Sunday, June 10, 2012

Configuring BGP - ORF (Outbound Route Filtering)

Outbound route filtering (ORF) in BGP reminds me of SPAM which I get in my mail everyday. Even though, I end up throwing (filtering) most of it away in the garbage, I still have to spend time looking at it, opening it and/or reading it which in turns wastes my time and my brain cycles. Wouldn't it be much more efficient if I can just tell the post office not to even send it? Well in BGP we can actually do this. We can tell our BGP neighbor what to filter-out before sending updates so we do not have to waste (CPU) time processing it. Ideally this would be implemented in ISPs peering so ISPs do not have to deal with customer requests on what needs to be advertised and what needs to be filtered.

For example, if you are BGP peered with an ISP and you had a route-map to filter all the routes except the default route, the ISP is still sending you the whole internet routing table and your CPU is processing the entire internet table before filtering it down to the default route.

Consider this topology and let's see how we can efficiently perform BGP filtering and conserve our router's resource.

First we will implement BGP prefix-list filtering on R2 and then we will see how we can efficiently perform filtering using BGP ORF (Outbound Route Filtering). 

As usual let's get our interfaces configured. 

R2 interface configurations
R3 interface configurations
Now let's get BGP configured between the routers without the ORF and take a look at the results. 

  • Create a prefix list and specify which route you want to accept which in this case will be 
  • Create a new instance of BGP.
  • Create the neighbor statements and attach the prefix-list in the inbound direction. 

  • Create a new instance of BGP.
  • Redistribute connected so all the loopback addresses make it into the BGP table. 
Now let's verify everything. 
  • 'Show ip bgp' shows the routes that are in the BGP table. 
  • 'show ip bgp neighbor advertised-routes' shows you all the routes that are advertised to the neighbor. As you can see all the loopbacks are advertised to R2. 
Now let's take a look at R2 routing table. 
  • As you can see with received-routes you are receiving everything from ISPA. 
  • 'show ip bgp' reveals that the prefix-list which is applied on the "inbound direction" is taking effect and the only route that ends up in the routing table is the as expected. 
  • This is not very efficient since the router has to process everything (all the routes) that it got from ISPA and then filter accordingly.
Let's now see how we can configure BGP ORF (Outbound Route Filtering) and make this process much more efficient. 

  • In order to configure BGP Outbound Route Filtering type 'neighbor capability orf prefix-list send' under the BGP Configuration. This sends the prefix-list you have configured for this neighbor upstream. 
  • You can verifiy this operation by 'show ip bgp neighbor'. Notice that the send-mode is advertised upstream.
  • At this point we are only 50% done, we need to configure ISPA to accept R2 prefix-list that is being sent.
Let's now configure ISPA to accept the prefix-list which is being advertised by R2. 

  • 'neighbor capability orf prefix-list receive' allows ISPA to honor the prefix-list being received from R2. 
  • Notice that 'show ip bgp' shows all the routes in the BGP Table. However, the only route being advertised to R2 is just which is what the prefix-list on R2 accepts. 
Verify at ISPA

  • Notice that received-mode is advertised and send-mode is received from R2 as configured. 
  • Notice that the # of prefix sent are only one according to the prefix-list being received. 
  • Notice that 3 prefix's are being denied due to the prefix-list. 

As you can see once we configure ORF (Outbound Route Filtering) on R2 and ISPA, ISPA stop sending the whole BGP Table and only sends what R2 is requesting. This way ISPs do not have to worry about customer requests and customers do not have to depend on ISPs to advertise or make changes to the advertisements. It is dynamically controlled by the customer. In addition, BGP Route filtering is accomplished much more efficiently than just a prefix-list applied in the inbound direction. 

Many more articles to come so please stay tuned. 

If you like my posts please subscribe/comments/+1. 

Thank you. 

No comments:

Post a Comment