Route Filtering and Route Selection in BGP

Route Filtering and Route Selection in BGP

Objectives Upon completion of this lesson, you will be able to perform the following tasks: Configure AS-path filters, prefix lists and route-maps Filter incoming and outgoing BGP updates with AS-path filters, prefix lists and route-maps Influence BGP route selection Monitor and troubleshoot BGP filters Implement non-disruptive BGP policy changes Limit the number of routes received from a BGP neighbor Lesson Aim <Enter lesson aim here.>

Multi-Homed BGP Networks
© 2001, Cisco Systems, Inc. Route Filtering and Route Selection in BGP-3

Objectives Upon completion of this section, you will be able to perform the following tasks: Describe the issues in multi-homed BGP networks Describe the need to influence BGP route selection Describe the need for BGP filters Lesson Aim <Enter lesson aim here.>

Multi-homed Customers Business Requirements
Internet Multi-homed Customer Service Provider #2 Service Provider #1 Some customers need redundant Internet access for their mission-critical applications Full redundancy is only achieved by connecting to two independent Service Providers

Multi-homed Customers Technical Requirements
Internet Service Provider #1 Multi-homed BGP Customer Service Provider #2 BGP Multi-homed customers have to run BGP with the Internet Service Providers They usually need public AS-number and provider-independent address space

Multi-homed Customers Simple-Minded Approach
Internet Service Provider #1 Multi-homed BGP Customer Service Provider #2 BGP router bgp my-AS-number neighbor provider-A remote-as ISP-A neighbor provider-B remote-as ISP-B network my-network Configure two BGP sessions and announce your address space

The Results of Simple-Minded Approach
as123#show ip bgp BGP table version is 16, local router ID is Status codes: s suppressed, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> i * i *> i *> i * i * i *> i BGP routes are selected based on AS-path length The default BGP route selection does not always result in optimum routing

Routing Policies for Multi-Homed Customers
Multi-homed customers could require a number of routing policies, for example: One provider is primary, the other is backup Traffic to direct customers of the ISPs go direct, all other traffic goes through the primary provider All transatlantic traffic goes through one ISPs Traffic toward a specific destination goes only through one of the ISPs

Primary/Backup Provider
Another Internet Customer Backup ISP Upstream AS Multi-homed Customer Backup link Primary ISP Primary link Internet traffic always flows over primary ISP Routes received from primary ISP should be preferred over routes received from backup ISP A route selection tool is needed in BGP - weights or local preference

Local Traffic Goes Direct
Another Internet Customer Backup ISP Upstream AS Multi-homed Customer Backup link Primary ISP Primary link Internet traffic flows over primary ISP, traffic to customers of backup ISP goes direct Route selection has to be performed based on AS-numbers in the AS-path

Transit Traffic Issue Internet Service Provider #1 Multi-homed Customer Requirement: do not propagate provider routes to other providers Service Provider #2 Customers could become transit AS for the Service Providers

Routing Update Reliability Issue
Internet Service Provider #1 Multi-homed BGP Customer AS123 /8 Service Provider #2 Requirement: Service Providers have to filter IP prefixes in incoming updates BGP Network= /8 AS-Path=123 Customers running BGP could announce any route to the Service Providers

Return Traffic Issue Another Internet Customer Return traffic can take any path - Backup ISP must also perform proper route selection Backup ISP Upstream AS Multi-homed Customer Backup link Primary ISP Primary link Customers can only influence their outgoing traffic, not the return traffic

Multi-Homed Customer Requirement Summary
BGP must support the following mechanisms: Route selection based on BGP neighbors Route selection based on AS-numbers in the AS-path Filters based on AS-numbers in the AS-path Filters on IP prefixes

Summary After completing this section, you should be able to perform the following tasks: Describe the issues in multi-homed BGP networks Describe the need to influence BGP route selection Describe the need for BGP filters

Review Questions Why would a customer want connection to two service providers? What are the technical requirements for multi-homed customers? Which routing protocol needs to be deployed between multi-homed customers and the ISP? Why do we need to influence BGP route selection rules? List three potential customer routing policies What are the issues an ISP with multi-homed customers is facing?

AS-Path Filters www.cisco.com © 2001, Cisco Systems, Inc.
Route Filtering and Route Selection in BGP-18

Objectives Upon completion of this section, you will be able to perform the following tasks: Describe the applications of AS Path Filters Describe AS Path regular expression syntax Use AS Path regular expressions to match BGP routes Configure AS-path filters Configure filtering of inbound or outbound updates with AS-path filters Lesson Aim <Enter lesson aim here.>

AS Path Filtering Several scenarios require BGP route filtering based on AS-path Announce only local routes to the ISP - AS-path needs to be empty Select routes based on a specific AS-number in the AS-path Accept routes for specific AS only from some BGP neighbors AS-path filters use regular expressions

AS Path Regular Expressions
27 31 23 317 223 AS path converted to string | | String matched with regexp ip as-path access-list 1 permit 31

Regular Expressions Simple String Matches
String of characters in regular expression matches any equivalent substring in AS path how many times does 31 match | | answer: | |

Regular Expressions Ranges and Wildcard Characters
A range of characters matches any single character in the range examples:[1234] or [1-4] dot (.) matches any single character how many times does [1-3].[34] match | | answer: | | | |

Regular Expressions Matching Delimiters
^ matches beginning of string $ matches end of string _ matches any delimiter (beginning, end, whitespace, tab, comma) how many times does ^21, 31$, _31_ match | | answer: | |

Regular Expressions Grouping
Parenthesis can be used to group smaller regular expressions into larger expressions how many times does (213|218)_31 match | | answer: | |

Regular Expressions Special Characters
\ To use the special characters as single-character patterns, remove the special meaning by preceding each character with a backslash (\) how do you match AS 213 in beginning of string |( ) | answer: ^\(213_

Regular Expressions Repeating Operators
* matches zero or more atoms ? matches zero or one atom + matches one or more atoms Atom is a single character or a grouping how do you match AS sequences “23 45” and “ ” in single regular expression answer: _23(_78)?_45_

Sample Regular Expressions
_100_ ^100$ _100$ ^100_. ^ [0-9]+$ ^$ .* Going through AS 100 Directly connected to AS 100 Originated in AS 100 networks behind AS 100 AS paths one AS long networks originated in local AS matches everything

Configuring BGP AS-path Filters
ip as-path access-list number permit|deny regexp router(config)# Configures AS-path access list neighbor ip-address filter-list as-path-filter in|out router(config-router)# Configures inbound or outbound AS-path filter for specified BGP neighbor

AS-path BGP Filters BGP table My router Incoming neighbor
Outgoing neighbor table Incoming neighbor filter-list in filter-list out

Testing your Regular Expressions
show ip bgp regexp expression router# Displays all routes in BGP table matching regular expression show ip bgp filter filter-list router# Displays all routes in BGP table permitted by the specified AS-path access list show ip as-path-access-list [filter-list] router# Displays one or all filter lists

Display the Filter Lists Configured in the Router
wg6r1#show ip as-path-access-list AS path access list 6 permit ^$ AS path access list 7 deny _213_ permit .* AS path access list 8 permit _214_ AS path access list 25 permit _42_ AS path access list 27 deny _22_|_51$

Display the Routes Matched by a Regular Expression
wg6r1#show ip bgp regexp ^\(65002_ BGP table version is 85, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> ( ) i *> ( ) i *> ( ) i *> ( ) i *> ( ) i *> ( ) i *> ( ) i

Display the Routes Matched by a Filter List
wg6r1#show ip as-path-access-list 25 AS path access list 25 permit _42_ wg6r1#show ip bgp filter-list 25 BGP table version is 81, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> ( ) i *> ( ) i *> i *> i *> i

Example: Filter Transit Routes
Internet Service Provider #1 Multi-homed Customer Service Provider #2 router bgp customer-as neighbor ISP-router filter-list 1 out ! ip as-path access-list 1 permit ^$

Summary After completing this section, you should be able to perform the following tasks: Describe the applications of AS Path Filters Describe AS Path regular expression syntax Use AS Path regular expressions to match BGP routes Configure AS-path filters Configure filtering of inbound or outbound updates with AS-path filters

Regular Expressions Review Questions
What does a regular expression 27 match? List at least one AS-path matched by the regular expression $27_ What is the difference between regular expressions 76 and _76_ What is the difference between _100_ and _100$ What is the difference between _100$ and [ ]100$ How do you match AS-paths that contain exactly two AS-numbers?

AS-path Filters Review Questions
How can you test your regular expression? How can you test your AS-path filter before using it? What are the steps needed to apply new inbound routing policy to a neighbor? What is the recommended AS-path filter to be used by multi-homed customers? What is the recommended AS-path filter to be used by ISP with multi-homed customers?

Prefix-List Filters www.cisco.com © 2001, Cisco Systems, Inc.
Route Filtering and Route Selection in BGP-40

Objectives Upon completion of this section, you will be able to perform the following tasks: List the benefits of prefix lists versus IP access lists Describe the applications of prefix lists in BGP networks Configure prefix lists filters Configure filtering of inbound or outbound updates with prefix list Lesson Aim <Enter lesson aim here.>

Requirements for Prefix-Based Filters
Internet Service Provider #1 Multi-homed BGP Customer AS123 /8 Service Provider #2 BGP Network= /8 AS-Path=123 Service Providers have to filter customer updates to ensure that the customers only announce their assigned address space

Traditional Prefix Filters
Traditional IP prefix filters were implemented with IP access-lists configured on distribute-list command IP access-lists used as route filters have several drawbacks: Subnet mask cannot be matched Access-list is evaluated sequentially for every IP prefix in the routing update Access-lists are hard to edit

Prefix Lists - New Route Filtering Mechanism
Significant performance improvement on long filters Inside IOS the prefix list is a tree structure and is not scanned sequentially Support for incremental updates Individual entries in prefix lists can be inserted or deleted More user-friendly command-line interface The command-line interface for using access lists to filter BGP updates is difficult to understand and use, since it uses the packet filtering format. Greater flexibility — can match on subnet masks

Prefix Lists Compared to IP Access Lists
Key access list features are preserved: Filtering using “permit” or “deny” Order dependency (first match wins) Security-focused: no match means deny The matching mechanism has changed Match routes in a part of address space with subnet mask longer or shorter than a set number

Prefix List Syntax ip prefix-list list-name [seq seq] permit|deny address/prefix [ge value] [le value] router(config)# Prefix lists have names and sequence numbers (like route maps) An entry with no le or ge parameter matches exactly the specified prefix An entry with le or ge parameter matches any route within the address space of address/prefix with prefix longer or equal to ge value and shorter or equal to le value

Prefix List Matching Rules
Prefix list entries with no ge or le option match only the specified route Similar to IP access lists with no wildcard bits The matching process also considers subnet mask Which of the following routes will be matched by the ip prefix-list MyList permit / / / /24  

Prefix List Matching Rules
A prefix list entry with ge or le option matches any prefix within specified address space where the subnet mask falls within specified limits Which of the following routes will be matched by: ip prefix-list MyList permit /16 le / / /24 ip prefix-list MyList permit /16 ge / / /24    

More Prefix-list Examples
What will be matched by ip prefix-list A permit /0 ge 32 ip prefix-list B permit /2 ge 17 ip prefix-list C permit /0 le 32 ip prefix-list D permit /0 ip prefix-list E permit /1 le 24 A) All host routes B) Any subnet in class-B address space C) All routes D) Just the default route E) Any prefix in class-A address space covering at least 256 addresses

Prefix List Usage in the BGP Process
neighbor ip-address prefix-list list in router(config-router)# Filter inbound BGP routing updates from the neighbor neighbor ip-address prefix-list list out router(config-router)# Filter outbound BGP routing updates to the neighbor distribute-list prefix-list prefix-list out routing-process router(config-router)# Filters routes redistributed from specified routing process into BGP

BGP Filters — Overview BGP table IGP (OSPF, EIGRP) Incoming neighbor
prefix-list in filter-list in BGP table Incoming neighbor Outgoing neighbor prefix-list out filter-list out IGP (OSPF, EIGRP) My router Distribute list out

Displaying Prefix Lists
show ip prefix-list [list-name] [detail|summary] router# Displays all or specified prefix list Barney#show ip prefix-list detail Prefix-list with the last deletion/insertion: InFilter ip prefix-list InFilter: count: 4, range entries: 3, sequences: , refcount: 2 seq 5 deny /2 le 15 (hit count: 0, refcount: 2) seq 10 deny /3 ge 25 (hit count: 0, refcount: 1) seq 15 deny /8 ge 21 (hit count: 0, refcount: 1) seq 20 permit /0 (hit count: 0, refcount: 1)

Modifying Prefix Lists
show ip prefix-list list-name router# Displays the prefix list and the sequence numbers no ip prefix-list seq seq condition router(config-route-map)# Erases the line with specified sequence number from the prefix list ip prefix-list seq seq condition router(config-route-map)# Inserts the line into the prefix list at the specified point

Prefix-List Example Filtering Customer Prefixes
Requirement: the customer shall only announce prefixes from assigned address space ( /16), with subnet masks no longer than /24 Internet Backup ISP Multi-homed Customer AS123 Backup link Primary ISP Primary link router bgp Primary-ISP-as neighbor Customer prefix-list Cust-A in ! ip prefix-list Cust-A permit /16 le 24

Prefix-List Example Filtering Peer Prefixes
Requirement: the ISP will not accept routes with subnet masks longer than /24, subnet masks from class-B address space shall be no longer than /20 Internet Backup ISP Multi-homed Customer Backup link Primary ISP Primary link router bgp Primary-ISP-as neighbor Backup-ISP prefix-list Peer in ! ip prefix-list Peer permit /2 le 20 ip prefix-list Peer permit /0 le 24

Summary After completing this section, you should be able to perform the following tasks: List the benefits of prefix lists versus IP access lists Describe the applications of prefix lists in BGP networks Configure prefix lists filters Configure filtering of inbound or outbound updates with prefix list

Review Questions What are the benefits of prefix-lists as compared to IP access lists? Why would an ISP with multi-homed customers need prefix lists? Why would an ISP deploy prefix lists against updates from another ISP? How are the prefix lists and the AS-path filters combined?

Route-Maps as BGP Filters

Objectives Upon completion of this section, you will be able to perform the following tasks: Configure route maps as BGP filters Describe the applications of BGP filtering based on route maps Lesson Aim <Enter lesson aim here.>

Route Maps as BGP Filters
Some scenarios require complex filters Filters on IP prefixes coming from specific AS-number Filters on other BGP attributes In some cases, we even need to modify BGP attributes Route-maps provide solution to both requirements

Route Maps — Review Route maps are very complex access lists:
lines in access-lists ê statements in route maps addresses and masks in access-lists ê match conditions in route maps access-list number ê route-map name statements in route-maps are numbered you can insert and delete statements in a route-map you can edit match conditions in a statement route-map statement can modify matched route with ‘set’ option

Route-map Syntax Default statement action is ‘permit’
route-map name [permit|deny sequence] match condition set parameter ! ... Default statement action is ‘permit’ Route not matched by any statement is dropped ‘Permit all’ is achieved by specifying permit without ‘match’ clause (no need to use artificial no-op) Match conditions in one statement are ANDed together First matching statement permits or denies the route

Route-map Conditions Route-map conditions are specified in the match statement. Route-maps can match on: Route’s network number and subnet mask matched with IP prefix-list Route originator BGP next-hop address BGP origin Tag attached to IGP route AS-path BGP community attached to BGP route IGP route type (internal/external …)

