Information Technology Reference
In-Depth Information
Filter Lists for Enforcing BGP Policies
Filter lists are used extensively in BGP to define policies. This section covers prefix lists,
AS path lists, and community lists.
Prefix Lists
Prefix lists are used to filter IP prefixes and can match both the prefix number and the prefix
length. Compared to regular access lists, use of prefix lists provides higher performance
(fewer CPU cycles).
Prefix lists cannot be used as packet filters.
NOTE
A prefix list entry follows the same general format as an IP access control list (ACL). An
IP prefix list consists of a name for the list, an action for the list (permit/deny), the prefix
number, and the prefix length. Here is the basic format of an IP prefix list:
ip prefix-list name [seq seq] {deny | permit} prefix/length
A distribute list is another way to filter BGP routing updates. It uses access lists to define
the rules and is mutually exclusive with the prefix list.
NOTE
Any prefixes entered are automatically converted to match the length value entered. For
example, entering 10.1.2.0/8 results in 10.0.0.0/8. Example 4-4 shows a simple example of
matching 172.16.1.0/24. As with an access list, a deny-all entry is implied at the end of the
list.
Matching 172.16.1.0/24
Example 4-4
ip prefix-list out-1 permit 172.16.1.0/24
Optionally, a sequence number can be supplied for each entry. By default, the sequence
numbers are automatically generated in increments of 5. They can be suppressed with the
command
no ip prefix-list seq
. Entries are processed sequentially based on the sequence
number. The use of sequence numbers offers flexibility when modifying a portion of a
prefix list.
