BGP- ORF
ORF stands for "Outbound Route Filter" ORF is a procedure to push our " filtering list " to BGP neighbor!
So instead of our neighbor (ISP - for example), send us lots of routes and we filter it in our router and use our CPU resources, we simply push favorite filtering list to our BGP neighbor router and ask him to stop (filter) sending the routes to us!
Because of this cool feature, the number of BGP updates will minimize, and it means saving system resources!
IMPORTANT NOTES
- To activate ORF, we need exchange ORF capability between BGP peers.
- BGP - ORF feature does not support multicast.
- For the ORF feature. We should use only the prefix-list( distribute-list or access-list are not supported).
- To use the ORF feature, we need to have "address-family" configure.
- ORF only works with e-BGP.
Lab time!
In our topology, we have two routers. one is our router in BGP AS 1 which attached to ISP in BGP AS 2.
Let check out the configuration on our router and verify the BGP relationship:
Here we can verify the BGP relationship:
Now are going to show how many routes our isp has, At this lab, I used six loopbacks with a different subnet mask.
Now I will redistribute the loopbacks to BGP routing table, as a result, as you can see in the picture, we have many routs coming from ISP.
Let's activate ORF
Step 1:Create a filter-list to filter our determined subnet.
Imagine we want to filter any 10.10.10.0 subnet start from /28 to /32
#ip prefix-list deny-isp seq 10 deny 10.10.10.0/28 le 32
#ip prefix-list deny-isp seq 20 permit 10.10.10.0/0 le 27
Step 2:
Configure for ISP neighbor inbound prefix-list on r1 (our router)
Step 3:Configure capability of ORF! use send on r1 and configure ORf capability with receive option to ISP router
Step 4:
Verification
In this picture, we can see the routing table! exactly as we expected:
and to check orf capability on R1 and also ISP router check this output
On r1 use this command
# sh ip bgp neighbors ----check the output of address-family
and on ISP use this command to verification:
#show ip bgp neighbors 1.1.1.1 received prefix-filter