Scribd Logo
Upload

Welcome to Scribd!

  • BGP Route Filtering Concepts

    Uploaded by

    mariamalhaikii
    2 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views5 pages

    BGP Route Filtering Concepts

    Uploaded by

    mariamalhaikii

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    BGP Route Filtering Concepts

    Route filtering selectively identifies routes that are advertised or received from neighbor routers.
    Route filtering may be used to manipulate traffic flows, reduce memory utilization, or improve
    security.

    1. Prefix-Based Filtering:

    • Scenario: You have a network where you want to block traffic to a specific set of IP
    addresses, say a range associated with a known malicious host.

    • Solution: Configure prefix-based filtering to deny routes with prefixes corresponding


    to the malicious IP range. For example, if the malicious IP range is 192.0.2.0/24, you
    would configure your router to reject routes with this prefix.

    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> prefix-list malicious-prefixes in

    ip prefix-list malicious-prefixes seq 10 deny 192.0.2.0/24

    ip prefix-list malicious-prefixes seq 20 permit any

    2. AS Path Filtering:

    • Scenario: You're a network provider and want to avoid routes that traverse certain
    ASes known for congestion or unreliability.

    • Solution: Implement AS path filtering to block routes that include ASes you want to
    avoid. For instance, if AS 65001 is known for congestion, configure your router to
    reject routes containing AS 65001 in their AS path.

    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> filter-list 1 in

    ip as-path access-list 1 deny _65001_

    ip as-path access-list 1 permit .*

    3. Community-Based Filtering:

    • Scenario: You're a service provider and want to prioritize routes from premium
    customers over regular customers.

    • Solution: Use BGP communities to tag routes from premium customers and regular
    customers differently. Then, configure your routers to prefer routes tagged with the
    premium customer community over others.
    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> route-map customer-priority in

    route-map customer-priority permit 10

    match community 100:1

    set local-preference 200

    route-map customer-priority permit 20

    match community 100:2

    set local-preference 100

    route-map customer-priority deny 30

    4. Route Maps:

    • Scenario: You want to permit routes only from a specific set of prefixes and deny all
    others.

    • Solution: Create a route map that matches the desired prefixes and denies all other
    routes. For example, you might permit routes from 10.0.0.0/8 and 192.168.0.0/16
    while denying all other prefixes.

    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> route-map permit-only in

    ip prefix-list permit-prefixes seq 10 permit 10.0.0.0/8

    ip prefix-list permit-prefixes seq 20 permit 192.168.0.0/16

    route-map permit-only permit 10

    match ip address prefix-list permit-prefixes

    route-map permit-only deny 20

    5. Prefix Lists and AS Path Lists:

    • Scenario: You want to permit routes from your internal networks while blocking
    routes from external sources.
    • Solution: Create a prefix list containing the prefixes of your internal networks and use
    it to permit routes from those networks while denying routes from external sources.

    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> prefix-list prefix-list-name in

    ip prefix-list internal-prefixes seq 10 permit 10.0.0.0/8

    ip prefix-list internal-prefixes seq 20 permit 192.168.0.0/16

    6. Regular Expressions:

    • Scenario: You want to match AS paths with specific patterns, such as AS paths
    starting with AS 6500.

    • Solution: Use regular expressions to define a pattern for AS paths starting with AS
    6500, then configure your router to permit or deny routes matching this pattern
    accordingly.

    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> filter-list 101 in

    ip as-path access-list 101 permit ^6500_

    This configuration allows only routes with AS paths starting with 6500.

    7. Filtering based on Attributes:

    • Scenario: You have multiple paths to the same destination and want to prefer routes
    with a lower MED (Multi-Exit Discriminator) value.

    • Solution: Configure your router to prioritize routes with lower MED values over others.
    This ensures that traffic is directed through the paths with better metrics.

    Configuration

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> weight 500

    In this example, the weight attribute is set to 500 for routes received from the
    specified neighbor, making them more preferable compared to routes received from
    other neighbors.
    BGP Path Selection

    Description: BGP is a path-vector routing protocol that uses various attributes to determine the best
    path to reach a destination network. When multiple paths exist to the same destination, BGP
    employs a set of predefined rules to select the optimal path, known as the BGP path selection
    process.

    Scenario: Consider a scenario where your network has multiple connections to the internet via
    different ISPs. You want to ensure that outgoing traffic follows the most optimal path based on factors
    like path length, AS path, origin type, and various BGP attributes.

    Solution: BGP path selection follows a defined sequence of steps to choose the best path among
    multiple available paths. The selection process considers several attributes in a specific order. The
    path with the highest priority attribute is chosen as the best path. If multiple paths have the same
    attribute value, subsequent attributes are considered until a definitive best path is determined.

    BGP Path Selection Criteria (in order of priority):

    1. Weight: Locally assigned value by the network administrator. The path with the highest
    weight is preferred.

    2. Local Preference: Indication of the preferred exit point for outgoing traffic within the local
    AS. Higher local preference values are preferred.

    3. AS Path Length: Shortest AS path to reach the destination. Paths with fewer AS hops are
    preferred.

    4. Origin Type: Preference given to routes with a more reliable origin type. The order of
    preference is IGP (Interior Gateway Protocol) > EGP (Exterior Gateway Protocol) >
    Incomplete.

    5. Multi-Exit Discriminator (MED): Used to influence incoming traffic from neighboring ASes.
    Lower MED values are preferred.

    6. External vs. Internal BGP: Prefer routes learned via eBGP (External BGP) over iBGP (Internal
    BGP) if all other attributes are equal.

    7. IGP Metric to Next-Hop: Preference given to the path with the lowest IGP metric
    (Administrative Distance) to reach the next-hop router.

    8. BGP Router ID: Router with the lowest BGP router ID is preferred.

    9. Cluster List Length: Shorter cluster lists are preferred for iBGP route reflection scenarios.

    10. Peer IP Address: Prefer the path from the peer with the lowest IP address.
    Configuration Example:

    router bgp <your_AS_number>

    neighbor <neighbor_IP_address> weight 500

    neighbor <neighbor_IP_address> route-map local-pref in

    route-map local-pref permit 10

    match ip address 10

    set local-preference 200

    In this example, the router assigns a weight of 500 to routes received from the specified neighbor,
    making them preferable. Additionally, a route map is applied inbound on the neighbor to set a higher
    local preference (200) for routes matching the specified IP address (access-list 10).

    You might also like