BGP Outbound Route Filtering

BGP Outbound Route Filtering

Generally, a BGP speaker filters out unwanted routes from its peers based on its local routing policy. Since some resources are consumed when a BGP sender generates and transmits routing updates, as well as when the receiver processes these updates, it can be useful if the generation of these routing updates be avoided in the first place.

RFC 5291 discusses BGP Outbound Route Filtering (ORF). An ORF entry is a tuple of the form <AFI/SAFI, ORF-Type, Action, Match, ORF-Value>.

The AFI/ SAFI focuses on only those routes whose NLRI matches the AFI/ SAFI of the ORF.

The ORF-Type determines the component of the ORF-Value.

The Action can be one of ADD, REMOVE and REMOVE-ALL. ADD (value 0) adds the ORF entry to the ORF on the remote-peer; REMOVE (value 1) deletes a previously installed ORF entry on the remote-peer; and REMOVE-ALL (value 2) deletes all previously installed ORF entries on the remote-peer.

The Match can be either PERMIT (value 0) or DENY (value 1). PERMIT asks the remote-peer to send updates for the set of routes that match the ORF entry. DENY asks the remote-peer not to send updates for the set of routes that match the ORF entry.

Outbound Route Filtering Capability

A BGP speaker that is willing to receive (value 1) ORF entries from its peer(s), or a BGP speaker that is willing to send (value 2) or both (value 3) ORF entries to its peer(s), advertises this using ORF Capability. The ORF Capability is a BGP Capability defined as follows-

Capability code: 3 (as per RFC), Cisco uses 130

Capability length: variable

Capability value: one or more of the ORF entries which carries AFI/SAFI, number of ORFs, ORF-Type and Send/ Receive.

Carrying ORF entries in BGP

ORF entries are carried in the BGP Route Refresh message. A single Route Refresh message can carry multiple ORF entries or more ORFs, as long as the entries share the same AFI/ SAFI.

Operation

R1 router only wish to receive prefix 1.1.1.1/32 and 2.2.2.2/32 from R2 router. The ORF configuration is as follows on both routers-

ORF Configuration

R1 router:

router bgp 100

 neighbor 10.1.1.2 remote-as 200

 neighbor 10.1.1.2 capability orf prefix-list send

 neighbor 10.1.1.2 prefix-list 10 in

ip prefix-list 10 seq 5 permit 1.1.1.1/32

ip prefix-list 10 seq 10 permit 2.2.2.2/32

R2 router:

router bgp 200

 neighbor 10.1.1.1 remote-as 100

 neighbor 10.1.1.1 capability orf prefix-list receive

R1 router is willing to send ORF entries to R2 router while R2 router is willing to receive ORF entries. They both advertise ORF Capability during session setup.

R2 receives ORF Capability from R1

03:50:21.949: BGP: 10.1.1.1 OPEN has CAPABILITY code: 130, length 7

03:50:21.949: BGP: 10.1.1.1 OPEN has ORF CAP for afi/safi: 1/1

03:50:21.953: BGP: 10.1.1.1 OPEN has Prefixlist ORF capability as SEND for afi/safi: 1/1

The following packet capture shows BGP OPEN message carrying ORF Capability received by R2 from R1 router.

It shows that R1 router has sent ORF capability of Type Prefix-list. The show ip bgp neighbor 10.1.1.1 received prefix-filter command shows the prefix-list that R1 has sent to R2 router.

show ip bgp neighbor 10.1.1.1 received prefix-filter

R2# show ip bgp neighbor 10.1.1.1 received prefix-filter

Address family: IPv4 Unicast

ip prefix-list 10.1.1.1: 2 entries

   seq 5 permit 1.1.1.1/32

   seq 10 permit 2.2.2.2/32

The following packet capture shows the actual ORF-entry sent by R1 router encoded in a BGP Route Refresh message.

