2 @c This is part of the Quagga Manual.
3 @c @value{COPYRIGHT_STR}
4 @c See file quagga.texi for copying conditions.
8 @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version
9 is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway
10 Protocols and de-fact standard of Inter Domain routing protocol.
11 BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol
14 Many extensions have been added to @cite{RFC1771}. @cite{RFC2858,
15 Multiprotocol Extensions for BGP-4} provides multiprotocol support to
24 * BGP Address Family::
26 * BGP Communities Attribute::
27 * BGP Extended Communities Attribute::
28 * Displaying BGP routes::
29 * Capability Negotiation::
32 * How to set up a 6-Bone connection::
33 * Dump BGP packets and table::
34 * BGP Configuration Examples::
40 Default configuration file of @command{bgpd} is @file{bgpd.conf}.
41 @command{bgpd} searches the current directory first then
42 @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be
43 configured in @file{bgpd.conf}.
45 @command{bgpd} specific invocation options are described below. Common
46 options may also be specified (@pxref{Common Invocation Options}).
50 @itemx --bgp_port=@var{PORT}
51 Set the bgp protocol's port number.
55 When program terminates, retain BGP routes added by zebra.
61 First of all you must configure BGP router with @command{router bgp}
62 command. To configure BGP router, you need AS number. AS number is an
63 identification of autonomous system. BGP protocol uses the AS number
64 for detecting whether the BGP connection is internal one or external one.
66 @deffn Command {router bgp @var{asn}} {}
67 Enable a BGP protocol process with the specified @var{asn}. After
68 this statement you can input any @code{BGP Commands}. You can not
69 create different BGP process under different @var{asn} without
70 specifying @code{multiple-instance} (@pxref{Multiple instance}).
73 @deffn Command {no router bgp @var{asn}} {}
74 Destroy a BGP protocol process with the specified @var{asn}.
77 @deffn {BGP} {bgp router-id @var{A.B.C.D}} {}
78 This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets
79 interface and address information. In that case default router ID value
80 is selected as the largest IP Address of the interfaces. When
81 @code{router zebra} is not enabled @command{bgpd} can't get interface information
82 so @code{router-id} is set to 0.0.0.0. So please set router-id by hand.
87 * BGP decision process::
88 * BGP route flap dampening::
92 @subsection BGP distance
94 @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {}
95 This command change distance value of BGP. Each argument is distance
96 value for external routes, internal routes and local routes.
99 @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {}
100 @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {}
101 This command set distance value to
104 @node BGP decision process
105 @subsection BGP decision process
108 @item 1. Weight check
110 @item 2. Local preference check.
112 @item 3. Local route check.
114 @item 4. AS path length check.
116 @item 5. Origin check.
121 @deffn {BGP} {bgp bestpath as-path confed} {}
122 This command specifies that the length of confederation path sets and
123 sequences should should be taken into account during the BGP best path
127 @node BGP route flap dampening
128 @subsection BGP route flap dampening
130 @deffn {BGP} {bgp dampening @var{<1-45>} @var{<1-20000>} @var{<1-20000>} @var{<1-255>}} {}
131 This command enables BGP route-flap dampening and specifies dampening parameters.
134 @item @asis{half-life}
135 Half-life time for the penalty
136 @item @asis{reuse-threshold}
137 Value to start reusing a route
138 @item @asis{suppress-threshold}
139 Value to start suppressing a route
140 @item @asis{max-suppress}
141 Maximum duration to suppress a stable route
144 The route-flap damping algorithm is compatible with @cite{RFC2439}. The use of this command
145 is not recommended nowadays, see @uref{http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378}.
153 * Route Aggregation::
154 * Redistribute to BGP::
158 @subsection BGP route
160 @deffn {BGP} {network @var{A.B.C.D/M}} {}
161 This command adds the announcement network.
168 This configuration example says that network 10.0.0.0/8 will be
169 announced to all neighbors. Some vendors' routers don't advertise
170 routes if they aren't present in their IGP routing tables; @code{bgpd}
171 doesn't care about IGP routes when announcing its routes.
174 @deffn {BGP} {no network @var{A.B.C.D/M}} {}
177 @node Route Aggregation
178 @subsection Route Aggregation
180 @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {}
181 This command specifies an aggregate address.
184 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {}
185 This command specifies an aggregate address. Resulting routes inlucde
189 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {}
190 This command specifies an aggregate address. Aggreated routes will
194 @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {}
197 @node Redistribute to BGP
198 @subsection Redistribute to BGP
200 @deffn {BGP} {redistribute kernel} {}
201 Redistribute kernel route to BGP process.
204 @deffn {BGP} {redistribute static} {}
205 Redistribute static route to BGP process.
208 @deffn {BGP} {redistribute connected} {}
209 Redistribute connected route to BGP process.
212 @deffn {BGP} {redistribute rip} {}
213 Redistribute RIP route to BGP process.
216 @deffn {BGP} {redistribute ospf} {}
217 Redistribute OSPF route to BGP process.
225 * BGP Peer commands::
230 @subsection Defining Peer
232 @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {}
233 Creates a new neighbor whose remote-as is @var{asn}. @var{peer}
234 can be an IPv4 address or an IPv6 address.
238 neighbor 10.0.0.1 remote-as 2
241 In this case my router, in AS-1, is trying to peer with AS-2 at
244 This command must be the first command used when configuring a neighbor.
245 If the remote-as is not specified, @command{bgpd} will complain like this:
247 can't find neighbor 10.0.0.1
251 @node BGP Peer commands
252 @subsection BGP Peer commands
254 In a @code{router bgp} clause there are neighbor specific configurations
257 @deffn {BGP} {neighbor @var{peer} shutdown} {}
258 @deffnx {BGP} {no neighbor @var{peer} shutdown} {}
259 Shutdown the peer. We can delete the neighbor's configuration by
260 @code{no neighbor @var{peer} remote-as @var{as-number}} but all
261 configuration of the neighbor will be deleted. When you want to
262 preserve the configuration, but want to drop the BGP peer, use this
266 @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {}
267 @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {}
270 @deffn {BGP} {neighbor @var{peer} description ...} {}
271 @deffnx {BGP} {no neighbor @var{peer} description ...} {}
272 Set description of the peer.
275 @deffn {BGP} {neighbor @var{peer} version @var{version}} {}
276 Set up the neighbor's BGP version. @var{version} can be @var{4},
277 @var{4+} or @var{4-}. BGP version @var{4} is the default value used for
278 BGP peering. BGP version @var{4+} means that the neighbor supports
279 Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but
280 the neighbor speaks the old Internet-Draft revision 00's Multiprotocol
281 Extensions for BGP-4. Some routing software is still using this
285 @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {}
286 @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {}
287 When you connect to a BGP peer over an IPv6 link-local address, you
288 have to specify the @var{ifname} of the interface used for the
289 connection. To specify IPv4 session addresses, see the
290 @code{neighbor @var{peer} update-source} command below.
292 This command is deprecated and may be removed in a future release. Its
293 use should be avoided.
296 @deffn {BGP} {neighbor @var{peer} next-hop-self} {}
297 @deffnx {BGP} {no neighbor @var{peer} next-hop-self} {}
298 This command specifies an announced route's nexthop as being equivalent
299 to the address of the bgp router.
302 @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {}
303 @deffnx {BGP} {no neighbor @var{peer} update-source} {}
304 Specify the IPv4 source address to use for the @acronym{BGP} session to this
305 neighbour, may be specified as either an IPv4 address directly or
306 as an interface name (in which case the @command{zebra} daemon MUST be running
307 in order for @command{bgpd} to be able to retrieve interface state).
311 neighbor foo update-source 192.168.0.1
312 neighbor bar update-source lo0
317 @deffn {BGP} {neighbor @var{peer} default-originate} {}
318 @deffnx {BGP} {no neighbor @var{peer} default-originate} {}
319 @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it
320 is in routing table. When you want to announce default routes to the
321 peer, use this command.
324 @deffn {BGP} {neighbor @var{peer} port @var{port}} {}
325 @deffnx {BGP} {neighbor @var{peer} port @var{port}} {}
328 @deffn {BGP} {neighbor @var{peer} send-community} {}
329 @deffnx {BGP} {neighbor @var{peer} send-community} {}
332 @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {}
333 @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {}
334 This command specifies a default @var{weight} value for the neighbor's
338 @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {}
339 @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {}
342 @deffn {BGP} {neighbor @var{peer} local-as @var{as-number}} {}
343 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend} {}
344 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend replace-as} {}
345 @deffnx {BGP} {no neighbor @var{peer} local-as} {}
346 Specify an alternate AS for this BGP process when interacting with the
347 specified peer. With no modifiers, the specified local-as is prepended to
348 the received AS_PATH when receiving routing updates from the peer, and
349 prepended to the outgoing AS_PATH (after the process local AS) when
350 transmitting local routes to the peer.
352 If the no-prepend attribute is specified, then the supplied local-as is not
353 prepended to the received AS_PATH.
355 If the replace-as attribute is specified, then only the supplied local-as is
356 prepended to the AS_PATH when transmitting local-route updates to this peer.
358 Note that replace-as can only be specified if no-prepend is.
360 This command is only allowed for eBGP peers.
364 @subsection Peer filtering
366 @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {}
367 This command specifies a distribute-list for the peer. @var{direct} is
368 @samp{in} or @samp{out}.
371 @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {}
374 @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {}
377 @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {}
378 Apply a route-map on the neighbor. @var{direct} must be @code{in} or
382 @c -----------------------------------------------------------------------
384 @section BGP Peer Group
386 @deffn {BGP} {neighbor @var{word} peer-group} {}
387 This command defines a new peer group.
390 @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {}
391 This command bind specific peer to peer group @var{word}.
394 @node BGP Address Family
395 @section BGP Address Family
397 @c -----------------------------------------------------------------------
398 @node Autonomous System
399 @section Autonomous System
401 The @acronym{AS,Autonomous System} number is one of the essential
402 element of BGP. BGP is a distance vector routing protocol, and the
403 AS-Path framework provides distance vector metric and loop detection to
404 BGP. @cite{RFC1930, Guidelines for creation, selection, and
405 registration of an Autonomous System (AS)} provides some background on
406 the concepts of an AS.
408 The AS number is a two octet value, ranging in value from 1 to 65535.
409 The AS numbers 64512 through 65535 are defined as private AS numbers.
410 Private AS numbers must not to be advertised in the global Internet.
413 * AS Path Regular Expression::
414 * Display BGP Routes by AS Path::
415 * AS Path Access List::
416 * Using AS Path in Route Map::
417 * Private AS Numbers::
420 @node AS Path Regular Expression
421 @subsection AS Path Regular Expression
423 AS path regular expression can be used for displaying BGP routes and
424 AS path access list. AS path regular expression is based on
425 @code{POSIX 1003.2} regular expressions. Following description is
426 just a subset of @code{POSIX} regular expression. User can use full
427 @code{POSIX} regular expression. Adding to that special character '_'
428 is added for AS path regular expression.
432 Matches any single character.
434 Matches 0 or more occurrences of pattern.
436 Matches 1 or more occurrences of pattern.
438 Match 0 or 1 occurrences of pattern.
440 Matches the beginning of the line.
442 Matches the end of the line.
444 Character @code{_} has special meanings in AS path regular expression.
445 It matches to space and comma , and AS set delimiter @{ and @} and AS
446 confederation delimiter @code{(} and @code{)}. And it also matches to
447 the beginning of the line and the end of the line. So @code{_} can be
448 used for AS value boundaries match. @code{show ip bgp regexp _7675_}
449 matches to all of BGP routes which as AS number include @var{7675}.
452 @node Display BGP Routes by AS Path
453 @subsection Display BGP Routes by AS Path
455 To show BGP routes which has specific AS path information @code{show
456 ip bgp} command can be used.
458 @deffn Command {show ip bgp regexp @var{line}} {}
459 This commands display BGP routes that matches AS path regular
460 expression @var{line}.
463 @node AS Path Access List
464 @subsection AS Path Access List
466 AS path access list is user defined AS path.
468 @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
469 This command defines a new AS path access list.
472 @deffn {Command} {no ip as-path access-list @var{word}} {}
473 @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
476 @node Using AS Path in Route Map
477 @subsection Using AS Path in Route Map
479 @deffn {Route Map} {match as-path @var{word}} {}
482 @deffn {Route Map} {set as-path prepend @var{as-path}} {}
485 @node Private AS Numbers
486 @subsection Private AS Numbers
488 @c -----------------------------------------------------------------------
489 @node BGP Communities Attribute
490 @section BGP Communities Attribute
492 BGP communities attribute is widely used for implementing policy
493 routing. Network operators can manipulate BGP communities attribute
494 based on their network policy. BGP communities attribute is defined
495 in @cite{RFC1997, BGP Communities Attribute} and
496 @cite{RFC1998, An Application of the BGP Community Attribute
497 in Multi-home Routing}. It is an optional transitive attribute,
498 therefore local policy can travel through different autonomous system.
500 Communities attribute is a set of communities values. Each
501 communities value is 4 octet long. The following format is used to
502 define communities value.
506 This format represents 4 octet communities value. @code{AS} is high
507 order 2 octet in digit format. @code{VAL} is low order 2 octet in
508 digit format. This format is useful to define AS oriented policy
509 value. For example, @code{7675:80} can be used when AS 7675 wants to
510 pass local policy value 80 to neighboring peer.
512 @code{internet} represents well-known communities value 0.
514 @code{no-export} represents well-known communities value @code{NO_EXPORT}@*
515 @r{(0xFFFFFF01)}. All routes carry this value must not be advertised
516 to outside a BGP confederation boundary. If neighboring BGP peer is
517 part of BGP confederation, the peer is considered as inside a BGP
518 confederation boundary, so the route will be announced to the peer.
520 @code{no-advertise} represents well-known communities value
521 @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value
522 must not be advertise to other BGP peers.
524 @code{local-AS} represents well-known communities value
525 @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this
526 value must not be advertised to external BGP peers. Even if the
527 neighboring router is part of confederation, it is considered as
528 external BGP peer, so the route will not be announced to the peer.
531 When BGP communities attribute is received, duplicated communities
532 value in the communities attribute is ignored and each communities
533 values are sorted in numerical order.
536 * BGP Community Lists::
537 * Numbered BGP Community Lists::
538 * BGP Community in Route Map::
539 * Display BGP Routes by Community::
540 * Using BGP Communities Attribute::
543 @node BGP Community Lists
544 @subsection BGP Community Lists
546 BGP community list is a user defined BGP communites attribute list.
547 BGP community list can be used for matching or manipulating BGP
548 communities attribute in updates.
550 There are two types of community list. One is standard community
551 list and another is expanded community list. Standard community list
552 defines communities attribute. Expanded community list defines
553 communities attribute string with regular expression. Standard
554 community list is compiled into binary format when user define it.
555 Standard community list will be directly compared to BGP communities
556 attribute in BGP updates. Therefore the comparison is faster than
557 expanded community list.
559 @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {}
560 This command defines a new standard community list. @var{community}
561 is communities value. The @var{community} is compiled into community
562 structure. We can define multiple community list under same name. In
563 that case match will happen user defined order. Once the
564 community list matches to communities attribute in BGP updates it
565 return permit or deny by the community list definition. When there is
566 no matched entry, deny will be returned. When @var{community} is
567 empty it matches to any routes.
570 @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
571 This command defines a new expanded community list. @var{line} is a
572 string expression of communities attribute. @var{line} can include
573 regular expression to match communities attribute in BGP updates.
576 @deffn Command {no ip community-list @var{name}} {}
577 @deffnx Command {no ip community-list standard @var{name}} {}
578 @deffnx Command {no ip community-list expanded @var{name}} {}
579 These commands delete community lists specified by @var{name}. All of
580 community lists shares a single name space. So community lists can be
581 removed simpley specifying community lists name.
584 @deffn {Command} {show ip community-list} {}
585 @deffnx {Command} {show ip community-list @var{name}} {}
586 This command display current community list information. When
587 @var{name} is specified the specified community list's information is
591 # show ip community-list
592 Named Community standard list CLIST
593 permit 7675:80 7675:100 no-export
595 Named Community expanded list EXPAND
598 # show ip community-list CLIST
599 Named Community standard list CLIST
600 permit 7675:80 7675:100 no-export
605 @node Numbered BGP Community Lists
606 @subsection Numbered BGP Community Lists
608 When number is used for BGP community list name, the number has
609 special meanings. Community list number in the range from 1 and 99 is
610 standard community list. Community list number in the range from 100
611 to 199 is expanded community list. These community lists are called
612 as numbered community lists. On the other hand normal community lists
613 is called as named community lists.
615 @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {}
616 This command defines a new community list. <1-99> is standard
617 community list number. Community list name within this range defines
618 standard community list. When @var{community} is empty it matches to
622 @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {}
623 This command defines a new community list. <100-199> is expanded
624 community list number. Community list name within this range defines
625 expanded community list.
628 @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {}
629 When community list type is not specifed, the community list type is
630 automatically detected. If @var{community} can be compiled into
631 communities attribute, the community list is defined as a standard
632 community list. Otherwise it is defined as an expanded community
633 list. This feature is left for backward compability. Use of this
634 feature is not recommended.
637 @node BGP Community in Route Map
638 @subsection BGP Community in Route Map
640 In Route Map (@pxref{Route Map}), we can match or set BGP
641 communities attribute. Using this feature network operator can
642 implement their network policy based on BGP communities attribute.
