1.2.f Route filtering with any routing protocol

I’m finally back to labbing after almost two years off. I’d like to say I have a good excuse, but I won’t bother. What’s important is that I’ve picked it up again. So let’s jump into it.

Filtering EIGRP Routes with Prefix-Lists

For this bit, we’ll filter routes coming in using prefix-lists. How hard can it be? We’ve got the following setup in EVE-NG:

Route 10.2.20.32/27 is currently being advertised from R2 into R1 with OSPF. The prefix list to be configured on R1 will need two lines. One to deny the 10.2.20.32/27 and one to permit everything else, since there’s an implicit deny at the end of prefix-lists.

conf t
ip prefix-list TEN_TWO deny 10.2.20.32/27
ip prefix-list TEN_TWO permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix TEN_TWO in e0/2

It’s important to note that prefix-lists are more specific than access lists. If we configured an access list as deny 10.2.20.0 0.0.0.255, it would filter out anything starting with 10.2.20, including the 10.2.20.32/27 subnet. Prefix-lists are more specific. If our prefix-list said deny 10.2.20.0/24, it would NOT filter out the 10.2.20.32/27 subnet.

Another way to word it is the /nn says that number of bits must match exactly. For example, 128.0.0.0/2 would match anything that starts with bits 10xxxxxx.
Then the ge and le says what actual subnet to match. For example, 128.0.0.0/2 ge 16 le 16 would match all subnets from 128.0.0.0/16 through 191.255.0.0/16.

Limit Number of Received Routes in EIGRP

I was back and forth on where to include this knob, whether to put it here in route filtering, or do put it in the CoPP section. Well, it’s here. Using this setting, we can limit the number of received prefixes from a peer, and trigger warning messages once they hit a certain threshold. This is a per-neighbor config.

router eigrp E100
a ipv4 au 100
neighbor 10.1.1.2 maximum-prefix 6 50 warning-only

The above command limits it to 6 learned prefixes. So what does the 50 warning-only mean exactly? There are two different commands happening here after the maximum-prefix 6 part of the config.

• The 50 means we want to generate a warning message once we hit 3 prefixes, e.g. 50% of our configured limit.
• The warning-only command means we want to get a warning every single time our threshold of 6 is exceeded.

If we leave off the warning-only command, then EIGRP will tear down the adjacency once the maximum-prefixes are exceeded. One other thing to note, the default threshold is 80%. So if we leave the 50 off, we’ll get warnings once we pass that 80% mark.