< Free Open Study > |
8-21 : neighbor { ip-address peer- group - name } prefix-list prefix-list-name inSyntax Description:
Purpose: To filter incoming route updates from a particular BGP neighbor based on the IP address and mask length. Only one prefix list can be used per neighbor. The operation of the input prefix list is identical for both IBGP and EBGP neighbors. Using a prefix list is an alternative to using an extended IP access list and a distribute list. Cisco IOS Software Release: 12.0 Configuration Example 1: Allow an Aggregate Route While Blocking the More-Specific RoutesIn Figure 8-20, Router B is advertising four network prefixes and the aggregate of the prefixes to Router A. Router A filters the route update from Router B in order to reject the more-specific routes. Loopbacks are used on Router B to simulate the advertised networks, as shown in the configuration. Figure 8-20. Scenario for Use of the neighbor prefix-list in Command
Router A ! interface Serial0 ip address 10.1.1.1 255.255.255.252 ! router bgp 1 neighbor 10.1.1.2 remote-as 2 ___________________________________________________________________________ Router B ip subnet-zero ! interface Loopback0 ip address 172.16.0.1 255.255.255.0 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ! interface Loopback2 ip address 172.16.2.1 255.255.255.0 ! interface Loopback3 ip address 172.16.3.1 255.255.255.0 ! interface Serial0 ip address 10.1.1.2 255.255.255.252 clockrate 64000 ! router bgp 2 network 172.16.0.0 mask 255.255.255.0 network 172.16.1.0 mask 255.255.255.0 network 172.16.2.0 mask 255.255.255.0 network 172.16.3.0 mask 255.255.255.0 aggregate-address 172.16.0.0 255.255.252.0 neighbor 10.1.1.1 remote-as 1 Before proceeding to the prefix list example, verify that Router A is receiving the routes from Router B: rtrA# show ip bgp BGP table version is 5, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.0.0/22 10.1.1.2 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Modify the BGP configuration on Router A to allow only the aggregate prefix 172.16.0.0/22: Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 prefix-list aggregate in ! ip prefix-list aggregate seq 5 permit 172.16.0.0/22 The prefix list is similar to a route map. Prefix lists are named, and each statement in a prefix list has a sequence number. Elements in a prefix list are executed in numerical order, and processing stops when a match occurs. Before proceeding, we will discuss the commands available with an IP prefix list: ip prefix-list sequence-number (default) no ip prefix-list sequence-number The default form includes the sequence numbers in the configuration. Using the no form of this command excludes the sequence numbers. If we list our configuration on Router A, we see that the sequence numbers are included in the configuration. By default, the sequence numbers start at 5 and increment by 5: ip prefix-list aggregate seq 5 permit 172.16.0.0/22 Using the no form produces this: ip prefix-list aggregate permit 172.16.0.0/22 If the no form is used, the sequence numbers can be seen using the show ip prefix-list command: rtrA# show ip prefix-list ip prefix-list aggregate: 2 entries seq 5 permit 172.16.0.0/22 Here is the general form of the command: rtrA(config)# ip prefix-list ? WORD Name of a prefix list sequence-number Include/exclude sequence numbers in NVGEN rtrA(config)# ip prefix-list aggregate ? deny Specify packets to reject description Prefix-list specific description permit Specify packets to forward seq sequence number of an entry The permit and deny statements are used to determine if a prefix is allowed or prevented when received from a neighbor. The description option is useful if you have many prefix lists. We can add a description to our configuration using this: ip prefix-list aggregate description filter specific routes of 172.16.0.0/22 The seq (sequence number) option allows us to apply our own sequence number to each permit or deny statement. If it is not used, the default sequence numbers are applied. After the permit or deny option comes the prefix/length entry: rtrA(config)# ip prefix-list aggregate permit ? A.B.C.D IP prefix <network>/<length>, e.g., 35.0.0.0/8 For our example we used this: ip prefix-list aggregate seq 5 permit 172.16.0.0/22 This permits the aggregate advertisement received from Router B. Finally, we can further specify a range for the number of bits to match in the prefix length by using the optional parameters greater than or equal to ( ge ) or less than or equal to ( le ): rtrA(config)# ip prefix-list aggregate permit 172.16.0.0/22 ? ge Minimum prefix length to be matched le Maximum prefix length to be matched <cr> The possibilities are to match the following:
The last form allows the more-specific routes and blocks the aggregate prefix. VerificationVerify that Router A is using the prefix list: rtrA# show ip bgp BGP neighbor is 10.1.1.2, remote AS 2, external link Index 1, Offset 0, Mask 0x2 BGP version 4, remote router ID 172.16.3.1 BGP state = Established, table version = 2, up for 01:01:10 Last read 00:00:09, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 172 messages, 0 notifications, 0 in queue Sent 150 messages, 0 notifications, 0 in queue Prefix advertised 0, suppressed 0, withdrawn 0 Incoming update prefix filter list is aggregate Connections established 10; dropped 9 Last reset 01:01:27, due to User reset 1 accepted prefixes consume 32 bytes 0 history paths consume 0 bytes Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Local host: 10.1.1.1, Local port: 11052 Foreign host: 10.1.1.2, Foreign port: 179 The prefix list can be examined by using the show ip prefix- list or show ip prefix-list detail commands: rtrA# show ip prefix-list ip prefix-list aggregate: 1 entries seq 5 permit 172.16.0.0/22 rtrA# show ip prefix-list detail Prefix-list with the last deletion/insertion: aggregate ip prefix-list aggregate: Description: filter specific routes of 172.16.0.0/22 count: 1, range entries: 0, sequences: 5 - 5, refcount: 3 seq 5 permit 172.16.0.0/22 (hit count: 1, refcount: 1) Finally, check the BGP routing table on Router A to ensure that the 172.16.0.0/22 prefix has been allowed and that the more-specific prefixes have been filtered: rtrA# show ip bgp BGP table version is 2, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/22 10.1.1.2 0 2 i Configuration Example 2: Allow the More-Specific Prefixes and Block the AggregateFor this example, we will allow the more-specific prefixes and block the aggregate. The first method uses the following prefix list: ip prefix-list aggregate permit 172.16.0.0/24 ip prefix-list aggregate permit 172.16.1.0/24 ip prefix-list aggregate permit 172.16.2.0/24 ip prefix-list aggregate permit 172.16.3.0/24 Here is a more compact form to achieve the same results: ip prefix-list aggregate permit 172.16.0.0/22 ge 23 The BGP router configuration on Router A remains unchanged. Because there is an implicit deny any at the end of every prefix list, we will let this implicit statement block the aggregate. VerificationAs in the previous example, check the BGP table on Router A to verify that only the more-specific prefixes of 172.16.0.0 are being allowed: rtrA# show ip bgp BGP table version is 5, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Troubleshooting
|
< Free Open Study > |