1001QA.NET

Simplicity is the ultimate sophistication

Font Size

SCREEN

Layout

Cpanel

BGP

How to practically test the order of various BGP filtering methods

Here are the filtering methods:
1.filter-list
2.distribute-list/prefix-list
3.route-map

The Cisco documentation is contradictory and I have come across various posts that contradict each other:

I would like to test this myself but I can not figure out how to do it.

enter image description here

enter image description here

 

I think that the right way to do is to apply all the methods at the same time. and to use increasingly larger masks for the input route.

Each of the above methods has a prefix or ACL with stats that can show you the hits. So on the contrary instead of applying each method as Ron suggested above I would rather apply all the methods as indicated and change the network mask for let's say 1.1.1.1 from 24 to 16 to 8

filter-list --will permit 1.0.0.0/8 (make this route come from another AS and filter it by AS, deny updates from that AS)
prefix-list --will permit 1.1.0.0/16
route-map --will permit 1.1.1.0/24

and so on
So by changing the mask of the same route I should be able to test the above. Ron just described an elimination process but does not give a practical method to check the results

Update: I tested the above and it worked. Use debugging to see the updates. You will see messages indicating what exactly denied each route! no need for matrix testing as suggested below

 router bgp 200
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.10.10.1 remote-as 100
 neighbor 10.10.10.1 prefix-list /16 in
 neighbor 10.10.10.1 route-map /24 in
 neighbor 10.10.10.1 filter-list 100 in

and the prefix list and filter lists used to test the above

ip as-path access-list 100 deny _300_
ip as-path access-list 100 permit .*

ip prefix-list /16 seq 5 permit 1.1.0.0/16 le 24
!
ip prefix-list /24 seq 5 permit 1.1.1.0/24
!
ip prefix-list /8 seq 5 permit 1.0.0.0/8 le 24
!
route-map /16 permit 10
 match ip address prefix-list /16
!
route-map /24 permit 10
 match ip address prefix-list /24

Use redistribute connected and loopbacks on this topology:
R3---R1---R2
(AS300): R3's L0 is 1.0.0.0
(AS100): R1'2 L0 is 1.1.0.0 and L1 is 1.1.1.0
use 10.10.10.0 and 10.10.20.0 to interconnect the routers. They will be blocked by the filters

Add comment


Security code
Refresh

Home Routing BGP How to practically test the order of various BGP filtering methods