- Configure a prefix-list on R4 so that it does not accept any prefixes with a subnet mask greater than /22 from BB3; this prefix-list should be applied through a route-map to the neighbor.
Here is the syntax for a typical prefix-list entry:
ip prefix-list <NAME> seq <Num> {permit|deny} <Subnet>/<Prefix > [ge <Length1>] [le <Length2>]
Entries in a prefix list are processed sequentially, until the first match. As soon as the match is found, the processing is stopped and associated action performed.
The <Subnet>/<Prefix> pair specifies the major subnet that all prefix matching this entry should belong to. For example this could be 192.168.0.0/16 or 172.16.8.0/24 and so on – any valid classless prefix. The modifiers ge and le are optional and used to specify a prefix range. Specifically, a prefix matches the entry if:
a) The prefix is a subnet of <Subnet>/<Prefix>, i.e. the prefix subnet is a subset of <Subnet> and prefix-length is greater than or equal than <Prefix>.
The <Subnet>/<Prefix> pair specifies the major subnet that all prefix matching this entry should belong to. For example this could be 192.168.0.0/16 or 172.16.8.0/24 and so on – any valid classless prefix. The modifiers ge and le are optional and used to specify a prefix range. Specifically, a prefix matches the entry if:
a) The prefix is a subnet of <Subnet>/<Prefix>, i.e. the prefix subnet is a subset of <Subnet> and prefix-length is greater than or equal than <Prefix>.
b) The prefix length is less than or equal to <Length2>. That is, if the le modifier is used, then the prefix length must be within the [<Prefix>,<Length2>] range. For example, with 192.168.0.0/16 le 24 an example of valid prefix is 192.168.2.0/24 or 192.168.0.0/22 as both prefixes are subnets to 192.168.0.0/16 and have prefix-length less than or equal to 24. However, 192.168.2.128/25 will not match the above prefix-list entry.
c) The prefix length is greater than or equal to <Length1> but less than 32 is the ge modifier is used. That is, the prefix-length should be within the[<Length1>,32] range. It’s is obvious that <Length1> should be greater than or equal than <Prefix>. Take for example prefix-list entry 172.16.3.0/24 ge 25. It would match 172.16.3.128/25, 172.16.3.0/30, 172.16.3.1/32 but not the 172.16.3.0/24.
If both le and ge modifiers are in use, the resulting prefix-length range is between <Length1> and <Length2> inclusive. For example, 172.16.0.0/16 ge 24 le 30 would match 172.16.0.0/24, 172.16.3.0/24, 172.16.3.252/30 and so on.
Two common questions with prefix-lists is how to match the default route and match all prefixes. The entries are permit 0.0.0.0/0 and permit 0.0.0.0/0 le 32 respectively. The first entry matches the prefix with the prefix-length of zero and the network part of 0.0.0.0. The second entry matches any subnet of 0.0.0.0/0 which encompasses the whole IPv4 address space.
Prefix lists could be applied directly to a BGP peer using the command
neighbor <IP> prefix-list <NAME {in|out} or using a route-map matching the prefix-list. The latter is a preferable way, as it allows you for more flexible policy editing.
configuration:
R2:
ip prefix-list BLOCK_222 deny 222.22.2.0/24
ip prefix-list BLOCK_222 permit 0.0.0.0/0 le 32
!
router bgp 200
neighbor 192.10.1.254 prefix-list BLOCK_222 in
R4:
ip prefix-list SHORTER_THAN_22 permit 0.0.0.0/0 le 22
!
route-map FROM_BB3 permit 100
match ip address prefix-list SHORTER_THAN_22
!
router bgp 100
neighbor 204.12.1.254 route-map FROM_BB3 in
verification:
before applying the filter at R2:
Rack1R2#show ip bgp
BGP table version is 221, local router ID is 222.22.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 10.0.0.0/24 0.0.0.0 0 32768 i
* i10.0.0.0/22 155.1.0.5 0 100 0 i
* i 155.1.0.5 0 100 0 i
*> 0.0.0.0 32768 i
s i10.0.1.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s i10.0.2.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s> 10.0.3.0/24 0.0.0.0 0 32768 i
*>i28.119.16.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i28.119.17.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i112.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
*>i113.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
Network Next Hop Metric LocPrf Weight Path
*>i114.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i115.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i116.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i117.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i118.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i119.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i155.1.0.0 155.1.13.1 0 100 0 100 i
* i 155.1.45.4 0 100 0 100 i
r i155.1.13.0/24 155.1.23.3 0 100 0 i
r>i 155.1.23.3 0 100 0 i
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.0.0 0.0.0.0 0 32768 i
*> 222.22.1.0 0.0.0.0 0 32768 i
*> 222.22.2.0 192.10.1.254 0 0 254 ?
* i222.22.3.0 155.1.37.7 0 100 0 300 i
*>i 155.1.37.7 0 100 0 300 i
BGP table version is 221, local router ID is 222.22.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 10.0.0.0/24 0.0.0.0 0 32768 i
* i10.0.0.0/22 155.1.0.5 0 100 0 i
* i 155.1.0.5 0 100 0 i
*> 0.0.0.0 32768 i
s i10.0.1.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s i10.0.2.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s> 10.0.3.0/24 0.0.0.0 0 32768 i
*>i28.119.16.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i28.119.17.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i112.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
*>i113.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
Network Next Hop Metric LocPrf Weight Path
*>i114.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i115.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i116.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i117.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i118.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i119.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i155.1.0.0 155.1.13.1 0 100 0 100 i
* i 155.1.45.4 0 100 0 100 i
r i155.1.13.0/24 155.1.23.3 0 100 0 i
r>i 155.1.23.3 0 100 0 i
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.0.0 0.0.0.0 0 32768 i
*> 222.22.1.0 0.0.0.0 0 32768 i
*> 222.22.2.0 192.10.1.254 0 0 254 ?
* i222.22.3.0 155.1.37.7 0 100 0 300 i
*>i 155.1.37.7 0 100 0 300 i
after applying the filter at R2:
Rack1R2#show ip bgp
BGP table version is 222, local router ID is 222.22.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 10.0.0.0/24 0.0.0.0 0 32768 i
* i10.0.0.0/22 155.1.0.5 0 100 0 i
* i 155.1.0.5 0 100 0 i
*> 0.0.0.0 32768 i
s i10.0.1.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s i10.0.2.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s> 10.0.3.0/24 0.0.0.0 0 32768 i
*>i28.119.16.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i28.119.17.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i112.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
*>i113.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
Network Next Hop Metric LocPrf Weight Path
*>i114.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i115.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i116.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i117.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i118.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i119.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i155.1.0.0 155.1.13.1 0 100 0 100 i
* i 155.1.45.4 0 100 0 100 i
r i155.1.13.0/24 155.1.23.3 0 100 0 i
r>i 155.1.23.3 0 100 0 i
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.0.0 0.0.0.0 0 32768 i
*> 222.22.1.0 0.0.0.0 0 32768 i
* i222.22.3.0 155.1.37.7 0 100 0 300 i
*>i 155.1.37.7 0 100 0 300 i
BGP table version is 222, local router ID is 222.22.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
s> 10.0.0.0/24 0.0.0.0 0 32768 i
* i10.0.0.0/22 155.1.0.5 0 100 0 i
* i 155.1.0.5 0 100 0 i
*> 0.0.0.0 32768 i
s i10.0.1.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s i10.0.2.0/24 155.1.37.7 0 100 0 300 100 i
s> 0.0.0.0 0 32768 i
s> 10.0.3.0/24 0.0.0.0 0 32768 i
*>i28.119.16.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i28.119.17.0/24 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i112.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
*>i113.0.0.0 155.1.13.1 0 100 0 100 54 50 60 i
* i 155.1.45.4 0 100 0 100 54 50 60 i
Network Next Hop Metric LocPrf Weight Path
*>i114.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i115.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i116.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i117.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i118.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i119.0.0.0 155.1.13.1 0 100 0 100 54 i
* i 155.1.45.4 0 100 0 100 54 i
*>i155.1.0.0 155.1.13.1 0 100 0 100 i
* i 155.1.45.4 0 100 0 100 i
r i155.1.13.0/24 155.1.23.3 0 100 0 i
r>i 155.1.23.3 0 100 0 i
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.0.0 0.0.0.0 0 32768 i
*> 222.22.1.0 0.0.0.0 0 32768 i
* i222.22.3.0 155.1.37.7 0 100 0 300 i
*>i 155.1.37.7 0 100 0 300 i
Rack1R4#show ip bgp regexp _54$
BGP table version is 36, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i28.119.16.0/24 54.1.1.254 0 100 0 54 i
*>i28.119.17.0/24 54.1.1.254 0 100 0 54 i
*> 114.0.0.0 204.12.1.254 0 54 i
*> 115.0.0.0 204.12.1.254 0 54 i
*> 116.0.0.0 204.12.1.254 0 54 i
*> 117.0.0.0 204.12.1.254 0 54 i
*> 118.0.0.0 204.12.1.254 0 54 i
*> 119.0.0.0 204.12.1.254 0 54 i
No comments:
Post a Comment