Allied Telesis X8100, x908 User Manual
Technical Guid e
How To |
Use Route Maps and Other Filters to Filter and Alter
BGP and OSPF Routes
Introduction
ISPs transport large volumes of data. They often have to pay large amounts of money to
transport their data through hired links, or through other providers' networks. Similarly, they
can also charge money for transpor ting other ISPs' data through their network.
Where significant amounts of money are involved, there are typically complex negotiations
involved, and agreements made that are bound by all sorts of rules and restrictions and
guarantees.
Hence, ISPs need to be able to very precisely control which data gets sent and received on
which links.This is achieved by having very precise control over the way the routing tables in
their routers are built.
To that end, the BGP implementation in AlliedWare Plus includes a set of facilities for filtering
routes, and for altering the attributes that are associated with certain routes in BGP update
messages. The main purpose of this document is to give an overview of these features, and
touches on how to configure them. One of the central route manipulation facilities is the
route map.
Route maps can also be used for manipulating OSPF routes, so this document concludes by
describing the use of route maps for OSPF.
C613-16128-00 REV E
alliedtelesis.com
x
Introduction
Contents
Introduction ..................................................................................................................................................................................................................1
Related How To Notes................................................................................................................................................................................ 3
Which products and software version does it apply to?.......................................................................................................... 3
BGP: Concepts and Terminology .....................................................................................................................................................................4
BGP peers ...........................................................................................................................................................................................................4
BGP updates....................................................................................................................................................................................................... 4
Update attributes ............................................................................................................................................................................................5
BGP: Overview of the Available Filter Types.............................................................................................................................................6
Filter types ...........................................................................................................................................................................................................6
Hierarchy of the Different Filters .....................................................................................................................................................................8
BGP: Example....................................................................................................................................................................................................8
Basic configuration ..........................................................................................................................................................................................9
BGP: Configuring Distribute Filters ..............................................................................................................................................................11
About ACLs..................................................................................................................................................................................................... 11
Using ACLs as filters...................................................................................................................................................................................12
Example: Distribute filters .......................................................................................................................................................................12
BGP: Configuring AS Path Filters...................................................................................................................................................................17
AS path lists .....................................................................................................................................................................................................17
Using AS path lists as path filters.........................................................................................................................................................18
Example: AS path filters............................................................................................................................................................................ 18
BGP: Configuring Prefix Filters........................................................................................................................................................................22
About prefix lists........................................................................................................................................................................................... 22
Mask length ...................................................................................................................................................................................................... 22
Using prefix lists as prefix filters........................................................................................................................................................... 23
Example: Prefix filters.................................................................................................................................................................................23
BGP: Configuring Route Maps ........................................................................................................................................................................ 26
Structure of a route map......................................................................................................................................................................... 26
Clauses................................................................................................................................................................................................................27
Configuring a match clause..................................................................................................................................................................... 27
Configuring a set clause ............................................................................................................................................................................ 30
The effect of different combinations of clauses.......................................................................................................................... 33
BGP: Applying Distribute, Path, Prefix, and Route Map Filters to a Peer ..............................................................................35
Examples......................................................................................................................................................................................................................36
BGP: Applying Route Maps to Imported Routes.................................................................................................................................46
Syntax.................................................................................................................................................................................................................. 46
Other Uses of Route Maps ..............................................................................................................................................................................47
neighbor default-originate .......................................................................................................................................................................47
neighbor unsuppress-map .......................................................................................................................................................................47
network.............................................................................................................................................................................................................. 47
show ip bgp .....................................................................................................................................................................................................47
Page 2 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
Introduction
BGP: Route Map Filtering Example ..............................................................................................................................................................48
BGP configuration.........................................................................................................................................................................................48
Route map configuration..........................................................................................................................................................................48
OSPF: Configuring Route Maps for Filtering and Modifying OSPF Routes............................................................................50
Configuring a match clause .....................................................................................................................................................................50
Configuring a set clause ............................................................................................................................................................................51
OSPF: Applying Route Maps ............................................................................................................................................................................52
Related How To Notes
You can also configure route maps on routers and switches running AlliedWare. For details,
see the AlliedWare Note How To Use Route Maps and Other Filters to Filter and Alter BGP and
OSPF Routes. This Note is available from
howto.aspx.
www.alliedtelesis.com/resources/literature/
Which products and software version does it apply to?
This configuration applies to AlliedWare Plus software version 5.2.2-0.4 and above, for the
following Allied Telesis switches:
SwitchBlade x8100 (CFC400, CFC960)
SwitchBlade x908 and SBx908 Extended
x600 and x610 Series Switches
x900 Series switches
Note: This document is a revision of an AlliedWare document, and also applies to the
following AlliedWare products and software versions.
AlliedWare Products: AR440S, AR441S, AR450S, AR725, AR745, AR750S, Rapier i series,
AT-8800 series, AT-9800 series, AT-8948, AT-9924T, AT-9924SP, AT-9924T/4SP, AT-9924Ts,
x900 series.
AlliedWare Software version: 2.7.4 and above.
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 3
BGP: Concepts and Terminology
BGP: Concepts and Terminology
Before moving on to look at the filtering processes, it is important to first have some
understanding of certain aspects of how BGP works. The following sections describe:
BGP peers
BGP updates
Update attributes
BGP peers
Definition Within the BGP protocol, the exchange of routing information is carried out between pairs
of routers. Two routers create a TCP connection with each other, and exchange routing
information as specific data packets within that TCP session. The routers at the ends of the
TCP connection are referred to as BGP peers. Any given router can form peering
relationships with multiple routers.
Usually a BGP router with an ISP will form peer relationships with BGP routers at other ISPs
or clients with which it has entered into data transporting agreements.
The process of BGP filtering usually comes down to a matter of specifying the routes that will
be sent to, or received from, each of a router's peers.
BGP updates
Definition Once a router has established a BGP connection with a peer, it will start to exchange routing
information with that peer. A BGP update message is the packet that is used to transfer the
routing information.
The routing information contained within an update message consists of:
a set of attribute values (see the next section for a description of the possible attributes)
and
a list of one or more prefixes. A prefix is the network portion of an IP address, in dotted
decimal notation, optionally followed by a "/" character and a decimal number from 0 to
32. Each prefix contained within an update message represents a network that can be
reached through the IP address given in the NextHop attribute contained in the same
update message.
Note: There is only one NextHop attribute in an update message, so all the routes in the
update message have the same next hop.
Page 4 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
BGP: Concepts and Terminology
Update attributes
As mentioned above, each BGP update message contains a set of attributes. These attributes
describe some of the properties of the routes, and can be used in making decisions about
which routes to accept and which to reject. Some of the attributes are:
Origin
How a prefix came to be routed by BGP at the origin Autonomous System (AS). Prefixes are
learned from various sources such as directly connected interfaces, manually configured static
routes, or dynamic internal or external routing protocols, and then put into BGP.
AS-path
The list of Autonomous Systems (ASs) through which the announcement for the prefix has
passed. As prefixes pass between Autonomous Systems each one adds its Autonomous
System Number (ASN).
Next-hop
The address of the next node that the router should send packets destined for the specified
prefixes to, in order to get the packets closer to the destination.
Multi-Exit-
A metric expressing the optimal path to reach a par ticular prefix in or behind a particular AS.
Discriminator
(MED)
Local-preference
A metric used in IBGP so each host knows which path inside the AS it should use to reach
the advertised prefix. EBGP peers do not send this value, and ignore it on receipt.
Atomic-aggregate
A non-transitive attribute that allows BGP peers to inform each other about decisions they
have made regarding overlapping routes. Non-transitive means that if the attribute is
received by a device that does not recognise the attribute, it is dropped and not passed on
to the next router.
Aggregator
Can be attached to an aggregated prefix to specify the AS and router that performed the
aggregation.
Community
Indicates where a prefix is relevant to—for example, if it is relevant to the whole Internet, or
just within an AS.
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 5
BGP: Overview of the Available Filter Types
BGP: Overview of the Available Filter Types
The following sections describe the various types of filters that can be applied to BGP
updates and the hierarchy of the filters.
Filter types
There are a number of filter types that can be applied to the BGP updates being exchanged
between BGP peers:
Distribute filters
Distribute list can filter the routing information between the routing protocol (RIP, RIPng,
OSPF, OSPFv3 or BGP) and its IP route table (routing information base - RIB). It has to make
the use of ACL, prefix list, or route map depending on which routing protocol it is configured
for. For BGP, it can only use ACL to match prefix (ip address).
