2 @c This is part of the Quagga Manual.
3 @c @value{COPYRIGHT_STR}
4 @c See file quagga.texi for copying conditions.
8 @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version
9 is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway
10 Protocols and de-fact standard of Inter Domain routing protocol.
11 BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol
14 Many extensions have been added to @cite{RFC1771}. @cite{RFC2858,
15 Multiprotocol Extensions for BGP-4} provides multiprotocol support to
24 * BGP Address Family::
26 * BGP Communities Attribute::
27 * BGP Extended Communities Attribute::
28 * Displaying BGP routes::
29 * Capability Negotiation::
32 * How to set up a 6-Bone connection::
33 * Dump BGP packets and table::
34 * BGP Configuration Examples::
40 Default configuration file of @command{bgpd} is @file{bgpd.conf}.
41 @command{bgpd} searches the current directory first then
42 @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be
43 configured in @file{bgpd.conf}.
45 @command{bgpd} specific invocation options are described below. Common
46 options may also be specified (@pxref{Common Invocation Options}).
50 @itemx --bgp_port=@var{PORT}
51 Set the bgp protocol's port number.
55 When program terminates, retain BGP routes added by zebra.
61 First of all you must configure BGP router with @command{router bgp}
62 command. To configure BGP router, you need AS number. AS number is an
63 identification of autonomous system. BGP protocol uses the AS number
64 for detecting whether the BGP connection is internal one or external one.
66 @deffn Command {router bgp @var{asn}} {}
67 Enable a BGP protocol process with the specified @var{asn}. After
68 this statement you can input any @code{BGP Commands}. You can not
69 create different BGP process under different @var{asn} without
70 specifying @code{multiple-instance} (@pxref{Multiple instance}).
73 @deffn Command {no router bgp @var{asn}} {}
74 Destroy a BGP protocol process with the specified @var{asn}.
77 @deffn {BGP} {bgp router-id @var{A.B.C.D}} {}
78 This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets
79 interface and address information. In that case default router ID value
80 is selected as the largest IP Address of the interfaces. When
81 @code{router zebra} is not enabled @command{bgpd} can't get interface information
82 so @code{router-id} is set to 0.0.0.0. So please set router-id by hand.
87 * BGP decision process::
88 * BGP route flap dampening::
92 @subsection BGP distance
94 @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {}
95 This command change distance value of BGP. Each argument is distance
96 value for external routes, internal routes and local routes.
99 @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {}
100 @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {}
101 This command set distance value to
104 @node BGP decision process
105 @subsection BGP decision process
108 @item 1. Weight check
110 @item 2. Local preference check.
112 @item 3. Local route check.
114 @item 4. AS path length check.
116 @item 5. Origin check.
121 @deffn {BGP} {bgp bestpath as-path confed} {}
122 This command specifies that the length of confederation path sets and
123 sequences should should be taken into account during the BGP best path
127 @deffn {BGP} {bgp bestpath as-path multipath-relax} {}
128 This command specifies that BGP decision process should consider paths
129 of equal AS_PATH length candidates for multipath computation. Without
130 the knob, the entire AS_PATH must match for multipath computation.
133 @node BGP route flap dampening
134 @subsection BGP route flap dampening
136 @deffn {BGP} {bgp dampening @var{<1-45>} @var{<1-20000>} @var{<1-20000>} @var{<1-255>}} {}
137 This command enables BGP route-flap dampening and specifies dampening parameters.
140 @item @asis{half-life}
141 Half-life time for the penalty
142 @item @asis{reuse-threshold}
143 Value to start reusing a route
144 @item @asis{suppress-threshold}
145 Value to start suppressing a route
146 @item @asis{max-suppress}
147 Maximum duration to suppress a stable route
150 The route-flap damping algorithm is compatible with @cite{RFC2439}. The use of this command
151 is not recommended nowadays, see @uref{http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378}.
159 * Route Aggregation::
160 * Redistribute to BGP::
164 @subsection BGP route
166 @deffn {BGP} {network @var{A.B.C.D/M}} {}
167 This command adds the announcement network.
174 This configuration example says that network 10.0.0.0/8 will be
175 announced to all neighbors. Some vendors' routers don't advertise
176 routes if they aren't present in their IGP routing tables; @code{bgpd}
177 doesn't care about IGP routes when announcing its routes.
