In this document, I am going to present how outbound route filtering can efficiently filters routes without occupying link bandwidth. I am going to use two simple methods to filter BGP routes and then introduce ORF.
The following topology is used for this presentation.
I used the terms ISP and customer in my example; however, this feature can be applied everywhere. In my example, ISP is advertising 3 subnets but customers is not interested in receiving 192.168.10.0/24.
The current ISP configuration:
Customer's routing table before applying any filtering. All 3 subnets are in the routing table.
The easiest was is filtering 192.168.10.0/24. in customer site using prefix list. I applied the following configuration to the customer's router. I added a prefix list and applied that prefix list inbound under BGP in customer site.
lets see the customer's routing table after applying the prefix list.
192.168.10.0/24 is not seen anymore in the routing table. So far so good, but the issue is it is waste of the link bandwidth between customer and ISP and also CPU processing in customer side if there are many routes that need to be filtered.
We can filter the routes in ISP side. in this way, ISP does not advertise those routes and customer does not have to process and filter the routes locally. It is simple. We apply the same configuration on ISP's router but in outbound direction.
Lets see the customer's routing table after applying the configuration.
We achieved the same result. What if we do not have access to the other site. The other side might be under control of another administration groups so we have to make a request each time or may be charged for each request. in this case, ORF comes to play. It is a great feature applied locally and filtering is done on the other site. We configure prefix list locally and prefix list is sent to the remote router and remote router filters the routes. ORF is a capability so we need to activate it first with specifying the direction. Customer is sending prefix-list and ISP receiving that. The configuration in customer's site is as follows:
As seen in the picture above, I configured the same prefix list and applied it in inbound direction. The configuration is similar to filtering routes locally but in fact prefix list is sent to other side and filter is applied outbound in ISP.
The configuration in ISP is simple and done only once. We just need to activate ORF feature. I used "receive" since ISP is receiving the prefix list
Now, lets make a change in customer's router. I simply added a line to the prefix list to filter 172.16.1.0/24 as well.
For the change to take effect, we need to clear BGP session inbound but with adding prefix-filter at the end.
Customer#"clear ip bgp 22.214.171.124 in prefix-filter"
Lets see the effect in the customer's routing table.
As seen, only 192.168.1.0 is in the routing table.
ISP can also verify the received prefix list by issuing the following command.
We split a /24 into two /25 segments:eth 1/1 - 126.96.36.199/25eth 1/2 - 188.8.131.52/25eth 1/3 - 184.108.40.206 - ISP link So the whole /24 lives on the router, but split. When I advertise 220.127.116.11/24 to ISP, it doesn't show up as and advertised route. Is there a...
is it possible to add more than 1 ip wccp redirect on a vlan interface ? Each one with a different associated access list, will both redirect access list be searched for a match ? interface Vlan903ip address 10.250.1.21 255.255.255.252ip wccp 5 redir...
I have a legacy network originally designed to allocate subnets to individual servers through VLANs, controlled through bridged switches to our individual cabinets. Each server would be assigned a switch port and a subnet VLAN. Over the ...