Cis 185 CCNP Route Ch. 7 Implementing BGP - Part 3

CIS 185 CCNP ROUTE
Ch. 7 Implementing BGP – Part 3
Rick Graziani
Cabrillo College
graziani@cabrillo.edu
Last Updated: Spring 2015

Filtering BGP Updates
2
 BGP may receive a high number of routing updates.
 To optimize BGP configuration, route filtering may be applied.
 Prefix lists and route maps (and distribute lists) can be applied to either incoming or
outgoing BGP information, or in any combination.
 Incoming filters the routes that are received from a neighbor before they will be
accepted into the BGP table.
 Outgoing routes must pass the outgoing filter before they will be transmitted to
the neighbor.
 Redistribution from an IGP into BGP: Routes must successfully pass any filter
applied to the redistribution process before the route is injected into the BGP table.
3
 A common scenario where update filtering is used is in
dual-homed enterprise environments.
 In this environment, an enterprise should advertise
only its own address space to the ISPs.
 So not to be a transit autonomous system.
4
BGP Filtering
Using Prefix
Lists
router bgp 65001

neighbor 209.165.201.1 remote-as 65002
neighbor 209.165.201.1 prefix-list ANY-8to24-NET in
!
ip prefix-list ANY-8to24-NET permit 0.0.0.0/0 ge 8 le 24
 The neighbor ip-address prefix-list prefix-list-name {in | out} router configuration

command is used to apply a prefix list to routes from or to a neighbor
 prefix-list ANY-8to24-NET is applied to the incoming advertisements from the
BGP neighbor 209.165.201.1
 Permits routes from:
 0.0.0.0/0: any network
5
 ge 8 le 24: with a mask length from 8 to 24 bits
BGP Filtering Using AS-Path Access Lists
GW1(config)# ip as-path access-list 1 permit ^$

GW1(config)# router bgp 65000
GW1(config-router)# neighbor 209.165.201.1 filter-list 1 out
GW2(config)# ip as-path access-list 1 permit ^$

GW2(config)# router bgp 65000
GW2(config-router)# neighbor 209.165.201.5 filter-list 1 out
 The AS-path access list permits only the empty string, matched by the regular
expression ^$, which represents locally sourced routes.
 By applying this filter list on outgoing information to all neighbors, the customer
announces only its local routes.
6
BGP Filtering Using Route Maps
router bgp 65000

neighbor 209.165.201.1 route-map FILTER in
neighbor 209.165.201.5 route-map FILTER in
!
route-map FILTER permit 10 Allows only a default route (from
match ip address prefix-list DEFAULT-ONLY AS 65100) into the customer’s
match as-path 10 network and assigned a local-
set local-preference 150 preference value of 150
!
route-map FILTER permit 20 Allows only a default route (from
match ip address prefix-list DEFAULT-ONLY AS 65200) into the customer’s
! network, local-preference
ip as-path access-list 10 permit ^65100$ unchanged at 100
7
ip prefix-list DEFAULT-ONLY permit 0.0.0.0/0
Peer Groups
8
Peer Groups
 In BGP, many neighbors are often configured with the same update policies
(for example, they have the same filtering applied).
 On a Cisco Systems router, neighbors with the same update policies can be
grouped into peer groups to simplify configuration and, more importantly, to
make updating more efficient and improve performance.
 Peer group – A group of BGP neighbors of the router being configured that
all of the same update policies.
 A neighboring router can only be a part of one peer group.
 When you have many peers, this approach is highly recommended.
 You can use neighbor peer-group-name peer-group or neighbor peer-
group command, the neighbor ip-address peer-group peer-group-name 9
router bgp 65000
neighbor ISP peer-group
neighbor ISP filter-list 10 out
neighbor ISP prefix-list desired-subnets in
neighbor ISP route-map FILTER in
!  Enterprise border router maintains
neighbor 209.165.201.1 remote-as 65100 multiple sessions with ISP neighbors.
neighbor 209.165.201.1 peer-group ISP  These external sessions share a
number of common parameters and
well suited for a peer group.
neighbor 209.165.201.5 peer-group ISP
 Peer group ISP shares multiple
! common parameters:
route-map FILTER permit 10  outgoing filter list
match as-path 20  incoming prefix list
set local-preference 150  incoming route map.
!
route-map FILTER permit 20
!
ip as-path access-list 10 permit ^$
ip as-path access-list 20 permit ^65100_
!
ip prefix-list desired-subnets permit 0.0.0.0/0
ip prefix-list desired-subnets permit 0.0.0.0/0 ge8 le 24
10
router bgp 65000
neighbor ISP peer-group
neighbor ISP filter-list 10 out
neighbor ISP prefix-list DESIRED-SUBNETS in
neighbor ISP route-map FILTER in
!  The filter list references the IP AS-
neighbor 209.165.201.1 remote-as 65100 path access list 10, which allows
advertisements of only the networks
neighbor 209.165.201.1 peer-group ISP
originated in the local autonomous
neighbor 209.165.201.5 remote-as 65200 system.
neighbor 209.165.201.5 peer-group ISP  The incoming prefix list (desired-
! subnets) is used to accept the default
route-map FILTER permit 10 route and subnets whose subnet
match as-path 20 masks are in the range 8 to 24.
set local-preference 150  The route map FILTER sets a higher
local preference for networks received
!
from the primary ISP (autonomous
route-map FILTER permit 20 system 65100).
!
ip as-path access-list 10 permit ^$
ip as-path access-list 20 permit ^65100_
!
ip prefix-list DESIRED-SUBNETS permit 0.0.0.0/0
ip prefix-list DESIRED-SUBNETS permit 0.0.0.0/0 ge8 le 24
11
Home
12
13
http://routeserver.org/
14
*** Swisscom IP+ route server (AS3303) ***
RS_AS3303>show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 164.128.251.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 164.128.251.1

B 0.0.0.0/1 [200/0] via 217.192.89.50, 1w0d
B 0.0.0.0/8 [200/0] via 217.192.89.50, 1w0d
1.0.0.0/8 is variably subnetted, 2333 subnets, 14 masks
B 1.0.0.0/24 [200/500000] via 217.192.89.50, 1w0d
B 1.0.4.0/24 [200/500000] via 217.192.89.50, 1w0d
B 1.0.5.0/24 [200/500000] via 217.192.89.50, 1w0d
B 1.0.6.0/24 [200/500000] via 217.192.89.50, 1w0d
B 1.0.7.0/24 [200/500000] via 217.192.89.50, 1w0d
B 1.0.64.0/18 [200/500000] via 217.192.89.50, 1w0d
B 1.0.128.0/17 [200/500000] via 217.192.89.50, 1w0d
B 1.0.128.0/18 [200/601000] via 217.192.89.50, 1w0d 15
RS_AS3303> show ip route 50.131.192.39
Routing entry for 50.128.0.0/9
Known via "bgp 65098", distance 200, metric 601000
Tag 65000, type internal
Last update from 217.192.89.50 1w0d ago
Routing Descriptor Blocks:
* 217.192.89.50, from 217.192.89.50, 1w0d ago
Route metric is 601000, traffic share count is 1
AS Hops 2
Route tag 65000
MPLS label: none
RS_AS3303>
RS_AS3303> show ip bgp 50.128.0.0
BGP routing table entry for 50.128.0.0/9, version 108942763
BGP Bestpath: deterministic-med
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
(65000) 3320 7922
217.192.89.50 from 217.192.89.50 (138.187.128.158)
Origin IGP, metric 601000, localpref 300, valid, confed-internal, best
Community: 3303:3006 3303:3067 3320:1840 3320:2020 3320:9020
RS_AS3303>
Origin: The route is interior to the originating AS.
Normally when the network command is used (coming)
16
RS_AS3303>show ip bgp summary
BGP router identifier 164.128.251.50, local AS number 65098
BGP table version is 111680963, main routing table version 111680963
543875 network entries using 80493500 bytes of memory
543875 path entries using 34808000 bytes of memory
101872/101869 BGP path/bestpath attribute entries using 13854592 bytes of memory
80043 BGP AS-PATH entries using 3053538 bytes of memory
2582 BGP community entries using 151792 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 132361422 total bytes of memory
BGP activity 16376266/15813174 prefixes, 18467687/17904598 paths, scan interval 60
secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

