background image
324
Chapter 9
BGP Scalability and Advanced Features
neighbor 172.16.65.10 filter-list 1 out
neighbor 172.16.65.11 remote-as 300
neighbor 172.16.65.11 filter-list 11 in
neighbor 172.16.65.11 filter-list 1 out
!
!
ip as-path access-list 1 permit ^200$
ip as-path access-list 10 permit ^100$
ip as-path access-list 11 permit ^300$
!
!
To implement filters, use the neighbor command. Using the AS path syn-
tax, you can configure filters to block routes that contain the AS path infor-
mation that does not match the regular expression. The output above shows
access list 1 allowing only routes that originate from AS 200 to be sent to the
respective neighbors. Access lists 10 and 11 above allow only routes that do
not originate within AS 100 and AS 300 to be sent.
Creating BGP Policies
W
e use policies with BGP to tell other BGP neighbors the paths
through our own network. By not advertising certain routes through our net-
work, we keep other networks from learning about them; it is difficult to
route a packet through a network you don't know about. We can modify
routes that we wish to advertise using both prefix lists and distribute lists.
Distribute lists use access lists to control the routes advertised by a routing
protocol. A prefix list is similar to an access list but is more flexible and less
complicated to configure than an access list.
Distribute Lists
Distribute lists are standard or extended access lists applied to a router's BGP
session to permit or deny advertised routes through the network. Distribute
lists can be applied to filter BGP advertisements either coming in or going out
Copyright ©2001 SYBEX , Inc., Alameda, CA
www.sybex.com