Manuals / Allied Telesis / Computer Equipment / Computer Accessories

Allied Telesis x908, X8100 manual Using ACLs as filters, Example Distribute filters

Models: X8100 x908

1 52

Download 52 pages 56.44 Kb

Page 12

Using ACLs as filters

BGP: Configuring Distribute Filters

Using ACLs as filters

When you have created an ACL, you can use it to filter incoming or outgoing update messages for a particular BGP peer, by using the following commands in BGP router mode for the AS.

Filter incoming updates (received from a particular neighbor):

awplus(config-router)# neighbor <neighbor> distribute-list<acl-id> in

Filter outgoing updates (destined for a particular neighbor):

awplus(config-router)# neighbor <neighbor> distribute-list<acl-id> out

The switch will then compare the prefixes in update packets with each entry in the ACL, looking for matches.

If a matching entry has the parameter permit, then there will be effectively no action. If a matching entry has the parameter deny, then the specified prefix will be removed from the update packet.

Once the update packet has been compared against every entry in the ACL, it will be sent to the neighbor (out filters) or processed (in filters), minus any prefixes that have been removed by the filter.

Example: Distribute filters

Filter out one particular route from a neighbor

This example expands on the basic configuration in "BGP: Example" on page 8.

It creates an ACL on the AlliedWare Plus switch that explicitly denies one of the routes that is advertised from the AW neighbor, and explicitly accepts all other routes.

1.Create a named ACL to deny the route 52.0.0.0/8 and accept all others. You need to include a permit any entry because ACLs end in an implicit deny any entry.

awplus(config)# access-list standard list1 deny 52.0.0.0/8 exact awplus(config)# access-list standard list1 permit any

2. Set that ACL as the filter for the BGP neighbor 45.45.45.46.

awplus(config)# router bgp 34567

awplus(config-router)#neighbor 45.45.45.46 distribute-list list1 in

Page 12 Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes

Image 12

Allied Telesis x908 Using ACLs as filters, Example Distribute filters, Filter out one particular route from a neighbor

Contents

Introduction Technical GuideContents IntroductionWhich products and software version does it apply to? BGP Applying Route Maps to Imported RoutesRelated How To Notes Which products and software version does it apply to?BGP updates BGP Concepts and TerminologyBGP peers Update attributes OriginAS-path Next-hopAccess Control List ACL filters BGP Overview of the Available Filter TypesFilter types Distribute filtersExamples for filtering BGP Update messages Difference and Relationship in BGPHierarchy of the Different Filters BGP Example Example Distribute filters on page  Example AS path filters on page  Example Prefix filters on pageBasic configuration Confirming the neighbor relationship AlliedWare switchAlliedWare Plus switch awplus#show ip routeBGP Configuring Distribute Filters About ACLsUsing ACLs as filters Example Distribute filtersFilter out one particular route from a neighbor Filter out a range of prefix lengths awplusconfig# neighbor 45.45.45.46 distribute-list list2 in awplusconfig-router# do show ip routeawplusconfig# router bgp 3. Check that the IP route table now includes all the routesUse a numbered ACL instead of a named ACL awplusconfig-router# do show ip route 4. Check that the IP route table no longer includes 52.0.0.0/8BGP Configuring AS Path Filters AS path listsUsing AS path lists as path filters Example AS path filtersDiscard or allow routes from a neighbor 4. Shut down the neighbor, and then bring it up again a neighbor7. Shut down the neighbor, and then bring it up again Another example An outgoing filter that uses an AS-path listBGP Configuring AS Path Filters BGP Configuring Prefix Filters About prefix listsMask length Using prefix lists as prefix filters Example Prefix filtersawplusconfig-router# neighbor neighbor prefix-list list-name in awplusconfig-router# neighbor neighbor prefix-list list-name outFilter out a range of different prefix lengths BGP Configuring Prefix Filters awplusconfig-router# do show ip routeBGP Configuring Route Maps Structure of a route mapConfiguring a match clause ClausesAn AS path list A community list CaseCase One or more prefixes, by using a prefix list One or more prefixes, by using an ACLConfiguring a set clause A next hop addressAn origin A metric the MED attributeset community community-values additive set weight set atomic-aggregateset extcommunity rtsoo ext-comm-number set ip next-hop ipaddThe effect of different combinations of clauses One match clause with an actionNo match clause and one or more set clauses A match clause and one or more set clausesUpdate from Peer Update 1 to PeerUpdate 2 to Peer Router ASFirst, enter BGP router mode for the AS. The prompt should look like Examples Example B Match on a prefix-list that denies an entryawplusconfig#ip prefix-list test1 permit 52.0.0.0/8 awplusconfig-route-map#set metric4. Apply this route map as the in route map on the neighbor Example D Matching on a next-hop prefix-list Example E Prepending AS numbersawplusconfig-route-map#match ip address awplusconfig-route-map#router bgp1. Configure the AW peer to send out a community number The routes coming from that peer has communityadd ip routem=com entry=1 set commmun=8989 set bgp peer=45.45.45.45 outroutemap=com sendcommunity=yesBGP#show ip route set bgp peer=45.45.45.45 outroutemap=mixed sendcommunity=yes 8. Add that ACL as a distribute-list in-filter on the neighbor route-map marker permit Examples ACLs Path filters Prefix filters Route mapsBGP Applying Route Maps to Imported Routes Syntaxneighbor default-originate Other Uses of Route Mapsneighbor unsuppress-map networkBGP configuration Route map configurationBGP Route Map Filtering Example set local-preference route-map outdef permit OSPF Configuring Route Maps for Filtering and Modifying OSPF Routes MetricInterface Configuring a match clauseA prefix, by using a prefix list A prefix, by using an ACLExternal route type Configuring a set clauseOSPF Applying Route Maps  Set the metric, by using the command set metric