Route Filtering
A big part of working with BGP is filtering routes; that’s how you control how your network traffic is carried and how you implement routing policies. You might want to filter routes coming from the outside into your network, or filter routes you advertise to other networks. No matter what your reason for filtering is, there are basically three ways to do it: AS path filtering, community filtering, and aggregate filtering.
AS Path Filters
A lot of what you do with BGP is based on building AS path filters. Filters let you select specific paths (routes) through the network. AS path filters work like access lists, but with a twist: they support regular expression (regex) pattern matching. Here’s an example of a simple AS path filter:
ip as-path access-list 70 deny ^100_ ip as-path access-list 70 permit .*
Like access lists, AS paths have the following rules:
Each line is a
permitor adenyThe first match wins
An implicit “deny all” is added to the end of the list
In this case, we want to deny any AS path that starts with AS 100 and
permit everything else. We’ve assigned the filter number 70
(with the command ip
as-path
access-list
70), which we use
when we reference the filter in other parts of the configuration. The
last part of each line is the
regular expression that determines whether or not a path matches the list. Note that the number assigned to the AS path filter has nothing to do with the numbers assigned to regular IP access lists; there’s no concept of regular ...
Get CISCO IOS in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