180 @deffn {BGP} {no network @var{A.B.C.D/M}} {}
183 @node Route Aggregation
184 @subsection Route Aggregation
186 @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {}
187 This command specifies an aggregate address.
190 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {}
191 This command specifies an aggregate address. Resulting routes inlucde
195 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {}
196 This command specifies an aggregate address. Aggreated routes will
200 @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {}
203 @node Redistribute to BGP
204 @subsection Redistribute to BGP
206 @deffn {BGP} {redistribute kernel} {}
207 Redistribute kernel route to BGP process.
210 @deffn {BGP} {redistribute static} {}
211 Redistribute static route to BGP process.
214 @deffn {BGP} {redistribute connected} {}
215 Redistribute connected route to BGP process.
218 @deffn {BGP} {redistribute rip} {}
219 Redistribute RIP route to BGP process.
222 @deffn {BGP} {redistribute ospf} {}
223 Redistribute OSPF route to BGP process.
226 @deffn {BGP} {update-delay @var{max-delay}} {}
227 @deffnx {BGP} {update-delay @var{max-delay} @var{establish-wait}} {}
228 This feature is used to enable read-only mode on BGP process restart or when
229 BGP process is cleared using 'clear ip bgp *'. When applicable, read-only mode
230 would begin as soon as the first peer reaches Established status and a timer
231 for max-delay seconds is started.
233 During this mode BGP doesn't run any best-path or generate any updates to its
234 peers. This mode continues until:
235 1. All the configured peers, except the shutdown peers, have sent explicit EOR
236 (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached
237 Established is considered an implicit-EOR.
238 If the establish-wait optional value is given, then BGP will wait for
239 peers to reach established from the begining of the update-delay till the
240 establish-wait period is over, i.e. the minimum set of established peers for
241 which EOR is expected would be peers established during the establish-wait
242 window, not necessarily all the configured neighbors.
243 2. max-delay period is over.
244 On hitting any of the above two conditions, BGP resumes the decision process
245 and generates updates to its peers.
247 Default max-delay is 0, i.e. the feature is off by default.
250 @deffn {BGP} {table-map @var{route-map-name}} {}
251 This feature is used to apply a route-map on route updates from BGP to Zebra.
252 All the applicable match operations are allowed, such as match on prefix,
253 next-hop, communities, etc. Set operations for this attach-point are limited
254 to metric and next-hop only. Any operation of this feature does not affect
257 Supported for ipv4 and ipv6 address families. It works on multi-paths as well,
258 however, metric setting is based on the best-path only.
266 * BGP Peer commands::
271 @subsection Defining Peer
273 @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {}
274 Creates a new neighbor whose remote-as is @var{asn}. @var{peer}
275 can be an IPv4 address or an IPv6 address.
279 neighbor 10.0.0.1 remote-as 2
282 In this case my router, in AS-1, is trying to peer with AS-2 at
285 This command must be the first command used when configuring a neighbor.
286 If the remote-as is not specified, @command{bgpd} will complain like this:
288 can't find neighbor 10.0.0.1
292 @node BGP Peer commands
293 @subsection BGP Peer commands
295 In a @code{router bgp} clause there are neighbor specific configurations
298 @deffn {BGP} {neighbor @var{peer} shutdown} {}
299 @deffnx {BGP} {no neighbor @var{peer} shutdown} {}
300 Shutdown the peer. We can delete the neighbor's configuration by
301 @code{no neighbor @var{peer} remote-as @var{as-number}} but all
302 configuration of the neighbor will be deleted. When you want to
303 preserve the configuration, but want to drop the BGP peer, use this
307 @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {}
308 @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {}
311 @deffn {BGP} {neighbor @var{peer} description ...} {}
312 @deffnx {BGP} {no neighbor @var{peer} description ...} {}
313 Set description of the peer.
316 @deffn {BGP} {neighbor @var{peer} version @var{version}} {}
317 Set up the neighbor's BGP version. @var{version} can be @var{4},
318 @var{4+} or @var{4-}. BGP version @var{4} is the default value used for
319 BGP peering. BGP version @var{4+} means that the neighbor supports
320 Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but
321 the neighbor speaks the old Internet-Draft revision 00's Multiprotocol
322 Extensions for BGP-4. Some routing software is still using this
326 @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {}
327 @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {}
328 When you connect to a BGP peer over an IPv6 link-local address, you
329 have to specify the @var{ifname} of the interface used for the
330 connection. To specify IPv4 session addresses, see the
331 @code{neighbor @var{peer} update-source} command below.
