d2 s1 BGP Routing Policies

Border Gateway Protocol (BGP)
BGP Routing Policies
1 v1.2
Overview of Routing Policies
2 v1.2
Routing Policies
• Control how BGP prefixes are received, selected, or
advertised.
• Allow network operators to tailor routing decisions to meet
specific requirements and goals.
– Managing relationship between Autonomous Systems
• Transit Provider and Customer
• Peers
– Influencing traffic paths of specific prefixes
3 v1.2
Routing Policies
• Route filtering policies control which prefixes are advertised
to or received from BGP peers.
– Recommended to configure for all EBGP peers
• BGP implementation in most platforms will accept all received prefixes and
advertise the best paths when there is no route filter configured
• Traffic engineering policies influence traffic paths and

distribute traffic across multiple links.
4 v1.2
Policy Implementation
• Can be applied in either inbound or outbound direction.
• Inbound filters influence outbound traffic.
– Select prefixes to accept
• Unaccepted prefixes may be rejected or discarded
– Modify BGP Path Attributes of specific accepted prefixes
• Affects local router’s BGP best path selection
• Affects re-advertisement of the prefixes
• Outbound filters influence inbound traffic.

– Select prefixes to advertise
– Modify BGP Path Attributes of specific advertised prefixes
• Affects peer’s BGP best path selection
• Affects re-advertisement of the prefixes
5 v1.2
Policy Implementation
• Common methods to implement routing policies:
– Prefix Filters
• Match exact prefixes and their sub-prefixes
– AS Path Filters
• Match AS_PATH of the prefixes with regular expression
– Set BGP Path Attributes
– BGP Communities
• Requires careful planning and testing to avoid unintended
consequences.
• Failure to properly configure routing policies can cause network
instability or outages.
6 v1.2
Vendor Implementation
Address Cisco Juniper MikroTik
Method
Family IOS Junos OS RouterOS
IPv4 Unicast IPv4 Prefix List Policy Statement Route Filter

Prefix Filters
IPv6 Unicast IPv6 Prefix List Policy Statement Route Filter
IPv4 Unicast AS Path Access List Policy Statement Route Filter

AS Path Filters
IPv6 Unicast AS Path Access List Policy Statement Route Filter
IPv4 Unicast Route Map Policy Statement Route Filter

Set BGP Path Attributes

BGP Communities
7 v1.2
Vendor Implementation
• Cisco IOS
– BGP peer’s “soft-reconfiguration inbound” configuration
• Allows the router to store a copy of the received prefixes of that particular peer
before routing policies are applied
• Unaccepted prefixes and original BGP Path Attributes can be seen
• MikroTik RouterOS
– Route Filter’s “discard” and “reject” actions
• For inbound filters, “discard” means not accepting the prefixes at all, while “reject”
means accepting the prefixes but make them inactive
• For outbound filters, “discard” and “reject” are the same
8 v1.2
Prefix Filters
9 v1.2
Example: Prefix Filters (Cisco IOS)
• Configure routing policies for all
IPv4 Unicast EBGP peers. AS65000 AS65001
172.16.0.0/13 172.24.0.0/13
172.18.1.0/24 172.26.1.0/24
Node Role Peer Receives Advertises 172.16.0.1/32
Loopback0
172.24.0.1/32
Loopback0
R1 Customer R101 Any (~/24) 10.0.0.0/8 .5 172.20.0.4/30 .6

R101 R201
R2 Customer R201 Any (~/24) 10.0.0.0/8 EBGP
.1 .1
R101 Provider R1 10.0.0.0/8 Any (~/24)
Peer R201 172.24.0.0/13 172.16.0.0/13 (~/24) EBGP 172.20.0.0/30 172.28.0.0/30 EBGP

10.0.0.0/8 10.0.0.0/8
R201 Provider R2 10.0.0.0/8 Any (~/24) .2 10.0.0.1/32 .2 10.0.0.2/32

Loopback0 Loopback0
Peer R101 172.16.0.0/13 172.24.0.0/13 (~/24) .1 10.1.0.0/30 .2
10.0.0.0/8 10.0.0.0/8 R1 R2
IBGP
• Expectation: 10.2.1.0/24
AS64512 10.2.2.0/24
10.0.0.0/8
– AS65000 and AS65001 do not accept
Based on “BGP IPv4 Unicast” example scenario
each other’s IPv4 Unicast /24 prefix
10 v1.2
2406:6400::/32 2406:6401::/32
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
Node Role Peer Receives Advertises 2406:6400::1/128
Loopback0
2406:6401::1/128
Loopback0
R1 Customer R101 Any (~/48) 2001:DB8::/32 ::0 2406:6400:4:1::/127 ::1

R101 R201
R2 Customer R201 Any (~/48) 2001:DB8::/32 EBGP
::0 ::0
R101 Provider R1 2001:DB8::/32 Any (~/48)
Peer R201 2406:6401::/32 2406:6400::/32 (~/64) EBGP 2406:6400:4::/127 2406:6401:4::/127 EBGP

2001:DB8::/32 2001:DB8::/32
10.0.0.1/32 10.0.0.2/32
R201 Provider R2 2001:DB8::/32 Any (~/48) ::1 2001:DB8::1/128 ::1 2001:DB8::2/128
Loopback0 Loopback0
Peer R101 2406:6400::/32 2406:6401::/32 (~/64) ::0 2001:DB8:1::/127 ::1
2001:DB8::/32 2001:DB8::/32 R1 R2
IBGP
• Expectation: 2001:DB8:2:1::/64
AS64512 2001:DB8:2:2::/64
2001:DB8::/32
11 v1.2
Cisco IOS R1’s configuration
! Create prefix list for inbound filter of IPv4 Unicast EBGP with AS65000
ip prefix-list EBGP-AS65000-IPV4-IN seq 10 permit 0.0.0.0/0 le 24
ip prefix-list EBGP-AS65000-IPV4-IN seq 1000 deny 0.0.0.0/0 le 32
! Create prefix list for outbound filter of IPv4 Unicast EBGP with AS65000
Administrator ip prefix-list EBGP-AS65000-IPV4-OUT seq 10 permit 10.0.0.0/8
ip prefix-list EBGP-AS65000-IPV4-OUT seq 1000 deny 0.0.0.0/0 le 32
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 10 permit ::/0 le 48
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 1000 deny ::/0 le 128
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 10 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 1000 deny ::/0 le 128
12 v1.2
! Apply prefix filters to respective BGP peer
router bgp 64512
address-family ipv4 unicast
! Keep a copy of original received prefixes
neighbor EBGP-AS65000-IPV4 soft-reconfiguration inbound
Administrator neighbor EBGP-AS65000-IPV4 prefix-list EBGP-AS65000-IPV4-IN in
neighbor EBGP-AS65000-IPV4 prefix-list EBGP-AS65000-IPV4-OUT out
exit-address-family
!
neighbor EBGP-AS65000-IPV6 prefix-list EBGP-AS65000-IPV6-IN in
exit-address-family
13 v1.2
ip prefix-list EBGP-AS65001-IPV4-IN seq 10 permit 0.0.0.0/0 le 24
Administrator ip prefix-list EBGP-AS65001-IPV4-OUT seq 10 permit 10.0.0.0/8
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 10 permit ::/0 le 48
14 v1.2
router bgp 64512
exit-address-family
!
exit-address-family
15 v1.2
ip prefix-list EBGP-AS64512-IPV4-IN seq 10 permit 10.0.0.0/8
Administrator ip prefix-list EBGP-AS64512-IPV4-OUT seq 10 permit 0.0.0.0/0 le 24
ipv6 prefix-list EBGP-AS64512-IPV6-IN seq 10 permit 2001:DB8::/32
ipv6 prefix-list EBGP-AS64512-IPV6-OUT seq 10 permit ::/0 le 48
16 v1.2
Administrator ! Create prefix list for outbound filter

ip prefix-list EBGP-AS65001-IPV4-OUT seq
of IPv4 Unicast EBGP with AS65001
10 permit 172.16.0.0/13 le 24
ip prefix-list EBGP-AS65001-IPV4-OUT seq 20 permit 10.0.0.0/8
ipv6 prefix-list EBGP-AS65001-IPV6-IN seq 10 permit 2406:6401::/32
ipv6 prefix-list EBGP-AS65001-IPV6-OUT seq 10 permit 2406:6400::/32 le 64
17 v1.2
router bgp 65000
exit-address-family
!
exit-address-family
18 v1.2
Administrator ip prefix-list EBGP-AS64512-IPV4-OUT seq 10 permit 0.0.0.0/0 le 24
ipv6 prefix-list EBGP-AS64512-IPV6-OUT seq 10 permit ::/0 le 48
19 v1.2
Administrator ! Create prefix list for outbound filter

ip prefix-list EBGP-AS65000-IPV4-OUT seq
of IPv4 Unicast EBGP with AS65000
10 permit 172.24.0.0/13 le 24
ip prefix-list EBGP-AS65000-IPV4-OUT seq 20 permit 10.0.0.0/8
ipv6 prefix-list EBGP-AS65000-IPV6-IN seq 10 permit 2406:6400::/32
ipv6 prefix-list EBGP-AS65000-IPV6-OUT seq 10 permit 2406:6401::/32 le 64
20 v1.2
router bgp 65001
exit-address-family
!
exit-address-family
21 v1.2
• Verification commands:
– Showing BGP peers
• show bgp ipv4 unicast summary
– Showing prefixes advertised to specific peer
• show bgp ipv4 unicast neighbors [peer-address] advertised-routes
– Showing accepted prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] routes
– Showing original prefixes received from specific peer
• show bgp ipv4 unicast neighbors [peer-address] received-routes
22 v1.2
– Showing BGP table
• show bgp ipv4 unicast
– Showing detail information of specific prefix
• show bgp ipv4 unicast [prefix]/[len]
23 v1.2
Example: Prefix Filters (Juniper Junos OS)
172.16.0.0/13 172.24.0.0/13
172.18.1.0/24 172.26.1.0/24
lo0
172.24.0.1/32
lo0
R1 Customer R101 Any (~/24) 10.0.0.0/8 .5 172.20.0.4/30 .6

R101 R201
.1 .1
R101 Provider R1 10.0.0.0/8 Any (~/24)
Peer R201 172.24.0.0/13 172.16.0.0/13 (~/24) EBGP 172.20.0.0/30 172.28.0.0/30 EBGP

10.0.0.0/8 10.0.0.0/8
R201 Provider R2 10.0.0.0/8 Any (~/24) .2 10.0.0.1/32 .2 10.0.0.2/32

lo0 lo0
Peer R101 172.16.0.0/13 172.24.0.0/13 (~/24) .1 10.1.0.0/30 .2
10.0.0.0/8 10.0.0.0/8 R1 R2
IBGP
AS64512 10.2.2.0/24
10.0.0.0/8
24 v1.2
2406:6400::/32 2406:6401::/32
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
Loopback0
2406:6401::1/128
Loopback0

R101 R201
::0 ::0
Peer R201 2406:6401::/32 2406:6400::/32 (~64) EBGP 2406:6400:4::/127 2406:6401:4::/127 EBGP

2001:DB8::/32 2001:DB8::/32
10.0.0.1/32 10.0.0.2/32
Loopback0 Loopback0
Peer R101 2406:6400::/32 2406:6401::/32 (~64) ::0 2001:DB8:1::/127 ::1
2001:DB8::/32 2001:DB8::/32 R1 R2
IBGP
AS64512 2001:DB8:2:2::/64
2001:DB8::/32
25 v1.2
Juniper Junos OS R1’s configuration
# Create policy statement for inbound filter of IPv4 Unicast EBGP with AS65000
top edit policy-options policy-statement EBGP-AS65000-IPV4-IN
set term 10 from route-filter 0.0.0.0/0 upto /24
set term 10 then accept
set term 1000 then reject
Administrator # Re-create policy statement for outbound filter of IPv4 Unicast EBGP with AS65000
top delete policy-options policy-statement EBGP-AS65000-IPV4-OUT
top edit policy-options policy-statement EBGP-AS65000-IPV4-OUT
set term 10 from route-filter 10.0.0.0/8 exact
set term 10 from route-filter ::/0 upto /48
# Re-create policy statement for outbound filter of IPv6 Unicast EBGP with AS65000
set term 10 from route-filter 2001:DB8::/32 exact
26 v1.2
# Apply routing policies to respective BGP peer
top edit protocols bgp
set group EBGP-AS65000-IPV4 import EBGP-AS65000-IPV4-IN export EBGP-AS65000-IPV4-OUT
Administrator
27 v1.2
28 v1.2
Administrator
29 v1.2
30 v1.2
Administrator set term 20 then accept
31 v1.2
set term 10 from route-filter 2406:6401::/32 exact
set term 10 from route-filter 2406:6400::/32 upto /64
32 v1.2
Administrator set group EBGP-AS65001-IPV6 import EBGP-AS65001-IPV6-IN export EBGP-AS65001-IPV6-OUT
33 v1.2
34 v1.2
35 v1.2
set term 10 from route-filter 2406:6401::/32 upto /64
36 v1.2
Administrator set group EBGP-AS65000-IPV6 import EBGP-AS65000-IPV6-IN export EBGP-AS65000-IPV6-OUT
37 v1.2
• show bgp summary
• show route table inet.0 advertising-protocol bgp [peer-address]
• show route table inet6.0 advertising-protocol bgp [peer-address]
• show route table inet.0 receive-protocol bgp [peer-address]
• show route table inet6.0 receive-protocol bgp [peer-address]
– Showing unaccepted prefixes received from specific peer
• show route table inet.0 receive-protocol bgp [peer-address] hidden
• show route table inet6.0 receive-protocol bgp [peer-address] hidden
38 v1.2
– Showing BGP routes in routing table
• show route table inet.0 protocol bgp
• show route table inet6.0 protocol bgp
– Showing detail information of specific route (accepted)
• show route table inet.0 [prefix]/[len] exact detail
• show route table inet6.0 [prefix]/[len] exact detail
– Showing detail information of specific route (unaccepted)
• show route table inet.0 [prefix]/[len] exact detail hidden
• show route table inet6.0 [prefix]/[len] exact detail hidden
39 v1.2
Example: Prefix Filters (MikroTik RouterOS)
172.16.0.0/13 172.24.0.0/13
172.18.1.0/24 172.26.1.0/24
BR-LOOPBACK
172.24.0.1/32
BR-LOOPBACK
R1 Customer R101 Any (~/24) 10.0.0.0/8 .5 172.20.0.4/30 .6

R101 R201
.1 .1
R101 Provider R1 10.0.0.0/8 Any (~/24)
Peer R201 172.24.0.0/13 172.16.0.0/13 (~/24) EBGP 172.20.0.0/30 172.28.0.0/30 EBGP

10.0.0.0/8 10.0.0.0/8
R201 Provider R2 10.0.0.0/8 Any (~/24) .2 10.0.0.1/32 .2 10.0.0.2/32

BR-LOOPBACK BR-LOOPBACK
Peer R101 172.16.0.0/13 172.24.0.0/13 (~/24) .1 10.1.0.0/30 .2
10.0.0.0/8 10.0.0.0/8 R1 R2
IBGP
AS64512 10.2.2.0/24
10.0.0.0/8
40 v1.2
2406:6400::/32 2406:6401::/32
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
BR-LOOPBACK
2406:6401::1/128
BR-LOOPBACK

R101 R201
::1 ::1
Peer R201 2406:6401::/32 2406:6400::/32 (~/64) EBGP 2406:6400:4::/126 2406:6401:4::/126 EBGP

2001:DB8::/32 2001:DB8::/32
10.0.0.1/32 10.0.0.2/32
Peer R101 2406:6400::/32 2406:6401::/32 (~/64) ::1 2001:DB8:1::/126 ::2
2001:DB8::/32 2001:DB8::/32 R1 R2
IBGP
AS64512 2001:DB8:2:2::/64
2001:DB8::/32
41 v1.2
MikroTik RouterOS R1’s configuration
# Create route filter chain for inbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-IN prefix=0.0.0.0/0 prefix-length=0-24 action=accept
add chain=EBGP-AS65000-IPV4-IN action=reject
Administrator # Create route filter chain for outbound filter of IPv4 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV4-OUT prefix=10.0.0.0/8 action=accept
add chain=EBGP-AS65000-IPV4-OUT action=reject
/routing filter
add chain=EBGP-AS65000-IPV6-IN prefix=::/0 prefix-length=0-48 action=accept
# Create route filter chain for outbound filter of IPv6 Unicast EBGP with AS65000
/routing filter
add chain=EBGP-AS65000-IPV6-OUT prefix=2001:DB8::/32 action=accept
# Apply route filters to respective BGP peer

/routing bgp peer
set EBGP-AS65000-IPV4 in-filter=EBGP-AS65000-IPV4-IN out-filter=EBGP-AS65000-IPV4-OUT
42 v1.2
/routing filter
add chain=EBGP-AS65001-IPV4-IN prefix=0.0.0.0/0 prefix-length=0-24 action=accept
/routing filter
/routing filter
add chain=EBGP-AS65001-IPV6-IN prefix=::/0 prefix-length=0-48 action=accept
/routing filter

/routing bgp peer
43 v1.2
/routing filter
add chain=EBGP-AS64512-IPV4-IN prefix=10.0.0.0/8 action=accept
/routing filter
add chain=EBGP-AS64512-IPV4-OUT prefix=0.0.0.0/0 prefix-length=0-24 action=accept
/routing filter
add chain=EBGP-AS64512-IPV6-IN prefix=2001:DB8::/32 action=accept
/routing filter
add chain=EBGP-AS64512-IPV6-OUT prefix=::/0 prefix-length=0-48 action=accept
44 v1.2
/routing filter
/routing filter
/routing filter
add chain=EBGP-AS65001-IPV6-IN prefix=2406:6401::/32 action=accept
/routing filter
add chain=EBGP-AS65001-IPV6-OUT prefix=2406:6400::/32 prefix-length=32-64 \
action=accept
45 v1.2
/routing bgp peer
Administrator set EBGP-AS65001-IPV6 in-filter=EBGP-AS65001-IPV6-IN out-filter=EBGP-AS65001-IPV6-OUT
46 v1.2
/routing filter
/routing filter
/routing filter
/routing filter
add chain=EBGP-AS64512-IPV6-OUT prefix=::/0 prefix-length=0-48 action=accept
47 v1.2
/routing filter
/routing filter
/routing filter
add chain=EBGP-AS65000-IPV6-IN prefix=2406:6400::/32 action=accept
/routing filter
add chain=EBGP-AS65000-IPV6-OUT prefix=2406:6401::/32 prefix-length=32-64 \
action=accept
48 v1.2
/routing bgp peer
Administrator set EBGP-AS65000-IPV6 in-filter=EBGP-AS65000-IPV6-IN out-filter=EBGP-AS65000-IPV6-OUT
49 v1.2
• /routing bgp peer print status where address-families=ip
• /routing bgp peer print status where address-families=ipv6
• /routing bgp advertise print [peer-name] detail
– Showing prefixes received from specific peer
• /ip route print detail where bgp received-from=[peer-name]
• /ipv6 route print detail where bgp received-from=[peer-name]
50 v1.2
• /ip route print where bgp
• /ipv6 route print where bgp
– Showing detail information of specific route
• /ip route print detail where dst-address=[prefix]/[len]
• /ipv6 route print detail where dst-address=[prefix]/[len]
51 v1.2
AS Path Filters
52 v1.2
Example: AS Path Filters (Cisco IOS)
• Configure routing policies for AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
EBGP between R101 and R201.

2406:6400::/32 2406:6401::/32
172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2406:6400::1/128 2406:6401::1/128
Node Role Peer Receives Advertises .5
Loopback0
172.20.0.4/30. .6
Loopback0
::0 2406:6400:4:1::/127 ::1

R101 Peer R201 ^65001(_65001)*$ ^$ R101 R201
^64512(_64512)*$ EBGP
Peer R101 ^65000(_65000)*$ ^$ .1 .1
R201 ::0 ::0
^64512(_64512)*$
172.20.0.0/30 172.28.0.0/30
EBGP EBGP
• Expectation: 2406:6400:4::/127
.2 10.0.0.1/32
2406:6401:4::/127
.2 10.0.0.2/32
2001:DB8::1/128 2001:DB8::2/128
– AS65000 and AS65001 accept only
::1 ::1
Loopback0 Loopback0
.1 10.1.0.0/30 .2
each other’s locally originated R1

::0 2001:DB8:1::/127 ::1
R2
IBGP
prefixes AS64512
10.2.1.0/24 10.2.2.0/24
• AS64512’s prefixes are not accepted 2001:DB8:2:1::/64 10.0.0.0/8
2001:DB8::/32
2001:DB8:2:2::/64
Based on example scenarios:

BGP IPv4 Unicast + BGP IPv6 Unicast
53 v1.2
! Create AS Path access list for inbound filter of IPv4 Unicast EBGP with AS65001
ip as-path access-list 101 permit ^65001(_65001)*$
ip as-path access-list 101 deny .*
! Create AS Path access list for outbound filter of IPv4 Unicast EBGP with AS65001
Administrator ip as-path access-list 102 permit ^$
ip as-path access-list 202 permit ^$
54 v1.2
! Apply AS Path filters to respective BGP peer
router bgp 65000
Administrator neighbor EBGP-AS65001-IPV4 filter-list 101 in
neighbor EBGP-AS65001-IPV4 filter-list 102 out
exit-address-family
!
neighbor EBGP-AS65001-IPV6 filter-list 201 in
exit-address-family
55 v1.2
Administrator ip as-path access-list 102 permit ^$
ip as-path access-list 202 permit ^$
56 v1.2
router bgp 65001
Administrator neighbor EBGP-AS65000-IPV4 filter-list 101 in
exit-address-family
!
neighbor EBGP-AS65000-IPV6 filter-list 201 in
exit-address-family
57 v1.2
58 v1.2
59 v1.2
Example: AS Path Filters (Juniper Junos OS)
172.16.0.0/13
AS65001
172.24.0.0/13

