Sunday, April 7, 2013

BGP Distribute Lists

A distribute list filters routes based on the IP of the destination and are therefore more effective than filter lists because they focus on the prefixes, instead of the AS-paths.
To set up a distribute list, you must create an access list. The access-list must permit all blocks you wish to allow. Cisco routers use an inverse or 'wildcard' mask for access lists.
For example if the IP address range you own runs from 204.134.12.0 through 204.124.24.255 then you would use the following access list (the list number is arbitrary and used to group the statements together).
access-list 21 permit 204.134.12.0 0.0.3.255
access-list 21 permit 204.134.16.0 0.0.7.255
access-list 21 permit 204.134.24.0 0.0.1.255
Next, you must apply this distribute list to the correct BGP neighbor session as an inbound our outbound list. Outbound distribute lists filter your announcements to your peer. Inbound announcements filter what routes you will accept from your peer.
router bgp <your AS>
 ...
 neighbor x.x.x.x remote-as NN
 neighbor x.x.x.x version 4
 neighbor x.x.x.x distribute-list 21 out

OUTBOUND DISTRIBUTE LIST
An outbound distribute list assures that you do not announce routes heard from one of your peers to another peer. An outbound list restricts your announcements to only those routes you own and can reach.
INBOUND DISTRIBUTE LIST
If you are an Internet Service Provider, you will also need to restrict the routes your downstream customers and peers announce to you. You will need a complete list of routes from that customer to apply to the inbound routes announced by your customer. This is the most common reason for an inbound distribute list, but you should always apply one for 'sanity checking' to block private and non-routable IP addresses (such as 192.168.0.0 or 127.0.0.1).
Related Posts Plugin for WordPress, Blogger...