333 This command is deprecated and may be removed in a future release. Its
334 use should be avoided.
337 @deffn {BGP} {neighbor @var{peer} next-hop-self [all]} {}
338 @deffnx {BGP} {no neighbor @var{peer} next-hop-self [all]} {}
339 This command specifies an announced route's nexthop as being equivalent
340 to the address of the bgp router if it is learned via eBGP.
341 If the optional keyword @code{all} is specified the modifiation is done
342 also for routes learned via iBGP.
345 @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {}
346 @deffnx {BGP} {no neighbor @var{peer} update-source} {}
347 Specify the IPv4 source address to use for the @acronym{BGP} session to this
348 neighbour, may be specified as either an IPv4 address directly or
349 as an interface name (in which case the @command{zebra} daemon MUST be running
350 in order for @command{bgpd} to be able to retrieve interface state).
354 neighbor foo update-source 192.168.0.1
355 neighbor bar update-source lo0
360 @deffn {BGP} {neighbor @var{peer} default-originate} {}
361 @deffnx {BGP} {no neighbor @var{peer} default-originate} {}
362 @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it
363 is in routing table. When you want to announce default routes to the
364 peer, use this command.
367 @deffn {BGP} {neighbor @var{peer} port @var{port}} {}
368 @deffnx {BGP} {neighbor @var{peer} port @var{port}} {}
371 @deffn {BGP} {neighbor @var{peer} send-community} {}
372 @deffnx {BGP} {neighbor @var{peer} send-community} {}
375 @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {}
376 @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {}
377 This command specifies a default @var{weight} value for the neighbor's
381 @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {}
382 @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {}
385 @deffn {BGP} {neighbor @var{peer} local-as @var{as-number}} {}
386 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend} {}
387 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend replace-as} {}
388 @deffnx {BGP} {no neighbor @var{peer} local-as} {}
389 Specify an alternate AS for this BGP process when interacting with the
390 specified peer. With no modifiers, the specified local-as is prepended to
391 the received AS_PATH when receiving routing updates from the peer, and
392 prepended to the outgoing AS_PATH (after the process local AS) when
393 transmitting local routes to the peer.
395 If the no-prepend attribute is specified, then the supplied local-as is not
396 prepended to the received AS_PATH.
398 If the replace-as attribute is specified, then only the supplied local-as is
399 prepended to the AS_PATH when transmitting local-route updates to this peer.
401 Note that replace-as can only be specified if no-prepend is.
403 This command is only allowed for eBGP peers.
406 @deffn {BGP} {neighbor @var{peer} ttl-security hops @var{number}} {}
407 @deffnx {BGP} {no neighbor @var{peer} ttl-security hops @var{number}} {}
408 This command enforces Generalized TTL Security Mechanism (GTSM), as
409 specified in RFC 5082. With this command, only neighbors that are the
410 specified number of hops away will be allowed to become neighbors. This
411 command is mututally exclusive with @command{ebgp-multihop}.
415 @subsection Peer filtering
417 @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {}
418 This command specifies a distribute-list for the peer. @var{direct} is
419 @samp{in} or @samp{out}.
422 @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {}
425 @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {}
428 @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {}
429 Apply a route-map on the neighbor. @var{direct} must be @code{in} or
433 @deffn {BGP} {bgp route-reflector allow-outbound-policy} {}
434 By default, attribute modification via route-map policy out is not reflected
435 on reflected routes. This option allows the modifications to be reflected as
436 well. Once enabled, it affects all reflected routes.
439 @c -----------------------------------------------------------------------
441 @section BGP Peer Group
443 @deffn {BGP} {neighbor @var{word} peer-group} {}
444 This command defines a new peer group.
447 @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {}
448 This command bind specific peer to peer group @var{word}.
451 @node BGP Address Family
452 @section BGP Address Family
454 @c -----------------------------------------------------------------------
455 @node Autonomous System
456 @section Autonomous System
458 The @acronym{AS,Autonomous System} number is one of the essential
459 element of BGP. BGP is a distance vector routing protocol, and the
460 AS-Path framework provides distance vector metric and loop detection to
461 BGP. @cite{RFC1930, Guidelines for creation, selection, and
462 registration of an Autonomous System (AS)} provides some background on
463 the concepts of an AS.
