NetworkTalk & BGP

A.6) Generalities and definitions of common BGP commands

A.6) Generalities and definitions of common BGP commands

  1. Prefix-list :
    1. Filtering process of IP network numbers can be done through a common use of access-lists by bounding it to either the incoming or outgoing information of neighbor BGP updates.   However, we use an access-list to filter IP-packets, which can ask a lot of CPU and memory resources in our case. Since the standard access-list mainly focus on IP-packets inspection, it does not support the testing of the subnet masks.
      For instance, if we permit 11.11.224.0/19, it will also permit 11.11.224.0/18, which can be an IP block that does not belong to our as-number and is attributed to another ISP. This brings us to use extended access-list and a lot of instructions to edit, with an additional complicated heavy syntax.
    2. Since BGP emphasis route-filtering process, we will use mainly prefix-list configuration. Prefix-list mechanism is based on matching routes in a part of address space with a subnet mask longer or shorter than a set number.  To control incoming and outgoing information to a neighbor, prefix-list in/out instructions will be use.
    3. The following instructions and commands will be often encountered and used (refer Cisco’s website for more information) :
      • ip prefix-list list-name [seq seq-value] {permit | deny} network, under global configuration command
      • ip prefix-list seq seq condition
      • neighbor {ip-address | peer-group-name} prefix-list prefix-listname {in | out}, under router bgp configuration
      • distribute-list {access-list-number | name | prefix-list prefix-listname} out [interfacename| routing-process | autonomous-system-number] , under router bgp configuration
      • show ip prefix-list [detail | summary] name [network/len] [seq seq-num] [longer] [firstmatch], under router interface
  2. Route-map :
    1. Since BGP configuration can be very complex and requires customizations, another feature which is heavily used by administrators or network engineers, is the route-map. A route-map is a filter in which we can modify, edit and modify attributes, which are not limited to prefix-list. We mainly use route-map:
      1. instead of the prefix-list, in order to modify attributes of the permitted routes.  Matching can be done in several ways: testing on the prefix, the autonomous system (AS) path, or some other attribute.
      2. in order to define conditions for redistributing routes from one routing protocol to another; or controlling routing information when injected in and out of BGP.
    2. Route-maps can match on:
      • Network number and subnet mask matched with an IP prefix-list
      • Route originator
      • BGP next-hop address
      • BGP origin
      • Tag attached to IGP route
      • as-path
      • BGP community attached to BGP route
      • IGP route type (internal/external …)
    3. A route map can change the following attributes
      • Origin BGP attribute
      • Next-hop BGP attribute
      • Weight
      • Community BGP attribute
      • Local preference BGP attribute
      • (MED) attribute, by setting the metric
    4. The common instruction that you may need :
      • route-map map-tag [[permit | deny] | [sequence-number]]
      • match commands :
        • match as-path
        • match community
        • match clns
        • match interface
        • match ip address
        • match ip next-hop
        • match ip route-source
        • match metric
        • match route-type
        • match tag
      • set commands :
        • set as-path
        • set clns
        • set automatic-tag
        • set community
        • set interface
        • set default interface
        • set ip default next-hop
        • set level
        • set local-preference
        • set metric
        • set metric-type
        • set next-hop
        • set origin
        • set tag
        • set weight
      • neighbor ip-address route-map name [in | out], in order to use the route map as a bgp filter, under bgp router configuration
      • show ip bgp
      • show ip bgp update
      • show ip bgp route-map
  3. as-path filters :
    1. BGP provides interaction between different AS, it is natural to use as-path filtering process in order to control inbound and outgoing routing information between AS. It is important to control information sent and received from AS directly connected to our router, but also AS below our customers or our ISPs.
    2. In order to avoid BGP black holes, undesired transit passage, BGP damping processes, as-path filters can be configured through regular expressions. A regular expression is a pattern to match against an input string. By building a regular expression, we specify a string that input must match. In case of BGP, we are specifying a string consisting of path information that an input should match.
    3. We will keep in mind the following examples:
      • _1000_(via AS1000)
      • ^100$ (origin AS100)
      • ^100 .* (coming from AS100)
      • ^$ (originated from this AS, in our case 1000)
      • ^300_ (originated from AS 300 and also others)
    4. And the following commands
      • ip as-path access-list access-list-number {permit|deny} as-regular-expression
      • neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} , under bgp router configuration
      • match as-path as-number, under a route-map configuration
      • show ip bgp regexp regular-expression
      • show ip bgp filter-list access-list-number
  4. Network command
    1. The network command controls what networks are originated by the router. With this command, we indicate to BGP which networks are originated from the router. The mask portion is used because BGP4 can handle subnetting and supernetting. A maximum of 200 entries of the network command is accepted.
    2. The network command will work if the network you are trying to advertise is known to the router, whether connected, static or learned dynamically.
    3. An example of the network command follows:
      • router bgp 1000
        • network 192.213.0.0 mask 255.255.0.0
      • ip route 192.213.0.0 255.255.0.0 null 0
    4. The above example indicates that RT-A, will generate a network entry for 192.213.0.0/16. The /16 indicates that we are using a supernet of the class C address, and we are advertising the first two octets (the first 16 bits).
    5. Note that we need the static route to get the router to generate a valid next-hop for prefix 192.213.0.0, the static route will put a matching entry in the routing table.

top

Come back to Tutorial Index”

Advertisements