644 Following commands can be used in Route Map.
646 @deffn {Route Map} {match community @var{word}} {}
647 @deffnx {Route Map} {match community @var{word} exact-match} {}
648 This command perform match to BGP updates using community list
649 @var{word}. When the one of BGP communities value match to the one of
650 communities value in community list, it is match. When
651 @code{exact-match} keyword is spcified, match happen only when BGP
652 updates have completely same communities value specified in the
656 @deffn {Route Map} {set community none} {}
657 @deffnx {Route Map} {set community @var{community}} {}
658 @deffnx {Route Map} {set community @var{community} additive} {}
659 This command manipulate communities value in BGP updates. When
660 @code{none} is specified as communities value, it removes entire
661 communities attribute from BGP updates. When @var{community} is not
662 @code{none}, specified communities value is set to BGP updates. If
663 BGP updates already has BGP communities value, the existing BGP
664 communities value is replaced with specified @var{community} value.
665 When @code{additive} keyword is specified, @var{community} is appended
666 to the existing communities value.
669 @deffn {Route Map} {set comm-list @var{word} delete} {}
670 This command remove communities value from BGP communities attribute.
671 The @var{word} is community list name. When BGP route's communities
672 value matches to the community list @var{word}, the communities value
673 is removed. When all of communities value is removed eventually, the
674 BGP update's communities attribute is completely removed.
677 @node Display BGP Routes by Community
678 @subsection Display BGP Routes by Community
680 To show BGP routes which has specific BGP communities attribute,
681 @code{show ip bgp} command can be used. The @var{community} value and
682 community list can be used for @code{show ip bgp} command.
684 @deffn Command {show ip bgp community} {}
685 @deffnx Command {show ip bgp community @var{community}} {}
686 @deffnx Command {show ip bgp community @var{community} exact-match} {}
687 @code{show ip bgp community} displays BGP routes which has communities
688 attribute. When @var{community} is specified, BGP routes that matches
689 @var{community} value is displayed. For this command, @code{internet}
690 keyword can't be used for @var{community} value. When
691 @code{exact-match} is specified, it display only routes that have an
695 @deffn Command {show ip bgp community-list @var{word}} {}
696 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
697 This commands display BGP routes that matches community list
698 @var{word}. When @code{exact-match} is specified, display only routes
699 that have an exact match.
702 @node Using BGP Communities Attribute
703 @subsection Using BGP Communities Attribute
705 Following configuration is the most typical usage of BGP communities
706 attribute. AS 7675 provides upstream Internet connection to AS 100.
707 When following configuration exists in AS 7675, AS 100 networks
708 operator can set local preference in AS 7675 network by setting BGP
709 communities attribute to the updates.
713 neighbor 192.168.0.1 remote-as 100
714 neighbor 192.168.0.1 route-map RMAP in
716 ip community-list 70 permit 7675:70
717 ip community-list 70 deny
718 ip community-list 80 permit 7675:80
719 ip community-list 80 deny
720 ip community-list 90 permit 7675:90
721 ip community-list 90 deny
723 route-map RMAP permit 10
725 set local-preference 70
727 route-map RMAP permit 20
729 set local-preference 80
731 route-map RMAP permit 30
733 set local-preference 90
736 Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
737 The route has communities value 7675:80 so when above configuration
738 exists in AS 7675, announced route's local preference will be set to
744 neighbor 192.168.0.2 remote-as 7675
745 neighbor 192.168.0.2 route-map RMAP out
747 ip prefix-list PLIST permit 10.0.0.0/8
749 route-map RMAP permit 10
750 match ip address prefix-list PLIST
751 set community 7675:80
754 Following configuration is an example of BGP route filtering using
755 communities attribute. This configuration only permit BGP routes
756 which has BGP communities value 0:80 or 0:90. Network operator can
757 put special internal communities value at BGP border router, then
758 limit the BGP routes announcement into the internal network.
762 neighbor 192.168.0.1 remote-as 100
763 neighbor 192.168.0.1 route-map RMAP in
765 ip community-list 1 permit 0:80 0:90
767 route-map RMAP permit in
771 Following exmaple filter BGP routes which has communities value 1:1.
772 When there is no match community-list returns deny. To avoid
773 filtering all of routes, we need to define permit any at last.
777 neighbor 192.168.0.1 remote-as 100
778 neighbor 192.168.0.1 route-map RMAP in
780 ip community-list standard FILTER deny 1:1
781 ip community-list standard FILTER permit
783 route-map RMAP permit 10
784 match community FILTER
787 Communities value keyword @code{internet} has special meanings in
788 standard community lists. In below example @code{internet} act as
789 match any. It matches all of BGP routes even if the route does not
790 have communities attribute at all. So community list @code{INTERNET}
791 is same as above example's @code{FILTER}.
794 ip community-list standard INTERNET deny 1:1
795 ip community-list standard INTERNET permit internet
798 Following configuration is an example of communities value deletion.
799 With this configuration communities value 100:1 and 100:2 is removed
800 from BGP updates. For communities value deletion, only @code{permit}
801 community-list is used. @code{deny} community-list is ignored.
805 neighbor 192.168.0.1 remote-as 100
806 neighbor 192.168.0.1 route-map RMAP in
808 ip community-list standard DEL permit 100:1 100:2
810 route-map RMAP permit 10
811 set comm-list DEL delete
814 @c -----------------------------------------------------------------------
815 @node BGP Extended Communities Attribute
816 @section BGP Extended Communities Attribute
818 BGP extended communities attribute is introduced with MPLS VPN/BGP
819 technology. MPLS VPN/BGP expands capability of network infrastructure
820 to provide VPN functionality. At the same time it requires a new
821 framework for policy routing. With BGP Extended Communities Attribute
822 we can use Route Target or Site of Origin for implementing network
823 policy for MPLS VPN/BGP.
