No topology for this particular post, just some quick notes on BGP filtering which probably won’t be a huge topic on ROUTE as it’s more a Service Provider
So here we go.
BGP Filtering can be done on any router, there are no limitations like in OSPF where filtering is done on specific router types or points in the network.
Filtering can be done for inbound and outbound updates.
After filtering is enabled via filter-list / distribute-list / route-map, neighbor relationships must be reset or cleared to take effect which is done with “clear ip bg * soft [in/out]”
Now any type of filtering must be configured on a router per neighbor via the neighbor statement, whereas in IGP’s you could often just use a single command or two within the protocol itself.
Peer groups is beyond the scope of CCNP just a bit, but in case it does come up on the exam, it is a way to logically group together routers with exact the exact same BGP filtering where it will apply a light of commands across all neighbors in the Peer Group.
To Filter in BGP, you have 4 options:
To show what they require as a next step in the command, I ran them on R1:
R1(config-router)#neighbor 184.108.40.206 distribute-list ?
<1-199> IP access list number
<1300-2699> IP access list number (expanded range)
WORD IP Access-list name
R1(config-router)#neighbor 220.127.116.11 prefix-list ?
WORD Name of a prefix list
R1(config-router)#neighbor 18.104.22.168 filter-list ?
<1-500> AS path access list
R1(config-router)#neighbor 22.214.171.124 route-map ?
WORD Name of route map
R1(config-router)#neighbor 126.96.36.199 route-map (Word)
Now with Route-Maps you can match on ACL’s, Prefix-Lists, AS Path Access-Lists, so these give you the most flexibility.
With BGP, the filter-list does not work as it did with OSPF, where it requires a prefix-list to reference – Instead it wants something called an AS path access list.
The AS Path access-list is configured with the following:
R1(config)#ip as-path access-list ?
<1-500> AS path access list number
R1(config)#ip as-path access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
R1(config)#ip as-path access-list 1 permit ?
LINE A regular-expression to match BGP AS paths. Use “ctrl-v ?” to enter “?”
R1(config)#ip as-path access-list 1 permit 200 ?
R1(config)#ip as-path access-list 1 permit 200 500 ?
R1(config)#ip as-path access-list 1 permit 200 500 300 ?
R1(config)#ip as-path access-list 1 permit 200 500 300
As you can see, this is meant to filter routes based on their AS_PATH, rather than any sort of network or prefix information.
I’m going to move on here, as the ROUTE exam I believe (hope) only really requires you to know of but not need to configure these different filtering types.
My next post I have a great screen snip of Distribute-List’s differences between protocols, then I have a lot of note reviewing for BGP to get to 🙂