Professional Documents
Culture Documents
d2 s1 BGP Routing Policies
d2 s1 BGP Routing Policies
1 v1.2
BGP Routing Policies
2 v1.2
Routing Policies
• Control how BGP prefixes are received, selected, or
advertised.
• Allow network operators to tailor routing decisions to meet
specific requirements and goals.
– Managing relationship between Autonomous Systems
• Transit Provider and Customer
• Peers
– Influencing traffic paths of specific prefixes
3 v1.2
Routing Policies
• Route filtering policies control which prefixes are advertised
to or received from BGP peers.
– Recommended to configure for all EBGP peers
• BGP implementation in most platforms will accept all received prefixes and
advertise the best paths when there is no route filter configured
4 v1.2
Policy Implementation
• Can be applied in either inbound or outbound direction.
• Inbound filters influence outbound traffic.
– Select prefixes to accept
• Unaccepted prefixes may be rejected or discarded
– Modify BGP Path Attributes of specific accepted prefixes
• Affects local router’s BGP best path selection
• Affects re-advertisement of the prefixes
5 v1.2
Policy Implementation
• Common methods to implement routing policies:
– Prefix Filters
• Match exact prefixes and their sub-prefixes
– AS Path Filters
• Match AS_PATH of the prefixes with regular expression
– Set BGP Path Attributes
– BGP Communities
• Requires careful planning and testing to avoid unintended
consequences.
• Failure to properly configure routing policies can cause network
instability or outages.
6 v1.2
Vendor Implementation
Address Cisco Juniper MikroTik
Method
Family IOS Junos OS RouterOS
7 v1.2
Vendor Implementation
• Cisco IOS
– BGP peer’s “soft-reconfiguration inbound” configuration
• Allows the router to store a copy of the received prefixes of that particular peer
before routing policies are applied
• Unaccepted prefixes and original BGP Path Attributes can be seen
• MikroTik RouterOS
– Route Filter’s “discard” and “reject” actions
• For inbound filters, “discard” means not accepting the prefixes at all, while “reject”
means accepting the prefixes but make them inactive
• For outbound filters, “discard” and “reject” are the same
8 v1.2
BGP Routing Policies
Prefix Filters
9 v1.2
Example: Prefix Filters (Cisco IOS)
• Configure routing policies for all
IPv4 Unicast EBGP peers. AS65000 AS65001
172.16.0.0/13 172.24.0.0/13
172.18.1.0/24 172.26.1.0/24
Node Role Peer Receives Advertises 172.16.0.1/32
Loopback0
172.24.0.1/32
Loopback0
! Create prefix list for outbound filter of IPv4 Unicast EBGP with AS65000
Administrator ip prefix-list EBGP-AS65000-IPV4-OUT seq 10 permit 10.0.0.0/8
ip prefix-list EBGP-AS65000-IPV4-OUT seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for inbound filter of IPv6 Unicast EBGP with AS65000
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 10 permit ::/0 le 48
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 1000 deny ::/0 le 128
! Create prefix list for outbound filter of IPv6 Unicast EBGP with AS65000
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 10 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 1000 deny ::/0 le 128
12 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R1’s configuration
! Apply prefix filters to respective BGP peer
router bgp 64512
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS65000-IPV4 prefix-list EBGP-AS65000-IPV4-IN in
neighbor EBGP-AS65000-IPV4 prefix-list EBGP-AS65000-IPV4-OUT out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65000-IPV6 prefix-list EBGP-AS65000-IPV6-IN in
neighbor EBGP-AS65000-IPV6 prefix-list EBGP-AS65000-IPV6-OUT out
exit-address-family
13 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R2’s configuration
! Create prefix list for inbound filter of IPv4 Unicast EBGP with AS65001
ip prefix-list EBGP-AS65001-IPV4-IN seq 10 permit 0.0.0.0/0 le 24
ip prefix-list EBGP-AS65001-IPV4-IN seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for outbound filter of IPv4 Unicast EBGP with AS65001
Administrator ip prefix-list EBGP-AS65001-IPV4-OUT seq 10 permit 10.0.0.0/8
ip prefix-list EBGP-AS65001-IPV4-OUT seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for inbound filter of IPv6 Unicast EBGP with AS65001
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 10 permit ::/0 le 48
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 1000 deny ::/0 le 128
! Create prefix list for outbound filter of IPv6 Unicast EBGP with AS65001
ipv6 prefix-list EBGP-AS65001-IPV6-OUT seq 10 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65001-IPV6-OUT seq 1000 deny ::/0 le 128
14 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R2’s configuration
! Apply prefix filters to respective BGP peer
router bgp 64512
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65001-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS65001-IPV4 prefix-list EBGP-AS65001-IPV4-IN in
neighbor EBGP-AS65001-IPV4 prefix-list EBGP-AS65001-IPV4-OUT out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65001-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65001-IPV6 prefix-list EBGP-AS65001-IPV6-IN in
neighbor EBGP-AS65001-IPV6 prefix-list EBGP-AS65001-IPV6-OUT out
exit-address-family
15 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R101’s configuration
! Create prefix list for inbound filter of IPv4 Unicast EBGP with AS64512
ip prefix-list EBGP-AS64512-IPV4-IN seq 10 permit 10.0.0.0/8
ip prefix-list EBGP-AS64512-IPV4-IN seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for outbound filter of IPv4 Unicast EBGP with AS64512
Administrator ip prefix-list EBGP-AS64512-IPV4-OUT seq 10 permit 0.0.0.0/0 le 24
ip prefix-list EBGP-AS64512-IPV4-OUT seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for inbound filter of IPv6 Unicast EBGP with AS64512
ipv6 prefix-list EBGP-AS64512-IPV6-IN seq 10 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS64512-IPV6-IN seq 1000 deny ::/0 le 128
! Create prefix list for outbound filter of IPv6 Unicast EBGP with AS64512
ipv6 prefix-list EBGP-AS64512-IPV6-OUT seq 10 permit ::/0 le 48
ipv6 prefix-list EBGP-AS64512-IPV6-OUT seq 1000 deny ::/0 le 128
16 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R101’s configuration
! Create prefix list for inbound filter of IPv4 Unicast EBGP with AS65001
ip prefix-list EBGP-AS65001-IPV4-IN seq 10 permit 172.24.0.0/13
ip prefix-list EBGP-AS65001-IPV4-IN seq 20 permit 10.0.0.0/8
ip prefix-list EBGP-AS65001-IPV4-IN seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for inbound filter of IPv6 Unicast EBGP with AS65001
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 10 permit 2406:6401::/32
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 20 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 1000 deny ::/0 le 128
! Create prefix list for outbound filter of IPv6 Unicast EBGP with AS65001
ipv6 prefix-list EBGP-AS65001-IPV6-OUT seq 10 permit 2406:6400::/32 le 64
ipv6 prefix-list EBGP-AS65001-IPV6-OUT seq 20 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65001-IPV6-OUT seq 1000 deny ::/0 le 128
17 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R101’s configuration
! Apply prefix filters to respective BGP peer
router bgp 65000
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS64512-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS64512-IPV4 prefix-list EBGP-AS64512-IPV4-IN in
neighbor EBGP-AS64512-IPV4 prefix-list EBGP-AS64512-IPV4-OUT out
! Keep a copy of original received prefixes
neighbor EBGP-AS65001-IPV4 soft-reconfiguration inbound
neighbor EBGP-AS65001-IPV4 prefix-list EBGP-AS65001-IPV4-IN in
neighbor EBGP-AS65001-IPV4 prefix-list EBGP-AS65001-IPV4-OUT out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS64512-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS64512-IPV6 prefix-list EBGP-AS64512-IPV6-IN in
neighbor EBGP-AS64512-IPV6 prefix-list EBGP-AS64512-IPV6-OUT out
! Keep a copy of original received prefixes
neighbor EBGP-AS65001-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65001-IPV6 prefix-list EBGP-AS65001-IPV6-IN in
neighbor EBGP-AS65001-IPV6 prefix-list EBGP-AS65001-IPV6-OUT out
exit-address-family
18 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R201’s configuration
! Create prefix list for inbound filter of IPv4 Unicast EBGP with AS64512
ip prefix-list EBGP-AS64512-IPV4-IN seq 10 permit 10.0.0.0/8
ip prefix-list EBGP-AS64512-IPV4-IN seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for outbound filter of IPv4 Unicast EBGP with AS64512
Administrator ip prefix-list EBGP-AS64512-IPV4-OUT seq 10 permit 0.0.0.0/0 le 24
ip prefix-list EBGP-AS64512-IPV4-OUT seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for inbound filter of IPv6 Unicast EBGP with AS64512
ipv6 prefix-list EBGP-AS64512-IPV6-IN seq 10 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS64512-IPV6-IN seq 1000 deny ::/0 le 128
! Create prefix list for outbound filter of IPv6 Unicast EBGP with AS64512
ipv6 prefix-list EBGP-AS64512-IPV6-OUT seq 10 permit ::/0 le 48
ipv6 prefix-list EBGP-AS64512-IPV6-OUT seq 1000 deny ::/0 le 128
19 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R201’s configuration
! Create prefix list for inbound filter of IPv4 Unicast EBGP with AS65000
ip prefix-list EBGP-AS65000-IPV4-IN seq 10 permit 172.16.0.0/13
ip prefix-list EBGP-AS65000-IPV4-IN seq 20 permit 10.0.0.0/8
ip prefix-list EBGP-AS65000-IPV4-IN seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for inbound filter of IPv6 Unicast EBGP with AS65000
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 10 permit 2406:6400::/32
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 20 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 1000 deny ::/0 le 128
! Create prefix list for outbound filter of IPv6 Unicast EBGP with AS65000
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 10 permit 2406:6401::/32 le 64
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 20 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 1000 deny ::/0 le 128
20 v1.2
Example: Prefix Filters (Cisco IOS)
Cisco IOS R201’s configuration
! Apply prefix filters to respective BGP peer
router bgp 65001
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS64512-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS64512-IPV4 prefix-list EBGP-AS64512-IPV4-IN in
neighbor EBGP-AS64512-IPV4 prefix-list EBGP-AS64512-IPV4-OUT out
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV4 soft-reconfiguration inbound
neighbor EBGP-AS65000-IPV4 prefix-list EBGP-AS65000-IPV4-IN in
neighbor EBGP-AS65000-IPV4 prefix-list EBGP-AS65000-IPV4-OUT out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS64512-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS64512-IPV6 prefix-list EBGP-AS64512-IPV6-IN in
neighbor EBGP-AS64512-IPV6 prefix-list EBGP-AS64512-IPV6-OUT out
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65000-IPV6 prefix-list EBGP-AS65000-IPV6-IN in
neighbor EBGP-AS65000-IPV6 prefix-list EBGP-AS65000-IPV6-OUT out
exit-address-family
21 v1.2
Example: Prefix Filters (Cisco IOS)
• Verification commands:
– Showing BGP peers
• show bgp ipv4 unicast summary
• show bgp ipv6 unicast summary
– Showing prefixes advertised to specific peer
• show bgp ipv4 unicast neighbors [peer-address] advertised-routes
• show bgp ipv6 unicast neighbors [peer-address] advertised-routes
– Showing accepted prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] routes
• show bgp ipv6 unicast neighbors [peer-address] routes
– Showing original prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] received-routes
• show bgp ipv6 unicast neighbors [peer-address] received-routes
22 v1.2
Example: Prefix Filters (Cisco IOS)
• Verification commands:
– Showing BGP table
• show bgp ipv4 unicast
• show bgp ipv6 unicast
– Showing detail information of specific prefix
• show bgp ipv4 unicast [prefix]/[len]
• show bgp ipv6 unicast [prefix]/[len]
23 v1.2
Example: Prefix Filters (Juniper Junos OS)
• Configure routing policies for all
IPv4 Unicast EBGP peers. AS65000 AS65001
172.16.0.0/13 172.24.0.0/13
172.18.1.0/24 172.26.1.0/24
Node Role Peer Receives Advertises 172.16.0.1/32
lo0
172.24.0.1/32
lo0
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV6-IN
set term 10 from route-filter ::/0 upto /48
set term 10 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV6-OUT
set term 10 from route-filter 2001:DB8::/32 exact
set term 10 then accept
set term 1000 then reject
26 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R1’s configuration
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS65000-IPV4 import EBGP-AS65000-IPV4-IN export EBGP-AS65000-IPV4-OUT
set group EBGP-AS65000-IPV6 import EBGP-AS65000-IPV6-IN export EBGP-AS65000-IPV6-OUT
Administrator
27 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R2’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV4-IN
set term 10 from route-filter 0.0.0.0/0 upto /24
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV4-OUT
set term 10 from route-filter 10.0.0.0/8 exact
set term 10 then accept
set term 1000 then reject
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV6-IN
set term 10 from route-filter ::/0 upto /48
set term 10 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV6-OUT
set term 10 from route-filter 2001:DB8::/32 exact
set term 10 then accept
set term 1000 then reject
28 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R2’s configuration
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS65001-IPV4 import EBGP-AS65001-IPV4-IN export EBGP-AS65001-IPV4-OUT
set group EBGP-AS65001-IPV6 import EBGP-AS65001-IPV6-IN export EBGP-AS65001-IPV6-OUT
Administrator
29 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS64512
top edit policy-options policy-statement EBGP-AS64512-IPV4-IN
set term 10 from route-filter 10.0.0.0/8 exact
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS64512
top delete policy-options policy-statement EBGP-AS64512-IPV4-OUT
top edit policy-options policy-statement EBGP-AS64512-IPV4-OUT
set term 10 from route-filter 0.0.0.0/0 upto /24
set term 10 then accept
set term 1000 then reject
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS64512
top edit policy-options policy-statement EBGP-AS64512-IPV6-IN
set term 10 from route-filter 2001:DB8::/32 exact
set term 10 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS64512
top delete policy-options policy-statement EBGP-AS64512-IPV6-OUT
top edit policy-options policy-statement EBGP-AS64512-IPV6-OUT
set term 10 from route-filter ::/0 upto /48
set term 10 then accept
set term 1000 then reject
30 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV4-IN
set term 10 from route-filter 172.24.0.0/13 exact
set term 10 then accept
set term 20 from route-filter 10.0.0.0/8 exact
Administrator set term 20 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV4-OUT
set term 10 from route-filter 172.16.0.0/13 upto /24
set term 10 then accept
set term 20 from route-filter 10.0.0.0/8 exact
set term 20 then accept
set term 1000 then reject
31 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV6-IN
set term 10 from route-filter 2406:6401::/32 exact
set term 10 then accept
set term 20 from route-filter 2001:DB8::/32 exact
Administrator set term 20 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV6-OUT
set term 10 from route-filter 2406:6400::/32 upto /64
set term 10 then accept
set term 20 from route-filter 2001:DB8::/32 exact
set term 20 then accept
set term 1000 then reject
32 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS64512-IPV4 import EBGP-AS64512-IPV4-IN export EBGP-AS64512-IPV4-OUT
set group EBGP-AS64512-IPV6 import EBGP-AS64512-IPV6-IN export EBGP-AS64512-IPV6-OUT
set group EBGP-AS65001-IPV4 import EBGP-AS65001-IPV4-IN export EBGP-AS65001-IPV4-OUT
Administrator set group EBGP-AS65001-IPV6 import EBGP-AS65001-IPV6-IN export EBGP-AS65001-IPV6-OUT
33 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS64512
top edit policy-options policy-statement EBGP-AS64512-IPV4-IN
set term 10 from route-filter 10.0.0.0/8 exact
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS64512
top delete policy-options policy-statement EBGP-AS64512-IPV4-OUT
top edit policy-options policy-statement EBGP-AS64512-IPV4-OUT
set term 10 from route-filter 0.0.0.0/0 upto /24
set term 10 then accept
set term 1000 then reject
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS64512
top edit policy-options policy-statement EBGP-AS64512-IPV6-IN
set term 10 from route-filter 2001:DB8::/32 exact
set term 10 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS64512
top delete policy-options policy-statement EBGP-AS64512-IPV6-OUT
top edit policy-options policy-statement EBGP-AS64512-IPV6-OUT
set term 10 from route-filter ::/0 upto /48
set term 10 then accept
set term 1000 then reject
34 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV4-IN
set term 10 from route-filter 172.16.0.0/13 exact
set term 10 then accept
set term 20 from route-filter 10.0.0.0/8 exact
Administrator set term 20 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV4-OUT
set term 10 from route-filter 172.24.0.0/13 upto /24
set term 10 then accept
set term 20 from route-filter 10.0.0.0/8 exact
set term 20 then accept
set term 1000 then reject
35 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV6-IN
set term 10 from route-filter 2406:6400::/32 exact
set term 10 then accept
set term 20 from route-filter 2001:DB8::/32 exact
Administrator set term 20 then accept
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV6-OUT
set term 10 from route-filter 2406:6401::/32 upto /64
set term 10 then accept
set term 20 from route-filter 2001:DB8::/32 exact
set term 20 then accept
set term 1000 then reject
36 v1.2
Example: Prefix Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS64512-IPV4 import EBGP-AS64512-IPV4-IN export EBGP-AS64512-IPV4-OUT
set group EBGP-AS64512-IPV6 import EBGP-AS64512-IPV6-IN export EBGP-AS64512-IPV6-OUT
set group EBGP-AS65000-IPV4 import EBGP-AS65000-IPV4-IN export EBGP-AS65000-IPV4-OUT
Administrator set group EBGP-AS65000-IPV6 import EBGP-AS65000-IPV6-IN export EBGP-AS65000-IPV6-OUT
37 v1.2
Example: Prefix Filters (Juniper Junos OS)
• Verification commands:
– Showing BGP peers
• show bgp summary
– Showing prefixes advertised to specific peer
• show route table inet.0 advertising-protocol bgp [peer-address]
• show route table inet6.0 advertising-protocol bgp [peer-address]
– Showing accepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address]
• show route table inet6.0 receive-protocol bgp [peer-address]
– Showing unaccepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address] hidden
• show route table inet6.0 receive-protocol bgp [peer-address] hidden
38 v1.2
Example: Prefix Filters (Juniper Junos OS)
• Verification commands:
– Showing BGP routes in routing table
• show route table inet.0 protocol bgp
• show route table inet6.0 protocol bgp
– Showing detail information of specific route (accepted)
• show route table inet.0 [prefix]/[len] exact detail
• show route table inet6.0 [prefix]/[len] exact detail
– Showing detail information of specific route (unaccepted)
• show route table inet.0 [prefix]/[len] exact detail hidden
• show route table inet6.0 [prefix]/[len] exact detail hidden
39 v1.2
Example: Prefix Filters (MikroTik RouterOS)
• Configure routing policies for all
IPv4 Unicast EBGP peers. AS65000 AS65001
172.16.0.0/13 172.24.0.0/13
172.18.1.0/24 172.26.1.0/24
Node Role Peer Receives Advertises 172.16.0.1/32
BR-LOOPBACK
172.24.0.1/32
BR-LOOPBACK
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-OUT prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65000-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-IN prefix=::/0 prefix-length=0-48 action=accept
add chain=EBGP-AS65000-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-OUT prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS65000-IPV6-OUT action=reject
42 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R2’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-IN prefix=0.0.0.0/0 prefix-length=0-24 action=accept
add chain=EBGP-AS65001-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-OUT prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65001-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-IN prefix=::/0 prefix-length=0-48 action=accept
add chain=EBGP-AS65001-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-OUT prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS65001-IPV6-OUT action=reject
43 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R101’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV4-IN prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS64512-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV4-OUT prefix=0.0.0.0/0 prefix-length=0-24 action=accept
add chain=EBGP-AS64512-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-IN prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS64512-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-OUT prefix=::/0 prefix-length=0-48 action=accept
add chain=EBGP-AS64512-IPV6-OUT action=reject
44 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R101’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-IN prefix=172.24.0.0/13 action=accept
add chain=EBGP-AS65001-IPV4-IN prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65001-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-OUT prefix=172.16.0.0/13 prefix-length=13-24 action=accept
add chain=EBGP-AS65001-IPV4-OUT prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65001-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-IN prefix=2406:6401::/32 action=accept
add chain=EBGP-AS65001-IPV6-IN prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS65001-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-OUT prefix=2406:6400::/32 prefix-length=32-64 \
action=accept
add chain=EBGP-AS65001-IPV6-OUT prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS65001-IPV6-OUT action=reject
45 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R101’s configuration
# Apply route filters to respective BGP peer
/routing bgp peer
set EBGP-AS64512-IPV4 in-filter=EBGP-AS64512-IPV4-IN out-filter=EBGP-AS64512-IPV4-OUT
set EBGP-AS64512-IPV6 in-filter=EBGP-AS64512-IPV6-IN out-filter=EBGP-AS64512-IPV6-OUT
set EBGP-AS65001-IPV4 in-filter=EBGP-AS65001-IPV4-IN out-filter=EBGP-AS65001-IPV4-OUT
Administrator set EBGP-AS65001-IPV6 in-filter=EBGP-AS65001-IPV6-IN out-filter=EBGP-AS65001-IPV6-OUT
46 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R201’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV4-IN prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS64512-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV4-OUT prefix=0.0.0.0/0 prefix-length=0-24 action=accept
add chain=EBGP-AS64512-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-IN prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS64512-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-OUT prefix=::/0 prefix-length=0-48 action=accept
add chain=EBGP-AS64512-IPV6-OUT action=reject
47 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R201’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-IN prefix=172.16.0.0/13 action=accept
add chain=EBGP-AS65000-IPV4-IN prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65000-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-OUT prefix=172.24.0.0/13 prefix-length=13-24 action=accept
add chain=EBGP-AS65000-IPV4-OUT prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65000-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-IN prefix=2406:6400::/32 action=accept
add chain=EBGP-AS65000-IPV6-IN prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS65000-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-OUT prefix=2406:6401::/32 prefix-length=32-64 \
action=accept
add chain=EBGP-AS65000-IPV6-OUT prefix=2001:DB8::/32 action=accept
add chain=EBGP-AS65000-IPV6-OUT action=reject
48 v1.2
Example: Prefix Filters (MikroTik RouterOS)
MikroTik RouterOS R201’s configuration
# Apply route filters to respective BGP peer
/routing bgp peer
set EBGP-AS64512-IPV4 in-filter=EBGP-AS64512-IPV4-IN out-filter=EBGP-AS64512-IPV4-OUT
set EBGP-AS64512-IPV6 in-filter=EBGP-AS64512-IPV6-IN out-filter=EBGP-AS64512-IPV6-OUT
set EBGP-AS65000-IPV4 in-filter=EBGP-AS65000-IPV4-IN out-filter=EBGP-AS65000-IPV4-OUT
Administrator set EBGP-AS65000-IPV6 in-filter=EBGP-AS65000-IPV6-IN out-filter=EBGP-AS65000-IPV6-OUT
49 v1.2
Example: Prefix Filters (MikroTik RouterOS)
• Verification commands:
– Showing BGP peers
• /routing bgp peer print status where address-families=ip
• /routing bgp peer print status where address-families=ipv6
– Showing prefixes advertised to specific peer
• /routing bgp advertise print [peer-name] detail
– Showing prefixes received from specific peer
• /ip route print detail where bgp received-from=[peer-name]
• /ipv6 route print detail where bgp received-from=[peer-name]
50 v1.2
Example: Prefix Filters (MikroTik RouterOS)
• Verification commands:
– Showing BGP routes in routing table
• /ip route print where bgp
• /ipv6 route print where bgp
– Showing detail information of specific route
• /ip route print detail where dst-address=[prefix]/[len]
• /ipv6 route print detail where dst-address=[prefix]/[len]
51 v1.2
BGP Routing Policies
AS Path Filters
52 v1.2
Example: AS Path Filters (Cisco IOS)
• Configure routing policies for AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
.2 10.0.0.1/32
2406:6401:4::/127
.2 10.0.0.2/32
2001:DB8::1/128 2001:DB8::2/128
– AS65000 and AS65001 accept only
::1 ::1
Loopback0 Loopback0
.1 10.1.0.0/30 .2
! Create AS Path access list for outbound filter of IPv4 Unicast EBGP with AS65001
Administrator ip as-path access-list 102 permit ^$
ip as-path access-list 102 permit ^64512(_64512)*$
ip as-path access-list 102 deny .*
! Create AS Path access list for inbound filter of IPv6 Unicast EBGP with AS65001
ip as-path access-list 201 permit ^65001(_65001)*$
ip as-path access-list 201 deny .*
! Create AS Path access list for outbound filter of IPv6 Unicast EBGP with AS65001
ip as-path access-list 202 permit ^$
ip as-path access-list 202 permit ^64512(_64512)*$
ip as-path access-list 202 deny .*
54 v1.2
Example: AS Path Filters (Cisco IOS)
Cisco IOS R101’s configuration
! Apply AS Path filters to respective BGP peer
router bgp 65000
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65001-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS65001-IPV4 filter-list 101 in
neighbor EBGP-AS65001-IPV4 filter-list 102 out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65001-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65001-IPV6 filter-list 201 in
neighbor EBGP-AS65001-IPV6 filter-list 202 out
exit-address-family
55 v1.2
Example: AS Path Filters (Cisco IOS)
Cisco IOS R201’s configuration
! Create AS Path access list for inbound filter of IPv4 Unicast EBGP with AS65000
ip as-path access-list 101 permit ^65000(_65000)*$
ip as-path access-list 101 deny .*
! Create AS Path access list for outbound filter of IPv4 Unicast EBGP with AS65000
Administrator ip as-path access-list 102 permit ^$
ip as-path access-list 102 permit ^64512(_64512)*$
ip as-path access-list 102 deny .*
! Create AS Path access list for inbound filter of IPv6 Unicast EBGP with AS65000
ip as-path access-list 201 permit ^65000(_65000)*$
ip as-path access-list 201 deny .*
! Create AS Path access list for outbound filter of IPv6 Unicast EBGP with AS65000
ip as-path access-list 202 permit ^$
ip as-path access-list 202 permit ^64512(_64512)*$
ip as-path access-list 202 deny .*
56 v1.2
Example: AS Path Filters (Cisco IOS)
Cisco IOS R201’s configuration
! Apply AS Path filters to respective BGP peer
router bgp 65001
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS65000-IPV4 filter-list 101 in
neighbor EBGP-AS65000-IPV4 filter-list 102 out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65000-IPV6 filter-list 201 in
neighbor EBGP-AS65000-IPV6 filter-list 202 out
exit-address-family
57 v1.2
Example: AS Path Filters (Cisco IOS)
• Verification commands:
– Showing BGP peers
• show bgp ipv4 unicast summary
• show bgp ipv6 unicast summary
– Showing prefixes advertised to specific peer
• show bgp ipv4 unicast neighbors [peer-address] advertised-routes
• show bgp ipv6 unicast neighbors [peer-address] advertised-routes
– Showing accepted prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] routes
• show bgp ipv6 unicast neighbors [peer-address] routes
– Showing original prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] received-routes
• show bgp ipv6 unicast neighbors [peer-address] received-routes
58 v1.2
Example: AS Path Filters (Cisco IOS)
• Verification commands:
– Showing BGP table
• show bgp ipv4 unicast
• show bgp ipv6 unicast
– Showing detail information of specific prefix
• show bgp ipv4 unicast [prefix]/[len]
• show bgp ipv6 unicast [prefix]/[len]
59 v1.2
Example: AS Path Filters (Juniper Junos OS)
• Configure routing policies for AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
.2 10.0.0.1/32
2406:6401:4::/127
.2 10.0.0.2/32
2001:DB8::1/128 2001:DB8::2/128
– AS65000 and AS65001 accept only
::1 ::1
lo0 lo0
.1 10.1.0.0/30 .2
61 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV4-IN
set term 10 from as-path-group AS65001-IPV4
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV4-OUT
set term 10 from prefix-list LOCAL-IPV4
set term 10 then accept
set term 20 from protocol bgp as-path-group LOCAL-IPV4
set term 20 then accept
set term 30 from protocol bgp as-path-group CUSTOMER-IPV4
set term 30 then accept
set term 1000 then reject
62 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV6-IN
set term 10 from as-path-group AS65001-IPV6
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV6-OUT
set term 10 from prefix-list LOCAL-IPV6
set term 10 then accept
set term 20 from protocol bgp as-path-group LOCAL-IPV6
set term 20 then accept
set term 30 from protocol bgp as-path-group CUSTOMER-IPV6
set term 30 then accept
set term 1000 then reject
63 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R101’s configuration
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS65001-IPV4 import EBGP-AS65001-IPV4-IN export EBGP-AS65001-IPV4-OUT
set group EBGP-AS65001-IPV6 import EBGP-AS65001-IPV6-IN export EBGP-AS65001-IPV6-OUT
Administrator
64 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Create AS Path group for AS65000’s IPv4 Unicast paths
top edit policy-options as-path-group AS65000-IPV4
set as-path 10 "^65000(65000)*$"
65 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV4-IN
set term 10 from as-path-group AS65000-IPV4
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV4-OUT
set term 10 from prefix-list LOCAL-IPV4
set term 10 then accept
set term 20 from protocol bgp as-path-group LOCAL-IPV4
set term 20 then accept
set term 30 from protocol bgp as-path-group CUSTOMER-IPV4
set term 30 then accept
set term 1000 then reject
66 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV6-IN
set term 10 from as-path-group AS65000-IPV6
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV6-OUT
set term 10 from prefix-list LOCAL-IPV6
set term 10 then accept
set term 20 from protocol bgp as-path-group LOCAL-IPV6
set term 20 then accept
set term 30 from protocol bgp as-path-group CUSTOMER-IPV6
set term 30 then accept
set term 1000 then reject
67 v1.2
Example: AS Path Filters (Juniper Junos OS)
Juniper Junos OS R201’s configuration
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS65000-IPV4 import EBGP-AS65000-IPV4-IN export EBGP-AS65000-IPV4-OUT
set group EBGP-AS65000-IPV6 import EBGP-AS65000-IPV6-IN export EBGP-AS65000-IPV6-OUT
Administrator
68 v1.2
Example: AS Path Filters (Juniper Junos OS)
• Verification commands:
– Showing BGP peers
• show bgp summary
– Showing prefixes advertised to specific peer
• show route table inet.0 advertising-protocol bgp [peer-address]
• show route table inet6.0 advertising-protocol bgp [peer-address]
– Showing accepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address]
• show route table inet6.0 receive-protocol bgp [peer-address]
– Showing unaccepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address] hidden
• show route table inet6.0 receive-protocol bgp [peer-address] hidden
69 v1.2
Example: AS Path Filters (Juniper Junos OS)
• Verification commands:
– Showing BGP routes in routing table
• show route table inet.0 protocol bgp
• show route table inet6.0 protocol bgp
– Showing detail information of specific route (accepted)
• show route table inet.0 [prefix]/[len] exact detail
• show route table inet6.0 [prefix]/[len] exact detail
– Showing detail information of specific route (unaccepted)
• show route table inet.0 [prefix]/[len] exact detail hidden
• show route table inet6.0 [prefix]/[len] exact detail hidden
70 v1.2
Example: AS Path Filters (MikroTik RouterOS)
• Configure routing policies for AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
.2 10.0.0.1/32
2406:6401:4::/126
.2 10.0.0.2/32
2001:DB8::1/128 2001:DB8::2/128
– AS65000 and AS65001 accept only
::2 ::2
BR-LOOPBACK BR-LOOPBACK
.1 10.1.0.0/30 .2
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-OUT bgp-as-path="^\$" action=accept
add chain=EBGP-AS65001-IPV4-OUT bgp-as-path="^64512(_64512)*\$" action=accept
add chain=EBGP-AS65001-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-IN bgp-as-path="^65001(_65001)*\$" action=accept
add chain=EBGP-AS65001-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-OUT bgp-as-path="^\$" action=accept
add chain=EBGP-AS65001-IPV6-OUT bgp-as-path="^64512(_64512)*\$" action=accept
add chain=EBGP-AS65001-IPV6-OUT action=reject
72 v1.2
Example: AS Path Filters (MikroTik RouterOS)
MikroTik RouterOS R101’s configuration
# Apply route filters to respective BGP peer
/routing bgp peer
set EBGP-AS65001-IPV4 in-filter=EBGP-AS65001-IPV4-IN out-filter=EBGP-AS65001-IPV4-OUT
set EBGP-AS65001-IPV6 in-filter=EBGP-AS65001-IPV6-IN out-filter=EBGP-AS65001-IPV6-OUT
Administrator
73 v1.2
Example: AS Path Filters (MikroTik RouterOS)
MikroTik RouterOS R201’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-IN bgp-as-path="^65000(_65000)*\$" action=accept
add chain=EBGP-AS65000-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-OUT bgp-as-path="^\$" action=accept
add chain=EBGP-AS65000-IPV4-OUT bgp-as-path="^64512(_64512)*\$" action=accept
add chain=EBGP-AS65000-IPV4-OUT action=reject
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-IN bgp-as-path="^65000(_65000)*\$" action=accept
add chain=EBGP-AS65000-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-OUT bgp-as-path="^\$" action=accept
add chain=EBGP-AS65000-IPV6-OUT bgp-as-path="^64512(_64512)*\$" action=accept
add chain=EBGP-AS65000-IPV6-OUT action=reject
74 v1.2
Example: AS Path Filters (MikroTik RouterOS)
MikroTik RouterOS R201’s configuration
# Apply route filters to respective BGP peer
/routing bgp peer
set EBGP-AS65000-IPV4 in-filter=EBGP-AS65000-IPV4-IN out-filter=EBGP-AS65000-IPV4-OUT
set EBGP-AS65000-IPV6 in-filter=EBGP-AS65000-IPV6-IN out-filter=EBGP-AS65000-IPV6-OUT
Administrator
75 v1.2
Example: AS Path Filters (MikroTik RouterOS)
• Verification commands:
– Showing BGP peers
• /routing bgp peer print status where address-families=ip
• /routing bgp peer print status where address-families=ipv6
– Showing prefixes advertised to specific peer
• /routing bgp advertise print [peer-name] detail
– Showing prefixes received from specific peer
• /ip route print detail where bgp received-from=[peer-name]
• /ipv6 route print detail where bgp received-from=[peer-name]
76 v1.2
Example: AS Path Filters (MikroTik RouterOS)
• Verification commands:
– Showing BGP routes in routing table
• /ip route print where bgp
• /ipv6 route print where bgp
– Showing detail information of specific route
• /ip route print detail where dst-address=[prefix]/[len]
• /ipv6 route print detail where dst-address=[prefix]/[len]
77 v1.2
BGP Routing Policies
78 v1.2
Example: Set BGP Path Attributes (Cisco IOS)
• Configure routing policies in R1 AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
– AS64512 .5
Loopback0
172.20.0.4/30. .6
Loopback0
10.2.1.0/24
AS64512 10.2.2.0/24
2001:DB8:2:1::/64 10.0.0.0/8 2001:DB8:2:2::/64
2001:DB8::/32
Based on example scenarios:
BGP IPv4 Unicast + BGP IPv6 Unicast
79 v1.2
Example: Set BGP Path Attributes (Cisco IOS)
Cisco IOS R1’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV4-IN permit 10
set local-preference 90
! Create route map for outbound filter of IPv4 Unicast EBGP with AS65000
Administrator route-map EBGP-AS65000-IPV4-OUT permit 10
set as-path prepend 64512 64512
! Create route map for inbound filter of IPv6 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV6-IN permit 10
set local-preference 90
! Create route map for outbound filter of IPv6 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV6-OUT permit 10
set as-path prepend 64512 64512
80 v1.2
Example: Set BGP Path Attributes (Cisco IOS)
Cisco IOS R1’s configuration
! Apply AS Path filters to respective BGP peer
router bgp 64512
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS65000-IPV4 route-map EBGP-AS65000-IPV4-IN in
neighbor EBGP-AS65000-IPV4 route-map EBGP-AS65000-IPV4-OUT out
exit-address-family
!
