BGP route is not advertised; if it is applied in, the corresponding BGP route is not received.

match condition std/ext ACL

The configuration for referencing standard/extended ACLs in the route-map’s match condition is as follows.

route-map match condition std/ext ACL

(config)#route-map <mat-tag> {permit | deny} [<seq-num>]
(config-route-map)#match ip address {<ACL-num> | <ACL-name>}

<ACL-num> : Referenced ACL number
<ACL-name> : Referenced ACL name

If it is a standard ACL, only the network address of the BGP route is checked.

Figure BGP route filter route-map match condition std ACL
Figure BGP route filter route-map match condition std ACL

If it is an extended ACL, check the network address + subnet mask of the BGP route.

Figure BGP route filter route-map match condition ext ACL

match condition prefix-list

The configuration for referencing prefix-list in the route-map’s match condition is as follows.

route-map match condition prefix-list

(config)#route-map <mat-tag> {permit | deny} [<seq-num>]
(config-route-map)#match ip address prefix-list <prefix-list-name>

<prefix-list-name> : Referenced prefix-list name

Referring to the prefix list, the network address + subnet mask of the BGP route is checked.

Figure BGP route filter route-map match condition prefix-list

match condition AS_PATH ACL

The configuration for referencing AS_PATH ACL in the route-map’s match condition is as follows.

route-map match condition AS_PATH ACL

(config)#route-map <mat-tag> {permit | deny} [<seq-num>]
(config-route-map)#match as-path <as-path-acl-num>

<as-path-acl-num> : AS_PATH ACL number

AS_PATH ACLs are referenced to check the AS_PATH attribute of the BGP route.

Figure BGP route filter route-map match condition AS_PATH ACL

set <action>

In addition to filtering BGP routes, additional path attributes can be set by configuring set . set <action> sets the path attribute of the permitted BGP routes

The main set associated with the set of BGP path attributes is summarized in the table below.

set <action>Overview
set weightSet WEIGTH.
set local-preferenceSet LOCAL_PREF.
set originSet ORIGIN.
set ip next-hopSet NEXT_HOP.
set metricSet MED.
set as-path prependPrepend to AS_PATH.
set communitySet COMMUNITY.
set extcommunitySet extended COMMUNITY.
Table set <action> example

Implicit deny

There is an implicit deny in route-map as well as in the standard/extended ACL, prefix-list, and AS_PATH ACL. Note that if there is only a condition for a sequence of deny, all BGP routes will eventually be denied by implicit deny.

Re-send/Re-recieve BGP routes

Simply applying route-map to a neighbor does not make the route filter work. BGP routes must be re-sent/received. Re-send or re-receive, depending on the direction in which filter-list is applied. Use the following commands in privileged EXEC mode.

Re-send/Re-recieve BGP routes

#clear ip bgp <ip-address> {in|out}

<ip-address> : Neighbor IP address

Verifycation Commands for BGP route filter using route-map

The following table summarizes the main show commands for verifying BGP route filtering by route-map.

CommandsOverview
#show route-mapVerify the route-map to identify BGP routes. Also verify the standard/extended ACLs, prefix-list, and AS_PATH ACLs referenced in the route-map.
#show ip protocolsVerify the route-map applied to the BGP neighbor.
#show ip bgpVerify the BGP table.
#show ip bgp neighbor advertised-routesVerify the BGP routes to be advertised to the specified BGP neighbor.
#show ip bgp neighbor routesVerify BGP routes received from the specified BGP neighbor.
Table Verifycation Commands for BGP route filter using route-map

Summary

Point

  • The configuration flow for filtering BGP routes using route-map is as follows.
    • Identify route information to be filtered by route-map
    • Applying route-map to a specific neighbor
    • Re-sent/Re-recieve BGP routes
  • Identify BGP routes to filter by referencing standard/extended ACLs, prefix-lists, AS_PATH ACLs, etc. in route-map match conditions.
  • How BGP routes that meet the match condition are treated is permit | deny after .