Tutorial: Filtering received prefixes

This example explains the configuration steps required to filter out the following inbound prefixes from a BGP neighbor:

All prefixes in the range "192.168.0.0/16"
The individual prefix "172.16.200.0/24"

Create two new entries for the prefixes to be filtered under Routing protocols > BGP > BGP policy > Prefix.

Give each entry a descriptive name.

Note: Add an entry for each prefix to be filtered, but give each entry the same name.

For each entry specify the IP address and the prefix length.
Specify a match for the previously created prefix entries under Routing protocols > BGP > BGP policy > Matches.

Give the entry a descriptive name.

Under Prefix you select the name of the prefix you added previously.
Add a new filter under Routing protocols > BGP > BGP policy > Filters.

Give the filter a descriptive name.

Under Address family you select the protocol used for connections to the BGP neighbors. With the setting "Deny" in the field Policy you instruct the device to filter out the inbound prefixes. Under Match you select the match you created previously.

To check the configuration, open a terminal connection to the device.

The command show bgp-policy Filter_3 displays the current setting for the policy "Filter_3".

> show bgp-policy Filter_3
Traverse chain "Filter_3"
   Inspect filter of priority 0
      Match IPv4 routes
      Assess match "Matchlist"
         Evaluate prefix list "Prohibited1"
            Analyze prefix 172.16.200.0
               Match IPv4 routes
               Match route's 24 MSB
               Match route prefix length in [24, 24]
            Analyze prefix 172.168.0.0
               Match IPv4 routes
               Match route's 16 MSB
               Match route prefix length in [16, 32]
         No AS-path list configured
         No community list configured
      Deny route
> _