address-family ipv6 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV6 soft-reconfiguration inbound
neighbor EBGP-AS65000-IPV6 route-map EBGP-AS65000-IPV6-IN in
neighbor EBGP-AS65000-IPV6 route-map EBGP-AS65000-IPV6-OUT out
exit-address-family
81 v1.2
Example: Set BGP Path Attributes (Cisco IOS)
• Verification commands:
– Showing BGP peers
• show bgp ipv4 unicast summary
• show bgp ipv6 unicast summary
– Showing prefixes advertised to specific peer
• show bgp ipv4 unicast neighbors [peer-address] advertised-routes
• show bgp ipv6 unicast neighbors [peer-address] advertised-routes
– Showing accepted prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] routes
• show bgp ipv6 unicast neighbors [peer-address] routes
– Showing original prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] received-routes
• show bgp ipv6 unicast neighbors [peer-address] received-routes
82 v1.2
Example: Set BGP Path Attributes (Cisco IOS)
• Verification commands:
– Showing BGP table
• show bgp ipv4 unicast
• show bgp ipv6 unicast
– Showing detail information of specific prefix
• show bgp ipv4 unicast [prefix]/[len]
• show bgp ipv6 unicast [prefix]/[len]
– Tracing route to specific destination
• traceroute [destination-address]
• traceroute [destination-address] source [source-address]
83 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
• Configure routing policies in R1 AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
– AS64512 .5
lo0
172.20.0.4/30. .6
lo0
10.2.1.0/24
AS64512 10.2.2.0/24
2001:DB8:2:1::/64 10.0.0.0/8 2001:DB8:2:2::/64
2001:DB8::/32
Based on example scenarios:
BGP IPv4 Unicast + BGP IPv6 Unicast
84 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV4-OUT
set term 10 from prefix-list LOCAL-IPV4
set term 10 then accept as-path-prepend "64512 64512"
set term 20 from protocol bgp
set term 20 then accept as-path-prepend "64512 64512"
set term 1000 then reject
85 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
Administrator # Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV6-OUT
set term 10 from prefix-list LOCAL-IPV6
set term 10 then accept as-path-prepend "64512 64512"
set term 20 from protocol bgp
set term 20 then accept as-path-prepend "64512 64512"
set term 1000 then reject
86 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
Administrator
87 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
• Verification commands:
– Showing BGP peers
• show bgp summary
– Showing prefixes advertised to specific peer
• show route table inet.0 advertising-protocol bgp [peer-address]
• show route table inet6.0 advertising-protocol bgp [peer-address]
– Showing accepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address]
• show route table inet6.0 receive-protocol bgp [peer-address]
– Showing unaccepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address] hidden
• show route table inet6.0 receive-protocol bgp [peer-address] hidden
88 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
• Verification commands:
– Showing BGP routes in routing table
• show route table inet.0 protocol bgp
• show route table inet6.0 protocol bgp
– Showing detail information of specific route (accepted)
• show route table inet.0 [prefix]/[len] exact detail
• show route table inet6.0 [prefix]/[len] exact detail
– Showing detail information of specific route (unaccepted)
• show route table inet.0 [prefix]/[len] exact detail hidden
• show route table inet6.0 [prefix]/[len] exact detail hidden
– Tracing route to specific destination
• traceroute [destination-address]
• traceroute [destination-address] source [source-address]
89 v1.2
Example: Set BGP Path Attributes (MikroTik RouterOS)
• Configure routing policies in R1 AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
– AS64512 .5
BR-LOOPBACK
172.20.0.4/30. .6
BR-LOOPBACK
10.2.1.0/24
AS64512 10.2.2.0/24
2001:DB8:2:1::/64 10.0.0.0/8 2001:DB8:2:2::/64
2001:DB8::/32
Based on example scenarios:
BGP IPv4 Unicast + BGP IPv6 Unicast
90 v1.2
Example: Set BGP Path Attributes (MikroTik RouterOS)
# Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65000
Administrator /routing filter
add chain=EBGP-AS65000-IPV4-OUT action=accept set-bgp-prepend=3
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-IN action=accept set-bgp-local-pref=90
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-OUT action=accept set-bgp-prepend=3
91 v1.2
Example: Set BGP Path Attributes (MikroTik RouterOS)
• Verification commands:
– Showing BGP peers
• /routing bgp peer print status where address-families=ip
• /routing bgp peer print status where address-families=ipv6
– Showing prefixes advertised to specific peer
• /routing bgp advertise print [peer-name] detail
– Showing prefixes received from specific peer
• /ip route print detail where bgp received-from=[peer-name]
• /ipv6 route print detail where bgp received-from=[peer-name]
92 v1.2
Example: Set BGP Path Attributes (MikroTik RouterOS)
• Verification commands:
– Showing BGP routes in routing table
• /ip route print where bgp
• /ipv6 route print where bgp
– Showing detail information of specific route
• /ip route print detail where dst-address=[prefix]/[len]
• /ipv6 route print detail where dst-address=[prefix]/[len]
– Tracing route to specific destination
• /tool traceroute [destination-address] count=5
• /tool traceroute [destination-address] src-address=[source-address] count=5
93 v1.2
BGP Routing Policies
BGP Communities
94 v1.2
Example: BGP Communities (Cisco IOS)
• BGP Communities definition: AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
2406:6400::/32 2406:6401::/32
Value Description 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
<asn>:0 Locally originated prefixes 2406:6400::1/128 2406:6401::1/128
Loopback0 Loopback0
.5 172.20.0.4/30. .6
<asn>:100 Customer prefixes ::0 2406:6400:4:1::/127 ::1
R101 R201
<asn>:200 Prefixes from private peering or Internet eXchange (IX) EBGP
.1 .1
<asn>:300 Internet prefixes from upstream provider ::0 ::0
172.20.0.0/30 172.28.0.0/30
10.0.0.1/32
2406:6401:4::/127 EBGP
10.0.0.2/32
with “<asn>:0”.
.2 .2
::1 2001:DB8::1/128 ::1 2001:DB8::2/128
Loopback0 Loopback0
.1 10.1.0.0/30 .2
::0 2001:DB8:1::/127 ::1
96 v1.2
Example: BGP Communities (Cisco IOS)
• AS65000’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65000:100
2001:DB8::/32
In
Reject
65000:0 Accept
Provider R1
65000:100 Accept
Out
65000:200 Accept
Reject
R101
172.24.0.0/13 ^65001(_65001)*$ Accept and tag 65000:200
2406:6401::/32 ^65001(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R201
65000:0 Accept
Reject
97 v1.2
Example: BGP Communities (Cisco IOS)
• AS65001’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65001:100
2001:DB8::/32
In
Reject
65001:0 Accept
Provider R2
65001:100 Accept
Out
65001:200 Accept
Reject
R201
172.16.0.0/13 ^65000(_65000)*$ Accept and tag 65001:200
2406:6400::/32 ^65000(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R101
65001:0 Accept
Reject
98 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R1’s configuration
! BGP Communities definition (new format)
ip bgp-community new-format
ip community-list standard LOCAL permit 64512:0
ip community-list standard CUSTOMER permit 64512:100
ip community-list standard PEER permit 64512:200
Administrator ip community-list standard TRANSIT permit 64512:300
99 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R1’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV4-IN permit 10
match ip address prefix-list AS65000-IPV4
set community 64512:300 additive
!
Administrator route-map EBGP-AS65000-IPV4-IN deny 1000
! Create route map for outbound filter of IPv4 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV4-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65000-IPV4-OUT deny 1000
! Create route map for inbound filter of IPv6 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV6-IN permit 10
match ipv6 address prefix-list AS65000-IPV6
set community 64512:300 additive
!
route-map EBGP-AS65000-IPV6-IN deny 1000
! Create route map for outbound filter of IPv6 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV6-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65000-IPV6-OUT deny 1000
100 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R1’s configuration
! Create route map for tagging BGP Communities on locally originated prefixes
route-map SET-COMM-LOCAL permit 10
set community 64512:0
101 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R2’s configuration
! BGP Communities definition (new format)
ip bgp-community new-format
ip community-list standard LOCAL permit 64512:0
ip community-list standard CUSTOMER permit 64512:100
ip community-list standard PEER permit 64512:200
Administrator ip community-list standard TRANSIT permit 64512:300
102 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R2’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV4-IN permit 10
match ip address prefix-list AS65001-IPV4
set community 64512:300 additive
!
