Network: May 2010 Archives

Intro to BGP route-maps

|

I've been fooling around with BGP recently, and the subject of route-maps came up. For those of you playing along at home (and by now, you all should be), route-maps allow one to filter the routing updates that BGP sends. Suppose you are doing something simple like redistributing connected networks into BGP. That works fine, as long as none of them are RFC 1918 space or internal networks that shouldn't be advertised to the outside world. If you decide to hang an internal network off one of your routers (or multi-layer switches) then the default behavior of BGP that's having connected routes redistributed into it would be to advertise those as well. Clearly, this isn't desired behavior.

By using a route-map, you can in effect tell BGP to ignore some networks and not advertise them.

To start, let's get two BGP-speakers up and exchanging connected routes. RouterA has been configured with an IP of 10.0.0.2 and RouterB with 10.0.0.3.


RouterA(config)#router bgp 100
RouterA(config-router)#neighbor 10.0.0.3 remote-as 200

RouterB(config)#router bgp 200
RouterB(config-router)#neighbor 10.0.0.2 remote-as 100

As you can see, RouterA has been placed into AS 100 and RouterB is in AS 200. This is a lab environment so the only reason I used these ASNs is to avoid having to type and re-type the ones allocated in RFC 5398 which are at the higher end of the ASN spectrum.

Anyway, once this has been done, we'll see a log message like this one taken from RouterA:

*May 22 10:40:52.455: %BGP-5-ADJCHANGE: neighbor 10.0.0.3 Up

So the routers are talking BGP to each other but so far no routes are being advertised. To give them something to talk about, we'll add some loopbacks and tell the routers to redistribute those into BGP.

RouterA(config)#int lo0
RouterA(config-if)#ip address 10.100.0.1 255.255.255.255

The RouterA sees loopbacks as directly connected networks, and adds them to the routing table as shown:

RouterA(config-if)#do sh ip ro
C 10.0.0.2/31 is directly connected, GigabitEthernet1/1
C 10.100.0.1/32 is directly connected, Loopback0

The route hasn't yet been redistributed into BGP - we've got to tell it to do that:

RouterA(config)#router bgp 100
RouterA(config-router)#redistribute connected

There are other parameters that can modify the behavior of routes redistributed into BGP, but that simple command will get the job done. Now we wait a few seconds for the updates to be pushed to RouterB and then look at it's routing table:

RouterB#sh ip ro bgp
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 10.100.0.1/32 [20/0] via 10.0.0.2, 00:00:28

Success! RouterB has learned a route to 10.100.0.1 from RouterA via BGP. Let's add another loopback:

RouterA(config-router)#int lo1
RouterA(config-if)#ip address 10.200.0.1 255.255.255.255

Sure enough, it shows up on RouterB as well:

RouterB#sh ip ro bgp
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.200.0.1/32 [20/0] via 10.0.0.2, 00:00:37
B 10.100.0.1/32 [20/0] via 10.0.0.2, 00:06:47

That's fine and dandy assuming we want all the connected networks on RouterA to be pushed to RouterB. If we want to keep 10.200.0.1/32 from being advertised by BGP we can create a route-map to filter it from the list of updates to be sent.

The first thing we have to do is define the route-map:

RouterA(config)#route-map TESTMAP permit 10

Easy enough. 10 is just a sequence number like in regular firewall access-lists and for our purposes doesn't mean anything. The next thing we have to do is tell the router which network we want to permit (the rest will be blocked):

RouterA(config-route-map)#match ip address 1

This tells the router to look at access-list 1 and check the addresses against it before advertising them. Since access-list 1 doesn't yet exist, let's write it:

RouterA(config)#access-list 1 permit 10.100.0.0 0.0.255.255

The only tricky thing, for those of you coming from the world of firewall access-lists is that the netmask is a wildcard mask, not a standard one. Looking at this access-list entry, networks starting with 10.100 are okay to advertise. Everything has been defined with the exception of applying to route-map to BGP's redistribution of connected routes.

RouterA(config)#router bgp 100
RouterA(config-router)#redistribute connected route-map TESTMAP

Just like before, we're telling BGP to redistribute routes for connected networks but we're also telling it to only do so if the routes pass successfully through the TESTMAP route-map. Now that everything is in place, let's look at RouterB again:

RouterB#sh ip ro bgp
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 10.100.0.1/32 [20/0] via 10.0.0.2, 00:19:10

As you can see, the route for 10.200.0.1/32 has been dropped from RouterB's routing table since it was filtered out by the route-map. There are many, many other things that can be done with a route-map, but this is intended to be more of a quick intro than anything resembling a complete guide.

About this Archive

This page is a archive of entries in the Network category from May 2010.

Network: April 2010 is the previous archive.

Find recent content on the main index or look in the archives to find all content.