]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _bgp: |
42fc5d26 QY |
2 | |
3 | *** | |
4 | BGP | |
5 | *** | |
6 | ||
c3c5a71f QY |
7 | :abbr:`BGP` stands for a Border Gateway Protocol. The lastest BGP version is 4. |
8 | It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols and | |
9 | de-fact standard of Inter Domain routing protocol. BGP-4 is described in | |
07a17e6d | 10 | :rfc:`1771`. |
42fc5d26 | 11 | |
07a17e6d QY |
12 | Many extensions have been added to :rfc:`1771`. :rfc:`2858` provides |
13 | multiprotocol support to BGP-4. | |
42fc5d26 | 14 | |
0efdf0fe | 15 | .. _starting-bgp: |
42fc5d26 QY |
16 | |
17 | Starting BGP | |
18 | ============ | |
19 | ||
c1a54c05 QY |
20 | Default configuration file of *bgpd* is :file:`bgpd.conf`. *bgpd* searches the |
21 | current directory first then |INSTALL_PREFIX_ETC|/bgpd.conf. All of bgpd's | |
22 | command must be configured in :file:`bgpd.conf`. | |
42fc5d26 | 23 | |
c1a54c05 | 24 | *bgpd* specific invocation options are described below. Common options may also |
0efdf0fe | 25 | be specified (:ref:`common-invocation-options`). |
42fc5d26 | 26 | |
c1a54c05 | 27 | .. program:: bgpd |
42fc5d26 | 28 | |
c1a54c05 QY |
29 | .. option:: -p <port> |
30 | .. option:: --bgp_port <port> | |
42fc5d26 | 31 | |
c1a54c05 | 32 | Set the bgp protocol's port number. |
42fc5d26 | 33 | |
c1a54c05 QY |
34 | .. option:: -r |
35 | .. option:: --retain | |
42fc5d26 | 36 | |
c1a54c05 | 37 | When program terminates, retain BGP routes added by zebra. |
42fc5d26 | 38 | |
c1a54c05 QY |
39 | .. option:: -l |
40 | .. option:: --listenon | |
42fc5d26 | 41 | |
c1a54c05 QY |
42 | Specify a specific IP address for bgpd to listen on, rather than its |
43 | default of INADDR_ANY / IN6ADDR_ANY. This can be useful to constrain bgpd | |
44 | to an internal address, or to run multiple bgpd processes on one host. | |
42fc5d26 QY |
45 | |
46 | ||
0efdf0fe | 47 | .. _bgp-router: |
42fc5d26 QY |
48 | |
49 | BGP router | |
50 | ========== | |
51 | ||
c1a54c05 QY |
52 | First of all you must configure BGP router with *router bgp* command. To |
53 | configure BGP router, you need AS number. AS number is an identification of | |
54 | autonomous system. BGP protocol uses the AS number for detecting whether the | |
55 | BGP connection is internal one or external one. | |
42fc5d26 | 56 | |
c3c5a71f | 57 | .. index:: router bgp ASN |
29adcd50 | 58 | .. clicmd:: router bgp ASN |
42fc5d26 | 59 | |
c1a54c05 QY |
60 | Enable a BGP protocol process with the specified ASN. After |
61 | this statement you can input any `BGP Commands`. You can not | |
62 | create different BGP process under different ASN without | |
0efdf0fe | 63 | specifying `multiple-instance` (:ref:`multiple-instance`). |
42fc5d26 | 64 | |
c1a54c05 | 65 | .. index:: no router bgp ASN |
29adcd50 | 66 | .. clicmd:: no router bgp ASN |
42fc5d26 | 67 | |
c1a54c05 | 68 | Destroy a BGP protocol process with the specified ASN. |
42fc5d26 | 69 | |
c1a54c05 QY |
70 | .. index:: bgp router-id A.B.C.D |
71 | .. clicmd:: bgp router-id A.B.C.D | |
c3c5a71f | 72 | |
c1a54c05 QY |
73 | This command specifies the router-ID. If *bgpd* connects to *zebra* it gets |
74 | interface and address information. In that case default router ID value is | |
75 | selected as the largest IP Address of the interfaces. When `router zebra` is | |
76 | not enabled *bgpd* can't get interface information so `router-id` is set to | |
77 | 0.0.0.0. So please set router-id by hand. | |
42fc5d26 | 78 | |
0efdf0fe | 79 | .. _bgp-distance: |
42fc5d26 QY |
80 | |
81 | BGP distance | |
82 | ------------ | |
83 | ||
29adcd50 | 84 | .. index:: distance bgp (1-255) (1-255) (1-255) |
29adcd50 | 85 | .. clicmd:: distance bgp (1-255) (1-255) (1-255) |
42fc5d26 | 86 | |
c1a54c05 QY |
87 | This command change distance value of BGP. Each argument is distance value |
88 | for external routes, internal routes and local routes. | |
42fc5d26 | 89 | |
c1a54c05 QY |
90 | .. index:: distance (1-255) A.B.C.D/M |
91 | .. clicmd:: distance (1-255) A.B.C.D/M | |
c3c5a71f | 92 | |
c1a54c05 QY |
93 | .. index:: distance (1-255) A.B.C.D/M word |
94 | .. clicmd:: distance (1-255) A.B.C.D/M word | |
42fc5d26 | 95 | |
0efdf0fe | 96 | .. _bgp-decision-process: |
42fc5d26 QY |
97 | |
98 | BGP decision process | |
99 | -------------------- | |
100 | ||
dc1046f7 | 101 | The decision process FRR BGP uses to select routes is as follows: |
42fc5d26 | 102 | |
07738543 | 103 | 1. *Weight check* |
c1a54c05 | 104 | Prefer higher local weight routes to lower routes. |
42fc5d26 | 105 | |
07738543 | 106 | 2. *Local preference check* |
c1a54c05 | 107 | Prefer higher local preference routes to lower. |
42fc5d26 | 108 | |
07738543 | 109 | 3. *Local route check* |
c1a54c05 | 110 | Prefer local routes (statics, aggregates, redistributed) to received routes. |
42fc5d26 | 111 | |
07738543 | 112 | 4. *AS path length check* |
c1a54c05 | 113 | Prefer shortest hop-count AS_PATHs. |
42fc5d26 | 114 | |
07738543 | 115 | 5. *Origin check* |
c1a54c05 QY |
116 | Prefer the lowest origin type route. That is, prefer IGP origin routes to |
117 | EGP, to Incomplete routes. | |
42fc5d26 | 118 | |
07738543 | 119 | 6. *MED check* |
c1a54c05 | 120 | Where routes with a MED were received from the same AS, prefer the route |
0efdf0fe | 121 | with the lowest MED. :ref:`bgp-med`. |
42fc5d26 | 122 | |
07738543 | 123 | 7. *External check* |
c1a54c05 QY |
124 | Prefer the route received from an external, eBGP peer over routes received |
125 | from other types of peers. | |
42fc5d26 | 126 | |
07738543 | 127 | 8. *IGP cost check* |
c1a54c05 | 128 | Prefer the route with the lower IGP cost. |
42fc5d26 | 129 | |
07738543 | 130 | 9. *Multi-path check* |
c1a54c05 QY |
131 | If multi-pathing is enabled, then check whether the routes not yet |
132 | distinguished in preference may be considered equal. If | |
9e146a81 | 133 | :clicmd:`bgp bestpath as-path multipath-relax` is set, all such routes are |
c1a54c05 QY |
134 | considered equal, otherwise routes received via iBGP with identical AS_PATHs |
135 | or routes received from eBGP neighbours in the same AS are considered equal. | |
42fc5d26 | 136 | |
07738543 QY |
137 | 10. *Already-selected external check* |
138 | Where both routes were received from eBGP peers, then prefer the route | |
139 | which is already selected. Note that this check is not applied if | |
140 | :clicmd:`bgp bestpath compare-routerid` is configured. This check can | |
141 | prevent some cases of oscillation. | |
142 | ||
143 | 11. *Router-ID check* | |
144 | Prefer the route with the lowest `router-ID`. If the route has an | |
145 | `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is | |
146 | used, otherwise the `router-ID` of the peer the route was received from is | |
147 | used. | |
148 | ||
149 | 12. *Cluster-List length check* | |
150 | The route with the shortest cluster-list length is used. The cluster-list | |
151 | reflects the iBGP reflection path the route has taken. | |
152 | ||
153 | 13. *Peer address* | |
154 | Prefer the route received from the peer with the higher transport layer | |
155 | address, as a last-resort tie-breaker. | |
42fc5d26 | 156 | |
c3c5a71f | 157 | |
c1a54c05 | 158 | .. index:: bgp bestpath as-path confed |
29adcd50 | 159 | .. clicmd:: bgp bestpath as-path confed |
42fc5d26 | 160 | |
c1a54c05 QY |
161 | This command specifies that the length of confederation path sets and |
162 | sequences should should be taken into account during the BGP best path | |
163 | decision process. | |
42fc5d26 | 164 | |
c3c5a71f | 165 | .. index:: bgp bestpath as-path multipath-relax |
29adcd50 | 166 | .. clicmd:: bgp bestpath as-path multipath-relax |
42fc5d26 | 167 | |
c1a54c05 QY |
168 | This command specifies that BGP decision process should consider paths |
169 | of equal AS_PATH length candidates for multipath computation. Without | |
170 | the knob, the entire AS_PATH must match for multipath computation. | |
c3c5a71f | 171 | |
29adcd50 | 172 | .. clicmd:: bgp bestpath compare-routerid |
42fc5d26 | 173 | |
c1a54c05 QY |
174 | Ensure that when comparing routes where both are equal on most metrics, |
175 | including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken | |
176 | based on router-ID. | |
42fc5d26 | 177 | |
c1a54c05 QY |
178 | If this option is enabled, then the already-selected check, where |
179 | already selected eBGP routes are preferred, is skipped. | |
42fc5d26 | 180 | |
c1a54c05 QY |
181 | If a route has an `ORIGINATOR_ID` attribute because it has been reflected, |
182 | that `ORIGINATOR_ID` will be used. Otherwise, the router-ID of the peer the | |
183 | route was received from will be used. | |
42fc5d26 | 184 | |
c1a54c05 QY |
185 | The advantage of this is that the route-selection (at this point) will be |
186 | more deterministic. The disadvantage is that a few or even one lowest-ID | |
187 | router may attract all trafic to otherwise-equal paths because of this | |
188 | check. It may increase the possibility of MED or IGP oscillation, unless | |
189 | other measures were taken to avoid these. The exact behaviour will be | |
190 | sensitive to the iBGP and reflection topology. | |
42fc5d26 QY |
191 | |
192 | ||
0efdf0fe | 193 | .. _bgp-route-flap-dampening: |
42fc5d26 QY |
194 | |
195 | BGP route flap dampening | |
196 | ------------------------ | |
197 | ||
c1a54c05 QY |
198 | .. clicmd:: bgp dampening (1-45) (1-20000) (1-20000) (1-255) |
199 | ||
c1a54c05 | 200 | This command enables BGP route-flap dampening and specifies dampening parameters. |
42fc5d26 | 201 | |
c1a54c05 QY |
202 | half-life |
203 | Half-life time for the penalty | |
42fc5d26 | 204 | |
c1a54c05 QY |
205 | reuse-threshold |
206 | Value to start reusing a route | |
42fc5d26 | 207 | |
c1a54c05 QY |
208 | suppress-threshold |
209 | Value to start suppressing a route | |
42fc5d26 | 210 | |
c1a54c05 QY |
211 | max-suppress |
212 | Maximum duration to suppress a stable route | |
42fc5d26 | 213 | |
c1a54c05 QY |
214 | The route-flap damping algorithm is compatible with :rfc:`2439`. The use of |
215 | this command is not recommended nowadays. | |
42fc5d26 | 216 | |
c1a54c05 QY |
217 | .. seealso:: |
218 | ||
219 | `http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378 <http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378>`_ | |
42fc5d26 | 220 | |
0efdf0fe | 221 | .. _bgp-med: |
42fc5d26 QY |
222 | |
223 | BGP MED | |
224 | ======= | |
225 | ||
c1a54c05 QY |
226 | The BGP :abbr:`MED (Multi Exit Discriminator)` attribute has properties which |
227 | can cause subtle convergence problems in BGP. These properties and problems | |
228 | have proven to be hard to understand, at least historically, and may still not | |
229 | be widely understood. The following attempts to collect together and present | |
230 | what is known about MED, to help operators and FRR users in designing and | |
231 | configuring their networks. | |
42fc5d26 | 232 | |
07a17e6d QY |
233 | The BGP :abbr:`MED` attribute is intended to allow one AS to indicate its |
234 | preferences for its ingress points to another AS. The MED attribute will not be | |
235 | propagated on to another AS by the receiving AS - it is 'non-transitive' in the | |
236 | BGP sense. | |
42fc5d26 | 237 | |
c1a54c05 QY |
238 | E.g., if AS X and AS Y have 2 different BGP peering points, then AS X might set |
239 | a MED of 100 on routes advertised at one and a MED of 200 at the other. When AS | |
240 | Y selects between otherwise equal routes to or via AS X, AS Y should prefer to | |
241 | take the path via the lower MED peering of 100 with AS X. Setting the MED | |
242 | allows an AS to influence the routing taken to it within another, neighbouring | |
243 | AS. | |
42fc5d26 QY |
244 | |
245 | In this use of MED it is not really meaningful to compare the MED value on | |
c1a54c05 QY |
246 | routes where the next AS on the paths differs. E.g., if AS Y also had a route |
247 | for some destination via AS Z in addition to the routes from AS X, and AS Z had | |
248 | also set a MED, it wouldn't make sense for AS Y to compare AS Z's MED values to | |
249 | those of AS X. The MED values have been set by different administrators, with | |
250 | different frames of reference. | |
42fc5d26 QY |
251 | |
252 | The default behaviour of BGP therefore is to not compare MED values across | |
dc1046f7 | 253 | routes received from different neighbouring ASes. In FRR this is done by |
c1a54c05 QY |
254 | comparing the neighbouring, left-most AS in the received AS_PATHs of the routes |
255 | and only comparing MED if those are the same. | |
256 | ||
257 | Unfortunately, this behaviour of MED, of sometimes being compared across routes | |
258 | and sometimes not, depending on the properties of those other routes, means MED | |
259 | can cause the order of preference over all the routes to be undefined. That is, | |
260 | given routes A, B, and C, if A is preferred to B, and B is preferred to C, then | |
261 | a well-defined order should mean the preference is transitive (in the sense of | |
013f9762 | 262 | orders [#med-transitivity-rant]_) and that A would be preferred to C. |
42fc5d26 | 263 | |
c3c5a71f QY |
264 | However, when MED is involved this need not be the case. With MED it is |
265 | possible that C is actually preferred over A. So A is preferred to B, B is | |
266 | preferred to C, but C is preferred to A. This can be true even where BGP | |
c1a54c05 QY |
267 | defines a deterministic 'most preferred' route out of the full set of A,B,C. |
268 | With MED, for any given set of routes there may be a deterministically | |
269 | preferred route, but there need not be any way to arrange them into any order | |
270 | of preference. With unmodified MED, the order of preference of routes literally | |
271 | becomes undefined. | |
42fc5d26 | 272 | |
c3c5a71f | 273 | That MED can induce non-transitive preferences over routes can cause issues. |
c1a54c05 QY |
274 | Firstly, it may be perceived to cause routing table churn locally at speakers; |
275 | secondly, and more seriously, it may cause routing instability in iBGP | |
276 | topologies, where sets of speakers continually oscillate between different | |
277 | paths. | |
42fc5d26 | 278 | |
c3c5a71f | 279 | The first issue arises from how speakers often implement routing decisions. |
c1a54c05 QY |
280 | Though BGP defines a selection process that will deterministically select the |
281 | same route as best at any given speaker, even with MED, that process requires | |
282 | evaluating all routes together. For performance and ease of implementation | |
283 | reasons, many implementations evaluate route preferences in a pair-wise fashion | |
284 | instead. Given there is no well-defined order when MED is involved, the best | |
285 | route that will be chosen becomes subject to implementation details, such as | |
