Filtering
Scenario to verify BGP peer-group filtering inheritance.
A prefix-list defines which IP prefixes can be advertised to or received from
BGP neighbors based on IP prefix matching. It is optimized for simple and efficient
IP prefix filtering. A route-map provides more flexible filtering by matching
on multiple attributes (AS-path, communities, prefix-lists, etc.) and can also modify
route attributes. Both can be applied in the import direction (filtering routes
received from a neighbor) or the export direction (filtering routes advertised
to a neighbor). When configured on a peer-group, all members of the group inherit
the filtering policy.
Test iBGP - Peer-group filtering
Description
Test prefix-list and route-map filters on a peer-group.
Baseline shows all routes received; each filter type (import on peer-group,
export on DUT1) permits only 1.1.1.0/24.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address 10.10.0.200 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 peer-group MYGROUP remote-as 20 set protocols ip prefix-list FILTER rule 10 action permit set protocols ip prefix-list FILTER rule 10 prefix 1.1.1.0/24 set protocols route-map FILTER-MAP rule 10 action permit set protocols route-map FILTER-MAP rule 10 match ip address prefix-list FILTER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces dummy dum1 address 2.2.2.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 redistribute connected set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 3 RIB entries 5, using 640 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 6 4 3 0 0 00:00:01 Established 3 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives 1.1.1.0/24.
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 3, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *ui 1.1.1.0/24 10.10.0.200 0 100 0 ? *ui 2.2.2.0/24 10.10.0.200 0 100 0 ? *ui 10.10.0.0/24 10.10.0.200 0 100 0 ? Displayed 3 routes and 3 total paths
Attention
Verify DUT0 also receives 2.2.2.0/24 (no filter).
Step 5: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
2.2.2.0/24Show output
BGP table version is 3, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *ui 1.1.1.0/24 10.10.0.200 0 100 0 ? *ui 2.2.2.0/24 10.10.0.200 0 100 0 ? *ui 10.10.0.0/24 10.10.0.200 0 100 0 ? Displayed 3 routes and 3 total paths
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address 10.10.0.200 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 peer-group MYGROUP prefix-list import FILTER set protocols bgp 20 peer-group MYGROUP remote-as 20 set protocols ip prefix-list FILTER rule 10 action permit set protocols ip prefix-list FILTER rule 10 prefix 1.1.1.0/24 set protocols route-map FILTER-MAP rule 10 action permit set protocols route-map FILTER-MAP rule 10 match ip address prefix-list FILTER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces dummy dum1 address 2.2.2.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 redistribute connected set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 6 4 1 0 0 00:00:01 Established 1 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives 1.1.1.0/24.
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Attention
Verify DUT0 does NOT receive 2.2.2.0/24 (filtered by prefix-list import).
Step 5: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
2.2.2.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address 10.10.0.200 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 peer-group MYGROUP remote-as 20 set protocols ip prefix-list FILTER rule 10 action permit set protocols ip prefix-list FILTER rule 10 prefix 1.1.1.0/24 set protocols route-map FILTER-MAP rule 10 action permit set protocols route-map FILTER-MAP rule 10 match ip address prefix-list FILTER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces dummy dum1 address 2.2.2.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer prefix-list export EXPORT-FILTER set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 redistribute connected set protocols ip prefix-list EXPORT-FILTER rule 10 action permit set protocols ip prefix-list EXPORT-FILTER rule 10 prefix 1.1.1.0/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 4 4 1 0 0 00:00:01 Established 1 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives 1.1.1.0/24.
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Attention
Verify DUT0 does NOT receive 2.2.2.0/24 (filtered by prefix-list export).
Step 5: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
2.2.2.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address 10.10.0.200 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 peer-group MYGROUP remote-as 20 set protocols bgp 20 peer-group MYGROUP route-map import FILTER-MAP set protocols ip prefix-list FILTER rule 10 action permit set protocols ip prefix-list FILTER rule 10 prefix 1.1.1.0/24 set protocols route-map FILTER-MAP rule 10 action permit set protocols route-map FILTER-MAP rule 10 match ip address prefix-list FILTER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces dummy dum1 address 2.2.2.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 redistribute connected set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 6 4 1 0 0 00:00:02 Established 1 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives 1.1.1.0/24.
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Attention
Verify DUT0 does NOT receive 2.2.2.0/24 (filtered by route-map import).
Step 5: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
2.2.2.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address 10.10.0.200 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 peer-group MYGROUP remote-as 20 set protocols ip prefix-list FILTER rule 10 action permit set protocols ip prefix-list FILTER rule 10 prefix 1.1.1.0/24 set protocols route-map FILTER-MAP rule 10 action permit set protocols route-map FILTER-MAP rule 10 match ip address prefix-list FILTER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces dummy dum1 address 2.2.2.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 neighbor peer route-map export EXPORT-MAP set protocols bgp 20 redistribute connected set protocols ip prefix-list EXPORT-PFX rule 10 action permit set protocols ip prefix-list EXPORT-PFX rule 10 prefix 1.1.1.0/24 set protocols route-map EXPORT-MAP rule 10 action permit set protocols route-map EXPORT-MAP rule 10 match ip address prefix-list EXPORT-PFX set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 2 4 0 0 0 00:00:00 Established 0 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives 1.1.1.0/24.
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Attention
Verify DUT0 does NOT receive 2.2.2.0/24 (filtered by route-map export).
Step 5: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
2.2.2.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths