This blog tackles about Border Gateway Protocol (BGP) route filtering mechanism using Prefix-list.
PART 1. Ensuring that all the interface were configure and have reachability:
Router 3 interface Status:
R3#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset administratively down down
Serial2/0 unassigned YES unset administratively down down
Serial2/1 192.168.13.3 YES manual up up
Serial2/2 unassigned YES unset administratively down down
Serial2/3 unassigned YES unset administratively down down
Loopback30 30.30.30.1 YES manual up up
Loopback31 31.31.31.1 YES manual up up
Loopback32 32.32.32.1 YES manual up up
Loopback33 33.33.33.1 YES manual up up
Router 1 interface Status
R1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset administratively down down
Serial2/0 unassigned YES unset administratively down down
Serial2/1 192.168.13.1 YES manual up up
Serial2/2 unassigned YES unset administratively down down
Serial2/3 unassigned YES unset administratively down down
R1#
Reachability between Router 3 and Router 1: ( Expect same results for Router 1)
R3#ping 192.168.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/66/148 ms
R3#
Router 1 pinging router 3:
R1#ping 192.168.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/121/224 ms
R1#
PART 2: BGP Configurations:
BGP Configurations for Router 3:
R3#sh run | sec router bgp
router bgp 3
no synchronization
bgp log-neighbor-changes
network 30.30.30.0 mask 255.255.255.0
network 31.31.31.0 mask 255.255.255.0
network 32.32.32.0 mask 255.255.255.0
network 33.33.33.0 mask 255.255.255.0
neighbor 192.168.13.1 remote-as 1
no auto-summary
R3#
BGP Configurations for Router 1:
R1#sh run | sec router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 192.168.13.3 remote-as 3
neighbor 192.168.13.3 prefix-list ALLOW in
no auto-summary
Key Points:
As seen , adding the statement,
neighbor 192.168.13.3 prefix-list ALLOW in
Will set up the filter listing the allow subnets that will be accepted by Router 3 on it’s routing table although R1 is advertising it.
PART 3. Creating the IP PREFIX-LIST
Adding the list of networks permitted on Router 3 routing table:
ip prefix-list ALLOW seq 5 permit 30.30.30.0/24
ip prefix-list ALLOW seq 10 permit 31.31.31.0/24
ip prefix-list ALLOW seq 15 permit 32.32.32.0/24
ip prefix-list ALLOW seq 20 permit 33.33.33.0/24
Verifications of the routes:
R1#sh ip bgp
BGP table version is 5, local router ID is 192.168.13.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 30.30.30.0/24 192.168.13.3 0 0 3 i
*> 31.31.31.0/24 192.168.13.3 0 0 3 i
*> 32.32.32.0/24 192.168.13.3 0 0 3 i
*> 33.33.33.0/24 192.168.13.3 0 0 3 i
R1#
To further check, removed the last network address 33.33.33.0/24 from the allow list:
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#no ip prefix-list ALLOW seq 20 permit 33.33.33.0/24
R1(config)#exit
Clear BGP to delete current routing table:
R1#clear
*Mar 1 01:46:16.919: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip bgp *
R1#
*Mar 1 01:46:23.107: %BGP-5-ADJCHANGE: neighbor 192.168.13.3 Down User reset
R1#
*Mar 1 01:46:24.863: %BGP-5-ADJCHANGE: neighbor 192.168.13.3 Up
Check the new BGP routes received by Router 1 ( as observed the network 33.33.33.0/24 were no longer seen on Router 3 routing table).
R1#sh ip bgp
BGP table version is 4, local router ID is 192.168.13.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 30.30.30.0/24 192.168.13.3 0 0 3 i
*> 31.31.31.0/24 192.168.13.3 0 0 3 i
*> 32.32.32.0/24 192.168.13.3 0 0 3 i
R1#
Summary: IP Prefix-list is one of the useful tool to filter routes injected into BGP routing table using the following key points:
1. Create neighbor statement with the prefix-list
neighbor prefix-list in
2. Create the list of network that you want to allow into the router BGP routing table.
ip prefix-list seq permit
NETWORK LESSON 
Leave a comment