02-07-2009 02:36 PM - edited 03-04-2019 03:27 AM
hi you all.
I am new to BGP and I am triyng filtering.
Let's say for our peering we have this config:
router bgp 30000
no synchronization
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp dampening
network .......
neighbor Myneighbor remote-as 60000
neighbor Myneighbor send-community
neighbor Myneighbor soft-reconfiguration inbound
neighbor Myneighbor filter-list 1 out
no auto-summary
ip as-path access-list 1 permit ^$
if I change the config as follow:
neighbor Myneighbor remote-as 60000
neighbor Myneighbor send-community
neighbor Myneighbor soft-reconfiguration inbound
neighbor Myneighbor filter-list 1 out
neighbor Myneighbor filter-list 2 in
no auto-summary
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny any
ip as-path access-list 2 permit ^60000_[0-9]*$
ip as-path access-list 2 deny any
will it be correct?
i think this is allowing incoming routes originated on my peer
and the AS related to it. Also I am filtering
in output the routes not originated in my AS
thanks
02-07-2009 03:48 PM
Hi Osvaldo,
Yes
Outbound Filter
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny any
You'll only advertise networks that originated within your AS(30000) to neighboring AS(60000)
Inbound Filter
ip as-path access-list 2 permit ^60000_[0-9]*$
ip as-path access-list 2 deny any
You'll only get networks that originated within AS 60000 and all of its directly attached AS
HTH
Lejoe
02-08-2009 07:31 AM
Thanks very much.
But there is something, as I am filtering in imput I will loose routes. If I add a last ressources route pointing to my peer(ip route 0.0.0.0 O.O.O.0 ip-myneigthbor) will it solve this issue? or it is required thah my peer announce a default route?
Thanks
02-07-2009 07:20 PM
Hi,
You can apply outbound filter-list using a regular expression, however , you cant apply inbound filter directly using regular expression. looking at ur config, the correct config should be:
neighbor Myneighbor remote-as 60000
neighbor Myneighbor soft-reconfiguration
neighbor Myneighbor filter-list 1 out
neighbor Myneighbor route-map BGP in
ip as-path access-list 1 permit ^$
ip as-path access-list 2 permit ^60000_[0-9]*$
route-map BGP
match as-path 2
Pls refer to the bellow link:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml
HTH
Mohamed
02-07-2009 08:03 PM
Hi Mohamed,
You can apply an inbound filter directly using AS-Path access-list, whether you achieve it using a route-map or directly using the neighbor filter-list depends on your objectives.
Lejoe
02-08-2009 05:24 AM
Lejoe,
could u Pls provide me with a documentation link describing regular expression using inbound filter-list directly?
HTH
Mohamed
02-08-2009 03:18 PM
Hi Mohamed
Refer to command reference for as-path access-list, which mentions an inbound filter can be applied using neighbor filter-list
http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp2.html#wp1015697
An example
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a83.shtml
Most examples use a route-map to apply as-path access-list inbound, probably this could be reason for the confusion.
HTH
Lejoe
02-08-2009 03:20 PM
Thanks very much.
But there is something, as I am filtering in imput I will loose routes. If I add a last ressources route pointing to my peer(ip route 0.0.0.0 O.O.O.0 ip-myneigthbor) will it solve this issue? or it is required thah my peer announce a default route?
Thanks
02-08-2009 03:28 PM
Hi Osvaldo,
If you are not getting complete routes then adding a default-route makes sense.
You can add a static default route
ip route 0.0.0.0 0.0.0.0 next-hop
or have you could have your neighbor announce a default route.
eg: neighbor ip-address default-originate (assuming a static default route already exists on the router)
And if you want to use explicit deny at the end your as-path access-list, use the regular expression .* and not the keyword any
ip as-path access-list 1 deny .*
HTH
Lejoe
02-09-2009 01:17 AM
Hy
I thank you very much.
I am getting full routing table but If I do the filtering I migth loose routes. That is why I talked about default route.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: