BGP Route Filtering using Prefix Lists and Route Maps
Note: this is an elementary example. A more realistic implementation will include ranges of subnets and more granular filtering
In this demonstration, BGP is operating across 3 separate Autonomous Systems. Objective is to filter out the /26 network being advertised to R2 using a Prefix-List and Route-Map on R0.
1. First we create the Prefix-List to deny traffic from the /26 network
2. Then we can create a Route-Map and match the list
3. Finally we will attach the route-map to our BGP process
(You will need to reset/refresh the BGP TCP sessions on R2 for changes to take effect on the BGP table and routing table)
On R0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list LIST1 seq 5 deny 192.168.1.128/26
ip prefix-list LIST1 seq 10 permit 0.0.0.0/0 le 32
route-map MAP1 permit 10
match ip address prefix-list LIST1
router bgp 6500
neighbor 10.2.2.2 route-map MAP1 out
On R2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
clear ip bgp *
show ip bgp
Видео BGP Route Filtering using Prefix Lists and Route Maps канала Bellagio Sampler
In this demonstration, BGP is operating across 3 separate Autonomous Systems. Objective is to filter out the /26 network being advertised to R2 using a Prefix-List and Route-Map on R0.
1. First we create the Prefix-List to deny traffic from the /26 network
2. Then we can create a Route-Map and match the list
3. Finally we will attach the route-map to our BGP process
(You will need to reset/refresh the BGP TCP sessions on R2 for changes to take effect on the BGP table and routing table)
On R0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ip prefix-list LIST1 seq 5 deny 192.168.1.128/26
ip prefix-list LIST1 seq 10 permit 0.0.0.0/0 le 32
route-map MAP1 permit 10
match ip address prefix-list LIST1
router bgp 6500
neighbor 10.2.2.2 route-map MAP1 out
On R2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
clear ip bgp *
show ip bgp
Видео BGP Route Filtering using Prefix Lists and Route Maps канала Bellagio Sampler
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Securing a LAN with DHCP Snooping, Dynamic Arp Inspection, and Port-Security[NetSim Community Lab] Configuring Multi-Area OSPFv2 with Default Route InjectionUsing Yersinia to perform DHCP Starvation attack on the network (DoS)Using RSPAN (Remote Switched Port Analyzer) to mirror and capture trafficUsing ARP Poisoning to capture traffic from a target on the networkCreating a site-to-site GRE over IPSec VPN tunnelConfiguring Router-On-A-Stick (ROAS)