These use ACLs and look at the individual prefixes within an update message. If a prefix
within the update message matches the filter criteria then that individual prefix is filtered out
or accepted depending on what action the filter entry has been configured to carry out.
Note that you cannot combine distribute filters and prefix filters.
AS Path filters
These look at the AS-Path attribute in update messages. If the AS-Path attribute in the
update matches the filter criteria then the whole update message is filtered out or accepted,
depending on what action the filter entry has been configured to carry out.
Prefix filters
These use prefix lists and look at the individual prefixes within an update message. If a prefix
within the update message matches the filter criteria then that individual prefix is filtered out
or accepted depending on what action the filter entry has been configured to carry out.
Note that you cannot combine distribute filters and prefix filters.
Route maps
These are a structured combination of match criteria and actions. They can be used to filter
out routes and also to alter the attributes in update messages.
Access Control List (ACL) filters
ACL is mainly use to limit the network traffic. It can be used by distribute list and route map
to filter the routing updates. ACLs (Access Control Lists) can be used to do a number of
different things on your network, from controlling what type of traffic passes through your
devices to deciding on what routing protocols you wish to be adver tised out of your routers.
Page 6 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
BGP: Overview of the Available Filter Types
Difference and Relationship in BGP
KEY WORD IN COMMAND DEFINABLE FILTER WAY TO APPLY FILTERING
ACL access-list Ye s
Distribute list distribute-list Ye s
Prefix list prefix-list Ye s
AS path list as-path Ye s
Filter list filter-list Ye s
Route map route-map Ye s Ye s
DEFINABLE
FILTER
DISTRIBUTE LIST PREFIX LIST FILTER LIST ROUTE MAP
ACL YES YES
Prefix list YES YES
AS path list YES YES
Route map YES
WAY TO APPLY FILTERING
Ye s
Examples for filtering BGP Update messages
All above filters can be used in incoming or outgoing directions of the update messages. For
ACL, distribute list, AS path list, and prefix list, the order of application is not important. If an
update is denied by any given filter, it is discarded immediately, and is not run through any of
the other filters. If an update is permitted by one filter, it is passed through to the next filter
to be considered. At the end, you end up with the set of updates that all the filters agree
should not be discarded. However, route maps are applied last, after the other types of filter.
This is because route maps can modify updates, not just accept or discard them.
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 7
Hierarchy of the Different Filters
Hierarchy of the Different Filters
For distribute filters (ACLs), path filters, and prefix filters, the order of application is not
important. If an update is denied by any given filter, it is discarded immediately, and is not run
through any of the other filters. If an update is permitted by one filter, it is passed through to
the next filter to be considered. At the end, you end up with the set of updates that all the
filters agree should not be discarded.
However, route maps are applied last, after the other types of filter. This is because route
maps can modify updates, not just accept or discard them.
BGP: Example
This How To Note illustrates each type of filter with an example from a very simple BGP
network. This section describes the basic network configuration. The following sections add
filtering options to it:
"Example: Distribute filters" on page 12
"Example: AS path filters" on page 18
"Example: Prefix filters" on page 23
The network consists of two BGP peers in different Autonomous Systems (AS):
port1.0.2, vlan 64:
64.64.64.64/4
Switch running
AlliedWare Plus
port1.0.1, vlan1:
45.45.45.45/24
port 50, vlan 1:
45.45.45.46/8
Switch running
AlliedWare
port 52, vlan 2:
52.52.52.5/8
ASN 34567
ASN 34568
Page 8 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
Hierarchy of the Different Filters
Basic configuration
This configuration gets the neighbor relationship established and some routes exchanged.
AlliedWare Plus
switch
AlliedWare
switch
Create the second VLAN and associate port1.0.2 with it; assign IP addresses; and configure
BGP.
vlan database
vlan 64 name v64
interface port1.0.2
switchport access vlan 64
interface vlan1
ip address 45.45.45.45/24
interface vlan64
ip address 64.64.64.64/4
router bgp 34567
redistribute connected
neighbor 45.45.45.46 remote-as 34568
Create the second VLAN and associate port52 with it; assign IP addresses; and configure
BGP.
create vlan="v2" vid=2
add vlan="2" port=52
enable ip
set ip autonomous=34568
add ip int=vlan1 ip=45.45.45.46
add ip int=vlan2 ip=52.52.52.5
set bgp ro=45.45.45.46
add bgp pe=45.45.45.45 rem=34567
ena bgp pe=45.45.45.45
add bgp imp=interface
Note: The prefix lengths on the UIP addresses on VLAN1 of the two switches are different.
The VLAN1 address on the AlliedWarePlus switch has prefix length 24, and that on
the AlliedWare switch has prefix length 8. Although this is a non-standard, and not
recommended, configuration, it has been done deliberately for the purposes of the
illustrative examples in this How To Note. By having different prefix lengths on those
addresses, it is clear in the route tables of the two switches which of the 45.x.x.x
routes is a connected route, and which is a BGP-learnt route.
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 9
AlliedWare Plus
switch
AlliedWare
switch
Hierarchy of the Different Filters
Confirming the neighbor relationship
Check that each switch sees the interface route advertised from the other switch. On both
the AlliedWare Plus and AlliedWare switches, use the command show ip route.
awplus#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default
B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:18:10
C 45.45.45.0/24 is directly connected, vlan1
B 52.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:18:10
C 64.0.0.0/4 is directly connected, vlan64
Manager BGP peer> show ip route
IP Routes
--------------------------------------------------------------------Destination Mask NextHop Flags Interface Age
Type Policy Protocol Tag Metrics Pref
---------------------------------------------------------------------
45.0.0.0 255.0.0.0 0.0.0.0 ----- vlan1 2128
direct 0 interface - 1 0
45.45.45.0 255.255.255.0 45.45.45.45 ----- vlan1
3
99
remote 0 bgp - 2 170
52.0.0.0 255.0.0.0 0.0.0.0 ----- vlan2 1642
direct 0 interface - 1 0
64.0.0.0 240.0.0.0 45.45.45.45 S---- vlan1
3
99
remote 0 bgp - 2 170
--------------------------------------------------------------------
Page 10 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
BGP: Configuring Distribute Filters
BGP: Configuring Distribute Filters
Distribute filters use ACLs (Access Control Lists) to filter particular routes on the basis of
their prefixes. Distribute filters and prefix filters both filter individual routes out of BGP
update packets. They are mutually exclusive.
About ACLs
From the point of view of route filtering, an ACL is one or more simple unnumbered filter
entries, each with a prefix and an action of deny or permit.
You can use any of the following syntax options to create the ACL entries. The main
difference is in how you label the ACL—whether you use a name or a number.
access-list standard <name> {deny|permit} <ipadd/prefixlength>
exact-match
access-list <1-99> {deny|permit} <ipadd> <reverse-mask>
access-list <1300-1999> {deny|permit} <ipadd> <reverse-mask>
Entries are unnumbered, so each new entry gets added to the end of the ACL.
Named ACLs Using a standard named ACL lets you specify whether the prefix needs to be an exact match
or not. If you specify exact-match, then routes only match the ACL if they have the specified
prefix length. Otherwise, routes match the ACL if they have a prefix length equal to or longer
than the specified prefix length. For example, if you specify 10.0.0.0/8, then:
without exact-match, the ACL matches all of 10.0.0.0/8–10.0.0.0/32
with exact-match, the ACL only matches 10.0.0.0/8
Numbered
ACLs
Extended ACLs You can also use an extended ACL (number range 100-199, or 2000-2699, or by using the
For numbered ACLs, the mask is a reverse (or wildcard) mask. This is the opposite of a
standard mask in dotted decimal notation. However—in line with industry standards—the
mask value has no effect. The ACL always applies to all prefix lengths.
extended <name> parameter) but there is no advantage to doing so. Extended ACLs
include two prefixes (source and destination), and using two prefixes is meaningless when
filtering routes.
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 11
BGP: Configuring Distribute Filters
Using ACLs as filters
When you have created an ACL, you can use it to filter incoming or outgoing update
messages for a particular BGP peer, by using the following commands in BGP router mode
for the AS.
Filter incoming updates (received from a particular neighbor):
awplus(config-router)#
neighbor <neighbor> distribute-list
<acl-id> in
Filter outgoing updates (destined for a particular neighbor):
awplus(config-router)#
neighbor <neighbor> distribute-list
<acl-id> out
The switch will then compare the prefixes in update packets with each entry in the ACL,
looking for matches.
If a matching entry has the parameter permit, then there will be effectively no action. If a
matching entry has the parameter deny, then the specified prefix will be removed from the
update packet.