Administrator route-map EBGP-AS65001-IPV4-IN deny 1000
! Create route map for outbound filter of IPv4 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV4-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65001-IPV4-OUT deny 1000
! Create route map for inbound filter of IPv6 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV6-IN permit 10
match ipv6 address prefix-list AS65001-IPV6
set community 64512:300 additive
!
route-map EBGP-AS65001-IPV6-IN deny 1000
! Create route map for outbound filter of IPv6 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV6-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65001-IPV6-OUT deny 1000
103 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R2’s configuration
! Create route map for tagging BGP Communities on locally originated prefixes
route-map SET-COMM-LOCAL permit 10
set community 64512:0
104 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! BGP Communities definition (new format)
ip bgp-community new-format
ip community-list standard LOCAL permit 65000:0
ip community-list standard CUSTOMER permit 65000:100
ip community-list standard PEER permit 65000:200
Administrator ip community-list standard TRANSIT permit 65000:300
105 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! Create AS Path access list for AS64512’s IPv4 Unicast paths
ip as-path access-list 101 permit ^64512(_64512)*$
ip as-path access-list 101 deny .*
106 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV4-IN permit 10
match ip address prefix-list AS64512-IPV4
match as-path 101
set community 65000:100 additive
Administrator !
route-map EBGP-AS64512-IPV4-IN deny 1000
! Create route map for outbound filter of IPv4 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV4-OUT permit 10
match community LOCAL
!
route-map EBGP-AS64512-IPV4-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS64512-IPV4-OUT permit 30
match community PEER
!
route-map EBGP-AS64512-IPV4-OUT deny 1000
107 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! Create route map for inbound filter of IPv6 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV6-IN permit 10
match ipv6 address prefix-list AS64512-IPV6
match as-path 101
set community 65000:100 additive
Administrator !
route-map EBGP-AS64512-IPV6-IN deny 1000
! Create route map for outbound filter of IPv6 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV6-OUT permit 10
match community LOCAL
!
route-map EBGP-AS64512-IPV6-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS64512-IPV6-OUT permit 30
match community PEER
!
route-map EBGP-AS64512-IPV6-OUT deny 1000
108 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV4-IN permit 10
match ip address prefix-list AS65001-IPV4
match as-path 102
set community 65000:200 additive
Administrator !
route-map EBGP-AS65001-IPV4-IN deny 1000
! Create route map for outbound filter of IPv4 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV4-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65001-IPV4-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS65001-IPV4-OUT deny 1000
109 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! Create route map for inbound filter of IPv6 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV6-IN permit 10
match ipv6 address prefix-list AS65001-IPV6
match as-path 102
set community 65000:200 additive
Administrator !
route-map EBGP-AS65001-IPV6-IN deny 1000
! Create route map for outbound filter of IPv6 Unicast EBGP with AS65001
route-map EBGP-AS65001-IPV6-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65001-IPV6-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS65001-IPV6-OUT deny 1000
110 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
! Create route map for tagging BGP Communities on locally originated prefixes
route-map SET-COMM-LOCAL permit 10
set community 65000:0
111 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R101’s configuration
-- (Continued) --
address-family ipv6 unicast
! Tag BGP Communities on the aggregate prefix
network 2406:6400::/32 route-map SET-COMM-LOCAL
neighbor EBGP-AS64512-IPV6 soft-reconfiguration inbound
Administrator ! Include Standard Community attribute in BGP updates
neighbor EBGP-AS64512-IPV6 send-community
neighbor EBGP-AS64512-IPV6 route-map EBGP-AS64512-IPV6-IN in
neighbor EBGP-AS64512-IPV6 route-map EBGP-AS64512-IPV6-OUT out
neighbor EBGP-AS65001-IPV6 soft-reconfiguration inbound
! Include Standard Community attribute in BGP updates
neighbor EBGP-AS65001-IPV6 send-community
neighbor EBGP-AS65001-IPV6 route-map EBGP-AS65001-IPV6-IN in
neighbor EBGP-AS65001-IPV6 route-map EBGP-AS65001-IPV6-OUT out
exit-address-family
112 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! BGP Communities definition (new format)
ip bgp-community new-format
ip community-list standard LOCAL permit 65001:0
ip community-list standard CUSTOMER permit 65001:100
ip community-list standard PEER permit 65001:200
Administrator ip community-list standard TRANSIT permit 65001:300
113 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! Create AS Path access list for AS64512’s IPv4 Unicast paths
ip as-path access-list 101 permit ^64512(_64512)*$
ip as-path access-list 101 deny .*
114 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV4-IN permit 10
match ip address prefix-list AS64512-IPV4
match as-path 101
set community 65001:100 additive
Administrator !
route-map EBGP-AS64512-IPV4-IN deny 1000
! Create route map for outbound filter of IPv4 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV4-OUT permit 10
match community LOCAL
!
route-map EBGP-AS64512-IPV4-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS64512-IPV4-OUT permit 30
match community PEER
!
route-map EBGP-AS64512-IPV4-OUT deny 1000
115 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! Create route map for inbound filter of IPv6 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV6-IN permit 10
match ipv6 address prefix-list AS64512-IPV6
match as-path 201
set community 65001:100 additive
Administrator !
route-map EBGP-AS64512-IPV6-IN deny 1000
! Create route map for outbound filter of IPv6 Unicast EBGP with AS64512
route-map EBGP-AS64512-IPV6-OUT permit 10
match community LOCAL
!
route-map EBGP-AS64512-IPV6-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS64512-IPV6-OUT permit 30
match community PEER
!
route-map EBGP-AS64512-IPV6-OUT deny 1000
116 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! Create route map for inbound filter of IPv4 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV4-IN permit 10
match ip address prefix-list AS65000-IPV4
match as-path 102
set community 65001:200 additive
Administrator !
route-map EBGP-AS65000-IPV4-IN deny 1000
! Create route map for outbound filter of IPv4 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV4-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65000-IPV4-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS65000-IPV4-OUT deny 1000
117 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! Create route map for inbound filter of IPv6 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV6-IN permit 10
match ipv6 address prefix-list AS65000-IPV6
match as-path 202
set community 65001:200 additive
Administrator !
route-map EBGP-AS65000-IPV6-IN deny 1000
! Create route map for outbound filter of IPv6 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV6-OUT permit 10
match community LOCAL
!
route-map EBGP-AS65000-IPV6-OUT permit 20
match community CUSTOMER
!
route-map EBGP-AS65000-IPV6-OUT deny 1000
118 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
! Create route map for tagging BGP Communities on locally originated prefixes
route-map SET-COMM-LOCAL permit 10
set community 65001:0
119 v1.2
Example: BGP Communities (Cisco IOS)
Cisco IOS R201’s configuration
-- (Continued) --
address-family ipv6 unicast
! Tag BGP Communities on the aggregate prefix
network 2406:6401::/32 route-map SET-COMM-LOCAL
neighbor EBGP-AS64512-IPV6 soft-reconfiguration inbound
Administrator ! Include Standard Community attribute in BGP updates
neighbor EBGP-AS64512-IPV6 send-community
neighbor EBGP-AS64512-IPV6 route-map EBGP-AS64512-IPV6-IN in
neighbor EBGP-AS64512-IPV6 route-map EBGP-AS64512-IPV6-OUT out
neighbor EBGP-AS65000-IPV6 soft-reconfiguration inbound
! Include Standard Community attribute in BGP updates
neighbor EBGP-AS65000-IPV6 send-community
neighbor EBGP-AS65000-IPV6 route-map EBGP-AS65000-IPV6-IN in
neighbor EBGP-AS65000-IPV6 route-map EBGP-AS65000-IPV6-OUT out
exit-address-family
120 v1.2
Example: BGP Communities (Cisco IOS)
• Verification commands:
– Showing BGP peers
• show bgp ipv4 unicast summary
• show bgp ipv6 unicast summary
– Showing prefixes advertised to specific peer
• show bgp ipv4 unicast neighbors [peer-address] advertised-routes
• show bgp ipv6 unicast neighbors [peer-address] advertised-routes
– Showing accepted prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] routes
• show bgp ipv6 unicast neighbors [peer-address] routes
– Showing original prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] received-routes
• show bgp ipv6 unicast neighbors [peer-address] received-routes
121 v1.2
Example: BGP Communities (Cisco IOS)
• Verification commands:
– Showing BGP table
• show bgp ipv4 unicast
• show bgp ipv6 unicast
– Showing detail information of specific prefix
• show bgp ipv4 unicast [prefix]/[len]
• show bgp ipv6 unicast [prefix]/[len]
122 v1.2
Example: BGP Communities (Juniper Junos OS)
• BGP Communities definition: AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
2406:6400::/32 2406:6401::/32
Value Description 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
<asn>:0 Locally originated prefixes 2406:6400::1/128 2406:6401::1/128
lo0 lo0
.5 172.20.0.4/30. .6
<asn>:100 Customer prefixes ::0 2406:6400:4:1::/127 ::1
R101 R201
<asn>:200 Prefixes from private peering or Internet eXchange (IX) EBGP
.1 .1
<asn>:300 Internet prefixes from upstream provider ::0 ::0
172.20.0.0/30 172.28.0.0/30
10.0.0.1/32
2406:6401:4::/127 EBGP
10.0.0.2/32
with “<asn>:0”.
