BGP Prefix-Based Outbound Route Filtering

The BGP Prefix-Based Outbound Route Filtering (ORF) feature uses BGP ORF send and receive capabilities to minimize the number of BGP updates that are sent between BGP peers. Configuring this feature can help reduce the amount of system resources required for generating and processing routing updates by filtering out unwanted routing updates at the source. For example, this feature can be used to reduce the amount of processing required on a router that is not accepting full routes from a service provider network.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About BGP Prefix-Based Outbound Route Filtering

BGP Prefix-Based Outbound Route Filtering

BGP prefix-based outbound route filtering uses the BGP ORF send and receive capabilities to minimize the number of BGP updates that are sent between BGP peers. Configuring BGP ORF can help reduce the amount of system resources required for generating and processing routing updates by filtering out unwanted routing updates at the source. For example, BGP ORF can be used to reduce the amount of processing required on a router that is not accepting full routes from a service provider network.

The BGP prefix-based outbound route filtering is enabled through the advertisement of ORF capabilities to peer routers. The advertisement of the ORF capability indicates that a BGP peer will accept a prefix list from a neighbor and apply the prefix list to locally configured ORFs (if any exist). When this capability is enabled, the BGP speaker can install the inbound prefix list filter to the remote peer as an outbound filter, which reduces unwanted routing updates.

The BGP prefix-based outbound route filtering can be configured with send or receive ORF capabilities. The local peer advertises the ORF capability in send mode. The remote peer receives the ORF capability in receive mode and applies the filter as an outbound policy. The local and remote peers exchange updates to maintain the ORF on each router. Updates are exchanged between peer routers by address family depending on the ORF prefix list capability that is advertised. The remote peer starts sending updates to the local peer after a route refresh has been requested with the clear ip bgp in prefix-filter command or after an ORF prefix list with immediate status is processed. The BGP peer will continue to apply the inbound prefix list to received updates after the local peer pushes the inbound prefix list to the remote peer.

How to Configure BGP Prefix-Based Outbound Route Filtering

Filtering Outbound Routes Based on BGP Prefix

Before You Begin

BGP peering sessions must be established, and BGP ORF capabilities must be enabled on each participating router before prefix-based ORF announcements can be received.


Note


  • BGP prefix-based outbound route filtering does not support multicast.
  • IP addresses that are used for outbound route filtering must be defined in an IP prefix list. BGP distribute lists and IP access lists are not supported.
  • Outbound route filtering is configured on only a per-address family basis and cannot be configured under the general session or BGP routing process.
  • Outbound route filtering is configured for external peering sessions only.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip prefix-list list-name [seq seq-value] {deny network / length | permit network / length} [ge ge-value] [le le-value]

    4.    router bgp autonomous-system-number

    5.    address-family ipv4 [unicast | multicast | vrf vrf-name]

    6.    neighbor {ip-address | peer-group-name} remote-as autonomous-system-number

    7.    neighbor ip-address ebgp-multihop [hop-count]

    8.    neighbor ip-address capability orf prefix-list [send | receive | both]

    9.    neighbor {ip-address | peer-group-name} prefix-list prefix-list-name {in | out}

    10.    end

    11.    clear ip bgp {ip-address | *} in prefix-filter


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip prefix-list list-name [seq seq-value] {deny network / length | permit network / length} [ge ge-value] [le le-value]


    Example:
    Device(config)# ip prefix-list FILTER seq 10 permit 192.168.1.0/24 
     

    Creates a prefix list for prefix-based outbound route filtering.

    • Outbound route filtering supports prefix length matching, wildcard-based prefix matching, and exact address prefix matching on a per address-family basis.

    • The prefix list is created to define the outbound route filter. The filter must be created when the outbound route filtering capability is configured to be advertised in send mode or both mode. It is not required when a peer is configured to advertise receive mode only.

    • The example creates a prefix list named FILTER that defines the 192.168.1.0/24 subnet for outbound route filtering.

     
    Step 4 router bgp autonomous-system-number


    Example:
    Device(config)# router bgp 100
     

    Enters router configuration mode, and creates a BGP routing process.

     
    Step 5 address-family ipv4 [unicast | multicast | vrf vrf-name]


    Example:
    Device(config-router)# address-family ipv4 unicast
     

    Specifies the IPv4 address family and enters address family configuration mode.

    • The unicast keyword specifies the IPv4 unicast address family. By default, the router is placed in address family configuration mode for the IPv4 unicast address family if the unicast keyword is not specified with the address-family ipv4 command.

    • The multicast keyword specifies IPv4 multicast address prefixes.

    • The vrf keyword and vrf-name argument specify the name of the VRF instance to associate with subsequent IPv4 address family configuration mode commands.

    Note   

    Outbound route filtering is configured on a per-address family basis.

     
    Step 6 neighbor {ip-address | peer-group-name} remote-as autonomous-system-number


    Example:
    Device(config-router-af)# neighbor 10.1.1.1 remote-as 200
     

    Establishes peering with the specified neighbor or peer group. BGP peering must be established before ORF capabilities can be exchanged.

    • The example establishes peering with the 10.1.1.1 neighbor.

     
    Step 7 neighbor ip-address ebgp-multihop [hop-count]


    Example:
    Device(config-router-af)# neighbor 10.1.1.1 ebgp-multihop
     

    Accepts or initiates BGP connections to external peers residing on networks that are not directly connected.

     
    Step 8 neighbor ip-address capability orf prefix-list [send | receive | both]


    Example:
    Device(config-router-af)# neighbor 10.1.1.1 capability orf prefix-list both 
     

    Enables the ORF capability on the local router, and enables ORF capability advertisement to the BGP peer specified with the ip-address argument.

    • The send keyword configures a router to advertise ORF send capabilities.

    • The receive keyword configures a router to advertise ORF receive capabilities.

    • The both keyword configures a router to advertise send and receive capabilities.

    • The remote peer must be configured to either send or receive ORF capabilities before outbound route filtering is enabled.

    • The example configures the router to advertise send and receive capabilities to the 10.1.1.1 neighbor.

     
    Step 9 neighbor {ip-address | peer-group-name} prefix-list prefix-list-name {in | out}


    Example:
    Device(config-router-af)# neighbor 10.1.1.1 prefix-list FILTER in
     

    Applies an inbound prefix-list filter to prevent distribution of BGP neighbor information.

    • In this example, the prefix list named FILTER is applied to incoming advertisements from the 10.1.1.1 neighbor, which prevents distribution of the 192.168.1.0/24 subnet.

     
    Step 10 end


    Example:
    Device(config-router-af)# end
     

    Exits address family configuration mode, and enters privileged EXEC mode.

     
    Step 11 clear ip bgp {ip-address | *} in prefix-filter


    Example:
    Device# clear ip bgp 10.1.1.1 in prefix-filter
     

    Clears BGP outbound route filters and initiates an inbound soft reset.

    • A single neighbor or all neighbors can be specified.

    Note   

    The inbound soft refresh must be initiated with the clear ip bgp command in order for this feature to function.

     

    Configuration Examples for BGP Prefix-Based Outbound Route Filtering

    Example: Influencing Outbound Path Selection

    The following example creates an outbound route filter and configures Router A (10.1.1.1) to advertise the filter to Router-B (172.16.1.2). An IP prefix list named FILTER is created to specify the 192.168.1.0/24 subnet for outbound route filtering. The ORF send capability is configured on Router A so that Router A can advertise the outbound route filter to Router B.

    Router A Configuration (Sender)

    ip prefix-list FILTER seq 10 permit 192.168.1.0/24 
    !
    router bgp 65100
     address-family ipv4 unicast 
     neighbor 172.16.1.2 remote-as 65200
     neighbor 172.16.1.2 ebgp-multihop 
     neighbor 172.16.1.2 capability orf prefix-list send
     neighbor 172.16.1.2 prefix-list FILTER in
     end 

    Router B Configuration (Receiver)

    The following example configures Router B to advertise the ORF receive capability to Router A. Router B will install the outbound route filter, defined in the FILTER prefix list, after ORF capabilities have been exchanged. An inbound soft reset is initiated on Router B at the end of this configuration to activate the outbound route filter.

    router bgp 65200
     address-family ipv4 unicast 
     neighbor 10.1.1.1 remote-as 65100
     neighbor 10.1.1.1 ebgp-multihop 255
     neighbor 10.1.1.1 capability orf prefix-list receive
     end 
    clear ip bgp 10.1.1.1 in prefix-filter
    

    The following example shows how the route map named set-as-path is applied to outbound updates to the neighbor 10.69.232.70. The route map will prepend the autonomous system path “65100 65100” to routes that pass access list 1. The second part of the route map is to permit the advertisement of other routes.

    router bgp 65100
     network 172.16.0.0
     network 172.17.0.0
     neighbor 10.69.232.70 remote-as 65200
     neighbor 10.69.232.70 route-map set-as-path out
    !
    route-map set-as-path 10 permit
     match address 1
     set as-path prepend 65100 65100
    !
    route-map set-as-path 20 permit
     match address 2
    !
    access-list 1 permit 172.16.0.0 0.0.255.255
    access-list 1 permit 172.17.0.0 0.0.255.255
    !
    access-list 2 permit 0.0.0.0 255.255.255.255

    Additional References

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco IOS Master Command List, All Releases

    BGP commands

    Cisco IOS IP Routing: BGP Command Reference

    Standards and RFCs

    Standard/RFC

    Title

    RFC 2918

    Route Refresh Capability for BGP-4

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for BGP Prefix-Based Outbound Route Filtering

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
    Table 1 Feature Information for BGP Prefix-Based Outbound Route Filtering

    Feature Name

    Releases

    Feature Information

    BGP Prefix-Based Outbound Route Filtering

    12.0(22)S

    12.2(14)S

    15.0(1)S

    The BGP Prefix-Based Outbound Route Filtering feature uses BGP ORF send and receive capabilities to minimize the number of BGP updates that are sent between BGP peers. Configuring this feature can help reduce the amount of system resources required for generating and processing routing updates by filtering out unwanted routing updates at the source. For example, this feature can be used to reduce the amount of processing required on a router that is not accepting full routes from a service provider network.