]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _bgp: |
42fc5d26 QY |
2 | |
3 | *** | |
4 | BGP | |
5 | *** | |
6 | ||
c3c5a71f QY |
7 | :abbr:`BGP` stands for a Border Gateway Protocol. The lastest BGP version is 4. |
8 | It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols and | |
9 | de-fact standard of Inter Domain routing protocol. BGP-4 is described in | |
07a17e6d | 10 | :rfc:`1771`. |
42fc5d26 | 11 | |
07a17e6d QY |
12 | Many extensions have been added to :rfc:`1771`. :rfc:`2858` provides |
13 | multiprotocol support to BGP-4. | |
42fc5d26 | 14 | |
0efdf0fe | 15 | .. _starting-bgp: |
42fc5d26 QY |
16 | |
17 | Starting BGP | |
18 | ============ | |
19 | ||
c1a54c05 QY |
20 | Default configuration file of *bgpd* is :file:`bgpd.conf`. *bgpd* searches the |
21 | current directory first then |INSTALL_PREFIX_ETC|/bgpd.conf. All of bgpd's | |
22 | command must be configured in :file:`bgpd.conf`. | |
42fc5d26 | 23 | |
c1a54c05 | 24 | *bgpd* specific invocation options are described below. Common options may also |
0efdf0fe | 25 | be specified (:ref:`common-invocation-options`). |
42fc5d26 | 26 | |
c1a54c05 | 27 | .. program:: bgpd |
42fc5d26 | 28 | |
c1a54c05 QY |
29 | .. option:: -p <port> |
30 | .. option:: --bgp_port <port> | |
42fc5d26 | 31 | |
c1a54c05 | 32 | Set the bgp protocol's port number. |
42fc5d26 | 33 | |
c1a54c05 QY |
34 | .. option:: -r |
35 | .. option:: --retain | |
42fc5d26 | 36 | |
c1a54c05 | 37 | When program terminates, retain BGP routes added by zebra. |
42fc5d26 | 38 | |
c1a54c05 QY |
39 | .. option:: -l |
40 | .. option:: --listenon | |
42fc5d26 | 41 | |
c1a54c05 QY |
42 | Specify a specific IP address for bgpd to listen on, rather than its |
43 | default of INADDR_ANY / IN6ADDR_ANY. This can be useful to constrain bgpd | |
44 | to an internal address, or to run multiple bgpd processes on one host. | |
42fc5d26 QY |
45 | |
46 | ||
0efdf0fe | 47 | .. _bgp-router: |
42fc5d26 QY |
48 | |
49 | BGP router | |
50 | ========== | |
51 | ||
c1a54c05 QY |
52 | First of all you must configure BGP router with *router bgp* command. To |
53 | configure BGP router, you need AS number. AS number is an identification of | |
54 | autonomous system. BGP protocol uses the AS number for detecting whether the | |
55 | BGP connection is internal one or external one. | |
42fc5d26 | 56 | |
c3c5a71f | 57 | .. index:: router bgp ASN |
29adcd50 | 58 | .. clicmd:: router bgp ASN |
42fc5d26 | 59 | |
c1a54c05 QY |
60 | Enable a BGP protocol process with the specified ASN. After |
61 | this statement you can input any `BGP Commands`. You can not | |
62 | create different BGP process under different ASN without | |
0efdf0fe | 63 | specifying `multiple-instance` (:ref:`multiple-instance`). |
42fc5d26 | 64 | |
c1a54c05 | 65 | .. index:: no router bgp ASN |
29adcd50 | 66 | .. clicmd:: no router bgp ASN |
42fc5d26 | 67 | |
c1a54c05 | 68 | Destroy a BGP protocol process with the specified ASN. |
42fc5d26 | 69 | |
c1a54c05 QY |
70 | .. index:: bgp router-id A.B.C.D |
71 | .. clicmd:: bgp router-id A.B.C.D | |
c3c5a71f | 72 | |
c1a54c05 QY |
73 | This command specifies the router-ID. If *bgpd* connects to *zebra* it gets |
74 | interface and address information. In that case default router ID value is | |
75 | selected as the largest IP Address of the interfaces. When `router zebra` is | |
76 | not enabled *bgpd* can't get interface information so `router-id` is set to | |
77 | 0.0.0.0. So please set router-id by hand. | |
42fc5d26 | 78 | |
0efdf0fe | 79 | .. _bgp-distance: |
42fc5d26 QY |
80 | |
81 | BGP distance | |
82 | ------------ | |
83 | ||
29adcd50 | 84 | .. index:: distance bgp (1-255) (1-255) (1-255) |
29adcd50 | 85 | .. clicmd:: distance bgp (1-255) (1-255) (1-255) |
42fc5d26 | 86 | |
c1a54c05 QY |
87 | This command change distance value of BGP. Each argument is distance value |
88 | for external routes, internal routes and local routes. | |
42fc5d26 | 89 | |
c1a54c05 QY |
90 | .. index:: distance (1-255) A.B.C.D/M |
91 | .. clicmd:: distance (1-255) A.B.C.D/M | |
c3c5a71f | 92 | |
c1a54c05 QY |
93 | .. index:: distance (1-255) A.B.C.D/M word |
94 | .. clicmd:: distance (1-255) A.B.C.D/M word | |
42fc5d26 | 95 | |
0efdf0fe | 96 | .. _bgp-decision-process: |
42fc5d26 QY |
97 | |
98 | BGP decision process | |
99 | -------------------- | |
100 | ||
dc1046f7 | 101 | The decision process FRR BGP uses to select routes is as follows: |
42fc5d26 | 102 | |
c1a54c05 | 103 | 1. Weight check |
42fc5d26 QY |
104 | |
105 | ||
c1a54c05 | 106 | Prefer higher local weight routes to lower routes. |
42fc5d26 | 107 | |
c1a54c05 | 108 | 2. Local preference check |
42fc5d26 | 109 | |
42fc5d26 | 110 | |
c1a54c05 | 111 | Prefer higher local preference routes to lower. |
42fc5d26 | 112 | |
c1a54c05 | 113 | 3. Local route check |
42fc5d26 | 114 | |
c1a54c05 | 115 | Prefer local routes (statics, aggregates, redistributed) to received routes. |
42fc5d26 | 116 | |
c1a54c05 | 117 | 4. AS path length check |
42fc5d26 | 118 | |
c1a54c05 | 119 | Prefer shortest hop-count AS_PATHs. |
42fc5d26 | 120 | |
c1a54c05 | 121 | 5. Origin check |
42fc5d26 | 122 | |
c1a54c05 QY |
123 | Prefer the lowest origin type route. That is, prefer IGP origin routes to |
124 | EGP, to Incomplete routes. | |
42fc5d26 | 125 | |
c1a54c05 | 126 | 6. MED check |
42fc5d26 | 127 | |
c1a54c05 | 128 | Where routes with a MED were received from the same AS, prefer the route |
0efdf0fe | 129 | with the lowest MED. :ref:`bgp-med`. |
42fc5d26 | 130 | |
c1a54c05 | 131 | 7. External check |
42fc5d26 | 132 | |
c1a54c05 QY |
133 | Prefer the route received from an external, eBGP peer over routes received |
134 | from other types of peers. | |
42fc5d26 | 135 | |
c1a54c05 | 136 | 8. IGP cost check |
42fc5d26 | 137 | |
c1a54c05 | 138 | Prefer the route with the lower IGP cost. |
42fc5d26 | 139 | |
c1a54c05 | 140 | 9. Multi-path check |
42fc5d26 | 141 | |
c1a54c05 QY |
142 | If multi-pathing is enabled, then check whether the routes not yet |
143 | distinguished in preference may be considered equal. If | |
9e146a81 | 144 | :clicmd:`bgp bestpath as-path multipath-relax` is set, all such routes are |
c1a54c05 QY |
145 | considered equal, otherwise routes received via iBGP with identical AS_PATHs |
146 | or routes received from eBGP neighbours in the same AS are considered equal. | |
42fc5d26 | 147 | |
c1a54c05 | 148 | 10. Already-selected external check |
42fc5d26 | 149 | |
c1a54c05 QY |
150 | Where both routes were received from eBGP peers, then prefer the route |
151 | which is already selected. Note that this check is not applied if | |
9e146a81 QY |
152 | :clicmd:`bgp bestpath compare-routerid` is configured. This check can |
153 | prevent some cases of oscillation. | |
42fc5d26 | 154 | |
c1a54c05 | 155 | 11. Router-ID check |
42fc5d26 | 156 | |
c1a54c05 QY |
157 | Prefer the route with the lowest `router-ID`. If the route has an |
158 | `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is | |
159 | used, otherwise the `router-ID` of the peer the route was received from is | |
160 | used. | |
42fc5d26 | 161 | |
c1a54c05 | 162 | 12. Cluster-List length check |
42fc5d26 | 163 | |
c1a54c05 QY |
164 | The route with the shortest cluster-list length is used. The cluster-list |
165 | reflects the iBGP reflection path the route has taken. | |
42fc5d26 | 166 | |
42fc5d26 | 167 | |
c1a54c05 QY |
168 | 13. Peer address |
169 | ||
170 | Prefer the route received from the peer with the higher | |
171 | transport layer address, as a last-resort tie-breaker. | |
42fc5d26 | 172 | |
c3c5a71f | 173 | |
c1a54c05 | 174 | .. index:: bgp bestpath as-path confed |
29adcd50 | 175 | .. clicmd:: bgp bestpath as-path confed |
42fc5d26 | 176 | |
c1a54c05 QY |
177 | This command specifies that the length of confederation path sets and |
178 | sequences should should be taken into account during the BGP best path | |
179 | decision process. | |
42fc5d26 | 180 | |
c3c5a71f | 181 | .. index:: bgp bestpath as-path multipath-relax |
29adcd50 | 182 | .. clicmd:: bgp bestpath as-path multipath-relax |
42fc5d26 | 183 | |
c1a54c05 QY |
184 | This command specifies that BGP decision process should consider paths |
185 | of equal AS_PATH length candidates for multipath computation. Without | |
186 | the knob, the entire AS_PATH must match for multipath computation. | |
c3c5a71f | 187 | |
29adcd50 | 188 | .. clicmd:: bgp bestpath compare-routerid |
42fc5d26 | 189 | |
c1a54c05 QY |
190 | Ensure that when comparing routes where both are equal on most metrics, |
191 | including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken | |
192 | based on router-ID. | |
42fc5d26 | 193 | |
c1a54c05 QY |
194 | If this option is enabled, then the already-selected check, where |
195 | already selected eBGP routes are preferred, is skipped. | |
42fc5d26 | 196 | |
c1a54c05 QY |
197 | If a route has an `ORIGINATOR_ID` attribute because it has been reflected, |
198 | that `ORIGINATOR_ID` will be used. Otherwise, the router-ID of the peer the | |
199 | route was received from will be used. | |
42fc5d26 | 200 | |
c1a54c05 QY |
201 | The advantage of this is that the route-selection (at this point) will be |
202 | more deterministic. The disadvantage is that a few or even one lowest-ID | |
203 | router may attract all trafic to otherwise-equal paths because of this | |
204 | check. It may increase the possibility of MED or IGP oscillation, unless | |
205 | other measures were taken to avoid these. The exact behaviour will be | |
206 | sensitive to the iBGP and reflection topology. | |
42fc5d26 QY |
207 | |
208 | ||
0efdf0fe | 209 | .. _bgp-route-flap-dampening: |
42fc5d26 QY |
210 | |
211 | BGP route flap dampening | |
212 | ------------------------ | |
213 | ||
c1a54c05 QY |
214 | .. clicmd:: bgp dampening (1-45) (1-20000) (1-20000) (1-255) |
215 | ||
c3c5a71f | 216 | |
c1a54c05 | 217 | This command enables BGP route-flap dampening and specifies dampening parameters. |
42fc5d26 | 218 | |
42fc5d26 | 219 | |
c1a54c05 QY |
220 | half-life |
221 | Half-life time for the penalty | |
42fc5d26 | 222 | |
c1a54c05 QY |
223 | reuse-threshold |
224 | Value to start reusing a route | |
42fc5d26 | 225 | |
c1a54c05 QY |
226 | suppress-threshold |
227 | Value to start suppressing a route | |
42fc5d26 | 228 | |
c1a54c05 QY |
229 | max-suppress |
230 | Maximum duration to suppress a stable route | |
42fc5d26 | 231 | |
c1a54c05 QY |
232 | The route-flap damping algorithm is compatible with :rfc:`2439`. The use of |
233 | this command is not recommended nowadays. | |
42fc5d26 | 234 | |
c1a54c05 QY |
235 | .. seealso:: |
236 | ||
237 | `http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378 <http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378>`_ | |
42fc5d26 | 238 | |
0efdf0fe | 239 | .. _bgp-med: |
42fc5d26 QY |
240 | |
241 | BGP MED | |
242 | ======= | |
243 | ||
c1a54c05 QY |
244 | The BGP :abbr:`MED (Multi Exit Discriminator)` attribute has properties which |
245 | can cause subtle convergence problems in BGP. These properties and problems | |
246 | have proven to be hard to understand, at least historically, and may still not | |
247 | be widely understood. The following attempts to collect together and present | |
248 | what is known about MED, to help operators and FRR users in designing and | |
249 | configuring their networks. | |
42fc5d26 | 250 | |
07a17e6d QY |
251 | The BGP :abbr:`MED` attribute is intended to allow one AS to indicate its |
252 | preferences for its ingress points to another AS. The MED attribute will not be | |
253 | propagated on to another AS by the receiving AS - it is 'non-transitive' in the | |
254 | BGP sense. | |
42fc5d26 | 255 | |
c1a54c05 QY |
256 | E.g., if AS X and AS Y have 2 different BGP peering points, then AS X might set |
257 | a MED of 100 on routes advertised at one and a MED of 200 at the other. When AS | |
258 | Y selects between otherwise equal routes to or via AS X, AS Y should prefer to | |
259 | take the path via the lower MED peering of 100 with AS X. Setting the MED | |
260 | allows an AS to influence the routing taken to it within another, neighbouring | |
261 | AS. | |
42fc5d26 QY |
262 | |
263 | In this use of MED it is not really meaningful to compare the MED value on | |
c1a54c05 QY |
264 | routes where the next AS on the paths differs. E.g., if AS Y also had a route |
265 | for some destination via AS Z in addition to the routes from AS X, and AS Z had | |
266 | also set a MED, it wouldn't make sense for AS Y to compare AS Z's MED values to | |
267 | those of AS X. The MED values have been set by different administrators, with | |
268 | different frames of reference. | |
42fc5d26 QY |
269 | |
270 | The default behaviour of BGP therefore is to not compare MED values across | |
dc1046f7 | 271 | routes received from different neighbouring ASes. In FRR this is done by |
c1a54c05 QY |
272 | comparing the neighbouring, left-most AS in the received AS_PATHs of the routes |
273 | and only comparing MED if those are the same. | |
274 | ||
275 | Unfortunately, this behaviour of MED, of sometimes being compared across routes | |
276 | and sometimes not, depending on the properties of those other routes, means MED | |
277 | can cause the order of preference over all the routes to be undefined. That is, | |
278 | given routes A, B, and C, if A is preferred to B, and B is preferred to C, then | |
279 | a well-defined order should mean the preference is transitive (in the sense of | |
013f9762 | 280 | orders [#med-transitivity-rant]_) and that A would be preferred to C. |
42fc5d26 | 281 | |
c3c5a71f QY |
282 | However, when MED is involved this need not be the case. With MED it is |
283 | possible that C is actually preferred over A. So A is preferred to B, B is | |
284 | preferred to C, but C is preferred to A. This can be true even where BGP | |
c1a54c05 QY |
285 | defines a deterministic 'most preferred' route out of the full set of A,B,C. |
286 | With MED, for any given set of routes there may be a deterministically | |
287 | preferred route, but there need not be any way to arrange them into any order | |
288 | of preference. With unmodified MED, the order of preference of routes literally | |
289 | becomes undefined. | |
42fc5d26 | 290 | |
c3c5a71f | 291 | That MED can induce non-transitive preferences over routes can cause issues. |
c1a54c05 QY |
292 | Firstly, it may be perceived to cause routing table churn locally at speakers; |
293 | secondly, and more seriously, it may cause routing instability in iBGP | |
294 | topologies, where sets of speakers continually oscillate between different | |
295 | paths. | |
42fc5d26 | 296 | |
c3c5a71f | 297 | The first issue arises from how speakers often implement routing decisions. |
c1a54c05 QY |
298 | Though BGP defines a selection process that will deterministically select the |
299 | same route as best at any given speaker, even with MED, that process requires | |
300 | evaluating all routes together. For performance and ease of implementation | |
301 | reasons, many implementations evaluate route preferences in a pair-wise fashion | |
302 | instead. Given there is no well-defined order when MED is involved, the best | |
303 | route that will be chosen becomes subject to implementation details, such as | |
304 | the order the routes are stored in. That may be (locally) non-deterministic, | |
305 | e.g.: it may be the order the routes were received in. | |
42fc5d26 QY |
306 | |
307 | This indeterminism may be considered undesirable, though it need not cause | |
c1a54c05 QY |
308 | problems. It may mean additional routing churn is perceived, as sometimes more |
309 | updates may be produced than at other times in reaction to some event . | |
42fc5d26 QY |
310 | |
311 | This first issue can be fixed with a more deterministic route selection that | |
c3c5a71f | 312 | ensures routes are ordered by the neighbouring AS during selection. |
9e146a81 | 313 | :clicmd:`bgp deterministic-med`. This may reduce the number of updates as routes |
c1a54c05 QY |
314 | are received, and may in some cases reduce routing churn. Though, it could |
315 | equally deterministically produce the largest possible set of updates in | |
316 | response to the most common sequence of received updates. | |
42fc5d26 QY |
317 | |
318 | A deterministic order of evaluation tends to imply an additional overhead of | |
c3c5a71f | 319 | sorting over any set of n routes to a destination. The implementation of |
dc1046f7 | 320 | deterministic MED in FRR scales significantly worse than most sorting |
c1a54c05 QY |
321 | algorithms at present, with the number of paths to a given destination. That |
322 | number is often low enough to not cause any issues, but where there are many | |
323 | paths, the deterministic comparison may quickly become increasingly expensive | |
324 | in terms of CPU. | |
325 | ||
326 | Deterministic local evaluation can *not* fix the second, more major, issue of | |
327 | MED however. Which is that the non-transitive preference of routes MED can | |
328 | cause may lead to routing instability or oscillation across multiple speakers | |
329 | in iBGP topologies. This can occur with full-mesh iBGP, but is particularly | |
330 | problematic in non-full-mesh iBGP topologies that further reduce the routing | |
331 | information known to each speaker. This has primarily been documented with iBGP | |
332 | route-reflection topologies. However, any route-hiding technologies potentially | |
333 | could also exacerbate oscillation with MED. | |
334 | ||
335 | This second issue occurs where speakers each have only a subset of routes, and | |
336 | there are cycles in the preferences between different combinations of routes - | |
337 | as the undefined order of preference of MED allows - and the routes are | |
338 | distributed in a way that causes the BGP speakers to 'chase' those cycles. This | |
339 | can occur even if all speakers use a deterministic order of evaluation in route | |
340 | selection. | |
341 | ||
342 | E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and from | |
343 | speaker 3 in AS Y; while speaker 5 in AS A might receive that route from | |
344 | speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100 at speaker | |
345 | 3. I.e, using ASN:ID:MED to label the speakers: | |
42fc5d26 QY |
346 | |
347 | :: | |
348 | ||
c1a54c05 QY |
349 | . |
350 | /---------------\\ | |
42fc5d26 | 351 | X:2------|--A:4-------A:5--|-Y:1:200 |
c1a54c05 QY |
352 | Y:3:100--|-/ | |
353 | \\---------------/ | |
c3c5a71f | 354 | |
42fc5d26 | 355 | |
42fc5d26 | 356 | |
c1a54c05 QY |
357 | Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then based |
358 | on the RFC4271 decision process speaker 4 will choose X:2 over Y:3:100, based | |
359 | on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5. Speaker 5 will | |
360 | continue to prefer Y:1:200 based on the ID, and advertise this to speaker 4. | |
361 | Speaker 4 will now have the full set of routes, and the Y:1:200 it receives | |
362 | from 5 will beat X:2, but when speaker 4 compares Y:1:200 to Y:3:100 the MED | |
363 | check now becomes active as the ASes match, and now Y:3:100 is preferred. | |
364 | Speaker 4 therefore now advertises Y:3:100 to 5, which will also agrees that | |
365 | Y:3:100 is preferred to Y:1:200, and so withdraws the latter route from 4. | |
366 | Speaker 4 now has only X:2 and Y:3:100, and X:2 beats Y:3:100, and so speaker 4 | |
367 | implicitly updates its route to speaker 5 to X:2. Speaker 5 sees that Y:1:200 | |
368 | beats X:2 based on the ID, and advertises Y:1:200 to speaker 4, and the cycle | |
369 | continues. | |
42fc5d26 QY |
370 | |
371 | The root cause is the lack of a clear order of preference caused by how MED | |
372 | sometimes is and sometimes is not compared, leading to this cycle in the | |
373 | preferences between the routes: | |
374 | ||
375 | :: | |
376 | ||
c1a54c05 QY |
377 | . |
378 | /---> X:2 ---beats---> Y:3:100 --\\ | |
379 | | | | |
380 | | | | |
381 | \\---beats--- Y:1:200 <---beats---/ | |
c3c5a71f | 382 | |
42fc5d26 | 383 | |
42fc5d26 QY |
384 | |
385 | This particular type of oscillation in full-mesh iBGP topologies can be | |
386 | avoided by speakers preferring already selected, external routes rather than | |
c1a54c05 QY |
387 | choosing to update to new a route based on a post-MED metric (e.g. router-ID), |
388 | at the cost of a non-deterministic selection process. FRR implements this, as | |
389 | do many other implementations, so long as it is not overridden by setting | |
9e146a81 QY |
390 | :clicmd:`bgp bestpath compare-routerid`, and see also |
391 | :ref:`bgp-decision-process`. | |
42fc5d26 QY |
392 | |
393 | However, more complex and insidious cycles of oscillation are possible with | |
c3c5a71f | 394 | iBGP route-reflection, which are not so easily avoided. These have been |
c1a54c05 QY |
395 | documented in various places. See, e.g.: |
396 | ||
397 | - [bgp-route-osci-cond]_ | |
398 | - [stable-flexible-ibgp]_ | |
399 | - [ibgp-correctness]_ | |
400 | ||
401 | for concrete examples and further references. | |
402 | ||
403 | There is as of this writing *no* known way to use MED for its original purpose; | |
404 | *and* reduce routing information in iBGP topologies; *and* be sure to avoid the | |
405 | instability problems of MED due the non-transitive routing preferences it can | |
406 | induce; in general on arbitrary networks. | |
407 | ||
408 | There may be iBGP topology specific ways to reduce the instability risks, even | |
409 | while using MED, e.g.: by constraining the reflection topology and by tuning | |
013f9762 | 410 | IGP costs between route-reflector clusters, see :rfc:`3345` for details. In the |
c1a54c05 QY |
411 | near future, the Add-Path extension to BGP may also solve MED oscillation while |
412 | still allowing MED to be used as intended, by distributing "best-paths per | |
413 | neighbour AS". This would be at the cost of distributing at least as many | |
414 | routes to all speakers as a full-mesh iBGP would, if not more, while also | |
415 | imposing similar CPU overheads as the "Deterministic MED" feature at each | |
416 | Add-Path reflector. | |
42fc5d26 QY |
417 | |
418 | More generally, the instability problems that MED can introduce on more | |
419 | complex, non-full-mesh, iBGP topologies may be avoided either by: | |
420 | ||
013f9762 | 421 | - Setting :clicmd:`bgp always-compare-med`, however this allows MED to be compared |
42fc5d26 QY |
422 | across values set by different neighbour ASes, which may not produce |
423 | coherent desirable results, of itself. | |
4b44467c | 424 | - Effectively ignoring MED by setting MED to the same value (e.g.: 0) using |
013f9762 QY |
425 | :clicmd:`set metric METRIC` on all received routes, in combination with |
426 | setting :clicmd:`bgp always-compare-med` on all speakers. This is the simplest | |
42fc5d26 QY |
427 | and most performant way to avoid MED oscillation issues, where an AS is happy |
428 | not to allow neighbours to inject this problematic metric. | |
429 | ||
42fc5d26 QY |
430 | As MED is evaluated after the AS_PATH length check, another possible use for |
431 | MED is for intra-AS steering of routes with equal AS_PATH length, as an | |
c1a54c05 QY |
432 | extension of the last case above. As MED is evaluated before IGP metric, this |
433 | can allow cold-potato routing to be implemented to send traffic to preferred | |
434 | hand-offs with neighbours, rather than the closest hand-off according to the | |
435 | IGP metric. | |
436 | ||
437 | Note that even if action is taken to address the MED non-transitivity issues, | |
438 | other oscillations may still be possible. E.g., on IGP cost if iBGP and IGP | |
439 | topologies are at cross-purposes with each other - see the Flavel and Roughan | |
440 | paper above for an example. Hence the guideline that the iBGP topology should | |
441 | follow the IGP topology. | |
442 | ||
c3c5a71f | 443 | .. index:: bgp deterministic-med |
29adcd50 | 444 | .. clicmd:: bgp deterministic-med |
42fc5d26 | 445 | |
c1a54c05 QY |
446 | Carry out route-selection in way that produces deterministic answers |
447 | locally, even in the face of MED and the lack of a well-defined order of | |
448 | preference it can induce on routes. Without this option the preferred route | |
449 | with MED may be determined largely by the order that routes were received | |
450 | in. | |
42fc5d26 | 451 | |
c1a54c05 QY |
452 | Setting this option will have a performance cost that may be noticeable when |
453 | there are many routes for each destination. Currently in FRR it is | |
454 | implemented in a way that scales poorly as the number of routes per | |
455 | destination increases. | |
42fc5d26 | 456 | |
c1a54c05 | 457 | The default is that this option is not set. |
42fc5d26 QY |
458 | |
459 | Note that there are other sources of indeterminism in the route selection | |
460 | process, specifically, the preference for older and already selected routes | |
0efdf0fe | 461 | from eBGP peers, :ref:`bgp-decision-process`. |
42fc5d26 | 462 | |
c3c5a71f | 463 | .. index:: bgp always-compare-med |
29adcd50 | 464 | .. clicmd:: bgp always-compare-med |
42fc5d26 | 465 | |
c1a54c05 QY |
466 | Always compare the MED on routes, even when they were received from |
467 | different neighbouring ASes. Setting this option makes the order of | |
468 | preference of routes more defined, and should eliminate MED induced | |
469 | oscillations. | |
42fc5d26 | 470 | |
c1a54c05 | 471 | If using this option, it may also be desirable to use |
9e146a81 | 472 | :clicmd:`set metric METRIC` to set MED to 0 on routes received from external |
c1a54c05 | 473 | neighbours. |
42fc5d26 | 474 | |
9e146a81 QY |
475 | This option can be used, together with :clicmd:`set metric METRIC` to use |
476 | MED as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., | |
477 | desired exit points. | |
42fc5d26 | 478 | |
0efdf0fe | 479 | .. _bgp-network: |
42fc5d26 QY |
480 | |
481 | BGP network | |
482 | =========== | |
483 | ||
484 | ||
0efdf0fe | 485 | .. _bgp-route: |
42fc5d26 QY |
486 | |
487 | BGP route | |
488 | --------- | |
489 | ||
c1a54c05 QY |
490 | .. index:: network A.B.C.D/M |
491 | .. clicmd:: network A.B.C.D/M | |
42fc5d26 | 492 | |
c1a54c05 | 493 | This command adds the announcement network.:: |
c3c5a71f | 494 | |
c1a54c05 QY |
495 | router bgp 1 |
496 | address-family ipv4 unicast | |
497 | network 10.0.0.0/8 | |
498 | exit-address-family | |
42fc5d26 | 499 | |
c1a54c05 QY |
500 | This configuration example says that network 10.0.0.0/8 will be |
501 | announced to all neighbors. Some vendors' routers don't advertise | |
502 | routes if they aren't present in their IGP routing tables; `bgpd` | |
503 | doesn't care about IGP routes when announcing its routes. | |
c3c5a71f | 504 | |
c1a54c05 QY |
505 | .. index:: no network A.B.C.D/M |
506 | .. clicmd:: no network A.B.C.D/M | |
42fc5d26 | 507 | |
42fc5d26 | 508 | |
0efdf0fe | 509 | .. _route-aggregation: |
42fc5d26 QY |
510 | |
511 | Route Aggregation | |
512 | ----------------- | |
513 | ||
c1a54c05 QY |
514 | .. index:: aggregate-address A.B.C.D/M |
515 | .. clicmd:: aggregate-address A.B.C.D/M | |
c3c5a71f | 516 | |
c1a54c05 | 517 | This command specifies an aggregate address. |
42fc5d26 | 518 | |
c1a54c05 QY |
519 | .. index:: aggregate-address A.B.C.D/M as-set |
520 | .. clicmd:: aggregate-address A.B.C.D/M as-set | |
42fc5d26 | 521 | |
c1a54c05 QY |
522 | This command specifies an aggregate address. Resulting routes include |
523 | AS set. | |
42fc5d26 | 524 | |
c1a54c05 QY |
525 | .. index:: aggregate-address A.B.C.D/M summary-only |
526 | .. clicmd:: aggregate-address A.B.C.D/M summary-only | |
c3c5a71f | 527 | |
c1a54c05 QY |
528 | This command specifies an aggregate address. Aggreated routes will |
529 | not be announce. | |
42fc5d26 | 530 | |
c1a54c05 QY |
531 | .. index:: no aggregate-address A.B.C.D/M |
532 | .. clicmd:: no aggregate-address A.B.C.D/M | |
c3c5a71f | 533 | |
42fc5d26 | 534 | |
42fc5d26 | 535 | |
0efdf0fe | 536 | .. _redistribute-to-bgp: |
42fc5d26 QY |
537 | |
538 | Redistribute to BGP | |
539 | ------------------- | |
540 | ||
c3c5a71f | 541 | .. index:: redistribute kernel |
29adcd50 | 542 | .. clicmd:: redistribute kernel |
42fc5d26 | 543 | |
c1a54c05 | 544 | Redistribute kernel route to BGP process. |
42fc5d26 | 545 | |
c3c5a71f | 546 | .. index:: redistribute static |
29adcd50 | 547 | .. clicmd:: redistribute static |
42fc5d26 | 548 | |
c1a54c05 | 549 | Redistribute static route to BGP process. |
42fc5d26 | 550 | |
c3c5a71f | 551 | .. index:: redistribute connected |
29adcd50 | 552 | .. clicmd:: redistribute connected |
42fc5d26 | 553 | |
c1a54c05 | 554 | Redistribute connected route to BGP process. |
42fc5d26 | 555 | |
c3c5a71f | 556 | .. index:: redistribute rip |
29adcd50 | 557 | .. clicmd:: redistribute rip |
42fc5d26 | 558 | |
c1a54c05 | 559 | Redistribute RIP route to BGP process. |
42fc5d26 | 560 | |
c3c5a71f | 561 | .. index:: redistribute ospf |
29adcd50 | 562 | .. clicmd:: redistribute ospf |
42fc5d26 | 563 | |
c1a54c05 | 564 | Redistribute OSPF route to BGP process. |
42fc5d26 | 565 | |
c3c5a71f | 566 | .. index:: redistribute vpn |
29adcd50 | 567 | .. clicmd:: redistribute vpn |
42fc5d26 | 568 | |
c1a54c05 | 569 | Redistribute VNC routes to BGP process. |
42fc5d26 | 570 | |
c1a54c05 QY |
571 | .. index:: update-delay MAX-DELAY |
572 | .. clicmd:: update-delay MAX-DELAY | |
c3c5a71f | 573 | |
c1a54c05 QY |
574 | .. index:: update-delay MAX-DELAY ESTABLISH-WAIT |
575 | .. clicmd:: update-delay MAX-DELAY ESTABLISH-WAIT | |
c3c5a71f | 576 | |
c1a54c05 QY |
577 | This feature is used to enable read-only mode on BGP process restart or when |
578 | BGP process is cleared using 'clear ip bgp \*'. When applicable, read-only | |
579 | mode would begin as soon as the first peer reaches Established status and a | |
580 | timer for max-delay seconds is started. | |
42fc5d26 | 581 | |
c1a54c05 QY |
582 | During this mode BGP doesn't run any best-path or generate any updates to its |
583 | peers. This mode continues until: | |
42fc5d26 | 584 | |
c1a54c05 QY |
585 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR |
586 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
587 | Established is considered an implicit-EOR. | |
588 | If the establish-wait optional value is given, then BGP will wait for | |
589 | peers to reach established from the begining of the update-delay till the | |
590 | establish-wait period is over, i.e. the minimum set of established peers for | |
591 | which EOR is expected would be peers established during the establish-wait | |
592 | window, not necessarily all the configured neighbors. | |
593 | 2. max-delay period is over. | |
42fc5d26 | 594 | |
c1a54c05 QY |
595 | On hitting any of the above two conditions, BGP resumes the decision process |
596 | and generates updates to its peers. | |
42fc5d26 | 597 | |
c1a54c05 | 598 | Default max-delay is 0, i.e. the feature is off by default. |
c3c5a71f | 599 | |
c1a54c05 QY |
600 | .. index:: table-map ROUTE-MAP-NAME |
601 | .. clicmd:: table-map ROUTE-MAP-NAME | |
42fc5d26 | 602 | |
c1a54c05 QY |
603 | This feature is used to apply a route-map on route updates from BGP to |
604 | Zebra. All the applicable match operations are allowed, such as match on | |
605 | prefix, next-hop, communities, etc. Set operations for this attach-point are | |
606 | limited to metric and next-hop only. Any operation of this feature does not | |
607 | affect BGPs internal RIB. | |
42fc5d26 | 608 | |
c1a54c05 QY |
609 | Supported for ipv4 and ipv6 address families. It works on multi-paths as |
610 | well, however, metric setting is based on the best-path only. | |
42fc5d26 | 611 | |
0efdf0fe | 612 | .. _bgp-peer: |
42fc5d26 QY |
613 | |
614 | BGP Peer | |
615 | ======== | |
616 | ||
0efdf0fe | 617 | .. _defining-peer: |
42fc5d26 QY |
618 | |
619 | Defining Peer | |
620 | ------------- | |
621 | ||
c1a54c05 QY |
622 | .. index:: neighbor PEER remote-as ASN |
623 | .. clicmd:: neighbor PEER remote-as ASN | |
42fc5d26 | 624 | |
42fc5d26 | 625 | |
c1a54c05 QY |
626 | Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address |
627 | or an IPv6 address.:: | |
76bd1499 | 628 | |
c1a54c05 QY |
629 | router bgp 1 |
630 | neighbor 10.0.0.1 remote-as 2 | |
76bd1499 | 631 | |
c1a54c05 | 632 | In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1. |
76bd1499 | 633 | |
c1a54c05 QY |
634 | This command must be the first command used when configuring a neighbor. If |
635 | the remote-as is not specified, *bgpd* will complain like this::: | |
76bd1499 | 636 | |
c1a54c05 | 637 | can't find neighbor 10.0.0.1 |
c3c5a71f | 638 | |
42fc5d26 | 639 | |
0efdf0fe | 640 | .. _bgp-peer-commands: |
42fc5d26 QY |
641 | |
642 | BGP Peer commands | |
643 | ----------------- | |
644 | ||
645 | In a `router bgp` clause there are neighbor specific configurations | |
646 | required. | |
647 | ||
c1a54c05 QY |
648 | .. index:: neighbor PEER shutdown |
649 | .. clicmd:: neighbor PEER shutdown | |
c3c5a71f | 650 | |
c1a54c05 QY |
651 | .. index:: no neighbor PEER shutdown |
652 | .. clicmd:: no neighbor PEER shutdown | |
c3c5a71f | 653 | |
c1a54c05 QY |
654 | Shutdown the peer. We can delete the neighbor's configuration by |
655 | ``no neighbor PEER remote-as ASN`` but all configuration of the neighbor | |
656 | will be deleted. When you want to preserve the configuration, but want to | |
657 | drop the BGP peer, use this syntax. | |
c3c5a71f | 658 | |
c1a54c05 QY |
659 | .. index:: neighbor PEER ebgp-multihop |
660 | .. clicmd:: neighbor PEER ebgp-multihop | |
c3c5a71f | 661 | |
c1a54c05 QY |
662 | .. index:: no neighbor PEER ebgp-multihop |
663 | .. clicmd:: no neighbor PEER ebgp-multihop | |
c3c5a71f | 664 | |
c3c5a71f | 665 | |
c1a54c05 QY |
666 | .. index:: neighbor PEER description ... |
667 | .. clicmd:: neighbor PEER description ... | |
c3c5a71f | 668 | |
42fc5d26 | 669 | |
c1a54c05 QY |
670 | .. index:: no neighbor PEER description ... |
671 | .. clicmd:: no neighbor PEER description ... | |
42fc5d26 | 672 | |
c1a54c05 | 673 | Set description of the peer. |
42fc5d26 | 674 | |
c1a54c05 QY |
675 | .. index:: neighbor PEER version VERSION |
676 | .. clicmd:: neighbor PEER version VERSION | |
42fc5d26 | 677 | |
c1a54c05 QY |
678 | Set up the neighbor's BGP version. `version` can be `4`, |
679 | `4+` or `4-`. BGP version `4` is the default value used for | |
680 | BGP peering. BGP version `4+` means that the neighbor supports | |
681 | Multiprotocol Extensions for BGP-4. BGP version `4-` is similar but | |
682 | the neighbor speaks the old Internet-Draft revision 00's Multiprotocol | |
683 | Extensions for BGP-4. Some routing software is still using this | |
684 | version. | |
42fc5d26 | 685 | |
c1a54c05 QY |
686 | .. index:: neighbor PEER interface IFNAME |
687 | .. clicmd:: neighbor PEER interface IFNAME | |
42fc5d26 | 688 | |
42fc5d26 | 689 | |
c1a54c05 QY |
690 | .. index:: no neighbor PEER interface IFNAME |
691 | .. clicmd:: no neighbor PEER interface IFNAME | |
42fc5d26 | 692 | |
c1a54c05 QY |
693 | When you connect to a BGP peer over an IPv6 link-local address, you have to |
694 | specify the IFNAME of the interface used for the connection. To specify | |
695 | IPv4 session addresses, see the ``neighbor PEER update-source`` command | |
696 | below. | |
42fc5d26 | 697 | |
c1a54c05 QY |
698 | This command is deprecated and may be removed in a future release. Its use |
699 | should be avoided. | |
42fc5d26 | 700 | |
c1a54c05 QY |
701 | .. index:: neighbor PEER next-hop-self [all] |
702 | .. clicmd:: neighbor PEER next-hop-self [all] | |
42fc5d26 | 703 | |
42fc5d26 | 704 | |
c1a54c05 QY |
705 | .. index:: no neighbor PEER next-hop-self [all] |
706 | .. clicmd:: no neighbor PEER next-hop-self [all] | |
42fc5d26 | 707 | |
c1a54c05 QY |
708 | This command specifies an announced route's nexthop as being equivalent to |
709 | the address of the bgp router if it is learned via eBGP. If the optional | |
710 | keyword `all` is specified the modifiation is done also for routes learned | |
711 | via iBGP. | |
42fc5d26 | 712 | |
c1a54c05 QY |
713 | .. index:: neighbor PEER update-source <IFNAME|ADDRESS> |
714 | .. clicmd:: neighbor PEER update-source <IFNAME|ADDRESS> | |
42fc5d26 | 715 | |
42fc5d26 | 716 | |
c1a54c05 QY |
717 | .. index:: no neighbor PEER update-source |
718 | .. clicmd:: no neighbor PEER update-source | |
42fc5d26 | 719 | |
c1a54c05 QY |
720 | Specify the IPv4 source address to use for the :abbr:`BGP` session to this |
721 | neighbour, may be specified as either an IPv4 address directly or as an | |
722 | interface name (in which case the *zebra* daemon MUST be running in order | |
723 | for *bgpd* to be able to retrieve interface state).:: | |
42fc5d26 | 724 | |
c1a54c05 QY |
725 | router bgp 64555 |
726 | neighbor foo update-source 192.168.0.1 | |
727 | neighbor bar update-source lo0 | |
42fc5d26 | 728 | |
42fc5d26 | 729 | |
c1a54c05 QY |
730 | .. index:: neighbor PEER default-originate |
731 | .. clicmd:: neighbor PEER default-originate | |
42fc5d26 | 732 | |
c1a54c05 QY |
733 | .. index:: no neighbor PEER default-originate |
734 | .. clicmd:: no neighbor PEER default-originate | |
42fc5d26 | 735 | |
c1a54c05 QY |
736 | *bgpd*'s default is to not announce the default route (0.0.0.0/0) even it |
737 | is in routing table. When you want to announce default routes to the | |
738 | peer, use this command. | |
42fc5d26 | 739 | |
c1a54c05 QY |
740 | .. index:: neighbor PEER port PORT |
741 | .. clicmd:: neighbor PEER port PORT | |
42fc5d26 | 742 | |
c1a54c05 QY |
743 | .. index:: neighbor PEER send-community |
744 | .. clicmd:: neighbor PEER send-community | |
42fc5d26 | 745 | |
c1a54c05 QY |
746 | .. index:: neighbor PEER weight WEIGHT |
747 | .. clicmd:: neighbor PEER weight WEIGHT | |
42fc5d26 | 748 | |
42fc5d26 | 749 | |
c1a54c05 QY |
750 | .. index:: no neighbor PEER weight WEIGHT |
751 | .. clicmd:: no neighbor PEER weight WEIGHT | |
42fc5d26 | 752 | |
c1a54c05 | 753 | This command specifies a default `weight` value for the neighbor's routes. |
42fc5d26 | 754 | |
c1a54c05 QY |
755 | .. index:: neighbor PEER maximum-prefix NUMBER |
756 | .. clicmd:: neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 757 | |
42fc5d26 | 758 | |
c1a54c05 QY |
759 | .. index:: no neighbor PEER maximum-prefix NUMBER |
760 | .. clicmd:: no neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 761 | |
42fc5d26 | 762 | |
c1a54c05 QY |
763 | .. index:: neighbor PEER local-as AS-NUMBER |
764 | .. clicmd:: neighbor PEER local-as AS-NUMBER | |
42fc5d26 | 765 | |
42fc5d26 | 766 | |
c1a54c05 QY |
767 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend |
768 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend | |
42fc5d26 | 769 | |
42fc5d26 | 770 | |
c1a54c05 QY |
771 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend replace-as |
772 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend replace-as | |
42fc5d26 | 773 | |
42fc5d26 | 774 | |
c1a54c05 QY |
775 | .. index:: no neighbor PEER local-as |
776 | .. clicmd:: no neighbor PEER local-as | |
42fc5d26 | 777 | |
c1a54c05 QY |
778 | Specify an alternate AS for this BGP process when interacting with the |
779 | specified peer. With no modifiers, the specified local-as is prepended to | |
780 | the received AS_PATH when receiving routing updates from the peer, and | |
781 | prepended to the outgoing AS_PATH (after the process local AS) when | |
782 | transmitting local routes to the peer. | |
42fc5d26 | 783 | |
c1a54c05 QY |
784 | If the no-prepend attribute is specified, then the supplied local-as is not |
785 | prepended to the received AS_PATH. | |
c3c5a71f | 786 | |
c1a54c05 QY |
787 | If the replace-as attribute is specified, then only the supplied local-as is |
788 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
c3c5a71f | 789 | |
c1a54c05 | 790 | Note that replace-as can only be specified if no-prepend is. |
c3c5a71f | 791 | |
c1a54c05 | 792 | This command is only allowed for eBGP peers. |
c3c5a71f | 793 | |
c1a54c05 QY |
794 | .. index:: neighbor PEER ttl-security hops NUMBER |
795 | .. clicmd:: neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 796 | |
c3c5a71f | 797 | |
c1a54c05 QY |
798 | .. index:: no neighbor PEER ttl-security hops NUMBER |
799 | .. clicmd:: no neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 800 | |
c1a54c05 QY |
801 | This command enforces Generalized TTL Security Mechanism (GTSM), as |
802 | specified in RFC 5082. With this command, only neighbors that are the | |
803 | specified number of hops away will be allowed to become neighbors. This | |
804 | command is mututally exclusive with *ebgp-multihop*. | |
42fc5d26 | 805 | |
0efdf0fe | 806 | .. _peer-filtering: |
42fc5d26 QY |
807 | |
808 | Peer filtering | |
809 | -------------- | |
810 | ||
c1a54c05 QY |
811 | .. index:: neighbor PEER distribute-list NAME [in|out] |
812 | .. clicmd:: neighbor PEER distribute-list NAME [in|out] | |
42fc5d26 | 813 | |
c1a54c05 QY |
814 | This command specifies a distribute-list for the peer. `direct` is |
815 | ``in`` or ``out``. | |
42fc5d26 | 816 | |
c3c5a71f | 817 | .. index:: neighbor PEER prefix-list NAME [in|out] |
29adcd50 | 818 | .. clicmd:: neighbor PEER prefix-list NAME [in|out] |
42fc5d26 | 819 | |
c1a54c05 | 820 | .. index:: neighbor PEER filter-list NAME [in|out] |
29adcd50 | 821 | .. clicmd:: neighbor PEER filter-list NAME [in|out] |
42fc5d26 | 822 | |
c1a54c05 QY |
823 | .. index:: neighbor PEER route-map NAME [in|out] |
824 | .. clicmd:: neighbor PEER route-map NAME [in|out] | |
42fc5d26 | 825 | |
c1a54c05 | 826 | Apply a route-map on the neighbor. `direct` must be `in` or `out`. |
42fc5d26 | 827 | |
c3c5a71f | 828 | .. index:: bgp route-reflector allow-outbound-policy |
29adcd50 | 829 | .. clicmd:: bgp route-reflector allow-outbound-policy |
42fc5d26 | 830 | |
c1a54c05 QY |
831 | By default, attribute modification via route-map policy out is not reflected |
832 | on reflected routes. This option allows the modifications to be reflected as | |
833 | well. Once enabled, it affects all reflected routes. | |
42fc5d26 | 834 | |
0efdf0fe | 835 | .. _bgp-peer-group: |
42fc5d26 QY |
836 | |
837 | BGP Peer Group | |
838 | ============== | |
839 | ||
c1a54c05 QY |
840 | .. index:: neighbor WORD peer-group |
841 | .. clicmd:: neighbor WORD peer-group | |
42fc5d26 | 842 | |
c1a54c05 | 843 | This command defines a new peer group. |
42fc5d26 | 844 | |
c1a54c05 QY |
845 | .. index:: neighbor PEER peer-group WORD |
846 | .. clicmd:: neighbor PEER peer-group WORD | |
c3c5a71f | 847 | |
c1a54c05 | 848 | This command bind specific peer to peer group WORD. |
42fc5d26 | 849 | |
0efdf0fe | 850 | .. _bgp-address-family: |
42fc5d26 QY |
851 | |
852 | BGP Address Family | |
853 | ================== | |
854 | ||
c1a54c05 QY |
855 | Multiprotocol BGP enables BGP to carry routing information for multiple Network |
856 | Layer protocols. BGP supports multiple Address Family Identifier (AFI), namely | |
857 | IPv4 and IPv6. Support is also provided for multiple sets of per-AFI | |
858 | information via Subsequent Address Family Identifiers (SAFI). In addition to | |
859 | unicast information, VPN information :rfc:`4364` and :rfc:`4659`, and | |
d38549c9 | 860 | Encapsulation attribute :rfc:`5512` is supported. |
42fc5d26 | 861 | |
d38549c9 QY |
862 | .. index:: show ip bgp ipv4 vpn |
863 | .. clicmd:: show ip bgp ipv4 vpn | |
42fc5d26 | 864 | |
d38549c9 QY |
865 | .. index:: show ipv6 bgp ipv6 vpn |
866 | .. clicmd:: show ipv6 bgp ipv6 vpn | |
42fc5d26 | 867 | |
c1a54c05 | 868 | Print active IPV4 or IPV6 routes advertised via the VPN SAFI. |
42fc5d26 | 869 | |
c1a54c05 | 870 | .. index:: show bgp ipv4 vpn summary |
29adcd50 | 871 | .. clicmd:: show bgp ipv4 vpn summary |
42fc5d26 | 872 | |
c1a54c05 | 873 | .. index:: show bgp ipv6 vpn summary |
29adcd50 | 874 | .. clicmd:: show bgp ipv6 vpn summary |
c1a54c05 QY |
875 | |
876 | Print a summary of neighbor connections for the specified AFI/SAFI combination. | |
42fc5d26 | 877 | |
0efdf0fe | 878 | .. _autonomous-system: |
42fc5d26 QY |
879 | |
880 | Autonomous System | |
881 | ================= | |
882 | ||
c1a54c05 QY |
883 | The :abbr:`AS (Autonomous System)` number is one of the essential element of |
884 | BGP. BGP is a distance vector routing protocol, and the AS-Path framework | |
885 | provides distance vector metric and loop detection to BGP. :rfc:`1930` provides | |
886 | some background on the concepts of an AS. | |
42fc5d26 | 887 | |
c1a54c05 QY |
888 | The AS number is a two octet value, ranging in value from 1 to 65535. The AS |
889 | numbers 64512 through 65535 are defined as private AS numbers. Private AS | |
890 | numbers must not to be advertised in the global Internet. | |
42fc5d26 | 891 | |
0efdf0fe | 892 | .. _display-bgp-routes-by-as-path: |
42fc5d26 QY |
893 | |
894 | Display BGP Routes by AS Path | |
895 | ----------------------------- | |
896 | ||
c1a54c05 QY |
897 | To show BGP routes which has specific AS path information `show ip bgp` command |
898 | can be used. | |
42fc5d26 | 899 | |
c3c5a71f | 900 | .. index:: show bgp ipv4|ipv6 regexp LINE |
29adcd50 | 901 | .. clicmd:: show bgp ipv4|ipv6 regexp LINE |
c1a54c05 QY |
902 | |
903 | This commands displays BGP routes that matches a regular | |
0efdf0fe | 904 | expression `line` (:ref:`bgp-regular-expressions`). |
42fc5d26 | 905 | |
0efdf0fe | 906 | .. _as-path-access-list: |
42fc5d26 QY |
907 | |
908 | AS Path Access List | |
909 | ------------------- | |
910 | ||
911 | AS path access list is user defined AS path. | |
912 | ||
c3c5a71f | 913 | .. index:: ip as-path access-list WORD permit|deny LINE |
29adcd50 | 914 | .. clicmd:: ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 915 | |
c1a54c05 | 916 | This command defines a new AS path access list. |
42fc5d26 | 917 | |
c1a54c05 | 918 | .. index:: no ip as-path access-list WORD |
29adcd50 | 919 | .. clicmd:: no ip as-path access-list WORD |
42fc5d26 | 920 | |
c1a54c05 | 921 | .. index:: no ip as-path access-list WORD permit|deny LINE |
29adcd50 | 922 | .. clicmd:: no ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 923 | |
0efdf0fe | 924 | .. _using-as-path-in-route-map: |
42fc5d26 QY |
925 | |
926 | Using AS Path in Route Map | |
927 | -------------------------- | |
928 | ||
c3c5a71f | 929 | .. index:: match as-path WORD |
29adcd50 | 930 | .. clicmd:: match as-path WORD |
42fc5d26 | 931 | |
42fc5d26 | 932 | |
c1a54c05 | 933 | .. index:: set as-path prepend AS-PATH |
29adcd50 | 934 | .. clicmd:: set as-path prepend AS-PATH |
42fc5d26 | 935 | |
c1a54c05 | 936 | Prepend the given string of AS numbers to the AS_PATH. |
42fc5d26 | 937 | |
c1a54c05 | 938 | .. index:: set as-path prepend last-as NUM |
29adcd50 | 939 | .. clicmd:: set as-path prepend last-as NUM |
c1a54c05 QY |
940 | |
941 | Prepend the existing last AS number (the leftmost ASN) to the AS_PATH. | |
42fc5d26 | 942 | |
0efdf0fe | 943 | .. _private-as-numbers: |
42fc5d26 QY |
944 | |
945 | Private AS Numbers | |
946 | ------------------ | |
947 | ||
0efdf0fe | 948 | .. _bgp-communities-attribute: |
42fc5d26 QY |
949 | |
950 | BGP Communities Attribute | |
951 | ========================= | |
952 | ||
c1a54c05 QY |
953 | BGP communities attribute is widely used for implementing policy routing. |
954 | Network operators can manipulate BGP communities attribute based on their | |
955 | network policy. BGP communities attribute is defined in :rfc:`1997` and | |
956 | :rfc:`1998`. It is an optional transitive attribute, therefore local policy can | |
957 | travel through different autonomous system. | |
958 | ||
959 | Communities attribute is a set of communities values. Each communities value is | |
960 | 4 octet long. The following format is used to define communities value. | |
961 | ||
962 | ||
963 | AS:VAL | |
964 | This format represents 4 octet communities value. ``AS`` is high order 2 | |
965 | octet in digit format. ``VAL`` is low order 2 octet in digit format. This | |
966 | format is useful to define AS oriented policy value. For example, | |
967 | ``7675:80`` can be used when AS 7675 wants to pass local policy value 80 to | |
968 | neighboring peer. | |
969 | ||
970 | internet | |
971 | `internet` represents well-known communities value 0. | |
972 | ||
973 | no-export | |
974 | ``no-export`` represents well-known communities value ``NO_EXPORT`` | |
975 | ``0xFFFFFF01``. All routes carry this value must not be advertised to | |
976 | outside a BGP confederation boundary. If neighboring BGP peer is part of BGP | |
977 | confederation, the peer is considered as inside a BGP confederation | |
978 | boundary, so the route will be announced to the peer. | |
979 | ||
980 | no-advertise | |
981 | ``no-advertise`` represents well-known communities value ``NO_ADVERTISE`` | |
982 | ``0xFFFFFF02``. All routes carry this value must not be advertise to other | |
983 | BGP peers. | |
984 | ||
985 | local-AS | |
986 | ``local-AS`` represents well-known communities value ``NO_EXPORT_SUBCONFED`` | |
987 | ``0xFFFFFF03``. All routes carry this value must not be advertised to | |
988 | external BGP peers. Even if the neighboring router is part of confederation, | |
989 | it is considered as external BGP peer, so the route will not be announced to | |
990 | the peer. | |
991 | ||
992 | When BGP communities attribute is received, duplicated communities value in the | |
993 | communities attribute is ignored and each communities values are sorted in | |
994 | numerical order. | |
42fc5d26 | 995 | |
0efdf0fe | 996 | .. _bgp-community-lists: |
42fc5d26 QY |
997 | |
998 | BGP Community Lists | |
999 | ------------------- | |
1000 | ||
c1a54c05 QY |
1001 | BGP community list is a user defined BGP communites attribute list. BGP |
1002 | community list can be used for matching or manipulating BGP communities | |
1003 | attribute in updates. | |
1004 | ||
1005 | There are two types of community list. One is standard community list and | |
1006 | another is expanded community list. Standard community list defines communities | |
1007 | attribute. Expanded community list defines communities attribute string with | |
1008 | regular expression. Standard community list is compiled into binary format when | |
1009 | user define it. Standard community list will be directly compared to BGP | |
1010 | communities attribute in BGP updates. Therefore the comparison is faster than | |
42fc5d26 QY |
1011 | expanded community list. |
1012 | ||
c3c5a71f | 1013 | .. index:: ip community-list standard NAME permit|deny COMMUNITY |
29adcd50 | 1014 | .. clicmd:: ip community-list standard NAME permit|deny COMMUNITY |
42fc5d26 | 1015 | |
c1a54c05 QY |
1016 | This command defines a new standard community list. COMUNITY is |
1017 | communities value. The COMUNITY is compiled into community structure. We | |
1018 | can define multiple community list under same name. In that case match will | |
1019 | happen user defined order. Once the community list matches to communities | |
1020 | attribute in BGP updates it return permit or deny by the community list | |
1021 | definition. When there is no matched entry, deny will be returned. When | |
1022 | COMUNITY is empty it matches to any routes. | |
42fc5d26 | 1023 | |
c1a54c05 | 1024 | .. index:: ip community-list expanded NAME permit|deny LINE |
29adcd50 | 1025 | .. clicmd:: ip community-list expanded NAME permit|deny LINE |
42fc5d26 | 1026 | |
c1a54c05 QY |
1027 | This command defines a new expanded community list. COMUNITY is a |
1028 | string expression of communities attribute. COMUNITY can be a | |
0efdf0fe | 1029 | regular expression (:ref:`bgp-regular-expressions`) to match |
c1a54c05 | 1030 | the communities attribute in BGP updates. |
42fc5d26 | 1031 | |
c1a54c05 | 1032 | .. index:: no ip community-list NAME |
29adcd50 | 1033 | .. clicmd:: no ip community-list NAME |
42fc5d26 | 1034 | |
c1a54c05 | 1035 | .. index:: no ip community-list standard NAME |
29adcd50 | 1036 | .. clicmd:: no ip community-list standard NAME |
42fc5d26 | 1037 | |
c1a54c05 | 1038 | .. index:: no ip community-list expanded NAME |
29adcd50 | 1039 | .. clicmd:: no ip community-list expanded NAME |
42fc5d26 | 1040 | |
c1a54c05 QY |
1041 | These commands delete community lists specified by NAME. All of |
1042 | community lists shares a single name space. So community lists can be | |
1043 | removed simpley specifying community lists name. | |
42fc5d26 | 1044 | |
c1a54c05 | 1045 | .. index:: show ip community-list |
29adcd50 | 1046 | .. clicmd:: show ip community-list |
42fc5d26 | 1047 | |
c1a54c05 | 1048 | .. index:: show ip community-list NAME |
29adcd50 | 1049 | .. clicmd:: show ip community-list NAME |
42fc5d26 | 1050 | |
c1a54c05 QY |
1051 | This command displays current community list information. When NAME is |
1052 | specified the specified community list's information is shown. | |
c3c5a71f | 1053 | |
c1a54c05 | 1054 | :: |
76bd1499 | 1055 | |
c1a54c05 QY |
1056 | # show ip community-list |
1057 | Named Community standard list CLIST | |
1058 | permit 7675:80 7675:100 no-export | |
1059 | deny internet | |
1060 | Named Community expanded list EXPAND | |
1061 | permit : | |
76bd1499 | 1062 | |
c1a54c05 QY |
1063 | # show ip community-list CLIST |
1064 | Named Community standard list CLIST | |
1065 | permit 7675:80 7675:100 no-export | |
1066 | deny internet | |
42fc5d26 | 1067 | |
42fc5d26 | 1068 | |
0efdf0fe | 1069 | .. _numbered-bgp-community-lists: |
42fc5d26 QY |
1070 | |
1071 | Numbered BGP Community Lists | |
1072 | ---------------------------- | |
1073 | ||
1074 | When number is used for BGP community list name, the number has | |
c3c5a71f QY |
1075 | special meanings. Community list number in the range from 1 and 99 is |
1076 | standard community list. Community list number in the range from 100 | |
1077 | to 199 is expanded community list. These community lists are called | |
1078 | as numbered community lists. On the other hand normal community lists | |
42fc5d26 QY |
1079 | is called as named community lists. |
1080 | ||
29adcd50 | 1081 | .. index:: ip community-list (1-99) permit|deny COMMUNITY |
29adcd50 | 1082 | .. clicmd:: ip community-list (1-99) permit|deny COMMUNITY |
42fc5d26 | 1083 | |
c1a54c05 QY |
1084 | This command defines a new community list. (1-99) is standard |
1085 | community list number. Community list name within this range defines | |
1086 | standard community list. When `community` is empty it matches to | |
1087 | any routes. | |
42fc5d26 | 1088 | |
c1a54c05 | 1089 | .. index:: ip community-list (100-199) permit|deny COMMUNITY |
29adcd50 | 1090 | .. clicmd:: ip community-list (100-199) permit|deny COMMUNITY |
42fc5d26 | 1091 | |
c1a54c05 QY |
1092 | This command defines a new community list. (100-199) is expanded |
1093 | community list number. Community list name within this range defines | |
1094 | expanded community list. | |
42fc5d26 | 1095 | |
c1a54c05 | 1096 | .. index:: ip community-list NAME permit|deny COMMUNITY |
29adcd50 | 1097 | .. clicmd:: ip community-list NAME permit|deny COMMUNITY |
c1a54c05 QY |
1098 | |
1099 | When community list type is not specifed, the community list type is | |
1100 | automatically detected. If COMMUNITY can be compiled into communities | |
1101 | attribute, the community list is defined as a standard community list. | |
1102 | Otherwise it is defined as an expanded community list. This feature is left | |
1103 | for backward compability. Use of this feature is not recommended. | |
42fc5d26 | 1104 | |
0efdf0fe | 1105 | .. _bgp-community-in-route-map: |
42fc5d26 QY |
1106 | |
1107 | BGP Community in Route Map | |
1108 | -------------------------- | |
1109 | ||
0efdf0fe | 1110 | In Route Map (:ref:`route-map`), we can match or set BGP |
c3c5a71f | 1111 | communities attribute. Using this feature network operator can |
42fc5d26 QY |
1112 | implement their network policy based on BGP communities attribute. |
1113 | ||
1114 | Following commands can be used in Route Map. | |
1115 | ||
c3c5a71f | 1116 | .. index:: match community WORD |
29adcd50 | 1117 | .. clicmd:: match community WORD |
42fc5d26 | 1118 | |
c1a54c05 | 1119 | .. index:: match community WORD exact-match |
29adcd50 | 1120 | .. clicmd:: match community WORD exact-match |
42fc5d26 | 1121 | |
c1a54c05 QY |
1122 | This command perform match to BGP updates using community list WORD. When |
1123 | the one of BGP communities value match to the one of communities value in | |
1124 | community list, it is match. When `exact-match` keyword is spcified, match | |
1125 | happen only when BGP updates have completely same communities value | |
1126 | specified in the community list. | |
42fc5d26 | 1127 | |
c1a54c05 | 1128 | .. index:: set community none |
29adcd50 | 1129 | .. clicmd:: set community none |
42fc5d26 | 1130 | |
c1a54c05 | 1131 | .. index:: set community COMMUNITY |
29adcd50 | 1132 | .. clicmd:: set community COMMUNITY |
42fc5d26 | 1133 | |
c1a54c05 | 1134 | .. index:: set community COMMUNITY additive |
29adcd50 | 1135 | .. clicmd:: set community COMMUNITY additive |
42fc5d26 | 1136 | |
c1a54c05 QY |
1137 | This command manipulate communities value in BGP updates. When |
1138 | `none` is specified as communities value, it removes entire | |
1139 | communities attribute from BGP updates. When `community` is not | |
1140 | `none`, specified communities value is set to BGP updates. If | |
1141 | BGP updates already has BGP communities value, the existing BGP | |
1142 | communities value is replaced with specified `community` value. | |
1143 | When `additive` keyword is specified, `community` is appended | |
1144 | to the existing communities value. | |
42fc5d26 | 1145 | |
c1a54c05 | 1146 | .. index:: set comm-list WORD delete |
29adcd50 | 1147 | .. clicmd:: set comm-list WORD delete |
c1a54c05 QY |
1148 | |
1149 | This command remove communities value from BGP communities attribute. | |
1150 | The `word` is community list name. When BGP route's communities | |
1151 | value matches to the community list `word`, the communities value | |
1152 | is removed. When all of communities value is removed eventually, the | |
1153 | BGP update's communities attribute is completely removed. | |
42fc5d26 | 1154 | |
0efdf0fe | 1155 | .. _display-bgp-routes-by-community: |
42fc5d26 QY |
1156 | |
1157 | Display BGP Routes by Community | |
1158 | ------------------------------- | |
1159 | ||
1160 | To show BGP routes which has specific BGP communities attribute, | |
1161 | `show bgp {ipv4|ipv6}` command can be used. The | |
1162 | `community` and `community-list` subcommand can be used. | |
1163 | ||
c3c5a71f | 1164 | .. index:: show bgp ipv4|ipv6 community |
29adcd50 | 1165 | .. clicmd:: show bgp ipv4|ipv6 community |
42fc5d26 | 1166 | |
c1a54c05 | 1167 | .. index:: show bgp ipv4|ipv6 community COMMUNITY |
29adcd50 | 1168 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY |
42fc5d26 | 1169 | |
c1a54c05 | 1170 | .. index:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
29adcd50 | 1171 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
42fc5d26 | 1172 | |
c1a54c05 QY |
1173 | `show bgp {ipv4|ipv6} community` displays BGP routes which has communities |
1174 | attribute. Where the address family can be IPv4 or IPv6 among others. When | |
1175 | `community` is specified, BGP routes that matches `community` value is | |