Route-map Set Options Route-maps can also change the attributes of BGP routes: origin BGP next-hop weight BGP community Local Preference Multi-exit-discriminator (MED)

Prefix List Usage in the Route Maps
match ip address prefix-list list-name router(config-route-map)# Use prefix list to match routes in route-map match condition match ip next-hop prefix-list list-name router(config-route-map)# Match routes where the next hop matches the conditions in the prefix list match ip route-source prefix-list list-name router(config-route-map)# Match routes received from BGP peer that matches the prefix list

Using Route-Maps as BGP Filters
neighbor ip-address route-map name in | out router(config-router)# Applies a route-map to incoming or outgoing BGP updates Prefixes not permitted by route-map are discarded Route-maps can also change BGP attributes in incoming or outgoing updates Route-maps, filter-lists and prefix-lists are evaluated in sequence (effectively and-ed together)

BGP Filters BGP table IGP (OSPF, EIGRP) My router Incoming neighbor
prefix-list in filter-list in route-map in filter, set attributes prefix-list out filter-list out route-map out filter, set attributes table Incoming neighbor Outgoing neighbor IGP (OSPF, EIGRP) Route-map on Distribute list out redistribution

Summary After completing this section, you should be able to perform the following tasks: Configure route maps as BGP filters Describe the applications of BGP filtering based on route maps

Review Questions Why would you use route-maps on BGP neighbors?
Which BGP attributes can you match with a route-map? Which BGP attributes can you set with a route-map? Where can you use a route-map in BGP? How does a set statement in an outgoing route-map affect the BGP table? How are the route-maps combined with prefix-lists and AS-path filters?

Influencing BGP Route Selection with Weights

Objectives Upon completion of this section, you will be able to perform the following tasks: Describe the usage of BGP weights to influence BGP route selection process Influence BGP route selection process by configuring weights Change BGP weights with AS-path filters Change BGP weights with a route-map Monitor BGP route selection process Lesson Aim <Enter lesson aim here.>

BGP Route Selection Criteria
Prefer highest weight (local to router) Prefer highest local-preference (global within AS) Prefer routes that the router originated Prefer shorter AS paths (only length is compared) Prefer lowest origin code (IGP < EGP < Unknown) Prefer lowest MED Prefer external (EBGP) paths over internal (IBGP) For IBGP paths, prefer path through closest IGP neighbor For EBGP paths, prefer oldest (most stable) path Prefer paths from router with the lower BGP router ID Lesson Aim <Enter lesson aim here.>

Influencing BGP Route Selection
BGP routing policy can be specified by using: Weights, which provide local routing policy (within a router) Local-preference, which provides AS-wide routing policy BGP weights are specified per neighbor default weight as-path based weight complex criteria with route-maps

Applying BGP Weights BGP table Incoming neighbor My router
default weight filter-list weight route-map in (filters, weights)

Configuring Per-Neighbor Weights
neighbor ip-address weight weights router(config-router)# All routes from the BGP neighbor get the specified weight BGP routes with higher weight are preferred Weights are only applied to new incoming updates To enforce new weights, reestablish BGP sessions with your neighbors by using clear ip bgp command

Primary/Backup Provider Customer Configuration
Another Internet Customer Backup ISP Upstream AS Multi-homed Customer Backup link Primary ISP Primary link router bgp Customer-AS neighbor Primary-ISP weight 150 neighbor Backup-ISP weight 100 Routes received from primary ISP should be preferred over routes received from backup ISP

Primary/Backup Provider Routing Policy Results
Customer#show ip bgp BGP table version is 16, local router ID is Status codes: s suppressed, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> i *> i * i *> i * i *> i * i

Configuring Weights Based on AS-path Filters
neighbor ip-address filter-list as-path-acl weight weights router(config-router)# All routes from BGP neighbor that match specified AS-path filter get the configured weight The AS-path filter is applied after the default weight Several AS-path filters can be configured and are applied in sequence Incoming routes not matched by the filter-list AS-path filter with weight option are not discarded, only the weight is not affected Weights are only applied to new incoming updates

Local Traffic Goes Direct Customer Configuration
Another Internet Customer AS 21 Upstream AS Multi-homed Customer Backup link AS 37 Primary link router bgp Customer-AS neighbor Primary-ISP weight 150 neighbor Backup-ISP weight 100 neighbor Backup-ISP filter-list 7 weight 200 ! ip as-path access-list 7 permit _21$ Traffic to customers of backup ISP goes direct

Local Traffic Goes Direct Routing Policy Results
Customer#show ip bgp BGP table version is 16, local router ID is Status codes: s suppressed, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> i * i *> i *> i * i *> i * i

Configuring Weights with Route-Maps
router bgp as-number neighbor ip-address route-map route-map-name in ! route-map route-map-name permit sequence match condition set weight weight router(config)# Weights can be set with route-maps in complex scenarios Routes can be matched on any combination of prefix-lists, AS-path filters or other BGP attributes Routes not matched by the route-map are discarded.

Complex Route Selection Example
Set weight 200 to networks coming from originated in AS 21 router bgp 123 neighbor route-map w200 in ! route-map w200 permit 10 match as-path 47 set weight 200 route-map w200 permit 20 set weight 100 ip as-path access-list 47 permit _21$

Monitoring BGP Route Selection and Weights
show ip bgp router> Displays all BGP routes, best routes are marked with >, weight associated with every route is displayed show ip bgp prefix [mask] router> Displays all paths for specific BGP routes

Monitoring BGP Table show ip bgp router> Displays weights associated with all routes in BGP table. Indicates the best route with “>” Fred#show ip bgp BGP table version is 11, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> i * i *> i * i *> i *> i

Displaying Entries in BGP Table
show ip bgp ip-prefix [mask subnet-mask] router> Displays detailed information about all paths for a single prefix Fred#show ip bgp BGP routing table entry for /8, version 5 Paths: (2 available, best #1, advertised over EBGP) 213 from ( ) Origin IGP, metric 500, localpref 100, valid, external, best from ( ) Origin IGP, metric 1000, localpref 100, valid, external

Summary: All BGP Route-Selection and Filtering Tools
prefix-list in filter-list in route-map in (filters, weights) default weight filter-list weight prefix-list out filter-list out route-map out (filters, ...) BGP table Incoming neighbor Outgoing neighbor IGP (OSPF, EIGRP) Distribute list out My router Route-map on redistribution

Summary After completing this section, you should be able to perform the following tasks: Describe the usage of BGP weights to influence BGP route selection process Influence BGP route selection process by configuring weights Change BGP weights with AS-path filters Change BGP weights with a route-map Monitor BGP route selection process

Review Questions What is the difference between local-preference and weight? How can you set BGP weights? What is the default weight for routes received from a BGP neighbor? How would you implement primary/backup ISP routing policy? When are the weights configured on a neighbor enforced? What is the difference between filter-list in and filter-list weight configuration command?

Implementing Changes in BGP Policy

Objectives Upon completion of this section, you will be able to perform the following tasks: Explain the need for explicit actions when changing BGP policy Use soft reconfiguration to prevent disruptive changes of BGP policies Identify whether the routers are BGP route-refresh capable Use BGP route-refresh to minimize memory usage Lesson Aim <Enter lesson aim here.>

Filter Caveats All filters apply only to new incoming and outgoing updates To change outbound routing policy you have to resend BGP updates to your neighbors To change inbound routing policy you have to force your neighbor to resend the updates to you Traditional mechanism: clear BGP sessions IOS 11.2 enhancement — soft reconfiguration IOS 12.1 enhancement — route refresh

Clearing the BGP Session
clear ip bgp * | ip-adress | peer-group-name router# Tears down the BGP session with all neighbors, specific neighbor or all neighbors in a peer-group All BGP routes are lost after the session is torn down, connectivity through the BGP neighbor is lost New session is reestablished within seconds Full routing update is exchanged once the session is reestablished, resulting in enforcement of new routing policy Processing the full Internet routing table can take a long time — clearing the BGP session is a very disruptive way to implement routing policies

BGP Soft Reconfiguration
Soft reconfiguration was introduced in IOS 11.2 to facilitate non-disruptive changes in BGP routing policies Outbound soft-reconfiguration resends complete BGP table Always enabled, not configurable Inbound soft-reconfiguration stores complete BGP table of your neighbor in router memory

Using Soft Reconfiguration
neighbor ip-address soft-reconfiguration in router(config-router)# Configures inbound soft-reconfiguration for a BGP neighbor Consumes memory for an extra copy of neighbor routes clear ip bgp * | ip-address | peer-group soft out router# Resends all BGP routes to the neighbors Always enabled, no additional memory consumption clear ip bgp * | ip-address | peer-group soft in router# Replays stored neighbor routes through inbound BGP filters Only works with soft reconfiguration enabled

Configuring Soft Reconfiguration Inbound
router(config-router)# neighbor ip-address soft-reconfiguration in Incoming neighbor BGP table route-map in (filters, weights) Copy of updates received from neighbor filter-list weight default weight My router Distribute list in filter-list in

Using Soft Reconfiguration Inbound
router# clear ip bgp ip-address soft in BGP table route-map in (filters, weights) Copy of updates received from neighbor filter-list weight default weight My router Distribute list in filter-list in

Soft Reconfiguration Outbound
router# clear ip bgp ip-address soft out Distribute list out filter-list out route-map out (filters, ...) BGP table replay Outgoing neighbor My router

Soft Reconfiguration-Related Show Commands
Filters and route Filters and route maps maps Outgoing neighbor BGP table Incoming neighbor My router show ip bgp neighbor address received show ip bgp neighbor address advertised show ip bgp neighbor address routes show ip bgp

BGP Route Refresh Inbound soft reconfiguration consumes memory on the receiving router It’s only needed because there is no mechanism in standard BGP to request retransmission of BGP routes BGP route refresh is an optional BGP capability that allows a BGP router to request retransmission of BGP routes from a neighbor

BGP Route Refresh Operation
BGP session Step #1 - Route refresh is negotiated when the BGP session is established Step #4 - RTR-B sends route refresh message to RTR-A Route Refresh message RTR-A RTR-B Step #5 - RTR-A resends all BGP routes to RTR-B BGP routes are resent Step #3 - Operator requests inbound soft reconfiguration Router#clear ip bgp address soft in Step #2 - Inbound routing policy is changed on RTR-B

Using BGP Route Refresh
clear ip bgp * | ip-address | peer-group [ soft ] in 12.1 router# For neighbors that support BGP route refresh, sends route refresh requests For neighbors with inbound soft reconfiguration configured replays stored routes Fails for all other neighbors show ip bgp neighbor [address] router# Displays whether route refresh is negotiated with the neighbor

Show ip bgp neighbor Cisco IOS 12.1 Printout
Router#show ip bgp neighbor BGP neighbor is , remote AS 3, internal link BGP version 4, remote router ID BGP state = Established, up for 02:15:33 Last read 00:00:33, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast: advertised and received Received 1417 messages, 0 notifications, 0 in queue Sent 1729 messages, 2 notifications, 0 in queue Route refresh request: received 9, sent 29 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP table version 188, neighbor version 188 Index 2, Offset 0, Mask 0x4 1 accepted prefixes consume 36 bytes Prefix advertised 322, suppressed 0, withdrawn 230 ... Rest deleted …

Summary After completing this section, you should be able to perform the following tasks: Explain the need for explicit actions when changing BGP policy Use soft reconfiguration to prevent disruptive changes of BGP policies Identify whether the routers are BGP route-refresh capable Use BGP route-refresh to minimize memory usage

Review Questions How can you enforce a new BGP routing policy?
Why is clearing a BGP session a disruptive change in routing policy? Which mechanisms can you use for non-disruptive changes in BGP routing policy? What is the impact of inbound soft reconfiguration? What is the memory and CPU impact of outbound soft reconfiguration? When would you prefer inbound soft reconfiguration over route refresh? How do you determine whether a BGP neighbor supports route refresh?

