Filtering Long Prefixes

Problem

You do not want to install IP address prefixes longer than 172.18.20.0/19 in the routing table.

Solution

Create a filter that identifies the long prefixes:

	[edit policy-options policy-statement long-prefixes  term 1]
	aviva@router1#  
set from route-filter 172.18.20.0/19 longer 
	aviva@router1#  
set then reject 

Then apply the policy to an EBGP group:

	[edit protocols bgp]
	aviva@router1# set group external-group import long-prefixes

 

Discussion

A second way to filter routes based on their IP address prefixes is to create a route list. Unlike prefix lists, route lists are embedded in the routing policy, not maintained in a separate list, so it can be somewhat harder to maintain them because the same prefixes may be used in different policies. This recipe creates a simple policy that an EBGP group uses to reject all incoming prefixes longer than 172.18.20.0/19. This policy keeps longer prefixes out of the routing table and is somewhat similar to aggregating routes.

In the recipe, the set from route-filter command defines the prefix (172.18.20.0/19) and how to match it (longer). The set then command is a simple action clause to reject matching prefixes. We apply the policy with a set import command to an EBGP group to prevent BGP from installing the long prefixes into the routing table.

Route lists have two advantages over prefix lists. The first is that route lists match prefix ranges instead of the exact matching performed by prefix lists. This recipe uses the longer option to match all prefixes longer than 172.18.20.0/19for example, 172.18.20.0/24. A variation of this uses the orlonger keyword instead of the longer keyword to match the specified prefix and all longer prefixes:

	[edit policy-options policy-statement long-prefixes term 1]
	aviva@router1# set route-filter 172.18.20.0/19 orlonger

The difference between this command and the one in the recipe is that this command will match 172.18.20.0/19, while the set from route-filter 172.18.20.0/19 longer command will not.

There are two other ways to specify address ranges. The upto keyword is, in some sense, the opposite of the longer and orlonger keywords, looking at the high-order bits of the IP address instead of the low-order bits:

	[edit policy-options policy-statement prefixes-to-exclude  term 1]
	aviva@router1# set route-filter 0.0.0.0/0 upto /7 

The following command matches prefixes 0.0.0.0/0, 0.0.0.0/1, and so on, up to 0.0.0.0/7. The final keyword is prefix-length-range:

	[edit policy-options policy-statement prefixes-to-exclude term 1]
	aviva@router1# set route-filter 0.0.0.0/0 prefix-length-range /25-/30

The following command matches IP prefixes in the range 0.0.0.0/25, 0.0.0.0/26, 0.0.0.0/27, 0.0.0.0/28, 0.0.0.0/29, and 0.0.0.0/30 only.

Route lists can also match exactly one prefix, just as prefix lists can:

	[edit policy-options policy-statement long-prefixes  term 1 ]
	aviva@router1# set route-filter 172.18.20.0/24 exact 

A second advantage of route lists over prefix lists is that each prefix can include an action. When a match occurs, the action is taken immediately instead of waiting to reach the then clause. (The action can be any of those listed in Table 9-3.) When the list of prefixes is long, this speeds up the processing of routing traffic. The following simple policy illustrates how this works:

	[edit policy-options policy-statement prefix-policy term 1 ]
	aviva@router1# set from route-filter 0.0.0.0/0 upto /7 accept 
	aviva@router1# set from route-filter 0.0.0.0/0 or longer 
	aviva@router1# set then reject 

This policy accepts prefixes up to /7 and rejects everything longer.

You can also use route lists as another way to manipulate the routing information in a route. Instead of screening routes by protocol or by other routing information they contain, you filter by destination prefix:

	[edit policy-statement set-metric-igp]
	aviva@router1# set term 1 from route-filter 10.12.0.0/16 exact
	aviva@router1# set term 1 from route-filter 172.64.0.0/16 exact
	aviva@router1# set term 1 from route-filter 192.168.0.0/24 exact
	aviva@router1# set term 1 then local-preference 300
	aviva@router1# set term 1 then accept
	aviva@router1# set term 2 then reject
	aviva@router1# show
	policy-statement set-metric-igp {
	 term 1 {
	 from {
	 route-filter 10.12.0.0/16 exact;
	 route-filter 172.64.0.0/16 exact;
	 route-filter 192.168.0.0/24 exact;
	 }
	 then {
	 preference 300;
	 accept;
	 }
	 }
	 term 2 {
	 then reject;
	 }
	}

This configuration sets the BGP local preference value on three specific prefixes and rejects any other prefixes.


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net