DIFFERENCE BETWEEN DISTRIBUTE LIST AND FILTER LIST

The distribute-list performs route filtering based on IP network addresses and netmasks of routes being advertised. The distribute-list refers to an ACL to match networks and netmasks. In fact, the use of distribute-list for a particular BGP neighbor can be in any of particular direction i.e. either in or out.

The filter-list performs route filtering based on the contents of the AS_PATH attribute ie values of autonomous system numbers. To do this, you would configure an as-path ACL that contains one or more regular expressions matching the particular sequence of ASNs in the AS_PATH attribute, and apply it to a neighbor and a particular direction ( in or out) with the filter-list command. Filter-list does not perform route matching/filtering based on IP addresses and netmasks.


Below practical scenario will help us understand in better way of how distribute List and Filter List differ in case of BGPand how implement them.

Router R1 and R2 are connected via FastEthernet ports (Fa0/0 on each side).

R1 has 3 Loopbacks while R2 has 1 Loopback. Both are BGP neighbors and advertising their respective Loopbacks.difference-between-distribute-list-and-filter-list

 

On R2, “Show ip bgp” command shows 3 Loopbacks of R1 being received by R2 (1.1.1.1/32, 1.1.1.2/32 and 1.1.1.3/32)difference-between-distribute-list-and-filter-list

 

On R2, an access list is configured which denies subnet 1.1.1.1/32 while permits rest of subnets.difference-between-distribute-list-and-filter-list

 

In BGP Configuration (Router BGP 2) , distribute list is called to act on inbound received routes.difference-between-distribute-list-and-filter-list

 

Once distribute list is configured and after clearing the bgp Routes , we see that updated BGP table does not include network 1.1.1.1/32 which was denied in access list.

 

Hence , this configuration justifies that distribute list controls which specific prefix / subnet should be allowed entry/exit on the BGP routing table.

 

NOW, LET’S UNDERSTAND THE BEHAVIOR OF FILTER LIST ON BGP TABLE –

As shown below, AS-Path access list 1 is configured todeny Routes from source AS 1 (i.e. generated by R1). The AS-Path access list permits rest of traffic.

 

The same AS-Path Access list is called via Filter List for inbound BGP updates received from neighbor 192.168.12.1 (R1).difference-between-distribute-list-and-filter-list

 

Once the BGP routes are updated , all the networks advertised (Originated) from AS 1 (in this case R1) will be dropped because of AS Path Filter List.difference-between-distribute-list-and-filter-list

 

Based on the above lab tested scenarios , it would be rightfully summarized that That Distribute List performs route filtering based on IP network addresses and netmasks while Filter List performs route filtering via AS-PATH attribute of BGP.

Please follow and like us:
error

Related Posts

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar

Checkout : E-STORE for latest release "CISCO IPS & IDS Interview Q&A " Dismiss