ORF - Outbound Route Filtering - is not hard to grasp the concept of, but I hadn't actually seen it before this, and it's a fantastic idea.
Anyone who's been a BGP admin is familiar with prefix filtering on the "customer edge" side. The real-world example is that service providers normally only offer a handful of options for receiving the BGP table from them: Full routes, no routes (a default), and connected customers + a default. Normally the last two are used for customer edge routers that have limited CPU or RAM and don't have the capacity to store and parse the entire BGP table.
A common solution from the customer edge side - one I've personally implemented - is to take the entire BGP table and filter it down with a prefix list to what it actually wants to keep in memory. This works fine, however, it still keeps the burden of the PE router sending the entire BGP table to the CE router, and the CE router then having to reject a rather large percentage of it. This is terribly inefficient.
What if you could ask the PE router to only send you the routes you wanted, dynamically? This is exactly what ORF does.
ORF "sends" a prefix list from the CE to the PE, the PE keeps the prefix list in memory (not in the configuration), and then only transmits that prefix list to the CE.
The configuration is simple:
router bgp 1
network 18.104.22.168 mask 255.255.255.255
network 22.214.171.124 mask 255.255.255.255
network 126.96.36.199 mask 255.255.255.255
network 188.8.131.52 mask 255.255.255.255
network 184.108.40.206 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.12.2 capability orf prefix-list receive no auto-summary
ip prefix-list someroutes seq 5 permit 220.127.116.11/32
ip prefix-list someroutes seq 10 permit 18.104.22.168/32
router bgp 2
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.12.1 capability orf prefix-list send
neighbor 192.168.12.1 prefix-list someroutes in
One really nice thing about this config is that even if the PE doesn't support the method, you still get the filtering (via traditional CE-side prefix filtering).
Now obviously, the filtering happens on the CE one way or the other. So how do you verify this is working?
PE#sh ip bgp neighbors 192.168.12.2 | s capabilities
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Outbound Route Filter (ORF) type (128) Prefix-list:
PE#sh ip bgp neighbors 192.168.12.2 advertised-routes
BGP table version is 6, local router ID is 22.214.171.124
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 126.96.36.199/32 0.0.0.0 0 32768 i
*> 188.8.131.52/32 0.0.0.0 0 32768 i
There's our prefix filtering, now on the PE router!