1176 | displayed. For this command, `internet` keyword can't be used for | |
1177 | `community` value. When `exact-match` is specified, it display only | |
1178 | routes that have an exact match. | |
42fc5d26 | 1179 | |
c1a54c05 | 1180 | .. index:: show bgp ipv4|ipv6 community-list WORD |
29adcd50 | 1181 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD |
42fc5d26 | 1182 | |
c1a54c05 | 1183 | .. index:: show bgp ipv4|ipv6 community-list WORD exact-match |
29adcd50 | 1184 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD exact-match |
c1a54c05 QY |
1185 | |
1186 | This commands display BGP routes for the address family specified that matches | |
1187 | community list `word`. When `exact-match` is specified, display only | |
1188 | routes that have an exact match. | |
42fc5d26 | 1189 | |
0efdf0fe | 1190 | .. _using-bgp-communities-attribute: |
42fc5d26 QY |
1191 | |
1192 | Using BGP Communities Attribute | |
1193 | ------------------------------- | |
1194 | ||
1195 | Following configuration is the most typical usage of BGP communities | |
c3c5a71f | 1196 | attribute. AS 7675 provides upstream Internet connection to AS 100. |
42fc5d26 QY |
1197 | When following configuration exists in AS 7675, AS 100 networks |
1198 | operator can set local preference in AS 7675 network by setting BGP | |
c1a54c05 QY |
1199 | communities attribute to the updates.:: |
1200 | ||
1201 | router bgp 7675 | |
1202 | neighbor 192.168.0.1 remote-as 100 | |
1203 | address-family ipv4 unicast | |
1204 | neighbor 192.168.0.1 route-map RMAP in | |
1205 | exit-address-family | |
1206 | ! | |
1207 | ip community-list 70 permit 7675:70 | |
1208 | ip community-list 70 deny | |
1209 | ip community-list 80 permit 7675:80 | |
1210 | ip community-list 80 deny | |
1211 | ip community-list 90 permit 7675:90 | |
1212 | ip community-list 90 deny | |
1213 | ! | |
1214 | route-map RMAP permit 10 | |
1215 | match community 70 | |
1216 | set local-preference 70 | |
1217 | ! | |
1218 | route-map RMAP permit 20 | |
1219 | match community 80 | |
1220 | set local-preference 80 | |
1221 | ! | |
1222 | route-map RMAP permit 30 | |
1223 | match community 90 | |
1224 | set local-preference 90 | |
c3c5a71f | 1225 | |
42fc5d26 QY |
1226 | |
1227 | Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. | |
1228 | The route has communities value 7675:80 so when above configuration | |
1229 | exists in AS 7675, announced route's local preference will be set to | |
c1a54c05 QY |
1230 | value 80.:: |
1231 | ||
1232 | router bgp 100 | |
1233 | network 10.0.0.0/8 | |
1234 | neighbor 192.168.0.2 remote-as 7675 | |
1235 | address-family ipv4 unicast | |
1236 | neighbor 192.168.0.2 route-map RMAP out | |
1237 | exit-address-family | |
1238 | ! | |
1239 | ip prefix-list PLIST permit 10.0.0.0/8 | |
1240 | ! | |
1241 | route-map RMAP permit 10 | |
1242 | match ip address prefix-list PLIST | |
1243 | set community 7675:80 | |
c3c5a71f | 1244 | |
42fc5d26 QY |
1245 | |
1246 | Following configuration is an example of BGP route filtering using | |
c3c5a71f QY |
1247 | communities attribute. This configuration only permit BGP routes |
1248 | which has BGP communities value 0:80 or 0:90. Network operator can | |
42fc5d26 | 1249 | put special internal communities value at BGP border router, then |
c1a54c05 | 1250 | limit the BGP routes announcement into the internal network.:: |
42fc5d26 | 1251 | |
c1a54c05 QY |
1252 | router bgp 7675 |
1253 | neighbor 192.168.0.1 remote-as 100 | |
1254 | address-family ipv4 unicast | |
1255 | neighbor 192.168.0.1 route-map RMAP in | |
1256 | exit-address-family | |
1257 | ! | |
1258 | ip community-list 1 permit 0:80 0:90 | |
1259 | ! | |
1260 | route-map RMAP permit in | |
1261 | match community 1 | |
c3c5a71f | 1262 | |
42fc5d26 QY |
1263 | |
1264 | Following exmaple filter BGP routes which has communities value 1:1. | |
c3c5a71f | 1265 | When there is no match community-list returns deny. To avoid |
c1a54c05 | 1266 | filtering all of routes, we need to define permit any at last.:: |
42fc5d26 | 1267 | |
c1a54c05 QY |
1268 | router bgp 7675 |
1269 | neighbor 192.168.0.1 remote-as 100 | |
1270 | address-family ipv4 unicast | |
1271 | neighbor 192.168.0.1 route-map RMAP in | |
1272 | exit-address-family | |
1273 | ! | |
1274 | ip community-list standard FILTER deny 1:1 | |
1275 | ip community-list standard FILTER permit | |
1276 | ! | |
1277 | route-map RMAP permit 10 | |
1278 | match community FILTER | |
c3c5a71f | 1279 | |
42fc5d26 QY |
1280 | |
1281 | Communities value keyword `internet` has special meanings in | |
c3c5a71f QY |
1282 | standard community lists. In below example `internet` act as |
1283 | match any. It matches all of BGP routes even if the route does not | |
c1a54c05 QY |
1284 | have communities attribute at all. So community list ``INTERNET`` |
1285 | is same as above example's ``FILTER``.:: | |
42fc5d26 | 1286 | |
c1a54c05 QY |
1287 | ip community-list standard INTERNET deny 1:1 |
1288 | ip community-list standard INTERNET permit internet | |
c3c5a71f | 1289 | |
42fc5d26 QY |
1290 | |
1291 | Following configuration is an example of communities value deletion. | |
1292 | With this configuration communities value 100:1 and 100:2 is removed | |
c3c5a71f | 1293 | from BGP updates. For communities value deletion, only `permit` |
c1a54c05 | 1294 | community-list is used. `deny` community-list is ignored.:: |
42fc5d26 | 1295 | |
c1a54c05 QY |
1296 | router bgp 7675 |
1297 | neighbor 192.168.0.1 remote-as 100 | |
1298 | address-family ipv4 unicast | |
1299 | neighbor 192.168.0.1 route-map RMAP in | |
1300 | exit-address-family | |
1301 | ! | |
1302 | ip community-list standard DEL permit 100:1 100:2 | |
1303 | ! | |
1304 | route-map RMAP permit 10 | |
1305 | set comm-list DEL delete | |
c3c5a71f | 1306 | |
42fc5d26 | 1307 | |
0efdf0fe | 1308 | .. _bgp-extended-communities-attribute: |
42fc5d26 QY |
1309 | |
1310 | BGP Extended Communities Attribute | |
1311 | ================================== | |
1312 | ||
c1a54c05 QY |
1313 | BGP extended communities attribute is introduced with MPLS VPN/BGP technology. |
1314 | MPLS VPN/BGP expands capability of network infrastructure to provide VPN | |
1315 | functionality. At the same time it requires a new framework for policy routing. | |
1316 | With BGP Extended Communities Attribute we can use Route Target or Site of | |
1317 | Origin for implementing network policy for MPLS VPN/BGP. | |
42fc5d26 | 1318 | |
c1a54c05 QY |
1319 | BGP Extended Communities Attribute is similar to BGP Communities Attribute. It |
1320 | is an optional transitive attribute. BGP Extended Communities Attribute can | |
1321 | carry multiple Extended Community value. Each Extended Community value is | |
1322 | eight octet length. | |
42fc5d26 | 1323 | |
c1a54c05 QY |
1324 | BGP Extended Communities Attribute provides an extended range compared with BGP |
1325 | Communities Attribute. Adding to that there is a type field in each value to | |
1326 | provides community space structure. | |
42fc5d26 | 1327 | |
c1a54c05 QY |
1328 | There are two format to define Extended Community value. One is AS based format |
1329 | the other is IP address based format. | |
42fc5d26 QY |
1330 | |
1331 | *AS:VAL* | |
c1a54c05 QY |
1332 | This is a format to define AS based Extended Community value. |
1333 | `AS` part is 2 octets Global Administrator subfield in Extended | |
1334 | Community value. `VAL` part is 4 octets Local Administrator | |
1335 | subfield. `7675:100` represents AS 7675 policy value 100. | |
42fc5d26 QY |
1336 | |
1337 | *IP-Address:VAL* | |
c1a54c05 QY |
1338 | This is a format to define IP address based Extended Community value. |
1339 | `IP-Address` part is 4 octets Global Administrator subfield. | |
1340 | `VAL` part is 2 octets Local Administrator subfield. | |
1341 | `10.0.0.1:100` represents | |
42fc5d26 | 1342 | |
0efdf0fe | 1343 | .. _bgp-extended-community-lists: |
42fc5d26 QY |
1344 | |
1345 | BGP Extended Community Lists | |
1346 | ---------------------------- | |
1347 | ||
1348 | Expanded Community Lists is a user defined BGP Expanded Community | |
1349 | Lists. | |
1350 | ||
c3c5a71f | 1351 | .. index:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
29adcd50 | 1352 | .. clicmd:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
42fc5d26 | 1353 | |
c1a54c05 QY |
1354 | This command defines a new standard extcommunity-list. |
1355 | `extcommunity` is extended communities value. The | |
1356 | `extcommunity` is compiled into extended community structure. We | |
1357 | can define multiple extcommunity-list under same name. In that case | |
1358 | match will happen user defined order. Once the extcommunity-list | |
1359 | matches to extended communities attribute in BGP updates it return | |
1360 | permit or deny based upon the extcommunity-list definition. When | |
1361 | there is no matched entry, deny will be returned. When | |
1362 | `extcommunity` is empty it matches to any routes. | |
42fc5d26 | 1363 | |
c1a54c05 | 1364 | .. index:: ip extcommunity-list expanded NAME permit|deny LINE |
29adcd50 | 1365 | .. clicmd:: ip extcommunity-list expanded NAME permit|deny LINE |
42fc5d26 | 1366 | |
c1a54c05 QY |
1367 | This command defines a new expanded extcommunity-list. `line` is |
1368 | a string expression of extended communities attribute. `line` can | |
0efdf0fe | 1369 | be a regular expression (:ref:`bgp-regular-expressions`) to match an |
c1a54c05 | 1370 | extended communities attribute in BGP updates. |
42fc5d26 | 1371 | |
c1a54c05 | 1372 | .. index:: no ip extcommunity-list NAME |
29adcd50 | 1373 | .. clicmd:: no ip extcommunity-list NAME |
42fc5d26 | 1374 | |
c1a54c05 | 1375 | .. index:: no ip extcommunity-list standard NAME |
29adcd50 | 1376 | .. clicmd:: no ip extcommunity-list standard NAME |
42fc5d26 | 1377 | |
c1a54c05 | 1378 | .. index:: no ip extcommunity-list expanded NAME |
29adcd50 | 1379 | .. clicmd:: no ip extcommunity-list expanded NAME |
42fc5d26 | 1380 | |
c1a54c05 QY |
1381 | These commands delete extended community lists specified by |
1382 | `name`. All of extended community lists shares a single name | |
1383 | space. So extended community lists can be removed simpley specifying | |
1384 | the name. | |
42fc5d26 | 1385 | |
c1a54c05 | 1386 | .. index:: show ip extcommunity-list |
29adcd50 | 1387 | .. clicmd:: show ip extcommunity-list |
42fc5d26 | 1388 | |
c1a54c05 | 1389 | .. index:: show ip extcommunity-list NAME |
29adcd50 | 1390 | .. clicmd:: show ip extcommunity-list NAME |
c1a54c05 QY |
1391 | |
1392 | This command displays current extcommunity-list information. When | |
1393 | `name` is specified the community list's information is shown. | |
42fc5d26 QY |
1394 | |
1395 | :: | |
1396 | ||
c3c5a71f QY |
1397 | # show ip extcommunity-list |
1398 | ||
42fc5d26 | 1399 | |
0efdf0fe | 1400 | .. _bgp-extended-communities-in-route-map: |
42fc5d26 QY |
1401 | |
1402 | BGP Extended Communities in Route Map | |
1403 | ------------------------------------- | |
1404 | ||
c3c5a71f | 1405 | .. index:: match extcommunity WORD |
29adcd50 | 1406 | .. clicmd:: match extcommunity WORD |
42fc5d26 | 1407 | |
42fc5d26 | 1408 | |
c1a54c05 | 1409 | .. index:: set extcommunity rt EXTCOMMUNITY |
29adcd50 | 1410 | .. clicmd:: set extcommunity rt EXTCOMMUNITY |
42fc5d26 | 1411 | |
c1a54c05 | 1412 | This command set Route Target value. |
42fc5d26 | 1413 | |
c1a54c05 | 1414 | .. index:: set extcommunity soo EXTCOMMUNITY |
29adcd50 | 1415 | .. clicmd:: set extcommunity soo EXTCOMMUNITY |
c1a54c05 QY |
1416 | |
1417 | This command set Site of Origin value. | |
42fc5d26 | 1418 | |
0efdf0fe | 1419 | .. _bgp-large-communities-attribute: |
42fc5d26 QY |
1420 | |
1421 | BGP Large Communities Attribute | |
1422 | =============================== | |
1423 | ||
1424 | The BGP Large Communities attribute was introduced in Feb 2017 with | |
c1a54c05 | 1425 | :rfc:`8092`. |
42fc5d26 QY |
1426 | |
1427 | The BGP Large Communities Attribute is similar to the BGP Communities | |
1428 | Attribute except that it has 3 components instead of two and each of | |
1429 | which are 4 octets in length. Large Communities bring additional | |
1430 | functionality and convenience over traditional communities, specifically | |
1431 | the fact that the `GLOBAL` part below is now 4 octets wide allowing | |
1432 | AS4 operators seamless use. | |
1433 | ||
1434 | ||
42fc5d26 | 1435 | *GLOBAL:LOCAL1:LOCAL2* |
c1a54c05 QY |
1436 | This is the format to define Large Community values. Referencing |
1437 | :t:`RFC8195, Use of BGP Large Communities` the values are commonly | |
1438 | referred to as follows. | |
1439 | The `GLOBAL` part is a 4 octet Global Administrator field, common | |
1440 | use of this field is the operators AS number. | |
1441 | The `LOCAL1` part is a 4 octet Local Data Part 1 subfield referred | |
1442 | to as a function. | |
1443 | The `LOCAL2` part is a 4 octet Local Data Part 2 field and referred | |
1444 | to as the parameter subfield. `65551:1:10` represents AS 65551 | |
1445 | function 1 and parameter 10. | |
1446 | The referenced RFC above gives some guidelines on recommended usage. | |
42fc5d26 | 1447 | |
0efdf0fe | 1448 | .. _bgp-large-community-lists: |
42fc5d26 QY |
1449 | |
1450 | BGP Large Community Lists | |
1451 | ------------------------- | |
1452 | ||
1453 | Two types of large community lists are supported, namely `standard` and | |
1454 | `expanded`. | |
1455 | ||
c3c5a71f | 1456 | .. index:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
29adcd50 | 1457 | .. clicmd:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
42fc5d26 | 1458 | |
c1a54c05 QY |
1459 | This command defines a new standard large-community-list. |
1460 | `large-community` is the Large Community value. We | |
1461 | can add multiple large communities under same name. In that case | |
1462 | the match will happen in the user defined order. Once the large-community-list | |
1463 | matches the Large Communities attribute in BGP updates it will return | |
1464 | permit or deny based upon the large-community-list definition. When | |
1465 | there is no matched entry, a deny will be returned. When `large-community` | |
1466 | is empty it matches any routes. | |
42fc5d26 | 1467 | |
c1a54c05 | 1468 | .. index:: ip large-community-list expanded NAME permit|deny LINE |
29adcd50 | 1469 | .. clicmd:: ip large-community-list expanded NAME permit|deny LINE |
42fc5d26 | 1470 | |
c1a54c05 QY |
1471 | This command defines a new expanded large-community-list. Where `line` is |
1472 | a string matching expression, it will be compared to the entire Large Communities | |
1473 | attribute as a string, with each large-community in order from lowest to highest. | |
1474 | `line` can also be a regular expression which matches this Large | |
1475 | Community attribute. | |
42fc5d26 | 1476 | |
c1a54c05 | 1477 | .. index:: no ip large-community-list NAME |
