Home / Cisco R&S / Introduction to BGP Prefix-Based Outbound Route Filtering

Introduction to BGP Prefix-Based Outbound Route Filtering

Today I am going to talk about the concept of BGP Prefix-based outbound route filtering concept. Many of you are already aware of this concept. The purpose of the BGP prefix-based outbound route filtering is where BGP ORF send and receive abilities to reduce the number of BGP updates that are referred among BGP peers.

With the help of this feature, we can reduce the amount of system resources needed for producing and managing routing updates by filtering out undesirable routing updates at the source. With the help of this you can actually reduce the processing on the router by reducing the number of the updates on the router. 

The BGP prefix-based outbound route filtering can be designed with send or receive ORF abilities. The local peer broadcasts the ORF ability in send mode. The remote peer collects the ORF ability in receive mode and uses the filter as an outbound policy. The local and remote peers interchange updates to preserve the ORF on each router. 

Updates are swapped between peer routers by address family varying on the ORF prefix list ability that is promoted. The remote peer starts directing updates to the local peer after a route refresh has been demanded with the “clear ip bgp in prefix-filter” command or after an ORF prefix list with instant status is handled. The BGP peer will remain to operate the inbound prefix list to acknowledged updates after the local peer impulses the inbound prefix list to the remote peer.

Some of the facts about the BGP prefix-based outbound route filtering are as below:
  • It doesn’t support multicasting
  • Make sure that the IP addresses which you are going to use for outbound route filtering must be defined in an IP prefix list. 
  • It doesn’t support BGP distribute lists and IP access lists.
  • It is configured on only a per-address family basis and cannot be configured under the general session or BGP routing process
  • It is configured for external peering sessions only

Let's talk about the configuration example showing between source and destination. In our example we made an outbound route filter and configures Router XP (10.1.1.1) to advertise the filter to Router NB (172.16.1.2). An IP prefix list named FILTER is created to stipulate the 192.168.1.0/24 subnet for outbound route filtering. The ORF send ability is configured on Router XP so that Router XP can advertise the outbound route filter to Router NB.

Fig 1.1- BGP Prefix-Based Outbound Route Filtering 
Router XP Configuration
Router XP is a sender router and below are the basic configurations on Router XP as an sender.

!
ip prefix-list FILTER seq 10 permit 192.168.10.0/24
!
router bgp 65200
 address-family ipv4 unicast
 neighbor 10.10.1.2 remote-as 65200
 neighbor 10.10.1.2 ebgp-multihop
 neighbor 10.10.1.2 capability orf prefix-list send
 neighbor 10.10.1.2 prefix-list FILTER in
 end
!

Router NB to announce the ORF receive ability to Router XP. Router NB will induct the outbound route filter, described in the FILTER prefix list, after ORF abilities have been swapped. An inbound soft reset is began on Router NB at the end of this configuration to stimulate the outbound route filter.

Router NB Configuration
!
router bgp 65300
 address-family ipv4 unicast
 neighbor 10.10.1.1 remote-as 65200
 neighbor 10.10.1.1 ebgp-multihop 255
 neighbor 10.10.1.1 capability orf prefix-list receive
 end
!
clear ip bgp 10.10.1.1 in prefix-filter
!

The next example displays how the route map named set-as-path is affected to outbound updates to the neighbor 10.69.212.70. The route map will prepend the autonomous system path “65200 65200” to routes that pass access list 1. The second part of the route map is to permit the advertisement of other routes.

!
router bgp 65200
 network 172.16.10.0
 network 172.17.10.0
 neighbor 10.69.212.70 remote-as 65300
 neighbor 10.69.212.70 route-map set-as-path out
!
route-map set-as-path 10 permit
 match address 1
 set as-path prepend 65200 65200
!
route-map set-as-path 20 permit
 match address 2
!
access-list 1 permit 172.16.10.0 0.0.255.255
access-list 1 permit 172.16.10.0 0.0.255.255
!
access-list 2 permit 0.0.0.0 255.255.255.255
!