BGP Outbound Route Filtering

Introduction

ORF is another method used for filtering. This one in particular allows a BGP router o send a prefix-list to a BGP neighbor that it should apply back towards the router.

Outbound Routing Filtering

  • This capability has to be supported during the OPEN message exchange.
  • It is part of the route refresh features.
  • The best usage of this is with client routers connecting to ISP Internet routers and instead of receiving the full routing table and filtering locally, or statically telling the ISPs admin to only allow x prefixes, ORF allows the client to sent to the Internet router what prefixes to send and which not to send.
  • This capability can be enabled based on direction (directionality is in reference to sending the prefix-list):
    • send - allows the BGP router to send a prefix-list to the neighbor.
    • receive - allows the BGP router to receive a prefix-list an apply it back toward the neighbor.
    • both - allows for both features.
  • To enable, turn on the feature and apply a prefix-list inbound on the client router.
R1------------R2
send---------receive
prefix-list in----

<-------------R2 (sends only prefixes that match the prefix-list sent over
  • The image below shows a sniff of the packet exchange during the setup of ORF.
  • Prefix 10.4.4.0/24 is allowed in.
bgp.orf.sniff.JPG
  • For peer-groups you can only send prefix-list, not receive, which makes sense (you could receive multiple prefix-list from the group and they all could be different).
  • If the neighbor does not support this feature, client will still filter, but might take up more resources.
  • Verification can be done with the command show ip bgp neighbor (ip) received prefix-filter.
  • Another verification is using the show ip bgp neighbor.

Relevant Commands

neighbor (ip) capability orf prefix-list

R1(config-router)#        neighbor (ip) capability orf prefix-list (send | receive | both)

neighbor (ip) prefix-list in

Prefix-list applied on the client to send the prefix-list to the neighbor.
Notice the inbound direction, which makes sense, basically it's saying it would like to filter inbound, but with orf feature enabled, send this to the neighbor and have it filter before sending. If the neighbor does not support this feature, client will still filter, but might take up more resources.

R1(config-router)#        neighbor (ip) capability prefix-list in

clear ip bgp soft in prefix-filter

Command which pushes the prefix-list to the peer for outbound filtering.

R1(config)#            clear ip bgp (ip) soft in prefix-list

Show ip bgp neighbor received prefix-filter

Shows the learned prefix-filters that were pushed by peers.

show ip bgp neighbor received prefix-list

Comments

rating: 0+x
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License