Once the update packet has been compared against every entr y in the ACL, it will be sent to
the neighbor (out filters) or processed (in filters), minus any prefixes that have been removed
by the filter.
Example: Distribute filters
Filter out one particular route from a neighbor
This example expands on the basic configuration in "BGP: Example" on page 8.
It creates an ACL on the AlliedWare Plus switch that explicitly denies one of the routes that
is advertised from the AW neighbor, and explicitly accepts all other routes.
1. Create a named ACL to deny the route 52.0.0.0/8 and accept all others. You need
to include a permit any entry because ACLs end in an implicit deny any entry.
awplus(config)#
awplus(config)#
access-list standard list1 deny 52.0.0.0/8 exact
access-list standard list1 permit any
2. Set that ACL as the filter for the BGP neighbor 45.45.45.46.
awplus(config)#
awplus(config-router)#
router bgp 34567
neighbor 45.45.45.46 distribute-list list1 in
Page 12 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
BGP: Configuring Distribute Filters
3. Renew the route exchange by shutting down the neighbor, then bring it up again.
awplus(config-router)#
awplus(config-router)#
neighbor 45.45.45.46 shutdown
neighbor 45.45.45.46 no shutdown
4. Check that the IP route table no longer includes 52.0.0.0/8.
awplus(config-router)#
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default
B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:00:14
C 45.45.45.0/24 is directly connected, vlan1
C 64.0.0.0/4 is directly connected, vlan64
do show ip route
Filter out a range of prefix lengths
This example demonstrates the effect of the exact parameter in the ACL by discarding all
routes to 52.0.0.0 with prefix lengths of 4 or greater.
1. Remove the existing ACL..
awplus(config)#
no access-list standard list1
2. Shut down the neighbor, and then bring it up again.
awplus(config-router)#
awplus(config-router)#
neighbor 45.45.45.46 shutdown
neighbor 45.45.45.46 no shutdown
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 13
3. Check that the IP route table now includes all the routes.
BGP: Configuring Distribute Filters
awplus(config-router)#
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default
B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:01:57
C 45.45.45.0/24 is directly connected, vlan1
B 52.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:01:57
C 64.0.0.0/4 is directly connected, vlan64
do show ip route
4. Add the following ACL entries. When exact is not specified, the ACL entry
matches all masks greater than or equal to the specified mask, so the first entry
below would block routes like 52.0.0.0/8.
awplus(config)#
awplus(config)#
access-list standard list2 deny 52.0.0.0/4
access-list standard list2 permit any
5.
Set that ACL as the filter for the BGP neighbor 45.45.45.46:
awplus(config)#
awplus(config)#
router bgp 34567
neighbor 45.45.45.46 distribute-list list2 in
6. Shut down the neighbor, and then bring it up again.
awplus(config-router)# neighbor 45.45.45.46 shutdown
awplus(config-router)# neighbor 45.45.45.46 no shutdown
Page 14 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
BGP: Configuring Distribute Filters
7. Check that the IP route table no longer includes 52.0.0.0/8.
awplus(config-router)#
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default
B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:00:08
C 45.45.45.0/24 is directly connected, vlan1
C 64.0.0.0/4 is directly connected, vlan64
do show ip route
Use a numbered ACL instead of a named ACL
This example demonstrates a numbered ACL by discarding all routes to 52.0.0.0.
1. Create a numbered ACL.
awplus(config)#
awplus(config)#
access-list 1301 deny 52.0.0.0 0.0.0.255
access-list 1301 permit any
In line with industry standards, the wildcard mask is required but its value has no effect. The
ACL always applies to all prefix lengths.
2. Set that ACL as the filter for the BGP neighbor 45.45.45.46.
awplus(config)#
awplus(config-router)#
router bgp 34567
neighbor 45.45.45.46 distribute-list 1301 in
3. Shut down the neighbor, and then bring it up again.
awplus(config-router)#
awplus(config-router)#
neighbor 45.45.45.46 shutdown
neighbor 45.45.45.46 no shutdown
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 15
BGP: Configuring Distribute Filters
4. Check that the IP route table no longer includes 52.0.0.0/8.
awplus(config-router)#
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default
B 45.0.0.0/8 [20/0] via 45.45.45.46, vlan1, 00:05:30
C 45.45.45.0/24 is directly connected, vlan1
C 64.0.0.0/4 is directly connected, vlan64
do show ip route
Page 16 | Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
Loading...