]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _bgp: |
42fc5d26 QY |
2 | |
3 | *** | |
4 | BGP | |
5 | *** | |
6 | ||
c3c5a71f QY |
7 | :abbr:`BGP` stands for a Border Gateway Protocol. The lastest BGP version is 4. |
8 | It is referred as BGP-4. BGP-4 is one of the Exterior Gateway Protocols and | |
9 | de-fact standard of Inter Domain routing protocol. BGP-4 is described in | |
07a17e6d | 10 | :rfc:`1771`. |
42fc5d26 | 11 | |
07a17e6d QY |
12 | Many extensions have been added to :rfc:`1771`. :rfc:`2858` provides |
13 | multiprotocol support to BGP-4. | |
42fc5d26 | 14 | |
0efdf0fe | 15 | .. _starting-bgp: |
42fc5d26 QY |
16 | |
17 | Starting BGP | |
18 | ============ | |
19 | ||
c1a54c05 QY |
20 | Default configuration file of *bgpd* is :file:`bgpd.conf`. *bgpd* searches the |
21 | current directory first then |INSTALL_PREFIX_ETC|/bgpd.conf. All of bgpd's | |
22 | command must be configured in :file:`bgpd.conf`. | |
42fc5d26 | 23 | |
c1a54c05 | 24 | *bgpd* specific invocation options are described below. Common options may also |
0efdf0fe | 25 | be specified (:ref:`common-invocation-options`). |
42fc5d26 | 26 | |
c1a54c05 | 27 | .. program:: bgpd |
42fc5d26 | 28 | |
c9365894 | 29 | .. option:: -p, --bgp_port <port> |
42fc5d26 | 30 | |
db759bb0 | 31 | Set the bgp protocol's port number. When port number is 0, that means do not |
32 | listen bgp port. | |
42fc5d26 | 33 | |
c9365894 | 34 | .. option:: -r, --retain |
42fc5d26 | 35 | |
c1a54c05 | 36 | When program terminates, retain BGP routes added by zebra. |
42fc5d26 | 37 | |
c9365894 | 38 | .. option:: -l, --listenon |
42fc5d26 | 39 | |
c1a54c05 QY |
40 | Specify a specific IP address for bgpd to listen on, rather than its |
41 | default of INADDR_ANY / IN6ADDR_ANY. This can be useful to constrain bgpd | |
42 | to an internal address, or to run multiple bgpd processes on one host. | |
42fc5d26 QY |
43 | |
44 | ||
0efdf0fe | 45 | .. _bgp-router: |
42fc5d26 QY |
46 | |
47 | BGP router | |
48 | ========== | |
49 | ||
c1a54c05 QY |
50 | First of all you must configure BGP router with *router bgp* command. To |
51 | configure BGP router, you need AS number. AS number is an identification of | |
52 | autonomous system. BGP protocol uses the AS number for detecting whether the | |
53 | BGP connection is internal one or external one. | |
42fc5d26 | 54 | |
c3c5a71f | 55 | .. index:: router bgp ASN |
29adcd50 | 56 | .. clicmd:: router bgp ASN |
42fc5d26 | 57 | |
c1a54c05 QY |
58 | Enable a BGP protocol process with the specified ASN. After |
59 | this statement you can input any `BGP Commands`. You can not | |
60 | create different BGP process under different ASN without | |
0efdf0fe | 61 | specifying `multiple-instance` (:ref:`multiple-instance`). |
42fc5d26 | 62 | |
c1a54c05 | 63 | .. index:: no router bgp ASN |
29adcd50 | 64 | .. clicmd:: no router bgp ASN |
42fc5d26 | 65 | |
c1a54c05 | 66 | Destroy a BGP protocol process with the specified ASN. |
42fc5d26 | 67 | |
c1a54c05 QY |
68 | .. index:: bgp router-id A.B.C.D |
69 | .. clicmd:: bgp router-id A.B.C.D | |
c3c5a71f | 70 | |
c1a54c05 QY |
71 | This command specifies the router-ID. If *bgpd* connects to *zebra* it gets |
72 | interface and address information. In that case default router ID value is | |
73 | selected as the largest IP Address of the interfaces. When `router zebra` is | |
74 | not enabled *bgpd* can't get interface information so `router-id` is set to | |
75 | 0.0.0.0. So please set router-id by hand. | |
42fc5d26 | 76 | |
0efdf0fe | 77 | .. _bgp-distance: |
42fc5d26 QY |
78 | |
79 | BGP distance | |
80 | ------------ | |
81 | ||
29adcd50 | 82 | .. index:: distance bgp (1-255) (1-255) (1-255) |
29adcd50 | 83 | .. clicmd:: distance bgp (1-255) (1-255) (1-255) |
42fc5d26 | 84 | |
c1a54c05 QY |
85 | This command change distance value of BGP. Each argument is distance value |
86 | for external routes, internal routes and local routes. | |
42fc5d26 | 87 | |
c1a54c05 QY |
88 | .. index:: distance (1-255) A.B.C.D/M |
89 | .. clicmd:: distance (1-255) A.B.C.D/M | |
c3c5a71f | 90 | |
c1a54c05 QY |
91 | .. index:: distance (1-255) A.B.C.D/M word |
92 | .. clicmd:: distance (1-255) A.B.C.D/M word | |
42fc5d26 | 93 | |
0efdf0fe | 94 | .. _bgp-decision-process: |
42fc5d26 QY |
95 | |
96 | BGP decision process | |
97 | -------------------- | |
98 | ||
dc1046f7 | 99 | The decision process FRR BGP uses to select routes is as follows: |
42fc5d26 | 100 | |
07738543 | 101 | 1. *Weight check* |
c1a54c05 | 102 | Prefer higher local weight routes to lower routes. |
42fc5d26 | 103 | |
07738543 | 104 | 2. *Local preference check* |
c1a54c05 | 105 | Prefer higher local preference routes to lower. |
42fc5d26 | 106 | |
07738543 | 107 | 3. *Local route check* |
c1a54c05 | 108 | Prefer local routes (statics, aggregates, redistributed) to received routes. |
42fc5d26 | 109 | |
07738543 | 110 | 4. *AS path length check* |
c1a54c05 | 111 | Prefer shortest hop-count AS_PATHs. |
42fc5d26 | 112 | |
07738543 | 113 | 5. *Origin check* |
c1a54c05 QY |
114 | Prefer the lowest origin type route. That is, prefer IGP origin routes to |
115 | EGP, to Incomplete routes. | |
42fc5d26 | 116 | |
07738543 | 117 | 6. *MED check* |
c1a54c05 | 118 | Where routes with a MED were received from the same AS, prefer the route |
0efdf0fe | 119 | with the lowest MED. :ref:`bgp-med`. |
42fc5d26 | 120 | |
07738543 | 121 | 7. *External check* |
c1a54c05 QY |
122 | Prefer the route received from an external, eBGP peer over routes received |
123 | from other types of peers. | |
42fc5d26 | 124 | |
07738543 | 125 | 8. *IGP cost check* |
c1a54c05 | 126 | Prefer the route with the lower IGP cost. |
42fc5d26 | 127 | |
07738543 | 128 | 9. *Multi-path check* |
c1a54c05 QY |
129 | If multi-pathing is enabled, then check whether the routes not yet |
130 | distinguished in preference may be considered equal. If | |
9e146a81 | 131 | :clicmd:`bgp bestpath as-path multipath-relax` is set, all such routes are |
c1a54c05 QY |
132 | considered equal, otherwise routes received via iBGP with identical AS_PATHs |
133 | or routes received from eBGP neighbours in the same AS are considered equal. | |
42fc5d26 | 134 | |
07738543 QY |
135 | 10. *Already-selected external check* |
136 | Where both routes were received from eBGP peers, then prefer the route | |
137 | which is already selected. Note that this check is not applied if | |
138 | :clicmd:`bgp bestpath compare-routerid` is configured. This check can | |
139 | prevent some cases of oscillation. | |
140 | ||
141 | 11. *Router-ID check* | |
142 | Prefer the route with the lowest `router-ID`. If the route has an | |
143 | `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is | |
144 | used, otherwise the `router-ID` of the peer the route was received from is | |
145 | used. | |
146 | ||
147 | 12. *Cluster-List length check* | |
148 | The route with the shortest cluster-list length is used. The cluster-list | |
149 | reflects the iBGP reflection path the route has taken. | |
150 | ||
151 | 13. *Peer address* | |
152 | Prefer the route received from the peer with the higher transport layer | |
153 | address, as a last-resort tie-breaker. | |
42fc5d26 | 154 | |
c3c5a71f | 155 | |
c1a54c05 | 156 | .. index:: bgp bestpath as-path confed |
29adcd50 | 157 | .. clicmd:: bgp bestpath as-path confed |
42fc5d26 | 158 | |
c1a54c05 QY |
159 | This command specifies that the length of confederation path sets and |
160 | sequences should should be taken into account during the BGP best path | |
161 | decision process. | |
42fc5d26 | 162 | |
c3c5a71f | 163 | .. index:: bgp bestpath as-path multipath-relax |
29adcd50 | 164 | .. clicmd:: bgp bestpath as-path multipath-relax |
42fc5d26 | 165 | |
c1a54c05 QY |
166 | This command specifies that BGP decision process should consider paths |
167 | of equal AS_PATH length candidates for multipath computation. Without | |
168 | the knob, the entire AS_PATH must match for multipath computation. | |
c3c5a71f | 169 | |
29adcd50 | 170 | .. clicmd:: bgp bestpath compare-routerid |
42fc5d26 | 171 | |
c1a54c05 QY |
172 | Ensure that when comparing routes where both are equal on most metrics, |
173 | including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken | |
174 | based on router-ID. | |
42fc5d26 | 175 | |
c1a54c05 QY |
176 | If this option is enabled, then the already-selected check, where |
177 | already selected eBGP routes are preferred, is skipped. | |
42fc5d26 | 178 | |
c1a54c05 QY |
179 | If a route has an `ORIGINATOR_ID` attribute because it has been reflected, |
180 | that `ORIGINATOR_ID` will be used. Otherwise, the router-ID of the peer the | |
181 | route was received from will be used. | |
42fc5d26 | 182 | |
c1a54c05 QY |
183 | The advantage of this is that the route-selection (at this point) will be |
184 | more deterministic. The disadvantage is that a few or even one lowest-ID | |
185 | router may attract all trafic to otherwise-equal paths because of this | |
186 | check. It may increase the possibility of MED or IGP oscillation, unless | |
187 | other measures were taken to avoid these. The exact behaviour will be | |
188 | sensitive to the iBGP and reflection topology. | |
42fc5d26 QY |
189 | |
190 | ||
0efdf0fe | 191 | .. _bgp-route-flap-dampening: |
42fc5d26 QY |
192 | |
193 | BGP route flap dampening | |
194 | ------------------------ | |
195 | ||
c1a54c05 QY |
196 | .. clicmd:: bgp dampening (1-45) (1-20000) (1-20000) (1-255) |
197 | ||
c1a54c05 | 198 | This command enables BGP route-flap dampening and specifies dampening parameters. |
42fc5d26 | 199 | |
c1a54c05 QY |
200 | half-life |
201 | Half-life time for the penalty | |
42fc5d26 | 202 | |
c1a54c05 QY |
203 | reuse-threshold |
204 | Value to start reusing a route | |
42fc5d26 | 205 | |
c1a54c05 QY |
206 | suppress-threshold |
207 | Value to start suppressing a route | |
42fc5d26 | 208 | |
c1a54c05 QY |
209 | max-suppress |
210 | Maximum duration to suppress a stable route | |
42fc5d26 | 211 | |
c1a54c05 QY |
212 | The route-flap damping algorithm is compatible with :rfc:`2439`. The use of |
213 | this command is not recommended nowadays. | |
42fc5d26 | 214 | |
c1a54c05 QY |
215 | .. seealso:: |
216 | ||
217 | `http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378 <http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378>`_ | |
42fc5d26 | 218 | |
0efdf0fe | 219 | .. _bgp-med: |
42fc5d26 QY |
220 | |
221 | BGP MED | |
222 | ======= | |
223 | ||
c1a54c05 QY |
224 | The BGP :abbr:`MED (Multi Exit Discriminator)` attribute has properties which |
225 | can cause subtle convergence problems in BGP. These properties and problems | |
226 | have proven to be hard to understand, at least historically, and may still not | |
227 | be widely understood. The following attempts to collect together and present | |
228 | what is known about MED, to help operators and FRR users in designing and | |
229 | configuring their networks. | |
42fc5d26 | 230 | |
07a17e6d QY |
231 | The BGP :abbr:`MED` attribute is intended to allow one AS to indicate its |
232 | preferences for its ingress points to another AS. The MED attribute will not be | |
233 | propagated on to another AS by the receiving AS - it is 'non-transitive' in the | |
234 | BGP sense. | |
42fc5d26 | 235 | |
c1a54c05 QY |
236 | E.g., if AS X and AS Y have 2 different BGP peering points, then AS X might set |
237 | a MED of 100 on routes advertised at one and a MED of 200 at the other. When AS | |
238 | Y selects between otherwise equal routes to or via AS X, AS Y should prefer to | |
239 | take the path via the lower MED peering of 100 with AS X. Setting the MED | |
240 | allows an AS to influence the routing taken to it within another, neighbouring | |
241 | AS. | |
42fc5d26 QY |
242 | |
243 | In this use of MED it is not really meaningful to compare the MED value on | |
c1a54c05 QY |
244 | routes where the next AS on the paths differs. E.g., if AS Y also had a route |
245 | for some destination via AS Z in addition to the routes from AS X, and AS Z had | |
246 | also set a MED, it wouldn't make sense for AS Y to compare AS Z's MED values to | |
247 | those of AS X. The MED values have been set by different administrators, with | |
248 | different frames of reference. | |
42fc5d26 QY |
249 | |
250 | The default behaviour of BGP therefore is to not compare MED values across | |
dc1046f7 | 251 | routes received from different neighbouring ASes. In FRR this is done by |
c1a54c05 QY |
252 | comparing the neighbouring, left-most AS in the received AS_PATHs of the routes |
253 | and only comparing MED if those are the same. | |
254 | ||
255 | Unfortunately, this behaviour of MED, of sometimes being compared across routes | |
256 | and sometimes not, depending on the properties of those other routes, means MED | |
257 | can cause the order of preference over all the routes to be undefined. That is, | |
258 | given routes A, B, and C, if A is preferred to B, and B is preferred to C, then | |
259 | a well-defined order should mean the preference is transitive (in the sense of | |
013f9762 | 260 | orders [#med-transitivity-rant]_) and that A would be preferred to C. |
42fc5d26 | 261 | |
c3c5a71f QY |
262 | However, when MED is involved this need not be the case. With MED it is |
263 | possible that C is actually preferred over A. So A is preferred to B, B is | |
264 | preferred to C, but C is preferred to A. This can be true even where BGP | |
c1a54c05 QY |
265 | defines a deterministic 'most preferred' route out of the full set of A,B,C. |
266 | With MED, for any given set of routes there may be a deterministically | |
267 | preferred route, but there need not be any way to arrange them into any order | |
268 | of preference. With unmodified MED, the order of preference of routes literally | |
269 | becomes undefined. | |
42fc5d26 | 270 | |
c3c5a71f | 271 | That MED can induce non-transitive preferences over routes can cause issues. |
c1a54c05 QY |
272 | Firstly, it may be perceived to cause routing table churn locally at speakers; |
273 | secondly, and more seriously, it may cause routing instability in iBGP | |
274 | topologies, where sets of speakers continually oscillate between different | |
275 | paths. | |
42fc5d26 | 276 | |
c3c5a71f | 277 | The first issue arises from how speakers often implement routing decisions. |
c1a54c05 QY |
278 | Though BGP defines a selection process that will deterministically select the |
279 | same route as best at any given speaker, even with MED, that process requires | |
280 | evaluating all routes together. For performance and ease of implementation | |
281 | reasons, many implementations evaluate route preferences in a pair-wise fashion | |
282 | instead. Given there is no well-defined order when MED is involved, the best | |
283 | route that will be chosen becomes subject to implementation details, such as | |
284 | the order the routes are stored in. That may be (locally) non-deterministic, | |
285 | e.g.: it may be the order the routes were received in. | |
42fc5d26 QY |
286 | |
287 | This indeterminism may be considered undesirable, though it need not cause | |
c1a54c05 QY |
288 | problems. It may mean additional routing churn is perceived, as sometimes more |
289 | updates may be produced than at other times in reaction to some event . | |
42fc5d26 QY |
290 | |
291 | This first issue can be fixed with a more deterministic route selection that | |
c3c5a71f | 292 | ensures routes are ordered by the neighbouring AS during selection. |
9e146a81 | 293 | :clicmd:`bgp deterministic-med`. This may reduce the number of updates as routes |
c1a54c05 QY |
294 | are received, and may in some cases reduce routing churn. Though, it could |
295 | equally deterministically produce the largest possible set of updates in | |
296 | response to the most common sequence of received updates. | |
42fc5d26 QY |
297 | |
298 | A deterministic order of evaluation tends to imply an additional overhead of | |
c3c5a71f | 299 | sorting over any set of n routes to a destination. The implementation of |
dc1046f7 | 300 | deterministic MED in FRR scales significantly worse than most sorting |
c1a54c05 QY |
301 | algorithms at present, with the number of paths to a given destination. That |
302 | number is often low enough to not cause any issues, but where there are many | |
303 | paths, the deterministic comparison may quickly become increasingly expensive | |
304 | in terms of CPU. | |
305 | ||
306 | Deterministic local evaluation can *not* fix the second, more major, issue of | |
307 | MED however. Which is that the non-transitive preference of routes MED can | |
308 | cause may lead to routing instability or oscillation across multiple speakers | |
309 | in iBGP topologies. This can occur with full-mesh iBGP, but is particularly | |
310 | problematic in non-full-mesh iBGP topologies that further reduce the routing | |
311 | information known to each speaker. This has primarily been documented with iBGP | |
312 | route-reflection topologies. However, any route-hiding technologies potentially | |
313 | could also exacerbate oscillation with MED. | |
314 | ||
315 | This second issue occurs where speakers each have only a subset of routes, and | |
316 | there are cycles in the preferences between different combinations of routes - | |
317 | as the undefined order of preference of MED allows - and the routes are | |
318 | distributed in a way that causes the BGP speakers to 'chase' those cycles. This | |
319 | can occur even if all speakers use a deterministic order of evaluation in route | |
320 | selection. | |
321 | ||
322 | E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and from | |
323 | speaker 3 in AS Y; while speaker 5 in AS A might receive that route from | |
324 | speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100 at speaker | |
325 | 3. I.e, using ASN:ID:MED to label the speakers: | |
42fc5d26 QY |
326 | |
327 | :: | |
328 | ||
c1a54c05 QY |
329 | . |
330 | /---------------\\ | |
42fc5d26 | 331 | X:2------|--A:4-------A:5--|-Y:1:200 |
c1a54c05 QY |
332 | Y:3:100--|-/ | |
333 | \\---------------/ | |
c3c5a71f | 334 | |
42fc5d26 | 335 | |
42fc5d26 | 336 | |
c1a54c05 QY |
337 | Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then based |
338 | on the RFC4271 decision process speaker 4 will choose X:2 over Y:3:100, based | |
339 | on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5. Speaker 5 will | |
340 | continue to prefer Y:1:200 based on the ID, and advertise this to speaker 4. | |
341 | Speaker 4 will now have the full set of routes, and the Y:1:200 it receives | |
342 | from 5 will beat X:2, but when speaker 4 compares Y:1:200 to Y:3:100 the MED | |
343 | check now becomes active as the ASes match, and now Y:3:100 is preferred. | |
344 | Speaker 4 therefore now advertises Y:3:100 to 5, which will also agrees that | |
345 | Y:3:100 is preferred to Y:1:200, and so withdraws the latter route from 4. | |
346 | Speaker 4 now has only X:2 and Y:3:100, and X:2 beats Y:3:100, and so speaker 4 | |
347 | implicitly updates its route to speaker 5 to X:2. Speaker 5 sees that Y:1:200 | |
348 | beats X:2 based on the ID, and advertises Y:1:200 to speaker 4, and the cycle | |
349 | continues. | |
42fc5d26 QY |
350 | |
351 | The root cause is the lack of a clear order of preference caused by how MED | |
352 | sometimes is and sometimes is not compared, leading to this cycle in the | |
353 | preferences between the routes: | |
354 | ||
355 | :: | |
356 | ||
c1a54c05 QY |
357 | . |
358 | /---> X:2 ---beats---> Y:3:100 --\\ | |
359 | | | | |
360 | | | | |
361 | \\---beats--- Y:1:200 <---beats---/ | |
c3c5a71f | 362 | |
42fc5d26 | 363 | |
42fc5d26 QY |
364 | |
365 | This particular type of oscillation in full-mesh iBGP topologies can be | |
366 | avoided by speakers preferring already selected, external routes rather than | |
c1a54c05 QY |
367 | choosing to update to new a route based on a post-MED metric (e.g. router-ID), |
368 | at the cost of a non-deterministic selection process. FRR implements this, as | |
369 | do many other implementations, so long as it is not overridden by setting | |
9e146a81 QY |
370 | :clicmd:`bgp bestpath compare-routerid`, and see also |
371 | :ref:`bgp-decision-process`. | |
42fc5d26 QY |
372 | |
373 | However, more complex and insidious cycles of oscillation are possible with | |
c3c5a71f | 374 | iBGP route-reflection, which are not so easily avoided. These have been |
c1a54c05 QY |
375 | documented in various places. See, e.g.: |
376 | ||
377 | - [bgp-route-osci-cond]_ | |
378 | - [stable-flexible-ibgp]_ | |
379 | - [ibgp-correctness]_ | |
380 | ||
381 | for concrete examples and further references. | |
382 | ||
383 | There is as of this writing *no* known way to use MED for its original purpose; | |
384 | *and* reduce routing information in iBGP topologies; *and* be sure to avoid the | |
385 | instability problems of MED due the non-transitive routing preferences it can | |
386 | induce; in general on arbitrary networks. | |
387 | ||
388 | There may be iBGP topology specific ways to reduce the instability risks, even | |
389 | while using MED, e.g.: by constraining the reflection topology and by tuning | |
013f9762 | 390 | IGP costs between route-reflector clusters, see :rfc:`3345` for details. In the |
c1a54c05 QY |
391 | near future, the Add-Path extension to BGP may also solve MED oscillation while |
392 | still allowing MED to be used as intended, by distributing "best-paths per | |
393 | neighbour AS". This would be at the cost of distributing at least as many | |
394 | routes to all speakers as a full-mesh iBGP would, if not more, while also | |
395 | imposing similar CPU overheads as the "Deterministic MED" feature at each | |
396 | Add-Path reflector. | |
42fc5d26 QY |
397 | |
398 | More generally, the instability problems that MED can introduce on more | |
399 | complex, non-full-mesh, iBGP topologies may be avoided either by: | |
400 | ||
013f9762 | 401 | - Setting :clicmd:`bgp always-compare-med`, however this allows MED to be compared |
42fc5d26 QY |
402 | across values set by different neighbour ASes, which may not produce |
403 | coherent desirable results, of itself. | |
4b44467c | 404 | - Effectively ignoring MED by setting MED to the same value (e.g.: 0) using |
013f9762 QY |
405 | :clicmd:`set metric METRIC` on all received routes, in combination with |
406 | setting :clicmd:`bgp always-compare-med` on all speakers. This is the simplest | |
42fc5d26 QY |
407 | and most performant way to avoid MED oscillation issues, where an AS is happy |
408 | not to allow neighbours to inject this problematic metric. | |
409 | ||
42fc5d26 QY |
410 | As MED is evaluated after the AS_PATH length check, another possible use for |
411 | MED is for intra-AS steering of routes with equal AS_PATH length, as an | |
c1a54c05 QY |
412 | extension of the last case above. As MED is evaluated before IGP metric, this |
413 | can allow cold-potato routing to be implemented to send traffic to preferred | |
414 | hand-offs with neighbours, rather than the closest hand-off according to the | |
415 | IGP metric. | |
416 | ||
417 | Note that even if action is taken to address the MED non-transitivity issues, | |
418 | other oscillations may still be possible. E.g., on IGP cost if iBGP and IGP | |
419 | topologies are at cross-purposes with each other - see the Flavel and Roughan | |
420 | paper above for an example. Hence the guideline that the iBGP topology should | |
421 | follow the IGP topology. | |
422 | ||
c3c5a71f | 423 | .. index:: bgp deterministic-med |
29adcd50 | 424 | .. clicmd:: bgp deterministic-med |
42fc5d26 | 425 | |
c1a54c05 QY |
426 | Carry out route-selection in way that produces deterministic answers |
427 | locally, even in the face of MED and the lack of a well-defined order of | |
428 | preference it can induce on routes. Without this option the preferred route | |
429 | with MED may be determined largely by the order that routes were received | |
430 | in. | |
42fc5d26 | 431 | |
c1a54c05 QY |
432 | Setting this option will have a performance cost that may be noticeable when |
433 | there are many routes for each destination. Currently in FRR it is | |
434 | implemented in a way that scales poorly as the number of routes per | |
435 | destination increases. | |
42fc5d26 | 436 | |
c1a54c05 | 437 | The default is that this option is not set. |
42fc5d26 QY |
438 | |
439 | Note that there are other sources of indeterminism in the route selection | |
440 | process, specifically, the preference for older and already selected routes | |
0efdf0fe | 441 | from eBGP peers, :ref:`bgp-decision-process`. |
42fc5d26 | 442 | |
c3c5a71f | 443 | .. index:: bgp always-compare-med |
29adcd50 | 444 | .. clicmd:: bgp always-compare-med |
42fc5d26 | 445 | |
c1a54c05 QY |
446 | Always compare the MED on routes, even when they were received from |
447 | different neighbouring ASes. Setting this option makes the order of | |
448 | preference of routes more defined, and should eliminate MED induced | |
449 | oscillations. | |
42fc5d26 | 450 | |
c1a54c05 | 451 | If using this option, it may also be desirable to use |
9e146a81 | 452 | :clicmd:`set metric METRIC` to set MED to 0 on routes received from external |
c1a54c05 | 453 | neighbours. |
42fc5d26 | 454 | |
9e146a81 QY |
455 | This option can be used, together with :clicmd:`set metric METRIC` to use |
456 | MED as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., | |
457 | desired exit points. | |
42fc5d26 | 458 | |
0efdf0fe | 459 | .. _bgp-network: |
42fc5d26 QY |
460 | |
461 | BGP network | |
462 | =========== | |
463 | ||
464 | ||
0efdf0fe | 465 | .. _bgp-route: |
42fc5d26 QY |
466 | |
467 | BGP route | |
468 | --------- | |
469 | ||
c1a54c05 QY |
470 | .. index:: network A.B.C.D/M |
471 | .. clicmd:: network A.B.C.D/M | |
42fc5d26 | 472 | |
c1a54c05 | 473 | This command adds the announcement network.:: |
c3c5a71f | 474 | |
c1a54c05 QY |
475 | router bgp 1 |
476 | address-family ipv4 unicast | |
477 | network 10.0.0.0/8 | |
478 | exit-address-family | |
42fc5d26 | 479 | |
c1a54c05 QY |
480 | This configuration example says that network 10.0.0.0/8 will be |
481 | announced to all neighbors. Some vendors' routers don't advertise | |
482 | routes if they aren't present in their IGP routing tables; `bgpd` | |
483 | doesn't care about IGP routes when announcing its routes. | |
c3c5a71f | 484 | |
c1a54c05 QY |
485 | .. index:: no network A.B.C.D/M |
486 | .. clicmd:: no network A.B.C.D/M | |
42fc5d26 | 487 | |
42fc5d26 | 488 | |
0efdf0fe | 489 | .. _route-aggregation: |
42fc5d26 QY |
490 | |
491 | Route Aggregation | |
492 | ----------------- | |
493 | ||
c1a54c05 QY |
494 | .. index:: aggregate-address A.B.C.D/M |
495 | .. clicmd:: aggregate-address A.B.C.D/M | |
c3c5a71f | 496 | |
c1a54c05 | 497 | This command specifies an aggregate address. |
42fc5d26 | 498 | |
c1a54c05 QY |
499 | .. index:: aggregate-address A.B.C.D/M as-set |
500 | .. clicmd:: aggregate-address A.B.C.D/M as-set | |
42fc5d26 | 501 | |
c1a54c05 QY |
502 | This command specifies an aggregate address. Resulting routes include |
503 | AS set. | |
42fc5d26 | 504 | |
c1a54c05 QY |
505 | .. index:: aggregate-address A.B.C.D/M summary-only |
506 | .. clicmd:: aggregate-address A.B.C.D/M summary-only | |
c3c5a71f | 507 | |
c1a54c05 QY |
508 | This command specifies an aggregate address. Aggreated routes will |
509 | not be announce. | |
42fc5d26 | 510 | |
c1a54c05 QY |
511 | .. index:: no aggregate-address A.B.C.D/M |
512 | .. clicmd:: no aggregate-address A.B.C.D/M | |
c3c5a71f | 513 | |
42fc5d26 | 514 | |
42fc5d26 | 515 | |
0efdf0fe | 516 | .. _redistribute-to-bgp: |
42fc5d26 QY |
517 | |
518 | Redistribute to BGP | |
519 | ------------------- | |
520 | ||
c3c5a71f | 521 | .. index:: redistribute kernel |
29adcd50 | 522 | .. clicmd:: redistribute kernel |
42fc5d26 | 523 | |
c1a54c05 | 524 | Redistribute kernel route to BGP process. |
42fc5d26 | 525 | |
c3c5a71f | 526 | .. index:: redistribute static |
29adcd50 | 527 | .. clicmd:: redistribute static |
42fc5d26 | 528 | |
c1a54c05 | 529 | Redistribute static route to BGP process. |
42fc5d26 | 530 | |
c3c5a71f | 531 | .. index:: redistribute connected |
29adcd50 | 532 | .. clicmd:: redistribute connected |
42fc5d26 | 533 | |
c1a54c05 | 534 | Redistribute connected route to BGP process. |
42fc5d26 | 535 | |
c3c5a71f | 536 | .. index:: redistribute rip |
29adcd50 | 537 | .. clicmd:: redistribute rip |
42fc5d26 | 538 | |
c1a54c05 | 539 | Redistribute RIP route to BGP process. |
42fc5d26 | 540 | |
c3c5a71f | 541 | .. index:: redistribute ospf |
29adcd50 | 542 | .. clicmd:: redistribute ospf |
42fc5d26 | 543 | |
c1a54c05 | 544 | Redistribute OSPF route to BGP process. |
42fc5d26 | 545 | |
c3c5a71f | 546 | .. index:: redistribute vpn |
29adcd50 | 547 | .. clicmd:: redistribute vpn |
42fc5d26 | 548 | |
c1a54c05 | 549 | Redistribute VNC routes to BGP process. |
42fc5d26 | 550 | |
c1a54c05 QY |
551 | .. index:: update-delay MAX-DELAY |
552 | .. clicmd:: update-delay MAX-DELAY | |
c3c5a71f | 553 | |
c1a54c05 QY |
554 | .. index:: update-delay MAX-DELAY ESTABLISH-WAIT |
555 | .. clicmd:: update-delay MAX-DELAY ESTABLISH-WAIT | |
c3c5a71f | 556 | |
c1a54c05 QY |
557 | This feature is used to enable read-only mode on BGP process restart or when |
558 | BGP process is cleared using 'clear ip bgp \*'. When applicable, read-only | |
559 | mode would begin as soon as the first peer reaches Established status and a | |
560 | timer for max-delay seconds is started. | |
42fc5d26 | 561 | |
c1a54c05 QY |
562 | During this mode BGP doesn't run any best-path or generate any updates to its |
563 | peers. This mode continues until: | |
42fc5d26 | 564 | |
c1a54c05 QY |
565 | 1. All the configured peers, except the shutdown peers, have sent explicit EOR |
566 | (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached | |
567 | Established is considered an implicit-EOR. | |
568 | If the establish-wait optional value is given, then BGP will wait for | |
569 | peers to reach established from the begining of the update-delay till the | |
570 | establish-wait period is over, i.e. the minimum set of established peers for | |
571 | which EOR is expected would be peers established during the establish-wait | |
572 | window, not necessarily all the configured neighbors. | |
573 | 2. max-delay period is over. | |
42fc5d26 | 574 | |
c1a54c05 QY |
575 | On hitting any of the above two conditions, BGP resumes the decision process |
576 | and generates updates to its peers. | |
42fc5d26 | 577 | |
c1a54c05 | 578 | Default max-delay is 0, i.e. the feature is off by default. |
c3c5a71f | 579 | |
c1a54c05 QY |
580 | .. index:: table-map ROUTE-MAP-NAME |
581 | .. clicmd:: table-map ROUTE-MAP-NAME | |
42fc5d26 | 582 | |
c1a54c05 QY |
583 | This feature is used to apply a route-map on route updates from BGP to |
584 | Zebra. All the applicable match operations are allowed, such as match on | |
585 | prefix, next-hop, communities, etc. Set operations for this attach-point are | |
586 | limited to metric and next-hop only. Any operation of this feature does not | |
587 | affect BGPs internal RIB. | |
42fc5d26 | 588 | |
c1a54c05 QY |
589 | Supported for ipv4 and ipv6 address families. It works on multi-paths as |
590 | well, however, metric setting is based on the best-path only. | |
42fc5d26 | 591 | |
0efdf0fe | 592 | .. _bgp-peer: |
42fc5d26 QY |
593 | |
594 | BGP Peer | |
595 | ======== | |
596 | ||
0efdf0fe | 597 | .. _defining-peer: |
42fc5d26 QY |
598 | |
599 | Defining Peer | |
600 | ------------- | |
601 | ||
c1a54c05 QY |
602 | .. index:: neighbor PEER remote-as ASN |
603 | .. clicmd:: neighbor PEER remote-as ASN | |
42fc5d26 | 604 | |
c1a54c05 | 605 | Creates a new neighbor whose remote-as is ASN. PEER can be an IPv4 address |
5413757f | 606 | or an IPv6 address or an interface to use for the connection.:: |
76bd1499 | 607 | |
c1a54c05 QY |
608 | router bgp 1 |
609 | neighbor 10.0.0.1 remote-as 2 | |
76bd1499 | 610 | |
c1a54c05 | 611 | In this case my router, in AS-1, is trying to peer with AS-2 at 10.0.0.1. |
76bd1499 | 612 | |
c1a54c05 QY |
613 | This command must be the first command used when configuring a neighbor. If |
614 | the remote-as is not specified, *bgpd* will complain like this::: | |
76bd1499 | 615 | |
c1a54c05 | 616 | can't find neighbor 10.0.0.1 |
c3c5a71f | 617 | |
5413757f DS |
618 | .. index:: neighbor PEER remote-as internal |
619 | .. clicmd:: neighbor PEER remote-as internal | |
620 | ||
621 | Create a peer as you would when you specify an ASN, except that if the | |
622 | peers ASN is different than mine as specified under the :clicmd:`router bgp ASN` | |
623 | command the connection will be denied. | |
624 | ||
625 | .. index:: neighbor PEER remote-as external | |
626 | .. clicmd:: neighbor PEER remote-as external | |
627 | ||
628 | Create a peer as you would when you specify an ASN, except that if the | |
629 | peers ASN is the same as mine as specified under the :clicmd:`router bgp ASN` | |
630 | command the connection will be denied. | |
42fc5d26 | 631 | |
0efdf0fe | 632 | .. _bgp-peer-commands: |
42fc5d26 QY |
633 | |
634 | BGP Peer commands | |
635 | ----------------- | |
636 | ||
637 | In a `router bgp` clause there are neighbor specific configurations | |
638 | required. | |
639 | ||
c1a54c05 QY |
640 | .. index:: neighbor PEER shutdown |
641 | .. clicmd:: neighbor PEER shutdown | |
c3c5a71f | 642 | |
c1a54c05 QY |
643 | .. index:: no neighbor PEER shutdown |
644 | .. clicmd:: no neighbor PEER shutdown | |
c3c5a71f | 645 | |
c1a54c05 QY |
646 | Shutdown the peer. We can delete the neighbor's configuration by |
647 | ``no neighbor PEER remote-as ASN`` but all configuration of the neighbor | |
648 | will be deleted. When you want to preserve the configuration, but want to | |
649 | drop the BGP peer, use this syntax. | |
c3c5a71f | 650 | |
c1a54c05 QY |
651 | .. index:: neighbor PEER ebgp-multihop |
652 | .. clicmd:: neighbor PEER ebgp-multihop | |
c3c5a71f | 653 | |
c1a54c05 QY |
654 | .. index:: no neighbor PEER ebgp-multihop |
655 | .. clicmd:: no neighbor PEER ebgp-multihop | |
c3c5a71f | 656 | |
c3c5a71f | 657 | |
c1a54c05 QY |
658 | .. index:: neighbor PEER description ... |
659 | .. clicmd:: neighbor PEER description ... | |
c3c5a71f | 660 | |
42fc5d26 | 661 | |
c1a54c05 QY |
662 | .. index:: no neighbor PEER description ... |
663 | .. clicmd:: no neighbor PEER description ... | |
42fc5d26 | 664 | |
c1a54c05 | 665 | Set description of the peer. |
42fc5d26 | 666 | |
c1a54c05 QY |
667 | .. index:: neighbor PEER version VERSION |
668 | .. clicmd:: neighbor PEER version VERSION | |
42fc5d26 | 669 | |
4da7fda3 QY |
670 | Set up the neighbor's BGP version. `version` can be `4`, `4+` or `4-`. BGP |
671 | version `4` is the default value used for BGP peering. BGP version `4+` | |
672 | means that the neighbor supports Multiprotocol Extensions for BGP-4. BGP | |
673 | version `4-` is similar but the neighbor speaks the old Internet-Draft | |
674 | revision 00's Multiprotocol Extensions for BGP-4. Some routing software is | |
675 | still using this version. | |
42fc5d26 | 676 | |
c1a54c05 QY |
677 | .. index:: neighbor PEER interface IFNAME |
678 | .. clicmd:: neighbor PEER interface IFNAME | |
42fc5d26 | 679 | |
42fc5d26 | 680 | |
c1a54c05 QY |
681 | .. index:: no neighbor PEER interface IFNAME |
682 | .. clicmd:: no neighbor PEER interface IFNAME | |
42fc5d26 | 683 | |
c1a54c05 QY |
684 | When you connect to a BGP peer over an IPv6 link-local address, you have to |
685 | specify the IFNAME of the interface used for the connection. To specify | |
686 | IPv4 session addresses, see the ``neighbor PEER update-source`` command | |
687 | below. | |
42fc5d26 | 688 | |
c1a54c05 QY |
689 | This command is deprecated and may be removed in a future release. Its use |
690 | should be avoided. | |
42fc5d26 | 691 | |
c1a54c05 QY |
692 | .. index:: neighbor PEER next-hop-self [all] |
693 | .. clicmd:: neighbor PEER next-hop-self [all] | |
42fc5d26 | 694 | |
42fc5d26 | 695 | |
c1a54c05 QY |
696 | .. index:: no neighbor PEER next-hop-self [all] |
697 | .. clicmd:: no neighbor PEER next-hop-self [all] | |
42fc5d26 | 698 | |
c1a54c05 QY |
699 | This command specifies an announced route's nexthop as being equivalent to |
700 | the address of the bgp router if it is learned via eBGP. If the optional | |
701 | keyword `all` is specified the modifiation is done also for routes learned | |
702 | via iBGP. | |
42fc5d26 | 703 | |
c1a54c05 QY |
704 | .. index:: neighbor PEER update-source <IFNAME|ADDRESS> |
705 | .. clicmd:: neighbor PEER update-source <IFNAME|ADDRESS> | |
42fc5d26 | 706 | |
42fc5d26 | 707 | |
c1a54c05 QY |
708 | .. index:: no neighbor PEER update-source |
709 | .. clicmd:: no neighbor PEER update-source | |
42fc5d26 | 710 | |
c1a54c05 QY |
711 | Specify the IPv4 source address to use for the :abbr:`BGP` session to this |
712 | neighbour, may be specified as either an IPv4 address directly or as an | |
713 | interface name (in which case the *zebra* daemon MUST be running in order | |
714 | for *bgpd* to be able to retrieve interface state).:: | |
42fc5d26 | 715 | |
c1a54c05 QY |
716 | router bgp 64555 |
717 | neighbor foo update-source 192.168.0.1 | |
718 | neighbor bar update-source lo0 | |
42fc5d26 | 719 | |
42fc5d26 | 720 | |
c1a54c05 QY |
721 | .. index:: neighbor PEER default-originate |
722 | .. clicmd:: neighbor PEER default-originate | |
42fc5d26 | 723 | |
c1a54c05 QY |
724 | .. index:: no neighbor PEER default-originate |
725 | .. clicmd:: no neighbor PEER default-originate | |
42fc5d26 | 726 | |
4da7fda3 QY |
727 | *bgpd*'s default is to not announce the default route (0.0.0.0/0) even if it |
728 | is in routing table. When you want to announce default routes to the peer, | |
729 | use this command. | |
42fc5d26 | 730 | |
c1a54c05 QY |
731 | .. index:: neighbor PEER port PORT |
732 | .. clicmd:: neighbor PEER port PORT | |
42fc5d26 | 733 | |
c1a54c05 QY |
734 | .. index:: neighbor PEER send-community |
735 | .. clicmd:: neighbor PEER send-community | |
42fc5d26 | 736 | |
c1a54c05 QY |
737 | .. index:: neighbor PEER weight WEIGHT |
738 | .. clicmd:: neighbor PEER weight WEIGHT | |
42fc5d26 | 739 | |
42fc5d26 | 740 | |
c1a54c05 QY |
741 | .. index:: no neighbor PEER weight WEIGHT |
742 | .. clicmd:: no neighbor PEER weight WEIGHT | |
42fc5d26 | 743 | |
c1a54c05 | 744 | This command specifies a default `weight` value for the neighbor's routes. |
42fc5d26 | 745 | |
c1a54c05 QY |
746 | .. index:: neighbor PEER maximum-prefix NUMBER |
747 | .. clicmd:: neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 748 | |
42fc5d26 | 749 | |
c1a54c05 QY |
750 | .. index:: no neighbor PEER maximum-prefix NUMBER |
751 | .. clicmd:: no neighbor PEER maximum-prefix NUMBER | |
42fc5d26 | 752 | |
42fc5d26 | 753 | |
c1a54c05 QY |
754 | .. index:: neighbor PEER local-as AS-NUMBER |
755 | .. clicmd:: neighbor PEER local-as AS-NUMBER | |
42fc5d26 | 756 | |
42fc5d26 | 757 | |
c1a54c05 QY |
758 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend |
759 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend | |
42fc5d26 | 760 | |
42fc5d26 | 761 | |
c1a54c05 QY |
762 | .. index:: neighbor PEER local-as AS-NUMBER no-prepend replace-as |
763 | .. clicmd:: neighbor PEER local-as AS-NUMBER no-prepend replace-as | |
42fc5d26 | 764 | |
42fc5d26 | 765 | |
c1a54c05 QY |
766 | .. index:: no neighbor PEER local-as |
767 | .. clicmd:: no neighbor PEER local-as | |
42fc5d26 | 768 | |
c1a54c05 QY |
769 | Specify an alternate AS for this BGP process when interacting with the |
770 | specified peer. With no modifiers, the specified local-as is prepended to | |
771 | the received AS_PATH when receiving routing updates from the peer, and | |
772 | prepended to the outgoing AS_PATH (after the process local AS) when | |
773 | transmitting local routes to the peer. | |
42fc5d26 | 774 | |
c1a54c05 QY |
775 | If the no-prepend attribute is specified, then the supplied local-as is not |
776 | prepended to the received AS_PATH. | |
c3c5a71f | 777 | |
c1a54c05 QY |
778 | If the replace-as attribute is specified, then only the supplied local-as is |
779 | prepended to the AS_PATH when transmitting local-route updates to this peer. | |
c3c5a71f | 780 | |
c1a54c05 | 781 | Note that replace-as can only be specified if no-prepend is. |
c3c5a71f | 782 | |
c1a54c05 | 783 | This command is only allowed for eBGP peers. |
c3c5a71f | 784 | |
c1a54c05 QY |
785 | .. index:: neighbor PEER ttl-security hops NUMBER |
786 | .. clicmd:: neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 787 | |
c3c5a71f | 788 | |
c1a54c05 QY |
789 | .. index:: no neighbor PEER ttl-security hops NUMBER |
790 | .. clicmd:: no neighbor PEER ttl-security hops NUMBER | |
c3c5a71f | 791 | |
c1a54c05 QY |
792 | This command enforces Generalized TTL Security Mechanism (GTSM), as |
793 | specified in RFC 5082. With this command, only neighbors that are the | |
794 | specified number of hops away will be allowed to become neighbors. This | |
795 | command is mututally exclusive with *ebgp-multihop*. | |
42fc5d26 | 796 | |
0efdf0fe | 797 | .. _peer-filtering: |
42fc5d26 QY |
798 | |
799 | Peer filtering | |
800 | -------------- | |
801 | ||
c1a54c05 QY |
802 | .. index:: neighbor PEER distribute-list NAME [in|out] |
803 | .. clicmd:: neighbor PEER distribute-list NAME [in|out] | |
42fc5d26 | 804 | |
c1a54c05 QY |
805 | This command specifies a distribute-list for the peer. `direct` is |
806 | ``in`` or ``out``. | |
42fc5d26 | 807 | |
c3c5a71f | 808 | .. index:: neighbor PEER prefix-list NAME [in|out] |
29adcd50 | 809 | .. clicmd:: neighbor PEER prefix-list NAME [in|out] |
42fc5d26 | 810 | |
c1a54c05 | 811 | .. index:: neighbor PEER filter-list NAME [in|out] |
29adcd50 | 812 | .. clicmd:: neighbor PEER filter-list NAME [in|out] |
42fc5d26 | 813 | |
c1a54c05 QY |
814 | .. index:: neighbor PEER route-map NAME [in|out] |
815 | .. clicmd:: neighbor PEER route-map NAME [in|out] | |
42fc5d26 | 816 | |
c1a54c05 | 817 | Apply a route-map on the neighbor. `direct` must be `in` or `out`. |
42fc5d26 | 818 | |
c3c5a71f | 819 | .. index:: bgp route-reflector allow-outbound-policy |
29adcd50 | 820 | .. clicmd:: bgp route-reflector allow-outbound-policy |
42fc5d26 | 821 | |
c1a54c05 QY |
822 | By default, attribute modification via route-map policy out is not reflected |
823 | on reflected routes. This option allows the modifications to be reflected as | |
824 | well. Once enabled, it affects all reflected routes. | |
42fc5d26 | 825 | |
0efdf0fe | 826 | .. _bgp-peer-group: |
42fc5d26 QY |
827 | |
828 | BGP Peer Group | |
829 | ============== | |
830 | ||
c1a54c05 QY |
831 | .. index:: neighbor WORD peer-group |
832 | .. clicmd:: neighbor WORD peer-group | |
42fc5d26 | 833 | |
c1a54c05 | 834 | This command defines a new peer group. |
42fc5d26 | 835 | |
c1a54c05 QY |
836 | .. index:: neighbor PEER peer-group WORD |
837 | .. clicmd:: neighbor PEER peer-group WORD | |
c3c5a71f | 838 | |
c1a54c05 | 839 | This command bind specific peer to peer group WORD. |
42fc5d26 | 840 | |
0efdf0fe | 841 | .. _bgp-address-family: |
42fc5d26 QY |
842 | |
843 | BGP Address Family | |
844 | ================== | |
845 | ||
c1a54c05 QY |
846 | Multiprotocol BGP enables BGP to carry routing information for multiple Network |
847 | Layer protocols. BGP supports multiple Address Family Identifier (AFI), namely | |
848 | IPv4 and IPv6. Support is also provided for multiple sets of per-AFI | |
849 | information via Subsequent Address Family Identifiers (SAFI). In addition to | |
850 | unicast information, VPN information :rfc:`4364` and :rfc:`4659`, and | |
d38549c9 | 851 | Encapsulation attribute :rfc:`5512` is supported. |
42fc5d26 | 852 | |
d38549c9 QY |
853 | .. index:: show ip bgp ipv4 vpn |
854 | .. clicmd:: show ip bgp ipv4 vpn | |
42fc5d26 | 855 | |
d38549c9 QY |
856 | .. index:: show ipv6 bgp ipv6 vpn |
857 | .. clicmd:: show ipv6 bgp ipv6 vpn | |
42fc5d26 | 858 | |
c1a54c05 | 859 | Print active IPV4 or IPV6 routes advertised via the VPN SAFI. |
42fc5d26 | 860 | |
c1a54c05 | 861 | .. index:: show bgp ipv4 vpn summary |
29adcd50 | 862 | .. clicmd:: show bgp ipv4 vpn summary |
42fc5d26 | 863 | |
c1a54c05 | 864 | .. index:: show bgp ipv6 vpn summary |
29adcd50 | 865 | .. clicmd:: show bgp ipv6 vpn summary |
c1a54c05 QY |
866 | |
867 | Print a summary of neighbor connections for the specified AFI/SAFI combination. | |
42fc5d26 | 868 | |
0efdf0fe | 869 | .. _autonomous-system: |
42fc5d26 QY |
870 | |
871 | Autonomous System | |
872 | ================= | |
873 | ||
c1a54c05 QY |
874 | The :abbr:`AS (Autonomous System)` number is one of the essential element of |
875 | BGP. BGP is a distance vector routing protocol, and the AS-Path framework | |
876 | provides distance vector metric and loop detection to BGP. :rfc:`1930` provides | |
877 | some background on the concepts of an AS. | |
42fc5d26 | 878 | |
c1a54c05 QY |
879 | The AS number is a two octet value, ranging in value from 1 to 65535. The AS |
880 | numbers 64512 through 65535 are defined as private AS numbers. Private AS | |
881 | numbers must not to be advertised in the global Internet. | |
42fc5d26 | 882 | |
0efdf0fe | 883 | .. _display-bgp-routes-by-as-path: |
42fc5d26 QY |
884 | |
885 | Display BGP Routes by AS Path | |
886 | ----------------------------- | |
887 | ||
c1a54c05 QY |
888 | To show BGP routes which has specific AS path information `show ip bgp` command |
889 | can be used. | |
42fc5d26 | 890 | |
c3c5a71f | 891 | .. index:: show bgp ipv4|ipv6 regexp LINE |
29adcd50 | 892 | .. clicmd:: show bgp ipv4|ipv6 regexp LINE |
c1a54c05 QY |
893 | |
894 | This commands displays BGP routes that matches a regular | |
0efdf0fe | 895 | expression `line` (:ref:`bgp-regular-expressions`). |
42fc5d26 | 896 | |
0efdf0fe | 897 | .. _as-path-access-list: |
42fc5d26 QY |
898 | |
899 | AS Path Access List | |
900 | ------------------- | |
901 | ||
902 | AS path access list is user defined AS path. | |
903 | ||
c3c5a71f | 904 | .. index:: ip as-path access-list WORD permit|deny LINE |
29adcd50 | 905 | .. clicmd:: ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 906 | |
c1a54c05 | 907 | This command defines a new AS path access list. |
42fc5d26 | 908 | |
c1a54c05 | 909 | .. index:: no ip as-path access-list WORD |
29adcd50 | 910 | .. clicmd:: no ip as-path access-list WORD |
42fc5d26 | 911 | |
c1a54c05 | 912 | .. index:: no ip as-path access-list WORD permit|deny LINE |
29adcd50 | 913 | .. clicmd:: no ip as-path access-list WORD permit|deny LINE |
42fc5d26 | 914 | |
0efdf0fe | 915 | .. _using-as-path-in-route-map: |
42fc5d26 QY |
916 | |
917 | Using AS Path in Route Map | |
918 | -------------------------- | |
919 | ||
c3c5a71f | 920 | .. index:: match as-path WORD |
29adcd50 | 921 | .. clicmd:: match as-path WORD |
42fc5d26 | 922 | |
42fc5d26 | 923 | |
c1a54c05 | 924 | .. index:: set as-path prepend AS-PATH |
29adcd50 | 925 | .. clicmd:: set as-path prepend AS-PATH |
42fc5d26 | 926 | |
c1a54c05 | 927 | Prepend the given string of AS numbers to the AS_PATH. |
42fc5d26 | 928 | |
c1a54c05 | 929 | .. index:: set as-path prepend last-as NUM |
29adcd50 | 930 | .. clicmd:: set as-path prepend last-as NUM |
c1a54c05 QY |
931 | |
932 | Prepend the existing last AS number (the leftmost ASN) to the AS_PATH. | |
42fc5d26 | 933 | |
0efdf0fe | 934 | .. _private-as-numbers: |
42fc5d26 QY |
935 | |
936 | Private AS Numbers | |
937 | ------------------ | |
938 | ||
0efdf0fe | 939 | .. _bgp-communities-attribute: |
42fc5d26 QY |
940 | |
941 | BGP Communities Attribute | |
942 | ========================= | |
943 | ||
c1a54c05 QY |
944 | BGP communities attribute is widely used for implementing policy routing. |
945 | Network operators can manipulate BGP communities attribute based on their | |
946 | network policy. BGP communities attribute is defined in :rfc:`1997` and | |
947 | :rfc:`1998`. It is an optional transitive attribute, therefore local policy can | |
948 | travel through different autonomous system. | |
949 | ||
950 | Communities attribute is a set of communities values. Each communities value is | |
951 | 4 octet long. The following format is used to define communities value. | |
952 | ||
953 | ||
954 | AS:VAL | |
955 | This format represents 4 octet communities value. ``AS`` is high order 2 | |
956 | octet in digit format. ``VAL`` is low order 2 octet in digit format. This | |
957 | format is useful to define AS oriented policy value. For example, | |
958 | ``7675:80`` can be used when AS 7675 wants to pass local policy value 80 to | |
959 | neighboring peer. | |
960 | ||
961 | internet | |
962 | `internet` represents well-known communities value 0. | |
963 | ||
964 | no-export | |
965 | ``no-export`` represents well-known communities value ``NO_EXPORT`` | |
966 | ``0xFFFFFF01``. All routes carry this value must not be advertised to | |
967 | outside a BGP confederation boundary. If neighboring BGP peer is part of BGP | |
968 | confederation, the peer is considered as inside a BGP confederation | |
969 | boundary, so the route will be announced to the peer. | |
970 | ||
971 | no-advertise | |
972 | ``no-advertise`` represents well-known communities value ``NO_ADVERTISE`` | |
973 | ``0xFFFFFF02``. All routes carry this value must not be advertise to other | |
974 | BGP peers. | |
975 | ||
976 | local-AS | |
977 | ``local-AS`` represents well-known communities value ``NO_EXPORT_SUBCONFED`` | |
978 | ``0xFFFFFF03``. All routes carry this value must not be advertised to | |
979 | external BGP peers. Even if the neighboring router is part of confederation, | |
980 | it is considered as external BGP peer, so the route will not be announced to | |
981 | the peer. | |
982 | ||
983 | When BGP communities attribute is received, duplicated communities value in the | |
984 | communities attribute is ignored and each communities values are sorted in | |
985 | numerical order. | |
42fc5d26 | 986 | |
0efdf0fe | 987 | .. _bgp-community-lists: |
42fc5d26 QY |
988 | |
989 | BGP Community Lists | |
990 | ------------------- | |
991 | ||
c1a54c05 QY |
992 | BGP community list is a user defined BGP communites attribute list. BGP |
993 | community list can be used for matching or manipulating BGP communities | |
994 | attribute in updates. | |
995 | ||
996 | There are two types of community list. One is standard community list and | |
997 | another is expanded community list. Standard community list defines communities | |
998 | attribute. Expanded community list defines communities attribute string with | |
999 | regular expression. Standard community list is compiled into binary format when | |
1000 | user define it. Standard community list will be directly compared to BGP | |
1001 | communities attribute in BGP updates. Therefore the comparison is faster than | |
42fc5d26 QY |
1002 | expanded community list. |
1003 | ||
c3c5a71f | 1004 | .. index:: ip community-list standard NAME permit|deny COMMUNITY |
29adcd50 | 1005 | .. clicmd:: ip community-list standard NAME permit|deny COMMUNITY |
42fc5d26 | 1006 | |
c1a54c05 QY |
1007 | This command defines a new standard community list. COMUNITY is |
1008 | communities value. The COMUNITY is compiled into community structure. We | |
1009 | can define multiple community list under same name. In that case match will | |
1010 | happen user defined order. Once the community list matches to communities | |
1011 | attribute in BGP updates it return permit or deny by the community list | |
1012 | definition. When there is no matched entry, deny will be returned. When | |
1013 | COMUNITY is empty it matches to any routes. | |
42fc5d26 | 1014 | |
c1a54c05 | 1015 | .. index:: ip community-list expanded NAME permit|deny LINE |
29adcd50 | 1016 | .. clicmd:: ip community-list expanded NAME permit|deny LINE |
42fc5d26 | 1017 | |
c1a54c05 QY |
1018 | This command defines a new expanded community list. COMUNITY is a |
1019 | string expression of communities attribute. COMUNITY can be a | |
0efdf0fe | 1020 | regular expression (:ref:`bgp-regular-expressions`) to match |
c1a54c05 | 1021 | the communities attribute in BGP updates. |
42fc5d26 | 1022 | |
c1a54c05 | 1023 | .. index:: no ip community-list NAME |
29adcd50 | 1024 | .. clicmd:: no ip community-list NAME |
42fc5d26 | 1025 | |
c1a54c05 | 1026 | .. index:: no ip community-list standard NAME |
29adcd50 | 1027 | .. clicmd:: no ip community-list standard NAME |
42fc5d26 | 1028 | |
c1a54c05 | 1029 | .. index:: no ip community-list expanded NAME |
29adcd50 | 1030 | .. clicmd:: no ip community-list expanded NAME |
42fc5d26 | 1031 | |
c1a54c05 QY |
1032 | These commands delete community lists specified by NAME. All of |
1033 | community lists shares a single name space. So community lists can be | |
1034 | removed simpley specifying community lists name. | |
42fc5d26 | 1035 | |
c1a54c05 | 1036 | .. index:: show ip community-list |
29adcd50 | 1037 | .. clicmd:: show ip community-list |
42fc5d26 | 1038 | |
c1a54c05 | 1039 | .. index:: show ip community-list NAME |
29adcd50 | 1040 | .. clicmd:: show ip community-list NAME |
42fc5d26 | 1041 | |
c1a54c05 QY |
1042 | This command displays current community list information. When NAME is |
1043 | specified the specified community list's information is shown. | |
c3c5a71f | 1044 | |
c1a54c05 | 1045 | :: |
76bd1499 | 1046 | |
c1a54c05 QY |
1047 | # show ip community-list |
1048 | Named Community standard list CLIST | |
1049 | permit 7675:80 7675:100 no-export | |
1050 | deny internet | |
1051 | Named Community expanded list EXPAND | |
1052 | permit : | |
76bd1499 | 1053 | |
c1a54c05 QY |
1054 | # show ip community-list CLIST |
1055 | Named Community standard list CLIST | |
1056 | permit 7675:80 7675:100 no-export | |
1057 | deny internet | |
42fc5d26 | 1058 | |
42fc5d26 | 1059 | |
0efdf0fe | 1060 | .. _numbered-bgp-community-lists: |
42fc5d26 QY |
1061 | |
1062 | Numbered BGP Community Lists | |
1063 | ---------------------------- | |
1064 | ||
1065 | When number is used for BGP community list name, the number has | |
c3c5a71f QY |
1066 | special meanings. Community list number in the range from 1 and 99 is |
1067 | standard community list. Community list number in the range from 100 | |
1068 | to 199 is expanded community list. These community lists are called | |
1069 | as numbered community lists. On the other hand normal community lists | |
42fc5d26 QY |
1070 | is called as named community lists. |
1071 | ||
29adcd50 | 1072 | .. index:: ip community-list (1-99) permit|deny COMMUNITY |
29adcd50 | 1073 | .. clicmd:: ip community-list (1-99) permit|deny COMMUNITY |
42fc5d26 | 1074 | |
c1a54c05 QY |
1075 | This command defines a new community list. (1-99) is standard |
1076 | community list number. Community list name within this range defines | |
1077 | standard community list. When `community` is empty it matches to | |
1078 | any routes. | |
42fc5d26 | 1079 | |
c1a54c05 | 1080 | .. index:: ip community-list (100-199) permit|deny COMMUNITY |
29adcd50 | 1081 | .. clicmd:: ip community-list (100-199) permit|deny COMMUNITY |
42fc5d26 | 1082 | |
c1a54c05 QY |
1083 | This command defines a new community list. (100-199) is expanded |
1084 | community list number. Community list name within this range defines | |
1085 | expanded community list. | |
42fc5d26 | 1086 | |
c1a54c05 | 1087 | .. index:: ip community-list NAME permit|deny COMMUNITY |
29adcd50 | 1088 | .. clicmd:: ip community-list NAME permit|deny COMMUNITY |
c1a54c05 QY |
1089 | |
1090 | When community list type is not specifed, the community list type is | |
1091 | automatically detected. If COMMUNITY can be compiled into communities | |
1092 | attribute, the community list is defined as a standard community list. | |
1093 | Otherwise it is defined as an expanded community list. This feature is left | |
1094 | for backward compability. Use of this feature is not recommended. | |
42fc5d26 | 1095 | |
0efdf0fe | 1096 | .. _bgp-community-in-route-map: |
42fc5d26 QY |
1097 | |
1098 | BGP Community in Route Map | |
1099 | -------------------------- | |
1100 | ||
0efdf0fe | 1101 | In Route Map (:ref:`route-map`), we can match or set BGP |
c3c5a71f | 1102 | communities attribute. Using this feature network operator can |
42fc5d26 QY |
1103 | implement their network policy based on BGP communities attribute. |
1104 | ||
1105 | Following commands can be used in Route Map. | |
1106 | ||
c3c5a71f | 1107 | .. index:: match community WORD |
29adcd50 | 1108 | .. clicmd:: match community WORD |
42fc5d26 | 1109 | |
c1a54c05 | 1110 | .. index:: match community WORD exact-match |
29adcd50 | 1111 | .. clicmd:: match community WORD exact-match |
42fc5d26 | 1112 | |
c1a54c05 QY |
1113 | This command perform match to BGP updates using community list WORD. When |
1114 | the one of BGP communities value match to the one of communities value in | |
1115 | community list, it is match. When `exact-match` keyword is spcified, match | |
1116 | happen only when BGP updates have completely same communities value | |
1117 | specified in the community list. | |
42fc5d26 | 1118 | |
c1a54c05 | 1119 | .. index:: set community none |
29adcd50 | 1120 | .. clicmd:: set community none |
42fc5d26 | 1121 | |
c1a54c05 | 1122 | .. index:: set community COMMUNITY |
29adcd50 | 1123 | .. clicmd:: set community COMMUNITY |
42fc5d26 | 1124 | |
c1a54c05 | 1125 | .. index:: set community COMMUNITY additive |
29adcd50 | 1126 | .. clicmd:: set community COMMUNITY additive |
42fc5d26 | 1127 | |
c1a54c05 QY |
1128 | This command manipulate communities value in BGP updates. When |
1129 | `none` is specified as communities value, it removes entire | |
1130 | communities attribute from BGP updates. When `community` is not | |
1131 | `none`, specified communities value is set to BGP updates. If | |
1132 | BGP updates already has BGP communities value, the existing BGP | |
1133 | communities value is replaced with specified `community` value. | |
1134 | When `additive` keyword is specified, `community` is appended | |
1135 | to the existing communities value. | |
42fc5d26 | 1136 | |
c1a54c05 | 1137 | .. index:: set comm-list WORD delete |
29adcd50 | 1138 | .. clicmd:: set comm-list WORD delete |
c1a54c05 QY |
1139 | |
1140 | This command remove communities value from BGP communities attribute. | |
1141 | The `word` is community list name. When BGP route's communities | |
1142 | value matches to the community list `word`, the communities value | |
1143 | is removed. When all of communities value is removed eventually, the | |
1144 | BGP update's communities attribute is completely removed. | |
42fc5d26 | 1145 | |
0efdf0fe | 1146 | .. _display-bgp-routes-by-community: |
42fc5d26 QY |
1147 | |
1148 | Display BGP Routes by Community | |
1149 | ------------------------------- | |
1150 | ||
1151 | To show BGP routes which has specific BGP communities attribute, | |
1152 | `show bgp {ipv4|ipv6}` command can be used. The | |
1153 | `community` and `community-list` subcommand can be used. | |
1154 | ||
c3c5a71f | 1155 | .. index:: show bgp ipv4|ipv6 community |
29adcd50 | 1156 | .. clicmd:: show bgp ipv4|ipv6 community |
42fc5d26 | 1157 | |
c1a54c05 | 1158 | .. index:: show bgp ipv4|ipv6 community COMMUNITY |
29adcd50 | 1159 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY |
42fc5d26 | 1160 | |
c1a54c05 | 1161 | .. index:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
29adcd50 | 1162 | .. clicmd:: show bgp ipv4|ipv6 community COMMUNITY exact-match |
42fc5d26 | 1163 | |
c1a54c05 QY |
1164 | `show bgp {ipv4|ipv6} community` displays BGP routes which has communities |
1165 | attribute. Where the address family can be IPv4 or IPv6 among others. When | |
