8 April 2014

Route Filtering - Prefix Lists - LE and GE Examples

I always get the le and ge confused when I write prefix-lists to filter routes. I think I get a mental hang-up trying to get my head around the "more specific than x" is equal to "greater than x length subnet mask". I did a lab this afternoon because I had to provide a filter and decided to write down the results into this blog so I can reference in the future. Hope it does help someone else.

Topology is as per the below points:

  • R1 and R2 have BGP adjacency across 1.1.1.0/30 network. 
  • R1 has LAN interfaces 192.168.3.1/28 and 192.168.3.250/30
In the below examples we look at "matching the /30 routes only within the /24 range" as one example and "matching the smaller routes within the /24" as a second example. The last example we "match routes that are /28 to /29 in length from within the /24" by chaining both le and ge together.

Match all /30 routes within larger supernet
I wanted to write a prefix-list that would:

  • Advertise /30 routes only from within the 192.168.3.0/24 supernet (i.e don't advertise 192.168.3.0/28 but advertise 192.168.3.250/30)
The below achieves that:

R1#router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.252
 network 192.168.3.0 mask 255.255.255.240
 network 192.168.3.252 mask 255.255.255.252
 timers bgp 5 20
 neighbor 1.1.1.2 remote-as 2
 neighbor 1.1.1.2 soft-reconfiguration inbound
 neighbor 1.1.1.2 route-map BGP-OUT out
 no auto-summary
!
route-map BGP-OUT permit 10
 match ip address prefix-list TEST
!
ip prefix-list TEST seq 5 permit 192.168.3.0/24 ge 30

In the above we match /30 routes only within the /24 supernet. Below is the output proving it. You can see that we don't advertise the 192.168.3.0/28 route we have.

R1#show ip bgp neigh 1.1.1.2 advertised-routes
BGP table version is 6, local router ID is 192.168.3.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.3.252/30 0.0.0.0                  0         32768 i

Total number of prefixes 1

Match all smaller routes within larger supernet
I wanted to write a prefix-list that would:
  • Advertise all smaller routes within a specific supernet (192.168.3.0/24)
The below achieves that:

R1#router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.252
 network 192.168.3.0 mask 255.255.255.240
 network 192.168.3.252 mask 255.255.255.252
 timers bgp 5 20
 neighbor 1.1.1.2 remote-as 2
 neighbor 1.1.1.2 soft-reconfiguration inbound
 neighbor 1.1.1.2 route-map BGP-OUT out
 no auto-summary
!
route-map BGP-OUT permit 10
 match ip address prefix-list TEST
!
ip prefix-list TEST seq 5 permit 192.168.3.0/24 le 32

In the above I match routes that have a subnet mask between /24 and /32. Below is evidence of this being true (note that both the /28 and /30 routes are advertised):

R1#show ip bgp neigh 1.1.1.2 advertised-routes
BGP table version is 8, local router ID is 192.168.3.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.3.0/28   0.0.0.0                  0         32768 i
*> 192.168.3.252/30 0.0.0.0                  0         32768 i

Total number of prefixes 2

Match /28 to /29 routes from within a supernet
I wanted to write a prefix-list that would:
  • Advertise only routes that are between /28 and /29 in length from within a specific supernet (192.168.3.0/24)
The below achieves that:

R1#router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.252
 network 192.168.3.0 mask 255.255.255.240
 network 192.168.3.252 mask 255.255.255.252
 timers bgp 5 20
 neighbor 1.1.1.2 remote-as 2
 neighbor 1.1.1.2 soft-reconfiguration inbound
 neighbor 1.1.1.2 route-map BGP-OUT out
 no auto-summary
!
route-map BGP-OUT permit 10
 match ip address prefix-list TEST
!
ip prefix-list TEST seq 5 permit 192.168.3.0/24 ge 28 le 29

In the above I match routes that have a subnet mask between /28 and /29 only from within the /24 supernet. Below is evidence of this being true (note: that we only advertise the /28 route as it is the only one meeting the criteria):

R1#show ip bgp neigh 1.1.1.2 advertised-routes
BGP table version is 8, local router ID is 192.168.3.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.3.0/28   0.0.0.0                  0         32768 i

Total number of prefixes 1

Posted by at
Subscribe to: Posts (Atom)