Tags

, ,

 

 

Ok, now that BGP has been covered, lets talk about filtering routes received from our neighbor.  Here I have created some additional Loopbacks on R2 that are being advertised to R1:

RP/0/7/CPU0:R1#sh ip route bgp
Fri Mar 30 13:13:36.797 UTC

B    200.100.200.100/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.200/32 [20/0] via 2.2.2.2, 13:45:00
B    200.200.200.203/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.204/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.205/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.206/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.207/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.208/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.209/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.210/32 [20/0] via 2.2.2.2, 00:00:42
RP/0/7/CPU0:R1#

As you can see, we are getting a bunch of 200.200.200.x/32 routes now as well as a 200.100.200.100/32 route.  For this exercise, lets filter our all the 200.200.200.x routes we are receiving from our neighbor.

Ok, lets create a prefix-set for the loopback we want to permit:

RP/0/7/CPU0:R1(config)#conf t
RP/0/7/CPU0:R1(config)#prefix-set R2Loopbacks

In IOS XR you can add comments via the #
RP/0/7/CPU0:R1(config-pfx)## These are the R2 Loopbacks that we will allow
RP/0/7/CPU0:R1(config-pfx)#200.100.200.100/32
RP/0/7/CPU0:R1(config-pfx)#end-set

Now that we have the prefix-set done we can create the route-policy
RP/0/7/CPU0:R1(config)#route-policy R2Loopbacks

Notice that IOS XR can use IF statements, you can just imagine how powerful IF and ELSE statements can be when route filtering.
RP/0/7/CPU0:R1(config-rpl)#if destination in R2Loopbacks then
RP/0/7/CPU0:R1(config-rpl-if)#pass
RP/0/7/CPU0:R1(config-rpl-if)#endif
RP/0/7/CPU0:R1(config-rpl)#end-policy

After we end the policy, we need to commit it
RP/0/7/CPU0:R1(config)#commit

Now that we have the policy committed with no errors, we can apply it to the neighbor.  We could have waited to commit, but I chose to commit there to make sure all was OK.
RP/0/7/CPU0:R1(config)#router bgp 1
RP/0/7/CPU0:R1(config-bgp)#neighbor 2.2.2.2
RP/0/7/CPU0:R1(config-bgp-nbr)#address-family ipv4 un
RP/0/7/CPU0:R1(config-bgp-nbr-af)#route-policy R2Loopbacks in
RP/0/7/CPU0:R1(config-bgp-nbr-af)#exit
RP/0/7/CPU0:R1(config-bgp-nbr)#exit
RP/0/7/CPU0:R1(config-bgp)#exi
RP/0/7/CPU0:R1(config)#commit
Fri Mar 30 13:27:01.945 UTC
RP/0/7/CPU0:R1(config)#

Now, lets look at our BGP routing table:
RP/0/7/CPU0:R1#sh ip route bgp
Fri Mar 30 13:27:22.601 UTC

B    200.100.200.100/32 [20/0] via 2.2.2.2, 00:14:28
RP/0/7/CPU0:R1#

There we go, only getting the 200.100.200.100/32 from R2 now.

In IOS this would have looked like:

R1(config)#ip prefix-list R2Loopbacks permit 200.100.200.100/32
R1(config)#route-map R2Loopbacks
R1(config-route-map)#match ip add prefix-list R2Loopbacks
R1(config-route-map)#exit
R1(config)#router bgp 1
R1(config-router)#nei 2.2.2.2 route-map R2Loopbacks in
R1(config-router)#^Z
R1#sh ip route b

*Mar 30 14:08:53.048: %SYS-5-CONFIG_I: Configured from console by console
(After a few minutes waiting for BGP)
R1#sh ip route bgp  
     200.100.200.0/32 is subnetted, 1 subnets
B       200.100.200.100 [20/0] via 2.2.2.2, 00:00:20
R1#

While that might not be so bad, the power of RPL grows.  This is just a quick intro; future posts will have more and more about RPL. Some other things that we might see are:

route-policy check ASPath
     if as-path passes-through ‘65500’ then
       drop
     else
       pass
    endif
end-policy

www.pdf24.org    Send article as PDF