1166 | `community` is specified, BGP routes that matches `community` value is | |
1167 | displayed. For this command, `internet` keyword can't be used for | |
1168 | `community` value. When `exact-match` is specified, it display only | |
1169 | routes that have an exact match. | |
42fc5d26 | 1170 | |
c1a54c05 | 1171 | .. index:: show bgp ipv4|ipv6 community-list WORD |
29adcd50 | 1172 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD |
42fc5d26 | 1173 | |
c1a54c05 | 1174 | .. index:: show bgp ipv4|ipv6 community-list WORD exact-match |
29adcd50 | 1175 | .. clicmd:: show bgp ipv4|ipv6 community-list WORD exact-match |
c1a54c05 QY |
1176 | |
1177 | This commands display BGP routes for the address family specified that matches | |
1178 | community list `word`. When `exact-match` is specified, display only | |
1179 | routes that have an exact match. | |
42fc5d26 | 1180 | |
0efdf0fe | 1181 | .. _using-bgp-communities-attribute: |
42fc5d26 QY |
1182 | |
1183 | Using BGP Communities Attribute | |
1184 | ------------------------------- | |
1185 | ||
1186 | Following configuration is the most typical usage of BGP communities | |
c3c5a71f | 1187 | attribute. AS 7675 provides upstream Internet connection to AS 100. |
42fc5d26 QY |
1188 | When following configuration exists in AS 7675, AS 100 networks |
1189 | operator can set local preference in AS 7675 network by setting BGP | |
c1a54c05 QY |
1190 | communities attribute to the updates.:: |
1191 | ||
1192 | router bgp 7675 | |
1193 | neighbor 192.168.0.1 remote-as 100 | |
1194 | address-family ipv4 unicast | |
1195 | neighbor 192.168.0.1 route-map RMAP in | |
1196 | exit-address-family | |
1197 | ! | |
1198 | ip community-list 70 permit 7675:70 | |
1199 | ip community-list 70 deny | |
1200 | ip community-list 80 permit 7675:80 | |
1201 | ip community-list 80 deny | |
1202 | ip community-list 90 permit 7675:90 | |
1203 | ip community-list 90 deny | |
1204 | ! | |
1205 | route-map RMAP permit 10 | |
1206 | match community 70 | |
1207 | set local-preference 70 | |
1208 | ! | |
1209 | route-map RMAP permit 20 | |
1210 | match community 80 | |
1211 | set local-preference 80 | |
1212 | ! | |
1213 | route-map RMAP permit 30 | |
1214 | match community 90 | |
1215 | set local-preference 90 | |
c3c5a71f | 1216 | |
42fc5d26 QY |
1217 | |
1218 | Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675. | |
1219 | The route has communities value 7675:80 so when above configuration | |
1220 | exists in AS 7675, announced route's local preference will be set to | |
c1a54c05 QY |
1221 | value 80.:: |
1222 | ||
1223 | router bgp 100 | |
1224 | network 10.0.0.0/8 | |
1225 | neighbor 192.168.0.2 remote-as 7675 | |
1226 | address-family ipv4 unicast | |
1227 | neighbor 192.168.0.2 route-map RMAP out | |
1228 | exit-address-family | |
1229 | ! | |
1230 | ip prefix-list PLIST permit 10.0.0.0/8 | |
1231 | ! | |
1232 | route-map RMAP permit 10 | |
1233 | match ip address prefix-list PLIST | |
1234 | set community 7675:80 | |
c3c5a71f | 1235 | |
42fc5d26 QY |
1236 | |
1237 | Following configuration is an example of BGP route filtering using | |
c3c5a71f QY |
1238 | communities attribute. This configuration only permit BGP routes |
1239 | which has BGP communities value 0:80 or 0:90. Network operator can | |
42fc5d26 | 1240 | put special internal communities value at BGP border router, then |
c1a54c05 | 1241 | limit the BGP routes announcement into the internal network.:: |
42fc5d26 | 1242 | |
c1a54c05 QY |
1243 | router bgp 7675 |
1244 | neighbor 192.168.0.1 remote-as 100 | |
1245 | address-family ipv4 unicast | |
1246 | neighbor 192.168.0.1 route-map RMAP in | |
1247 | exit-address-family | |
1248 | ! | |
1249 | ip community-list 1 permit 0:80 0:90 | |
1250 | ! | |
1251 | route-map RMAP permit in | |
1252 | match community 1 | |
c3c5a71f | 1253 | |
42fc5d26 QY |
1254 | |
1255 | Following exmaple filter BGP routes which has communities value 1:1. | |
c3c5a71f | 1256 | When there is no match community-list returns deny. To avoid |
c1a54c05 | 1257 | filtering all of routes, we need to define permit any at last.:: |
42fc5d26 | 1258 | |
c1a54c05 QY |
1259 | router bgp 7675 |
1260 | neighbor 192.168.0.1 remote-as 100 | |
1261 | address-family ipv4 unicast | |
1262 | neighbor 192.168.0.1 route-map RMAP in | |
1263 | exit-address-family | |
1264 | ! | |
1265 | ip community-list standard FILTER deny 1:1 | |
1266 | ip community-list standard FILTER permit | |
1267 | ! | |
1268 | route-map RMAP permit 10 | |
1269 | match community FILTER | |
c3c5a71f | 1270 | |
42fc5d26 QY |
1271 | |
1272 | Communities value keyword `internet` has special meanings in | |
c3c5a71f QY |
1273 | standard community lists. In below example `internet` act as |
1274 | match any. It matches all of BGP routes even if the route does not | |
c1a54c05 QY |
1275 | have communities attribute at all. So community list ``INTERNET`` |
1276 | is same as above example's ``FILTER``.:: | |
42fc5d26 | 1277 | |
c1a54c05 QY |
1278 | ip community-list standard INTERNET deny 1:1 |
1279 | ip community-list standard INTERNET permit internet | |
c3c5a71f | 1280 | |
42fc5d26 QY |
1281 | |
1282 | Following configuration is an example of communities value deletion. | |
1283 | With this configuration communities value 100:1 and 100:2 is removed | |
c3c5a71f | 1284 | from BGP updates. For communities value deletion, only `permit` |
c1a54c05 | 1285 | community-list is used. `deny` community-list is ignored.:: |
42fc5d26 | 1286 | |
c1a54c05 QY |
1287 | router bgp 7675 |
1288 | neighbor 192.168.0.1 remote-as 100 | |
1289 | address-family ipv4 unicast | |
1290 | neighbor 192.168.0.1 route-map RMAP in | |
1291 | exit-address-family | |
1292 | ! | |
1293 | ip community-list standard DEL permit 100:1 100:2 | |
1294 | ! | |
1295 | route-map RMAP permit 10 | |
1296 | set comm-list DEL delete | |
c3c5a71f | 1297 | |
42fc5d26 | 1298 | |
0efdf0fe | 1299 | .. _bgp-extended-communities-attribute: |
42fc5d26 QY |
1300 | |
1301 | BGP Extended Communities Attribute | |
1302 | ================================== | |
1303 | ||
c1a54c05 QY |
1304 | BGP extended communities attribute is introduced with MPLS VPN/BGP technology. |
1305 | MPLS VPN/BGP expands capability of network infrastructure to provide VPN | |
1306 | functionality. At the same time it requires a new framework for policy routing. | |
1307 | With BGP Extended Communities Attribute we can use Route Target or Site of | |
1308 | Origin for implementing network policy for MPLS VPN/BGP. | |
42fc5d26 | 1309 | |
c1a54c05 QY |
1310 | BGP Extended Communities Attribute is similar to BGP Communities Attribute. It |
1311 | is an optional transitive attribute. BGP Extended Communities Attribute can | |
1312 | carry multiple Extended Community value. Each Extended Community value is | |
1313 | eight octet length. | |
42fc5d26 | 1314 | |
c1a54c05 QY |
1315 | BGP Extended Communities Attribute provides an extended range compared with BGP |
1316 | Communities Attribute. Adding to that there is a type field in each value to | |
1317 | provides community space structure. | |
42fc5d26 | 1318 | |
c1a54c05 QY |
1319 | There are two format to define Extended Community value. One is AS based format |
1320 | the other is IP address based format. | |
42fc5d26 QY |
1321 | |
1322 | *AS:VAL* | |
c1a54c05 QY |
1323 | This is a format to define AS based Extended Community value. |
1324 | `AS` part is 2 octets Global Administrator subfield in Extended | |
1325 | Community value. `VAL` part is 4 octets Local Administrator | |
1326 | subfield. `7675:100` represents AS 7675 policy value 100. | |
42fc5d26 QY |
1327 | |
1328 | *IP-Address:VAL* | |
c1a54c05 QY |
1329 | This is a format to define IP address based Extended Community value. |
1330 | `IP-Address` part is 4 octets Global Administrator subfield. | |
1331 | `VAL` part is 2 octets Local Administrator subfield. | |
1332 | `10.0.0.1:100` represents | |
42fc5d26 | 1333 | |
0efdf0fe | 1334 | .. _bgp-extended-community-lists: |
42fc5d26 QY |
1335 | |
1336 | BGP Extended Community Lists | |
1337 | ---------------------------- | |
1338 | ||
1339 | Expanded Community Lists is a user defined BGP Expanded Community | |
1340 | Lists. | |
1341 | ||
c3c5a71f | 1342 | .. index:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
29adcd50 | 1343 | .. clicmd:: ip extcommunity-list standard NAME permit|deny EXTCOMMUNITY |
42fc5d26 | 1344 | |
4da7fda3 QY |
1345 | This command defines a new standard extcommunity-list. `extcommunity` is |
1346 | extended communities value. The `extcommunity` is compiled into extended | |
1347 | community structure. We can define multiple extcommunity-list under same | |
1348 | name. In that case match will happen user defined order. Once the | |
1349 | extcommunity-list matches to extended communities attribute in BGP updates | |
1350 | it return permit or deny based upon the extcommunity-list definition. When | |
1351 | there is no matched entry, deny will be returned. When `extcommunity` is | |
1352 | empty it matches to any routes. | |
42fc5d26 | 1353 | |
c1a54c05 | 1354 | .. index:: ip extcommunity-list expanded NAME permit|deny LINE |
29adcd50 | 1355 | .. clicmd:: ip extcommunity-list expanded NAME permit|deny LINE |
42fc5d26 | 1356 | |
4da7fda3 QY |
1357 | This command defines a new expanded extcommunity-list. `line` is a string |
1358 | expression of extended communities attribute. `line` can be a regular | |
1359 | expression (:ref:`bgp-regular-expressions`) to match an extended communities | |
1360 | attribute in BGP updates. | |
42fc5d26 | 1361 | |
c1a54c05 | 1362 | .. index:: no ip extcommunity-list NAME |
29adcd50 | 1363 | .. clicmd:: no ip extcommunity-list NAME |
42fc5d26 | 1364 | |
c1a54c05 | 1365 | .. index:: no ip extcommunity-list standard NAME |
29adcd50 | 1366 | .. clicmd:: no ip extcommunity-list standard NAME |
42fc5d26 | 1367 | |
c1a54c05 | 1368 | .. index:: no ip extcommunity-list expanded NAME |
29adcd50 | 1369 | .. clicmd:: no ip extcommunity-list expanded NAME |
42fc5d26 | 1370 | |
4da7fda3 QY |
1371 | These commands delete extended community lists specified by `name`. All of |
1372 | extended community lists shares a single name space. So extended community | |
1373 | lists can be removed simpley specifying the name. | |
42fc5d26 | 1374 | |
c1a54c05 | 1375 | .. index:: show ip extcommunity-list |
29adcd50 | 1376 | .. clicmd:: show ip extcommunity-list |
42fc5d26 | 1377 | |
c1a54c05 | 1378 | .. index:: show ip extcommunity-list NAME |
29adcd50 | 1379 | .. clicmd:: show ip extcommunity-list NAME |
c1a54c05 | 1380 | |
4da7fda3 QY |
1381 | This command displays current extcommunity-list information. When `name` is |
1382 | specified the community list's information is shown. | |
42fc5d26 QY |
1383 | |
1384 | :: | |
1385 | ||
c3c5a71f QY |
1386 | # show ip extcommunity-list |
1387 | ||
42fc5d26 | 1388 | |
0efdf0fe | 1389 | .. _bgp-extended-communities-in-route-map: |
42fc5d26 QY |
1390 | |
1391 | BGP Extended Communities in Route Map | |
1392 | ------------------------------------- | |
1393 | ||
c3c5a71f | 1394 | .. index:: match extcommunity WORD |
29adcd50 | 1395 | .. clicmd:: match extcommunity WORD |
42fc5d26 | 1396 | |
42fc5d26 | 1397 | |
c1a54c05 | 1398 | .. index:: set extcommunity rt EXTCOMMUNITY |
29adcd50 | 1399 | .. clicmd:: set extcommunity rt EXTCOMMUNITY |
42fc5d26 | 1400 | |
c1a54c05 | 1401 | This command set Route Target value. |
42fc5d26 | 1402 | |
c1a54c05 | 1403 | .. index:: set extcommunity soo EXTCOMMUNITY |
29adcd50 | 1404 | .. clicmd:: set extcommunity soo EXTCOMMUNITY |
c1a54c05 QY |
1405 | |
1406 | This command set Site of Origin value. | |
42fc5d26 | 1407 | |
0efdf0fe | 1408 | .. _bgp-large-communities-attribute: |
42fc5d26 QY |
1409 | |
1410 | BGP Large Communities Attribute | |
1411 | =============================== | |
1412 | ||
1413 | The BGP Large Communities attribute was introduced in Feb 2017 with | |
c1a54c05 | 1414 | :rfc:`8092`. |
42fc5d26 QY |
1415 | |
1416 | The BGP Large Communities Attribute is similar to the BGP Communities | |
1417 | Attribute except that it has 3 components instead of two and each of | |
1418 | which are 4 octets in length. Large Communities bring additional | |
1419 | functionality and convenience over traditional communities, specifically | |
1420 | the fact that the `GLOBAL` part below is now 4 octets wide allowing | |
1421 | AS4 operators seamless use. | |
1422 | ||
1423 | ||
42fc5d26 | 1424 | *GLOBAL:LOCAL1:LOCAL2* |
c1a54c05 QY |
1425 | This is the format to define Large Community values. Referencing |
1426 | :t:`RFC8195, Use of BGP Large Communities` the values are commonly | |
1427 | referred to as follows. | |
1428 | The `GLOBAL` part is a 4 octet Global Administrator field, common | |
1429 | use of this field is the operators AS number. | |
1430 | The `LOCAL1` part is a 4 octet Local Data Part 1 subfield referred | |
1431 | to as a function. | |
1432 | The `LOCAL2` part is a 4 octet Local Data Part 2 field and referred | |
1433 | to as the parameter subfield. `65551:1:10` represents AS 65551 | |
1434 | function 1 and parameter 10. | |
1435 | The referenced RFC above gives some guidelines on recommended usage. | |
42fc5d26 | 1436 | |
0efdf0fe | 1437 | .. _bgp-large-community-lists: |
42fc5d26 QY |
1438 | |
1439 | BGP Large Community Lists | |
1440 | ------------------------- | |
1441 | ||
1442 | Two types of large community lists are supported, namely `standard` and | |
1443 | `expanded`. | |
1444 | ||
c3c5a71f | 1445 | .. index:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
29adcd50 | 1446 | .. clicmd:: ip large-community-list standard NAME permit|deny LARGE-COMMUNITY |
42fc5d26 | 1447 | |
4da7fda3 QY |
1448 | This command defines a new standard large-community-list. `large-community` |
1449 | is the Large Community value. We can add multiple large communities under | |
1450 | same name. In that case the match will happen in the user defined order. | |
1451 | Once the large-community-list matches the Large Communities attribute in BGP | |
1452 | updates it will return permit or deny based upon the large-community-list | |
1453 | definition. When there is no matched entry, a deny will be returned. When | |
1454 | `large-community` is empty it matches any routes. | |
42fc5d26 | 1455 | |
c1a54c05 | 1456 | .. index:: ip large-community-list expanded NAME permit|deny LINE |
29adcd50 | 1457 | .. clicmd:: ip large-community-list expanded NAME permit|deny LINE |
42fc5d26 | 1458 | |
4da7fda3 QY |
1459 | This command defines a new expanded large-community-list. Where `line` is a |
1460 | string matching expression, it will be compared to the entire Large | |
1461 | Communities attribute as a string, with each large-community in order from | |
1462 | lowest to highest. `line` can also be a regular expression which matches | |
1463 | this Large Community attribute. | |
42fc5d26 | 1464 | |
c1a54c05 | 1465 | .. index:: no ip large-community-list NAME |
29adcd50 | 1466 | .. clicmd:: no ip large-community-list NAME |
42fc5d26 | 1467 | |
c1a54c05 | 1468 | .. index:: no ip large-community-list standard NAME |
29adcd50 | 1469 | .. clicmd:: no ip large-community-list standard NAME |
42fc5d26 | 1470 | |
c1a54c05 | 1471 | .. index:: no ip large-community-list expanded NAME |
29adcd50 | 1472 | .. clicmd:: no ip large-community-list expanded NAME |
42fc5d26 | 1473 | |
4da7fda3 QY |
1474 | These commands delete Large Community lists specified by `name`. All Large |
1475 | Community lists share a single namespace. This means Large Community lists | |
1476 | can be removed by simply specifying the name. | |
42fc5d26 | 1477 | |
c1a54c05 | 1478 | .. index:: show ip large-community-list |
29adcd50 | 1479 | .. clicmd:: show ip large-community-list |
42fc5d26 | 1480 | |
c1a54c05 | 1481 | .. index:: show ip large-community-list NAME |
29adcd50 | 1482 | .. clicmd:: show ip large-community-list NAME |
42fc5d26 | 1483 | |
c1a54c05 QY |
1484 | This command display current large-community-list information. When |
1485 | `name` is specified the community list information is shown. | |
42fc5d26 | 1486 | |
c1a54c05 | 1487 | .. index:: show ip bgp large-community-info |
29adcd50 | 1488 | .. clicmd:: show ip bgp large-community-info |
c1a54c05 QY |
1489 | |
1490 | This command displays the current large communities in use. | |
42fc5d26 | 1491 | |
0efdf0fe | 1492 | .. _bgp-large-communities-in-route-map: |
42fc5d26 QY |
1493 | |
1494 | BGP Large Communities in Route Map | |
1495 | ---------------------------------- | |
1496 | ||
c3c5a71f | 1497 | .. index:: match large-community LINE |
29adcd50 | 1498 | .. clicmd:: match large-community LINE |
42fc5d26 | 1499 | |
4da7fda3 QY |
1500 | Where `line` can be a simple string to match, or a regular expression. It |
1501 | is very important to note that this match occurs on the entire | |
c1a54c05 QY |
1502 | large-community string as a whole, where each large-community is ordered |
1503 | from lowest to highest. | |
42fc5d26 | 1504 | |
c1a54c05 | 1505 | .. index:: set large-community LARGE-COMMUNITY |
29adcd50 | 1506 | .. clicmd:: set large-community LARGE-COMMUNITY |
42fc5d26 | 1507 | |
c1a54c05 | 1508 | .. index:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
29adcd50 | 1509 | .. clicmd:: set large-community LARGE-COMMUNITY LARGE-COMMUNITY |
42fc5d26 | 1510 | |
c1a54c05 | 1511 | .. index:: set large-community LARGE-COMMUNITY additive |
29adcd50 | 1512 | .. clicmd:: set large-community LARGE-COMMUNITY additive |
c1a54c05 QY |
1513 | |
1514 | These commands are used for setting large-community values. The first | |
1515 | command will overwrite any large-communities currently present. | |
1516 | The second specifies two large-communities, which overwrites the current | |
1517 | large-community list. The third will add a large-community value without | |
1518 | overwriting other values. Multiple large-community values can be specified. | |
42fc5d26 | 1519 | |
b572f826 PZ |
1520 | |
1521 | .. _bgp-vrfs: | |
1522 | ||
1523 | BGP VRFs | |
1524 | ======== | |
1525 | ||
4da7fda3 | 1526 | Bgpd supports multiple VRF instances via the *router bgp* command: |
b572f826 PZ |
1527 | |
1528 | .. index:: router bgp ASN vrf VRFNAME | |
1529 | .. clicmd:: router bgp ASN vrf VRFNAME | |
1530 | ||
4da7fda3 QY |
1531 | VRFNAME is matched against VRFs configured in the kernel. When no *vrf VRFNAME* |
1532 | is specified, the BGP protocol process belongs to the default VRF. | |
b572f826 | 1533 | |
4da7fda3 QY |
1534 | BGP routes may be leaked (i.e., copied) between a unicast VRF RIB and the VPN |
1535 | safi RIB of the default VRF (leaking is also permitted between the unicast RIB | |
1536 | of the default VRF and VPN). A common application of this feature is to | |
1537 | connect a customer's private routing domain to a provider's VPN service. | |
1538 | Leaking is configured from the point of view of an individual VRF: ``import`` | |
1539 | refers to routes leaked from VPN to a unicast VRF, whereas ``export`` refers to | |
1540 | routes leaked from a unicast VRF to VPN. | |
b572f826 PZ |
1541 | |
1542 | Required Parameters | |
1543 | ------------------- | |
1544 | ||
4da7fda3 QY |
1545 | Routes exported from a unicast VRF to the VPN RIB must be augmented by two |
1546 | parameters: | |
1547 | ||
1548 | - an :abbr:`RD (Route Distinguisher)` | |
1549 | - an :abbr:`RTLIST (Route-target List)` | |
1550 | ||
1551 | Configuration for these exported routes must, at a minimum, specify these two | |
1552 | parameters. | |
1553 | ||
1554 | Routes imported from the VPN RIB to a unicast VRF are selected according to | |
1555 | their RTLISTs. Routes whose RTLIST contains at least one route-target in | |
1556 | common with the configured import RTLIST are leaked. Configuration for these | |
1557 | imported routes must specify an RTLIST to be matched. | |
1558 | ||
1559 | The RD, which carries no semantic value, is intended to make the route unique | |
1560 | in the VPN RIB among all routes of its prefix that originate from all the | |
1561 | customers and sites that are attached to the provider's VPN service. | |
1562 | Accordingly, each site of each customer is typically assigned an RD that is | |
1563 | unique across the entire provider network. | |
1564 | ||
1565 | The RTLIST is a set of route-target extended community values whose purpose is | |
1566 | to specify route-leaking policy. Typically, a customer is assigned a single | |
1567 | route-target value for import and export to be used at all customer sites. This | |
1568 | configuration specifies a simple topology wherein a customer has a single | |
1569 | routing domain which is shared across all its sites. More complex routing | |
1570 | topologies are possible through use of additional route-targets to augment the | |
1571 | leaking of sets of routes in various ways. | |
b572f826 PZ |
1572 | |
1573 | Configuration | |
1574 | ------------- | |
1575 | ||
4da7fda3 QY |
1576 | Configuration of route leaking between a unicast VRF RIB and the VPN safi RIB |
1577 | of the default VRF is accomplished via commands in the context of a VRF | |
1578 | address-family: | |
b572f826 PZ |
1579 | |
1580 | .. index:: rd vpn export AS:NN|IP:nn | |
1581 | .. clicmd:: rd vpn export AS:NN|IP:nn | |
1582 | ||
4da7fda3 QY |
1583 | Specifies the route distinguisher to be added to a route exported from the |
1584 | current unicast VRF to VPN. | |
b572f826 PZ |
1585 | |
1586 | .. index:: no rd vpn export [AS:NN|IP:nn] | |
1587 | .. clicmd:: no rd vpn export [AS:NN|IP:nn] | |
1588 | ||
1589 | Deletes any previously-configured export route distinguisher. | |
1590 | ||
1591 | .. index:: rt vpn import|export|both RTLIST... | |
1592 | .. clicmd:: rt vpn import|export|both RTLIST... | |
1593 | ||
4da7fda3 QY |
1594 | Specifies the route-target list to be attached to a route (export) or the |
1595 | route-target list to match against (import) when exporting/importing between | |
1596 | the current unicast VRF and VPN. | |
b572f826 | 1597 | |
4da7fda3 QY |
1598 | The RTLIST is a space-separated list of route-targets, which are BGP |
1599 | extended community values as described in | |
b572f826 PZ |
1600 | :ref:`bgp-extended-communities-attribute`. |
1601 | ||
1602 | .. index:: no rt vpn import|export|both [RTLIST...] | |
1603 | .. clicmd:: no rt vpn import|export|both [RTLIST...] | |
1604 | ||
1605 | Deletes any previously-configured import or export route-target list. | |
1606 | ||
1607 | .. index:: label vpn export (0..1048575) | |
1608 | .. clicmd:: label vpn export (0..1048575) | |
1609 | ||
4da7fda3 QY |
1610 | Specifies an optional MPLS label to be attached to a route exported from the |
1611 | current unicast VRF to VPN. | |
b572f826 PZ |
1612 | |
1613 | .. index:: no label vpn export [(0..1048575)] | |
1614 | .. clicmd:: no label vpn export [(0..1048575)] | |
1615 | ||
1616 | Deletes any previously-configured export label. | |
1617 | ||
1618 | .. index:: nexthop vpn export A.B.C.D|X:X::X:X | |
1619 | .. clicmd:: nexthop vpn export A.B.C.D|X:X::X:X | |
1620 | ||
4da7fda3 QY |
1621 | Specifies an optional nexthop value to be assigned to a route exported from |
1622 | the current unicast VRF to VPN. If left unspecified, the nexthop will be set | |
1623 | to 0.0.0.0 or 0:0::0:0 (self). | |
b572f826 PZ |
1624 | |
1625 | .. index:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1626 | .. clicmd:: no nexthop vpn export [A.B.C.D|X:X::X:X] | |
1627 | ||
1628 | Deletes any previously-configured export nexthop. | |
1629 | ||
1630 | .. index:: route-map vpn import|export MAP | |
1631 | .. clicmd:: route-map vpn import|export MAP | |
1632 | ||
4da7fda3 QY |
1633 | Specifies an optional route-map to be applied to routes imported or exported |
1634 | betwen the current unicast VRF and VPN. | |
b572f826 PZ |
1635 | |
1636 | .. index:: no route-map vpn import|export [MAP] | |
1637 | .. clicmd:: no route-map vpn import|export [MAP] | |
1638 | ||
1639 | Deletes any previously-configured import or export route-map. | |
1640 | ||
1641 | .. index:: import|export vpn | |
1642 | .. clicmd:: import|export vpn | |
1643 | ||
1644 | Enables import or export of routes betwen the current unicast VRF and VPN. | |
1645 | ||
1646 | .. index:: no import|export vpn | |
1647 | .. clicmd:: no import|export vpn | |
1648 | ||
1649 | Disables import or export of routes betwen the current unicast VRF and VPN. | |
1650 | ||
1651 | ||
0efdf0fe | 1652 | .. _displaying-bgp-information: |
42fc5d26 QY |
1653 | |
1654 | Displaying BGP information | |
1655 | ========================== | |
1656 | ||
1657 | ||
0efdf0fe | 1658 | .. _showing-bgp-information: |
42fc5d26 QY |
1659 | |
1660 | Showing BGP information | |
1661 | ----------------------- | |
1662 | ||
c3c5a71f | 1663 | .. index:: show ip bgp |
29adcd50 | 1664 | .. clicmd:: show ip bgp |
42fc5d26 | 1665 | |
c1a54c05 | 1666 | .. index:: show ip bgp A.B.C.D |
29adcd50 | 1667 | .. clicmd:: show ip bgp A.B.C.D |
42fc5d26 | 1668 | |
c1a54c05 | 1669 | .. index:: show ip bgp X:X::X:X |
29adcd50 | 1670 | .. clicmd:: show ip bgp X:X::X:X |
42fc5d26 | 1671 | |
c1a54c05 QY |
1672 | This command displays BGP routes. When no route is specified it |
1673 | display all of IPv4 BGP routes. | |
42fc5d26 | 1674 | |
c1a54c05 | 1675 | :: |
76bd1499 | 1676 | |
42fc5d26 | 1677 | BGP table version is 0, local router ID is 10.1.1.1 |
c1a54c05 QY |
1678 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal |
1679 | Origin codes: i - IGP, e - EGP, ? - incomplete | |
76bd1499 | 1680 | |
c1a54c05 QY |
1681 | Network Next Hop Metric LocPrf Weight Path |
1682 | \*> 1.1.1.1/32 0.0.0.0 0 32768 i | |
76bd1499 | 1683 | |
c1a54c05 | 1684 | Total number of prefixes 1 |
42fc5d26 | 1685 | |
42fc5d26 | 1686 | |
c3c5a71f | 1687 | .. index:: show ip bgp regexp LINE |
29adcd50 | 1688 | .. clicmd:: show ip bgp regexp LINE |
42fc5d26 | 1689 | |
c1a54c05 | 1690 | This command displays BGP routes using AS path regular expression |
0efdf0fe | 1691 | (:ref:`bgp-regular-expressions`). |
42fc5d26 | 1692 | |
c1a54c05 | 1693 | .. index:: show ip bgp community COMMUNITY |
29adcd50 | 1694 | .. clicmd:: show ip bgp community COMMUNITY |
42fc5d26 | 1695 | |
c1a54c05 | 1696 | .. index:: show ip bgp community COMMUNITY exact-match |
29adcd50 | 1697 | .. clicmd:: show ip bgp community COMMUNITY exact-match |
42fc5d26 | 1698 | |
4da7fda3 QY |
1699 | This command displays BGP routes using `community` |
1700 | (:ref:`display-bgp-routes-by-community`). | |
42fc5d26 | 1701 | |
c1a54c05 | 1702 | .. index:: show ip bgp community-list WORD |
29adcd50 | 1703 | .. clicmd:: show ip bgp community-list WORD |
42fc5d26 | 1704 | |
c1a54c05 | 1705 | .. index:: show ip bgp community-list WORD exact-match |
29adcd50 | 1706 | .. clicmd:: show ip bgp community-list WORD exact-match |
42fc5d26 | 1707 | |
4da7fda3 QY |
1708 | This command displays BGP routes using community list |
1709 | (:ref:`display-bgp-routes-by-community`). | |
42fc5d26 | 1710 | |
c1a54c05 | 1711 | .. index:: show bgp ipv4|ipv6 summary |
29adcd50 | 1712 | .. clicmd:: show bgp ipv4|ipv6 summary |
42fc5d26 | 1713 | |
c1a54c05 | 1714 | Show a bgp peer summary for the specified address family. |
42fc5d26 | 1715 | |
c1a54c05 | 1716 | .. index:: show bgp ipv4|ipv6 neighbor [PEER] |
29adcd50 | 1717 | .. clicmd:: show bgp ipv4|ipv6 neighbor [PEER] |
42fc5d26 | 1718 | |
c1a54c05 | 1719 | This command shows information on a specific BGP `peer`. |
42fc5d26 | 1720 | |
c1a54c05 | 1721 | .. index:: show bgp ipv4|ipv6 dampening dampened-paths |
29adcd50 | 1722 | .. clicmd:: show bgp ipv4|ipv6 dampening dampened-paths |
42fc5d26 | 1723 | |
c1a54c05 | 1724 | Display paths suppressed due to dampening. |
42fc5d26 | 1725 | |
c1a54c05 | 1726 | .. index:: show bgp ipv4|ipv6 dampening flap-statistics |
29adcd50 | 1727 | .. clicmd:: show bgp ipv4|ipv6 dampening flap-statistics |
c1a54c05 QY |
1728 | |
1729 | Display flap statistics of routes. | |
42fc5d26 | 1730 | |
0efdf0fe | 1731 | .. _other-bgp-commands: |
42fc5d26 QY |
1732 | |
1733 | Other BGP commands | |
1734 | ------------------ | |
1735 | ||
c3c5a71f | 1736 | .. index:: clear bgp ipv4|ipv6 \* |
29adcd50 | 1737 | .. clicmd:: clear bgp ipv4|ipv6 \* |
42fc5d26 | 1738 | |
c1a54c05 | 1739 | Clear all address family peers. |
42fc5d26 | 1740 | |
c1a54c05 | 1741 | .. index:: clear bgp ipv4|ipv6 PEER |
29adcd50 | 1742 | .. clicmd:: clear bgp ipv4|ipv6 PEER |
42fc5d26 | 1743 | |
c1a54c05 | 1744 | Clear peers which have addresses of X.X.X.X |
42fc5d26 | 1745 | |
c1a54c05 | 1746 | .. index:: clear bgp ipv4|ipv6 PEER soft in |
29adcd50 | 1747 | .. clicmd:: clear bgp ipv4|ipv6 PEER soft in |
42fc5d26 | 1748 | |
c1a54c05 | 1749 | Clear peer using soft reconfiguration. |
42fc5d26 | 1750 | |
c1a54c05 | 1751 | .. index:: show debug |
29adcd50 | 1752 | .. clicmd:: show debug |
42fc5d26 | 1753 | |
c1a54c05 | 1754 | .. index:: debug event |
29adcd50 | 1755 | .. clicmd:: debug event |
42fc5d26 | 1756 | |
c1a54c05 | 1757 | .. index:: debug update |
29adcd50 | 1758 | .. clicmd:: debug update |
42fc5d26 | 1759 | |
c1a54c05 | 1760 | .. index:: debug keepalive |
29adcd50 | 1761 | .. clicmd:: debug keepalive |
42fc5d26 | 1762 | |
c1a54c05 | 1763 | .. index:: no debug event |
29adcd50 | 1764 | .. clicmd:: no debug event |
42fc5d26 | 1765 | |
c1a54c05 | 1766 | .. index:: no debug update |
29adcd50 | 1767 | .. clicmd:: no debug update |
42fc5d26 | 1768 | |
c1a54c05 | 1769 | .. index:: no debug keepalive |
29adcd50 | 1770 | .. clicmd:: no debug keepalive |
42fc5d26 | 1771 | |
c1a54c05 | 1772 | |
0efdf0fe | 1773 | .. _capability-negotiation: |
42fc5d26 QY |
1774 | |
1775 | Capability Negotiation | |
1776 | ====================== | |
1777 | ||
4b44467c | 1778 | When adding IPv6 routing information exchange feature to BGP. There were some |
4da7fda3 QY |
1779 | proposals. :abbr:`IETF (Internet Engineering Task Force)` |
