]>
Commit | Line | Data |
---|---|---|
0c3368a8 | 1 | @c -*-texinfo-*-\r |
2 | @c @value{COPYRIGHT_STR}\r | |
3 | @c See file quagga.texi for copying conditions.\r | |
4 | @c\r | |
5 | @c This file is a modified version of Jose Luis Rubio's TeX sources \r | |
6 | @c of his RS-Manual document\r | |
7 | \r | |
8 | @node Configuring Quagga as a Route Server\r | |
9 | @chapter Configuring Quagga as a Route Server\r | |
10 | \r | |
11 | The purpose of a Route Server is to centralize the peerings between BGP\r | |
12 | speakers. For example if we have an exchange point scenario with four BGP\r | |
13 | speakers, each of which maintaining a BGP peering with the other three\r | |
14 | (@pxref{fig:full-mesh}), we can convert it into a centralized scenario where\r | |
15 | each of the four establishes a single BGP peering against the Route Server\r | |
16 | (@pxref{fig:route-server}).\r | |
17 | \r | |
18 | We will first describe briefly the Route Server model implemented by Quagga.\r | |
19 | We will explain the commands that have been added for configuring that\r | |
20 | model. And finally we will show a full example of Quagga configured as Route\r | |
21 | Server.\r | |
22 | \r | |
23 | @menu\r | |
24 | * Description of the Route Server model::\r | |
25 | * Commands for configuring a Route Server::\r | |
26 | * Example of Route Server Configuration::\r | |
27 | @end menu\r | |
28 | \r | |
29 | @node Description of the Route Server model\r | |
30 | @section Description of the Route Server model\r | |
31 | \r | |
32 | First we are going to describe the normal processing that BGP announcements\r | |
33 | suffer inside a standard BGP speaker, as shown in @ref{fig:normal-processing},\r | |
34 | it consists of three steps:\r | |
35 | \r | |
36 | @itemize\r | |
37 | @item When an announcement is received from some peer, the `In' filters\r | |
38 | configured for that peer are applied to the announcement. These filters can\r | |
39 | reject the announcement, accept it unmodified, or accept it with some of its\r | |
40 | attributes modified.\r | |
41 | \r | |
42 | @item The announcements that pass the `In' filters go into the\r | |
43 | Best Path Selection process, where they are compared to other\r | |
44 | announcements referred to the same destination that have been\r | |
45 | received from different peers (in case such other\r | |
46 | announcements exist). For each different destination, the announcement\r | |
47 | which is selected as the best is inserted into the BGP speaker's Loc-RIB.\r | |
48 | \r | |
49 | @item The routes which are inserted in the Loc-RIB are\r | |
50 | considered for announcement to all the peers (except the one\r | |
51 | from which the route came). This is done by passing the routes\r | |
52 | in the Loc-RIB through the `Out' filters corresponding to each\r | |
53 | peer. These filters can reject the route,\r | |
54 | accept it unmodified, or accept it with some of its attributes\r | |
55 | modified. Those routes which are accepted by the `Out' filters\r | |
56 | of a peer are announced to that peer.\r | |
57 | @end itemize\r | |
58 | \r | |
59 | @float Figure,fig:normal-processing\r | |
60 | @image{fig-normal-processing,500pt,,Normal announcement processing,eps}\r | |
61 | @caption{Announcement processing inside a ``normal'' BGP speaker}\r | |
62 | @end float\r | |
63 | \r | |
64 | @float Figure,fig:full-mesh\r | |
65 | @image{fig_topologies_full,,,Full Mesh BGP Topology,eps}\r | |
66 | @caption{Full Mesh}\r | |
67 | @end float\r | |
68 | \r | |
69 | @float Figure,fig:route-server\r | |
70 | @image{fig_topologies_rs,,,Route Server BGP Topology,eps}\r | |
71 | @caption{Route Server and clients} \r | |
72 | @end float\r | |
73 | \r | |
74 | Of course we want that the routing tables obtained in each of the routers\r | |
75 | are the same when using the route server than when not. But as a consequence\r | |
76 | of having a single BGP peering (against the route server), the BGP speakers\r | |
77 | can no longer distinguish from/to which peer each announce comes/goes.\r | |
78 | @anchor{filter-delegation}This means that the routers connected to the route\r | |
79 | server are not able to apply by themselves the same input/output filters\r | |
80 | as in the full mesh scenario, so they have to delegate those functions to\r | |
81 | the route server.\r | |
82 | \r | |
83 | Even more, the ``best path'' selection must be also performed inside the route\r | |
84 | server on behalf of its clients. The reason is that if, after applying the\r | |
85 | filters of the announcer and the (potential) receiver, the route server\r | |
86 | decides to send to some client two or more different announcements referred\r | |
87 | to the same destination, the client will only retain the last one,\r | |
88 | considering it as an implicit withdrawal of the previous announcements for\r | |
89 | the same destination. This is the expected behavior of a BGP speaker as\r | |
90 | defined in @cite{RFC1771}, and even though there are some proposals of\r | |
91 | mechanisms that permit multiple paths for the same destination to be sent\r | |
92 | through a single BGP peering, none of them are currently supported by most\r | |
93 | of the existing BGP implementations.\r | |
94 | \r | |
95 | As a consequence a route server must maintain additional information and\r | |
96 | perform additional tasks for a RS-client that those necessary for common BGP\r | |
97 | peerings. Essentially a route server must:\r | |
98 | \r | |
99 | @anchor{Route Server tasks}\r | |
100 | @itemize\r | |
101 | @item Maintain a separated Routing Information Base (Loc-RIB)\r | |
102 | for each peer configured as RS-client, containing the routes\r | |
103 | selected as a result of the ``Best Path Selection'' process\r | |
104 | that is performed on behalf of that RS-client.\r | |
105 | \r | |
106 | @item Whenever it receives an announcement from a RS-client,\r | |
107 | it must consider it for the Loc-RIBs of the other RS-clients.\r | |
108 | \r | |
109 | @anchor{Route-server path filter process}\r | |
110 | @itemize\r | |
111 | @item\r | |
112 | This means that for each of them the route server must pass the\r | |
113 | announcement through the appropriate `Out' filter of the\r | |
114 | announcer.\r | |
115 | \r | |
116 | @item\r | |
117 | Then through the appropriate `In' filter of\r | |
118 | the potential receiver. \r | |
119 | \r | |
120 | @item\r | |
121 | Only if the announcement is accepted by both filters it will be passed\r | |
122 | to the ``Best Path Selection'' process.\r | |
123 | \r | |
124 | @item\r | |
125 | Finally, it might go into the Loc-RIB of the receiver.\r | |
126 | @end itemize\r | |
127 | @c end of route-server best path process list\r | |
128 | @end itemize\r | |
129 | @c end of route-server tasks list\r | |
130 | \r | |
131 | When we talk about the ``appropriate'' filter, both the announcer and the\r | |
132 | receiver of the route must be taken into account. Suppose that the route\r | |
133 | server receives an announcement from client A, and the route server is\r | |
134 | considering it for the Loc-RIB of client B. The filters that should be\r | |
135 | applied are the same that would be used in the full mesh scenario, i.e.,\r | |
136 | first the `Out' filter of router A for announcements going to router B, and\r | |
137 | then the `In' filter of router B for announcements coming from router A.\r | |
138 | \r | |
139 | We call ``Export Policy'' of a RS-client to the set of `Out' filters that\r | |
140 | the client would use if there was no route server. The same applies for the\r | |
141 | ``Import Policy'' of a RS-client and the set of `In' filters of the client\r | |
142 | if there was no route server.\r | |
143 | \r | |
144 | It is also common to demand from a route server that it does not\r | |
145 | modify some BGP attributes (next-hop, as-path and MED) that are usually\r | |