825 BGP Extended Communities Attribute is similar to BGP Communities
826 Attribute. It is an optional transitive attribute. BGP Extended
827 Communities Attribute can carry multiple Extended Community value.
828 Each Extended Community value is eight octet length.
830 BGP Extended Communities Attribute provides an extended range
831 compared with BGP Communities Attribute. Adding to that there is a
832 type field in each value to provides community space structure.
834 There are two format to define Extended Community value. One is AS
835 based format the other is IP address based format.
839 This is a format to define AS based Extended Community value.
840 @code{AS} part is 2 octets Global Administrator subfield in Extended
841 Community value. @code{VAL} part is 4 octets Local Administrator
842 subfield. @code{7675:100} represents AS 7675 policy value 100.
844 This is a format to define IP address based Extended Community value.
845 @code{IP-Address} part is 4 octets Global Administrator subfield.
846 @code{VAL} part is 2 octets Local Administrator subfield.
847 @code{10.0.0.1:100} represents
851 * BGP Extended Community Lists::
852 * BGP Extended Communities in Route Map::
855 @node BGP Extended Community Lists
856 @subsection BGP Extended Community Lists
858 Expanded Community Lists is a user defined BGP Expanded Community
861 @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {}
862 This command defines a new standard extcommunity-list.
863 @var{extcommunity} is extended communities value. The
864 @var{extcommunity} is compiled into extended community structure. We
865 can define multiple extcommunity-list under same name. In that case
866 match will happen user defined order. Once the extcommunity-list
867 matches to extended communities attribute in BGP updates it return
868 permit or deny based upon the extcommunity-list definition. When
869 there is no matched entry, deny will be returned. When
870 @var{extcommunity} is empty it matches to any routes.
873 @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
874 This command defines a new expanded extcommunity-list. @var{line} is
875 a string expression of extended communities attribute. @var{line} can
876 include regular expression to match extended communities attribute in
880 @deffn Command {no ip extcommunity-list @var{name}} {}
881 @deffnx Command {no ip extcommunity-list standard @var{name}} {}
882 @deffnx Command {no ip extcommunity-list expanded @var{name}} {}
883 These commands delete extended community lists specified by
884 @var{name}. All of extended community lists shares a single name
885 space. So extended community lists can be removed simpley specifying
889 @deffn {Command} {show ip extcommunity-list} {}
890 @deffnx {Command} {show ip extcommunity-list @var{name}} {}
891 This command display current extcommunity-list information. When
892 @var{name} is specified the community list's information is shown.
895 # show ip extcommunity-list
899 @node BGP Extended Communities in Route Map
900 @subsection BGP Extended Communities in Route Map
902 @deffn {Route Map} {match extcommunity @var{word}} {}
905 @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {}
906 This command set Route Target value.
909 @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {}
910 This command set Site of Origin value.
913 @c -----------------------------------------------------------------------
914 @node Displaying BGP routes
915 @section Displaying BGP Routes
923 @subsection Show IP BGP
925 @deffn {Command} {show ip bgp} {}
926 @deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
927 @deffnx {Command} {show ip bgp @var{X:X::X:X}} {}
928 This command displays BGP routes. When no route is specified it
929 display all of IPv4 BGP routes.
933 BGP table version is 0, local router ID is 10.1.1.1
934 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
935 Origin codes: i - IGP, e - EGP, ? - incomplete
937 Network Next Hop Metric LocPrf Weight Path
938 *> 1.1.1.1/32 0.0.0.0 0 32768 i
940 Total number of prefixes 1
943 @node More Show IP BGP
944 @subsection More Show IP BGP
946 @deffn {Command} {show ip bgp regexp @var{line}} {}
947 This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}).
950 @deffn Command {show ip bgp community @var{community}} {}
951 @deffnx Command {show ip bgp community @var{community} exact-match} {}
952 This command display BGP routes using @var{community} (@pxref{Display
953 BGP Routes by Community}).
956 @deffn Command {show ip bgp community-list @var{word}} {}
957 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
958 This command display BGP routes using community list (@pxref{Display
959 BGP Routes by Community}).
962 @deffn {Command} {show ip bgp summary} {}
965 @deffn {Command} {show ip bgp neighbor [@var{peer}]} {}
968 @deffn {Command} {clear ip bgp @var{peer}} {}
969 Clear peers which have addresses of X.X.X.X
972 @deffn {Command} {clear ip bgp @var{peer} soft in} {}
973 Clear peer using soft reconfiguration.
976 @deffn {Command} {show ip bgp dampened-paths} {}
977 Display paths suppressed due to dampening
980 @deffn {Command} {show ip bgp flap-statistics} {}
981 Display flap statistics of routes
984 @deffn {Command} {show debug} {}
987 @deffn {Command} {debug event} {}
990 @deffn {Command} {debug update} {}
993 @deffn {Command} {debug keepalive} {}
996 @deffn {Command} {no debug event} {}
999 @deffn {Command} {no debug update} {}
1002 @deffn {Command} {no debug keepalive} {}
1005 @node Capability Negotiation
1006 @section Capability Negotiation
1008 When adding IPv6 routing information exchange feature to BGP. There
1009 were some proposals. @acronym{IETF,Internet Engineering Task Force}
1010 @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted
1011 a proposal called Multiprotocol Extension for BGP. The specification
1012 is described in @cite{RFC2283}. The protocol does not define new protocols.
1013 It defines new attributes to existing BGP. When it is used exchanging
1014 IPv6 routing information it is called BGP-4+. When it is used for
1015 exchanging multicast routing information it is called MBGP.
1017 @command{bgpd} supports Multiprotocol Extension for BGP. So if remote
1018 peer supports the protocol, @command{bgpd} can exchange IPv6 and/or
1019 multicast routing information.
1021 Traditional BGP did not have the feature to detect remote peer's
1022 capabilities, e.g. whether it can handle prefix types other than IPv4
1023 unicast routes. This was a big problem using Multiprotocol Extension
1024 for BGP to operational network. @cite{RFC2842, Capabilities
1025 Advertisement with BGP-4} adopted a feature called Capability
1026 Negotiation. @command{bgpd} use this Capability Negotiation to detect
1027 the remote peer's capabilities. If the peer is only configured as IPv4
1028 unicast neighbor, @command{bgpd} does not send these Capability
1029 Negotiation packets (at least not unless other optional BGP features
1030 require capability negotation).
1032 By default, Quagga will bring up peering with minimal common capability
1033 for the both sides. For example, local router has unicast and
1034 multicast capabilitie and remote router has unicast capability. In
1035 this case, the local router will establish the connection with unicast
1036 only capability. When there are no common capabilities, Quagga sends
1037 Unsupported Capability error and then resets the connection.
1039 If you want to completely match capabilities with remote peer. Please
1040 use @command{strict-capability-match} command.
1042 @deffn {BGP} {neighbor @var{peer} strict-capability-match} {}
1043 @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {}
1044 Strictly compares remote capabilities and local capabilities. If capabilities
1045 are different, send Unsupported Capability error then reset connection.
1048 You may want to disable sending Capability Negotiation OPEN message
1049 optional parameter to the peer when remote peer does not implement
1050 Capability Negotiation. Please use @command{dont-capability-negotiate}
1051 command to disable the feature.
1053 @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {}
1054 @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {}
1055 Suppress sending Capability Negotiation as OPEN message optional
1056 parameter to the peer. This command only affects the peer is configured
1057 other than IPv4 unicast configuration.
1060 When remote peer does not have capability negotiation feature, remote
1061 peer will not send any capabilities at all. In that case, bgp
1062 configures the peer with configured capabilities.
1064 You may prefer locally configured capabilities more than the negotiated
1065 capabilities even though remote peer sends capabilities. If the peer
1066 is configured by @command{override-capability}, @command{bgpd} ignores
1067 received capabilities then override negotiated capabilities with
1070 @deffn {BGP} {neighbor @var{peer} override-capability} {}
1071 @deffnx {BGP} {no neighbor @var{peer} override-capability} {}
1072 Override the result of Capability Negotiation with local configuration.
1073 Ignore remote peer's capability value.
1076 @node Route Reflector
1077 @section Route Reflector
1079 @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {}
1082 @deffn {BGP} {neighbor @var{peer} route-reflector-client} {}
1083 @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {}
1087 @section Route Server
1089 At an Internet Exchange point, many ISPs are connected to each other by
1090 external BGP peering. Normally these external BGP connection are done by
1091 @samp{full mesh} method. As with internal BGP full mesh formation,
1092 this method has a scaling problem.
1094 This scaling problem is well known. Route Server is a method to resolve
1095 the problem. Each ISP's BGP router only peers to Route Server. Route
1096 Server serves as BGP information exchange to other BGP routers. By
1097 applying this method, numbers of BGP connections is reduced from
1098 O(n*(n-1)/2) to O(n).
1100 Unlike normal BGP router, Route Server must have several routing tables
1101 for managing different routing policies for each BGP speaker. We call the
1102 routing tables as different @code{view}s. @command{bgpd} can work as
1103 normal BGP router or Route Server or both at the same time.
1106 * Multiple instance::
1107 * BGP instance and view::
1109 * Viewing the view::
1112 @node Multiple instance
1113 @subsection Multiple instance
1115 To enable multiple view function of @code{bgpd}, you must turn on
1116 multiple instance feature beforehand.
1118 @deffn {Command} {bgp multiple-instance} {}
1119 Enable BGP multiple instance feature. After this feature is enabled,
1120 you can make multiple BGP instances or multiple BGP views.
1123 @deffn {Command} {no bgp multiple-instance} {}
1124 Disable BGP multiple instance feature. You can not disable this feature
1125 when BGP multiple instances or views exist.
1128 When you want to make configuration more Cisco like one,
1130 @deffn {Command} {bgp config-type cisco} {}
1131 Cisco compatible BGP configuration output.
1134 When bgp config-type cisco is specified,
1136 ``no synchronization'' is displayed.
1137 ``no auto-summary'' is displayed.
1139 ``network'' and ``aggregate-address'' argument is displayed as
1142 Quagga: network 10.0.0.0/8
1143 Cisco: network 10.0.0.0
1145 Quagga: aggregate-address 192.168.0.0/24
1146 Cisco: aggregate-address 192.168.0.0 255.255.255.0
1148 Community attribute handling is also different. If there is no
1149 configuration is specified community attribute and extended community
1150 attribute are sent to neighbor. When user manually disable the
1151 feature community attribute is not sent to the neighbor. In case of
1152 @command{bgp config-type cisco} is specified, community attribute is not
1153 sent to the neighbor by default. To send community attribute user has
1154 to specify @command{neighbor A.B.C.D send-community} command.
1159 neighbor 10.0.0.1 remote-as 1
1160 no neighbor 10.0.0.1 send-community
1163 neighbor 10.0.0.1 remote-as 1
1164 neighbor 10.0.0.1 send-community
1168 @deffn {Command} {bgp config-type zebra} {}
1169 Quagga style BGP configuration. This is default.
1172 @node BGP instance and view
1173 @subsection BGP instance and view
1175 BGP instance is a normal BGP process. The result of route selection
1176 goes to the kernel routing table. You can setup different AS at the
1177 same time when BGP multiple instance feature is enabled.
1179 @deffn {Command} {router bgp @var{as-number}} {}
1180 Make a new BGP instance. You can use arbitrary word for the @var{name}.
1185 bgp multiple-instance
1188 neighbor 10.0.0.1 remote-as 2
1189 neighbor 10.0.0.2 remote-as 3
1192 neighbor 10.0.0.3 remote-as 4
1193 neighbor 10.0.0.4 remote-as 5
1197 BGP view is almost same as normal BGP process. The result of
1198 route selection does not go to the kernel routing table. BGP view is
1199 only for exchanging BGP routing information.
