]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _bgp: |
42fc5d26 QY |
2 | |
3 | *** | |
4 | BGP | |
5 | *** | |
6 | ||
8fcedbd2 | 7 | :abbr:`BGP` stands for Border Gateway Protocol. The latest BGP version is 4. |
d1e7591e | 8 | BGP-4 is one of the Exterior Gateway Protocols and the de facto standard |
8fcedbd2 QY |
9 | interdomain routing protocol. BGP-4 is described in :rfc:`1771` and updated by |
10 | :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP-4. | |
42fc5d26 | 11 | |
0efdf0fe | 12 | .. _starting-bgp: |
42fc5d26 QY |
13 | |
14 | Starting BGP | |
15 | ============ | |
16 | ||
8fcedbd2 QY |
17 | The default configuration file of *bgpd* is :file:`bgpd.conf`. *bgpd* searches |
18 | the current directory first, followed by |INSTALL_PREFIX_ETC|/bgpd.conf. All of | |
19 | *bgpd*'s commands must be configured in :file:`bgpd.conf` when the integrated | |
20 | config is not being used. | |
42fc5d26 | 21 | |
c1a54c05 | 22 | *bgpd* specific invocation options are described below. Common options may also |
0efdf0fe | 23 | be specified (:ref:`common-invocation-options`). |
42fc5d26 | 24 | |
c1a54c05 | 25 | .. program:: bgpd |
42fc5d26 | 26 | |
c9365894 | 27 | .. option:: -p, --bgp_port <port> |
42fc5d26 | 28 | |
db759bb0 | 29 | Set the bgp protocol's port number. When port number is 0, that means do not |
30 | listen bgp port. | |
42fc5d26 | 31 | |
c9365894 | 32 | .. option:: -l, --listenon |
42fc5d26 | 33 | |
c0868e8b QY |
34 | Specify a specific IP address for bgpd to listen on, rather than its default |
35 | of ``0.0.0.0`` / ``::``. This can be useful to constrain bgpd to an internal | |
36 | address, or to run multiple bgpd processes on one host. | |
42fc5d26 | 37 | |
11a9a236 DS |
38 | .. option:: -n, --no_kernel |
39 | ||
40 | Do not install learned routes into the linux kernel. This option is useful | |
41 | for a route-reflector environment or if you are running multiple bgp | |
42 | processes in the same namespace. This option is different than the --no_zebra | |
43 | option in that a ZAPI connection is made. | |
44 | ||
8dad2243 DS |
45 | This option can also be toggled during runtime by using the |
46 | ``[no] bgp no-rib`` commands in VTY shell. | |
47 | ||
48 | Note that this option will persist after saving the configuration during | |
49 | runtime, unless unset by the ``no bgp no-rib`` command in VTY shell prior to | |
50 | a configuration write operation. | |
51 | ||
11a9a236 DS |
52 | .. option:: -S, --skip_runas |
53 | ||
54 | Skip the normal process of checking capabilities and changing user and group | |
55 | information. | |
56 | ||
57 | .. option:: -e, --ecmp | |
58 | ||
59 | Run BGP with a limited ecmp capability, that is different than what BGP | |
60 | was compiled with. The value specified must be greater than 0 and less | |
61 | than or equal to the MULTIPATH_NUM specified on compilation. | |
62 | ||
63 | .. option:: -Z, --no_zebra | |
64 | ||
65 | Do not communicate with zebra at all. This is different than the --no_kernel | |
66 | option in that we do not even open a ZAPI connection to the zebra process. | |
67 | ||
68 | .. option:: -s, --socket_size | |
69 | ||
70 | When opening tcp connections to our peers, set the socket send buffer | |
71 | size that the kernel will use for the peers socket. This option | |
72 | is only really useful at a very large scale. Experimentation should | |
73 | be done to see if this is helping or not at the scale you are running | |
74 | at. | |
75 | ||
76 | LABEL MANAGER | |
77 | ------------- | |
78 | ||
79 | .. option:: -I, --int_num | |
80 | ||
81 | Set zclient id. This is required when using Zebra label manager in proxy mode. | |
82 | ||
8fcedbd2 | 83 | .. _bgp-basic-concepts: |
42fc5d26 | 84 | |
8fcedbd2 QY |
85 | Basic Concepts |
86 | ============== | |
42fc5d26 | 87 | |
8fcedbd2 | 88 | .. _bgp-autonomous-systems: |
c3c5a71f | 89 | |
8fcedbd2 QY |
90 | Autonomous Systems |
91 | ------------------ | |
42fc5d26 | 92 | |
c0868e8b QY |
93 | From :rfc:`1930`: |
94 | ||
95 | An AS is a connected group of one or more IP prefixes run by one or more | |
96 | network operators which has a SINGLE and CLEARLY DEFINED routing policy. | |
97 | ||
98 | Each AS has an identifying number associated with it called an :abbr:`ASN | |
99 | (Autonomous System Number)`. This is a two octet value ranging in value from 1 | |
100 | to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers. | |
101 | Private AS numbers must not be advertised on the global Internet. | |
102 | ||
103 | The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of | |
8fcedbd2 | 104 | BGP. BGP is a distance vector routing protocol, and the AS-Path framework |
c0868e8b | 105 | provides distance vector metric and loop detection to BGP. |
42fc5d26 | 106 | |
c0868e8b | 107 | .. seealso:: :rfc:`1930` |
42fc5d26 | 108 | |
8fcedbd2 | 109 | .. _bgp-address-families: |
42fc5d26 | 110 | |
8fcedbd2 QY |
111 | Address Families |
112 | ---------------- | |
42fc5d26 | 113 | |
c0868e8b QY |
114 | Multiprotocol extensions enable BGP to carry routing information for multiple |
115 | network layer protocols. BGP supports an Address Family Identifier (AFI) for | |
116 | IPv4 and IPv6. Support is also provided for multiple sets of per-AFI | |
117 | information via the BGP Subsequent Address Family Identifier (SAFI). FRR | |
118 | supports SAFIs for unicast information, labeled information (:rfc:`3107` and | |
119 | :rfc:`8277`), and Layer 3 VPN information (:rfc:`4364` and :rfc:`4659`). | |
c3c5a71f | 120 | |
8fcedbd2 | 121 | .. _bgp-route-selection: |
42fc5d26 | 122 | |
8fcedbd2 QY |
123 | Route Selection |
124 | --------------- | |
42fc5d26 | 125 | |
8fcedbd2 QY |
126 | The route selection process used by FRR's BGP implementation uses the following |
127 | decision criterion, starting at the top of the list and going towards the | |
128 | bottom until one of the factors can be used. | |
42fc5d26 | 129 | |
8fcedbd2 | 130 | 1. **Weight check** |
42fc5d26 | 131 | |
c1a54c05 | 132 | Prefer higher local weight routes to lower routes. |
42fc5d26 | 133 | |
8fcedbd2 QY |
134 | 2. **Local preference check** |
135 | ||
c1a54c05 | 136 | Prefer higher local preference routes to lower. |
42fc5d26 | 137 | |
8fcedbd2 QY |
138 | 3. **Local route check** |
139 | ||
c1a54c05 | 140 | Prefer local routes (statics, aggregates, redistributed) to received routes. |
42fc5d26 | 141 | |
8fcedbd2 QY |
142 | 4. **AS path length check** |
143 | ||
c1a54c05 | 144 | Prefer shortest hop-count AS_PATHs. |
42fc5d26 | 145 | |
8fcedbd2 QY |
146 | 5. **Origin check** |
147 | ||
c1a54c05 QY |
148 | Prefer the lowest origin type route. That is, prefer IGP origin routes to |
149 | EGP, to Incomplete routes. | |
42fc5d26 | 150 | |
8fcedbd2 QY |
151 | 6. **MED check** |
152 | ||
c1a54c05 | 153 | Where routes with a MED were received from the same AS, prefer the route |
0efdf0fe | 154 | with the lowest MED. :ref:`bgp-med`. |
42fc5d26 | 155 | |
8fcedbd2 QY |
156 | 7. **External check** |
157 | ||
c1a54c05 QY |
158 | Prefer the route received from an external, eBGP peer over routes received |
159 | from other types of peers. | |
42fc5d26 | 160 | |
8fcedbd2 QY |
161 | 8. **IGP cost check** |
162 | ||
c1a54c05 | 163 | Prefer the route with the lower IGP cost. |
42fc5d26 | 164 | |
8fcedbd2 QY |
165 | 9. **Multi-path check** |
166 | ||
c1a54c05 QY |
167 | If multi-pathing is enabled, then check whether the routes not yet |
168 | distinguished in preference may be considered equal. If | |
9e146a81 | 169 | :clicmd:`bgp bestpath as-path multipath-relax` is set, all such routes are |
c1a54c05 QY |
170 | considered equal, otherwise routes received via iBGP with identical AS_PATHs |
171 | or routes received from eBGP neighbours in the same AS are considered equal. | |
42fc5d26 | 172 | |
8fcedbd2 QY |
173 | 10. **Already-selected external check** |
174 | ||
07738543 QY |
175 | Where both routes were received from eBGP peers, then prefer the route |
176 | which is already selected. Note that this check is not applied if | |
177 | :clicmd:`bgp bestpath compare-routerid` is configured. This check can | |
178 | prevent some cases of oscillation. | |
179 | ||
8fcedbd2 QY |
180 | 11. **Router-ID check** |
181 | ||
07738543 QY |
182 | Prefer the route with the lowest `router-ID`. If the route has an |
183 | `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is | |
184 | used, otherwise the `router-ID` of the peer the route was received from is | |
185 | used. | |
186 | ||
8fcedbd2 QY |
187 | 12. **Cluster-List length check** |
188 | ||
07738543 QY |
189 | The route with the shortest cluster-list length is used. The cluster-list |
190 | reflects the iBGP reflection path the route has taken. | |
191 | ||
8fcedbd2 QY |
192 | 13. **Peer address** |
193 | ||
07738543 QY |
194 | Prefer the route received from the peer with the higher transport layer |
195 | address, as a last-resort tie-breaker. | |
42fc5d26 | 196 | |
8fcedbd2 QY |
197 | .. _bgp-capability-negotiation: |
198 | ||
199 | Capability Negotiation | |
200 | ---------------------- | |
201 | ||
202 | When adding IPv6 routing information exchange feature to BGP. There were some | |
203 | proposals. :abbr:`IETF (Internet Engineering Task Force)` | |
204 | :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol | |
205 | Extension for BGP. The specification is described in :rfc:`2283`. The protocol | |
206 | does not define new protocols. It defines new attributes to existing BGP. When | |
207 | it is used exchanging IPv6 routing information it is called BGP-4+. When it is | |
208 | used for exchanging multicast routing information it is called MBGP. | |
209 | ||
210 | *bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports | |
211 | the protocol, *bgpd* can exchange IPv6 and/or multicast routing information. | |
212 | ||
213 | Traditional BGP did not have the feature to detect a remote peer's | |
214 | capabilities, e.g. whether it can handle prefix types other than IPv4 unicast | |
215 | routes. This was a big problem using Multiprotocol Extension for BGP in an | |
216 | operational network. :rfc:`2842` adopted a feature called Capability | |
217 | Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's | |
218 | capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* | |
219 | does not send these Capability Negotiation packets (at least not unless other | |
220 | optional BGP features require capability negotiation). | |
221 | ||
222 | By default, FRR will bring up peering with minimal common capability for the | |
223 | both sides. For example, if the local router has unicast and multicast | |
224 | capabilities and the remote router only has unicast capability the local router | |
225 | will establish the connection with unicast only capability. When there are no | |
226 | common capabilities, FRR sends Unsupported Capability error and then resets the | |
227 | connection. | |
228 | ||
8fcedbd2 QY |
229 | .. _bgp-router-configuration: |
230 | ||
231 | BGP Router Configuration | |
232 | ======================== | |
233 | ||
234 | ASN and Router ID | |
235 | ----------------- | |
236 | ||
237 | First of all you must configure BGP router with the :clicmd:`router bgp ASN` | |
238 | command. The AS number is an identifier for the autonomous system. The BGP | |
239 | protocol uses the AS number for detecting whether the BGP connection is | |
240 | internal or external. | |
241 | ||
242 | .. index:: router bgp ASN | |
243 | .. clicmd:: router bgp ASN | |
244 | ||
245 | Enable a BGP protocol process with the specified ASN. After | |
246 | this statement you can input any `BGP Commands`. | |
247 | ||
248 | .. index:: no router bgp ASN | |
249 | .. clicmd:: no router bgp ASN | |
250 | ||
251 | Destroy a BGP protocol process with the specified ASN. | |
252 | ||
253 | .. index:: bgp router-id A.B.C.D | |
254 | .. clicmd:: bgp router-id A.B.C.D | |
255 | ||
256 | This command specifies the router-ID. If *bgpd* connects to *zebra* it gets | |
257 | interface and address information. In that case default router ID value is | |
258 | selected as the largest IP Address of the interfaces. When `router zebra` is | |
259 | not enabled *bgpd* can't get interface information so `router-id` is set to | |
260 | 0.0.0.0. So please set router-id by hand. | |
261 | ||
c8a5e5e1 QY |
262 | |
263 | .. _bgp-multiple-autonomous-systems: | |
264 | ||
265 | Multiple Autonomous Systems | |
266 | --------------------------- | |
267 | ||
268 | FRR's BGP implementation is capable of running multiple autonomous systems at | |
269 | once. Each configured AS corresponds to a :ref:`zebra-vrf`. In the past, to get | |
270 | the same functionality the network administrator had to run a new *bgpd* | |
271 | process; using VRFs allows multiple autonomous systems to be handled in a | |
272 | single process. | |
273 | ||
274 | When using multiple autonomous systems, all router config blocks after the | |
275 | first one must specify a VRF to be the target of BGP's route selection. This | |
276 | VRF must be unique within respect to all other VRFs being used for the same | |
277 | purpose, i.e. two different autonomous systems cannot use the same VRF. | |
278 | However, the same AS can be used with different VRFs. | |
279 | ||
280 | .. note:: | |
281 | ||
282 | The separated nature of VRFs makes it possible to peer a single *bgpd* | |
edde3ce9 QY |
283 | process to itself, on one machine. Note that this can be done fully within |
284 | BGP without a corresponding VRF in the kernel or Zebra, which enables some | |
285 | practical use cases such as :ref:`route reflectors <bgp-route-reflector>` | |
286 | and route servers. | |
c8a5e5e1 QY |
287 | |
288 | Configuration of additional autonomous systems, or of a router that targets a | |
289 | specific VRF, is accomplished with the following command: | |
290 | ||
291 | .. index:: router bgp ASN vrf VRFNAME | |
292 | .. clicmd:: router bgp ASN vrf VRFNAME | |
293 | ||
294 | ``VRFNAME`` is matched against VRFs configured in the kernel. When ``vrf | |
295 | VRFNAME`` is not specified, the BGP protocol process belongs to the default | |
296 | VRF. | |
297 | ||
298 | An example configuration with multiple autonomous systems might look like this: | |
299 | ||
300 | .. code-block:: frr | |
301 | ||
302 | router bgp 1 | |
303 | neighbor 10.0.0.1 remote-as 20 | |
304 | neighbor 10.0.0.2 remote-as 30 | |
305 | ! | |
306 | router bgp 2 vrf blue | |
307 | neighbor 10.0.0.3 remote-as 40 | |
308 | neighbor 10.0.0.4 remote-as 50 | |
309 | ! | |
310 | router bgp 3 vrf red | |
311 | neighbor 10.0.0.5 remote-as 60 | |
312 | neighbor 10.0.0.6 remote-as 70 | |
313 | ... | |
314 | ||
c8a5e5e1 QY |
315 | .. seealso:: :ref:`bgp-vrf-route-leaking` |
316 | .. seealso:: :ref:`zebra-vrf` | |
317 | ||
318 | ||
319 | .. _bgp-views: | |
320 | ||
321 | Views | |
322 | ----- | |
323 | ||
324 | In addition to supporting multiple autonomous systems, FRR's BGP implementation | |
325 | also supports *views*. | |
326 | ||
327 | BGP views are almost the same as normal BGP processes, except that routes | |
195c7461 QY |
328 | selected by BGP are not installed into the kernel routing table. Each BGP view |
329 | provides an independent set of routing information which is only distributed | |
330 | via BGP. Multiple views can be supported, and BGP view information is always | |
331 | independent from other routing protocols and Zebra/kernel routes. BGP views use | |
332 | the core instance (i.e., default VRF) for communication with peers. | |
edde3ce9 | 333 | |
c8a5e5e1 QY |
334 | .. index:: router bgp AS-NUMBER view NAME |
335 | .. clicmd:: router bgp AS-NUMBER view NAME | |
336 | ||
337 | Make a new BGP view. You can use an arbitrary word for the ``NAME``. Routes | |
338 | selected by the view are not installed into the kernel routing table. | |
339 | ||
340 | With this command, you can setup Route Server like below. | |
341 | ||
342 | .. code-block:: frr | |
343 | ||
344 | ! | |
345 | router bgp 1 view 1 | |
346 | neighbor 10.0.0.1 remote-as 2 | |
347 | neighbor 10.0.0.2 remote-as 3 | |
348 | ! | |
349 | router bgp 2 view 2 | |
350 | neighbor 10.0.0.3 remote-as 4 | |
351 | neighbor 10.0.0.4 remote-as 5 | |
352 | ||
353 | .. index:: show [ip] bgp view NAME | |
354 | .. clicmd:: show [ip] bgp view NAME | |
355 | ||
356 | Display the routing table of BGP view ``NAME``. | |
357 | ||
358 | ||
8fcedbd2 QY |
359 | Route Selection |
360 | --------------- | |
c3c5a71f | 361 | |
c1a54c05 | 362 | .. index:: bgp bestpath as-path confed |
29adcd50 | 363 | .. clicmd:: bgp bestpath as-path confed |
42fc5d26 | 364 | |
c1a54c05 QY |
365 | This command specifies that the length of confederation path sets and |
366 | sequences should should be taken into account during the BGP best path | |
367 | decision process. | |
42fc5d26 | 368 | |
c3c5a71f | 369 | .. index:: bgp bestpath as-path multipath-relax |
29adcd50 | 370 | .. clicmd:: bgp bestpath as-path multipath-relax |
42fc5d26 | 371 | |
c1a54c05 QY |
372 | This command specifies that BGP decision process should consider paths |
373 | of equal AS_PATH length candidates for multipath computation. Without | |
374 | the knob, the entire AS_PATH must match for multipath computation. | |
c3c5a71f | 375 | |
29adcd50 | 376 | .. clicmd:: bgp bestpath compare-routerid |
42fc5d26 | 377 | |
c1a54c05 QY |
378 | Ensure that when comparing routes where both are equal on most metrics, |
379 | including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken | |
380 | based on router-ID. | |
42fc5d26 | 381 | |
c1a54c05 QY |
382 | If this option is enabled, then the already-selected check, where |
383 | already selected eBGP routes are preferred, is skipped. | |
42fc5d26 | 384 | |
c1a54c05 QY |
385 | If a route has an `ORIGINATOR_ID` attribute because it has been reflected, |
386 | that `ORIGINATOR_ID` will be used. Otherwise, the router-ID of the peer the | |
387 | route was received from will be used. | |
42fc5d26 | 388 | |
c1a54c05 QY |
389 | The advantage of this is that the route-selection (at this point) will be |
390 | more deterministic. The disadvantage is that a few or even one lowest-ID | |
d1e7591e | 391 | router may attract all traffic to otherwise-equal paths because of this |
c1a54c05 QY |
392 | check. It may increase the possibility of MED or IGP oscillation, unless |
393 | other measures were taken to avoid these. The exact behaviour will be | |
394 | sensitive to the iBGP and reflection topology. | |
42fc5d26 | 395 | |
8fcedbd2 QY |
396 | .. _bgp-distance: |
397 | ||
398 | Administrative Distance Metrics | |
399 | ------------------------------- | |
400 | ||
401 | .. index:: distance bgp (1-255) (1-255) (1-255) | |
402 | .. clicmd:: distance bgp (1-255) (1-255) (1-255) | |
403 | ||
404 | This command change distance value of BGP. The arguments are the distance | |
405 | values for for external routes, internal routes and local routes | |
406 | respectively. | |
407 | ||
408 | .. index:: distance (1-255) A.B.C.D/M | |
409 | .. clicmd:: distance (1-255) A.B.C.D/M | |
410 | ||
411 | .. index:: distance (1-255) A.B.C.D/M WORD | |
412 | .. clicmd:: distance (1-255) A.B.C.D/M WORD | |
413 | ||
414 | Sets the administrative distance for a particular route. | |
42fc5d26 | 415 | |
713c64dd DA |
416 | .. _bgp-requires-policy: |
417 | ||
418 | Require policy on EBGP | |
419 | ------------------------------- | |
420 | ||
421 | .. index:: [no] bgp ebgp-requires-policy | |
422 | .. clicmd:: [no] bgp ebgp-requires-policy | |
423 | ||
8955d9e5 DA |
424 | This command requires incoming and outgoing filters to be applied |
425 | for eBGP sessions. Without the incoming filter, no routes will be | |
426 | accepted. Without the outgoing filter, no routes will be announced. | |
427 | ||
428 | This is enabled by default. | |
713c64dd | 429 | |
62c42b0e DA |
430 | When the incoming or outgoing filter is missing you will see |
431 | "(Policy)" sign under ``show bgp summary``: | |
432 | ||
433 | .. code-block:: frr | |
434 | ||
435 | exit1# show bgp summary | |
436 | ||
437 | IPv4 Unicast Summary: | |
438 | BGP router identifier 10.10.10.1, local AS number 65001 vrf-id 0 | |
439 | BGP table version 4 | |
440 | RIB entries 7, using 1344 bytes of memory | |
441 | Peers 2, using 43 KiB of memory | |
442 | ||
443 | Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt | |
444 | 192.168.0.2 4 65002 8 10 0 0 0 00:03:09 5 (Policy) | |
445 | fe80:1::2222 4 65002 9 11 0 0 0 00:03:09 (Policy) (Policy) | |
446 | ||
f0c81afe | 447 | Reject routes with AS_SET or AS_CONFED_SET types |
5031d886 | 448 | ------------------------------------------------ |
f0c81afe DA |
449 | |
450 | .. index:: [no] bgp reject-as-sets | |
451 | .. clicmd:: [no] bgp reject-as-sets | |
452 | ||
453 | This command enables rejection of incoming and outgoing routes having AS_SET or AS_CONFED_SET type. | |
454 | ||
835e9c5d DA |
455 | Disable checking if nexthop is connected on EBGP sessions |
456 | --------------------------------------------------------- | |
457 | ||
458 | .. index:: [no] bgp disable-ebgp-connected-route-check | |
459 | .. clicmd:: [no] bgp disable-ebgp-connected-route-check | |
460 | ||
461 | This command is used to disable the connection verification process for EBGP peering sessions | |
462 | that are reachable by a single hop but are configured on a loopback interface or otherwise | |
463 | configured with a non-directly connected IP address. | |
464 | ||
0efdf0fe | 465 | .. _bgp-route-flap-dampening: |
42fc5d26 | 466 | |
8fcedbd2 QY |
467 | Route Flap Dampening |
468 | -------------------- | |
42fc5d26 | 469 | |
c1a54c05 QY |
470 | .. clicmd:: bgp dampening (1-45) (1-20000) (1-20000) (1-255) |
471 | ||
c1a54c05 | 472 | This command enables BGP route-flap dampening and specifies dampening parameters. |
42fc5d26 | 473 | |
c1a54c05 QY |
474 | half-life |
475 | Half-life time for the penalty | |
42fc5d26 | 476 | |
c1a54c05 QY |
477 | reuse-threshold |
478 | Value to start reusing a route | |
42fc5d26 | 479 | |
c1a54c05 QY |
480 | suppress-threshold |
481 | Value to start suppressing a route | |
42fc5d26 | 482 | |
c1a54c05 QY |
483 | max-suppress |
484 | Maximum duration to suppress a stable route | |
42fc5d26 | 485 | |
c1a54c05 QY |
486 | The route-flap damping algorithm is compatible with :rfc:`2439`. The use of |
487 | this command is not recommended nowadays. | |
42fc5d26 | 488 | |
319a7d06 DA |
489 | At the moment, route-flap dampening is not working per VRF and is working only |
490 | for IPv4 unicast and multicast. | |
491 | ||
c1a54c05 | 492 | .. seealso:: |
8fcedbd2 | 493 | https://www.ripe.net/publications/docs/ripe-378 |
42fc5d26 | 494 | |
0efdf0fe | 495 | .. _bgp-med: |
42fc5d26 | 496 | |
8fcedbd2 QY |
497 | Multi-Exit Discriminator |
498 | ------------------------ | |
42fc5d26 | 499 | |
8fcedbd2 | 500 | The BGP :abbr:`MED (Multi-Exit Discriminator)` attribute has properties which |
c1a54c05 QY |
501 | can cause subtle convergence problems in BGP. These properties and problems |
502 | have proven to be hard to understand, at least historically, and may still not | |
503 | be widely understood. The following attempts to collect together and present | |
504 | what is known about MED, to help operators and FRR users in designing and | |
505 | configuring their networks. | |
42fc5d26 | 506 | |
07a17e6d QY |
507 | The BGP :abbr:`MED` attribute is intended to allow one AS to indicate its |
508 | preferences for its ingress points to another AS. The MED attribute will not be | |
509 | propagated on to another AS by the receiving AS - it is 'non-transitive' in the | |
510 | BGP sense. | |
42fc5d26 | 511 | |
c1a54c05 QY |
512 | E.g., if AS X and AS Y have 2 different BGP peering points, then AS X might set |
513 | a MED of 100 on routes advertised at one and a MED of 200 at the other. When AS | |
514 | Y selects between otherwise equal routes to or via AS X, AS Y should prefer to | |
515 | take the path via the lower MED peering of 100 with AS X. Setting the MED | |
516 | allows an AS to influence the routing taken to it within another, neighbouring | |
517 | AS. | |
42fc5d26 QY |
518 | |
519 | In this use of MED it is not really meaningful to compare the MED value on | |
c1a54c05 QY |
520 | routes where the next AS on the paths differs. E.g., if AS Y also had a route |
521 | for some destination via AS Z in addition to the routes from AS X, and AS Z had | |
522 | also set a MED, it wouldn't make sense for AS Y to compare AS Z's MED values to | |
523 | those of AS X. The MED values have been set by different administrators, with | |
524 | different frames of reference. | |
42fc5d26 QY |
525 | |
526 | The default behaviour of BGP therefore is to not compare MED values across | |
dc1046f7 | 527 | routes received from different neighbouring ASes. In FRR this is done by |
c1a54c05 QY |
528 | comparing the neighbouring, left-most AS in the received AS_PATHs of the routes |
529 | and only comparing MED if those are the same. | |
530 | ||
531 | Unfortunately, this behaviour of MED, of sometimes being compared across routes | |
532 | and sometimes not, depending on the properties of those other routes, means MED | |
533 | can cause the order of preference over all the routes to be undefined. That is, | |
534 | given routes A, B, and C, if A is preferred to B, and B is preferred to C, then | |
535 | a well-defined order should mean the preference is transitive (in the sense of | |
013f9762 | 536 | orders [#med-transitivity-rant]_) and that A would be preferred to C. |
42fc5d26 | 537 | |
c3c5a71f QY |
538 | However, when MED is involved this need not be the case. With MED it is |
539 | possible that C is actually preferred over A. So A is preferred to B, B is | |
540 | preferred to C, but C is preferred to A. This can be true even where BGP | |
c1a54c05 QY |
541 | defines a deterministic 'most preferred' route out of the full set of A,B,C. |
542 | With MED, for any given set of routes there may be a deterministically | |
543 | preferred route, but there need not be any way to arrange them into any order | |
544 | of preference. With unmodified MED, the order of preference of routes literally | |
545 | becomes undefined. | |
42fc5d26 | 546 | |
c3c5a71f | 547 | That MED can induce non-transitive preferences over routes can cause issues. |
c1a54c05 QY |
548 | Firstly, it may be perceived to cause routing table churn locally at speakers; |
549 | secondly, and more seriously, it may cause routing instability in iBGP | |
550 | topologies, where sets of speakers continually oscillate between different | |
551 | paths. | |
42fc5d26 | 552 | |
c3c5a71f | 553 | The first issue arises from how speakers often implement routing decisions. |
c1a54c05 QY |
554 | Though BGP defines a selection process that will deterministically select the |
555 | same route as best at any given speaker, even with MED, that process requires | |
556 | evaluating all routes together. For performance and ease of implementation | |
557 | reasons, many implementations evaluate route preferences in a pair-wise fashion | |
558 | instead. Given there is no well-defined order when MED is involved, the best | |
559 | route that will be chosen becomes subject to implementation details, such as | |
560 | the order the routes are stored in. That may be (locally) non-deterministic, | |
561 | e.g.: it may be the order the routes were received in. | |
42fc5d26 QY |
562 | |
563 | This indeterminism may be considered undesirable, though it need not cause | |
c1a54c05 QY |
564 | problems. It may mean additional routing churn is perceived, as sometimes more |
565 | updates may be produced than at other times in reaction to some event . | |
42fc5d26 QY |
566 | |
567 | This first issue can be fixed with a more deterministic route selection that | |
c3c5a71f | 568 | ensures routes are ordered by the neighbouring AS during selection. |
9e146a81 | 569 | :clicmd:`bgp deterministic-med`. This may reduce the number of updates as routes |
c1a54c05 QY |
570 | are received, and may in some cases reduce routing churn. Though, it could |
571 | equally deterministically produce the largest possible set of updates in | |
572 | response to the most common sequence of received updates. | |
42fc5d26 QY |
573 | |
574 | A deterministic order of evaluation tends to imply an additional overhead of | |
c3c5a71f | 575 | sorting over any set of n routes to a destination. The implementation of |
dc1046f7 | 576 | deterministic MED in FRR scales significantly worse than most sorting |
c1a54c05 QY |
577 | algorithms at present, with the number of paths to a given destination. That |
578 | number is often low enough to not cause any issues, but where there are many | |
579 | paths, the deterministic comparison may quickly become increasingly expensive | |
580 | in terms of CPU. | |
581 | ||
582 | Deterministic local evaluation can *not* fix the second, more major, issue of | |
583 | MED however. Which is that the non-transitive preference of routes MED can | |
584 | cause may lead to routing instability or oscillation across multiple speakers | |
585 | in iBGP topologies. This can occur with full-mesh iBGP, but is particularly | |
586 | problematic in non-full-mesh iBGP topologies that further reduce the routing | |
587 | information known to each speaker. This has primarily been documented with iBGP | |
749afd7d RF |
588 | :ref:`route-reflection <bgp-route-reflector>` topologies. However, any |
589 | route-hiding technologies potentially could also exacerbate oscillation with MED. | |
c1a54c05 QY |
590 | |
591 | This second issue occurs where speakers each have only a subset of routes, and | |
592 | there are cycles in the preferences between different combinations of routes - | |
593 | as the undefined order of preference of MED allows - and the routes are | |
594 | distributed in a way that causes the BGP speakers to 'chase' those cycles. This | |
595 | can occur even if all speakers use a deterministic order of evaluation in route | |
596 | selection. | |
597 | ||
598 | E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and from | |
599 | speaker 3 in AS Y; while speaker 5 in AS A might receive that route from | |
600 | speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100 at speaker | |
601 | 3. I.e, using ASN:ID:MED to label the speakers: | |
42fc5d26 QY |
602 | |
603 | :: | |
604 | ||
c1a54c05 QY |
605 | . |
606 | /---------------\\ | |
42fc5d26 | 607 | X:2------|--A:4-------A:5--|-Y:1:200 |
c1a54c05 QY |
608 | Y:3:100--|-/ | |
609 | \\---------------/ | |
c3c5a71f | 610 | |
42fc5d26 | 611 | |
42fc5d26 | 612 | |
c1a54c05 QY |
613 | Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then based |
614 | on the RFC4271 decision process speaker 4 will choose X:2 over Y:3:100, based | |
615 | on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5. Speaker 5 will | |
616 | continue to prefer Y:1:200 based on the ID, and advertise this to speaker 4. | |
617 | Speaker 4 will now have the full set of routes, and the Y:1:200 it receives | |
618 | from 5 will beat X:2, but when speaker 4 compares Y:1:200 to Y:3:100 the MED | |
619 | check now becomes active as the ASes match, and now Y:3:100 is preferred. | |
620 | Speaker 4 therefore now advertises Y:3:100 to 5, which will also agrees that | |
621 | Y:3:100 is preferred to Y:1:200, and so withdraws the latter route from 4. | |
622 | Speaker 4 now has only X:2 and Y:3:100, and X:2 beats Y:3:100, and so speaker 4 | |
623 | implicitly updates its route to speaker 5 to X:2. Speaker 5 sees that Y:1:200 | |
624 | beats X:2 based on the ID, and advertises Y:1:200 to speaker 4, and the cycle | |
625 | continues. | |
42fc5d26 QY |
626 | |
627 | The root cause is the lack of a clear order of preference caused by how MED | |
628 | sometimes is and sometimes is not compared, leading to this cycle in the | |
629 | preferences between the routes: | |
630 | ||
631 | :: | |
632 | ||
c1a54c05 QY |
633 | . |
634 | /---> X:2 ---beats---> Y:3:100 --\\ | |
635 | | | | |
636 | | | | |
637 | \\---beats--- Y:1:200 <---beats---/ | |
c3c5a71f | 638 | |
42fc5d26 | 639 | |
42fc5d26 QY |
640 | |
641 | This particular type of oscillation in full-mesh iBGP topologies can be | |
642 | avoided by speakers preferring already selected, external routes rather than | |
c1a54c05 QY |
643 | choosing to update to new a route based on a post-MED metric (e.g. router-ID), |
644 | at the cost of a non-deterministic selection process. FRR implements this, as | |
645 | do many other implementations, so long as it is not overridden by setting | |
9e146a81 | 646 | :clicmd:`bgp bestpath compare-routerid`, and see also |
8fcedbd2 | 647 | :ref:`bgp-route-selection`. |
42fc5d26 QY |
648 | |
649 | However, more complex and insidious cycles of oscillation are possible with | |
c3c5a71f | 650 | iBGP route-reflection, which are not so easily avoided. These have been |
c1a54c05 QY |
651 | documented in various places. See, e.g.: |
652 | ||
653 | - [bgp-route-osci-cond]_ | |
654 | - [stable-flexible-ibgp]_ | |
655 | - [ibgp-correctness]_ | |
656 | ||
657 | for concrete examples and further references. | |
658 | ||
659 | There is as of this writing *no* known way to use MED for its original purpose; | |
660 | *and* reduce routing information in iBGP topologies; *and* be sure to avoid the | |
661 | instability problems of MED due the non-transitive routing preferences it can | |
662 | induce; in general on arbitrary networks. | |
663 | ||
664 | There may be iBGP topology specific ways to reduce the instability risks, even | |
665 | while using MED, e.g.: by constraining the reflection topology and by tuning | |
013f9762 | 666 | IGP costs between route-reflector clusters, see :rfc:`3345` for details. In the |
c1a54c05 QY |
667 | near future, the Add-Path extension to BGP may also solve MED oscillation while |
668 | still allowing MED to be used as intended, by distributing "best-paths per | |
669 | neighbour AS". This would be at the cost of distributing at least as many | |
670 | routes to all speakers as a full-mesh iBGP would, if not more, while also | |
671 | imposing similar CPU overheads as the "Deterministic MED" feature at each | |
672 | Add-Path reflector. | |
42fc5d26 QY |
673 | |
674 | More generally, the instability problems that MED can introduce on more | |
675 | complex, non-full-mesh, iBGP topologies may be avoided either by: | |
676 | ||
013f9762 | 677 | - Setting :clicmd:`bgp always-compare-med`, however this allows MED to be compared |
42fc5d26 QY |
678 | across values set by different neighbour ASes, which may not produce |
679 | coherent desirable results, of itself. | |
4b44467c | 680 | - Effectively ignoring MED by setting MED to the same value (e.g.: 0) using |
013f9762 QY |
681 | :clicmd:`set metric METRIC` on all received routes, in combination with |
682 | setting :clicmd:`bgp always-compare-med` on all speakers. This is the simplest | |
42fc5d26 QY |
683 | and most performant way to avoid MED oscillation issues, where an AS is happy |
684 | not to allow neighbours to inject this problematic metric. | |
685 | ||
42fc5d26 QY |
686 | As MED is evaluated after the AS_PATH length check, another possible use for |
687 | MED is for intra-AS steering of routes with equal AS_PATH length, as an | |
c1a54c05 QY |
688 | extension of the last case above. As MED is evaluated before IGP metric, this |
689 | can allow cold-potato routing to be implemented to send traffic to preferred | |
690 | hand-offs with neighbours, rather than the closest hand-off according to the | |
691 | IGP metric. | |
692 | ||
693 | Note that even if action is taken to address the MED non-transitivity issues, | |
694 | other oscillations may still be possible. E.g., on IGP cost if iBGP and IGP | |
695 | topologies are at cross-purposes with each other - see the Flavel and Roughan | |
696 | paper above for an example. Hence the guideline that the iBGP topology should | |
697 | follow the IGP topology. | |
698 | ||
c3c5a71f | 699 | .. index:: bgp deterministic-med |
29adcd50 | 700 | .. clicmd:: bgp deterministic-med |
42fc5d26 | 701 | |
c1a54c05 QY |
702 | Carry out route-selection in way that produces deterministic answers |
703 | locally, even in the face of MED and the lack of a well-defined order of | |
704 | preference it can induce on routes. Without this option the preferred route | |
705 | with MED may be determined largely by the order that routes were received | |
706 | in. | |
42fc5d26 | 707 | |
c1a54c05 QY |
708 | Setting this option will have a performance cost that may be noticeable when |
709 | there are many routes for each destination. Currently in FRR it is | |
710 | implemented in a way that scales poorly as the number of routes per | |
711 | destination increases. | |
42fc5d26 | 712 | |
c1a54c05 | 713 | The default is that this option is not set. |
42fc5d26 QY |
714 | |
715 | Note that there are other sources of indeterminism in the route selection | |
716 | process, specifically, the preference for older and already selected routes | |
8fcedbd2 | 717 | from eBGP peers, :ref:`bgp-route-selection`. |
42fc5d26 | 718 | |
c3c5a71f | 719 | .. index:: bgp always-compare-med |
29adcd50 | 720 | .. clicmd:: bgp always-compare-med |
42fc5d26 | 721 | |
c1a54c05 QY |
722 | Always compare the MED on routes, even when they were received from |
723 | different neighbouring ASes. Setting this option makes the order of | |
724 | preference of routes more defined, and should eliminate MED induced | |
725 | oscillations. | |
42fc5d26 | 726 | |
c1a54c05 | 727 | If using this option, it may also be desirable to use |
9e146a81 | 728 | :clicmd:`set metric METRIC` to set MED to 0 on routes received from external |
c1a54c05 | 729 | neighbours. |
42fc5d26 | 730 | |
9e146a81 QY |
731 | This option can be used, together with :clicmd:`set metric METRIC` to use |
732 | MED as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., | |
733 | desired exit points. | |
42fc5d26 | 734 | |
efcb2ebb | 735 | |
736 | .. _bgp-graceful-restart: | |
737 | ||
738 | Graceful Restart | |
739 | ---------------- | |
740 | ||
741 | BGP graceful restart functionality as defined in | |
742 | `RFC-4724 <https://tools.ietf.org/html/rfc4724/>`_ defines the mechanisms that | |
743 | allows BGP speaker to continue to forward data packets along known routes | |
744 | while the routing protocol information is being restored. | |
745 | ||
746 | ||
747 | Usually, when BGP on a router restarts, all the BGP peers detect that the | |
748 | session went down and then came up. This "down/up" transition results in a | |
749 | "routing flap" and causes BGP route re-computation, generation of BGP routing | |
750 | updates, and unnecessary churn to the forwarding tables. | |
751 | ||
752 | The following functionality is provided by graceful restart: | |
753 | ||
754 | 1. The feature allows the restarting router to indicate to the helping peer the | |
755 | routes it can preserve in its forwarding plane during control plane restart | |
756 | by sending graceful restart capability in the OPEN message sent during | |
757 | session establishment. | |
758 | 2. The feature allows helping router to advertise to all other peers the routes | |
759 | received from the restarting router which are preserved in the forwarding | |
760 | plane of the restarting router during control plane restart. | |
761 | ||
762 | ||
763 | :: | |
764 | ||
765 | ||
766 | ||
767 | (R1)-----------------------------------------------------------------(R2) | |
768 | ||
769 | 1. BGP Graceful Restart Capability exchanged between R1 & R2. | |
770 | ||
771 | <---------------------------------------------------------------------> | |
772 | ||
773 | 2. Kill BGP Process at R1. | |
774 | ||
775 | ----------------------------------------------------------------------> | |
776 | ||
777 | 3. R2 Detects the above BGP Restart & verifies BGP Restarting | |
778 | Capability of R1. | |
779 | ||
780 | 4. Start BGP Process at R1. | |
781 | ||
782 | 5. Re-establish the BGP session between R1 & R2. | |
783 | ||
784 | <---------------------------------------------------------------------> | |
785 | ||
786 | 6. R2 Send initial route updates, followed by End-Of-Rib. | |
787 | ||
788 | <---------------------------------------------------------------------- | |
789 | ||
790 | 7. R1 was waiting for End-Of-Rib from R2 & which has been received | |
791 | now. | |
792 | ||
793 | 8. R1 now runs BGP Best-Path algorithm. Send Initial BGP Update, | |
794 | followed by End-Of Rib | |
795 | ||
796 | <---------------------------------------------------------------------> | |
797 | ||
798 | ||
799 | .. _bgp-end-of-rib-message: | |
800 | ||
801 | End-of-RIB (EOR) message | |
802 | ^^^^^^^^^^^^^^^^^^^^^^^^ | |
803 | ||
804 | An UPDATE message with no reachable Network Layer Reachability Information | |
805 | (NLRI) and empty withdrawn NLRI is specified as the End-of-RIB marker that can | |
806 | be used by a BGP speaker to indicate to its peer the completion of the initial | |
807 | routing update after the session is established. | |
808 | ||
809 | For the IPv4 unicast address family, the End-of-RIB marker is an UPDATE message | |
810 | with the minimum length. For any other address family, it is an UPDATE message | |
811 | that contains only the MP_UNREACH_NLRI attribute with no withdrawn routes for | |
812 | that <AFI, SAFI>. | |
813 | ||
814 | Although the End-of-RIB marker is specified for the purpose of BGP graceful | |
815 | restart, it is noted that the generation of such a marker upon completion of | |
816 | the initial update would be useful for routing convergence in general, and thus | |
817 | the practice is recommended. | |
818 | ||
819 | .. _bgp-route-selection-deferral-timer: | |
820 | ||
821 | Route Selection Deferral Timer | |
822 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
823 | ||
824 | Specifies the time the restarting router defers the route selection process | |
825 | after restart. | |
826 | ||
827 | Restarting Router : The usage of route election deferral timer is specified | |
828 | in https://tools.ietf.org/html/rfc4724#section-4.1 | |
829 | ||
830 | Once the session between the Restarting Speaker and the Receiving Speaker is | |
831 | re-established, the Restarting Speaker will receive and process BGP messages | |
832 | from its peers. | |
833 | ||
834 | However, it MUST defer route selection for an address family until it either. | |
835 | ||
836 | 1. Receives the End-of-RIB marker from all its peers (excluding the ones with | |
837 | the "Restart State" bit set in the received capability and excluding the ones | |
838 | that do not advertise the graceful restart capability). | |
839 | 2. The Selection_Deferral_Timer timeout. | |
840 | ||
841 | .. index:: bgp graceful-restart select-defer-time (0-3600) | |
842 | .. clicmd:: bgp graceful-restart select-defer-time (0-3600) | |
843 | ||
844 | This is command, will set deferral time to value specified. | |
845 | ||
846 | ||
847 | .. index:: bgp graceful-restart rib-stale-time (1-3600) | |
848 | .. clicmd:: bgp graceful-restart rib-stale-time (1-3600) | |
849 | ||
850 | This is command, will set the time for which stale routes are kept in RIB. | |
851 | ||
852 | .. _bgp-per-peer-graceful-restart: | |
853 | ||
854 | BGP Per Peer Graceful Restart | |
855 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
856 | ||
857 | Ability to enable and disable graceful restart, helper and no GR at all mode | |
858 | functionality at peer level. | |
859 | ||
860 | So bgp graceful restart can be enabled at modes global BGP level or at per | |
861 | peer level. There are two FSM, one for BGP GR global mode and other for peer | |
862 | per GR. | |
863 | ||
864 | Default global mode is helper and default peer per mode is inherit from global. | |
865 | If per peer mode is configured, the GR mode of this particular peer will | |
866 | override the global mode. | |
867 | ||
2ba1fe69 | 868 | .. _bgp-GR-global-mode-cmd: |
efcb2ebb | 869 | |
870 | BGP GR Global Mode Commands | |
871 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
872 | ||
873 | .. index:: bgp graceful-restart | |
874 | .. clicmd:: bgp graceful-restart | |
875 | ||
876 | This command will enable BGP graceful restart ifunctionality at the global | |
877 | level. | |
878 | ||
879 | .. index:: bgp graceful-restart disable | |
880 | .. clicmd:: bgp graceful-restart disable | |
881 | ||
882 | This command will disable both the functionality graceful restart and helper | |
883 | mode. | |
884 | ||
885 | ||
886 | .. _bgp-GR-peer-mode-cmd: | |
887 | ||
888 | BGP GR Peer Mode Commands | |
889 | ^^^^^^^^^^^^^^^^^^^^^^^^^ | |
890 | ||
891 | .. index:: neighbor A.B.C.D graceful-restart | |
892 | .. clicmd:: neighbor A.B.C.D graceful-restart | |
893 | ||
894 | This command will enable BGP graceful restart ifunctionality at the peer | |
895 | level. | |
896 | ||
897 | .. index:: neighbor A.B.C.D graceful-restart-helper | |
898 | .. clicmd:: neighbor A.B.C.D graceful-restart-helper | |
899 | ||
900 | This command will enable BGP graceful restart helper only functionality | |
901 | at the peer level. | |
902 | ||
903 | .. index:: neighbor A.B.C.D graceful-restart-disable | |
904 | .. clicmd:: neighbor A.B.C.D graceful-restart-disable | |
905 | ||
906 | This command will disable the entire BGP graceful restart functionality | |
907 | at the peer level. | |
908 | ||
909 | ||
df465afe DS |
910 | .. _bgp-shutdown: |
911 | ||
912 | Administrative Shutdown | |
913 | ----------------------- | |
914 | ||
915 | .. index:: [no] bgp shutdown [message MSG...] | |
916 | .. clicmd:: [no] bgp shutdown [message MSG...] | |
917 | ||
918 | Administrative shutdown of all peers of a bgp instance. Drop all BGP peers, | |
919 | but preserve their configurations. The peers are notified in accordance with | |
920 | `RFC 8203 <https://tools.ietf.org/html/rfc8203/>`_ by sending a | |
921 | ``NOTIFICATION`` message with error code ``Cease`` and subcode | |
922 | ``Administrative Shutdown`` prior to terminating connections. This global | |
923 | shutdown is independent of the neighbor shutdown, meaning that individually | |
924 | shut down peers will not be affected by lifting it. | |
925 | ||
926 | An optional shutdown message `MSG` can be specified. | |
927 | ||
928 | ||
0efdf0fe | 929 | .. _bgp-network: |
42fc5d26 | 930 | |
8fcedbd2 QY |
931 | Networks |
932 | -------- | |
42fc5d26 | 933 | |
c1a54c05 QY |
934 | .. index:: network A.B.C.D/M |
935 | .. clicmd:: network A.B.C.D/M | |
42fc5d26 | 936 | |
9eb95b3b | 937 | This command adds the announcement network. |
c3c5a71f | 938 | |
9eb95b3b QY |
939 | .. code-block:: frr |
940 | ||
941 | router bgp 1 | |
942 | address-family ipv4 unicast | |
943 | network 10.0.0.0/8 | |
944 | exit-address-family | |
42fc5d26 | 945 | |
c1a54c05 QY |
946 | This configuration example says that network 10.0.0.0/8 will be |
947 | announced to all neighbors. Some vendors' routers don't advertise | |
948 | routes if they aren't present in their IGP routing tables; `bgpd` | |
949 | doesn't care about IGP routes when announcing its routes. | |
c3c5a71f | 950 | |
c1a54c05 QY |
951 | .. index:: no network A.B.C.D/M |
952 | .. clicmd:: no network A.B.C.D/M | |
42fc5d26 | 953 | |
f990a416 DS |
954 | .. index:: [no] bgp network import-check |
955 | .. clicmd:: [no] bgp network import-check | |
956 | ||
957 | This configuration modifies the behavior of the network statement. | |
958 | If you have this configured the underlying network must exist in | |
959 | the rib. If you have the [no] form configured then BGP will not | |
960 | check for the networks existence in the rib. For versions 7.3 and | |
961 | before frr defaults for datacenter were the network must exist, | |
962 | traditional did not check for existence. For versions 7.4 and beyond | |
963 | both traditional and datacenter the network must exist. | |
964 | ||
8fcedbd2 | 965 | .. _bgp-route-aggregation: |
42fc5d26 QY |
966 | |
967 | Route Aggregation | |
968 | ----------------- | |
969 | ||
5101fece | 970 | .. _bgp-route-aggregation-ipv4: |
971 | ||
972 | Route Aggregation-IPv4 Address Family | |
973 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
974 | ||
c1a54c05 QY |
975 | .. index:: aggregate-address A.B.C.D/M |
976 | .. clicmd:: aggregate-address A.B.C.D/M | |
c3c5a71f | 977 | |
c1a54c05 | 978 | This command specifies an aggregate address. |
42fc5d26 | 979 | |
ac2201bb DA |
980 | .. index:: aggregate-address A.B.C.D/M route-map NAME |
981 | .. clicmd:: aggregate-address A.B.C.D/M route-map NAME | |
982 | ||
983 | Apply a route-map for an aggregated prefix. | |
984 | ||
a87d2ef7 DA |
985 | .. index:: aggregate-address A.B.C.D/M origin <egp|igp|incomplete> |
986 | .. clicmd:: aggregate-address A.B.C.D/M origin <egp|igp|incomplete> | |
987 | ||
988 | Override ORIGIN for an aggregated prefix. | |
989 | ||
c1a54c05 QY |
990 | .. index:: aggregate-address A.B.C.D/M as-set |
991 | .. clicmd:: aggregate-address A.B.C.D/M as-set | |
42fc5d26 | 992 | |
c1a54c05 QY |
993 | This command specifies an aggregate address. Resulting routes include |
994 | AS set. | |
42fc5d26 | 995 | |
c1a54c05 QY |
996 | .. index:: aggregate-address A.B.C.D/M summary-only |
997 | .. clicmd:: aggregate-address A.B.C.D/M summary-only | |
c3c5a71f | 998 | |
d1e7591e | 999 | This command specifies an aggregate address. Aggregated routes will |
b91bf5bd | 1000 | not be announced. |
42fc5d26 | 1001 | |
01338ba1 RZ |
1002 | .. index:: aggregate-address A.B.C.D/M matching-MED-only |
1003 | .. clicmd:: aggregate-address A.B.C.D/M matching-MED-only | |
1004 | ||
1005 | Configure the aggregated address to only be created when the routes MED | |
1006 | match, otherwise no aggregated route will be created. | |
1007 | ||
8fbb9c95 RZ |
1008 | .. index:: aggregate-address A.B.C.D/M suppress-map NAME |
1009 | .. clicmd:: aggregate-address A.B.C.D/M suppress-map NAME | |
1010 | ||
1011 | Similar to `summary-only`, but will only suppress more specific routes that | |
1012 | are matched by the selected route-map. | |
1013 | ||
c1a54c05 QY |
1014 | .. index:: no aggregate-address A.B.C.D/M |
1015 | .. clicmd:: no aggregate-address A.B.C.D/M | |
ac2201bb | 1016 | |
5101fece | 1017 | This command removes an aggregate address. |
1018 | ||
1019 | ||
ac2201bb | 1020 | This configuration example setup the aggregate-address under |
5101fece | 1021 | ipv4 address-family. |
1022 | ||
1023 | .. code-block:: frr | |
1024 | ||
1025 | router bgp 1 | |
1026 | address-family ipv4 unicast | |
1027 | aggregate-address 10.0.0.0/8 | |
1028 | aggregate-address 20.0.0.0/8 as-set | |
1029 | aggregate-address 40.0.0.0/8 summary-only | |
ac2201bb | 1030 | aggregate-address 50.0.0.0/8 route-map aggr-rmap |
5101fece | 1031 | exit-address-family |
1032 | ||
1033 | ||
1034 | .. _bgp-route-aggregation-ipv6: | |
1035 | ||
1036 | Route Aggregation-IPv6 Address Family | |
1037 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
1038 | ||
1039 | .. index:: aggregate-address X:X::X:X/M | |
1040 | .. clicmd:: aggregate-address X:X::X:X/M | |
1041 | ||
1042 | This command specifies an aggregate address. | |
1043 | ||
ac2201bb DA |
1044 | .. index:: aggregate-address X:X::X:X/M route-map NAME |
1045 | .. clicmd:: aggregate-address X:X::X:X/M route-map NAME | |
1046 | ||
1047 | Apply a route-map for an aggregated prefix. | |
1048 | ||
a87d2ef7 DA |
1049 | .. index:: aggregate-address X:X::X:X/M origin <egp|igp|incomplete> |
1050 | .. clicmd:: aggregate-address X:X::X:X/M origin <egp|igp|incomplete> | |
1051 | ||
1052 | Override ORIGIN for an aggregated prefix. | |
1053 | ||
5101fece | 1054 | .. index:: aggregate-address X:X::X:X/M as-set |
1055 | .. clicmd:: aggregate-address X:X::X:X/M as-set | |
1056 | ||
1057 | This command specifies an aggregate address. Resulting routes include | |
1058 | AS set. | |
1059 | ||
1060 | .. index:: aggregate-address X:X::X:X/M summary-only | |
1061 | .. clicmd:: aggregate-address X:X::X:X/M summary-only | |
1062 | ||
1063 | This command specifies an aggregate address. Aggregated routes will | |
b91bf5bd | 1064 | not be announced. |
5101fece | 1065 | |
01338ba1 RZ |
1066 | .. index:: aggregate-address X:X::X:X/M matching-MED-only |
1067 | .. clicmd:: aggregate-address X:X::X:X/M matching-MED-only | |
1068 | ||
1069 | Configure the aggregated address to only be created when the routes MED | |
1070 | match, otherwise no aggregated route will be created. | |
1071 | ||
8fbb9c95 RZ |
1072 | .. index:: aggregate-address X:X::X:X/M suppress-map NAME |
1073 | .. clicmd:: aggregate-address X:X::X:X/M suppress-map NAME | |
1074 | ||
1075 | Similar to `summary-only`, but will only suppress more specific routes that | |
1076 | are matched by the selected route-map. | |
01338ba1 | 1077 | |
5101fece | 1078 | .. index:: no aggregate-address X:X::X:X/M |
1079 | .. clicmd:: no aggregate-address X:X::X:X/M | |
1080 | ||
1081 | This command removes an aggregate address. | |
1082 | ||
1083 | ||
ac2201bb DA |
1084 | This configuration example setup the aggregate-address under |
1085 | ipv6 address-family. | |
5101fece | 1086 | |
1087 | .. code-block:: frr | |
1088 | ||
1089 | router bgp 1 | |
1090 | address-family ipv6 unicast | |
1091 | aggregate-address 10::0/64 | |
ac2201bb DA |
1092 | aggregate-address 20::0/64 as-set |
1093 | aggregate-address 40::0/64 summary-only | |
1094 | aggregate-address 50::0/64 route-map aggr-rmap | |
5101fece | 1095 | exit-address-family |
c3c5a71f | 1096 | |
8fcedbd2 | 1097 | .. _bgp-redistribute-to-bgp: |
42fc5d26 | 1098 | |
8fcedbd2 QY |
1099 | Redistribution |
1100 | -------------- | |
42fc5d26 | 1101 | |
c3c5a71f | 1102 | .. index:: redistribute kernel |
29adcd50 | 1103 | .. clicmd:: redistribute kernel |
42fc5d26 | 1104 | |
c1a54c05 | 1105 | Redistribute kernel route to BGP process. |
42fc5d26 | 1106 | |
c3c5a71f | 1107 | .. index:: redistribute static |
29adcd50 | 1108 | .. clicmd:: redistribute static |
42fc5d26 | 1109 | |
c1a54c05 | 1110 | Redistribute static route to BGP process. |
42fc5d26 | 1111 | |
c3c5a71f | 1112 | .. index:: redistribute connected |
29adcd50 | 1113 | .. clicmd:: redistribute connected |
42fc5d26 | 1114 | |
c1a54c05 | 1115 | Redistribute connected route to BGP process. |
42fc5d26 | 1116 | |
c3c5a71f | 1117 | .. index:: redistribute rip |
29adcd50 | 1118 | .. clicmd:: redistribute rip |
42fc5d26 | 1119 | |
c1a54c05 | 1120 | Redistribute RIP route to BGP process. |
42fc5d26 | 1121 | |
c3c5a71f | 1122 | .. index:: redistribute ospf |
29adcd50 | 1123 | .. clicmd:: redistribute ospf |
42fc5d26 | 1124 | |
c1a54c05 | 1125 | Redistribute OSPF route to BGP process. |
42fc5d26 | 1126 | |
99ad55e0 DA |
1127 | .. index:: redistribute vnc |
1128 | .. clicmd:: redistribute vnc | |
42fc5d26 | 1129 | |
c1a54c05 | 1130 | Redistribute VNC routes to BGP process. |
42fc5d26 | 1131 | |
245d354f DA |
1132 | .. index:: redistribute vnc-direct |
1133 | .. clicmd:: redistribute vnc-direct | |
1134 | ||
1135 | Redistribute VNC direct (not via zebra) routes to BGP process. | |
1136 | ||
d70583f7 D |
1137 | .. index:: bgp update-delay MAX-DELAY |
1138 | .. clicmd:: bgp update-delay MAX-DELAY | |
1139 | ||
1140 | .. index:: bgp update-delay MAX-DELAY ESTABLISH-WAIT | |
1141 | .. clicmd:: bgp update-delay MAX-DELAY ESTABLISH-WAIT | |
1142 | ||
1143 | This feature is used to enable read-only mode on BGP process restart or when | |
1144 | a BGP process is cleared using 'clear ip bgp \*'. Note that this command is | |
1145 | configured at the global level and applies to all bgp instances/vrfs. It | |
1146 | cannot be used at the same time as the "update-delay" command described below, | |
1147 | which is entered in each bgp instance/vrf desired to delay update installation | |
1148 | and advertisements. The global and per-vrf approaches to defining update-delay | |
1149 | are mutually exclusive. | |
1150 | ||
1151 | When applicable, read-only mode would begin as soon as the first peer reaches | |
1152 | Established status and a timer for max-delay seconds is started. During this | |
1153 | mode BGP doesn't run any best-path or generate any updates to its peers. This | |
1154 | mode continues until: | |
1155 | ||
1156 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR | |
1157 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
1158 | Established is considered an implicit-EOR. | |
1159 | If the establish-wait optional value is given, then BGP will wait for | |
1160 | peers to reach established from the beginning of the update-delay till the | |
1161 | establish-wait period is over, i.e. the minimum set of established peers for | |
1162 | which EOR is expected would be peers established during the establish-wait | |
1163 | window, not necessarily all the configured neighbors. | |
1164 | 2. max-delay period is over. | |
1165 | ||
1166 | On hitting any of the above two conditions, BGP resumes the decision process | |
1167 | and generates updates to its peers. | |
1168 | ||
1169 | Default max-delay is 0, i.e. the feature is off by default. | |
1170 | ||
1171 | ||
c1a54c05 QY |
1172 | .. index:: update-delay MAX-DELAY |
1173 | .. clicmd:: update-delay MAX-DELAY | |
c3c5a71f | 1174 | |
c1a54c05 QY |
1175 | .. index:: update-delay MAX-DELAY ESTABLISH-WAIT |
1176 | .. clicmd:: update-delay MAX-DELAY ESTABLISH-WAIT | |
c3c5a71f | 1177 | |
c1a54c05 | 1178 | This feature is used to enable read-only mode on BGP process restart or when |
d70583f7 D |
1179 | a BGP process is cleared using 'clear ip bgp \*'. Note that this command is |
1180 | configured under the specific bgp instance/vrf that the feaure is enabled for. | |
1181 | It cannot be used at the same time as the global "bgp update-delay" described | |
1182 | above, which is entered at the global level and applies to all bgp instances. | |
1183 | The global and per-vrf approaches to defining update-delay are mutually | |
1184 | exclusive. | |
1185 | ||
1186 | When applicable, read-only mode would begin as soon as the first peer reaches | |
1187 | Established status and a timer for max-delay seconds is started. During this | |
1188 | mode BGP doesn't run any best-path or generate any updates to its peers. This | |
1189 | mode continues until: | |
42fc5d26 | 1190 | |
c1a54c05 QY |
1191 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR |
1192 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
1193 | Established is considered an implicit-EOR. | |
1194 | If the establish-wait optional value is given, then BGP will wait for | |
d1e7591e | 1195 | peers to reach established from the beginning of the update-delay till the |
c1a54c05 QY |
1196 | establish-wait period is over, i.e. the minimum set of established peers for |
1197 | which EOR is expected would be peers established during the establish-wait | |
1198 | window, not necessarily all the configured neighbors. | |
1199 | 2. max-delay period is over. | |
42fc5d26 | 1200 | |
c1a54c05 QY |
1201 | On hitting any of the above two conditions, BGP resumes the decision process |
1202 | and generates updates to its peers. | |
42fc5d26 | 1203 | |
c1a54c05 | 1204 | Default max-delay is 0, i.e. the feature is off by default. |
c3c5a71f | 1205 | |
c1a54c05 QY |
1206 | .. index:: table-map ROUTE-MAP-NAME |
1207 | .. clicmd:: table-map ROUTE-MAP-NAME | |
42fc5d26 | 1208 | |
c1a54c05 QY |
1209 | This feature is used to apply a route-map on route updates from BGP to |
1210 | Zebra. All the applicable match operations are allowed, such as match on | |
1211 | prefix, next-hop, communities, etc. Set operations for this attach-point are | |
1212 | limited to metric and next-hop only. Any operation of this feature does not | |
1213 | affect BGPs internal RIB. | |
42fc5d26 | 1214 | |
c1a54c05 QY |
1215 | Supported for ipv4 and ipv6 address families. It works on multi-paths as |
1216 | well, however, metric setting is based on the best-path only. | |
42fc5d26 | 1217 | |
8fcedbd2 | 1218 | .. _bgp-peers: |
42fc5d26 | 1219 | |
8fcedbd2 QY |
1220 | Peers |
1221 | ----- | |
42fc5d26 | 1222 | |
8fcedbd2 | 1223 | .. _bgp-defining-peers: |
42fc5d26 | 1224 | |
8fcedbd2 QY |
1225 | Defining Peers |
1226 | ^^^^^^^^^^^^^^ | |
42fc5d26 | 1227 | |
c1a54c05 QY |
1228 | .. index:: neighbor PEER remote-as ASN |
1229 | .. clicmd:: neighbor PEER remote-as ASN | |
42fc5d26 | 1230 | |
c1a54c05 | 1231 | Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address |
9eb95b3b | 1232 | or an IPv6 address or an interface to use for the connection. |
76bd1499 | 1233 | |
9eb95b3b QY |
1234 | .. code-block:: frr |
1235 | ||
1236 | router bgp 1 | |
1237 | neighbor 10.0.0.1 remote-as 2 | |
76bd1499 | 1238 | |
c1a54c05 | 1239 | In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1. |
76bd1499 | 1240 | |
c1a54c05 | 1241 | This command must be the first command used when configuring a neighbor. If |
9eb95b3b | 1242 | the remote-as is not specified, *bgpd* will complain like this: :: |
76bd1499 | 1243 | |
c1a54c05 | 1244 | can't find neighbor 10.0.0.1 |
c3c5a71f | 1245 | |
5413757f DS |
1246 | .. index:: neighbor PEER remote-as internal |
1247 | .. clicmd:: neighbor PEER remote-as internal | |
1248 | ||
1249 | Create a peer as you would when you specify an ASN, except that if the | |
1250 | peers ASN is different than mine as specified under the :clicmd:`router bgp ASN` | |
1251 | command the connection will be denied. | |
1252 | ||
1253 | .. index:: neighbor PEER remote-as external | |
1254 | .. clicmd:: neighbor PEER remote-as external | |
1255 | ||
1256 | Create a peer as you would when you specify an ASN, except that if the | |
1257 | peers ASN is the same as mine as specified under the :clicmd:`router bgp ASN` | |
1258 | command the connection will be denied. | |
42fc5d26 | 1259 | |
d7b9898c DA |
1260 | .. index:: [no] bgp listen range <A.B.C.D/M|X:X::X:X/M> peer-group PGNAME |
1261 | .. clicmd:: [no] bgp listen range <A.B.C.D/M|X:X::X:X/M> peer-group PGNAME | |
d79e0e08 QY |
1262 | |
1263 | Accept connections from any peers in the specified prefix. Configuration | |
1264 | from the specified peer-group is used to configure these peers. | |
1265 | ||
1266 | .. note:: | |
1267 | ||
1268 | When using BGP listen ranges, if the associated peer group has TCP MD5 | |
1269 | authentication configured, your kernel must support this on prefixes. On | |
1270 | Linux, this support was added in kernel version 4.14. If your kernel does | |
1271 | not support this feature you will get a warning in the log file, and the | |
1272 | listen range will only accept connections from peers without MD5 configured. | |
1273 | ||
1274 | Additionally, we have observed that when using this option at scale (several | |
1275 | hundred peers) the kernel may hit its option memory limit. In this situation | |
1276 | you will see error messages like: | |
1277 | ||
1278 | ``bgpd: sockopt_tcp_signature: setsockopt(23): Cannot allocate memory`` | |
1279 | ||
1280 | In this case you need to increase the value of the sysctl | |
1281 | ``net.core.optmem_max`` to allow the kernel to allocate the necessary option | |
1282 | memory. | |
1283 | ||
ced26d3d DS |
1284 | .. index:: [no] coalesce-time (0-4294967295) |
1285 | .. clicmd:: [no] coalesce-time (0-4294967295) | |
1286 | ||
1287 | The time in milliseconds that BGP will delay before deciding what peers | |
1288 | can be put into an update-group together in order to generate a single | |
1289 | update for them. The default time is 1000. | |
91052810 | 1290 | |
8fcedbd2 | 1291 | .. _bgp-configuring-peers: |
42fc5d26 | 1292 | |
8fcedbd2 QY |
1293 | Configuring Peers |
1294 | ^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 1295 | |
91052810 DA |
1296 | .. index:: [no] neighbor PEER shutdown [message MSG...] [rtt (1-65535) [count (1-255)]] |
1297 | .. clicmd:: [no] neighbor PEER shutdown [message MSG...] [rtt (1-65535) [count (1-255)]] | |
c3c5a71f | 1298 | |
c1a54c05 QY |
1299 | Shutdown the peer. We can delete the neighbor's configuration by |
1300 | ``no neighbor PEER remote-as ASN`` but all configuration of the neighbor | |
1301 | will be deleted. When you want to preserve the configuration, but want to | |
1302 | drop the BGP peer, use this syntax. | |
c3c5a71f | 1303 | |
70335e0a RZ |
1304 | Optionally you can specify a shutdown message `MSG`. |
1305 | ||
91052810 DA |
1306 | Also, you can specify optionally _rtt_ in milliseconds to automatically |
1307 | shutdown the peer if round-trip-time becomes higher than defined. | |
1308 | ||
1309 | Additional _count_ parameter is the number of keepalive messages to count | |
1310 | before shutdown the peer if round-trip-time becomes higher than defined. | |
1311 | ||
c0868e8b QY |
1312 | .. index:: [no] neighbor PEER disable-connected-check |
1313 | .. clicmd:: [no] neighbor PEER disable-connected-check | |
c3c5a71f | 1314 | |
c0868e8b QY |
1315 | Allow peerings between directly connected eBGP peers using loopback |
1316 | addresses. | |
c3c5a71f | 1317 | |
c0868e8b QY |
1318 | .. index:: [no] neighbor PEER ebgp-multihop |
1319 | .. clicmd:: [no] neighbor PEER ebgp-multihop | |
42fc5d26 | 1320 | |
164786a9 QY |
1321 | Specifying ``ebgp-multihop`` allows sessions with eBGP neighbors to |
1322 | establish when they are multiple hops away. When the neighbor is not | |
1323 | directly connected and this knob is not enabled, the session will not | |
1324 | establish. | |
1325 | ||
c0868e8b QY |
1326 | .. index:: [no] neighbor PEER description ... |
1327 | .. clicmd:: [no] neighbor PEER description ... | |
42fc5d26 | 1328 | |
c1a54c05 | 1329 | Set description of the peer. |
42fc5d26 | 1330 | |
c0868e8b QY |
1331 | .. index:: [no] neighbor PEER version VERSION |
1332 | .. clicmd:: [no] neighbor PEER version VERSION | |
42fc5d26 | 1333 | |
4da7fda3 QY |
1334 | Set up the neighbor's BGP version. `version` can be `4`, `4+` or `4-`. BGP |
1335 | version `4` is the default value used for BGP peering. BGP version `4+` | |
1336 | means that the neighbor supports Multiprotocol Extensions for BGP-4. BGP | |
1337 | version `4-` is similar but the neighbor speaks the old Internet-Draft | |
1338 | revision 00's Multiprotocol Extensions for BGP-4. Some routing software is | |
1339 | still using this version. | |
42fc5d26 | 1340 | |
c0868e8b QY |
1341 | .. index:: [no] neighbor PEER interface IFNAME |
1342 | .. clicmd:: [no] neighbor PEER interface IFNAME | |
42fc5d26 | 1343 | |
c1a54c05 QY |
1344 | When you connect to a BGP peer over an IPv6 link-local address, you have to |
1345 | specify the IFNAME of the interface used for the connection. To specify | |
1346 | IPv4 session addresses, see the ``neighbor PEER update-source`` command | |
1347 | below. | |
42fc5d26 | 1348 | |
c1a54c05 QY |
1349 | This command is deprecated and may be removed in a future release. Its use |
1350 | should be avoided. | |
42fc5d26 | 1351 | |
c0868e8b QY |
1352 | .. index:: [no] neighbor PEER next-hop-self [all] |
1353 | .. clicmd:: [no] neighbor PEER next-hop-self [all] | |
42fc5d26 | 1354 | |
c1a54c05 QY |
1355 | This command specifies an announced route's nexthop as being equivalent to |
1356 | the address of the bgp router if it is learned via eBGP. If the optional | |
d1e7591e | 1357 | keyword `all` is specified the modification is done also for routes learned |
c1a54c05 | 1358 | via iBGP. |
42fc5d26 | 1359 | |
8b0d734b | 1360 | .. index:: neighbor PEER attribute-unchanged [{as-path|next-hop|med}] |
1361 | .. clicmd:: neighbor PEER attribute-unchanged [{as-path|next-hop|med}] | |
1362 | ||
1363 | This command specifies attributes to be left unchanged for advertisements | |
1364 | sent to a peer. Use this to leave the next-hop unchanged in ipv6 | |
1365 | configurations, as the route-map directive to leave the next-hop unchanged | |
1366 | is only available for ipv4. | |
1367 | ||
c0868e8b QY |
1368 | .. index:: [no] neighbor PEER update-source <IFNAME|ADDRESS> |
1369 | .. clicmd:: [no] neighbor PEER update-source <IFNAME|ADDRESS> | |
42fc5d26 | 1370 | |
c1a54c05 QY |
1371 | Specify the IPv4 source address to use for the :abbr:`BGP` session to this |
1372 | neighbour, may be specified as either an IPv4 address directly or as an | |
1373 | interface name (in which case the *zebra* daemon MUST be running in order | |
9eb95b3b QY |
1374 | for *bgpd* to be able to retrieve interface state). |
1375 | ||
1376 | .. code-block:: frr | |
42fc5d26 | 1377 | |
c1a54c05 QY |
1378 | router bgp 64555 |
1379 | neighbor foo update-source 192.168.0.1 | |
1380 | neighbor bar update-source lo0 | |
42fc5d26 | 1381 | |
42fc5d26 | 1382 | |
c0868e8b QY |
1383 | .. index:: [no] neighbor PEER default-originate |
1384 | .. clicmd:: [no] neighbor PEER default-originate | |
42fc5d26 | 1385 | |
4da7fda3 QY |
1386 | *bgpd*'s default is to not announce the default route (0.0.0.0/0) even if it |
1387 | is in routing table. When you want to announce default routes to the peer, | |
1388 | use this command. | |
42fc5d26 | 1389 | |
c1a54c05 QY |
1390 | .. index:: neighbor PEER port PORT |
1391 | .. clicmd:: neighbor PEER port PORT | |
42fc5d26 | 1392 | |
e7c105a7 DS |
1393 | .. index:: [no] neighbor PEER password PASSWORD |
1394 | .. clicmd:: [no] neighbor PEER password PASSWORD | |
1395 | ||
1396 | Set a MD5 password to be used with the tcp socket that is being used | |
1397 | to connect to the remote peer. Please note if you are using this | |
1398 | command with a large number of peers on linux you should consider | |
1399 | modifying the `net.core.optmem_max` sysctl to a larger value to | |
1400 | avoid out of memory errors from the linux kernel. | |
1401 | ||
c1a54c05 QY |
1402 | .. index:: neighbor PEER send-community |
1403 | .. clicmd:: neighbor PEER send-community | |
42fc5d26 | 1404 | |
c0868e8b QY |
1405 | .. index:: [no] neighbor PEER weight WEIGHT |
1406 | .. clicmd:: [no] neighbor PEER weight WEIGHT | |
42fc5d26 | 1407 | |
c1a54c05 | 1408 | This command specifies a default `weight` value for the neighbor's routes. |
42fc5d26 | 1409 | |
c1bcac1d DA |
1410 | .. index:: [no] neighbor PEER maximum-prefix NUMBER [force] |
1411 | .. clicmd:: [no] neighbor PEER maximum-prefix NUMBER [force] | |
42fc5d26 | 1412 | |
886026c8 QY |
1413 | Sets a maximum number of prefixes we can receive from a given peer. If this |
1414 | number is exceeded, the BGP session will be destroyed. | |
1415 | ||
1416 | In practice, it is generally preferable to use a prefix-list to limit what | |
1417 | prefixes are received from the peer instead of using this knob. Tearing down | |
1418 | the BGP session when a limit is exceeded is far more destructive than merely | |
1419 | rejecting undesired prefixes. The prefix-list method is also much more | |
1420 | granular and offers much smarter matching criterion than number of received | |
1421 | prefixes, making it more suited to implementing policy. | |
1422 | ||
c1bcac1d DA |
1423 | If _force_ is set, then ALL prefixes are counted for maximum instead of |
1424 | accepted only. This is useful for cases where an inbound filter is applied, | |
1425 | but you want maximum-prefix to act on ALL (including filtered) prefixes. This | |
1426 | option requires `soft-reconfiguration inbound` to be enabled for the peer. | |
1427 | ||
edf98aa3 DA |
1428 | .. index:: [no] neighbor PEER maximum-prefix-out NUMBER |
1429 | .. clicmd:: [no] neighbor PEER maximum-prefix-out NUMBER | |
1430 | ||
1431 | Sets a maximum number of prefixes we can send to a given peer. | |
1432 | ||
f5399474 DA |
1433 | Since sent prefix count is managed by update-groups, this option |
1434 | creates a separate update-group for outgoing updates. | |
1435 | ||
886026c8 QY |
1436 | .. index:: [no] neighbor PEER local-as AS-NUMBER [no-prepend] [replace-as] |
