]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | @c -*-texinfo-*- |
7190f4ea | 2 | @c This is part of the Quagga Manual. |
76b89b4a | 3 | @c @value{COPYRIGHT_STR} |
4 | @c See file quagga.texi for copying conditions. | |
718e3744 | 5 | @node BGP |
718e3744 | 6 | @chapter BGP |
7 | ||
aa5943f7 | 8 | @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version |
718e3744 | 9 | is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway |
10 | Protocols and de-fact standard of Inter Domain routing protocol. | |
aa5943f7 | 11 | BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol |
718e3744 | 12 | 4 (BGP-4)}. |
13 | ||
aa5943f7 | 14 | Many extensions have been added to @cite{RFC1771}. @cite{RFC2858, |
15 | Multiprotocol Extensions for BGP-4} provides multiprotocol support to | |
16 | BGP-4. | |
718e3744 | 17 | |
18 | @menu | |
19 | * Starting BGP:: | |
20 | * BGP router:: | |
21 | * BGP network:: | |
22 | * BGP Peer:: | |
23 | * BGP Peer Group:: | |
24 | * BGP Address Family:: | |
25 | * Autonomous System:: | |
26 | * BGP Communities Attribute:: | |
27 | * BGP Extended Communities Attribute:: | |
28 | * Displaying BGP routes:: | |
29 | * Capability Negotiation:: | |
30 | * Route Reflector:: | |
31 | * Route Server:: | |
32 | * How to set up a 6-Bone connection:: | |
33 | * Dump BGP packets and table:: | |
aa5943f7 | 34 | * BGP Configuration Examples:: |
718e3744 | 35 | @end menu |
36 | ||
76b89b4a | 37 | @node Starting BGP |
718e3744 | 38 | @section Starting BGP |
39 | ||
40 | Default configuration file of @command{bgpd} is @file{bgpd.conf}. | |
41 | @command{bgpd} searches the current directory first then | |
42 | @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be | |
43 | configured in @file{bgpd.conf}. | |
44 | ||
45 | @command{bgpd} specific invocation options are described below. Common | |
46 | options may also be specified (@pxref{Common Invocation Options}). | |
47 | ||
48 | @table @samp | |
49 | @item -p @var{PORT} | |
50 | @itemx --bgp_port=@var{PORT} | |
51 | Set the bgp protocol's port number. | |
52 | ||
53 | @item -r | |
54 | @itemx --retain | |
55 | When program terminates, retain BGP routes added by zebra. | |
56 | @end table | |
57 | ||
76b89b4a | 58 | @node BGP router |
718e3744 | 59 | @section BGP router |
60 | ||
61 | First of all you must configure BGP router with @command{router bgp} | |
62 | command. To configure BGP router, you need AS number. AS number is an | |
63 | identification of autonomous system. BGP protocol uses the AS number | |
64 | for detecting whether the BGP connection is internal one or external one. | |
65 | ||
66 | @deffn Command {router bgp @var{asn}} {} | |
67 | Enable a BGP protocol process with the specified @var{asn}. After | |
68 | this statement you can input any @code{BGP Commands}. You can not | |
69 | create different BGP process under different @var{asn} without | |
70 | specifying @code{multiple-instance} (@pxref{Multiple instance}). | |
71 | @end deffn | |
72 | ||
73 | @deffn Command {no router bgp @var{asn}} {} | |
74 | Destroy a BGP protocol process with the specified @var{asn}. | |
75 | @end deffn | |
76 | ||
77 | @deffn {BGP} {bgp router-id @var{A.B.C.D}} {} | |
78 | This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets | |
79 | interface and address information. In that case default router ID value | |
80 | is selected as the largest IP Address of the interfaces. When | |
81 | @code{router zebra} is not enabled @command{bgpd} can't get interface information | |
82 | so @code{router-id} is set to 0.0.0.0. So please set router-id by hand. | |
83 | @end deffn | |
84 | ||
85 | @menu | |
86 | * BGP distance:: | |
87 | * BGP decision process:: | |
c31e5726 | 88 | * BGP route flap dampening:: |
718e3744 | 89 | @end menu |
90 | ||
76b89b4a | 91 | @node BGP distance |
718e3744 | 92 | @subsection BGP distance |
93 | ||
94 | @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {} | |
95 | This command change distance value of BGP. Each argument is distance | |
96 | value for external routes, internal routes and local routes. | |
97 | @end deffn | |
98 | ||
99 | @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {} | |
100 | @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {} | |
101 | This command set distance value to | |
102 | @end deffn | |
103 | ||
76b89b4a | 104 | @node BGP decision process |
718e3744 | 105 | @subsection BGP decision process |
106 | ||
107 | @table @asis | |
108 | @item 1. Weight check | |
109 | ||
110 | @item 2. Local preference check. | |
111 | ||
112 | @item 3. Local route check. | |
113 | ||
114 | @item 4. AS path length check. | |
115 | ||
116 | @item 5. Origin check. | |
117 | ||
118 | @item 6. MED check. | |
119 | @end table | |
120 | ||
6811845b | 121 | @deffn {BGP} {bgp bestpath as-path confed} {} |
122 | This command specifies that the length of confederation path sets and | |
123 | sequences should should be taken into account during the BGP best path | |
124 | decision process. | |
125 | @end deffn | |
126 | ||
2fdd455c PM |
127 | @deffn {BGP} {bgp bestpath as-path multipath-relax} {} |
128 | This command specifies that BGP decision process should consider paths | |
129 | of equal AS_PATH length candidates for multipath computation. Without | |
130 | the knob, the entire AS_PATH must match for multipath computation. | |
131 | @end deffn | |
132 | ||
c31e5726 AC |
133 | @node BGP route flap dampening |
134 | @subsection BGP route flap dampening | |
135 | ||
136 | @deffn {BGP} {bgp dampening @var{<1-45>} @var{<1-20000>} @var{<1-20000>} @var{<1-255>}} {} | |
137 | This command enables BGP route-flap dampening and specifies dampening parameters. | |
138 | ||
139 | @table @asis | |
140 | @item @asis{half-life} | |
141 | Half-life time for the penalty | |
142 | @item @asis{reuse-threshold} | |
143 | Value to start reusing a route | |
144 | @item @asis{suppress-threshold} | |
145 | Value to start suppressing a route | |
146 | @item @asis{max-suppress} | |
147 | Maximum duration to suppress a stable route | |
148 | @end table | |
149 | ||
150 | The route-flap damping algorithm is compatible with @cite{RFC2439}. The use of this command | |
151 | is not recommended nowadays, see @uref{http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378}. | |
152 | @end deffn | |
153 | ||
76b89b4a | 154 | @node BGP network |
718e3744 | 155 | @section BGP network |
156 | ||
157 | @menu | |
158 | * BGP route:: | |
159 | * Route Aggregation:: | |
160 | * Redistribute to BGP:: | |
161 | @end menu | |
162 | ||
76b89b4a | 163 | @node BGP route |
718e3744 | 164 | @subsection BGP route |
165 | ||
166 | @deffn {BGP} {network @var{A.B.C.D/M}} {} | |
167 | This command adds the announcement network. | |
168 | @example | |
169 | @group | |
170 | router bgp 1 | |
171 | network 10.0.0.0/8 | |
172 | @end group | |
173 | @end example | |
174 | This configuration example says that network 10.0.0.0/8 will be | |
175 | announced to all neighbors. Some vendors' routers don't advertise | |
41367172 | 176 | routes if they aren't present in their IGP routing tables; @code{bgpd} |
718e3744 | 177 | doesn't care about IGP routes when announcing its routes. |
178 | @end deffn | |
179 | ||
180 | @deffn {BGP} {no network @var{A.B.C.D/M}} {} | |
181 | @end deffn | |
182 | ||
76b89b4a | 183 | @node Route Aggregation |
718e3744 | 184 | @subsection Route Aggregation |
185 | ||
186 | @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {} | |
187 | This command specifies an aggregate address. | |
188 | @end deffn | |
189 | ||
190 | @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {} | |
191 | This command specifies an aggregate address. Resulting routes inlucde | |
192 | AS set. | |
193 | @end deffn | |
194 | ||
195 | @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {} | |
196 | This command specifies an aggregate address. Aggreated routes will | |
197 | not be announce. | |
198 | @end deffn | |
199 | ||
200 | @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {} | |
201 | @end deffn | |
202 | ||
76b89b4a | 203 | @node Redistribute to BGP |
718e3744 | 204 | @subsection Redistribute to BGP |
205 | ||
206 | @deffn {BGP} {redistribute kernel} {} | |
207 | Redistribute kernel route to BGP process. | |
208 | @end deffn | |
209 | ||
210 | @deffn {BGP} {redistribute static} {} | |
211 | Redistribute static route to BGP process. | |
212 | @end deffn | |
213 | ||
214 | @deffn {BGP} {redistribute connected} {} | |
215 | Redistribute connected route to BGP process. | |
216 | @end deffn | |
217 | ||
218 | @deffn {BGP} {redistribute rip} {} | |
219 | Redistribute RIP route to BGP process. | |
220 | @end deffn | |
221 | ||
222 | @deffn {BGP} {redistribute ospf} {} | |
223 | Redistribute OSPF route to BGP process. | |
224 | @end deffn | |
225 | ||
f188f2c4 DS |
226 | @deffn {BGP} {update-delay @var{max-delay}} {} |
227 | @deffnx {BGP} {update-delay @var{max-delay} @var{establish-wait}} {} | |
228 | This feature is used to enable read-only mode on BGP process restart or when | |
229 | BGP process is cleared using 'clear ip bgp *'. When applicable, read-only mode | |
230 | would begin as soon as the first peer reaches Established status and a timer | |
231 | for max-delay seconds is started. | |
232 | ||
233 | During this mode BGP doesn't run any best-path or generate any updates to its | |
234 | peers. This mode continues until: | |
235 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR | |
236 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
237 | Established is considered an implicit-EOR. | |
238 | If the establish-wait optional value is given, then BGP will wait for | |
239 | peers to reach established from the begining of the update-delay till the | |
240 | establish-wait period is over, i.e. the minimum set of established peers for | |
241 | which EOR is expected would be peers established during the establish-wait | |
242 | window, not necessarily all the configured neighbors. | |
243 | 2. max-delay period is over. | |
244 | On hitting any of the above two conditions, BGP resumes the decision process | |
245 | and generates updates to its peers. | |
246 | ||
247 | Default max-delay is 0, i.e. the feature is off by default. | |
248 | @end deffn | |
249 | ||
73ac8160 DS |
250 | @deffn {BGP} {table-map @var{route-map-name}} {} |
251 | This feature is used to apply a route-map on route updates from BGP to Zebra. | |
252 | All the applicable match operations are allowed, such as match on prefix, | |
253 | next-hop, communities, etc. Set operations for this attach-point are limited | |
254 | to metric and next-hop only. Any operation of this feature does not affect | |
255 | BGPs internal RIB. | |
256 | ||
257 | Supported for ipv4 and ipv6 address families. It works on multi-paths as well, | |
258 | however, metric setting is based on the best-path only. | |
259 | @end deffn | |
260 | ||
76b89b4a | 261 | @node BGP Peer |
718e3744 | 262 | @section BGP Peer |
263 | ||
264 | @menu | |
265 | * Defining Peer:: | |
266 | * BGP Peer commands:: | |
267 | * Peer filtering:: | |
268 | @end menu | |
269 | ||
76b89b4a | 270 | @node Defining Peer |
718e3744 | 271 | @subsection Defining Peer |
272 | ||
273 | @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {} | |
274 | Creates a new neighbor whose remote-as is @var{asn}. @var{peer} | |
275 | can be an IPv4 address or an IPv6 address. | |
276 | @example | |
277 | @group | |
278 | router bgp 1 | |
279 | neighbor 10.0.0.1 remote-as 2 | |
280 | @end group | |
281 | @end example | |
282 | In this case my router, in AS-1, is trying to peer with AS-2 at | |
283 | 10.0.0.1. | |
284 | ||
285 | This command must be the first command used when configuring a neighbor. | |
286 | If the remote-as is not specified, @command{bgpd} will complain like this: | |
287 | @example | |
288 | can't find neighbor 10.0.0.1 | |
289 | @end example | |
290 | @end deffn | |
291 | ||
76b89b4a | 292 | @node BGP Peer commands |
718e3744 | 293 | @subsection BGP Peer commands |
294 | ||
295 | In a @code{router bgp} clause there are neighbor specific configurations | |
296 | required. | |
297 | ||
298 | @deffn {BGP} {neighbor @var{peer} shutdown} {} | |
299 | @deffnx {BGP} {no neighbor @var{peer} shutdown} {} | |
300 | Shutdown the peer. We can delete the neighbor's configuration by | |
301 | @code{no neighbor @var{peer} remote-as @var{as-number}} but all | |
302 | configuration of the neighbor will be deleted. When you want to | |
303 | preserve the configuration, but want to drop the BGP peer, use this | |
304 | syntax. | |
305 | @end deffn | |
306 | ||
307 | @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {} | |
308 | @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {} | |
309 | @end deffn | |
310 | ||
311 | @deffn {BGP} {neighbor @var{peer} description ...} {} | |
312 | @deffnx {BGP} {no neighbor @var{peer} description ...} {} | |
313 | Set description of the peer. | |
314 | @end deffn | |
315 | ||
316 | @deffn {BGP} {neighbor @var{peer} version @var{version}} {} | |
317 | Set up the neighbor's BGP version. @var{version} can be @var{4}, | |
318 | @var{4+} or @var{4-}. BGP version @var{4} is the default value used for | |
319 | BGP peering. BGP version @var{4+} means that the neighbor supports | |
320 | Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but | |
321 | the neighbor speaks the old Internet-Draft revision 00's Multiprotocol | |
322 | Extensions for BGP-4. Some routing software is still using this | |
323 | version. | |
324 | @end deffn | |
325 | ||
326 | @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {} | |
327 | @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {} | |
825cd49e PJ |
328 | When you connect to a BGP peer over an IPv6 link-local address, you |
329 | have to specify the @var{ifname} of the interface used for the | |
330 | connection. To specify IPv4 session addresses, see the | |
331 | @code{neighbor @var{peer} update-source} command below. | |
332 | ||
333 | This command is deprecated and may be removed in a future release. Its | |
334 | use should be avoided. | |
718e3744 | 335 | @end deffn |
336 | ||
9e7a53c1 TT |
337 | @deffn {BGP} {neighbor @var{peer} next-hop-self [all]} {} |
338 | @deffnx {BGP} {no neighbor @var{peer} next-hop-self [all]} {} | |
718e3744 | 339 | This command specifies an announced route's nexthop as being equivalent |
9e7a53c1 TT |
340 | to the address of the bgp router if it is learned via eBGP. |
341 | If the optional keyword @code{all} is specified the modifiation is done | |
342 | also for routes learned via iBGP. | |
718e3744 | 343 | @end deffn |
344 | ||
466c9656 | 345 | @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {} |
718e3744 | 346 | @deffnx {BGP} {no neighbor @var{peer} update-source} {} |
825cd49e PJ |
347 | Specify the IPv4 source address to use for the @acronym{BGP} session to this |
348 | neighbour, may be specified as either an IPv4 address directly or | |
349 | as an interface name (in which case the @command{zebra} daemon MUST be running | |
350 | in order for @command{bgpd} to be able to retrieve interface state). | |
351 | @example | |
352 | @group | |
353 | router bgp 64555 | |
354 | neighbor foo update-source 192.168.0.1 | |
355 | neighbor bar update-source lo0 | |
356 | @end group | |
357 | @end example | |
718e3744 | 358 | @end deffn |
359 | ||
360 | @deffn {BGP} {neighbor @var{peer} default-originate} {} | |
361 | @deffnx {BGP} {no neighbor @var{peer} default-originate} {} | |
362 | @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it | |
363 | is in routing table. When you want to announce default routes to the | |
364 | peer, use this command. | |
365 | @end deffn | |
366 | ||
367 | @deffn {BGP} {neighbor @var{peer} port @var{port}} {} | |
368 | @deffnx {BGP} {neighbor @var{peer} port @var{port}} {} | |
369 | @end deffn | |
370 | ||
371 | @deffn {BGP} {neighbor @var{peer} send-community} {} | |
372 | @deffnx {BGP} {neighbor @var{peer} send-community} {} | |
373 | @end deffn | |
374 | ||
375 | @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {} | |
376 | @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {} | |
377 | This command specifies a default @var{weight} value for the neighbor's | |
378 | routes. | |
379 | @end deffn | |
380 | ||
381 | @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {} | |
382 | @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {} | |
383 | @end deffn | |
384 | ||
5aebb9c7 AC |
385 | @deffn {BGP} {neighbor @var{peer} local-as @var{as-number}} {} |
386 | @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend} {} | |
387 | @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend replace-as} {} | |
388 | @deffnx {BGP} {no neighbor @var{peer} local-as} {} | |
389 | Specify an alternate AS for this BGP process when interacting with the | |
390 | specified peer. With no modifiers, the specified local-as is prepended to | |
391 | the received AS_PATH when receiving routing updates from the peer, and | |
392 | prepended to the outgoing AS_PATH (after the process local AS) when | |
393 | transmitting local routes to the peer. | |
394 | ||
395 | If the no-prepend attribute is specified, then the supplied local-as is not | |
396 | prepended to the received AS_PATH. | |
397 | ||
398 | If the replace-as attribute is specified, then only the supplied local-as is | |
399 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
400 | ||
401 | Note that replace-as can only be specified if no-prepend is. | |
402 | ||
403 | This command is only allowed for eBGP peers. | |
404 | @end deffn | |
405 | ||
5d804b43 PM |
406 | @deffn {BGP} {neighbor @var{peer} ttl-security hops @var{number}} {} |
407 | @deffnx {BGP} {no neighbor @var{peer} ttl-security hops @var{number}} {} | |
408 | This command enforces Generalized TTL Security Mechanism (GTSM), as | |
409 | specified in RFC 5082. With this command, only neighbors that are the | |
410 | specified number of hops away will be allowed to become neighbors. This | |
411 | command is mututally exclusive with @command{ebgp-multihop}. | |
412 | @end deffn | |
413 | ||
76b89b4a | 414 | @node Peer filtering |
718e3744 | 415 | @subsection Peer filtering |
416 | ||
417 | @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {} | |
418 | This command specifies a distribute-list for the peer. @var{direct} is | |
419 | @samp{in} or @samp{out}. | |
420 | @end deffn | |
421 | ||
422 | @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {} | |
423 | @end deffn | |
424 | ||
425 | @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {} | |
426 | @end deffn | |
427 | ||
428 | @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {} | |
429 | Apply a route-map on the neighbor. @var{direct} must be @code{in} or | |
430 | @code{out}. | |
431 | @end deffn | |
432 | ||
8bd9d948 DS |
433 | @deffn {BGP} {bgp route-reflector allow-outbound-policy} {} |
434 | By default, attribute modification via route-map policy out is not reflected | |
435 | on reflected routes. This option allows the modifications to be reflected as | |
436 | well. Once enabled, it affects all reflected routes. | |
437 | @end deffn | |
438 | ||
718e3744 | 439 | @c ----------------------------------------------------------------------- |
76b89b4a | 440 | @node BGP Peer Group |
718e3744 | 441 | @section BGP Peer Group |
442 | ||
443 | @deffn {BGP} {neighbor @var{word} peer-group} {} | |
444 | This command defines a new peer group. | |
445 | @end deffn | |
446 | ||
447 | @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {} | |
448 | This command bind specific peer to peer group @var{word}. | |
449 | @end deffn | |
450 | ||
76b89b4a | 451 | @node BGP Address Family |
718e3744 | 452 | @section BGP Address Family |
453 | ||
718e3744 | 454 | @c ----------------------------------------------------------------------- |
76b89b4a | 455 | @node Autonomous System |
718e3744 | 456 | @section Autonomous System |
457 | ||
aa5943f7 | 458 | The @acronym{AS,Autonomous System} number is one of the essential |
459 | element of BGP. BGP is a distance vector routing protocol, and the | |
460 | AS-Path framework provides distance vector metric and loop detection to | |
461 | BGP. @cite{RFC1930, Guidelines for creation, selection, and | |
462 | registration of an Autonomous System (AS)} provides some background on | |
463 | the concepts of an AS. | |
718e3744 | 464 | |
aa5943f7 | 465 | The AS number is a two octet value, ranging in value from 1 to 65535. |
466 | The AS numbers 64512 through 65535 are defined as private AS numbers. | |
467 | Private AS numbers must not to be advertised in the global Internet. | |
718e3744 | 468 | |
469 | @menu | |
470 | * AS Path Regular Expression:: | |
471 | * Display BGP Routes by AS Path:: | |
472 | * AS Path Access List:: | |
473 | * Using AS Path in Route Map:: | |
474 | * Private AS Numbers:: | |
475 | @end menu | |
476 | ||
76b89b4a | 477 | @node AS Path Regular Expression |
718e3744 | 478 | @subsection AS Path Regular Expression |
479 | ||
aa5943f7 | 480 | AS path regular expression can be used for displaying BGP routes and |
718e3744 | 481 | AS path access list. AS path regular expression is based on |
482 | @code{POSIX 1003.2} regular expressions. Following description is | |
483 | just a subset of @code{POSIX} regular expression. User can use full | |
484 | @code{POSIX} regular expression. Adding to that special character '_' | |
485 | is added for AS path regular expression. | |
486 | ||
487 | @table @code | |
488 | @item . | |
489 | Matches any single character. | |
490 | @item * | |
491 | Matches 0 or more occurrences of pattern. | |
492 | @item + | |
493 | Matches 1 or more occurrences of pattern. | |
494 | @item ? | |
495 | Match 0 or 1 occurrences of pattern. | |
496 | @item ^ | |
497 | Matches the beginning of the line. | |
498 | @item $ | |
499 | Matches the end of the line. | |
500 | @item _ | |
501 | Character @code{_} has special meanings in AS path regular expression. | |
502 | It matches to space and comma , and AS set delimiter @{ and @} and AS | |
503 | confederation delimiter @code{(} and @code{)}. And it also matches to | |
504 | the beginning of the line and the end of the line. So @code{_} can be | |
505 | used for AS value boundaries match. @code{show ip bgp regexp _7675_} | |
506 | matches to all of BGP routes which as AS number include @var{7675}. | |
507 | @end table | |
508 | ||
76b89b4a | 509 | @node Display BGP Routes by AS Path |
718e3744 | 510 | @subsection Display BGP Routes by AS Path |
511 | ||
aa5943f7 | 512 | To show BGP routes which has specific AS path information @code{show |
718e3744 | 513 | ip bgp} command can be used. |
514 | ||
515 | @deffn Command {show ip bgp regexp @var{line}} {} | |
516 | This commands display BGP routes that matches AS path regular | |
517 | expression @var{line}. | |
518 | @end deffn | |
519 | ||
76b89b4a | 520 | @node AS Path Access List |
718e3744 | 521 | @subsection AS Path Access List |
522 | ||
aa5943f7 | 523 | AS path access list is user defined AS path. |
718e3744 | 524 | |
525 | @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {} | |
526 | This command defines a new AS path access list. | |
527 | @end deffn | |
528 | ||
529 | @deffn {Command} {no ip as-path access-list @var{word}} {} | |
530 | @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {} | |
531 | @end deffn | |
532 | ||
76b89b4a | 533 | @node Using AS Path in Route Map |
718e3744 | 534 | @subsection Using AS Path in Route Map |
535 | ||
536 | @deffn {Route Map} {match as-path @var{word}} {} | |
537 | @end deffn | |
538 | ||
539 | @deffn {Route Map} {set as-path prepend @var{as-path}} {} | |
540 | @end deffn | |
541 | ||
76b89b4a | 542 | @node Private AS Numbers |
718e3744 | 543 | @subsection Private AS Numbers |
544 | ||
718e3744 | 545 | @c ----------------------------------------------------------------------- |
76b89b4a | 546 | @node BGP Communities Attribute |
718e3744 | 547 | @section BGP Communities Attribute |
548 | ||
aa5943f7 | 549 | BGP communities attribute is widely used for implementing policy |
718e3744 | 550 | routing. Network operators can manipulate BGP communities attribute |
551 | based on their network policy. BGP communities attribute is defined | |
aa5943f7 | 552 | in @cite{RFC1997, BGP Communities Attribute} and |
553 | @cite{RFC1998, An Application of the BGP Community Attribute | |
718e3744 | 554 | in Multi-home Routing}. It is an optional transitive attribute, |
555 | therefore local policy can travel through different autonomous system. | |
556 | ||
aa5943f7 | 557 | Communities attribute is a set of communities values. Each |
718e3744 | 558 | communities value is 4 octet long. The following format is used to |
559 | define communities value. | |
560 | ||
561 | @table @code | |
562 | @item AS:VAL | |
563 | This format represents 4 octet communities value. @code{AS} is high | |
564 | order 2 octet in digit format. @code{VAL} is low order 2 octet in | |
565 | digit format. This format is useful to define AS oriented policy | |
566 | value. For example, @code{7675:80} can be used when AS 7675 wants to | |
567 | pass local policy value 80 to neighboring peer. | |
568 | @item internet | |
569 | @code{internet} represents well-known communities value 0. | |
570 | @item no-export | |
571 | @code{no-export} represents well-known communities value @code{NO_EXPORT}@* | |
572 | @r{(0xFFFFFF01)}. All routes carry this value must not be advertised | |
573 | to outside a BGP confederation boundary. If neighboring BGP peer is | |
574 | part of BGP confederation, the peer is considered as inside a BGP | |
575 | confederation boundary, so the route will be announced to the peer. | |
576 | @item no-advertise | |
577 | @code{no-advertise} represents well-known communities value | |
578 | @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value | |
579 | must not be advertise to other BGP peers. | |
580 | @item local-AS | |
581 | @code{local-AS} represents well-known communities value | |
582 | @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this | |
583 | value must not be advertised to external BGP peers. Even if the | |
584 | neighboring router is part of confederation, it is considered as | |
585 | external BGP peer, so the route will not be announced to the peer. | |
586 | @end table | |
587 | ||
588 | When BGP communities attribute is received, duplicated communities | |
589 | value in the communities attribute is ignored and each communities | |
590 | values are sorted in numerical order. | |
591 | ||
592 | @menu | |
593 | * BGP Community Lists:: | |
594 | * Numbered BGP Community Lists:: | |
595 | * BGP Community in Route Map:: | |
596 | * Display BGP Routes by Community:: | |
597 | * Using BGP Communities Attribute:: | |
598 | @end menu | |
599 | ||
76b89b4a | 600 | @node BGP Community Lists |
718e3744 | 601 | @subsection BGP Community Lists |
602 | ||
603 | BGP community list is a user defined BGP communites attribute list. | |
604 | BGP community list can be used for matching or manipulating BGP | |
605 | communities attribute in updates. | |
606 | ||
aa5943f7 | 607 | There are two types of community list. One is standard community |
718e3744 | 608 | list and another is expanded community list. Standard community list |
609 | defines communities attribute. Expanded community list defines | |
610 | communities attribute string with regular expression. Standard | |
611 | community list is compiled into binary format when user define it. | |
612 | Standard community list will be directly compared to BGP communities | |
613 | attribute in BGP updates. Therefore the comparison is faster than | |
614 | expanded community list. | |
615 | ||
616 | @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {} | |
617 | This command defines a new standard community list. @var{community} | |
618 | is communities value. The @var{community} is compiled into community | |
619 | structure. We can define multiple community list under same name. In | |
620 | that case match will happen user defined order. Once the | |
621 | community list matches to communities attribute in BGP updates it | |
622 | return permit or deny by the community list definition. When there is | |
623 | no matched entry, deny will be returned. When @var{community} is | |
624 | empty it matches to any routes. | |
625 | @end deffn | |
626 | ||
627 | @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {} | |
628 | This command defines a new expanded community list. @var{line} is a | |
629 | string expression of communities attribute. @var{line} can include | |
630 | regular expression to match communities attribute in BGP updates. | |
631 | @end deffn | |
632 | ||
633 | @deffn Command {no ip community-list @var{name}} {} | |
634 | @deffnx Command {no ip community-list standard @var{name}} {} | |
635 | @deffnx Command {no ip community-list expanded @var{name}} {} | |
636 | These commands delete community lists specified by @var{name}. All of | |
637 | community lists shares a single name space. So community lists can be | |
638 | removed simpley specifying community lists name. | |
639 | @end deffn | |
640 | ||
641 | @deffn {Command} {show ip community-list} {} | |
642 | @deffnx {Command} {show ip community-list @var{name}} {} | |
643 | This command display current community list information. When | |
644 | @var{name} is specified the specified community list's information is | |
645 | shown. | |
646 | ||
647 | @example | |
648 | # show ip community-list | |
649 | Named Community standard list CLIST | |
650 | permit 7675:80 7675:100 no-export | |
651 | deny internet | |
652 | Named Community expanded list EXPAND | |
653 | permit : | |
654 | ||
655 | # show ip community-list CLIST | |
656 | Named Community standard list CLIST | |
657 | permit 7675:80 7675:100 no-export | |
658 | deny internet | |
659 | @end example | |
660 | @end deffn | |
661 | ||
76b89b4a | 662 | @node Numbered BGP Community Lists |
718e3744 | 663 | @subsection Numbered BGP Community Lists |
664 | ||
aa5943f7 | 665 | When number is used for BGP community list name, the number has |
718e3744 | 666 | special meanings. Community list number in the range from 1 and 99 is |
667 | standard community list. Community list number in the range from 100 | |
668 | to 199 is expanded community list. These community lists are called | |
669 | as numbered community lists. On the other hand normal community lists | |
670 | is called as named community lists. | |
671 | ||
672 | @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {} | |
673 | This command defines a new community list. <1-99> is standard | |
674 | community list number. Community list name within this range defines | |
675 | standard community list. When @var{community} is empty it matches to | |
676 | any routes. | |
677 | @end deffn | |
678 | ||
679 | @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {} | |
680 | This command defines a new community list. <100-199> is expanded | |
681 | community list number. Community list name within this range defines | |
682 | expanded community list. | |
683 | @end deffn | |
684 | ||
685 | @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {} | |
686 | When community list type is not specifed, the community list type is | |
687 | automatically detected. If @var{community} can be compiled into | |
688 | communities attribute, the community list is defined as a standard | |
689 | community list. Otherwise it is defined as an expanded community | |
690 | list. This feature is left for backward compability. Use of this | |
691 | feature is not recommended. | |
692 | @end deffn | |
693 | ||
76b89b4a | 694 | @node BGP Community in Route Map |
718e3744 | 695 | @subsection BGP Community in Route Map |
696 | ||
aa5943f7 | 697 | In Route Map (@pxref{Route Map}), we can match or set BGP |
718e3744 | 698 | communities attribute. Using this feature network operator can |
699 | implement their network policy based on BGP communities attribute. | |
700 | ||
aa5943f7 | 701 | Following commands can be used in Route Map. |
718e3744 | 702 | |
703 | @deffn {Route Map} {match community @var{word}} {} | |
704 | @deffnx {Route Map} {match community @var{word} exact-match} {} | |
705 | This command perform match to BGP updates using community list | |
706 | @var{word}. When the one of BGP communities value match to the one of | |
707 | communities value in community list, it is match. When | |
708 | @code{exact-match} keyword is spcified, match happen only when BGP | |
709 | updates have completely same communities value specified in the | |
710 | community list. | |
711 | @end deffn | |
712 | ||
713 | @deffn {Route Map} {set community none} {} | |
714 | @deffnx {Route Map} {set community @var{community}} {} | |
715 | @deffnx {Route Map} {set community @var{community} additive} {} | |
716 | This command manipulate communities value in BGP updates. When | |
717 | @code{none} is specified as communities value, it removes entire | |
718 | communities attribute from BGP updates. When @var{community} is not | |
719 | @code{none}, specified communities value is set to BGP updates. If | |
720 | BGP updates already has BGP communities value, the existing BGP | |
721 | communities value is replaced with specified @var{community} value. | |
722 | When @code{additive} keyword is specified, @var{community} is appended | |
723 | to the existing communities value. | |
724 | @end deffn | |
725 | ||
726 | @deffn {Route Map} {set comm-list @var{word} delete} {} | |
727 | This command remove communities value from BGP communities attribute. | |
728 | The @var{word} is community list name. When BGP route's communities | |
729 | value matches to the community list @var{word}, the communities value | |
730 | is removed. When all of communities value is removed eventually, the | |
731 | BGP update's communities attribute is completely removed. | |
732 | @end deffn | |
733 | ||
76b89b4a | 734 | @node Display BGP Routes by Community |
718e3744 | 735 | @subsection Display BGP Routes by Community |
736 | ||
aa5943f7 | 737 | To show BGP routes which has specific BGP communities attribute, |
718e3744 | 738 | @code{show ip bgp} command can be used. The @var{community} value and |
739 | community list can be used for @code{show ip bgp} command. | |
740 | ||
741 | @deffn Command {show ip bgp community} {} | |
742 | @deffnx Command {show ip bgp community @var{community}} {} | |
743 | @deffnx Command {show ip bgp community @var{community} exact-match} {} | |
744 | @code{show ip bgp community} displays BGP routes which has communities | |
745 | attribute. When @var{community} is specified, BGP routes that matches | |
746 | @var{community} value is displayed. For this command, @code{internet} | |
747 | keyword can't be used for @var{community} value. When | |
748 | @code{exact-match} is specified, it display only routes that have an | |
749 | exact match. | |
750 | @end deffn | |
751 | ||
752 | @deffn Command {show ip bgp community-list @var{word}} {} | |
753 | @deffnx Command {show ip bgp community-list @var{word} exact-match} {} | |
754 | This commands display BGP routes that matches community list | |
755 | @var{word}. When @code{exact-match} is specified, display only routes | |
756 | that have an exact match. | |
757 | @end deffn | |
758 | ||
76b89b4a | 759 | @node Using BGP Communities Attribute |
718e3744 | 760 | @subsection Using BGP Communities Attribute |
761 | ||
aa5943f7 | 762 | Following configuration is the most typical usage of BGP communities |
718e3744 | 763 | attribute. AS 7675 provides upstream Internet connection to AS 100. |
764 | When following configuration exists in AS 7675, AS 100 networks | |
765 | operator can set local preference in AS 7675 network by setting BGP | |
766 | communities attribute to the updates. | |
767 | ||
768 | @example | |
769 | router bgp 7675 | |
770 | neighbor 192.168.0.1 remote-as 100 | |
771 | neighbor 192.168.0.1 route-map RMAP in | |
772 | ! | |
773 | ip community-list 70 permit 7675:70 | |
774 | ip community-list 70 deny | |
775 | ip community-list 80 permit 7675:80 | |
776 | ip community-list 80 deny | |
