Filtering BGP prefixes

jkaras · ‎09-17-2018

I am receiving routes via BGP from a cloud provider. The provider is sending overlapping routes. For example, 10.0.0.0/8 and 10.1.0.0/16. I would like to filter the component route as it's learned from the cloud provider. So in my example, keep the 10.0.0/8 route and drop the 10.1.0.0/16 route.

The problem is that I don't know the prefixes that will be advertised. For example, today it is 10.0.0.0/8 and 10.1.0.0/16. Tomorrow they may add 11.0.0.0/8 and 11.1.0.0/16 without my awareness. Therefore I can't create route-maps/prefix-lists that match on specific prefix values.

Is there a way to drop component routes if a less specific summary is also learned - regardless of the actual prefix values?

(I understand the undesirable ramifications of learning unknown routes from a cloud provider. I've also made the IP addressing examples simpler that my real world need)

Georg Pauwen · ‎09-17-2018

Hello,

what you could do is drop ANYTHING with e.g. a higher than /8 netmask, as in the example below:

router bgp 1
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 2
neighbor 192.168.1.2 route-map SUPERNET_MAP in
!
ip prefix-list SUPERNET_PREFIX seq 5 permit 0.0.0.0/0 le 8
!
route-map SUPERNET_MAP permit 10
match ip address prefix-list SUPERNET_PREFIX

This would allow 10.0.0.0/8, 11.0.0.0/8 etc. but not 10.0.0.0/9 or higher and so on...

Joseph W. Doherty · ‎09-17-2018

You're asking about some form of auto aggregation? The closest to that might be BGP auto-summary, but it's unclear whether your requirements would be met by working within classful boundaries. I'm also unsure if would be possible to use auto-summary against received routes.

You note "The provider is sending overlapping routes.", but for what you've described is not uncommon, and there's often a reason for that. Even when you manually (BGP) aggregate routes (which I think is what you're looking to accomplish although automatically), when you drop the more specific prefixes, you need to be careful how you do that, for example using the AS set option. (Also you didn't mention what prefix[s] limits you wanted to work with. Without that, might everything auto aggregate to a default route?)

If you really believe your provider is sending you needless "overlapping" routes, you might discuss that with them.

If you're trying to reduce the size of a received full BGP table, there are other approaches, such as limiting specific routes to a number of AS hops from that provider. For example, if you have multiple Internet BGP providers, you might have a default route to them, but access prefixes from them that are one AS hop away (i.e. the destination prefix has a direct connection to that provider too).

paul driver · ‎09-18-2018

Hello
Just like to add to Josephs comments:-
You could possibly look into using an elegant kind of route filtering inline with your ISP in a away that not only it results in you not receiving certain prefixes but it also saves router resource.

These prefixes wont even been sent to your router in the first place unlike normal route filtering in which the prefixes are received by your router then filtering takes place thus still taking up unnecessary resource.
This kind of route filtering is called Outbound Route Filtering (ORF) but as I have stated you eed to work with you ISP to see if this is indeed applicable.

example ORF:
your router
ip prefix-list ORF deny 10.0.0.0/16
ip prefix-list ORF permit 0.0.0.0/0 le 32

router bgp x
neighbor (ISP) prefix-list ORF in
neighbor (ISP) capability orf prefix-list ORF send

ISP
router bgp x
neighbor (your rtr) capability orf prefix-list receive

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul