< Free Open Study > |
8-25 neighbor { ip-address peer- group - name } route-map route-map-name inSyntax Description:
Purpose: A route map is an extremely powerful tool for route filtering and BGP attribute manipulation. Appendix C contains a complete discussion of route map logic. In this section, we will examine common uses of a route map for route filtering and BGP attribute manipulation. Cisco IOS Software Release: 10.0. Peer group support was added in Release 11.0. Configuration Example 1: Basic Route Filter Using an IP Standard Access ListThe configuration in Figure 8-25 will be used for each route map example in this section. Figure 8-25. Configuration Used to Demonstrate the Use of an Input Route Map
Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 __________________________________________________________________________ Router B interface loopback 0 ip address 172.16.0.1 255.255.255.0 ! interface loopback 1 ip address 172.16.1.1 255.255.255.0 ! interface loopback 2 ip address 172.16.2.1 255.255.255.0 ! interface loopback 3 ip address 172.16.3.1 255.255.255.0 ! router bgp 2 neighbor 10.1.1.1 remote-as 1 network 172.16.0.0 mask 255.255.255.0 network 172.16.1.0 mask 255.255.255.0 network 172.16.2.0 mask 255.255.255.0 network 172.16.3.0 mask 255.255.255.0 Before looking at the first route map example, verify that Router A is receiving the four 172.16 prefixes from Router B: rtrA# show ip bgp BGP table version is 5, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i We want to use an input route map on Router A to block network 172.16.2.0/24. We could use a neighbor distribute list (see section 8-6) or prefix list (see section 8-21) to accomplish this task, but because this section concerns route maps, we might as well use one. Configure the following route map on Router A. Releases of Cisco IOS Software prior to 11.2 did not permit the use of an input route map that matched on the IP address. This restriction was removed in Release 11.2 and later versions. Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 route-map filter in ! access-list 1 deny 172.16.2.0 0.0.0.255 access-list 1 permit any ! route-map filter permit 10 match ip address 1 Whenever you change a policy with a neighbor, you need to restart the BGP session by using clear ip bgp * or clear ip bgp neighbor-address. For this example, use clear ip bgp 10.1.1.2. Because we are either denying or permitting a route, we do not need any set commands in the route map. Each route or prefix received from Router B is processed by the input route map with a name filter. The result of a route map is to either permit or deny an action. The action in this example is to permit routes received from a BGP neighbor to be installed in the BGP table. VerificationVerify that the prefix 172.16.2.0/24 has been filtered: rtrA# show ip bgp BGP table version is 22, local router ID is 172.17.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Configuration Example 2: Basic Route Filter Using an IP Extended Access ListAn extended IP access list can be used to match on the incoming prefix and mask. The second subnet/mask portion of the extended access list is used to match the mask length. Configure an aggregate address on Router B in order to generate a prefix with a 22-bit mask length: Router B router bgp 2 network 172.16.0.0 mask 255.255.255.0 network 172.16.1.0 mask 255.255.255.0 network 172.16.2.0 mask 255.255.255.0 network 172.16.3.0 mask 255.255.255.0 aggregate-address 172.16.0.0 255.255.252.0 neighbor 10.1.1.1 remote-as 1 Verify that the aggregate address is being advertised to Router A: rtrA# show ip bgp BGP table version is 10, local router ID is 192.16.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.0.0/22 10.1.1.2 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Now add the route map on Router A to filter the aggregate prefix 172.16.0.0/22: Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 route-map filter in ! access-list 100 deny ip 172.16.0.0 0.0.3.255 255.255.252.0 0.0.0.0 access-list 100 permit ip any any ! route-map filter permit 10 match ip address 100 VerificationVerify that the 172.16.0.0/22 prefix has been filtered on Router A: rtrA# show ip bgp BGP table version is 5, local router ID is 192.16.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 0 2 i *> 172.16.1.0/24 10.1.1.2 0 0 2 i *> 172.16.2.0/24 10.1.1.2 0 0 2 i *> 172.16.3.0/24 10.1.1.2 0 0 2 i Configuration Example 3: Basic BGP Attribute ManipulationAssume that we do not want to block any routes received from a neighbor but we want to adjust one or more BGP attributes. For this example, we will set the weight of all routes received from Router B to 90 using a route map. Because we will apply this policy to all updates from Router B, we do not need a match clause, only a set clause, as shown in the following configuration for Router A: Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 route-map filter in ! route-map filter permit 10 set weight 90 The command neighbor ip-address weight (see section 8-35) would have accomplished the same objective. VerificationVerify that the weight of all routes received from Router B has been set to 90: rtrA# show ip bgp BGP table version is 6, local router ID is 192.16.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 90 2 i *> 172.16.1.0/24 10.1.1.2 0 90 2 i *> 172.16.2.0/24 10.1.1.2 0 90 2 i *> 172.16.3.0/24 10.1.1.2 0 90 2 i Configuration Example 4: Selective BGP Attribute ManipulationIn the preceding example, we set the weight of all routes learned from Router B to 90. In this example, we will set the weight of 172.16.2.0 to 90 and the rest of the weights to 45. This demonstrates the flexibility of using a route map. Modify the configuration on Route A to the following: Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 route-map filter in ! access-list 1 permit 172.16.2.0 0.0.0.255 route-map filter permit 10 match ip address 1 set weight 90 route-map filter permit 20 set weight 45 The second stanza of the route map is the default case. If we had not used a second route map stanza, all routes that did not match IP address 1 would have been blocked. Therefore, it is extremely important that you configure a default route map stanza if needed. VerificationVerify the new weight settings on Router A: rtrA# show ip bgp BGP table version is 6, local router ID is 192.16.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 45 2 i *> 172.16.1.0/24 10.1.1.2 0 45 2 i *> 172.16.2.0/24 10.1.1.2 0 90 2 i *> 172.16.3.0/24 10.1.1.2 0 45 2 i Configuration Example 5: Filter Based on AS Path InformationThe previous examples have made filtering decisions based on the route/prefix information in the neighbor updates. In this example, we will see how to filter routes based on the BGP AS PATH attribute. All the routes from Router B have the same AS path information, but this example demonstrates the required route map syntax. Again, the objective is to set the weight of the routes learned from Router B to 90, but the decision will be based on the AS path information. The decision is to set the weights only on routes originating from a directly connected BGP neighbor. For this case, the AS path to match is The required regular expression is ^2$, as shown in the following configuration for Router A: Router A router bgp 1 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.2 route-map filter in ! ip as-path access-list 1 permit ^2$ route-map filter permit 10 match as_path 1 set weight 90 route-map filter permit 20 Without the second route map stanza, all routes not matching AS path ^2$ would be denied . This might or might not be the result you intended. VerificationVerify the weight settings on Router A: rtrA# show ip bgp BGP table version is 6, local router ID is 192.16.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 172.16.0.0/24 10.1.1.2 0 90 2 i *> 172.16.1.0/24 10.1.1.2 0 90 2 i *> 172.16.2.0/24 10.1.1.2 0 90 2 i *> 172.16.3.0/24 10.1.1.2 0 90 2 i Troubleshooting
|
< Free Open Study > |