The show ip bgp neighbor command shows all the capabilities as negotiated with the neighbors.

show ip bgp neighbor

R2# show ip bgp neighbor

BGP neighbor is 10.1.1.1,  remote AS 100, external link

  BGP version 4, remote router ID 10.1.1.1

  BGP state = Established, up for 00:10:15

  Last read 00:00:15, last write 00:00:15, hold time is 180, keepalive interval

is 60 seconds

  Neighbor capabilities:

    Route refresh: advertised and received(old & new)

    Address family IPv4 Unicast: advertised and received

  Message statistics:

    InQ depth is 0

    OutQ depth is 0

                         Sent       Rcvd

    Opens:                  2          2

    Notifications:          0          0

    Updates:                1          0

    Keepalives:            13         13

    Route Refresh:          0          1

    Total:                 16         16

  Default minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast

  BGP table version 5, neighbor version 5/0

 Output queue size : 0

  Index 1, Offset 0, Mask 0x2

  1 update-group member

  AF-dependant capabilities:

    Outbound Route Filter (ORF) type (128) Prefix-list:

      Send-mode: received

      Receive-mode: advertised

  Outbound Route Filter (ORF): received (2 entries)

                                 Sent       Rcvd

  Prefix activity:               ----       ----

    Prefixes Current:               2          0

    Prefixes Total:                 2          0

    Implicit Withdraw:              0          0

    Explicit Withdraw:              0          0

    Used as bestpath:             n/a          0

    Used as multipath:            n/a          0

                                   Outbound    Inbound

  Local Policy Denied Prefixes:    --------    -------

    ORF prefix-list:                      1        n/a

    Total:                                1          0

  Number of NLRIs in the update sent: max 2, min 2

!---output ommitted

R2 router has 3 prefixes in its BGP table.

R2 BGP table

R2# show ip bgp

BGP table version is 4, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 1.1.1.1/32       0.0.0.0                  0         32768 i

*> 2.2.2.2/32       0.0.0.0                  0         32768 i

*> 3.3.3.3/32       0.0.0.0                  0         32768 i

However, R1 only receives 2 prefixes that it requested through ORF.

R1 BGP table

R1# show ip bgp

BGP table version is 3, local router ID is 10.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 1.1.1.1/32       10.1.1.2                 0             0 200 i

*> 2.2.2.2/32       10.1.1.2                 0             0 200 i

R1 would not like 2.2.2.2/32

R1 changes its configuration to allow only 1.1.1.1/32 prefix from R2 router. It advertises this change using ORF. The clear ip bgp 10.1.1.2 in prefix-filter command initiates an inbound soft-reset to clear a BGP ORF.

R2 to not advertise 2.2.2.2/32 to R1

R1 router:

no ip prefix-list 10 seq 10 permit 2.2.2.2/32

clear ip bgp 10.1.1.2 in prefix-filter

Once the ORF is cleared, R1 router sends 2 BGP Route Refresh messages (Type 5) to R2 router to notify the changes. The first RR message is REMOVE-ALL to remove all previously installed ORF entries. The second RR message is ADD to add the newly configured ORF entry.

R2 router sends an UPDATE message for 2.2.2.2/32 as Unreachable to R1router and sends an UPDATE message for 1.1.1.1/32 prefix.

BGP RR messages

R1#

01:00:53.403: BGP: 10.1.1.2 send message type 5, length (incl. header) 28

01:00:53.403: BGP: 10.1.1.2 send message type 5, length (incl. header) 39

R2#

01:00:52.923: BGP(0): 10.1.1.1 send unreachable 2.2.2.2/32

01:00:52.923: BGP(0): 10.1.1.1 send UPDATE 2.2.2.2/32 -- unreachable

01:00:52.927: BGP(0): 10.1.1.1 send UPDATE (format) 1.1.1.1/32, next 10.1.1.2, metric 0, path Local

The following packet capture shows two RR messages sent by R1 router.