Route filtering with any routing protocol
Access Control Lists
General information on “Access Control Lists”:
- ACLs are used in conjunction with distribute lists
- Used to filter routes, not traffic
- ACLs are either allowing or denying a route from being advertised or learned
Prefix List
General information on “Prefix List”:
- Similar to an ACL
- Used to match a route prefix
- Processing is much faster than ACLs
- Provides flexibility
- Implicit “deny any” statement at the end (just like with ACLs)
CLI command arguments breakdown:
- <name>:
- The name/number of the prefix list (case-sensitive)
- [seq <#>]:
- The sequence number, optional, default increment of 5
- <prefix/length>:
- Prefix/Length in CIDR notation
- [ge <value>]:
- ge = greater or equal
- Example: ge 24 means that all subnets of /24 or higher (smaller) will be match
- [le <value>]:
- le = less or equal
- Example: le 32 means that all subnets of /32 or lower (bigger) will be a match
- ge and le can be used in combination:
- Example: ge 16 + le 24 means that all subnets between and including /16 and /24 will be a match
- Important: If ge/le is not specified, it will be an exact match!
“Prefix List” CLI configuration commands:
## Configuring an IP prefix list
Router(config)# [ip | ipv6] prefix-list <name> [seq <#>] [deny | permit] <prefix/length> [ge <value>] [le <value>]
Distribute Lists
General information on “Distribute List”:
- Used by routing protocols to control routing updates
- Can match against an ACL, prefix list or route map
- Configured in the routing protocol config mode
- Two directions: inbound and outbound
Distribute Lists in EIGRP:
- In: Prevents routing updates from entering the topology table
- Out: Prevents routing updates from being advertised to neighbors
Distribute Lists in OSPF:
- In: Prevents LSAs from becoming a route in the local routing table
- Important: LSA still enters the router an is added to the LSDB but the route is not added to the routing table. This is because in OSPF all routers within an area must have the same LSDB.
- Out: Used on ASBR to prevent the creation of external LSAs for specific routes
Distribute Lists in BGP:
- Has its own command
- Used on a per-neighbor basis
- In: Prevents routes from a BGP peer entering the BGP table.
- Out: Prevents BGP routes from being advertised to a peer.
“Distribute Lists” CLI configuration commands:
## Configuring a distribute-list in EIGRP (classic mode)
Router(config-router)# distribute-list [ACL | prefix <prefix-list-name> | route-map <name>] [in | out] [interface]
## Configuring a distribute-list in EIGRP (named mode)
Router(config-router-af)# topology base
Router(config-router-af-topology)# distribute-list [ACL | prefix <prefix-list-name> | route-map <name>] [in | out] [interface]
## Configuring a distribute-list in OSPFv2
Router(config-router)# distribute-list [ACL | prefix <prefix-list-name> | route-map <name>] [in | out] [interface]
## Configuring a distribute-list in OSPFv3
Router(config-router-af)# distribute-list [ACL | prefix <prefix-list-name> | route-map <name>] [in | out] [interface]
## Configuring a distribute-list in BGP
Router(config-router-af)# neighbor <ip> distribute-list [ACL] [in | out]
Filter-List
Filter-List in OSPF:
- In: Filters all OSPF Type 3 LSAs originated by the ABR TO this area including area range (route summarization) Type 3 LSAs from all other areas.
- Out: Filters all OSPF Type 3 LSAs originated by the ABR FROM this area including area range (route summarization) Type 3 LSAs to all other areas.
“Filter-List” CLI configuration commands:
## Configuring an OSPF filter-list
Router(config-router)# area <id> filter-list route-map [ROUTE-MAP] [in | out]