Distribute lists, prefix lists, and route maps are BGP advertisement control mechanisms that can be used to normalize the propagation of BGP advertisements throughout the internetwork. They all function in much the same way as access lists in that they can be tweaked to regulate how data is sent through the network. Distribute lists use access lists to decide what routing information will be filtered to govern whether a certain router will send or receive BGP route advertisements with a particular peer. You basically configure a distribute list to permit or deny a router to send or receive BGP advertisements with the distribute-list in or the distribute-list out commands. In addition to update traffic filtering, you can also use distribute lists to filter inbound and outbound protocol traffic by configuring and applying access lists. Prefix lists are easier to configure than traditional routed protocol access lists because the entries are sequentially numbered. This allows for the insertion, deletion, and modification of specific statements. Mechanically, however, they use the same rules for reading and application as a traditional access list.
To apply a distribute list to an IP interface, you should use the neighbor distribute-list command. The complete syntax of the command is as follows : [View full width]
The ip-address parameter is the IP address of the BGP neighbor for which routes will be filtered. The peer-group-name parameter, if applicable , is the name of the peer group. The access-list-number parameter provides the IP standard or extended access list to be applied (1 to 199). The keywords in or out determine whether the access list is to be applied to inbound or outbound advertisements from the specified neighbor. A snippet of sample code to configure a distribute list could look like this: RouterA(config) router bgp 65410 RouterA(config-router)# network 192.168.10.0 RouterA(config-router)# neighbor 10.1.1.2 remote-as 65420 RouterA(config-router)# neighbor 10.1.2.2 remote-as 65430 RouterA(config-router)# neighbor 10.1.1.2 distribute-list 1 out RouterA(config-router)# exit RouterA(config) access-list 1 deny 172.16.0.0 0.0.255.255 RouterA(config) access-list 1 permit any In the preceding sample listing, the distribute list prevents any traffic to major network 172.16.0.0 from being sent outbound to the BGP neighbor at address 10.1.1.2. The last line permits all the rest of the traffic to circumvent the implicit deny statement at the end of every access list. On BGP routers, you can also achieve filtration by implementing a prefix list . Prefix lists offer a combination of the protocol filtration of access lists with the route filtration capability of distribute lists based on network access prefixes. Distribute lists have effectively become obsolete because of the extensive use of prefix lists in Cisco IOS 12.0 and later. Prefix lists work the same way as access lists, except that they offer several important benefits over access lists. Prefix lists are
Prefix lists do have some functional rules that should be adhered to for optimal performance. Consider carefully the following list:
To configure a prefix list, use the following command: ip prefix-list prefix-list-name [permit deny] network-address/len The parameter network-address/len indicates the network prefix and mask length for which the configured action should be used. Use the no ip prefix-list prefix-list-name command to delete an existing prefix list. Figure 9.5 uses a prefix list to force RouterA to send only network prefix (supernet) 169.0.0.0/8 to AS 65410, but not the route to network 169.254.0.0/16. Listing 9.4 lists the RouterA prefix list configuration commands. Listing 9.4 The Prefix List Configuration for RouterARouterA(config)# ip prefix-list justsupernet permit 169.0.0.0/8 RouterA(config)# router bgp 65410 RouterA(config-router)# network 192.168.100.0 RouterA(config-router)# neighbor 10.1.1.2 remote-as 65400 RouterA(config-router)# neighbor 10.1.2.2 remote-as 65420 RouterA(config-router)# aggregate-address 169.0.0.0 255.0.0.0 RouterA(config-router)# neighbor 10.1.1.2 prefix-list justsupernet out RouterA(config-router)# exit RouterA# Figure 9.5. A sample prefix list scenario.
As shown in Figure 9.5, RouterA is a peer with RouterB at address 10.1.1.2 in AS 65400, and RouterC at 10.1.2.2 in AS 65420. The neighbor prefix-list command dictates that RouterA is to use the prefix list named justsupernet to decide which update messages are pushed to BGP peer RouterB. Only the route 169.0.0.0/8 gets sent to RouterB because the implicit deny stops the rest of the routes.
If you want to delete a prefix list, use the following syntax: RouterA(config)# no ip prefix-list list-name The show ip prefix-list command is used with a wide array of keywords and parameters to display information regarding the prefix list policy that is configured on a router. The full syntax for the show ip prefix-list command is as follows: show ip prefix-list [detail-summary] name [ network/len ] [seq seq-num] [longer][ first-match ] When you opt for the detail keyword, it displays information for all prefix lists configured on a router, as well as the description and the number of times the entry has matched a route (hit count). If you issue the show ip prefix-list detail name command, it displays information for the specified prefix list only. The [network/len] parameter displays the policy that is associated with a certain prefix/len value (for example, 169.254.0.0/16) in a prefix list. The seq seq-num parameter denotes a specific prefix list entry's sequence number. The clear ip prefix-list command can be used to clear and reset the hit count that is displayed for a particular prefix-list whenever the show ip prefix-list [detail summary] prefix-list-name command is run. The full syntax is clear ip prefix-list prefix-list-name In spite of the methods used for filtering, particular consideration needs to be given to the size and number of lists that are configured on your router. Because all pertinent traffic is compared to applied access lists and extended access lists line by line, CPU usage increases in proportion to the number and size of applied lists. |