777 | ip community-list 90 permit 7675:90 | |
778 | ip community-list 90 deny | |
779 | ! | |
780 | route-map RMAP permit 10 | |
781 | match community 70 | |
782 | set local-preference 70 | |
783 | ! | |
784 | route-map RMAP permit 20 | |
785 | match community 80 | |
786 | set local-preference 80 | |
787 | ! | |
788 | route-map RMAP permit 30 | |
789 | match community 90 | |
790 | set local-preference 90 | |
791 | @end example | |
792 | ||
aa5943f7 | 793 | Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. |
718e3744 | 794 | The route has communities value 7675:80 so when above configuration |
795 | exists in AS 7675, announced route's local preference will be set to | |
796 | value 80. | |
797 | ||
798 | @example | |
799 | router bgp 100 | |
800 | network 10.0.0.0/8 | |
801 | neighbor 192.168.0.2 remote-as 7675 | |
802 | neighbor 192.168.0.2 route-map RMAP out | |
803 | ! | |
804 | ip prefix-list PLIST permit 10.0.0.0/8 | |
805 | ! | |
806 | route-map RMAP permit 10 | |
807 | match ip address prefix-list PLIST | |
808 | set community 7675:80 | |
809 | @end example | |
810 | ||
aa5943f7 | 811 | Following configuration is an example of BGP route filtering using |
718e3744 | 812 | communities attribute. This configuration only permit BGP routes |
813 | which has BGP communities value 0:80 or 0:90. Network operator can | |
814 | put special internal communities value at BGP border router, then | |
815 | limit the BGP routes announcement into the internal network. | |
816 | ||
817 | @example | |
818 | router bgp 7675 | |
819 | neighbor 192.168.0.1 remote-as 100 | |
820 | neighbor 192.168.0.1 route-map RMAP in | |
821 | ! | |
822 | ip community-list 1 permit 0:80 0:90 | |
823 | ! | |
824 | route-map RMAP permit in | |
825 | match community 1 | |
826 | @end example | |
827 | ||
aa5943f7 | 828 | Following exmaple filter BGP routes which has communities value 1:1. |
718e3744 | 829 | When there is no match community-list returns deny. To avoid |
830 | filtering all of routes, we need to define permit any at last. | |
831 | ||
832 | @example | |
833 | router bgp 7675 | |
834 | neighbor 192.168.0.1 remote-as 100 | |
835 | neighbor 192.168.0.1 route-map RMAP in | |
836 | ! | |
837 | ip community-list standard FILTER deny 1:1 | |
838 | ip community-list standard FILTER permit | |
839 | ! | |
840 | route-map RMAP permit 10 | |
841 | match community FILTER | |
842 | @end example | |
843 | ||
aa5943f7 | 844 | Communities value keyword @code{internet} has special meanings in |
718e3744 | 845 | standard community lists. In below example @code{internet} act as |
846 | match any. It matches all of BGP routes even if the route does not | |
847 | have communities attribute at all. So community list @code{INTERNET} | |
848 | is same as above example's @code{FILTER}. | |
849 | ||
850 | @example | |
851 | ip community-list standard INTERNET deny 1:1 | |
852 | ip community-list standard INTERNET permit internet | |
853 | @end example | |
854 | ||
aa5943f7 | 855 | Following configuration is an example of communities value deletion. |
718e3744 | 856 | With this configuration communities value 100:1 and 100:2 is removed |
857 | from BGP updates. For communities value deletion, only @code{permit} | |
858 | community-list is used. @code{deny} community-list is ignored. | |
859 | ||
860 | @example | |
861 | router bgp 7675 | |
862 | neighbor 192.168.0.1 remote-as 100 | |
863 | neighbor 192.168.0.1 route-map RMAP in | |
864 | ! | |
865 | ip community-list standard DEL permit 100:1 100:2 | |
866 | ! | |
867 | route-map RMAP permit 10 | |
868 | set comm-list DEL delete | |
869 | @end example | |
870 | ||
871 | @c ----------------------------------------------------------------------- | |
76b89b4a | 872 | @node BGP Extended Communities Attribute |
718e3744 | 873 | @section BGP Extended Communities Attribute |
874 | ||
aa5943f7 | 875 | BGP extended communities attribute is introduced with MPLS VPN/BGP |
718e3744 | 876 | technology. MPLS VPN/BGP expands capability of network infrastructure |
877 | to provide VPN functionality. At the same time it requires a new | |
878 | framework for policy routing. With BGP Extended Communities Attribute | |
879 | we can use Route Target or Site of Origin for implementing network | |
880 | policy for MPLS VPN/BGP. | |
881 | ||
aa5943f7 | 882 | BGP Extended Communities Attribute is similar to BGP Communities |
718e3744 | 883 | Attribute. It is an optional transitive attribute. BGP Extended |
884 | Communities Attribute can carry multiple Extended Community value. | |
885 | Each Extended Community value is eight octet length. | |
886 | ||
aa5943f7 | 887 | BGP Extended Communities Attribute provides an extended range |
718e3744 | 888 | compared with BGP Communities Attribute. Adding to that there is a |
889 | type field in each value to provides community space structure. | |
890 | ||
aa5943f7 | 891 | There are two format to define Extended Community value. One is AS |
718e3744 | 892 | based format the other is IP address based format. |
893 | ||
894 | @table @code | |
895 | @item AS:VAL | |
896 | This is a format to define AS based Extended Community value. | |
897 | @code{AS} part is 2 octets Global Administrator subfield in Extended | |
898 | Community value. @code{VAL} part is 4 octets Local Administrator | |
899 | subfield. @code{7675:100} represents AS 7675 policy value 100. | |
900 | @item IP-Address:VAL | |
901 | This is a format to define IP address based Extended Community value. | |
902 | @code{IP-Address} part is 4 octets Global Administrator subfield. | |
903 | @code{VAL} part is 2 octets Local Administrator subfield. | |
904 | @code{10.0.0.1:100} represents | |
905 | @end table | |
906 | ||
907 | @menu | |
908 | * BGP Extended Community Lists:: | |
909 | * BGP Extended Communities in Route Map:: | |
910 | @end menu | |
911 | ||
76b89b4a | 912 | @node BGP Extended Community Lists |
718e3744 | 913 | @subsection BGP Extended Community Lists |
914 | ||
aa5943f7 | 915 | Expanded Community Lists is a user defined BGP Expanded Community |
718e3744 | 916 | Lists. |
917 | ||
918 | @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {} | |
919 | This command defines a new standard extcommunity-list. | |
920 | @var{extcommunity} is extended communities value. The | |
921 | @var{extcommunity} is compiled into extended community structure. We | |
922 | can define multiple extcommunity-list under same name. In that case | |
923 | match will happen user defined order. Once the extcommunity-list | |
924 | matches to extended communities attribute in BGP updates it return | |
925 | permit or deny based upon the extcommunity-list definition. When | |
926 | there is no matched entry, deny will be returned. When | |
927 | @var{extcommunity} is empty it matches to any routes. | |
928 | @end deffn | |
929 | ||
930 | @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {} | |
931 | This command defines a new expanded extcommunity-list. @var{line} is | |
932 | a string expression of extended communities attribute. @var{line} can | |
933 | include regular expression to match extended communities attribute in | |
934 | BGP updates. | |
935 | @end deffn | |
936 | ||
937 | @deffn Command {no ip extcommunity-list @var{name}} {} | |
938 | @deffnx Command {no ip extcommunity-list standard @var{name}} {} | |
939 | @deffnx Command {no ip extcommunity-list expanded @var{name}} {} | |
940 | These commands delete extended community lists specified by | |
941 | @var{name}. All of extended community lists shares a single name | |
942 | space. So extended community lists can be removed simpley specifying | |
943 | the name. | |
944 | @end deffn | |
945 | ||
946 | @deffn {Command} {show ip extcommunity-list} {} | |
947 | @deffnx {Command} {show ip extcommunity-list @var{name}} {} | |
948 | This command display current extcommunity-list information. When | |
949 | @var{name} is specified the community list's information is shown. | |
950 | ||
951 | @example | |
952 | # show ip extcommunity-list | |
953 | @end example | |
954 | @end deffn | |
955 | ||
76b89b4a | 956 | @node BGP Extended Communities in Route Map |
718e3744 | 957 | @subsection BGP Extended Communities in Route Map |
958 | ||
959 | @deffn {Route Map} {match extcommunity @var{word}} {} | |
960 | @end deffn | |
961 | ||
962 | @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {} | |
963 | This command set Route Target value. | |
964 | @end deffn | |
965 | ||
966 | @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {} | |
967 | This command set Site of Origin value. | |
968 | @end deffn | |
969 | ||
970 | @c ----------------------------------------------------------------------- | |
76b89b4a | 971 | @node Displaying BGP routes |
718e3744 | 972 | @section Displaying BGP Routes |
973 | ||
974 | @menu | |
975 | * Show IP BGP:: | |
976 | * More Show IP BGP:: | |
977 | @end menu | |
978 | ||
76b89b4a | 979 | @node Show IP BGP |
718e3744 | 980 | @subsection Show IP BGP |
981 | ||
982 | @deffn {Command} {show ip bgp} {} | |
983 | @deffnx {Command} {show ip bgp @var{A.B.C.D}} {} | |
984 | @deffnx {Command} {show ip bgp @var{X:X::X:X}} {} | |
985 | This command displays BGP routes. When no route is specified it | |
986 | display all of IPv4 BGP routes. | |
987 | @end deffn | |
988 | ||
989 | @example | |
990 | BGP table version is 0, local router ID is 10.1.1.1 | |
991 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal | |
992 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
993 | ||
994 | Network Next Hop Metric LocPrf Weight Path | |
995 | *> 1.1.1.1/32 0.0.0.0 0 32768 i | |
996 | ||
997 | Total number of prefixes 1 | |
998 | @end example | |
999 | ||
76b89b4a | 1000 | @node More Show IP BGP |
718e3744 | 1001 | @subsection More Show IP BGP |
1002 | ||
1003 | @deffn {Command} {show ip bgp regexp @var{line}} {} | |
1004 | This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}). | |
1005 | @end deffn | |
1006 | ||
1007 | @deffn Command {show ip bgp community @var{community}} {} | |
1008 | @deffnx Command {show ip bgp community @var{community} exact-match} {} | |
1009 | This command display BGP routes using @var{community} (@pxref{Display | |
1010 | BGP Routes by Community}). | |
1011 | @end deffn | |
1012 | ||
1013 | @deffn Command {show ip bgp community-list @var{word}} {} | |
1014 | @deffnx Command {show ip bgp community-list @var{word} exact-match} {} | |
1015 | This command display BGP routes using community list (@pxref{Display | |
1016 | BGP Routes by Community}). | |
1017 | @end deffn | |
1018 | ||
1019 | @deffn {Command} {show ip bgp summary} {} | |
1020 | @end deffn | |
1021 | ||
1022 | @deffn {Command} {show ip bgp neighbor [@var{peer}]} {} | |
1023 | @end deffn | |
1024 | ||
1025 | @deffn {Command} {clear ip bgp @var{peer}} {} | |
1026 | Clear peers which have addresses of X.X.X.X | |
1027 | @end deffn | |
1028 | ||
1029 | @deffn {Command} {clear ip bgp @var{peer} soft in} {} | |
1030 | Clear peer using soft reconfiguration. | |
1031 | @end deffn | |
1032 | ||
c31e5726 AC |
1033 | @deffn {Command} {show ip bgp dampened-paths} {} |
1034 | Display paths suppressed due to dampening | |
1035 | @end deffn | |
1036 | ||
1037 | @deffn {Command} {show ip bgp flap-statistics} {} | |
1038 | Display flap statistics of routes | |
1039 | @end deffn | |
1040 | ||
718e3744 | 1041 | @deffn {Command} {show debug} {} |
1042 | @end deffn | |
1043 | ||
1044 | @deffn {Command} {debug event} {} | |
1045 | @end deffn | |
1046 | ||
1047 | @deffn {Command} {debug update} {} | |
1048 | @end deffn | |
1049 | ||
1050 | @deffn {Command} {debug keepalive} {} | |
1051 | @end deffn | |
1052 | ||
1053 | @deffn {Command} {no debug event} {} | |
1054 | @end deffn | |
1055 | ||
1056 | @deffn {Command} {no debug update} {} | |
1057 | @end deffn | |
1058 | ||
1059 | @deffn {Command} {no debug keepalive} {} | |
1060 | @end deffn | |
1061 | ||
76b89b4a | 1062 | @node Capability Negotiation |
718e3744 | 1063 | @section Capability Negotiation |
1064 | ||
aa5943f7 | 1065 | When adding IPv6 routing information exchange feature to BGP. There |
1066 | were some proposals. @acronym{IETF,Internet Engineering Task Force} | |
1067 | @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted | |
1068 | a proposal called Multiprotocol Extension for BGP. The specification | |
1069 | is described in @cite{RFC2283}. The protocol does not define new protocols. | |
1070 | It defines new attributes to existing BGP. When it is used exchanging | |
1071 | IPv6 routing information it is called BGP-4+. When it is used for | |
1072 | exchanging multicast routing information it is called MBGP. | |
1073 | ||
1074 | @command{bgpd} supports Multiprotocol Extension for BGP. So if remote | |
1075 | peer supports the protocol, @command{bgpd} can exchange IPv6 and/or | |
1076 | multicast routing information. | |
1077 | ||
1078 | Traditional BGP did not have the feature to detect remote peer's | |
1079 | capabilities, e.g. whether it can handle prefix types other than IPv4 | |
1080 | unicast routes. This was a big problem using Multiprotocol Extension | |
1081 | for BGP to operational network. @cite{RFC2842, Capabilities | |
1082 | Advertisement with BGP-4} adopted a feature called Capability | |
1083 | Negotiation. @command{bgpd} use this Capability Negotiation to detect | |
1084 | the remote peer's capabilities. If the peer is only configured as IPv4 | |
1085 | unicast neighbor, @command{bgpd} does not send these Capability | |
1086 | Negotiation packets (at least not unless other optional BGP features | |
1087 | require capability negotation). | |
1088 | ||
1089 | By default, Quagga will bring up peering with minimal common capability | |
1090 | for the both sides. For example, local router has unicast and | |
1091 | multicast capabilitie and remote router has unicast capability. In | |
1092 | this case, the local router will establish the connection with unicast | |
1093 | only capability. When there are no common capabilities, Quagga sends | |
1094 | Unsupported Capability error and then resets the connection. | |
1095 | ||
1096 | If you want to completely match capabilities with remote peer. Please | |
718e3744 | 1097 | use @command{strict-capability-match} command. |
1098 | ||
1099 | @deffn {BGP} {neighbor @var{peer} strict-capability-match} {} | |
1100 | @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {} | |
1101 | Strictly compares remote capabilities and local capabilities. If capabilities | |
1102 | are different, send Unsupported Capability error then reset connection. | |
1103 | @end deffn | |
1104 | ||
aa5943f7 | 1105 | You may want to disable sending Capability Negotiation OPEN message |
718e3744 | 1106 | optional parameter to the peer when remote peer does not implement |
1107 | Capability Negotiation. Please use @command{dont-capability-negotiate} | |
1108 | command to disable the feature. | |
1109 | ||
1110 | @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {} | |
1111 | @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {} | |
1112 | Suppress sending Capability Negotiation as OPEN message optional | |
1113 | parameter to the peer. This command only affects the peer is configured | |
1114 | other than IPv4 unicast configuration. | |
1115 | @end deffn | |
1116 | ||
aa5943f7 | 1117 | When remote peer does not have capability negotiation feature, remote |
1118 | peer will not send any capabilities at all. In that case, bgp | |
1119 | configures the peer with configured capabilities. | |
718e3744 | 1120 | |
aa5943f7 | 1121 | You may prefer locally configured capabilities more than the negotiated |
1122 | capabilities even though remote peer sends capabilities. If the peer | |
1123 | is configured by @command{override-capability}, @command{bgpd} ignores | |
1124 | received capabilities then override negotiated capabilities with | |
1125 | configured values. | |
718e3744 | 1126 | |
1127 | @deffn {BGP} {neighbor @var{peer} override-capability} {} | |
1128 | @deffnx {BGP} {no neighbor @var{peer} override-capability} {} | |
1129 | Override the result of Capability Negotiation with local configuration. | |
1130 | Ignore remote peer's capability value. | |
1131 | @end deffn | |
1132 | ||
76b89b4a | 1133 | @node Route Reflector |
718e3744 | 1134 | @section Route Reflector |
1135 | ||
1136 | @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {} | |
1137 | @end deffn | |
1138 | ||
1139 | @deffn {BGP} {neighbor @var{peer} route-reflector-client} {} | |
1140 | @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {} | |
1141 | @end deffn | |
1142 | ||
76b89b4a | 1143 | @node Route Server |
718e3744 | 1144 | @section Route Server |
1145 | ||
1146 | At an Internet Exchange point, many ISPs are connected to each other by | |
1147 | external BGP peering. Normally these external BGP connection are done by | |
aa5943f7 | 1148 | @samp{full mesh} method. As with internal BGP full mesh formation, |
718e3744 | 1149 | this method has a scaling problem. |
1150 | ||
1151 | This scaling problem is well known. Route Server is a method to resolve | |
1152 | the problem. Each ISP's BGP router only peers to Route Server. Route | |
1153 | Server serves as BGP information exchange to other BGP routers. By | |
1154 | applying this method, numbers of BGP connections is reduced from | |
1155 | O(n*(n-1)/2) to O(n). | |
1156 | ||
1157 | Unlike normal BGP router, Route Server must have several routing tables | |
1158 | for managing different routing policies for each BGP speaker. We call the | |
1159 | routing tables as different @code{view}s. @command{bgpd} can work as | |
1160 | normal BGP router or Route Server or both at the same time. | |
1161 | ||
1162 | @menu | |
1163 | * Multiple instance:: | |
1164 | * BGP instance and view:: | |
1165 | * Routing policy:: | |
1166 | * Viewing the view:: | |
1167 | @end menu | |
1168 | ||
76b89b4a | 1169 | @node Multiple instance |
718e3744 | 1170 | @subsection Multiple instance |
1171 | ||
1172 | To enable multiple view function of @code{bgpd}, you must turn on | |