146 | modified by standard BGP speakers before announcing a route.\r | |
147 | \r | |
148 | The announcement processing model implemented by Quagga is shown in\r | |
149 | @ref{fig:rs-processing}. The figure shows a mixture of RS-clients (B, C and D)\r | |
150 | with normal BGP peers (A). There are some details that worth additional\r | |
151 | comments:\r | |
152 | \r | |
153 | @itemize\r | |
154 | @item Announcements coming from a normal BGP peer are also\r | |
155 | considered for the Loc-RIBs of all the RS-clients. But\r | |
156 | logically they do not pass through any export policy.\r | |
157 | \r | |
158 | @item Those peers that are configured as RS-clients do not\r | |
159 | receive any announce from the `Main' Loc-RIB.\r | |
160 | \r | |
161 | @item Apart from import and export policies,\r | |
162 | `In' and `Out' filters can also be set for RS-clients. `In'\r | |
163 | filters might be useful when the route server has also normal\r | |
164 | BGP peers. On the other hand, `Out' filters for RS-clients are\r | |
165 | probably unnecessary, but we decided not to remove them as\r | |
166 | they do not hurt anybody (they can always be left empty).\r | |
167 | @end itemize\r | |
168 | \r | |
169 | @float Figure,fig:rs-processing\r | |
170 | @image{fig-rs-processing,500pt,,,eps}\r | |
171 | @caption{Announcement processing model implemented by the Route Server}\r | |
172 | @end float\r | |
173 | \r | |
174 | @node Commands for configuring a Route Server\r | |
175 | @section Commands for configuring a Route Server\r | |
176 | \r | |
177 | Now we will describe the commands that have been added to quagga\r | |
178 | in order to support the route server features.\r | |
179 | \r | |
180 | @deffn {Route-Server} {neighbor @var{peer-group} route-server-client} {}\r | |
181 | @deffnx {Route-Server} {neighbor @var{A.B.C.D} route-server-client} {}\r | |
182 | @deffnx {Route-Server} {neighbor @var{X:X::X:X} route-server-client} {}\r | |
183 | This command configures the peer given by @var{peer}, @var{A.B.C.D} or\r | |
184 | @var{X:X::X:X} as an RS-client.\r | |
185 | \r | |
186 | Actually this command is not new, it already existed in standard Quagga. It\r | |
187 | enables the transparent mode for the specified peer. This means that some\r | |
188 | BGP attributes (as-path, next-hop and MED) of the routes announced to that\r | |
189 | peer are not modified.\r | |
190 | \r | |
191 | With the route server patch, this command, apart from setting the\r | |
192 | transparent mode, creates a new Loc-RIB dedicated to the specified peer\r | |
193 | (those named `Loc-RIB for X' in @ref{fig:rs-processing}.). Starting from\r | |
194 | that moment, every announcement received by the route server will be also\r | |
195 | considered for the new Loc-RIB.\r | |
196 | @end deffn\r | |
197 | \r | |
198 | @deffn {Route-Server} {neigbor @{A.B.C.D|X.X::X.X|peer-group@} route-map WORD @{import|export@}} {}\r | |
199 | This set of commands can be used to specify the route-map that\r | |
200 | represents the Import or Export policy of a peer which is\r | |
201 | configured as a RS-client (with the previous command).\r | |
202 | @end deffn\r | |
203 | \r | |
204 | @deffn {Route-Server} {match peer @{A.B.C.D|X:X::X:X@}} {}\r | |
205 | This is a new @emph{match} statement for use in route-maps, enabling them to\r | |
206 | describe import/export policies. As we said before, an import/export policy\r | |
207 | represents a set of input/output filters of the RS-client. This statement\r | |
208 | makes possible that a single route-map represents the full set of filters\r | |
209 | that a BGP speaker would use for its different peers in a non-RS scenario.\r | |
210 | \r | |
211 | The @emph{match peer} statement has different semantics whether it is used\r | |
212 | inside an import or an export route-map. In the first case the statement\r | |
213 | matches if the address of the peer who sends the announce is the same that\r | |
214 | the address specified by @{A.B.C.D|X:X::X:X@}. For export route-maps it\r | |
215 | matches when @{A.B.C.D|X:X::X:X@} is the address of the RS-Client into whose\r | |
216 | Loc-RIB the announce is going to be inserted (how the same export policy is\r | |
217 | applied before different Loc-RIBs is shown in @ref{fig:rs-processing}.).\r | |
218 | @end deffn\r | |
219 | \r | |
220 | @deffn {Route-map Command} {call @var{WORD}} {}\r | |
221 | This command (also used inside a route-map) jumps into a different\r | |
222 | route-map, whose name is specified by @var{WORD}. When the called\r | |
223 | route-map finishes, depending on its result the original route-map\r | |
224 | continues or not. Apart from being useful for making import/export\r | |
225 | route-maps easier to write, this command can also be used inside\r | |
226 | any normal (in or out) route-map.\r | |
227 | @end deffn\r | |
228 | \r | |
229 | @node Example of Route Server Configuration\r | |
230 | @section Example of Route Server Configuration\r | |
231 | \r | |
232 | Finally we are going to show how to configure a Quagga daemon to act as a\r | |
233 | Route Server. For this purpose we are going to present a scenario without\r | |
234 | route server, and then we will show how to use the configurations of the BGP\r | |
235 | routers to generate the configuration of the route server.\r | |
236 | \r | |
237 | All the configuration files shown in this section have been taken\r | |
238 | from scenarios which were tested using the VNUML tool\r | |
239 | @uref{http://www.dit.upm.es/vnuml,VNUML}. \r | |
240 | \r | |
241 | @menu\r | |
242 | * Configuration of the BGP routers without Route Server::\r | |
243 | * Configuration of the BGP routers with Route Server::\r | |
244 | * Configuration of the Route Server itself::\r | |
245 | * Further considerations about Import and Export route-maps::\r | |
246 | @end menu\r | |
247 | \r | |
248 | @node Configuration of the BGP routers without Route Server\r | |
249 | @subsection Configuration of the BGP routers without Route Server\r | |
250 | \r | |
251 | We will suppose that our initial scenario is an exchange point with three\r | |
252 | BGP capable routers, named RA, RB and RC. Each of the BGP speakers generates\r | |
253 | some routes (with the @var{network} command), and establishes BGP peerings\r | |
254 | against the other two routers. These peerings have In and Out route-maps\r | |
255 | configured, named like ``PEER-X-IN'' or ``PEER-X-OUT''. For example the\r | |
256 | configuration file for router RA could be the following:\r | |
257 | \r | |
258 | @example\r | |
259 | #Configuration for router 'RA'\r | |
260 | !\r | |
261 | hostname RA\r | |
262 | password ****\r | |
263 | !\r | |
264 | router bgp 65001\r | |
265 | no bgp default ipv4-unicast\r | |
266 | neighbor 2001:0DB8::B remote-as 65002\r | |
267 | neighbor 2001:0DB8::C remote-as 65003\r | |
268 | !\r | |
269 | address-family ipv6\r | |
270 | network 2001:0DB8:AAAA:1::/64\r | |
271 | network 2001:0DB8:AAAA:2::/64\r | |
272 | network 2001:0DB8:0000:1::/64\r | |
273 | network 2001:0DB8:0000:2::/64\r | |
274 | \r | |
275 | neighbor 2001:0DB8::B activate\r | |
276 | neighbor 2001:0DB8::B soft-reconfiguration inbound\r | |
277 | neighbor 2001:0DB8::B route-map PEER-B-IN in\r | |
278 | neighbor 2001:0DB8::B route-map PEER-B-OUT out\r | |
279 | \r | |
280 | neighbor 2001:0DB8::C activate\r | |
281 | neighbor 2001:0DB8::C soft-reconfiguration inbound\r | |
282 | neighbor 2001:0DB8::C route-map PEER-C-IN in\r | |
283 | neighbor 2001:0DB8::C route-map PEER-C-OUT out\r | |
284 | exit-address-family\r | |
285 | !\r | |
286 | ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64\r | |
287 | ipv6 prefix-list COMMON-PREFIXES seq 10 deny any\r | |
288 | !\r | |
289 | ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64\r | |
290 | ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any\r | |
291 | !\r | |
292 | ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64\r | |
293 | ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any\r | |
294 | !\r | |
295 | ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64\r | |
296 | ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any\r | |
297 | !\r | |
298 | route-map PEER-B-IN permit 10\r | |
299 | match ipv6 address prefix-list COMMON-PREFIXES\r | |
300 | set metric 100\r | |
301 | route-map PEER-B-IN permit 20\r | |
302 | match ipv6 address prefix-list PEER-B-PREFIXES\r | |
303 | set community 65001:11111\r | |
304 | !\r | |
305 | route-map PEER-C-IN permit 10\r | |
306 | match ipv6 address prefix-list COMMON-PREFIXES\r | |
307 | set metric 200\r | |
308 | route-map PEER-C-IN permit 20\r | |
309 | match ipv6 address prefix-list PEER-C-PREFIXES\r | |
310 | set community 65001:22222\r | |
311 | !\r | |
312 | route-map PEER-B-OUT permit 10\r | |
313 | match ipv6 address prefix-list PEER-A-PREFIXES\r | |
314 | !\r | |
315 | route-map PEER-C-OUT permit 10\r | |
316 | match ipv6 address prefix-list PEER-A-PREFIXES\r | |
317 | !\r | |
318 | line vty\r | |
319 | !\r | |
320 | @end example\r | |
321 | \r | |
322 | @node Configuration of the BGP routers with Route Server\r | |
323 | @subsection Configuration of the BGP routers with Route Server\r | |
324 | \r | |
325 | To convert the initial scenario into one with route server, first we must\r | |
326 | modify the configuration of routers RA, RB and RC. Now they must not peer\r | |
327 | between them, but only with the route server. For example, RA's\r | |
328 | configuration would turn into:\r | |
329 | \r | |
330 | @example\r | |
331 | # Configuration for router 'RA'\r | |
332 | !\r | |
333 | hostname RA\r | |
334 | password ****\r | |
335 | !\r | |
336 | router bgp 65001\r | |
337 | no bgp default ipv4-unicast\r | |
338 | neighbor 2001:0DB8::FFFF remote-as 65000\r | |
339 | !\r | |
340 | address-family ipv6\r | |
341 | network 2001:0DB8:AAAA:1::/64\r | |
342 | network 2001:0DB8:AAAA:2::/64\r | |
343 | network 2001:0DB8:0000:1::/64\r | |
344 | network 2001:0DB8:0000:2::/64\r | |
345 | \r | |
346 | neighbor 2001:0DB8::FFFF activate\r | |
347 | neighbor 2001:0DB8::FFFF soft-reconfiguration inbound\r | |
348 | exit-address-family\r | |
349 | !\r | |
350 | line vty\r | |
351 | !\r | |
352 | @end example\r | |
353 | \r | |
354 | Which is logically much simpler than its initial configuration, as it now\r | |
355 | maintains only one BGP peering and all the filters (route-maps) have\r | |
356 | disappeared.\r | |
357 | \r | |
358 | @node Configuration of the Route Server itself\r | |
359 | @subsection Configuration of the Route Server itself\r | |
360 | \r | |
361 | As we said when we described the functions of a route server\r | |
362 | (@pxref{Description of the Route Server model}), it is in charge of all the\r | |
363 | route filtering. To achieve that, the In and Out filters from the RA, RB and\r | |
364 | RC configurations must be converted into Import and Export policies in the\r | |
365 | route server.\r | |
366 | \r | |
367 | This is a fragment of the route server configuration (we only show\r | |
368 | the policies for client RA):\r | |
369 | \r | |
370 | @example\r | |
371 | # Configuration for Route Server ('RS')\r | |
372 | !\r | |
373 | hostname RS\r | |
374 | password ix\r | |
375 | !\r | |
376 | bgp multiple-instance\r | |
377 | !\r | |
378 | router bgp 65000 view RS\r | |
379 | no bgp default ipv4-unicast\r | |
380 | neighbor 2001:0DB8::A remote-as 65001\r | |
381 | neighbor 2001:0DB8::B remote-as 65002\r | |
382 | neighbor 2001:0DB8::C remote-as 65003\r | |
383 | !\r | |
384 | address-family ipv6\r | |
385 | neighbor 2001:0DB8::A activate\r | |
386 | neighbor 2001:0DB8::A route-server-client\r | |
387 | neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import\r | |
388 | neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export\r | |
389 | neighbor 2001:0DB8::A soft-reconfiguration inbound\r | |
390 | \r | |
391 | neighbor 2001:0DB8::B activate\r | |
392 | neighbor 2001:0DB8::B route-server-client\r | |
393 | neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import\r | |
394 | neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export\r | |
395 | neighbor 2001:0DB8::B soft-reconfiguration inbound\r | |
396 | \r | |
397 | neighbor 2001:0DB8::C activate\r | |
398 | neighbor 2001:0DB8::C route-server-client\r | |
399 | neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import\r | |
400 | neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export\r | |
401 | neighbor 2001:0DB8::C soft-reconfiguration inbound\r | |
402 | exit-address-family\r | |
403 | !\r | |
404 | ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64\r | |
405 | ipv6 prefix-list COMMON-PREFIXES seq 10 deny any\r | |
406 | !\r | |
407 | ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64\r | |
408 | ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any\r | |
409 | !\r | |
410 | ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64\r | |
411 | ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any\r | |
412 | !\r | |
413 | ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64\r | |
414 | ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any\r | |
415 | !\r | |
416 | route-map RSCLIENT-A-IMPORT permit 10\r | |
417 | match peer 2001:0DB8::B\r | |
418 | call A-IMPORT-FROM-B\r | |
419 | route-map RSCLIENT-A-IMPORT permit 20\r | |
420 | match peer 2001:0DB8::C\r | |
421 | call A-IMPORT-FROM-C\r | |
422 | !\r | |
423 | route-map A-IMPORT-FROM-B permit 10\r | |
424 | match ipv6 address prefix-list COMMON-PREFIXES\r | |
425 | set metric 100\r | |
426 | route-map A-IMPORT-FROM-B permit 20\r | |
427 | match ipv6 address prefix-list PEER-B-PREFIXES\r | |
428 | set community 65001:11111\r | |
429 | !\r | |
430 | route-map A-IMPORT-FROM-C permit 10\r | |
431 | match ipv6 address prefix-list COMMON-PREFIXES\r | |
432 | set metric 200\r | |
433 | route-map A-IMPORT-FROM-C permit 20\r | |
434 | match ipv6 address prefix-list PEER-C-PREFIXES\r | |
435 | set community 65001:22222\r | |
436 | !\r | |
437 | route-map RSCLIENT-A-EXPORT permit 10\r | |
438 | match peer 2001:0DB8::B\r | |
439 | match ipv6 address prefix-list PEER-A-PREFIXES\r | |
440 | route-map RSCLIENT-A-EXPORT permit 20\r | |
441 | match peer 2001:0DB8::C\r | |
442 | match ipv6 address prefix-list PEER-A-PREFIXES\r | |
443 | !\r | |
444 | ...\r | |
445 | ...\r | |
446 | ...\r | |
447 | @end example\r | |
448 | \r | |
449 | If you compare the initial configuration of RA with the route server\r | |
450 | configuration above, you can see how easy it is to generate the Import and\r | |
451 | Export policies for RA from the In and Out route-maps of RA's original\r | |
452 | configuration.\r | |
453 | \r | |
454 | When there was no route server, RA maintained two peerings, one with RB and\r | |
455 | another with RC. Each of this peerings had an In route-map configured. To\r | |
456 | build the Import route-map for client RA in the route server, simply add\r | |
457 | route-map entries following this scheme:\r | |
458 | \r | |
459 | @example\r | |
460 | route-map <NAME> permit 10\r | |
461 | match peer <Peer Address>\r | |
462 | call <In Route-Map for this Peer>\r | |
463 | route-map <NAME> permit 20\r | |
464 | match peer <Another Peer Address>\r | |
465 | call <In Route-Map for this Peer>\r | |
466 | @end example\r | |
467 | \r | |
468 | This is exactly the process that has been followed to generate the route-map\r | |
469 | RSCLIENT-A-IMPORT. The route-maps that are called inside it (A-IMPORT-FROM-B\r | |
470 | and A-IMPORT-FROM-C) are exactly the same than the In route-maps from the\r | |
471 | original configuration of RA (PEER-B-IN and PEER-C-IN), only the name is\r | |
472 | different.\r | |
473 | \r | |
474 | The same could have been done to create the Export policy for RA (route-map\r | |
475 | RSCLIENT-A-EXPORT), but in this case the original Out route-maps where so\r | |
476 | simple that we decided not to use the @var{call WORD} commands, and we\r | |
477 | integrated all in a single route-map (RSCLIENT-A-EXPORT).\r | |
478 | \r | |
479 | The Import and Export policies for RB and RC are not shown, but\r | |
480 | the process would be identical.\r | |
481 | \r | |
482 | @node Further considerations about Import and Export route-maps\r | |
483 | @subsection Further considerations about Import and Export route-maps\r | |
484 | \r | |
485 | The current version of the route server patch only allows to specify a\r | |
486 | route-map for import and export policies, while in a standard BGP speaker\r | |
487 | apart from route-maps there are other tools for performing input and output\r | |
488 | filtering (access-lists, community-lists, ...). But this does not represent\r | |
489 | any limitation, as all kinds of filters can be included in import/export\r | |
490 | route-maps. For example suppose that in the non-route-server scenario peer\r | |
491 | RA had the following filters configured for input from peer B:\r | |
492 | \r | |
493 | @example\r | |
494 | neighbor 2001:0DB8::B prefix-list LIST-1 in\r | |
495 | neighbor 2001:0DB8::B filter-list LIST-2 in\r | |
496 | neighbor 2001:0DB8::B route-map PEER-B-IN in\r | |
497 | ...\r | |
498 | ...\r | |
499 | route-map PEER-B-IN permit 10\r | |
500 | match ipv6 address prefix-list COMMON-PREFIXES\r | |
501 | set local-preference 100\r | |
502 | route-map PEER-B-IN permit 20\r | |
503 | match ipv6 address prefix-list PEER-B-PREFIXES\r | |
504 | set community 65001:11111\r | |
505 | @end example\r | |
506 | \r | |
507 | It is posible to write a single route-map which is equivalent to\r | |
508 | the three filters (the community-list, the prefix-list and the\r | |
509 | route-map). That route-map can then be used inside the Import\r | |
510 | policy in the route server. Lets see how to do it:\r | |
511 | \r | |
512 | @example\r | |
513 | neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import\r | |
514 | ...\r | |
515 | !\r | |
516 | ...\r | |
517 | route-map RSCLIENT-A-IMPORT permit 10\r | |
518 | match peer 2001:0DB8::B\r | |
519 | call A-IMPORT-FROM-B\r | |
520 | ...\r | |
521 | ...\r | |
522 | !\r | |
523 | route-map A-IMPORT-FROM-B permit 1\r | |
524 | match ipv6 address prefix-list LIST-1\r | |
525 | match as-path LIST-2\r | |
526 | on-match goto 10\r | |
527 | route-map A-IMPORT-FROM-B deny 2\r | |
528 | route-map A-IMPORT-FROM-B permit 10\r | |
529 | match ipv6 address prefix-list COMMON-PREFIXES\r | |
530 | set local-preference 100\r | |
531 | route-map A-IMPORT-FROM-B permit 20\r | |
532 | match ipv6 address prefix-list PEER-B-PREFIXES\r | |
533 | set community 65001:11111\r | |
534 | !\r | |
535 | ...\r | |
536 | ...\r | |
537 | @end example\r | |
538 | \r | |
539 | The route-map A-IMPORT-FROM-B is equivalent to the three filters\r | |
540 | (LIST-1, LIST-2 and PEER-B-IN). The first entry of route-map\r | |
541 | A-IMPORT-FROM-B (sequence number 1) matches if and only if both\r | |
542 | the prefix-list LIST-1 and the filter-list LIST-2 match. If that\r | |
543 | happens, due to the ``on-match goto 10'' statement the next\r | |
544 | route-map entry to be processed will be number 10, and as of that\r | |
545 | point route-map A-IMPORT-FROM-B is identical to PEER-B-IN. If\r | |
546 | the first entry does not match, `on-match goto 10'' will be\r | |
547 | ignored and the next processed entry will be number 2, which will\r | |
548 | deny the route.\r | |
549 | \r | |
550 | Thus, the result is the same that with the three original filters,\r | |
551 | i.e., if either LIST-1 or LIST-2 rejects the route, it does not\r | |
552 | reach the route-map PEER-B-IN. In case both LIST-1 and LIST-2\r | |
553 | accept the route, it passes to PEER-B-IN, which can reject, accept\r | |
554 | or modify the route.\r |