Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP filtering

hi you all.

I am new to BGP and I am triyng filtering.

Let's say for our peering we have this config:

router bgp 30000

no synchronization

no bgp fast-external-fallover

bgp log-neighbor-changes

bgp dampening

network .......

neighbor Myneighbor remote-as 60000

neighbor Myneighbor send-community

neighbor Myneighbor soft-reconfiguration inbound

neighbor Myneighbor filter-list 1 out

no auto-summary

ip as-path access-list 1 permit ^$

if I change the config as follow:

neighbor Myneighbor remote-as 60000

neighbor Myneighbor send-community

neighbor Myneighbor soft-reconfiguration inbound

neighbor Myneighbor filter-list 1 out

neighbor Myneighbor filter-list 2 in

no auto-summary

ip as-path access-list 1 permit ^$

ip as-path access-list 1 deny any

ip as-path access-list 2 permit ^60000_[0-9]*$

ip as-path access-list 2 deny any

will it be correct?

i think this is allowing incoming routes originated on my peer

and the AS related to it. Also I am filtering

in output the routes not originated in my AS

thanks

9 REPLIES

Re: BGP filtering

Hi Osvaldo,

Yes

Outbound Filter

ip as-path access-list 1 permit ^$

ip as-path access-list 1 deny any

You'll only advertise networks that originated within your AS(30000) to neighboring AS(60000)

Inbound Filter

ip as-path access-list 2 permit ^60000_[0-9]*$

ip as-path access-list 2 deny any

You'll only get networks that originated within AS 60000 and all of its directly attached AS

HTH

Lejoe

New Member

Re: BGP filtering

Thanks very much.

But there is something, as I am filtering in imput I will loose routes. If I add a last ressources route pointing to my peer(ip route 0.0.0.0 O.O.O.0 ip-myneigthbor) will it solve this issue? or it is required thah my peer announce a default route?

Thanks

Re: BGP filtering

Hi,

You can apply outbound filter-list using a regular expression, however , you cant apply inbound filter directly using regular expression. looking at ur config, the correct config should be:

neighbor Myneighbor remote-as 60000

neighbor Myneighbor soft-reconfiguration

neighbor Myneighbor filter-list 1 out

neighbor Myneighbor route-map BGP in

ip as-path access-list 1 permit ^$

ip as-path access-list 2 permit ^60000_[0-9]*$

route-map BGP

match as-path 2

Pls refer to the bellow link:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml

HTH

Mohamed

Re: BGP filtering

Hi Mohamed,

You can apply an inbound filter directly using AS-Path access-list, whether you achieve it using a route-map or directly using the neighbor filter-list depends on your objectives.

Lejoe

Re: BGP filtering

Lejoe,

could u Pls provide me with a documentation link describing regular expression using inbound filter-list directly?

HTH

Mohamed

Re: BGP filtering

Hi Mohamed

Refer to command reference for as-path access-list, which mentions an inbound filter can be applied using neighbor filter-list

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp2.html#wp1015697

An example

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a83.shtml

Most examples use a route-map to apply as-path access-list inbound, probably this could be reason for the confusion.

HTH

Lejoe

New Member

Re: BGP filtering

Thanks very much.

But there is something, as I am filtering in imput I will loose routes. If I add a last ressources route pointing to my peer(ip route 0.0.0.0 O.O.O.0 ip-myneigthbor) will it solve this issue? or it is required thah my peer announce a default route?

Thanks

Re: BGP filtering

Hi Osvaldo,

If you are not getting complete routes then adding a default-route makes sense.

You can add a static default route

ip route 0.0.0.0 0.0.0.0 next-hop

or have you could have your neighbor announce a default route.

eg: neighbor ip-address default-originate (assuming a static default route already exists on the router)

And if you want to use explicit deny at the end your as-path access-list, use the regular expression .* and not the keyword any

ip as-path access-list 1 deny .*

HTH

Lejoe

New Member

Re: BGP filtering

Hy

I thank you very much.

I am getting full routing table but If I do the filtering I migth loose routes. That is why I talked about default route.

Thanks

354
Views
0
Helpful
9
Replies