1173 | multiple instance feature beforehand. | |
1174 | ||
1175 | @deffn {Command} {bgp multiple-instance} {} | |
1176 | Enable BGP multiple instance feature. After this feature is enabled, | |
1177 | you can make multiple BGP instances or multiple BGP views. | |
1178 | @end deffn | |
1179 | ||
1180 | @deffn {Command} {no bgp multiple-instance} {} | |
1181 | Disable BGP multiple instance feature. You can not disable this feature | |
1182 | when BGP multiple instances or views exist. | |
1183 | @end deffn | |
1184 | ||
1185 | When you want to make configuration more Cisco like one, | |
1186 | ||
1187 | @deffn {Command} {bgp config-type cisco} {} | |
1188 | Cisco compatible BGP configuration output. | |
1189 | @end deffn | |
1190 | ||
1191 | When bgp config-type cisco is specified, | |
1192 | ||
1193 | ``no synchronization'' is displayed. | |
2b09e211 | 1194 | ``no auto-summary'' is displayed. |
718e3744 | 1195 | |
1196 | ``network'' and ``aggregate-address'' argument is displayed as | |
1197 | ``A.B.C.D M.M.M.M'' | |
1198 | ||
7190f4ea | 1199 | Quagga: network 10.0.0.0/8 |
718e3744 | 1200 | Cisco: network 10.0.0.0 |
1201 | ||
7190f4ea | 1202 | Quagga: aggregate-address 192.168.0.0/24 |
718e3744 | 1203 | Cisco: aggregate-address 192.168.0.0 255.255.255.0 |
1204 | ||
1205 | Community attribute handling is also different. If there is no | |
1206 | configuration is specified community attribute and extended community | |
1207 | attribute are sent to neighbor. When user manually disable the | |
1208 | feature community attribute is not sent to the neighbor. In case of | |
aa5943f7 | 1209 | @command{bgp config-type cisco} is specified, community attribute is not |
718e3744 | 1210 | sent to the neighbor by default. To send community attribute user has |
aa5943f7 | 1211 | to specify @command{neighbor A.B.C.D send-community} command. |
718e3744 | 1212 | |
aa5943f7 | 1213 | @example |
718e3744 | 1214 | ! |
1215 | router bgp 1 | |
1216 | neighbor 10.0.0.1 remote-as 1 | |
1217 | no neighbor 10.0.0.1 send-community | |
1218 | ! | |
718e3744 | 1219 | router bgp 1 |
1220 | neighbor 10.0.0.1 remote-as 1 | |
1221 | neighbor 10.0.0.1 send-community | |
1222 | ! | |
aa5943f7 | 1223 | @end example |
718e3744 | 1224 | |
1225 | @deffn {Command} {bgp config-type zebra} {} | |
7190f4ea | 1226 | Quagga style BGP configuration. This is default. |
718e3744 | 1227 | @end deffn |
1228 | ||
76b89b4a | 1229 | @node BGP instance and view |
718e3744 | 1230 | @subsection BGP instance and view |
1231 | ||
1232 | BGP instance is a normal BGP process. The result of route selection | |
1233 | goes to the kernel routing table. You can setup different AS at the | |
1234 | same time when BGP multiple instance feature is enabled. | |
1235 | ||
1236 | @deffn {Command} {router bgp @var{as-number}} {} | |
1237 | Make a new BGP instance. You can use arbitrary word for the @var{name}. | |
1238 | @end deffn | |
1239 | ||
1240 | @example | |
1241 | @group | |
1242 | bgp multiple-instance | |
1243 | ! | |
1244 | router bgp 1 | |
1245 | neighbor 10.0.0.1 remote-as 2 | |
1246 | neighbor 10.0.0.2 remote-as 3 | |
1247 | ! | |
1248 | router bgp 2 | |
1249 | neighbor 10.0.0.3 remote-as 4 | |
1250 | neighbor 10.0.0.4 remote-as 5 | |
1251 | @end group | |
1252 | @end example | |
1253 | ||
1254 | BGP view is almost same as normal BGP process. The result of | |
1255 | route selection does not go to the kernel routing table. BGP view is | |
1256 | only for exchanging BGP routing information. | |
1257 | ||
1258 | @deffn {Command} {router bgp @var{as-number} view @var{name}} {} | |
1259 | Make a new BGP view. You can use arbitrary word for the @var{name}. This | |
1260 | view's route selection result does not go to the kernel routing table. | |
1261 | @end deffn | |
1262 | ||
1263 | With this command, you can setup Route Server like below. | |
1264 | ||
1265 | @example | |
1266 | @group | |
1267 | bgp multiple-instance | |
1268 | ! | |
1269 | router bgp 1 view 1 | |
1270 | neighbor 10.0.0.1 remote-as 2 | |
1271 | neighbor 10.0.0.2 remote-as 3 | |
1272 | ! | |
1273 | router bgp 2 view 2 | |
1274 | neighbor 10.0.0.3 remote-as 4 | |
1275 | neighbor 10.0.0.4 remote-as 5 | |
1276 | @end group | |
1277 | @end example | |
1278 | ||
76b89b4a | 1279 | @node Routing policy |
718e3744 | 1280 | @subsection Routing policy |
1281 | ||
1282 | You can set different routing policy for a peer. For example, you can | |
1283 | set different filter for a peer. | |
1284 | ||
1285 | @example | |
1286 | @group | |
1287 | bgp multiple-instance | |
1288 | ! | |
1289 | router bgp 1 view 1 | |
1290 | neighbor 10.0.0.1 remote-as 2 | |
1291 | neighbor 10.0.0.1 distribute-list 1 in | |
1292 | ! | |
1293 | router bgp 1 view 2 | |
1294 | neighbor 10.0.0.1 remote-as 2 | |
1295 | neighbor 10.0.0.1 distribute-list 2 in | |
1296 | @end group | |
1297 | @end example | |
1298 | ||
1299 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view | |
1300 | 2. When the update is inserted into view 1, distribute-list 1 is | |
1301 | applied. On the other hand, when the update is inserted into view 2, | |
1302 | distribute-list 2 is applied. | |
1303 | ||
76b89b4a | 1304 | @node Viewing the view |
718e3744 | 1305 | @subsection Viewing the view |
1306 | ||
1307 | To display routing table of BGP view, you must specify view name. | |
1308 | ||
1309 | @deffn {Command} {show ip bgp view @var{name}} {} | |
1310 | Display routing table of BGP view @var{name}. | |
1311 | @end deffn | |
1312 | ||
76b89b4a | 1313 | @node How to set up a 6-Bone connection |
718e3744 | 1314 | @section How to set up a 6-Bone connection |
1315 | ||
6a22b1fc | 1316 | |
718e3744 | 1317 | @example |
1318 | @group | |
1319 | zebra configuration | |
1320 | =================== | |
1321 | ! | |
1322 | ! Actually there is no need to configure zebra | |
1323 | ! | |
1324 | ||
1325 | bgpd configuration | |
1326 | ================== | |
1327 | ! | |
1328 | ! This means that routes go through zebra and into the kernel. | |
1329 | ! | |
1330 | router zebra | |
1331 | ! | |
1332 | ! MP-BGP configuration | |
1333 | ! | |
1334 | router bgp 7675 | |
1335 | bgp router-id 10.0.0.1 | |
1336 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number} | |
1337 | ! | |
1338 | address-family ipv6 | |
1339 | network 3ffe:506::/32 | |
1340 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
1341 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
1342 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number} | |
1343 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
1344 | exit-address-family | |
1345 | ! | |
1346 | ipv6 access-list all permit any | |
1347 | ! | |
1348 | ! Set output nexthop address. | |
1349 | ! | |
1350 | route-map set-nexthop permit 10 | |
1351 | match ipv6 address all | |
1352 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
1353 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
1354 | ! | |
1355 | ! logfile FILENAME is obsolete. Please use log file FILENAME | |
7190f4ea | 1356 | |
718e3744 | 1357 | log file bgpd.log |
1358 | ! | |
1359 | @end group | |
1360 | @end example | |
1361 | ||
76b89b4a | 1362 | @node Dump BGP packets and table |
718e3744 | 1363 | @section Dump BGP packets and table |
1364 | ||
1365 | @deffn Command {dump bgp all @var{path}} {} | |
1366 | @deffnx Command {dump bgp all @var{path} @var{interval}} {} | |
1367 | Dump all BGP packet and events to @var{path} file. | |
1368 | @end deffn | |
1369 | ||
1370 | @deffn Command {dump bgp updates @var{path}} {} | |
1371 | @deffnx Command {dump bgp updates @var{path} @var{interval}} {} | |
1372 | Dump BGP updates to @var{path} file. | |
1373 | @end deffn | |
1374 | ||
1375 | @deffn Command {dump bgp routes @var{path}} {} | |
1376 | @deffnx Command {dump bgp routes @var{path}} {} | |
1377 | Dump whole BGP routing table to @var{path}. This is heavy process. | |
1378 | @end deffn | |
aa5943f7 | 1379 | |
1380 | @node BGP Configuration Examples | |
1381 | @section BGP Configuration Examples | |
1382 | ||
1383 | Example of a session to an upstream, advertising only one prefix to it. | |
1384 | ||
1385 | @example | |
1386 | router bgp 64512 | |
1387 | bgp router-id 10.236.87.1 | |
1388 | network 10.236.87.0/24 | |
1389 | neighbor upstream peer-group | |
1390 | neighbor upstream remote-as 64515 | |
1391 | neighbor upstream capability dynamic | |
1392 | neighbor upstream prefix-list pl-allowed-adv out | |
1393 | neighbor 10.1.1.1 peer-group upstream | |
1394 | neighbor 10.1.1.1 description ACME ISP | |
1395 | ! | |
1396 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
1397 | ip prefix-list pl-allowed-adv seq 10 deny any | |
1398 | ||
1399 | @end example | |
1400 | ||
1401 | A more complex example. With upstream, peer and customer sessions. | |
1402 | Advertising global prefixes and NO_EXPORT prefixes and providing | |
1403 | actions for customer routes based on community values. Extensive use of | |
1404 | route-maps and the 'call' feature to support selective advertising of | |
1405 | prefixes. This example is intended as guidance only, it has NOT been | |
1406 | tested and almost certainly containts silly mistakes, if not serious | |
1407 | flaws. | |
1408 | ||
1409 | @example | |
1410 | router bgp 64512 | |
1411 | bgp router-id 10.236.87.1 | |
1412 | network 10.123.456.0/24 | |
1413 | network 10.123.456.128/25 route-map rm-no-export | |
1414 | neighbor upstream capability dynamic | |
1415 | neighbor upstream route-map rm-upstream-out out | |
1416 | neighbor cust capability dynamic | |
1417 | neighbor cust route-map rm-cust-in in | |
1418 | neighbor cust route-map rm-cust-out out | |
1419 | neighbor cust send-community both | |
1420 | neighbor peer capability dynamic | |
1421 | neighbor peer route-map rm-peer-in in | |
1422 | neighbor peer route-map rm-peer-out out | |
1423 | neighbor peer send-community both | |
1424 | neighbor 10.1.1.1 remote-as 64515 | |
1425 | neighbor 10.1.1.1 peer-group upstream | |
1426 | neighbor 10.2.1.1 remote-as 64516 | |
1427 | neighbor 10.2.1.1 peer-group upstream | |
1428 | neighbor 10.3.1.1 remote-as 64517 | |
1429 | neighbor 10.3.1.1 peer-group cust-default | |
1430 | neighbor 10.3.1.1 description customer1 | |
1431 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
1432 | neighbor 10.4.1.1 remote-as 64518 | |
1433 | neighbor 10.4.1.1 peer-group cust | |
1434 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
1435 | neighbor 10.4.1.1 description customer2 | |
1436 | neighbor 10.5.1.1 remote-as 64519 | |
1437 | neighbor 10.5.1.1 peer-group peer | |
1438 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
1439 | neighbor 10.5.1.1 description peer AS 1 | |
1440 | neighbor 10.6.1.1 remote-as 64520 | |
1441 | neighbor 10.6.1.1 peer-group peer | |
1442 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
1443 | neighbor 10.6.1.1 description peer AS 2 | |
1444 | ! | |
1445 | ip prefix-list pl-default permit 0.0.0.0/0 | |
1446 | ! | |
1447 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
1448 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
1449 | ! | |
1450 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
1451 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
1452 | ! | |
1453 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
1454 | ! | |
1455 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
1456 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
1457 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
1458 | ! | |
1459 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
1460 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
1461 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
1462 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
1463 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
1464 | ! | |
1465 | ip as-path access-list asp-own-as permit ^$ | |
1466 | ip as-path access-list asp-own-as permit _64512_ | |
1467 | ! | |
1468 | ! ################################################################# | |
1469 | ! Match communities we provide actions for, on routes receives from | |
1470 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
1471 | ! | |
1472 | ! 100 - blackhole the prefix | |
1473 | ! 200 - set no_export | |
1474 | ! 300 - advertise only to other customers | |
1475 | ! 400 - advertise only to upstreams | |
1476 | ! 500 - set no_export when advertising to upstreams | |
1477 | ! 2X00 - set local_preference to X00 | |
1478 | ! | |
1479 | ! blackhole the prefix of the route | |
1480 | ip community-list standard cm-blackhole permit 64512:100 | |
1481 | ! | |
1482 | ! set no-export community before advertising | |
1483 | ip community-list standard cm-set-no-export permit 64512:200 | |
1484 | ! | |
1485 | ! advertise only to other customers | |
1486 | ip community-list standard cm-cust-only permit 64512:300 | |
1487 | ! | |
1488 | ! advertise only to upstreams | |
1489 | ip community-list standard cm-upstream-only permit 64512:400 | |
1490 | ! | |
1491 | ! advertise to upstreams with no-export | |
1492 | ip community-list standard cm-upstream-noexport permit 64512:500 | |
1493 | ! | |
1494 | ! set local-pref to least significant 3 digits of the community | |
1495 | ip community-list standard cm-prefmod-100 permit 64512:2100 | |
1496 | ip community-list standard cm-prefmod-200 permit 64512:2200 | |
1497 | ip community-list standard cm-prefmod-300 permit 64512:2300 | |
1498 | ip community-list standard cm-prefmod-400 permit 64512:2400 | |
1499 | ip community-list expanded cme-prefmod-range permit 64512:2... | |
1500 | ! | |
1501 | ! Informational communities | |
1502 | ! | |
1503 | ! 3000 - learned from upstream | |
1504 | ! 3100 - learned from customer | |
1505 | ! 3200 - learned from peer | |
1506 | ! | |
1507 | ip community-list standard cm-learnt-upstream permit 64512:3000 | |
1508 | ip community-list standard cm-learnt-cust permit 64512:3100 | |
1509 | ip community-list standard cm-learnt-peer permit 64512:3200 | |
1510 | ! | |
1511 | ! ################################################################### | |
1512 | ! Utility route-maps | |
1513 | ! | |
1514 | ! These utility route-maps generally should not used to permit/deny | |
1515 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
1516 | ! should be used with 'on-match next'. These all finish with an empty | |
1517 | ! permit entry so as not interfere with processing in the caller. | |
1518 | ! | |
1519 | route-map rm-no-export permit 10 | |
1520 | set community additive no-export | |
1521 | route-map rm-no-export permit 20 | |
1522 | ! | |
1523 | route-map rm-blackhole permit 10 | |
1524 | description blackhole, up-pref and ensure it cant escape this AS | |
1525 | set ip next-hop 127.0.0.1 | |
1526 | set local-preference 10 | |
1527 | set community additive no-export | |
1528 | route-map rm-blackhole permit 20 | |
1529 | ! | |
1530 | ! Set local-pref as requested | |
1531 | route-map rm-prefmod permit 10 | |
1532 | match community cm-prefmod-100 | |
1533 | set local-preference 100 | |
1534 | route-map rm-prefmod permit 20 | |
1535 | match community cm-prefmod-200 | |
1536 | set local-preference 200 | |
1537 | route-map rm-prefmod permit 30 | |
1538 | match community cm-prefmod-300 | |
1539 | set local-preference 300 | |
1540 | route-map rm-prefmod permit 40 | |
1541 | match community cm-prefmod-400 | |
1542 | set local-preference 400 | |
1543 | route-map rm-prefmod permit 50 | |
1544 | ! | |
1545 | ! Community actions to take on receipt of route. | |
1546 | route-map rm-community-in permit 10 | |
1547 | description check for blackholing, no point continuing if it matches. | |
1548 | match community cm-blackhole | |
1549 | call rm-blackhole | |
1550 | route-map rm-community-in permit 20 | |
1551 | match community cm-set-no-export | |
1552 | call rm-no-export | |
1553 | on-match next | |
1554 | route-map rm-community-in permit 30 | |
1555 | match community cme-prefmod-range | |
1556 | call rm-prefmod | |
1557 | route-map rm-community-in permit 40 | |
1558 | ! | |
1559 | ! ##################################################################### | |
1560 | ! Community actions to take when advertising a route. | |
1561 | ! These are filtering route-maps, | |
1562 | ! | |
1563 | ! Deny customer routes to upstream with cust-only set. | |
1564 | route-map rm-community-filt-to-upstream deny 10 | |
1565 | match community cm-learnt-cust | |
1566 | match community cm-cust-only | |
1567 | route-map rm-community-filt-to-upstream permit 20 | |
1568 | ! | |
1569 | ! Deny customer routes to other customers with upstream-only set. | |
1570 | route-map rm-community-filt-to-cust deny 10 | |
1571 | match community cm-learnt-cust | |
1572 | match community cm-upstream-only | |
1573 | route-map rm-community-filt-to-cust permit 20 | |
1574 | ! | |
1575 | ! ################################################################### | |
1576 | ! The top-level route-maps applied to sessions. Further entries could | |
1577 | ! be added obviously.. | |
1578 | ! | |
1579 | ! Customers | |
1580 | route-map rm-cust-in permit 10 | |
1581 | call rm-community-in | |
1582 | on-match next | |
1583 | route-map rm-cust-in permit 20 | |
1584 | set community additive 64512:3100 | |
1585 | route-map rm-cust-in permit 30 | |
1586 | ! | |
1587 | route-map rm-cust-out permit 10 | |
1588 | call rm-community-filt-to-cust | |
1589 | on-match next | |
1590 | route-map rm-cust-out permit 20 | |
1591 | ! | |
1592 | ! Upstream transit ASes | |
1593 | route-map rm-upstream-out permit 10 | |
1594 | description filter customer prefixes which are marked cust-only | |
1595 | call rm-community-filt-to-upstream | |
1596 | on-match next | |
1597 | route-map rm-upstream-out permit 20 | |
1598 | description only customer routes are provided to upstreams/peers | |
1599 | match community cm-learnt-cust | |
1600 | ! | |
1601 | ! Peer ASes | |
1602 | ! outbound policy is same as for upstream | |
1603 | route-map rm-peer-out permit 10 | |
1604 | call rm-upstream-out | |
1605 | ! | |
1606 | route-map rm-peer-in permit 10 | |
1607 | set community additive 64512:3200 | |
1608 | @end example |