BGP AS-Path Prepending and AS-Path Filters

BGP AS-Path Prepending and AS-Path Filters

AS-Path prepending is a way to manipulate the AS-Path attribute of a BGP route. It allows prepending multiple entries of AS to a BGP route. This can come as a workaround if a specific path is required to be followed, and other means like Multi-Exit Discriminator (MED) is not supported.

AS-Path prepending can be applied to inbound and outbound direction using route-maps.

Consider the following-

Outbound AS-Path Prepending:

AS-Path prepending can be applied to outbound direction on R3 router as below-

Outbound AS-Path prepending on R3

router bgp 200

 neighbor 192.168.1.1 remote-as 100

 neighbor 192.168.1.5 remote-as 100

 neighbor 192.168.1.5 route-map PREPEND out

 network 10.1.1.0 mask 255.255.255.0

!

route-map PREPEND permit 10

 set as-path prepend 200 200 200

!

When R3 router advertises its 10.1.1.0/24 network to R2 router, it prepends its own AS 200 multiple times. However, R1 router receives the original BGP route with a single AS-path entry.

BGP tables on R1 and R2

R1# show ip bgp

BGP table version is 2, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.1.1.0/24      192.168.1.2              0             0 200 i

R2# show ip bgp

BGP table version is 3, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*>i10.1.1.0/24      1.1.1.1                  0    100      0 200 i

*                   192.168.1.6              0             0 200 200 200 200 i

R2 router has two paths to 10.1.1.0/24. However, it chooses the path through R1 since that path has shortest AS-Path (indicated by a > sign, meaning best route). Hence, the direct path through R3 router can act as a backup path.

Inbound AS-Path Prepending:

Inbound AS-Path prepending is configured using set as-path prepend last-as command under route-map which is then applied in inbound direction. The last-as keyword copies the AS number of the neighbor advertising the BGP route that matches the route-map.

Inbound AS-Path prepending on R1

router bgp 100

 neighbor 192.168.1.2 remote-as 200

 neighbor 192.168.1.2 route-map IN_PREPEND in

!

route-map IN_PREPEND permit 10

 set as-path prepend last-as 2

!

This configuration causes R1 to prepend the AS number of R3 twice before installing in the BGP table. As seen below, R3 does not prepend any AS number by itself.

BGP tables on R1 and R3

R1# show ip bgp

BGP table version is 5, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.1.1.0/24      192.168.1.2              0             0 200 200 200 i

R3# show ip bgp neighbors 192.168.1.2 advertised-routes

BGP table version is 2, local router ID is 10.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.1.1.0/24      0.0.0.0                  0         32768 i

Outbound AS-Path Filter-lists:

A filter-list is a form of route policy that allows/restricts routes that are to be advertised or accepted based on the AS-Path of the route. A filter-list is applied on a per-neighbor basis. The filter-list uses the AS-Path access-list to match the AS-Path list.

Here, an outbound filter-list is applied on R3 for neighbor R2. It denies any updates to neighbor R2 (192.168.1.5) that matches the AS-Path access-list 120, which essentially matches an empty AS-Path list. So R3 will not send any updates to R2 for routes that has empty AS-Path list.

Configuration on R3

router bgp 200

 neighbor 192.168.1.5 filter-list 120 out

!

ip as-path access-list 120 deny ^$

!

Inbound AS-Path Filter-lists:

An inbound filter-list is applied on R1 that matches the AS-Path list of the routes received from R3. The inbound filter-list is applied first by the IOS and then the route-map is applied. Here, although the AS-Path access-list matches the AS-Path with only 200, R1 still applies the route-map and prepends the AS-Path list with AS numbers 65001 and 65002 after the filter-list is applied.

Configuration on R1

router bgp 100

 neighbor 192.168.1.2 route-map IN_PREPEND in

 neighbor 192.168.1.2 filter-list 120 in

!

route-map IN_PREPEND permit 10

 set as-path prepend 65001 65002

!

ip as-path access-list 120 permit ^200$

!

The following output shows the output on R1 after the configuration.

BGP table on R1

R1#show ip bgp

BGP table version is 6, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.1.1.0/24      192.168.1.2              0             0 65001 65002 200 i