]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _bgp: |
42fc5d26 QY |
2 | |
3 | *** | |
4 | BGP | |
5 | *** | |
6 | ||
c3c5a71f QY |
7 | :abbr:`BGP` stands for a Border Gateway Protocol. The lastest BGP version is 4. |
8 | It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols and | |
9 | de-fact standard of Inter Domain routing protocol. BGP-4 is described in | |
07a17e6d | 10 | :rfc:`1771`. |
42fc5d26 | 11 | |
07a17e6d QY |
12 | Many extensions have been added to :rfc:`1771`. :rfc:`2858` provides |
13 | multiprotocol support to BGP-4. | |
42fc5d26 | 14 | |
0efdf0fe | 15 | .. _starting-bgp: |
42fc5d26 QY |
16 | |
17 | Starting BGP | |
18 | ============ | |
19 | ||
c1a54c05 QY |
20 | Default configuration file of *bgpd* is :file:`bgpd.conf`. *bgpd* searches the |
21 | current directory first then |INSTALL_PREFIX_ETC|/bgpd.conf. All of bgpd's | |
22 | command must be configured in :file:`bgpd.conf`. | |
42fc5d26 | 23 | |
c1a54c05 | 24 | *bgpd* specific invocation options are described below. Common options may also |
0efdf0fe | 25 | be specified (:ref:`common-invocation-options`). |
42fc5d26 | 26 | |
c1a54c05 | 27 | .. program:: bgpd |
42fc5d26 | 28 | |
c1a54c05 QY |
29 | .. option:: -p <port> |
30 | .. option:: --bgp_port <port> | |
42fc5d26 | 31 | |
c1a54c05 | 32 | Set the bgp protocol's port number. |
42fc5d26 | 33 | |
c1a54c05 QY |
34 | .. option:: -r |
35 | .. option:: --retain | |
42fc5d26 | 36 | |
c1a54c05 | 37 | When program terminates, retain BGP routes added by zebra. |
42fc5d26 | 38 | |
c1a54c05 QY |
39 | .. option:: -l |
40 | .. option:: --listenon | |
42fc5d26 | 41 | |
c1a54c05 QY |
42 | Specify a specific IP address for bgpd to listen on, rather than its |
43 | default of INADDR_ANY / IN6ADDR_ANY. This can be useful to constrain bgpd | |
44 | to an internal address, or to run multiple bgpd processes on one host. | |
42fc5d26 QY |
45 | |
46 | ||
0efdf0fe | 47 | .. _bgp-router: |
42fc5d26 QY |
48 | |
49 | BGP router | |
50 | ========== | |
51 | ||
c1a54c05 QY |
52 | First of all you must configure BGP router with *router bgp* command. To |
53 | configure BGP router, you need AS number. AS number is an identification of | |
54 | autonomous system. BGP protocol uses the AS number for detecting whether the | |
55 | BGP connection is internal one or external one. | |
42fc5d26 | 56 | |
c3c5a71f | 57 | .. index:: router bgp ASN |
29adcd50 | 58 | .. clicmd:: router bgp ASN |
42fc5d26 | 59 | |
c1a54c05 QY |
60 | Enable a BGP protocol process with the specified ASN. After |
61 | this statement you can input any `BGP Commands`. You can not | |
62 | create different BGP process under different ASN without | |
0efdf0fe | 63 | specifying `multiple-instance` (:ref:`multiple-instance`). |
42fc5d26 | 64 | |
c1a54c05 | 65 | .. index:: no router bgp ASN |
29adcd50 | 66 | .. clicmd:: no router bgp ASN |
42fc5d26 | 67 | |
c1a54c05 | 68 | Destroy a BGP protocol process with the specified ASN. |
42fc5d26 | 69 | |
c1a54c05 QY |
70 | .. index:: bgp router-id A.B.C.D |
71 | .. clicmd:: bgp router-id A.B.C.D | |
c3c5a71f | 72 | |
c1a54c05 QY |
73 | This command specifies the router-ID. If *bgpd* connects to *zebra* it gets |
74 | interface and address information. In that case default router ID value is | |
75 | selected as the largest IP Address of the interfaces. When `router zebra` is | |
76 | not enabled *bgpd* can't get interface information so `router-id` is set to | |
77 | 0.0.0.0. So please set router-id by hand. | |
42fc5d26 | 78 | |
0efdf0fe | 79 | .. _bgp-distance: |
42fc5d26 QY |
80 | |
81 | BGP distance | |
82 | ------------ | |
83 | ||
29adcd50 | 84 | .. index:: distance bgp (1-255) (1-255) (1-255) |
29adcd50 | 85 | .. clicmd:: distance bgp (1-255) (1-255) (1-255) |
42fc5d26 | 86 | |
c1a54c05 QY |
87 | This command change distance value of BGP. Each argument is distance value |
88 | for external routes, internal routes and local routes. | |
42fc5d26 | 89 | |
c1a54c05 QY |
90 | .. index:: distance (1-255) A.B.C.D/M |
91 | .. clicmd:: distance (1-255) A.B.C.D/M | |
c3c5a71f | 92 | |
c1a54c05 QY |
93 | .. index:: distance (1-255) A.B.C.D/M word |
94 | .. clicmd:: distance (1-255) A.B.C.D/M word | |
42fc5d26 | 95 | |
0efdf0fe | 96 | .. _bgp-decision-process: |
42fc5d26 QY |
97 | |
98 | BGP decision process | |
99 | -------------------- | |
100 | ||
dc1046f7 | 101 | The decision process FRR BGP uses to select routes is as follows: |
42fc5d26 | 102 | |
c1a54c05 | 103 | 1. Weight check |
42fc5d26 QY |
104 | |
105 | ||
c1a54c05 | 106 | Prefer higher local weight routes to lower routes. |
42fc5d26 | 107 | |
c1a54c05 | 108 | 2. Local preference check |
42fc5d26 | 109 | |
42fc5d26 | 110 | |
c1a54c05 | 111 | Prefer higher local preference routes to lower. |
42fc5d26 | 112 | |
c1a54c05 | 113 | 3. Local route check |
42fc5d26 | 114 | |
c1a54c05 | 115 | Prefer local routes (statics, aggregates, redistributed) to received routes. |
42fc5d26 | 116 | |
c1a54c05 | 117 | 4. AS path length check |
42fc5d26 | 118 | |
c1a54c05 | 119 | Prefer shortest hop-count AS_PATHs. |
42fc5d26 | 120 | |
c1a54c05 | 121 | 5. Origin check |
42fc5d26 | 122 | |
c1a54c05 QY |
123 | Prefer the lowest origin type route. That is, prefer IGP origin routes to |
124 | EGP, to Incomplete routes. | |
42fc5d26 | 125 | |
c1a54c05 | 126 | 6. MED check |
42fc5d26 | 127 | |
c1a54c05 | 128 | Where routes with a MED were received from the same AS, prefer the route |
0efdf0fe | 129 | with the lowest MED. :ref:`bgp-med`. |
42fc5d26 | 130 | |
c1a54c05 | 131 | 7. External check |
42fc5d26 | 132 | |
c1a54c05 QY |
133 | Prefer the route received from an external, eBGP peer over routes received |
134 | from other types of peers. | |
42fc5d26 | 135 | |
c1a54c05 | 136 | 8. IGP cost check |
42fc5d26 | 137 | |
c1a54c05 | 138 | Prefer the route with the lower IGP cost. |
42fc5d26 | 139 | |
c1a54c05 | 140 | 9. Multi-path check |
42fc5d26 | 141 | |
c1a54c05 QY |
142 | If multi-pathing is enabled, then check whether the routes not yet |
143 | distinguished in preference may be considered equal. If | |
9e146a81 | 144 | :clicmd:`bgp bestpath as-path multipath-relax` is set, all such routes are |
c1a54c05 QY |
145 | considered equal, otherwise routes received via iBGP with identical AS_PATHs |
146 | or routes received from eBGP neighbours in the same AS are considered equal. | |
42fc5d26 | 147 | |
c1a54c05 | 148 | 10. Already-selected external check |
42fc5d26 | 149 | |
4da7fda3 QY |
150 | Where both routes were received from eBGP peers, then prefer the route |
151 | which is already selected. Note that this check is not applied if | |
152 | :clicmd:`bgp bestpath compare-routerid` is configured. This check can | |
153 | prevent some cases of oscillation. | |
42fc5d26 | 154 | |
c1a54c05 | 155 | 11. Router-ID check |
42fc5d26 | 156 | |
4da7fda3 QY |
157 | Prefer the route with the lowest `router-ID`. If the route has an |
158 | `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is | |
159 | used, otherwise the `router-ID` of the peer the route was received from is | |
160 | used. | |
42fc5d26 | 161 | |
c1a54c05 | 162 | 12. Cluster-List length check |
42fc5d26 | 163 | |
4da7fda3 QY |
164 | The route with the shortest cluster-list length is used. The cluster-list |
165 | reflects the iBGP reflection path the route has taken. | |
42fc5d26 | 166 | |
c1a54c05 QY |
167 | 13. Peer address |
168 | ||
4da7fda3 QY |
169 | Prefer the route received from the peer with the higher transport layer |
170 | address, as a last-resort tie-breaker. | |
42fc5d26 | 171 | |
c3c5a71f | 172 | |
c1a54c05 | 173 | .. index:: bgp bestpath as-path confed |
29adcd50 | 174 | .. clicmd:: bgp bestpath as-path confed |
42fc5d26 | 175 | |
c1a54c05 QY |
176 | This command specifies that the length of confederation path sets and |
177 | sequences should should be taken into account during the BGP best path | |
178 | decision process. | |
42fc5d26 | 179 | |
c3c5a71f | 180 | .. index:: bgp bestpath as-path multipath-relax |
29adcd50 | 181 | .. clicmd:: bgp bestpath as-path multipath-relax |
42fc5d26 | 182 | |
c1a54c05 QY |
183 | This command specifies that BGP decision process should consider paths |
184 | of equal AS_PATH length candidates for multipath computation. Without | |
185 | the knob, the entire AS_PATH must match for multipath computation. | |
c3c5a71f | 186 | |
29adcd50 | 187 | .. clicmd:: bgp bestpath compare-routerid |
42fc5d26 | 188 | |
c1a54c05 QY |
189 | Ensure that when comparing routes where both are equal on most metrics, |
190 | including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken | |
191 | based on router-ID. | |
42fc5d26 | 192 | |
c1a54c05 QY |
193 | If this option is enabled, then the already-selected check, where |
194 | already selected eBGP routes are preferred, is skipped. | |
42fc5d26 | 195 | |
c1a54c05 QY |
196 | If a route has an `ORIGINATOR_ID` attribute because it has been reflected, |
197 | that `ORIGINATOR_ID` will be used. Otherwise, the router-ID of the peer the | |
198 | route was received from will be used. | |
42fc5d26 | 199 | |
c1a54c05 QY |
200 | The advantage of this is that the route-selection (at this point) will be |
201 | more deterministic. The disadvantage is that a few or even one lowest-ID | |
202 | router may attract all trafic to otherwise-equal paths because of this | |
203 | check. It may increase the possibility of MED or IGP oscillation, unless | |
204 | other measures were taken to avoid these. The exact behaviour will be | |
205 | sensitive to the iBGP and reflection topology. | |
42fc5d26 QY |
206 | |
207 | ||
0efdf0fe | 208 | .. _bgp-route-flap-dampening: |
42fc5d26 QY |
209 | |
210 | BGP route flap dampening | |
211 | ------------------------ | |
212 | ||
c1a54c05 QY |
213 | .. clicmd:: bgp dampening (1-45) (1-20000) (1-20000) (1-255) |
214 | ||
c1a54c05 | 215 | This command enables BGP route-flap dampening and specifies dampening parameters. |
42fc5d26 | 216 | |
c1a54c05 QY |
217 | half-life |
218 | Half-life time for the penalty | |
42fc5d26 | 219 | |
c1a54c05 QY |
220 | reuse-threshold |
221 | Value to start reusing a route | |
42fc5d26 | 222 | |
c1a54c05 QY |
223 | suppress-threshold |
224 | Value to start suppressing a route | |
42fc5d26 | 225 | |
c1a54c05 QY |
226 | max-suppress |
227 | Maximum duration to suppress a stable route | |
42fc5d26 | 228 | |
c1a54c05 QY |
229 | The route-flap damping algorithm is compatible with :rfc:`2439`. The use of |
230 | this command is not recommended nowadays. | |
42fc5d26 | 231 | |
c1a54c05 QY |
232 | .. seealso:: |
233 | ||
234 | `http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378 <http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378>`_ | |
42fc5d26 | 235 | |
0efdf0fe | 236 | .. _bgp-med: |
42fc5d26 QY |
237 | |
238 | BGP MED | |
239 | ======= | |
240 | ||
c1a54c05 QY |
241 | The BGP :abbr:`MED (Multi Exit Discriminator)` attribute has properties which |
242 | can cause subtle convergence problems in BGP. These properties and problems | |
243 | have proven to be hard to understand, at least historically, and may still not | |
244 | be widely understood. The following attempts to collect together and present | |
245 | what is known about MED, to help operators and FRR users in designing and | |
246 | configuring their networks. | |
42fc5d26 | 247 | |
07a17e6d QY |
248 | The BGP :abbr:`MED` attribute is intended to allow one AS to indicate its |
249 | preferences for its ingress points to another AS. The MED attribute will not be | |
250 | propagated on to another AS by the receiving AS - it is 'non-transitive' in the | |
251 | BGP sense. | |
42fc5d26 | 252 | |
c1a54c05 QY |
253 | E.g., if AS X and AS Y have 2 different BGP peering points, then AS X might set |
254 | a MED of 100 on routes advertised at one and a MED of 200 at the other. When AS | |
255 | Y selects between otherwise equal routes to or via AS X, AS Y should prefer to | |
256 | take the path via the lower MED peering of 100 with AS X. Setting the MED | |
257 | allows an AS to influence the routing taken to it within another, neighbouring | |
258 | AS. | |
42fc5d26 QY |
259 | |
260 | In this use of MED it is not really meaningful to compare the MED value on | |
c1a54c05 QY |
261 | routes where the next AS on the paths differs. E.g., if AS Y also had a route |
262 | for some destination via AS Z in addition to the routes from AS X, and AS Z had | |
263 | also set a MED, it wouldn't make sense for AS Y to compare AS Z's MED values to | |
264 | those of AS X. The MED values have been set by different administrators, with | |
265 | different frames of reference. | |
42fc5d26 QY |
266 | |
267 | The default behaviour of BGP therefore is to not compare MED values across | |
dc1046f7 | 268 | routes received from different neighbouring ASes. In FRR this is done by |
c1a54c05 QY |
269 | comparing the neighbouring, left-most AS in the received AS_PATHs of the routes |
270 | and only comparing MED if those are the same. | |
271 | ||
272 | Unfortunately, this behaviour of MED, of sometimes being compared across routes | |
273 | and sometimes not, depending on the properties of those other routes, means MED | |
274 | can cause the order of preference over all the routes to be undefined. That is, | |
275 | given routes A, B, and C, if A is preferred to B, and B is preferred to C, then | |
276 | a well-defined order should mean the preference is transitive (in the sense of | |
013f9762 | 277 | orders [#med-transitivity-rant]_) and that A would be preferred to C. |
42fc5d26 | 278 | |
c3c5a71f QY |
279 | However, when MED is involved this need not be the case. With MED it is |
280 | possible that C is actually preferred over A. So A is preferred to B, B is | |
281 | preferred to C, but C is preferred to A. This can be true even where BGP | |
c1a54c05 QY |
282 | defines a deterministic 'most preferred' route out of the full set of A,B,C. |
283 | With MED, for any given set of routes there may be a deterministically | |
284 | preferred route, but there need not be any way to arrange them into any order | |
285 | of preference. With unmodified MED, the order of preference of routes literally | |
286 | becomes undefined. | |
42fc5d26 | 287 | |
c3c5a71f | 288 | That MED can induce non-transitive preferences over routes can cause issues. |
c1a54c05 QY |
289 | Firstly, it may be perceived to cause routing table churn locally at speakers; |
290 | secondly, and more seriously, it may cause routing instability in iBGP | |
291 | topologies, where sets of speakers continually oscillate between different | |
292 | paths. | |
42fc5d26 | 293 | |
c3c5a71f | 294 | The first issue arises from how speakers often implement routing decisions. |
c1a54c05 QY |
295 | Though BGP defines a selection process that will deterministically select the |
296 | same route as best at any given speaker, even with MED, that process requires | |
297 | evaluating all routes together. For performance and ease of implementation | |
298 | reasons, many implementations evaluate route preferences in a pair-wise fashion | |
299 | instead. Given there is no well-defined order when MED is involved, the best | |
300 | route that will be chosen becomes subject to implementation details, such as | |
301 | the order the routes are stored in. That may be (locally) non-deterministic, | |
302 | e.g.: it may be the order the routes were received in. | |
42fc5d26 QY |
303 | |
304 | This indeterminism may be considered undesirable, though it need not cause | |
c1a54c05 QY |
305 | problems. It may mean additional routing churn is perceived, as sometimes more |
306 | updates may be produced than at other times in reaction to some event . | |
42fc5d26 QY |
307 | |
308 | This first issue can be fixed with a more deterministic route selection that | |
c3c5a71f | 309 | ensures routes are ordered by the neighbouring AS during selection. |
9e146a81 | 310 | :clicmd:`bgp deterministic-med`. This may reduce the number of updates as routes |
c1a54c05 QY |
311 | are received, and may in some cases reduce routing churn. Though, it could |
312 | equally deterministically produce the largest possible set of updates in | |
313 | response to the most common sequence of received updates. | |
42fc5d26 QY |
314 | |
315 | A deterministic order of evaluation tends to imply an additional overhead of | |
c3c5a71f | 316 | sorting over any set of n routes to a destination. The implementation of |
dc1046f7 | 317 | deterministic MED in FRR scales significantly worse than most sorting |
c1a54c05 QY |
318 | algorithms at present, with the number of paths to a given destination. That |
319 | number is often low enough to not cause any issues, but where there are many | |
320 | paths, the deterministic comparison may quickly become increasingly expensive | |
321 | in terms of CPU. | |
322 | ||
323 | Deterministic local evaluation can *not* fix the second, more major, issue of | |
324 | MED however. Which is that the non-transitive preference of routes MED can | |
325 | cause may lead to routing instability or oscillation across multiple speakers | |
326 | in iBGP topologies. This can occur with full-mesh iBGP, but is particularly | |
327 | problematic in non-full-mesh iBGP topologies that further reduce the routing | |
328 | information known to each speaker. This has primarily been documented with iBGP | |
329 | route-reflection topologies. However, any route-hiding technologies potentially | |
330 | could also exacerbate oscillation with MED. | |
331 | ||
332 | This second issue occurs where speakers each have only a subset of routes, and | |
333 | there are cycles in the preferences between different combinations of routes - | |
334 | as the undefined order of preference of MED allows - and the routes are | |
335 | distributed in a way that causes the BGP speakers to 'chase' those cycles. This | |
336 | can occur even if all speakers use a deterministic order of evaluation in route | |
337 | selection. | |
338 | ||
339 | E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and from | |
340 | speaker 3 in AS Y; while speaker 5 in AS A might receive that route from | |
341 | speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100 at speaker | |
342 | 3. I.e, using ASN:ID:MED to label the speakers: | |
42fc5d26 QY |
343 | |
344 | :: | |
345 | ||
c1a54c05 QY |
346 | . |
347 | /---------------\\ | |
42fc5d26 | 348 | X:2------|--A:4-------A:5--|-Y:1:200 |
c1a54c05 QY |
349 | Y:3:100--|-/ | |
350 | \\---------------/ | |
c3c5a71f | 351 | |
42fc5d26 | 352 | |
42fc5d26 | 353 | |
c1a54c05 QY |
354 | Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then based |
355 | on the RFC4271 decision process speaker 4 will choose X:2 over Y:3:100, based | |
356 | on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5. Speaker 5 will | |
357 | continue to prefer Y:1:200 based on the ID, and advertise this to speaker 4. | |
358 | Speaker 4 will now have the full set of routes, and the Y:1:200 it receives | |
359 | from 5 will beat X:2, but when speaker 4 compares Y:1:200 to Y:3:100 the MED | |
360 | check now becomes active as the ASes match, and now Y:3:100 is preferred. | |
361 | Speaker 4 therefore now advertises Y:3:100 to 5, which will also agrees that | |
362 | Y:3:100 is preferred to Y:1:200, and so withdraws the latter route from 4. | |
363 | Speaker 4 now has only X:2 and Y:3:100, and X:2 beats Y:3:100, and so speaker 4 | |
364 | implicitly updates its route to speaker 5 to X:2. Speaker 5 sees that Y:1:200 | |
365 | beats X:2 based on the ID, and advertises Y:1:200 to speaker 4, and the cycle | |
366 | continues. | |
42fc5d26 QY |
367 | |
368 | The root cause is the lack of a clear order of preference caused by how MED | |
369 | sometimes is and sometimes is not compared, leading to this cycle in the | |
370 | preferences between the routes: | |
371 | ||
372 | :: | |
373 | ||
c1a54c05 QY |
374 | . |
375 | /---> X:2 ---beats---> Y:3:100 --\\ | |
376 | | | | |
377 | | | | |
378 | \\---beats--- Y:1:200 <---beats---/ | |
c3c5a71f | 379 | |
42fc5d26 | 380 | |
42fc5d26 QY |
381 | |
382 | This particular type of oscillation in full-mesh iBGP topologies can be | |
383 | avoided by speakers preferring already selected, external routes rather than | |
c1a54c05 QY |
384 | choosing to update to new a route based on a post-MED metric (e.g. router-ID), |
385 | at the cost of a non-deterministic selection process. FRR implements this, as | |
386 | do many other implementations, so long as it is not overridden by setting | |
9e146a81 QY |
387 | :clicmd:`bgp bestpath compare-routerid`, and see also |
388 | :ref:`bgp-decision-process`. | |
42fc5d26 QY |
389 | |
390 | However, more complex and insidious cycles of oscillation are possible with | |
c3c5a71f | 391 | iBGP route-reflection, which are not so easily avoided. These have been |
c1a54c05 QY |
392 | documented in various places. See, e.g.: |
393 | ||
394 | - [bgp-route-osci-cond]_ | |
395 | - [stable-flexible-ibgp]_ | |
396 | - [ibgp-correctness]_ | |
397 | ||
398 | for concrete examples and further references. | |
399 | ||
400 | There is as of this writing *no* known way to use MED for its original purpose; | |
401 | *and* reduce routing information in iBGP topologies; *and* be sure to avoid the | |
402 | instability problems of MED due the non-transitive routing preferences it can | |
403 | induce; in general on arbitrary networks. | |
404 | ||
405 | There may be iBGP topology specific ways to reduce the instability risks, even | |
406 | while using MED, e.g.: by constraining the reflection topology and by tuning | |
013f9762 | 407 | IGP costs between route-reflector clusters, see :rfc:`3345` for details. In the |
c1a54c05 QY |
408 | near future, the Add-Path extension to BGP may also solve MED oscillation while |
409 | still allowing MED to be used as intended, by distributing "best-paths per | |
410 | neighbour AS". This would be at the cost of distributing at least as many | |
411 | routes to all speakers as a full-mesh iBGP would, if not more, while also | |
412 | imposing similar CPU overheads as the "Deterministic MED" feature at each | |
413 | Add-Path reflector. | |
42fc5d26 QY |
414 | |
415 | More generally, the instability problems that MED can introduce on more | |
416 | complex, non-full-mesh, iBGP topologies may be avoided either by: | |
417 | ||
013f9762 | 418 | - Setting :clicmd:`bgp always-compare-med`, however this allows MED to be compared |
42fc5d26 QY |
419 | across values set by different neighbour ASes, which may not produce |
420 | coherent desirable results, of itself. | |
4b44467c | 421 | - Effectively ignoring MED by setting MED to the same value (e.g.: 0) using |
013f9762 QY |
422 | :clicmd:`set metric METRIC` on all received routes, in combination with |
423 | setting :clicmd:`bgp always-compare-med` on all speakers. This is the simplest | |
42fc5d26 QY |
424 | and most performant way to avoid MED oscillation issues, where an AS is happy |
425 | not to allow neighbours to inject this problematic metric. | |
426 | ||
42fc5d26 QY |
427 | As MED is evaluated after the AS_PATH length check, another possible use for |
428 | MED is for intra-AS steering of routes with equal AS_PATH length, as an | |
c1a54c05 QY |
429 | extension of the last case above. As MED is evaluated before IGP metric, this |
430 | can allow cold-potato routing to be implemented to send traffic to preferred | |
431 | hand-offs with neighbours, rather than the closest hand-off according to the | |
432 | IGP metric. | |
433 | ||
434 | Note that even if action is taken to address the MED non-transitivity issues, | |
435 | other oscillations may still be possible. E.g., on IGP cost if iBGP and IGP | |
436 | topologies are at cross-purposes with each other - see the Flavel and Roughan | |
437 | paper above for an example. Hence the guideline that the iBGP topology should | |
438 | follow the IGP topology. | |
439 | ||
c3c5a71f | 440 | .. index:: bgp deterministic-med |
29adcd50 | 441 | .. clicmd:: bgp deterministic-med |
42fc5d26 | 442 | |
c1a54c05 QY |
443 | Carry out route-selection in way that produces deterministic answers |
444 | locally, even in the face of MED and the lack of a well-defined order of | |
445 | preference it can induce on routes. Without this option the preferred route | |
446 | with MED may be determined largely by the order that routes were received | |
447 | in. | |
42fc5d26 | 448 | |
c1a54c05 QY |
449 | Setting this option will have a performance cost that may be noticeable when |
450 | there are many routes for each destination. Currently in FRR it is | |
451 | implemented in a way that scales poorly as the number of routes per | |
452 | destination increases. | |
42fc5d26 | 453 | |
c1a54c05 | 454 | The default is that this option is not set. |
42fc5d26 QY |
455 | |
456 | Note that there are other sources of indeterminism in the route selection | |
457 | process, specifically, the preference for older and already selected routes | |
0efdf0fe | 458 | from eBGP peers, :ref:`bgp-decision-process`. |
42fc5d26 | 459 | |
c3c5a71f | 460 | .. index:: bgp always-compare-med |
29adcd50 | 461 | .. clicmd:: bgp always-compare-med |
42fc5d26 | 462 | |
c1a54c05 QY |
463 | Always compare the MED on routes, even when they were received from |
464 | different neighbouring ASes. Setting this option makes the order of | |
465 | preference of routes more defined, and should eliminate MED induced | |
466 | oscillations. | |
42fc5d26 | 467 | |
c1a54c05 | 468 | If using this option, it may also be desirable to use |
9e146a81 | 469 | :clicmd:`set metric METRIC` to set MED to 0 on routes received from external |
c1a54c05 | 470 | neighbours. |
42fc5d26 | 471 | |
9e146a81 QY |
472 | This option can be used, together with :clicmd:`set metric METRIC` to use |
473 | MED as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., | |
474 | desired exit points. | |
42fc5d26 | 475 | |
0efdf0fe | 476 | .. _bgp-network: |
42fc5d26 QY |
477 | |
478 | BGP network | |
479 | =========== | |
480 | ||
481 | ||
0efdf0fe | 482 | .. _bgp-route: |
42fc5d26 QY |
483 | |
484 | BGP route | |
485 | --------- | |
486 | ||
c1a54c05 QY |
487 | .. index:: network A.B.C.D/M |
488 | .. clicmd:: network A.B.C.D/M | |
42fc5d26 | 489 | |
c1a54c05 | 490 | This command adds the announcement network.:: |
c3c5a71f | 491 | |
c1a54c05 QY |
492 | router bgp 1 |
493 | address-family ipv4 unicast | |
494 | network 10.0.0.0/8 | |
495 | exit-address-family | |
42fc5d26 | 496 | |
c1a54c05 QY |
497 | This configuration example says that network 10.0.0.0/8 will be |
498 | announced to all neighbors. Some vendors' routers don't advertise | |
499 | routes if they aren't present in their IGP routing tables; `bgpd` | |
500 | doesn't care about IGP routes when announcing its routes. | |
c3c5a71f | 501 | |
c1a54c05 QY |
502 | .. index:: no network A.B.C.D/M |
503 | .. clicmd:: no network A.B.C.D/M | |
42fc5d26 | 504 | |
42fc5d26 | 505 | |
0efdf0fe | 506 | .. _route-aggregation: |
42fc5d26 QY |
507 | |
508 | Route Aggregation | |
509 | ----------------- | |
510 | ||
c1a54c05 QY |
511 | .. index:: aggregate-address A.B.C.D/M |
512 | .. clicmd:: aggregate-address A.B.C.D/M | |
c3c5a71f | 513 | |
c1a54c05 | 514 | This command specifies an aggregate address. |
42fc5d26 | 515 | |
c1a54c05 QY |
516 | .. index:: aggregate-address A.B.C.D/M as-set |
517 | .. clicmd:: aggregate-address A.B.C.D/M as-set | |
42fc5d26 | 518 | |
c1a54c05 QY |
519 | This command specifies an aggregate address. Resulting routes include |
520 | AS set. | |
42fc5d26 | 521 | |
c1a54c05 QY |
522 | .. index:: aggregate-address A.B.C.D/M summary-only |
523 | .. clicmd:: aggregate-address A.B.C.D/M summary-only | |
c3c5a71f | 524 | |
c1a54c05 QY |
525 | This command specifies an aggregate address. Aggreated routes will |
526 | not be announce. | |
42fc5d26 | 527 | |
c1a54c05 QY |
528 | .. index:: no aggregate-address A.B.C.D/M |
529 | .. clicmd:: no aggregate-address A.B.C.D/M | |
c3c5a71f | 530 | |
42fc5d26 | 531 | |
42fc5d26 | 532 | |
0efdf0fe | 533 | .. _redistribute-to-bgp: |
42fc5d26 QY |
534 | |
535 | Redistribute to BGP | |
536 | ------------------- | |
537 | ||
c3c5a71f | 538 | .. index:: redistribute kernel |
29adcd50 | 539 | .. clicmd:: redistribute kernel |
42fc5d26 | 540 | |
c1a54c05 | 541 | Redistribute kernel route to BGP process. |
42fc5d26 | 542 | |
c3c5a71f | 543 | .. index:: redistribute static |
29adcd50 | 544 | .. clicmd:: redistribute static |
42fc5d26 | 545 | |
c1a54c05 | 546 | Redistribute static route to BGP process. |
42fc5d26 | 547 | |
c3c5a71f | 548 | .. index:: redistribute connected |
29adcd50 | 549 | .. clicmd:: redistribute connected |
42fc5d26 | 550 | |
c1a54c05 | 551 | Redistribute connected route to BGP process. |
42fc5d26 | 552 | |
c3c5a71f | 553 | .. index:: redistribute rip |
29adcd50 | 554 | .. clicmd:: redistribute rip |
42fc5d26 | 555 | |
c1a54c05 | 556 | Redistribute RIP route to BGP process. |
42fc5d26 | 557 | |
c3c5a71f | 558 | .. index:: redistribute ospf |
29adcd50 | 559 | .. clicmd:: redistribute ospf |
42fc5d26 | 560 | |
c1a54c05 | 561 | Redistribute OSPF route to BGP process. |
42fc5d26 | 562 | |
c3c5a71f | 563 | .. index:: redistribute vpn |
29adcd50 | 564 | .. clicmd:: redistribute vpn |
42fc5d26 | 565 | |
c1a54c05 | 566 | Redistribute VNC routes to BGP process. |
42fc5d26 | 567 | |
c1a54c05 QY |
568 | .. index:: update-delay MAX-DELAY |
569 | .. clicmd:: update-delay MAX-DELAY | |
c3c5a71f | 570 | |
c1a54c05 QY |
571 | .. index:: update-delay MAX-DELAY ESTABLISH-WAIT |
572 | .. clicmd:: update-delay MAX-DELAY ESTABLISH-WAIT | |
c3c5a71f | 573 | |
c1a54c05 QY |
574 | This feature is used to enable read-only mode on BGP process restart or when |
575 | BGP process is cleared using 'clear ip bgp \*'. When applicable, read-only | |
576 | mode would begin as soon as the first peer reaches Established status and a | |
577 | timer for max-delay seconds is started. | |
42fc5d26 | 578 | |
c1a54c05 QY |
579 | During this mode BGP doesn't run any best-path or generate any updates to its |
580 | peers. This mode continues until: | |
42fc5d26 | 581 | |
c1a54c05 QY |
582 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR |
583 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
584 | Established is considered an implicit-EOR. | |
585 | If the establish-wait optional value is given, then BGP will wait for | |
586 | peers to reach established from the begining of the update-delay till the | |
587 | establish-wait period is over, i.e. the minimum set of established peers for | |
588 | which EOR is expected would be peers established during the establish-wait | |
589 | window, not necessarily all the configured neighbors. | |
590 | 2. max-delay period is over. | |
42fc5d26 | 591 | |
c1a54c05 QY |
592 | On hitting any of the above two conditions, BGP resumes the decision process |
593 | and generates updates to its peers. | |
42fc5d26 | 594 | |
c1a54c05 | 595 | Default max-delay is 0, i.e. the feature is off by default. |
c3c5a71f | 596 | |
c1a54c05 QY |
597 | .. index:: table-map ROUTE-MAP-NAME |
598 | .. clicmd:: table-map ROUTE-MAP-NAME | |
42fc5d26 | 599 | |
c1a54c05 QY |
600 | This feature is used to apply a route-map on route updates from BGP to |
601 | Zebra. All the applicable match operations are allowed, such as match on | |
602 | prefix, next-hop, communities, etc. Set operations for this attach-point are | |
603 | limited to metric and next-hop only. Any operation of this feature does not | |
604 | affect BGPs internal RIB. | |
42fc5d26 | 605 | |
c1a54c05 QY |
606 | Supported for ipv4 and ipv6 address families. It works on multi-paths as |
607 | well, however, metric setting is based on the best-path only. | |
42fc5d26 | 608 | |
0efdf0fe | 609 | .. _bgp-peer: |
42fc5d26 QY |
610 | |
611 | BGP Peer | |
612 | ======== | |
613 | ||
0efdf0fe | 614 | .. _defining-peer: |
42fc5d26 QY |
615 | |
616 | Defining Peer | |
617 | ------------- | |
618 | ||
c1a54c05 QY |
619 | .. index:: neighbor PEER remote-as ASN |
620 | .. clicmd:: neighbor PEER remote-as ASN | |
42fc5d26 | 621 | |
42fc5d26 | 622 | |
c1a54c05 QY |
623 | Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address |
624 | or an IPv6 address.:: | |
76bd1499 | 625 | |
c1a54c05 QY |
626 | router bgp 1 |
627 | neighbor 10.0.0.1 remote-as 2 | |
76bd1499 | 628 | |
c1a54c05 | 629 | In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1. |
76bd1499 | 630 | |
c1a54c05 QY |
631 | This command must be the first command used when configuring a neighbor. If |
632 | the remote-as is not specified, *bgpd* will complain like this::: | |
76bd1499 | 633 | |
c1a54c05 | 634 | can't find neighbor 10.0.0.1 |
c3c5a71f | 635 | |
42fc5d26 | 636 | |
0efdf0fe | 637 | .. _bgp-peer-commands: |
42fc5d26 QY |
638 | |
639 | BGP Peer commands | |
640 | ----------------- | |
641 | ||
642 | In a `router bgp` clause there are neighbor specific configurations | |
643 | required. | |
644 | ||
c1a54c05 QY |
645 | .. index:: neighbor PEER shutdown |
646 | .. clicmd:: neighbor PEER shutdown | |
c3c5a71f | 647 | |
c1a54c05 QY |
648 | .. index:: no neighbor PEER shutdown |
649 | .. clicmd:: no neighbor PEER shutdown | |
c3c5a71f | 650 | |
c1a54c05 QY |
651 | Shutdown the peer. We can delete the neighbor's configuration by |
652 | ``no neighbor PEER remote-as ASN`` but all configuration of the neighbor | |
653 | will be deleted. When you want to preserve the configuration, but want to | |
654 | drop the BGP peer, use this syntax. | |
c3c5a71f | 655 | |
c1a54c05 QY |
656 | .. index:: neighbor PEER ebgp-multihop |
657 | .. clicmd:: neighbor PEER ebgp-multihop | |
c3c5a71f | 658 | |
c1a54c05 QY |
659 | .. index:: no neighbor PEER ebgp-multihop |
660 | .. clicmd:: no neighbor PEER ebgp-multihop | |
c3c5a71f | 661 | |
c3c5a71f | 662 | |
c1a54c05 QY |
663 | .. index:: neighbor PEER description ... |
664 | .. clicmd:: neighbor PEER description ... | |
c3c5a71f | 665 | |
42fc5d26 | 666 | |
c1a54c05 QY |
667 | .. index:: no neighbor PEER description ... |
668 | .. clicmd:: no neighbor PEER description ... | |
42fc5d26 | 669 | |
c1a54c05 | 670 | Set description of the peer. |
42fc5d26 | 671 | |
c1a54c05 QY |
672 | .. index:: neighbor PEER version VERSION |
673 | .. clicmd:: neighbor PEER version VERSION | |
42fc5d26 | 674 | |
4da7fda3 QY |
675 | Set up the neighbor's BGP version. `version` can be `4`, `4+` or `4-`. BGP |
676 | version `4` is the default value used for BGP peering. BGP version `4+` | |
677 | means that the neighbor supports Multiprotocol Extensions for BGP-4. BGP | |
678 | version `4-` is similar but the neighbor speaks the old Internet-Draft | |
679 | revision 00's Multiprotocol Extensions for BGP-4. Some routing software is | |
680 | still using this version. | |
42fc5d26 | 681 | |
c1a54c05 QY |
682 | .. index:: neighbor PEER interface IFNAME |
683 | .. clicmd:: neighbor PEER interface IFNAME | |
42fc5d26 | 684 | |
42fc5d26 | 685 | |
c1a54c05 QY |
686 | .. index:: no neighbor PEER interface IFNAME |
687 | .. clicmd:: no neighbor PEER interface IFNAME | |
42fc5d26 | 688 | |
c1a54c05 QY |
689 | When you connect to a BGP peer over an IPv6 link-local address, you have to |
690 | specify the IFNAME of the interface used for the connection. To specify | |
691 | IPv4 session addresses, see the ``neighbor PEER update-source`` command | |
692 | below. | |
42fc5d26 | 693 | |
c1a54c05 QY |
694 | This command is deprecated and may be removed in a future release. Its use |
695 | should be avoided. | |
42fc5d26 | 696 | |
c1a54c05 QY |
697 | .. index:: neighbor PEER next-hop-self [all] |
698 | .. clicmd:: neighbor PEER next-hop-self [all] | |
42fc5d26 | 699 | |
42fc5d26 | 700 | |
c1a54c05 QY |
701 | .. index:: no neighbor PEER next-hop-self [all] |
702 | .. clicmd:: no neighbor PEER next-hop-self [all] | |
42fc5d26 | 703 | |
c1a54c05 QY |
704 | This command specifies an announced route's nexthop as being equivalent to |
705 | the address of the bgp router if it is learned via eBGP. If the optional | |
706 | keyword `all` is specified the modifiation is done also for routes learned | |
707 | via iBGP. | |
42fc5d26 | 708 | |
c1a54c05 QY |
709 | .. index:: neighbor PEER update-source <IFNAME|ADDRESS> |
710 | .. clicmd:: neighbor PEER update-source <IFNAME|ADDRESS> | |
42fc5d26 | 711 | |
42fc5d26 | 712 | |
c1a54c05 QY |
713 | .. index:: no neighbor PEER update-source |
714 | .. clicmd:: no neighbor PEER update-source | |
42fc5d26 | 715 | |
c1a54c05 QY |
716 | Specify the IPv4 source address to use for the :abbr:`BGP` session to this |
717 | neighbour, may be specified as either an IPv4 address directly or as an | |
718 | interface name (in which case the *zebra* daemon MUST be running in order | |
719 | for *bgpd* to be able to retrieve interface state).:: | |
42fc5d26 | 720 | |
c1a54c05 QY |
721 | router bgp 64555 |
722 | neighbor foo update-source 192.168.0.1 | |
723 | neighbor bar update-source lo0 | |
42fc5d26 | 724 | |
42fc5d26 | 725 | |
c1a54c05 QY |
726 | .. index:: neighbor PEER default-originate |
727 | .. clicmd:: neighbor PEER default-originate | |
42fc5d26 | 728 | |
c1a54c05 QY |
729 | .. index:: no neighbor PEER default-originate |
730 | .. clicmd:: no neighbor PEER default-originate | |
42fc5d26 | 731 | |
4da7fda3 QY |
732 | *bgpd*'s default is to not announce the default route (0.0.0.0/0) even if it |
733 | is in routing table. When you want to announce default routes to the peer, | |
734 | use this command. | |
42fc5d26 | 735 | |
c1a54c05 QY |
736 | .. index:: neighbor PEER port PORT |
737 | .. clicmd:: neighbor PEER port PORT | |
42fc5d26 | 738 | |
c1a54c05 QY |
739 | .. index:: neighbor PEER send-community |
740 | .. clicmd:: neighbor PEER send-community | |
42fc5d26 | 741 | |
c1a54c05 QY |
742 | .. index:: neighbor PEER weight WEIGHT |
743 | .. clicmd:: neighbor PEER weight WEIGHT | |
42fc5d26 | 744 | |
42fc5d26 | 745 | |
c1a54c05 QY |
746 | .. index:: no neighbor PEER weight WEIGHT |
747 | .. clicmd:: no neighbor PEER weight WEIGHT | |
42fc5d26 | 748 | |
c1a54c05 | 749 | This command specifies a default `weight` value for the neighbor's routes. |
42fc5d26 | 750 | |
c1a54c05 QY |
751 | .. index:: neighbor PEER maximum-prefix NUMBER |
752 | .. clicmd:: neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 753 | |
42fc5d26 | 754 | |
c1a54c05 QY |
755 | .. index:: no neighbor PEER maximum-prefix NUMBER |
756 | .. clicmd:: no neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 757 | |
42fc5d26 | 758 | |
c1a54c05 QY |
759 | .. index:: neighbor PEER local-as AS-NUMBER |
760 | .. clicmd:: neighbor PEER local-as AS-NUMBER | |
42fc5d26 | 761 | |
42fc5d26 | 762 | |
c1a54c05 QY |
763 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend |
764 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend | |
42fc5d26 | 765 | |
42fc5d26 | 766 | |
c1a54c05 QY |
767 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend replace-as |
768 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend replace-as | |
42fc5d26 | 769 | |
42fc5d26 | 770 | |
c1a54c05 QY |
771 | .. index:: no neighbor PEER local-as |
772 | .. clicmd:: no neighbor PEER local-as | |
42fc5d26 | 773 | |
c1a54c05 QY |
774 | Specify an alternate AS for this BGP process when interacting with the |
775 | specified peer. With no modifiers, the specified local-as is prepended to | |
776 | the received AS_PATH when receiving routing updates from the peer, and | |
777 | prepended to the outgoing AS_PATH (after the process local AS) when | |
778 | transmitting local routes to the peer. | |
42fc5d26 | 779 | |
c1a54c05 QY |
780 | If the no-prepend attribute is specified, then the supplied local-as is not |
781 | prepended to the received AS_PATH. | |
c3c5a71f | 782 | |
c1a54c05 QY |
783 | If the replace-as attribute is specified, then only the supplied local-as is |
784 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
c3c5a71f | 785 | |
c1a54c05 | 786 | Note that replace-as can only be specified if no-prepend is. |
c3c5a71f | 787 | |
c1a54c05 | 788 | This command is only allowed for eBGP peers. |
c3c5a71f | 789 | |
c1a54c05 QY |
790 | .. index:: neighbor PEER ttl-security hops NUMBER |
791 | .. clicmd:: neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 792 | |
c3c5a71f | 793 | |
c1a54c05 QY |
794 | .. index:: no neighbor PEER ttl-security hops NUMBER |
795 | .. clicmd:: no neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 796 | |
c1a54c05 QY |
797 | This command enforces Generalized TTL Security Mechanism (GTSM), as |
798 | specified in RFC 5082. With this command, only neighbors that are the | |
799 | specified number of hops away will be allowed to become neighbors. This | |
800 | command is mututally exclusive with *ebgp-multihop*. | |
42fc5d26 | 801 | |
0efdf0fe | 802 | .. _peer-filtering: |
42fc5d26 QY |
803 | |
804 | Peer filtering | |
805 | -------------- | |
806 | ||
c1a54c05 QY |
807 | .. index:: neighbor PEER distribute-list NAME [in|out] |
808 | .. clicmd:: neighbor PEER distribute-list NAME [in|out] | |
42fc5d26 | 809 | |
c1a54c05 QY |
810 | This command specifies a distribute-list for the peer. `direct` is |
811 | ``in`` or ``out``. | |
42fc5d26 | 812 | |
c3c5a71f | 813 | .. index:: neighbor PEER prefix-list NAME [in|out] |
29adcd50 | 814 | .. clicmd:: neighbor PEER prefix-list NAME [in|out] |
42fc5d26 | 815 | |
c1a54c05 | 816 | .. index:: neighbor PEER filter-list NAME [in|out] |
29adcd50 | 817 | .. clicmd:: neighbor PEER filter-list NAME [in|out] |
42fc5d26 | 818 | |
c1a54c05 QY |
819 | .. index:: neighbor PEER route-map NAME [in|out] |
820 | .. clicmd:: neighbor PEER route-map NAME [in|out] | |
42fc5d26 | 821 | |
c1a54c05 | 822 | Apply a route-map on the neighbor. `direct` must be `in` or `out`. |
42fc5d26 | 823 | |
c3c5a71f | 824 | .. index:: bgp route-reflector allow-outbound-policy |
29adcd50 | 825 | .. clicmd:: bgp route-reflector allow-outbound-policy |
42fc5d26 | 826 | |
c1a54c05 QY |
827 | By default, attribute modification via route-map policy out is not reflected |
828 | on reflected routes. This option allows the modifications to be reflected as | |
829 | well. Once enabled, it affects all reflected routes. | |
42fc5d26 | 830 | |
0efdf0fe | 831 | .. _bgp-peer-group: |
42fc5d26 QY |
832 | |
833 | BGP Peer Group | |
834 | ============== | |
835 | ||
c1a54c05 QY |
836 | .. index:: neighbor WORD peer-group |
837 | .. clicmd:: neighbor WORD peer-group | |
42fc5d26 | 838 | |
c1a54c05 | 839 | This command defines a new peer group. |
42fc5d26 | 840 | |
c1a54c05 QY |
841 | .. index:: neighbor PEER peer-group WORD |
842 | .. clicmd:: neighbor PEER peer-group WORD | |
c3c5a71f | 843 | |
c1a54c05 | 844 | This command bind specific peer to peer group WORD. |
42fc5d26 | 845 | |
0efdf0fe | 846 | .. _bgp-address-family: |
42fc5d26 QY |
847 | |
848 | BGP Address Family | |
849 | ================== | |
850 | ||
c1a54c05 QY |
851 | Multiprotocol BGP enables BGP to carry routing information for multiple Network |
852 | Layer protocols. BGP supports multiple Address Family Identifier (AFI), namely | |
853 | IPv4 and IPv6. Support is also provided for multiple sets of per-AFI | |
854 | information via Subsequent Address Family Identifiers (SAFI). In addition to | |
855 | unicast information, VPN information :rfc:`4364` and :rfc:`4659`, and | |
d38549c9 | 856 | Encapsulation attribute :rfc:`5512` is supported. |
42fc5d26 | 857 | |
d38549c9 QY |
858 | .. index:: show ip bgp ipv4 vpn |
859 | .. clicmd:: show ip bgp ipv4 vpn | |
42fc5d26 | 860 | |
d38549c9 QY |
861 | .. index:: show ipv6 bgp ipv6 vpn |
862 | .. clicmd:: show ipv6 bgp ipv6 vpn | |
42fc5d26 | 863 | |
c1a54c05 | 864 | Print active IPV4 or IPV6 routes advertised via the VPN SAFI. |
42fc5d26 | 865 | |
c1a54c05 | 866 | .. index:: show bgp ipv4 vpn summary |
29adcd50 | 867 | .. clicmd:: show bgp ipv4 vpn summary |
42fc5d26 | 868 | |
c1a54c05 | 869 | .. index:: show bgp ipv6 vpn summary |
29adcd50 | 870 | .. clicmd:: show bgp ipv6 vpn summary |
c1a54c05 QY |
871 | |
872 | Print a summary of neighbor connections for the specified AFI/SAFI combination. | |
42fc5d26 | 873 | |
0efdf0fe | 874 | .. _autonomous-system: |
42fc5d26 QY |
875 | |
876 | Autonomous System | |
877 | ================= | |
878 | ||
c1a54c05 QY |
879 | The :abbr:`AS (Autonomous System)` number is one of the essential element of |
880 | BGP. BGP is a distance vector routing protocol, and the AS-Path framework | |
881 | provides distance vector metric and loop detection to BGP. :rfc:`1930` provides | |
882 | some background on the concepts of an AS. | |
42fc5d26 | 883 | |
c1a54c05 QY |
884 | The AS number is a two octet value, ranging in value from 1 to 65535. The AS |
885 | numbers 64512 through 65535 are defined as private AS numbers. Private AS | |
