How to use Quagga BGP (Border Gateway Protocol) routers to filter BGP routes

Source: Internet
Author: User
Tags centos server

In the previous article, we described how to use Quagga to turn the CentOS server into a BGP router, as well as the BGP peer and prefix Exchange settings. In this tutorial, we will focus on how to use prefix list prefix-list and route map Route-map to control data injection and data output separately.

As previous articles have said, BGP routing decisions are based on prefix-Receiving and prefix-broadcast. To avoid incorrect routing, you need to use some filtering mechanisms to control the sending and receiving of these prefixes. For example, if one of your BGP neighbors starts broadcasting a prefix that does not belong to them, and you are will wrong to receive these abnormal prefixes, and also forward it to the network, the forwarding process continues and never stops (so-called "black holes" are created). So make sure that such prefixes are not received or forwarded to any network, you can use a prefix list and a route map for this purpose. The former is a prefix-based filtering mechanism, which is a more commonly used prefix-based strategy and can be used for fine-tuning filtering mechanisms.

This article shows you how to use prefix lists and route mappings in Quagga.

Topologies and requirements

This tutorial uses the following topology.

Service provider A and Vendor B have set each other as EBGP peers to communicate with each other. Their autonomous system numbers and prefixes are shown below.

Peer sector: 192.168.1.0/24

Service Provider A: Autonomous system number 100, prefix 10.10.0.0/16

Service Provider B: Autonomous system number 200, prefix 10.20.0.0/16

In this scenario, Vendor B only wants to receive 10.10.10.0/23, 10.10.10.0/24, and 10.10.11.0/24 three prefixes from a.

Create a list of prefixes

Routers can use ACLs or prefix lists to filter a prefix. The prefix list is more common than ACLs because the former has fewer steps and is easy to create and maintain.

IP prefix-list Demo-prfx Permit 192.168.0.0/23

The above command creates a prefix list named "Demo-frfx", which allows only the 192.168.0.0/23 prefix to exist.

Another powerful feature of the prefix list is the support for the subnet mask interval, see the following example:

IP prefix-list Demo-prfx Permit 192.168.0.0/23 le 24

The prefix list created by this command contains prefixes between 192.168.0.0/23 and/24, respectively, 192.168.0.0/23, 192.168.0.0/24, and 192.168.1.0/24. The operator "Le" means less than or equal, and you can also use "GE" to indicate greater than or equal.

A prefix list statement can have multiple allow or deny operations. Each statement is automatically or manually assigned a sequence number.

If more than one prefix list statement is present, the statements are executed sequentially in sequence sequence. When configuring the prefix list, we need to be aware that after all the prefix list statements are implicit deny statements, that is, those that are not clearly allowed will be rejected.

If you want to set to allow all prefixes, the prefix list statement is set as follows:

IP prefix-list demo-prfx Permit 0.0.0.0/0 le 32

We already know how to create a prefix list statement, and now we're going to create a list of prefixes called "prfx-lst" to meet the needs of our experimental scenario.

router-b# conf t

Router-b (config) # IP prefix-list prfx-lst permit 10.10.10.0/23 le 24

Create a route map

In addition to the prefix lists and ACLs, there is another mechanism, called route mappings, that can also control prefixes in BGP routers. In fact, the tuning effect of route map for prefix matching is stronger than the prefix list and ACL.

Like a prefix list, a route map statement can also specify allow and deny operations, and a sequence number is assigned. Each route match can have multiple allow or deny operations. For example:

Route-map Demo-rmap Permit 10

The above statement creates a route map named "Demo-rmap" and adds an allowable operation with a sequence number of 10. Now we match with the match command in the route map corresponding to this serial number.

Router-a (Config-route-map) # match (press in the keyboard)

As-path Match BGP as Path list

Community Match BGP Community List

Extcommunity Match Bgp/vpn Extended Community List

Interface Match first hop interface of Route

IP IP Information

IPv6 IPv6 Information

Metric Match Metric of Route

Origin BGP Origin Code

Peer Match Peer Address

Probability Match portion of routes defined by percentage value

Tag Match tag of Route

As you can see, the route map matches many properties, and in this tutorial it matches the prefix.

Route-map Demo-rmap Permit 10

Match IP address prefix-list Demo-prfx

This match command matches the allowed IP addresses (that is, prefix 192.168.0.0/23, 192.168.0.0/24, and 192.168.1.0/24) in the previously built prefix list.