286 | the order the routes are stored in. That may be (locally) non-deterministic, | |
287 | e.g.: it may be the order the routes were received in. | |
42fc5d26 QY |
288 | |
289 | This indeterminism may be considered undesirable, though it need not cause | |
c1a54c05 QY |
290 | problems. It may mean additional routing churn is perceived, as sometimes more |
291 | updates may be produced than at other times in reaction to some event . | |
42fc5d26 QY |
292 | |
293 | This first issue can be fixed with a more deterministic route selection that | |
c3c5a71f | 294 | ensures routes are ordered by the neighbouring AS during selection. |
9e146a81 | 295 | :clicmd:`bgp deterministic-med`. This may reduce the number of updates as routes |
c1a54c05 QY |
296 | are received, and may in some cases reduce routing churn. Though, it could |
297 | equally deterministically produce the largest possible set of updates in | |
298 | response to the most common sequence of received updates. | |
42fc5d26 QY |
299 | |
300 | A deterministic order of evaluation tends to imply an additional overhead of | |
c3c5a71f | 301 | sorting over any set of n routes to a destination. The implementation of |
dc1046f7 | 302 | deterministic MED in FRR scales significantly worse than most sorting |
c1a54c05 QY |
303 | algorithms at present, with the number of paths to a given destination. That |
304 | number is often low enough to not cause any issues, but where there are many | |
305 | paths, the deterministic comparison may quickly become increasingly expensive | |
306 | in terms of CPU. | |
307 | ||
308 | Deterministic local evaluation can *not* fix the second, more major, issue of | |
309 | MED however. Which is that the non-transitive preference of routes MED can | |
310 | cause may lead to routing instability or oscillation across multiple speakers | |
311 | in iBGP topologies. This can occur with full-mesh iBGP, but is particularly | |
312 | problematic in non-full-mesh iBGP topologies that further reduce the routing | |
313 | information known to each speaker. This has primarily been documented with iBGP | |
314 | route-reflection topologies. However, any route-hiding technologies potentially | |
315 | could also exacerbate oscillation with MED. | |
316 | ||
317 | This second issue occurs where speakers each have only a subset of routes, and | |
318 | there are cycles in the preferences between different combinations of routes - | |
319 | as the undefined order of preference of MED allows - and the routes are | |
320 | distributed in a way that causes the BGP speakers to 'chase' those cycles. This | |
321 | can occur even if all speakers use a deterministic order of evaluation in route | |
322 | selection. | |
323 | ||
324 | E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and from | |
325 | speaker 3 in AS Y; while speaker 5 in AS A might receive that route from | |
326 | speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100 at speaker | |
327 | 3. I.e, using ASN:ID:MED to label the speakers: | |
42fc5d26 QY |
328 | |
329 | :: | |
330 | ||
c1a54c05 QY |
331 | . |
332 | /---------------\\ | |
42fc5d26 | 333 | X:2------|--A:4-------A:5--|-Y:1:200 |
c1a54c05 QY |
334 | Y:3:100--|-/ | |
335 | \\---------------/ | |
c3c5a71f | 336 | |
42fc5d26 | 337 | |
42fc5d26 | 338 | |
c1a54c05 QY |
339 | Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then based |
340 | on the RFC4271 decision process speaker 4 will choose X:2 over Y:3:100, based | |
341 | on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5. Speaker 5 will | |
342 | continue to prefer Y:1:200 based on the ID, and advertise this to speaker 4. | |
343 | Speaker 4 will now have the full set of routes, and the Y:1:200 it receives | |
344 | from 5 will beat X:2, but when speaker 4 compares Y:1:200 to Y:3:100 the MED | |
345 | check now becomes active as the ASes match, and now Y:3:100 is preferred. | |
346 | Speaker 4 therefore now advertises Y:3:100 to 5, which will also agrees that | |
347 | Y:3:100 is preferred to Y:1:200, and so withdraws the latter route from 4. | |
348 | Speaker 4 now has only X:2 and Y:3:100, and X:2 beats Y:3:100, and so speaker 4 | |
349 | implicitly updates its route to speaker 5 to X:2. Speaker 5 sees that Y:1:200 | |
350 | beats X:2 based on the ID, and advertises Y:1:200 to speaker 4, and the cycle | |
351 | continues. | |
42fc5d26 QY |
352 | |
353 | The root cause is the lack of a clear order of preference caused by how MED | |
354 | sometimes is and sometimes is not compared, leading to this cycle in the | |
355 | preferences between the routes: | |
356 | ||
357 | :: | |
358 | ||
c1a54c05 QY |
359 | . |
360 | /---> X:2 ---beats---> Y:3:100 --\\ | |
361 | | | | |
362 | | | | |
363 | \\---beats--- Y:1:200 <---beats---/ | |
c3c5a71f | 364 | |
42fc5d26 | 365 | |
42fc5d26 QY |
366 | |
367 | This particular type of oscillation in full-mesh iBGP topologies can be | |
368 | avoided by speakers preferring already selected, external routes rather than | |
c1a54c05 QY |
369 | choosing to update to new a route based on a post-MED metric (e.g. router-ID), |
370 | at the cost of a non-deterministic selection process. FRR implements this, as | |
371 | do many other implementations, so long as it is not overridden by setting | |
9e146a81 QY |
372 | :clicmd:`bgp bestpath compare-routerid`, and see also |
373 | :ref:`bgp-decision-process`. | |
42fc5d26 QY |
374 | |
375 | However, more complex and insidious cycles of oscillation are possible with | |
c3c5a71f | 376 | iBGP route-reflection, which are not so easily avoided. These have been |
c1a54c05 QY |
377 | documented in various places. See, e.g.: |
378 | ||
379 | - [bgp-route-osci-cond]_ | |
380 | - [stable-flexible-ibgp]_ | |
381 | - [ibgp-correctness]_ | |
382 | ||
383 | for concrete examples and further references. | |
384 | ||
385 | There is as of this writing *no* known way to use MED for its original purpose; | |
386 | *and* reduce routing information in iBGP topologies; *and* be sure to avoid the | |
387 | instability problems of MED due the non-transitive routing preferences it can | |
388 | induce; in general on arbitrary networks. | |
389 | ||
390 | There may be iBGP topology specific ways to reduce the instability risks, even | |
391 | while using MED, e.g.: by constraining the reflection topology and by tuning | |
013f9762 | 392 | IGP costs between route-reflector clusters, see :rfc:`3345` for details. In the |
c1a54c05 QY |
393 | near future, the Add-Path extension to BGP may also solve MED oscillation while |
394 | still allowing MED to be used as intended, by distributing "best-paths per | |
395 | neighbour AS". This would be at the cost of distributing at least as many | |
396 | routes to all speakers as a full-mesh iBGP would, if not more, while also | |
397 | imposing similar CPU overheads as the "Deterministic MED" feature at each | |
398 | Add-Path reflector. | |
42fc5d26 QY |
399 | |
400 | More generally, the instability problems that MED can introduce on more | |
401 | complex, non-full-mesh, iBGP topologies may be avoided either by: | |
402 | ||
013f9762 | 403 | - Setting :clicmd:`bgp always-compare-med`, however this allows MED to be compared |
42fc5d26 QY |
404 | across values set by different neighbour ASes, which may not produce |
405 | coherent desirable results, of itself. | |
4b44467c | 406 | - Effectively ignoring MED by setting MED to the same value (e.g.: 0) using |
013f9762 QY |
407 | :clicmd:`set metric METRIC` on all received routes, in combination with |
408 | setting :clicmd:`bgp always-compare-med` on all speakers. This is the simplest | |
42fc5d26 QY |
409 | and most performant way to avoid MED oscillation issues, where an AS is happy |
410 | not to allow neighbours to inject this problematic metric. | |
411 | ||
42fc5d26 QY |
412 | As MED is evaluated after the AS_PATH length check, another possible use for |
413 | MED is for intra-AS steering of routes with equal AS_PATH length, as an | |
c1a54c05 QY |
414 | extension of the last case above. As MED is evaluated before IGP metric, this |
415 | can allow cold-potato routing to be implemented to send traffic to preferred | |
416 | hand-offs with neighbours, rather than the closest hand-off according to the | |
417 | IGP metric. | |
418 | ||
419 | Note that even if action is taken to address the MED non-transitivity issues, | |
420 | other oscillations may still be possible. E.g., on IGP cost if iBGP and IGP | |
421 | topologies are at cross-purposes with each other - see the Flavel and Roughan | |
422 | paper above for an example. Hence the guideline that the iBGP topology should | |
423 | follow the IGP topology. | |
424 | ||
c3c5a71f | 425 | .. index:: bgp deterministic-med |
29adcd50 | 426 | .. clicmd:: bgp deterministic-med |
42fc5d26 | 427 | |
c1a54c05 QY |
428 | Carry out route-selection in way that produces deterministic answers |
429 | locally, even in the face of MED and the lack of a well-defined order of | |
430 | preference it can induce on routes. Without this option the preferred route | |
431 | with MED may be determined largely by the order that routes were received | |
432 | in. | |
42fc5d26 | 433 | |
c1a54c05 QY |
434 | Setting this option will have a performance cost that may be noticeable when |
435 | there are many routes for each destination. Currently in FRR it is | |
436 | implemented in a way that scales poorly as the number of routes per | |
437 | destination increases. | |
42fc5d26 | 438 | |
c1a54c05 | 439 | The default is that this option is not set. |
42fc5d26 QY |
440 | |
441 | Note that there are other sources of indeterminism in the route selection | |
442 | process, specifically, the preference for older and already selected routes | |
0efdf0fe | 443 | from eBGP peers, :ref:`bgp-decision-process`. |
42fc5d26 | 444 | |
c3c5a71f | 445 | .. index:: bgp always-compare-med |
29adcd50 | 446 | .. clicmd:: bgp always-compare-med |
42fc5d26 | 447 | |
c1a54c05 QY |
448 | Always compare the MED on routes, even when they were received from |
449 | different neighbouring ASes. Setting this option makes the order of | |
450 | preference of routes more defined, and should eliminate MED induced | |
451 | oscillations. | |
42fc5d26 | 452 | |
c1a54c05 | 453 | If using this option, it may also be desirable to use |
9e146a81 | 454 | :clicmd:`set metric METRIC` to set MED to 0 on routes received from external |
c1a54c05 | 455 | neighbours. |
42fc5d26 | 456 | |
9e146a81 QY |
457 | This option can be used, together with :clicmd:`set metric METRIC` to use |
458 | MED as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., | |
459 | desired exit points. | |
42fc5d26 | 460 | |
0efdf0fe | 461 | .. _bgp-network: |
42fc5d26 QY |
462 | |
463 | BGP network | |
464 | =========== | |
465 | ||
466 | ||
0efdf0fe | 467 | .. _bgp-route: |
42fc5d26 QY |
468 | |
469 | BGP route | |
470 | --------- | |
471 | ||
c1a54c05 QY |
472 | .. index:: network A.B.C.D/M |
473 | .. clicmd:: network A.B.C.D/M | |
42fc5d26 | 474 | |
c1a54c05 | 475 | This command adds the announcement network.:: |
c3c5a71f | 476 | |
c1a54c05 QY |
477 | router bgp 1 |
478 | address-family ipv4 unicast | |
479 | network 10.0.0.0/8 | |
480 | exit-address-family | |
42fc5d26 | 481 | |
c1a54c05 QY |
482 | This configuration example says that network 10.0.0.0/8 will be |
483 | announced to all neighbors. Some vendors' routers don't advertise | |
484 | routes if they aren't present in their IGP routing tables; `bgpd` | |
485 | doesn't care about IGP routes when announcing its routes. | |
c3c5a71f | 486 | |
c1a54c05 QY |
487 | .. index:: no network A.B.C.D/M |
488 | .. clicmd:: no network A.B.C.D/M | |
42fc5d26 | 489 | |
42fc5d26 | 490 | |
0efdf0fe | 491 | .. _route-aggregation: |
42fc5d26 QY |
492 | |
493 | Route Aggregation | |
494 | ----------------- | |
495 | ||
c1a54c05 QY |
496 | .. index:: aggregate-address A.B.C.D/M |
497 | .. clicmd:: aggregate-address A.B.C.D/M | |
c3c5a71f | 498 | |
c1a54c05 | 499 | This command specifies an aggregate address. |
42fc5d26 | 500 | |
c1a54c05 QY |
501 | .. index:: aggregate-address A.B.C.D/M as-set |
502 | .. clicmd:: aggregate-address A.B.C.D/M as-set | |
42fc5d26 | 503 | |
c1a54c05 QY |
504 | This command specifies an aggregate address. Resulting routes include |
505 | AS set. | |
42fc5d26 | 506 | |
c1a54c05 QY |
507 | .. index:: aggregate-address A.B.C.D/M summary-only |
508 | .. clicmd:: aggregate-address A.B.C.D/M summary-only | |
c3c5a71f | 509 | |
c1a54c05 QY |
510 | This command specifies an aggregate address. Aggreated routes will |
511 | not be announce. | |
42fc5d26 | 512 | |
c1a54c05 QY |
513 | .. index:: no aggregate-address A.B.C.D/M |
514 | .. clicmd:: no aggregate-address A.B.C.D/M | |
c3c5a71f | 515 | |
42fc5d26 | 516 | |
42fc5d26 | 517 | |
0efdf0fe | 518 | .. _redistribute-to-bgp: |
42fc5d26 QY |
519 | |
520 | Redistribute to BGP | |
521 | ------------------- | |
522 | ||
c3c5a71f | 523 | .. index:: redistribute kernel |
29adcd50 | 524 | .. clicmd:: redistribute kernel |
42fc5d26 | 525 | |
c1a54c05 | 526 | Redistribute kernel route to BGP process. |
42fc5d26 | 527 | |
c3c5a71f | 528 | .. index:: redistribute static |
29adcd50 | 529 | .. clicmd:: redistribute static |
42fc5d26 | 530 | |
c1a54c05 | 531 | Redistribute static route to BGP process. |
42fc5d26 | 532 | |
c3c5a71f | 533 | .. index:: redistribute connected |
29adcd50 | 534 | .. clicmd:: redistribute connected |
42fc5d26 | 535 | |
c1a54c05 | 536 | Redistribute connected route to BGP process. |
42fc5d26 | 537 | |
c3c5a71f | 538 | .. index:: redistribute rip |
29adcd50 | 539 | .. clicmd:: redistribute rip |
42fc5d26 | 540 | |
c1a54c05 | 541 | Redistribute RIP route to BGP process. |
42fc5d26 | 542 | |
c3c5a71f | 543 | .. index:: redistribute ospf |
29adcd50 | 544 | .. clicmd:: redistribute ospf |
42fc5d26 | 545 | |
c1a54c05 | 546 | Redistribute OSPF route to BGP process. |
42fc5d26 | 547 | |
c3c5a71f | 548 | .. index:: redistribute vpn |
29adcd50 | 549 | .. clicmd:: redistribute vpn |
42fc5d26 | 550 | |
c1a54c05 | 551 | Redistribute VNC routes to BGP process. |
42fc5d26 | 552 | |
c1a54c05 QY |
553 | .. index:: update-delay MAX-DELAY |
554 | .. clicmd:: update-delay MAX-DELAY | |
c3c5a71f | 555 | |
c1a54c05 QY |
556 | .. index:: update-delay MAX-DELAY ESTABLISH-WAIT |
557 | .. clicmd:: update-delay MAX-DELAY ESTABLISH-WAIT | |
c3c5a71f | 558 | |
c1a54c05 QY |
559 | This feature is used to enable read-only mode on BGP process restart or when |
560 | BGP process is cleared using 'clear ip bgp \*'. When applicable, read-only | |
561 | mode would begin as soon as the first peer reaches Established status and a | |
562 | timer for max-delay seconds is started. | |
42fc5d26 | 563 | |
c1a54c05 QY |
564 | During this mode BGP doesn't run any best-path or generate any updates to its |
565 | peers. This mode continues until: | |
42fc5d26 | 566 | |
c1a54c05 QY |
567 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR |
568 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
569 | Established is considered an implicit-EOR. | |
570 | If the establish-wait optional value is given, then BGP will wait for | |
571 | peers to reach established from the begining of the update-delay till the | |
572 | establish-wait period is over, i.e. the minimum set of established peers for | |
573 | which EOR is expected would be peers established during the establish-wait | |
574 | window, not necessarily all the configured neighbors. | |
575 | 2. max-delay period is over. | |
42fc5d26 | 576 | |
c1a54c05 QY |
577 | On hitting any of the above two conditions, BGP resumes the decision process |
578 | and generates updates to its peers. | |
42fc5d26 | 579 | |
c1a54c05 | 580 | Default max-delay is 0, i.e. the feature is off by default. |
c3c5a71f | 581 | |
c1a54c05 QY |
582 | .. index:: table-map ROUTE-MAP-NAME |
583 | .. clicmd:: table-map ROUTE-MAP-NAME | |
42fc5d26 | 584 | |
c1a54c05 QY |
585 | This feature is used to apply a route-map on route updates from BGP to |
586 | Zebra. All the applicable match operations are allowed, such as match on | |
587 | prefix, next-hop, communities, etc. Set operations for this attach-point are | |
588 | limited to metric and next-hop only. Any operation of this feature does not | |
589 | affect BGPs internal RIB. | |
42fc5d26 | 590 | |
c1a54c05 QY |
591 | Supported for ipv4 and ipv6 address families. It works on multi-paths as |
592 | well, however, metric setting is based on the best-path only. | |
42fc5d26 | 593 | |
0efdf0fe | 594 | .. _bgp-peer: |
42fc5d26 QY |
595 | |
596 | BGP Peer | |
597 | ======== | |
598 | ||
0efdf0fe | 599 | .. _defining-peer: |
42fc5d26 QY |
600 | |
601 | Defining Peer | |
602 | ------------- | |
603 | ||
c1a54c05 QY |
604 | .. index:: neighbor PEER remote-as ASN |
605 | .. clicmd:: neighbor PEER remote-as ASN | |
42fc5d26 | 606 | |
c1a54c05 | 607 | Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address |
5413757f | 608 | or an IPv6 address or an interface to use for the connection.:: |
76bd1499 | 609 | |
c1a54c05 QY |
610 | router bgp 1 |
611 | neighbor 10.0.0.1 remote-as 2 | |
76bd1499 | 612 | |
c1a54c05 | 613 | In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1. |
76bd1499 | 614 | |
c1a54c05 QY |
615 | This command must be the first command used when configuring a neighbor. If |
616 | the remote-as is not specified, *bgpd* will complain like this::: | |
76bd1499 | 617 | |
c1a54c05 | 618 | can't find neighbor 10.0.0.1 |
c3c5a71f | 619 | |
5413757f DS |
620 | .. index:: neighbor PEER remote-as internal |
621 | .. clicmd:: neighbor PEER remote-as internal | |
622 | ||
623 | Create a peer as you would when you specify an ASN, except that if the | |
624 | peers ASN is different than mine as specified under the :clicmd:`router bgp ASN` | |
625 | command the connection will be denied. | |
626 | ||
627 | .. index:: neighbor PEER remote-as external | |
628 | .. clicmd:: neighbor PEER remote-as external | |
629 | ||
630 | Create a peer as you would when you specify an ASN, except that if the | |
631 | peers ASN is the same as mine as specified under the :clicmd:`router bgp ASN` | |
632 | command the connection will be denied. | |
42fc5d26 | 633 | |
0efdf0fe | 634 | .. _bgp-peer-commands: |
42fc5d26 QY |
635 | |
636 | BGP Peer commands | |
637 | ----------------- | |
638 | ||
639 | In a `router bgp` clause there are neighbor specific configurations | |
640 | required. | |
641 | ||
c1a54c05 QY |
642 | .. index:: neighbor PEER shutdown |
643 | .. clicmd:: neighbor PEER shutdown | |
c3c5a71f | 644 | |
c1a54c05 QY |
645 | .. index:: no neighbor PEER shutdown |
646 | .. clicmd:: no neighbor PEER shutdown | |
c3c5a71f | 647 | |
c1a54c05 QY |
648 | Shutdown the peer. We can delete the neighbor's configuration by |
649 | ``no neighbor PEER remote-as ASN`` but all configuration of the neighbor | |
650 | will be deleted. When you want to preserve the configuration, but want to | |
651 | drop the BGP peer, use this syntax. | |
c3c5a71f | 652 | |
c1a54c05 QY |
653 | .. index:: neighbor PEER ebgp-multihop |
654 | .. clicmd:: neighbor PEER ebgp-multihop | |
c3c5a71f | 655 | |
c1a54c05 QY |
656 | .. index:: no neighbor PEER ebgp-multihop |
657 | .. clicmd:: no neighbor PEER ebgp-multihop | |
c3c5a71f | 658 | |
c3c5a71f | 659 | |
c1a54c05 QY |
660 | .. index:: neighbor PEER description ... |
661 | .. clicmd:: neighbor PEER description ... | |
c3c5a71f | 662 | |
42fc5d26 | 663 | |
c1a54c05 QY |
664 | .. index:: no neighbor PEER description ... |
665 | .. clicmd:: no neighbor PEER description ... | |
42fc5d26 | 666 | |
c1a54c05 | 667 | Set description of the peer. |
42fc5d26 | 668 | |
c1a54c05 QY |
669 | .. index:: neighbor PEER version VERSION |
670 | .. clicmd:: neighbor PEER version VERSION | |
42fc5d26 | 671 | |
4da7fda3 QY |
672 | Set up the neighbor's BGP version. `version` can be `4`, `4+` or `4-`. BGP |
673 | version `4` is the default value used for BGP peering. BGP version `4+` | |
674 | means that the neighbor supports Multiprotocol Extensions for BGP-4. BGP | |
675 | version `4-` is similar but the neighbor speaks the old Internet-Draft | |
676 | revision 00's Multiprotocol Extensions for BGP-4. Some routing software is | |
677 | still using this version. | |
42fc5d26 | 678 | |
c1a54c05 QY |
679 | .. index:: neighbor PEER interface IFNAME |
680 | .. clicmd:: neighbor PEER interface IFNAME | |
42fc5d26 | 681 | |
42fc5d26 | 682 | |
c1a54c05 QY |
683 | .. index:: no neighbor PEER interface IFNAME |
684 | .. clicmd:: no neighbor PEER interface IFNAME | |
42fc5d26 | 685 | |
c1a54c05 QY |
686 | When you connect to a BGP peer over an IPv6 link-local address, you have to |
687 | specify the IFNAME of the interface used for the connection. To specify | |
688 | IPv4 session addresses, see the ``neighbor PEER update-source`` command | |
689 | below. | |
42fc5d26 | 690 | |
c1a54c05 QY |
691 | This command is deprecated and may be removed in a future release. Its use |
692 | should be avoided. | |
42fc5d26 | 693 | |
c1a54c05 QY |
694 | .. index:: neighbor PEER next-hop-self [all] |
695 | .. clicmd:: neighbor PEER next-hop-self [all] | |
42fc5d26 | 696 | |
42fc5d26 | 697 | |
c1a54c05 QY |
698 | .. index:: no neighbor PEER next-hop-self [all] |
699 | .. clicmd:: no neighbor PEER next-hop-self [all] | |
42fc5d26 | 700 | |
c1a54c05 QY |
701 | This command specifies an announced route's nexthop as being equivalent to |
702 | the address of the bgp router if it is learned via eBGP. If the optional | |
703 | keyword `all` is specified the modifiation is done also for routes learned | |
704 | via iBGP. | |
42fc5d26 | 705 | |
c1a54c05 QY |
706 | .. index:: neighbor PEER update-source <IFNAME|ADDRESS> |
707 | .. clicmd:: neighbor PEER update-source <IFNAME|ADDRESS> | |
42fc5d26 | 708 | |
42fc5d26 | 709 | |
c1a54c05 QY |
710 | .. index:: no neighbor PEER update-source |
711 | .. clicmd:: no neighbor PEER update-source | |
42fc5d26 | 712 | |
c1a54c05 QY |
713 | Specify the IPv4 source address to use for the :abbr:`BGP` session to this |
714 | neighbour, may be specified as either an IPv4 address directly or as an | |
715 | interface name (in which case the *zebra* daemon MUST be running in order | |
716 | for *bgpd* to be able to retrieve interface state).:: | |
42fc5d26 | 717 | |
c1a54c05 QY |
718 | router bgp 64555 |
719 | neighbor foo update-source 192.168.0.1 | |
720 | neighbor bar update-source lo0 | |
42fc5d26 | 721 | |
42fc5d26 | 722 | |
c1a54c05 QY |
723 | .. index:: neighbor PEER default-originate |
724 | .. clicmd:: neighbor PEER default-originate | |
42fc5d26 | 725 | |
c1a54c05 QY |
726 | .. index:: no neighbor PEER default-originate |
727 | .. clicmd:: no neighbor PEER default-originate | |
42fc5d26 | 728 | |
4da7fda3 QY |
729 | *bgpd*'s default is to not announce the default route (0.0.0.0/0) even if it |
730 | is in routing table. When you want to announce default routes to the peer, | |
731 | use this command. | |
42fc5d26 | 732 | |
c1a54c05 QY |
733 | .. index:: neighbor PEER port PORT |
734 | .. clicmd:: neighbor PEER port PORT | |
42fc5d26 | 735 | |
c1a54c05 QY |
736 | .. index:: neighbor PEER send-community |
737 | .. clicmd:: neighbor PEER send-community | |
42fc5d26 | 738 | |
c1a54c05 QY |
739 | .. index:: neighbor PEER weight WEIGHT |
740 | .. clicmd:: neighbor PEER weight WEIGHT | |
42fc5d26 | 741 | |
42fc5d26 | 742 | |
c1a54c05 QY |
743 | .. index:: no neighbor PEER weight WEIGHT |
744 | .. clicmd:: no neighbor PEER weight WEIGHT | |
42fc5d26 | 745 | |
c1a54c05 | 746 | This command specifies a default `weight` value for the neighbor's routes. |
42fc5d26 | 747 | |
c1a54c05 QY |
748 | .. index:: neighbor PEER maximum-prefix NUMBER |
749 | .. clicmd:: neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 750 | |
42fc5d26 | 751 | |
c1a54c05 QY |
752 | .. index:: no neighbor PEER maximum-prefix NUMBER |
753 | .. clicmd:: no neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 754 | |
42fc5d26 | 755 | |
c1a54c05 QY |
756 | .. index:: neighbor PEER local-as AS-NUMBER |
757 | .. clicmd:: neighbor PEER local-as AS-NUMBER | |
42fc5d26 | 758 | |
42fc5d26 | 759 | |
c1a54c05 QY |
760 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend |
761 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend | |
42fc5d26 | 762 | |
42fc5d26 | 763 | |
c1a54c05 QY |
764 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend replace-as |
765 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend replace-as | |
42fc5d26 | 766 | |
42fc5d26 | 767 | |
c1a54c05 QY |
768 | .. index:: no neighbor PEER local-as |
769 | .. clicmd:: no neighbor PEER local-as | |
42fc5d26 | 770 | |
c1a54c05 QY |
771 | Specify an alternate AS for this BGP process when interacting with the |
772 | specified peer. With no modifiers, the specified local-as is prepended to | |
773 | the received AS_PATH when receiving routing updates from the peer, and | |
774 | prepended to the outgoing AS_PATH (after the process local AS) when | |
775 | transmitting local routes to the peer. | |
42fc5d26 | 776 | |
c1a54c05 QY |
777 | If the no-prepend attribute is specified, then the supplied local-as is not |
778 | prepended to the received AS_PATH. | |
c3c5a71f | 779 | |
c1a54c05 QY |
780 | If the replace-as attribute is specified, then only the supplied local-as is |
781 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
c3c5a71f | 782 | |
c1a54c05 | 783 | Note that replace-as can only be specified if no-prepend is. |
c3c5a71f | 784 | |
c1a54c05 | 785 | This command is only allowed for eBGP peers. |
c3c5a71f | 786 | |
c1a54c05 QY |
787 | .. index:: neighbor PEER ttl-security hops NUMBER |
788 | .. clicmd:: neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 789 | |
c3c5a71f | 790 | |
c1a54c05 QY |
791 | .. index:: no neighbor PEER ttl-security hops NUMBER |
792 | .. clicmd:: no neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 793 | |
c1a54c05 QY |
794 | This command enforces Generalized TTL Security Mechanism (GTSM), as |
795 | specified in RFC 5082. With this command, only neighbors that are the | |
796 | specified number of hops away will be allowed to become neighbors. This | |
797 | command is mututally exclusive with *ebgp-multihop*. | |
42fc5d26 | 798 | |
0efdf0fe | 799 | .. _peer-filtering: |
42fc5d26 QY |
800 | |
801 | Peer filtering | |
802 | -------------- | |
803 | ||
c1a54c05 QY |
804 | .. index:: neighbor PEER distribute-list NAME [in|out] |
805 | .. clicmd:: neighbor PEER distribute-list NAME [in|out] | |
42fc5d26 | 806 | |
c1a54c05 QY |
807 | This command specifies a distribute-list for the peer. `direct` is |
808 | ``in`` or ``out``. | |
42fc5d26 | 809 | |
c3c5a71f | 810 | .. index:: neighbor PEER prefix-list NAME [in|out] |
29adcd50 | 811 | .. clicmd:: neighbor PEER prefix-list NAME [in|out] |
42fc5d26 | 812 | |
c1a54c05 | 813 | .. index:: neighbor PEER filter-list NAME [in|out] |
29adcd50 | 814 | .. clicmd:: neighbor PEER filter-list NAME [in|out] |
42fc5d26 | 815 | |
c1a54c05 QY |
816 | .. index:: neighbor PEER route-map NAME [in|out] |
817 | .. clicmd:: neighbor PEER route-map NAME [in|out] | |
42fc5d26 | 818 | |
c1a54c05 | 819 | Apply a route-map on the neighbor. `direct` must be `in` or `out`. |
42fc5d26 | 820 | |
c3c5a71f | 821 | .. index:: bgp route-reflector allow-outbound-policy |
29adcd50 | 822 | .. clicmd:: bgp route-reflector allow-outbound-policy |
42fc5d26 | 823 | |
c1a54c05 QY |
824 | By default, attribute modification via route-map policy out is not reflected |
825 | on reflected routes. This option allows the modifications to be reflected as | |
826 | well. Once enabled, it affects all reflected routes. | |
42fc5d26 | 827 | |
0efdf0fe | 828 | .. _bgp-peer-group: |
42fc5d26 QY |
829 | |
830 | BGP Peer Group | |
831 | ============== | |
832 | ||
c1a54c05 QY |
833 | .. index:: neighbor WORD peer-group |
834 | .. clicmd:: neighbor WORD peer-group | |
42fc5d26 | 835 | |
c1a54c05 | 836 | This command defines a new peer group. |
42fc5d26 | 837 | |
c1a54c05 QY |
838 | .. index:: neighbor PEER peer-group WORD |
839 | .. clicmd:: neighbor PEER peer-group WORD | |
c3c5a71f | 840 | |
c1a54c05 | 841 | This command bind specific peer to peer group WORD. |
42fc5d26 | 842 | |
0efdf0fe | 843 | .. _bgp-address-family: |
42fc5d26 QY |
844 | |
845 | BGP Address Family | |
846 | ================== | |
847 | ||
c1a54c05 QY |
848 | Multiprotocol BGP enables BGP to carry routing information for multiple Network |
849 | Layer protocols. BGP supports multiple Address Family Identifier (AFI), namely | |
850 | IPv4 and IPv6. Support is also provided for multiple sets of per-AFI | |
851 | information via Subsequent Address Family Identifiers (SAFI). In addition to | |
852 | unicast information, VPN information :rfc:`4364` and :rfc:`4659`, and | |
d38549c9 | 853 | Encapsulation attribute :rfc:`5512` is supported. |
42fc5d26 | 854 | |
d38549c9 QY |
855 | .. index:: show ip bgp ipv4 vpn |
856 | .. clicmd:: show ip bgp ipv4 vpn | |
42fc5d26 | 857 | |
d38549c9 QY |
858 | .. index:: show ipv6 bgp ipv6 vpn |
859 | .. clicmd:: show ipv6 bgp ipv6 vpn | |
42fc5d26 | 860 | |
c1a54c05 | 861 | Print active IPV4 or IPV6 routes advertised via the VPN SAFI. |
42fc5d26 | 862 | |
c1a54c05 | 863 | .. index:: show bgp ipv4 vpn summary |
29adcd50 | 864 | .. clicmd:: show bgp ipv4 vpn summary |
42fc5d26 | 865 | |
c1a54c05 | 866 | .. index:: show bgp ipv6 vpn summary |
29adcd50 | 867 | .. clicmd:: show bgp ipv6 vpn summary |
c1a54c05 QY |
868 | |
869 | Print a summary of neighbor connections for the specified AFI/SAFI combination. | |
42fc5d26 | 870 | |
0efdf0fe | 871 | .. _autonomous-system: |
42fc5d26 QY |
872 | |
873 | Autonomous System | |
874 | ================= | |
875 | ||
c1a54c05 QY |
876 | The :abbr:`AS (Autonomous System)` number is one of the essential element of |
877 | BGP. BGP is a distance vector routing protocol, and the AS-Path framework | |
878 | provides distance vector metric and loop detection to BGP. :rfc:`1930` provides | |
879 | some background on the concepts of an AS. | |
42fc5d26 | 880 | |
c1a54c05 QY |
881 | The AS number is a two octet value, ranging in value from 1 to 65535. The AS |
882 | numbers 64512 through 65535 are defined as private AS numbers. Private AS | |
883 | numbers must not to be advertised in the global Internet. | |
42fc5d26 | 884 | |
0efdf0fe | 885 | .. _display-bgp-routes-by-as-path: |
42fc5d26 QY |
886 | |
887 | Display BGP Routes by AS Path | |
888 | ----------------------------- | |
889 | ||
c1a54c05 QY |
890 | To show BGP routes which has specific AS path information `show ip bgp` command |
891 | can be used. | |
42fc5d26 | 892 | |
c3c5a71f | 893 | .. index:: show bgp ipv4|ipv6 regexp LINE |
29adcd50 | 894 | .. clicmd:: show bgp ipv4|ipv6 regexp LINE |
c1a54c05 QY |
895 | |
896 | This commands displays BGP routes that matches a regular | |
0efdf0fe | 897 | expression `line` (:ref:`bgp-regular-expressions`). |
42fc5d26 | 898 | |
0efdf0fe | 899 | .. _as-path-access-list: |
42fc5d26 QY |
900 | |
901 | AS Path Access List | |
902 | ------------------- | |
903 | ||
904 | AS path access list is user defined AS path. | |
905 | ||
c3c5a71f | 906 | .. index:: ip as-path access-list WORD permit|deny LINE |
29adcd50 | 907 | .. clicmd:: ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 908 | |
c1a54c05 | 909 | This command defines a new AS path access list. |
42fc5d26 | 910 | |
c1a54c05 | 911 | .. index:: no ip as-path access-list WORD |
29adcd50 | 912 | .. clicmd:: no ip as-path access-list WORD |
42fc5d26 | 913 | |
c1a54c05 | 914 | .. index:: no ip as-path access-list WORD permit|deny LINE |
29adcd50 | 915 | .. clicmd:: no ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 916 | |
0efdf0fe | 917 | .. _using-as-path-in-route-map: |
42fc5d26 QY |
918 | |
919 | Using AS Path in Route Map | |
920 | -------------------------- | |
921 | ||
c3c5a71f | 922 | .. index:: match as-path WORD |
29adcd50 | 923 | .. clicmd:: match as-path WORD |
42fc5d26 | 924 | |
42fc5d26 | 925 | |
c1a54c05 | 926 | .. index:: set as-path prepend AS-PATH |
29adcd50 | 927 | .. clicmd:: set as-path prepend AS-PATH |
42fc5d26 | 928 | |
c1a54c05 | 929 | Prepend the given string of AS numbers to the AS_PATH. |
42fc5d26 | 930 | |
c1a54c05 | 931 | .. index:: set as-path prepend last-as NUM |
29adcd50 | 932 | .. clicmd:: set as-path prepend last-as NUM |
c1a54c05 QY |
933 | |
934 | Prepend the existing last AS number (the leftmost ASN) to the AS_PATH. | |
42fc5d26 | 935 | |
0efdf0fe | 936 | .. _private-as-numbers: |
42fc5d26 QY |
937 | |
938 | Private AS Numbers | |
939 | ------------------ | |
940 | ||
0efdf0fe | 941 | .. _bgp-communities-attribute: |
42fc5d26 QY |
942 | |
943 | BGP Communities Attribute | |
944 | ========================= | |
945 | ||
c1a54c05 QY |
946 | BGP communities attribute is widely used for implementing policy routing. |
947 | Network operators can manipulate BGP communities attribute based on their | |
948 | network policy. BGP communities attribute is defined in :rfc:`1997` and | |
949 | :rfc:`1998`. It is an optional transitive attribute, therefore local policy can | |
950 | travel through different autonomous system. | |
951 | ||
952 | Communities attribute is a set of communities values. Each communities value is | |
953 | 4 octet long. The following format is used to define communities value. | |
954 | ||
955 | ||
956 | AS:VAL | |
957 | This format represents 4 octet communities value. ``AS`` is high order 2 | |
958 | octet in digit format. ``VAL`` is low order 2 octet in digit format. This | |
959 | format is useful to define AS oriented policy value. For example, | |
960 | ``7675:80`` can be used when AS 7675 wants to pass local policy value 80 to | |
961 | neighboring peer. | |
962 | ||
963 | internet | |
964 | `internet` represents well-known communities value 0. | |
965 | ||
966 | no-export | |
967 | ``no-export`` represents well-known communities value ``NO_EXPORT`` | |
968 | ``0xFFFFFF01``. All routes carry this value must not be advertised to | |
969 | outside a BGP confederation boundary. If neighboring BGP peer is part of BGP | |
970 | confederation, the peer is considered as inside a BGP confederation | |
971 | boundary, so the route will be announced to the peer. | |
972 | ||
973 | no-advertise | |
974 | ``no-advertise`` represents well-known communities value ``NO_ADVERTISE`` | |
975 | ``0xFFFFFF02``. All routes carry this value must not be advertise to other | |
976 | BGP peers. | |
977 | ||
978 | local-AS | |
979 | ``local-AS`` represents well-known communities value ``NO_EXPORT_SUBCONFED`` | |
980 | ``0xFFFFFF03``. All routes carry this value must not be advertised to | |
981 | external BGP peers. Even if the neighboring router is part of confederation, | |
982 | it is considered as external BGP peer, so the route will not be announced to | |
983 | the peer. | |
984 | ||
985 | When BGP communities attribute is received, duplicated communities value in the | |
986 | communities attribute is ignored and each communities values are sorted in | |
987 | numerical order. | |
42fc5d26 | 988 | |
0efdf0fe | 989 | .. _bgp-community-lists: |
42fc5d26 QY |
990 | |
991 | BGP Community Lists | |
992 | ------------------- | |
993 | ||
c1a54c05 QY |
994 | BGP community list is a user defined BGP communites attribute list. BGP |
995 | community list can be used for matching or manipulating BGP communities | |
996 | attribute in updates. | |
997 | ||
998 | There are two types of community list. One is standard community list and | |
999 | another is expanded community list. Standard community list defines communities | |
1000 | attribute. Expanded community list defines communities attribute string with | |
1001 | regular expression. Standard community list is compiled into binary format when | |
1002 | user define it. Standard community list will be directly compared to BGP | |
1003 | communities attribute in BGP updates. Therefore the comparison is faster than | |
42fc5d26 QY |
1004 | expanded community list. |
1005 | ||
c3c5a71f | 1006 | .. index:: ip community-list standard NAME permit|deny COMMUNITY |
29adcd50 | 1007 | .. clicmd:: ip community-list standard NAME permit|deny COMMUNITY |
42fc5d26 | 1008 | |
c1a54c05 QY |
1009 | This command defines a new standard community list. COMUNITY is |
1010 | communities value. The COMUNITY is compiled into community structure. We | |
1011 | can define multiple community list under same name. In that case match will | |
1012 | happen user defined order. Once the community list matches to communities | |
1013 | attribute in BGP updates it return permit or deny by the community list | |
1014 | definition. When there is no matched entry, deny will be returned. When | |
1015 | COMUNITY is empty it matches to any routes. | |
42fc5d26 | 1016 | |
c1a54c05 | 1017 | .. index:: ip community-list expanded NAME permit|deny LINE |
29adcd50 | 1018 | .. clicmd:: ip community-list expanded NAME permit|deny LINE |
42fc5d26 | 1019 | |
c1a54c05 QY |
1020 | This command defines a new expanded community list. COMUNITY is a |
1021 | string expression of communities attribute. COMUNITY can be a | |
0efdf0fe | 1022 | regular expression (:ref:`bgp-regular-expressions`) to match |
c1a54c05 | 1023 | the communities attribute in BGP updates. |
42fc5d26 | 1024 | |
c1a54c05 | 1025 | .. index:: no ip community-list NAME |
29adcd50 | 1026 | .. clicmd:: no ip community-list NAME |
42fc5d26 | 1027 | |
c1a54c05 | 1028 | .. index:: no ip community-list standard NAME |
29adcd50 | 1029 | .. clicmd:: no ip community-list standard NAME |
42fc5d26 | 1030 | |
c1a54c05 | 1031 | .. index:: no ip community-list expanded NAME |
29adcd50 | 1032 | .. clicmd:: no ip community-list expanded NAME |
42fc5d26 | 1033 | |
c1a54c05 QY |
1034 | These commands delete community lists specified by NAME. All of |
1035 | community lists shares a single name space. So community lists can be | |
1036 | removed simpley specifying community lists name. | |
42fc5d26 | 1037 | |
c1a54c05 | 1038 | .. index:: show ip community-list |
29adcd50 | 1039 | .. clicmd:: show ip community-list |
42fc5d26 | 1040 | |
c1a54c05 | 1041 | .. index:: show ip community-list NAME |
29adcd50 | 1042 | .. clicmd:: show ip community-list NAME |
42fc5d26 | 1043 | |
c1a54c05 QY |
1044 | This command displays current community list information. When NAME is |
1045 | specified the specified community list's information is shown. | |
c3c5a71f | 1046 | |
c1a54c05 | 1047 | :: |
76bd1499 | 1048 | |
c1a54c05 QY |
1049 | # show ip community-list |
1050 | Named Community standard list CLIST | |
1051 | permit 7675:80 7675:100 no-export | |
1052 | deny internet | |
1053 | Named Community expanded list EXPAND | |
1054 | permit : | |
76bd1499 | 1055 | |
c1a54c05 QY |
1056 | # show ip community-list CLIST |
1057 | Named Community standard list CLIST | |
1058 | permit 7675:80 7675:100 no-export | |
1059 | deny internet | |
42fc5d26 | 1060 | |
42fc5d26 | 1061 | |
0efdf0fe | 1062 | .. _numbered-bgp-community-lists: |
42fc5d26 QY |
1063 | |
1064 | Numbered BGP Community Lists | |
1065 | ---------------------------- | |
1066 | ||
1067 | When number is used for BGP community list name, the number has | |
c3c5a71f QY |
1068 | special meanings. Community list number in the range from 1 and 99 is |
1069 | standard community list. Community list number in the range from 100 | |
1070 | to 199 is expanded community list. These community lists are called | |
1071 | as numbered community lists. On the other hand normal community lists | |
42fc5d26 QY |
1072 | is called as named community lists. |
1073 | ||
29adcd50 | 1074 | .. index:: ip community-list (1-99) permit|deny COMMUNITY |
29adcd50 | 1075 | .. clicmd:: ip community-list (1-99) permit|deny COMMUNITY |
42fc5d26 | 1076 | |
c1a54c05 QY |
1077 | This command defines a new community list. (1-99) is standard |
1078 | community list number. Community list name within this range defines | |
1079 | standard community list. When `community` is empty it matches to | |
1080 | any routes. | |
42fc5d26 | 1081 | |
c1a54c05 | 1082 | .. index:: ip community-list (100-199) permit|deny COMMUNITY |
29adcd50 | 1083 | .. clicmd:: ip community-list (100-199) permit|deny COMMUNITY |
42fc5d26 | 1084 | |
c1a54c05 QY |
1085 | This command defines a new community list. (100-199) is expanded |
1086 | community list number. Community list name within this range defines | |
1087 | expanded community list. | |
42fc5d26 | 1088 | |
c1a54c05 | 1089 | .. index:: ip community-list NAME permit|deny COMMUNITY |
29adcd50 | 1090 | .. clicmd:: ip community-list NAME permit|deny COMMUNITY |
c1a54c05 QY |
1091 | |
1092 | When community list type is not specifed, the community list type is | |
1093 | automatically detected. If COMMUNITY can be compiled into communities | |
1094 | attribute, the community list is defined as a standard community list. | |
1095 | Otherwise it is defined as an expanded community list. This feature is left | |
1096 | for backward compability. Use of this feature is not recommended. | |
42fc5d26 | 1097 | |
0efdf0fe | 1098 | .. _bgp-community-in-route-map: |
42fc5d26 QY |
1099 | |
1100 | BGP Community in Route Map | |
1101 | -------------------------- | |
1102 | ||
0efdf0fe | 1103 | In Route Map (:ref:`route-map`), we can match or set BGP |
c3c5a71f | 1104 | communities attribute. Using this feature network operator can |
42fc5d26 QY |
1105 | implement their network policy based on BGP communities attribute. |
1106 | ||
1107 | Following commands can be used in Route Map. | |
1108 | ||
c3c5a71f | 1109 | .. index:: match community WORD |
29adcd50 | 1110 | .. clicmd:: match community WORD |
42fc5d26 | 1111 | |
c1a54c05 | 1112 | .. index:: match community WORD exact-match |
29adcd50 | 1113 | .. clicmd:: match community WORD exact-match |
42fc5d26 | 1114 | |
c1a54c05 QY |
1115 | This command perform match to BGP updates using community list WORD. When |
1116 | the one of BGP communities value match to the one of communities value in | |
1117 | community list, it is match. When `exact-match` keyword is spcified, match | |
1118 | happen only when BGP updates have completely same communities value | |
1119 | specified in the community list. | |
42fc5d26 | 1120 | |
c1a54c05 | 1121 | .. index:: set community none |
29adcd50 | 1122 | .. clicmd:: set community none |
42fc5d26 | 1123 | |
c1a54c05 | 1124 | .. index:: set community COMMUNITY |
29adcd50 | 1125 | .. clicmd:: set community COMMUNITY |
42fc5d26 | 1126 | |
c1a54c05 | 1127 | .. index:: set community COMMUNITY additive |
29adcd50 | 1128 | .. clicmd:: set community COMMUNITY additive |
42fc5d26 | 1129 | |
c1a54c05 QY |
1130 | This command manipulate communities value in BGP updates. When |
1131 | `none` is specified as communities value, it removes entire | |
1132 | communities attribute from BGP updates. When `community` is not | |
1133 | `none`, specified communities value is set to BGP updates. If | |
1134 | BGP updates already has BGP communities value, the existing BGP | |
1135 | communities value is replaced with specified `community` value. | |
1136 | When `additive` keyword is specified, `community` is appended | |
1137 | to the existing communities value. | |
42fc5d26 | 1138 | |
c1a54c05 | 1139 | .. index:: set comm-list WORD delete |
29adcd50 | 1140 | .. clicmd:: set comm-list WORD delete |
c1a54c05 QY |
1141 | |
1142 | This command remove communities value from BGP communities attribute. | |
1143 | The `word` is community list name. When BGP route's communities | |
1144 | value matches to the community list `word`, the communities value | |
1145 | is removed. When all of communities value is removed eventually, the | |
1146 | BGP update's communities attribute is completely removed. | |
42fc5d26 | 1147 | |
0efdf0fe | 1148 | .. _display-bgp-routes-by-community: |
42fc5d26 QY |
1149 | |
1150 | Display BGP Routes by Community | |
1151 | ------------------------------- | |
1152 | ||
1153 | To show BGP routes which has specific BGP communities attribute, | |
1154 | `show bgp {ipv4|ipv6}` command can be used. The | |
1155 | `community` and `community-list` subcommand can be used. | |
1156 | ||
c3c5a71f | 1157 | .. index:: show bgp ipv4|ipv6 community |
29adcd50 | 1158 | .. clicmd:: show bgp ipv4|ipv6 community |
42fc5d26 | 1159 | |
c1a54c05 | 1160 | .. index:: show bgp ipv4|ipv6 community COMMUNITY |
29adcd50 | 1161 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY |
42fc5d26 | 1162 | |
c1a54c05 | 1163 | .. index:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
29adcd50 | 1164 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
42fc5d26 | 1165 | |
c1a54c05 QY |
1166 | `show bgp {ipv4|ipv6} community` displays BGP routes which has communities |
1167 | attribute. Where the address family can be IPv4 or IPv6 among others. When | |
1168 | `community` is specified, BGP routes that matches `community` value is | |
1169 | displayed. For this command, `internet` keyword can't be used for | |
1170 | `community` value. When `exact-match` is specified, it display only | |
1171 | routes that have an exact match. | |
42fc5d26 | 1172 | |
c1a54c05 | 1173 | .. index:: show bgp ipv4|ipv6 community-list WORD |
29adcd50 | 1174 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD |
42fc5d26 | 1175 | |
c1a54c05 | 1176 | .. index:: show bgp ipv4|ipv6 community-list WORD exact-match |
29adcd50 | 1177 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD exact-match |
c1a54c05 QY |
1178 | |
1179 | This commands display BGP routes for the address family specified that matches | |
1180 | community list `word`. When `exact-match` is specified, display only | |
1181 | routes that have an exact match. | |
42fc5d26 | 1182 | |
0efdf0fe | 1183 | .. _using-bgp-communities-attribute: |
42fc5d26 QY |
1184 | |
1185 | Using BGP Communities Attribute | |
1186 | ------------------------------- | |
1187 | ||
1188 | Following configuration is the most typical usage of BGP communities | |
c3c5a71f | 1189 | attribute. AS 7675 provides upstream Internet connection to AS 100. |
42fc5d26 QY |
1190 | When following configuration exists in AS 7675, AS 100 networks |
1191 | operator can set local preference in AS 7675 network by setting BGP | |
c1a54c05 QY |
1192 | communities attribute to the updates.:: |
1193 | ||
1194 | router bgp 7675 | |
1195 | neighbor 192.168.0.1 remote-as 100 | |
1196 | address-family ipv4 unicast | |
1197 | neighbor 192.168.0.1 route-map RMAP in | |
1198 | exit-address-family | |
1199 | ! | |
1200 | ip community-list 70 permit 7675:70 | |
1201 | ip community-list 70 deny | |
1202 | ip community-list 80 permit 7675:80 | |
1203 | ip community-list 80 deny | |
1204 | ip community-list 90 permit 7675:90 | |
1205 | ip community-list 90 deny | |
1206 | ! | |
1207 | route-map RMAP permit 10 | |
1208 | match community 70 | |
1209 | set local-preference 70 | |
1210 | ! | |
1211 | route-map RMAP permit 20 | |
1212 | match community 80 | |
1213 | set local-preference 80 | |
1214 | ! | |
1215 | route-map RMAP permit 30 | |
1216 | match community 90 | |
1217 | set local-preference 90 | |
c3c5a71f | 1218 | |
42fc5d26 QY |
1219 | |
1220 | Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. | |
1221 | The route has communities value 7675:80 so when above configuration | |
1222 | exists in AS 7675, announced route's local preference will be set to | |
c1a54c05 QY |
1223 | value 80.:: |
1224 | ||
1225 | router bgp 100 | |
1226 | network 10.0.0.0/8 | |
1227 | neighbor 192.168.0.2 remote-as 7675 | |
1228 | address-family ipv4 unicast | |
1229 | neighbor 192.168.0.2 route-map RMAP out | |
1230 | exit-address-family | |
1231 | ! | |
1232 | ip prefix-list PLIST permit 10.0.0.0/8 | |
1233 | ! | |
1234 | route-map RMAP permit 10 | |
1235 | match ip address prefix-list PLIST | |
1236 | set community 7675:80 | |
c3c5a71f | 1237 | |
42fc5d26 QY |
1238 | |
1239 | Following configuration is an example of BGP route filtering using | |
c3c5a71f QY |
1240 | communities attribute. This configuration only permit BGP routes |
1241 | which has BGP communities value 0:80 or 0:90. Network operator can | |
42fc5d26 | 1242 | put special internal communities value at BGP border router, then |
c1a54c05 | 1243 | limit the BGP routes announcement into the internal network.:: |
42fc5d26 | 1244 | |
c1a54c05 QY |
1245 | router bgp 7675 |
1246 | neighbor 192.168.0.1 remote-as 100 | |
1247 | address-family ipv4 unicast | |
1248 | neighbor 192.168.0.1 route-map RMAP in | |
1249 | exit-address-family | |
1250 | ! | |
1251 | ip community-list 1 permit 0:80 0:90 | |
1252 | ! | |
1253 | route-map RMAP permit in | |
1254 | match community 1 | |
c3c5a71f | 1255 | |
42fc5d26 QY |
1256 | |
1257 | Following exmaple filter BGP routes which has communities value 1:1. | |
c3c5a71f | 1258 | When there is no match community-list returns deny. To avoid |
c1a54c05 | 1259 | filtering all of routes, we need to define permit any at last.:: |
42fc5d26 | 1260 | |
c1a54c05 QY |
1261 | router bgp 7675 |
1262 | neighbor 192.168.0.1 remote-as 100 | |
1263 | address-family ipv4 unicast | |
1264 | neighbor 192.168.0.1 route-map RMAP in | |
1265 | exit-address-family | |
1266 | ! | |
1267 | ip community-list standard FILTER deny 1:1 | |
1268 | ip community-list standard FILTER permit | |
1269 | ! | |
1270 | route-map RMAP permit 10 | |
1271 | match community FILTER | |
c3c5a71f | 1272 | |
42fc5d26 QY |
1273 | |
1274 | Communities value keyword `internet` has special meanings in | |
c3c5a71f QY |
1275 | standard community lists. In below example `internet` act as |
1276 | match any. It matches all of BGP routes even if the route does not | |
c1a54c05 QY |
1277 | have communities attribute at all. So community list ``INTERNET`` |
1278 | is same as above example's ``FILTER``.:: | |
42fc5d26 | 1279 | |
c1a54c05 QY |
1280 | ip community-list standard INTERNET deny 1:1 |
1281 | ip community-list standard INTERNET permit internet | |
c3c5a71f | 1282 | |
42fc5d26 QY |
1283 | |
1284 | Following configuration is an example of communities value deletion. | |
1285 | With this configuration communities value 100:1 and 100:2 is removed | |
c3c5a71f | 1286 | from BGP updates. For communities value deletion, only `permit` |
c1a54c05 | 1287 | community-list is used. `deny` community-list is ignored.:: |
42fc5d26 | 1288 | |
c1a54c05 QY |
1289 | router bgp 7675 |
1290 | neighbor 192.168.0.1 remote-as 100 | |
1291 | address-family ipv4 unicast | |
1292 | neighbor 192.168.0.1 route-map RMAP in | |
1293 | exit-address-family | |
1294 | ! | |
1295 | ip community-list standard DEL permit 100:1 100:2 | |
1296 | ! | |
1297 | route-map RMAP permit 10 | |
1298 | set comm-list DEL delete | |
c3c5a71f | 1299 | |
42fc5d26 | 1300 | |
0efdf0fe | 1301 | .. _bgp-extended-communities-attribute: |
42fc5d26 QY |
1302 | |
1303 | BGP Extended Communities Attribute | |
1304 | ================================== | |
1305 | ||
c1a54c05 QY |
1306 | BGP extended communities attribute is introduced with MPLS VPN/BGP technology. |
1307 | MPLS VPN/BGP expands capability of network infrastructure to provide VPN | |
1308 | functionality. At the same time it requires a new framework for policy routing. | |
1309 | With BGP Extended Communities Attribute we can use Route Target or Site of | |
1310 | Origin for implementing network policy for MPLS VPN/BGP. | |
42fc5d26 | 1311 | |
c1a54c05 QY |
1312 | BGP Extended Communities Attribute is similar to BGP Communities Attribute. It |
1313 | is an optional transitive attribute. BGP Extended Communities Attribute can | |
1314 | carry multiple Extended Community value. Each Extended Community value is | |
1315 | eight octet length. | |
42fc5d26 | 1316 | |
c1a54c05 QY |
1317 | BGP Extended Communities Attribute provides an extended range compared with BGP |
1318 | Communities Attribute. Adding to that there is a type field in each value to | |
1319 | provides community space structure. | |
42fc5d26 | 1320 | |
c1a54c05 QY |
1321 | There are two format to define Extended Community value. One is AS based format |
1322 | the other is IP address based format. | |
42fc5d26 QY |
1323 | |
1324 | *AS:VAL* | |
c1a54c05 QY |
1325 | This is a format to define AS based Extended Community value. |
1326 | `AS` part is 2 octets Global Administrator subfield in Extended | |
1327 | Community value. `VAL` part is 4 octets Local Administrator | |
1328 | subfield. `7675:100` represents AS 7675 policy value 100. | |
42fc5d26 QY |
1329 | |
1330 | *IP-Address:VAL* | |
c1a54c05 QY |
1331 | This is a format to define IP address based Extended Community value. |
1332 | `IP-Address` part is 4 octets Global Administrator subfield. | |
1333 | `VAL` part is 2 octets Local Administrator subfield. | |
1334 | `10.0.0.1:100` represents | |
42fc5d26 | 1335 | |
0efdf0fe | 1336 | .. _bgp-extended-community-lists: |
42fc5d26 QY |
1337 | |
1338 | BGP Extended Community Lists | |
1339 | ---------------------------- | |
1340 | ||
1341 | Expanded Community Lists is a user defined BGP Expanded Community | |
1342 | Lists. | |
1343 | ||
c3c5a71f | 1344 | .. index:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
29adcd50 | 1345 | .. clicmd:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
42fc5d26 | 1346 | |
4da7fda3 QY |
1347 | This command defines a new standard extcommunity-list. `extcommunity` is |
1348 | extended communities value. The `extcommunity` is compiled into extended | |
1349 | community structure. We can define multiple extcommunity-list under same | |
1350 | name. In that case match will happen user defined order. Once the | |
1351 | extcommunity-list matches to extended communities attribute in BGP updates | |
1352 | it return permit or deny based upon the extcommunity-list definition. When | |
1353 | there is no matched entry, deny will be returned. When `extcommunity` is | |
1354 | empty it matches to any routes. | |
42fc5d26 | 1355 | |
c1a54c05 | 1356 | .. index:: ip extcommunity-list expanded NAME permit|deny LINE |
29adcd50 | 1357 | .. clicmd:: ip extcommunity-list expanded NAME permit|deny LINE |
42fc5d26 | 1358 | |
4da7fda3 QY |
1359 | This command defines a new expanded extcommunity-list. `line` is a string |
1360 | expression of extended communities attribute. `line` can be a regular | |
1361 | expression (:ref:`bgp-regular-expressions`) to match an extended communities | |
1362 | attribute in BGP updates. | |
42fc5d26 | 1363 | |
c1a54c05 | 1364 | .. index:: no ip extcommunity-list NAME |
29adcd50 | 1365 | .. clicmd:: no ip extcommunity-list NAME |
42fc5d26 | 1366 | |
c1a54c05 | 1367 | .. index:: no ip extcommunity-list standard NAME |
29adcd50 | 1368 | .. clicmd:: no ip extcommunity-list standard NAME |
42fc5d26 | 1369 | |
c1a54c05 | 1370 | .. index:: no ip extcommunity-list expanded NAME |
29adcd50 | 1371 | .. clicmd:: no ip extcommunity-list expanded NAME |
42fc5d26 | 1372 | |
4da7fda3 QY |
1373 | These commands delete extended community lists specified by `name`. All of |
1374 | extended community lists shares a single name space. So extended community | |
1375 | lists can be removed simpley specifying the name. | |
42fc5d26 | 1376 | |
c1a54c05 | 1377 | .. index:: show ip extcommunity-list |
29adcd50 | 1378 | .. clicmd:: show ip extcommunity-list |
42fc5d26 | 1379 | |
c1a54c05 | 1380 | .. index:: show ip extcommunity-list NAME |
29adcd50 | 1381 | .. clicmd:: show ip extcommunity-list NAME |
c1a54c05 | 1382 | |
4da7fda3 QY |
1383 | This command displays current extcommunity-list information. When `name` is |
1384 | specified the community list's information is shown. | |
42fc5d26 QY |
1385 | |
1386 | :: | |
1387 | ||
c3c5a71f QY |
1388 | # show ip extcommunity-list |
1389 | ||
42fc5d26 | 1390 | |
0efdf0fe | 1391 | .. _bgp-extended-communities-in-route-map: |
42fc5d26 QY |
1392 | |
1393 | BGP Extended Communities in Route Map | |
1394 | ------------------------------------- | |
1395 | ||
c3c5a71f | 1396 | .. index:: match extcommunity WORD |
29adcd50 | 1397 | .. clicmd:: match extcommunity WORD |
42fc5d26 | 1398 | |
42fc5d26 | 1399 | |
c1a54c05 | 1400 | .. index:: set extcommunity rt EXTCOMMUNITY |
29adcd50 | 1401 | .. clicmd:: set extcommunity rt EXTCOMMUNITY |
42fc5d26 | 1402 | |
c1a54c05 | 1403 | This command set Route Target value. |
42fc5d26 | 1404 | |
c1a54c05 | 1405 | .. index:: set extcommunity soo EXTCOMMUNITY |
29adcd50 | 1406 | .. clicmd:: set extcommunity soo EXTCOMMUNITY |
c1a54c05 QY |
1407 | |
1408 | This command set Site of Origin value. | |
42fc5d26 | 1409 | |
0efdf0fe | 1410 | .. _bgp-large-communities-attribute: |
42fc5d26 QY |
1411 | |
1412 | BGP Large Communities Attribute | |
1413 | =============================== | |
1414 | ||
1415 | The BGP Large Communities attribute was introduced in Feb 2017 with | |
c1a54c05 | 1416 | :rfc:`8092`. |
42fc5d26 QY |
1417 | |
1418 | The BGP Large Communities Attribute is similar to the BGP Communities | |
1419 | Attribute except that it has 3 components instead of two and each of | |
1420 | which are 4 octets in length. Large Communities bring additional | |
1421 | functionality and convenience over traditional communities, specifically | |
1422 | the fact that the `GLOBAL` part below is now 4 octets wide allowing | |
1423 | AS4 operators seamless use. | |
1424 | ||
1425 | ||
42fc5d26 | 1426 | *GLOBAL:LOCAL1:LOCAL2* |
c1a54c05 QY |
1427 | This is the format to define Large Community values. Referencing |
1428 | :t:`RFC8195, Use of BGP Large Communities` the values are commonly | |
1429 | referred to as follows. | |
1430 | The `GLOBAL` part is a 4 octet Global Administrator field, common | |
1431 | use of this field is the operators AS number. | |
1432 | The `LOCAL1` part is a 4 octet Local Data Part 1 subfield referred | |
1433 | to as a function. | |
1434 | The `LOCAL2` part is a 4 octet Local Data Part 2 field and referred | |
1435 | to as the parameter subfield. `65551:1:10` represents AS 65551 | |
1436 | function 1 and parameter 10. | |
1437 | The referenced RFC above gives some guidelines on recommended usage. | |
42fc5d26 | 1438 | |
0efdf0fe | 1439 | .. _bgp-large-community-lists: |
42fc5d26 QY |
1440 | |
1441 | BGP Large Community Lists | |
1442 | ------------------------- | |
1443 | ||
1444 | Two types of large community lists are supported, namely `standard` and | |
1445 | `expanded`. | |
1446 | ||
c3c5a71f | 1447 | .. index:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
29adcd50 | 1448 | .. clicmd:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
42fc5d26 | 1449 | |
4da7fda3 QY |
1450 | This command defines a new standard large-community-list. `large-community` |
1451 | is the Large Community value. We can add multiple large communities under | |
1452 | same name. In that case the match will happen in the user defined order. | |
1453 | Once the large-community-list matches the Large Communities attribute in BGP | |
1454 | updates it will return permit or deny based upon the large-community-list | |
1455 | definition. When there is no matched entry, a deny will be returned. When | |
1456 | `large-community` is empty it matches any routes. | |
42fc5d26 | 1457 | |
c1a54c05 | 1458 | .. index:: ip large-community-list expanded NAME permit|deny LINE |
29adcd50 | 1459 | .. clicmd:: ip large-community-list expanded NAME permit|deny LINE |
42fc5d26 | 1460 | |
4da7fda3 QY |
1461 | This command defines a new expanded large-community-list. Where `line` is a |
1462 | string matching expression, it will be compared to the entire Large | |
1463 | Communities attribute as a string, with each large-community in order from | |
1464 | lowest to highest. `line` can also be a regular expression which matches | |
1465 | this Large Community attribute. | |
42fc5d26 | 1466 | |
c1a54c05 | 1467 | .. index:: no ip large-community-list NAME |
29adcd50 | 1468 | .. clicmd:: no ip large-community-list NAME |
42fc5d26 | 1469 | |
c1a54c05 | 1470 | .. index:: no ip large-community-list standard NAME |
29adcd50 | 1471 | .. clicmd:: no ip large-community-list standard NAME |
42fc5d26 | 1472 | |
c1a54c05 | 1473 | .. index:: no ip large-community-list expanded NAME |
29adcd50 | 1474 | .. clicmd:: no ip large-community-list expanded NAME |
42fc5d26 | 1475 | |
4da7fda3 QY |
1476 | These commands delete Large Community lists specified by `name`. All Large |
1477 | Community lists share a single namespace. This means Large Community lists | |
1478 | can be removed by simply specifying the name. | |
42fc5d26 | 1479 | |
c1a54c05 | 1480 | .. index:: show ip large-community-list |
29adcd50 | 1481 | .. clicmd:: show ip large-community-list |
42fc5d26 | 1482 | |
c1a54c05 | 1483 | .. index:: show ip large-community-list NAME |
29adcd50 | 1484 | .. clicmd:: show ip large-community-list NAME |
42fc5d26 | 1485 | |
c1a54c05 QY |
1486 | This command display current large-community-list information. When |
1487 | `name` is specified the community list information is shown. | |
42fc5d26 | 1488 | |
c1a54c05 | 1489 | .. index:: show ip bgp large-community-info |
29adcd50 | 1490 | .. clicmd:: show ip bgp large-community-info |
c1a54c05 QY |
1491 | |
1492 | This command displays the current large communities in use. | |
42fc5d26 | 1493 | |
0efdf0fe | 1494 | .. _bgp-large-communities-in-route-map: |
42fc5d26 QY |
1495 | |
1496 | BGP Large Communities in Route Map | |
1497 | ---------------------------------- | |
1498 | ||
c3c5a71f | 1499 | .. index:: match large-community LINE |
29adcd50 | 1500 | .. clicmd:: match large-community LINE |
42fc5d26 | 1501 | |
4da7fda3 QY |
1502 | Where `line` can be a simple string to match, or a regular expression. It |
1503 | is very important to note that this match occurs on the entire | |
c1a54c05 QY |
1504 | large-community string as a whole, where each large-community is ordered |
1505 | from lowest to highest. | |
42fc5d26 | 1506 | |
c1a54c05 | 1507 | .. index:: set large-community LARGE-COMMUNITY |
29adcd50 | 1508 | .. clicmd:: set large-community LARGE-COMMUNITY |
42fc5d26 | 1509 | |
c1a54c05 | 1510 | .. index:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
29adcd50 | 1511 | .. clicmd:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
42fc5d26 | 1512 | |
c1a54c05 | 1513 | .. index:: set large-community LARGE-COMMUNITY additive |
29adcd50 | 1514 | .. clicmd:: set large-community LARGE-COMMUNITY additive |
c1a54c05 QY |
1515 | |
1516 | These commands are used for setting large-community values. The first | |
1517 | command will overwrite any large-communities currently present. | |
1518 | The second specifies two large-communities, which overwrites the current | |
1519 | large-community list. The third will add a large-community value without | |
1520 | overwriting other values. Multiple large-community values can be specified. | |
42fc5d26 | 1521 | |
b572f826 PZ |
1522 | |
1523 | .. _bgp-vrfs: | |
1524 | ||
1525 | BGP VRFs | |
1526 | ======== | |
1527 | ||
4da7fda3 | 1528 | Bgpd supports multiple VRF instances via the *router bgp* command: |
b572f826 PZ |
1529 | |
1530 | .. index:: router bgp ASN vrf VRFNAME | |
1531 | .. clicmd:: router bgp ASN vrf VRFNAME | |
1532 | ||
4da7fda3 QY |
1533 | VRFNAME is matched against VRFs configured in the kernel. When no *vrf VRFNAME* |
1534 | is specified, the BGP protocol process belongs to the default VRF. | |
b572f826 | 1535 | |
4da7fda3 QY |
1536 | BGP routes may be leaked (i.e., copied) between a unicast VRF RIB and the VPN |
1537 | safi RIB of the default VRF (leaking is also permitted between the unicast RIB | |
1538 | of the default VRF and VPN). A common application of this feature is to | |
1539 | connect a customer's private routing domain to a provider's VPN service. | |
1540 | Leaking is configured from the point of view of an individual VRF: ``import`` | |
1541 | refers to routes leaked from VPN to a unicast VRF, whereas ``export`` refers to | |
1542 | routes leaked from a unicast VRF to VPN. | |
b572f826 PZ |
1543 | |
1544 | Required Parameters | |
1545 | ------------------- | |
1546 | ||
4da7fda3 QY |
1547 | Routes exported from a unicast VRF to the VPN RIB must be augmented by two |
1548 | parameters: | |
1549 | ||
1550 | - an :abbr:`RD (Route Distinguisher)` | |
1551 | - an :abbr:`RTLIST (Route-target List)` | |
1552 | ||
1553 | Configuration for these exported routes must, at a minimum, specify these two | |
1554 | parameters. | |
1555 | ||
1556 | Routes imported from the VPN RIB to a unicast VRF are selected according to | |
1557 | their RTLISTs. Routes whose RTLIST contains at least one route-target in | |
1558 | common with the configured import RTLIST are leaked. Configuration for these | |
1559 | imported routes must specify an RTLIST to be matched. | |
1560 | ||
1561 | The RD, which carries no semantic value, is intended to make the route unique | |
1562 | in the VPN RIB among all routes of its prefix that originate from all the | |
1563 | customers and sites that are attached to the provider's VPN service. | |
1564 | Accordingly, each site of each customer is typically assigned an RD that is | |
1565 | unique across the entire provider network. | |
1566 | ||
1567 | The RTLIST is a set of route-target extended community values whose purpose is | |
1568 | to specify route-leaking policy. Typically, a customer is assigned a single | |
1569 | route-target value for import and export to be used at all customer sites. This | |
1570 | configuration specifies a simple topology wherein a customer has a single | |
1571 | routing domain which is shared across all its sites. More complex routing | |
1572 | topologies are possible through use of additional route-targets to augment the | |
1573 | leaking of sets of routes in various ways. | |
b572f826 PZ |
1574 | |
1575 | Configuration | |
1576 | ------------- | |
1577 | ||
4da7fda3 QY |
1578 | Configuration of route leaking between a unicast VRF RIB and the VPN safi RIB |
1579 | of the default VRF is accomplished via commands in the context of a VRF | |
1580 | address-family: | |
b572f826 PZ |
1581 | |
1582 | .. index:: rd vpn export AS:NN|IP:nn | |
1583 | .. clicmd:: rd vpn export AS:NN|IP:nn | |
1584 | ||
4da7fda3 QY |
1585 | Specifies the route distinguisher to be added to a route exported from the |
1586 | current unicast VRF to VPN. | |
b572f826 PZ |
1587 | |
1588 | .. index:: no rd vpn export [AS:NN|IP:nn] | |
1589 | .. clicmd:: no rd vpn export [AS:NN|IP:nn] | |
1590 | ||
1591 | Deletes any previously-configured export route distinguisher. | |
1592 | ||
1593 | .. index:: rt vpn import|export|both RTLIST... | |
1594 | .. clicmd:: rt vpn import|export|both RTLIST... | |
1595 | ||
4da7fda3 QY |
1596 | Specifies the route-target list to be attached to a route (export) or the |
1597 | route-target list to match against (import) when exporting/importing between | |
1598 | the current unicast VRF and VPN. | |
b572f826 | 1599 | |
4da7fda3 QY |
1600 | The RTLIST is a space-separated list of route-targets, which are BGP |
1601 | extended community values as described in | |
b572f826 PZ |
1602 | :ref:`bgp-extended-communities-attribute`. |
1603 | ||
1604 | .. index:: no rt vpn import|export|both [RTLIST...] | |
1605 | .. clicmd:: no rt vpn import|export|both [RTLIST...] | |
1606 | ||
1607 | Deletes any previously-configured import or export route-target list. | |
1608 | ||
1609 | .. index:: label vpn export (0..1048575) | |
1610 | .. clicmd:: label vpn export (0..1048575) | |
1611 | ||
4da7fda3 QY |
1612 | Specifies an optional MPLS label to be attached to a route exported from the |
1613 | current unicast VRF to VPN. | |
b572f826 PZ |
1614 | |
1615 | .. index:: no label vpn export [(0..1048575)] | |
1616 | .. clicmd:: no label vpn export [(0..1048575)] | |
1617 | ||
1618 | Deletes any previously-configured export label. | |
1619 | ||
1620 | .. index:: nexthop vpn export A.B.C.D|X:X::X:X | |
1621 | .. clicmd:: nexthop vpn export A.B.C.D|X:X::X:X | |
1622 | ||
4da7fda3 QY |
1623 | Specifies an optional nexthop value to be assigned to a route exported from |
1624 | the current unicast VRF to VPN. If left unspecified, the nexthop will be set | |
1625 | to 0.0.0.0 or 0:0::0:0 (self). | |
b572f826 PZ |
1626 | |
1627 | .. index:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1628 | .. clicmd:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1629 | ||
1630 | Deletes any previously-configured export nexthop. | |
1631 | ||
1632 | .. index:: route-map vpn import|export MAP | |
1633 | .. clicmd:: route-map vpn import|export MAP | |
1634 | ||
4da7fda3 QY |
1635 | Specifies an optional route-map to be applied to routes imported or exported |
1636 | betwen the current unicast VRF and VPN. | |
b572f826 PZ |
1637 | |
1638 | .. index:: no route-map vpn import|export [MAP] | |
1639 | .. clicmd:: no route-map vpn import|export [MAP] | |
1640 | ||
1641 | Deletes any previously-configured import or export route-map. | |
1642 | ||
1643 | .. index:: import|export vpn | |
1644 | .. clicmd:: import|export vpn | |
1645 | ||
1646 | Enables import or export of routes betwen the current unicast VRF and VPN. | |
1647 | ||
1648 | .. index:: no import|export vpn | |
1649 | .. clicmd:: no import|export vpn | |
1650 | ||
1651 | Disables import or export of routes betwen the current unicast VRF and VPN. | |
1652 | ||
1653 | ||
0efdf0fe | 1654 | .. _displaying-bgp-information: |
42fc5d26 QY |
1655 | |
1656 | Displaying BGP information | |
1657 | ========================== | |
1658 | ||
1659 | ||
0efdf0fe | 1660 | .. _showing-bgp-information: |
42fc5d26 QY |
1661 | |
1662 | Showing BGP information | |
1663 | ----------------------- | |
1664 | ||
c3c5a71f | 1665 | .. index:: show ip bgp |
29adcd50 | 1666 | .. clicmd:: show ip bgp |
42fc5d26 | 1667 | |
c1a54c05 | 1668 | .. index:: show ip bgp A.B.C.D |
29adcd50 | 1669 | .. clicmd:: show ip bgp A.B.C.D |
42fc5d26 | 1670 | |
c1a54c05 | 1671 | .. index:: show ip bgp X:X::X:X |
29adcd50 | 1672 | .. clicmd:: show ip bgp X:X::X:X |
42fc5d26 | 1673 | |
c1a54c05 QY |
1674 | This command displays BGP routes. When no route is specified it |
1675 | display all of IPv4 BGP routes. | |
42fc5d26 | 1676 | |
c1a54c05 | 1677 | :: |
76bd1499 | 1678 | |
42fc5d26 | 1679 | BGP table version is 0, local router ID is 10.1.1.1 |
c1a54c05 QY |
1680 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal |
1681 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
76bd1499 | 1682 | |
c1a54c05 QY |
1683 | Network Next Hop Metric LocPrf Weight Path |
1684 | \*> 1.1.1.1/32 0.0.0.0 0 32768 i | |
76bd1499 | 1685 | |
c1a54c05 | 1686 | Total number of prefixes 1 |
42fc5d26 | 1687 | |
42fc5d26 | 1688 | |
c3c5a71f | 1689 | .. index:: show ip bgp regexp LINE |
29adcd50 | 1690 | .. clicmd:: show ip bgp regexp LINE |
42fc5d26 | 1691 | |
c1a54c05 | 1692 | This command displays BGP routes using AS path regular expression |
0efdf0fe | 1693 | (:ref:`bgp-regular-expressions`). |
42fc5d26 | 1694 | |
c1a54c05 | 1695 | .. index:: show ip bgp community COMMUNITY |
29adcd50 | 1696 | .. clicmd:: show ip bgp community COMMUNITY |
42fc5d26 | 1697 | |
c1a54c05 | 1698 | .. index:: show ip bgp community COMMUNITY exact-match |
29adcd50 | 1699 | .. clicmd:: show ip bgp community COMMUNITY exact-match |
42fc5d26 | 1700 | |
4da7fda3 QY |
1701 | This command displays BGP routes using `community` |
1702 | (:ref:`display-bgp-routes-by-community`). | |
42fc5d26 | 1703 | |
c1a54c05 | 1704 | .. index:: show ip bgp community-list WORD |
29adcd50 | 1705 | .. clicmd:: show ip bgp community-list WORD |
42fc5d26 | 1706 | |
c1a54c05 | 1707 | .. index:: show ip bgp community-list WORD exact-match |
29adcd50 | 1708 | .. clicmd:: show ip bgp community-list WORD exact-match |
42fc5d26 | 1709 | |
4da7fda3 QY |
1710 | This command displays BGP routes using community list |
1711 | (:ref:`display-bgp-routes-by-community`). | |
42fc5d26 | 1712 | |
c1a54c05 | 1713 | .. index:: show bgp ipv4|ipv6 summary |
29adcd50 | 1714 | .. clicmd:: show bgp ipv4|ipv6 summary |
42fc5d26 | 1715 | |
c1a54c05 | 1716 | Show a bgp peer summary for the specified address family. |
42fc5d26 | 1717 | |
c1a54c05 | 1718 | .. index:: show bgp ipv4|ipv6 neighbor [PEER] |
29adcd50 | 1719 | .. clicmd:: show bgp ipv4|ipv6 neighbor [PEER] |
42fc5d26 | 1720 | |
c1a54c05 | 1721 | This command shows information on a specific BGP `peer`. |
42fc5d26 | 1722 | |
c1a54c05 | 1723 | .. index:: show bgp ipv4|ipv6 dampening dampened-paths |
29adcd50 | 1724 | .. clicmd:: show bgp ipv4|ipv6 dampening dampened-paths |
42fc5d26 | 1725 | |
c1a54c05 | 1726 | Display paths suppressed due to dampening. |
42fc5d26 | 1727 | |
c1a54c05 | 1728 | .. index:: show bgp ipv4|ipv6 dampening flap-statistics |
29adcd50 | 1729 | .. clicmd:: show bgp ipv4|ipv6 dampening flap-statistics |
c1a54c05 QY |
1730 | |
1731 | Display flap statistics of routes. | |
42fc5d26 | 1732 | |
0efdf0fe | 1733 | .. _other-bgp-commands: |
42fc5d26 QY |
1734 | |
1735 | Other BGP commands | |
1736 | ------------------ | |
1737 | ||
c3c5a71f | 1738 | .. index:: clear bgp ipv4|ipv6 \* |
29adcd50 | 1739 | .. clicmd:: clear bgp ipv4|ipv6 \* |
42fc5d26 | 1740 | |
c1a54c05 | 1741 | Clear all address family peers. |
42fc5d26 | 1742 | |
c1a54c05 | 1743 | .. index:: clear bgp ipv4|ipv6 PEER |
29adcd50 | 1744 | .. clicmd:: clear bgp ipv4|ipv6 PEER |
42fc5d26 | 1745 | |
c1a54c05 | 1746 | Clear peers which have addresses of X.X.X.X |
42fc5d26 | 1747 | |
c1a54c05 | 1748 | .. index:: clear bgp ipv4|ipv6 PEER soft in |
29adcd50 | 1749 | .. clicmd:: clear bgp ipv4|ipv6 PEER soft in |
42fc5d26 | 1750 | |
c1a54c05 | 1751 | Clear peer using soft reconfiguration. |
42fc5d26 | 1752 | |
c1a54c05 | 1753 | .. index:: show debug |
29adcd50 | 1754 | .. clicmd:: show debug |
42fc5d26 | 1755 | |
c1a54c05 | 1756 | .. index:: debug event |
29adcd50 | 1757 | .. clicmd:: debug event |
42fc5d26 | 1758 | |
c1a54c05 | 1759 | .. index:: debug update |
29adcd50 | 1760 | .. clicmd:: debug update |
42fc5d26 | 1761 | |
c1a54c05 | 1762 | .. index:: debug keepalive |
29adcd50 | 1763 | .. clicmd:: debug keepalive |
42fc5d26 | 1764 | |
c1a54c05 | 1765 | .. index:: no debug event |
29adcd50 | 1766 | .. clicmd:: no debug event |
42fc5d26 | 1767 | |
c1a54c05 | 1768 | .. index:: no debug update |
29adcd50 | 1769 | .. clicmd:: no debug update |
42fc5d26 | 1770 | |
c1a54c05 | 1771 | .. index:: no debug keepalive |
29adcd50 | 1772 | .. clicmd:: no debug keepalive |
42fc5d26 | 1773 | |
c1a54c05 | 1774 | |
0efdf0fe | 1775 | .. _capability-negotiation: |
42fc5d26 QY |
1776 | |
1777 | Capability Negotiation | |
1778 | ====================== | |
1779 | ||
4b44467c | 1780 | When adding IPv6 routing information exchange feature to BGP. There were some |
