Notas Outbound Route Filtering (ORF)

by

Esta feature do BGP permite ao router controlar através de um prefix-list quais os prefixos que o BGP peer deve enviar, permitindo assim reduzir o numero de prefixos processados. Sintaxe:

router bgp autonomous-system-number
 
neighbor ip-address capability orf prefix-list [send | receive | both]
 
neighbor {ip-address| peer-group-name} prefix-list prefix-list-name {in | out}

Notas:

  • Apenas é usado em eBGP
  • Não suporta multicast
  • Deve ser configurado apenas por address family

Diagrama

BGP Outbound Router Filtering (ORF)

Exemplo 1

O router R2 pretende receber apenas o prefixo 192.168.2.0/24

R1

router bgp 65100
neighbor 192.168.1.2 remote-as 65200
address-family ipv4
neighbor 192.168.1.2 capability orf prefix-list receive

R2

ip prefix-list ORFFILTER seq 5 permit 192.168.2.0/24
 
router bgp 65200
neighbor 192.168.1.1 remote-as 65100
address-family ipv4
neighbor 192.168.1.1 capability orf prefix-list send
neighbor 192.168.1.1 prefix-list ORFFILTER in

 
Verificar os prefixos a filtrar no peering com o R2, definidos pelo prefix-list em R2:

R1#show ip bgp neighbors 192.168.1.2 received prefix-filter
Address family: IPv4 Unicast ip prefix-list 192.168.1.2: 1 entries seq 5 permit 192.168.2.0/24
 
R1#show ip bgp neighbors 192.168.1.2 | beg ORF
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode: received
Receive-mode: advertised
Outbound Route Filter (ORF): received (1 entries)
Sent Rcvd
Prefix activity: —- —-
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: ——– ——-
ORF prefix-list: 4 n/a
Total: 4 0
Number of NLRIs in the update sent: max 3, min 1

Tabela de routing do R2

R2#show ip route bgp
 
B 192.168.2.0/24 [20/0] via 192.168.1.1, 00:01:12

 

Exemplo 2

O router R2 pretende receber todos os prefixos excepto o 192.168.2.0/24

R1

router bgp 65100
neighbor 192.168.1.2 remote-as 65200
address-family ipv4
neighbor 192.168.1.2 capability orf prefix-list receive

R2

ip prefix-list ORFFILTER seq 5 deny 192.168.2.0/24
ip prefix-list ORFFILTER seq 10 permit le 0.0.0.0/0 le 32
 
router bgp 65200
neighbor 192.168.1.1 remote-as 65100
address-family ipv4
neighbor 192.168.1.1 capability orf prefix-list send
neighbor 192.168.1.1 prefix-list ORFFILTER in

Verificar os prefixos a filtrar no peering com o R2, definidos pelo prefix-list em R2:

R1#show ip bgp neighbors 192.168.1.2 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 192.168.1.2: 2 entries
seq 5 deny 192.168.2.0/24
seq 10 permit 0.0.0.0/0 le 32
 
R1#show ip bgp neighbors 192.168.1.2 | beg ORF
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode: received
Receive-mode: advertised
Outbound Route Filter (ORF): received (2 entries)
Sent Rcvd
Prefix activity: —- —-
Prefixes Current: 3 0
Prefixes Total: 3 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0Outbound Inbound
Local Policy Denied Prefixes: ——– ——-
ORF prefix-list: 1 n/a
Total: 1 0
Number of NLRIs in the update sent: max 3, min 1

Tabela de routing do R2

R2#show ip route bgp
B 192.168.4.0/24 [20/0] via 192.168.1.1, 00:00:36
B 192.168.5.0/24 [20/0] via 192.168.1.1, 00:00:36
B 192.168.3.0/24 [20/0] via 192.168.1.1, 00:00:36

Nota:As alterações efetuadas na prefix-list não são propagadas automaticamente, sendo necessário forçar usando:

R2#clear ip bgp 192.168.1.1 in prefix-filter

@Atualizado 19/12/2015

2 thoughts on “Notas Outbound Route Filtering (ORF)”

  1. Você disse “O router R2 não pretende receber o prefixo 192.162.2.0/24”. Na realidade, o R2 somente receberá o prefixo 192.168.2.0/24, da qual, eles já estabeleceram as capabilities. Se, realmente a idéia é não receber o prefixo, você incluíria na prefix-list o “DENY”e permitiria todas as outras.

    ip prefix-list ORFFILTER seq 5 deny 192.168.2.0/24
    ip prefix-list ORFFILTER seq 10 permit 0.0.0.0/0 le 32

    Reply

    • Na verdade queria dizer “receber apenas”, da qual surge o permit apenas para esse prefixo. Atualizei o post com um 2º exemplo, neste negando um prefixo e aceitando os restantes conforme sugerido por ti.
      Obrigado.

      Reply

Leave a Comment

Translate »
Google no longer supports Google Images API and this plugin can't work.

You can try to use other plugins with the same feature:
WP Picasa Box - http://codecanyon.net/item/wp-picasa-box/16099962
WP Pixabay Search And Insert - http://wpclever.net/downloads/wordpress-pixabay-search-and-insert