BGP Lab 22 IPv6 BGP Route filtering with ACL (CCNP Level)

Download Lab: GNS3

Previous  Next

Image requirements:
 Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)



Introduction:

No route filtering is applied to the edge routers in the AS250, upstream ISPs could potentially use its customer as a transient autonomous system which would lead to the poor connectivity issues since the links from AS250 are limited in the bandwidth, it is enough only to sustain local AS needs, to prevent this from happening routing policy has been proposed, in it you have to identify only local IPv6 prefixes to allow going out of AS250, anything else will be blocked from exiting, route-map matching IPv6 access-control list has to be applied to the peers in the outbound direction. 


Lab tasks:  

1. In AS250, access CLI of the routers ER1 and ER2 and verify what prefixes these two are sending to its peers the ISP1 and ISP2. 

2. Configure IPv6 ACL on both routers ER1 and ER2 to allow only AS250 /48 prefix. 

3. Configure route-map to match IPv6 ACL identified in step 2 (ER1 and ER2).

4. In BGP configuration mode apply route-map to the eBGP peers in the outbound direction (ER1 and ER2).

5. Clear eBGP sessions without causing them to be re-established. 

6. Verify that AS250 now shares with its ISPs only local prefix.  

7. Verify that ISPs received only AS250's prefix from ER1 and ER2. 

8. Save running-config


Configuration example:
!

ER2(config)#ipv6 access-list LOCAL_PREFIX_ONLY
ER2(config-ipv6-acl)#permit ipv6 2001:DB8:250::/48 any
ER2(config-ipv6-acl)#exit  
!
ER2(config)#route-map FILTER_PREFIXES permit 10
ER2(config-route-map)#match ipv6 address LOCAL_PREFIX_ONLY
ER2(config-route-map)#exit
ER2(config)#route-map FILTER_PREFIXES deny 20
ER2(config-route-map)#exit
!

ER2(config)#router bgp  250
ER1(config-router)#address-family ipv6
ER2(config-router-af)#neighbor 50.0.0.100 route-map FILTER_PREFIXES out
ER2(config-router-af)#neighbor 60.0.0.100 route-map FILTER_PREFIXES out

!
!
Verify BGP routes out: 
!
ER2# show bgp ipv6 unicast neighbor 50.0.0.100 advertised-routes



Topology:


 













 

Comments

Popular Posts