Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing     - Ubuntu arm-none-eabi-gcc compiler treated with STM32F10x (Linux)

- Mount and unloading disks under Linux (Linux)

- DataGuard a hardware issue warnings found (Database)

- Basic data types JavaScript type system and the type of packaging (Programming)

- iOS in Singleton (Programming)

- Nagios plugin installation tutorial of Nrpe (Linux)

- cp: omitting directory error solutions under Linux (Linux)

- A deep understanding of Java enum (Programming)

- Installation on the way to the root source Ubuntu Server 14.04 LTS version Odoo8.0 (Server)

- Why everybody ought to know LLVM (Linux)

- How to Install Suricata IDS on a Linux system (Server)

- Detailed software to run UnixBench (Linux)

- Linux using TCP-Wrapper Service Management (Linux)

- shell script: a key optimization CentOS system (Linux)

- Java Class file format parsing (Programming)

- To configure linux transparent firewall (Linux)

- Not safe procedure under Linux (Linux)

- Install FFmpeg compiling from source in Mac OS X environment (Linux)

- Virtualbox virtual machine can not copy CentOS Network (Linux)

- Oracle 12C RAC on temporary table space Enlighten (Database)

  How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing
  Add Date : 2017-01-08      
  How to use Quagga CentOS server to become a BGP router, also introduced BGP peers and exchange prefix settings. In this tutorial, we will focus on how to use the prefix list (prefix-list) and route maps (route-map) to control the injection data and data output.

Previous articles have said, BGP routing decision is based on the broadcast prefix and prefix of charge. To avoid the wrong route, you need to use some filtering mechanism to control the transmission of these prefixes. For example, if one of your BGP neighbors started to broadcast a do not belong to their prefixes, and you will be wrong received these unusual prefix, and will forward it to the network, the forwarding process will continue to go on forever do not stop (the so-called "black hole" thus produced). So make sure this prefix is not received or is not forwarded to any network, to achieve this purpose, you can use the prefix list, and route maps. The former is based on the filtering mechanism prefix, which is more common prefix-based policy can be used to fine-tune the filtering mechanism.

This article will show you how to use the prefix list in Quagga routing and mapping.

Topology and demand

This tutorial uses the following topology.

Service Provider A and B have other suppliers set to eBGP peers, communicate with each other. Their autonomous system numbers and prefixes are shown below.

Peer sections:
Service Provider A: AS number 100, prefix
Service Provider B: AS number 200, prefix
In this scenario, the vendor B want to receive, and three prefixes from A.

Installation and setup Quagga BGP peer

In the previous tutorial, we have written and set to install Quagga BGP peer method, therefore will not be described in detail, and only a brief introduction and configure BGP prefix advertisement

Description BGP peer has been opened. Router-A in to the router-B broadcast multiple prefixes, and Router-B is also a prefix to the router-A broadcast Two routers can send and receive the correct prefix.


Create a prefix list

You can use the router ACL or prefix list to filter a prefix. Prefix list is more common than ACL, because the former fewer processing steps, and easy to create and maintain.

ip prefix-list DEMO-PRFX permit
The above command to create the prefix list named "DEMO-FRFX" and allows only prefix.

Another powerful feature list is support prefix subnet mask range, see the following example:

ip prefix-list DEMO-PRFX permit le 24
This command creates prefix list contains a prefix between and / or 24, respectively,, and Operators "le" indicates less, you can also use "ge" means greater than equal.

A prefix list statements can have multiple allow or deny the operation. Each statement is automatically or manually assigned a serial number.

If more than one prefix list statements exist, these statements will be executed in sequence order of the sequence number. Configured prefix list, we need to pay attention after all prefix list statements are implicit denial statement, that those who are not allowed to clear, will be rejected.

If you want to set to allow all prefixes, prefix list statements are set as follows:

ip prefix-list DEMO-PRFX permit le 32
We already know how to create a prefix list statements, and now we want to create a prefix list named "PRFX-LST" and to meet the needs of our test scene.

router-b # conf t
router-b (config) #ip prefix-list PRFX-LST permit le 24

Create route map

In addition to the list of prefixes and ACL, there's another mechanism, called a route map can be controlled prefix BGP router. In fact, the route map for the prefix match for fine-tuning effects are stronger than the prefix list, and ACL.

