< Free Open Study > |
8-22 neighbor { ip-address peer- group - name } prefix-list prefix-list-name outSyntax Description:
Purpose: To filter outgoing route updates to a particular BGP neighbor based on the IP address and mask length. Only one prefix list can be used per neighbor. The operation of the output prefix list is identical for both IBGP and EBGP neighbors. Using a prefix list is an alternative to using an extended IP access list and a distribution list. Cisco IOS Software Release: 12.0 Configuration Example 1: Allow an Aggregate Route While Blocking the More-Specific RoutesIn Figure 8-21, Router B is advertising four network prefixes and the aggregate of the prefixes to Router A. Router B filters the route update to Router A in order to reject the more-specific routes. Loopbacks are used on Router B to simulate the advertised networks, as shown in the configuration. Figure 8-21. Scenario for Using the neighbor prefix-list out Command
Router A ! interface Serial0 ip address 10.1.1.1 255.255.255.252 ! ! router bgp 1 neighbor 10.1.1.2 remote-as 2 __________________________________________________________________________ Router B ip subnet-zero ! interface Loopback0 ip address 172.16.0.1 255.255.255.0 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ! interface Loopback2 ip address 172.16.2.1 255.255.255.0 ! interface Loopback3 ip address 172.16.3.1 255.255.255.0 ! interface Serial0 ip address 10.1.1.2 255.255.255.252 clockrate 64000 ! router bgp 2 network 172.16.0.0 mask 255.255.255.0 network 172.16.1.0 mask 255.255.255.0 network 172.16.2.0 mask 255.255.255.0 network 172.16.3.0 mask 255.255.255.0 aggregate-address 172.16.0.0 255.255.252.0 neighbor 10.1.1.1 remote-as 1 Before proceeding to the prefix list example, verify that Router A is receiving the routes from Router B: rtrA# show ip bgp BGP table version is 5, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.0.0/22 10.1.1.2 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Modify the BGP configuration on Router B to allow only the aggregate prefix 172.16.0.0/22: Router B router bgp 2 neighbor 10.1.1.1 remote-as 1 neighbor 10.1.1.1 prefix-list aggregate out ! ip prefix-list aggregate seq 5 permit 172.16.0.0/22 The prefix list is similar to a route map. Prefix lists are named, and each statement in a prefix list has a sequence number. Elements in a prefix list are executed in numerical order, and processing stops when a match occurs. Before proceeding, we will discuss the commands available with an IP prefix list: ip prefix-list sequence-number (default) no ip prefix-list sequence-number The default form includes the sequence numbers in the configuration. Using the no form of this command excludes the sequence numbers. If we list our configuration on Router A, we see that the sequence numbers are included in the configuration. By default, the sequence numbers start at 5 and increment by 5: ip prefix-list aggregate seq 5 permit 172.16.0.0/22 Using the no form produces this: ip prefix-list aggregate permit 172.16.0.0/22 If the no form is used, the sequence numbers can be seen using the show ip prefix-list command: rtrA# show ip prefix-list ip prefix-list aggregate: 2 entries seq 5 permit 172.16.0.0/22 The general form of the command is: rtrA(config)# ip prefix-list ? WORD Name of a prefix list sequence-number Include/exclude sequence numbers in NVGEN rtrA(config)# ip prefix-list aggregate ? deny Specify packets to reject description Prefix-list specific description permit Specify packets to forward seq sequence number of an entry The permit and deny statements are used to determine if a prefix is allowed or prevented when received from a neighbor. The description option is useful if you have many prefix lists. We can add a description to our configuration using this: ip prefix-list aggregate description filter specific routes of 172.16.0.0/22 The seq (sequence number) option allows us to apply our own sequence number to each permit or deny statement. If it is not used, the default sequence numbers are applied. After the permit or deny option comes the prefix/length entry: rtrB(config)# ip prefix-list aggregate permit ? A.B.C.D IP prefix <network>/<length>, e.g., 35.0.0.0/8 For our example we used: ip prefix-list aggregate seq 5 permit 172.16.0.0/22 This permits the aggregate advertisement to be sent to Router A. Finally, we can further specify a range for the number of bits to match in the prefix length by using the optional parameters greater than or equal to ( ge ) or less than or equal to ( le ): rtrA(config)# ip prefix-list aggregate permit 172.16.0.0/22 ? ge Minimum prefix length to be matched le Maximum prefix length to be matched <cr> The possibilities are to match the following:
The last form allows the more-specific routes and blocks the aggregate prefix. VerificationThe prefix list can be examined by using the show ip prefix- list or show ip prefix-list detail commands: rtrB# show ip prefix-list ip prefix-list aggregate: 1 entries seq 5 permit 172.16.0.0/22 rtrB# sh ip prefix-list detail Prefix-list with the last deletion/insertion: aggregate ip prefix-list aggregate: count: 1, range entries: 0, sequences: 5 - 5, refcount: 3 seq 5 permit 172.16.0.0/22 (hit count: 1, refcount: 1) Finally, check the BGP routing table on Router A to ensure that the 172.16.0.0/22 prefix has been allowed and that the more-specific prefixes have been filtered: rtrA# show ip bgp BGP table version is 2, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/22 10.1.1.2 0 2 i Configuration Example 2: Allow the More-Specific Prefixes and Block the AggregateFor this example, we will allow the more-specific prefixes and block the aggregate. The first method uses the following prefix list: ip prefix-list aggregate permit 172.16.0.0/24 ip prefix-list aggregate permit 172.16.1.0/24 ip prefix-list aggregate permit 172.16.2.0/24 ip prefix-list aggregate permit 172.16.3.0/24 The following prefix list is a more compact form that achieves the same results: ip prefix-list aggregate permit 172.16.0.0/22 ge 23 The BGP router configuration on Router B remains unchanged. Because there is an implicit deny any at the end of every prefix list, we will let this implicit statement block the aggregate. VerificationAs in the previous example, check the BGP table on Router A to verify that only the more-specific prefixes of 172.16.0.0 are being allowed: rtrA# show ip bgp BGP table version is 5, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Troubleshooting
|
< Free Open Study > |