.2 .2
::1 2001:DB8::1/128 ::1 2001:DB8::2/128
lo0 lo0
.1 10.1.0.0/30 .2
::0 2001:DB8:1::/127 ::1
124 v1.2
Example: BGP Communities (Juniper Junos OS)
• AS65000’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
10.0.0.0/8 ^64512(64512)*$ Accept and tag 65000:100
2001:DB8::/32
In
Reject
65000:0 Accept
Provider R1
65000:100 Accept
Out
65000:200 Accept
Reject
R101
172.24.0.0/13 ^65001(65001)*$ Accept and tag 65000:200
2406:6401::/32 ^65001(.)*(64512)$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R201
65000:0 Accept
Reject
125 v1.2
Example: BGP Communities (Juniper Junos OS)
• AS65001’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
10.0.0.0/8 ^64512(64512)*$ Accept and tag 65001:100
2001:DB8::/32
In
Reject
65001:0 Accept
Provider R2
65001:100 Accept
Out
65001:200 Accept
Reject
R201
172.16.0.0/13 ^65000(65000)*$ Accept and tag 65001:200
2406:6400::/32 ^65000(.)*(64512)$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R101
65001:0 Accept
Reject
126 v1.2
Example: BGP Communities (Juniper Junos OS)
127 v1.2
Example: BGP Communities (Juniper Junos OS)
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV6-IN
set term 10 from policy ROUTE-AS65000-IPV6
set term 10 then accept community add TRANSIT
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV6-OUT
set term 10 from community LOCAL
set term 10 then accept
set term 1000 then reject
128 v1.2
Example: BGP Communities (Juniper Junos OS)
129 v1.2
Example: BGP Communities (Juniper Junos OS)
130 v1.2
Example: BGP Communities (Juniper Junos OS)
# Create policy statement for inbound filter of IPv6 Unicast EBGP with AS65001
top edit policy-options policy-statement EBGP-AS65001-IPV6-IN
set term 10 from policy ROUTE-AS65001-IPV6
set term 10 then accept community add TRANSIT
set term 1000 then reject
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65001
top delete policy-options policy-statement EBGP-AS65001-IPV6-OUT
top edit policy-options policy-statement EBGP-AS65001-IPV6-OUT
set term 10 from community LOCAL
set term 10 then accept
set term 1000 then reject
131 v1.2
Example: BGP Communities (Juniper Junos OS)
132 v1.2
Example: BGP Communities (Juniper Junos OS)
133 v1.2
Example: BGP Communities (Juniper Junos OS)
134 v1.2
Example: BGP Communities (Juniper Junos OS)
135 v1.2
Example: BGP Communities (Juniper Junos OS)
136 v1.2
Example: BGP Communities (Juniper Junos OS)
137 v1.2
Example: BGP Communities (Juniper Junos OS)
138 v1.2
Example: BGP Communities (Juniper Junos OS)
139 v1.2
Example: BGP Communities (Juniper Junos OS)
140 v1.2
Example: BGP Communities (Juniper Junos OS)
141 v1.2
Example: BGP Communities (Juniper Junos OS)
142 v1.2
Example: BGP Communities (Juniper Junos OS)
143 v1.2
Example: BGP Communities (Juniper Junos OS)
144 v1.2
Example: BGP Communities (Juniper Junos OS)
145 v1.2
Example: BGP Communities (Juniper Junos OS)
146 v1.2
Example: BGP Communities (Juniper Junos OS)
• Verification commands:
– Showing BGP peers
• show bgp summary
– Showing prefixes advertised to specific peer
• show route table inet.0 advertising-protocol bgp [peer-address]
• show route table inet6.0 advertising-protocol bgp [peer-address]
– Showing accepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address]
• show route table inet6.0 receive-protocol bgp [peer-address]
– Showing unaccepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address] hidden
• show route table inet6.0 receive-protocol bgp [peer-address] hidden
147 v1.2
Example: BGP Communities (Juniper Junos OS)
• Verification commands:
– Showing BGP routes in routing table
• show route table inet.0 protocol bgp
• show route table inet6.0 protocol bgp
– Showing detail information of specific route (accepted)
• show route table inet.0 [prefix]/[len] exact detail
• show route table inet6.0 [prefix]/[len] exact detail
– Showing detail information of specific route (unaccepted)
• show route table inet.0 [prefix]/[len] exact detail hidden
• show route table inet6.0 [prefix]/[len] exact detail hidden
148 v1.2
Example: BGP Communities (MikroTik RouterOS)
• BGP Communities definition: AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
2406:6400::/32 2406:6401::/32
Value Description 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
<asn>:0 Locally originated prefixes 2406:6400::1/128 2406:6401::1/128
BR-LOOPBACK BR-LOOPBACK
.5 172.20.0.4/30. .6
<asn>:100 Customer prefixes ::1 2406:6400:4:1::/126 ::2
R101 R201
<asn>:200 Prefixes from private peering or Internet eXchange (IX) EBGP
.1 .1
<asn>:300 Internet prefixes from upstream provider ::1 ::1
172.20.0.0/30 172.28.0.0/30
10.0.0.1/32
2406:6401:4::/126 EBGP
10.0.0.2/32
with “<asn>:0”.
.2 .2
::2 2001:DB8::1/128 ::2 2001:DB8::2/128
BR-LOOPBACK BR-LOOPBACK
.1 10.1.0.0/30 .2
::1 2001:DB8:1::/126 ::2
150 v1.2
Example: BGP Communities (MikroTik RouterOS)
• AS65000’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65000:100
2001:DB8::/32
In
Reject
65000:0 Accept
Provider R1
65000:100 Accept
Out
65000:200 Accept
Reject
R101
172.24.0.0/13 ^65001(_65001)*$ Accept and tag 65000:200
2406:6401::/32 ^65001(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R201
65000:0 Accept
Reject
151 v1.2
Example: BGP Communities (MikroTik RouterOS)
• AS65001’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65001:100
2001:DB8::/32
In
Reject
65001:0 Accept
Provider R2
65001:100 Accept
Out
65001:200 Accept
Reject
R201
172.16.0.0/13 ^65000(_65000)*$ Accept and tag 65001:200
2406:6400::/32 ^65000(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R101
65001:0 Accept
Reject
152 v1.2
Example: BGP Communities (MikroTik RouterOS)
Administrator # Create route filter chain for AS65000’s IPv6 Unicast routes
/routing filter
add chain=ROUTE-AS65000-IPV6 prefix=::/0 prefix-length=0-48 action=accept
add chain=ROUTE-AS65000-IPV6 action=return
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-IN match-chain=ROUTE-AS65000-IPV4 \
action=accept append-bgp-communities=64512:300
add chain=EBGP-AS65000-IPV4-IN action=reject
# Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-OUT bgp-communities=64512:0 action=accept
add chain=EBGP-AS65000-IPV4-OUT action=reject
153 v1.2
Example: BGP Communities (MikroTik RouterOS)
154 v1.2
Example: BGP Communities (MikroTik RouterOS)
Administrator # Create route filter chain for AS65001’s IPv6 Unicast routes
/routing filter
add chain=ROUTE-AS65001-IPV6 prefix=::/0 prefix-length=0-48 action=accept
add chain=ROUTE-AS65001-IPV6 action=return
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-IN match-chain=ROUTE-AS65001-IPV4 \
action=accept append-bgp-communities=64512:300
add chain=EBGP-AS65001-IPV4-IN action=reject
# Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV4-OUT bgp-communities=64512:0 action=accept
add chain=EBGP-AS65001-IPV4-OUT action=reject
155 v1.2
Example: BGP Communities (MikroTik RouterOS)
156 v1.2
Example: BGP Communities (MikroTik RouterOS)
Administrator # Create route filter chain for AS64512’s IPv6 Unicast routes
/routing filter
add chain=ROUTE-AS64512-IPV6 prefix=2001:DB8::/32 action=accept
add chain=ROUTE-AS64512-IPV6 action=return
157 v1.2
Example: BGP Communities (MikroTik RouterOS)
Administrator # Create route filter chain for AS64512’s IPv6 unicast paths
/routing filter
add chain=PATH-AS64512-IPV6 bgp-as-path="^64512(_64512)*\$" action=accept
add chain=PATH-AS64512-IPV6 action=return
158 v1.2
Example: BGP Communities (MikroTik RouterOS)
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-IN match-chain=ROUTE-AS64512-IPV6 \
action=jump jump-target=PATH-AS64512-IPV6 append-bgp-communities=65000:100
add chain=EBGP-AS64512-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-OUT bgp-communities=65000:0 action=accept
add chain=EBGP-AS64512-IPV6-OUT bgp-communities=65000:100 action=accept
add chain=EBGP-AS64512-IPV6-OUT bgp-communities=65000:200 action=accept
add chain=EBGP-AS64512-IPV6-OUT action=reject
159 v1.2
Example: BGP Communities (MikroTik RouterOS)
