Thursday, April 10, 2008

BGP - How to display incoming/outgoing routes before/after filtering

Below you'll find some simple BGP commands that you can use in order to check your policy-control rules (filter-list, distribute-list, route-map, etc.) locally, when you don't have access to the peer neighbor.

This is our initial network....

Incoming Routes : Before filtering (soft-reconfiguration in must be enabled *)


R1#sh ip bgp nei 10.10.10.2 received-routes
% Inbound soft reconfiguration not enabled on 10.10.10.2

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router bgp 1
R1(config-router)#neighbor 10.10.10.2 soft-reconfiguration inbound

R1#sh ip bgp nei 10.10.10.2 received-routes
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 20.20.0.0/16 10.10.10.2 0 0 2 i
*> 20.20.20.0/24 10.10.10.2 0 0 2 i

Total number of prefixes 2

Incoming Routes : After filtering


R1#sh ip bgp nei 10.10.10.2 routes
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 20.20.0.0/16 10.10.10.2 0 0 2 i
*> 20.20.20.0/24 10.10.10.2 0 0 2 i

Total number of prefixes 2

Outgoing Routes : Before filtering


R1#sh ip bgp
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 32768 i
*> 1.1.0.0/16 0.0.0.0 32768 i
s> 1.1.1.0/25 0.0.0.0 0 32768 i
*> 1.1.1.0/24 0.0.0.0 32768 i
*> 20.20.0.0/16 10.10.10.2 0 0 2 i
*> 20.20.20.0/24 10.10.10.2 0 0 2 i

Outgoing Routes : After filtering


R1#sh ip bgp neighbors 10.10.10.2 advertised-routes
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 32768 i
*> 1.1.0.0/16 0.0.0.0 32768 i
*> 1.1.1.0/24 0.0.0.0 32768 i


Time to add some filtering....

Let's apply an inbound prefix-list first:


R1(config)#ip prefix-list R2-IN permit 20.20.0.0/16

R1(config)#router bgp 1
R1(config-router)#neighbor 10.10.10.2 prefix-list R2-IN in

Do an inbound soft reconfig :


R1#clear ip bgp 10.10.10.2 soft in

Incoming Routes : Before filtering


R1#sh ip bgp nei 10.10.10.2 received-routes
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 20.20.0.0/16 10.10.10.2 0 0 2 i
* 20.20.20.0/24 10.10.10.2 0 0 2 i

Total number of prefixes 2

Incoming Routes : After filtering


R1#sh ip bgp nei 10.10.10.2 routes
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 20.20.0.0/16 10.10.10.2 0 0 2 i

Total number of prefixes 1


So filtering works fine on the inbound.

Let's apply an outbound prefix-list now :


R1(config)#ip prefix-list R2-OUT permit 1.0.0.0/8 le 16

R1(config)#router bgp 1
R1(config-router)#neighbor 10.10.10.2 prefix-list R2-OUT out

Do an outbound soft reconfig


R1#clear ip bgp 10.10.10.2 soft out

Outgoing Routes : Before filtering


R1#sh ip bgp
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 32768 i
*> 1.1.0.0/16 0.0.0.0 32768 i
s> 1.1.1.0/25 0.0.0.0 0 32768 i
*> 1.1.1.0/24 0.0.0.0 32768 i
*> 20.20.0.0/16 10.10.10.2 0 0 2 i

Outgoing Routes : After filtering


R1#sh ip bgp nei 10.10.10.2 advertised-routes
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 0.0.0.0 32768 i
*> 1.1.0.0/16 0.0.0.0 32768 i


So filtering works fine on the outbound too.

You can also use the following commands in order to test your policy-controls on your BGP table before you actually apply them.


R1#sh ip bgp ?
community Display routes matching the communities
community-list Display routes matching the community-list
filter-list Display routes conforming to the filter-list
prefix-list Display routes matching the prefix-list
quote-regexp Display routes matching the AS path "regular expression"
regexp Display routes matching the AS path regular expression
route-map Display routes matching the route-map


* : Because soft-reconfiguration creates an extra copy of all routes received per neighbor, you want to be careful when implementing this feature in a production network or a network with many routes/neighbors. Route-refresh is a much better solution; you just miss the functionality of viewing the incoming routes before filtering.

1 comment:

  1. thank you ! very helpful ! Congrats on CCIE ! I failed my and gave up, if not a secret would like to understand your approach to pass CCIE.

    ReplyDelete

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.