4da7fda3 QY |
1781 | proposals. :abbr:`IETF (Internet Engineering Task Force)` |
1782 | :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol | |
1783 | Extension for BGP. The specification is described in :rfc:`2283`. The protocol | |
1784 | does not define new protocols. It defines new attributes to existing BGP. When | |
1785 | it is used exchanging IPv6 routing information it is called BGP-4+. When it is | |
1786 | used for exchanging multicast routing information it is called MBGP. | |
1787 | ||
1788 | *bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports | |
1789 | the protocol, *bgpd* can exchange IPv6 and/or multicast routing information. | |
1790 | ||
1791 | Traditional BGP did not have the feature to detect a remote peer's | |
1792 | capabilities, e.g. whether it can handle prefix types other than IPv4 unicast | |
1793 | routes. This was a big problem using Multiprotocol Extension for BGP in an | |
1794 | operational network. :rfc:`2842` adopted a feature called Capability | |
1795 | Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's | |
1796 | capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* | |
1797 | does not send these Capability Negotiation packets (at least not unless other | |
1798 | optional BGP features require capability negotation). | |
4b44467c QY |
1799 | |
1800 | By default, FRR will bring up peering with minimal common capability for the | |
4da7fda3 QY |
1801 | both sides. For example, if the local router has unicast and multicast |
1802 | capabilities and the remote router only has unicast capability the local router | |
1803 | will establish the connection with unicast only capability. When there are no | |
1804 | common capabilities, FRR sends Unsupported Capability error and then resets the | |
4b44467c QY |
1805 | connection. |
1806 | ||
1807 | If you want to completely match capabilities with remote peer. Please use | |
1808 | *strict-capability-match* command. | |
42fc5d26 | 1809 | |
c1a54c05 QY |
1810 | .. index:: neighbor PEER strict-capability-match |
1811 | .. clicmd:: neighbor PEER strict-capability-match | |
c3c5a71f | 1812 | |
c1a54c05 QY |
1813 | .. index:: no neighbor PEER strict-capability-match |
1814 | .. clicmd:: no neighbor PEER strict-capability-match | |
42fc5d26 | 1815 | |
4da7fda3 QY |
1816 | Strictly compares remote capabilities and local capabilities. If |
1817 | capabilities are different, send Unsupported Capability error then reset | |
1818 | connection. | |
42fc5d26 | 1819 | |
4da7fda3 QY |
1820 | You may want to disable sending Capability Negotiation OPEN message optional |
1821 | parameter to the peer when remote peer does not implement Capability | |
1822 | Negotiation. Please use *dont-capability-negotiate* command to disable the | |
1823 | feature. | |
c3c5a71f | 1824 | |
c1a54c05 QY |
1825 | .. index:: neighbor PEER dont-capability-negotiate |
1826 | .. clicmd:: neighbor PEER dont-capability-negotiate | |
42fc5d26 | 1827 | |
c1a54c05 QY |
1828 | .. index:: no neighbor PEER dont-capability-negotiate |
1829 | .. clicmd:: no neighbor PEER dont-capability-negotiate | |
c3c5a71f | 1830 | |
4da7fda3 QY |
1831 | Suppress sending Capability Negotiation as OPEN message optional parameter |
1832 | to the peer. This command only affects the peer is configured other than | |
1833 | IPv4 unicast configuration. | |
42fc5d26 | 1834 | |
4da7fda3 QY |
1835 | When remote peer does not have capability negotiation feature, remote peer |
1836 | will not send any capabilities at all. In that case, bgp configures the peer | |
1837 | with configured capabilities. | |
42fc5d26 | 1838 | |
c1a54c05 | 1839 | You may prefer locally configured capabilities more than the negotiated |
4da7fda3 QY |
1840 | capabilities even though remote peer sends capabilities. If the peer is |
1841 | configured by *override-capability*, *bgpd* ignores received capabilities | |
1842 | then override negotiated capabilities with configured values. | |
42fc5d26 | 1843 | |
c1a54c05 QY |
1844 | .. index:: neighbor PEER override-capability |
1845 | .. clicmd:: neighbor PEER override-capability | |
42fc5d26 | 1846 | |
c1a54c05 QY |
1847 | .. index:: no neighbor PEER override-capability |
1848 | .. clicmd:: no neighbor PEER override-capability | |
c3c5a71f | 1849 | |
c1a54c05 QY |
1850 | Override the result of Capability Negotiation with local configuration. |
1851 | Ignore remote peer's capability value. | |
42fc5d26 | 1852 | |
0efdf0fe | 1853 | .. _route-reflector: |
42fc5d26 QY |
1854 | |
1855 | Route Reflector | |
1856 | =============== | |
1857 | ||
c1a54c05 QY |
1858 | .. index:: bgp cluster-id A.B.C.D |
1859 | .. clicmd:: bgp cluster-id A.B.C.D | |
42fc5d26 | 1860 | |
c1a54c05 QY |
1861 | .. index:: neighbor PEER route-reflector-client |
1862 | .. clicmd:: neighbor PEER route-reflector-client | |
c3c5a71f | 1863 | |
c1a54c05 QY |
1864 | .. index:: no neighbor PEER route-reflector-client |
1865 | .. clicmd:: no neighbor PEER route-reflector-client | |
42fc5d26 | 1866 | |
42fc5d26 | 1867 | |
0efdf0fe | 1868 | .. _route-server: |
42fc5d26 QY |
1869 | |
1870 | Route Server | |
1871 | ============ | |
1872 | ||
c1a54c05 | 1873 | At an Internet Exchange point, many ISPs are connected to each other by the |
4da7fda3 QY |
1874 | "full mesh method". As with internal BGP full mesh formation, this method has a |
1875 | scaling problem. | |
42fc5d26 | 1876 | |
c1a54c05 QY |
1877 | This scaling problem is well known. Route Server is a method to resolve the |
1878 | problem. Each ISP's BGP router only peers to Route Server. Route Server serves | |
1879 | as BGP information exchange to other BGP routers. By applying this method, | |
1880 | numbers of BGP connections is reduced from O(n*(n-1)/2) to O(n). | |
42fc5d26 | 1881 | |
4da7fda3 | 1882 | Unlike a normal BGP router, Route Server must have several routing tables for |
c1a54c05 QY |
1883 | managing different routing policies for each BGP speaker. We call the routing |
1884 | tables as different "views". *bgpd* can work as normal BGP router or Route | |
1885 | Server or both at the same time. | |
42fc5d26 | 1886 | |
0efdf0fe | 1887 | .. _multiple-instance: |
42fc5d26 QY |
1888 | |
1889 | Multiple instance | |
1890 | ----------------- | |
1891 | ||
c1a54c05 QY |
1892 | To enable multiple view function of *bgpd*, you must turn on multiple instance |
1893 | feature beforehand. | |
42fc5d26 | 1894 | |
c3c5a71f | 1895 | .. index:: bgp multiple-instance |
29adcd50 | 1896 | .. clicmd:: bgp multiple-instance |
42fc5d26 | 1897 | |
c1a54c05 QY |
1898 | Enable BGP multiple instance feature. After this feature is enabled, |
1899 | you can make multiple BGP instances or multiple BGP views. | |
42fc5d26 | 1900 | |
c1a54c05 | 1901 | .. index:: no bgp multiple-instance |
29adcd50 | 1902 | .. clicmd:: no bgp multiple-instance |
c1a54c05 QY |
1903 | |
1904 | Disable BGP multiple instance feature. You can not disable this feature | |
1905 | when BGP multiple instances or views exist. | |
42fc5d26 | 1906 | |
c3c5a71f | 1907 | When you want to make configuration more Cisco like one, |
42fc5d26 | 1908 | |
c3c5a71f | 1909 | .. index:: bgp config-type cisco |
29adcd50 | 1910 | .. clicmd:: bgp config-type cisco |
c1a54c05 QY |
1911 | |
1912 | Cisco compatible BGP configuration output. | |
42fc5d26 | 1913 | |
c3c5a71f | 1914 | When bgp config-type cisco is specified, |
42fc5d26 | 1915 | |
4da7fda3 QY |
1916 | ``no synchronization`` is displayed. |
1917 | ``no auto-summary`` is displayed. | |
1918 | ||
1919 | The ``network`` and ``aggregate-address`` arguments are displayed as:: | |
42fc5d26 | 1920 | |
4da7fda3 | 1921 | A.B.C.D M.M.M.M |
42fc5d26 | 1922 | |
4da7fda3 QY |
1923 | FRR: network 10.0.0.0/8 |
1924 | Cisco: network 10.0.0.0 | |
42fc5d26 | 1925 | |
4da7fda3 QY |
1926 | FRR: aggregate-address 192.168.0.0/24 |
1927 | Cisco: aggregate-address 192.168.0.0 255.255.255.0 | |
42fc5d26 | 1928 | |
4da7fda3 QY |
1929 | Community attribute handling is also different. If no configuration is |
1930 | specified community attribute and extended community attribute are sent to the | |
1931 | neighbor. If a user manually disables the feature, the community attribute is | |
1932 | not sent to the neighbor. When ``bgp config-type cisco`` is specified, the | |
1933 | community attribute is not sent to the neighbor by default. To send the | |
1934 | community attribute user has to specify *neighbor A.B.C.D send-community* | |
1935 | command.:: | |
c1a54c05 QY |
1936 | |
1937 | ! | |
1938 | router bgp 1 | |
1939 | neighbor 10.0.0.1 remote-as 1 | |
1940 | address-family ipv4 unicast | |
1941 | no neighbor 10.0.0.1 send-community | |
1942 | exit-address-family | |
1943 | ! | |
1944 | router bgp 1 | |
1945 | neighbor 10.0.0.1 remote-as 1 | |
1946 | address-family ipv4 unicast | |
1947 | neighbor 10.0.0.1 send-community | |
1948 | exit-address-family | |
1949 | ! | |
42fc5d26 | 1950 | |
42fc5d26 | 1951 | |
c3c5a71f | 1952 | .. index:: bgp config-type zebra |
29adcd50 | 1953 | .. clicmd:: bgp config-type zebra |
c1a54c05 QY |
1954 | |
1955 | FRR style BGP configuration. This is default. | |
42fc5d26 | 1956 | |
0efdf0fe | 1957 | .. _bgp-instance-and-view: |
42fc5d26 QY |
1958 | |
1959 | BGP instance and view | |
1960 | --------------------- | |
1961 | ||
4da7fda3 QY |
1962 | BGP instance is a normal BGP process. The result of route selection goes to the |
1963 | kernel routing table. You can setup different AS at the same time when BGP | |
1964 | multiple instance feature is enabled. | |
42fc5d26 | 1965 | |
c3c5a71f | 1966 | .. index:: router bgp AS-NUMBER |
29adcd50 | 1967 | .. clicmd:: router bgp AS-NUMBER |
42fc5d26 | 1968 | |
4da7fda3 | 1969 | Make a new BGP instance. You can use an arbitrary word for the `name`. |
42fc5d26 | 1970 | |
c1a54c05 | 1971 | :: |
76bd1499 | 1972 | |
c1a54c05 QY |
1973 | bgp multiple-instance |
1974 | ! | |
1975 | router bgp 1 | |
1976 | neighbor 10.0.0.1 remote-as 2 | |
1977 | neighbor 10.0.0.2 remote-as 3 | |
1978 | ! | |
1979 | router bgp 2 | |
1980 | neighbor 10.0.0.3 remote-as 4 | |
1981 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 1982 | |
42fc5d26 | 1983 | |
4da7fda3 QY |
1984 | BGP view is almost same as normal BGP process. The result of route selection |
1985 | does not go to the kernel routing table. BGP view is only for exchanging BGP | |
1986 | routing information. | |
42fc5d26 | 1987 | |
c3c5a71f | 1988 | .. index:: router bgp AS-NUMBER view NAME |
29adcd50 | 1989 | .. clicmd:: router bgp AS-NUMBER view NAME |
42fc5d26 | 1990 | |
c1a54c05 QY |
1991 | Make a new BGP view. You can use arbitrary word for the `name`. This view's |
1992 | route selection result does not go to the kernel routing table. | |
42fc5d26 | 1993 | |
c1a54c05 | 1994 | With this command, you can setup Route Server like below. |
42fc5d26 | 1995 | |
c1a54c05 | 1996 | :: |
76bd1499 | 1997 | |
c1a54c05 QY |
1998 | bgp multiple-instance |
1999 | ! | |
2000 | router bgp 1 view 1 | |
2001 | neighbor 10.0.0.1 remote-as 2 | |
2002 | neighbor 10.0.0.2 remote-as 3 | |
2003 | ! | |
2004 | router bgp 2 view 2 | |
2005 | neighbor 10.0.0.3 remote-as 4 | |
2006 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 2007 | |
42fc5d26 | 2008 | |
0efdf0fe | 2009 | .. _routing-policy: |
42fc5d26 QY |
2010 | |
2011 | Routing policy | |
2012 | -------------- | |
2013 | ||
4da7fda3 QY |
2014 | You can set different routing policy for a peer. For example, you can set |
2015 | different filter for a peer.:: | |
c1a54c05 QY |
2016 | |
2017 | bgp multiple-instance | |
2018 | ! | |
2019 | router bgp 1 view 1 | |
2020 | neighbor 10.0.0.1 remote-as 2 | |
2021 | address-family ipv4 unicast | |
2022 | neighbor 10.0.0.1 distribute-list 1 in | |
2023 | exit-address-family | |
2024 | ! | |
2025 | router bgp 1 view 2 | |
2026 | neighbor 10.0.0.1 remote-as 2 | |
2027 | address-family ipv4 unicast | |
2028 | neighbor 10.0.0.1 distribute-list 2 in | |
2029 | exit-address-family | |
c3c5a71f | 2030 | |
42fc5d26 | 2031 | |
4da7fda3 QY |
2032 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. |
2033 | When the update is inserted into view 1, distribute-list 1 is applied. On the | |
2034 | other hand, when the update is inserted into view 2, distribute-list 2 is | |
2035 | applied. | |
42fc5d26 | 2036 | |
0efdf0fe | 2037 | .. _viewing-the-view: |
42fc5d26 QY |
2038 | |
2039 | Viewing the view | |
2040 | ---------------- | |
2041 | ||
2042 | To display routing table of BGP view, you must specify view name. | |
2043 | ||
c3c5a71f | 2044 | .. index:: show ip bgp view NAME |
29adcd50 | 2045 | .. clicmd:: show ip bgp view NAME |
c1a54c05 QY |
2046 | |
2047 | Display routing table of BGP view ``NAME``. | |
42fc5d26 | 2048 | |
0efdf0fe | 2049 | .. _bgp-regular-expressions: |
42fc5d26 QY |
2050 | |
2051 | BGP Regular Expressions | |
2052 | ======================= | |
2053 | ||
4da7fda3 QY |
2054 | BGP regular expressions are based on `POSIX 1003.2` regular expressions. The |
2055 | following description is just a quick subset of the `POSIX` regular | |
2056 | expressions. Adding to that, the special character '_' is added. | |
42fc5d26 QY |
2057 | |
2058 | ||
c1a54c05 QY |
2059 | .* |
2060 | Matches any single character. | |
42fc5d26 QY |
2061 | |
2062 | * | |
c1a54c05 | 2063 | Matches 0 or more occurrences of pattern. |
42fc5d26 QY |
2064 | |
2065 | + | |
c1a54c05 | 2066 | Matches 1 or more occurrences of pattern. |
42fc5d26 QY |
2067 | |
2068 | ? | |
c1a54c05 | 2069 | Match 0 or 1 occurrences of pattern. |
42fc5d26 QY |
2070 | |
2071 | ^ | |
c1a54c05 | 2072 | Matches the beginning of the line. |
42fc5d26 QY |
2073 | |
2074 | $ | |
c1a54c05 | 2075 | Matches the end of the line. |
42fc5d26 QY |
2076 | |
2077 | _ | |
c1a54c05 QY |
2078 | Character `_` has special meanings in BGP regular expressions. It matches |
2079 | to space and comma , and AS set delimiter { and } and AS confederation | |
2080 | delimiter `(` and `)`. And it also matches to the beginning of the line and | |
2081 | the end of the line. So `_` can be used for AS value boundaries match. This | |
2082 | character technically evaluates to `(^|[,{}() ]|$)`. | |
42fc5d26 | 2083 | |
11ab5329 | 2084 | .. _how-to-set-up-a-6-bone-connection: |
42fc5d26 QY |
2085 | |
2086 | How to set up a 6-Bone connection | |
2087 | ================================= | |
2088 | ||
2089 | :: | |
2090 | ||
c1a54c05 QY |
2091 | bgpd configuration |
2092 | ================== | |
2093 | ! | |
c1a54c05 QY |
2094 | ! MP-BGP configuration |
2095 | ! | |
2096 | router bgp 7675 | |
2097 | bgp router-id 10.0.0.1 | |
2098 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as `as-number` | |
2099 | ! | |
2100 | address-family ipv6 | |
2101 | network 3ffe:506::/32 | |
2102 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
2103 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
2104 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as `as-number` | |
