Route Filtering
The filtering of routes between ASs is key to implementing routing policies. The following section shows several route-filtering techniques.
Filtering by Prefix (Address/Mask) Information
The following BGP sub-command may be used to filter updates from a neighbor based on the IP prefix in the update packet:
neighborip-address distribute-list
{access-list-number
|name/prefix-list
prefixlistname
} {in | out}
ip-address is the address of the BGP peer. The IP prefixes to be filtered may be specified in an access list or a prefix list.
Consider TraderMary’s network again. An access list would be appropriate to block TrdrMary-1 from learning its own internal numbers from ISP-A:
hostname TrdrMary-1 ! interface Serial1 description * to ISP-A * ip address 192.100.100.253 255.255.255.252 ... router bgp 100 neighbor 192.100.100.254 remote-as 192 neighbor 192.100.100.254 distribute-list 1 in ! access-list 1 deny 160.160.0.0 access-list 1 deny 192.200.200.0 access-list 1 permit 0.0.0.0 255.255.255.255
Simple access lists do not allow control over the subnet mask field.
So, ISP-X may advertise 192.156.0.0/16
to peer
a.b.c.d as follows:
hostname ISP-X-1
!
router bgp 222
neighbor a.b.c.d
neighbor a.b.c.d distribute-list 10 out
access-list 10 permit 192.156.0.0
However, this access list will permit
192.156.0.0/16
, 192.156.0.0/17
,
192.156.0.0/18
, and so on. To ensure that ISP-X
advertises only 192.156.0.0/16
, we need to configure an extended access list that has room to specify the mask ...
Get IP Routing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.