Using the route-maps for BGP filtering

Border Gateway Protocol (BGP) is one of the most important routing protocols used to exchange data between different autonomous systems (AS) on the Internet. Each of these individual systems are usually owned by an Internet Service Providers (ISPs) or other, major organization.



Using the route-maps for BGP filtering 1



Different routers, from different ISPs, use the BGP protocol to exchange information about paths to destination networks. That is why we classify BGP as one of the Exterior Gateway Protocols (EGPs). Unlike most Interior Gateway Protocols (IGPs), BGP is based on rules that allow autonomous systems to control traffic by using various BGP attributes. The propagation of network paths between these systems is controlled via a "route-map" mechanism consisting of a set of pre-defined rules. In order for a route-map to be executed, all the rules within it must be consistent with the BGP traffic that routers exchange. By filtering BGP traffic, it is possible to both ban and allow the recording of certain routes in the routing table. The route-map mechanism can be applied to input and output routes.


The following example shows a BGP data exchange between a user and 2 ISPs. The task is to filter the BGP exchange of routing information, such that the user (AS65001) receives information from the ISPs via the default path only, and to determine which ISP will provide the primary and secondary links to the Internet, by using the BGP attribute (Local-preference).



Using the route-maps for BGP filtering 2



GW router configuration:

Router bgp 65001
  neighbour remote-as 65000
  neighbour route-map FILTER in
  neighbour remote-as 65002
  neighbour route-map FILTER in
route-map FILTER permit 10
  match ip address prefix-list default-only
  match as-path 10
  set local-preference 150
route-map FILTER permit 20
  match ip address prefix-list default-only
ip as-path access-list 10 permit ^65000$
ip prefix-list default-only permit


The "GW" router is configured by executing a BGP session with two ISPs using the "neighbour remote-as" commands. Furthermore, a "FILTER" route-map is created and placed in the direction of the user's network access. A prefix list is added to the route-map, which allows access to the network "default" routes only, and the "local-preference" BGP attribute determines the priority output to the Internet. In this way, the user’s router has a redundant output to the Internet and the processor works at an optimal level, since it does not receive the entire routing table from the ISPs.