1780 | :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol | |
1781 | Extension for BGP. The specification is described in :rfc:`2283`. The protocol | |
1782 | does not define new protocols. It defines new attributes to existing BGP. When | |
1783 | it is used exchanging IPv6 routing information it is called BGP-4+. When it is | |
1784 | used for exchanging multicast routing information it is called MBGP. | |
1785 | ||
1786 | *bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports | |
1787 | the protocol, *bgpd* can exchange IPv6 and/or multicast routing information. | |
1788 | ||
1789 | Traditional BGP did not have the feature to detect a remote peer's | |
1790 | capabilities, e.g. whether it can handle prefix types other than IPv4 unicast | |
1791 | routes. This was a big problem using Multiprotocol Extension for BGP in an | |
1792 | operational network. :rfc:`2842` adopted a feature called Capability | |
1793 | Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's | |
1794 | capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* | |
1795 | does not send these Capability Negotiation packets (at least not unless other | |
1796 | optional BGP features require capability negotation). | |
4b44467c QY |
1797 | |
1798 | By default, FRR will bring up peering with minimal common capability for the | |
4da7fda3 QY |
1799 | both sides. For example, if the local router has unicast and multicast |
1800 | capabilities and the remote router only has unicast capability the local router | |
1801 | will establish the connection with unicast only capability. When there are no | |
1802 | common capabilities, FRR sends Unsupported Capability error and then resets the | |
4b44467c QY |
1803 | connection. |
1804 | ||
1805 | If you want to completely match capabilities with remote peer. Please use | |
1806 | *strict-capability-match* command. | |
42fc5d26 | 1807 | |
c1a54c05 QY |
1808 | .. index:: neighbor PEER strict-capability-match |
1809 | .. clicmd:: neighbor PEER strict-capability-match | |
c3c5a71f | 1810 | |
c1a54c05 QY |
1811 | .. index:: no neighbor PEER strict-capability-match |
1812 | .. clicmd:: no neighbor PEER strict-capability-match | |
42fc5d26 | 1813 | |
4da7fda3 QY |
1814 | Strictly compares remote capabilities and local capabilities. If |
1815 | capabilities are different, send Unsupported Capability error then reset | |
1816 | connection. | |
42fc5d26 | 1817 | |
4da7fda3 QY |
1818 | You may want to disable sending Capability Negotiation OPEN message optional |
1819 | parameter to the peer when remote peer does not implement Capability | |
1820 | Negotiation. Please use *dont-capability-negotiate* command to disable the | |
1821 | feature. | |
c3c5a71f | 1822 | |
c1a54c05 QY |
1823 | .. index:: neighbor PEER dont-capability-negotiate |
1824 | .. clicmd:: neighbor PEER dont-capability-negotiate | |
42fc5d26 | 1825 | |
c1a54c05 QY |
1826 | .. index:: no neighbor PEER dont-capability-negotiate |
1827 | .. clicmd:: no neighbor PEER dont-capability-negotiate | |
c3c5a71f | 1828 | |
4da7fda3 QY |
1829 | Suppress sending Capability Negotiation as OPEN message optional parameter |
1830 | to the peer. This command only affects the peer is configured other than | |
1831 | IPv4 unicast configuration. | |
42fc5d26 | 1832 | |
4da7fda3 QY |
1833 | When remote peer does not have capability negotiation feature, remote peer |
1834 | will not send any capabilities at all. In that case, bgp configures the peer | |
1835 | with configured capabilities. | |
42fc5d26 | 1836 | |
c1a54c05 | 1837 | You may prefer locally configured capabilities more than the negotiated |
4da7fda3 QY |
1838 | capabilities even though remote peer sends capabilities. If the peer is |
1839 | configured by *override-capability*, *bgpd* ignores received capabilities | |
1840 | then override negotiated capabilities with configured values. | |
42fc5d26 | 1841 | |
c1a54c05 QY |
1842 | .. index:: neighbor PEER override-capability |
1843 | .. clicmd:: neighbor PEER override-capability | |
42fc5d26 | 1844 | |
c1a54c05 QY |
1845 | .. index:: no neighbor PEER override-capability |
1846 | .. clicmd:: no neighbor PEER override-capability | |
c3c5a71f | 1847 | |
c1a54c05 QY |
1848 | Override the result of Capability Negotiation with local configuration. |
1849 | Ignore remote peer's capability value. | |
42fc5d26 | 1850 | |
0efdf0fe | 1851 | .. _route-reflector: |
42fc5d26 QY |
1852 | |
1853 | Route Reflector | |
1854 | =============== | |
1855 | ||
c1a54c05 QY |
1856 | .. index:: bgp cluster-id A.B.C.D |
1857 | .. clicmd:: bgp cluster-id A.B.C.D | |
42fc5d26 | 1858 | |
c1a54c05 QY |
1859 | .. index:: neighbor PEER route-reflector-client |
1860 | .. clicmd:: neighbor PEER route-reflector-client | |
c3c5a71f | 1861 | |
c1a54c05 QY |
1862 | .. index:: no neighbor PEER route-reflector-client |
1863 | .. clicmd:: no neighbor PEER route-reflector-client | |
42fc5d26 | 1864 | |
42fc5d26 | 1865 | |
0efdf0fe | 1866 | .. _route-server: |
42fc5d26 QY |
1867 | |
1868 | Route Server | |
1869 | ============ | |
1870 | ||
c1a54c05 | 1871 | At an Internet Exchange point, many ISPs are connected to each other by the |
4da7fda3 QY |
1872 | "full mesh method". As with internal BGP full mesh formation, this method has a |
1873 | scaling problem. | |
42fc5d26 | 1874 | |
c1a54c05 QY |
1875 | This scaling problem is well known. Route Server is a method to resolve the |
1876 | problem. Each ISP's BGP router only peers to Route Server. Route Server serves | |
1877 | as BGP information exchange to other BGP routers. By applying this method, | |
1878 | numbers of BGP connections is reduced from O(n*(n-1)/2) to O(n). | |
42fc5d26 | 1879 | |
4da7fda3 | 1880 | Unlike a normal BGP router, Route Server must have several routing tables for |
c1a54c05 QY |
1881 | managing different routing policies for each BGP speaker. We call the routing |
1882 | tables as different "views". *bgpd* can work as normal BGP router or Route | |
1883 | Server or both at the same time. | |
42fc5d26 | 1884 | |
0efdf0fe | 1885 | .. _multiple-instance: |
42fc5d26 QY |
1886 | |
1887 | Multiple instance | |
1888 | ----------------- | |
1889 | ||
c1a54c05 QY |
1890 | To enable multiple view function of *bgpd*, you must turn on multiple instance |
1891 | feature beforehand. | |
42fc5d26 | 1892 | |
c3c5a71f | 1893 | .. index:: bgp multiple-instance |
29adcd50 | 1894 | .. clicmd:: bgp multiple-instance |
42fc5d26 | 1895 | |
c1a54c05 QY |
1896 | Enable BGP multiple instance feature. After this feature is enabled, |
1897 | you can make multiple BGP instances or multiple BGP views. | |
42fc5d26 | 1898 | |
c1a54c05 | 1899 | .. index:: no bgp multiple-instance |
29adcd50 | 1900 | .. clicmd:: no bgp multiple-instance |
c1a54c05 QY |
1901 | |
1902 | Disable BGP multiple instance feature. You can not disable this feature | |
1903 | when BGP multiple instances or views exist. | |
42fc5d26 | 1904 | |
c3c5a71f | 1905 | When you want to make configuration more Cisco like one, |
42fc5d26 | 1906 | |
c3c5a71f | 1907 | .. index:: bgp config-type cisco |
29adcd50 | 1908 | .. clicmd:: bgp config-type cisco |
c1a54c05 QY |
1909 | |
1910 | Cisco compatible BGP configuration output. | |
42fc5d26 | 1911 | |
c3c5a71f | 1912 | When bgp config-type cisco is specified, |
42fc5d26 | 1913 | |
4da7fda3 QY |
1914 | ``no synchronization`` is displayed. |
1915 | ``no auto-summary`` is displayed. | |
1916 | ||
1917 | The ``network`` and ``aggregate-address`` arguments are displayed as:: | |
42fc5d26 | 1918 | |
4da7fda3 | 1919 | A.B.C.D M.M.M.M |
42fc5d26 | 1920 | |
4da7fda3 QY |
1921 | FRR: network 10.0.0.0/8 |
1922 | Cisco: network 10.0.0.0 | |
42fc5d26 | 1923 | |
4da7fda3 QY |
1924 | FRR: aggregate-address 192.168.0.0/24 |
1925 | Cisco: aggregate-address 192.168.0.0 255.255.255.0 | |
42fc5d26 | 1926 | |
4da7fda3 QY |
1927 | Community attribute handling is also different. If no configuration is |
1928 | specified community attribute and extended community attribute are sent to the | |
1929 | neighbor. If a user manually disables the feature, the community attribute is | |
1930 | not sent to the neighbor. When ``bgp config-type cisco`` is specified, the | |
1931 | community attribute is not sent to the neighbor by default. To send the | |
1932 | community attribute user has to specify *neighbor A.B.C.D send-community* | |
1933 | command.:: | |
c1a54c05 QY |
1934 | |
1935 | ! | |
1936 | router bgp 1 | |
1937 | neighbor 10.0.0.1 remote-as 1 | |
1938 | address-family ipv4 unicast | |
1939 | no neighbor 10.0.0.1 send-community | |
1940 | exit-address-family | |
1941 | ! | |
1942 | router bgp 1 | |
1943 | neighbor 10.0.0.1 remote-as 1 | |
1944 | address-family ipv4 unicast | |
1945 | neighbor 10.0.0.1 send-community | |
1946 | exit-address-family | |
1947 | ! | |
42fc5d26 | 1948 | |
42fc5d26 | 1949 | |
c3c5a71f | 1950 | .. index:: bgp config-type zebra |
29adcd50 | 1951 | .. clicmd:: bgp config-type zebra |
c1a54c05 QY |
1952 | |
1953 | FRR style BGP configuration. This is default. | |
42fc5d26 | 1954 | |
0efdf0fe | 1955 | .. _bgp-instance-and-view: |
42fc5d26 QY |
1956 | |
1957 | BGP instance and view | |
1958 | --------------------- | |
1959 | ||
4da7fda3 QY |
1960 | BGP instance is a normal BGP process. The result of route selection goes to the |
1961 | kernel routing table. You can setup different AS at the same time when BGP | |
1962 | multiple instance feature is enabled. | |
42fc5d26 | 1963 | |
c3c5a71f | 1964 | .. index:: router bgp AS-NUMBER |
29adcd50 | 1965 | .. clicmd:: router bgp AS-NUMBER |
42fc5d26 | 1966 | |
4da7fda3 | 1967 | Make a new BGP instance. You can use an arbitrary word for the `name`. |
42fc5d26 | 1968 | |
c1a54c05 | 1969 | :: |
76bd1499 | 1970 | |
c1a54c05 QY |
1971 | bgp multiple-instance |
1972 | ! | |
1973 | router bgp 1 | |
1974 | neighbor 10.0.0.1 remote-as 2 | |
1975 | neighbor 10.0.0.2 remote-as 3 | |
1976 | ! | |
1977 | router bgp 2 | |
1978 | neighbor 10.0.0.3 remote-as 4 | |
1979 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 1980 | |
42fc5d26 | 1981 | |
4da7fda3 QY |
1982 | BGP view is almost same as normal BGP process. The result of route selection |
1983 | does not go to the kernel routing table. BGP view is only for exchanging BGP | |
1984 | routing information. | |
42fc5d26 | 1985 | |
c3c5a71f | 1986 | .. index:: router bgp AS-NUMBER view NAME |
29adcd50 | 1987 | .. clicmd:: router bgp AS-NUMBER view NAME |
42fc5d26 | 1988 | |
c1a54c05 QY |
1989 | Make a new BGP view. You can use arbitrary word for the `name`. This view's |
1990 | route selection result does not go to the kernel routing table. | |
42fc5d26 | 1991 | |
c1a54c05 | 1992 | With this command, you can setup Route Server like below. |
42fc5d26 | 1993 | |
c1a54c05 | 1994 | :: |
76bd1499 | 1995 | |
c1a54c05 QY |
1996 | bgp multiple-instance |
1997 | ! | |
1998 | router bgp 1 view 1 | |
1999 | neighbor 10.0.0.1 remote-as 2 | |
2000 | neighbor 10.0.0.2 remote-as 3 | |
2001 | ! | |
2002 | router bgp 2 view 2 | |
2003 | neighbor 10.0.0.3 remote-as 4 | |
2004 | neighbor 10.0.0.4 remote-as 5 | |
c3c5a71f | 2005 | |
42fc5d26 | 2006 | |
0efdf0fe | 2007 | .. _routing-policy: |
42fc5d26 QY |
2008 | |
2009 | Routing policy | |
2010 | -------------- | |
2011 | ||
4da7fda3 QY |
2012 | You can set different routing policy for a peer. For example, you can set |
2013 | different filter for a peer.:: | |
c1a54c05 QY |
2014 | |
2015 | bgp multiple-instance | |
2016 | ! | |
2017 | router bgp 1 view 1 | |
2018 | neighbor 10.0.0.1 remote-as 2 | |
2019 | address-family ipv4 unicast | |
2020 | neighbor 10.0.0.1 distribute-list 1 in | |
2021 | exit-address-family | |
2022 | ! | |
2023 | router bgp 1 view 2 | |
2024 | neighbor 10.0.0.1 remote-as 2 | |
2025 | address-family ipv4 unicast | |
2026 | neighbor 10.0.0.1 distribute-list 2 in | |
2027 | exit-address-family | |
c3c5a71f | 2028 | |
42fc5d26 | 2029 | |
4da7fda3 QY |
2030 | This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. |
2031 | When the update is inserted into view 1, distribute-list 1 is applied. On the | |
2032 | other hand, when the update is inserted into view 2, distribute-list 2 is | |
2033 | applied. | |
42fc5d26 | 2034 | |
0efdf0fe | 2035 | .. _viewing-the-view: |
42fc5d26 QY |
2036 | |
2037 | Viewing the view | |
2038 | ---------------- | |
2039 | ||
2040 | To display routing table of BGP view, you must specify view name. | |
2041 | ||
c3c5a71f | 2042 | .. index:: show ip bgp view NAME |
29adcd50 | 2043 | .. clicmd:: show ip bgp view NAME |
c1a54c05 QY |
2044 | |
2045 | Display routing table of BGP view ``NAME``. | |
42fc5d26 | 2046 | |
0efdf0fe | 2047 | .. _bgp-regular-expressions: |
42fc5d26 QY |
2048 | |
2049 | BGP Regular Expressions | |
2050 | ======================= | |
2051 | ||
4da7fda3 QY |
2052 | BGP regular expressions are based on `POSIX 1003.2` regular expressions. The |
2053 | following description is just a quick subset of the `POSIX` regular | |
2054 | expressions. Adding to that, the special character '_' is added. | |
42fc5d26 QY |
2055 | |
2056 | ||
c1a54c05 QY |
2057 | .* |
2058 | Matches any single character. | |
42fc5d26 QY |
2059 | |
2060 | * | |
c1a54c05 | 2061 | Matches 0 or more occurrences of pattern. |
42fc5d26 QY |
2062 | |
2063 | + | |
c1a54c05 | 2064 | Matches 1 or more occurrences of pattern. |
42fc5d26 QY |
2065 | |
2066 | ? | |
c1a54c05 | 2067 | Match 0 or 1 occurrences of pattern. |
42fc5d26 QY |
2068 | |
2069 | ^ | |
c1a54c05 | 2070 | Matches the beginning of the line. |
42fc5d26 QY |
2071 | |
2072 | $ | |
c1a54c05 | 2073 | Matches the end of the line. |
42fc5d26 QY |
2074 | |
2075 | _ | |
c1a54c05 QY |
2076 | Character `_` has special meanings in BGP regular expressions. It matches |
2077 | to space and comma , and AS set delimiter { and } and AS confederation | |
2078 | delimiter `(` and `)`. And it also matches to the beginning of the line and | |
2079 | the end of the line. So `_` can be used for AS value boundaries match. This | |
2080 | character technically evaluates to `(^|[,{}() ]|$)`. | |
42fc5d26 | 2081 | |
11ab5329 | 2082 | .. _how-to-set-up-a-6-bone-connection: |
42fc5d26 QY |
2083 | |
2084 | How to set up a 6-Bone connection | |
2085 | ================================= | |
2086 | ||
2087 | :: | |
2088 | ||
c1a54c05 QY |
2089 | bgpd configuration |
2090 | ================== | |
2091 | ! | |
c1a54c05 QY |
2092 | ! MP-BGP configuration |
2093 | ! | |
2094 | router bgp 7675 | |
2095 | bgp router-id 10.0.0.1 | |
2096 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as `as-number` | |
2097 | ! | |
2098 | address-family ipv6 | |
2099 | network 3ffe:506::/32 | |
2100 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate | |
2101 | neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out | |
2102 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as `as-number` | |
2103 | neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out | |
2104 | exit-address-family | |
2105 | ! | |
2106 | ipv6 access-list all permit any | |
2107 | ! | |
2108 | ! Set output nexthop address. | |
2109 | ! | |
2110 | route-map set-nexthop permit 10 | |
2111 | match ipv6 address all | |
2112 | set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225 | |
2113 | set ipv6 nexthop local fe80::2c0:4fff:fe68:a225 | |
2114 | ! | |
c1a54c05 QY |
2115 | log file bgpd.log |
2116 | ! | |
c3c5a71f | 2117 | |
42fc5d26 | 2118 | |
0efdf0fe | 2119 | .. _dump-bgp-packets-and-table: |
42fc5d26 QY |
2120 | |
2121 | Dump BGP packets and table | |
2122 | ========================== | |
2123 | ||
c3c5a71f | 2124 | .. index:: dump bgp all PATH [INTERVAL] |
29adcd50 | 2125 | .. clicmd:: dump bgp all PATH [INTERVAL] |
42fc5d26 | 2126 | |
c1a54c05 | 2127 | .. index:: dump bgp all-et PATH [INTERVAL] |
29adcd50 | 2128 | .. clicmd:: dump bgp all-et PATH [INTERVAL] |
42fc5d26 | 2129 | |
c1a54c05 | 2130 | .. index:: no dump bgp all [PATH] [INTERVAL] |
29adcd50 | 2131 | .. clicmd:: no dump bgp all [PATH] [INTERVAL] |
42fc5d26 | 2132 | |
c1a54c05 | 2133 | Dump all BGP packet and events to `path` file. |
4da7fda3 QY |
2134 | If `interval` is set, a new file will be created for echo `interval` of |
2135 | seconds. The path `path` can be set with date and time formatting | |
2136 | (strftime). The type ‘all-et’ enables support for Extended Timestamp Header | |
2137 | (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2138 | |
c1a54c05 | 2139 | .. index:: dump bgp updates PATH [INTERVAL] |
29adcd50 | 2140 | .. clicmd:: dump bgp updates PATH [INTERVAL] |
42fc5d26 | 2141 | |
c1a54c05 | 2142 | .. index:: dump bgp updates-et PATH [INTERVAL] |
29adcd50 | 2143 | .. clicmd:: dump bgp updates-et PATH [INTERVAL] |
42fc5d26 | 2144 | |
c1a54c05 | 2145 | .. index:: no dump bgp updates [PATH] [INTERVAL] |
29adcd50 | 2146 | .. clicmd:: no dump bgp updates [PATH] [INTERVAL] |
42fc5d26 | 2147 | |
c1a54c05 | 2148 | Dump only BGP updates messages to `path` file. |
4da7fda3 QY |
2149 | If `interval` is set, a new file will be created for echo `interval` of |
2150 | seconds. The path `path` can be set with date and time formatting | |
2151 | (strftime). The type ‘updates-et’ enables support for Extended Timestamp | |
2152 | Header (:ref:`packet-binary-dump-format`). | |
42fc5d26 | 2153 | |
c1a54c05 | 2154 | .. index:: dump bgp routes-mrt PATH |
29adcd50 | 2155 | .. clicmd:: dump bgp routes-mrt PATH |
42fc5d26 | 2156 | |
c1a54c05 | 2157 | .. index:: dump bgp routes-mrt PATH INTERVAL |
29adcd50 | 2158 | .. clicmd:: dump bgp routes-mrt PATH INTERVAL |
42fc5d26 | 2159 | |
c1a54c05 | 2160 | .. index:: no dump bgp route-mrt [PATH] [INTERVAL] |
29adcd50 | 2161 | .. clicmd:: no dump bgp route-mrt [PATH] [INTERVAL] |
42fc5d26 | 2162 | |
4da7fda3 QY |
2163 | Dump whole BGP routing table to `path`. This is heavy process. The path |
2164 | `path` can be set with date and time formatting (strftime). If `interval` is | |
2165 | set, a new file will be created for echo `interval` of seconds. | |
42fc5d26 | 2166 | |
c1a54c05 | 2167 | Note: the interval variable can also be set using hours and minutes: 04h20m00. |
42fc5d26 | 2168 | |
c1a54c05 | 2169 | .. _bgp-configuration-examples: |
42fc5d26 | 2170 | |
c1a54c05 QY |
2171 | BGP Configuration Examples |
2172 | ========================== | |
42fc5d26 | 2173 | |
c1a54c05 | 2174 | Example of a session to an upstream, advertising only one prefix to it.:: |
42fc5d26 | 2175 | |
c1a54c05 QY |
2176 | router bgp 64512 |
2177 | bgp router-id 10.236.87.1 | |
2178 | neighbor upstream peer-group | |
2179 | neighbor upstream remote-as 64515 | |
2180 | neighbor upstream capability dynamic | |
2181 | neighbor 10.1.1.1 peer-group upstream | |
2182 | neighbor 10.1.1.1 description ACME ISP | |
c3c5a71f | 2183 | |
c1a54c05 QY |
2184 | address-family ipv4 unicast |
2185 | network 10.236.87.0/24 | |
2186 | neighbor upstream prefix-list pl-allowed-adv out | |
2187 | exit-address-family | |
2188 | ! | |
2189 | ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25 | |
2190 | ip prefix-list pl-allowed-adv seq 10 deny any | |
42fc5d26 | 2191 | |
4da7fda3 QY |
2192 | A more complex example. With upstream, peer and customer sessions. Advertising |
2193 | global prefixes and NO_EXPORT prefixes and providing actions for customer | |
2194 | routes based on community values. Extensive use of route-maps and the 'call' | |
2195 | feature to support selective advertising of prefixes. This example is intended | |
2196 | as guidance only, it has NOT been tested and almost certainly containts silly | |
2197 | mistakes, if not serious flaws. | |
42fc5d26 QY |
2198 | |
2199 | :: | |
2200 | ||
c1a54c05 QY |
2201 | router bgp 64512 |
2202 | bgp router-id 10.236.87.1 | |
2203 | neighbor upstream capability dynamic | |
2204 | neighbor cust capability dynamic | |
2205 | neighbor peer capability dynamic | |
2206 | neighbor 10.1.1.1 remote-as 64515 | |
2207 | neighbor 10.1.1.1 peer-group upstream | |
2208 | neighbor 10.2.1.1 remote-as 64516 | |
2209 | neighbor 10.2.1.1 peer-group upstream | |
2210 | neighbor 10.3.1.1 remote-as 64517 | |
2211 | neighbor 10.3.1.1 peer-group cust-default | |
2212 | neighbor 10.3.1.1 description customer1 | |
2213 | neighbor 10.4.1.1 remote-as 64518 | |
2214 | neighbor 10.4.1.1 peer-group cust | |
2215 | neighbor 10.4.1.1 description customer2 | |
2216 | neighbor 10.5.1.1 remote-as 64519 | |
2217 | neighbor 10.5.1.1 peer-group peer | |
2218 | neighbor 10.5.1.1 description peer AS 1 | |
2219 | neighbor 10.6.1.1 remote-as 64520 | |
2220 | neighbor 10.6.1.1 peer-group peer | |
2221 | neighbor 10.6.1.1 description peer AS 2 | |
2222 | ||
2223 | address-family ipv4 unicast | |
2224 | network 10.123.456.0/24 | |
2225 | network 10.123.456.128/25 route-map rm-no-export | |
2226 | neighbor upstream route-map rm-upstream-out out | |
2227 | neighbor cust route-map rm-cust-in in | |
2228 | neighbor cust route-map rm-cust-out out | |
2229 | neighbor cust send-community both | |
2230 | neighbor peer route-map rm-peer-in in | |
2231 | neighbor peer route-map rm-peer-out out | |
2232 | neighbor peer send-community both | |
2233 | neighbor 10.3.1.1 prefix-list pl-cust1-network in | |
2234 | neighbor 10.4.1.1 prefix-list pl-cust2-network in | |
2235 | neighbor 10.5.1.1 prefix-list pl-peer1-network in | |
2236 | neighbor 10.6.1.1 prefix-list pl-peer2-network in | |
2237 | exit-address-family | |
2238 | ! | |
2239 | ip prefix-list pl-default permit 0.0.0.0/0 | |
2240 | ! | |
2241 | ip prefix-list pl-upstream-peers permit 10.1.1.1/32 | |
2242 | ip prefix-list pl-upstream-peers permit 10.2.1.1/32 | |
2243 | ! | |
2244 | ip prefix-list pl-cust1-network permit 10.3.1.0/24 | |
2245 | ip prefix-list pl-cust1-network permit 10.3.2.0/24 | |
2246 | ! | |
2247 | ip prefix-list pl-cust2-network permit 10.4.1.0/24 | |
2248 | ! | |
2249 | ip prefix-list pl-peer1-network permit 10.5.1.0/24 | |
2250 | ip prefix-list pl-peer1-network permit 10.5.2.0/24 | |
2251 | ip prefix-list pl-peer1-network permit 192.168.0.0/24 | |
2252 | ! | |
2253 | ip prefix-list pl-peer2-network permit 10.6.1.0/24 | |
2254 | ip prefix-list pl-peer2-network permit 10.6.2.0/24 | |
2255 | ip prefix-list pl-peer2-network permit 192.168.1.0/24 | |
2256 | ip prefix-list pl-peer2-network permit 192.168.2.0/24 | |
2257 | ip prefix-list pl-peer2-network permit 172.16.1/24 | |
2258 | ! | |
2259 | ip as-path access-list asp-own-as permit ^$ | |
2260 | ip as-path access-list asp-own-as permit _64512_ | |
2261 | ! | |
2262 | ! ################################################################# | |
2263 | ! Match communities we provide actions for, on routes receives from | |
2264 | ! customers. Communities values of <our-ASN>:X, with X, have actions: | |
2265 | ! | |
2266 | ! 100 - blackhole the prefix | |
2267 | ! 200 - set no_export | |
2268 | ! 300 - advertise only to other customers | |
2269 | ! 400 - advertise only to upstreams | |
2270 | ! 500 - set no_export when advertising to upstreams | |
2271 | ! 2X00 - set local_preference to X00 | |
2272 | ! | |
2273 | ! blackhole the prefix of the route | |
2274 | ip community-list standard cm-blackhole permit 64512:100 | |
2275 | ! | |
2276 | ! set no-export community before advertising | |
2277 | ip community-list standard cm-set-no-export permit 64512:200 | |
2278 | ! | |
2279 | ! advertise only to other customers | |
2280 | ip community-list standard cm-cust-only permit 64512:300 | |
2281 | ! | |
2282 | ! advertise only to upstreams | |
2283 | ip community-list standard cm-upstream-only permit 64512:400 | |
2284 | ! | |
2285 | ! advertise to upstreams with no-export | |
2286 | ip community-list standard cm-upstream-noexport permit 64512:500 | |
2287 | ! | |
2288 | ! set local-pref to least significant 3 digits of the community | |
2289 | ip community-list standard cm-prefmod-100 permit 64512:2100 | |
2290 | ip community-list standard cm-prefmod-200 permit 64512:2200 | |
2291 | ip community-list standard cm-prefmod-300 permit 64512:2300 | |
2292 | ip community-list standard cm-prefmod-400 permit 64512:2400 | |
2293 | ip community-list expanded cme-prefmod-range permit 64512:2... | |
2294 | ! | |
2295 | ! Informational communities | |
2296 | ! | |
2297 | ! 3000 - learned from upstream | |
2298 | ! 3100 - learned from customer | |
2299 | ! 3200 - learned from peer | |
2300 | ! | |
2301 | ip community-list standard cm-learnt-upstream permit 64512:3000 | |
2302 | ip community-list standard cm-learnt-cust permit 64512:3100 | |
2303 | ip community-list standard cm-learnt-peer permit 64512:3200 | |
2304 | ! | |
2305 | ! ################################################################### | |
2306 | ! Utility route-maps | |
2307 | ! | |
2308 | ! These utility route-maps generally should not used to permit/deny | |
2309 | ! routes, i.e. they do not have meaning as filters, and hence probably | |
2310 | ! should be used with 'on-match next'. These all finish with an empty | |
2311 | ! permit entry so as not interfere with processing in the caller. | |
2312 | ! | |
2313 | route-map rm-no-export permit 10 | |
2314 | set community additive no-export | |
2315 | route-map rm-no-export permit 20 | |
2316 | ! | |
2317 | route-map rm-blackhole permit 10 | |
2318 | description blackhole, up-pref and ensure it cant escape this AS | |
2319 | set ip next-hop 127.0.0.1 | |
2320 | set local-preference 10 | |
2321 | set community additive no-export | |
2322 | route-map rm-blackhole permit 20 | |
2323 | ! | |
2324 | ! Set local-pref as requested | |
2325 | route-map rm-prefmod permit 10 | |
2326 | match community cm-prefmod-100 | |
2327 | set local-preference 100 | |
2328 | route-map rm-prefmod permit 20 | |
2329 | match community cm-prefmod-200 | |
2330 | set local-preference 200 | |
2331 | route-map rm-prefmod permit 30 | |
2332 | match community cm-prefmod-300 | |
2333 | set local-preference 300 | |
2334 | route-map rm-prefmod permit 40 | |
2335 | match community cm-prefmod-400 | |
2336 | set local-preference 400 | |
2337 | route-map rm-prefmod permit 50 | |
2338 | ! | |
2339 | ! Community actions to take on receipt of route. | |
2340 | route-map rm-community-in permit 10 | |
2341 | description check for blackholing, no point continuing if it matches. | |
2342 | match community cm-blackhole | |
2343 | call rm-blackhole | |
2344 | route-map rm-community-in permit 20 | |
2345 | match community cm-set-no-export | |
2346 | call rm-no-export | |
2347 | on-match next | |
2348 | route-map rm-community-in permit 30 | |
2349 | match community cme-prefmod-range | |
2350 | call rm-prefmod | |
2351 | route-map rm-community-in permit 40 | |
2352 | ! | |
2353 | ! ##################################################################### | |
2354 | ! Community actions to take when advertising a route. | |
2355 | ! These are filtering route-maps, | |
2356 | ! | |
2357 | ! Deny customer routes to upstream with cust-only set. | |
2358 | route-map rm-community-filt-to-upstream deny 10 | |
2359 | match community cm-learnt-cust | |
2360 | match community cm-cust-only | |
2361 | route-map rm-community-filt-to-upstream permit 20 | |
2362 | ! | |
2363 | ! Deny customer routes to other customers with upstream-only set. | |
2364 | route-map rm-community-filt-to-cust deny 10 | |
2365 | match community cm-learnt-cust | |
2366 | match community cm-upstream-only | |
2367 | route-map rm-community-filt-to-cust permit 20 | |
2368 | ! | |
2369 | ! ################################################################### | |
2370 | ! The top-level route-maps applied to sessions. Further entries could | |
2371 | ! be added obviously.. | |
2372 | ! | |
2373 | ! Customers | |
2374 | route-map rm-cust-in permit 10 | |
2375 | call rm-community-in | |
2376 | on-match next | |
2377 | route-map rm-cust-in permit 20 | |
2378 | set community additive 64512:3100 | |
2379 | route-map rm-cust-in permit 30 | |
2380 | ! | |
2381 | route-map rm-cust-out permit 10 | |
2382 | call rm-community-filt-to-cust | |
2383 | on-match next | |
2384 | route-map rm-cust-out permit 20 | |
2385 | ! | |
2386 | ! Upstream transit ASes | |
2387 | route-map rm-upstream-out permit 10 | |
2388 | description filter customer prefixes which are marked cust-only | |
2389 | call rm-community-filt-to-upstream | |
2390 | on-match next | |
2391 | route-map rm-upstream-out permit 20 | |
2392 | description only customer routes are provided to upstreams/peers | |
2393 | match community cm-learnt-cust | |
2394 | ! | |
2395 | ! Peer ASes | |
2396 | ! outbound policy is same as for upstream | |
2397 | route-map rm-peer-out permit 10 | |
2398 | call rm-upstream-out | |
2399 | ! | |
2400 | route-map rm-peer-in permit 10 | |
2401 | set community additive 64512:3200 | |
c3c5a71f | 2402 | |
9e146a81 | 2403 | .. include:: routeserver.rst |
f3817860 QY |
2404 | |
2405 | .. include:: rpki.rst | |
c1a54c05 QY |
2406 | |
2407 | ||
4b44467c | 2408 | .. [#med-transitivity-rant] For some set of objects to have an order, there *must* be some binary ordering relation that is defined for *every* combination of those objects, and that relation *must* be transitive. I.e.:, if the relation operator is <, and if a < b and b < c then that relation must carry over and it *must* be that a < c for the objects to have an order. The ordering relation may allow for equality, i.e. a < b and b < a may both be true amd imply that a and b are equal in the order and not distinguished by it, in which case the set has a partial order. Otherwise, if there is an order, all the objects have a distinct place in the order and the set has a total order) |
c1a54c05 QY |
2409 | .. [bgp-route-osci-cond] McPherson, D. and Gill, V. and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation Condition", IETF RFC3345 |
2410 | .. [stable-flexible-ibgp] Flavel, A. and M. Roughan, "Stable and flexible iBGP", ACM SIGCOMM 2009 | |
2411 | .. [ibgp-correctness] Griffin, T. and G. Wilfong, "On the correctness of IBGP configuration", ACM SIGCOMM 2002 |