Use prefix-list in bgp to control route updates

The prefix-list command can be used to control route updates and protect your router from being consumed by bgp updates comming from neighbor routers.
Bgp is the routing protocol of the internet that allows organisations with block of public IP addresses known as prefix to advertise them to other bgp-speaking routers. This allows millions of routers on the internet to find the best paths to other networks. Configuring and managing bgp routers can be a complex task especially if the administrator has little knowledge on its workings. In this piece I want to share with us on how to protect your router’s processor from being consumed by bgp route updates.
ebgp routes
Image showing ibgp and ebgp routers

The internet is a global network that is made up of millions of routers, each advertising multiple prefixes to its bgp neighbors. This results in a gigantic internet routing table that contains paths to all prefixes on the internet. Since having internet connection depicts one’s desire to have access to resources on the internet whose destinations you and I really do not care to know, it therefore means that every bgp router should have the routing table containing the paths to all network, right? As right as this might seem to a beginner, it is the beginning of the problem that most network engineers have found themselves in. A user drop the following message on Cisco support forum

“I’ve high CPU utilization on Cisco 3900 Series router. Every, roughly 20 mins CPU utilization is 100% and there is packet loss for 1-2 minutes. There is not a lot of traffic, around 150Mbps on gigabit interface, so it should not be capacity issue. IOS version is: Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.4(3)M1, RELEASE SOFTWARE (fc1)”

From the statement above, I agree with him that the traffic on the router was not enough to cause a capacity issue. The 3900 series router has Gigabit interfaces and as such, 150Mbps traffic would not be a problem. So what could it be then? When the running configuration was examined, I observed that bgp was running on the router.
When configuring bgp on a router with a single ISP connection, one of the best practices is to use route-map or prefix-list to filter your in-coming bgp route updates. It is very necessary to do this, else your router’s processor will surfer. To demonstrate this, I will use prefix-list to filter my in-coming routes, then use default route to direct my internet-bound traffic to my ISP.

Create a prefix-list

To create a prefix-list that will accept no route updates from bgp neighbors, do this:
R1(config)#ip prefix-list ABC permit 0.0.0.0/0. 
To use the prefix-list in the neighbor statement, do this :
R1(config-router)#nei 192.168.1.1 prefix-list ABC in. 
Finally, use default route to direct out-going traffic to the ISP:
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
This configuration will ensure that the entire internet routing table is not dumped on your router.
Click here for a complete bgp configuration guide on a Cisco router with dual-ISP connections.
Spread the love

Leave a Comment