886 | numbers must not to be advertised in the global Internet. | |
42fc5d26 | 887 | |
0efdf0fe | 888 | .. _display-bgp-routes-by-as-path: |
42fc5d26 QY |
889 | |
890 | Display BGP Routes by AS Path | |
891 | ----------------------------- | |
892 | ||
c1a54c05 QY |
893 | To show BGP routes which has specific AS path information `show ip bgp` command |
894 | can be used. | |
42fc5d26 | 895 | |
c3c5a71f | 896 | .. index:: show bgp ipv4|ipv6 regexp LINE |
29adcd50 | 897 | .. clicmd:: show bgp ipv4|ipv6 regexp LINE |
c1a54c05 QY |
898 | |
899 | This commands displays BGP routes that matches a regular | |
0efdf0fe | 900 | expression `line` (:ref:`bgp-regular-expressions`). |
42fc5d26 | 901 | |
0efdf0fe | 902 | .. _as-path-access-list: |
42fc5d26 QY |
903 | |
904 | AS Path Access List | |
905 | ------------------- | |
906 | ||
907 | AS path access list is user defined AS path. | |
908 | ||
c3c5a71f | 909 | .. index:: ip as-path access-list WORD permit|deny LINE |
29adcd50 | 910 | .. clicmd:: ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 911 | |
c1a54c05 | 912 | This command defines a new AS path access list. |
42fc5d26 | 913 | |
c1a54c05 | 914 | .. index:: no ip as-path access-list WORD |
29adcd50 | 915 | .. clicmd:: no ip as-path access-list WORD |
42fc5d26 | 916 | |
c1a54c05 | 917 | .. index:: no ip as-path access-list WORD permit|deny LINE |
29adcd50 | 918 | .. clicmd:: no ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 919 | |
0efdf0fe | 920 | .. _using-as-path-in-route-map: |
42fc5d26 QY |
921 | |
922 | Using AS Path in Route Map | |
923 | -------------------------- | |
924 | ||
c3c5a71f | 925 | .. index:: match as-path WORD |
29adcd50 | 926 | .. clicmd:: match as-path WORD |
42fc5d26 | 927 | |
42fc5d26 | 928 | |
c1a54c05 | 929 | .. index:: set as-path prepend AS-PATH |
29adcd50 | 930 | .. clicmd:: set as-path prepend AS-PATH |
42fc5d26 | 931 | |
c1a54c05 | 932 | Prepend the given string of AS numbers to the AS_PATH. |
42fc5d26 | 933 | |
c1a54c05 | 934 | .. index:: set as-path prepend last-as NUM |
29adcd50 | 935 | .. clicmd:: set as-path prepend last-as NUM |
c1a54c05 QY |
936 | |
937 | Prepend the existing last AS number (the leftmost ASN) to the AS_PATH. | |
42fc5d26 | 938 | |
0efdf0fe | 939 | .. _private-as-numbers: |
42fc5d26 QY |
940 | |
941 | Private AS Numbers | |
942 | ------------------ | |
943 | ||
0efdf0fe | 944 | .. _bgp-communities-attribute: |
42fc5d26 QY |
945 | |
946 | BGP Communities Attribute | |
947 | ========================= | |
948 | ||
c1a54c05 QY |
949 | BGP communities attribute is widely used for implementing policy routing. |
950 | Network operators can manipulate BGP communities attribute based on their | |
951 | network policy. BGP communities attribute is defined in :rfc:`1997` and | |
952 | :rfc:`1998`. It is an optional transitive attribute, therefore local policy can | |
953 | travel through different autonomous system. | |
954 | ||
955 | Communities attribute is a set of communities values. Each communities value is | |
956 | 4 octet long. The following format is used to define communities value. | |
957 | ||
958 | ||
959 | AS:VAL | |
960 | This format represents 4 octet communities value. ``AS`` is high order 2 | |
961 | octet in digit format. ``VAL`` is low order 2 octet in digit format. This | |
962 | format is useful to define AS oriented policy value. For example, | |
963 | ``7675:80`` can be used when AS 7675 wants to pass local policy value 80 to | |
964 | neighboring peer. | |
965 | ||
966 | internet | |
967 | `internet` represents well-known communities value 0. | |
968 | ||
969 | no-export | |
970 | ``no-export`` represents well-known communities value ``NO_EXPORT`` | |
971 | ``0xFFFFFF01``. All routes carry this value must not be advertised to | |
972 | outside a BGP confederation boundary. If neighboring BGP peer is part of BGP | |
973 | confederation, the peer is considered as inside a BGP confederation | |
974 | boundary, so the route will be announced to the peer. | |
975 | ||
976 | no-advertise | |
977 | ``no-advertise`` represents well-known communities value ``NO_ADVERTISE`` | |
978 | ``0xFFFFFF02``. All routes carry this value must not be advertise to other | |
979 | BGP peers. | |
980 | ||
981 | local-AS | |
982 | ``local-AS`` represents well-known communities value ``NO_EXPORT_SUBCONFED`` | |
983 | ``0xFFFFFF03``. All routes carry this value must not be advertised to | |
984 | external BGP peers. Even if the neighboring router is part of confederation, | |
985 | it is considered as external BGP peer, so the route will not be announced to | |
986 | the peer. | |
987 | ||
988 | When BGP communities attribute is received, duplicated communities value in the | |
989 | communities attribute is ignored and each communities values are sorted in | |
990 | numerical order. | |
42fc5d26 | 991 | |
0efdf0fe | 992 | .. _bgp-community-lists: |
42fc5d26 QY |
993 | |
994 | BGP Community Lists | |
995 | ------------------- | |
996 | ||
c1a54c05 QY |
997 | BGP community list is a user defined BGP communites attribute list. BGP |
998 | community list can be used for matching or manipulating BGP communities | |
999 | attribute in updates. | |
1000 | ||
1001 | There are two types of community list. One is standard community list and | |
1002 | another is expanded community list. Standard community list defines communities | |
1003 | attribute. Expanded community list defines communities attribute string with | |
1004 | regular expression. Standard community list is compiled into binary format when | |
1005 | user define it. Standard community list will be directly compared to BGP | |
1006 | communities attribute in BGP updates. Therefore the comparison is faster than | |
42fc5d26 QY |
1007 | expanded community list. |
1008 | ||
c3c5a71f | 1009 | .. index:: ip community-list standard NAME permit|deny COMMUNITY |
29adcd50 | 1010 | .. clicmd:: ip community-list standard NAME permit|deny COMMUNITY |
42fc5d26 | 1011 | |
c1a54c05 QY |
1012 | This command defines a new standard community list. COMUNITY is |
1013 | communities value. The COMUNITY is compiled into community structure. We | |
1014 | can define multiple community list under same name. In that case match will | |
1015 | happen user defined order. Once the community list matches to communities | |
1016 | attribute in BGP updates it return permit or deny by the community list | |
1017 | definition. When there is no matched entry, deny will be returned. When | |
1018 | COMUNITY is empty it matches to any routes. | |
42fc5d26 | 1019 | |
c1a54c05 | 1020 | .. index:: ip community-list expanded NAME permit|deny LINE |
29adcd50 | 1021 | .. clicmd:: ip community-list expanded NAME permit|deny LINE |
42fc5d26 | 1022 | |
c1a54c05 QY |
1023 | This command defines a new expanded community list. COMUNITY is a |
1024 | string expression of communities attribute. COMUNITY can be a | |
0efdf0fe | 1025 | regular expression (:ref:`bgp-regular-expressions`) to match |
c1a54c05 | 1026 | the communities attribute in BGP updates. |
42fc5d26 | 1027 | |
c1a54c05 | 1028 | .. index:: no ip community-list NAME |
29adcd50 | 1029 | .. clicmd:: no ip community-list NAME |
42fc5d26 | 1030 | |
c1a54c05 | 1031 | .. index:: no ip community-list standard NAME |
29adcd50 | 1032 | .. clicmd:: no ip community-list standard NAME |
42fc5d26 | 1033 | |
c1a54c05 | 1034 | .. index:: no ip community-list expanded NAME |
29adcd50 | 1035 | .. clicmd:: no ip community-list expanded NAME |
42fc5d26 | 1036 | |
c1a54c05 QY |
1037 | These commands delete community lists specified by NAME. All of |
1038 | community lists shares a single name space. So community lists can be | |
1039 | removed simpley specifying community lists name. | |
42fc5d26 | 1040 | |
c1a54c05 | 1041 | .. index:: show ip community-list |
29adcd50 | 1042 | .. clicmd:: show ip community-list |
42fc5d26 | 1043 | |
c1a54c05 | 1044 | .. index:: show ip community-list NAME |
29adcd50 | 1045 | .. clicmd:: show ip community-list NAME |
42fc5d26 | 1046 | |
c1a54c05 QY |
1047 | This command displays current community list information. When NAME is |
1048 | specified the specified community list's information is shown. | |
c3c5a71f | 1049 | |
c1a54c05 | 1050 | :: |
76bd1499 | 1051 | |
c1a54c05 QY |
1052 | # show ip community-list |
1053 | Named Community standard list CLIST | |
1054 | permit 7675:80 7675:100 no-export | |
1055 | deny internet | |
1056 | Named Community expanded list EXPAND | |
1057 | permit : | |
76bd1499 | 1058 | |
c1a54c05 QY |
1059 | # show ip community-list CLIST |
1060 | Named Community standard list CLIST | |
1061 | permit 7675:80 7675:100 no-export | |
1062 | deny internet | |
42fc5d26 | 1063 | |
42fc5d26 | 1064 | |
0efdf0fe | 1065 | .. _numbered-bgp-community-lists: |
42fc5d26 QY |
1066 | |
1067 | Numbered BGP Community Lists | |
1068 | ---------------------------- | |
1069 | ||
1070 | When number is used for BGP community list name, the number has | |
c3c5a71f QY |
1071 | special meanings. Community list number in the range from 1 and 99 is |
1072 | standard community list. Community list number in the range from 100 | |
1073 | to 199 is expanded community list. These community lists are called | |
1074 | as numbered community lists. On the other hand normal community lists | |
42fc5d26 QY |
1075 | is called as named community lists. |
1076 | ||
29adcd50 | 1077 | .. index:: ip community-list (1-99) permit|deny COMMUNITY |
29adcd50 | 1078 | .. clicmd:: ip community-list (1-99) permit|deny COMMUNITY |
42fc5d26 | 1079 | |
c1a54c05 QY |
1080 | This command defines a new community list. (1-99) is standard |
1081 | community list number. Community list name within this range defines | |
1082 | standard community list. When `community` is empty it matches to | |
1083 | any routes. | |
42fc5d26 | 1084 | |
c1a54c05 | 1085 | .. index:: ip community-list (100-199) permit|deny COMMUNITY |
29adcd50 | 1086 | .. clicmd:: ip community-list (100-199) permit|deny COMMUNITY |
42fc5d26 | 1087 | |
c1a54c05 QY |
1088 | This command defines a new community list. (100-199) is expanded |
1089 | community list number. Community list name within this range defines | |
1090 | expanded community list. | |
42fc5d26 | 1091 | |
c1a54c05 | 1092 | .. index:: ip community-list NAME permit|deny COMMUNITY |
29adcd50 | 1093 | .. clicmd:: ip community-list NAME permit|deny COMMUNITY |
c1a54c05 QY |
1094 | |
1095 | When community list type is not specifed, the community list type is | |
1096 | automatically detected. If COMMUNITY can be compiled into communities | |
1097 | attribute, the community list is defined as a standard community list. | |
1098 | Otherwise it is defined as an expanded community list. This feature is left | |
1099 | for backward compability. Use of this feature is not recommended. | |
42fc5d26 | 1100 | |
0efdf0fe | 1101 | .. _bgp-community-in-route-map: |
42fc5d26 QY |
1102 | |
1103 | BGP Community in Route Map | |
1104 | -------------------------- | |
1105 | ||
0efdf0fe | 1106 | In Route Map (:ref:`route-map`), we can match or set BGP |
c3c5a71f | 1107 | communities attribute. Using this feature network operator can |
42fc5d26 QY |
1108 | implement their network policy based on BGP communities attribute. |
1109 | ||
1110 | Following commands can be used in Route Map. | |
1111 | ||
c3c5a71f | 1112 | .. index:: match community WORD |
29adcd50 | 1113 | .. clicmd:: match community WORD |
42fc5d26 | 1114 | |
c1a54c05 | 1115 | .. index:: match community WORD exact-match |
29adcd50 | 1116 | .. clicmd:: match community WORD exact-match |
42fc5d26 | 1117 | |
c1a54c05 QY |
1118 | This command perform match to BGP updates using community list WORD. When |
1119 | the one of BGP communities value match to the one of communities value in | |
1120 | community list, it is match. When `exact-match` keyword is spcified, match | |
1121 | happen only when BGP updates have completely same communities value | |
1122 | specified in the community list. | |
42fc5d26 | 1123 | |
c1a54c05 | 1124 | .. index:: set community none |
29adcd50 | 1125 | .. clicmd:: set community none |
42fc5d26 | 1126 | |
c1a54c05 | 1127 | .. index:: set community COMMUNITY |
29adcd50 | 1128 | .. clicmd:: set community COMMUNITY |
42fc5d26 | 1129 | |
c1a54c05 | 1130 | .. index:: set community COMMUNITY additive |
29adcd50 | 1131 | .. clicmd:: set community COMMUNITY additive |
42fc5d26 | 1132 | |
c1a54c05 QY |
1133 | This command manipulate communities value in BGP updates. When |
1134 | `none` is specified as communities value, it removes entire | |
1135 | communities attribute from BGP updates. When `community` is not | |
1136 | `none`, specified communities value is set to BGP updates. If | |
1137 | BGP updates already has BGP communities value, the existing BGP | |
1138 | communities value is replaced with specified `community` value. | |
1139 | When `additive` keyword is specified, `community` is appended | |
1140 | to the existing communities value. | |
42fc5d26 | 1141 | |
c1a54c05 | 1142 | .. index:: set comm-list WORD delete |
29adcd50 | 1143 | .. clicmd:: set comm-list WORD delete |
c1a54c05 QY |
1144 | |
1145 | This command remove communities value from BGP communities attribute. | |
1146 | The `word` is community list name. When BGP route's communities | |
1147 | value matches to the community list `word`, the communities value | |
1148 | is removed. When all of communities value is removed eventually, the | |
1149 | BGP update's communities attribute is completely removed. | |
42fc5d26 | 1150 | |
0efdf0fe | 1151 | .. _display-bgp-routes-by-community: |
42fc5d26 QY |
1152 | |
1153 | Display BGP Routes by Community | |
1154 | ------------------------------- | |
1155 | ||
1156 | To show BGP routes which has specific BGP communities attribute, | |
1157 | `show bgp {ipv4|ipv6}` command can be used. The | |
1158 | `community` and `community-list` subcommand can be used. | |
1159 | ||
c3c5a71f | 1160 | .. index:: show bgp ipv4|ipv6 community |
29adcd50 | 1161 | .. clicmd:: show bgp ipv4|ipv6 community |
42fc5d26 | 1162 | |
c1a54c05 | 1163 | .. index:: show bgp ipv4|ipv6 community COMMUNITY |
29adcd50 | 1164 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY |
42fc5d26 | 1165 | |
c1a54c05 | 1166 | .. index:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
29adcd50 | 1167 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
42fc5d26 | 1168 | |
c1a54c05 QY |
1169 | `show bgp {ipv4|ipv6} community` displays BGP routes which has communities |
1170 | attribute. Where the address family can be IPv4 or IPv6 among others. When | |
1171 | `community` is specified, BGP routes that matches `community` value is | |
1172 | displayed. For this command, `internet` keyword can't be used for | |
1173 | `community` value. When `exact-match` is specified, it display only | |
1174 | routes that have an exact match. | |
42fc5d26 | 1175 | |
c1a54c05 | 1176 | .. index:: show bgp ipv4|ipv6 community-list WORD |
29adcd50 | 1177 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD |
42fc5d26 | 1178 | |
c1a54c05 | 1179 | .. index:: show bgp ipv4|ipv6 community-list WORD exact-match |
29adcd50 | 1180 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD exact-match |
c1a54c05 QY |
1181 | |
1182 | This commands display BGP routes for the address family specified that matches | |
1183 | community list `word`. When `exact-match` is specified, display only | |
1184 | routes that have an exact match. | |
42fc5d26 | 1185 | |
0efdf0fe | 1186 | .. _using-bgp-communities-attribute: |
42fc5d26 QY |
1187 | |
1188 | Using BGP Communities Attribute | |
1189 | ------------------------------- | |
1190 | ||
1191 | Following configuration is the most typical usage of BGP communities | |
c3c5a71f | 1192 | attribute. AS 7675 provides upstream Internet connection to AS 100. |
42fc5d26 QY |
1193 | When following configuration exists in AS 7675, AS 100 networks |
1194 | operator can set local preference in AS 7675 network by setting BGP | |
c1a54c05 QY |
1195 | communities attribute to the updates.:: |
1196 | ||
1197 | router bgp 7675 | |
1198 | neighbor 192.168.0.1 remote-as 100 | |
1199 | address-family ipv4 unicast | |
1200 | neighbor 192.168.0.1 route-map RMAP in | |
1201 | exit-address-family | |
1202 | ! | |
1203 | ip community-list 70 permit 7675:70 | |
1204 | ip community-list 70 deny | |
1205 | ip community-list 80 permit 7675:80 | |
1206 | ip community-list 80 deny | |
1207 | ip community-list 90 permit 7675:90 | |
1208 | ip community-list 90 deny | |
1209 | ! | |
1210 | route-map RMAP permit 10 | |
1211 | match community 70 | |
1212 | set local-preference 70 | |
1213 | ! | |
1214 | route-map RMAP permit 20 | |
1215 | match community 80 | |
1216 | set local-preference 80 | |
1217 | ! | |
1218 | route-map RMAP permit 30 | |
1219 | match community 90 | |
1220 | set local-preference 90 | |
c3c5a71f | 1221 | |
42fc5d26 QY |
1222 | |
1223 | Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. | |
1224 | The route has communities value 7675:80 so when above configuration | |
1225 | exists in AS 7675, announced route's local preference will be set to | |
c1a54c05 QY |
1226 | value 80.:: |
1227 | ||
1228 | router bgp 100 | |
1229 | network 10.0.0.0/8 | |
1230 | neighbor 192.168.0.2 remote-as 7675 | |
1231 | address-family ipv4 unicast | |
1232 | neighbor 192.168.0.2 route-map RMAP out | |
1233 | exit-address-family | |
1234 | ! | |
1235 | ip prefix-list PLIST permit 10.0.0.0/8 | |
1236 | ! | |
1237 | route-map RMAP permit 10 | |
1238 | match ip address prefix-list PLIST | |
1239 | set community 7675:80 | |
c3c5a71f | 1240 | |
42fc5d26 QY |
1241 | |
1242 | Following configuration is an example of BGP route filtering using | |
c3c5a71f QY |
1243 | communities attribute. This configuration only permit BGP routes |
1244 | which has BGP communities value 0:80 or 0:90. Network operator can | |
42fc5d26 | 1245 | put special internal communities value at BGP border router, then |
c1a54c05 | 1246 | limit the BGP routes announcement into the internal network.:: |
42fc5d26 | 1247 | |
c1a54c05 QY |
1248 | router bgp 7675 |
1249 | neighbor 192.168.0.1 remote-as 100 | |
1250 | address-family ipv4 unicast | |
1251 | neighbor 192.168.0.1 route-map RMAP in | |
1252 | exit-address-family | |
1253 | ! | |
1254 | ip community-list 1 permit 0:80 0:90 | |
1255 | ! | |
1256 | route-map RMAP permit in | |
1257 | match community 1 | |
c3c5a71f | 1258 | |
42fc5d26 QY |
1259 | |
1260 | Following exmaple filter BGP routes which has communities value 1:1. | |
c3c5a71f | 1261 | When there is no match community-list returns deny. To avoid |
c1a54c05 | 1262 | filtering all of routes, we need to define permit any at last.:: |
42fc5d26 | 1263 | |
c1a54c05 QY |
1264 | router bgp 7675 |
1265 | neighbor 192.168.0.1 remote-as 100 | |
1266 | address-family ipv4 unicast | |
1267 | neighbor 192.168.0.1 route-map RMAP in | |
1268 | exit-address-family | |
1269 | ! | |
1270 | ip community-list standard FILTER deny 1:1 | |
1271 | ip community-list standard FILTER permit | |
1272 | ! | |
1273 | route-map RMAP permit 10 | |
1274 | match community FILTER | |
c3c5a71f | 1275 | |
42fc5d26 QY |
1276 | |
1277 | Communities value keyword `internet` has special meanings in | |
c3c5a71f QY |
1278 | standard community lists. In below example `internet` act as |
1279 | match any. It matches all of BGP routes even if the route does not | |
c1a54c05 QY |
1280 | have communities attribute at all. So community list ``INTERNET`` |
1281 | is same as above example's ``FILTER``.:: | |
42fc5d26 | 1282 | |
c1a54c05 QY |
1283 | ip community-list standard INTERNET deny 1:1 |
1284 | ip community-list standard INTERNET permit internet | |
c3c5a71f | 1285 | |
42fc5d26 QY |
1286 | |
1287 | Following configuration is an example of communities value deletion. | |
1288 | With this configuration communities value 100:1 and 100:2 is removed | |
c3c5a71f | 1289 | from BGP updates. For communities value deletion, only `permit` |
c1a54c05 | 1290 | community-list is used. `deny` community-list is ignored.:: |
42fc5d26 | 1291 | |
c1a54c05 QY |
1292 | router bgp 7675 |
1293 | neighbor 192.168.0.1 remote-as 100 | |
1294 | address-family ipv4 unicast | |
1295 | neighbor 192.168.0.1 route-map RMAP in | |
1296 | exit-address-family | |
1297 | ! | |
1298 | ip community-list standard DEL permit 100:1 100:2 | |
1299 | ! | |
1300 | route-map RMAP permit 10 | |
1301 | set comm-list DEL delete | |
c3c5a71f | 1302 | |
42fc5d26 | 1303 | |
0efdf0fe | 1304 | .. _bgp-extended-communities-attribute: |
42fc5d26 QY |
1305 | |
1306 | BGP Extended Communities Attribute | |
1307 | ================================== | |
1308 | ||
c1a54c05 QY |
1309 | BGP extended communities attribute is introduced with MPLS VPN/BGP technology. |
1310 | MPLS VPN/BGP expands capability of network infrastructure to provide VPN | |
1311 | functionality. At the same time it requires a new framework for policy routing. | |
1312 | With BGP Extended Communities Attribute we can use Route Target or Site of | |
1313 | Origin for implementing network policy for MPLS VPN/BGP. | |
42fc5d26 | 1314 | |
c1a54c05 QY |
1315 | BGP Extended Communities Attribute is similar to BGP Communities Attribute. It |
1316 | is an optional transitive attribute. BGP Extended Communities Attribute can | |
1317 | carry multiple Extended Community value. Each Extended Community value is | |
1318 | eight octet length. | |
42fc5d26 | 1319 | |
c1a54c05 QY |
1320 | BGP Extended Communities Attribute provides an extended range compared with BGP |
1321 | Communities Attribute. Adding to that there is a type field in each value to | |
1322 | provides community space structure. | |
42fc5d26 | 1323 | |
c1a54c05 QY |
1324 | There are two format to define Extended Community value. One is AS based format |
1325 | the other is IP address based format. | |
42fc5d26 QY |
1326 | |
1327 | *AS:VAL* | |
c1a54c05 QY |
1328 | This is a format to define AS based Extended Community value. |
1329 | `AS` part is 2 octets Global Administrator subfield in Extended | |
1330 | Community value. `VAL` part is 4 octets Local Administrator | |
1331 | subfield. `7675:100` represents AS 7675 policy value 100. | |
42fc5d26 QY |
1332 | |
1333 | *IP-Address:VAL* | |
c1a54c05 QY |
1334 | This is a format to define IP address based Extended Community value. |
1335 | `IP-Address` part is 4 octets Global Administrator subfield. | |
1336 | `VAL` part is 2 octets Local Administrator subfield. | |
1337 | `10.0.0.1:100` represents | |
42fc5d26 | 1338 | |
0efdf0fe | 1339 | .. _bgp-extended-community-lists: |
42fc5d26 QY |
1340 | |
1341 | BGP Extended Community Lists | |
1342 | ---------------------------- | |
1343 | ||
1344 | Expanded Community Lists is a user defined BGP Expanded Community | |
1345 | Lists. | |
1346 | ||
c3c5a71f | 1347 | .. index:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
29adcd50 | 1348 | .. clicmd:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
42fc5d26 | 1349 | |
4da7fda3 QY |
1350 | This command defines a new standard extcommunity-list. `extcommunity` is |
1351 | extended communities value. The `extcommunity` is compiled into extended | |
1352 | community structure. We can define multiple extcommunity-list under same | |
1353 | name. In that case match will happen user defined order. Once the | |
1354 | extcommunity-list matches to extended communities attribute in BGP updates | |
1355 | it return permit or deny based upon the extcommunity-list definition. When | |
1356 | there is no matched entry, deny will be returned. When `extcommunity` is | |
1357 | empty it matches to any routes. | |
42fc5d26 | 1358 | |
c1a54c05 | 1359 | .. index:: ip extcommunity-list expanded NAME permit|deny LINE |
29adcd50 | 1360 | .. clicmd:: ip extcommunity-list expanded NAME permit|deny LINE |
42fc5d26 | 1361 | |
4da7fda3 QY |
1362 | This command defines a new expanded extcommunity-list. `line` is a string |
1363 | expression of extended communities attribute. `line` can be a regular | |
1364 | expression (:ref:`bgp-regular-expressions`) to match an extended communities | |
1365 | attribute in BGP updates. | |
42fc5d26 | 1366 | |
c1a54c05 | 1367 | .. index:: no ip extcommunity-list NAME |
29adcd50 | 1368 | .. clicmd:: no ip extcommunity-list NAME |
42fc5d26 | 1369 | |
c1a54c05 | 1370 | .. index:: no ip extcommunity-list standard NAME |
29adcd50 | 1371 | .. clicmd:: no ip extcommunity-list standard NAME |
42fc5d26 | 1372 | |
c1a54c05 | 1373 | .. index:: no ip extcommunity-list expanded NAME |
29adcd50 | 1374 | .. clicmd:: no ip extcommunity-list expanded NAME |
42fc5d26 | 1375 | |
4da7fda3 QY |
1376 | These commands delete extended community lists specified by `name`. All of |
1377 | extended community lists shares a single name space. So extended community | |
1378 | lists can be removed simpley specifying the name. | |
42fc5d26 | 1379 | |
c1a54c05 | 1380 | .. index:: show ip extcommunity-list |
29adcd50 | 1381 | .. clicmd:: show ip extcommunity-list |
42fc5d26 | 1382 | |
c1a54c05 | 1383 | .. index:: show ip extcommunity-list NAME |
29adcd50 | 1384 | .. clicmd:: show ip extcommunity-list NAME |
c1a54c05 | 1385 | |
4da7fda3 QY |
1386 | This command displays current extcommunity-list information. When `name` is |
1387 | specified the community list's information is shown. | |
42fc5d26 QY |
1388 | |
1389 | :: | |
1390 | ||
c3c5a71f QY |
1391 | # show ip extcommunity-list |
1392 | ||
42fc5d26 | 1393 | |
0efdf0fe | 1394 | .. _bgp-extended-communities-in-route-map: |
42fc5d26 QY |
1395 | |
1396 | BGP Extended Communities in Route Map | |
1397 | ------------------------------------- | |
1398 | ||
c3c5a71f | 1399 | .. index:: match extcommunity WORD |
29adcd50 | 1400 | .. clicmd:: match extcommunity WORD |
42fc5d26 | 1401 | |
42fc5d26 | 1402 | |
c1a54c05 | 1403 | .. index:: set extcommunity rt EXTCOMMUNITY |
29adcd50 | 1404 | .. clicmd:: set extcommunity rt EXTCOMMUNITY |
42fc5d26 | 1405 | |
c1a54c05 | 1406 | This command set Route Target value. |
42fc5d26 | 1407 | |
c1a54c05 | 1408 | .. index:: set extcommunity soo EXTCOMMUNITY |
29adcd50 | 1409 | .. clicmd:: set extcommunity soo EXTCOMMUNITY |
c1a54c05 QY |
1410 | |
1411 | This command set Site of Origin value. | |
42fc5d26 | 1412 | |
0efdf0fe | 1413 | .. _bgp-large-communities-attribute: |
42fc5d26 QY |
1414 | |
1415 | BGP Large Communities Attribute | |
1416 | =============================== | |
1417 | ||
1418 | The BGP Large Communities attribute was introduced in Feb 2017 with | |
c1a54c05 | 1419 | :rfc:`8092`. |
42fc5d26 QY |
1420 | |
1421 | The BGP Large Communities Attribute is similar to the BGP Communities | |
1422 | Attribute except that it has 3 components instead of two and each of | |
1423 | which are 4 octets in length. Large Communities bring additional | |
1424 | functionality and convenience over traditional communities, specifically | |
1425 | the fact that the `GLOBAL` part below is now 4 octets wide allowing | |
1426 | AS4 operators seamless use. | |
1427 | ||
1428 | ||
42fc5d26 | 1429 | *GLOBAL:LOCAL1:LOCAL2* |
c1a54c05 QY |
1430 | This is the format to define Large Community values. Referencing |
1431 | :t:`RFC8195, Use of BGP Large Communities` the values are commonly | |
1432 | referred to as follows. | |
1433 | The `GLOBAL` part is a 4 octet Global Administrator field, common | |
1434 | use of this field is the operators AS number. | |
1435 | The `LOCAL1` part is a 4 octet Local Data Part 1 subfield referred | |
1436 | to as a function. | |
1437 | The `LOCAL2` part is a 4 octet Local Data Part 2 field and referred | |
1438 | to as the parameter subfield. `65551:1:10` represents AS 65551 | |
1439 | function 1 and parameter 10. | |
1440 | The referenced RFC above gives some guidelines on recommended usage. | |
42fc5d26 | 1441 | |
0efdf0fe | 1442 | .. _bgp-large-community-lists: |
42fc5d26 QY |
1443 | |
1444 | BGP Large Community Lists | |
1445 | ------------------------- | |
1446 | ||
1447 | Two types of large community lists are supported, namely `standard` and | |
1448 | `expanded`. | |
1449 | ||
c3c5a71f | 1450 | .. index:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
29adcd50 | 1451 | .. clicmd:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
42fc5d26 | 1452 | |
4da7fda3 QY |
1453 | This command defines a new standard large-community-list. `large-community` |
1454 | is the Large Community value. We can add multiple large communities under | |
1455 | same name. In that case the match will happen in the user defined order. | |
1456 | Once the large-community-list matches the Large Communities attribute in BGP | |
1457 | updates it will return permit or deny based upon the large-community-list | |
1458 | definition. When there is no matched entry, a deny will be returned. When | |
1459 | `large-community` is empty it matches any routes. | |
42fc5d26 | 1460 | |
c1a54c05 | 1461 | .. index:: ip large-community-list expanded NAME permit|deny LINE |
29adcd50 | 1462 | .. clicmd:: ip large-community-list expanded NAME permit|deny LINE |
42fc5d26 | 1463 | |
4da7fda3 QY |
1464 | This command defines a new expanded large-community-list. Where `line` is a |
1465 | string matching expression, it will be compared to the entire Large | |
1466 | Communities attribute as a string, with each large-community in order from | |
1467 | lowest to highest. `line` can also be a regular expression which matches | |
1468 | this Large Community attribute. | |
42fc5d26 | 1469 | |
c1a54c05 | 1470 | .. index:: no ip large-community-list NAME |
29adcd50 | 1471 | .. clicmd:: no ip large-community-list NAME |
42fc5d26 | 1472 | |
c1a54c05 | 1473 | .. index:: no ip large-community-list standard NAME |
29adcd50 | 1474 | .. clicmd:: no ip large-community-list standard NAME |
42fc5d26 | 1475 | |
c1a54c05 | 1476 | .. index:: no ip large-community-list expanded NAME |
29adcd50 | 1477 | .. clicmd:: no ip large-community-list expanded NAME |
42fc5d26 | 1478 | |
4da7fda3 QY |
1479 | These commands delete Large Community lists specified by `name`. All Large |
1480 | Community lists share a single namespace. This means Large Community lists | |
1481 | can be removed by simply specifying the name. | |
42fc5d26 | 1482 | |
c1a54c05 | 1483 | .. index:: show ip large-community-list |
29adcd50 | 1484 | .. clicmd:: show ip large-community-list |
42fc5d26 | 1485 | |
c1a54c05 | 1486 | .. index:: show ip large-community-list NAME |
29adcd50 | 1487 | .. clicmd:: show ip large-community-list NAME |
42fc5d26 | 1488 | |
c1a54c05 QY |
1489 | This command display current large-community-list information. When |
1490 | `name` is specified the community list information is shown. | |
42fc5d26 | 1491 | |
c1a54c05 | 1492 | .. index:: show ip bgp large-community-info |
29adcd50 | 1493 | .. clicmd:: show ip bgp large-community-info |
c1a54c05 QY |
1494 | |
1495 | This command displays the current large communities in use. | |
42fc5d26 | 1496 | |
0efdf0fe | 1497 | .. _bgp-large-communities-in-route-map: |
42fc5d26 QY |
1498 | |
1499 | BGP Large Communities in Route Map | |
1500 | ---------------------------------- | |
1501 | ||
c3c5a71f | 1502 | .. index:: match large-community LINE |
29adcd50 | 1503 | .. clicmd:: match large-community LINE |
42fc5d26 | 1504 | |
4da7fda3 QY |
1505 | Where `line` can be a simple string to match, or a regular expression. It |
1506 | is very important to note that this match occurs on the entire | |
c1a54c05 QY |
1507 | large-community string as a whole, where each large-community is ordered |
1508 | from lowest to highest. | |
42fc5d26 | 1509 | |
c1a54c05 | 1510 | .. index:: set large-community LARGE-COMMUNITY |
29adcd50 | 1511 | .. clicmd:: set large-community LARGE-COMMUNITY |
42fc5d26 | 1512 | |
c1a54c05 | 1513 | .. index:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
29adcd50 | 1514 | .. clicmd:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
42fc5d26 | 1515 | |
c1a54c05 | 1516 | .. index:: set large-community LARGE-COMMUNITY additive |
29adcd50 | 1517 | .. clicmd:: set large-community LARGE-COMMUNITY additive |
c1a54c05 QY |
1518 | |
1519 | These commands are used for setting large-community values. The first | |
1520 | command will overwrite any large-communities currently present. | |
1521 | The second specifies two large-communities, which overwrites the current | |
1522 | large-community list. The third will add a large-community value without | |
1523 | overwriting other values. Multiple large-community values can be specified. | |
42fc5d26 | 1524 | |
b572f826 PZ |
1525 | |
1526 | .. _bgp-vrfs: | |
1527 | ||
1528 | BGP VRFs | |
1529 | ======== | |
1530 | ||
4da7fda3 | 1531 | Bgpd supports multiple VRF instances via the *router bgp* command: |
b572f826 PZ |
1532 | |
1533 | .. index:: router bgp ASN vrf VRFNAME | |
1534 | .. clicmd:: router bgp ASN vrf VRFNAME | |
1535 | ||
4da7fda3 QY |
1536 | VRFNAME is matched against VRFs configured in the kernel. When no *vrf VRFNAME* |
1537 | is specified, the BGP protocol process belongs to the default VRF. | |
b572f826 | 1538 | |
4da7fda3 QY |
1539 | BGP routes may be leaked (i.e., copied) between a unicast VRF RIB and the VPN |
1540 | safi RIB of the default VRF (leaking is also permitted between the unicast RIB | |
1541 | of the default VRF and VPN). A common application of this feature is to | |
1542 | connect a customer's private routing domain to a provider's VPN service. | |
1543 | Leaking is configured from the point of view of an individual VRF: ``import`` | |
1544 | refers to routes leaked from VPN to a unicast VRF, whereas ``export`` refers to | |
1545 | routes leaked from a unicast VRF to VPN. | |
b572f826 PZ |
1546 | |
1547 | Required Parameters | |
1548 | ------------------- | |
1549 | ||
4da7fda3 QY |
1550 | Routes exported from a unicast VRF to the VPN RIB must be augmented by two |
1551 | parameters: | |
1552 | ||
1553 | - an :abbr:`RD (Route Distinguisher)` | |
1554 | - an :abbr:`RTLIST (Route-target List)` | |
1555 | ||
1556 | Configuration for these exported routes must, at a minimum, specify these two | |
1557 | parameters. | |
1558 | ||
1559 | Routes imported from the VPN RIB to a unicast VRF are selected according to | |
1560 | their RTLISTs. Routes whose RTLIST contains at least one route-target in | |
1561 | common with the configured import RTLIST are leaked. Configuration for these | |
1562 | imported routes must specify an RTLIST to be matched. | |
1563 | ||
1564 | The RD, which carries no semantic value, is intended to make the route unique | |
1565 | in the VPN RIB among all routes of its prefix that originate from all the | |
1566 | customers and sites that are attached to the provider's VPN service. | |
1567 | Accordingly, each site of each customer is typically assigned an RD that is | |
1568 | unique across the entire provider network. | |
1569 | ||
1570 | The RTLIST is a set of route-target extended community values whose purpose is | |
1571 | to specify route-leaking policy. Typically, a customer is assigned a single | |
1572 | route-target value for import and export to be used at all customer sites. This | |
1573 | configuration specifies a simple topology wherein a customer has a single | |
1574 | routing domain which is shared across all its sites. More complex routing | |
1575 | topologies are possible through use of additional route-targets to augment the | |
1576 | leaking of sets of routes in various ways. | |
b572f826 PZ |
1577 | |
1578 | Configuration | |
1579 | ------------- | |
1580 | ||
4da7fda3 QY |
1581 | Configuration of route leaking between a unicast VRF RIB and the VPN safi RIB |
1582 | of the default VRF is accomplished via commands in the context of a VRF | |
1583 | address-family: | |
b572f826 PZ |
1584 | |
1585 | .. index:: rd vpn export AS:NN|IP:nn | |
1586 | .. clicmd:: rd vpn export AS:NN|IP:nn | |
1587 | ||
4da7fda3 QY |
1588 | Specifies the route distinguisher to be added to a route exported from the |
1589 | current unicast VRF to VPN. | |
b572f826 PZ |
1590 | |
1591 | .. index:: no rd vpn export [AS:NN|IP:nn] | |
1592 | .. clicmd:: no rd vpn export [AS:NN|IP:nn] | |
1593 | ||
1594 | Deletes any previously-configured export route distinguisher. | |
1595 | ||
1596 | .. index:: rt vpn import|export|both RTLIST... | |
1597 | .. clicmd:: rt vpn import|export|both RTLIST... | |
1598 | ||
4da7fda3 QY |
1599 | Specifies the route-target list to be attached to a route (export) or the |
1600 | route-target list to match against (import) when exporting/importing between | |
1601 | the current unicast VRF and VPN. | |
b572f826 | 1602 | |
4da7fda3 QY |
1603 | The RTLIST is a space-separated list of route-targets, which are BGP |
1604 | extended community values as described in | |
b572f826 PZ |
1605 | :ref:`bgp-extended-communities-attribute`. |
1606 | ||
1607 | .. index:: no rt vpn import|export|both [RTLIST...] | |
1608 | .. clicmd:: no rt vpn import|export|both [RTLIST...] | |
1609 | ||
1610 | Deletes any previously-configured import or export route-target list. | |
1611 | ||
1612 | .. index:: label vpn export (0..1048575) | |
1613 | .. clicmd:: label vpn export (0..1048575) | |
1614 | ||
4da7fda3 QY |
1615 | Specifies an optional MPLS label to be attached to a route exported from the |
1616 | current unicast VRF to VPN. | |
b572f826 PZ |
1617 | |
1618 | .. index:: no label vpn export [(0..1048575)] | |
1619 | .. clicmd:: no label vpn export [(0..1048575)] | |
1620 | ||
1621 | Deletes any previously-configured export label. | |
1622 | ||
1623 | .. index:: nexthop vpn export A.B.C.D|X:X::X:X | |
1624 | .. clicmd:: nexthop vpn export A.B.C.D|X:X::X:X | |
1625 | ||
4da7fda3 QY |
1626 | Specifies an optional nexthop value to be assigned to a route exported from |
1627 | the current unicast VRF to VPN. If left unspecified, the nexthop will be set | |
1628 | to 0.0.0.0 or 0:0::0:0 (self). | |
b572f826 PZ |
1629 | |
1630 | .. index:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1631 | .. clicmd:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1632 | ||
1633 | Deletes any previously-configured export nexthop. | |
1634 | ||
1635 | .. index:: route-map vpn import|export MAP | |
1636 | .. clicmd:: route-map vpn import|export MAP | |
1637 | ||
4da7fda3 QY |
1638 | Specifies an optional route-map to be applied to routes imported or exported |
1639 | betwen the current unicast VRF and VPN. | |
b572f826 PZ |
1640 | |
1641 | .. index:: no route-map vpn import|export [MAP] | |
1642 | .. clicmd:: no route-map vpn import|export [MAP] | |
1643 | ||
1644 | Deletes any previously-configured import or export route-map. | |
1645 | ||
1646 | .. index:: import|export vpn | |
1647 | .. clicmd:: import|export vpn | |
1648 | ||
1649 | Enables import or export of routes betwen the current unicast VRF and VPN. | |
1650 | ||
1651 | .. index:: no import|export vpn | |
1652 | .. clicmd:: no import|export vpn | |
1653 | ||
1654 | Disables import or export of routes betwen the current unicast VRF and VPN. | |
1655 | ||
1656 | ||
0efdf0fe | 1657 | .. _displaying-bgp-information: |
42fc5d26 QY |
1658 | |
1659 | Displaying BGP information | |
1660 | ========================== | |
1661 | ||
1662 | ||
0efdf0fe | 1663 | .. _showing-bgp-information: |
42fc5d26 QY |
1664 | |
1665 | Showing BGP information | |
1666 | ----------------------- | |
1667 | ||
c3c5a71f | 1668 | .. index:: show ip bgp |
29adcd50 | 1669 | .. clicmd:: show ip bgp |
42fc5d26 | 1670 | |
c1a54c05 | 1671 | .. index:: show ip bgp A.B.C.D |
29adcd50 | 1672 | .. clicmd:: show ip bgp A.B.C.D |
42fc5d26 | 1673 | |
c1a54c05 | 1674 | .. index:: show ip bgp X:X::X:X |
29adcd50 | 1675 | .. clicmd:: show ip bgp X:X::X:X |
42fc5d26 | 1676 | |
c1a54c05 QY |
1677 | This command displays BGP routes. When no route is specified it |
1678 | display all of IPv4 BGP routes. | |
42fc5d26 | 1679 | |
c1a54c05 | 1680 | :: |
76bd1499 | 1681 | |
42fc5d26 | 1682 | BGP table version is 0, local router ID is 10.1.1.1 |
c1a54c05 QY |
1683 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal |
1684 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
76bd1499 | 1685 | |
c1a54c05 QY |
1686 | Network Next Hop Metric LocPrf Weight Path |
1687 | \*> 1.1.1.1/32 0.0.0.0 0 32768 i | |
76bd1499 | 1688 | |
c1a54c05 | 1689 | Total number of prefixes 1 |
42fc5d26 | 1690 | |
42fc5d26 | 1691 | |
c3c5a71f | 1692 | .. index:: show ip bgp regexp LINE |
29adcd50 | 1693 | .. clicmd:: show ip bgp regexp LINE |
42fc5d26 | 1694 | |
c1a54c05 | 1695 | This command displays BGP routes using AS path regular expression |
0efdf0fe | 1696 | (:ref:`bgp-regular-expressions`). |
42fc5d26 | 1697 | |
c1a54c05 | 1698 | .. index:: show ip bgp community COMMUNITY |
29adcd50 | 1699 | .. clicmd:: show ip bgp community COMMUNITY |
42fc5d26 | 1700 | |
c1a54c05 | 1701 | .. index:: show ip bgp community COMMUNITY exact-match |
29adcd50 | 1702 | .. clicmd:: show ip bgp community COMMUNITY exact-match |
42fc5d26 | 1703 | |
4da7fda3 QY |
1704 | This command displays BGP routes using `community` |
1705 | (:ref:`display-bgp-routes-by-community`). | |
42fc5d26 | 1706 | |
c1a54c05 | 1707 | .. index:: show ip bgp community-list WORD |
29adcd50 | 1708 | .. clicmd:: show ip bgp community-list WORD |
42fc5d26 | 1709 | |
c1a54c05 | 1710 | .. index:: show ip bgp community-list WORD exact-match |
29adcd50 | 1711 | .. clicmd:: show ip bgp community-list WORD exact-match |
42fc5d26 | 1712 | |
4da7fda3 QY |
1713 | This command displays BGP routes using community list |
1714 | (:ref:`display-bgp-routes-by-community`). | |
42fc5d26 | 1715 | |
c1a54c05 | 1716 | .. index:: show bgp ipv4|ipv6 summary |
29adcd50 | 1717 | .. clicmd:: show bgp ipv4|ipv6 summary |
42fc5d26 | 1718 | |
c1a54c05 | 1719 | Show a bgp peer summary for the specified address family. |
42fc5d26 | 1720 | |
c1a54c05 | 1721 | .. index:: show bgp ipv4|ipv6 neighbor [PEER] |
29adcd50 | 1722 | .. clicmd:: show bgp ipv4|ipv6 neighbor [PEER] |
42fc5d26 | 1723 | |
c1a54c05 | 1724 | This command shows information on a specific BGP `peer`. |
42fc5d26 | 1725 | |
c1a54c05 | 1726 | .. index:: show bgp ipv4|ipv6 dampening dampened-paths |
29adcd50 | 1727 | .. clicmd:: show bgp ipv4|ipv6 dampening dampened-paths |
42fc5d26 | 1728 | |
c1a54c05 | 1729 | Display paths suppressed due to dampening. |
42fc5d26 | 1730 | |
c1a54c05 | 1731 | .. index:: show bgp ipv4|ipv6 dampening flap-statistics |
29adcd50 | 1732 | .. clicmd:: show bgp ipv4|ipv6 dampening flap-statistics |
c1a54c05 QY |
1733 | |
1734 | Display flap statistics of routes. | |
42fc5d26 | 1735 | |
0efdf0fe | 1736 | .. _other-bgp-commands: |
42fc5d26 QY |
1737 | |
1738 | Other BGP commands | |
1739 | ------------------ | |
1740 | ||
c3c5a71f | 1741 | .. index:: clear bgp ipv4|ipv6 \* |
29adcd50 | 1742 | .. clicmd:: clear bgp ipv4|ipv6 \* |
42fc5d26 | 1743 | |
c1a54c05 | 1744 | Clear all address family peers. |
42fc5d26 | 1745 | |
c1a54c05 | 1746 | .. index:: clear bgp ipv4|ipv6 PEER |
29adcd50 | 1747 | .. clicmd:: clear bgp ipv4|ipv6 PEER |
42fc5d26 | 1748 | |
c1a54c05 | 1749 | Clear peers which have addresses of X.X.X.X |
42fc5d26 | 1750 | |
c1a54c05 | 1751 | .. index:: clear bgp ipv4|ipv6 PEER soft in |
29adcd50 | 1752 | .. clicmd:: clear bgp ipv4|ipv6 PEER soft in |
42fc5d26 | 1753 | |
c1a54c05 | 1754 | Clear peer using soft reconfiguration. |
42fc5d26 | 1755 | |
c1a54c05 | 1756 | .. index:: show debug |
29adcd50 | 1757 | .. clicmd:: show debug |
42fc5d26 | 1758 | |
c1a54c05 | 1759 | .. index:: debug event |
29adcd50 | 1760 | .. clicmd:: debug event |
42fc5d26 | 1761 | |
c1a54c05 | 1762 | .. index:: debug update |
29adcd50 | 1763 | .. clicmd:: debug update |
42fc5d26 | 1764 | |
c1a54c05 | 1765 | .. index:: debug keepalive |
29adcd50 | 1766 | .. clicmd:: debug keepalive |
42fc5d26 | 1767 | |
c1a54c05 | 1768 | .. index:: no debug event |
29adcd50 | 1769 | .. clicmd:: no debug event |
42fc5d26 | 1770 | |
c1a54c05 | 1771 | .. index:: no debug update |
29adcd50 | 1772 | .. clicmd:: no debug update |
42fc5d26 | 1773 | |
c1a54c05 | 1774 | .. index:: no debug keepalive |
29adcd50 | 1775 | .. clicmd:: no debug keepalive |
42fc5d26 | 1776 | |
c1a54c05 | 1777 | |
0efdf0fe | 1778 | .. _capability-negotiation: |
42fc5d26 QY |
1779 | |
1780 | Capability Negotiation | |
1781 | ====================== | |
1782 | ||
4b44467c | 1783 | When adding IPv6 routing information exchange feature to BGP. There were some |
4da7fda3 QY |
1784 | proposals. :abbr:`IETF (Internet Engineering Task Force)` |
1785 | :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol | |
1786 | Extension for BGP. The specification is described in :rfc:`2283`. The protocol | |
1787 | does not define new protocols. It defines new attributes to existing BGP. When | |
1788 | it is used exchanging IPv6 routing information it is called BGP-4+. When it is | |
1789 | used for exchanging multicast routing information it is called MBGP. | |
1790 | ||
1791 | *bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports | |
1792 | the protocol, *bgpd* can exchange IPv6 and/or multicast routing information. | |
1793 | ||
1794 | Traditional BGP did not have the feature to detect a remote peer's | |
1795 | capabilities, e.g. whether it can handle prefix types other than IPv4 unicast | |
1796 | routes. This was a big problem using Multiprotocol Extension for BGP in an | |
1797 | operational network. :rfc:`2842` adopted a feature called Capability | |
1798 | Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's | |
1799 | capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* | |
1800 | does not send these Capability Negotiation packets (at least not unless other | |
1801 | optional BGP features require capability negotation). | |
4b44467c QY |
1802 | |
1803 | By default, FRR will bring up peering with minimal common capability for the | |
4da7fda3 QY |
1804 | both sides. For example, if the local router has unicast and multicast |
1805 | capabilities and the remote router only has unicast capability the local router | |
1806 | will establish the connection with unicast only capability. When there are no | |
1807 | common capabilities, FRR sends Unsupported Capability error and then resets the | |
4b44467c QY |
1808 | connection. |
1809 | ||
1810 | If you want to completely match capabilities with remote peer. Please use | |
1811 | *strict-capability-match* command. | |
42fc5d26 | 1812 | |
c1a54c05 QY |
1813 | .. index:: neighbor PEER strict-capability-match |
1814 | .. clicmd:: neighbor PEER strict-capability-match | |
c3c5a71f | 1815 | |
c1a54c05 QY |
1816 | .. index:: no neighbor PEER strict-capability-match |
1817 | .. clicmd:: no neighbor PEER strict-capability-match | |
42fc5d26 | 1818 | |
4da7fda3 QY |
1819 | Strictly compares remote capabilities and local capabilities. If |
1820 | capabilities are different, send Unsupported Capability error then reset | |
1821 | connection. | |
42fc5d26 | 1822 | |
4da7fda3 QY |
1823 | You may want to disable sending Capability Negotiation OPEN message optional |
1824 | parameter to the peer when remote peer does not implement Capability | |
1825 | Negotiation. Please use *dont-capability-negotiate* command to disable the | |
1826 | feature. | |
c3c5a71f | 1827 | |
c1a54c05 QY |
1828 | .. index:: neighbor PEER dont-capability-negotiate |
1829 | .. clicmd:: neighbor PEER dont-capability-negotiate | |
42fc5d26 | 1830 | |
c1a54c05 QY |
1831 | .. index:: no neighbor PEER dont-capability-negotiate |
1832 | .. clicmd:: no neighbor PEER dont-capability-negotiate | |
c3c5a71f | 1833 | |
4da7fda3 QY |
1834 | Suppress sending Capability Negotiation as OPEN message optional parameter |
1835 | to the peer. This command only affects the peer is configured other than | |
1836 | IPv4 unicast configuration. | |
42fc5d26 | 1837 | |
4da7fda3 QY |
1838 | When remote peer does not have capability negotiation feature, remote peer |
1839 | will not send any capabilities at all. In that case, bgp configures the peer | |
1840 | with configured capabilities. | |
42fc5d26 | 1841 | |
c1a54c05 | 1842 | You may prefer locally configured capabilities more than the negotiated |
4da7fda3 QY |
1843 | capabilities even though remote peer sends capabilities. If the peer is |
1844 | configured by *override-capability*, *bgpd* ignores received capabilities | |
1845 | then override negotiated capabilities with configured values. | |
42fc5d26 | 1846 | |
c1a54c05 QY |
1847 | .. index:: neighbor PEER override-capability |
1848 | .. clicmd:: neighbor PEER override-capability | |
42fc5d26 | 1849 | |
c1a54c05 QY |
1850 | .. index:: no neighbor PEER override-capability |
1851 | .. clicmd:: no neighbor PEER override-capability | |
c3c5a71f | 1852 | |
c1a54c05 QY |
1853 | Override the result of Capability Negotiation with local configuration. |
1854 | Ignore remote peer's capability value. | |
42fc5d26 | 1855 | |
0efdf0fe | 1856 | .. _route-reflector: |
42fc5d26 QY |
1857 | |
1858 | Route Reflector | |
1859 | =============== | |
1860 | ||
c1a54c05 QY |
1861 | .. index:: bgp cluster-id A.B.C.D |
1862 | .. clicmd:: bgp cluster-id A.B.C.D | |
42fc5d26 | 1863 | |
c1a54c05 QY |
1864 | .. index:: neighbor PEER route-reflector-client |
1865 | .. clicmd:: neighbor PEER route-reflector-client | |
c3c5a71f | 1866 | |
c1a54c05 QY |
1867 | .. index:: no neighbor PEER route-reflector-client |
1868 | .. clicmd:: no neighbor PEER route-reflector-client | |
42fc5d26 | 1869 | |
42fc5d26 | 1870 | |
0efdf0fe | 1871 | .. _route-server: |
42fc5d26 QY |
1872 | |
1873 | Route Server | |
1874 | ============ | |
1875 | ||
c1a54c05 | 1876 | At an Internet Exchange point, many ISPs are connected to each other by the |
4da7fda3 QY |
1877 | "full mesh method". As with internal BGP full mesh formation, this method has a |
1878 | scaling problem. | |
42fc5d26 | 1879 | |
c1a54c05 QY |
1880 | This scaling problem is well known. Route Server is a method to resolve the |
1881 | problem. Each ISP's BGP router only peers to Route Server. Route Server serves | |
1882 | as BGP information exchange to other BGP routers. By applying this method, | |
1883 | numbers of BGP connections is reduced from O(n*(n-1)/2) to O(n). | |
42fc5d26 | 1884 | |
4da7fda3 | 1885 | Unlike a normal BGP router, Route Server must have several routing tables for |
c1a54c05 QY |
1886 | managing different routing policies for each BGP speaker. We call the routing |
1887 | tables as different "views". *bgpd* can work as normal BGP router or Route | |
1888 | Server or both at the same time. | |
42fc5d26 | 1889 | |
0efdf0fe | 1890 | .. _multiple-instance: |
42fc5d26 QY |
1891 | |
1892 | Multiple instance | |
1893 | ----------------- | |
1894 | ||
c1a54c05 QY |
1895 | To enable multiple view function of *bgpd*, you must turn on multiple instance |
1896 | feature beforehand. | |
42fc5d26 | 1897 | |
c3c5a71f | 1898 | .. index:: bgp multiple-instance |
29adcd50 | 1899 | .. clicmd:: bgp multiple-instance |
42fc5d26 | 1900 | |
c1a54c05 QY |
1901 | Enable BGP multiple instance feature. After this feature is enabled, |
1902 | you can make multiple BGP instances or multiple BGP views. | |
42fc5d26 | 1903 | |
c1a54c05 | 1904 | .. index:: no bgp multiple-instance |
29adcd50 | 1905 | .. clicmd:: no bgp multiple-instance |
c1a54c05 QY |
1906 | |
1907 | Disable BGP multiple instance feature. You can not disable this feature | |
1908 | when BGP multiple instances or views exist. | |
42fc5d26 | 1909 | |
c3c5a71f | 1910 | When you want to make configuration more Cisco like one, |
42fc5d26 | 1911 | |
c3c5a71f | 1912 | .. index:: bgp config-type cisco |
29adcd50 | 1913 | .. clicmd:: bgp config-type cisco |
c1a54c05 QY |
1914 | |
1915 | Cisco compatible BGP configuration output. | |
42fc5d26 | 1916 | |
c3c5a71f | 1917 | When bgp config-type cisco is specified, |
42fc5d26 | 1918 | |
4da7fda3 QY |
1919 | ``no synchronization`` is displayed. |
1920 | ``no auto-summary`` is displayed. | |
1921 | ||
1922 | The ``network`` and ``aggregate-address`` arguments are displayed as:: | |
42fc5d26 | 1923 | |
4da7fda3 | 1924 | A.B.C.D M.M.M.M |
42fc5d26 | 1925 | |
4da7fda3 QY |
1926 | FRR: network 10.0.0.0/8 |
1927 | Cisco: network 10.0.0.0 | |
42fc5d26 | 1928 | |
4da7fda3 QY |
1929 | FRR: aggregate-address 192.168.0.0/24 |
1930 | Cisco: aggregate-address 192.168.0.0 255.255.255.0 | |
42fc5d26 | 1931 | |
4da7fda3 QY |
1932 | Community attribute handling is also different. If no configuration is |
1933 | specified community attribute and extended community attribute are sent to the | |
1934 | neighbor. If a user manually disables the feature, the community attribute is | |
1935 | not sent to the neighbor. When ``bgp config-type cisco`` is specified, the | |
1936 | community attribute is not sent to the neighbor by default. To send the | |
1937 | community attribute user has to specify *neighbor A.B.C.D send-community* | |
1938 | command.:: | |
c1a54c05 QY |
1939 | |
1940 | ! | |
1941 | router bgp 1 | |
1942 | neighbor 10.0.0.1 remote-as 1 | |
1943 | address-family ipv4 unicast | |
1944 | no neighbor 10.0.0.1 send-community | |
1945 | exit-address-family | |
1946 | ! | |
1947 | router bgp 1 | |
1948 | neighbor 10.0.0.1 remote-as 1 | |
1949 | address-family ipv4 unicast | |
1950 | neighbor 10.0.0.1 send-community | |
1951 | exit-address-family | |
1952 | ! | |
42fc5d26 | 1953 | |
42fc5d26 | 1954 | |
c3c5a71f | 1955 | .. index:: bgp config-type zebra |
29adcd50 | 1956 | .. clicmd:: bgp config-type zebra |
c1a54c05 QY |
1957 | |
1958 | FRR style BGP configuration. This is default. | |
42fc5d26 | 1959 | |
0efdf0fe | 1960 | .. _bgp-instance-and-view: |
42fc5d26 QY |
1961 | |
1962 | BGP instance and view | |
1963 | --------------------- | |
1964 | ||
4da7fda3 QY |
1965 | BGP instance is a normal BGP process. The result of route selection goes to the |
1966 | kernel routing table. You can setup different AS at the same time when BGP | |
1967 | multiple instance feature is enabled. | |
42fc5d26 | 1968 | |
c3c5a71f | 1969 | .. index:: router bgp AS-NUMBER |
29adcd50 | 1970 | .. clicmd:: router bgp AS-NUMBER |
42fc5d26 | 1971 | |
4da7fda3 | 1972 | Make a new BGP instance. You can use an arbitrary word for the `name`. |
42fc5d26 | 1973 | |
c1a54c05 | 1974 | :: |
76bd1499 | 1975 | |
c1a54c05 QY |
1976 | bgp multiple-instance |
1977 | ! | |
1978 | router bgp 1 | |
1979 | neighbor 10.0.0.1 remote-as 2 | |
1980 | neighbor 10.0.0.2 remote-as 3 | |
1981 | ! | |
1982 | router bgp 2 | |
1983 | neighbor 10.0.0.3 remote-as 4 | |
1984 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 1985 | |
42fc5d26 | 1986 | |
4da7fda3 QY |
1987 | BGP view is almost same as normal BGP process. The result of route selection |
1988 | does not go to the kernel routing table. BGP view is only for exchanging BGP | |
1989 | routing information. | |
42fc5d26 | 1990 | |
c3c5a71f | 1991 | .. index:: router bgp AS-NUMBER view NAME |
29adcd50 | 1992 | .. clicmd:: router bgp AS-NUMBER view NAME |
42fc5d26 | 1993 | |
c1a54c05 QY |
1994 | Make a new BGP view. You can use arbitrary word for the `name`. This view's |
1995 | route selection result does not go to the kernel routing table. | |
42fc5d26 | 1996 | |
c1a54c05 | 1997 | With this command, you can setup Route Server like below. |
42fc5d26 | 1998 | |
c1a54c05 | 1999 | :: |
76bd1499 | 2000 | |
c1a54c05 QY |
2001 | bgp multiple-instance |
2002 | ! | |
2003 | router bgp 1 view 1 | |
2004 | neighbor 10.0.0.1 remote-as 2 | |
2005 | neighbor 10.0.0.2 remote-as 3 | |
2006 | ! | |
2007 | router bgp 2 view 2 | |
2008 | neighbor 10.0.0.3 remote-as 4 | |
2009 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 2010 | |
42fc5d26 | 2011 | |
0efdf0fe | 2012 | .. _routing-policy: |
42fc5d26 QY |
2013 | |
2014 | Routing policy | |
2015 | -------------- | |
2016 | ||
4da7fda3 QY |
2017 | You can set different routing policy for a peer. For example, you can set |
2018 | different filter for a peer.:: | |
c1a54c05 QY |
2019 | |
2020 | bgp multiple-instance | |
2021 | ! | |
2022 | router bgp 1 view 1 | |
2023 | neighbor 10.0.0.1 remote-as 2 | |
2024 | address-family ipv4 unicast | |
2025 | neighbor 10.0.0.1 distribute-list 1 in | |
2026 | exit-address-family | |
2027 | ! | |
2028 | router bgp 1 view 2 | |
2029 | neighbor 10.0.0.1 remote-as 2 | |
2030 | address-family ipv4 unicast | |
2031 | neighbor 10.0.0.1 distribute-list 2 in | |
2032 | exit-address-family | |
c3c5a71f | 2033 | |
42fc5d26 | 2034 | |
4da7fda3 QY |
2035 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. |
2036 | When the update is inserted into view 1, distribute-list 1 is applied. On the | |
2037 | other hand, when the update is inserted into view 2, distribute-list 2 is | |
2038 | applied. | |
42fc5d26 | 2039 | |
0efdf0fe | 2040 | .. _viewing-the-view: |
42fc5d26 QY |
2041 | |
2042 | Viewing the view | |
2043 | ---------------- | |
2044 | ||
2045 | To display routing table of BGP view, you must specify view name. | |
2046 | ||
c3c5a71f | 2047 | .. index:: show ip bgp view NAME |
29adcd50 | 2048 | .. clicmd:: show ip bgp view NAME |
c1a54c05 QY |
2049 | |
2050 | Display routing table of BGP view ``NAME``. | |
42fc5d26 | 2051 | |
0efdf0fe | 2052 | .. _bgp-regular-expressions: |
42fc5d26 QY |
2053 | |
2054 | BGP Regular Expressions | |
2055 | ======================= | |
2056 | ||
4da7fda3 QY |
2057 | BGP regular expressions are based on `POSIX 1003.2` regular expressions. The |
2058 | following description is just a quick subset of the `POSIX` regular | |
2059 | expressions. Adding to that, the special character '_' is added. | |
42fc5d26 QY |
2060 | |
2061 | ||
c1a54c05 QY |
2062 | .* |
2063 | Matches any single character. | |
42fc5d26 QY |
2064 | |
2065 | * | |
c1a54c05 | 2066 | Matches 0 or more occurrences of pattern. |
42fc5d26 QY |
2067 | |
2068 | + | |
c1a54c05 | 2069 | Matches 1 or more occurrences of pattern. |
42fc5d26 QY |
2070 | |
2071 | ? | |
c1a54c05 | 2072 | Match 0 or 1 occurrences of pattern. |
42fc5d26 QY |
2073 | |
2074 | ^ | |
c1a54c05 | 2075 | Matches the beginning of the line. |
42fc5d26 QY |
2076 | |
2077 | $ | |
c1a54c05 | 2078 | Matches the end of the line. |
42fc5d26 QY |
2079 | |
2080 | _ | |
c1a54c05 QY |
2081 | Character `_` has special meanings in BGP regular expressions. It matches |
2082 | to space and comma , and AS set delimiter { and } and AS confederation | |
2083 | delimiter `(` and `)`. And it also matches to the beginning of the line and | |
2084 | the end of the line. So `_` can be used for AS value boundaries match. This | |
2085 | character technically evaluates to `(^|[,{}() ]|$)`. | |
42fc5d26 | 2086 | |
11ab5329 | 2087 | .. _how-to-set-up-a-6-bone-connection: |
42fc5d26 QY |
2088 | |
2089 | How to set up a 6-Bone connection | |
2090 | ================================= | |
2091 | ||
2092 | :: | |
2093 | ||
c1a54c05 QY |
2094 | zebra configuration |
2095 | =================== | |
2096 | ! | |
2097 | ! Actually there is no need to configure zebra | |
2098 | ! | |
2099 | ||
2100 | bgpd configuration | |
2101 | ================== | |
2102 | ! | |
2103 | ! This means that routes go through zebra and into the kernel. | |
2104 | ! | |
2105 | router zebra | |
2106 | ! | |
2107 | ! MP-BGP configuration | |
2108 | ! | |
2109 | router bgp 7675 | |
2110 | bgp router-id 10.0.0.1 | |
2111 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as `as-number` | |
2112 | ! | |
2113 | address-family ipv6 | |
2114 | network 3ffe:506::/32 | |
2115 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
2116 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
2117 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as `as-number` | |
2118 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
2119 | exit-address-family | |
2120 | ! | |
2121 | ipv6 access-list all permit any | |
2122 | ! | |
2123 | ! Set output nexthop address. | |
2124 | ! | |
2125 | route-map set-nexthop permit 10 | |
2126 | match ipv6 address all | |
2127 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
2128 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
2129 | ! | |
2130 | ! logfile FILENAME is obsolete. Please use log file FILENAME | |
2131 | ||
2132 | log file bgpd.log | |
2133 | ! | |
c3c5a71f | 2134 | |
42fc5d26 | 2135 | |
0efdf0fe | 2136 | .. _dump-bgp-packets-and-table: |
42fc5d26 QY |
2137 | |
2138 | Dump BGP packets and table | |
2139 | ========================== | |
2140 | ||
c3c5a71f | 2141 | .. index:: dump bgp all PATH [INTERVAL] |
29adcd50 | 2142 | .. clicmd:: dump bgp all PATH [INTERVAL] |
42fc5d26 | 2143 | |
c1a54c05 | 2144 | .. index:: dump bgp all-et PATH [INTERVAL] |
29adcd50 | 2145 | .. clicmd:: dump bgp all-et PATH [INTERVAL] |
42fc5d26 | 2146 | |
c1a54c05 | 2147 | .. index:: no dump bgp all [PATH] [INTERVAL] |
29adcd50 | 2148 | .. clicmd:: no dump bgp all [PATH] [INTERVAL] |
42fc5d26 | 2149 | |
c1a54c05 | 2150 | Dump all BGP packet and events to `path` file. |
4da7fda3 QY |
2151 | If `interval` is set, a new file will be created for echo `interval` of |
2152 | seconds. The path `path` can be set with date and time formatting | |
2153 | (strftime). The type ‘all-et’ enables support for Extended Timestamp Header | |
2154 | (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2155 | |
c1a54c05 | 2156 | .. index:: dump bgp updates PATH [INTERVAL] |
29adcd50 | 2157 | .. clicmd:: dump bgp updates PATH [INTERVAL] |
42fc5d26 | 2158 | |
c1a54c05 | 2159 | .. index:: dump bgp updates-et PATH [INTERVAL] |
29adcd50 | 2160 | .. clicmd:: dump bgp updates-et PATH [INTERVAL] |
42fc5d26 | 2161 | |
c1a54c05 | 2162 | .. index:: no dump bgp updates [PATH] [INTERVAL] |
29adcd50 | 2163 | .. clicmd:: no dump bgp updates [PATH] [INTERVAL] |
42fc5d26 | 2164 | |
c1a54c05 | 2165 | Dump only BGP updates messages to `path` file. |
4da7fda3 QY |
2166 | If `interval` is set, a new file will be created for echo `interval` of |
2167 | seconds. The path `path` can be set with date and time formatting | |
2168 | (strftime). The type ‘updates-et’ enables support for Extended Timestamp | |
2169 | Header (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2170 | |
c1a54c05 | 2171 | .. index:: dump bgp routes-mrt PATH |
29adcd50 | 2172 | .. clicmd:: dump bgp routes-mrt PATH |
42fc5d26 | 2173 | |
c1a54c05 | 2174 | .. index:: dump bgp routes-mrt PATH INTERVAL |
29adcd50 | 2175 | .. clicmd:: dump bgp routes-mrt PATH INTERVAL |
42fc5d26 | 2176 | |
c1a54c05 | 2177 | .. index:: no dump bgp route-mrt [PATH] [INTERVAL] |
29adcd50 | 2178 | .. clicmd:: no dump bgp route-mrt [PATH] [INTERVAL] |
42fc5d26 | 2179 | |
4da7fda3 QY |
2180 | Dump whole BGP routing table to `path`. This is heavy process. The path |
2181 | `path` can be set with date and time formatting (strftime). If `interval` is | |
2182 | set, a new file will be created for echo `interval` of seconds. | |
42fc5d26 | 2183 | |
c1a54c05 | 2184 | Note: the interval variable can also be set using hours and minutes: 04h20m00. |
42fc5d26 | 2185 | |
c1a54c05 | 2186 | .. _bgp-configuration-examples: |
42fc5d26 | 2187 | |
c1a54c05 QY |
2188 | BGP Configuration Examples |
2189 | ========================== | |
42fc5d26 | 2190 | |
c1a54c05 | 2191 | Example of a session to an upstream, advertising only one prefix to it.:: |
42fc5d26 | 2192 | |
c1a54c05 QY |
2193 | router bgp 64512 |
2194 | bgp router-id 10.236.87.1 | |
2195 | neighbor upstream peer-group | |
2196 | neighbor upstream remote-as 64515 | |
2197 | neighbor upstream capability dynamic | |
2198 | neighbor 10.1.1.1 peer-group upstream | |
2199 | neighbor 10.1.1.1 description ACME ISP | |
c3c5a71f | 2200 | |
c1a54c05 QY |
2201 | address-family ipv4 unicast |
2202 | network 10.236.87.0/24 | |
2203 | neighbor upstream prefix-list pl-allowed-adv out | |
2204 | exit-address-family | |
2205 | ! | |
2206 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
2207 | ip prefix-list pl-allowed-adv seq 10 deny any | |
42fc5d26 | 2208 | |
4da7fda3 QY |
2209 | A more complex example. With upstream, peer and customer sessions. Advertising |
2210 | global prefixes and NO_EXPORT prefixes and providing actions for customer | |
2211 | routes based on community values. Extensive use of route-maps and the 'call' | |
2212 | feature to support selective advertising of prefixes. This example is intended | |
2213 | as guidance only, it has NOT been tested and almost certainly containts silly | |
2214 | mistakes, if not serious flaws. | |
42fc5d26 QY |
2215 | |
2216 | :: | |
2217 | ||
c1a54c05 QY |
2218 | router bgp 64512 |
2219 | bgp router-id 10.236.87.1 | |
2220 | neighbor upstream capability dynamic | |
2221 | neighbor cust capability dynamic | |
2222 | neighbor peer capability dynamic | |
2223 | neighbor 10.1.1.1 remote-as 64515 | |
2224 | neighbor 10.1.1.1 peer-group upstream | |
2225 | neighbor 10.2.1.1 remote-as 64516 | |
2226 | neighbor 10.2.1.1 peer-group upstream | |
2227 | neighbor 10.3.1.1 remote-as 64517 | |
2228 | neighbor 10.3.1.1 peer-group cust-default | |
2229 | neighbor 10.3.1.1 description customer1 | |
2230 | neighbor 10.4.1.1 remote-as 64518 | |
2231 | neighbor 10.4.1.1 peer-group cust | |
2232 | neighbor 10.4.1.1 description customer2 | |
2233 | neighbor 10.5.1.1 remote-as 64519 | |
2234 | neighbor 10.5.1.1 peer-group peer | |
2235 | neighbor 10.5.1.1 description peer AS 1 | |
2236 | neighbor 10.6.1.1 remote-as 64520 | |
2237 | neighbor 10.6.1.1 peer-group peer | |
2238 | neighbor 10.6.1.1 description peer AS 2 | |
2239 | ||
2240 | address-family ipv4 unicast | |
2241 | network 10.123.456.0/24 | |
2242 | network 10.123.456.128/25 route-map rm-no-export | |
2243 | neighbor upstream route-map rm-upstream-out out | |
2244 | neighbor cust route-map rm-cust-in in | |
2245 | neighbor cust route-map rm-cust-out out | |
2246 | neighbor cust send-community both | |
2247 | neighbor peer route-map rm-peer-in in | |
2248 | neighbor peer route-map rm-peer-out out | |
2249 | neighbor peer send-community both | |
2250 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
2251 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
2252 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
2253 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
2254 | exit-address-family | |
2255 | ! | |
2256 | ip prefix-list pl-default permit 0.0.0.0/0 | |
2257 | ! | |
2258 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
2259 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
2260 | ! | |
2261 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
2262 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
2263 | ! | |
2264 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
2265 | ! | |
2266 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
2267 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
2268 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
2269 | ! | |
2270 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
2271 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
2272 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
2273 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
2274 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
2275 | ! | |
2276 | ip as-path access-list asp-own-as permit ^$ | |
2277 | ip as-path access-list asp-own-as permit _64512_ | |
2278 | ! | |
2279 | ! ################################################################# | |
2280 | ! Match communities we provide actions for, on routes receives from | |
2281 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
2282 | ! | |
2283 | ! 100 - blackhole the prefix | |
2284 | ! 200 - set no_export | |
2285 | ! 300 - advertise only to other customers | |
2286 | ! 400 - advertise only to upstreams | |
2287 | ! 500 - set no_export when advertising to upstreams | |
2288 | ! 2X00 - set local_preference to X00 | |
2289 | ! | |
2290 | ! blackhole the prefix of the route | |
2291 | ip community-list standard cm-blackhole permit 64512:100 | |
2292 | ! | |
2293 | ! set no-export community before advertising | |
2294 | ip community-list standard cm-set-no-export permit 64512:200 | |
2295 | ! | |
2296 | ! advertise only to other customers | |
2297 | ip community-list standard cm-cust-only permit 64512:300 | |
2298 | ! | |
2299 | ! advertise only to upstreams | |
2300 | ip community-list standard cm-upstream-only permit 64512:400 | |
2301 | ! | |
2302 | ! advertise to upstreams with no-export | |
2303 | ip community-list standard cm-upstream-noexport permit 64512:500 | |
2304 | ! | |
2305 | ! set local-pref to least significant 3 digits of the community | |
2306 | ip community-list standard cm-prefmod-100 permit 64512:2100 | |
2307 | ip community-list standard cm-prefmod-200 permit 64512:2200 | |
2308 | ip community-list standard cm-prefmod-300 permit 64512:2300 | |
2309 | ip community-list standard cm-prefmod-400 permit 64512:2400 | |
2310 | ip community-list expanded cme-prefmod-range permit 64512:2... | |
2311 | ! | |
2312 | ! Informational communities | |
2313 | ! | |
2314 | ! 3000 - learned from upstream | |
2315 | ! 3100 - learned from customer | |
2316 | ! 3200 - learned from peer | |
2317 | ! | |
2318 | ip community-list standard cm-learnt-upstream permit 64512:3000 | |
2319 | ip community-list standard cm-learnt-cust permit 64512:3100 | |
2320 | ip community-list standard cm-learnt-peer permit 64512:3200 | |
2321 | ! | |
2322 | ! ################################################################### | |
2323 | ! Utility route-maps | |
2324 | ! | |
2325 | ! These utility route-maps generally should not used to permit/deny | |
2326 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
2327 | ! should be used with 'on-match next'. These all finish with an empty | |
2328 | ! permit entry so as not interfere with processing in the caller. | |
2329 | ! | |
2330 | route-map rm-no-export permit 10 | |
2331 | set community additive no-export | |
2332 | route-map rm-no-export permit 20 | |
2333 | ! | |
2334 | route-map rm-blackhole permit 10 | |
2335 | description blackhole, up-pref and ensure it cant escape this AS | |
2336 | set ip next-hop 127.0.0.1 | |
2337 | set local-preference 10 | |
2338 | set community additive no-export | |
2339 | route-map rm-blackhole permit 20 | |
2340 | ! | |
2341 | ! Set local-pref as requested | |
2342 | route-map rm-prefmod permit 10 | |
2343 | match community cm-prefmod-100 | |
2344 | set local-preference 100 | |
2345 | route-map rm-prefmod permit 20 | |
2346 | match community cm-prefmod-200 | |
2347 | set local-preference 200 | |
2348 | route-map rm-prefmod permit 30 | |
2349 | match community cm-prefmod-300 | |
2350 | set local-preference 300 | |
2351 | route-map rm-prefmod permit 40 | |
2352 | match community cm-prefmod-400 | |
2353 | set local-preference 400 | |
2354 | route-map rm-prefmod permit 50 | |
2355 | ! | |
2356 | ! Community actions to take on receipt of route. | |
2357 | route-map rm-community-in permit 10 | |
2358 | description check for blackholing, no point continuing if it matches. | |
2359 | match community cm-blackhole | |
2360 | call rm-blackhole | |
2361 | route-map rm-community-in permit 20 | |
2362 | match community cm-set-no-export | |
2363 | call rm-no-export | |
2364 | on-match next | |
2365 | route-map rm-community-in permit 30 | |
2366 | match community cme-prefmod-range | |
2367 | call rm-prefmod | |
2368 | route-map rm-community-in permit 40 | |
2369 | ! | |
2370 | ! ##################################################################### | |
2371 | ! Community actions to take when advertising a route. | |
2372 | ! These are filtering route-maps, | |
2373 | ! | |
2374 | ! Deny customer routes to upstream with cust-only set. | |
2375 | route-map rm-community-filt-to-upstream deny 10 | |
2376 | match community cm-learnt-cust | |
2377 | match community cm-cust-only | |
2378 | route-map rm-community-filt-to-upstream permit 20 | |
2379 | ! | |
2380 | ! Deny customer routes to other customers with upstream-only set. | |
2381 | route-map rm-community-filt-to-cust deny 10 | |
2382 | match community cm-learnt-cust | |
2383 | match community cm-upstream-only | |
2384 | route-map rm-community-filt-to-cust permit 20 | |
2385 | ! | |
2386 | ! ################################################################### | |
2387 | ! The top-level route-maps applied to sessions. Further entries could | |
2388 | ! be added obviously.. | |
2389 | ! | |
2390 | ! Customers | |
2391 | route-map rm-cust-in permit 10 | |
2392 | call rm-community-in | |
2393 | on-match next | |
2394 | route-map rm-cust-in permit 20 | |
2395 | set community additive 64512:3100 | |
2396 | route-map rm-cust-in permit 30 | |
2397 | ! | |
2398 | route-map rm-cust-out permit 10 | |
2399 | call rm-community-filt-to-cust | |
2400 | on-match next | |
2401 | route-map rm-cust-out permit 20 | |
2402 | ! | |
2403 | ! Upstream transit ASes | |
2404 | route-map rm-upstream-out permit 10 | |
2405 | description filter customer prefixes which are marked cust-only | |
2406 | call rm-community-filt-to-upstream | |
2407 | on-match next | |
2408 | route-map rm-upstream-out permit 20 | |
2409 | description only customer routes are provided to upstreams/peers | |
2410 | match community cm-learnt-cust | |
2411 | ! | |
2412 | ! Peer ASes | |
2413 | ! outbound policy is same as for upstream | |
2414 | route-map rm-peer-out permit 10 | |
2415 | call rm-upstream-out | |
2416 | ! | |
2417 | route-map rm-peer-in permit 10 | |
2418 | set community additive 64512:3200 | |
c3c5a71f | 2419 | |
9e146a81 | 2420 | .. include:: routeserver.rst |
f3817860 QY |
2421 | |
2422 | .. include:: rpki.rst | |
c1a54c05 QY |
2423 | |
2424 | ||
4b44467c | 2425 | .. [#med-transitivity-rant] For some set of objects to have an order, there *must* be some binary ordering relation that is defined for *every* combination of those objects, and that relation *must* be transitive. I.e.:, if the relation operator is <, and if a < b and b < c then that relation must carry over and it *must* be that a < c for the objects to have an order. The ordering relation may allow for equality, i.e. a < b and b < a may both be true amd imply that a and b are equal in the order and not distinguished by it, in which case the set has a partial order. Otherwise, if there is an order, all the objects have a distinct place in the order and the set has a total order) |
c1a54c05 QY |
2426 | .. [bgp-route-osci-cond] McPherson, D. and Gill, V. and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation Condition", IETF RFC3345 |
2427 | .. [stable-flexible-ibgp] Flavel, A. and M. Roughan, "Stable and flexible iBGP", ACM SIGCOMM 2009 | |
2428 | .. [ibgp-correctness] Griffin, T. and G. Wilfong, "On the correctness of IBGP configuration", ACM SIGCOMM 2002 |