BGP Route Filtering: Prefix Lists



Next on the chopping block when it comes to filtering routes shared between BGP neighbors is a prefix list. There isn’t anything confusing to this one, the name is pretty accurate. You are simply creating an exact list of prefixes to be allowed. This is similar to a route-map for filtering shared routes but I think it is more accurate when pin-pointing the routes you want to filter.

For example, in a route-map, you may allow something like with the ACL you created. You are not just allowing that specific route, you are allowing everything that falls under it, like if you had subnetted into smaller subnets. All would be allowed.With a prefix list, the route being shared has to match exactly:


ip prefix-list ALLOW seq 5 permit
ip prefix-list ALLOW seq 10 permit
ip prefix-list ALLOW seq 15 permit
ip prefix-list ALLOW seq 20 permit

With that example, those routes must match exactly to be allowed. Say, for example, was subnetted into two smaller subnets, because the routes are not exactly matching, they would not be shared.

That is very quick and easy, but there is always more! You can created broader scopes with a prefix list, like an ACL.

There are two ways to do this. Take the normal prefix-list and add “ge” or “le” for greater than or equal to and less than or equal to. Look at the first example:

ip prefix-list RANGE seq 5 permit ge 24

What this is actually say is that is being included. Also included are any routes that match the first 16 bits and then have a subnet mask greater than or equal to 24. With this, you can create a single statement with a prefix list now to encompass more than just a single route.

The other way to do it is like this:

ip prefix-list RANGE seq 5 permit le 32

This is saying we want to match the first 16 network bits and then the routes must have a mast less than or equal to 32. This could potentially include a large number of routes.

And lastly, if you really want to get crazy and have some fun, you can use both options, “ge” and “le”. You can have something like this:

ip prefix-list RANGE seq 5 permit ge 24 le 32

Overall this is just a way to add more control to the routes that you want to include \ deny.

BGP Usage

Usage is very similar to a route-map in BGP. You add another neighbor statement and then determine if you want your prefix-list to apply inbound or outbound. This is useful depending on what direction you are looking to control routes in.

A configuration may look a bit like this:

ip prefix-list RANGE seq 5 permit le 32
router bgp 65000
 bgp router-id
 bgp log-neighbor-changes
 neighbor remote-as 65000
 neighbor update-source Loopback0
 neighbor prefix-list RANGE out

That would apply our prefix list to the BGP neighbor peering and only share those routes that are specified accordingly.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.