BGP Outbound Route Filtering

BGP Outbound Route Filtering (ORF) is a way for a BGP peer to signal another peer what prefixes it wants to receive. This is commonly used by service providers to allow customers to influence what prefixes are advertised by the provider without the provider needing to maintain outbound policies for each customer. The feature is only valid between eBGP peers using a prefix list.

In this case we have router service_provider peering with router customer and service_provider is advertising three routes, 172.16.0.0/16, 192.168.1.0/24 and 193.168.1.0/24.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
service_provider:
router bgp 150
 neighbor 10.0.150.2 remote-as 250
 neighbor 10.0.150.2 capability orf prefix-list receive
 
service_provider#sh ip bgp sum
 
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.150.2      4          250      27      29        4    0    0 00:21:37        0
 
 
service_provider#sh ip bgp neighbors 10.0.150.2 advertised-routes
 
     Network          Next Hop            Metric LocPrf Weight Path
 *>  172.16.0.0       0.0.0.0                  0         32768 i
 *>  192.168.1.0      0.0.0.0                  0         32768 i
 *>  193.168.1.0      0.0.0.0                  0         32768 i
 
Total number of prefixes 3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
customer:
router bgp 250
 neighbor 10.0.150.1 remote-as 150
 
customer#sh ip bgp sum
 
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.150.1      4          150      28      27        4    0    0 00:21:08        3
 
 
customer#sh ip bgp
 
     Network          Next Hop            Metric LocPrf Weight Path
 *>  172.16.0.0       10.0.150.1               0             0 150 i
 *>  192.168.1.0      10.0.150.1               0             0 150 i
 *>  193.168.1.0      10.0.150.1               0             0 150 i

As long as both peers have the ORF feature enabled router customer can influence what routes router service_provider sends without the service provider needing to to update their config. For example, router customer will implement a policy to exclude any inbound prefixs with a length longer than a /16.

First configure a prefix list:

1
2
customer#config t
customer(config)#ip prefix-list BLOCK_ROUTES permit 0.0.0.0/0 le 16

Then update BGP:

1
2
3
4
customer(config)#router bgp 250
customer(config-router)#neighbor 10.0.150.1 capability orf prefix-list send
customer(config-router)#neighbor 10.0.150.1 prefix-list BLOCK_ROUTES in
customer(config-router)#end

Final results:

1
2
3
4
5
customer#clear ip bgp 10.0.150.1 in prefix-filter
customer#sh ip bgp
 
     Network          Next Hop            Metric LocPrf Weight Path
 *>  172.16.0.0       10.0.150.1               0             0 150 i

Author: AustinPixels

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *