Controlling BGP Traffic With Cisco IOS

1. A peering session to another BGP speaking router is initiated in the config router bgp section:

router bgp 10143

neighbor x.x.92.57 remote-as nnn

2. The filter-list order is used to domination which ASN's the router testament hire and send:

router bgp 10143

neighbor x.x.92.57 remote-as nnn

neighbor x.x.92.57 filter-list 40 in

neighbor x.x.92.57 filter-list 3 out

2.1 The filter-list command reads the comparable ip as-path access-list:

ip as-path access-list 3 conform ^$
ip as-path access-list 40 acquiesce ^nnn_

Ip as-path access lists operate unix-like popular expressions to match ASN's. ^$ matches the launch and site of a borderline with blank in it. ^nnn_ matches a border starting with nnn and anything adjacent it.

3. The route-map command is used to exercise one or enhanced route-map rules to network addresses the router will obtain or send. In most cases, it is used to ascendancy particular IP inscription blocks:

router bgp 10143

neighbor x.x.92.57 remote-as nnn

neighbor x.x.92.57 remove-private-as

neighbor x.x.92.57 filter-list 40 in

neighbor x.x.92.57 filter-list 3 out

neighbor x.x.92.57 route-map bgp-full-default-in in

neighbor x.x.92.57 route-map bgp-peer1-out out

3.1 The route-map command reads the similar route-map rules in numerical order:

route-map bgp-peer1-out accord 10

match ip domicile prefix-list bgp-peer1-out

route-map bgp-peer1-out coincide 20

match ip superscription prefix-list bgp-peer1-out-prepend1

set as-path prepend 10143

route-map bgp-peer1-out comply 30

match ip lodging prefix-list bgp-peer1-out-prepend2

set as-path prepend 10143 10143

if the route-map instruction is 'permit', it will avow any network permitted in the prefix-list to be announced by bgp. Provided the instruction is 'deny' it will block any matching network permitted in the prefix-list.

3.2 The ip location prefix-list command reads the analogous ip prefix-list of network addresses:

ip prefix-list bgp-peer1-out seq 1 concur x.x.128.0/17
ip prefix-list bgp-peer1-out seq 2 correspond x.x.0.0/17
ip prefix-list bgp-peer1-out seq 3 agree x.x.0.0/17
ip prefix-list bgp-peer1-out seq 9 assent x.x.64.0/18
ip prefix-list bgp-peer1-out seq 19 permit x.x.0.0/24
ip prefix-list bgp-peer1-out seq 20 permit x.x.1.0/24
ip prefix-list bgp-peer1-out seq 21 permit x.x.5.0/24
ip prefix-list bgp-peer1-out seq 22 permit x.x.6.0/24
ip prefix-list bgp-peer1-out seq 23 permit x.x.7.0/24
ip prefix-list bgp-peer1-out seq 24 permit x.x.8.0/24
ip prefix-list bgp-peer1-out seq 100 permit x.x.236.0/24 .... ip prefix-list bgp-peer1-out seq 1000 deny 0.0.0.0/0 le 32

The ultimate wrinkle of this prefix-list will match any network of any netmask length. In other words, any network not explicitly permitted, will be denied.

4. To summarize, in BGP:

* The filter-list command uses an ip as-path access-list to permit or deny AS numbers

* The route-map command uses a route-map application route-map rules

* The route-map itself uses one or exceeding ip directions prefix-list to permit or deny network label blocks

IMPORTANT NOTE

All Cisco IOS access-lists and prefix-lists posses an IMPLICIT 'deny any' regulation at the end.

But bounteous importantly, whether you cite to a string and that record does not exist or has been removed, then the router will presume the implicit deny any rule.

This way that if you delete a information on the other hand the route-map or filter-list is yet there, then you enjoy told the router to manipulate 'deny any' for that list.

Keywords: