]>
Commit | Line | Data |
---|---|---|
42fc5d26 QY |
1 | .. _BGP: |
2 | ||
3 | *** | |
4 | BGP | |
5 | *** | |
6 | ||
c3c5a71f QY |
7 | :abbr:`BGP` stands for a Border Gateway Protocol. The lastest BGP version is 4. |
8 | It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols and | |
9 | de-fact standard of Inter Domain routing protocol. BGP-4 is described in | |
07a17e6d | 10 | :rfc:`1771`. |
42fc5d26 | 11 | |
07a17e6d QY |
12 | Many extensions have been added to :rfc:`1771`. :rfc:`2858` provides |
13 | multiprotocol support to BGP-4. | |
42fc5d26 QY |
14 | |
15 | .. _Starting_BGP: | |
16 | ||
17 | Starting BGP | |
18 | ============ | |
19 | ||
20 | Default configuration file of *bgpd* is :file:`bgpd.conf`. | |
21 | *bgpd* searches the current directory first then | |
c3c5a71f | 22 | |INSTALL_PREFIX_ETC|/bgpd.conf. All of bgpd's command must be |
42fc5d26 QY |
23 | configured in :file:`bgpd.conf`. |
24 | ||
c3c5a71f | 25 | *bgpd* specific invocation options are described below. Common |
42fc5d26 QY |
26 | options may also be specified (:ref:`Common_Invocation_Options`). |
27 | ||
28 | ||
29 | ||
30 | *-p `PORT`* | |
31 | ||
32 | *--bgp_port=`PORT`* | |
33 | Set the bgp protocol's port number. | |
34 | ||
35 | ||
36 | *-r* | |
37 | ||
38 | *--retain* | |
39 | When program terminates, retain BGP routes added by zebra. | |
40 | ||
41 | ||
42 | *-l* | |
43 | ||
44 | *--listenon* | |
c3c5a71f | 45 | Specify a specific IP address for bgpd to listen on, rather than its |
42fc5d26 QY |
46 | default of INADDR_ANY / IN6ADDR_ANY. This can be useful to constrain bgpd |
47 | to an internal address, or to run multiple bgpd processes on one host. | |
48 | ||
49 | ||
50 | .. _BGP_router: | |
51 | ||
52 | BGP router | |
53 | ========== | |
54 | ||
55 | First of all you must configure BGP router with *router bgp* | |
c3c5a71f QY |
56 | command. To configure BGP router, you need AS number. AS number is an |
57 | identification of autonomous system. BGP protocol uses the AS number | |
42fc5d26 QY |
58 | for detecting whether the BGP connection is internal one or external one. |
59 | ||
c3c5a71f | 60 | .. index:: router bgp ASN |
42fc5d26 | 61 | |
c3c5a71f QY |
62 | ``router bgp ASN`` |
63 | Enable a BGP protocol process with the specified `asn`. After | |
64 | this statement you can input any `BGP Commands`. You can not | |
42fc5d26 QY |
65 | create different BGP process under different `asn` without |
66 | specifying `multiple-instance` (:ref:`Multiple_instance`). | |
67 | ||
c3c5a71f | 68 | .. index:: no router bgp ASN |
42fc5d26 | 69 | |
c3c5a71f | 70 | ``no router bgp ASN`` |
42fc5d26 QY |
71 | Destroy a BGP protocol process with the specified `asn`. |
72 | ||
c3c5a71f | 73 | .. index:: bgp router-id `A.B.C.D` |
42fc5d26 | 74 | |
c3c5a71f QY |
75 | ``bgp router-id `A.B.C.D``` |
76 | ||
77 | This command specifies the router-ID. If *bgpd* connects to *zebra* it gets | |
78 | interface and address information. In that case default router ID value | |
79 | is selected as the largest IP Address of the interfaces. When | |
42fc5d26 | 80 | `router zebra` is not enabled *bgpd* can't get interface information |
c3c5a71f | 81 | so `router-id` is set to 0.0.0.0. So please set router-id by hand. |
42fc5d26 QY |
82 | |
83 | .. _BGP_distance: | |
84 | ||
85 | BGP distance | |
86 | ------------ | |
87 | ||
c3c5a71f QY |
88 | .. index:: distance bgp <1-255> <1-255> <1-255> |
89 | ||
90 | ``distance bgp <1-255> <1-255> <1-255>`` | |
42fc5d26 | 91 | |
c3c5a71f | 92 | This command change distance value of BGP. Each argument is distance |
42fc5d26 QY |
93 | value for external routes, internal routes and local routes. |
94 | ||
c3c5a71f QY |
95 | .. index:: distance <1-255> `A.B.C.D/M` |
96 | ||
97 | ``distance <1-255> `A.B.C.D/M``` | |
42fc5d26 | 98 | |
c3c5a71f | 99 | .. index:: distance <1-255> `A.B.C.D/M` `word` |
42fc5d26 | 100 | |
c3c5a71f QY |
101 | ``distance <1-255> `A.B.C.D/M` `word``` |
102 | ||
103 | This command set distance value to | |
42fc5d26 QY |
104 | |
105 | .. _BGP_decision_process: | |
106 | ||
107 | BGP decision process | |
108 | -------------------- | |
109 | ||
dc1046f7 | 110 | The decision process FRR BGP uses to select routes is as follows: |
42fc5d26 QY |
111 | |
112 | ||
113 | ||
114 | *1. Weight check* | |
115 | prefer higher local weight routes to lower routes. | |
116 | ||
117 | ||
118 | *2. Local preference check* | |
119 | prefer higher local preference routes to lower. | |
120 | ||
121 | ||
122 | *3. Local route check* | |
123 | Prefer local routes (statics, aggregates, redistributed) to received routes. | |
124 | ||
125 | ||
126 | *4. AS path length check* | |
c3c5a71f | 127 | Prefer shortest hop-count AS_PATHs. |
42fc5d26 QY |
128 | |
129 | ||
130 | *5. Origin check* | |
c3c5a71f QY |
131 | Prefer the lowest origin type route. That is, prefer IGP origin routes to |
132 | EGP, to Incomplete routes. | |
42fc5d26 QY |
133 | |
134 | ||
135 | *6. MED check* | |
136 | Where routes with a MED were received from the same AS, | |
137 | prefer the route with the lowest MED. :ref:`BGP_MED`. | |
138 | ||
139 | ||
140 | *7. External check* | |
141 | Prefer the route received from an external, eBGP peer | |
142 | over routes received from other types of peers. | |
143 | ||
144 | ||
145 | *8. IGP cost check* | |
146 | Prefer the route with the lower IGP cost. | |
147 | ||
148 | ||
149 | *9. Multi-path check* | |
150 | If multi-pathing is enabled, then check whether | |
151 | the routes not yet distinguished in preference may be considered equal. If | |
152 | :ref:`bgp_bestpath_as-path_multipath-relax` is set, all such routes are | |
153 | considered equal, otherwise routes received via iBGP with identical AS_PATHs | |
154 | or routes received from eBGP neighbours in the same AS are considered equal. | |
155 | ||
156 | ||
157 | *10 Already-selected external check* | |
158 | Where both routes were received from eBGP peers, then prefer the route which | |
c3c5a71f | 159 | is already selected. Note that this check is not applied if :ref:`bgp_bestpath_compare-routerid` is configured. This check can prevent some cases |
42fc5d26 QY |
160 | of oscillation. |
161 | ||
162 | ||
163 | *11. Router-ID check* | |
c3c5a71f QY |
164 | Prefer the route with the lowest `router-ID`. If the |
165 | route has an `ORIGINATOR_ID` attribute, through iBGP reflection, then that | |
166 | router ID is used, otherwise the `router-ID` of the peer the route was | |
42fc5d26 QY |
167 | received from is used. |
168 | ||
169 | ||
170 | *12. Cluster-List length check* | |
171 | The route with the shortest cluster-list | |
c3c5a71f | 172 | length is used. The cluster-list reflects the iBGP reflection path the |
42fc5d26 QY |
173 | route has taken. |
174 | ||
175 | ||
176 | *13. Peer address* | |
177 | Prefer the route received from the peer with the higher | |
178 | transport layer address, as a last-resort tie-breaker. | |
179 | ||
180 | ||
c3c5a71f QY |
181 | .. index:: bgp bestpath as-path confed |
182 | ||
183 | ``bgp bestpath as-path confed`` | |
42fc5d26 | 184 | |
42fc5d26 QY |
185 | This command specifies that the length of confederation path sets and |
186 | sequences should should be taken into account during the BGP best path | |
187 | decision process. | |
188 | ||
c3c5a71f QY |
189 | .. index:: bgp bestpath as-path multipath-relax |
190 | ||
191 | ``bgp bestpath as-path multipath-relax`` | |
42fc5d26 | 192 | |
42fc5d26 QY |
193 | .. _bgp_bestpath_as-path_multipath-relax: |
194 | ||
195 | This command specifies that BGP decision process should consider paths | |
196 | of equal AS_PATH length candidates for multipath computation. Without | |
197 | the knob, the entire AS_PATH must match for multipath computation. | |
198 | ||
c3c5a71f QY |
199 | .. index:: bgp bestpath compare-routerid |
200 | ||
201 | ``bgp bestpath compare-routerid`` | |
42fc5d26 | 202 | |
42fc5d26 QY |
203 | .. _bgp_bestpath_compare-routerid: |
204 | ||
205 | Ensure that when comparing routes where both are equal on most metrics, | |
206 | including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken | |
207 | based on router-ID. | |
208 | ||
209 | If this option is enabled, then the already-selected check, where | |
210 | already selected eBGP routes are preferred, is skipped. | |
211 | ||
c3c5a71f QY |
212 | If a route has an `ORIGINATOR_ID` attribute because it has been reflected, |
213 | that `ORIGINATOR_ID` will be used. Otherwise, the router-ID of the peer the | |
42fc5d26 QY |
214 | route was received from will be used. |
215 | ||
216 | The advantage of this is that the route-selection (at this point) will be | |
c3c5a71f | 217 | more deterministic. The disadvantage is that a few or even one lowest-ID |
42fc5d26 | 218 | router may attract all trafic to otherwise-equal paths because of this |
c3c5a71f QY |
219 | check. It may increase the possibility of MED or IGP oscillation, unless |
220 | other measures were taken to avoid these. The exact behaviour will be | |
42fc5d26 QY |
221 | sensitive to the iBGP and reflection topology. |
222 | ||
223 | ||
224 | .. _BGP_route_flap_dampening: | |
225 | ||
226 | BGP route flap dampening | |
227 | ------------------------ | |
228 | ||
c3c5a71f QY |
229 | .. index:: bgp dampening `<1-45>` `<1-20000>` `<1-20000>` `<1-255>` |
230 | ||
231 | ``bgp dampening `<1-45>` `<1-20000>` `<1-20000>` `<1-255>``` | |
42fc5d26 | 232 | |
42fc5d26 QY |
233 | This command enables BGP route-flap dampening and specifies dampening parameters. |
234 | ||
235 | ||
42fc5d26 QY |
236 | *@asis{half-life}* |
237 | Half-life time for the penalty | |
238 | ||
239 | *@asis{reuse-threshold}* | |
240 | Value to start reusing a route | |
241 | ||
242 | *@asis{suppress-threshold}* | |
243 | Value to start suppressing a route | |
244 | ||
245 | *@asis{max-suppress}* | |
246 | Maximum duration to suppress a stable route | |
247 | ||
07a17e6d QY |
248 | The route-flap damping algorithm is compatible with :rfc:`2439`. The use of this command |
249 | is not recommended nowadays, see http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378 <http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378>. | |
42fc5d26 QY |
250 | |
251 | .. _BGP_MED: | |
252 | ||
253 | BGP MED | |
254 | ======= | |
255 | ||
07a17e6d | 256 | The BGP :abbr:`MED (Multi Exit Discriminator)` attribute has properties which can |
c3c5a71f | 257 | cause subtle convergence problems in BGP. These properties and problems |
42fc5d26 | 258 | have proven to be hard to understand, at least historically, and may still |
c3c5a71f | 259 | not be widely understood. The following attempts to collect together and |
dc1046f7 | 260 | present what is known about MED, to help operators and FRR users in |
42fc5d26 QY |
261 | designing and configuring their networks. |
262 | ||
07a17e6d QY |
263 | The BGP :abbr:`MED` attribute is intended to allow one AS to indicate its |
264 | preferences for its ingress points to another AS. The MED attribute will not be | |
265 | propagated on to another AS by the receiving AS - it is 'non-transitive' in the | |
266 | BGP sense. | |
42fc5d26 QY |
267 | |
268 | E.g., if AS X and AS Y have 2 different BGP peering points, then AS X | |
269 | might set a MED of 100 on routes advertised at one and a MED of 200 at the | |
c3c5a71f | 270 | other. When AS Y selects between otherwise equal routes to or via |
42fc5d26 | 271 | AS X, AS Y should prefer to take the path via the lower MED peering of 100 with |
c3c5a71f | 272 | AS X. Setting the MED allows an AS to influence the routing taken to it |
42fc5d26 QY |
273 | within another, neighbouring AS. |
274 | ||
275 | In this use of MED it is not really meaningful to compare the MED value on | |
c3c5a71f | 276 | routes where the next AS on the paths differs. E.g., if AS Y also had a |
42fc5d26 QY |
277 | route for some destination via AS Z in addition to the routes from AS X, and |
278 | AS Z had also set a MED, it wouldn't make sense for AS Y to compare AS Z's | |
c3c5a71f | 279 | MED values to those of AS X. The MED values have been set by different |
42fc5d26 QY |
280 | administrators, with different frames of reference. |
281 | ||
282 | The default behaviour of BGP therefore is to not compare MED values across | |
dc1046f7 | 283 | routes received from different neighbouring ASes. In FRR this is done by |
42fc5d26 QY |
284 | comparing the neighbouring, left-most AS in the received AS_PATHs of the |
285 | routes and only comparing MED if those are the same. | |
286 | ||
287 | @ifnottex | |
288 | @macro mprec{} | |
289 | @math{<} | |
290 | @end macro | |
291 | @end ifnottex | |
292 | ||
293 | Unfortunately, this behaviour of MED, of sometimes being compared across | |
294 | routes and sometimes not, depending on the properties of those other routes, | |
295 | means MED can cause the order of preference over all the routes to be | |
c3c5a71f | 296 | undefined. That is, given routes A, B, and C, if A is preferred to B, and B |
42fc5d26 QY |
297 | is preferred to C, then a well-defined order should mean the preference is |
298 | transitive (in the sense of orders @footnote{For some set of objects to have | |
299 | an order, there *must* be some binary ordering relation that is defined | |
300 | for *every* combination of those objects, and that relation *must* | |
c3c5a71f | 301 | be transitive. I.e.@:, if the relation operator is @mprec{}, and if |
42fc5d26 QY |
302 | a @mprec{} b and b @mprec{} c then that relation must carry over |
303 | and it *must* be that a @mprec{} c for the objects to have an | |
c3c5a71f | 304 | order. The ordering relation may allow for equality, i.e. |
42fc5d26 QY |
305 | a @mprec{} b and b @mprec{} a may both be true amd imply that |
306 | a and b are equal in the order and not distinguished by it, in | |
c3c5a71f | 307 | which case the set has a partial order. Otherwise, if there is an order, |
42fc5d26 QY |
308 | all the objects have a distinct place in the order and the set has a total |
309 | order.}) and that A would be preferred to C. | |
310 | ||
c3c5a71f QY |
311 | However, when MED is involved this need not be the case. With MED it is |
312 | possible that C is actually preferred over A. So A is preferred to B, B is | |
313 | preferred to C, but C is preferred to A. This can be true even where BGP | |
42fc5d26 | 314 | defines a deterministic 'most preferred' route out of the full set of |
c3c5a71f | 315 | A,B,C. With MED, for any given set of routes there may be a |
42fc5d26 | 316 | deterministically preferred route, but there need not be any way to arrange |
c3c5a71f | 317 | them into any order of preference. With unmodified MED, the order of |
42fc5d26 QY |
318 | preference of routes literally becomes undefined. |
319 | ||
c3c5a71f | 320 | That MED can induce non-transitive preferences over routes can cause issues. |
42fc5d26 QY |
321 | Firstly, it may be perceived to cause routing table churn locally at |
322 | speakers; secondly, and more seriously, it may cause routing instability in | |
323 | iBGP topologies, where sets of speakers continually oscillate between | |
324 | different paths. | |
325 | ||
c3c5a71f | 326 | The first issue arises from how speakers often implement routing decisions. |
42fc5d26 QY |
327 | Though BGP defines a selection process that will deterministically select |
328 | the same route as best at any given speaker, even with MED, that process | |
c3c5a71f | 329 | requires evaluating all routes together. For performance and ease of |
42fc5d26 | 330 | implementation reasons, many implementations evaluate route preferences in a |
c3c5a71f | 331 | pair-wise fashion instead. Given there is no well-defined order when MED is |
42fc5d26 | 332 | involved, the best route that will be chosen becomes subject to |
c3c5a71f | 333 | implementation details, such as the order the routes are stored in. That |
42fc5d26 | 334 | may be (locally) non-deterministic, e.g.@: it may be the order the routes |
c3c5a71f | 335 | were received in. |
42fc5d26 QY |
336 | |
337 | This indeterminism may be considered undesirable, though it need not cause | |
c3c5a71f | 338 | problems. It may mean additional routing churn is perceived, as sometimes |
42fc5d26 QY |
339 | more updates may be produced than at other times in reaction to some event . |
340 | ||
341 | This first issue can be fixed with a more deterministic route selection that | |
c3c5a71f QY |
342 | ensures routes are ordered by the neighbouring AS during selection. |
343 | :ref:`bgp_deterministic-med`. This may reduce the number of updates as | |
344 | routes are received, and may in some cases reduce routing churn. Though, it | |
42fc5d26 QY |
345 | could equally deterministically produce the largest possible set of updates |
346 | in response to the most common sequence of received updates. | |
347 | ||
348 | A deterministic order of evaluation tends to imply an additional overhead of | |
c3c5a71f | 349 | sorting over any set of n routes to a destination. The implementation of |
dc1046f7 | 350 | deterministic MED in FRR scales significantly worse than most sorting |
c3c5a71f | 351 | algorithms at present, with the number of paths to a given destination. |
42fc5d26 QY |
352 | That number is often low enough to not cause any issues, but where there are |
353 | many paths, the deterministic comparison may quickly become increasingly | |
354 | expensive in terms of CPU. | |
355 | ||
356 | Deterministic local evaluation can *not* fix the second, more major, | |
c3c5a71f | 357 | issue of MED however. Which is that the non-transitive preference of routes |
42fc5d26 | 358 | MED can cause may lead to routing instability or oscillation across multiple |
c3c5a71f | 359 | speakers in iBGP topologies. This can occur with full-mesh iBGP, but is |
42fc5d26 | 360 | particularly problematic in non-full-mesh iBGP topologies that further |
c3c5a71f QY |
361 | reduce the routing information known to each speaker. This has primarily |
362 | been documented with iBGP route-reflection topologies. However, any | |
42fc5d26 QY |
363 | route-hiding technologies potentially could also exacerbate oscillation with |
364 | MED. | |
365 | ||
366 | This second issue occurs where speakers each have only a subset of routes, | |
367 | and there are cycles in the preferences between different combinations of | |
368 | routes - as the undefined order of preference of MED allows - and the routes | |
369 | are distributed in a way that causes the BGP speakers to 'chase' those | |
c3c5a71f | 370 | cycles. This can occur even if all speakers use a deterministic order of |
42fc5d26 QY |
371 | evaluation in route selection. |
372 | ||
373 | E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and | |
374 | from speaker 3 in AS Y; while speaker 5 in AS A might receive that route | |
c3c5a71f | 375 | from speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100 |
42fc5d26 QY |
376 | at speaker 3. I.e, using ASN:ID:MED to label the speakers: |
377 | ||
378 | :: | |
379 | ||
c3c5a71f | 380 | /---------------\\ |
42fc5d26 | 381 | X:2------|--A:4-------A:5--|-Y:1:200 |
c3c5a71f QY |
382 | Y:3:100--|-/ | |
383 | \\---------------/ | |
384 | ||
42fc5d26 | 385 | |
42fc5d26 QY |
386 | |
387 | Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then | |
388 | based on the RFC4271 decision process speaker 4 will choose X:2 over | |
c3c5a71f | 389 | Y:3:100, based on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5. |
42fc5d26 | 390 | Speaker 5 will continue to prefer Y:1:200 based on the ID, and advertise |
c3c5a71f | 391 | this to speaker 4. Speaker 4 will now have the full set of routes, and the |
42fc5d26 QY |
392 | Y:1:200 it receives from 5 will beat X:2, but when speaker 4 compares |
393 | Y:1:200 to Y:3:100 the MED check now becomes active as the ASes match, and | |
c3c5a71f | 394 | now Y:3:100 is preferred. Speaker 4 therefore now advertises Y:3:100 to 5, |
42fc5d26 | 395 | which will also agrees that Y:3:100 is preferred to Y:1:200, and so |
c3c5a71f | 396 | withdraws the latter route from 4. Speaker 4 now has only X:2 and Y:3:100, |
42fc5d26 | 397 | and X:2 beats Y:3:100, and so speaker 4 implicitly updates its route to |
c3c5a71f | 398 | speaker 5 to X:2. Speaker 5 sees that Y:1:200 beats X:2 based on the ID, |
42fc5d26 QY |
399 | and advertises Y:1:200 to speaker 4, and the cycle continues. |
400 | ||
401 | The root cause is the lack of a clear order of preference caused by how MED | |
402 | sometimes is and sometimes is not compared, leading to this cycle in the | |
403 | preferences between the routes: | |
404 | ||
405 | :: | |
406 | ||
c3c5a71f QY |
407 | /---> X:2 ---beats---> Y:3:100 --\\ |
408 | | | | |
409 | | | | |
410 | \\---beats--- Y:1:200 <---beats---/ | |
411 | ||
42fc5d26 | 412 | |
42fc5d26 QY |
413 | |
414 | This particular type of oscillation in full-mesh iBGP topologies can be | |
415 | avoided by speakers preferring already selected, external routes rather than | |
c3c5a71f | 416 | choosing to update to new a route based on a post-MED metric (e.g. |
dc1046f7 | 417 | router-ID), at the cost of a non-deterministic selection process. FRR |
42fc5d26 QY |
418 | implements this, as do many other implementations, so long as it is not |
419 | overridden by setting :ref:`bgp_bestpath_compare-routerid`, and see also | |
420 | :ref:`BGP_decision_process`, . | |
421 | ||
422 | However, more complex and insidious cycles of oscillation are possible with | |
c3c5a71f QY |
423 | iBGP route-reflection, which are not so easily avoided. These have been |
424 | documented in various places. See, e.g., @cite{McPherson, D. and Gill, V. | |
42fc5d26 | 425 | and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation |
c3c5a71f QY |
426 | Condition", IETF RFC3345}, and @cite{Flavel, A. and M. Roughan, "Stable |
427 | and flexible iBGP", ACM SIGCOMM 2009}, and @cite{Griffin, T. and G. Wilfong, | |
428 | "On the correctness of IBGP configuration", ACM SIGCOMM 2002} for concrete | |
42fc5d26 QY |
429 | examples and further references. |
430 | ||
431 | There is as of this writing *no* known way to use MED for its original | |
432 | purpose; *and* reduce routing information in iBGP topologies; | |
433 | *and* be sure to avoid the instability problems of MED due the | |
434 | non-transitive routing preferences it can induce; in general on arbitrary | |
435 | networks. | |
436 | ||
437 | There may be iBGP topology specific ways to reduce the instability risks, | |
438 | even while using MED, e.g.@: by constraining the reflection topology and by | |
c3c5a71f | 439 | tuning IGP costs between route-reflector clusters, see RFC3345 for details. |
42fc5d26 QY |
440 | In the near future, the Add-Path extension to BGP may also solve MED |
441 | oscillation while still allowing MED to be used as intended, by distributing | |
c3c5a71f | 442 | "best-paths per neighbour AS". This would be at the cost of distributing at |
42fc5d26 QY |
443 | least as many routes to all speakers as a full-mesh iBGP would, if not more, |
444 | while also imposing similar CPU overheads as the "Deterministic MED" feature | |
445 | at each Add-Path reflector. | |
446 | ||
447 | More generally, the instability problems that MED can introduce on more | |
448 | complex, non-full-mesh, iBGP topologies may be avoided either by: | |
449 | ||
450 | ||
c3c5a71f | 451 | * |
42fc5d26 QY |
452 | Setting :ref:`bgp_always-compare-med`, however this allows MED to be compared |
453 | across values set by different neighbour ASes, which may not produce | |
454 | coherent desirable results, of itself. | |
455 | ||
c3c5a71f | 456 | * |
42fc5d26 QY |
457 | Effectively ignoring MED by setting MED to the same value (e.g.@: 0) using |
458 | :ref:`routemap_set_metric` on all received routes, in combination with | |
459 | setting :ref:`bgp_always-compare-med` on all speakers. This is the simplest | |
460 | and most performant way to avoid MED oscillation issues, where an AS is happy | |
461 | not to allow neighbours to inject this problematic metric. | |
462 | ||
463 | ||
464 | As MED is evaluated after the AS_PATH length check, another possible use for | |
465 | MED is for intra-AS steering of routes with equal AS_PATH length, as an | |
c3c5a71f | 466 | extension of the last case above. As MED is evaluated before IGP metric, |
42fc5d26 QY |
467 | this can allow cold-potato routing to be implemented to send traffic to |
468 | preferred hand-offs with neighbours, rather than the closest hand-off | |
469 | according to the IGP metric. | |
470 | ||
471 | Note that even if action is taken to address the MED non-transitivity | |
c3c5a71f | 472 | issues, other oscillations may still be possible. E.g., on IGP cost if |
42fc5d26 | 473 | iBGP and IGP topologies are at cross-purposes with each other - see the |
c3c5a71f | 474 | Flavel and Roughan paper above for an example. Hence the guideline that the |
42fc5d26 QY |
475 | iBGP topology should follow the IGP topology. |
476 | ||
c3c5a71f QY |
477 | .. index:: bgp deterministic-med |
478 | ||
479 | ``bgp deterministic-med`` | |
42fc5d26 | 480 | |
42fc5d26 QY |
481 | .. _bgp_deterministic-med: |
482 | ||
483 | Carry out route-selection in way that produces deterministic answers | |
484 | locally, even in the face of MED and the lack of a well-defined order of | |
c3c5a71f | 485 | preference it can induce on routes. Without this option the preferred route |
42fc5d26 QY |
486 | with MED may be determined largely by the order that routes were received |
487 | in. | |
488 | ||
489 | Setting this option will have a performance cost that may be noticeable when | |
dc1046f7 | 490 | there are many routes for each destination. Currently in FRR it is |
42fc5d26 QY |
491 | implemented in a way that scales poorly as the number of routes per |
492 | destination increases. | |
493 | ||
494 | The default is that this option is not set. | |
495 | ||
496 | Note that there are other sources of indeterminism in the route selection | |
497 | process, specifically, the preference for older and already selected routes | |
498 | from eBGP peers, :ref:`BGP_decision_process`. | |
499 | ||
c3c5a71f QY |
500 | .. index:: bgp always-compare-med |
501 | ||
502 | ``bgp always-compare-med`` | |
42fc5d26 | 503 | |
42fc5d26 QY |
504 | .. _bgp_always-compare-med: |
505 | ||
506 | Always compare the MED on routes, even when they were received from | |
c3c5a71f | 507 | different neighbouring ASes. Setting this option makes the order of |
42fc5d26 QY |
508 | preference of routes more defined, and should eliminate MED induced |
509 | oscillations. | |
510 | ||
511 | If using this option, it may also be desirable to use :ref:`routemap_set_metric` to set MED to 0 on routes received from external neighbours. | |
512 | ||
513 | This option can be used, together with :ref:`routemap_set_metric` to use MED | |
514 | as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., desired | |
515 | exit points. | |
516 | ||
517 | .. _BGP_network: | |
518 | ||
519 | BGP network | |
520 | =========== | |
521 | ||
522 | ||
523 | .. _BGP_route: | |
524 | ||
525 | BGP route | |
526 | --------- | |
527 | ||
c3c5a71f QY |
528 | .. index:: network `A.B.C.D/M` |
529 | ||
530 | ``network `A.B.C.D/M``` | |
42fc5d26 | 531 | |
42fc5d26 QY |
532 | This command adds the announcement network.:: |
533 | ||
42fc5d26 QY |
534 | router bgp 1 |
535 | address-family ipv4 unicast | |
536 | network 10.0.0.0/8 | |
537 | exit-address-family | |
c3c5a71f | 538 | |
42fc5d26 | 539 | This configuration example says that network 10.0.0.0/8 will be |
c3c5a71f | 540 | announced to all neighbors. Some vendors' routers don't advertise |
42fc5d26 QY |
541 | routes if they aren't present in their IGP routing tables; `bgpd` |
542 | doesn't care about IGP routes when announcing its routes. | |
543 | ||
c3c5a71f QY |
544 | .. index:: no network `A.B.C.D/M` |
545 | ||
546 | ``no network `A.B.C.D/M``` | |
42fc5d26 | 547 | |
42fc5d26 QY |
548 | |
549 | .. _Route_Aggregation: | |
550 | ||
551 | Route Aggregation | |
552 | ----------------- | |
553 | ||
c3c5a71f QY |
554 | .. index:: aggregate-address `A.B.C.D/M` |
555 | ||
556 | ``aggregate-address `A.B.C.D/M``` | |
42fc5d26 | 557 | |
42fc5d26 QY |
558 | This command specifies an aggregate address. |
559 | ||
c3c5a71f | 560 | .. index:: aggregate-address `A.B.C.D/M` as-set |
42fc5d26 | 561 | |
c3c5a71f QY |
562 | ``aggregate-address `A.B.C.D/M` as-set`` |
563 | ||
564 | This command specifies an aggregate address. Resulting routes include | |
42fc5d26 QY |
565 | AS set. |
566 | ||
c3c5a71f QY |
567 | .. index:: aggregate-address `A.B.C.D/M` summary-only |
568 | ||
569 | ``aggregate-address `A.B.C.D/M` summary-only`` | |
42fc5d26 | 570 | |
c3c5a71f | 571 | This command specifies an aggregate address. Aggreated routes will |
42fc5d26 QY |
572 | not be announce. |
573 | ||
c3c5a71f QY |
574 | .. index:: no aggregate-address `A.B.C.D/M` |
575 | ||
576 | ``no aggregate-address `A.B.C.D/M``` | |
42fc5d26 | 577 | |
42fc5d26 QY |
578 | |
579 | .. _Redistribute_to_BGP: | |
580 | ||
581 | Redistribute to BGP | |
582 | ------------------- | |
583 | ||
c3c5a71f QY |
584 | .. index:: redistribute kernel |
585 | ||
586 | ``redistribute kernel`` | |
42fc5d26 | 587 | |
42fc5d26 QY |
588 | Redistribute kernel route to BGP process. |
589 | ||
c3c5a71f QY |
590 | .. index:: redistribute static |
591 | ||
592 | ``redistribute static`` | |
42fc5d26 | 593 | |
42fc5d26 QY |
594 | Redistribute static route to BGP process. |
595 | ||
c3c5a71f QY |
596 | .. index:: redistribute connected |
597 | ||
598 | ``redistribute connected`` | |
42fc5d26 | 599 | |
42fc5d26 QY |
600 | Redistribute connected route to BGP process. |
601 | ||
c3c5a71f QY |
602 | .. index:: redistribute rip |
603 | ||
604 | ``redistribute rip`` | |
42fc5d26 | 605 | |
42fc5d26 QY |
606 | Redistribute RIP route to BGP process. |
607 | ||
c3c5a71f QY |
608 | .. index:: redistribute ospf |
609 | ||
610 | ``redistribute ospf`` | |
42fc5d26 | 611 | |
42fc5d26 QY |
612 | Redistribute OSPF route to BGP process. |
613 | ||
c3c5a71f QY |
614 | .. index:: redistribute vpn |
615 | ||
616 | ``redistribute vpn`` | |
42fc5d26 | 617 | |
42fc5d26 QY |
618 | Redistribute VNC routes to BGP process. |
619 | ||
c3c5a71f | 620 | .. index:: update-delay `max-delay` |
42fc5d26 | 621 | |
c3c5a71f QY |
622 | ``update-delay `max-delay``` |
623 | ||
624 | .. index:: update-delay `max-delay` `establish-wait` | |
625 | ||
626 | ``update-delay `max-delay` `establish-wait``` | |
42fc5d26 | 627 | |
42fc5d26 QY |
628 | This feature is used to enable read-only mode on BGP process restart or when |
629 | BGP process is cleared using 'clear ip bgp \*'. When applicable, read-only mode | |
630 | would begin as soon as the first peer reaches Established status and a timer | |
631 | for max-delay seconds is started. | |
632 | ||
633 | During this mode BGP doesn't run any best-path or generate any updates to its | |
634 | peers. This mode continues until: | |
635 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR | |
636 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
637 | Established is considered an implicit-EOR. | |
638 | If the establish-wait optional value is given, then BGP will wait for | |
639 | peers to reach established from the begining of the update-delay till the | |
640 | establish-wait period is over, i.e. the minimum set of established peers for | |
641 | which EOR is expected would be peers established during the establish-wait | |
642 | window, not necessarily all the configured neighbors. | |
643 | 2. max-delay period is over. | |
644 | On hitting any of the above two conditions, BGP resumes the decision process | |
645 | and generates updates to its peers. | |
646 | ||
647 | Default max-delay is 0, i.e. the feature is off by default. | |
648 | ||
c3c5a71f QY |
649 | .. index:: table-map `route-map-name` |
650 | ||
651 | ``table-map `route-map-name``` | |
42fc5d26 | 652 | |
42fc5d26 QY |
653 | This feature is used to apply a route-map on route updates from BGP to Zebra. |
654 | All the applicable match operations are allowed, such as match on prefix, | |
655 | next-hop, communities, etc. Set operations for this attach-point are limited | |
656 | to metric and next-hop only. Any operation of this feature does not affect | |
657 | BGPs internal RIB. | |
658 | ||
659 | Supported for ipv4 and ipv6 address families. It works on multi-paths as well, | |
660 | however, metric setting is based on the best-path only. | |
661 | ||
662 | .. _BGP_Peer: | |
663 | ||
664 | BGP Peer | |
665 | ======== | |
666 | ||
667 | ||
668 | .. _Defining_Peer: | |
669 | ||
670 | Defining Peer | |
671 | ------------- | |
672 | ||
c3c5a71f | 673 | .. index:: neighbor `peer` remote-as `asn` |
42fc5d26 | 674 | |
c3c5a71f QY |
675 | ``neighbor `peer` remote-as `asn``` |
676 | ||
677 | Creates a new neighbor whose remote-as is `asn`. `peer` | |
42fc5d26 QY |
678 | can be an IPv4 address or an IPv6 address.:: |
679 | ||
42fc5d26 QY |
680 | router bgp 1 |
681 | neighbor 10.0.0.1 remote-as 2 | |
c3c5a71f | 682 | |
42fc5d26 QY |
683 | In this case my router, in AS-1, is trying to peer with AS-2 at |
684 | 10.0.0.1. | |
685 | ||
686 | This command must be the first command used when configuring a neighbor. | |
687 | If the remote-as is not specified, *bgpd* will complain like this::: | |
688 | ||
689 | can't find neighbor 10.0.0.1 | |
c3c5a71f | 690 | |
42fc5d26 QY |
691 | |
692 | .. _BGP_Peer_commands: | |
693 | ||
694 | BGP Peer commands | |
695 | ----------------- | |
696 | ||
697 | In a `router bgp` clause there are neighbor specific configurations | |
698 | required. | |
699 | ||
c3c5a71f | 700 | .. index:: neighbor `peer` shutdown |
42fc5d26 | 701 | |
c3c5a71f | 702 | ``neighbor `peer` shutdown`` |
42fc5d26 | 703 | |
c3c5a71f QY |
704 | .. index:: no neighbor `peer` shutdown |
705 | ||
706 | ``no neighbor `peer` shutdown`` | |
707 | ||
708 | Shutdown the peer. We can delete the neighbor's configuration by | |
42fc5d26 | 709 | `no neighbor `peer` remote-as @var{as-number`} but all |
c3c5a71f | 710 | configuration of the neighbor will be deleted. When you want to |
42fc5d26 QY |
711 | preserve the configuration, but want to drop the BGP peer, use this |
712 | syntax. | |
713 | ||
c3c5a71f QY |
714 | .. index:: neighbor `peer` ebgp-multihop |
715 | ||
716 | ``neighbor `peer` ebgp-multihop`` | |
717 | ||
718 | .. index:: no neighbor `peer` ebgp-multihop | |
719 | ||
720 | ``no neighbor `peer` ebgp-multihop`` | |
721 | ||
722 | .. index:: neighbor `peer` description ... | |
723 | ||
724 | ``neighbor `peer` description ...`` | |
725 | ||
726 | .. index:: no neighbor `peer` description ... | |
727 | ||
728 | ``no neighbor `peer` description ...`` | |
729 | ||
730 | Set description of the peer. | |
731 | ||
732 | .. index:: neighbor `peer` version `version` | |
733 | ||
734 | ``neighbor `peer` version `version``` | |
735 | ||
736 | Set up the neighbor's BGP version. `version` can be `4`, | |
737 | `4+` or `4-`. BGP version `4` is the default value used for | |
738 | BGP peering. BGP version `4+` means that the neighbor supports | |
739 | Multiprotocol Extensions for BGP-4. BGP version `4-` is similar but | |
740 | the neighbor speaks the old Internet-Draft revision 00's Multiprotocol | |
741 | Extensions for BGP-4. Some routing software is still using this | |
742 | version. | |
743 | ||
744 | .. index:: neighbor `peer` interface `ifname` | |
42fc5d26 | 745 | |
c3c5a71f | 746 | ``neighbor `peer` interface `ifname``` |
42fc5d26 | 747 | |
c3c5a71f | 748 | .. index:: no neighbor `peer` interface `ifname` |
42fc5d26 | 749 | |
c3c5a71f | 750 | ``no neighbor `peer` interface `ifname``` |
42fc5d26 | 751 | |
c3c5a71f QY |
752 | When you connect to a BGP peer over an IPv6 link-local address, you |
753 | have to specify the `ifname` of the interface used for the | |
754 | connection. To specify IPv4 session addresses, see the | |
755 | `neighbor `peer` update-source` command below. | |
42fc5d26 | 756 | |
c3c5a71f QY |
757 | This command is deprecated and may be removed in a future release. Its |
758 | use should be avoided. | |
42fc5d26 | 759 | |
c3c5a71f | 760 | .. index:: neighbor `peer` next-hop-self [all] |
42fc5d26 | 761 | |
c3c5a71f | 762 | ``neighbor `peer` next-hop-self [all]`` |
42fc5d26 | 763 | |
c3c5a71f | 764 | .. index:: no neighbor `peer` next-hop-self [all] |
42fc5d26 | 765 | |
c3c5a71f | 766 | ``no neighbor `peer` next-hop-self [all]`` |
42fc5d26 | 767 | |
c3c5a71f QY |
768 | This command specifies an announced route's nexthop as being equivalent |
769 | to the address of the bgp router if it is learned via eBGP. | |
770 | If the optional keyword `all` is specified the modifiation is done | |
771 | also for routes learned via iBGP. | |
42fc5d26 | 772 | |
c3c5a71f | 773 | .. index:: neighbor `peer` update-source `<ifname|address>` |
42fc5d26 | 774 | |
c3c5a71f | 775 | ``neighbor `peer` update-source `<ifname|address>``` |
42fc5d26 | 776 | |
c3c5a71f | 777 | .. index:: no neighbor `peer` update-source |
42fc5d26 | 778 | |
c3c5a71f | 779 | ``no neighbor `peer` update-source`` |
42fc5d26 | 780 | |
c3c5a71f QY |
781 | Specify the IPv4 source address to use for the :abbr:`BGP` session to this |
782 | neighbour, may be specified as either an IPv4 address directly or | |
783 | as an interface name (in which case the *zebra* daemon MUST be running | |
784 | in order for *bgpd* to be able to retrieve interface state).:: | |
42fc5d26 | 785 | |
c3c5a71f QY |
786 | router bgp 64555 |
787 | neighbor foo update-source 192.168.0.1 | |
788 | neighbor bar update-source lo0 | |
42fc5d26 | 789 | |
42fc5d26 | 790 | |
c3c5a71f | 791 | .. index:: neighbor `peer` default-originate |
42fc5d26 | 792 | |
c3c5a71f | 793 | ``neighbor `peer` default-originate`` |
42fc5d26 | 794 | |
c3c5a71f | 795 | .. index:: no neighbor `peer` default-originate |
42fc5d26 | 796 | |
c3c5a71f | 797 | ``no neighbor `peer` default-originate`` |
42fc5d26 | 798 | |
c3c5a71f QY |
799 | *bgpd*'s default is to not announce the default route (0.0.0.0/0) even it |
800 | is in routing table. When you want to announce default routes to the | |
801 | peer, use this command. | |
42fc5d26 | 802 | |
c3c5a71f | 803 | .. index:: neighbor `peer` port `port` |
42fc5d26 | 804 | |
c3c5a71f | 805 | ``neighbor `peer` port `port``` |
42fc5d26 | 806 | |
c3c5a71f | 807 | .. index:: neighbor `peer` port `port` |
42fc5d26 | 808 | |
c3c5a71f | 809 | ``neighbor `peer` port `port``` |
42fc5d26 | 810 | |
c3c5a71f | 811 | .. index:: neighbor `peer` send-community |
42fc5d26 | 812 | |
c3c5a71f | 813 | ``neighbor `peer` send-community`` |
42fc5d26 | 814 | |
c3c5a71f | 815 | .. index:: neighbor `peer` send-community |
42fc5d26 | 816 | |
c3c5a71f | 817 | ``neighbor `peer` send-community`` |
42fc5d26 | 818 | |
c3c5a71f | 819 | .. index:: neighbor `peer` weight `weight` |
42fc5d26 | 820 | |
c3c5a71f | 821 | ``neighbor `peer` weight `weight``` |
42fc5d26 | 822 | |
c3c5a71f | 823 | .. index:: no neighbor `peer` weight `weight` |
42fc5d26 | 824 | |
c3c5a71f | 825 | ``no neighbor `peer` weight `weight``` |
42fc5d26 | 826 | |
c3c5a71f QY |
827 | This command specifies a default `weight` value for the neighbor's |
828 | routes. | |
42fc5d26 | 829 | |
c3c5a71f | 830 | .. index:: neighbor `peer` maximum-prefix `number` |
42fc5d26 | 831 | |
c3c5a71f | 832 | ``neighbor `peer` maximum-prefix `number``` |
42fc5d26 | 833 | |
c3c5a71f | 834 | .. index:: no neighbor `peer` maximum-prefix `number` |
42fc5d26 | 835 | |
c3c5a71f | 836 | ``no neighbor `peer` maximum-prefix `number``` |
42fc5d26 | 837 | |
c3c5a71f | 838 | .. index:: neighbor `peer` local-as `as-number` |
42fc5d26 | 839 | |
c3c5a71f QY |
840 | ``neighbor `peer` local-as `as-number``` |
841 | ||
842 | .. index:: neighbor `peer` local-as `as-number` no-prepend | |
843 | ||
844 | ``neighbor `peer` local-as `as-number` no-prepend`` | |
845 | ||
846 | .. index:: neighbor `peer` local-as `as-number` no-prepend replace-as | |
847 | ||
848 | ``neighbor `peer` local-as `as-number` no-prepend replace-as`` | |
849 | ||
850 | .. index:: no neighbor `peer` local-as | |
851 | ||
852 | ``no neighbor `peer` local-as`` | |
853 | ||
854 | Specify an alternate AS for this BGP process when interacting with the | |
855 | specified peer. With no modifiers, the specified local-as is prepended to | |
856 | the received AS_PATH when receiving routing updates from the peer, and | |
857 | prepended to the outgoing AS_PATH (after the process local AS) when | |
858 | transmitting local routes to the peer. | |
859 | ||
860 | If the no-prepend attribute is specified, then the supplied local-as is not | |
861 | prepended to the received AS_PATH. | |
862 | ||
863 | If the replace-as attribute is specified, then only the supplied local-as is | |
864 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
865 | ||
866 | Note that replace-as can only be specified if no-prepend is. | |
867 | ||
868 | This command is only allowed for eBGP peers. | |
869 | ||
870 | .. index:: neighbor `peer` ttl-security hops `number` | |
871 | ||
872 | ``neighbor `peer` ttl-security hops `number``` | |
873 | ||
874 | .. index:: no neighbor `peer` ttl-security hops `number` | |
875 | ||
876 | ``no neighbor `peer` ttl-security hops `number``` | |
877 | ||
878 | This command enforces Generalized TTL Security Mechanism (GTSM), as | |
879 | specified in RFC 5082. With this command, only neighbors that are the | |
880 | specified number of hops away will be allowed to become neighbors. This | |
881 | command is mututally exclusive with *ebgp-multihop*. | |
42fc5d26 QY |
882 | |
883 | .. _Peer_filtering: | |
884 | ||
885 | Peer filtering | |
886 | -------------- | |
887 | ||
c3c5a71f QY |
888 | .. index:: neighbor `peer` distribute-list `name` [in|out] |
889 | ||
890 | ``neighbor `peer` distribute-list `name` [in|out]`` | |
42fc5d26 | 891 | |
c3c5a71f | 892 | This command specifies a distribute-list for the peer. `direct` is |
8fa64b2a | 893 | ``in`` or ``out``. |
42fc5d26 | 894 | |
c3c5a71f QY |
895 | .. index:: neighbor PEER prefix-list NAME [in|out] |
896 | ||
897 | ``neighbor PEER prefix-list NAME [in|out]`` | |
898 | .. index:: neighbor PEER filter-list NAME [in|out] | |
42fc5d26 | 899 | |
c3c5a71f QY |
900 | ``neighbor PEER filter-list NAME [in|out]`` |
901 | .. index:: neighbor `peer` route-map `name` [in|out] | |
42fc5d26 | 902 | |
c3c5a71f | 903 | ``neighbor `peer` route-map `name` [in|out]`` |
42fc5d26 | 904 | |
c3c5a71f | 905 | Apply a route-map on the neighbor. `direct` must be `in` or |
42fc5d26 QY |
906 | `out`. |
907 | ||
c3c5a71f QY |
908 | .. index:: bgp route-reflector allow-outbound-policy |
909 | ||
910 | ``bgp route-reflector allow-outbound-policy`` | |
42fc5d26 | 911 | |
42fc5d26 QY |
912 | By default, attribute modification via route-map policy out is not reflected |
913 | on reflected routes. This option allows the modifications to be reflected as | |
914 | well. Once enabled, it affects all reflected routes. | |
915 | ||
916 | .. _BGP_Peer_Group: | |
917 | ||
918 | BGP Peer Group | |
919 | ============== | |
920 | ||
c3c5a71f QY |
921 | .. index:: neighbor `word` peer-group |
922 | ||
923 | ``neighbor `word` peer-group`` | |
42fc5d26 | 924 | |
42fc5d26 QY |
925 | This command defines a new peer group. |
926 | ||
c3c5a71f QY |
927 | .. index:: neighbor `peer` peer-group `word` |
928 | ||
929 | ``neighbor `peer` peer-group `word``` | |
42fc5d26 | 930 | |
42fc5d26 QY |
931 | This command bind specific peer to peer group `word`. |
932 | ||
933 | .. _BGP_Address_Family: | |
934 | ||
935 | BGP Address Family | |
936 | ================== | |
937 | ||
938 | Multiprotocol BGP enables BGP to carry routing information for multiple | |
939 | Network Layer protocols. BGP supports multiple Address Family | |
940 | Identifier (AFI), namely IPv4 and IPv6. Support is also provided for | |
941 | multiple sets of per-AFI information via Subsequent Address Family | |
c3c5a71f | 942 | Identifiers (SAFI). In addition to unicast information, VPN information |
07a17e6d QY |
943 | :rfc:`4364` and :rfc:`4659`, and Encapsulation information |
944 | :rfc:`5512` is supported. | |
42fc5d26 | 945 | |
c3c5a71f | 946 | .. index:: show ip bgp vpnv4 all |
42fc5d26 | 947 | |
c3c5a71f QY |
948 | ``show ip bgp vpnv4 all`` |
949 | .. index:: show ipv6 bgp vpn all | |
42fc5d26 | 950 | |
c3c5a71f | 951 | ``show ipv6 bgp vpn all`` |
42fc5d26 QY |
952 | Print active IPV4 or IPV6 routes advertised via the VPN SAFI. |
953 | ||
c3c5a71f | 954 | .. index:: show ip bgp encap all |
42fc5d26 | 955 | |
c3c5a71f QY |
956 | ``show ip bgp encap all`` |
957 | .. index:: show ipv6 bgp encap all | |
42fc5d26 | 958 | |
c3c5a71f | 959 | ``show ipv6 bgp encap all`` |
42fc5d26 QY |
960 | Print active IPV4 or IPV6 routes advertised via the Encapsulation SAFI. |
961 | ||
c3c5a71f | 962 | .. index:: show bgp ipv4 encap summary |
42fc5d26 | 963 | |
c3c5a71f QY |
964 | ``show bgp ipv4 encap summary`` |
965 | .. index:: show bgp ipv4 vpn summary | |
42fc5d26 | 966 | |
c3c5a71f QY |
967 | ``show bgp ipv4 vpn summary`` |
968 | .. index:: show bgp ipv6 encap summary | |
42fc5d26 | 969 | |
c3c5a71f QY |
970 | ``show bgp ipv6 encap summary`` |
971 | .. index:: show bgp ipv6 vpn summary | |
42fc5d26 | 972 | |
c3c5a71f QY |
973 | ``show bgp ipv6 vpn summary`` |
974 | Print a summary of neighbor connections for the specified AFI/SAFI combination. | |
42fc5d26 QY |
975 | |
976 | .. _Autonomous_System: | |
977 | ||
978 | Autonomous System | |
979 | ================= | |
980 | ||
c3c5a71f QY |
981 | The :abbr:`AS (Autonomous System)` number is one of the essential |
982 | element of BGP. BGP is a distance vector routing protocol, and the | |
42fc5d26 QY |
983 | AS-Path framework provides distance vector metric and loop detection to |
984 | BGP. @cite{RFC1930, Guidelines for creation, selection, and | |
985 | registration of an Autonomous System (AS)} provides some background on | |
986 | the concepts of an AS. | |
987 | ||
988 | The AS number is a two octet value, ranging in value from 1 to 65535. | |
c3c5a71f | 989 | The AS numbers 64512 through 65535 are defined as private AS numbers. |
42fc5d26 QY |
990 | Private AS numbers must not to be advertised in the global Internet. |
991 | ||
992 | .. _Display_BGP_Routes_by_AS_Path: | |
993 | ||
994 | Display BGP Routes by AS Path | |
995 | ----------------------------- | |
996 | ||
c3c5a71f | 997 | To show BGP routes which has specific AS path information `show ip bgp` command can be used. |
42fc5d26 | 998 | |
c3c5a71f | 999 | .. index:: show bgp ipv4|ipv6 regexp LINE |
42fc5d26 | 1000 | |
c3c5a71f | 1001 | ``show bgp ipv4|ipv6 regexp LINE`` |
42fc5d26 QY |
1002 | This commands displays BGP routes that matches a regular |
1003 | expression `line` (:ref:`BGP_Regular_Expressions`). | |
1004 | ||
1005 | .. _AS_Path_Access_List: | |
1006 | ||
1007 | AS Path Access List | |
1008 | ------------------- | |
1009 | ||
1010 | AS path access list is user defined AS path. | |
1011 | ||
c3c5a71f | 1012 | .. index:: ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 1013 | |
c3c5a71f | 1014 | ``ip as-path access-list WORD permit|deny LINE`` |
42fc5d26 QY |
1015 | This command defines a new AS path access list. |
1016 | ||
c3c5a71f | 1017 | .. index:: no ip as-path access-list WORD |
42fc5d26 | 1018 | |
c3c5a71f QY |
1019 | ``no ip as-path access-list WORD`` |
1020 | .. index:: no ip as-path access-list WORD permit|deny LINE | |
42fc5d26 | 1021 | |
c3c5a71f | 1022 | ``no ip as-path access-list WORD permit|deny LINE`` |
42fc5d26 QY |
1023 | |
1024 | .. _Using_AS_Path_in_Route_Map: | |
1025 | ||
1026 | Using AS Path in Route Map | |
1027 | -------------------------- | |
1028 | ||
c3c5a71f | 1029 | .. index:: match as-path WORD |
42fc5d26 | 1030 | |
c3c5a71f | 1031 | ``match as-path WORD`` |
42fc5d26 | 1032 | |
c3c5a71f | 1033 | .. index:: set as-path prepend AS-PATH |
42fc5d26 | 1034 | |
c3c5a71f | 1035 | ``set as-path prepend AS-PATH`` |
42fc5d26 QY |
1036 | Prepend the given string of AS numbers to the AS_PATH. |
1037 | ||
c3c5a71f | 1038 | .. index:: set as-path prepend last-as NUM |
42fc5d26 | 1039 | |
c3c5a71f | 1040 | ``set as-path prepend last-as NUM`` |
42fc5d26 QY |
1041 | Prepend the existing last AS number (the leftmost ASN) to the AS_PATH. |
1042 | ||
1043 | .. _Private_AS_Numbers: | |
1044 | ||
1045 | Private AS Numbers | |
1046 | ------------------ | |
1047 | ||
1048 | ||
1049 | .. _BGP_Communities_Attribute: | |
1050 | ||
1051 | BGP Communities Attribute | |
1052 | ========================= | |
1053 | ||
1054 | BGP communities attribute is widely used for implementing policy | |
c3c5a71f QY |
1055 | routing. Network operators can manipulate BGP communities attribute |
1056 | based on their network policy. BGP communities attribute is defined | |
1057 | in :t:`RFC1997, BGP Communities Attribute` and | |
42fc5d26 | 1058 | @cite{RFC1998, An Application of the BGP Community Attribute |
c3c5a71f | 1059 | in Multi-home Routing}. It is an optional transitive attribute, |
42fc5d26 QY |
1060 | therefore local policy can travel through different autonomous system. |
1061 | ||
c3c5a71f QY |
1062 | Communities attribute is a set of communities values. Each |
1063 | communities value is 4 octet long. The following format is used to | |
42fc5d26 QY |
1064 | define communities value. |
1065 | ||
1066 | ||
1067 | ||
1068 | *AS:VAL* | |
c3c5a71f QY |
1069 | This format represents 4 octet communities value. `AS` is high |
1070 | order 2 octet in digit format. `VAL` is low order 2 octet in | |
1071 | digit format. This format is useful to define AS oriented policy | |
1072 | value. For example, `7675:80` can be used when AS 7675 wants to | |
42fc5d26 QY |
1073 | pass local policy value 80 to neighboring peer. |
1074 | ||
1075 | *internet* | |
1076 | `internet` represents well-known communities value 0. | |
1077 | ||
1078 | *no-export* | |
1079 | ``no-export`` represents well-known communities value ``NO_EXPORT`` @\* | |
c3c5a71f QY |
1080 | @r{(0xFFFFFF01)}. All routes carry this value must not be advertised |
1081 | to outside a BGP confederation boundary. If neighboring BGP peer is | |
42fc5d26 QY |
1082 | part of BGP confederation, the peer is considered as inside a BGP |
1083 | confederation boundary, so the route will be announced to the peer. | |
1084 | ||
1085 | *no-advertise* | |
1086 | ``no-advertise`` represents well-known communities value | |
1087 | ``NO_ADVERTISE`` @*@r{(0xFFFFFF02)}. All routes carry this value | |
1088 | must not be advertise to other BGP peers. | |
1089 | ||
1090 | *local-AS* | |
1091 | ``local-AS`` represents well-known communities value | |
c3c5a71f QY |
1092 | ``NO_EXPORT_SUBCONFED`` @r{(0xFFFFFF03)}. All routes carry this |
1093 | value must not be advertised to external BGP peers. Even if the | |
42fc5d26 QY |
1094 | neighboring router is part of confederation, it is considered as |
1095 | external BGP peer, so the route will not be announced to the peer. | |
1096 | ||
1097 | When BGP communities attribute is received, duplicated communities | |
1098 | value in the communities attribute is ignored and each communities | |
1099 | values are sorted in numerical order. | |
1100 | ||
1101 | .. _BGP_Community_Lists: | |
1102 | ||
1103 | BGP Community Lists | |
1104 | ------------------- | |
1105 | ||
1106 | BGP community list is a user defined BGP communites attribute list. | |
1107 | BGP community list can be used for matching or manipulating BGP | |
1108 | communities attribute in updates. | |
1109 | ||
c3c5a71f QY |
1110 | There are two types of community list. One is standard community |
1111 | list and another is expanded community list. Standard community list | |
1112 | defines communities attribute. Expanded community list defines | |
1113 | communities attribute string with regular expression. Standard | |
42fc5d26 QY |
1114 | community list is compiled into binary format when user define it. |
1115 | Standard community list will be directly compared to BGP communities | |
c3c5a71f | 1116 | attribute in BGP updates. Therefore the comparison is faster than |
42fc5d26 QY |
1117 | expanded community list. |
1118 | ||
c3c5a71f | 1119 | .. index:: ip community-list standard NAME permit|deny COMMUNITY |
42fc5d26 | 1120 | |
c3c5a71f QY |
1121 | ``ip community-list standard NAME permit|deny COMMUNITY`` |
1122 | This command defines a new standard community list. `community` | |
1123 | is communities value. The `community` is compiled into community | |
1124 | structure. We can define multiple community list under same name. In | |
1125 | that case match will happen user defined order. Once the | |
42fc5d26 | 1126 | community list matches to communities attribute in BGP updates it |
c3c5a71f QY |
1127 | return permit or deny by the community list definition. When there is |
1128 | no matched entry, deny will be returned. When `community` is | |
42fc5d26 QY |
1129 | empty it matches to any routes. |
1130 | ||
c3c5a71f | 1131 | .. index:: ip community-list expanded NAME permit|deny LINE |
42fc5d26 | 1132 | |
c3c5a71f QY |
1133 | ``ip community-list expanded NAME permit|deny LINE`` |
1134 | This command defines a new expanded community list. `line` is a | |
1135 | string expression of communities attribute. `line` can be a | |
42fc5d26 QY |
1136 | regular expression (:ref:`BGP_Regular_Expressions`) to match |
1137 | the communities attribute in BGP updates. | |
1138 | ||
c3c5a71f | 1139 | .. index:: no ip community-list NAME |
42fc5d26 | 1140 | |
c3c5a71f QY |
1141 | ``no ip community-list NAME`` |
1142 | .. index:: no ip community-list standard NAME | |
42fc5d26 | 1143 | |
c3c5a71f QY |
1144 | ``no ip community-list standard NAME`` |
1145 | .. index:: no ip community-list expanded NAME | |
42fc5d26 | 1146 | |
c3c5a71f QY |
1147 | ``no ip community-list expanded NAME`` |
1148 | These commands delete community lists specified by `name`. All of | |
1149 | community lists shares a single name space. So community lists can be | |
42fc5d26 QY |
1150 | removed simpley specifying community lists name. |
1151 | ||
c3c5a71f | 1152 | .. index:: show ip community-list |
42fc5d26 | 1153 | |
c3c5a71f QY |
1154 | ``show ip community-list`` |
1155 | .. index:: show ip community-list NAME | |
42fc5d26 | 1156 | |
c3c5a71f QY |
1157 | ``show ip community-list NAME`` |
1158 | This command displays current community list information. When | |
1159 | `name` is specified the specified community list's information is | |
1160 | shown. | |
42fc5d26 QY |
1161 | |
1162 | :: | |
1163 | ||
c3c5a71f QY |
1164 | # show ip community-list |
1165 | Named Community standard list CLIST | |
1166 | permit 7675:80 7675:100 no-export | |
1167 | deny internet | |
1168 | Named Community expanded list EXPAND | |
1169 | permit : | |
1170 | ||
1171 | # show ip community-list CLIST | |
1172 | Named Community standard list CLIST | |
1173 | permit 7675:80 7675:100 no-export | |
1174 | deny internet | |
42fc5d26 | 1175 | |
42fc5d26 QY |
1176 | |
1177 | .. _Numbered_BGP_Community_Lists: | |
1178 | ||
1179 | Numbered BGP Community Lists | |
1180 | ---------------------------- | |
1181 | ||
1182 | When number is used for BGP community list name, the number has | |
c3c5a71f QY |
1183 | special meanings. Community list number in the range from 1 and 99 is |
1184 | standard community list. Community list number in the range from 100 | |
1185 | to 199 is expanded community list. These community lists are called | |
1186 | as numbered community lists. On the other hand normal community lists | |
42fc5d26 QY |
1187 | is called as named community lists. |
1188 | ||
c3c5a71f | 1189 | .. index:: ip community-list <1-99> permit|deny COMMUNITY |
42fc5d26 | 1190 | |
c3c5a71f QY |
1191 | ``ip community-list <1-99> permit|deny COMMUNITY`` |
1192 | This command defines a new community list. <1-99> is standard | |
1193 | community list number. Community list name within this range defines | |
1194 | standard community list. When `community` is empty it matches to | |
42fc5d26 QY |
1195 | any routes. |
1196 | ||
c3c5a71f | 1197 | .. index:: ip community-list <100-199> permit|deny COMMUNITY |
42fc5d26 | 1198 | |
c3c5a71f QY |
1199 | ``ip community-list <100-199> permit|deny COMMUNITY`` |
1200 | This command defines a new community list. <100-199> is expanded | |
1201 | community list number. Community list name within this range defines | |
42fc5d26 QY |
1202 | expanded community list. |
1203 | ||
c3c5a71f | 1204 | .. index:: ip community-list NAME permit|deny COMMUNITY |
42fc5d26 | 1205 | |
c3c5a71f | 1206 | ``ip community-list NAME permit|deny COMMUNITY`` |
42fc5d26 | 1207 | When community list type is not specifed, the community list type is |
c3c5a71f | 1208 | automatically detected. If `community` can be compiled into |
42fc5d26 | 1209 | communities attribute, the community list is defined as a standard |
c3c5a71f QY |
1210 | community list. Otherwise it is defined as an expanded community |
1211 | list. This feature is left for backward compability. Use of this | |
42fc5d26 QY |
1212 | feature is not recommended. |
1213 | ||
1214 | .. _BGP_Community_in_Route_Map: | |
1215 | ||
1216 | BGP Community in Route Map | |
1217 | -------------------------- | |
1218 | ||
1219 | In Route Map (:ref:`Route_Map`), we can match or set BGP | |
c3c5a71f | 1220 | communities attribute. Using this feature network operator can |
42fc5d26 QY |
1221 | implement their network policy based on BGP communities attribute. |
1222 | ||
1223 | Following commands can be used in Route Map. | |
1224 | ||
c3c5a71f | 1225 | .. index:: match community WORD |
42fc5d26 | 1226 | |
c3c5a71f QY |
1227 | ``match community WORD`` |
1228 | .. index:: match community WORD exact-match | |
42fc5d26 | 1229 | |
c3c5a71f | 1230 | ``match community WORD exact-match`` |
42fc5d26 | 1231 | This command perform match to BGP updates using community list |
c3c5a71f QY |
1232 | `word`. When the one of BGP communities value match to the one of |
1233 | communities value in community list, it is match. When | |
42fc5d26 QY |
1234 | `exact-match` keyword is spcified, match happen only when BGP |
1235 | updates have completely same communities value specified in the | |
1236 | community list. | |
1237 | ||
c3c5a71f | 1238 | .. index:: set community none |
42fc5d26 | 1239 | |
c3c5a71f QY |
1240 | ``set community none`` |
1241 | .. index:: set community COMMUNITY | |
42fc5d26 | 1242 | |
c3c5a71f QY |
1243 | ``set community COMMUNITY`` |
1244 | .. index:: set community COMMUNITY additive | |
42fc5d26 | 1245 | |
c3c5a71f QY |
1246 | ``set community COMMUNITY additive`` |
1247 | This command manipulate communities value in BGP updates. When | |
1248 | `none` is specified as communities value, it removes entire | |
1249 | communities attribute from BGP updates. When `community` is not | |
1250 | `none`, specified communities value is set to BGP updates. If | |
1251 | BGP updates already has BGP communities value, the existing BGP | |
1252 | communities value is replaced with specified `community` value. | |
1253 | When `additive` keyword is specified, `community` is appended | |
1254 | to the existing communities value. | |
42fc5d26 | 1255 | |
c3c5a71f | 1256 | .. index:: set comm-list WORD delete |
42fc5d26 | 1257 | |
c3c5a71f QY |
1258 | ``set comm-list WORD delete`` |
1259 | This command remove communities value from BGP communities attribute. | |
1260 | The `word` is community list name. When BGP route's communities | |
1261 | value matches to the community list `word`, the communities value | |
1262 | is removed. When all of communities value is removed eventually, the | |
1263 | BGP update's communities attribute is completely removed. | |
42fc5d26 QY |
1264 | |
1265 | .. _Display_BGP_Routes_by_Community: | |
1266 | ||
1267 | Display BGP Routes by Community | |
1268 | ------------------------------- | |
1269 | ||
1270 | To show BGP routes which has specific BGP communities attribute, | |
1271 | `show bgp {ipv4|ipv6}` command can be used. The | |
1272 | `community` and `community-list` subcommand can be used. | |
1273 | ||
c3c5a71f | 1274 | .. index:: show bgp ipv4|ipv6 community |
42fc5d26 | 1275 | |
c3c5a71f QY |
1276 | ``show bgp ipv4|ipv6 community`` |
1277 | .. index:: show bgp ipv4|ipv6 community COMMUNITY | |
42fc5d26 | 1278 | |
c3c5a71f QY |
1279 | ``show bgp ipv4|ipv6 community COMMUNITY`` |
1280 | .. index:: show bgp ipv4|ipv6 community COMMUNITY exact-match | |
42fc5d26 | 1281 | |
c3c5a71f | 1282 | ``show bgp ipv4|ipv6 community COMMUNITY exact-match`` |
42fc5d26 QY |
1283 | `show bgp {ipv4|ipv6} community` displays BGP routes which has communities |
1284 | attribute. Where the address family can be IPv4 or IPv6 among others. When | |
1285 | `community` is specified, BGP routes that matches `community` value is | |
1286 | displayed. For this command, `internet` keyword can't be used for | |
1287 | `community` value. When `exact-match` is specified, it display only | |
1288 | routes that have an exact match. | |
1289 | ||
c3c5a71f | 1290 | .. index:: show bgp ipv4|ipv6 community-list WORD |
42fc5d26 | 1291 | |
c3c5a71f QY |
1292 | ``show bgp ipv4|ipv6 community-list WORD`` |
1293 | .. index:: show bgp ipv4|ipv6 community-list WORD exact-match | |
42fc5d26 | 1294 | |
c3c5a71f QY |
1295 | ``show bgp ipv4|ipv6 community-list WORD exact-match`` |
1296 | This commands display BGP routes for the address family specified that matches | |
1297 | community list `word`. When `exact-match` is specified, display only | |
1298 | routes that have an exact match. | |
42fc5d26 QY |
1299 | |
1300 | .. _Using_BGP_Communities_Attribute: | |
1301 | ||
1302 | Using BGP Communities Attribute | |
1303 | ------------------------------- | |
1304 | ||
1305 | Following configuration is the most typical usage of BGP communities | |
c3c5a71f | 1306 | attribute. AS 7675 provides upstream Internet connection to AS 100. |
42fc5d26 QY |
1307 | When following configuration exists in AS 7675, AS 100 networks |
1308 | operator can set local preference in AS 7675 network by setting BGP | |
1309 | communities attribute to the updates. | |
1310 | ||
1311 | :: | |
1312 | ||
1313 | router bgp 7675 | |
1314 | neighbor 192.168.0.1 remote-as 100 | |
1315 | address-family ipv4 unicast | |
1316 | neighbor 192.168.0.1 route-map RMAP in | |
1317 | exit-address-family | |
1318 | ! | |
1319 | ip community-list 70 permit 7675:70 | |
1320 | ip community-list 70 deny | |
1321 | ip community-list 80 permit 7675:80 | |
1322 | ip community-list 80 deny | |
1323 | ip community-list 90 permit 7675:90 | |
1324 | ip community-list 90 deny | |
1325 | ! | |
1326 | route-map RMAP permit 10 | |
1327 | match community 70 | |
1328 | set local-preference 70 | |
1329 | ! | |
1330 | route-map RMAP permit 20 | |
1331 | match community 80 | |
1332 | set local-preference 80 | |
1333 | ! | |
1334 | route-map RMAP permit 30 | |
1335 | match community 90 | |
1336 | set local-preference 90 | |
c3c5a71f | 1337 | |
42fc5d26 QY |
1338 | |
1339 | Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. | |
1340 | The route has communities value 7675:80 so when above configuration | |
1341 | exists in AS 7675, announced route's local preference will be set to | |
1342 | value 80. | |
1343 | ||
1344 | :: | |
1345 | ||
1346 | router bgp 100 | |
1347 | network 10.0.0.0/8 | |
1348 | neighbor 192.168.0.2 remote-as 7675 | |
1349 | address-family ipv4 unicast | |
1350 | neighbor 192.168.0.2 route-map RMAP out | |
1351 | exit-address-family | |
1352 | ! | |
1353 | ip prefix-list PLIST permit 10.0.0.0/8 | |
1354 | ! | |
1355 | route-map RMAP permit 10 | |
1356 | match ip address prefix-list PLIST | |
1357 | set community 7675:80 | |
c3c5a71f | 1358 | |
42fc5d26 QY |
1359 | |
1360 | Following configuration is an example of BGP route filtering using | |
c3c5a71f QY |
1361 | communities attribute. This configuration only permit BGP routes |
1362 | which has BGP communities value 0:80 or 0:90. Network operator can | |
42fc5d26 QY |
1363 | put special internal communities value at BGP border router, then |
1364 | limit the BGP routes announcement into the internal network. | |
1365 | ||
1366 | :: | |
1367 | ||
1368 | router bgp 7675 | |
1369 | neighbor 192.168.0.1 remote-as 100 | |
1370 | address-family ipv4 unicast | |
1371 | neighbor 192.168.0.1 route-map RMAP in | |
1372 | exit-address-family | |
1373 | ! | |
1374 | ip community-list 1 permit 0:80 0:90 | |
1375 | ! | |
1376 | route-map RMAP permit in | |
1377 | match community 1 | |
c3c5a71f | 1378 | |
42fc5d26 QY |
1379 | |
1380 | Following exmaple filter BGP routes which has communities value 1:1. | |
c3c5a71f | 1381 | When there is no match community-list returns deny. To avoid |
42fc5d26 QY |
1382 | filtering all of routes, we need to define permit any at last. |
1383 | ||
1384 | :: | |
1385 | ||
1386 | router bgp 7675 | |
1387 | neighbor 192.168.0.1 remote-as 100 | |
1388 | address-family ipv4 unicast | |
1389 | neighbor 192.168.0.1 route-map RMAP in | |
1390 | exit-address-family | |
1391 | ! | |
1392 | ip community-list standard FILTER deny 1:1 | |
1393 | ip community-list standard FILTER permit | |
1394 | ! | |
1395 | route-map RMAP permit 10 | |
1396 | match community FILTER | |
c3c5a71f | 1397 | |
42fc5d26 QY |
1398 | |
1399 | Communities value keyword `internet` has special meanings in | |
c3c5a71f QY |
1400 | standard community lists. In below example `internet` act as |
1401 | match any. It matches all of BGP routes even if the route does not | |
1402 | have communities attribute at all. So community list `INTERNET` | |
42fc5d26 QY |
1403 | is same as above example's `FILTER`. |
1404 | ||
1405 | :: | |
1406 | ||
1407 | ip community-list standard INTERNET deny 1:1 | |
1408 | ip community-list standard INTERNET permit internet | |
c3c5a71f | 1409 | |
42fc5d26 QY |
1410 | |
1411 | Following configuration is an example of communities value deletion. | |
1412 | With this configuration communities value 100:1 and 100:2 is removed | |
c3c5a71f QY |
1413 | from BGP updates. For communities value deletion, only `permit` |
1414 | community-list is used. `deny` community-list is ignored. | |
42fc5d26 QY |
1415 | |
1416 | :: | |
1417 | ||
1418 | router bgp 7675 | |
1419 | neighbor 192.168.0.1 remote-as 100 | |
1420 | address-family ipv4 unicast | |
1421 | neighbor 192.168.0.1 route-map RMAP in | |
1422 | exit-address-family | |
1423 | ! | |
1424 | ip community-list standard DEL permit 100:1 100:2 | |
1425 | ! | |
1426 | route-map RMAP permit 10 | |
1427 | set comm-list DEL delete | |
c3c5a71f | 1428 | |
42fc5d26 QY |
1429 | |
1430 | .. _BGP_Extended_Communities_Attribute: | |
1431 | ||
1432 | BGP Extended Communities Attribute | |
1433 | ================================== | |
1434 | ||
1435 | BGP extended communities attribute is introduced with MPLS VPN/BGP | |
c3c5a71f QY |
1436 | technology. MPLS VPN/BGP expands capability of network infrastructure |
1437 | to provide VPN functionality. At the same time it requires a new | |
1438 | framework for policy routing. With BGP Extended Communities Attribute | |
42fc5d26 QY |
1439 | we can use Route Target or Site of Origin for implementing network |
1440 | policy for MPLS VPN/BGP. | |
1441 | ||
1442 | BGP Extended Communities Attribute is similar to BGP Communities | |
c3c5a71f | 1443 | Attribute. It is an optional transitive attribute. BGP Extended |
42fc5d26 QY |
1444 | Communities Attribute can carry multiple Extended Community value. |
1445 | Each Extended Community value is eight octet length. | |
1446 | ||
1447 | BGP Extended Communities Attribute provides an extended range | |
c3c5a71f | 1448 | compared with BGP Communities Attribute. Adding to that there is a |
42fc5d26 QY |
1449 | type field in each value to provides community space structure. |
1450 | ||
c3c5a71f | 1451 | There are two format to define Extended Community value. One is AS |
42fc5d26 QY |
1452 | based format the other is IP address based format. |
1453 | ||
1454 | ||
1455 | ||
1456 | *AS:VAL* | |
1457 | This is a format to define AS based Extended Community value. | |
1458 | `AS` part is 2 octets Global Administrator subfield in Extended | |
c3c5a71f QY |
1459 | Community value. `VAL` part is 4 octets Local Administrator |
1460 | subfield. `7675:100` represents AS 7675 policy value 100. | |
42fc5d26 QY |
1461 | |
1462 | *IP-Address:VAL* | |
1463 | This is a format to define IP address based Extended Community value. | |
1464 | `IP-Address` part is 4 octets Global Administrator subfield. | |
1465 | `VAL` part is 2 octets Local Administrator subfield. | |
c3c5a71f | 1466 | `10.0.0.1:100` represents |
42fc5d26 QY |
1467 | |
1468 | .. _BGP_Extended_Community_Lists: | |
1469 | ||
1470 | BGP Extended Community Lists | |
1471 | ---------------------------- | |
1472 | ||
1473 | Expanded Community Lists is a user defined BGP Expanded Community | |
1474 | Lists. | |
1475 | ||
c3c5a71f | 1476 | .. index:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
42fc5d26 | 1477 | |
c3c5a71f | 1478 | ``ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY`` |
42fc5d26 | 1479 | This command defines a new standard extcommunity-list. |
c3c5a71f QY |
1480 | `extcommunity` is extended communities value. The |
1481 | `extcommunity` is compiled into extended community structure. We | |
1482 | can define multiple extcommunity-list under same name. In that case | |
1483 | match will happen user defined order. Once the extcommunity-list | |
42fc5d26 | 1484 | matches to extended communities attribute in BGP updates it return |
c3c5a71f QY |
1485 | permit or deny based upon the extcommunity-list definition. When |
1486 | there is no matched entry, deny will be returned. When | |
42fc5d26 QY |
1487 | `extcommunity` is empty it matches to any routes. |
1488 | ||
c3c5a71f | 1489 | .. index:: ip extcommunity-list expanded NAME permit|deny LINE |
42fc5d26 | 1490 | |
c3c5a71f QY |
1491 | ``ip extcommunity-list expanded NAME permit|deny LINE`` |
1492 | This command defines a new expanded extcommunity-list. `line` is | |
1493 | a string expression of extended communities attribute. `line` can | |
42fc5d26 QY |
1494 | be a regular expression (:ref:`BGP_Regular_Expressions`) to match an |
1495 | extended communities attribute in BGP updates. | |
1496 | ||
c3c5a71f | 1497 | .. index:: no ip extcommunity-list NAME |
42fc5d26 | 1498 | |
c3c5a71f QY |
1499 | ``no ip extcommunity-list NAME`` |
1500 | .. index:: no ip extcommunity-list standard NAME | |
42fc5d26 | 1501 | |
c3c5a71f QY |
1502 | ``no ip extcommunity-list standard NAME`` |
1503 | .. index:: no ip extcommunity-list expanded NAME | |
42fc5d26 | 1504 | |
c3c5a71f | 1505 | ``no ip extcommunity-list expanded NAME`` |
42fc5d26 | 1506 | These commands delete extended community lists specified by |
c3c5a71f QY |
1507 | `name`. All of extended community lists shares a single name |
1508 | space. So extended community lists can be removed simpley specifying | |
42fc5d26 QY |
1509 | the name. |
1510 | ||
c3c5a71f | 1511 | .. index:: show ip extcommunity-list |
42fc5d26 | 1512 | |
c3c5a71f QY |
1513 | ``show ip extcommunity-list`` |
1514 | .. index:: show ip extcommunity-list NAME | |
42fc5d26 | 1515 | |
c3c5a71f QY |
1516 | ``show ip extcommunity-list NAME`` |
1517 | This command displays current extcommunity-list information. When | |
1518 | `name` is specified the community list's information is shown. | |
42fc5d26 QY |
1519 | |
1520 | :: | |
1521 | ||
c3c5a71f QY |
1522 | # show ip extcommunity-list |
1523 | ||
42fc5d26 QY |
1524 | |
1525 | .. _BGP_Extended_Communities_in_Route_Map: | |
1526 | ||
1527 | BGP Extended Communities in Route Map | |
1528 | ------------------------------------- | |
1529 | ||
c3c5a71f | 1530 | .. index:: match extcommunity WORD |
42fc5d26 | 1531 | |
c3c5a71f | 1532 | ``match extcommunity WORD`` |
42fc5d26 | 1533 | |
c3c5a71f | 1534 | .. index:: set extcommunity rt EXTCOMMUNITY |
42fc5d26 | 1535 | |
c3c5a71f | 1536 | ``set extcommunity rt EXTCOMMUNITY`` |
42fc5d26 QY |
1537 | This command set Route Target value. |
1538 | ||
c3c5a71f | 1539 | .. index:: set extcommunity soo EXTCOMMUNITY |
42fc5d26 | 1540 | |
c3c5a71f | 1541 | ``set extcommunity soo EXTCOMMUNITY`` |
42fc5d26 QY |
1542 | This command set Site of Origin value. |
1543 | ||
1544 | .. _BGP_Large_Communities_Attribute: | |
1545 | ||
1546 | BGP Large Communities Attribute | |
1547 | =============================== | |
1548 | ||
1549 | The BGP Large Communities attribute was introduced in Feb 2017 with | |
c3c5a71f | 1550 | :t:`RFC8092, BGP Large Communities Attribute`. |
42fc5d26 QY |
1551 | |
1552 | The BGP Large Communities Attribute is similar to the BGP Communities | |
1553 | Attribute except that it has 3 components instead of two and each of | |
1554 | which are 4 octets in length. Large Communities bring additional | |
1555 | functionality and convenience over traditional communities, specifically | |
1556 | the fact that the `GLOBAL` part below is now 4 octets wide allowing | |
1557 | AS4 operators seamless use. | |
1558 | ||
1559 | ||
1560 | ||
1561 | *GLOBAL:LOCAL1:LOCAL2* | |
1562 | This is the format to define Large Community values. Referencing | |
c3c5a71f | 1563 | :t:`RFC8195, Use of BGP Large Communities` the values are commonly |
42fc5d26 QY |
1564 | referred to as follows. |
1565 | The `GLOBAL` part is a 4 octet Global Administrator field, common | |
1566 | use of this field is the operators AS number. | |
1567 | The `LOCAL1` part is a 4 octet Local Data Part 1 subfield referred | |
1568 | to as a function. | |
1569 | The `LOCAL2` part is a 4 octet Local Data Part 2 field and referred | |
1570 | to as the parameter subfield. `65551:1:10` represents AS 65551 | |
1571 | function 1 and parameter 10. | |
1572 | The referenced RFC above gives some guidelines on recommended usage. | |
1573 | ||
1574 | .. _BGP_Large_Community_Lists: | |
1575 | ||
1576 | BGP Large Community Lists | |
1577 | ------------------------- | |
1578 | ||
1579 | Two types of large community lists are supported, namely `standard` and | |
1580 | `expanded`. | |
1581 | ||
c3c5a71f | 1582 | .. index:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
42fc5d26 | 1583 | |
c3c5a71f | 1584 | ``ip large-community-list standard NAME permit|deny LARGE-COMMUNITY`` |
42fc5d26 QY |
1585 | This command defines a new standard large-community-list. |
1586 | `large-community` is the Large Community value. We | |
1587 | can add multiple large communities under same name. In that case | |
1588 | the match will happen in the user defined order. Once the large-community-list | |
1589 | matches the Large Communities attribute in BGP updates it will return | |
c3c5a71f QY |
1590 | permit or deny based upon the large-community-list definition. When |
1591 | there is no matched entry, a deny will be returned. When `large-community` | |
42fc5d26 QY |
1592 | is empty it matches any routes. |
1593 | ||
c3c5a71f | 1594 | .. index:: ip large-community-list expanded NAME permit|deny LINE |
42fc5d26 | 1595 | |
c3c5a71f | 1596 | ``ip large-community-list expanded NAME permit|deny LINE`` |
42fc5d26 QY |
1597 | This command defines a new expanded large-community-list. Where `line` is |
1598 | a string matching expression, it will be compared to the entire Large Communities | |
1599 | attribute as a string, with each large-community in order from lowest to highest. | |
1600 | `line` can also be a regular expression which matches this Large | |
1601 | Community attribute. | |
1602 | ||
c3c5a71f | 1603 | .. index:: no ip large-community-list NAME |
42fc5d26 | 1604 | |
c3c5a71f QY |
1605 | ``no ip large-community-list NAME`` |
1606 | .. index:: no ip large-community-list standard NAME | |
42fc5d26 | 1607 | |
c3c5a71f QY |
1608 | ``no ip large-community-list standard NAME`` |
1609 | .. index:: no ip large-community-list expanded NAME | |
42fc5d26 | 1610 | |
c3c5a71f | 1611 | ``no ip large-community-list expanded NAME`` |
42fc5d26 QY |
1612 | These commands delete Large Community lists specified by |
1613 | `name`. All Large Community lists share a single namespace. | |
1614 | This means Large Community lists can be removed by simply specifying the name. | |
1615 | ||
c3c5a71f | 1616 | .. index:: show ip large-community-list |
42fc5d26 | 1617 | |
c3c5a71f QY |
1618 | ``show ip large-community-list`` |
1619 | .. index:: show ip large-community-list NAME | |
42fc5d26 | 1620 | |
c3c5a71f QY |
1621 | ``show ip large-community-list NAME`` |
1622 | This command display current large-community-list information. When | |
1623 | `name` is specified the community list information is shown. | |
42fc5d26 | 1624 | |
c3c5a71f | 1625 | .. index:: show ip bgp large-community-info |
42fc5d26 | 1626 | |
c3c5a71f QY |
1627 | ``show ip bgp large-community-info`` |
1628 | This command displays the current large communities in use. | |
42fc5d26 QY |
1629 | |
1630 | .. _BGP_Large_Communities_in_Route_Map: | |
1631 | ||
1632 | BGP Large Communities in Route Map | |
1633 | ---------------------------------- | |
1634 | ||
c3c5a71f | 1635 | .. index:: match large-community LINE |
42fc5d26 | 1636 | |
c3c5a71f | 1637 | ``match large-community LINE`` |
42fc5d26 QY |
1638 | Where `line` can be a simple string to match, or a regular expression. |
1639 | It is very important to note that this match occurs on the entire | |
1640 | large-community string as a whole, where each large-community is ordered | |
1641 | from lowest to highest. | |
1642 | ||
c3c5a71f | 1643 | .. index:: set large-community LARGE-COMMUNITY |
42fc5d26 | 1644 | |
c3c5a71f QY |
1645 | ``set large-community LARGE-COMMUNITY`` |
1646 | .. index:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY | |
42fc5d26 | 1647 | |
c3c5a71f QY |
1648 | ``set large-community LARGE-COMMUNITY LARGE-COMMUNITY`` |
1649 | .. index:: set large-community LARGE-COMMUNITY additive | |
42fc5d26 | 1650 | |
c3c5a71f | 1651 | ``set large-community LARGE-COMMUNITY additive`` |
42fc5d26 QY |
1652 | These commands are used for setting large-community values. The first |
1653 | command will overwrite any large-communities currently present. | |
1654 | The second specifies two large-communities, which overwrites the current | |
1655 | large-community list. The third will add a large-community value without | |
1656 | overwriting other values. Multiple large-community values can be specified. | |
1657 | ||
1658 | .. _Displaying_BGP_information: | |
1659 | ||
1660 | Displaying BGP information | |
1661 | ========================== | |
1662 | ||
1663 | ||
1664 | .. _Showing_BGP_information: | |
1665 | ||
1666 | Showing BGP information | |
1667 | ----------------------- | |
1668 | ||
c3c5a71f | 1669 | .. index:: show ip bgp |
42fc5d26 | 1670 | |
c3c5a71f QY |
1671 | ``show ip bgp`` |
1672 | .. index:: show ip bgp A.B.C.D | |
42fc5d26 | 1673 | |
c3c5a71f QY |
1674 | ``show ip bgp A.B.C.D`` |
1675 | .. index:: show ip bgp X:X::X:X | |
42fc5d26 | 1676 | |
c3c5a71f QY |
1677 | ``show ip bgp X:X::X:X`` |
1678 | This command displays BGP routes. When no route is specified it | |
42fc5d26 QY |
1679 | display all of IPv4 BGP routes. |
1680 | ||
1681 | :: | |
1682 | ||
1683 | BGP table version is 0, local router ID is 10.1.1.1 | |
1684 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal | |
1685 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
1686 | ||
c3c5a71f QY |
1687 | Network Next Hop Metric LocPrf Weight Path |
1688 | *> 1.1.1.1/32 0.0.0.0 0 32768 i | |
42fc5d26 QY |
1689 | |
1690 | Total number of prefixes 1 | |
42fc5d26 | 1691 | |
42fc5d26 | 1692 | |
c3c5a71f QY |
1693 | .. index:: show ip bgp regexp LINE |
1694 | ||
1695 | ``show ip bgp regexp LINE`` | |
42fc5d26 QY |
1696 | This command displays BGP routes using AS path regular expression |
1697 | (:ref:`BGP_Regular_Expressions`). | |
1698 | ||
c3c5a71f | 1699 | .. index:: show ip bgp community COMMUNITY |
42fc5d26 | 1700 | |
c3c5a71f QY |
1701 | ``show ip bgp community COMMUNITY`` |
1702 | .. index:: show ip bgp community COMMUNITY exact-match | |
42fc5d26 | 1703 | |
c3c5a71f QY |
1704 | ``show ip bgp community COMMUNITY exact-match`` |
1705 | This command displays BGP routes using `community` (:ref:`Display_BGP_Routes_by_Community`). | |
42fc5d26 | 1706 | |
c3c5a71f | 1707 | .. index:: show ip bgp community-list WORD |
42fc5d26 | 1708 | |
c3c5a71f QY |
1709 | ``show ip bgp community-list WORD`` |
1710 | .. index:: show ip bgp community-list WORD exact-match | |
42fc5d26 | 1711 | |
c3c5a71f QY |
1712 | ``show ip bgp community-list WORD exact-match`` |
1713 | This command displays BGP routes using community list (:ref:`Display_BGP_Routes_by_Community`). | |
42fc5d26 | 1714 | |
c3c5a71f | 1715 | .. index:: show bgp ipv4|ipv6 summary |
42fc5d26 | 1716 | |
c3c5a71f QY |
1717 | ``show bgp ipv4|ipv6 summary`` |
1718 | Show a bgp peer summary for the specified address family. | |
42fc5d26 | 1719 | |
c3c5a71f | 1720 | .. index:: show bgp ipv4|ipv6 neighbor [PEER] |
42fc5d26 | 1721 | |
c3c5a71f QY |
1722 | ``show bgp ipv4|ipv6 neighbor [PEER]`` |
1723 | This command shows information on a specific BGP `peer`. | |
42fc5d26 | 1724 | |
c3c5a71f | 1725 | .. index:: show bgp ipv4|ipv6 dampening dampened-paths |
42fc5d26 | 1726 | |
c3c5a71f QY |
1727 | ``show bgp ipv4|ipv6 dampening dampened-paths`` |
1728 | Display paths suppressed due to dampening. | |
42fc5d26 | 1729 | |
c3c5a71f | 1730 | .. index:: show bgp ipv4|ipv6 dampening flap-statistics |
42fc5d26 | 1731 | |
c3c5a71f QY |
1732 | ``show bgp ipv4|ipv6 dampening flap-statistics`` |
1733 | Display flap statistics of routes. | |
42fc5d26 QY |
1734 | |
1735 | .. _Other_BGP_commands: | |
1736 | ||
1737 | Other BGP commands | |
1738 | ------------------ | |
1739 | ||
c3c5a71f | 1740 | .. index:: clear bgp ipv4|ipv6 \* |
42fc5d26 | 1741 | |
c3c5a71f | 1742 | ``clear bgp ipv4|ipv6 \*`` |
42fc5d26 QY |
1743 | Clear all address family peers. |
1744 | ||
c3c5a71f | 1745 | .. index:: clear bgp ipv4|ipv6 PEER |
42fc5d26 | 1746 | |
c3c5a71f | 1747 | ``clear bgp ipv4|ipv6 PEER`` |
42fc5d26 QY |
1748 | Clear peers which have addresses of X.X.X.X |
1749 | ||
c3c5a71f | 1750 | .. index:: clear bgp ipv4|ipv6 PEER soft in |
42fc5d26 | 1751 | |
c3c5a71f | 1752 | ``clear bgp ipv4|ipv6 PEER soft in`` |
42fc5d26 QY |
1753 | Clear peer using soft reconfiguration. |
1754 | ||
c3c5a71f | 1755 | .. index:: show debug |
42fc5d26 | 1756 | |
c3c5a71f QY |
1757 | ``show debug`` |
1758 | .. index:: debug event | |
42fc5d26 | 1759 | |
c3c5a71f QY |
1760 | ``debug event`` |
1761 | .. index:: debug update | |
42fc5d26 | 1762 | |
c3c5a71f QY |
1763 | ``debug update`` |
1764 | .. index:: debug keepalive | |
42fc5d26 | 1765 | |
c3c5a71f QY |
1766 | ``debug keepalive`` |
1767 | .. index:: no debug event | |
42fc5d26 | 1768 | |
c3c5a71f QY |
1769 | ``no debug event`` |
1770 | .. index:: no debug update | |
42fc5d26 | 1771 | |
c3c5a71f QY |
1772 | ``no debug update`` |
1773 | .. index:: no debug keepalive | |
42fc5d26 | 1774 | |
c3c5a71f | 1775 | ``no debug keepalive`` |
42fc5d26 QY |
1776 | |
1777 | .. _Capability_Negotiation: | |
1778 | ||
1779 | Capability Negotiation | |
1780 | ====================== | |
1781 | ||
c3c5a71f QY |
1782 | When adding IPv6 routing information exchange feature to BGP. There |
1783 | were some proposals. :abbr:`IETF (Internet Engineering Task Force)` | |
1784 | :abbr:`IDR ( Inter Domain Routing)` :abbr:`IDR ( Inter Domain Routing)` adopted | |
1785 | a proposal called Multiprotocol Extension for BGP. The specification | |
07a17e6d | 1786 | is described in :rfc:`2283`. The protocol does not define new protocols. |
c3c5a71f QY |
1787 | It defines new attributes to existing BGP. When it is used exchanging |
1788 | IPv6 routing information it is called BGP-4+. When it is used for | |
42fc5d26 QY |
1789 | exchanging multicast routing information it is called MBGP. |
1790 | ||
c3c5a71f | 1791 | *bgpd* supports Multiprotocol Extension for BGP. So if remote |
42fc5d26 QY |
1792 | peer supports the protocol, *bgpd* can exchange IPv6 and/or |
1793 | multicast routing information. | |
1794 | ||
1795 | Traditional BGP did not have the feature to detect remote peer's | |
1796 | capabilities, e.g. whether it can handle prefix types other than IPv4 | |
c3c5a71f QY |
1797 | unicast routes. This was a big problem using Multiprotocol Extension |
1798 | for BGP to operational network. @cite{RFC2842, Capabilities | |
42fc5d26 QY |
1799 | Advertisement with BGP-4} adopted a feature called Capability |
1800 | Negotiation. *bgpd* use this Capability Negotiation to detect | |
c3c5a71f | 1801 | the remote peer's capabilities. If the peer is only configured as IPv4 |
42fc5d26 QY |
1802 | unicast neighbor, *bgpd* does not send these Capability |
1803 | Negotiation packets (at least not unless other optional BGP features | |
1804 | require capability negotation). | |
1805 | ||
dc1046f7 | 1806 | By default, FRR will bring up peering with minimal common capability |
c3c5a71f QY |
1807 | for the both sides. For example, local router has unicast and |
1808 | multicast capabilitie and remote router has unicast capability. In | |
42fc5d26 | 1809 | this case, the local router will establish the connection with unicast |
dc1046f7 | 1810 | only capability. When there are no common capabilities, FRR sends |
42fc5d26 QY |
1811 | Unsupported Capability error and then resets the connection. |
1812 | ||
c3c5a71f | 1813 | If you want to completely match capabilities with remote peer. Please |
42fc5d26 QY |
1814 | use *strict-capability-match* command. |
1815 | ||
c3c5a71f | 1816 | .. index:: neighbor `peer` strict-capability-match |
42fc5d26 | 1817 | |
c3c5a71f | 1818 | ``neighbor `peer` strict-capability-match`` |
42fc5d26 | 1819 | |
c3c5a71f QY |
1820 | .. index:: no neighbor `peer` strict-capability-match |
1821 | ||
1822 | ``no neighbor `peer` strict-capability-match`` | |
1823 | ||
1824 | Strictly compares remote capabilities and local capabilities. If capabilities | |
42fc5d26 QY |
1825 | are different, send Unsupported Capability error then reset connection. |
1826 | ||
1827 | You may want to disable sending Capability Negotiation OPEN message | |
1828 | optional parameter to the peer when remote peer does not implement | |
c3c5a71f | 1829 | Capability Negotiation. Please use *dont-capability-negotiate* |
42fc5d26 QY |
1830 | command to disable the feature. |
1831 | ||
c3c5a71f QY |
1832 | .. index:: neighbor `peer` dont-capability-negotiate |
1833 | ||
1834 | ``neighbor `peer` dont-capability-negotiate`` | |
42fc5d26 | 1835 | |
c3c5a71f QY |
1836 | .. index:: no neighbor `peer` dont-capability-negotiate |
1837 | ||
1838 | ``no neighbor `peer` dont-capability-negotiate`` | |
42fc5d26 | 1839 | |
42fc5d26 | 1840 | Suppress sending Capability Negotiation as OPEN message optional |
c3c5a71f | 1841 | parameter to the peer. This command only affects the peer is configured |
42fc5d26 QY |
1842 | other than IPv4 unicast configuration. |
1843 | ||
1844 | When remote peer does not have capability negotiation feature, remote | |
c3c5a71f | 1845 | peer will not send any capabilities at all. In that case, bgp |
42fc5d26 QY |
1846 | configures the peer with configured capabilities. |
1847 | ||
1848 | You may prefer locally configured capabilities more than the negotiated | |
c3c5a71f | 1849 | capabilities even though remote peer sends capabilities. If the peer |
42fc5d26 QY |
1850 | is configured by *override-capability*, *bgpd* ignores |
1851 | received capabilities then override negotiated capabilities with | |
1852 | configured values. | |
1853 | ||
c3c5a71f QY |
1854 | .. index:: neighbor `peer` override-capability |
1855 | ||
1856 | ``neighbor `peer` override-capability`` | |
1857 | ||
1858 | .. index:: no neighbor `peer` override-capability | |
42fc5d26 | 1859 | |
c3c5a71f | 1860 | ``no neighbor `peer` override-capability`` |
42fc5d26 | 1861 | |
c3c5a71f QY |
1862 | Override the result of Capability Negotiation with local configuration. |
1863 | Ignore remote peer's capability value. | |
42fc5d26 QY |
1864 | |
1865 | .. _Route_Reflector: | |
1866 | ||
1867 | Route Reflector | |
1868 | =============== | |
1869 | ||
c3c5a71f | 1870 | .. index:: bgp cluster-id `a.b.c.d` |
42fc5d26 | 1871 | |
c3c5a71f | 1872 | ``bgp cluster-id `a.b.c.d``` |
42fc5d26 | 1873 | |
42fc5d26 | 1874 | |
c3c5a71f QY |
1875 | .. index:: neighbor `peer` route-reflector-client |
1876 | ||
1877 | ``neighbor `peer` route-reflector-client`` | |
1878 | ||
1879 | .. index:: no neighbor `peer` route-reflector-client | |
1880 | ||
1881 | ``no neighbor `peer` route-reflector-client`` | |
42fc5d26 | 1882 | |
42fc5d26 QY |
1883 | |
1884 | .. _Route_Server: | |
1885 | ||
1886 | Route Server | |
1887 | ============ | |
1888 | ||
1889 | At an Internet Exchange point, many ISPs are connected to each other by | |
c3c5a71f | 1890 | external BGP peering. Normally these external BGP connection are done by |
8fa64b2a | 1891 | ``full mesh`` method. As with internal BGP full mesh formation, |
42fc5d26 QY |
1892 | this method has a scaling problem. |
1893 | ||
c3c5a71f QY |
1894 | This scaling problem is well known. Route Server is a method to resolve |
1895 | the problem. Each ISP's BGP router only peers to Route Server. Route | |
1896 | Server serves as BGP information exchange to other BGP routers. By | |
42fc5d26 QY |
1897 | applying this method, numbers of BGP connections is reduced from |
1898 | O(n*(n-1)/2) to O(n). | |
1899 | ||
1900 | Unlike normal BGP router, Route Server must have several routing tables | |
c3c5a71f QY |
1901 | for managing different routing policies for each BGP speaker. We call the |
1902 | routing tables as different ``view`` s. *bgpd* can work as | |
42fc5d26 QY |
1903 | normal BGP router or Route Server or both at the same time. |
1904 | ||
1905 | .. _Multiple_instance: | |
1906 | ||
1907 | Multiple instance | |
1908 | ----------------- | |
1909 | ||
1910 | To enable multiple view function of `bgpd`, you must turn on | |
1911 | multiple instance feature beforehand. | |
1912 | ||
c3c5a71f | 1913 | .. index:: bgp multiple-instance |
42fc5d26 | 1914 | |
c3c5a71f QY |
1915 | ``bgp multiple-instance`` |
1916 | Enable BGP multiple instance feature. After this feature is enabled, | |
42fc5d26 QY |
1917 | you can make multiple BGP instances or multiple BGP views. |
1918 | ||
c3c5a71f | 1919 | .. index:: no bgp multiple-instance |
42fc5d26 | 1920 | |
c3c5a71f QY |
1921 | ``no bgp multiple-instance`` |
1922 | Disable BGP multiple instance feature. You can not disable this feature | |
42fc5d26 QY |
1923 | when BGP multiple instances or views exist. |
1924 | ||
c3c5a71f | 1925 | When you want to make configuration more Cisco like one, |
42fc5d26 | 1926 | |
c3c5a71f | 1927 | .. index:: bgp config-type cisco |
42fc5d26 | 1928 | |
c3c5a71f | 1929 | ``bgp config-type cisco`` |
42fc5d26 QY |
1930 | Cisco compatible BGP configuration output. |
1931 | ||
c3c5a71f | 1932 | When bgp config-type cisco is specified, |
42fc5d26 QY |
1933 | |
1934 | 'no synchronization' is displayed. | |
1935 | 'no auto-summary' is displayed. | |
1936 | ||
1937 | 'network' and 'aggregate-address' argument is displayed as | |
1938 | 'A.B.C.D M.M.M.M' | |
1939 | ||
dc1046f7 | 1940 | FRR: network 10.0.0.0/8 |
42fc5d26 QY |
1941 | Cisco: network 10.0.0.0 |
1942 | ||
dc1046f7 | 1943 | FRR: aggregate-address 192.168.0.0/24 |
42fc5d26 QY |
1944 | Cisco: aggregate-address 192.168.0.0 255.255.255.0 |
1945 | ||
c3c5a71f | 1946 | Community attribute handling is also different. If there is no |
42fc5d26 | 1947 | configuration is specified community attribute and extended community |
c3c5a71f QY |
1948 | attribute are sent to neighbor. When user manually disable the |
1949 | feature community attribute is not sent to the neighbor. In case of | |
42fc5d26 | 1950 | *bgp config-type cisco* is specified, community attribute is not |
c3c5a71f | 1951 | sent to the neighbor by default. To send community attribute user has |
42fc5d26 QY |
1952 | to specify *neighbor A.B.C.D send-community* command. |
1953 | ||
1954 | :: | |
1955 | ||
1956 | ! | |
1957 | router bgp 1 | |
1958 | neighbor 10.0.0.1 remote-as 1 | |
1959 | address-family ipv4 unicast | |
1960 | no neighbor 10.0.0.1 send-community | |
1961 | exit-address-family | |
1962 | ! | |
1963 | router bgp 1 | |
1964 | neighbor 10.0.0.1 remote-as 1 | |
1965 | address-family ipv4 unicast | |
1966 | neighbor 10.0.0.1 send-community | |
1967 | exit-address-family | |
1968 | ! | |
42fc5d26 | 1969 | |
42fc5d26 | 1970 | |
c3c5a71f QY |
1971 | .. index:: bgp config-type zebra |
1972 | ||
1973 | ``bgp config-type zebra`` | |
dc1046f7 | 1974 | FRR style BGP configuration. This is default. |
42fc5d26 QY |
1975 | |
1976 | .. _BGP_instance_and_view: | |
1977 | ||
1978 | BGP instance and view | |
1979 | --------------------- | |
1980 | ||
c3c5a71f QY |
1981 | BGP instance is a normal BGP process. The result of route selection |
1982 | goes to the kernel routing table. You can setup different AS at the | |
42fc5d26 QY |
1983 | same time when BGP multiple instance feature is enabled. |
1984 | ||
c3c5a71f | 1985 | .. index:: router bgp AS-NUMBER |
42fc5d26 | 1986 | |
c3c5a71f QY |
1987 | ``router bgp AS-NUMBER`` |
1988 | Make a new BGP instance. You can use arbitrary word for the `name`. | |
42fc5d26 QY |
1989 | |
1990 | :: | |
1991 | ||
42fc5d26 QY |
1992 | bgp multiple-instance |
1993 | ! | |
1994 | router bgp 1 | |
1995 | neighbor 10.0.0.1 remote-as 2 | |
1996 | neighbor 10.0.0.2 remote-as 3 | |
1997 | ! | |
1998 | router bgp 2 | |
1999 | neighbor 10.0.0.3 remote-as 4 | |
2000 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 2001 | |
42fc5d26 QY |
2002 | |
2003 | BGP view is almost same as normal BGP process. The result of | |
c3c5a71f | 2004 | route selection does not go to the kernel routing table. BGP view is |
42fc5d26 QY |
2005 | only for exchanging BGP routing information. |
2006 | ||
c3c5a71f | 2007 | .. index:: router bgp AS-NUMBER view NAME |
42fc5d26 | 2008 | |
c3c5a71f QY |
2009 | ``router bgp AS-NUMBER view NAME`` |
2010 | Make a new BGP view. You can use arbitrary word for the `name`. This | |
42fc5d26 QY |
2011 | view's route selection result does not go to the kernel routing table. |
2012 | ||
2013 | With this command, you can setup Route Server like below. | |
2014 | ||
2015 | :: | |
2016 | ||
42fc5d26 QY |
2017 | bgp multiple-instance |
2018 | ! | |
2019 | router bgp 1 view 1 | |
2020 | neighbor 10.0.0.1 remote-as 2 | |
2021 | neighbor 10.0.0.2 remote-as 3 | |
2022 | ! | |
2023 | router bgp 2 view 2 | |
2024 | neighbor 10.0.0.3 remote-as 4 | |
2025 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 2026 | |
42fc5d26 QY |
2027 | |
2028 | .. _Routing_policy: | |
2029 | ||
2030 | Routing policy | |
2031 | -------------- | |
2032 | ||
c3c5a71f | 2033 | You can set different routing policy for a peer. For example, you can |
42fc5d26 QY |
2034 | set different filter for a peer. |
2035 | ||
2036 | :: | |
2037 | ||
42fc5d26 QY |
2038 | bgp multiple-instance |
2039 | ! | |
2040 | router bgp 1 view 1 | |
2041 | neighbor 10.0.0.1 remote-as 2 | |
2042 | address-family ipv4 unicast | |
2043 | neighbor 10.0.0.1 distribute-list 1 in | |
2044 | exit-address-family | |
2045 | ! | |
2046 | router bgp 1 view 2 | |
2047 | neighbor 10.0.0.1 remote-as 2 | |
2048 | address-family ipv4 unicast | |
2049 | neighbor 10.0.0.1 distribute-list 2 in | |
2050 | exit-address-family | |
c3c5a71f | 2051 | |
42fc5d26 QY |
2052 | |
2053 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view | |
c3c5a71f QY |
2054 | 2. When the update is inserted into view 1, distribute-list 1 is |
2055 | applied. On the other hand, when the update is inserted into view 2, | |
42fc5d26 QY |
2056 | distribute-list 2 is applied. |
2057 | ||
2058 | .. _Viewing_the_view: | |
2059 | ||
2060 | Viewing the view | |
2061 | ---------------- | |
2062 | ||
2063 | To display routing table of BGP view, you must specify view name. | |
2064 | ||
c3c5a71f | 2065 | .. index:: show ip bgp view NAME |
42fc5d26 | 2066 | |
c3c5a71f | 2067 | ``show ip bgp view NAME`` |
42fc5d26 QY |
2068 | Display routing table of BGP view `name`. |
2069 | ||
2070 | .. _BGP_Regular_Expressions: | |
2071 | ||
2072 | BGP Regular Expressions | |
2073 | ======================= | |
2074 | ||
2075 | BGP regular expressions are based on `POSIX 1003.2` regular | |
2076 | expressions. The following description is just a quick subset of the | |
2077 | `POSIX` regular expressions. Adding to that, the special character | |
2078 | '_' is added. | |
2079 | ||
2080 | ||
2081 | ||
2082 | *.* | |
2083 | Matches any single character. | |
2084 | ||
2085 | * | |
2086 | Matches 0 or more occurrences of pattern. | |
2087 | ||
2088 | + | |
2089 | Matches 1 or more occurrences of pattern. | |
2090 | ||
2091 | ? | |
2092 | Match 0 or 1 occurrences of pattern. | |
2093 | ||
2094 | ^ | |
2095 | Matches the beginning of the line. | |
2096 | ||
2097 | $ | |
2098 | Matches the end of the line. | |
2099 | ||
2100 | _ | |
2101 | Character `_` has special meanings in BGP regular expressions. | |
2102 | It matches to space and comma , and AS set delimiter { and } and AS | |
c3c5a71f QY |
2103 | confederation delimiter `(` and `)`. And it also matches to |
2104 | the beginning of the line and the end of the line. So `_` can be | |
42fc5d26 QY |
2105 | used for AS value boundaries match. This character technically evaluates |
2106 | to `(^|[,{}() ]|$)`. | |
2107 | ||
2108 | .. _How_to_set_up_a_6-Bone_connection: | |
2109 | ||
2110 | How to set up a 6-Bone connection | |
2111 | ================================= | |
2112 | ||
2113 | :: | |
2114 | ||
c3c5a71f QY |
2115 | zebra configuration |
2116 | =================== | |
2117 | ! | |
2118 | ! Actually there is no need to configure zebra | |
42fc5d26 QY |
2119 | ! |
2120 | ||
2121 | bgpd configuration | |
2122 | ================== | |
2123 | ! | |
2124 | ! This means that routes go through zebra and into the kernel. | |
2125 | ! | |
2126 | router zebra | |
2127 | ! | |
2128 | ! MP-BGP configuration | |
2129 | ! | |
2130 | router bgp 7675 | |
2131 | bgp router-id 10.0.0.1 | |
2132 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as `as-number` | |
2133 | ! | |
2134 | address-family ipv6 | |
2135 | network 3ffe:506::/32 | |
2136 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
2137 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
2138 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as `as-number` | |
2139 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
2140 | exit-address-family | |
2141 | ! | |
2142 | ipv6 access-list all permit any | |
2143 | ! | |
2144 | ! Set output nexthop address. | |
2145 | ! | |
2146 | route-map set-nexthop permit 10 | |
2147 | match ipv6 address all | |
2148 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
2149 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
2150 | ! | |
c3c5a71f | 2151 | ! logfile FILENAME is obsolete. Please use log file FILENAME |
42fc5d26 QY |
2152 | |
2153 | log file bgpd.log | |
2154 | ! | |
c3c5a71f | 2155 | |
42fc5d26 QY |
2156 | |
2157 | .. _Dump_BGP_packets_and_table: | |
2158 | ||
2159 | Dump BGP packets and table | |
2160 | ========================== | |
2161 | ||
c3c5a71f | 2162 | .. index:: dump bgp all PATH [INTERVAL] |
42fc5d26 | 2163 | |
c3c5a71f QY |
2164 | ``dump bgp all PATH [INTERVAL]`` |
2165 | .. index:: dump bgp all-et PATH [INTERVAL] | |
42fc5d26 | 2166 | |
c3c5a71f QY |
2167 | ``dump bgp all-et PATH [INTERVAL]`` |
2168 | .. index:: no dump bgp all [PATH] [INTERVAL] | |
42fc5d26 | 2169 | |
c3c5a71f | 2170 | ``no dump bgp all [PATH] [INTERVAL]`` |
42fc5d26 QY |
2171 | Dump all BGP packet and events to `path` file. |
2172 | If `interval` is set, a new file will be created for echo `interval` of seconds. | |
2173 | The path `path` can be set with date and time formatting (strftime). | |
2174 | The type ‘all-et’ enables support for Extended Timestamp Header (:ref:`Packet_Binary_Dump_Format`). | |
2175 | (:ref:`Packet_Binary_Dump_Format`) | |
2176 | ||
c3c5a71f | 2177 | .. index:: dump bgp updates PATH [INTERVAL] |
42fc5d26 | 2178 | |
c3c5a71f QY |
2179 | ``dump bgp updates PATH [INTERVAL]`` |
2180 | .. index:: dump bgp updates-et PATH [INTERVAL] | |
42fc5d26 | 2181 | |
c3c5a71f QY |
2182 | ``dump bgp updates-et PATH [INTERVAL]`` |
2183 | .. index:: no dump bgp updates [PATH] [INTERVAL] | |
42fc5d26 | 2184 | |
c3c5a71f QY |
2185 | ``no dump bgp updates [PATH] [INTERVAL]`` |
2186 | Dump only BGP updates messages to `path` file. | |
2187 | If `interval` is set, a new file will be created for echo `interval` of seconds. | |
2188 | The path `path` can be set with date and time formatting (strftime). | |
2189 | The type ‘updates-et’ enables support for Extended Timestamp Header (:ref:`Packet_Binary_Dump_Format`). | |
42fc5d26 | 2190 | |
c3c5a71f | 2191 | .. index:: dump bgp routes-mrt PATH |
42fc5d26 | 2192 | |
c3c5a71f QY |
2193 | ``dump bgp routes-mrt PATH`` |
2194 | .. index:: dump bgp routes-mrt PATH INTERVAL | |
42fc5d26 | 2195 | |
c3c5a71f QY |
2196 | ``dump bgp routes-mrt PATH INTERVAL`` |
2197 | .. index:: no dump bgp route-mrt [PATH] [INTERVAL] | |
42fc5d26 | 2198 | |
c3c5a71f QY |
2199 | ``no dump bgp route-mrt [PATH] [INTERVAL]`` |
2200 | Dump whole BGP routing table to `path`. This is heavy process. | |
2201 | The path `path` can be set with date and time formatting (strftime). | |
2202 | If `interval` is set, a new file will be created for echo `interval` of seconds. | |
42fc5d26 | 2203 | |
c3c5a71f | 2204 | Note: the interval variable can also be set using hours and minutes: 04h20m00. |
42fc5d26 QY |
2205 | |
2206 | BGP Configuration Examples | |
2207 | ========================== | |
2208 | ||
2209 | Example of a session to an upstream, advertising only one prefix to it. | |
2210 | ||
2211 | :: | |
2212 | ||
2213 | router bgp 64512 | |
2214 | bgp router-id 10.236.87.1 | |
2215 | neighbor upstream peer-group | |
2216 | neighbor upstream remote-as 64515 | |
2217 | neighbor upstream capability dynamic | |
2218 | neighbor 10.1.1.1 peer-group upstream | |
2219 | neighbor 10.1.1.1 description ACME ISP | |
2220 | ||
2221 | address-family ipv4 unicast | |
2222 | network 10.236.87.0/24 | |
2223 | neighbor upstream prefix-list pl-allowed-adv out | |
2224 | exit-address-family | |
2225 | ! | |
2226 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
2227 | ip prefix-list pl-allowed-adv seq 10 deny any | |
2228 | ||
c3c5a71f | 2229 | |
42fc5d26 QY |
2230 | |
2231 | A more complex example. With upstream, peer and customer sessions. | |
2232 | Advertising global prefixes and NO_EXPORT prefixes and providing | |
2233 | actions for customer routes based on community values. Extensive use of | |
2234 | route-maps and the 'call' feature to support selective advertising of | |
2235 | prefixes. This example is intended as guidance only, it has NOT been | |
2236 | tested and almost certainly containts silly mistakes, if not serious | |
2237 | flaws. | |
2238 | ||
2239 | :: | |
2240 | ||
2241 | router bgp 64512 | |
2242 | bgp router-id 10.236.87.1 | |
2243 | neighbor upstream capability dynamic | |
2244 | neighbor cust capability dynamic | |
2245 | neighbor peer capability dynamic | |
2246 | neighbor 10.1.1.1 remote-as 64515 | |
2247 | neighbor 10.1.1.1 peer-group upstream | |
2248 | neighbor 10.2.1.1 remote-as 64516 | |
2249 | neighbor 10.2.1.1 peer-group upstream | |
2250 | neighbor 10.3.1.1 remote-as 64517 | |
2251 | neighbor 10.3.1.1 peer-group cust-default | |
2252 | neighbor 10.3.1.1 description customer1 | |
2253 | neighbor 10.4.1.1 remote-as 64518 | |
2254 | neighbor 10.4.1.1 peer-group cust | |
2255 | neighbor 10.4.1.1 description customer2 | |
2256 | neighbor 10.5.1.1 remote-as 64519 | |
2257 | neighbor 10.5.1.1 peer-group peer | |
2258 | neighbor 10.5.1.1 description peer AS 1 | |
2259 | neighbor 10.6.1.1 remote-as 64520 | |
2260 | neighbor 10.6.1.1 peer-group peer | |
2261 | neighbor 10.6.1.1 description peer AS 2 | |
2262 | ||
2263 | address-family ipv4 unicast | |
2264 | network 10.123.456.0/24 | |
2265 | network 10.123.456.128/25 route-map rm-no-export | |
2266 | neighbor upstream route-map rm-upstream-out out | |
2267 | neighbor cust route-map rm-cust-in in | |
2268 | neighbor cust route-map rm-cust-out out | |
2269 | neighbor cust send-community both | |
2270 | neighbor peer route-map rm-peer-in in | |
2271 | neighbor peer route-map rm-peer-out out | |
2272 | neighbor peer send-community both | |
2273 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
2274 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
2275 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
2276 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
2277 | exit-address-family | |
2278 | ! | |
2279 | ip prefix-list pl-default permit 0.0.0.0/0 | |
2280 | ! | |
2281 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
2282 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
2283 | ! | |
2284 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
2285 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
2286 | ! | |
2287 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
2288 | ! | |
2289 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
2290 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
2291 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
2292 | ! | |
2293 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
2294 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
2295 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
2296 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
2297 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
2298 | ! | |
2299 | ip as-path access-list asp-own-as permit ^$ | |
2300 | ip as-path access-list asp-own-as permit _64512_ | |
2301 | ! | |
2302 | ! ################################################################# | |
2303 | ! Match communities we provide actions for, on routes receives from | |
2304 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
2305 | ! | |
2306 | ! 100 - blackhole the prefix | |
2307 | ! 200 - set no_export | |
2308 | ! 300 - advertise only to other customers | |
2309 | ! 400 - advertise only to upstreams | |
2310 | ! 500 - set no_export when advertising to upstreams | |
2311 | ! 2X00 - set local_preference to X00 | |
2312 | ! | |
2313 | ! blackhole the prefix of the route | |
2314 | ip community-list standard cm-blackhole permit 64512:100 | |
2315 | ! | |
2316 | ! set no-export community before advertising | |
2317 | ip community-list standard cm-set-no-export permit 64512:200 | |
2318 | ! | |
2319 | ! advertise only to other customers | |
2320 | ip community-list standard cm-cust-only permit 64512:300 | |
2321 | ! | |
2322 | ! advertise only to upstreams | |
2323 | ip community-list standard cm-upstream-only permit 64512:400 | |
2324 | ! | |
2325 | ! advertise to upstreams with no-export | |
2326 | ip community-list standard cm-upstream-noexport permit 64512:500 | |
2327 | ! | |
2328 | ! set local-pref to least significant 3 digits of the community | |
2329 | ip community-list standard cm-prefmod-100 permit 64512:2100 | |
2330 | ip community-list standard cm-prefmod-200 permit 64512:2200 | |
2331 | ip community-list standard cm-prefmod-300 permit 64512:2300 | |
2332 | ip community-list standard cm-prefmod-400 permit 64512:2400 | |
2333 | ip community-list expanded cme-prefmod-range permit 64512:2... | |
2334 | ! | |
2335 | ! Informational communities | |
2336 | ! | |
2337 | ! 3000 - learned from upstream | |
2338 | ! 3100 - learned from customer | |
2339 | ! 3200 - learned from peer | |
2340 | ! | |
2341 | ip community-list standard cm-learnt-upstream permit 64512:3000 | |
2342 | ip community-list standard cm-learnt-cust permit 64512:3100 | |
2343 | ip community-list standard cm-learnt-peer permit 64512:3200 | |
2344 | ! | |
2345 | ! ################################################################### | |
2346 | ! Utility route-maps | |
2347 | ! | |
2348 | ! These utility route-maps generally should not used to permit/deny | |
2349 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
2350 | ! should be used with 'on-match next'. These all finish with an empty | |
2351 | ! permit entry so as not interfere with processing in the caller. | |
2352 | ! | |
2353 | route-map rm-no-export permit 10 | |
2354 | set community additive no-export | |
2355 | route-map rm-no-export permit 20 | |
2356 | ! | |
2357 | route-map rm-blackhole permit 10 | |
2358 | description blackhole, up-pref and ensure it cant escape this AS | |
2359 | set ip next-hop 127.0.0.1 | |
2360 | set local-preference 10 | |
2361 | set community additive no-export | |
2362 | route-map rm-blackhole permit 20 | |
2363 | ! | |
2364 | ! Set local-pref as requested | |
2365 | route-map rm-prefmod permit 10 | |
2366 | match community cm-prefmod-100 | |
2367 | set local-preference 100 | |
2368 | route-map rm-prefmod permit 20 | |
2369 | match community cm-prefmod-200 | |
2370 | set local-preference 200 | |
2371 | route-map rm-prefmod permit 30 | |
2372 | match community cm-prefmod-300 | |
2373 | set local-preference 300 | |
2374 | route-map rm-prefmod permit 40 | |
2375 | match community cm-prefmod-400 | |
2376 | set local-preference 400 | |
2377 | route-map rm-prefmod permit 50 | |
2378 | ! | |
2379 | ! Community actions to take on receipt of route. | |
2380 | route-map rm-community-in permit 10 | |
2381 | description check for blackholing, no point continuing if it matches. | |
2382 | match community cm-blackhole | |
2383 | call rm-blackhole | |
2384 | route-map rm-community-in permit 20 | |
2385 | match community cm-set-no-export | |
2386 | call rm-no-export | |
2387 | on-match next | |
2388 | route-map rm-community-in permit 30 | |
2389 | match community cme-prefmod-range | |
2390 | call rm-prefmod | |
2391 | route-map rm-community-in permit 40 | |
2392 | ! | |
2393 | ! ##################################################################### | |
2394 | ! Community actions to take when advertising a route. | |
c3c5a71f | 2395 | ! These are filtering route-maps, |
42fc5d26 QY |
2396 | ! |
2397 | ! Deny customer routes to upstream with cust-only set. | |
2398 | route-map rm-community-filt-to-upstream deny 10 | |
2399 | match community cm-learnt-cust | |
2400 | match community cm-cust-only | |
2401 | route-map rm-community-filt-to-upstream permit 20 | |
2402 | ! | |
2403 | ! Deny customer routes to other customers with upstream-only set. | |
2404 | route-map rm-community-filt-to-cust deny 10 | |
2405 | match community cm-learnt-cust | |
2406 | match community cm-upstream-only | |
2407 | route-map rm-community-filt-to-cust permit 20 | |
2408 | ! | |
2409 | ! ################################################################### | |
2410 | ! The top-level route-maps applied to sessions. Further entries could | |
2411 | ! be added obviously.. | |
2412 | ! | |
2413 | ! Customers | |
2414 | route-map rm-cust-in permit 10 | |
2415 | call rm-community-in | |
2416 | on-match next | |
2417 | route-map rm-cust-in permit 20 | |
2418 | set community additive 64512:3100 | |
2419 | route-map rm-cust-in permit 30 | |
2420 | ! | |
2421 | route-map rm-cust-out permit 10 | |
2422 | call rm-community-filt-to-cust | |
2423 | on-match next | |
2424 | route-map rm-cust-out permit 20 | |
2425 | ! | |
2426 | ! Upstream transit ASes | |
2427 | route-map rm-upstream-out permit 10 | |
2428 | description filter customer prefixes which are marked cust-only | |
2429 | call rm-community-filt-to-upstream | |
2430 | on-match next | |
2431 | route-map rm-upstream-out permit 20 | |
2432 | description only customer routes are provided to upstreams/peers | |
2433 | match community cm-learnt-cust | |
2434 | ! | |
2435 | ! Peer ASes | |
2436 | ! outbound policy is same as for upstream | |
2437 | route-map rm-peer-out permit 10 | |
2438 | call rm-upstream-out | |
2439 | ! | |
2440 | route-map rm-peer-in permit 10 | |
2441 | set community additive 64512:3200 | |
c3c5a71f | 2442 | |
42fc5d26 | 2443 | |
f3817860 QY |
2444 | .. _Configuring_FRR_as_a_Route_Server: |
2445 | ||
2446 | Configuring FRR as a Route Server | |
2447 | ================================= | |
2448 | ||
2449 | The purpose of a Route Server is to centralize the peerings between BGP | |
2450 | speakers. For example if we have an exchange point scenario with four BGP | |
2451 | speakers, each of which maintaining a BGP peering with the other three | |
2452 | (:ref:`fig:full-mesh`), we can convert it into a centralized scenario where | |
2453 | each of the four establishes a single BGP peering against the Route Server | |
2454 | (:ref:`fig:route-server`). | |
2455 | ||
2456 | We will first describe briefly the Route Server model implemented by FRR. | |
2457 | We will explain the commands that have been added for configuring that | |
2458 | model. And finally we will show a full example of FRR configured as Route | |
2459 | Server. | |
2460 | ||
2461 | .. include:: rpki.rst |