Limiting the Number of Prefixes Received from a BGP Neighbor

Objectives Upon completion of this section, you will be able to perform the following tasks: Describe the need for limiting the number of routes received from a BGP neighbor Configure BGP maximum-prefix function Monitor BGP maximum-prefix function Lesson Aim <Enter lesson aim here.>

Limiting the Number of Routes Received from a Neighbor
Problem definition: A misconfigured BGP neighbor can send a huge number of prefixes that exhaust router’s memory or overload the CPU (several Internet-wide incidents have already occurred) All other filtering mechanisms only specify what we’re willing to accept but not how much A new tool is needed to establish a hard limit on the number of prefixes received from a neighbor

Maximum-Prefix Command
neighbor ip-address maximum-prefix maximum [threshold] [warning-only] router(config-router)# Controls how many prefixes can be received from a neighbor Optional threshold parameter specifies the percentage where a warning message is logged (default is 75%) Optional warning-only keyword specifies the action on exceeding the maximum number (default is to drop neighborship)

Monitoring Maximum-Prefix Operation
show ip bgp neighbor [address] router# For neighbors with maximum-prefix configured displays the maximum number of prefixes and the warning threshold For neighbors exceeding the maximum number of prefixes displays the reason the BGP session is idle

Monitoring Maximum-Prefix Settings
Barney#show ip bgp neighbors BGP neighbor is , remote AS 387, external link Index 2, Offset 0, Mask 0x4 Community attribute sent to this neighbor BGP version 4, remote router ID BGP state = Established, table version = 6, up for 20:55:10 Last read 00:00:08, hold time is 180, keepalive is 60 seconds Minimum time between advertisement runs is 30 seconds Received 1262 messages, 0 notifications, 0 in queue Sent 1262 messages, 0 notifications, 0 in queue Inbound path policy configured Outbound path policy configured Route map for incoming advertisements is LocPref Route map for outgoing advertisements is BackupComm Connections established 1; dropped 0 Last reset never No. of prefix received 2, maximum limit 5 Threshold for warning message 70%

Actions on Exceeding Maximum Number of Prefixes
Barney# %BGP-4-MAXPFX: No. of prefix received from reaches 4, max 5 %BGP-3-MAXPFXEXCEED: No. of prefix received from : 6 exceed limit 5 Barney#show ip bgp sum BGP table version is 22, main routing table version 22 9 network entries (9/27 paths) using 1920 bytes of memory 5 BGP path attribute entries using 572 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd :02: :00:08 Idle Barney#show ip bgp neighbor BGP neighbor is , remote AS 387, external link ... Last reset 00:00:18, due to : Peer exceeding maximum prefix limit Peer had exceeded the max. no. of prefixes configured. Reduce the no. of prefix and clear ip bgp to restore peering No active TCP connection

Summary After completing this section, you should be able to perform the following tasks: Describe the need for limiting the number of routes received from a BGP neighbor Configure BGP maximum-prefix function Monitor BGP maximum-prefix function

Review Questions Why would you want to limit number of BGP prefixes received from a neighbor? What happens when the number of configured prefixes is exceeded? What happens after the BGP session with an offending neighbor is torn down? When would a directly-connected BGP neighbor stay in idle state?

Summary After completing this lesson, you should be able to perform the following tasks: Configure AS-path filters, prefix lists and route-maps Filter incoming and outgoing BGP updates with AS-path filters, prefix lists and route-maps Influence BGP route selection Monitor and troubleshoot BGP filters Implement non-disruptive BGP policy changes Limit the number of routes received from a BGP neighbor

Blank for Pagination

Route Filtering and Route Selection in BGP

Similar presentations

Presentation on theme: "Route Filtering and Route Selection in BGP"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Route Filtering and Route Selection in BGP

Similar presentations

Presentation on theme: "Route Filtering and Route Selection in BGP"— Presentation transcript:

Similar presentations

About project

Feedback