Next, we can use the SET command to modify these properties. Examples are as follows:

Route-map Demo-rmap Permit 10

Match IP address prefix-list Demo-prfx

Set (press? in keyboard)

Aggregator BGP Aggregator Attribute

As-path Transform BGP as-path attribute

Atomic-aggregate BGP Atomic Aggregate attribute

Comm-list Set BGP Community list (for deletion)

Community BGP Community Attribute

Extcommunity BGP Extended Community attribute

Forwarding-address Forwarding Address

IP IP Information

IPv6 IPv6 Information

Local-preference BGP Local Preference path attribute

Metric metric value for destination routing protocol

Metric-type type of metric

Origin BGP Origin Code

Originator-id BGP Originator id attribute

SRC SRC address for route

Tag Tag value for routing protocol

Vpnv4 VPNV4 Information

Weight BGP weight for routing table

As you can see, the SET command also modifies many properties. To make a demonstration, let's revise the BGP local-preference attribute.

Route-map Demo-rmap Permit 10

Match IP address prefix-list Demo-prfx

Set Local-preference 500

Like a list of prefixes, the end of a route map statement also has an implicit deny operation. So we need to add another Allow statement (using serial number 20) to allow all prefixes.

Route-map Demo-rmap Permit 10

Match IP address prefix-list Demo-prfx

Set Local-preference 500

!

Route-map Demo-rmap Permit 20

Serial number 20 does not specify any matching commands, so all prefixes are matched by default. In this route map statement, all prefixes are allowed.

Recall that our requirement is only to allow or deny only a few prefixes, so the above set command should not exist in this scenario. We only need an allow statement, as shown below:

router-b# conf t

Router-b (config) # Route-map RMAP Permit 10

Router-b (config-route-map) # match IP address prefix-list prfx-lst

This route map is the effect we need.

Apply route Map

Note that ACLs, prefix lists, and route mappings do not take effect until they are applied to an interface or to a BGP neighbor. As with ACLs and prefix lists, a route map statement can also be used by multiple interfaces or neighbors. However, an interface or a neighbor can only have one route-map statement applied to the input, and a route-map statement applied to the output.

Below we apply this route map statement to the BGP configuration of router-b and set the input prefix broadcast for the router-b neighbor 192.168.1.1.

router-b# conf Terminal

Router-b (config) # router BGP 200

Router-b (config-router) # neighbor 192.168.1.1 Route-map RMAP in

Now check the broadcast route and collect the route.

command to display broadcast routes:

Show ip bgp neighbor-ip advertised-routes

Show commands for receiving routes:

Show ip BGP neighbor-ip routes

Router-a has 4 route prefixes to Router-b, while Router-b receives only 3. Looking at the scope, we can see that only the prefixes allowed by the route map can be displayed on the Router-b, and the other prefixes are discarded.

Tip: If the receive prefix content is not refreshed, try resetting the next BGP session, using this command: CLEAR IP BGP neighbor-ip. The commands in this tutorial are as follows:

Clear IP bgp 192.168.1.1

We can see that the system has met our requirements. Next we can create similar prefix lists and route map statements on Router-a and router-b to better control the prefix of the input and output.

The configuration process is summarized here for easy viewing.

Router BGP 200

Network 10.20.0.0/16

Neighbor 192.168.1.1 Remote-as 100

Neighbor 192.168.1.1 Route-map RMAP in

!

IP prefix-list prfx-lst seq 5 permit 10.10.10.0/23 le 24

!

Route-map RMAP Permit 10

Match IP address prefix-list prfx-lst

Summarize

In this tutorial we demonstrated how to set up a prefix list and route map in Quagga to filter BGP routes. We also showed how the prefix list can be combined into a route map to fine-tune the input prefix. You can refer to these methods to set up prefix lists and route mappings that meet your needs. These tools are broadcasts that protect the network from routing poisoning and from Bogon routing (LCTT: the address that should not appear in the Internet routing table).

I hope this article will be of help to you.

Free pick up brother even it education original Linux OPS engineer video/Detailed Linux tutorials, details Inquiry official website customer Service: http://www.itxdl.cn/linux/

or hooking up with Q2430675018.

Welcome to the Linux Communication Group 478068715

How to use Quagga BGP (Border Gateway Protocol) routers to filter BGP routes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.