217.192.89.50 4 65098 1142511 12599 111680963 0 0 1w0d 543875
RS_AS3303>
RS_AS3303>show ip bgp | include 50.128.0.0

*>i 50.128.0.0/9 217.192.89.50 601000 300 0 (65000) 3320 7922 i
*>i 150.128.0.0 217.192.89.50 500100 300 0 (65000) 2603 20965
766 i
RS_AS3303>
RS_AS3303>show ip bgp | include _50.128.0.0
*>i 50.128.0.0/9 217.192.89.50 601000 300 0 (65000) 3320 7922 i
RS_AS3303> 17
18
Cabrillo
19
Last login: Sat Apr 18 13:22:23 on console
Apples-MacBook-Pro:~ rigrazia$ whois cabrillo.edu
<output omitted>
Name Servers:
LOLA.CABRILLO.EDU 207.62.184.53
NS1.CSU.NET
NS2.CSU.NET
NS1.CENIC.ORG
NS2.CENIC.ORG
DNS.CABRILLO.EDU 207.62.184.53
20
21
BelWue (AS553)
route-server> show ip bgp 207.62.187.0
Paths: (1 available, best #1, table default, RIB-failure(2))
Advertised to update-groups:
10 11 16 17 18
Refresh Epoch 1
680 20965 11537 2153 2152
188.1.238.101 (metric 41) from 193.196.190.126 (193.196.190.126)
Origin IGP, metric 0, localpref 210, valid, internal, best
Community: 553:202 680:77 2152:2152 2152:65298 2152:65436 2152:65438
2152:65498 2153:65418 2153:65436 2153:65438 11537:260 11537:910 11537:950
11537:2002 20965:11537 20965:65530 65000:16509
Originator: 193.196.190.68, Cluster list: 193.196.190.126
rx pathid: 0, tx pathid: 0x0
route-server>
22
Swisscom IP-Plus (AS 3303)
RS_AS3303>show ip route 207.62.187.0
Routing entry for 207.62.0.0/16, supernet
Last update from 164.128.32.11 4d20h ago
* 164.128.32.11, from 164.128.32.11, 4d20h ago
AS Hops 2
Route tag 65000
MPLS label: none
RS_AS3303>
RS_AS3303>show ip bgp 207.62.187.0
(65000 65065) 11164 2152
164.128.32.11 from 164.128.32.11 (138.187.128.158)
Community: 3303:1004 3303:1005 3303:3064
RS_AS3303> 23
RS_AS3303>show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
S* 0.0.0.0/0 [1/0] via 164.128.251.1

B 0.0.0.0/1 [200/0] via 164.128.32.11, 7w0d
B 0.0.0.0/8 [200/0] via 164.128.32.11, 7w0d
1.0.0.0/8 is variably subnetted, 521 subnets, 14 masks
B 1.0.0.0/24 [200/500000] via 164.128.32.11, 5w2d
B 1.0.28.0/22 [200/500000] via 164.128.32.11, 1w2d
B 1.0.64.0/18 [200/500000] via 164.128.32.11, 6d20h
B 1.0.128.0/17 [200/500000] via 164.128.32.11, 5d05h
…
24
RS_AS3303>show ip route 207.62.187.0
Last update from 164.128.32.11 4d20h ago
* 164.128.32.11, from 164.128.32.11, 4d20h ago
AS Hops 2
Route tag 65000
MPLS label: none
RS_AS3303>
25
RS_AS3303>show ip bgp summary
Dampening enabled. 0 history paths, 0 dampened paths
BGP activity 1550832/1340755 prefixes, 1763691/1553644 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd
164.128.32.11 4 65098 5376459 211018 10706623 0 0 19w1d 195748
RS_AS3303>
RS_AS3303>show ip bgp | include 207.62.0.0
*>i207.62.0.0/16 164.128.32.11 500000 300 0 (65000 65065) 11164
2152 i
RS_AS3303> 26
RS_AS3303>show ipv6 route 2607:F380:80F::
IPv6 Routing Table - default - 14292 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B 2607:F380::/32 [200/500000]
via 2001:918:0:5::1
RS_AS3303>
RS_AS3303>show bgp ipv6 2607:F380::/32
BGP routing table entry for 2607:F380::/32, version 90699
(65000 65065) 11164 2152
2001:918:0:5::1 from 2001:918:0:5::1 (138.187.128.158)
Community: 3303:1004 3303:1005 3303:3064
% NOTE: This command is deprecated. Please use 'show bgp ipv6 unicast' 27
RS_AS3303>
Swisscom IP-Plus
RS_AS3303>show bgp ipv6 unicast summary
BGP activity 1550858/1340868 prefixes, 1763756/1553766 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd
2001:918:0:5::1 4 65098 1579162 211048 1380262 0 0 19w1d 14289
RS_AS3303>
28
nslookup
 Find your favorite network
29
http://www.traceroute.org/
Optus Route Server Australia (AS7474)
30
.
#####################################################################
Optus BGP Route Viewer

203.202.125.6 route-views.optus.net.au , Sydney , Australia
This router has the complete view of Optus AS7474 National routes.
This router should _not_ be used to verify Optus backbone routing policy.
The best path shown is the current best path _from this router_.
Please contact ipnws@optus.net.au if you have questions or

comments about this service, its use, or if you might be able to
contribute your view.
The Optus route-views server is NOT to be used with ANY automated scripts
unless expressly authorised by Optus.
######################################################################
route-views.optus.net.au>
31
route-views.optus.net.au> show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-
2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
B 216.221.5.0/24 [20/0] via 202.160.242.71, 2w4d

B 216.187.99.0/24 [20/0] via 202.160.242.71, 3w5d
B 210.51.225.0/24 [20/0] via 202.160.242.71, 1w5d
B 210.34.240.0/24 [20/0] via 203.13.132.35, 4d22h
B 209.136.89.0/24 [20/0] via 202.160.242.71, 3w5d
B 209.34.243.0/24 [20/0] via 202.160.242.71, 3w5d
B 205.204.1.0/24 [20/0] via 202.160.242.71, 3w5d
B 205.153.84.0/24 [20/0] via 202.160.242.71, 1w0d
B 204.255.51.0/24 [20/0] via 202.160.242.71, 3w5d
B 204.238.34.0/24 [20/0] via 202.160.242.71, 3d07h
B 204.221.17.0/24 [20/0] via 202.160.242.71, 3w5d
B 204.17.221.0/24 [20/0] via 202.160.242.71, 3w5d
32
route-views.optus.net.au> show ip bgp
BGP table version is 6386965, local router ID is 203.202.125.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

* 2.0.0.0/16 203.13.132.53 0 7474 7473 6453 12654 i
*> 202.160.242.71 0 7473 6453 12654 i
* 203.13.132.35 0 7474 7473 6453 12654 i
* 2.1.0.0/21 203.13.132.53 0 7474 7473 6453 12654 i
*> 202.160.242.71 0 7473 6453 12654 i
* 203.13.132.35 0 7474 7473 6453 12654 i
* 2.1.24.0/24 203.13.132.53 0 7474 7473 6453 12654 i
*> 202.160.242.71 0 7473 6453 12654 i
* 203.13.132.35 0 7474 7473 6453 12654 i
* 3.0.0.0 203.13.132.53 0 7474 7473 15412 9304 80 i
*> 202.160.242.71 0 7473 15412 9304 80 i
* 203.13.132.35 0 7474 7473 15412 9304 80 i
* 3.51.92.0/23 203.13.132.53 0 7474 7473 3356 7018 i
*> 202.160.242.71 0 7473 3356 7018 i
* 203.13.132.35 0 7474 7473 3356 7018 i
* 4.0.0.0/9 203.13.132.53 0 7474 7473 3356 i
*> 202.160.242.71 0 7473 3356 i
33
route-views.optus.net.au>show ip bgp regexp _2152_
BGP table version is 6387372, local router ID is 203.202.125.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

*> 44.0.0.0 202.160.242.71 0 7473 11164 2152 7377 i
* 203.13.132.53 0 7474 7473 11164 2152 7377 i
* 203.13.132.35 0 7474 7473 11164 2152 7377 i
* 63.193.200.0/24 203.13.132.53 0 7474 7473 11164 2152 25664 i
*> 202.160.242.71 0 7473 11164 2152 25664 i
* 203.13.132.35 0 7474 7473 11164 2152 25664 i
* 63.199.32.0/21 203.13.132.53 0 7474 7473 11164 2152 25664 i
*> 202.160.242.71 0 7473 11164 2152 25664 i
* 203.13.132.35 0 7474 7473 11164 2152 25664 i
* 63.199.40.0/22 203.13.132.53 0 7474 7473 11164 2152 25664 i
*> 202.160.242.71 0 7473 11164 2152 25664 i
* 203.13.132.35 0 7474 7473 11164 2152 25664 i
* 63.199.44.0/24 203.13.132.53 0 7474 7473 11164 2152 25664 i
*> 202.160.242.71 0 7473 11164 2152 25664 i
34
.
route-views.optus.net.au>show ip route 207.62.187.0
Tag 7473, type external
Last update from 202.160.242.71 2w4d ago
* 202.160.242.71, from 202.160.242.71, 2w4d ago
AS Hops 3
Route tag 7473
65535 – This AS
7473 – Next AS
35
.
route-views.optus.net.au>show ip bgp 207.62.187.0
Paths: (3 available, best #1, table Default-IP-Routing-
Table)
7473 11164 2152
202.160.242.71 from 202.160.242.71 (202.160.242.71)
Origin IGP, localpref 100, valid, external, best
Community: 7473:22015 7473:32915
7474 7473 11164 2152
203.13.132.53 from 203.13.132.53 (172.26.32.13)
Origin IGP, localpref 100, valid, external
Community: 7473:22015 7473:32955 7474:1403
7474 7473 11164 2152
203.13.132.35 from 203.13.132.35 (172.26.32.42)
Origin IGP, localpref 100, valid, external
Community: 7473:22015 7473:32915 7474:1403
route-views.optus.net.au> 36
http://www.geektools.com/whois.p
. hp
 .
37
.
 .
38
.
 .
39
http://bgplay.routeviews.org/bgplay/
40
http://www.ripe.net/ris/index.html
41
2152
42
http://www.caida.org
43
CIS 185 CCNP ROUTE
Ch. 7 Implementing BGP – Part 3
Rick Graziani
Cabrillo College
graziani@cabrillo.edu
Last Updated: Spring 2015

Cis 185 CCNP Route Ch. 7 Implementing BGP - Part 3

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cis 185 CCNP Route Ch. 7 Implementing BGP - Part 3

Uploaded by

Copyright:

Available Formats

CIS 185 CCNP ROUTE

Ch. 7 Implementing BGP – Part 3

Last Updated: Spring 2015

router bgp 65001

 The neighbor ip-address prefix-list prefix-list-name {in | out} router configuration

GW1(config)# ip as-path access-list 1 permit ^$

GW2(config)# ip as-path access-list 1 permit ^$

router bgp 65000

Gateway of last resort is 164.128.251.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 164.128.251.1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

RS_AS3303>show ip bgp | include 50.128.0.0

Gateway of last resort is 164.128.251.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 164.128.251.1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

 Find your favorite network

Optus BGP Route Viewer

Please contact ipnws@optus.net.au if you have questions or

Gateway of last resort is 203.202.125.1 to network 0.0.0.0

B 216.221.5.0/24 [20/0] via 202.160.242.71, 2w4d

Network Next Hop Metric LocPrf Weight Path

Network Next Hop Metric LocPrf Weight Path

Last Updated: Spring 2015

You might also like