29adcd50 | 1478 | .. clicmd:: no ip large-community-list NAME |
42fc5d26 | 1479 | |
c1a54c05 | 1480 | .. index:: no ip large-community-list standard NAME |
29adcd50 | 1481 | .. clicmd:: no ip large-community-list standard NAME |
42fc5d26 | 1482 | |
c1a54c05 | 1483 | .. index:: no ip large-community-list expanded NAME |
29adcd50 | 1484 | .. clicmd:: no ip large-community-list expanded NAME |
42fc5d26 | 1485 | |
c1a54c05 QY |
1486 | These commands delete Large Community lists specified by |
1487 | `name`. All Large Community lists share a single namespace. | |
1488 | This means Large Community lists can be removed by simply specifying the name. | |
42fc5d26 | 1489 | |
c1a54c05 | 1490 | .. index:: show ip large-community-list |
29adcd50 | 1491 | .. clicmd:: show ip large-community-list |
42fc5d26 | 1492 | |
c1a54c05 | 1493 | .. index:: show ip large-community-list NAME |
29adcd50 | 1494 | .. clicmd:: show ip large-community-list NAME |
42fc5d26 | 1495 | |
c1a54c05 QY |
1496 | This command display current large-community-list information. When |
1497 | `name` is specified the community list information is shown. | |
42fc5d26 | 1498 | |
c1a54c05 | 1499 | .. index:: show ip bgp large-community-info |
29adcd50 | 1500 | .. clicmd:: show ip bgp large-community-info |
c1a54c05 QY |
1501 | |
1502 | This command displays the current large communities in use. | |
42fc5d26 | 1503 | |
0efdf0fe | 1504 | .. _bgp-large-communities-in-route-map: |
42fc5d26 QY |
1505 | |
1506 | BGP Large Communities in Route Map | |
1507 | ---------------------------------- | |
1508 | ||
c3c5a71f | 1509 | .. index:: match large-community LINE |
29adcd50 | 1510 | .. clicmd:: match large-community LINE |
42fc5d26 | 1511 | |
c1a54c05 QY |
1512 | Where `line` can be a simple string to match, or a regular expression. |
1513 | It is very important to note that this match occurs on the entire | |
1514 | large-community string as a whole, where each large-community is ordered | |
1515 | from lowest to highest. | |
42fc5d26 | 1516 | |
c1a54c05 | 1517 | .. index:: set large-community LARGE-COMMUNITY |
29adcd50 | 1518 | .. clicmd:: set large-community LARGE-COMMUNITY |
42fc5d26 | 1519 | |
c1a54c05 | 1520 | .. index:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
29adcd50 | 1521 | .. clicmd:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
42fc5d26 | 1522 | |
c1a54c05 | 1523 | .. index:: set large-community LARGE-COMMUNITY additive |
29adcd50 | 1524 | .. clicmd:: set large-community LARGE-COMMUNITY additive |
c1a54c05 QY |
1525 | |
1526 | These commands are used for setting large-community values. The first | |
1527 | command will overwrite any large-communities currently present. | |
1528 | The second specifies two large-communities, which overwrites the current | |
1529 | large-community list. The third will add a large-community value without | |
1530 | overwriting other values. Multiple large-community values can be specified. | |
42fc5d26 | 1531 | |
b572f826 PZ |
1532 | |
1533 | .. _bgp-vrfs: | |
1534 | ||
1535 | BGP VRFs | |
1536 | ======== | |
1537 | ||
1538 | Bgpd supports multiple VRF instances via the *router bgp* command: | |
1539 | ||
1540 | .. index:: router bgp ASN vrf VRFNAME | |
1541 | .. clicmd:: router bgp ASN vrf VRFNAME | |
1542 | ||
1543 | VRFNAME is matched against VRFs configured in the kernel. When no | |
1544 | *vrf VRFNAME* is specified, the BGP protocol process belongs to | |
1545 | the default VRF. | |
1546 | ||
1547 | BGP routes may be leaked (i.e., copied) between a unicast VRF RIB | |
1548 | and the VPN safi RIB of the default VRF (leaking is also permitted | |
1549 | between the unicast RIB of the default VRF and VPN). A common | |
1550 | application of this feature is to connect a customer's private | |
1551 | routing domain to a provider's VPN service. Leaking is configured | |
1552 | from the point of view of an individual VRF: ``import`` refers to | |
1553 | routes leaked from VPN to a unicast VRF, whereas ``export`` refers | |
1554 | to routes leaked from a unicast VRF to VPN. | |
1555 | ||
1556 | Required Parameters | |
1557 | ------------------- | |
1558 | ||
1559 | Routes exported from a unicast VRF to the VPN RIB must be augmented | |
1560 | by two parameters: | |
1561 | a route-distinguisher (RD) and a route-target list (RTLIST). | |
1562 | Configuration for these exported routes must, at a minimum, specify | |
1563 | these two parameters. | |
1564 | ||
1565 | Routes imported from the VPN RIB to a unicast VRF are selected | |
1566 | according to their RTLISTs. | |
1567 | Routes whose RTLIST contains at least one route-target in common with | |
1568 | the configured import RTLIST are leaked. | |
1569 | Configuration for these imported routes must specify an RTLIST to be matched. | |
1570 | ||
1571 | The RD, which carries no semantic value, is intended to make the | |
1572 | route unique in the VPN RIB among all routes of its prefix that | |
1573 | originate from all the customers and sites that are attached | |
1574 | to the provider's VPN service. Accordingly, each site of each customer | |
1575 | is typically assigned an RD that is unique across the entire provider | |
1576 | network. | |
1577 | ||
1578 | The RTLIST is a set of route-target extended community values whose | |
1579 | purpose is to specify route-leaking policy. Typically, a customer | |
1580 | is assigned a single route-target value for import and export to be | |
1581 | used at all customer sites. This configuration specifies a simple | |
1582 | topology wherein a customer has a single routing domain which is | |
1583 | shared across all its sites. More complex routing topologies are possible | |
1584 | through use of additional route-targets to augment the leaking of | |
1585 | sets of routes in various ways. | |
1586 | ||
1587 | Configuration | |
1588 | ------------- | |
1589 | ||
1590 | Configuration of route leaking between a unicast VRF RIB and the | |
1591 | VPN safi RIB of the default VRF is accomplished via commands in the | |
1592 | context of a VRF address-family: | |
1593 | ||
1594 | .. index:: rd vpn export AS:NN|IP:nn | |
1595 | .. clicmd:: rd vpn export AS:NN|IP:nn | |
1596 | ||
1597 | Specifies the route distinguisher to be added to a route exported | |
1598 | from the current unicast VRF to VPN. | |
1599 | ||
1600 | .. index:: no rd vpn export [AS:NN|IP:nn] | |
1601 | .. clicmd:: no rd vpn export [AS:NN|IP:nn] | |
1602 | ||
1603 | Deletes any previously-configured export route distinguisher. | |
1604 | ||
1605 | .. index:: rt vpn import|export|both RTLIST... | |
1606 | .. clicmd:: rt vpn import|export|both RTLIST... | |
1607 | ||
1608 | Specifies the route-target list to be attached to a route (export) | |
1609 | or the route-target list to match against (import) when | |
1610 | exporting/importing between the current unicast VRF and VPN. | |
1611 | ||
1612 | The RTLIST is a space-separated list of route-targets, which are | |
1613 | BGP extended community values as described in | |
1614 | :ref:`bgp-extended-communities-attribute`. | |
1615 | ||
1616 | .. index:: no rt vpn import|export|both [RTLIST...] | |
1617 | .. clicmd:: no rt vpn import|export|both [RTLIST...] | |
1618 | ||
1619 | Deletes any previously-configured import or export route-target list. | |
1620 | ||
1621 | .. index:: label vpn export (0..1048575) | |
1622 | .. clicmd:: label vpn export (0..1048575) | |
1623 | ||
1624 | Specifies an optional MPLS label to be attached to a route exported | |
1625 | from the current unicast VRF to VPN. | |
1626 | ||
1627 | .. index:: no label vpn export [(0..1048575)] | |
1628 | .. clicmd:: no label vpn export [(0..1048575)] | |
1629 | ||
1630 | Deletes any previously-configured export label. | |
1631 | ||
1632 | .. index:: nexthop vpn export A.B.C.D|X:X::X:X | |
1633 | .. clicmd:: nexthop vpn export A.B.C.D|X:X::X:X | |
1634 | ||
1635 | Specifies an optional nexthop value to be assigned to a route exported | |
1636 | from the current unicast VRF to VPN. If left unspecified, the nexthop | |
1637 | will be set to 0.0.0.0 or 0:0::0:0 (self). | |
1638 | ||
1639 | .. index:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1640 | .. clicmd:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1641 | ||
1642 | Deletes any previously-configured export nexthop. | |
1643 | ||
1644 | .. index:: route-map vpn import|export MAP | |
1645 | .. clicmd:: route-map vpn import|export MAP | |
1646 | ||
1647 | Specifies an optional route-map to be applied to routes imported | |
1648 | or exported betwen the current unicast VRF and VPN. | |
1649 | ||
1650 | .. index:: no route-map vpn import|export [MAP] | |
1651 | .. clicmd:: no route-map vpn import|export [MAP] | |
1652 | ||
1653 | Deletes any previously-configured import or export route-map. | |
1654 | ||
1655 | .. index:: import|export vpn | |
1656 | .. clicmd:: import|export vpn | |
1657 | ||
1658 | Enables import or export of routes betwen the current unicast VRF and VPN. | |
1659 | ||
1660 | .. index:: no import|export vpn | |
1661 | .. clicmd:: no import|export vpn | |
1662 | ||
1663 | Disables import or export of routes betwen the current unicast VRF and VPN. | |
1664 | ||
1665 | ||
0efdf0fe | 1666 | .. _displaying-bgp-information: |
42fc5d26 QY |
1667 | |
1668 | Displaying BGP information | |
1669 | ========================== | |
1670 | ||
1671 | ||
0efdf0fe | 1672 | .. _showing-bgp-information: |
42fc5d26 QY |
1673 | |
1674 | Showing BGP information | |
1675 | ----------------------- | |
1676 | ||
c3c5a71f | 1677 | .. index:: show ip bgp |
29adcd50 | 1678 | .. clicmd:: show ip bgp |
42fc5d26 | 1679 | |
c1a54c05 | 1680 | .. index:: show ip bgp A.B.C.D |
29adcd50 | 1681 | .. clicmd:: show ip bgp A.B.C.D |
42fc5d26 | 1682 | |
c1a54c05 | 1683 | .. index:: show ip bgp X:X::X:X |
29adcd50 | 1684 | .. clicmd:: show ip bgp X:X::X:X |
42fc5d26 | 1685 | |
c1a54c05 QY |
1686 | This command displays BGP routes. When no route is specified it |
1687 | display all of IPv4 BGP routes. | |
42fc5d26 | 1688 | |
c1a54c05 | 1689 | :: |
76bd1499 | 1690 | |
42fc5d26 | 1691 | BGP table version is 0, local router ID is 10.1.1.1 |
c1a54c05 QY |
1692 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal |
1693 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
76bd1499 | 1694 | |
c1a54c05 QY |
1695 | Network Next Hop Metric LocPrf Weight Path |
1696 | \*> 1.1.1.1/32 0.0.0.0 0 32768 i | |
76bd1499 | 1697 | |
c1a54c05 | 1698 | Total number of prefixes 1 |
42fc5d26 | 1699 | |
42fc5d26 | 1700 | |
c3c5a71f | 1701 | .. index:: show ip bgp regexp LINE |
29adcd50 | 1702 | .. clicmd:: show ip bgp regexp LINE |
42fc5d26 | 1703 | |
c1a54c05 | 1704 | This command displays BGP routes using AS path regular expression |
0efdf0fe | 1705 | (:ref:`bgp-regular-expressions`). |
42fc5d26 | 1706 | |
c1a54c05 | 1707 | .. index:: show ip bgp community COMMUNITY |
29adcd50 | 1708 | .. clicmd:: show ip bgp community COMMUNITY |
42fc5d26 | 1709 | |
c1a54c05 | 1710 | .. index:: show ip bgp community COMMUNITY exact-match |
29adcd50 | 1711 | .. clicmd:: show ip bgp community COMMUNITY exact-match |
42fc5d26 | 1712 | |
0efdf0fe | 1713 | This command displays BGP routes using `community` (:ref:`display-bgp-routes-by-community`). |
42fc5d26 | 1714 | |
c1a54c05 | 1715 | .. index:: show ip bgp community-list WORD |
29adcd50 | 1716 | .. clicmd:: show ip bgp community-list WORD |
42fc5d26 | 1717 | |
c1a54c05 | 1718 | .. index:: show ip bgp community-list WORD exact-match |
29adcd50 | 1719 | .. clicmd:: show ip bgp community-list WORD exact-match |
42fc5d26 | 1720 | |
0efdf0fe | 1721 | This command displays BGP routes using community list (:ref:`display-bgp-routes-by-community`). |
42fc5d26 | 1722 | |
c1a54c05 | 1723 | .. index:: show bgp ipv4|ipv6 summary |
29adcd50 | 1724 | .. clicmd:: show bgp ipv4|ipv6 summary |
42fc5d26 | 1725 | |
c1a54c05 | 1726 | Show a bgp peer summary for the specified address family. |
42fc5d26 | 1727 | |
c1a54c05 | 1728 | .. index:: show bgp ipv4|ipv6 neighbor [PEER] |
29adcd50 | 1729 | .. clicmd:: show bgp ipv4|ipv6 neighbor [PEER] |
42fc5d26 | 1730 | |
c1a54c05 | 1731 | This command shows information on a specific BGP `peer`. |
42fc5d26 | 1732 | |
c1a54c05 | 1733 | .. index:: show bgp ipv4|ipv6 dampening dampened-paths |
29adcd50 | 1734 | .. clicmd:: show bgp ipv4|ipv6 dampening dampened-paths |
42fc5d26 | 1735 | |
c1a54c05 | 1736 | Display paths suppressed due to dampening. |
42fc5d26 | 1737 | |
c1a54c05 | 1738 | .. index:: show bgp ipv4|ipv6 dampening flap-statistics |
29adcd50 | 1739 | .. clicmd:: show bgp ipv4|ipv6 dampening flap-statistics |
c1a54c05 QY |
1740 | |
1741 | Display flap statistics of routes. | |
42fc5d26 | 1742 | |
0efdf0fe | 1743 | .. _other-bgp-commands: |
42fc5d26 QY |
1744 | |
1745 | Other BGP commands | |
1746 | ------------------ | |
1747 | ||
c3c5a71f | 1748 | .. index:: clear bgp ipv4|ipv6 \* |
29adcd50 | 1749 | .. clicmd:: clear bgp ipv4|ipv6 \* |
42fc5d26 | 1750 | |
c1a54c05 | 1751 | Clear all address family peers. |
42fc5d26 | 1752 | |
c1a54c05 | 1753 | .. index:: clear bgp ipv4|ipv6 PEER |
29adcd50 | 1754 | .. clicmd:: clear bgp ipv4|ipv6 PEER |
42fc5d26 | 1755 | |
c1a54c05 | 1756 | Clear peers which have addresses of X.X.X.X |
42fc5d26 | 1757 | |
c1a54c05 | 1758 | .. index:: clear bgp ipv4|ipv6 PEER soft in |
29adcd50 | 1759 | .. clicmd:: clear bgp ipv4|ipv6 PEER soft in |
42fc5d26 | 1760 | |
c1a54c05 | 1761 | Clear peer using soft reconfiguration. |
42fc5d26 | 1762 | |
c1a54c05 | 1763 | .. index:: show debug |
29adcd50 | 1764 | .. clicmd:: show debug |
42fc5d26 | 1765 | |
c1a54c05 | 1766 | .. index:: debug event |
29adcd50 | 1767 | .. clicmd:: debug event |
42fc5d26 | 1768 | |
c1a54c05 | 1769 | .. index:: debug update |
29adcd50 | 1770 | .. clicmd:: debug update |
42fc5d26 | 1771 | |
c1a54c05 | 1772 | .. index:: debug keepalive |
29adcd50 | 1773 | .. clicmd:: debug keepalive |
42fc5d26 | 1774 | |
c1a54c05 | 1775 | .. index:: no debug event |
29adcd50 | 1776 | .. clicmd:: no debug event |
42fc5d26 | 1777 | |
c1a54c05 | 1778 | .. index:: no debug update |
29adcd50 | 1779 | .. clicmd:: no debug update |
42fc5d26 | 1780 | |
c1a54c05 | 1781 | .. index:: no debug keepalive |
29adcd50 | 1782 | .. clicmd:: no debug keepalive |
42fc5d26 | 1783 | |
c1a54c05 | 1784 | |
0efdf0fe | 1785 | .. _capability-negotiation: |
42fc5d26 QY |
1786 | |
1787 | Capability Negotiation | |
1788 | ====================== | |
1789 | ||
4b44467c QY |
1790 | When adding IPv6 routing information exchange feature to BGP. There were some |
1791 | proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR ( Inter | |
1792 | Domain Routing)` :abbr:`IDR ( Inter Domain Routing)` adopted a proposal called | |
1793 | Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. | |
1794 | The protocol does not define new protocols. It defines new attributes to | |
1795 | existing BGP. When it is used exchanging IPv6 routing information it is called | |
1796 | BGP-4+. When it is used for exchanging multicast routing information it is | |
1797 | called MBGP. | |
1798 | ||
1799 | *bgpd* supports Multiprotocol Extension for BGP. So if remote peer supports the | |
1800 | protocol, *bgpd* can exchange IPv6 and/or multicast routing information. | |
1801 | ||
1802 | Traditional BGP did not have the feature to detect remote peer's capabilities, | |
1803 | e.g. whether it can handle prefix types other than IPv4 unicast routes. This | |
1804 | was a big problem using Multiprotocol Extension for BGP to operational network. | |
1805 | :rfc:`2842` adopted a feature called Capability Negotiation. *bgpd* use this | |
1806 | Capability Negotiation to detect the remote peer's capabilities. If the peer is | |
1807 | only configured as IPv4 unicast neighbor, *bgpd* does not send these Capability | |
1808 | Negotiation packets (at least not unless other optional BGP features require | |
1809 | capability negotation). | |
1810 | ||
1811 | By default, FRR will bring up peering with minimal common capability for the | |
1812 | both sides. For example, local router has unicast and multicast capabilitie and | |
1813 | remote router has unicast capability. In this case, the local router will | |
1814 | establish the connection with unicast only capability. When there are no common | |
1815 | capabilities, FRR sends Unsupported Capability error and then resets the | |
1816 | connection. | |
1817 | ||
1818 | If you want to completely match capabilities with remote peer. Please use | |
1819 | *strict-capability-match* command. | |
42fc5d26 | 1820 | |
c1a54c05 QY |
1821 | .. index:: neighbor PEER strict-capability-match |
1822 | .. clicmd:: neighbor PEER strict-capability-match | |
c3c5a71f | 1823 | |
c1a54c05 QY |
1824 | .. index:: no neighbor PEER strict-capability-match |
1825 | .. clicmd:: no neighbor PEER strict-capability-match | |
42fc5d26 | 1826 | |
c1a54c05 QY |
1827 | Strictly compares remote capabilities and local capabilities. If capabilities |
1828 | are different, send Unsupported Capability error then reset connection. | |
42fc5d26 | 1829 | |
c1a54c05 QY |
1830 | You may want to disable sending Capability Negotiation OPEN message |
1831 | optional parameter to the peer when remote peer does not implement | |
1832 | Capability Negotiation. Please use *dont-capability-negotiate* | |
1833 | command to disable the feature. | |
c3c5a71f | 1834 | |
c1a54c05 QY |
1835 | .. index:: neighbor PEER dont-capability-negotiate |
1836 | .. clicmd:: neighbor PEER dont-capability-negotiate | |
42fc5d26 | 1837 | |
c1a54c05 QY |
1838 | .. index:: no neighbor PEER dont-capability-negotiate |
1839 | .. clicmd:: no neighbor PEER dont-capability-negotiate | |
c3c5a71f | 1840 | |
c1a54c05 QY |
1841 | Suppress sending Capability Negotiation as OPEN message optional |
1842 | parameter to the peer. This command only affects the peer is configured | |
1843 | other than IPv4 unicast configuration. | |
42fc5d26 | 1844 | |
c1a54c05 QY |
1845 | When remote peer does not have capability negotiation feature, remote |
1846 | peer will not send any capabilities at all. In that case, bgp | |
1847 | configures the peer with configured capabilities. | |
42fc5d26 | 1848 | |
c1a54c05 QY |
1849 | You may prefer locally configured capabilities more than the negotiated |
1850 | capabilities even though remote peer sends capabilities. If the peer | |
1851 | is configured by *override-capability*, *bgpd* ignores | |
1852 | received capabilities then override negotiated capabilities with | |
1853 | configured values. | |
42fc5d26 | 1854 | |
c1a54c05 QY |
1855 | .. index:: neighbor PEER override-capability |
1856 | .. clicmd:: neighbor PEER override-capability | |
42fc5d26 | 1857 | |
c1a54c05 QY |
1858 | .. index:: no neighbor PEER override-capability |
1859 | .. clicmd:: no neighbor PEER override-capability | |
c3c5a71f | 1860 | |
c1a54c05 QY |
1861 | Override the result of Capability Negotiation with local configuration. |
1862 | Ignore remote peer's capability value. | |
42fc5d26 | 1863 | |
0efdf0fe | 1864 | .. _route-reflector: |
42fc5d26 QY |
1865 | |
1866 | Route Reflector | |
1867 | =============== | |
1868 | ||
c1a54c05 QY |
1869 | .. index:: bgp cluster-id A.B.C.D |
1870 | .. clicmd:: bgp cluster-id A.B.C.D | |
42fc5d26 | 1871 | |
c1a54c05 QY |
1872 | .. index:: neighbor PEER route-reflector-client |
1873 | .. clicmd:: neighbor PEER route-reflector-client | |
c3c5a71f | 1874 | |
c1a54c05 QY |
1875 | .. index:: no neighbor PEER route-reflector-client |
1876 | .. clicmd:: no neighbor PEER route-reflector-client | |
42fc5d26 | 1877 | |
42fc5d26 | 1878 | |
0efdf0fe | 1879 | .. _route-server: |
42fc5d26 QY |
1880 | |
1881 | Route Server | |
1882 | ============ | |
1883 | ||
c1a54c05 QY |
1884 | At an Internet Exchange point, many ISPs are connected to each other by the |
1885 | "full mesh method". As with internal BGP full mesh formation, | |
1886 | ||
42fc5d26 QY |
1887 | this method has a scaling problem. |
1888 | ||
c1a54c05 QY |
1889 | This scaling problem is well known. Route Server is a method to resolve the |
1890 | problem. Each ISP's BGP router only peers to Route Server. Route Server serves | |
1891 | as BGP information exchange to other BGP routers. By applying this method, | |
1892 | numbers of BGP connections is reduced from O(n*(n-1)/2) to O(n). | |
42fc5d26 | 1893 | |
c1a54c05 QY |
1894 | Unlike normal BGP router, Route Server must have several routing tables for |
1895 | managing different routing policies for each BGP speaker. We call the routing | |
1896 | tables as different "views". *bgpd* can work as normal BGP router or Route | |
1897 | Server or both at the same time. | |
42fc5d26 | 1898 | |
0efdf0fe | 1899 | .. _multiple-instance: |
42fc5d26 QY |
1900 | |
1901 | Multiple instance | |
1902 | ----------------- | |
1903 | ||
c1a54c05 QY |
1904 | To enable multiple view function of *bgpd*, you must turn on multiple instance |
1905 | feature beforehand. | |
42fc5d26 | 1906 | |
c3c5a71f | 1907 | .. index:: bgp multiple-instance |
29adcd50 | 1908 | .. clicmd:: bgp multiple-instance |
42fc5d26 | 1909 | |
c1a54c05 QY |
1910 | Enable BGP multiple instance feature. After this feature is enabled, |
1911 | you can make multiple BGP instances or multiple BGP views. | |
42fc5d26 | 1912 | |
c1a54c05 | 1913 | .. index:: no bgp multiple-instance |
29adcd50 | 1914 | .. clicmd:: no bgp multiple-instance |
c1a54c05 QY |
1915 | |
1916 | Disable BGP multiple instance feature. You can not disable this feature | |
1917 | when BGP multiple instances or views exist. | |
42fc5d26 | 1918 | |
c3c5a71f | 1919 | When you want to make configuration more Cisco like one, |
42fc5d26 | 1920 | |
c3c5a71f | 1921 | .. index:: bgp config-type cisco |
29adcd50 | 1922 | .. clicmd:: bgp config-type cisco |
c1a54c05 QY |
1923 | |
1924 | Cisco compatible BGP configuration output. | |
42fc5d26 | 1925 | |
c3c5a71f | 1926 | When bgp config-type cisco is specified, |
42fc5d26 QY |
1927 | |
1928 | 'no synchronization' is displayed. | |
1929 | 'no auto-summary' is displayed. | |
1930 | ||
1931 | 'network' and 'aggregate-address' argument is displayed as | |
1932 | 'A.B.C.D M.M.M.M' | |
1933 | ||
dc1046f7 | 1934 | FRR: network 10.0.0.0/8 |
42fc5d26 QY |
1935 | Cisco: network 10.0.0.0 |
1936 | ||
dc1046f7 | 1937 | FRR: aggregate-address 192.168.0.0/24 |
42fc5d26 QY |
1938 | Cisco: aggregate-address 192.168.0.0 255.255.255.0 |
1939 | ||
c3c5a71f | 1940 | Community attribute handling is also different. If there is no |
42fc5d26 | 1941 | configuration is specified community attribute and extended community |
c3c5a71f QY |
1942 | attribute are sent to neighbor. When user manually disable the |
1943 | feature community attribute is not sent to the neighbor. In case of | |
42fc5d26 | 1944 | *bgp config-type cisco* is specified, community attribute is not |
c3c5a71f | 1945 | sent to the neighbor by default. To send community attribute user has |
c1a54c05 QY |
1946 | to specify *neighbor A.B.C.D send-community* command.:: |
1947 | ||
1948 | ! | |
1949 | router bgp 1 | |
1950 | neighbor 10.0.0.1 remote-as 1 | |
1951 | address-family ipv4 unicast | |
1952 | no neighbor 10.0.0.1 send-community | |
1953 | exit-address-family | |
1954 | ! | |
1955 | router bgp 1 | |
1956 | neighbor 10.0.0.1 remote-as 1 | |
1957 | address-family ipv4 unicast | |
1958 | neighbor 10.0.0.1 send-community | |
1959 | exit-address-family | |
1960 | ! | |
42fc5d26 | 1961 | |
42fc5d26 | 1962 | |
c3c5a71f | 1963 | .. index:: bgp config-type zebra |
29adcd50 | 1964 | .. clicmd:: bgp config-type zebra |
c1a54c05 QY |
1965 | |
1966 | FRR style BGP configuration. This is default. | |
42fc5d26 | 1967 | |
0efdf0fe | 1968 | .. _bgp-instance-and-view: |
42fc5d26 QY |
1969 | |
1970 | BGP instance and view | |
1971 | --------------------- | |
1972 | ||
c3c5a71f QY |
1973 | BGP instance is a normal BGP process. The result of route selection |
1974 | goes to the kernel routing table. You can setup different AS at the | |
42fc5d26 QY |
1975 | same time when BGP multiple instance feature is enabled. |
1976 | ||
c3c5a71f | 1977 | .. index:: router bgp AS-NUMBER |
29adcd50 | 1978 | .. clicmd:: router bgp AS-NUMBER |
42fc5d26 | 1979 | |
c1a54c05 | 1980 | Make a new BGP instance. You can use arbitrary word for the `name`. |
42fc5d26 | 1981 | |
c1a54c05 | 1982 | :: |
76bd1499 | 1983 | |
c1a54c05 QY |
1984 | bgp multiple-instance |
1985 | ! | |
1986 | router bgp 1 | |
1987 | neighbor 10.0.0.1 remote-as 2 | |
1988 | neighbor 10.0.0.2 remote-as 3 | |
1989 | ! | |
1990 | router bgp 2 | |
1991 | neighbor 10.0.0.3 remote-as 4 | |
1992 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 1993 | |
42fc5d26 QY |
1994 | |
1995 | BGP view is almost same as normal BGP process. The result of | |
c3c5a71f | 1996 | route selection does not go to the kernel routing table. BGP view is |
42fc5d26 QY |
1997 | only for exchanging BGP routing information. |
1998 | ||
c3c5a71f | 1999 | .. index:: router bgp AS-NUMBER view NAME |
29adcd50 | 2000 | .. clicmd:: router bgp AS-NUMBER view NAME |
42fc5d26 | 2001 | |
c1a54c05 QY |
2002 | Make a new BGP view. You can use arbitrary word for the `name`. This view's |
2003 | route selection result does not go to the kernel routing table. | |
42fc5d26 | 2004 | |
c1a54c05 | 2005 | With this command, you can setup Route Server like below. |
42fc5d26 | 2006 | |
c1a54c05 | 2007 | :: |
76bd1499 | 2008 | |
c1a54c05 QY |
2009 | bgp multiple-instance |
2010 | ! | |
2011 | router bgp 1 view 1 | |
2012 | neighbor 10.0.0.1 remote-as 2 | |
2013 | neighbor 10.0.0.2 remote-as 3 | |
2014 | ! | |
2015 | router bgp 2 view 2 | |
2016 | neighbor 10.0.0.3 remote-as 4 | |
2017 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 2018 | |
42fc5d26 | 2019 | |
0efdf0fe | 2020 | .. _routing-policy: |
42fc5d26 QY |
2021 | |
2022 | Routing policy | |
2023 | -------------- | |
2024 | ||
c3c5a71f | 2025 | You can set different routing policy for a peer. For example, you can |
c1a54c05 QY |
2026 | set different filter for a peer.:: |
2027 | ||
2028 | bgp multiple-instance | |
2029 | ! | |
2030 | router bgp 1 view 1 | |
2031 | neighbor 10.0.0.1 remote-as 2 | |
2032 | address-family ipv4 unicast | |
2033 | neighbor 10.0.0.1 distribute-list 1 in | |
2034 | exit-address-family | |
2035 | ! | |
2036 | router bgp 1 view 2 | |
2037 | neighbor 10.0.0.1 remote-as 2 | |
2038 | address-family ipv4 unicast | |
2039 | neighbor 10.0.0.1 distribute-list 2 in | |
2040 | exit-address-family | |
c3c5a71f | 2041 | |
42fc5d26 QY |
2042 | |
2043 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view | |
c3c5a71f QY |
2044 | 2. When the update is inserted into view 1, distribute-list 1 is |
2045 | applied. On the other hand, when the update is inserted into view 2, | |
42fc5d26 QY |
2046 | distribute-list 2 is applied. |
2047 | ||
0efdf0fe | 2048 | .. _viewing-the-view: |
42fc5d26 QY |
2049 | |
2050 | Viewing the view | |
2051 | ---------------- | |
2052 | ||
2053 | To display routing table of BGP view, you must specify view name. | |
2054 | ||
c3c5a71f | 2055 | .. index:: show ip bgp view NAME |
29adcd50 | 2056 | .. clicmd:: show ip bgp view NAME |
c1a54c05 QY |
2057 | |
2058 | Display routing table of BGP view ``NAME``. | |
42fc5d26 | 2059 | |
0efdf0fe | 2060 | .. _bgp-regular-expressions: |
42fc5d26 QY |
2061 | |
2062 | BGP Regular Expressions | |
2063 | ======================= | |
2064 | ||
2065 | BGP regular expressions are based on `POSIX 1003.2` regular | |
2066 | expressions. The following description is just a quick subset of the | |
2067 | `POSIX` regular expressions. Adding to that, the special character | |
2068 | '_' is added. | |
2069 | ||
2070 | ||
c1a54c05 QY |
2071 | .* |
2072 | Matches any single character. | |
42fc5d26 QY |
2073 | |
2074 | * | |
c1a54c05 | 2075 | Matches 0 or more occurrences of pattern. |
42fc5d26 QY |
2076 | |
2077 | + | |
c1a54c05 | 2078 | Matches 1 or more occurrences of pattern. |
42fc5d26 QY |
2079 | |
2080 | ? | |
c1a54c05 | 2081 | Match 0 or 1 occurrences of pattern. |
42fc5d26 QY |
2082 | |
2083 | ^ | |
c1a54c05 | 2084 | Matches the beginning of the line. |
42fc5d26 QY |
2085 | |
2086 | $ | |
c1a54c05 | 2087 | Matches the end of the line. |
42fc5d26 QY |
2088 | |
2089 | _ | |
c1a54c05 QY |
2090 | Character `_` has special meanings in BGP regular expressions. It matches |
2091 | to space and comma , and AS set delimiter { and } and AS confederation | |
2092 | delimiter `(` and `)`. And it also matches to the beginning of the line and | |
2093 | the end of the line. So `_` can be used for AS value boundaries match. This | |
2094 | character technically evaluates to `(^|[,{}() ]|$)`. | |
42fc5d26 | 2095 | |
11ab5329 | 2096 | .. _how-to-set-up-a-6-bone-connection: |
42fc5d26 QY |
2097 | |
2098 | How to set up a 6-Bone connection | |
2099 | ================================= | |
2100 | ||
2101 | :: | |
2102 | ||
c1a54c05 QY |
2103 | zebra configuration |
2104 | =================== | |
2105 | ! | |
2106 | ! Actually there is no need to configure zebra | |
2107 | ! | |
2108 | ||
2109 | bgpd configuration | |
2110 | ================== | |
2111 | ! | |
2112 | ! This means that routes go through zebra and into the kernel. | |
2113 | ! | |
2114 | router zebra | |
2115 | ! | |
2116 | ! MP-BGP configuration | |
2117 | ! | |
2118 | router bgp 7675 | |
2119 | bgp router-id 10.0.0.1 | |
2120 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as `as-number` | |
2121 | ! | |
2122 | address-family ipv6 | |
2123 | network 3ffe:506::/32 | |
2124 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
2125 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
2126 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as `as-number` | |
2127 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
2128 | exit-address-family | |
2129 | ! | |
2130 | ipv6 access-list all permit any | |
2131 | ! | |
2132 | ! Set output nexthop address. | |
2133 | ! | |
2134 | route-map set-nexthop permit 10 | |
2135 | match ipv6 address all | |
2136 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
2137 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
2138 | ! | |
2139 | ! logfile FILENAME is obsolete. Please use log file FILENAME | |
2140 | ||
2141 | log file bgpd.log | |
2142 | ! | |
c3c5a71f | 2143 | |
42fc5d26 | 2144 | |
0efdf0fe | 2145 | .. _dump-bgp-packets-and-table: |
42fc5d26 QY |
2146 | |
2147 | Dump BGP packets and table | |
2148 | ========================== | |
2149 | ||
c3c5a71f | 2150 | .. index:: dump bgp all PATH [INTERVAL] |
29adcd50 | 2151 | .. clicmd:: dump bgp all PATH [INTERVAL] |
42fc5d26 | 2152 | |
c1a54c05 | 2153 | .. index:: dump bgp all-et PATH [INTERVAL] |
29adcd50 | 2154 | .. clicmd:: dump bgp all-et PATH [INTERVAL] |
42fc5d26 | 2155 | |
c1a54c05 | 2156 | .. index:: no dump bgp all [PATH] [INTERVAL] |
29adcd50 | 2157 | .. clicmd:: no dump bgp all [PATH] [INTERVAL] |
42fc5d26 | 2158 | |
c1a54c05 QY |
2159 | Dump all BGP packet and events to `path` file. |
2160 | If `interval` is set, a new file will be created for echo `interval` of seconds. | |
2161 | The path `path` can be set with date and time formatting (strftime). | |
0efdf0fe QY |
2162 | The type ‘all-et’ enables support for Extended Timestamp Header (:ref:`packet-binary-dump-format`). |
2163 | (:ref:`packet-binary-dump-format`) | |
42fc5d26 | 2164 | |
c1a54c05 | 2165 | .. index:: dump bgp updates PATH [INTERVAL] |
29adcd50 | 2166 | .. clicmd:: dump bgp updates PATH [INTERVAL] |
42fc5d26 | 2167 | |
c1a54c05 | 2168 | .. index:: dump bgp updates-et PATH [INTERVAL] |
29adcd50 | 2169 | .. clicmd:: dump bgp updates-et PATH [INTERVAL] |
42fc5d26 | 2170 | |
c1a54c05 | 2171 | .. index:: no dump bgp updates [PATH] [INTERVAL] |
29adcd50 | 2172 | .. clicmd:: no dump bgp updates [PATH] [INTERVAL] |
42fc5d26 | 2173 | |
c1a54c05 QY |
2174 | Dump only BGP updates messages to `path` file. |
2175 | If `interval` is set, a new file will be created for echo `interval` of seconds. | |
2176 | The path `path` can be set with date and time formatting (strftime). | |
0efdf0fe | 2177 | The type ‘updates-et’ enables support for Extended Timestamp Header (:ref:`packet-binary-dump-format`). |
42fc5d26 | 2178 | |
c1a54c05 | 2179 | .. index:: dump bgp routes-mrt PATH |
29adcd50 | 2180 | .. clicmd:: dump bgp routes-mrt PATH |
42fc5d26 | 2181 | |
c1a54c05 | 2182 | .. index:: dump bgp routes-mrt PATH INTERVAL |
29adcd50 | 2183 | .. clicmd:: dump bgp routes-mrt PATH INTERVAL |
42fc5d26 | 2184 | |
c1a54c05 | 2185 | .. index:: no dump bgp route-mrt [PATH] [INTERVAL] |
29adcd50 | 2186 | .. clicmd:: no dump bgp route-mrt [PATH] [INTERVAL] |
42fc5d26 | 2187 | |
c1a54c05 QY |
2188 | Dump whole BGP routing table to `path`. This is heavy process. |
2189 | The path `path` can be set with date and time formatting (strftime). | |
2190 | If `interval` is set, a new file will be created for echo `interval` of seconds. | |
42fc5d26 | 2191 | |
c1a54c05 | 2192 | Note: the interval variable can also be set using hours and minutes: 04h20m00. |
42fc5d26 | 2193 | |
c1a54c05 | 2194 | .. _bgp-configuration-examples: |
42fc5d26 | 2195 | |
c1a54c05 QY |
2196 | BGP Configuration Examples |
2197 | ========================== | |
42fc5d26 | 2198 | |
c1a54c05 | 2199 | Example of a session to an upstream, advertising only one prefix to it.:: |
42fc5d26 | 2200 | |
c1a54c05 QY |
2201 | router bgp 64512 |
2202 | bgp router-id 10.236.87.1 | |
2203 | neighbor upstream peer-group | |
2204 | neighbor upstream remote-as 64515 | |
2205 | neighbor upstream capability dynamic | |
2206 | neighbor 10.1.1.1 peer-group upstream | |
2207 | neighbor 10.1.1.1 description ACME ISP | |
c3c5a71f | 2208 | |
c1a54c05 QY |
2209 | address-family ipv4 unicast |
2210 | network 10.236.87.0/24 | |
2211 | neighbor upstream prefix-list pl-allowed-adv out | |
2212 | exit-address-family | |
2213 | ! | |
2214 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
2215 | ip prefix-list pl-allowed-adv seq 10 deny any | |
42fc5d26 QY |
2216 | |
2217 | A more complex example. With upstream, peer and customer sessions. | |
2218 | Advertising global prefixes and NO_EXPORT prefixes and providing | |
2219 | actions for customer routes based on community values. Extensive use of | |
2220 | route-maps and the 'call' feature to support selective advertising of | |
2221 | prefixes. This example is intended as guidance only, it has NOT been | |
2222 | tested and almost certainly containts silly mistakes, if not serious | |
2223 | flaws. | |
2224 | ||
2225 | :: | |
2226 | ||
c1a54c05 QY |
2227 | router bgp 64512 |
2228 | bgp router-id 10.236.87.1 | |
2229 | neighbor upstream capability dynamic | |
2230 | neighbor cust capability dynamic | |
2231 | neighbor peer capability dynamic | |
2232 | neighbor 10.1.1.1 remote-as 64515 | |
2233 | neighbor 10.1.1.1 peer-group upstream | |
2234 | neighbor 10.2.1.1 remote-as 64516 | |
2235 | neighbor 10.2.1.1 peer-group upstream | |
2236 | neighbor 10.3.1.1 remote-as 64517 | |
2237 | neighbor 10.3.1.1 peer-group cust-default | |
2238 | neighbor 10.3.1.1 description customer1 | |
2239 | neighbor 10.4.1.1 remote-as 64518 | |
2240 | neighbor 10.4.1.1 peer-group cust | |
2241 | neighbor 10.4.1.1 description customer2 | |
2242 | neighbor 10.5.1.1 remote-as 64519 | |
2243 | neighbor 10.5.1.1 peer-group peer | |
2244 | neighbor 10.5.1.1 description peer AS 1 | |
2245 | neighbor 10.6.1.1 remote-as 64520 | |
2246 | neighbor 10.6.1.1 peer-group peer | |
2247 | neighbor 10.6.1.1 description peer AS 2 | |
2248 | ||
2249 | address-family ipv4 unicast | |
2250 | network 10.123.456.0/24 | |
2251 | network 10.123.456.128/25 route-map rm-no-export | |
2252 | neighbor upstream route-map rm-upstream-out out | |
2253 | neighbor cust route-map rm-cust-in in | |
2254 | neighbor cust route-map rm-cust-out out | |
2255 | neighbor cust send-community both | |
2256 | neighbor peer route-map rm-peer-in in | |
2257 | neighbor peer route-map rm-peer-out out | |
2258 | neighbor peer send-community both | |
2259 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
2260 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
2261 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
2262 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
2263 | exit-address-family | |
2264 | ! | |
2265 | ip prefix-list pl-default permit 0.0.0.0/0 | |
2266 | ! | |
2267 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
2268 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
2269 | ! | |
2270 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
2271 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
2272 | ! | |
2273 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
2274 | ! | |
2275 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
2276 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
2277 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
2278 | ! | |
2279 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
2280 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
2281 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
2282 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
2283 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
2284 | ! | |
2285 | ip as-path access-list asp-own-as permit ^$ | |
2286 | ip as-path access-list asp-own-as permit _64512_ | |
2287 | ! | |
2288 | ! ################################################################# | |
2289 | ! Match communities we provide actions for, on routes receives from | |
2290 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
2291 | ! | |
2292 | ! 100 - blackhole the prefix | |
2293 | ! 200 - set no_export | |
2294 | ! 300 - advertise only to other customers | |
2295 | ! 400 - advertise only to upstreams | |
2296 | ! 500 - set no_export when advertising to upstreams | |
2297 | ! 2X00 - set local_preference to X00 | |
2298 | ! | |
2299 | ! blackhole the prefix of the route | |
2300 | ip community-list standard cm-blackhole permit 64512:100 | |
2301 | ! | |
2302 | ! set no-export community before advertising | |
2303 | ip community-list standard cm-set-no-export permit 64512:200 | |
2304 | ! | |
2305 | ! advertise only to other customers | |
2306 | ip community-list standard cm-cust-only permit 64512:300 | |
2307 | ! | |
2308 | ! advertise only to upstreams | |
2309 | ip community-list standard cm-upstream-only permit 64512:400 | |
2310 | ! | |
2311 | ! advertise to upstreams with no-export | |
2312 | ip community-list standard cm-upstream-noexport permit 64512:500 | |
2313 | ! | |
2314 | ! set local-pref to least significant 3 digits of the community | |
2315 | ip community-list standard cm-prefmod-100 permit 64512:2100 | |
2316 | ip community-list standard cm-prefmod-200 permit 64512:2200 | |
2317 | ip community-list standard cm-prefmod-300 permit 64512:2300 | |
2318 | ip community-list standard cm-prefmod-400 permit 64512:2400 | |
2319 | ip community-list expanded cme-prefmod-range permit 64512:2... | |
2320 | ! | |
2321 | ! Informational communities | |
2322 | ! | |
2323 | ! 3000 - learned from upstream | |
2324 | ! 3100 - learned from customer | |
2325 | ! 3200 - learned from peer | |
2326 | ! | |
2327 | ip community-list standard cm-learnt-upstream permit 64512:3000 | |
2328 | ip community-list standard cm-learnt-cust permit 64512:3100 | |
2329 | ip community-list standard cm-learnt-peer permit 64512:3200 | |
2330 | ! | |
2331 | ! ################################################################### | |
2332 | ! Utility route-maps | |
2333 | ! | |
2334 | ! These utility route-maps generally should not used to permit/deny | |
2335 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
2336 | ! should be used with 'on-match next'. These all finish with an empty | |
2337 | ! permit entry so as not interfere with processing in the caller. | |
2338 | ! | |
2339 | route-map rm-no-export permit 10 | |
2340 | set community additive no-export | |
2341 | route-map rm-no-export permit 20 | |
2342 | ! | |
2343 | route-map rm-blackhole permit 10 | |
2344 | description blackhole, up-pref and ensure it cant escape this AS | |
2345 | set ip next-hop 127.0.0.1 | |
2346 | set local-preference 10 | |
2347 | set community additive no-export | |
2348 | route-map rm-blackhole permit 20 | |
2349 | ! | |
2350 | ! Set local-pref as requested | |
2351 | route-map rm-prefmod permit 10 | |
2352 | match community cm-prefmod-100 | |
2353 | set local-preference 100 | |
2354 | route-map rm-prefmod permit 20 | |
2355 | match community cm-prefmod-200 | |
2356 | set local-preference 200 | |
2357 | route-map rm-prefmod permit 30 | |
2358 | match community cm-prefmod-300 | |
2359 | set local-preference 300 | |
2360 | route-map rm-prefmod permit 40 | |
2361 | match community cm-prefmod-400 | |
2362 | set local-preference 400 | |
2363 | route-map rm-prefmod permit 50 | |
2364 | ! | |
2365 | ! Community actions to take on receipt of route. | |
2366 | route-map rm-community-in permit 10 | |
2367 | description check for blackholing, no point continuing if it matches. | |
2368 | match community cm-blackhole | |
2369 | call rm-blackhole | |
2370 | route-map rm-community-in permit 20 | |
2371 | match community cm-set-no-export | |
2372 | call rm-no-export | |
2373 | on-match next | |
2374 | route-map rm-community-in permit 30 | |
2375 | match community cme-prefmod-range | |
2376 | call rm-prefmod | |
2377 | route-map rm-community-in permit 40 | |
2378 | ! | |
2379 | ! ##################################################################### | |
2380 | ! Community actions to take when advertising a route. | |
2381 | ! These are filtering route-maps, | |
2382 | ! | |
2383 | ! Deny customer routes to upstream with cust-only set. | |
2384 | route-map rm-community-filt-to-upstream deny 10 | |
2385 | match community cm-learnt-cust | |
2386 | match community cm-cust-only | |
2387 | route-map rm-community-filt-to-upstream permit 20 | |
2388 | ! | |
2389 | ! Deny customer routes to other customers with upstream-only set. | |
2390 | route-map rm-community-filt-to-cust deny 10 | |
2391 | match community cm-learnt-cust | |
2392 | match community cm-upstream-only | |
2393 | route-map rm-community-filt-to-cust permit 20 | |
2394 | ! | |
2395 | ! ################################################################### | |
2396 | ! The top-level route-maps applied to sessions. Further entries could | |
2397 | ! be added obviously.. | |
2398 | ! | |
2399 | ! Customers | |
2400 | route-map rm-cust-in permit 10 | |
2401 | call rm-community-in | |
2402 | on-match next | |
2403 | route-map rm-cust-in permit 20 | |
2404 | set community additive 64512:3100 | |
2405 | route-map rm-cust-in permit 30 | |
2406 | ! | |
2407 | route-map rm-cust-out permit 10 | |
2408 | call rm-community-filt-to-cust | |
2409 | on-match next | |
2410 | route-map rm-cust-out permit 20 | |
2411 | ! | |
2412 | ! Upstream transit ASes | |
2413 | route-map rm-upstream-out permit 10 | |
2414 | description filter customer prefixes which are marked cust-only | |
2415 | call rm-community-filt-to-upstream | |
2416 | on-match next | |
2417 | route-map rm-upstream-out permit 20 | |
2418 | description only customer routes are provided to upstreams/peers | |
2419 | match community cm-learnt-cust | |
2420 | ! | |
2421 | ! Peer ASes | |
2422 | ! outbound policy is same as for upstream | |
2423 | route-map rm-peer-out permit 10 | |
2424 | call rm-upstream-out | |
2425 | ! | |
2426 | route-map rm-peer-in permit 10 | |
2427 | set community additive 64512:3200 | |
c3c5a71f | 2428 | |
9e146a81 | 2429 | .. include:: routeserver.rst |
f3817860 QY |
2430 | |
2431 | .. include:: rpki.rst | |
c1a54c05 QY |
2432 | |
2433 | ||
4b44467c | 2434 | .. [#med-transitivity-rant] For some set of objects to have an order, there *must* be some binary ordering relation that is defined for *every* combination of those objects, and that relation *must* be transitive. I.e.:, if the relation operator is <, and if a < b and b < c then that relation must carry over and it *must* be that a < c for the objects to have an order. The ordering relation may allow for equality, i.e. a < b and b < a may both be true amd imply that a and b are equal in the order and not distinguished by it, in which case the set has a partial order. Otherwise, if there is an order, all the objects have a distinct place in the order and the set has a total order) |
c1a54c05 QY |
2435 | .. [bgp-route-osci-cond] McPherson, D. and Gill, V. and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation Condition", IETF RFC3345 |
2436 | .. [stable-flexible-ibgp] Flavel, A. and M. Roughan, "Stable and flexible iBGP", ACM SIGCOMM 2009 | |
2437 | .. [ibgp-correctness] Griffin, T. and G. Wilfong, "On the correctness of IBGP configuration", ACM SIGCOMM 2002 |