1201 @deffn {Command} {router bgp @var{as-number} view @var{name}} {}
1202 Make a new BGP view. You can use arbitrary word for the @var{name}. This
1203 view's route selection result does not go to the kernel routing table.
1206 With this command, you can setup Route Server like below.
1210 bgp multiple-instance
1213 neighbor 10.0.0.1 remote-as 2
1214 neighbor 10.0.0.2 remote-as 3
1217 neighbor 10.0.0.3 remote-as 4
1218 neighbor 10.0.0.4 remote-as 5
1222 @node Routing policy
1223 @subsection Routing policy
1225 You can set different routing policy for a peer. For example, you can
1226 set different filter for a peer.
1230 bgp multiple-instance
1233 neighbor 10.0.0.1 remote-as 2
1234 neighbor 10.0.0.1 distribute-list 1 in
1237 neighbor 10.0.0.1 remote-as 2
1238 neighbor 10.0.0.1 distribute-list 2 in
1242 This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view
1243 2. When the update is inserted into view 1, distribute-list 1 is
1244 applied. On the other hand, when the update is inserted into view 2,
1245 distribute-list 2 is applied.
1247 @node Viewing the view
1248 @subsection Viewing the view
1250 To display routing table of BGP view, you must specify view name.
1252 @deffn {Command} {show ip bgp view @var{name}} {}
1253 Display routing table of BGP view @var{name}.
1256 @node How to set up a 6-Bone connection
1257 @section How to set up a 6-Bone connection
1265 ! Actually there is no need to configure zebra
1271 ! This means that routes go through zebra and into the kernel.
1275 ! MP-BGP configuration
1278 bgp router-id 10.0.0.1
1279 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number}
1282 network 3ffe:506::/32
1283 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
1284 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
1285 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number}
1286 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
1289 ipv6 access-list all permit any
1291 ! Set output nexthop address.
1293 route-map set-nexthop permit 10
1294 match ipv6 address all
1295 set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
1296 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
1298 ! logfile FILENAME is obsolete. Please use log file FILENAME
1305 @node Dump BGP packets and table
1306 @section Dump BGP packets and table
1308 @deffn Command {dump bgp all @var{path}} {}
1309 @deffnx Command {dump bgp all @var{path} @var{interval}} {}
1310 Dump all BGP packet and events to @var{path} file.
1313 @deffn Command {dump bgp updates @var{path}} {}
1314 @deffnx Command {dump bgp updates @var{path} @var{interval}} {}
1315 Dump BGP updates to @var{path} file.
1318 @deffn Command {dump bgp routes @var{path}} {}
1319 @deffnx Command {dump bgp routes @var{path}} {}
1320 Dump whole BGP routing table to @var{path}. This is heavy process.
1323 @node BGP Configuration Examples
1324 @section BGP Configuration Examples
1326 Example of a session to an upstream, advertising only one prefix to it.
1330 bgp router-id 10.236.87.1
1331 network 10.236.87.0/24
1332 neighbor upstream peer-group
1333 neighbor upstream remote-as 64515
1334 neighbor upstream capability dynamic
1335 neighbor upstream prefix-list pl-allowed-adv out
1336 neighbor 10.1.1.1 peer-group upstream
1337 neighbor 10.1.1.1 description ACME ISP
1339 ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
1340 ip prefix-list pl-allowed-adv seq 10 deny any
1344 A more complex example. With upstream, peer and customer sessions.
1345 Advertising global prefixes and NO_EXPORT prefixes and providing
1346 actions for customer routes based on community values. Extensive use of
1347 route-maps and the 'call' feature to support selective advertising of
1348 prefixes. This example is intended as guidance only, it has NOT been
1349 tested and almost certainly containts silly mistakes, if not serious
1354 bgp router-id 10.236.87.1
1355 network 10.123.456.0/24
1356 network 10.123.456.128/25 route-map rm-no-export
1357 neighbor upstream capability dynamic
1358 neighbor upstream route-map rm-upstream-out out
1359 neighbor cust capability dynamic
1360 neighbor cust route-map rm-cust-in in
1361 neighbor cust route-map rm-cust-out out
1362 neighbor cust send-community both
1363 neighbor peer capability dynamic
1364 neighbor peer route-map rm-peer-in in
1365 neighbor peer route-map rm-peer-out out
1366 neighbor peer send-community both
1367 neighbor 10.1.1.1 remote-as 64515
1368 neighbor 10.1.1.1 peer-group upstream
1369 neighbor 10.2.1.1 remote-as 64516
1370 neighbor 10.2.1.1 peer-group upstream
1371 neighbor 10.3.1.1 remote-as 64517
1372 neighbor 10.3.1.1 peer-group cust-default
1373 neighbor 10.3.1.1 description customer1
1374 neighbor 10.3.1.1 prefix-list pl-cust1-network in
1375 neighbor 10.4.1.1 remote-as 64518
1376 neighbor 10.4.1.1 peer-group cust
1377 neighbor 10.4.1.1 prefix-list pl-cust2-network in
1378 neighbor 10.4.1.1 description customer2
1379 neighbor 10.5.1.1 remote-as 64519
1380 neighbor 10.5.1.1 peer-group peer
1381 neighbor 10.5.1.1 prefix-list pl-peer1-network in
1382 neighbor 10.5.1.1 description peer AS 1
1383 neighbor 10.6.1.1 remote-as 64520
1384 neighbor 10.6.1.1 peer-group peer
1385 neighbor 10.6.1.1 prefix-list pl-peer2-network in
1386 neighbor 10.6.1.1 description peer AS 2
1388 ip prefix-list pl-default permit 0.0.0.0/0
1390 ip prefix-list pl-upstream-peers permit 10.1.1.1/32
1391 ip prefix-list pl-upstream-peers permit 10.2.1.1/32
1393 ip prefix-list pl-cust1-network permit 10.3.1.0/24
1394 ip prefix-list pl-cust1-network permit 10.3.2.0/24
1396 ip prefix-list pl-cust2-network permit 10.4.1.0/24