2105 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
2106 | exit-address-family | |
2107 | ! | |
2108 | ipv6 access-list all permit any | |
2109 | ! | |
2110 | ! Set output nexthop address. | |
2111 | ! | |
2112 | route-map set-nexthop permit 10 | |
2113 | match ipv6 address all | |
2114 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
2115 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
2116 | ! | |
c1a54c05 QY |
2117 | log file bgpd.log |
2118 | ! | |
c3c5a71f | 2119 | |
42fc5d26 | 2120 | |
0efdf0fe | 2121 | .. _dump-bgp-packets-and-table: |
42fc5d26 QY |
2122 | |
2123 | Dump BGP packets and table | |
2124 | ========================== | |
2125 | ||
c3c5a71f | 2126 | .. index:: dump bgp all PATH [INTERVAL] |
29adcd50 | 2127 | .. clicmd:: dump bgp all PATH [INTERVAL] |
42fc5d26 | 2128 | |
c1a54c05 | 2129 | .. index:: dump bgp all-et PATH [INTERVAL] |
29adcd50 | 2130 | .. clicmd:: dump bgp all-et PATH [INTERVAL] |
42fc5d26 | 2131 | |
c1a54c05 | 2132 | .. index:: no dump bgp all [PATH] [INTERVAL] |
29adcd50 | 2133 | .. clicmd:: no dump bgp all [PATH] [INTERVAL] |
42fc5d26 | 2134 | |
c1a54c05 | 2135 | Dump all BGP packet and events to `path` file. |
4da7fda3 QY |
2136 | If `interval` is set, a new file will be created for echo `interval` of |
2137 | seconds. The path `path` can be set with date and time formatting | |
2138 | (strftime). The type ‘all-et’ enables support for Extended Timestamp Header | |
2139 | (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2140 | |
c1a54c05 | 2141 | .. index:: dump bgp updates PATH [INTERVAL] |
29adcd50 | 2142 | .. clicmd:: dump bgp updates PATH [INTERVAL] |
42fc5d26 | 2143 | |
c1a54c05 | 2144 | .. index:: dump bgp updates-et PATH [INTERVAL] |
29adcd50 | 2145 | .. clicmd:: dump bgp updates-et PATH [INTERVAL] |
42fc5d26 | 2146 | |
c1a54c05 | 2147 | .. index:: no dump bgp updates [PATH] [INTERVAL] |
29adcd50 | 2148 | .. clicmd:: no dump bgp updates [PATH] [INTERVAL] |
42fc5d26 | 2149 | |
c1a54c05 | 2150 | Dump only BGP updates messages to `path` file. |
4da7fda3 QY |
2151 | If `interval` is set, a new file will be created for echo `interval` of |
2152 | seconds. The path `path` can be set with date and time formatting | |
2153 | (strftime). The type ‘updates-et’ enables support for Extended Timestamp | |
2154 | Header (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2155 | |
c1a54c05 | 2156 | .. index:: dump bgp routes-mrt PATH |
29adcd50 | 2157 | .. clicmd:: dump bgp routes-mrt PATH |
42fc5d26 | 2158 | |
c1a54c05 | 2159 | .. index:: dump bgp routes-mrt PATH INTERVAL |
29adcd50 | 2160 | .. clicmd:: dump bgp routes-mrt PATH INTERVAL |
42fc5d26 | 2161 | |
c1a54c05 | 2162 | .. index:: no dump bgp route-mrt [PATH] [INTERVAL] |
29adcd50 | 2163 | .. clicmd:: no dump bgp route-mrt [PATH] [INTERVAL] |
42fc5d26 | 2164 | |
4da7fda3 QY |
2165 | Dump whole BGP routing table to `path`. This is heavy process. The path |
2166 | `path` can be set with date and time formatting (strftime). If `interval` is | |
2167 | set, a new file will be created for echo `interval` of seconds. | |
42fc5d26 | 2168 | |
c1a54c05 | 2169 | Note: the interval variable can also be set using hours and minutes: 04h20m00. |
42fc5d26 | 2170 | |
c1a54c05 | 2171 | .. _bgp-configuration-examples: |
42fc5d26 | 2172 | |
c1a54c05 QY |
2173 | BGP Configuration Examples |
2174 | ========================== | |
42fc5d26 | 2175 | |
c1a54c05 | 2176 | Example of a session to an upstream, advertising only one prefix to it.:: |
42fc5d26 | 2177 | |
c1a54c05 QY |
2178 | router bgp 64512 |
2179 | bgp router-id 10.236.87.1 | |
2180 | neighbor upstream peer-group | |
2181 | neighbor upstream remote-as 64515 | |
2182 | neighbor upstream capability dynamic | |
2183 | neighbor 10.1.1.1 peer-group upstream | |
2184 | neighbor 10.1.1.1 description ACME ISP | |
c3c5a71f | 2185 | |
c1a54c05 QY |
2186 | address-family ipv4 unicast |
2187 | network 10.236.87.0/24 | |
2188 | neighbor upstream prefix-list pl-allowed-adv out | |
2189 | exit-address-family | |
2190 | ! | |
2191 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
2192 | ip prefix-list pl-allowed-adv seq 10 deny any | |
42fc5d26 | 2193 | |
4da7fda3 QY |
2194 | A more complex example. With upstream, peer and customer sessions. Advertising |
2195 | global prefixes and NO_EXPORT prefixes and providing actions for customer | |
2196 | routes based on community values. Extensive use of route-maps and the 'call' | |
2197 | feature to support selective advertising of prefixes. This example is intended | |
2198 | as guidance only, it has NOT been tested and almost certainly containts silly | |
2199 | mistakes, if not serious flaws. | |
42fc5d26 QY |
2200 | |
2201 | :: | |
2202 | ||
c1a54c05 QY |
2203 | router bgp 64512 |
2204 | bgp router-id 10.236.87.1 | |
2205 | neighbor upstream capability dynamic | |
2206 | neighbor cust capability dynamic | |
2207 | neighbor peer capability dynamic | |
2208 | neighbor 10.1.1.1 remote-as 64515 | |
2209 | neighbor 10.1.1.1 peer-group upstream | |
2210 | neighbor 10.2.1.1 remote-as 64516 | |
2211 | neighbor 10.2.1.1 peer-group upstream | |
2212 | neighbor 10.3.1.1 remote-as 64517 | |
2213 | neighbor 10.3.1.1 peer-group cust-default | |
2214 | neighbor 10.3.1.1 description customer1 | |
2215 | neighbor 10.4.1.1 remote-as 64518 | |
2216 | neighbor 10.4.1.1 peer-group cust | |
2217 | neighbor 10.4.1.1 description customer2 | |
2218 | neighbor 10.5.1.1 remote-as 64519 | |
2219 | neighbor 10.5.1.1 peer-group peer | |
2220 | neighbor 10.5.1.1 description peer AS 1 | |
2221 | neighbor 10.6.1.1 remote-as 64520 | |
2222 | neighbor 10.6.1.1 peer-group peer | |
2223 | neighbor 10.6.1.1 description peer AS 2 | |
2224 | ||
2225 | address-family ipv4 unicast | |
2226 | network 10.123.456.0/24 | |
2227 | network 10.123.456.128/25 route-map rm-no-export | |
2228 | neighbor upstream route-map rm-upstream-out out | |
2229 | neighbor cust route-map rm-cust-in in | |
2230 | neighbor cust route-map rm-cust-out out | |
2231 | neighbor cust send-community both | |
2232 | neighbor peer route-map rm-peer-in in | |
2233 | neighbor peer route-map rm-peer-out out | |
2234 | neighbor peer send-community both | |
2235 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
2236 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
2237 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
2238 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
2239 | exit-address-family | |
2240 | ! | |
2241 | ip prefix-list pl-default permit 0.0.0.0/0 | |
2242 | ! | |
2243 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
2244 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
2245 | ! | |
2246 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
2247 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
2248 | ! | |
2249 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
2250 | ! | |
2251 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
2252 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
2253 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
2254 | ! | |
2255 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
2256 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
2257 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
2258 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
2259 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
2260 | ! | |
2261 | ip as-path access-list asp-own-as permit ^$ | |
2262 | ip as-path access-list asp-own-as permit _64512_ | |
2263 | ! | |
2264 | ! ################################################################# | |
2265 | ! Match communities we provide actions for, on routes receives from | |
2266 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
2267 | ! | |
2268 | ! 100 - blackhole the prefix | |
2269 | ! 200 - set no_export | |
2270 | ! 300 - advertise only to other customers | |
2271 | ! 400 - advertise only to upstreams | |
2272 | ! 500 - set no_export when advertising to upstreams | |
2273 | ! 2X00 - set local_preference to X00 | |
2274 | ! | |
2275 | ! blackhole the prefix of the route | |
2276 | ip community-list standard cm-blackhole permit 64512:100 | |
2277 | ! | |
2278 | ! set no-export community before advertising | |
2279 | ip community-list standard cm-set-no-export permit 64512:200 | |
2280 | ! | |
2281 | ! advertise only to other customers | |
2282 | ip community-list standard cm-cust-only permit 64512:300 | |
2283 | ! | |
2284 | ! advertise only to upstreams | |
2285 | ip community-list standard cm-upstream-only permit 64512:400 | |
2286 | ! | |
2287 | ! advertise to upstreams with no-export | |
2288 | ip community-list standard cm-upstream-noexport permit 64512:500 | |
2289 | ! | |
2290 | ! set local-pref to least significant 3 digits of the community | |
2291 | ip community-list standard cm-prefmod-100 permit 64512:2100 | |
2292 | ip community-list standard cm-prefmod-200 permit 64512:2200 | |
2293 | ip community-list standard cm-prefmod-300 permit 64512:2300 | |
2294 | ip community-list standard cm-prefmod-400 permit 64512:2400 | |
2295 | ip community-list expanded cme-prefmod-range permit 64512:2... | |
2296 | ! | |
2297 | ! Informational communities | |
2298 | ! | |
2299 | ! 3000 - learned from upstream | |
2300 | ! 3100 - learned from customer | |
2301 | ! 3200 - learned from peer | |
2302 | ! | |
2303 | ip community-list standard cm-learnt-upstream permit 64512:3000 | |
2304 | ip community-list standard cm-learnt-cust permit 64512:3100 | |
2305 | ip community-list standard cm-learnt-peer permit 64512:3200 | |
2306 | ! | |
2307 | ! ################################################################### | |
2308 | ! Utility route-maps | |
2309 | ! | |
2310 | ! These utility route-maps generally should not used to permit/deny | |
2311 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
2312 | ! should be used with 'on-match next'. These all finish with an empty | |
2313 | ! permit entry so as not interfere with processing in the caller. | |
2314 | ! | |
2315 | route-map rm-no-export permit 10 | |
2316 | set community additive no-export | |
2317 | route-map rm-no-export permit 20 | |
2318 | ! | |
2319 | route-map rm-blackhole permit 10 | |
2320 | description blackhole, up-pref and ensure it cant escape this AS | |
2321 | set ip next-hop 127.0.0.1 | |
2322 | set local-preference 10 | |
2323 | set community additive no-export | |
2324 | route-map rm-blackhole permit 20 | |
2325 | ! | |
2326 | ! Set local-pref as requested | |
2327 | route-map rm-prefmod permit 10 | |
2328 | match community cm-prefmod-100 | |
2329 | set local-preference 100 | |
2330 | route-map rm-prefmod permit 20 | |
2331 | match community cm-prefmod-200 | |
2332 | set local-preference 200 | |
2333 | route-map rm-prefmod permit 30 | |
2334 | match community cm-prefmod-300 | |
2335 | set local-preference 300 | |
2336 | route-map rm-prefmod permit 40 | |
2337 | match community cm-prefmod-400 | |
2338 | set local-preference 400 | |
2339 | route-map rm-prefmod permit 50 | |
2340 | ! | |
2341 | ! Community actions to take on receipt of route. | |
2342 | route-map rm-community-in permit 10 | |
2343 | description check for blackholing, no point continuing if it matches. | |
2344 | match community cm-blackhole | |
2345 | call rm-blackhole | |
2346 | route-map rm-community-in permit 20 | |
2347 | match community cm-set-no-export | |
2348 | call rm-no-export | |
2349 | on-match next | |
2350 | route-map rm-community-in permit 30 | |
2351 | match community cme-prefmod-range | |
2352 | call rm-prefmod | |
2353 | route-map rm-community-in permit 40 | |
2354 | ! | |
2355 | ! ##################################################################### | |
2356 | ! Community actions to take when advertising a route. | |
2357 | ! These are filtering route-maps, | |
2358 | ! | |
2359 | ! Deny customer routes to upstream with cust-only set. | |
2360 | route-map rm-community-filt-to-upstream deny 10 | |
2361 | match community cm-learnt-cust | |
2362 | match community cm-cust-only | |
2363 | route-map rm-community-filt-to-upstream permit 20 | |
2364 | ! | |
2365 | ! Deny customer routes to other customers with upstream-only set. | |
2366 | route-map rm-community-filt-to-cust deny 10 | |
2367 | match community cm-learnt-cust | |
2368 | match community cm-upstream-only | |
2369 | route-map rm-community-filt-to-cust permit 20 | |
2370 | ! | |
2371 | ! ################################################################### | |
2372 | ! The top-level route-maps applied to sessions. Further entries could | |
2373 | ! be added obviously.. | |
2374 | ! | |
2375 | ! Customers | |
2376 | route-map rm-cust-in permit 10 | |
2377 | call rm-community-in | |
2378 | on-match next | |
2379 | route-map rm-cust-in permit 20 | |
2380 | set community additive 64512:3100 | |
2381 | route-map rm-cust-in permit 30 | |
2382 | ! | |
2383 | route-map rm-cust-out permit 10 | |
2384 | call rm-community-filt-to-cust | |
2385 | on-match next | |
2386 | route-map rm-cust-out permit 20 | |
2387 | ! | |
2388 | ! Upstream transit ASes | |
2389 | route-map rm-upstream-out permit 10 | |
2390 | description filter customer prefixes which are marked cust-only | |
2391 | call rm-community-filt-to-upstream | |
2392 | on-match next | |
2393 | route-map rm-upstream-out permit 20 | |
2394 | description only customer routes are provided to upstreams/peers | |
2395 | match community cm-learnt-cust | |
2396 | ! | |
2397 | ! Peer ASes | |
2398 | ! outbound policy is same as for upstream | |
2399 | route-map rm-peer-out permit 10 | |
2400 | call rm-upstream-out | |
2401 | ! | |
2402 | route-map rm-peer-in permit 10 | |
2403 | set community additive 64512:3200 | |
c3c5a71f | 2404 | |
9e146a81 | 2405 | .. include:: routeserver.rst |
f3817860 QY |
2406 | |
2407 | .. include:: rpki.rst | |
c1a54c05 QY |
2408 | |
2409 | ||
4b44467c | 2410 | .. [#med-transitivity-rant] For some set of objects to have an order, there *must* be some binary ordering relation that is defined for *every* combination of those objects, and that relation *must* be transitive. I.e.:, if the relation operator is <, and if a < b and b < c then that relation must carry over and it *must* be that a < c for the objects to have an order. The ordering relation may allow for equality, i.e. a < b and b < a may both be true amd imply that a and b are equal in the order and not distinguished by it, in which case the set has a partial order. Otherwise, if there is an order, all the objects have a distinct place in the order and the set has a total order) |
c1a54c05 QY |
2411 | .. [bgp-route-osci-cond] McPherson, D. and Gill, V. and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation Condition", IETF RFC3345 |
2412 | .. [stable-flexible-ibgp] Flavel, A. and M. Roughan, "Stable and flexible iBGP", ACM SIGCOMM 2009 | |
2413 | .. [ibgp-correctness] Griffin, T. and G. Wilfong, "On the correctness of IBGP configuration", ACM SIGCOMM 2002 |