02-07-2009 02:36 PM - edited 03-04-2019 03:27 AM
hi you all.
I am new to BGP and I am triyng filtering.
Let's say for our peering we have this config:
router bgp 30000
no synchronization
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp dampening
network .......
neighbor Myneighbor remote-as 60000
neighbor Myneighbor send-community
neighbor Myneighbor soft-reconfiguration inbound
neighbor Myneighbor filter-list 1 out
no auto-summary
ip as-path access-list 1 permit ^$
if I change the config as follow:
neighbor Myneighbor remote-as 60000
neighbor Myneighbor send-community
neighbor Myneighbor soft-reconfiguration inbound
neighbor Myneighbor filter-list 1 out
neighbor Myneighbor filter-list 2 in
no auto-summary
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny any
ip as-path access-list 2 permit ^60000_[0-9]*$
ip as-path access-list 2 deny any
will it be correct?
i think this is allowing incoming routes originated on my peer
and the AS related to it. Also I am filtering
in output the routes not originated in my AS
thanks
02-07-2009 03:48 PM
Hi Osvaldo,
Yes
Outbound Filter
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny any
You'll only advertise networks that originated within your AS(30000) to neighboring AS(60000)
Inbound Filter
ip as-path access-list 2 permit ^60000_[0-9]*$
ip as-path access-list 2 deny any
You'll only get networks that originated within AS 60000 and all of its directly attached AS
HTH
Lejoe
02-08-2009 07:31 AM
Thanks very much.
But there is something, as I am filtering in imput I will loose routes. If I add a last ressources route pointing to my peer(ip route 0.0.0.0 O.O.O.0 ip-myneigthbor) will it solve this issue? or it is required thah my peer announce a default route?
Thanks
02-07-2009 07:20 PM
Hi,
You can apply outbound filter-list using a regular expression, however , you cant apply inbound filter directly using regular expression. looking at ur config, the correct config should be:
neighbor Myneighbor remote-as 60000
neighbor Myneighbor soft-reconfiguration
neighbor Myneighbor filter-list 1 out
neighbor Myneighbor route-map BGP in
ip as-path access-list 1 permit ^$
ip as-path access-list 2 permit ^60000_[0-9]*$
route-map BGP
match as-path 2
Pls refer to the bellow link:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml
HTH
Mohamed
02-07-2009 08:03 PM
Hi Mohamed,
You can apply an inbound filter directly using AS-Path access-list, whether you achieve it using a route-map or directly using the neighbor filter-list depends on your objectives.
Lejoe
02-08-2009 05:24 AM
Lejoe,
could u Pls provide me with a documentation link describing regular expression using inbound filter-list directly?
HTH
Mohamed
02-08-2009 03:18 PM
Hi Mohamed
Refer to command reference for as-path access-list, which mentions an inbound filter can be applied using neighbor filter-list
http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp2.html#wp1015697
An example
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a83.shtml
Most examples use a route-map to apply as-path access-list inbound, probably this could be reason for the confusion.
HTH
Lejoe
02-08-2009 03:20 PM
Thanks very much.
But there is something, as I am filtering in imput I will loose routes. If I add a last ressources route pointing to my peer(ip route 0.0.0.0 O.O.O.0 ip-myneigthbor) will it solve this issue? or it is required thah my peer announce a default route?
Thanks
02-08-2009 03:28 PM
Hi Osvaldo,
If you are not getting complete routes then adding a default-route makes sense.
You can add a static default route
ip route 0.0.0.0 0.0.0.0 next-hop
or have you could have your neighbor announce a default route.
eg: neighbor ip-address default-originate (assuming a static default route already exists on the router)
And if you want to use explicit deny at the end your as-path access-list, use the regular expression .* and not the keyword any
ip as-path access-list 1 deny .*
HTH
Lejoe
02-09-2009 01:17 AM
Hy
I thank you very much.
I am getting full routing table but If I do the filtering I migth loose routes. That is why I talked about default route.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide