The distribute list performs route filtering based on IP network addresses and netmasks of routes being advertised. The distribute list refers to an ACL to match networks and netmasks. In fact, the use of distribute list for a particular BGP neighbor can be in any of particular direction i.e. either in or out.
The filter list performs route filtering based on the contents of the AS_PATH attribute ie values of autonomous system numbers. To do this, you would configure an as-path ACL that contains one or more regular expressions matching the particular sequence of ASNs in the AS_PATH attribute, and apply it to a neighbor and a particular direction ( in or out) with the filter-list command. Filter-list does not perform route matching/filtering based on IP addresses and netmasks.
Below practical scenario will help us understand in better way of how distribute List and Filter List differ in case of BGP and how implement them.
Router R1 and R2 are connected via FastEthernet ports (Fa0/0 on each side).
R1 has 3 Loopbacks while R2 has 1 Loopback. Both are BGP neighbors and advertising their respective Loopbacks.
On R2, “Show ip bgp” command shows 3 Loopbacks of R1 being received by R2 (184.108.40.206/32, 220.127.116.11/32 and 18.104.22.168/32)
On R2, an access list is configured which denies subnet 22.214.171.124/32 while permits rest of subnets.
In BGP Configuration (Router BGP 2) , distribute list is called to act on inbound received routes.
Once distribute list is configured and after clearing the bgp Routes , we see that updated BGP table does not include network 126.96.36.199/32 which was denied in access list.
Hence , this configuration justifies that distribute list controls which specific prefix / subnet should be allowed entry/exit on the BGP routing table.
NOW, LET’S UNDERSTAND THE BEHAVIOR OF FILTER LIST ON BGP TABLE –
As shown below, AS-Path access list 1 is configured todeny Routes from source AS 1 (i.e. generated by R1). The AS-Path access list permits rest of traffic.
The same AS-Path Access list is called via Filter List for inbound BGP updates received from neighbor 192.168.12.1 (R1).
Once the BGP routes are updated , all the networks advertised (Originated) from AS 1 (in this case R1) will be dropped because of AS Path Filter List.
Based on the above lab tested scenarios , it would be rightfully summarized that That Distribute List performs route filtering based on IP network addresses and netmasks while Filter List performs route filtering via AS-PATH attribute of BGP.