© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route Selection Using Policy Controls Applying Route-Maps as BGP Filters

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Outline Overview Route-Map Overview BGP Route-Map Policy List Support BGP Route-Map Continue Prefix-List Use in Route-Maps BGP Filters Using Route-Maps as BGP Filters Monitoring Route-Maps Summary

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route-Map Overview Route-maps are very complex access-lists: Access-lists have lines. ê Route-maps contain statements. Access-lists use addresses and masks. ê Route-maps use match conditions. With access-lists, there is an access-list number. ê With route-maps, there is a route-map name. Statements in route-maps are numbered. –You can insert and delete statements in a route-map. –You can edit match conditions in a statement. Route-map statements can modify matched routes with set options.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route-Map Overview (Cont.) The default statement action is permit. A route not matched by any statement is dropped. Permit all is achieved by specifying permit without a match clause. Match conditions in one statement are ANDed together. The first matching statement permits or denies the route.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route-Map Overview (Cont.) Route-map conditions are specified in the match statement. Route-maps can match on: –Network number and subnet mask matched with an IP prefix-list –Route originator –BGP next-hop address –BGP origin –Tag attached to IGP route –AS-path –BGP community attached to BGP route –IGP route type (internal/external …)

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Route-Map Overview (Cont.) Route-maps can also change the attributes of BGP routes. Route-maps can set: –Origin –BGP next-hop –Weight –BGP community –Local preference –MED

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Route-Map Policy List Support Adds the capability for a network operator to group route-map match clauses into named lists called policy-lists Simplifies the configuration of BGP routing policy in medium-size and large networksnetwork operator can preconfigure policy lists with groups of match clauses and then reference these policy lists within different route maps Eliminates need to manually reconfigure each recurring group of match clauses that occur in multiple route-map entries

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Route-Map Policy List Support (Cont.) router# ip policy-list policy-list-name {permit | deny} match policy-list policy-list-name show ip policy-list policy-list-name Creates a BGP policy-list Configures a route map to evaluate and process a BGP policy-list in a route map Displays one or all filter lists

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Route-Map Continue Introduces the continue clause to BGP route-map configuration, providing more programmable policy configuration and route filtering Provides the ability to execute additional entries in a route- map after an entry is executed with successful match and set clauses Allows configuration and organization of more modular policy definitions to reduce the number of policy configurations that are repeated within the same route-map Allows modularization of network policy configuration so that repeated policy definitions can be reduced within the same route-map

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Route-Map Continue (Cont.) router# continue sequence-number show route-map [map-name] Configures a route-map to go to a route-map entry with a higher sequence number Displays configured route-maps

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Prefix-List Use in Route-Maps match ip address prefix-list list-name router(config-route-map)# Uses prefix-list to match routes in route-map match condition match ip next-hop prefix-list list-name router(config -route-map)# Matches routes where the next hop matches the conditions in the prefix-list match ip route-source prefix-list list-name router(config -route-map)# Matches routes received from BGP peer that matches the prefix-list

© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Filters

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Using Route-Maps as BGP Filters neighbor ip-address route-map name [in | out] router(config-router)# This command applies a route-map to incoming or outgoing BGP updates. Prefixes not permitted by the route-map are discarded. Route-maps can also change BGP attributes in incoming or outgoing updates. Route-maps, filter-lists, and prefix-lists are evaluated in sequence (effectively ANDed together).

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Using Route-Maps as BGP Filters (Cont.) Requirement: The customer will accept only a default route and use the primary link for outbound traffic.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Monitoring Route-Maps

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Monitoring Route-Maps (Cont.)

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Monitoring Route-Maps (Cont.) show ip bgp route-map route-map-name router# Displays all routes in BGP table matching the route-map Used for filtering the show ip bgp output on basis of BGP path attributes: –Community –Local preference –Weight –Origin –Next-hop Can also filter based on prefixes Allows powerful combined filtering

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Monitoring Route-Maps (Cont.) Networks matched by the route-map are displayed.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary A route-map is a filter that has the ability to drop denied routes as well as modify attributes of the permitted routes. The BGP Route-Map Policy List Support feature introduces new functionality to BGP route-maps, adding the ability for a network operator to group route-map match clauses into named lists called policy-lists. The BGP Route-Map Continue feature introduces the continue clause to BGP route-map configuration. Continue clauses provide a programmable method to organize and control the flow of a route-map.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v Summary (Cont.) You can configure a route-map to match against a prefix-list by using the match ip address, match ip next-hop, and match ip route-source commands. Filter-lists, prefix-lists, and route-maps can optionally all be applied on either incoming or outgoing information in any combination. A route-map can be applied on incoming or outgoing routing information to or from a neighbor, but the routing information must be permitted by the route-map in order to be accepted. Monitoring route-maps is possible using the show ip bgp and debug ip bgp update commands.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v