Tags

, ,


 
 
Ok, now that BGP has been covered, lets talk about filtering routes received from our neighbor.  Here I have created some additional Loopbacks on R2 that are being advertised to R1:
RP/0/7/CPU0:R1#sh ip route bgp
Fri Mar 30 13:13:36.797 UTC
B    200.100.200.100/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.200/32 [20/0] via 2.2.2.2, 13:45:00
B    200.200.200.203/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.204/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.205/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.206/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.207/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.208/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.209/32 [20/0] via 2.2.2.2, 00:00:42
B    200.200.200.210/32 [20/0] via 2.2.2.2, 00:00:42
RP/0/7/CPU0:R1#
As you can see, we are getting a bunch of 200.200.200.x/32 routes now as well as a 200.100.200.100/32 route.  For this exercise, lets filter our all the 200.200.200.x routes we are receiving from our neighbor.
Ok, lets create a prefix-set for the loopback we want to permit:
RP/0/7/CPU0:R1(config)#conf t
RP/0/7/CPU0:R1(config)#prefix-set R2Loopbacks

In IOS XR you can add comments via the #
RP/0/7/CPU0:R1(config-pfx)## These are the R2 Loopbacks that we will allow
RP/0/7/CPU0:R1(config-pfx)#200.100.200.100/32
RP/0/7/CPU0:R1(config-pfx)#end-set
Now that we have the prefix-set done we can create the route-policy
RP/0/7/CPU0:R1(config)#route-policy R2Loopbacks
Notice that IOS XR can use IF statements, you can just imagine how powerful IF and ELSE statements can be when route filtering.
RP/0/7/CPU0:R1(config-rpl)#if destination in R2Loopbacks then
RP/0/7/CPU0:R1(config-rpl-if)#pass
RP/0/7/CPU0:R1(config-rpl-if)#endif
RP/0/7/CPU0:R1(config-rpl)#end-policy
After we end the policy, we need to commit it
RP/0/7/CPU0:R1(config)#commit
Now that we have the policy committed with no errors, we can apply it to the neighbor.  We could have waited to commit, but I chose to commit there to make sure all was OK.
RP/0/7/CPU0:R1(config)#router bgp 1
RP/0/7/CPU0:R1(config-bgp)#neighbor 2.2.2.2
RP/0/7/CPU0:R1(config-bgp-nbr)#address-family ipv4 un
RP/0/7/CPU0:R1(config-bgp-nbr-af)#route-policy R2Loopbacks in
RP/0/7/CPU0:R1(config-bgp-nbr-af)#exit
RP/0/7/CPU0:R1(config-bgp-nbr)#exit
RP/0/7/CPU0:R1(config-bgp)#exi
RP/0/7/CPU0:R1(config)#commit
Fri Mar 30 13:27:01.945 UTC
RP/0/7/CPU0:R1(config)#
Now, lets look at our BGP routing table:
RP/0/7/CPU0:R1#sh ip route bgp
Fri Mar 30 13:27:22.601 UTC
B    200.100.200.100/32 [20/0] via 2.2.2.2, 00:14:28
RP/0/7/CPU0:R1#
There we go, only getting the 200.100.200.100/32 from R2 now.
In IOS this would have looked like:
R1(config)#ip prefix-list R2Loopbacks permit 200.100.200.100/32
R1(config)#route-map R2Loopbacks
R1(config-route-map)#match ip add prefix-list R2Loopbacks
R1(config-route-map)#exit
R1(config)#router bgp 1
R1(config-router)#nei 2.2.2.2 route-map R2Loopbacks in
R1(config-router)#^Z
R1#sh ip route b
*Mar 30 14:08:53.048: %SYS-5-CONFIG_I: Configured from console by console
(After a few minutes waiting for BGP)
R1#sh ip route bgp  
     200.100.200.0/32 is subnetted, 1 subnets
B       200.100.200.100 [20/0] via 2.2.2.2, 00:00:20
R1#
While that might not be so bad, the power of RPL grows.  This is just a quick intro; future posts will have more and more about RPL. Some other things that we might see are:
route-policy check ASPath
     if as-path passes-through ‘65500’ then
       drop
     else
       pass
    endif
end-policy