1398 ip prefix-list pl-peer1-network permit 10.5.1.0/24
1399 ip prefix-list pl-peer1-network permit 10.5.2.0/24
1400 ip prefix-list pl-peer1-network permit 192.168.0.0/24
1402 ip prefix-list pl-peer2-network permit 10.6.1.0/24
1403 ip prefix-list pl-peer2-network permit 10.6.2.0/24
1404 ip prefix-list pl-peer2-network permit 192.168.1.0/24
1405 ip prefix-list pl-peer2-network permit 192.168.2.0/24
1406 ip prefix-list pl-peer2-network permit 172.16.1/24
1408 ip as-path access-list asp-own-as permit ^$
1409 ip as-path access-list asp-own-as permit _64512_
1411 ! #################################################################
1412 ! Match communities we provide actions for, on routes receives from
1413 ! customers. Communities values of <our-ASN>:X, with X, have actions:
1415 ! 100 - blackhole the prefix
1416 ! 200 - set no_export
1417 ! 300 - advertise only to other customers
1418 ! 400 - advertise only to upstreams
1419 ! 500 - set no_export when advertising to upstreams
1420 ! 2X00 - set local_preference to X00
1422 ! blackhole the prefix of the route
1423 ip community-list standard cm-blackhole permit 64512:100
1425 ! set no-export community before advertising
1426 ip community-list standard cm-set-no-export permit 64512:200
1428 ! advertise only to other customers
1429 ip community-list standard cm-cust-only permit 64512:300
1431 ! advertise only to upstreams
1432 ip community-list standard cm-upstream-only permit 64512:400
1434 ! advertise to upstreams with no-export
1435 ip community-list standard cm-upstream-noexport permit 64512:500
1437 ! set local-pref to least significant 3 digits of the community
1438 ip community-list standard cm-prefmod-100 permit 64512:2100
1439 ip community-list standard cm-prefmod-200 permit 64512:2200
1440 ip community-list standard cm-prefmod-300 permit 64512:2300
1441 ip community-list standard cm-prefmod-400 permit 64512:2400
1442 ip community-list expanded cme-prefmod-range permit 64512:2...
1444 ! Informational communities
1446 ! 3000 - learned from upstream
1447 ! 3100 - learned from customer
1448 ! 3200 - learned from peer
1450 ip community-list standard cm-learnt-upstream permit 64512:3000
1451 ip community-list standard cm-learnt-cust permit 64512:3100
1452 ip community-list standard cm-learnt-peer permit 64512:3200
1454 ! ###################################################################
1455 ! Utility route-maps
1457 ! These utility route-maps generally should not used to permit/deny
1458 ! routes, i.e. they do not have meaning as filters, and hence probably
1459 ! should be used with 'on-match next'. These all finish with an empty
1460 ! permit entry so as not interfere with processing in the caller.
1462 route-map rm-no-export permit 10
1463 set community additive no-export
1464 route-map rm-no-export permit 20
1466 route-map rm-blackhole permit 10
1467 description blackhole, up-pref and ensure it cant escape this AS
1468 set ip next-hop 127.0.0.1
1469 set local-preference 10
1470 set community additive no-export
1471 route-map rm-blackhole permit 20
1473 ! Set local-pref as requested
1474 route-map rm-prefmod permit 10
1475 match community cm-prefmod-100
1476 set local-preference 100
1477 route-map rm-prefmod permit 20
1478 match community cm-prefmod-200
1479 set local-preference 200
1480 route-map rm-prefmod permit 30
1481 match community cm-prefmod-300
1482 set local-preference 300
1483 route-map rm-prefmod permit 40
1484 match community cm-prefmod-400
1485 set local-preference 400
1486 route-map rm-prefmod permit 50
1488 ! Community actions to take on receipt of route.
1489 route-map rm-community-in permit 10
1490 description check for blackholing, no point continuing if it matches.
1491 match community cm-blackhole
1493 route-map rm-community-in permit 20
1494 match community cm-set-no-export
1497 route-map rm-community-in permit 30
1498 match community cme-prefmod-range
1500 route-map rm-community-in permit 40
1502 ! #####################################################################
1503 ! Community actions to take when advertising a route.
1504 ! These are filtering route-maps,
1506 ! Deny customer routes to upstream with cust-only set.
1507 route-map rm-community-filt-to-upstream deny 10
1508 match community cm-learnt-cust
1509 match community cm-cust-only
1510 route-map rm-community-filt-to-upstream permit 20
1512 ! Deny customer routes to other customers with upstream-only set.
1513 route-map rm-community-filt-to-cust deny 10
1514 match community cm-learnt-cust
1515 match community cm-upstream-only
1516 route-map rm-community-filt-to-cust permit 20
1518 ! ###################################################################
1519 ! The top-level route-maps applied to sessions. Further entries could
1520 ! be added obviously..
1523 route-map rm-cust-in permit 10
1524 call rm-community-in
1526 route-map rm-cust-in permit 20
1527 set community additive 64512:3100
1528 route-map rm-cust-in permit 30
1530 route-map rm-cust-out permit 10
1531 call rm-community-filt-to-cust
1533 route-map rm-cust-out permit 20
1535 ! Upstream transit ASes
1536 route-map rm-upstream-out permit 10
1537 description filter customer prefixes which are marked cust-only
1538 call rm-community-filt-to-upstream
1540 route-map rm-upstream-out permit 20
1541 description only customer routes are provided to upstreams/peers
1542 match community cm-learnt-cust
1545 ! outbound policy is same as for upstream
1546 route-map rm-peer-out permit 10
1547 call rm-upstream-out
1549 route-map rm-peer-in permit 10
1550 set community additive 64512:3200