Allied Telesis X8100, x908 manual BGP Configuring Distribute Filters, About ACLs

Page 11

BGP: Configuring Distribute Filters

BGP: Configuring Distribute Filters

Distribute filters use ACLs (Access Control Lists) to filter particular routes on the basis of their prefixes. Distribute filters and prefix filters both filter individual routes out of BGP update packets. They are mutually exclusive.

About ACLs

From the point of view of route filtering, an ACL is one or more simple unnumbered filter entries, each with a prefix and an action of deny or permit.

You can use any of the following syntax options to create the ACL entries. The main difference is in how you label the ACL—whether you use a name or a number.

access-list standard <name> {denypermit} <ipadd/prefixlength> exact-match

access-list <1-99>{denypermit} <ipadd> <reverse-mask> access-list <1300-1999>{denypermit} <ipadd> <reverse-mask>

Entries are unnumbered, so each new entry gets added to the end of the ACL.

Named ACLs Using a standard named ACL lets you specify whether the prefix needs to be an exact match or not. If you specify exact-match, then routes only match the ACL if they have the specified prefix length. Otherwise, routes match the ACL if they have a prefix length equal to or longer than the specified prefix length. For example, if you specify 10.0.0.0/8, then:

without exact-match, the ACL matches all of 10.0.0.0/8–10.0.0.0/32

with exact-match, the ACL only matches 10.0.0.0/8

Numbered For numbered ACLs, the mask is a reverse (or wildcard) mask. This is the opposite of a ACLs standard mask in dotted decimal notation. However—in line with industry standards—the

mask value has no effect. The ACL always applies to all prefix lengths.

Extended ACLs You can also use an extended ACL (number range 100-199, or 2000-2699, or by using the extended <name> parameter) but there is no advantage to doing so. Extended ACLs include two prefixes (source and destination), and using two prefixes is meaningless when filtering routes.

Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes Page 11

Page 10 Page 12
Image 11
Page 10 Page 12
Contents Technical Guide IntroductionBGP Applying Route Maps to Imported Routes ContentsIntroduction Which products and software version does it apply to?Which products and software version does it apply to? Related How To NotesBGP peers BGP updatesBGP Concepts and Terminology Next-hop Update attributesOrigin AS-pathDistribute filters Access Control List ACL filtersBGP Overview of the Available Filter Types Filter typesDifference and Relationship in BGP Examples for filtering BGP Update messages  Example AS path filters on page  Example Prefix filters on page Hierarchy of the Different Filters BGP Example  Example Distribute filters on pageBasic configuration awplus#show ip route Confirming the neighbor relationshipAlliedWare switch About ACLs BGP Configuring Distribute FiltersFilter out one particular route from a neighbor Using ACLs as filtersExample Distribute filters Filter out a range of prefix lengths 6. Shut down the neighbor, and then bring it up again awplusconfig# neighbor 45.45.45.46 distribute-list list2 in3. Check that the IP route table now includes all the routes Use a numbered ACL instead of a named ACL 4. Check that the IP route table no longer includes 52.0.0.0/8 AS path lists BGP Configuring AS Path FiltersDiscard or allow routes from a neighbor Using AS path lists as path filtersExample AS path filters 7. Shut down the neighbor, and then bring it up again 4. Shut down the neighbor, and then bring it up againa neighbor An outgoing filter that uses an AS-path list Another exampleBGP Configuring AS Path Filters Mask length BGP Configuring Prefix FiltersAbout prefix lists awplusconfig-router# neighbor neighbor prefix-list list-name out Using prefix lists as prefix filtersExample Prefix filters awplusconfig-router# neighbor neighbor prefix-list list-name inFilter out a range of different prefix lengths awplusconfig-router# do show ip route Structure of a route map BGP Configuring Route MapsAn AS path list Configuring a match clauseClauses Case A community listOne or more prefixes, by using an ACL One or more prefixes, by using a prefix listA metric the MED attribute Configuring a set clauseA next hop address An originset community community-values additive set ip next-hop ipadd set weightset atomic-aggregate set extcommunity rtsoo ext-comm-numberA match clause and one or more set clauses The effect of different combinations of clausesOne match clause with an action No match clause and one or more set clausesRouter AS Update from PeerUpdate 1 to Peer Update 2 to PeerFirst, enter BGP router mode for the AS. The prompt should look like awplusconfig-route-map#set metric ExamplesExample B Match on a prefix-list that denies an entry awplusconfig#ip prefix-list test1 permit 52.0.0.0/84. Apply this route map as the in route map on the neighbor awplusconfig-route-map#router bgp Example D Matching on a next-hop prefix-listExample E Prepending AS numbers awplusconfig-route-map#match ip addressset bgp peer=45.45.45.45 outroutemap=com sendcommunity=yes 1. Configure the AW peer to send out a community numberThe routes coming from that peer has community add ip routem=com entry=1 set commmun=8989BGP#show ip route set bgp peer=45.45.45.45 outroutemap=mixed sendcommunity=yes 8. Add that ACL as a distribute-list in-filter on the neighbor route-map marker permit Examples Route maps ACLs Path filters Prefix filtersSyntax BGP Applying Route Maps to Imported Routesnetwork neighbor default-originateOther Uses of Route Maps neighbor unsuppress-mapBGP Route Map Filtering Example BGP configurationRoute map configuration set local-preference route-map outdef permit Interface OSPF Configuring Route Maps for Filtering and Modifying OSPF RoutesMetric External route type A prefix, by using a prefix listA prefix, by using an ACL  Set the metric, by using the command set metric OSPF Applying Route Maps
Related manuals
Manual 8 pages 39.31 Kb Manual 21 pages 8.63 Kb
Top Page Image Contents