Introducing Routing Protocol Tools

Routing Protocol Tools and Route Manipulation
© 2012 Cisco and/or its affiliates. All rights reserved. SPROUTE v1.01—5-1
Primary objectives: Secondary high-level
• Exchange internal routing objectives:
information • Filtering routing updates
• Exchange external routing • Routing policy implementation
information (influencing route selection)
Exchange external
Exchange internal
SP routing information.
routing information.
SP
Accept full Internet Forward only local

SP Network and customer routes.
routing.
Accept only customer Prepend AS numbers to routes

routes. Tag different types of
routes. tagged by BGP communities.
Customer Customer Customer Customer
Filter: Filter based on:
• Incoming updates • Prefix and prefix length
• Outgoing updates (subnet mask)
• Redistributed routes from other • Update parameters (routing
routing protocols protocol-specific)
Incoming updates Outgoing updates
Redistributed routes
Filter OSPF based on:
• Prefix and prefix length (subnet mask)
• LSA type (internal, external, NSSA-external)
• Route source
• SFP algorithm
Incoming updates Outgoing updates
OSPF update
Prefix: 10.1.1.0/24
Route source: 10.1.1.1
LSA type: Router LSA (type 1)
Filter BGP based on:
• Prefix and prefix length (subnet mask)
• Next-hop address
• Route source address
• AS path attribute
• BGP community and BGP extended community attributes
• Local preference attribute
NLRI: 10.1.1.0/24
Next-hop: 192.168.1.1
Origin: igp Incoming updates Outgoing updates
Local Preference: 100

AS Path: 10 20 30
Community:
23456:30
64111:12
64222:33
Prefix lists:
• Used for prefix-based filtering or matching of routes
• Can be used to match on the prefix, route source, or next-hop address
AS path access lists:
• Used in BGP for filtering or route matching based on BGP AS Path
attribute
Route maps:
• Primarily used to implement complex routing policies
• Can also be used as a powerful filtering tool
Routing policy language:
• Replaces route maps in Cisco IOS XR Software
• Feature-rich language for complex routing policies
ASBR:
• Filter redistributed routes:
- Static ▪ Prefix list OSPF Domain
- Connected Area 0
- Other OSPF processes ABR ABR
- Other protocols Area X Area Y

ABR:
• Filter interarea routes. ASBR
EIGRP
▪ Route map or routing
policy
▪ Match on route type
▪ Match on tag
Typical inbound filtering Typical outbound filtering
requirements: requirements:
• Permit only customer routes. • Permit only the default route.
• Permit a specific list of routes from • Permit default route and local
peering service providers. routes.
• Permit all routes.
BGP AS
▪ Prefix list
▪ Route map or policy

▪ AS path access list
▪ Prefix list
Customer Upstream SP
• Complex routing policies are most often implemented using BGP.
• Influencing route selection for:
- Outgoing traffic
- Incoming traffic
• Routing decision influenced:
- Locally
- Remotely (e.g. by customer or downstream service provider)
Customer selecting primary or Policy implemented by service
backup ISP: provider:
• AS path prepending by customer • Setting local preference
• BGP community sent by customer • Translating BGP community to local
preference
BGP AS
▪ Route map
Customer
• Designed for route filtering/matching
• Replaces access-lists that were designed for packet filtering/matching
• Available in Cisco IOS/IOS XE and Cisco IOS XR Software with slight
differences
Cisco IOS/IOS XE Software
• Each prefix list is identified using a case-sensitive name.
• Each prefix list can have one or more lines.
• Edit and order prefix list entries by using line numbers.
• The network/length pair identifies the bits in prefixes to match.
• The ge and le operators identify the length of prefixes to match:
- le :“less or equal” matches any prefix that is shorter or equal in length to the
specified value.
- ge :“greater or equal” matches any prefix that is longer or equal in length to
the specified value.
- ge x le x :“equal” (There is no “eq” operator in Cisco IOS/IOS XE Software.)
Router(config)#
ip prefix-list name [seq num] {deny|permit} net/length [ge len] [le len]
• Host routes are often filtered out to minimize the size of the routing table.
ip prefix-list Host_Routes deny 0.0.0.0/0 ge 32
Not interested in any bit in the prefix
Prefix must be of length 32 (e.g. host route)
• Single-homed customers running BGP or multi-homed customers that
do not require full Internet routing should receive only the default route.
ip prefix-list Default_Route permit 0.0.0.0/0
Omitted operator implies “eq match-length” (e.g. “eq 0” in

this example)
• There is no keyword any as in access lists.
• Use this example instead, to match any route.
ip prefix-list All_Prefixes permit 0.0a.0.0/0 le 32
Prefix can be of any length from 0 to 32 (e.g. any route)
• Small prefixes (e.g., prefix length greater than 24) are sometimes filtered
out to minimize the size of the full Internet routing table.
ip prefix-list Small_Prefixes permit 0.0.0.0/0 ge 25
Prefix can be of any length from 25 to 32 (e.g. any prefix

smaller than a Class C network)
• Host routes are sometimes matched (e.g., loopback addresses).
• Match the address range used for loopback interfaces.
• Match /32 prefix lengths.
ip prefix-list Core_Loopbacks permit 172.16.1.0/24 ge 32
Interested in the first 24 bits of the prefix
Prefix can be of length 32 only (e.g. host route)
• Private networks are always filtered out when sending updates to other
autonomous systems.
ip prefix-list Private_Prefixes permit 10.0.0.0/8 le 32

Interested in the first 16 bits of the prefix
Prefix can be of any length (e.g. any subnet)
Cisco IOS XR Software
• It is similar to Cisco IOS/IOS XE Software syntax, except it is modular.
• Each prefix list is identified using a case-sensitive name.
• Edit and order prefix list using line numbers.
• The network/length pair identifies the bits in the prefix that must match.
• The ge, le and eq operators identify the length of prefixes to match:
- le: “less or equal” matches any prefix that is shorter or equal in length to the
specified value.
- ge: “greater or equal” matches any prefix that is longer or equal in length to
the specified value.
- eq: “equal” matches any prefix of the exact specified length.
RP/0/RP0/CPU0:CRS(config)#
ipv4 prefix-list name
[seq num] {deny | permit} network/length [ge len] [le len] [eq len]
…
Cisco IOS XR Software
ipv4 prefix-list Private_Prefixes
deny 10.0.0.0/8 le 32
deny 172.16.0.0/12 le 32
deny 192.168.0.0/16 le 32
permit 0.0.0.0/0 le 32
!
ipv4 prefix-list Core_Loopbacks
permit 172.16.1.0/24 eq 32
!
ipv4 prefix-list Host_Routes
permit 0.0.0.0/0 eq 32
!
ipv4 prefix-list Default_Route
permit 0.0.0.0/0
!
ipv4 prefix-list All_Prefixes
permit 0.0.0.0/0 le 32
!
ipv4 prefix-list Small_Prefixes
permit 0.0.0.0/0 ge 25
!
• BGP uses autonomous systems to identify the origin and path of a prefix.
• Each path is identified using a sequence of AS numbers.
• AS path attribute is used to carry the AS path in BGP updates.
• Each egress BGP router prepends its own AS number to the AS path attribute.
• AS path access lists are used to match prefixes based on AS path
characteristics.
AS 1
Prefix X; AS path: “1 3 5” Prefix X; AS path: “3 5”
AS 2 AS 3
Prefix X; AS path: “2 1 3 5” Prefix X; AS path: “5”
AS 4 AS 5
X Prefix X; AS path: “”
• Each AS path access list is identified using a unique number.
• Regular expressions are used to match prefixes based on the contents
of the AS path attribute.
• The AS path is processed as a string of characters.
Router(config)#
ip as-path access-list acl-number {permit | deny} regexp
Prefix X; AS path: “321 11”
Prefix X; AS path: “123 321 11” Prefix X; AS path: “11”
AS 22 AS 123 AS 321 AS 11
^ 1 2 3 3 2 1 1 1 $
start end
of space space of
string string
Character Description
^ matches the start of AS path (e.g. “^20_”)
$ matches the end of AS path (e.g. “^20$”)
matches any delimiter (start, end, or space; e.g.
_
“_20_”)
. matches any single character
matches preceding character any number of times
*
including zero (e.g. “.*” “^20(_20)*$”)
matches preceding character once or more times (e.g.
+
“^[0-9]+$”)
matches preceding character zero or one time (e.g.
?
“^20(_20)?$”)
Character Description
| logical OR operator (e.g. “_100_|_200_”)
groups characters for precedence or to capture matched
()
values into \n (e.g. “_100_(200|300)_”)
matches s single character from the defined range of
[range]
characters (e.g. “[0-9]”, “[13579]”)
matches again what was found within the n-th pair of
\n
parentheses (e.g. “([0-9]+)(_\1)*”)
removes the special meaning of character X (e.g. “$” or
\X
“$”)
Regular
Expression Description
^$ matches locally originated prefixes
^number$ matches prefixes originating in the specified neighboring
AS
_number$ matches prefixes originating in the specified AS
^number_ matches prefixes learned through the specified
neighboring AS
^([0-9]+)(_\1)*$ matches prefixes originating in any neighboring AS and
allowing prepending
.* matches all prefixes (e.g. “any”)
. matches nonlocal prefixes (e.g. all except empty AS path)
Cisco IOS/IOS XE Software Net A
• There is no keyword any, as in AS 1
access lists.
• Use this example instead to Net B Net C
match any route: AS 2 AS 3
• Example:
- Matches any prefix A, B, C, E  AS 2 Net E
Net D
from any neighbor AS 4 AS 5
A, B, C, E  AS 5
ip as-path access-list permit .*
Matches any character (.) any number of times (*)
• Locally originated routes have an Net A
empty AS path attribute. AS 1
• Customers typically use this outbound
filter to announce their prefixes Net B Net C
to their service providers. AS 2 AS 3
D  AS 4
• Example:
A, B, C, D  AS 3
- AS 4 only sends A, B, C, E  AS 2 Net D D  AS 4 Net E
its own prefixes. AS 4 AS 5
A, B, C, E  AS 5 (multihomed customer)
ip as-path access-list permit ^$
Matches an empty AS path attribute (e.g. no character from

