How to filter prefixes in BGP with prefix-lists

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys so in this short video what we're gonna do is talk about prefix lists now we can filter very very easily based on a per neighbor basis using prefix lists so this is a very short video because I want to show you how to do this is very very simple so I already have BGP up and running you can see I just cleared the neighbors here let me just make sure that I have everything I need in my neighbor table and I do so what I want to do here is I want to filter on r2 I want to filter I'm looking at our own let's pick somebody else here so from let's say that on r2 what I want to do is I want to filter the prefixes that are coming in over on r5 so I do not want them to come in and land in our two's neighbor table or BGP table I should say a very very simple thing that I can do first of all where am I getting these from I'm getting them from one dot one dot one dot one right which is which is our one is my neighbor so what I can do is I can build a prefix list that says I want to deny these sets of prefixes so these these 192 168 fives and then what I can do is I can apply them directly to that neighbor this is perhaps the easiest way to filter on a per neighbor basis in BGP so what I'll do is I'll say IP prefix and I'm going to say deny I'm sorry that I need to give it a name first right so I'm gonna say r5 - filter and then I'm gonna say deny and what we will do is we will go ahead and we will add the network that we want to deny so I'm going to say one ninety two dot one sixty eight dot v dot zero slash 24 and I'm gonna say less than 32 what I'm doing is I'm creating a range I'm saying look anything that's 192 168 five zero slash 24 25 26 all the way up to slash 32 I'm gonna deny now we know that at the end of every prefix list at the end of any ACL period is always going to be a deny everything else so what I need to do is I need to build my permit okay now a lot of folks make this mistake in fact I've made it myself if you watch the distribute the distributions everybody makes it where you going and you say permit zero zero zero slash zero and you go ahead and hit enter here this would actually just allow a default route I still need to say less than 32 because I'm creating a range I'm saying look anything any prefix that falls within all zeros slash zero all the way up to slash 32 that is separate from this range of prefixes I want to allow so let's just take a look at what that prefix list would look like so here's a prefix list called r5 filter that's going to deny 192 168 5 0 slash 24 less than 32 so it's a range okay and it's going to permit everything else now all I need to do here is I need to say router bgp e - let's say do shall run section router bgp and all i'm going to do is i'm going to apply this to my individual neighbor so all I'm gonna do is say neighbor and I'm gonna use the prefix list command and I'm gonna go ahead and give it the name of my prefix filter so there we have it and I'm gonna give this a direction so in other words in which direction do I want to apply these - by the way after this there's no other options so right now what I'm doing is I'm saying look I want to block these in the inbound direction so r1 is gonna advertise them but what I want to do is I actually want to stop them from coming in at r2 okay so right now if I clear my BGP table do clear IP BGP star soft in give it a second you show IP BGP what we should see is we should see the five prefixes disappear and that's exactly what we see we see the four prefixes are here the six prefixes are here but the fives are gone if we scroll back up here just go hopefully we didn't lose it here are the five prefixes that we were originally getting right so now using this prefix list on the individual neighbor we've gone and filtered these out these this is perhaps the easiest simplest way to filter in BGP we can do this in the other direction as well so let's actually go to r5 and let's check I should be getting the seven prefixes over here what we'll do on r5 is we will filter these in the outbound direction whoops sorry that's wrong command there so let's say IP prefix list and I'm gonna give it a name right so what I want to do is I want to give it this name so I'll say r7 - filter and I don't need to give it a sequence although I could and I'm gonna say deny one ninety two dot one sixty eight dot 7.0 slash twenty four less than 32 now again what I need to do in fact let's just leave it here let's leave it here let's say router bgp five and I'm going to say neighbor let me just check how we're set up here don't run section router bgp okay so let's go in and we'll say neighbor 3.33 and I'm gonna say prefix list r7 filter and we're gonna say in the outbound direction okay so we'll say nuclear IP BGP star soft out remember that our prefix list right now only has this deny and remember that at the end of everything else there's a deny alright so if I look at our three what am I getting from r5 I'm getting the five prefixes which are local to r5 and I'm getting the seven prefixes that originated in horn are seven let's say do clear IP v GP star soft in give it one second here let's take do show IP v GP and we can see here that I've essentially killed everything coming in from r5 you can see that now the only prefixes that I'm receiving are our inbound prefixes from r1 okay so what I need to do over on our five is I need to add my other prefix Allah statement so I need to say permit mmm let me exit out of here cheat I like cheating they permit and I'm going to say zero zero zero slash zero less 30 to do show run section prefix so there is the correct way to do it right so we're saying hey I need to anything that fits within this range I want to block anything that's within this range I want to permit do clear i pv GP s-- are soft out let's clear three even though we don't have to we'll do it anyway and we get everything back mm-hmm that came in from five so here's our 192 168 five prefixes but we're no longer getting the sevens and the the reason why we're no longer getting the sevens is because over on five we want by the way ignore these don't worry these are from a and OSPF problem i have on the switch so no worries so so here is the correct way to filter these out the reason why we're not getting the sevens is because we've gone ahead and blocked them in the prefix list now just for you guys here before we end the video if you did not watch the prefix list video i want to give you guys the order of operations right so it's our FPD I always think of the PD as the police department this is for inbound so what this means is that if we are going to go ahead and filter prefixes in the inbound direction this is the order of which they're going to be applied so we have the route map filter list prefix list distribute lists this is one two three four now in the outbound direction so if I want to filter from our five going out to our seven it's the exact same list in the opposite direction so it's one two three four so the last thing that would be processed would be the route map now as I've said in other videos I don't care how you remember this as long as you remember the right order for the right for the right direction so in other words if it's RF PD remember that says inbound right if you remember distribute prefix filter route map remember that that's outbound okay so guys again this is a real short video real easy way to filter the prefix list it's kind of my favorite way to filter in BGP because of the simplicity

Info

Channel: XtremeIE

Views: 21,248

Rating: undefined out of 5

Keywords: BGP Filtering - Prefix Lists, Implement and Troubleshoot BGP Filtering with Prefix Lists, BGP, BGP Filtiering, BGP prefix lists, CCIE R&S, CCIE, CCIE v5, CCIE version 5, JP Cedeno, J.P. Cedeno, BGP filtering, BGP route filtering, BGP details, xie, xtremeie, cisco ccna, cisco ccnp, cisco ccie, cisco

Id: 0cUkVM9dNPA

Channel Id: undefined

Length: 8min 28sec (508 seconds)

Published: Wed Jul 27 2016