Similar to the prefix list, the route map statement can also be specified to allow and deny actions, but also need to assign a serial number. Each route can have multiple matching allow or deny the operation. E.g:

route-map DEMO-RMAP permit 10
The above statement creates a route map called "DEMO-RMAP", add the number of 10 allowed to operate. Now we use the match command in the serial number corresponding to the route map to match.

router-a (config-route-map) # match (press? in the keyboard)
as-path Match BGP AS path list
community Match BGP community list
extcommunity Match BGP / VPN extended community list
interface match first hop interface of route
ip IP information
ipv6 IPv6 information
metric Match metric of route
origin BGP origin code
peer Match peer address
probability Match portion of routes defined by percentage value
tag Match tag of route
As you can see, the route map can match many properties in this tutorial is a prefix match.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
Prefix list before this match will match command built in to allow the IP address (ie prefix, and

Next, we can use the set command to modify these properties. Examples are:

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
set (press? in keyboard)

aggregator BGP aggregator attribute
as-path Transform BGP AS-path attribute
atomic-aggregate BGP atomic aggregate attribute
comm-listset BGP community list (for deletion)
community BGP community attribute
extcommunity BGP extended community attribute
forwarding-address ForwardingAddress
ip IP information
ipv6 IPv6 information
local-preference BGP local preference path attribute
metric Metric value for destination routing protocol
metric-type Type of metric
origin BGP origin code
originator-id BGP originator ID attribute
src src address forroute
tag Tag value for routing protocol
vpnv4 VPNv4 information
weight BGP weight for routing table
As you can see, set commands can also modify many attributes. In order to make a demonstration, we modify the BGP local-preference this property.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
setlocal-preference 500
As prefix list, at the end of the route map statement also implicit deny action. So we need a permit to add another statement (serial number 20) to allow all prefixes.

route-map DEMO-RMAP permit 10
match ip address prefix-list DEMO-PRFX
setlocal-preference 500
route-map DEMO-RMAP permit 20
SERIES 20 command specifies no matches, so the default matches all prefixes. In this route map statement, all prefixes are allowed.

Recall that our needs are only allowed to refuse or only some of the prefix, so the above set command should not exist in this scenario. We only need a permit statement, as shown below:

router-b # conf t
router-b (config) # route-map RMAP permit 10
router-b (config-route-map) # match ip address prefix-list PRFX-LST
The route map is the effect we need.

Application route map

Note that, before being applied to an interface or a BGP neighbor, ACL, prefix lists, and route maps will not take effect. And ACL and prefix lists, a route map statement can also be multiple interfaces or neighbors use. However, an interface or a neighbor can have only one route map statement applied to the input terminal, and a route map statement applied to the output terminal.

Let this be applied by the route map statement BGP configuration router-B for neighbor router-B is set to enter a prefix broadcast.

router-b # conf terminal
router-b (config) # router bgp 200
router-b (config-router) # neighbor RMAP in
Now broadcast routing and routing charged under examination.

Show broadcast routing command:

show ip bgp neighbor-IP advertised-routes
Displays the command to receive routes:

show ip bgp neighbor-IP routes

You can see, router-A has four routes prefix reach router-B, while the router-B receives only three. Look at the context, we can only know the route map is allowed prefixes can be displayed on the router-B, other prefixes Yigai discarded.

Tip: If you receive a prefix does not refresh the content, try to reset the BGP session, use this command: clear ip bgp neighbor-IP. This tutorial command is as follows:

clearip bgp
We can see that the system has met our request. Then we can create a similar prefix list and route map statement on the router-A router-B and to better control the prefix input and output.

Here the configuration process summarize for easy viewing.

router bgp 200
neighbor remote-as100
neighbor RMAP in
ip prefix-list PRFX-LST seq 5 permit le 24
route-map RMAP permit 10
match ip address prefix-list PRFX-LST

To sum up

In this tutorial we demonstrate how to set prefix list, and route maps to filter in Quagga BGP routes. We also show how the prefix list incorporated into the route map to fine-tune function input prefix. You can refer to these methods to set meet their needs prefix list, and route maps. These tools are to protect networks from poison routing and routing from bogon: Broadcast (LCTT Annotation refers to the address in the internet routing table should not appear) in.
- Linux security settings (Linux)
- MySQL script incremental backups (innobackupex) (Database)
- Mac OS X Server installation and application (Linux)
- Hadoop upload files error solved (Server)
- BusyBox making the file system (Linux)
- MyCAT easy entry (Database)
- Oracle local user login authentication fails ORA-01031 insufficient privileges (Database)
- Monitor log file (listener.log) (Database)
- Linux resource restriction level summary (Linux)
- Setting Wetty do not need an account login command line operations (Linux)
- VMware virtual machines to install virt-manager unable to connect to libvirt's approach (Linux)
- Apache site default home page settings (Server)
- Linux using TCP-Wrapper Service Management (Linux)
- Ubuntu 14.04 How to set up an SSH without password (Linux)
- Boost notes --Thread - problems encountered in the initial use on Ubuntu (Programming)
- Installation and Configuration JDK8 In CentOS 7 (Linux)
- How to understand Python yield keyword (Programming)
- Setting CentOS firewall open port (Linux)
- Linux command -nohup & (Linux)
- Examples of Python any parameters (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.