2406:6400::/32 2406:6401::/32
172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2406:6400::1/128 2406:6401::1/128
lo0
172.20.0.4/30. .6
lo0
::0 2406:6400:4:1::/127 ::1

R101 Peer R201 ^65001(65001)*$ ^$ R101 R201
^64512(64512)*$ EBGP
Peer R101 ^65000(65000)*$ ^$ .1 .1
R201 ::0 ::0
^64512(64512)*$
172.20.0.0/30 172.28.0.0/30
EBGP EBGP
• Expectation: 2406:6400:4::/127
.2 10.0.0.1/32
2406:6401:4::/127
.2 10.0.0.2/32
2001:DB8::1/128 2001:DB8::2/128
::1 ::1
lo0 lo0
.1 10.1.0.0/30 .2

::0 2001:DB8:1::/127 ::1
R2
IBGP
prefixes AS64512
10.2.1.0/24 10.2.2.0/24
2001:DB8::/32
2001:DB8:2:2::/64

60 v1.2
# Create AS Path group for AS65001’s IPv4 Unicast paths
top edit policy-options as-path-group AS65001-IPV4
set as-path 10 "^65001(65001)*$"

Administrator top edit policy-options as-path-group AS65001-IPV6
set as-path 10 "^65001(65001)*$"
# Create AS Path group for locally originated IPv4 Unicast paths

top edit policy-options as-path-group LOCAL-IPV4
set as-path 10 "^$"

set as-path 10 "^$"
# Create AS Path group for customer’s IPv4 Unicast paths

top edit policy-options as-path-group CUSTOMER-IPV4
set as-path 10 "^64512(64512)*$"

set as-path 10 "^64512(64512)*$"
61 v1.2
set term 10 from as-path-group AS65001-IPV4
set term 10 from prefix-list LOCAL-IPV4
set term 20 from protocol bgp as-path-group LOCAL-IPV4
set term 30 from protocol bgp as-path-group CUSTOMER-IPV4
62 v1.2
63 v1.2
Administrator
64 v1.2
set as-path 10 "^65000(65000)*$"

set as-path 10 "^65000(65000)*$"

set as-path 10 "^$"

set as-path 10 "^$"

set as-path 10 "^64512(64512)*$"

set as-path 10 "^64512(64512)*$"
65 v1.2
66 v1.2
67 v1.2
Administrator
68 v1.2
69 v1.2
70 v1.2
Example: AS Path Filters (MikroTik RouterOS)
172.16.0.0/13
AS65001
172.24.0.0/13

2406:6400::/32 2406:6401::/32
172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2406:6400::1/128 2406:6401::1/128
BR-LOOPBACK
172.20.0.4/30. .6
BR-LOOPBACK
::1 2406:6400:4:1::/126 ::2

R101 Peer R201 ^65001(_65001)*$ ^$ R101 R201
^64512(_64512)*$ EBGP
Peer R101 ^65000(_65000)*$ ^$ .1 .1
R201 ::1 ::1
^64512(_64512)*$
172.20.0.0/30 172.28.0.0/30
EBGP EBGP
• Expectation: 2406:6400:4::/126
.2 10.0.0.1/32
2406:6401:4::/126
.2 10.0.0.2/32
2001:DB8::1/128 2001:DB8::2/128
::2 ::2
.1 10.1.0.0/30 .2

::1 2001:DB8:1::/126 ::2
R2
IBGP
prefixes AS64512
10.2.1.0/24 10.2.2.0/24
2001:DB8::/32
2001:DB8:2:2::/64

71 v1.2
/routing filter
add chain=EBGP-AS65001-IPV4-IN bgp-as-path="^65001(_65001)*\$" action=accept
/routing filter
add chain=EBGP-AS65001-IPV4-OUT bgp-as-path="^\$" action=accept
add chain=EBGP-AS65001-IPV4-OUT bgp-as-path="^64512(_64512)*\$" action=accept
/routing filter
/routing filter
72 v1.2
/routing bgp peer
Administrator
73 v1.2
/routing filter
/routing filter
/routing filter
/routing filter
74 v1.2
/routing bgp peer
Administrator
75 v1.2
76 v1.2
77 v1.2
Set BGP Path Attributes
78 v1.2
Example: Set BGP Path Attributes (Cisco IOS)
• Configure routing policies in R1 AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
to achieve following goals:

2406:6400::/32 2406:6401::/32
172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2406:6400::1/128 2406:6401::1/128
– AS64512 .5
Loopback0
172.20.0.4/30. .6
Loopback0
::0 2406:6400:4:1::/127 ::1

R101 R201
• Outgoing traffic
EBGP
– Primary link: R2-R201 .1 .1
::0 ::0
– Backup link: R1-R101
172.20.0.0/30 172.28.0.0/30
• Incoming traffic EBGP 2406:6400:4::/127 2406:6401:4::/127 EBGP
– Primary link: R2-R201 .2 10.0.0.1/32 .2 10.0.0.2/32

::1 2001:DB8::1/128 ::1 2001:DB8::2/128
– Backup link: R1-R101 .1
Loopback0
10.1.0.0/30 .2
Loopback0
::0 2001:DB8:1::/127 ::1

R1 R2
IBGP
10.2.1.0/24
AS64512 10.2.2.0/24
2001:DB8:2:1::/64 10.0.0.0/8 2001:DB8:2:2::/64
2001:DB8::/32
79 v1.2
! Create route map for inbound filter of IPv4 Unicast EBGP with AS65000
route-map EBGP-AS65000-IPV4-IN permit 10
set local-preference 90
! Create route map for outbound filter of IPv4 Unicast EBGP with AS65000
Administrator route-map EBGP-AS65000-IPV4-OUT permit 10
set as-path prepend 64512 64512
set local-preference 90
route-map EBGP-AS65000-IPV6-OUT permit 10
set as-path prepend 64512 64512
80 v1.2
router bgp 64512
Administrator neighbor EBGP-AS65000-IPV4 route-map EBGP-AS65000-IPV4-IN in
neighbor EBGP-AS65000-IPV4 route-map EBGP-AS65000-IPV4-OUT out
exit-address-family
!
neighbor EBGP-AS65000-IPV6 route-map EBGP-AS65000-IPV6-IN in
exit-address-family
81 v1.2
82 v1.2
– Tracing route to specific destination
• traceroute [destination-address]
• traceroute [destination-address] source [source-address]
83 v1.2
Example: Set BGP Path Attributes (Juniper Junos OS)
172.16.0.0/13
AS65001
172.24.0.0/13

2406:6400::/32 2406:6401::/32
172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2406:6400::1/128 2406:6401::1/128
– AS64512 .5
lo0
172.20.0.4/30. .6
lo0
::0 2406:6400:4:1::/127 ::1

R101 R201
EBGP
::0 ::0
172.20.0.0/30 172.28.0.0/30
– Primary link: R2-R201 .2 10.0.0.1/32 .2 10.0.0.2/32

::1 2001:DB8::1/128 ::1 2001:DB8::2/128
lo0
10.1.0.0/30 .2
lo0
::0 2001:DB8:1::/127 ::1

R1 R2
IBGP
10.2.1.0/24
AS64512 10.2.2.0/24
2001:DB8:2:1::/64 10.0.0.0/8 2001:DB8:2:2::/64
2001:DB8::/32
84 v1.2

set term 10 then accept local-preference 90
set term 10 then accept as-path-prepend "64512 64512"
set term 20 from protocol bgp
85 v1.2

set term 10 then accept local-preference 90
set term 20 from protocol bgp
86 v1.2

Administrator
87 v1.2
88 v1.2
• traceroute [destination-address]
• traceroute [destination-address] source [source-address]
89 v1.2
Example: Set BGP Path Attributes (MikroTik RouterOS)
172.16.0.0/13
AS65001
172.24.0.0/13

2406:6400::/32 2406:6401::/32
172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2406:6400::1/128 2406:6401::1/128
– AS64512 .5
BR-LOOPBACK
172.20.0.4/30. .6
BR-LOOPBACK
::1 2406:6400:4:1::/126 ::2

R101 R201
EBGP
::1 ::1
172.20.0.0/30 172.28.0.0/30
– Primary link: R2-R201 .2 10.0.0.1/32 .2 10.0.0.2/32

::2 2001:DB8::1/128 ::2 2001:DB8::2/128
BR-LOOPBACK
10.1.0.0/30 .2
BR-LOOPBACK
::1 2001:DB8:1::/126 ::2

R1 R2
IBGP
10.2.1.0/24
AS64512 10.2.2.0/24
2001:DB8:2:1::/64 10.0.0.0/8 2001:DB8:2:2::/64
2001:DB8::/32
90 v1.2

/routing filter
add chain=EBGP-AS65000-IPV4-IN action=accept set-bgp-local-pref=90
Administrator /routing filter
add chain=EBGP-AS65000-IPV4-OUT action=accept set-bgp-prepend=3
/routing filter
add chain=EBGP-AS65000-IPV6-IN action=accept set-bgp-local-pref=90
/routing filter
add chain=EBGP-AS65000-IPV6-OUT action=accept set-bgp-prepend=3

/routing bgp peer
91 v1.2
92 v1.2
• /tool traceroute [destination-address] count=5
• /tool traceroute [destination-address] src-address=[source-address] count=5
93 v1.2
BGP Communities
94 v1.2
Example: BGP Communities (Cisco IOS)
• BGP Communities definition: AS65000
172.16.0.0/13
AS65001
172.24.0.0/13
2406:6400::/32 2406:6401::/32
Value Description 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
<asn>:0 Locally originated prefixes 2406:6400::1/128 2406:6401::1/128
Loopback0 Loopback0
.5 172.20.0.4/30. .6
<asn>:100 Customer prefixes ::0 2406:6400:4:1::/127 ::1
R101 R201
<asn>:200 Prefixes from private peering or Internet eXchange (IX) EBGP
.1 .1
<asn>:300 Internet prefixes from upstream provider ::0 ::0
172.20.0.0/30 172.28.0.0/30
• Tag all locally originated prefixes EBGP 2406:6400:4::/127
10.0.0.1/32
2406:6401:4::/127 EBGP
10.0.0.2/32
with “<asn>:0”.
.2 .2
::1 2001:DB8::1/128 ::1 2001:DB8::2/128
Loopback0 Loopback0
.1 10.1.0.0/30 .2
::0 2001:DB8:1::/127 ::1
• Configure routing policies for all R1

IBGP
R2
IPv4 Unicast EBGP peers. 10.2.1.0/24

AS64512
10.0.0.0/8
10.2.2.0/24
2001:DB8:2:1::/64 2001:DB8:2:2::/64
– Refer to next few slides for details 2001:DB8::/32
95 v1.2
• AS64512’s routing policies:
Node Role Peer Dir. Prefix AS Path Communities Action
0.0.0.0/0 (~/24) Accept and tag 64512:300
::/0 (~/48)
In
Reject
R1 Customer R101
64512:0 Accept
Out
Reject
0.0.0.0/0 (~/24) Accept and tag 64512:300

::/0 (~/48)
In
Reject
R2 Customer R201
64512:0 Accept
Out
Reject
96 v1.2
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65000:100
2001:DB8::/32
In
Reject
65000:0 Accept
Provider R1
65000:100 Accept
Out
65000:200 Accept
Reject
R101
172.24.0.0/13 ^65001(_65001)*$ Accept and tag 65000:200
2406:6401::/32 ^65001(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R201
65000:0 Accept
Out 65000:100 Accept
Reject
97 v1.2
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65001:100
2001:DB8::/32
In
Reject
65001:0 Accept
Provider R2
65001:100 Accept
Out
65001:200 Accept
Reject
R201
172.16.0.0/13 ^65000(_65000)*$ Accept and tag 65001:200
2406:6400::/32 ^65000(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R101
65001:0 Accept
Reject
98 v1.2
! BGP Communities definition (new format)
ip bgp-community new-format
ip community-list standard LOCAL permit 64512:0
ip community-list standard CUSTOMER permit 64512:100
ip community-list standard PEER permit 64512:200
Administrator ip community-list standard TRANSIT permit 64512:300
! Create IPv4 prefix list for AS65000

ip prefix-list AS65000-IPV4 seq 10 permit 0.0.0.0/0 le 24
ip prefix-list AS65000-IPV4 seq 1000 deny 0.0.0.0/0 le 32

ipv6 prefix-list AS65000-IPV6 seq 10 permit ::/0 le 48
ipv6 prefix-list AS65000-IPV6 seq 1000 deny ::/0 le 128
99 v1.2
match ip address prefix-list AS65000-IPV4
set community 64512:300 additive
!
Administrator route-map EBGP-AS65000-IPV4-IN deny 1000
match community LOCAL
!
route-map EBGP-AS65000-IPV4-OUT deny 1000
match ipv6 address prefix-list AS65000-IPV6
!
route-map EBGP-AS65000-IPV6-IN deny 1000
!
100 v1.2
! Create route map for tagging BGP Communities on locally originated prefixes
route-map SET-COMM-LOCAL permit 10
set community 64512:0
! Apply route maps to respective BGP peer

Administrator router bgp 64512
! Tag BGP Communities on the aggregate prefix
network 10.0.0.0 mask 255.0.0.0 route-map SET-COMM-LOCAL
! Include Standard Community attribute in BGP updates
neighbor EBGP-AS65000-IPV4 send-community
exit-address-family
!
network 2001:DB8::/32 route-map SET-COMM-LOCAL
exit-address-family
101 v1.2

ip prefix-list AS65001-IPV4 seq 10 permit 0.0.0.0/0 le 24

ipv6 prefix-list AS65001-IPV6 seq 10 permit ::/0 le 48
102 v1.2
!
Administrator route-map EBGP-AS65001-IPV4-IN deny 1000
!
!
!
103 v1.2

exit-address-family
!
network 2001:DB8::/32 route-map SET-COMM-LOCAL
exit-address-family
104 v1.2

ip prefix-list AS64512-IPV4 seq 10 permit 10.0.0.0/8

ipv6 prefix-list AS64512-IPV6 seq 10 permit 2001:DB8::/32


ipv6 prefix-list AS65001-IPV6 seq 10 permit 2406:6401::/32
105 v1.2
! Create AS Path access list for AS64512’s IPv4 Unicast paths

