In the previous article, we described how to use Quagga to turn the CentOS server into a BGP router, as well as the BGP peer and prefix Exchange settings. In this tutorial, we will focus on how to use prefix list prefix-list and route map Route-map to control data injection and data output separately.
As previous articles have said, BGP routing decisions are based on prefix-Receiving and prefix-broadcast. To avoid incorrect routing, you need to use some filtering mechanisms to control the sending and receiving of these prefixes. For example, if one of your BGP neighbors starts broadcasting a prefix that does not belong to them, and you are will wrong to receive these abnormal prefixes, and also forward it to the network, the forwarding process continues and never stops (so-called "black holes" are created). So make sure that such prefixes are not received or forwarded to any network, you can use a prefix list and a route map for this purpose. The former is a prefix-based filtering mechanism, which is a more commonly used prefix-based strategy and can be used for fine-tuning filtering mechanisms.
This article shows you how to use prefix lists and route mappings in Quagga.
Topologies and requirements
This tutorial uses the following topology.
Service provider A and Vendor B have set each other as EBGP peers to communicate with each other. Their autonomous system numbers and prefixes are shown below.
Peer sector: 192.168.1.0/24
Service Provider A: Autonomous system number 100, prefix 10.10.0.0/16
Service Provider B: Autonomous system number 200, prefix 10.20.0.0/16
In this scenario, Vendor B only wants to receive 10.10.10.0/23, 10.10.10.0/24, and 10.10.11.0/24 three prefixes from a.
Create a list of prefixes
Routers can use ACLs or prefix lists to filter a prefix. The prefix list is more common than ACLs because the former has fewer steps and is easy to create and maintain.
IP prefix-list Demo-prfx Permit 192.168.0.0/23
The above command creates a prefix list named "Demo-frfx", which allows only the 192.168.0.0/23 prefix to exist.
Another powerful feature of the prefix list is the support for the subnet mask interval, see the following example:
IP prefix-list Demo-prfx Permit 192.168.0.0/23 le 24
The prefix list created by this command contains prefixes between 192.168.0.0/23 and/24, respectively, 192.168.0.0/23, 192.168.0.0/24, and 192.168.1.0/24. The operator "Le" means less than or equal, and you can also use "GE" to indicate greater than or equal.
A prefix list statement can have multiple allow or deny operations. Each statement is automatically or manually assigned a sequence number.
If more than one prefix list statement is present, the statements are executed sequentially in sequence sequence. When configuring the prefix list, we need to be aware that after all the prefix list statements are implicit deny statements, that is, those that are not clearly allowed will be rejected.
If you want to set to allow all prefixes, the prefix list statement is set as follows:
IP prefix-list demo-prfx Permit 0.0.0.0/0 le 32
We already know how to create a prefix list statement, and now we're going to create a list of prefixes called "prfx-lst" to meet the needs of our experimental scenario.
router-b# conf t
Router-b (config) # IP prefix-list prfx-lst permit 10.10.10.0/23 le 24
Create a route map
In addition to the prefix lists and ACLs, there is another mechanism, called route mappings, that can also control prefixes in BGP routers. In fact, the tuning effect of route map for prefix matching is stronger than the prefix list and ACL.
Like a prefix list, a route map statement can also specify allow and deny operations, and a sequence number is assigned. Each route match can have multiple allow or deny operations. For example:
Route-map Demo-rmap Permit 10
The above statement creates a route map named "Demo-rmap" and adds an allowable operation with a sequence number of 10. Now we match with the match command in the route map corresponding to this serial number.
Router-a (Config-route-map) # match (press in the keyboard)
As-path Match BGP as Path list
Community Match BGP Community List
Extcommunity Match Bgp/vpn Extended Community List
Interface Match first hop interface of Route
IP IP Information
IPv6 IPv6 Information
Metric Match Metric of Route
Origin BGP Origin Code
Peer Match Peer Address
Probability Match portion of routes defined by percentage value
Tag Match tag of Route
As you can see, the route map matches many properties, and in this tutorial it matches the prefix.
Route-map Demo-rmap Permit 10
Match IP address prefix-list Demo-prfx
This match command matches the allowed IP addresses (that is, prefix 192.168.0.0/23, 192.168.0.0/24, and 192.168.1.0/24) in the previously built prefix list.
Next, we can use the SET command to modify these properties. Examples are as follows:
Route-map Demo-rmap Permit 10
Match IP address prefix-list Demo-prfx
Set (press? in keyboard)
Aggregator BGP Aggregator Attribute
As-path Transform BGP as-path attribute
Atomic-aggregate BGP Atomic Aggregate attribute
Comm-list Set BGP Community list (for deletion)
Community BGP Community Attribute
Extcommunity BGP Extended Community attribute
Forwarding-address Forwarding Address
IP IP Information
IPv6 IPv6 Information
Local-preference BGP Local Preference path attribute
Metric metric value for destination routing protocol
Metric-type type of metric
Origin BGP Origin Code
Originator-id BGP Originator id attribute
SRC SRC address for route
Tag Tag value for routing protocol
Vpnv4 VPNV4 Information
Weight BGP weight for routing table
As you can see, the SET command also modifies many properties. To make a demonstration, let's revise the BGP local-preference attribute.
Route-map Demo-rmap Permit 10
Match IP address prefix-list Demo-prfx
Set Local-preference 500
Like a list of prefixes, the end of a route map statement also has an implicit deny operation. So we need to add another Allow statement (using serial number 20) to allow all prefixes.
Route-map Demo-rmap Permit 10
Match IP address prefix-list Demo-prfx
Set Local-preference 500
!
Route-map Demo-rmap Permit 20
Serial number 20 does not specify any matching commands, so all prefixes are matched by default. In this route map statement, all prefixes are allowed.
Recall that our requirement is only to allow or deny only a few prefixes, so the above set command should not exist in this scenario. We only need an allow statement, as shown below:
router-b# conf t
Router-b (config) # Route-map RMAP Permit 10
Router-b (config-route-map) # match IP address prefix-list prfx-lst
This route map is the effect we need.
Apply route Map
Note that ACLs, prefix lists, and route mappings do not take effect until they are applied to an interface or to a BGP neighbor. As with ACLs and prefix lists, a route map statement can also be used by multiple interfaces or neighbors. However, an interface or a neighbor can only have one route-map statement applied to the input, and a route-map statement applied to the output.
Below we apply this route map statement to the BGP configuration of router-b and set the input prefix broadcast for the router-b neighbor 192.168.1.1.
router-b# conf Terminal
Router-b (config) # router BGP 200
Router-b (config-router) # neighbor 192.168.1.1 Route-map RMAP in
Now check the broadcast route and collect the route.
command to display broadcast routes:
Show ip bgp neighbor-ip advertised-routes
Show commands for receiving routes:
Show ip BGP neighbor-ip routes
Router-a has 4 route prefixes to Router-b, while Router-b receives only 3. Looking at the scope, we can see that only the prefixes allowed by the route map can be displayed on the Router-b, and the other prefixes are discarded.
Tip: If the receive prefix content is not refreshed, try resetting the next BGP session, using this command: CLEAR IP BGP neighbor-ip. The commands in this tutorial are as follows:
Clear IP bgp 192.168.1.1
We can see that the system has met our requirements. Next we can create similar prefix lists and route map statements on Router-a and router-b to better control the prefix of the input and output.
The configuration process is summarized here for easy viewing.
Router BGP 200
Network 10.20.0.0/16
Neighbor 192.168.1.1 Remote-as 100
Neighbor 192.168.1.1 Route-map RMAP in
!
IP prefix-list prfx-lst seq 5 permit 10.10.10.0/23 le 24
!
Route-map RMAP Permit 10
Match IP address prefix-list prfx-lst
Summarize
In this tutorial we demonstrated how to set up a prefix list and route map in Quagga to filter BGP routes. We also showed how the prefix list can be combined into a route map to fine-tune the input prefix. You can refer to these methods to set up prefix lists and route mappings that meet your needs. These tools are broadcasts that protect the network from routing poisoning and from Bogon routing (LCTT: the address that should not appear in the Internet routing table).
I hope this article will be of help to you.
Free pick up Brother Lian IT Education Original Linux Operations Engineer video/Detailed Linux tutorials, details of the website customer service: http://www.lampbrother.net/linux/
or hooking up with Q2430675018.
Welcome to the Linux Communication Group 478068715
How to use Quagga BGP (Border Gateway Protocol) routers to filter BGP routes