We all knows that BGP is slowest protocol. But it can be more chatty protocol also.
Suppose, You are having one CE router which is connected with PE (ISP managed) router and ISP is advertising lot of prefixes. But you don’t need of these all the subnets and want only few prefixes.
In this case, you are having two options. Actually, not only two…..
First, You can request your ISP to filter the prefixes and advertise only few specific prefixes to you.
Second, You can create the filter on your CE router and receive the selective prefixes. But you will still receive all the prefixes and your CE router will these routes to filter which consumes router’s CPU and memory.
We are having third option also that is called ORF.
ORF is a way to create a prefix-list for filtering, and then send the list to PE. PE router will then only send the routes that match the list.
This looks good for ISP, as it has a low overhead. It’s great for you as well, as you still have control, but don’t to worry about aprocessing and resource usage that comes with additional routes.
Both the PE and the CE need to be capable of supporting ORF, and both need to be configured to use it per neighbor.
Below is our topology:
CE Router configuration:
First we are configuring the to filter the incoming routes from PE. This same inbound prefix list will be send to PE router once ORF is enabled.
ip prefix-list ALLOWED_NETWORKS permit 10.0.0.0/24 neighbor 100.100.100.100 prefix-list ALLOWED_NETWORKS in neighbor 100.100.100.100 capability orf prefix-list send
PE Router configuration:
neighbor 100.100.100.101 capability orf prefix-list receive
Verifying the routes:
R2#sh ip bgp neighbors 10.0.0.1 received-routes BGP table version is 2, local router ID is 192.168.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * 172.16.1.0/24 10.0.0.1 0 0 100 i Total number of prefixes 1 R2#sh ip bgp BGP table version is 2, local router ID is 192.168.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.10.0 0.0.0.0 0 32768 i
Also Recommended to Read:
Configuring VLANs in Juniper SRX firewalls can be a daunting task for network administrators, especially for those who are new to the Juniper platform. If you are looking for Juniper SRX VLAN configuration example or juniper vlan configuration example, you are at right place. We shall also walk you through the juniper vlan commands. However,…
Introduction Juniper SRX Firewall is a high-performance security device that offers advanced security features such as intrusion detection and prevention, VPN connectivity, and content filtering. One of the most important features of Juniper SRX Firewall is its security zones, which provide a logical separation of network traffic based on security policies. In this article, we…
As a cloud and DevOps engineer, it’s essential to have a strong understanding of Linux commands. Linux is a popular operating system used in cloud computing and server administration, and mastering Linux commands can help you work more efficiently and effectively. In this article, we will explore ten essential Linux commands for devops that every…