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-IN match-chain=ROUTE-AS65001-IPV6 \
action=jump jump-target=PATH-AS65001-IPV6 append-bgp-communities=65000:200
add chain=EBGP-AS65001-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65001
/routing filter
add chain=EBGP-AS65001-IPV6-OUT bgp-communities=65000:0 action=accept
add chain=EBGP-AS65001-IPV6-OUT bgp-communities=65000:100 action=accept
add chain=EBGP-AS65001-IPV6-OUT action=reject
160 v1.2
Example: BGP Communities (MikroTik RouterOS)
161 v1.2
Example: BGP Communities (MikroTik RouterOS)
Administrator # Create route filter chain for AS64512’s IPv6 Unicast routes
/routing filter
add chain=ROUTE-AS64512-IPV6 prefix=2001:DB8::/32 action=accept
add chain=ROUTE-AS64512-IPV6 action=return
162 v1.2
Example: BGP Communities (MikroTik RouterOS)
Administrator # Create route filter chain for AS64512’s IPv6 Unicast paths
/routing filter
add chain=PATH-AS64512-IPV6 bgp-as-path="^64512(_64512)*\$" action=accept
add chain=PATH-AS64512-IPV6 action=return
163 v1.2
Example: BGP Communities (MikroTik RouterOS)
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-IN match-chain=ROUTE-AS64512-IPV6 \
action=jump jump-target=PATH-AS64512-IPV6 append-bgp-communities=65001:100
add chain=EBGP-AS64512-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS64512
/routing filter
add chain=EBGP-AS64512-IPV6-OUT bgp-communities=65001:0 action=accept
add chain=EBGP-AS64512-IPV6-OUT bgp-communities=65001:100 action=accept
add chain=EBGP-AS64512-IPV6-OUT bgp-communities=65001:200 action=accept
add chain=EBGP-AS64512-IPV6-OUT action=reject
164 v1.2
Example: BGP Communities (MikroTik RouterOS)
# Create route filter chain for inbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-IN match-chain=ROUTE-AS65000-IPV6 \
action=jump jump-target=PATH-AS65000-IPV6 append-bgp-communities=65001:200
add chain=EBGP-AS65000-IPV6-IN action=reject
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-OUT bgp-communities=65001:0 action=accept
add chain=EBGP-AS65000-IPV6-OUT bgp-communities=65001:100 action=accept
add chain=EBGP-AS65000-IPV6-OUT action=reject
165 v1.2
Example: BGP Communities (MikroTik RouterOS)
166 v1.2
Example: BGP Communities (MikroTik RouterOS)
• Verification commands:
– Showing BGP peers
• /routing bgp peer print status where address-families=ip
• /routing bgp peer print status where address-families=ipv6
– Showing prefixes advertised to specific peer
• /routing bgp advertise print [peer-name] detail
– Showing prefixes received from specific peer
• /ip route print detail where bgp received-from=[peer-name]
• /ipv6 route print detail where bgp received-from=[peer-name]
167 v1.2
Example: BGP Communities (MikroTik RouterOS)
• Verification commands:
– Showing BGP routes in routing table
• /ip route print where bgp
• /ipv6 route print where bgp
– Showing detail information of specific route
• /ip route print detail where dst-address=[prefix]/[len]
• /ipv6 route print detail where dst-address=[prefix]/[len]
168 v1.2
BGP Routing Policies
169 v1.2
Autonomous System Number (ASN)
Range ASN Description Reference
0 Reserved RFC1930, RFC7607
170 v1.2
Remove Private ASN
• BGP can operate with either public or private ASNs.
• Private ASNs can be used by single-homed or dual-homed
networks connecting to a single provider.
– Eliminates the burden of needing to apply for public ASNs
171 v1.2
Remove Private ASN
• Works only on prefix advertisements to EBGP peers.
• Removal rules:
If Then
AS_PATH contains ASN of the EBGP peer Private ASNs are not removed
172 v1.2
Configuring Remove Private ASN
• Configurable options:
– Cisco IOS
• Per Address Family of a peer
• Per Address Family of a group of peers
• Can remove private ASNs even if a public ASN is encountered
– By configuring “remove-private-as all”
– Juniper Junos OS
• Per peer
• Per group of peers
• Can remove private ASNs even if a public ASN is encountered
– By configuring “remove-private all”
– MikroTik RouterOS
• Per peer
173 v1.2
Example: Remove Private ASN (Cisco IOS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
Loopback0 Loopback0 Loopback0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
R1 R101 (Remove Private ASN) R201
174 v1.2
Example: Remove Private ASN (Cisco IOS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
Loopback0 Loopback0 Loopback0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
R1 R101 (Remove Private ASN) R201
175 v1.2
Example: Remove Private ASN (Cisco IOS)
Cisco IOS R101’s configuration
router bgp 135533
address-family ipv4 unicast
! Remove private ASN on BGP updates to this peer
neighbor EBGP-AS135534-IPV4 remove-private-as
exit-address-family
Administrator !
address-family ipv6 unicast
! Remove private ASN on BGP updates to this peer
neighbor EBGP-AS135534-IPV6 remove-private-as
exit-address-family
176 v1.2
Example: Remove Private ASN (Cisco IOS)
• Verification commands:
– Showing BGP peers
• show bgp ipv4 unicast summary
• show bgp ipv6 unicast summary
– Showing prefixes advertised to specific peer
• show bgp ipv4 unicast neighbors [peer-address] advertised-routes
• show bgp ipv6 unicast neighbors [peer-address] advertised-routes
– Showing prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] routes
• show bgp ipv6 unicast neighbors [peer-address] routes
– Showing BGP table
• show bgp ipv4 unicast
• show bgp ipv6 unicast
177 v1.2
Example: Remove Private ASN (Juniper Junos OS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
lo0 lo0 lo0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
R1 R101 (Remove Private ASN) R201
178 v1.2
Example: Remove Private ASN (Juniper Junos OS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
lo0 lo0 lo0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
R1 R101 (Remove Private ASN) R201
179 v1.2
Example: Remove Private ASN (Juniper Junos OS)
Juniper Junos OS R1’s configuration
# Remove private ASN on BGP updates to this peer
top set protocols bgp group EBGP-AS135534-IPV4 remove-private
180 v1.2
Example: Remove Private ASN (Juniper Junos OS)
• Verification commands:
– Showing BGP peers
• show bgp summary
– Showing prefixes advertised to specific peer
• show route table inet.0 advertising-protocol bgp [peer-address]
• show route table inet6.0 advertising-protocol bgp [peer-address]
– Showing prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address] all
• show route table inet6.0 receive-protocol bgp [peer-address] all
– Showing BGP routes in routing table
• show route table inet.0 protocol bgp
• show route table inet6.0 protocol bgp
181 v1.2
Example: Remove Private ASN (MikroTik RouterOS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
BR-LOOPBACK BR-LOOPBACK BR-LOOPBACK
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::2 2406:6400:4::/127 ::1 ::1 2406:6400:4:1::/127 ::2
EBGP EBGP
R1 R101 (Remove Private ASN) R201
182 v1.2
Example: Remove Private ASN (MikroTik RouterOS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
BR-LOOPBACK BR-LOOPBACK BR-LOOPBACK
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::2 2406:6400:4::/127 ::1 ::1 2406:6400:4:1::/127 ::2
EBGP EBGP
R1 R101 (Remove Private ASN) R201
183 v1.2
Example: Remove Private ASN (MikroTik RouterOS)
MikroTik RouterOS R101’s configuration
# Remove private ASN on BGP updates to this peer
/routing bgp peer set EBGP-AS135534-IPV4 remove-private-as=yes
184 v1.2
Example: Remove Private ASN (MikroTik RouterOS)
• Verification commands:
– Showing BGP peers
• /routing bgp peer print status
– Showing prefixes advertised to specific peer
• /routing bgp advertise print [peer-name] detail
– Showing prefixes received from specific peer
• /ip route print detail where bgp received-from=[peer-name]
• /ipv6 route print detail where bgp received-from=[peer-name]
– Showing detail information of BGP routes in routing table
• /ip route print detail where bgp
• /ipv6 route print detail where bgp
185 v1.2