start to end)
Net A
• The first number in the AS path is AS 1
the last prepended number.
• Directly connected neighboring
Net B Net C
AS is always found as the first AS 2 AS 3
number in the AS path.
• Typically this is used for routing
Net E
policies. AS 4 Net D
AS 5
A, B, C, E  AS 5
• Example:
- AS 4 matches any prefix from
neighboring AS 5.
ip as-path access-list permit ^5_
Matches routes coming from a specific neighbor
Net A
• The last number in the AS path is
AS 1
the first prepended number.
• The originating AS is always
found as the last number in the AS 2
Net B
AS 3
Net C
AS path.
• Typically this is used for routing
policies. Net E
AS 4 Net D AS 5
• Example: A  AS 5
- AS 4 matches prefixes A  AS 2
originating in AS 1 from
any neighboring AS.
ip as-path access-list permit _1$
Matches routes coming from a specific AS

• A single AS number in an AS path Net A
denotes prefixes originating in the AS 1
neighboring autonomous system.
Net B Net C
AS 2 AS 3
Net E
AS 4 Net D AS 5
E  AS 5
ip as-path access-list permit ^5$
Matches a single AS number in the AS path (e.g. prefix originating in a

neighboring AS)
Cisco IOS/IOS XE Software Net A
AS 1
• The customer can signal
Prefix X; AS path: “2 5” Prefix X; AS path: “1 2 5”
a backup link using
AS path prepending.
• Alternatively, a specific AS 2 AS 3
(primary ISP) (backup ISP)
per neighbor regular
expression can be Prefix X; AS path: “5” Prefix X; AS path: “5 5 5 5”
used (e.g. “(5)(_5)*”). AS 5

(multihomed customer)
Net X Prefix X; AS path: “”
ip as-path access-list permit ^([0-9]+)(_\1)*$
Matches any single AS number
Matches any repeating of the AS number

Introducing Routing Protocol Tools

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introducing Routing Protocol Tools

Uploaded by

Copyright:

Available Formats

Routing Protocol Tools and Route Manipulation

Accept full Internet Forward only local

Accept only customer Prepend AS numbers to routes

Customer Customer Customer Customer

Incoming updates Outgoing updates

Incoming updates Outgoing updates

Local Preference: 100

- Other protocols Area X Area Y

▪ Route map or policy

▪ Route map or policy

ip prefix-list Host_Routes deny 0.0.0.0/0 ge 32

Not interested in any bit in the prefix

Prefix must be of length 32 (e.g. host route)

ip prefix-list Default_Route permit 0.0.0.0/0

Not interested in any bit in the prefix

Omitted operator implies “eq match-length” (e.g. “eq 0” in

ip prefix-list All_Prefixes permit 0.0a.0.0/0 le 32

Not interested in any bit in the prefix

Prefix can be of any length from 0 to 32 (e.g. any route)

ip prefix-list Small_Prefixes permit 0.0.0.0/0 ge 25

Not interested in any bit in the prefix

Prefix can be of any length from 25 to 32 (e.g. any prefix

ip prefix-list Core_Loopbacks permit 172.16.1.0/24 ge 32

Interested in the first 24 bits of the prefix

Prefix can be of length 32 only (e.g. host route)

ip prefix-list Private_Prefixes permit 10.0.0.0/8 le 32

Interested in the first 16 bits of the prefix

Prefix can be of any length (e.g. any subnet)

Prefix X; AS path: “321 11”

Prefix X; AS path: “123 321 11” Prefix X; AS path: “11”

ip as-path access-list permit .*

Matches any character (.) any number of times (*)

ip as-path access-list permit ^$

Matches an empty AS path attribute (e.g. no character from

ip as-path access-list permit ^5_

Matches routes coming from a specific neighbor

Matches routes coming from a specific AS

ip as-path access-list permit ^5$

Matches a single AS number in the AS path (e.g. prefix originating in a

used (e.g. “(5)(_5)*”). AS 5

ip as-path access-list permit ^([0-9]+)(_\1)*$

Matches any single AS number

Matches any repeating of the AS number

You might also like