In this document you will learn about BGP ORF (Outbound Route Filtering) capability.
What is BGP ORF Capability: It’s a feature uses BGP outbound route filter (ORF) send and receive capabilities to minimize the number of BGP updates that are sent between BGP peers. Configuring this feature can help reduce the amount of system resources required for generating and processing routing updates by filtering out unwanted routing updates at the source.
Let explain this with simple example:
In your network you have one CE router which is connected to service provider PE router and forming EBGP neighborship with it. CE router only want to receive limited number of prefixes along with default route from PE because you don’t want to receive all chunk of routes, process them and waste your CPU utilization. So to achieve this you will think of two options:
1) Configure output filter on PE to restrict prefixes that CE don’t want. This will work but there is one problem, in future, if your CE need addition specific routes for any reason like path manipulation you will need to open service request with service provider and wait for them to complete. Also this will increase work of service provider engineers to manually add or delete/modify filter list.
2) Another option is you can Configure inbound filter list on CE to get needed prefixes in routing table and filter unwanted coming from PE. This will work like charm, customer managing CE router can have control on what prefixes they want to keep and what they don’t .Also reduce configuration part of SP engineer. All is well but if you observe this carefully you will find one issue in this design. Even you have configure inbound filter list on CE, PE is still advertising all chunk routes to CE and CE has to look out every prefixes coming from PE and then filter them as per configuration, Imagine what will happen if your CE receive 50k or 1lk routes. Here BGP ORF capability feature can make difference. When you configure BGP ORF, CE router filter-list will dynamically learn by PE routers and PE will only advertise those prefixes which CE router needs.
For platform support and Cisco IOS software image support use Cisco Feature Navigator at http://www.cisco.com/go/fn.
PE and CE are directly connected and PE is generating bunch of prefixes (I have configured loopbacks to generate prefixes) and a default route. Here is basic configuration of both routers.
ip address 10.1.1.2 255.255.255.0
router bgp 65001
neighbor 10.1.1.1 remote-as 100
ip address 192.168.1.1 255.255.255.0
ip address 18.104.22.168 255.255.255.0
ip address 22.214.171.124 255.255.255.0
ip address 126.96.36.199 255.255.255.0
ip address 188.8.131.52 255.255.255.0
ip address 184.108.40.206 255.255.255.0
ip address 10.1.1.1 255.255.255.0
router bgp 100
network 220.127.116.11 mask 255.255.255.0
network 18.104.22.168 mask 255.255.255.0
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 next-hop-self
neighbor 10.1.1.2 default-originate
Let’s verify BGP neighborship and route we learnt from PE:
You can see CE have learned 7 routes from PE.
Now CE site engineer wants only default route and 22.214.171.124/24, 126.96.36.199/24 subnets no other subnet starts with 192.168.x.x.So as discussed above we know two ways to configure filter-list, either outbound to PE or inbound to CE; also we discussed what will be the problems. So we are configuring filter-list on inbound to CE.
Let’s 1st configure prefix-list and then apply to BGP neighbor.
Now verify BGP table after applying filter-list:
You can see after applying filter-list only 3 prefixes we needed in BGP table but as discussed above, PE is sending entire BGP table to CE, CE has to process all BGP updates coming from PE and then filters as per configured list which is potentially wasting CE CPU. To demonstrate let’s debug bgp updates and clear BGP updates.
You can also verify this using “sh ip bgp neighbors 10.1.1.1 received-routes” command.
From the above output you can see CE is receiving 192.168.X.X prefixes, process them and then filtered it.
Let’s now apply BGP ORF and See what’s happened. The BGP ORF only supports prefix-list not route-map or any other filtering mechanism. This can be configured on a router to send or receive ORF capabilities with either the send or receive keywords. This feature can also be configured on a router to both send and receive ORF capabilities with the both keyword.
Verifying after Applying ORF capability on CE, PE routers:
From the above output we saw that previously PE router sent the full BGP table to the CE router, and CE was processing whole updates. With BGP ORF the CE router dynamically tells the PE router what routes to filter “outbound”. This means that the CE router will only receive update messages about the prefixes that it wants.
Some more verification commands:
From above output you can see ORF mode on CE is sent and on PE is received, PE dynamically learned 3 prefix-list entries from CE.
To further check let’s add on more prefix-list entry on CE and see whether PE will dynamically learn it or not.
BGP ORF Configuration for IOS XR:
To advertise prefix list-based Outbound Route Filter (ORF) capability to the Border Gateway Protocol (BGP) peer, use the capability orf prefix command in an appropriate configuration mode.
RP/0/0/CPU0:PE2#conf t Tue Apr 15 03:45:59.365 TLT RP/0/0/CPU0:PE2(config)#router bgp 65001 RP/0/0/CPU0:PE2(config-bgp)#nei 10.1.1.1 RP/0/0/CPU0:PE2(config-bgp-nbr)#address-family ipv4 unicast RP/0/0/CPU0:PE2(config-bgp-nbr-af)#capability orf prefix ? both Capability to RECEIVE and SEND the ORF from/to this neighbor none No capability to RECEIVE or SEND the ORF from/to this neighbor receive Capability to RECEIVE the ORF from this neighbor send Capability to SEND the ORF to this neighbor RP/0/0/CPU0:PE2(config-bgp-nbr-af)#capability orf prefix