Allied Telesis X8100, x908 manual ACLs Path filters Prefix filters, Route maps

Page 45

ACLs

ACLs

Path filters

Prefix filters

Community lists

Route maps

access-list 1 deny x.x.x.x 0.0.0.255

ip as-path access-list <aslist1> ...

... permit <reg-ex>

... deny <reg-ex>

... permit <reg-ex>

ip as-path access-list <aslist2> ...

... permit <reg-ex>

... deny <reg-ex>

ip prefix-list <plist1> ...

... permit x.x.x.x/24

... deny x.x.x.x/24

ip prefix-list <plist2> ...

... permit x.x.x.x/24

... deny x.x.x.x/24

ip community-list <clist1> ...

... deny internet

... permit noexport

Entities in the column above are the possible lists that can be a part of per-peer BGP filtering. These lists can be applied directly to a BGP peer (except for community lists) or added to a route map (middle column), which is then added to a BGP peer (last column).

Ways to use lists in IP route filtering for BGP, with generic command examples

route-map <map1> permit 1 match ip address 1

route-map <map2> deny 1 match as-path <alist2>

route-map <map3> permit 1

match ip address prefix-list <plist2>

ip route-map <map4> permit 1 match community <clist1> set comm-list <clist1> delete

bgp neighbor x.x.x.x distribute-list 1 in

bgp neighbor x.x.x.x filter-list <alist1> in

bgp neighbor x.x.x.x filter-list <alist2> out

bgp neighbor x.x.x.x prefix-list <plist1> in

bgp neighbor x.x.x.x prefix-list <plist2> out

bgp neighbor x.x.x.x route-map <map1> out

bgp neighbor x.x.x.x route-map <map2> in

bgp neighbor x.x.x.x route-map <map3> in

bgp neighbor x.x.x.x route-map <map4> out

Image 45

Contents Technical Guide IntroductionIntroduction ContentsWhich products and software version does it apply to? BGP Applying Route Maps to Imported RoutesWhich products and software version does it apply to? Related How To NotesBGP updates BGP Concepts and TerminologyBGP peers Origin Update attributesAS-path Next-hopBGP Overview of the Available Filter Types Access Control List ACL filtersFilter types Distribute filtersDifference and Relationship in BGP Examples for filtering BGP Update messagesBGP Example Hierarchy of the Different Filters Example Distribute filters on page  Example AS path filters on page  Example Prefix filters on pageBasic configuration Confirming the neighbor relationship AlliedWare switchawplus#show ip route About ACLs BGP Configuring Distribute FiltersUsing ACLs as filters Example Distribute filtersFilter out one particular route from a neighbor Filter out a range of prefix lengths awplusconfig# neighbor 45.45.45.46 distribute-list list2 in 3. Check that the IP route table now includes all the routes6. Shut down the neighbor, and then bring it up again Use a numbered ACL instead of a named ACL 4. Check that the IP route table no longer includes 52.0.0.0/8 AS path lists BGP Configuring AS Path FiltersUsing AS path lists as path filters Example AS path filtersDiscard or allow routes from a neighbor 4. Shut down the neighbor, and then bring it up again a neighbor7. Shut down the neighbor, and then bring it up again An outgoing filter that uses an AS-path list Another exampleBGP Configuring AS Path Filters BGP Configuring Prefix Filters About prefix listsMask length Example Prefix filters Using prefix lists as prefix filtersawplusconfig-router# neighbor neighbor prefix-list list-name in awplusconfig-router# neighbor neighbor prefix-list list-name outFilter out a range of different prefix lengths awplusconfig-router# do show ip route Structure of a route map BGP Configuring Route MapsConfiguring a match clause ClausesAn AS path list Case A community listOne or more prefixes, by using an ACL One or more prefixes, by using a prefix listA next hop address Configuring a set clauseAn origin A metric the MED attributeset community community-values additive set atomic-aggregate set weightset extcommunity rtsoo ext-comm-number set ip next-hop ipaddOne match clause with an action The effect of different combinations of clausesNo match clause and one or more set clauses A match clause and one or more set clausesUpdate 1 to Peer Update from PeerUpdate 2 to Peer Router ASFirst, enter BGP router mode for the AS. The prompt should look like Example B Match on a prefix-list that denies an entry Examplesawplusconfig#ip prefix-list test1 permit 52.0.0.0/8 awplusconfig-route-map#set metric4. Apply this route map as the in route map on the neighbor Example E Prepending AS numbers Example D Matching on a next-hop prefix-listawplusconfig-route-map#match ip address awplusconfig-route-map#router bgpThe routes coming from that peer has community 1. Configure the AW peer to send out a community numberadd ip routem=com entry=1 set commmun=8989 set bgp peer=45.45.45.45 outroutemap=com sendcommunity=yesBGP#show ip route set bgp peer=45.45.45.45 outroutemap=mixed sendcommunity=yes 8. Add that ACL as a distribute-list in-filter on the neighbor route-map marker permit Examples Route maps ACLs Path filters Prefix filtersSyntax BGP Applying Route Maps to Imported RoutesOther Uses of Route Maps neighbor default-originateneighbor unsuppress-map networkBGP configuration Route map configurationBGP Route Map Filtering Example set local-preference route-map outdef permit OSPF Configuring Route Maps for Filtering and Modifying OSPF Routes MetricInterface A prefix, by using a prefix list A prefix, by using an ACLExternal route type  Set the metric, by using the command set metric OSPF Applying Route Maps

Related manuals

Manual 8 pages 39.31 Kb

Manual 21 pages 8.63 Kb