1437 | .. clicmd:: [no] neighbor PEER local-as AS-NUMBER [no-prepend] [replace-as] | |
42fc5d26 | 1438 | |
c1a54c05 QY |
1439 | Specify an alternate AS for this BGP process when interacting with the |
1440 | specified peer. With no modifiers, the specified local-as is prepended to | |
1441 | the received AS_PATH when receiving routing updates from the peer, and | |
1442 | prepended to the outgoing AS_PATH (after the process local AS) when | |
1443 | transmitting local routes to the peer. | |
42fc5d26 | 1444 | |
c1a54c05 QY |
1445 | If the no-prepend attribute is specified, then the supplied local-as is not |
1446 | prepended to the received AS_PATH. | |
c3c5a71f | 1447 | |
c1a54c05 QY |
1448 | If the replace-as attribute is specified, then only the supplied local-as is |
1449 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
c3c5a71f | 1450 | |
c1a54c05 | 1451 | Note that replace-as can only be specified if no-prepend is. |
c3c5a71f | 1452 | |
c1a54c05 | 1453 | This command is only allowed for eBGP peers. |
c3c5a71f | 1454 | |
252c5590 RZ |
1455 | .. index:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> as-override |
1456 | .. clicmd:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> as-override | |
1457 | ||
1458 | Override AS number of the originating router with the local AS number. | |
1459 | ||
1460 | Usually this configuration is used in PEs (Provider Edge) to replace | |
1461 | the incoming customer AS number so the connected CE (Customer Edge) | |
1462 | can use the same AS number as the other customer sites. This allows | |
1463 | customers of the provider network to use the same AS number across | |
1464 | their sites. | |
1465 | ||
1466 | This command is only allowed for eBGP peers. | |
1467 | ||
ae1e0f32 RZ |
1468 | .. index:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> allowas-in [<(1-10)|origin>] |
1469 | .. clicmd:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> allowas-in [<(1-10)|origin>] | |
1470 | ||
1471 | Accept incoming routes with AS path containing AS number with the same value | |
1472 | as the current system AS. | |
1473 | ||
1474 | This is used when you want to use the same AS number in your sites, but you | |
1475 | can't connect them directly. This is an alternative to | |
1476 | `neighbor WORD as-override`. | |
1477 | ||
1478 | The parameter `(1-10)` configures the amount of accepted occurences of the | |
1479 | system AS number in AS path. | |
1480 | ||
1481 | The parameter `origin` configures BGP to only accept routes originated with | |
1482 | the same AS number as the system. | |
1483 | ||
1484 | This command is only allowed for eBGP peers. | |
1485 | ||
e03bf6fc RZ |
1486 | .. index:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> addpath-tx-all-paths |
1487 | .. clicmd:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> addpath-tx-all-paths | |
1488 | ||
1489 | Configure BGP to send all known paths to neighbor in order to preserve multi | |
1490 | path capabilities inside a network. | |
1491 | ||
1492 | .. index:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> addpath-tx-bestpath-per-AS | |
1493 | .. clicmd:: [no] neighbor <A.B.C.D|X:X::X:X|WORD> addpath-tx-bestpath-per-AS | |
1494 | ||
1495 | Configure BGP to send best known paths to neighbor in order to preserve multi | |
1496 | path capabilities inside a network. | |
1497 | ||
c0868e8b QY |
1498 | .. index:: [no] neighbor PEER ttl-security hops NUMBER |
1499 | .. clicmd:: [no] neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 1500 | |
c1a54c05 QY |
1501 | This command enforces Generalized TTL Security Mechanism (GTSM), as |
1502 | specified in RFC 5082. With this command, only neighbors that are the | |
1503 | specified number of hops away will be allowed to become neighbors. This | |
d1e7591e | 1504 | command is mutually exclusive with *ebgp-multihop*. |
42fc5d26 | 1505 | |
19f2b5e8 DS |
1506 | .. index:: [no] neighbor PEER capability extended-nexthop |
1507 | .. clicmd:: [no] neighbor PEER capability extended-nexthop | |
1508 | ||
1509 | Allow bgp to negotiate the extended-nexthop capability with it's peer. | |
1510 | If you are peering over a v6 LL address then this capability is turned | |
1511 | on automatically. If you are peering over a v6 Global Address then | |
1512 | turning on this command will allow BGP to install v4 routes with | |
1513 | v6 nexthops if you do not have v4 configured on interfaces. | |
1514 | ||
eb938189 DS |
1515 | .. index:: [no] bgp fast-external-failover |
1516 | .. clicmd:: [no] bgp fast-external-failover | |
1517 | ||
1518 | This command causes bgp to not take down ebgp peers immediately | |
1519 | when a link flaps. `bgp fast-external-failover` is the default | |
1520 | and will not be displayed as part of a `show run`. The no form | |
1521 | of the command turns off this ability. | |
1522 | ||
bc132029 DS |
1523 | .. index:: [no] bgp default ipv4-unicast |
1524 | .. clicmd:: [no] bgp default ipv4-unicast | |
1525 | ||
1526 | This command allows the user to specify that v4 peering is turned | |
1527 | on by default or not. This command defaults to on and is not displayed. | |
1528 | The `no bgp default ipv4-unicast` form of the command is displayed. | |
1529 | ||
7d981695 DA |
1530 | .. index:: [no] bgp default show-hostname |
1531 | .. clicmd:: [no] bgp default show-hostname | |
1532 | ||
1533 | This command shows the hostname of the peer in certain BGP commands | |
1534 | outputs. It's easier to troubleshoot if you have a number of BGP peers. | |
1535 | ||
1536 | .. index:: [no] bgp default show-nexthop-hostname | |
1537 | .. clicmd:: [no] bgp default show-nexthop-hostname | |
1538 | ||
1539 | This command shows the hostname of the next-hop in certain BGP commands | |
1540 | outputs. It's easier to troubleshoot if you have a number of BGP peers | |
1541 | and a number of routes to check. | |
1542 | ||
e10dda57 DS |
1543 | .. index:: [no] neighbor PEER advertisement-interval (0-600) |
1544 | .. clicmd:: [no] neighbor PEER advertisement-interval (0-600) | |
1545 | ||
1546 | Setup the minimum route advertisement interval(mrai) for the | |
1547 | peer in question. This number is between 0 and 600 seconds, | |
1548 | with the default advertisement interval being 0. | |
1549 | ||
4e853678 DS |
1550 | Displaying Information about Peers |
1551 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
1552 | ||
1553 | .. index:: show bgp <afi> <safi> neighbors WORD bestpath-routes [json] [wide] | |
1554 | .. clicmd:: show bgp <afi> <safi> neighbors WORD bestpath-routes [json] [wide] | |
1555 | ||
1556 | For the given neighbor, WORD, that is specified list the routes selected | |
1557 | by BGP as having the best path. | |
1558 | ||
8fcedbd2 | 1559 | .. _bgp-peer-filtering: |
42fc5d26 | 1560 | |
8fcedbd2 QY |
1561 | Peer Filtering |
1562 | ^^^^^^^^^^^^^^ | |
42fc5d26 | 1563 | |
c1a54c05 QY |
1564 | .. index:: neighbor PEER distribute-list NAME [in|out] |
1565 | .. clicmd:: neighbor PEER distribute-list NAME [in|out] | |
42fc5d26 | 1566 | |
c1a54c05 QY |
1567 | This command specifies a distribute-list for the peer. `direct` is |
1568 | ``in`` or ``out``. | |
42fc5d26 | 1569 | |
c3c5a71f | 1570 | .. index:: neighbor PEER prefix-list NAME [in|out] |
29adcd50 | 1571 | .. clicmd:: neighbor PEER prefix-list NAME [in|out] |
42fc5d26 | 1572 | |
c1a54c05 | 1573 | .. index:: neighbor PEER filter-list NAME [in|out] |
29adcd50 | 1574 | .. clicmd:: neighbor PEER filter-list NAME [in|out] |
42fc5d26 | 1575 | |
c1a54c05 QY |
1576 | .. index:: neighbor PEER route-map NAME [in|out] |
1577 | .. clicmd:: neighbor PEER route-map NAME [in|out] | |
42fc5d26 | 1578 | |
c1a54c05 | 1579 | Apply a route-map on the neighbor. `direct` must be `in` or `out`. |
42fc5d26 | 1580 | |
c3c5a71f | 1581 | .. index:: bgp route-reflector allow-outbound-policy |
29adcd50 | 1582 | .. clicmd:: bgp route-reflector allow-outbound-policy |
42fc5d26 | 1583 | |
c1a54c05 QY |
1584 | By default, attribute modification via route-map policy out is not reflected |
1585 | on reflected routes. This option allows the modifications to be reflected as | |
1586 | well. Once enabled, it affects all reflected routes. | |
42fc5d26 | 1587 | |
583a9fd4 RZ |
1588 | .. index:: [no] neighbor PEER sender-as-path-loop-detection |
1589 | .. clicmd:: [no] neighbor PEER sender-as-path-loop-detection | |
1590 | ||
1591 | Enable the detection of sender side AS path loops and filter the | |
1592 | bad routes before they are sent. | |
1593 | ||
1594 | This setting is disabled by default. | |
1595 | ||
0efdf0fe | 1596 | .. _bgp-peer-group: |
42fc5d26 | 1597 | |
8fcedbd2 QY |
1598 | Peer Groups |
1599 | ^^^^^^^^^^^ | |
42fc5d26 | 1600 | |
199ad5c4 LB |
1601 | Peer groups are used to help improve scaling by generating the same |
1602 | update information to all members of a peer group. Note that this means | |
1603 | that the routes generated by a member of a peer group will be sent back | |
1604 | to that originating peer with the originator identifier attribute set to | |
1605 | indicated the originating peer. All peers not associated with a | |
1606 | specific peer group are treated as belonging to a default peer group, | |
1607 | and will share updates. | |
1608 | ||
c1a54c05 QY |
1609 | .. index:: neighbor WORD peer-group |
1610 | .. clicmd:: neighbor WORD peer-group | |
42fc5d26 | 1611 | |
c1a54c05 | 1612 | This command defines a new peer group. |
42fc5d26 | 1613 | |
d7b9898c DA |
1614 | .. index:: neighbor PEER peer-group PGNAME |
1615 | .. clicmd:: neighbor PEER peer-group PGNAME | |
c3c5a71f | 1616 | |
c1a54c05 | 1617 | This command bind specific peer to peer group WORD. |
42fc5d26 | 1618 | |
199ad5c4 LB |
1619 | .. index:: neighbor PEER solo |
1620 | .. clicmd:: neighbor PEER solo | |
1621 | ||
1622 | This command is used to indicate that routes advertised by the peer | |
1623 | should not be reflected back to the peer. This command only is only | |
1624 | meaningful when there is a single peer defined in the peer-group. | |
1625 | ||
8fcedbd2 QY |
1626 | Capability Negotiation |
1627 | ^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 1628 | |
8fcedbd2 QY |
1629 | .. index:: neighbor PEER strict-capability-match |
1630 | .. clicmd:: neighbor PEER strict-capability-match | |
42fc5d26 | 1631 | |
8fcedbd2 QY |
1632 | .. index:: no neighbor PEER strict-capability-match |
1633 | .. clicmd:: no neighbor PEER strict-capability-match | |
c1a54c05 | 1634 | |
8fcedbd2 QY |
1635 | Strictly compares remote capabilities and local capabilities. If |
1636 | capabilities are different, send Unsupported Capability error then reset | |
1637 | connection. | |
42fc5d26 | 1638 | |
8fcedbd2 QY |
1639 | You may want to disable sending Capability Negotiation OPEN message optional |
1640 | parameter to the peer when remote peer does not implement Capability | |
1641 | Negotiation. Please use *dont-capability-negotiate* command to disable the | |
1642 | feature. | |
42fc5d26 | 1643 | |
7cdc9530 DS |
1644 | .. index:: [no] neighbor PEER dont-capability-negotiate |
1645 | .. clicmd:: [no] neighbor PEER dont-capability-negotiate | |
42fc5d26 | 1646 | |
8fcedbd2 QY |
1647 | Suppress sending Capability Negotiation as OPEN message optional parameter |
1648 | to the peer. This command only affects the peer is configured other than | |
1649 | IPv4 unicast configuration. | |
42fc5d26 | 1650 | |
8fcedbd2 QY |
1651 | When remote peer does not have capability negotiation feature, remote peer |
1652 | will not send any capabilities at all. In that case, bgp configures the peer | |
1653 | with configured capabilities. | |
42fc5d26 | 1654 | |
8fcedbd2 QY |
1655 | You may prefer locally configured capabilities more than the negotiated |
1656 | capabilities even though remote peer sends capabilities. If the peer is | |
1657 | configured by *override-capability*, *bgpd* ignores received capabilities | |
1658 | then override negotiated capabilities with configured values. | |
42fc5d26 | 1659 | |
7cdc9530 DS |
1660 | Additionally the operator should be reminded that this feature fundamentally |
1661 | disables the ability to use widely deployed BGP features. BGP unnumbered, | |
1662 | hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities, | |
1663 | and graceful restart. | |
1664 | ||
8fcedbd2 QY |
1665 | .. index:: neighbor PEER override-capability |
1666 | .. clicmd:: neighbor PEER override-capability | |
42fc5d26 | 1667 | |
8fcedbd2 QY |
1668 | .. index:: no neighbor PEER override-capability |
1669 | .. clicmd:: no neighbor PEER override-capability | |
c1a54c05 | 1670 | |
8fcedbd2 QY |
1671 | Override the result of Capability Negotiation with local configuration. |
1672 | Ignore remote peer's capability value. | |
42fc5d26 | 1673 | |
8fcedbd2 | 1674 | .. _bgp-as-path-access-lists: |
42fc5d26 | 1675 | |
8fcedbd2 QY |
1676 | AS Path Access Lists |
1677 | -------------------- | |
42fc5d26 QY |
1678 | |
1679 | AS path access list is user defined AS path. | |
1680 | ||
a64e0ee5 DA |
1681 | .. index:: bgp as-path access-list WORD permit|deny LINE |
1682 | .. clicmd:: bgp as-path access-list WORD permit|deny LINE | |
42fc5d26 | 1683 | |
c1a54c05 | 1684 | This command defines a new AS path access list. |
42fc5d26 | 1685 | |
a64e0ee5 DA |
1686 | .. index:: no bgp as-path access-list WORD |
1687 | .. clicmd:: no bgp as-path access-list WORD | |
42fc5d26 | 1688 | |
a64e0ee5 DA |
1689 | .. index:: no bgp as-path access-list WORD permit|deny LINE |
1690 | .. clicmd:: no bgp as-path access-list WORD permit|deny LINE | |
42fc5d26 | 1691 | |
125cec1a DA |
1692 | .. _bgp-bogon-filter-example: |
1693 | ||
1694 | Bogon ASN filter policy configuration example | |
1695 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
1696 | ||
1697 | .. code-block:: frr | |
1698 | ||
1699 | bgp as-path access-list 99 permit _0_ | |
1700 | bgp as-path access-list 99 permit _23456_ | |
1701 | bgp as-path access-list 99 permit _1310[0-6][0-9]_|_13107[0-1]_ | |
1702 | ||
8fcedbd2 | 1703 | .. _bgp-using-as-path-in-route-map: |
42fc5d26 QY |
1704 | |
1705 | Using AS Path in Route Map | |
1706 | -------------------------- | |
1707 | ||
eb1f303d DS |
1708 | .. index:: [no] match as-path WORD |
1709 | .. clicmd:: [no] match as-path WORD | |
42fc5d26 | 1710 | |
eb1f303d DS |
1711 | For a given as-path, WORD, match it on the BGP as-path given for the prefix |
1712 | and if it matches do normal route-map actions. The no form of the command | |
1713 | removes this match from the route-map. | |
42fc5d26 | 1714 | |
eb1f303d DS |
1715 | .. index:: [no] set as-path prepend AS-PATH |
1716 | .. clicmd:: [no] set as-path prepend AS-PATH | |
42fc5d26 | 1717 | |
eb1f303d DS |
1718 | Prepend the given string of AS numbers to the AS_PATH of the BGP path's NLRI. |
1719 | The no form of this command removes this set operation from the route-map. | |
42fc5d26 | 1720 | |
eb1f303d DS |
1721 | .. index:: [no] set as-path prepend last-as NUM |
1722 | .. clicmd:: [no] set as-path prepend last-as NUM | |
c1a54c05 QY |
1723 | |
1724 | Prepend the existing last AS number (the leftmost ASN) to the AS_PATH. | |
eb1f303d | 1725 | The no form of this command removes this set operation from the route-map. |
42fc5d26 | 1726 | |
0efdf0fe | 1727 | .. _bgp-communities-attribute: |
42fc5d26 | 1728 | |
8fcedbd2 QY |
1729 | Communities Attribute |
1730 | --------------------- | |
42fc5d26 | 1731 | |
8fcedbd2 | 1732 | The BGP communities attribute is widely used for implementing policy routing. |
c1a54c05 QY |
1733 | Network operators can manipulate BGP communities attribute based on their |
1734 | network policy. BGP communities attribute is defined in :rfc:`1997` and | |
1735 | :rfc:`1998`. It is an optional transitive attribute, therefore local policy can | |
1736 | travel through different autonomous system. | |
1737 | ||
8fcedbd2 QY |
1738 | The communities attribute is a set of communities values. Each community value |
1739 | is 4 octet long. The following format is used to define the community value. | |
c1a54c05 | 1740 | |
8fcedbd2 | 1741 | ``AS:VAL`` |
c1a54c05 QY |
1742 | This format represents 4 octet communities value. ``AS`` is high order 2 |
1743 | octet in digit format. ``VAL`` is low order 2 octet in digit format. This | |
1744 | format is useful to define AS oriented policy value. For example, | |
1745 | ``7675:80`` can be used when AS 7675 wants to pass local policy value 80 to | |
1746 | neighboring peer. | |
1747 | ||
8fcedbd2 QY |
1748 | ``internet`` |
1749 | ``internet`` represents well-known communities value 0. | |
c1a54c05 | 1750 | |
cae770d3 C |
1751 | ``graceful-shutdown`` |
1752 | ``graceful-shutdown`` represents well-known communities value | |
1753 | ``GRACEFUL_SHUTDOWN`` ``0xFFFF0000`` ``65535:0``. :rfc:`8326` implements | |
1754 | the purpose Graceful BGP Session Shutdown to reduce the amount of | |
56f0bea7 | 1755 | lost traffic when taking BGP sessions down for maintenance. The use |
cae770d3 C |
1756 | of the community needs to be supported from your peers side to |
1757 | actually have any effect. | |
1758 | ||
1759 | ``accept-own`` | |
1760 | ``accept-own`` represents well-known communities value ``ACCEPT_OWN`` | |
1761 | ``0xFFFF0001`` ``65535:1``. :rfc:`7611` implements a way to signal | |
1762 | to a router to accept routes with a local nexthop address. This | |
1763 | can be the case when doing policing and having traffic having a | |
1764 | nexthop located in another VRF but still local interface to the | |
1765 | router. It is recommended to read the RFC for full details. | |
1766 | ||
1767 | ``route-filter-translated-v4`` | |
1768 | ``route-filter-translated-v4`` represents well-known communities value | |
1769 | ``ROUTE_FILTER_TRANSLATED_v4`` ``0xFFFF0002`` ``65535:2``. | |
1770 | ||
1771 | ``route-filter-v4`` | |
1772 | ``route-filter-v4`` represents well-known communities value | |
1773 | ``ROUTE_FILTER_v4`` ``0xFFFF0003`` ``65535:3``. | |
1774 | ||
1775 | ``route-filter-translated-v6`` | |
1776 | ``route-filter-translated-v6`` represents well-known communities value | |
1777 | ``ROUTE_FILTER_TRANSLATED_v6`` ``0xFFFF0004`` ``65535:4``. | |
1778 | ||
1779 | ``route-filter-v6`` | |
1780 | ``route-filter-v6`` represents well-known communities value | |
1781 | ``ROUTE_FILTER_v6`` ``0xFFFF0005`` ``65535:5``. | |
1782 | ||
1783 | ``llgr-stale`` | |
1784 | ``llgr-stale`` represents well-known communities value ``LLGR_STALE`` | |
1785 | ``0xFFFF0006`` ``65535:6``. | |
56f0bea7 | 1786 | Assigned and intended only for use with routers supporting the |
cae770d3 | 1787 | Long-lived Graceful Restart Capability as described in |
49606d58 | 1788 | [Draft-IETF-uttaro-idr-bgp-persistence]_. |
56f0bea7 | 1789 | Routers receiving routes with this community may (depending on |
cae770d3 C |
1790 | implementation) choose allow to reject or modify routes on the |
1791 | presence or absence of this community. | |
1792 | ||
1793 | ``no-llgr`` | |
1794 | ``no-llgr`` represents well-known communities value ``NO_LLGR`` | |
1795 | ``0xFFFF0007`` ``65535:7``. | |
56f0bea7 | 1796 | Assigned and intended only for use with routers supporting the |
cae770d3 | 1797 | Long-lived Graceful Restart Capability as described in |
49606d58 | 1798 | [Draft-IETF-uttaro-idr-bgp-persistence]_. |
56f0bea7 | 1799 | Routers receiving routes with this community may (depending on |
cae770d3 C |
1800 | implementation) choose allow to reject or modify routes on the |
1801 | presence or absence of this community. | |
1802 | ||
1803 | ``accept-own-nexthop`` | |
1804 | ``accept-own-nexthop`` represents well-known communities value | |
1805 | ``accept-own-nexthop`` ``0xFFFF0008`` ``65535:8``. | |
49606d58 | 1806 | [Draft-IETF-agrewal-idr-accept-own-nexthop]_ describes |
cae770d3 C |
1807 | how to tag and label VPN routes to be able to send traffic between VRFs |
1808 | via an internal layer 2 domain on the same PE device. Refer to | |
49606d58 | 1809 | [Draft-IETF-agrewal-idr-accept-own-nexthop]_ for full details. |
cae770d3 C |
1810 | |
1811 | ``blackhole`` | |
1812 | ``blackhole`` represents well-known communities value ``BLACKHOLE`` | |
1813 | ``0xFFFF029A`` ``65535:666``. :rfc:`7999` documents sending prefixes to | |
1814 | EBGP peers and upstream for the purpose of blackholing traffic. | |
1815 | Prefixes tagged with the this community should normally not be | |
1816 | re-advertised from neighbors of the originating network. It is | |
1817 | recommended upon receiving prefixes tagged with this community to | |
1818 | add ``NO_EXPORT`` and ``NO_ADVERTISE``. | |
1819 | ||
8fcedbd2 | 1820 | ``no-export`` |
c1a54c05 QY |
1821 | ``no-export`` represents well-known communities value ``NO_EXPORT`` |
1822 | ``0xFFFFFF01``. All routes carry this value must not be advertised to | |
1823 | outside a BGP confederation boundary. If neighboring BGP peer is part of BGP | |
1824 | confederation, the peer is considered as inside a BGP confederation | |
1825 | boundary, so the route will be announced to the peer. | |
1826 | ||
8fcedbd2 | 1827 | ``no-advertise`` |
c1a54c05 QY |
1828 | ``no-advertise`` represents well-known communities value ``NO_ADVERTISE`` |
1829 | ``0xFFFFFF02``. All routes carry this value must not be advertise to other | |
1830 | BGP peers. | |
1831 | ||
8fcedbd2 | 1832 | ``local-AS`` |
c1a54c05 QY |
1833 | ``local-AS`` represents well-known communities value ``NO_EXPORT_SUBCONFED`` |
1834 | ``0xFFFFFF03``. All routes carry this value must not be advertised to | |
1835 | external BGP peers. Even if the neighboring router is part of confederation, | |
1836 | it is considered as external BGP peer, so the route will not be announced to | |
1837 | the peer. | |
1838 | ||
cae770d3 C |
1839 | ``no-peer`` |
1840 | ``no-peer`` represents well-known communities value ``NOPEER`` | |
1841 | ``0xFFFFFF04`` ``65535:65284``. :rfc:`3765` is used to communicate to | |
1842 | another network how the originating network want the prefix propagated. | |
1843 | ||
aa9eafa4 QY |
1844 | When the communities attribute is received duplicate community values in the |
1845 | attribute are ignored and value is sorted in numerical order. | |
42fc5d26 | 1846 | |
49606d58 PG |
1847 | .. [Draft-IETF-uttaro-idr-bgp-persistence] <https://tools.ietf.org/id/draft-uttaro-idr-bgp-persistence-04.txt> |
1848 | .. [Draft-IETF-agrewal-idr-accept-own-nexthop] <https://tools.ietf.org/id/draft-agrewal-idr-accept-own-nexthop-00.txt> | |
1849 | ||
0efdf0fe | 1850 | .. _bgp-community-lists: |
42fc5d26 | 1851 | |
8fcedbd2 QY |
1852 | Community Lists |
1853 | ^^^^^^^^^^^^^^^ | |
aa9eafa4 QY |
1854 | Community lists are user defined lists of community attribute values. These |
1855 | lists can be used for matching or manipulating the communities attribute in | |
1856 | UPDATE messages. | |
42fc5d26 | 1857 | |
aa9eafa4 | 1858 | There are two types of community list: |
c1a54c05 | 1859 | |
aa9eafa4 | 1860 | standard |
56f0bea7 | 1861 | This type accepts an explicit value for the attribute. |
aa9eafa4 QY |
1862 | |
1863 | expanded | |
1864 | This type accepts a regular expression. Because the regex must be | |
1865 | interpreted on each use expanded community lists are slower than standard | |
1866 | lists. | |
42fc5d26 | 1867 | |
a64e0ee5 DA |
1868 | .. index:: bgp community-list standard NAME permit|deny COMMUNITY |
1869 | .. clicmd:: bgp community-list standard NAME permit|deny COMMUNITY | |
42fc5d26 | 1870 | |
aa9eafa4 QY |
1871 | This command defines a new standard community list. ``COMMUNITY`` is |
1872 | communities value. The ``COMMUNITY`` is compiled into community structure. | |
1873 | We can define multiple community list under same name. In that case match | |
1874 | will happen user defined order. Once the community list matches to | |
1875 | communities attribute in BGP updates it return permit or deny by the | |
1876 | community list definition. When there is no matched entry, deny will be | |
