【基本知识】

1、BGP出站路由过滤概述
BGP出口路由过滤功能,以最大限度地减少对等路由器之间发送的BGP更新的数量。该功能,可以帮助减少过滤掉不必要的路由更新以及源路由更新的生成和处理所需的资源量。例如,这个功能可以使用,以减少处理路由条目的数量量,不接受那些来自ISP的不完整的路由。
 

 
2、BGP出口路由过滤的前提条件
在路由器可以发送或接收ORF公告、BGP出口路由过滤功能启用之前,BGP对等会话必须建立和运行。

 
基于前缀的BGP出站路由过滤功能,不支持IP组播路由。

 
3、启用出站路由过滤

ORF 功能通过公告 ORF capabilityes 到对等路由器时启用。ORF capability 公告表示,一个BGP发言者路由器将接受来自邻居的前缀列表并应用前缀列表到本地的ORF配置。当capability启用时,BGP发言者可以安装入站的前缀列表过滤器到BGP对等体,而对等体会把它当做出站列表,以此来减少不必要的路由更新。

基于BGP的前缀出站路由过滤功能,可以配置为发送、接收、发送和接收三种ORF能力。本地对等体公告 ORF capability 于 send 模式下。远程对等体接收到ORFcapability 于 receive模式,并且应用过滤器当做自己的出站策略本地和远程的对等体交换更新,以保持每个路由器的ORF。通过 address family (依赖 被公告 ORF 前缀列表 capability)在对等体之间交换更新信息当远端对等体接收到路由更新请求或即时ORF前缀列表状态时,开始发送更新到本地对等体在发言者推送入站列表到远程对等体之前,BGP发言人将继续应用入站前缀列表接收更新


 
4、配置方法

1. enable

2. configure terminal

3. router bgp as-number

4. address-family {ipv4 | ipv6 | ***v4| [multicast | unicast | vrf {vrf-name}]

5. neighbor ip-address remote-as as-number

6. neighbor ip-address capability prefixlist-orf [send | receive | both]

7. exit

详细配置

 

 

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

?Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

router bgp as-number

Example:

Router(config)# router bgp 100

Enters router configuration mode, and creates a BGP routing process.

Step 4

address-family ipv4 |ipv6 |***v4 [multicast |unicast | vrf {vrf-name}]

Example:

Router(config-router-af)# address-family ipv4 unicast

进入 address family configuration mode to configure BGP peers to accept address family specific configurations.

?The example command creates an IPv4 unicast address family session.

Step 5

neighbor ip-addressremote-as as-number

Example:

Router(config-router)# neighbor 10.1.1.1 remote-as 200

Establishes peering with the specified neighbor or peer-group.

?In this step, you are establishing an eBGP session with the peer router to exchange ORF capabilities.

Step 6

neighbor ip-addresscapability prefixlist-orf [send | receive |both]

Example:

Router(config-router)# neighbor 10.1.1.1 capability prefixlist-orf both

Enables the ORF prefix list capability on a router.

?The ORF capability can be enabled in send or receive mode with the corresponding keywords. ORF capabilities can also be enabled in send and receive mode with the bothkeyword.

Step 7

exit

Example:

Router(config)# exit

Exits router configuration mode, and enters global configuration mode.

Step 8

access-list access-list-number {deny|permit}

Example:

Router(config)# eaccess-list 10 permit 192.168.1.0 0.0.0.255

Defines the access list for prefix based filtering.

?This feature supports prefix length matching, wild-card based prefix matching, and exact address prefix matching for address family support.

Step 9

exit

Example:

Router(config)# exit

Exits global configuration mode, and enters privileged EXEC mode.

Step 10

clear ip bgp {ip-address| *} in prefix-filter

Example:

Router(config)# clear ip bgp 192.168.1.2 in prefix-filter

(Optional) Clears BGP ORFs and initiates an inbound soft reset. A single neighbor or all neighbors can be specified.

?When this command is used without the prefix-filter keyword, a normal route refresh is performed. This command should be used when inbound routing policy changes other than a prefix list filter occur, such as a route map change.


 

5、配置举例

 

The following example configures Router-A to advertise prefix-based ORF send capabilities to Router-B (172.16.1.2):

router bgp 100

address-family ipv4 unicast

neighbor 172.16.1.2 remote-as 200

neighbor 172.16.1.2 capability orf prefix-list send

exit

The following example configures Router-B to advertise prefix-based ORF receive capabilities to Router-A (10.1.1.1). This example also creates the prefix filter to permit route from the 192.168.1.0 network.

router bgp 200

address-family ipv4 unicast

neighbor 10.1.1.1 remote-as 100

neighbor 10.1.1.1 capability orf prefix-filter receive

neighbor 10.1.1.1 distribute-list 10 in

exit

access-list 10 permit 192.168.1.0 0.0.0.255

!

The following example configures Router-A to advertise both send and receive prefix-based ORF capabilities to Router-B (192.168.1.2) and to initiate an inbound soft reset with Router-B:

router bgp 100

address-family ipv4 unicast

neighbor 192.168.1.2 remote-as 200

neighbor 192.168.1.2 capability orf prefix-list both

exit

clear ip bgp 192.168.1.2 in prefix-filter

!


6、配置校验

 

Verifying BGP Prefix-Based Outbound Route Filtering Configured in Send Mode

The following example output from the show running-config privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in send mode:

Router# show running-config | begin bgp

router bgp 1

bgp log-neighbor-changes

network 10.0.0.0

network 172.16.1.2

neighbor 192.168.20.72 remote-as 2

neighbor 192.168.20.72 capability orf prefix-list send

!

The following example output from the show ip bgp neighbors privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in send mode:

Router# show ip bgp neighbors 192.168.20.72

BGP neighbor is 192.168.20.72, remote AS 2, external link

BGP version 4, remote router ID 172.16.1.2

BGP state = Established, up for 00:13:27

Last read 00:00:27, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh:advertised and received(new)

Address family IPv4 Unicast:advertised and received

Received 36 messages, 0 notifications, 0 in queue

Sent 36 messages, 0 notifications, 0 in queue

Default minimum time between advertisement runs is 30 seconds

For address family:IPv4 Unicast

BGP table version 13, neighbor version 13

Index 1, Offset 0, Mask 0x2

AF-dependant capabilities:

Outbound Route Filter (ORF) type (128) Prefix-list:

Send-mode:advertised, received

Receive-mode:received

Route refresh request:received 4, sent 2

2 accepted prefixes consume 80 bytes

Prefix advertised 8, suppressed 0, withdrawn 2

Verifying BGP Prefix-Based Outbound Route Filtering Configured in Receive Mode

The following example output from the show running-config privileged EXEC command shows that neighbor 172.16.1.2 is configured with the prefix-based ORF feature in receive mode:

Router# show running-config | begin bgp

router bgp 1

bgp log-neighbor-changes

network 10.0.0.0

network 192.168.20.72

neighbor 172.16.1.2 remote-as 2

neighbor 172.16.1.2 capability orf prefix-list receive

!

The following example output from the show ip bgp neighbors privileged EXEC command shows that neighbor 172.16.1. 2 is configured with the prefix-based ORF feature in receive mode:

Router# show ip bgp neighbors 172.16.1.2

BGP neighbor is 172.16.1.2, remote AS 2, external link

BGP version 4, remote router ID 192.168.20.72

BGP state = Established, up for 00:02:47

Last read 00:00:46, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh:advertised and received(new)

Address family IPv4 Unicast:advertised and received

Received 45 messages, 0 notifications, 0 in queue

Sent 44 messages, 0 notifications, 0 in queue

Default minimum time between advertisement runs is 30 seconds

For address family:IPv4 Unicast

BGP table version 17, neighbor version 17

Index 1, Offset 0, Mask 0x2

AF-dependant capabilities:

Outbound Route Filter (ORF) type (128) Prefix-list:

Send-mode:received

Receive-mode:advertised, received

Route refresh request:received 5, sent 2

2 accepted prefixes consume 80 bytes

Prefix advertised 10, suppressed 0, withdrawn 2

Verifying BGP Prefix-Based Outbound Route Filtering Configured in Send and Receive Modes

The following example output from the show running-config privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in both send and receive modes:

Router# show running-config | begin bgp

router bgp 1

bgp log-neighbor-changes

network 10.0.0.0

network 172.16.1.2

neighbor 192.168.20.72 remote-as 2

neighbor 192.168.20.72 capability orf prefix-list both

!

The following example output from the show ip bgp neighbors privileged EXEC command shows that neighbor 192.168.20.72 is configured with the prefix-based ORF feature in both send and receive modes:

Router# show ip bgp neighbors 192.168.20.72

BGP neighbor is 192.168.20.72, remote AS 2, external link

BGP version 4, remote router ID 172.16.1.2

BGP state = Established, up for 00:00:09

Last read 00:00:09, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh:advertised and received(new)

Address family IPv4 Unicast:advertised and received

Received 57 messages, 0 notifications, 0 in queue

Sent 56 messages, 0 notifications, 0 in queue

Default minimum time between advertisement runs is 30 seconds

For address family:IPv4 Unicast

BGP table version 21, neighbor version 19

Index 1, Offset 0, Mask 0x2

AF-dependant capabilities:

Outbound Route Filter (ORF) type (128) Prefix-list:

Send-mode:advertised, received

Receive-mode:advertised, received

Route refresh request:received 6, sent 3

2 accepted prefixes consume 80 bytes

Prefix advertised 12, suppressed 0, withdrawn 2