Administrator ip as-path access-list 201 permit ^64512(_64512)*$

ip as-path access-list 102 permit ^65001(_[0-9]+)*_64512$

106 v1.2
match as-path 101
Administrator !
!
match community CUSTOMER
!
match community PEER
!
107 v1.2
match as-path 101
Administrator !
!
!
!
108 v1.2
match as-path 102
Administrator !
!
!
109 v1.2
match as-path 102
Administrator !
!
!
110 v1.2

exit-address-family
!
-- (To be continued) --
111 v1.2
-- (Continued) --
network 2406:6400::/32 route-map SET-COMM-LOCAL
Administrator ! Include Standard Community attribute in BGP updates
exit-address-family
112 v1.2




ipv6 prefix-list AS65000-IPV6 seq 10 permit 2406:6400::/32
113 v1.2

Administrator ip as-path access-list 201 permit ^64512(_64512)*$


114 v1.2
match as-path 101
Administrator !
!
!
!
115 v1.2
match as-path 201
Administrator !
!
!
!
116 v1.2
match as-path 102
Administrator !
!
!
117 v1.2
match as-path 202
Administrator !
!
!
118 v1.2

exit-address-family
!
-- (To be continued) --
119 v1.2
-- (Continued) --
network 2406:6401::/32 route-map SET-COMM-LOCAL
Administrator ! Include Standard Community attribute in BGP updates
exit-address-family
120 v1.2
121 v1.2
122 v1.2
Example: BGP Communities (Juniper Junos OS)
172.16.0.0/13
AS65001
172.24.0.0/13
2406:6400::/32 2406:6401::/32
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
lo0 lo0
.5 172.20.0.4/30. .6
R101 R201
.1 .1
172.20.0.0/30 172.28.0.0/30
10.0.0.1/32
2406:6401:4::/127 EBGP
10.0.0.2/32
with “<asn>:0”.
.2 .2
::1 2001:DB8::1/128 ::1 2001:DB8::2/128
lo0 lo0
.1 10.1.0.0/30 .2
::0 2001:DB8:1::/127 ::1

IBGP
R2
EBGP peers. 10.2.1.0/24

AS64512
10.0.0.0/8
10.2.2.0/24
2001:DB8:2:1::/64 2001:DB8:2:2::/64
123 v1.2
0.0.0.0/0 (~/24) Accept and tag 64512:300
::/0 (~/48)
In
Reject
R1 Customer R101
64512:0 Accept
Out
Reject
0.0.0.0/0 (~/24) Accept and tag 64512:300

::/0 (~/48)
In
Reject
R2 Customer R201
64512:0 Accept
Out
Reject
124 v1.2
10.0.0.0/8 ^64512(64512)*$ Accept and tag 65000:100
2001:DB8::/32
In
Reject
65000:0 Accept
Provider R1
65000:100 Accept
Out
65000:200 Accept
Reject
R101
172.24.0.0/13 ^65001(65001)*$ Accept and tag 65000:200
2406:6401::/32 ^65001(.)*(64512)$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R201
65000:0 Accept
Reject
125 v1.2
10.0.0.0/8 ^64512(64512)*$ Accept and tag 65001:100
2001:DB8::/32
In
Reject
65001:0 Accept
Provider R2
65001:100 Accept
Out
65001:200 Accept
Reject
R201
172.16.0.0/13 ^65000(65000)*$ Accept and tag 65001:200
2406:6400::/32 ^65000(.)*(64512)$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R101
65001:0 Accept
Reject
126 v1.2

# BGP Communities definition
top set policy-options community LOCAL members 64512:0
top set policy-options community CUSTOMER members 64512:100
top set policy-options community PEER members 64512:200
top set policy-options community TRANSIT members 64512:300
Administrator # Create policy statement for AS65000’s IPv4 Unicast routes
top edit policy-options policy-statement ROUTE-AS65000-IPV4
# Create policy statement for AS65000’s IPv6 Unicast routes

127 v1.2

set term 10 from policy ROUTE-AS65000-IPV4
set term 10 then accept community add TRANSIT
set term 10 from community LOCAL
128 v1.2

# Tag BGP Communities on IPv4 Unicast aggregate prefix
top set routing-options static route 10.0.0.0/8 community 64512:0

top set routing-options rib inet6.0 static route 2001:DB8::/32 community 64512:0
Administrator # Apply routing policies to respective BGP peer
129 v1.2


130 v1.2

131 v1.2


top set routing-options rib inet6.0 static route 2001:DB8::/32 community 64512:0
132 v1.2




133 v1.2

set as-path 10 "^64512(64512)*$"

set as-path 10 "^64512(64512)*$"

set as-path 10 "^65001(65001)*$"
set as-path 20 "^65001(.)*(64512)$"

set as-path 10 "^65001(65001)*$"
set as-path 20 "^65001(.)*(64512)$"
134 v1.2

set term 10 from policy ROUTE-AS64512-IPV4 as-path-group AS64512-IPV4
set term 10 then accept community add CUSTOMER
set term 20 from community CUSTOMER
set term 30 from community PEER
135 v1.2

136 v1.2

set term 10 then accept community add PEER
137 v1.2

138 v1.2


top set routing-options rib inet6.0 static route 2406:6400::/32 community 65000:0
139 v1.2




140 v1.2

set as-path 10 "^64512(64512)*$"

set as-path 10 "^64512(64512)*$"

set as-path 10 "^65000(65000)*$"
set as-path 20 "^65000(.)*(64512)$"

set as-path 10 "^65000(65000)*$"
set as-path 20 "^65000(.)*(64512)$"
141 v1.2

142 v1.2

143 v1.2

144 v1.2

145 v1.2


top set routing-options rib inet6.0 static route 2406:6401::/32 community 65001:0
146 v1.2
147 v1.2
148 v1.2
Example: BGP Communities (MikroTik RouterOS)
172.16.0.0/13
AS65001
172.24.0.0/13
2406:6400::/32 2406:6401::/32
2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
.5 172.20.0.4/30. .6
R101 R201
.1 .1
172.20.0.0/30 172.28.0.0/30
10.0.0.1/32
2406:6401:4::/126 EBGP
10.0.0.2/32
with “<asn>:0”.
.2 .2
::2 2001:DB8::1/128 ::2 2001:DB8::2/128
.1 10.1.0.0/30 .2
::1 2001:DB8:1::/126 ::2

IBGP
R2
EBGP peers. 10.2.1.0/24

AS64512
10.0.0.0/8
10.2.2.0/24
2001:DB8:2:1::/64 2001:DB8:2:2::/64
149 v1.2
0.0.0.0/0 (~/24) Accept and tag 64512:300
::/0 (~/48)
In
Reject
R1 Customer R101
64512:0 Accept
Out
Reject
0.0.0.0/0 (~/24) Accept and tag 64512:300

::/0 (~/48)
In
Reject
R2 Customer R201
64512:0 Accept
Out
Reject
150 v1.2
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65000:100
2001:DB8::/32
In
Reject
65000:0 Accept
Provider R1
65000:100 Accept
Out
65000:200 Accept
Reject
R101
172.24.0.0/13 ^65001(_65001)*$ Accept and tag 65000:200
2406:6401::/32 ^65001(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R201
65000:0 Accept
Reject
151 v1.2
10.0.0.0/8 ^64512(_64512)*$ Accept and tag 65001:100
2001:DB8::/32
In
Reject
65001:0 Accept
Provider R2
65001:100 Accept
Out
65001:200 Accept
Reject
R201
172.16.0.0/13 ^65000(_65000)*$ Accept and tag 65001:200
2406:6400::/32 ^65000(_[0-9]+)*_64512$
10.0.0.0/8
In
2001:DB8::/32
Reject
Peer R101
65001:0 Accept
Reject
152 v1.2

# Create route filter chain for AS65000’s IPv4 Unicast routes
/routing filter
add chain=ROUTE-AS65000-IPV4 prefix=0.0.0.0/0 prefix-length=0-24 action=accept
add chain=ROUTE-AS65000-IPV4 action=return
Administrator # Create route filter chain for AS65000’s IPv6 Unicast routes
/routing filter
add chain=ROUTE-AS65000-IPV6 prefix=::/0 prefix-length=0-48 action=accept
/routing filter
add chain=EBGP-AS65000-IPV4-IN match-chain=ROUTE-AS65000-IPV4 \
action=accept append-bgp-communities=64512:300
/routing filter
add chain=EBGP-AS65000-IPV4-OUT bgp-communities=64512:0 action=accept
153 v1.2

/routing filter
/routing filter

/ip route set [find dst-address=10.0.0.0/8 type=blackhole] bgp-communities=64512:0

/ipv6 route set [find dst-address=2001:DB8::/32 type=unreachable] bgp-communities=64512:0

/routing bgp peer
154 v1.2

/routing filter
add chain=ROUTE-AS65001-IPV4 prefix=0.0.0.0/0 prefix-length=0-24 action=accept
/routing filter
add chain=ROUTE-AS65001-IPV6 prefix=::/0 prefix-length=0-48 action=accept
/routing filter
/routing filter
155 v1.2

/routing filter
/routing filter


/ipv6 route set [find dst-address=2001:DB8::/32 type=unreachable] bgp-communities=64512:0

/routing bgp peer
156 v1.2

/routing filter
add chain=ROUTE-AS64512-IPV4 prefix=10.0.0.0/8 action=accept
/routing filter
add chain=ROUTE-AS64512-IPV6 prefix=2001:DB8::/32 action=accept

/routing filter

/routing filter
add chain=ROUTE-AS65001-IPV6 prefix=2406:6401::/32 action=accept
157 v1.2

# Create route filter chain for AS64512’s IPv4 Unicast paths
/routing filter
add chain=PATH-AS64512-IPV4 bgp-as-path="^64512(_64512)*\$" action=accept
add chain=PATH-AS64512-IPV4 action=return
Administrator # Create route filter chain for AS64512’s IPv6 unicast paths
/routing filter

/routing filter
add chain=PATH-AS65001-IPV4 bgp-as-path="^65001(_[0-9]+)*_64512\$" action=accept
# Create route filter chain for AS65001’s IPv6 unicast paths

/routing filter
158 v1.2

/routing filter
action=jump jump-target=PATH-AS64512-IPV4 append-bgp-communities=65000:100
/routing filter
/routing filter
/routing filter
159 v1.2

/routing filter
/routing filter
/routing filter
/routing filter
160 v1.2


/ipv6 route set [find dst-address=2406:6400::/32 type=unreachable] bgp-communities=65000:0
Administrator # Apply route filters to respective BGP peer
/routing bgp peer
161 v1.2

/routing filter
/routing filter

/routing filter

/routing filter
add chain=ROUTE-AS65000-IPV6 prefix=2406:6400::/32 action=accept
162 v1.2

/routing filter
Administrator # Create route filter chain for AS64512’s IPv6 Unicast paths
/routing filter

/routing filter

/routing filter
163 v1.2

/routing filter
/routing filter
/routing filter
/routing filter
164 v1.2

/routing filter
/routing filter
/routing filter
/routing filter
165 v1.2


/ipv6 route set [find dst-address=2406:6401::/32 type=unreachable] bgp-communities=65001:0
Administrator # Apply route filters to respective BGP peer
/routing bgp peer
166 v1.2
167 v1.2
168 v1.2
Remote Private ASN
169 v1.2
Autonomous System Number (ASN)
Range ASN Description Reference
0 Reserved RFC1930, RFC7607
1 – 64495 (except 23456) Public Internet
16-bit range 23456 Represents 32-bit ASN in 16-bit world RFC6793

0 – 65535 64496 – 64511 Documentation RFC5398
64512 – 65534 Private use RFC1930, RFC6996
65535 Reserved RFC7300
65536 – 65551 Documentation RFC4893, RFC5398
65552 – 131071 IANA Reserved ASNs

32-bit range
65536 – 4294967295 131072 – 4199999999 Public Internet
(RFC4893)
4200000000 – 4294967294 Private use RFC6996
4294967295 Reserved RFC7300
170 v1.2
Remove Private ASN
• BGP can operate with either public or private ASNs.
• Private ASNs can be used by single-homed or dual-homed
networks connecting to a single provider.
– Eliminates the burden of needing to apply for public ASNs
• Private ASNs must not be advertised to global routing table.

• Provider must remove customer’s private ASN from
AS_PATH when re-advertising customer’s prefixes to other
EBGP peers.
171 v1.2
Remove Private ASN
• Works only on prefix advertisements to EBGP peers.
• Removal rules:
If Then
AS_PATH contains only private ASNs Private ASNs are removed
Private ASNs are not removed

AS_PATH contains private ASNs between public ASNs (Some platforms support configurable option that will
remove the private ASNs anyway)
AS_PATH contains ASN of the EBGP peer Private ASNs are not removed
Private ASNs are removed only if they come after the

AS_PATH contains confederations (AS_CONFED_SEQ)
confederation portion of the AS_PATH
172 v1.2
Configuring Remove Private ASN
• Configurable options:
– Cisco IOS
• Per Address Family of a peer
• Per Address Family of a group of peers
• Can remove private ASNs even if a public ASN is encountered
– By configuring “remove-private-as all”
– Juniper Junos OS
• Per peer
• Per group of peers
• Can remove private ASNs even if a public ASN is encountered
– By configuring “remove-private all”
– MikroTik RouterOS
• Per peer
173 v1.2
Example: Remove Private ASN (Cisco IOS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
Loopback0 Loopback0 Loopback0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
R1 R101 (Remove Private ASN) R201
• BGP is pre-configured. Local Prefixes Peer

– IPv4 Unicast and IPv6 Unicast ASN Node IPv4 IPv6 ASN Node
– No inbound/outbound filter 64512 R1 10.0.0.0/8 2001:DB8::/32 135533 R101
• Configure R101 to remove 135533 R101 172.16.0.0/13 2406:6400::/32 64512 R1
private ASN on its BGP 135534 R201
updates to R201. 135534 R201 172.24.0.0/13 2406:6401::/32 135533 R101
174 v1.2
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
Loopback0 Loopback0 Loopback0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
Local Prefixes Peer

• Expectation: ASN Node IPv4 IPv6 ASN Node
– R201 should receive 64512 R1 10.0.0.0/8 2001:DB8::/32 135533 R101
AS64512’s prefixes from R101 135533 R101 172.16.0.0/13 2406:6400::/32 64512 R1
with AS_PATH “135533” 135534 R201
instead of “135533 64512” 135534 R201 172.24.0.0/13 2406:6401::/32 135533 R101
175 v1.2
router bgp 135533
! Remove private ASN on BGP updates to this peer
neighbor EBGP-AS135534-IPV4 remove-private-as
exit-address-family
Administrator !
! Remove private ASN on BGP updates to this peer
neighbor EBGP-AS135534-IPV6 remove-private-as
exit-address-family
176 v1.2
177 v1.2
Example: Remove Private ASN (Juniper Junos OS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
lo0 lo0 lo0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP

updates to R201. 135534 R201 172.24.0.0/13 2406:6401::/32 135533 R101
178 v1.2
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
lo0 lo0 lo0
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::1 2406:6400:4::/127 ::0 ::0 2406:6400:4:1::/127 ::1
EBGP EBGP
Local Prefixes Peer

with AS_PATH “135533” 135534 R201
instead of “135533 64512” 135534 R201 172.24.0.0/13 2406:6401::/32 135533 R101
179 v1.2
# Remove private ASN on BGP updates to this peer
top set protocols bgp group EBGP-AS135534-IPV4 remove-private

top set protocols bgp group EBGP-AS135534-IPV6 remove-private
Administrator
180 v1.2
• show route table inet.0 receive-protocol bgp [peer-address] all
• show route table inet6.0 receive-protocol bgp [peer-address] all
181 v1.2
Example: Remove Private ASN (MikroTik RouterOS)
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
BR-LOOPBACK BR-LOOPBACK BR-LOOPBACK
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::2 2406:6400:4::/127 ::1 ::1 2406:6400:4:1::/127 ::2
EBGP EBGP

updates to R201. 135534 R201 172.24.0.0/13 2406:6401::/32 135533 R101
182 v1.2
AS64512 AS135533 AS135534
172.16.0.0/13, 2406:6400::/32 172.16.0.0/13, 2406:6400::/32 172.24.0.0/13, 2406:6401::/32
172.18.1.0/24 172.18.1.0/24 172.26.1.0/24
2406:6400:2:1::/64 10.0.0.1/32 2406:6400:2:1::/64 172.16.0.1/32 2406:6401:2:1::/64 172.24.0.1/32
2401:DB8::1/128 2406:6400::1/128 2406:6401::1/128
BR-LOOPBACK BR-LOOPBACK BR-LOOPBACK
.2 172.20.0.0/30 .1 .5 172.20.0.4/30. .6
::2 2406:6400:4::/127 ::1 ::1 2406:6400:4:1::/127 ::2
EBGP EBGP
Local Prefixes Peer

with AS_PATH “135533” 135534 R201
instead of “135533,64512” 135534 R201 172.24.0.0/13 2406:6401::/32 135533 R101
183 v1.2
/routing bgp peer set EBGP-AS135534-IPV4 remove-private-as=yes

/routing bgp peer set EBGP-AS135534-IPV6 remove-private-as=yes
Administrator
184 v1.2
• /routing bgp peer print status
– Showing detail information of BGP routes in routing table
• /ip route print detail where bgp
• /ipv6 route print detail where bgp
185 v1.2

d2 s1 BGP Routing Policies

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

d2 s1 BGP Routing Policies

Uploaded by

Copyright:

Available Formats

Border Gateway Protocol (BGP)

BGP Routing Policies

Overview of Routing Policies

• Traffic engineering policies influence traffic paths and

• Outbound filters influence inbound traffic.

IPv4 Unicast IPv4 Prefix List Policy Statement Route Filter

IPv4 Unicast AS Path Access List Policy Statement Route Filter

IPv4 Unicast Route Map Policy Statement Route Filter

IPv4 Unicast Route Map Policy Statement Route Filter

R1 Customer R101 Any (~/24) 10.0.0.0/8 .5 172.20.0.4/30 .6

Peer R201 172.24.0.0/13 172.16.0.0/13 (~/24) EBGP 172.20.0.0/30 172.28.0.0/30 EBGP

R201 Provider R2 10.0.0.0/8 Any (~/24) .2 10.0.0.1/32 .2 10.0.0.2/32

R1 Customer R101 Any (~/48) 2001:DB8::/32 ::0 2406:6400:4:1::/127 ::1

Peer R201 2406:6401::/32 2406:6400::/32 (~/64) EBGP 2406:6400:4::/127 2406:6401:4::/127 EBGP

Administrator ! Create prefix list for outbound filter

Administrator ! Create prefix list for outbound filter

R1 Customer R101 Any (~/24) 10.0.0.0/8 .5 172.20.0.4/30 .6

Peer R201 172.24.0.0/13 172.16.0.0/13 (~/24) EBGP 172.20.0.0/30 172.28.0.0/30 EBGP

R201 Provider R2 10.0.0.0/8 Any (~/24) .2 10.0.0.1/32 .2 10.0.0.2/32

R1 Customer R101 Any (~/48) 2001:DB8::/32 ::0 2406:6400:4:1::/127 ::1

Peer R201 2406:6401::/32 2406:6400::/32 (~64) EBGP 2406:6400:4::/127 2406:6401:4::/127 EBGP

R1 Customer R101 Any (~/24) 10.0.0.0/8 .5 172.20.0.4/30 .6

Peer R201 172.24.0.0/13 172.16.0.0/13 (~/24) EBGP 172.20.0.0/30 172.28.0.0/30 EBGP

R201 Provider R2 10.0.0.0/8 Any (~/24) .2 10.0.0.1/32 .2 10.0.0.2/32

R1 Customer R101 Any (~/48) 2001:DB8::/32 ::1 2406:6400:4:1::/126 ::2

Peer R201 2406:6401::/32 2406:6400::/32 (~/64) EBGP 2406:6400:4::/126 2406:6401:4::/126 EBGP

# Apply route filters to respective BGP peer

# Apply route filters to respective BGP peer

EBGP between R101 and R201.

::0 2406:6400:4:1::/127 ::1

each other’s locally originated R1

Based on example scenarios:

EBGP between R101 and R201.

::0 2406:6400:4:1::/127 ::1

each other’s locally originated R1

Based on example scenarios:

# Create AS Path group for AS65001’s IPv6 Unicast paths

# Create AS Path group for locally originated IPv4 Unicast paths

# Create AS Path group for locally originated IPv6 Unicast paths

# Create AS Path group for customer’s IPv4 Unicast paths

# Create AS Path group for customer’s IPv6 Unicast paths

# Create AS Path group for AS65000’s IPv6 Unicast paths

# Create AS Path group for locally originated IPv4 Unicast paths

# Create AS Path group for locally originated IPv6 Unicast paths

# Create AS Path group for customer’s IPv4 Unicast paths

# Create AS Path group for customer’s IPv6 Unicast paths

EBGP between R101 and R201.

::1 2406:6400:4:1::/126 ::2

each other’s locally originated R1

Based on example scenarios:

Set BGP Path Attributes

to achieve following goals:

::0 2406:6400:4:1::/127 ::1

– Primary link: R2-R201 .2 10.0.0.1/32 .2 10.0.0.2/32

::0 2001:DB8:1::/127 ::1

to achieve following goals:

::0 2406:6400:4:1::/127 ::1

– Primary link: R2-R201 .2 10.0.0.1/32 .2 10.0.0.2/32

::0 2001:DB8:1::/127 ::1

Juniper Junos OS R1’s configuration

Juniper Junos OS R1’s configuration

Juniper Junos OS R1’s configuration

to achieve following goals: