Check Prefix
This scenario shows how to configure a prefix-list for filtering prefixes with different restrictions. Several connected routes will be available through dummy interfaces but only some will be exported.
Prefix strict match
Description
Several dummy interfaces are created in DUT0 allowing their connected routes to be exported. Only the one that exactly matches the prefix configured in the prefix-list will be exported to DUT1.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces dummy dum0 address 10.0.0.10/8 set interfaces dummy dum1 address 10.0.0.20/16 set interfaces dummy dum2 address 10.0.0.30/24 set interfaces ethernet eth0 address 192.168.100.10/24 set protocols ip prefix-list TEST rule 1 action permit set protocols ip prefix-list TEST rule 1 prefix 10.0.0.0/8 set protocols route-map PREF_LIST rule 1 action permit set protocols route-map PREF_LIST rule 1 match ip address prefix-list TEST set protocols bgp 10 neighbor peer remote-address 192.168.100.20 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map export PREF_LIST set protocols bgp 10 redistribute connected
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.20/24 set protocols route-map PERMIT rule 1 action permit set protocols bgp 20 neighbor peer remote-address 192.168.100.10 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map import PERMIT
Step 3: Run command protocols bgp show ip at DUT1 and check if output matches the following regular expressions:
10.0.0.0/8Show output
BGP table version is 1, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 192.168.100.10 0 0 10 ? Displayed 1 routes and 1 total paths
Step 4: Run command protocols bgp show ip at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/16Show output
BGP table version is 1, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 192.168.100.10 0 0 10 ? Displayed 1 routes and 1 total paths
Step 5: Run command protocols bgp show ip at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/24Show output
BGP table version is 1, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 192.168.100.10 0 0 10 ? Displayed 1 routes and 1 total paths
Step 6: Run command protocols ip show route at DUT1 and check if output matches the following regular expressions:
10.0.0.0/8Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/8 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:02
Step 7: Run command protocols ip show route at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/16Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/8 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:02
Step 8: Run command protocols ip show route at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/24Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/8 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:02
Lower or equal prefix mask lenght match
Description
Several dummy interfaces are created in DUT0 allowing their connected routes to be exported. Only the ones with a prefix length lower than or equal to 16 will be included.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces dummy dum0 address 10.0.0.10/8 set interfaces dummy dum1 address 10.0.0.20/16 set interfaces dummy dum2 address 10.0.0.30/24 set interfaces ethernet eth0 address 192.168.100.10/24 set protocols ip prefix-list TEST rule 1 action permit set protocols ip prefix-list TEST rule 1 prefix 10.0.0.0/8 set protocols route-map PREF_LIST rule 1 action permit set protocols route-map PREF_LIST rule 1 match ip address prefix-list TEST set protocols bgp 10 neighbor peer remote-address 192.168.100.20 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map export PREF_LIST set protocols bgp 10 redistribute connected set protocols ip prefix-list TEST rule 1 le 16
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.20/24 set protocols route-map PERMIT rule 1 action permit set protocols bgp 20 neighbor peer remote-address 192.168.100.10 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map import PERMIT
Step 3: Run command protocols bgp show ip at DUT1 and check if output matches the following regular expressions:
10.0.0.0/8Show output
BGP table version is 2, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 192.168.100.10 0 0 10 ? *> 10.0.0.0/16 192.168.100.10 0 0 10 ? Displayed 2 routes and 2 total paths
Step 4: Run command protocols bgp show ip at DUT1 and check if output matches the following regular expressions:
10.0.0.0/16Show output
BGP table version is 2, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 192.168.100.10 0 0 10 ? *> 10.0.0.0/16 192.168.100.10 0 0 10 ? Displayed 2 routes and 2 total paths
Step 5: Run command protocols bgp show ip at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/24Show output
BGP table version is 2, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 192.168.100.10 0 0 10 ? *> 10.0.0.0/16 192.168.100.10 0 0 10 ? Displayed 2 routes and 2 total paths
Step 6: Run command protocols ip show route at DUT1 and check if output matches the following regular expressions:
10.0.0.0/8Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/8 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 B>* 10.0.0.0/16 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:02
Step 7: Run command protocols ip show route at DUT1 and check if output matches the following regular expressions:
10.0.0.0/16Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/8 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 B>* 10.0.0.0/16 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:02
Step 8: Run command protocols ip show route at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/24Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/8 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 B>* 10.0.0.0/16 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:02
Greater or equal prefix mask lenght match
Description
Several dummy interfaces are created in DUT0 allowing their connected routes to be exported. Only the ones with a prefix length greater than or equal to 18 will be included.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces dummy dum0 address 10.0.0.10/8 set interfaces dummy dum1 address 10.0.0.20/16 set interfaces dummy dum2 address 10.0.0.30/24 set interfaces ethernet eth0 address 192.168.100.10/24 set protocols ip prefix-list TEST rule 1 action permit set protocols ip prefix-list TEST rule 1 prefix 10.0.0.0/8 set protocols route-map PREF_LIST rule 1 action permit set protocols route-map PREF_LIST rule 1 match ip address prefix-list TEST set protocols bgp 10 neighbor peer remote-address 192.168.100.20 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map export PREF_LIST set protocols bgp 10 redistribute connected set protocols ip prefix-list TEST rule 1 ge 18
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.20/24 set protocols route-map PERMIT rule 1 action permit set protocols bgp 20 neighbor peer remote-address 192.168.100.10 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map import PERMIT
Step 3: Run command protocols bgp show ip at DUT1 and check if output matches the following regular expressions:
10.0.0.0/24Show output
BGP table version is 1, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.100.10 0 0 10 ? Displayed 1 routes and 1 total paths
Step 4: Run command protocols bgp show ip at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/8Show output
BGP table version is 1, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.100.10 0 0 10 ? Displayed 1 routes and 1 total paths
Step 5: Run command protocols bgp show ip at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/16Show output
BGP table version is 1, local router ID is 192.168.100.20, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.100.10 0 0 10 ? Displayed 1 routes and 1 total paths
Step 6: Run command protocols ip show route at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/8Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/24 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:03
Step 7: Run command protocols ip show route at DUT1 and check if output does not match the following regular expressions:
10.0.0.0/16Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/24 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:03
Step 8: Run command protocols ip show route at DUT1 and check if output matches the following regular expressions:
10.0.0.0/24Show output
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure B>* 10.0.0.0/24 [20/0] via 192.168.100.10, eth0, weight 1, 00:00:01 C>* 192.168.100.0/24 is directly connected, eth0, 00:00:03