1877 | returned. When ``COMMUNITY`` is empty it matches to any routes. | |
42fc5d26 | 1878 | |
a64e0ee5 DA |
1879 | .. index:: bgp community-list expanded NAME permit|deny COMMUNITY |
1880 | .. clicmd:: bgp community-list expanded NAME permit|deny COMMUNITY | |
42fc5d26 | 1881 | |
aa9eafa4 QY |
1882 | This command defines a new expanded community list. ``COMMUNITY`` is a |
1883 | string expression of communities attribute. ``COMMUNITY`` can be a regular | |
1884 | expression (:ref:`bgp-regular-expressions`) to match the communities | |
47f47873 PG |
1885 | attribute in BGP updates. The expanded community is only used to filter, |
1886 | not `set` actions. | |
42fc5d26 | 1887 | |
aa9eafa4 QY |
1888 | .. deprecated:: 5.0 |
1889 | It is recommended to use the more explicit versions of this command. | |
42fc5d26 | 1890 | |
a64e0ee5 DA |
1891 | .. index:: bgp community-list NAME permit|deny COMMUNITY |
1892 | .. clicmd:: bgp community-list NAME permit|deny COMMUNITY | |
aa9eafa4 QY |
1893 | |
1894 | When the community list type is not specified, the community list type is | |
1895 | automatically detected. If ``COMMUNITY`` can be compiled into communities | |
1896 | attribute, the community list is defined as a standard community list. | |
1897 | Otherwise it is defined as an expanded community list. This feature is left | |
1898 | for backward compatibility. Use of this feature is not recommended. | |
42fc5d26 | 1899 | |
42fc5d26 | 1900 | |
a64e0ee5 DA |
1901 | .. index:: no bgp community-list [standard|expanded] NAME |
1902 | .. clicmd:: no bgp community-list [standard|expanded] NAME | |
42fc5d26 | 1903 | |
aa9eafa4 QY |
1904 | Deletes the community list specified by ``NAME``. All community lists share |
1905 | the same namespace, so it's not necessary to specify ``standard`` or | |
1906 | ``expanded``; these modifiers are purely aesthetic. | |
42fc5d26 | 1907 | |
36dc43aa DA |
1908 | .. index:: show bgp community-list [NAME detail] |
1909 | .. clicmd:: show bgp community-list [NAME detail] | |
42fc5d26 | 1910 | |
aa9eafa4 QY |
1911 | Displays community list information. When ``NAME`` is specified the |
1912 | specified community list's information is shown. | |
c3c5a71f | 1913 | |
c1a54c05 | 1914 | :: |
76bd1499 | 1915 | |
a64e0ee5 | 1916 | # show bgp community-list |
c1a54c05 QY |
1917 | Named Community standard list CLIST |
1918 | permit 7675:80 7675:100 no-export | |
1919 | deny internet | |
1920 | Named Community expanded list EXPAND | |
1921 | permit : | |
76bd1499 | 1922 | |
36dc43aa | 1923 | # show bgp community-list CLIST detail |
c1a54c05 QY |
1924 | Named Community standard list CLIST |
1925 | permit 7675:80 7675:100 no-export | |
1926 | deny internet | |
42fc5d26 | 1927 | |
42fc5d26 | 1928 | |
8fcedbd2 | 1929 | .. _bgp-numbered-community-lists: |
42fc5d26 | 1930 | |
8fcedbd2 QY |
1931 | Numbered Community Lists |
1932 | ^^^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 QY |
1933 | |
1934 | When number is used for BGP community list name, the number has | |
c3c5a71f QY |
1935 | special meanings. Community list number in the range from 1 and 99 is |
1936 | standard community list. Community list number in the range from 100 | |
1937 | to 199 is expanded community list. These community lists are called | |
1938 | as numbered community lists. On the other hand normal community lists | |
42fc5d26 QY |
1939 | is called as named community lists. |
1940 | ||
a64e0ee5 DA |
1941 | .. index:: bgp community-list (1-99) permit|deny COMMUNITY |
1942 | .. clicmd:: bgp community-list (1-99) permit|deny COMMUNITY | |
42fc5d26 | 1943 | |
aa9eafa4 QY |
1944 | This command defines a new community list. The argument to (1-99) defines |
1945 | the list identifier. | |
42fc5d26 | 1946 | |
a64e0ee5 DA |
1947 | .. index:: bgp community-list (100-199) permit|deny COMMUNITY |
1948 | .. clicmd:: bgp community-list (100-199) permit|deny COMMUNITY | |
42fc5d26 | 1949 | |
aa9eafa4 QY |
1950 | This command defines a new expanded community list. The argument to |
1951 | (100-199) defines the list identifier. | |
42fc5d26 | 1952 | |
8fcedbd2 | 1953 | .. _bgp-using-communities-in-route-map: |
42fc5d26 | 1954 | |
8fcedbd2 QY |
1955 | Using Communities in Route Maps |
1956 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 1957 | |
aa9eafa4 QY |
1958 | In :ref:`route-map` we can match on or set the BGP communities attribute. Using |
1959 | this feature network operator can implement their network policy based on BGP | |
1960 | communities attribute. | |
42fc5d26 | 1961 | |
b91bf5bd | 1962 | The following commands can be used in route maps: |
42fc5d26 | 1963 | |
aa9eafa4 QY |
1964 | .. index:: match community WORD exact-match [exact-match] |
1965 | .. clicmd:: match community WORD exact-match [exact-match] | |
42fc5d26 | 1966 | |
c1a54c05 QY |
1967 | This command perform match to BGP updates using community list WORD. When |
1968 | the one of BGP communities value match to the one of communities value in | |
d1e7591e | 1969 | community list, it is match. When `exact-match` keyword is specified, match |
c1a54c05 QY |
1970 | happen only when BGP updates have completely same communities value |
1971 | specified in the community list. | |
42fc5d26 | 1972 | |
aa9eafa4 QY |
1973 | .. index:: set community <none|COMMUNITY> additive |
1974 | .. clicmd:: set community <none|COMMUNITY> additive | |
42fc5d26 | 1975 | |
aa9eafa4 QY |
1976 | This command sets the community value in BGP updates. If the attribute is |
1977 | already configured, the newly provided value replaces the old one unless the | |
1978 | ``additive`` keyword is specified, in which case the new value is appended | |
1979 | to the existing value. | |
42fc5d26 | 1980 | |
aa9eafa4 QY |
1981 | If ``none`` is specified as the community value, the communities attribute |
1982 | is not sent. | |
42fc5d26 | 1983 | |
47f47873 PG |
1984 | It is not possible to set an expanded community list. |
1985 | ||
c1a54c05 | 1986 | .. index:: set comm-list WORD delete |
29adcd50 | 1987 | .. clicmd:: set comm-list WORD delete |
c1a54c05 | 1988 | |
aa9eafa4 QY |
1989 | This command remove communities value from BGP communities attribute. The |
1990 | ``word`` is community list name. When BGP route's communities value matches | |
1991 | to the community list ``word``, the communities value is removed. When all | |
1992 | of communities value is removed eventually, the BGP update's communities | |
1993 | attribute is completely removed. | |
42fc5d26 | 1994 | |
8fcedbd2 | 1995 | .. _bgp-communities-example: |
c1a54c05 | 1996 | |
8fcedbd2 QY |
1997 | Example Configuration |
1998 | ^^^^^^^^^^^^^^^^^^^^^ | |
9eb95b3b | 1999 | |
8fcedbd2 QY |
2000 | The following configuration is exemplary of the most typical usage of BGP |
2001 | communities attribute. In the example, AS 7675 provides an upstream Internet | |
2002 | connection to AS 100. When the following configuration exists in AS 7675, the | |
2003 | network operator of AS 100 can set local preference in AS 7675 network by | |
2004 | setting BGP communities attribute to the updates. | |
9eb95b3b QY |
2005 | |
2006 | .. code-block:: frr | |
c1a54c05 QY |
2007 | |
2008 | router bgp 7675 | |
2009 | neighbor 192.168.0.1 remote-as 100 | |
2010 | address-family ipv4 unicast | |
2011 | neighbor 192.168.0.1 route-map RMAP in | |
2012 | exit-address-family | |
2013 | ! | |
a64e0ee5 DA |
2014 | bgp community-list 70 permit 7675:70 |
2015 | bgp community-list 70 deny | |
2016 | bgp community-list 80 permit 7675:80 | |
2017 | bgp community-list 80 deny | |
2018 | bgp community-list 90 permit 7675:90 | |
2019 | bgp community-list 90 deny | |
c1a54c05 QY |
2020 | ! |
2021 | route-map RMAP permit 10 | |
2022 | match community 70 | |
2023 | set local-preference 70 | |
2024 | ! | |
2025 | route-map RMAP permit 20 | |
2026 | match community 80 | |
2027 | set local-preference 80 | |
2028 | ! | |
2029 | route-map RMAP permit 30 | |
2030 | match community 90 | |
2031 | set local-preference 90 | |
c3c5a71f | 2032 | |
42fc5d26 | 2033 | |
8fcedbd2 QY |
2034 | The following configuration announces ``10.0.0.0/8`` from AS 100 to AS 7675. |
2035 | The route has communities value ``7675:80`` so when above configuration exists | |
2036 | in AS 7675, the announced routes' local preference value will be set to 80. | |
9eb95b3b QY |
2037 | |
2038 | .. code-block:: frr | |
c1a54c05 QY |
2039 | |
2040 | router bgp 100 | |
2041 | network 10.0.0.0/8 | |
2042 | neighbor 192.168.0.2 remote-as 7675 | |
2043 | address-family ipv4 unicast | |
2044 | neighbor 192.168.0.2 route-map RMAP out | |
2045 | exit-address-family | |
2046 | ! | |
2047 | ip prefix-list PLIST permit 10.0.0.0/8 | |
2048 | ! | |
2049 | route-map RMAP permit 10 | |
2050 | match ip address prefix-list PLIST | |
2051 | set community 7675:80 | |
c3c5a71f | 2052 | |
42fc5d26 | 2053 | |
8fcedbd2 QY |
2054 | The following configuration is an example of BGP route filtering using |
2055 | communities attribute. This configuration only permit BGP routes which has BGP | |
2056 | communities value ``0:80`` or ``0:90``. The network operator can set special | |
2057 | internal communities value at BGP border router, then limit the BGP route | |
2058 | announcements into the internal network. | |
9eb95b3b QY |
2059 | |
2060 | .. code-block:: frr | |
42fc5d26 | 2061 | |
c1a54c05 QY |
2062 | router bgp 7675 |
2063 | neighbor 192.168.0.1 remote-as 100 | |
2064 | address-family ipv4 unicast | |
2065 | neighbor 192.168.0.1 route-map RMAP in | |
2066 | exit-address-family | |
2067 | ! | |
a64e0ee5 | 2068 | bgp community-list 1 permit 0:80 0:90 |
c1a54c05 QY |
2069 | ! |
2070 | route-map RMAP permit in | |
2071 | match community 1 | |
c3c5a71f | 2072 | |
42fc5d26 | 2073 | |
8fcedbd2 QY |
2074 | The following example filters BGP routes which have a community value of |
2075 | ``1:1``. When there is no match community-list returns ``deny``. To avoid | |
2076 | filtering all routes, a ``permit`` line is set at the end of the | |
2077 | community-list. | |
9eb95b3b QY |
2078 | |
2079 | .. code-block:: frr | |
42fc5d26 | 2080 | |
c1a54c05 QY |
2081 | router bgp 7675 |
2082 | neighbor 192.168.0.1 remote-as 100 | |
2083 | address-family ipv4 unicast | |
2084 | neighbor 192.168.0.1 route-map RMAP in | |
2085 | exit-address-family | |
2086 | ! | |
a64e0ee5 DA |
2087 | bgp community-list standard FILTER deny 1:1 |
2088 | bgp community-list standard FILTER permit | |
c1a54c05 QY |
2089 | ! |
2090 | route-map RMAP permit 10 | |
2091 | match community FILTER | |
c3c5a71f | 2092 | |
42fc5d26 | 2093 | |
8fcedbd2 QY |
2094 | The communities value keyword ``internet`` has special meanings in standard |
2095 | community lists. In the below example ``internet`` matches all BGP routes even | |
2096 | if the route does not have communities attribute at all. So community list | |
2097 | ``INTERNET`` is the same as ``FILTER`` in the previous example. | |
9eb95b3b QY |
2098 | |
2099 | .. code-block:: frr | |
42fc5d26 | 2100 | |
a64e0ee5 DA |
2101 | bgp community-list standard INTERNET deny 1:1 |
2102 | bgp community-list standard INTERNET permit internet | |
c3c5a71f | 2103 | |
42fc5d26 | 2104 | |
8fcedbd2 QY |
2105 | The following configuration is an example of communities value deletion. With |
2106 | this configuration the community values ``100:1`` and ``100:2`` are removed | |
2107 | from BGP updates. For communities value deletion, only ``permit`` | |
2108 | community-list is used. ``deny`` community-list is ignored. | |
9eb95b3b QY |
2109 | |
2110 | .. code-block:: frr | |
42fc5d26 | 2111 | |
c1a54c05 QY |
2112 | router bgp 7675 |
2113 | neighbor 192.168.0.1 remote-as 100 | |
2114 | address-family ipv4 unicast | |
2115 | neighbor 192.168.0.1 route-map RMAP in | |
2116 | exit-address-family | |
2117 | ! | |
a64e0ee5 | 2118 | bgp community-list standard DEL permit 100:1 100:2 |
c1a54c05 QY |
2119 | ! |
2120 | route-map RMAP permit 10 | |
2121 | set comm-list DEL delete | |
c3c5a71f | 2122 | |
42fc5d26 | 2123 | |
0efdf0fe | 2124 | .. _bgp-extended-communities-attribute: |
42fc5d26 | 2125 | |
8fcedbd2 QY |
2126 | Extended Communities Attribute |
2127 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 2128 | |
c1a54c05 QY |
2129 | BGP extended communities attribute is introduced with MPLS VPN/BGP technology. |
2130 | MPLS VPN/BGP expands capability of network infrastructure to provide VPN | |
2131 | functionality. At the same time it requires a new framework for policy routing. | |
2132 | With BGP Extended Communities Attribute we can use Route Target or Site of | |
2133 | Origin for implementing network policy for MPLS VPN/BGP. | |
42fc5d26 | 2134 | |
c1a54c05 QY |
2135 | BGP Extended Communities Attribute is similar to BGP Communities Attribute. It |
2136 | is an optional transitive attribute. BGP Extended Communities Attribute can | |
2137 | carry multiple Extended Community value. Each Extended Community value is | |
2138 | eight octet length. | |
42fc5d26 | 2139 | |
c1a54c05 QY |
2140 | BGP Extended Communities Attribute provides an extended range compared with BGP |
2141 | Communities Attribute. Adding to that there is a type field in each value to | |
2142 | provides community space structure. | |
42fc5d26 | 2143 | |
c1a54c05 QY |
2144 | There are two format to define Extended Community value. One is AS based format |
2145 | the other is IP address based format. | |
42fc5d26 | 2146 | |
8fcedbd2 QY |
2147 | ``AS:VAL`` |
2148 | This is a format to define AS based Extended Community value. ``AS`` part | |
2149 | is 2 octets Global Administrator subfield in Extended Community value. | |
2150 | ``VAL`` part is 4 octets Local Administrator subfield. ``7675:100`` | |
2151 | represents AS 7675 policy value 100. | |
42fc5d26 | 2152 | |
8fcedbd2 | 2153 | ``IP-Address:VAL`` |
c1a54c05 | 2154 | This is a format to define IP address based Extended Community value. |
8fcedbd2 QY |
2155 | ``IP-Address`` part is 4 octets Global Administrator subfield. ``VAL`` part |
2156 | is 2 octets Local Administrator subfield. | |
42fc5d26 | 2157 | |
0efdf0fe | 2158 | .. _bgp-extended-community-lists: |
42fc5d26 | 2159 | |
8fcedbd2 QY |
2160 | Extended Community Lists |
2161 | ^^^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 2162 | |
a64e0ee5 DA |
2163 | .. index:: bgp extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
2164 | .. clicmd:: bgp extcommunity-list standard NAME permit|deny EXTCOMMUNITY | |
42fc5d26 | 2165 | |
4da7fda3 QY |
2166 | This command defines a new standard extcommunity-list. `extcommunity` is |
2167 | extended communities value. The `extcommunity` is compiled into extended | |
2168 | community structure. We can define multiple extcommunity-list under same | |
2169 | name. In that case match will happen user defined order. Once the | |
2170 | extcommunity-list matches to extended communities attribute in BGP updates | |
2171 | it return permit or deny based upon the extcommunity-list definition. When | |
2172 | there is no matched entry, deny will be returned. When `extcommunity` is | |
2173 | empty it matches to any routes. | |
42fc5d26 | 2174 | |
a64e0ee5 DA |
2175 | .. index:: bgp extcommunity-list expanded NAME permit|deny LINE |
2176 | .. clicmd:: bgp extcommunity-list expanded NAME permit|deny LINE | |
42fc5d26 | 2177 | |
4da7fda3 QY |
2178 | This command defines a new expanded extcommunity-list. `line` is a string |
2179 | expression of extended communities attribute. `line` can be a regular | |
2180 | expression (:ref:`bgp-regular-expressions`) to match an extended communities | |
2181 | attribute in BGP updates. | |
42fc5d26 | 2182 | |
a64e0ee5 DA |
2183 | .. index:: no bgp extcommunity-list NAME |
2184 | .. clicmd:: no bgp extcommunity-list NAME | |
42fc5d26 | 2185 | |
a64e0ee5 DA |
2186 | .. index:: no bgp extcommunity-list standard NAME |
2187 | .. clicmd:: no bgp extcommunity-list standard NAME | |
42fc5d26 | 2188 | |
a64e0ee5 DA |
2189 | .. index:: no bgp extcommunity-list expanded NAME |
2190 | .. clicmd:: no bgp extcommunity-list expanded NAME | |
42fc5d26 | 2191 | |
4da7fda3 QY |
2192 | These commands delete extended community lists specified by `name`. All of |
2193 | extended community lists shares a single name space. So extended community | |
d1e7591e | 2194 | lists can be removed simply specifying the name. |
42fc5d26 | 2195 | |
a64e0ee5 DA |
2196 | .. index:: show bgp extcommunity-list |
2197 | .. clicmd:: show bgp extcommunity-list | |
42fc5d26 | 2198 | |
36dc43aa DA |
2199 | .. index:: show bgp extcommunity-list NAME detail |
2200 | .. clicmd:: show bgp extcommunity-list NAME detail | |
c1a54c05 | 2201 | |
4da7fda3 | 2202 | This command displays current extcommunity-list information. When `name` is |
9eb95b3b | 2203 | specified the community list's information is shown.:: |
42fc5d26 | 2204 | |
a64e0ee5 | 2205 | # show bgp extcommunity-list |
c3c5a71f | 2206 | |
42fc5d26 | 2207 | |
0efdf0fe | 2208 | .. _bgp-extended-communities-in-route-map: |
42fc5d26 QY |
2209 | |
2210 | BGP Extended Communities in Route Map | |
8fcedbd2 | 2211 | """"""""""""""""""""""""""""""""""""" |
42fc5d26 | 2212 | |
c3c5a71f | 2213 | .. index:: match extcommunity WORD |
29adcd50 | 2214 | .. clicmd:: match extcommunity WORD |
42fc5d26 | 2215 | |
c1a54c05 | 2216 | .. index:: set extcommunity rt EXTCOMMUNITY |
29adcd50 | 2217 | .. clicmd:: set extcommunity rt EXTCOMMUNITY |
42fc5d26 | 2218 | |
c1a54c05 | 2219 | This command set Route Target value. |
42fc5d26 | 2220 | |
c1a54c05 | 2221 | .. index:: set extcommunity soo EXTCOMMUNITY |
29adcd50 | 2222 | .. clicmd:: set extcommunity soo EXTCOMMUNITY |
c1a54c05 QY |
2223 | |
2224 | This command set Site of Origin value. | |
42fc5d26 | 2225 | |
ed647ed2 | 2226 | .. index:: set extcommunity bandwidth <(1-25600) | cumulative | num-multipaths> [non-transitive] |
2227 | .. clicmd:: set extcommunity bandwidth <(1-25600) | cumulative | num-multipaths> [non-transitive] | |
2228 | ||
2229 | This command sets the BGP link-bandwidth extended community for the prefix | |
2230 | (best path) for which it is applied. The link-bandwidth can be specified as | |
2231 | an ``explicit value`` (specified in Mbps), or the router can be told to use | |
2232 | the ``cumulative bandwidth`` of all multipaths for the prefix or to compute | |
2233 | it based on the ``number of multipaths``. The link bandwidth extended | |
2234 | community is encoded as ``transitive`` unless the set command explicitly | |
2235 | configures it as ``non-transitive``. | |
2236 | ||
2237 | .. seealso:: :ref:`wecmp_linkbw` | |
47f47873 PG |
2238 | |
2239 | Note that the extended expanded community is only used for `match` rule, not for | |
2240 | `set` actions. | |
2241 | ||
0efdf0fe | 2242 | .. _bgp-large-communities-attribute: |
42fc5d26 | 2243 | |
8fcedbd2 QY |
2244 | Large Communities Attribute |
2245 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 QY |
2246 | |
2247 | The BGP Large Communities attribute was introduced in Feb 2017 with | |
c1a54c05 | 2248 | :rfc:`8092`. |
42fc5d26 | 2249 | |
8fcedbd2 QY |
2250 | The BGP Large Communities Attribute is similar to the BGP Communities Attribute |
2251 | except that it has 3 components instead of two and each of which are 4 octets | |
2252 | in length. Large Communities bring additional functionality and convenience | |
2253 | over traditional communities, specifically the fact that the ``GLOBAL`` part | |
2254 | below is now 4 octets wide allowing seamless use in networks using 4-byte ASNs. | |
2255 | ||
2256 | ``GLOBAL:LOCAL1:LOCAL2`` | |
2257 | This is the format to define Large Community values. Referencing :rfc:`8195` | |
2258 | the values are commonly referred to as follows: | |
2259 | ||
2260 | - The ``GLOBAL`` part is a 4 octet Global Administrator field, commonly used | |
2261 | as the operators AS number. | |
2262 | - The ``LOCAL1`` part is a 4 octet Local Data Part 1 subfield referred to as | |
2263 | a function. | |
2264 | - The ``LOCAL2`` part is a 4 octet Local Data Part 2 field and referred to | |
2265 | as the parameter subfield. | |
2266 | ||
2267 | As an example, ``65551:1:10`` represents AS 65551 function 1 and parameter | |
2268 | 10. The referenced RFC above gives some guidelines on recommended usage. | |
42fc5d26 | 2269 | |
0efdf0fe | 2270 | .. _bgp-large-community-lists: |
42fc5d26 | 2271 | |
8fcedbd2 QY |
2272 | Large Community Lists |
2273 | """"""""""""""""""""" | |
42fc5d26 QY |
2274 | |
2275 | Two types of large community lists are supported, namely `standard` and | |
2276 | `expanded`. | |
2277 | ||
a64e0ee5 DA |
2278 | .. index:: bgp large-community-list standard NAME permit|deny LARGE-COMMUNITY |
2279 | .. clicmd:: bgp large-community-list standard NAME permit|deny LARGE-COMMUNITY | |
42fc5d26 | 2280 | |
4da7fda3 QY |
2281 | This command defines a new standard large-community-list. `large-community` |
2282 | is the Large Community value. We can add multiple large communities under | |
2283 | same name. In that case the match will happen in the user defined order. | |
2284 | Once the large-community-list matches the Large Communities attribute in BGP | |
2285 | updates it will return permit or deny based upon the large-community-list | |
2286 | definition. When there is no matched entry, a deny will be returned. When | |
2287 | `large-community` is empty it matches any routes. | |
42fc5d26 | 2288 | |
a64e0ee5 DA |
2289 | .. index:: bgp large-community-list expanded NAME permit|deny LINE |
2290 | .. clicmd:: bgp large-community-list expanded NAME permit|deny LINE | |
42fc5d26 | 2291 | |
4da7fda3 QY |
2292 | This command defines a new expanded large-community-list. Where `line` is a |
2293 | string matching expression, it will be compared to the entire Large | |
2294 | Communities attribute as a string, with each large-community in order from | |
2295 | lowest to highest. `line` can also be a regular expression which matches | |
2296 | this Large Community attribute. | |
42fc5d26 | 2297 | |
a64e0ee5 DA |
2298 | .. index:: no bgp large-community-list NAME |
2299 | .. clicmd:: no bgp large-community-list NAME | |
42fc5d26 | 2300 | |
a64e0ee5 DA |
2301 | .. index:: no bgp large-community-list standard NAME |
2302 | .. clicmd:: no bgp large-community-list standard NAME | |
42fc5d26 | 2303 | |
a64e0ee5 DA |
2304 | .. index:: no bgp large-community-list expanded NAME |
2305 | .. clicmd:: no bgp large-community-list expanded NAME | |
42fc5d26 | 2306 | |
4da7fda3 QY |
2307 | These commands delete Large Community lists specified by `name`. All Large |
2308 | Community lists share a single namespace. This means Large Community lists | |
2309 | can be removed by simply specifying the name. | |
42fc5d26 | 2310 | |
a64e0ee5 DA |
2311 | .. index:: show bgp large-community-list |
2312 | .. clicmd:: show bgp large-community-list | |
42fc5d26 | 2313 | |
36dc43aa DA |
2314 | .. index:: show bgp large-community-list NAME detail |
2315 | .. clicmd:: show bgp large-community-list NAME detail | |
42fc5d26 | 2316 | |
c1a54c05 QY |
2317 | This command display current large-community-list information. When |
2318 | `name` is specified the community list information is shown. | |
42fc5d26 | 2319 | |
c1a54c05 | 2320 | .. index:: show ip bgp large-community-info |
29adcd50 | 2321 | .. clicmd:: show ip bgp large-community-info |
c1a54c05 QY |
2322 | |
2323 | This command displays the current large communities in use. | |
42fc5d26 | 2324 | |
0efdf0fe | 2325 | .. _bgp-large-communities-in-route-map: |
42fc5d26 | 2326 | |
8fcedbd2 QY |
2327 | Large Communities in Route Map |
2328 | """""""""""""""""""""""""""""" | |
42fc5d26 | 2329 | |
03ff9a14 | 2330 | .. index:: match large-community LINE [exact-match] |
2331 | .. clicmd:: match large-community LINE [exact-match] | |
42fc5d26 | 2332 | |
4da7fda3 QY |
2333 | Where `line` can be a simple string to match, or a regular expression. It |
2334 | is very important to note that this match occurs on the entire | |
c1a54c05 | 2335 | large-community string as a whole, where each large-community is ordered |
03ff9a14 | 2336 | from lowest to highest. When `exact-match` keyword is specified, match |
2337 | happen only when BGP updates have completely same large communities value | |
2338 | specified in the large community list. | |
42fc5d26 | 2339 | |
c1a54c05 | 2340 | .. index:: set large-community LARGE-COMMUNITY |
29adcd50 | 2341 | .. clicmd:: set large-community LARGE-COMMUNITY |
42fc5d26 | 2342 | |
c1a54c05 | 2343 | .. index:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
29adcd50 | 2344 | .. clicmd:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
42fc5d26 | 2345 | |
c1a54c05 | 2346 | .. index:: set large-community LARGE-COMMUNITY additive |
29adcd50 | 2347 | .. clicmd:: set large-community LARGE-COMMUNITY additive |
c1a54c05 QY |
2348 | |
2349 | These commands are used for setting large-community values. The first | |
2350 | command will overwrite any large-communities currently present. | |
2351 | The second specifies two large-communities, which overwrites the current | |
2352 | large-community list. The third will add a large-community value without | |
2353 | overwriting other values. Multiple large-community values can be specified. | |
42fc5d26 | 2354 | |
47f47873 PG |
2355 | Note that the large expanded community is only used for `match` rule, not for |
2356 | `set` actions. | |
b572f826 | 2357 | |
c8a5e5e1 | 2358 | .. _bgp-l3vpn-vrfs: |
b572f826 | 2359 | |
c8a5e5e1 QY |
2360 | L3VPN VRFs |
2361 | ---------- | |
b572f826 | 2362 | |
c8a5e5e1 QY |
2363 | *bgpd* supports :abbr:`L3VPN (Layer 3 Virtual Private Networks)` :abbr:`VRFs |
2364 | (Virtual Routing and Forwarding)` for IPv4 :rfc:`4364` and IPv6 :rfc:`4659`. | |
2365 | L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN | |
2366 | SAFI neighbors in the *default*, i.e., non VRF, BGP instance. VRF MPLS labels | |
2367 | are reached using *core* MPLS labels which are distributed using LDP or BGP | |
2368 | labeled unicast. *bgpd* also supports inter-VRF route leaking. | |
b572f826 | 2369 | |
b572f826 | 2370 | |
c8a5e5e1 | 2371 | .. _bgp-vrf-route-leaking: |
8fcedbd2 QY |
2372 | |
2373 | VRF Route Leaking | |
c8a5e5e1 | 2374 | ----------------- |
8fcedbd2 QY |
2375 | |
2376 | BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN | |
f90115c5 LB |
2377 | SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may |
2378 | also be leaked between any VRFs (including the unicast RIB of the default BGP | |
2379 | instanced). A shortcut syntax is also available for specifying leaking from one | |
2380 | VRF to another VRF using the default instance's VPN RIB as the intemediary. A | |
2381 | common application of the VRF-VRF feature is to connect a customer's private | |
8fcedbd2 QY |
2382 | routing domain to a provider's VPN service. Leaking is configured from the |
2383 | point of view of an individual VRF: ``import`` refers to routes leaked from VPN | |
2384 | to a unicast VRF, whereas ``export`` refers to routes leaked from a unicast VRF | |
2385 | to VPN. | |
2386 | ||
2387 | Required parameters | |
c8a5e5e1 | 2388 | ^^^^^^^^^^^^^^^^^^^ |
b572f826 | 2389 | |
4da7fda3 QY |
2390 | Routes exported from a unicast VRF to the VPN RIB must be augmented by two |
2391 | parameters: | |
2392 | ||
2393 | - an :abbr:`RD (Route Distinguisher)` | |
2394 | - an :abbr:`RTLIST (Route-target List)` | |
2395 | ||
2396 | Configuration for these exported routes must, at a minimum, specify these two | |
2397 | parameters. | |
2398 | ||
2399 | Routes imported from the VPN RIB to a unicast VRF are selected according to | |
2400 | their RTLISTs. Routes whose RTLIST contains at least one route-target in | |
2401 | common with the configured import RTLIST are leaked. Configuration for these | |
2402 | imported routes must specify an RTLIST to be matched. | |
2403 | ||
2404 | The RD, which carries no semantic value, is intended to make the route unique | |
2405 | in the VPN RIB among all routes of its prefix that originate from all the | |
2406 | customers and sites that are attached to the provider's VPN service. | |
2407 | Accordingly, each site of each customer is typically assigned an RD that is | |
2408 | unique across the entire provider network. | |
2409 | ||
2410 | The RTLIST is a set of route-target extended community values whose purpose is | |
2411 | to specify route-leaking policy. Typically, a customer is assigned a single | |
2412 | route-target value for import and export to be used at all customer sites. This | |
2413 | configuration specifies a simple topology wherein a customer has a single | |
2414 | routing domain which is shared across all its sites. More complex routing | |
2415 | topologies are possible through use of additional route-targets to augment the | |
2416 | leaking of sets of routes in various ways. | |
b572f826 | 2417 | |
e967a1d0 DS |
2418 | When using the shortcut syntax for vrf-to-vrf leaking, the RD and RT are |
2419 | auto-derived. | |
fb3d9f3e | 2420 | |
8fcedbd2 | 2421 | General configuration |
c8a5e5e1 | 2422 | ^^^^^^^^^^^^^^^^^^^^^ |
b572f826 | 2423 | |
f90115c5 | 2424 | Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB |
4da7fda3 QY |
2425 | of the default VRF is accomplished via commands in the context of a VRF |
2426 | address-family: | |
b572f826 PZ |
2427 | |
2428 | .. index:: rd vpn export AS:NN|IP:nn | |
2429 | .. clicmd:: rd vpn export AS:NN|IP:nn | |
2430 | ||
4da7fda3 QY |
2431 | Specifies the route distinguisher to be added to a route exported from the |
2432 | current unicast VRF to VPN. | |
b572f826 PZ |
2433 | |
2434 | .. index:: no rd vpn export [AS:NN|IP:nn] | |
2435 | .. clicmd:: no rd vpn export [AS:NN|IP:nn] | |
2436 | ||
2437 | Deletes any previously-configured export route distinguisher. | |
2438 | ||
2439 | .. index:: rt vpn import|export|both RTLIST... | |
2440 | .. clicmd:: rt vpn import|export|both RTLIST... | |
2441 | ||
4da7fda3 QY |
2442 | Specifies the route-target list to be attached to a route (export) or the |
2443 | route-target list to match against (import) when exporting/importing between | |
2444 | the current unicast VRF and VPN. | |
b572f826 | 2445 | |
4da7fda3 QY |
2446 | The RTLIST is a space-separated list of route-targets, which are BGP |
2447 | extended community values as described in | |
b572f826 PZ |
2448 | :ref:`bgp-extended-communities-attribute`. |
2449 | ||
2450 | .. index:: no rt vpn import|export|both [RTLIST...] | |
2451 | .. clicmd:: no rt vpn import|export|both [RTLIST...] | |
2452 | ||
2453 | Deletes any previously-configured import or export route-target list. | |
2454 | ||
e70e9f8e PZ |
2455 | .. index:: label vpn export (0..1048575)|auto |
2456 | .. clicmd:: label vpn export (0..1048575)|auto | |
b572f826 | 2457 | |
8a2124f7 | 2458 | Enables an MPLS label to be attached to a route exported from the current |
2459 | unicast VRF to VPN. If the value specified is ``auto``, the label value is | |
2460 | automatically assigned from a pool maintained by the Zebra daemon. If Zebra | |
2461 | is not running, or if this command is not configured, automatic label | |
2462 | assignment will not complete, which will block corresponding route export. | |
b572f826 | 2463 | |
e70e9f8e PZ |
2464 | .. index:: no label vpn export [(0..1048575)|auto] |
2465 | .. clicmd:: no label vpn export [(0..1048575)|auto] | |
b572f826 PZ |
2466 | |
2467 | Deletes any previously-configured export label. | |
2468 | ||
2469 | .. index:: nexthop vpn export A.B.C.D|X:X::X:X | |
2470 | .. clicmd:: nexthop vpn export A.B.C.D|X:X::X:X | |
2471 | ||
4da7fda3 QY |
2472 | Specifies an optional nexthop value to be assigned to a route exported from |
2473 | the current unicast VRF to VPN. If left unspecified, the nexthop will be set | |
2474 | to 0.0.0.0 or 0:0::0:0 (self). | |
b572f826 PZ |
2475 | |
2476 | .. index:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
2477 | .. clicmd:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
2478 | ||
2479 | Deletes any previously-configured export nexthop. | |
2480 | ||
2481 | .. index:: route-map vpn import|export MAP | |
2482 | .. clicmd:: route-map vpn import|export MAP | |
2483 | ||
4da7fda3 | 2484 | Specifies an optional route-map to be applied to routes imported or exported |
d1e7591e | 2485 | between the current unicast VRF and VPN. |
b572f826 PZ |
2486 | |
2487 | .. index:: no route-map vpn import|export [MAP] | |
2488 | .. clicmd:: no route-map vpn import|export [MAP] | |
2489 | ||
2490 | Deletes any previously-configured import or export route-map. | |
2491 | ||
2492 | .. index:: import|export vpn | |
2493 | .. clicmd:: import|export vpn | |
2494 | ||
d1e7591e | 2495 | Enables import or export of routes between the current unicast VRF and VPN. |
b572f826 PZ |
2496 | |
2497 | .. index:: no import|export vpn | |
2498 | .. clicmd:: no import|export vpn | |
2499 | ||
d1e7591e | 2500 | Disables import or export of routes between the current unicast VRF and VPN. |
b572f826 | 2501 | |
fb3d9f3e DS |
2502 | .. index:: import vrf VRFNAME |
2503 | .. clicmd:: import vrf VRFNAME | |
2504 | ||
e967a1d0 DS |
2505 | Shortcut syntax for specifying automatic leaking from vrf VRFNAME to |
2506 | the current VRF using the VPN RIB as intermediary. The RD and RT | |
2507 | are auto derived and should not be specified explicitly for either the | |
2508 | source or destination VRF's. | |
2509 | ||
2510 | This shortcut syntax mode is not compatible with the explicit | |
2511 | `import vpn` and `export vpn` statements for the two VRF's involved. | |
2512 | The CLI will disallow attempts to configure incompatible leaking | |
2513 | modes. | |
fb3d9f3e DS |
2514 | |
2515 | .. index:: no import vrf VRFNAME | |
2516 | .. clicmd:: no import vrf VRFNAME | |
2517 | ||
e967a1d0 DS |
2518 | Disables automatic leaking from vrf VRFNAME to the current VRF using |
2519 | the VPN RIB as intermediary. | |
b572f826 | 2520 | |
42fc5d26 | 2521 | |
b6c34e85 CS |
2522 | .. _bgp-evpn: |
2523 | ||
2524 | Ethernet Virtual Network - EVPN | |
2525 | ------------------------------- | |
2526 | ||
2527 | .. _bgp-evpn-advertise-pip: | |
2528 | ||
2529 | EVPN advertise-PIP | |
2530 | ^^^^^^^^^^^^^^^^^^ | |
2531 | ||
2532 | In a EVPN symmetric routing MLAG deployment, all EVPN routes advertised | |
2533 | with anycast-IP as next-hop IP and anycast MAC as the Router MAC (RMAC - in | |
2534 | BGP EVPN Extended-Community). | |
2535 | EVPN picks up the next-hop IP from the VxLAN interface's local tunnel IP and | |
2536 | the RMAC is obtained from the MAC of the L3VNI's SVI interface. | |
2537 | Note: Next-hop IP is used for EVPN routes whether symmetric routing is | |
2538 | deployed or not but the RMAC is only relevant for symmetric routing scenario. | |
2539 | ||
2540 | Current behavior is not ideal for Prefix (type-5) and self (type-2) | |
2541 | routes. This is because the traffic from remote VTEPs routed sub optimally | |
2542 | if they land on the system where the route does not belong. | |
2543 | ||
2544 | The advertise-pip feature advertises Prefix (type-5) and self (type-2) | |
2545 | routes with system's individual (primary) IP as the next-hop and individual | |
2546 | (system) MAC as Router-MAC (RMAC), while leaving the behavior unchanged for | |
2547 | other EVPN routes. | |
2548 | ||
2549 | To support this feature there needs to have ability to co-exist a | |
2550 | (system-MAC, system-IP) pair with a (anycast-MAC, anycast-IP) pair with the | |
2551 | ability to terminate VxLAN-encapsulated packets received for either pair on | |
2552 | the same L3VNI (i.e associated VLAN). This capability is need per tenant | |
2553 | VRF instance. | |
2554 | ||
2555 | To derive the system-MAC and the anycast MAC, there needs to have a | |
2556 | separate/additional MAC-VLAN interface corresponding to L3VNI’s SVI. | |
2557 | The SVI interface’s MAC address can be interpreted as system-MAC | |
2558 | and MAC-VLAN interface's MAC as anycast MAC. | |
2559 | ||
2560 | To derive system-IP and anycast-IP, the default BGP instance's router-id is used | |
2561 | as system-IP and the VxLAN interface’s local tunnel IP as the anycast-IP. | |
2562 | ||
2563 | User has an option to configure the system-IP and/or system-MAC value if the | |
2564 | auto derived value is not preferred. | |
2565 | ||
2566 | Note: By default, advertise-pip feature is enabled and user has an option to | |
2567 | disable the feature via configuration CLI. Once the feature is disable under | |
2568 | bgp vrf instance or MAC-VLAN interface is not configured, all the routes follow | |
2569 | the same behavior of using same next-hop and RMAC values. | |
2570 | ||
2571 | .. index:: [no] advertise-pip [ip <addr> [mac <addr>]] | |
2572 | .. clicmd:: [no] advertise-pip [ip <addr> [mac <addr>]] | |
2573 | ||
2574 | Enables or disables advertise-pip feature, specifiy system-IP and/or system-MAC | |
2575 | parameters. | |
2576 | ||
77457939 AK |
2577 | EVPN Multihoming |
2578 | ^^^^^^^^^^^^^^^^ | |
2579 | ||
2580 | All-Active Multihoming is used for redundancy and load sharing. Servers | |
2581 | are attached to two or more PEs and the links are bonded (link-aggregation). | |
2582 | This group of server links is referred to as an Ethernet Segment. | |
2583 | ||
2584 | Ethernet Segments | |
2585 | """"""""""""""""" | |
2586 | An Ethernet Segment can be configured by specifying a system-MAC and a | |
2587 | local discriminatior against the bond interface on the PE (via zebra) - | |
2588 | ||
2589 | .. index:: [no] evpn mh es-id [(1-16777215)$es_lid] | |
2590 | .. clicmd:: [no] evpn mh es-id [(1-16777215)$es_lid] | |
2591 | ||
2592 | .. index:: [no$no] evpn mh es-sys-mac [X:X:X:X:X:X$mac] | |
2593 | .. clicmd:: [no$no] evpn mh es-sys-mac [X:X:X:X:X:X$mac] | |
2594 | ||
2595 | The sys-mac and local discriminator are used for generating a 10-byte, | |
2596 | Type-3 Ethernet Segment ID. | |
2597 | ||
2598 | Type-1 (EAS-per-ES and EAD-per-EVI) routes are used to advertise the locally | |
2599 | attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP | |
2600 | routes are also advertised with a destination ESI allowing for MAC-IP syncing | |
2601 | between Ethernet Segment peers. | |
2602 | Reference: RFC 7432, RFC 8365 | |
2603 | ||
2604 | EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In | |
2605 | multihoming each PE has an unique VTEP address which requires the introduction | |
2606 | of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a | |
2607 | list of remote PEs/VTEPs. | |
2608 | ||
2609 | BUM handling | |
2610 | """""""""""" | |
2611 | Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs | |
2612 | forward BUM traffic received via the overlay network. This implementation | |
2613 | uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df. | |
2614 | The DF preference is configurable per-ES (via zebra) - | |
2615 | ||
2616 | .. index:: [no] evpn mh es-df-pref [(1-16777215)$df_pref] | |
2617 | .. clicmd:: [no] evpn mh es-df-pref [(1-16777215)$df_pref] | |
2618 | ||
2619 | BUM traffic is rxed via the overlay by all PEs attached to a server but | |
2620 | only the DF can forward the de-capsulated traffic to the access port. To | |
2621 | accomodate that non-DF filters are installed in the dataplane to drop | |
2622 | the traffic. | |
2623 | ||
2624 | Similarly traffic received from ES peers via the overlay cannot be forwarded | |
2625 | to the server. This is split-horizon-filtering with local bias. | |
2626 | ||
2627 | Fast failover | |
2628 | """"""""""""" | |
2629 | As the primary purpose of EVPN-MH is redundancy keeping the failover efficient | |
2630 | is a recurring theme in the implementation. Following sub-features have | |
2631 | been introduced for the express purpose of efficient ES failovers. | |
2632 | ||
2633 | - Layer-2 Nexthop Groups and MAC-ECMP via L2NHG. | |
2634 | ||
2635 | - Host routes (for symmetric IRB) via L3NHG. | |
2636 | On dataplanes that support layer3 nexthop groups the feature can be turned | |
2637 | on via the following BGP config - | |
2638 | ||
2639 | .. index:: [no$no] use-es-l3nhg | |
2640 | .. clicmd:: [no$no] use-es-l3nhg | |
2641 | ||
2642 | - Local ES (MAC/Neigh) failover via ES-redirect. | |
2643 | On dataplanes that do not have support for ES-redirect the feature can be | |
2644 | turned off via the following zebra config - | |
2645 | ||
2646 | .. index:: [no$no] evpn mh redirect-off | |
2647 | .. clicmd:: [no$no] evpn mh redirect-off | |
2648 | ||
2649 | Uplink/Core tracking | |
2650 | """""""""""""""""""" | |
2651 | When all the underlay links go down the PE no longer has access to the VxLAN | |
2652 | +overlay. To prevent blackholing of traffic the server/ES links are | |
2653 | protodowned on the PE. A link can be setup for uplink tracking via the | |
2654 | following zebra configuration - | |
2655 | ||
2656 | .. index:: [no] evpn mh uplink | |
2657 | .. clicmd:: [no] evpn mh uplink | |
2658 | ||
2659 | Proxy advertisements | |
2660 | """""""""""""""""""" | |
2661 | To handle hitless upgrades support for proxy advertisement has been added | |
2662 | as specified by draft-rbickhart-evpn-ip-mac-proxy-adv. This allows a PE | |
2663 | (say PE1) to proxy advertise a MAC-IP rxed from an ES peer (say PE2). When | |
2664 | the ES peer (PE2) goes down PE1 continues to advertise hosts learnt from PE2 | |
2665 | for a holdtime during which it attempts to establish local reachability of | |
2666 | the host. This holdtime is configurable via the following zebra commands - | |
2667 | ||
2668 | .. index:: [no$no] evpn mh neigh-holdtime (0-86400)$duration | |
2669 | .. clicmd:: [no$no] evpn mh neigh-holdtime (0-86400)$duration | |
2670 | ||
2671 | .. index:: [no$no] evpn mh mac-holdtime (0-86400)$duration | |
2672 | .. clicmd:: [no$no] evpn mh mac-holdtime (0-86400)$duration | |
2673 | ||
2674 | Startup delay | |
2675 | """"""""""""" | |
2676 | When a switch is rebooted we wait for a brief period to allow the underlay | |
2677 | and EVPN network to converge before enabling the ESs. For this duration the | |
2678 | ES bonds are held protodown. The startup delay is configurable via the | |
2679 | following zebra command - | |
2680 | ||
2681 | .. index:: [no] evpn mh startup-delay(0-3600)$duration | |
2682 | .. clicmd:: [no] evpn mh startup-delay(0-3600)$duration | |
2683 | ||
ee9d0f09 PG |
2684 | +Support with VRF network namespace backend |
2685 | +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
2686 | It is possible to separate overlay networks contained in VXLAN interfaces from | |
2687 | underlay networks by using VRFs. VRF-lite and VRF-netns backends can be used for | |
2688 | that. In the latter case, it is necessary to set both bridge and vxlan interface | |
2689 | in the same network namespace, as below example illustrates: | |
2690 | ||
2691 | .. code-block:: shell | |
2692 | ||
2693 | # linux shell | |
2694 | ip netns add vrf1 | |
2695 | ip link add name vxlan101 type vxlan id 101 dstport 4789 dev eth0 local 10.1.1.1 | |
2696 | ip link set dev vxlan101 netns vrf1 | |
2697 | ip netns exec vrf1 ip link set dev lo up | |
2698 | ip netns exec vrf1 brctl addbr bridge101 | |
2699 | ip netns exec vrf1 brctl addif bridge101 vxlan101 | |
2700 | ||
2701 | This makes it possible to separate not only layer 3 networks like VRF-lite networks. | |
2702 | Also, VRF netns based make possible to separate layer 2 networks on separate VRF | |
2703 | instances. | |
89b97c33 | 2704 | |
7f7940e6 MK |
2705 | .. _bgp-conditional-advertisement: |
2706 | ||
2707 | BGP Conditional Advertisement | |
2708 | ----------------------------- | |
2709 | The BGP conditional advertisement feature uses the ``non-exist-map`` or the | |
2710 | ``exist-map`` and the ``advertise-map`` keywords of the neighbor advertise-map | |
2711 | command in order to track routes by the route prefix. | |
2712 | ||
2713 | ``non-exist-map`` | |
2714 | 1. If a route prefix is not present in the output of non-exist-map command, | |
2715 | then advertise the route specified by the advertise-map command. | |
2716 | ||
2717 | 2. If a route prefix is present in the output of non-exist-map command, | |
2718 | then do not advertise the route specified by the addvertise-map command. | |
2719 | ||
2720 | ``exist-map`` | |
2721 | 1. If a route prefix is present in the output of exist-map command, | |
2722 | then advertise the route specified by the advertise-map command. | |
2723 | ||
2724 | 2. If a route prefix is not present in the output of exist-map command, | |
2725 | then do not advertise the route specified by the advertise-map command. | |
2726 | ||
2727 | This feature is useful when some prefixes are advertised to one of its peers | |
2728 | only if the information from the other peer is not present (due to failure in | |
2729 | peering session or partial reachability etc). | |
2730 | ||
2731 | The conditional BGP announcements are sent in addition to the normal | |
2732 | announcements that a BGP router sends to its peer. | |
2733 | ||
2734 | The conditional advertisement process is triggered by the BGP scanner process, | |
2735 | which runs every 60 seconds. This means that the maximum time for the conditional | |
2736 | advertisement to take effect is 60 seconds. The conditional advertisement can take | |
2737 | effect depending on when the tracked route is removed from the BGP table and | |
2738 | when the next instance of the BGP scanner occurs. | |
2739 | ||
2740 | .. index:: [no] neighbor A.B.C.D advertise-map NAME [exist-map|non-exist-map] NAME | |
2741 | .. clicmd:: [no] neighbor A.B.C.D advertise-map NAME [exist-map|non-exist-map] NAME | |
2742 | ||
fa36596c | 2743 | This command enables BGP scanner process to monitor routes specified by |
7f7940e6 | 2744 | exist-map or non-exist-map command in BGP table and conditionally advertises |
fa36596c | 2745 | the routes specified by advertise-map command. |
7f7940e6 MK |
2746 | |
2747 | Sample Configuration | |
2748 | ^^^^^^^^^^^^^^^^^^^^^ | |
2749 | .. code-block:: frr | |
2750 | ||
fa36596c MK |
2751 | interface enp0s9 |
2752 | ip address 10.10.10.2/24 | |
2753 | ! | |
2754 | interface enp0s10 | |
2755 | ip address 10.10.20.2/24 | |
2756 | ! | |
7f7940e6 | 2757 | interface lo |
fa36596c | 2758 | ip address 203.0.113.1/32 |
7f7940e6 MK |
2759 | ! |
2760 | router bgp 2 | |
2761 | bgp log-neighbor-changes | |
2762 | no bgp ebgp-requires-policy | |
2763 | neighbor 10.10.10.1 remote-as 1 | |
2764 | neighbor 10.10.20.3 remote-as 3 | |
2765 | ! | |
2766 | address-family ipv4 unicast | |
7f7940e6 | 2767 | neighbor 10.10.10.1 soft-reconfiguration inbound |
7f7940e6 | 2768 | neighbor 10.10.20.3 soft-reconfiguration inbound |
fa36596c | 2769 | neighbor 10.10.20.3 advertise-map ADV-MAP non-exist-map EXIST-MAP |
7f7940e6 MK |
2770 | exit-address-family |
2771 | ! | |
fa36596c MK |
2772 | ip prefix-list DEFAULT seq 5 permit 192.0.2.5/32 |
2773 | ip prefix-list DEFAULT seq 10 permit 192.0.2.1/32 | |
2774 | ip prefix-list EXIST seq 5 permit 10.10.10.10/32 | |
2775 | ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0 | |
2776 | ip prefix-list IP1 seq 5 permit 10.139.224.0/20 | |
2777 | ! | |
2778 | bgp community-list standard DC-ROUTES seq 5 permit 64952:3008 | |
2779 | bgp community-list standard DC-ROUTES seq 10 permit 64671:501 | |
2780 | bgp community-list standard DC-ROUTES seq 15 permit 64950:3009 | |
2781 | bgp community-list standard DEFAULT-ROUTE seq 5 permit 65013:200 | |
7f7940e6 | 2782 | ! |
fa36596c MK |
2783 | route-map ADV-MAP permit 10 |
2784 | match ip address prefix-list IP1 | |
7f7940e6 | 2785 | ! |
fa36596c MK |
2786 | route-map ADV-MAP permit 20 |
2787 | match community DC-ROUTES | |
2788 | ! | |
2789 | route-map EXIST-MAP permit 10 | |
2790 | match community DEFAULT-ROUTE | |
2791 | match ip address prefix-list DEFAULT-ROUTE | |
7f7940e6 MK |
2792 | ! |
2793 | ||
2794 | Sample Output | |
2795 | ^^^^^^^^^^^^^ | |
2796 | ||
fa36596c | 2797 | When default route is present in R2'2 BGP table, 10.139.224.0/20 and 192.0.2.1/32 are not advertised to R3. |
7f7940e6 MK |
2798 | |
2799 | .. code-block:: frr | |
2800 | ||
2801 | Router2# show ip bgp | |
fa36596c | 2802 | BGP table version is 20, local router ID is 203.0.113.1, vrf id 0 |
7f7940e6 MK |
2803 | Default local pref 100, local AS 2 |
2804 | Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, | |
2805 | i internal, r RIB-failure, S Stale, R Removed | |
2806 | Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self | |
2807 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
2808 | ||
fa36596c MK |
2809 | Network Next Hop Metric LocPrf Weight Path |
2810 | *> 0.0.0.0/0 10.10.10.1 0 0 1 i | |
2811 | *> 10.139.224.0/20 10.10.10.1 0 0 1 ? | |
2812 | *> 192.0.2.1/32 10.10.10.1 0 0 1 i | |
2813 | *> 192.0.2.5/32 10.10.10.1 0 0 1 i | |
7f7940e6 MK |
2814 | |
2815 | Displayed 4 routes and 4 total paths | |
fa36596c | 2816 | Router2# show ip bgp neighbors 10.10.20.3 |
7f7940e6 MK |
2817 | |
2818 | !--- Output suppressed. | |
2819 | ||
2820 | For address family: IPv4 Unicast | |
fa36596c | 2821 | Update group 7, subgroup 7 |
7f7940e6 MK |
2822 | Packet Queue length 0 |
2823 | Inbound soft reconfiguration allowed | |
2824 | Community attribute sent to this neighbor(all) | |
fa36596c MK |
2825 | Condition NON_EXIST, Condition-map *EXIST-MAP, Advertise-map *ADV-MAP, status: Withdraw |
2826 | 0 accepted prefixes | |
7f7940e6 MK |
2827 | |
2828 | !--- Output suppressed. | |
2829 | ||
fa36596c MK |
2830 | Router2# show ip bgp neighbors 10.10.20.3 advertised-routes |
2831 | BGP table version is 20, local router ID is 203.0.113.1, vrf id 0 | |
7f7940e6 MK |
2832 | Default local pref 100, local AS 2 |
2833 | Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, | |
fa36596c | 2834 | i internal, r RIB-failure, S Stale, R Removed |
7f7940e6 MK |
2835 | Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self |
2836 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
2837 | ||
fa36596c MK |
2838 | Network Next Hop Metric LocPrf Weight Path |
2839 | *> 0.0.0.0/0 0.0.0.0 0 1 i | |
2840 | *> 192.0.2.5/32 0.0.0.0 0 1 i | |
7f7940e6 | 2841 | |
fa36596c | 2842 | Total number of prefixes 2 |
7f7940e6 | 2843 | |
fa36596c | 2844 | When default route is not present in R2'2 BGP table, 10.139.224.0/20 and 192.0.2.1/32 are advertised to R3. |
7f7940e6 MK |
2845 | |
2846 | .. code-block:: frr | |
2847 | ||
2848 | Router2# show ip bgp | |
fa36596c | 2849 | BGP table version is 21, local router ID is 203.0.113.1, vrf id 0 |
7f7940e6 MK |
2850 | Default local pref 100, local AS 2 |
2851 | Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, | |
2852 | i internal, r RIB-failure, S Stale, R Removed | |
2853 | Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self | |
2854 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
2855 | ||
fa36596c MK |
2856 | Network Next Hop Metric LocPrf Weight Path |
2857 | *> 10.139.224.0/20 10.10.10.1 0 0 1 ? | |
2858 | *> 192.0.2.1/32 10.10.10.1 0 0 1 i | |
2859 | *> 192.0.2.5/32 10.10.10.1 0 0 1 i | |
7f7940e6 MK |
2860 | |
2861 | Displayed 3 routes and 3 total paths | |
7f7940e6 | 2862 | |
fa36596c | 2863 | Router2# show ip bgp neighbors 10.10.20.3 |
7f7940e6 MK |
2864 | |
2865 | !--- Output suppressed. | |
2866 | ||
2867 | For address family: IPv4 Unicast | |
fa36596c | 2868 | Update group 7, subgroup 7 |
7f7940e6 MK |
2869 | Packet Queue length 0 |
2870 | Inbound soft reconfiguration allowed | |
2871 | Community attribute sent to this neighbor(all) | |
fa36596c MK |
2872 | Condition NON_EXIST, Condition-map *EXIST-MAP, Advertise-map *ADV-MAP, status: Advertise |
2873 | 0 accepted prefixes | |
7f7940e6 MK |
2874 | |
2875 | !--- Output suppressed. | |
2876 | ||
fa36596c MK |
2877 | Router2# show ip bgp neighbors 10.10.20.3 advertised-routes |
2878 | BGP table version is 21, local router ID is 203.0.113.1, vrf id 0 | |
7f7940e6 MK |
2879 | Default local pref 100, local AS 2 |
2880 | Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, | |
2881 | i internal, r RIB-failure, S Stale, R Removed | |
2882 | Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self | |
2883 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
2884 | ||
fa36596c MK |
2885 | Network Next Hop Metric LocPrf Weight Path |
2886 | *> 10.139.224.0/20 0.0.0.0 0 1 ? | |
2887 | *> 192.0.2.1/32 0.0.0.0 0 1 i | |
2888 | *> 192.0.2.5/32 0.0.0.0 0 1 i | |
7f7940e6 MK |
2889 | |
2890 | Total number of prefixes 3 | |
fa36596c | 2891 | Router2# |
7f7940e6 | 2892 | |
8fcedbd2 QY |
2893 | .. _bgp-debugging: |
2894 | ||
2895 | Debugging | |
2896 | --------- | |
42fc5d26 | 2897 | |
c1a54c05 | 2898 | .. index:: show debug |
29adcd50 | 2899 | .. clicmd:: show debug |
42fc5d26 | 2900 | |
8fcedbd2 | 2901 | Show all enabled debugs. |
42fc5d26 | 2902 | |
54422b46 DS |
2903 | .. index:: show bgp listeners |
2904 | .. clicmd:: show bgp listeners | |
2905 | ||
2906 | Display Listen sockets and the vrf that created them. Useful for debugging of when | |
2907 | listen is not working and this is considered a developer debug statement. | |
2908 | ||
53b758f3 PG |
2909 | .. index:: [no] debug bgp neighbor-events |
2910 | .. clicmd:: [no] debug bgp neighbor-events | |
42fc5d26 | 2911 | |
8fcedbd2 QY |
2912 | Enable or disable debugging for neighbor events. This provides general |
2913 | information on BGP events such as peer connection / disconnection, session | |
2914 | establishment / teardown, and capability negotiation. | |
42fc5d26 | 2915 | |
53b758f3 PG |
2916 | .. index:: [no] debug bgp updates |
2917 | .. clicmd:: [no] debug bgp updates | |
42fc5d26 | 2918 | |
8fcedbd2 QY |
2919 | Enable or disable debugging for BGP updates. This provides information on |
2920 | BGP UPDATE messages transmitted and received between local and remote | |
2921 | instances. | |
42fc5d26 | 2922 | |
53b758f3 PG |
2923 | .. index:: [no] debug bgp keepalives |
2924 | .. clicmd:: [no] debug bgp keepalives | |
42fc5d26 | 2925 | |
8fcedbd2 QY |
2926 | Enable or disable debugging for BGP keepalives. This provides information on |
2927 | BGP KEEPALIVE messages transmitted and received between local and remote | |
2928 | instances. | |
c1a54c05 | 2929 | |
8fcedbd2 QY |
2930 | .. index:: [no] debug bgp bestpath <A.B.C.D/M|X:X::X:X/M> |
2931 | .. clicmd:: [no] debug bgp bestpath <A.B.C.D/M|X:X::X:X/M> | |
42fc5d26 | 2932 | |
8fcedbd2 | 2933 | Enable or disable debugging for bestpath selection on the specified prefix. |
42fc5d26 | 2934 | |
8fcedbd2 QY |
2935 | .. index:: [no] debug bgp nht |
2936 | .. clicmd:: [no] debug bgp nht | |
4da7fda3 | 2937 | |
8fcedbd2 | 2938 | Enable or disable debugging of BGP nexthop tracking. |
4da7fda3 | 2939 | |
8fcedbd2 QY |
2940 | .. index:: [no] debug bgp update-groups |
2941 | .. clicmd:: [no] debug bgp update-groups | |
4b44467c | 2942 | |
8fcedbd2 QY |
2943 | Enable or disable debugging of dynamic update groups. This provides general |
2944 | information on group creation, deletion, join and prune events. | |
4b44467c | 2945 | |
8fcedbd2 QY |
2946 | .. index:: [no] debug bgp zebra |
2947 | .. clicmd:: [no] debug bgp zebra | |
42fc5d26 | 2948 | |
8fcedbd2 | 2949 | Enable or disable debugging of communications between *bgpd* and *zebra*. |
c3c5a71f | 2950 | |
8fcedbd2 QY |
2951 | Dumping Messages and Routing Tables |
2952 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 2953 | |
8fcedbd2 QY |
2954 | .. index:: dump bgp all PATH [INTERVAL] |
2955 | .. clicmd:: dump bgp all PATH [INTERVAL] | |
42fc5d26 | 2956 | |
8fcedbd2 QY |
2957 | .. index:: dump bgp all-et PATH [INTERVAL] |
2958 | .. clicmd:: dump bgp all-et PATH [INTERVAL] | |
c3c5a71f | 2959 | |
8fcedbd2 QY |
2960 | .. index:: no dump bgp all [PATH] [INTERVAL] |
2961 | .. clicmd:: no dump bgp all [PATH] [INTERVAL] | |
42fc5d26 | 2962 | |
8fcedbd2 QY |
2963 | Dump all BGP packet and events to `path` file. |
2964 | If `interval` is set, a new file will be created for echo `interval` of | |
2965 | seconds. The path `path` can be set with date and time formatting | |
2966 | (strftime). The type ‘all-et’ enables support for Extended Timestamp Header | |
2967 | (:ref:`packet-binary-dump-format`). | |
c3c5a71f | 2968 | |
8fcedbd2 QY |
2969 | .. index:: dump bgp updates PATH [INTERVAL] |
2970 | .. clicmd:: dump bgp updates PATH [INTERVAL] | |
42fc5d26 | 2971 | |
8fcedbd2 QY |
2972 | .. index:: dump bgp updates-et PATH [INTERVAL] |
2973 | .. clicmd:: dump bgp updates-et PATH [INTERVAL] | |
42fc5d26 | 2974 | |
8fcedbd2 QY |
2975 | .. index:: no dump bgp updates [PATH] [INTERVAL] |
2976 | .. clicmd:: no dump bgp updates [PATH] [INTERVAL] | |
42fc5d26 | 2977 | |
8fcedbd2 QY |
2978 | Dump only BGP updates messages to `path` file. |
2979 | If `interval` is set, a new file will be created for echo `interval` of | |
2980 | seconds. The path `path` can be set with date and time formatting | |
2981 | (strftime). The type ‘updates-et’ enables support for Extended Timestamp | |
2982 | Header (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2983 | |
8fcedbd2 QY |
2984 | .. index:: dump bgp routes-mrt PATH |
2985 | .. clicmd:: dump bgp routes-mrt PATH | |
c3c5a71f | 2986 | |
8fcedbd2 QY |
2987 | .. index:: dump bgp routes-mrt PATH INTERVAL |
2988 | .. clicmd:: dump bgp routes-mrt PATH INTERVAL | |
42fc5d26 | 2989 | |
8fcedbd2 QY |
2990 | .. index:: no dump bgp route-mrt [PATH] [INTERVAL] |
2991 | .. clicmd:: no dump bgp route-mrt [PATH] [INTERVAL] | |
42fc5d26 | 2992 | |
8fcedbd2 QY |
2993 | Dump whole BGP routing table to `path`. This is heavy process. The path |
2994 | `path` can be set with date and time formatting (strftime). If `interval` is | |
2995 | set, a new file will be created for echo `interval` of seconds. | |
42fc5d26 | 2996 | |
8fcedbd2 | 2997 | Note: the interval variable can also be set using hours and minutes: 04h20m00. |
42fc5d26 | 2998 | |
c3c5a71f | 2999 | |
8fcedbd2 | 3000 | .. _bgp-other-commands: |
42fc5d26 | 3001 | |
8fcedbd2 QY |
3002 | Other BGP Commands |
3003 | ------------------ | |
42fc5d26 | 3004 | |
e312b6c6 QY |
3005 | The following are available in the top level *enable* mode: |
3006 | ||
dc912615 DS |
3007 | .. index:: clear bgp \* |
3008 | .. clicmd:: clear bgp \* | |
3009 | ||
3010 | Clear all peers. | |
3011 | ||
8fcedbd2 QY |
3012 | .. index:: clear bgp ipv4|ipv6 \* |
3013 | .. clicmd:: clear bgp ipv4|ipv6 \* | |
42fc5d26 | 3014 | |
dc912615 DS |
3015 | Clear all peers with this address-family activated. |
3016 | ||
3017 | .. index:: clear bgp ipv4|ipv6 unicast \* | |
3018 | .. clicmd:: clear bgp ipv4|ipv6 unicast \* | |
3019 | ||
3020 | Clear all peers with this address-family and sub-address-family activated. | |
42fc5d26 | 3021 | |
8fcedbd2 QY |
3022 | .. index:: clear bgp ipv4|ipv6 PEER |
3023 | .. clicmd:: clear bgp ipv4|ipv6 PEER | |
42fc5d26 | 3024 | |
dc912615 DS |
3025 | Clear peers with address of X.X.X.X and this address-family activated. |
3026 | ||
3027 | .. index:: clear bgp ipv4|ipv6 unicast PEER | |
3028 | .. clicmd:: clear bgp ipv4|ipv6 unicast PEER | |
3029 | ||
3030 | Clear peer with address of X.X.X.X and this address-family and sub-address-family activated. | |
3031 | ||
3032 | .. index:: clear bgp ipv4|ipv6 PEER soft|in|out | |
3033 | .. clicmd:: clear bgp ipv4|ipv6 PEER soft|in|out | |
3034 | ||
3035 | Clear peer using soft reconfiguration in this address-family. | |
42fc5d26 | 3036 | |
dc912615 DS |
3037 | .. index:: clear bgp ipv4|ipv6 unicast PEER soft|in|out |
3038 | .. clicmd:: clear bgp ipv4|ipv6 unicast PEER soft|in|out | |
42fc5d26 | 3039 | |
dc912615 | 3040 | Clear peer using soft reconfiguration in this address-family and sub-address-family. |
42fc5d26 | 3041 | |
e312b6c6 QY |
3042 | The following are available in the ``router bgp`` mode: |
3043 | ||
3044 | .. index:: write-quanta (1-64) | |
3045 | .. clicmd:: write-quanta (1-64) | |
3046 | ||
3047 | BGP message Tx I/O is vectored. This means that multiple packets are written | |
3048 | to the peer socket at the same time each I/O cycle, in order to minimize | |
3049 | system call overhead. This value controls how many are written at a time. | |
3050 | Under certain load conditions, reducing this value could make peer traffic | |
3051 | less 'bursty'. In practice, leave this settings on the default (64) unless | |
3052 | you truly know what you are doing. | |
3053 | ||
3054 | .. index:: read-quanta (1-10) | |
dad83b67 | 3055 | .. clicmd:: read-quanta (1-10) |
e312b6c6 QY |
3056 | |
3057 | Unlike Tx, BGP Rx traffic is not vectored. Packets are read off the wire one | |
3058 | at a time in a loop. This setting controls how many iterations the loop runs | |
3059 | for. As with write-quanta, it is best to leave this setting on the default. | |
42fc5d26 | 3060 | |
05bd726c | 3061 | The following command is available in ``config`` mode as well as in the |
3062 | ``router bgp`` mode: | |
3063 | ||
3064 | .. index:: bgp graceful-shutdown | |
3065 | .. clicmd:: bgp graceful-shutdown | |
3066 | ||
3067 | The purpose of this command is to initiate BGP Graceful Shutdown which | |
3068 | is described in :rfc:`8326`. The use case for this is to minimize or | |
3069 | eliminate the amount of traffic loss in a network when a planned | |
3070 | maintenance activity such as software upgrade or hardware replacement | |
3071 | is to be performed on a router. The feature works by re-announcing | |
3072 | routes to eBGP peers with the GRACEFUL_SHUTDOWN community included. | |
3073 | Peers are then expected to treat such paths with the lowest preference. | |
3074 | This happens automatically on a receiver running FRR; with other | |
3075 | routing protocol stacks, an inbound policy may have to be configured. | |
3076 | In FRR, triggering graceful shutdown also results in announcing a | |
3077 | LOCAL_PREF of 0 to iBGP peers. | |
3078 | ||
3079 | Graceful shutdown can be configured per BGP instance or globally for | |
3080 | all of BGP. These two options are mutually exclusive. The no form of | |
3081 | the command causes graceful shutdown to be stopped, and routes will | |
3082 | be re-announced without the GRACEFUL_SHUTDOWN community and/or with | |
3083 | the usual LOCAL_PREF value. Note that if this option is saved to | |
3084 | the startup configuration, graceful shutdown will remain in effect | |
3085 | across restarts of *bgpd* and will need to be explicitly disabled. | |
3086 | ||
8fcedbd2 | 3087 | .. _bgp-displaying-bgp-information: |
42fc5d26 | 3088 | |
8fcedbd2 QY |
3089 | Displaying BGP Information |
3090 | ========================== | |
42fc5d26 | 3091 | |
e6f59415 PG |
3092 | The following four commands display the IPv6 and IPv4 routing tables, depending |
3093 | on whether or not the ``ip`` keyword is used. | |
3094 | Actually, :clicmd:`show ip bgp` command was used on older `Quagga` routing | |
3095 | daemon project, while :clicmd:`show bgp` command is the new format. The choice | |
3096 | has been done to keep old format with IPv4 routing table, while new format | |
3097 | displays IPv6 routing table. | |
3098 | ||
96f3485c MK |
3099 | .. index:: show ip bgp [all] [wide|json] |
3100 | .. clicmd:: show ip bgp [all] [wide|json] | |
42fc5d26 | 3101 | |
96f3485c MK |
3102 | .. index:: show ip bgp A.B.C.D [json] |
3103 | .. clicmd:: show ip bgp A.B.C.D [json] | |
c1a54c05 | 3104 | |
96f3485c MK |
3105 | .. index:: show bgp [all] [wide|json] |
3106 | .. clicmd:: show bgp [all] [wide|json] | |
e6f59415 | 3107 | |
96f3485c MK |
3108 | .. index:: show bgp X:X::X:X [json] |
3109 | .. clicmd:: show bgp X:X::X:X [json] | |
42fc5d26 | 3110 | |
8fcedbd2 | 3111 | These commands display BGP routes. When no route is specified, the default |
e6f59415 | 3112 | is to display all BGP routes. |
42fc5d26 | 3113 | |
8fcedbd2 | 3114 | :: |
c1a54c05 | 3115 | |
8fcedbd2 QY |
3116 | BGP table version is 0, local router ID is 10.1.1.1 |
3117 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal | |
3118 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
42fc5d26 | 3119 | |
8fcedbd2 QY |
3120 | Network Next Hop Metric LocPrf Weight Path |
3121 | \*> 1.1.1.1/32 0.0.0.0 0 32768 i | |
42fc5d26 | 3122 | |
8fcedbd2 | 3123 | Total number of prefixes 1 |
4da7fda3 | 3124 | |
986b0fc3 DA |
3125 | If _wide_ option is specified, then the prefix table's width is increased |
3126 | to fully display the prefix and the nexthop. | |
3127 | ||
3128 | This is especially handy dealing with IPv6 prefixes and | |
3129 | if :clicmd:`[no] bgp default show-nexthop-hostname` is enabled. | |
3130 | ||
96f3485c MK |
3131 | If _all_ option is specified, _ip_ keyword is ignored, show bgp all and |
3132 | show ip bgp all commands display routes for all AFIs and SAFIs. | |
3133 | ||
3134 | If _json_ option is specified, output is displayed in JSON format. | |
3135 | ||
e6f59415 PG |
3136 | Some other commands provide additional options for filtering the output. |
3137 | ||
3138 | .. index:: show [ip] bgp regexp LINE | |
3139 | .. clicmd:: show [ip] bgp regexp LINE | |
42fc5d26 | 3140 | |
8fcedbd2 QY |
3141 | This command displays BGP routes using AS path regular expression |
3142 | (:ref:`bgp-regular-expressions`). | |
42fc5d26 | 3143 | |
96f3485c MK |
3144 | .. index:: show [ip] bgp [all] summary [json] |
3145 | .. clicmd:: show [ip] bgp [all] summary [json] | |
42fc5d26 | 3146 | |
8fcedbd2 | 3147 | Show a bgp peer summary for the specified address family. |
42fc5d26 | 3148 | |
e6f59415 PG |
3149 | The old command structure :clicmd:`show ip bgp` may be removed in the future |
3150 | and should no longer be used. In order to reach the other BGP routing tables | |
3151 | other than the IPv6 routing table given by :clicmd:`show bgp`, the new command | |
3152 | structure is extended with :clicmd:`show bgp [afi] [safi]`. | |
3153 | ||
96f3485c MK |
3154 | .. index:: show bgp [afi] [safi] [all] [wide|json] |
3155 | .. clicmd:: show bgp [afi] [safi] [all] [wide|json] | |
e6f59415 PG |
3156 | |
3157 | .. index:: show bgp <ipv4|ipv6> <unicast|multicast|vpn|labeled-unicast> | |
3158 | .. clicmd:: show bgp <ipv4|ipv6> <unicast|multicast|vpn|labeled-unicast> | |
3159 | ||
3160 | These commands display BGP routes for the specific routing table indicated by | |
3161 | the selected afi and the selected safi. If no afi and no safi value is given, | |
6cfd16ad TA |
3162 | the command falls back to the default IPv6 routing table. |
3163 | For EVPN prefixes, you can display the full BGP table for this AFI/SAFI | |
3164 | using the standard `show bgp [afi] [safi]` syntax. | |
3165 | ||
3166 | .. index:: show bgp l2vpn evpn route [type <macip|2|multicast|3|es|4|prefix|5>] | |
3167 | .. clicmd:: show bgp l2vpn evpn route [type <macip|2|multicast|3|es|4|prefix|5>] | |
3168 | ||
3169 | Additionally, you can also filter this output by route type. | |
e6f59415 | 3170 | |
96f3485c MK |
3171 | .. index:: show bgp [afi] [safi] [all] summary [json] |
3172 | .. clicmd:: show bgp [afi] [safi] [all] summary [json] | |
e6f59415 PG |
3173 | |
3174 | Show a bgp peer summary for the specified address family, and subsequent | |
3175 | address-family. | |
3176 | ||
96f3485c MK |
3177 | .. index:: show bgp [afi] [safi] [all] summary failed [json] |
3178 | .. clicmd:: show bgp [afi] [safi] [all] summary failed [json] | |
3577f1c5 DD |
3179 | |
3180 | Show a bgp peer summary for peers that are not succesfully exchanging routes | |
3181 | for the specified address family, and subsequent address-family. | |
3182 | ||
96f3485c MK |
3183 | .. index:: show bgp [afi] [safi] [all] summary established [json] |
3184 | .. clicmd:: show bgp [afi] [safi] [all] summary established [json] | |
1c027267 DA |
3185 | |
3186 | Show a bgp peer summary for peers that are succesfully exchanging routes | |
3187 | for the specified address family, and subsequent address-family. | |
3188 | ||
e6f59415 PG |
3189 | .. index:: show bgp [afi] [safi] neighbor [PEER] |
3190 | .. clicmd:: show bgp [afi] [safi] neighbor [PEER] | |
9eb95b3b | 3191 | |
e6f59415 PG |
3192 | This command shows information on a specific BGP peer of the relevant |
3193 | afi and safi selected. | |
c1a54c05 | 3194 | |
96f3485c MK |
3195 | .. index:: show bgp [afi] [safi] [all] dampening dampened-paths [wide|json] |
3196 | .. clicmd:: show bgp [afi] [safi] [all] dampening dampened-paths [wide|json] | |
42fc5d26 | 3197 | |
e6f59415 PG |
3198 | Display paths suppressed due to dampening of the selected afi and safi |
3199 | selected. | |
42fc5d26 | 3200 | |
96f3485c MK |
3201 | .. index:: show bgp [afi] [safi] [all] dampening flap-statistics [wide|json] |
3202 | .. clicmd:: show bgp [afi] [safi] [all] dampening flap-statistics [wide|json] | |
c1a54c05 | 3203 | |
e6f59415 | 3204 | Display flap statistics of routes of the selected afi and safi selected. |
42fc5d26 | 3205 | |
620e23e8 PG |
3206 | .. index:: show bgp [afi] [safi] statistics |
3207 | .. clicmd:: show bgp [afi] [safi] statistics | |
3208 | ||
3209 | Display statistics of routes of the selected afi and safi. | |
3210 | ||
3211 | .. index:: show bgp statistics-all | |
3212 | .. clicmd:: show bgp statistics-all | |
3213 | ||
3214 | Display statistics of routes of all the afi and safi. | |
3215 | ||
96f3485c MK |
3216 | .. index:: show [ip] bgp [afi] [safi] [all] cidr-only [wide|json] |
3217 | .. clicmd:: show [ip] bgp [afi] [safi] [all] cidr-only [wide|json] | |
3218 | ||
3219 | Display routes with non-natural netmasks. | |
3220 | ||
3221 | .. index:: show [ip] bgp [afi] [safi] [all] neighbors A.B.C.D [advertised-routes|received-routes|filtered-routes] [json|wide] | |
3222 | .. clicmd:: show [ip] bgp [afi] [safi] [all] neighbors A.B.C.D [advertised-routes|received-routes|filtered-routes] [json|wide] | |
3223 | ||
3224 | Display the routes advertised to a BGP neighbor or received routes | |
3225 | from neighbor or filtered routes received from neighbor based on the | |
3226 | option specified. | |
3227 | ||
3228 | If _wide_ option is specified, then the prefix table's width is increased | |
3229 | to fully display the prefix and the nexthop. | |
3230 | ||
3231 | This is especially handy dealing with IPv6 prefixes and | |
3232 | if :clicmd:`[no] bgp default show-nexthop-hostname` is enabled. | |
3233 | ||
3234 | If _all_ option is specified, _ip_ keyword is ignored and, | |
3235 | routes displayed for all AFIs and SAFIs. | |
3236 | if afi is specified, with _all_ option, routes will be displayed for | |
3237 | each SAFI in the selcted AFI | |
3238 | ||
3239 | If _json_ option is specified, output is displayed in JSON format. | |
3240 | ||
8fcedbd2 | 3241 | .. _bgp-display-routes-by-community: |
42fc5d26 | 3242 | |
8fcedbd2 QY |
3243 | Displaying Routes by Community Attribute |
3244 | ---------------------------------------- | |
42fc5d26 | 3245 | |
8fcedbd2 QY |
3246 | The following commands allow displaying routes based on their community |
3247 | attribute. | |
42fc5d26 | 3248 | |
96f3485c MK |
3249 | .. index:: show [ip] bgp <ipv4|ipv6> [all] community [wide|json] |
3250 | .. clicmd:: show [ip] bgp <ipv4|ipv6> [all] community [wide|json] | |
42fc5d26 | 3251 | |
96f3485c MK |
3252 | .. index:: show [ip] bgp <ipv4|ipv6> [all] community COMMUNITY [wide|json] |
3253 | .. clicmd:: show [ip] bgp <ipv4|ipv6> [all] community COMMUNITY [wide|json] | |
42fc5d26 | 3254 | |
96f3485c MK |
3255 | .. index:: show [ip] bgp <ipv4|ipv6> [all] community COMMUNITY exact-match [wide|json] |
3256 | .. clicmd:: show [ip] bgp <ipv4|ipv6> [all] community COMMUNITY exact-match [wide|json] | |
76bd1499 | 3257 | |
8fcedbd2 QY |
3258 | These commands display BGP routes which have the community attribute. |
3259 | attribute. When ``COMMUNITY`` is specified, BGP routes that match that | |
3260 | community are displayed. When `exact-match` is specified, it display only | |
3261 | routes that have an exact match. | |
c3c5a71f | 3262 | |
8fcedbd2 QY |
3263 | .. index:: show [ip] bgp <ipv4|ipv6> community-list WORD |
3264 | .. clicmd:: show [ip] bgp <ipv4|ipv6> community-list WORD | |
42fc5d26 | 3265 | |
8fcedbd2 QY |
3266 | .. index:: show [ip] bgp <ipv4|ipv6> community-list WORD exact-match |
3267 | .. clicmd:: show [ip] bgp <ipv4|ipv6> community-list WORD exact-match | |
42fc5d26 | 3268 | |
8fcedbd2 QY |
3269 | These commands display BGP routes for the address family specified that |
3270 | match the specified community list. When `exact-match` is specified, it | |
3271 | displays only routes that have an exact match. | |
42fc5d26 | 3272 | |
96f3485c MK |
3273 | If _wide_ option is specified, then the prefix table's width is increased |
3274 | to fully display the prefix and the nexthop. | |
3275 | ||
3276 | This is especially handy dealing with IPv6 prefixes and | |
3277 | if :clicmd:`[no] bgp default show-nexthop-hostname` is enabled. | |
3278 | ||
3279 | If _all_ option is specified, _ip_ keyword is ignored and, | |
3280 | routes displayed for all AFIs and SAFIs. | |
3281 | if afi is specified, with _all_ option, routes will be displayed for | |
3282 | each SAFI in the selcted AFI | |
3283 | ||
3284 | If _json_ option is specified, output is displayed in JSON format. | |
3285 | ||
36a206db | 3286 | .. _bgp-display-routes-by-lcommunity: |
3287 | ||
3288 | Displaying Routes by Large Community Attribute | |
3289 | ---------------------------------------------- | |
3290 | ||
ac2201bb | 3291 | The following commands allow displaying routes based on their |
36a206db | 3292 | large community attribute. |
3293 | ||
3294 | .. index:: show [ip] bgp <ipv4|ipv6> large-community | |
3295 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community | |
3296 | ||
3297 | .. index:: show [ip] bgp <ipv4|ipv6> large-community LARGE-COMMUNITY | |
3298 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community LARGE-COMMUNITY | |
3299 | ||
3300 | .. index:: show [ip] bgp <ipv4|ipv6> large-community LARGE-COMMUNITY exact-match | |
3301 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community LARGE-COMMUNITY exact-match | |
3302 | ||
3303 | .. index:: show [ip] bgp <ipv4|ipv6> large-community LARGE-COMMUNITY json | |
3304 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community LARGE-COMMUNITY json | |
3305 | ||
3306 | These commands display BGP routes which have the large community attribute. | |
3307 | attribute. When ``LARGE-COMMUNITY`` is specified, BGP routes that match that | |
ac2201bb DA |
3308 | large community are displayed. When `exact-match` is specified, it display |
3309 | only routes that have an exact match. When `json` is specified, it display | |
36a206db | 3310 | routes in json format. |
3311 | ||
3312 | .. index:: show [ip] bgp <ipv4|ipv6> large-community-list WORD | |
3313 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community-list WORD | |
3314 | ||
3315 | .. index:: show [ip] bgp <ipv4|ipv6> large-community-list WORD exact-match | |
3316 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community-list WORD exact-match | |
3317 | ||
3318 | .. index:: show [ip] bgp <ipv4|ipv6> large-community-list WORD json | |
3319 | .. clicmd:: show [ip] bgp <ipv4|ipv6> large-community-list WORD json | |
3320 | ||
3321 | These commands display BGP routes for the address family specified that | |
ac2201bb DA |
3322 | match the specified large community list. When `exact-match` is specified, |
3323 | it displays only routes that have an exact match. When `json` is specified, | |
36a206db | 3324 | it display routes in json format. |
3325 | ||
8fcedbd2 | 3326 | .. _bgp-display-routes-by-as-path: |
42fc5d26 | 3327 | |
36a206db | 3328 | |
8fcedbd2 QY |
3329 | Displaying Routes by AS Path |
3330 | ---------------------------- | |
42fc5d26 | 3331 | |
8fcedbd2 QY |
3332 | .. index:: show bgp ipv4|ipv6 regexp LINE |
3333 | .. clicmd:: show bgp ipv4|ipv6 regexp LINE | |
76bd1499 | 3334 | |
8fcedbd2 QY |
3335 | This commands displays BGP routes that matches a regular |
3336 | expression `line` (:ref:`bgp-regular-expressions`). | |
3337 | ||
e6f59415 PG |
3338 | .. index:: show [ip] bgp ipv4 vpn |
3339 | .. clicmd:: show [ip] bgp ipv4 vpn | |
8fcedbd2 | 3340 | |
e6f59415 PG |
3341 | .. index:: show [ip] bgp ipv6 vpn |
3342 | .. clicmd:: show [ip] bgp ipv6 vpn | |
8fcedbd2 QY |
3343 | |
3344 | Print active IPV4 or IPV6 routes advertised via the VPN SAFI. | |
3345 | ||
3346 | .. index:: show bgp ipv4 vpn summary | |
3347 | .. clicmd:: show bgp ipv4 vpn summary | |
3348 | ||
3349 | .. index:: show bgp ipv6 vpn summary | |
3350 | .. clicmd:: show bgp ipv6 vpn summary | |
3351 | ||
3352 | Print a summary of neighbor connections for the specified AFI/SAFI combination. | |
3353 | ||
09d78f10 DS |
3354 | Displaying Update Group Information |
3355 | ----------------------------------- | |
3356 | ||
6c5be52a SR |
3357 | .. index:: show bgp update-groups SUBGROUP-ID [advertise-queue|advertised-routes|packet-queue] |
3358 | .. clicmd:: show bgp update-groups [advertise-queue|advertised-routes|packet-queue] | |
09d78f10 DS |
3359 | |
3360 | Display Information about each individual update-group being used. | |
3361 | If SUBGROUP-ID is specified only display about that particular group. If | |
3362 | advertise-queue is specified the list of routes that need to be sent | |
3363 | to the peers in the update-group is displayed, advertised-routes means | |
a64e0ee5 | 3364 | the list of routes we have sent to the peers in the update-group and |
09d78f10 DS |
3365 | packet-queue specifies the list of packets in the queue to be sent. |
3366 | ||
6c5be52a SR |
3367 | .. index:: show bgp update-groups statistics |
3368 | .. clicmd:: show bgp update-groups statistics | |
09d78f10 DS |
3369 | |
3370 | Display Information about update-group events in FRR. | |
8fcedbd2 QY |
3371 | |
3372 | .. _bgp-route-reflector: | |
3373 | ||
3374 | Route Reflector | |
3375 | =============== | |
3376 | ||
749afd7d RF |
3377 | BGP routers connected inside the same AS through BGP belong to an internal |
3378 | BGP session, or IBGP. In order to prevent routing table loops, IBGP does not | |
3379 | advertise IBGP-learned routes to other routers in the same session. As such, | |
3380 | IBGP requires a full mesh of all peers. For large networks, this quickly becomes | |
3381 | unscalable. Introducing route reflectors removes the need for the full-mesh. | |
8fcedbd2 | 3382 | |
749afd7d RF |
3383 | When route reflectors are configured, these will reflect the routes announced |
3384 | by the peers configured as clients. A route reflector client is configured | |
3385 | with: | |
8fcedbd2 QY |
3386 | |
3387 | .. index:: neighbor PEER route-reflector-client | |
3388 | .. clicmd:: neighbor PEER route-reflector-client | |
3389 | ||
3390 | .. index:: no neighbor PEER route-reflector-client | |
3391 | .. clicmd:: no neighbor PEER route-reflector-client | |
c3c5a71f | 3392 | |
749afd7d RF |
3393 | To avoid single points of failure, multiple route reflectors can be configured. |
3394 | ||
3395 | A cluster is a collection of route reflectors and their clients, and is used | |
3396 | by route reflectors to avoid looping. | |
3397 | ||
3398 | .. index:: bgp cluster-id A.B.C.D | |
3399 | .. clicmd:: bgp cluster-id A.B.C.D | |
42fc5d26 | 3400 | |
8dad2243 DS |
3401 | .. index:: [no] bgp no-rib |
3402 | .. clicmd:: [no] bgp no-rib | |
3403 | ||
3404 | To set and unset the BGP daemon ``-n`` / ``--no_kernel`` options during runtime | |
3405 | to disable BGP route installation to the RIB (Zebra), the ``[no] bgp no-rib`` | |
3406 | commands can be used; | |
3407 | ||
3408 | Please note that setting the option during runtime will withdraw all routes in | |
3409 | the daemons RIB from Zebra and unsetting it will announce all routes in the | |
3410 | daemons RIB to Zebra. If the option is passed as a command line argument when | |
3411 | starting the daemon and the configuration gets saved, the option will persist | |
3412 | unless removed from the configuration with the negating command prior to the | |
3413 | configuration write operation. | |
3414 | ||
3415 | ||
0efdf0fe | 3416 | .. _routing-policy: |
42fc5d26 | 3417 | |
8fcedbd2 QY |
3418 | Routing Policy |
3419 | ============== | |
42fc5d26 | 3420 | |
4da7fda3 | 3421 | You can set different routing policy for a peer. For example, you can set |
9eb95b3b QY |
3422 | different filter for a peer. |
3423 | ||
3424 | .. code-block:: frr | |
c1a54c05 | 3425 | |
c1a54c05 QY |
3426 | ! |
3427 | router bgp 1 view 1 | |
3428 | neighbor 10.0.0.1 remote-as 2 | |
3429 | address-family ipv4 unicast | |
3430 | neighbor 10.0.0.1 distribute-list 1 in | |
3431 | exit-address-family | |
3432 | ! | |
3433 | router bgp 1 view 2 | |
3434 | neighbor 10.0.0.1 remote-as 2 | |
3435 | address-family ipv4 unicast | |
3436 | neighbor 10.0.0.1 distribute-list 2 in | |
3437 | exit-address-family | |
c3c5a71f | 3438 | |
4da7fda3 QY |
3439 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. |
3440 | When the update is inserted into view 1, distribute-list 1 is applied. On the | |
3441 | other hand, when the update is inserted into view 2, distribute-list 2 is | |
3442 | applied. | |
42fc5d26 | 3443 | |
42fc5d26 | 3444 | |
0efdf0fe | 3445 | .. _bgp-regular-expressions: |
42fc5d26 QY |
3446 | |
3447 | BGP Regular Expressions | |
3448 | ======================= | |
3449 | ||
8fcedbd2 QY |
3450 | BGP regular expressions are based on :t:`POSIX 1003.2` regular expressions. The |
3451 | following description is just a quick subset of the POSIX regular expressions. | |
42fc5d26 QY |
3452 | |
3453 | ||
8fcedbd2 | 3454 | .\* |
c1a54c05 | 3455 | Matches any single character. |
42fc5d26 | 3456 | |
8fcedbd2 | 3457 | \* |
c1a54c05 | 3458 | Matches 0 or more occurrences of pattern. |
42fc5d26 | 3459 | |
8fcedbd2 | 3460 | \+ |
c1a54c05 | 3461 | Matches 1 or more occurrences of pattern. |
42fc5d26 QY |
3462 | |
3463 | ? | |
c1a54c05 | 3464 | Match 0 or 1 occurrences of pattern. |
42fc5d26 QY |
3465 | |
3466 | ^ | |
c1a54c05 | 3467 | Matches the beginning of the line. |
42fc5d26 QY |
3468 | |
3469 | $ | |
c1a54c05 | 3470 | Matches the end of the line. |
42fc5d26 QY |
3471 | |
3472 | _ | |
8fcedbd2 QY |
3473 | The ``_`` character has special meanings in BGP regular expressions. It |
3474 | matches to space and comma , and AS set delimiter ``{`` and ``}`` and AS | |
3475 | confederation delimiter ``(`` and ``)``. And it also matches to the | |
3476 | beginning of the line and the end of the line. So ``_`` can be used for AS | |
3477 | value boundaries match. This character technically evaluates to | |
3478 | ``(^|[,{}()]|$)``. | |
42fc5d26 | 3479 | |
42fc5d26 | 3480 | |
c1a54c05 | 3481 | .. _bgp-configuration-examples: |
42fc5d26 | 3482 | |
8fcedbd2 QY |
3483 | Miscellaneous Configuration Examples |
3484 | ==================================== | |
42fc5d26 | 3485 | |
9eb95b3b QY |
3486 | Example of a session to an upstream, advertising only one prefix to it. |
3487 | ||
3488 | .. code-block:: frr | |
42fc5d26 | 3489 | |
c1a54c05 QY |
3490 | router bgp 64512 |
3491 | bgp router-id 10.236.87.1 | |
3492 | neighbor upstream peer-group | |
3493 | neighbor upstream remote-as 64515 | |
3494 | neighbor upstream capability dynamic | |
3495 | neighbor 10.1.1.1 peer-group upstream | |
3496 | neighbor 10.1.1.1 description ACME ISP | |
c3c5a71f | 3497 | |
c1a54c05 QY |
3498 | address-family ipv4 unicast |
3499 | network 10.236.87.0/24 | |
3500 | neighbor upstream prefix-list pl-allowed-adv out | |
3501 | exit-address-family | |
3502 | ! | |
3503 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
3504 | ip prefix-list pl-allowed-adv seq 10 deny any | |
42fc5d26 | 3505 | |
aa9eafa4 QY |
3506 | A more complex example including upstream, peer and customer sessions |
3507 | advertising global prefixes and NO_EXPORT prefixes and providing actions for | |
3508 | customer routes based on community values. Extensive use is made of route-maps | |
3509 | and the 'call' feature to support selective advertising of prefixes. This | |
3510 | example is intended as guidance only, it has NOT been tested and almost | |
3511 | certainly contains silly mistakes, if not serious flaws. | |
42fc5d26 | 3512 | |
9eb95b3b | 3513 | .. code-block:: frr |
42fc5d26 | 3514 | |
c1a54c05 QY |
3515 | router bgp 64512 |
3516 | bgp router-id 10.236.87.1 | |
3517 | neighbor upstream capability dynamic | |
3518 | neighbor cust capability dynamic | |
3519 | neighbor peer capability dynamic | |
3520 | neighbor 10.1.1.1 remote-as 64515 | |
3521 | neighbor 10.1.1.1 peer-group upstream | |
3522 | neighbor 10.2.1.1 remote-as 64516 | |
3523 | neighbor 10.2.1.1 peer-group upstream | |
3524 | neighbor 10.3.1.1 remote-as 64517 | |
3525 | neighbor 10.3.1.1 peer-group cust-default | |
3526 | neighbor 10.3.1.1 description customer1 | |
3527 | neighbor 10.4.1.1 remote-as 64518 | |
3528 | neighbor 10.4.1.1 peer-group cust | |
3529 | neighbor 10.4.1.1 description customer2 | |
3530 | neighbor 10.5.1.1 remote-as 64519 | |
3531 | neighbor 10.5.1.1 peer-group peer | |
3532 | neighbor 10.5.1.1 description peer AS 1 | |
3533 | neighbor 10.6.1.1 remote-as 64520 | |
3534 | neighbor 10.6.1.1 peer-group peer | |
3535 | neighbor 10.6.1.1 description peer AS 2 | |
3536 | ||
3537 | address-family ipv4 unicast | |
3538 | network 10.123.456.0/24 | |
3539 | network 10.123.456.128/25 route-map rm-no-export | |
3540 | neighbor upstream route-map rm-upstream-out out | |
3541 | neighbor cust route-map rm-cust-in in | |
3542 | neighbor cust route-map rm-cust-out out | |
3543 | neighbor cust send-community both | |
3544 | neighbor peer route-map rm-peer-in in | |
3545 | neighbor peer route-map rm-peer-out out | |
3546 | neighbor peer send-community both | |
3547 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
3548 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
3549 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
3550 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
3551 | exit-address-family | |
3552 | ! | |
3553 | ip prefix-list pl-default permit 0.0.0.0/0 | |
3554 | ! | |
3555 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
3556 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
3557 | ! | |
3558 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
3559 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
3560 | ! | |
3561 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
3562 | ! | |
3563 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
3564 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
3565 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
3566 | ! | |
3567 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
3568 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
3569 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
3570 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
3571 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
3572 | ! | |
9b6fddd4 DS |
3573 | bgp as-path access-list asp-own-as permit ^$ |
3574 | bgp as-path access-list asp-own-as permit _64512_ | |
c1a54c05 QY |
3575 | ! |
3576 | ! ################################################################# | |
3577 | ! Match communities we provide actions for, on routes receives from | |
3578 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
3579 | ! | |
3580 | ! 100 - blackhole the prefix | |
3581 | ! 200 - set no_export | |
3582 | ! 300 - advertise only to other customers | |
3583 | ! 400 - advertise only to upstreams | |
3584 | ! 500 - set no_export when advertising to upstreams | |
3585 | ! 2X00 - set local_preference to X00 | |
3586 | ! | |
3587 | ! blackhole the prefix of the route | |
a64e0ee5 | 3588 | bgp community-list standard cm-blackhole permit 64512:100 |
c1a54c05 QY |
3589 | ! |
3590 | ! set no-export community before advertising | |
a64e0ee5 | 3591 | bgp community-list standard cm-set-no-export permit 64512:200 |
c1a54c05 QY |
3592 | ! |
3593 | ! advertise only to other customers | |
a64e0ee5 | 3594 | bgp community-list standard cm-cust-only permit 64512:300 |
c1a54c05 QY |
3595 | ! |
3596 | ! advertise only to upstreams | |
a64e0ee5 | 3597 | bgp community-list standard cm-upstream-only permit 64512:400 |
c1a54c05 QY |
3598 | ! |
3599 | ! advertise to upstreams with no-export | |
a64e0ee5 | 3600 | bgp community-list standard cm-upstream-noexport permit 64512:500 |
c1a54c05 QY |
3601 | ! |
3602 | ! set local-pref to least significant 3 digits of the community | |
a64e0ee5 DA |
3603 | bgp community-list standard cm-prefmod-100 permit 64512:2100 |
3604 | bgp community-list standard cm-prefmod-200 permit 64512:2200 | |
3605 | bgp community-list standard cm-prefmod-300 permit 64512:2300 | |
3606 | bgp community-list standard cm-prefmod-400 permit 64512:2400 | |
3607 | bgp community-list expanded cme-prefmod-range permit 64512:2... | |
c1a54c05 QY |
3608 | ! |
3609 | ! Informational communities | |
3610 | ! | |
3611 | ! 3000 - learned from upstream | |
3612 | ! 3100 - learned from customer | |
3613 | ! 3200 - learned from peer | |
3614 | ! | |
a64e0ee5 DA |
3615 | bgp community-list standard cm-learnt-upstream permit 64512:3000 |
3616 | bgp community-list standard cm-learnt-cust permit 64512:3100 | |
3617 | bgp community-list standard cm-learnt-peer permit 64512:3200 | |
c1a54c05 QY |
3618 | ! |
3619 | ! ################################################################### | |
3620 | ! Utility route-maps | |
3621 | ! | |
3622 | ! These utility route-maps generally should not used to permit/deny | |
3623 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
3624 | ! should be used with 'on-match next'. These all finish with an empty | |
3625 | ! permit entry so as not interfere with processing in the caller. | |
3626 | ! | |
3627 | route-map rm-no-export permit 10 | |
3628 | set community additive no-export | |
3629 | route-map rm-no-export permit 20 | |
3630 | ! | |
3631 | route-map rm-blackhole permit 10 | |
f6aa36f5 | 3632 | description blackhole, up-pref and ensure it cannot escape this AS |
c1a54c05 QY |
3633 | set ip next-hop 127.0.0.1 |
3634 | set local-preference 10 | |
3635 | set community additive no-export | |
3636 | route-map rm-blackhole permit 20 | |
3637 | ! | |
3638 | ! Set local-pref as requested | |
3639 | route-map rm-prefmod permit 10 | |
3640 | match community cm-prefmod-100 | |
3641 | set local-preference 100 | |
3642 | route-map rm-prefmod permit 20 | |
3643 | match community cm-prefmod-200 | |
3644 | set local-preference 200 | |
3645 | route-map rm-prefmod permit 30 | |
3646 | match community cm-prefmod-300 | |
3647 | set local-preference 300 | |
3648 | route-map rm-prefmod permit 40 | |
3649 | match community cm-prefmod-400 | |
3650 | set local-preference 400 | |
3651 | route-map rm-prefmod permit 50 | |
3652 | ! | |
3653 | ! Community actions to take on receipt of route. | |
3654 | route-map rm-community-in permit 10 | |
3655 | description check for blackholing, no point continuing if it matches. | |
3656 | match community cm-blackhole | |
3657 | call rm-blackhole | |
3658 | route-map rm-community-in permit 20 | |
3659 | match community cm-set-no-export | |
3660 | call rm-no-export | |
3661 | on-match next | |
3662 | route-map rm-community-in permit 30 | |
3663 | match community cme-prefmod-range | |
3664 | call rm-prefmod | |
3665 | route-map rm-community-in permit 40 | |
3666 | ! | |
3667 | ! ##################################################################### | |
3668 | ! Community actions to take when advertising a route. | |
3669 | ! These are filtering route-maps, | |
3670 | ! | |
3671 | ! Deny customer routes to upstream with cust-only set. | |
3672 | route-map rm-community-filt-to-upstream deny 10 | |
3673 | match community cm-learnt-cust | |
3674 | match community cm-cust-only | |
3675 | route-map rm-community-filt-to-upstream permit 20 | |
3676 | ! | |
3677 | ! Deny customer routes to other customers with upstream-only set. | |
3678 | route-map rm-community-filt-to-cust deny 10 | |
3679 | match community cm-learnt-cust | |
3680 | match community cm-upstream-only | |
3681 | route-map rm-community-filt-to-cust permit 20 | |
3682 | ! | |
3683 | ! ################################################################### | |
3684 | ! The top-level route-maps applied to sessions. Further entries could | |
3685 | ! be added obviously.. | |
3686 | ! | |
3687 | ! Customers | |
3688 | route-map rm-cust-in permit 10 | |
3689 | call rm-community-in | |
3690 | on-match next | |
3691 | route-map rm-cust-in permit 20 | |
3692 | set community additive 64512:3100 | |
3693 | route-map rm-cust-in permit 30 | |
3694 | ! | |
3695 | route-map rm-cust-out permit 10 | |
3696 | call rm-community-filt-to-cust | |
3697 | on-match next | |
3698 | route-map rm-cust-out permit 20 | |
3699 | ! | |
3700 | ! Upstream transit ASes | |
3701 | route-map rm-upstream-out permit 10 | |
3702 | description filter customer prefixes which are marked cust-only | |
3703 | call rm-community-filt-to-upstream | |
3704 | on-match next | |
3705 | route-map rm-upstream-out permit 20 | |
3706 | description only customer routes are provided to upstreams/peers | |
3707 | match community cm-learnt-cust | |
3708 | ! | |
3709 | ! Peer ASes | |
3710 | ! outbound policy is same as for upstream | |
3711 | route-map rm-peer-out permit 10 | |
3712 | call rm-upstream-out | |
3713 | ! | |
3714 | route-map rm-peer-in permit 10 | |
3715 | set community additive 64512:3200 | |
c3c5a71f | 3716 | |
8fcedbd2 QY |
3717 | |
3718 | Example of how to set up a 6-Bone connection. | |
3719 | ||
3720 | .. code-block:: frr | |
3721 | ||
3722 | ! bgpd configuration | |
3723 | ! ================== | |
3724 | ! | |
3725 | ! MP-BGP configuration | |
3726 | ! | |
3727 | router bgp 7675 | |
3728 | bgp router-id 10.0.0.1 | |
3729 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as `as-number` | |
3730 | ! | |
3731 | address-family ipv6 | |
3732 | network 3ffe:506::/32 | |
3733 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
3734 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
3735 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as `as-number` | |
3736 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
3737 | exit-address-family | |
3738 | ! | |
3739 | ipv6 access-list all permit any | |
3740 | ! | |
3741 | ! Set output nexthop address. | |
3742 | ! | |
3743 | route-map set-nexthop permit 10 | |
3744 | match ipv6 address all | |
3745 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
3746 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
3747 | ! | |
3748 | log file bgpd.log | |
3749 | ! | |
3750 | ||
3751 | ||
9e146a81 | 3752 | .. include:: routeserver.rst |
f3817860 QY |
3753 | |
3754 | .. include:: rpki.rst | |
c1a54c05 | 3755 | |
ed647ed2 | 3756 | .. include:: wecmp_linkbw.rst |
3757 | ||
00458d01 PG |
3758 | .. include:: flowspec.rst |
3759 | ||
d1e7591e | 3760 | .. [#med-transitivity-rant] For some set of objects to have an order, there *must* be some binary ordering relation that is defined for *every* combination of those objects, and that relation *must* be transitive. I.e.:, if the relation operator is <, and if a < b and b < c then that relation must carry over and it *must* be that a < c for the objects to have an order. The ordering relation may allow for equality, i.e. a < b and b < a may both be true and imply that a and b are equal in the order and not distinguished by it, in which case the set has a partial order. Otherwise, if there is an order, all the objects have a distinct place in the order and the set has a total order) |
c1a54c05 QY |
3761 | .. [bgp-route-osci-cond] McPherson, D. and Gill, V. and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation Condition", IETF RFC3345 |
3762 | .. [stable-flexible-ibgp] Flavel, A. and M. Roughan, "Stable and flexible iBGP", ACM SIGCOMM 2009 | |
3763 | .. [ibgp-correctness] Griffin, T. and G. Wilfong, "On the correctness of IBGP configuration", ACM SIGCOMM 2002 |