465 The AS number is a two octet value, ranging in value from 1 to 65535.
466 The AS numbers 64512 through 65535 are defined as private AS numbers.
467 Private AS numbers must not to be advertised in the global Internet.
470 * AS Path Regular Expression::
471 * Display BGP Routes by AS Path::
472 * AS Path Access List::
473 * Using AS Path in Route Map::
474 * Private AS Numbers::
477 @node AS Path Regular Expression
478 @subsection AS Path Regular Expression
480 AS path regular expression can be used for displaying BGP routes and
481 AS path access list. AS path regular expression is based on
482 @code{POSIX 1003.2} regular expressions. Following description is
483 just a subset of @code{POSIX} regular expression. User can use full
484 @code{POSIX} regular expression. Adding to that special character '_'
485 is added for AS path regular expression.
489 Matches any single character.
491 Matches 0 or more occurrences of pattern.
493 Matches 1 or more occurrences of pattern.
495 Match 0 or 1 occurrences of pattern.
497 Matches the beginning of the line.
499 Matches the end of the line.
501 Character @code{_} has special meanings in AS path regular expression.
502 It matches to space and comma , and AS set delimiter @{ and @} and AS
503 confederation delimiter @code{(} and @code{)}. And it also matches to
504 the beginning of the line and the end of the line. So @code{_} can be
505 used for AS value boundaries match. @code{show ip bgp regexp _7675_}
506 matches to all of BGP routes which as AS number include @var{7675}.
509 @node Display BGP Routes by AS Path
510 @subsection Display BGP Routes by AS Path
512 To show BGP routes which has specific AS path information @code{show
513 ip bgp} command can be used.
515 @deffn Command {show ip bgp regexp @var{line}} {}
516 This commands display BGP routes that matches AS path regular
517 expression @var{line}.
520 @node AS Path Access List
521 @subsection AS Path Access List
523 AS path access list is user defined AS path.
525 @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
526 This command defines a new AS path access list.
529 @deffn {Command} {no ip as-path access-list @var{word}} {}
530 @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
533 @node Using AS Path in Route Map
534 @subsection Using AS Path in Route Map
536 @deffn {Route Map} {match as-path @var{word}} {}
539 @deffn {Route Map} {set as-path prepend @var{as-path}} {}
542 @node Private AS Numbers
543 @subsection Private AS Numbers
545 @c -----------------------------------------------------------------------
546 @node BGP Communities Attribute
547 @section BGP Communities Attribute
549 BGP communities attribute is widely used for implementing policy
550 routing. Network operators can manipulate BGP communities attribute
551 based on their network policy. BGP communities attribute is defined
552 in @cite{RFC1997, BGP Communities Attribute} and
553 @cite{RFC1998, An Application of the BGP Community Attribute
554 in Multi-home Routing}. It is an optional transitive attribute,
555 therefore local policy can travel through different autonomous system.
557 Communities attribute is a set of communities values. Each
558 communities value is 4 octet long. The following format is used to
559 define communities value.
563 This format represents 4 octet communities value. @code{AS} is high
564 order 2 octet in digit format. @code{VAL} is low order 2 octet in
565 digit format. This format is useful to define AS oriented policy
566 value. For example, @code{7675:80} can be used when AS 7675 wants to
567 pass local policy value 80 to neighboring peer.
569 @code{internet} represents well-known communities value 0.
571 @code{no-export} represents well-known communities value @code{NO_EXPORT}@*
572 @r{(0xFFFFFF01)}. All routes carry this value must not be advertised
573 to outside a BGP confederation boundary. If neighboring BGP peer is
574 part of BGP confederation, the peer is considered as inside a BGP
575 confederation boundary, so the route will be announced to the peer.
577 @code{no-advertise} represents well-known communities value
578 @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value
579 must not be advertise to other BGP peers.
581 @code{local-AS} represents well-known communities value
582 @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this
583 value must not be advertised to external BGP peers. Even if the
584 neighboring router is part of confederation, it is considered as
585 external BGP peer, so the route will not be announced to the peer.
588 When BGP communities attribute is received, duplicated communities
589 value in the communities attribute is ignored and each communities
590 values are sorted in numerical order.
593 * BGP Community Lists::
594 * Numbered BGP Community Lists::
595 * BGP Community in Route Map::
596 * Display BGP Routes by Community::
597 * Using BGP Communities Attribute::
600 @node BGP Community Lists
601 @subsection BGP Community Lists
603 BGP community list is a user defined BGP communites attribute list.
604 BGP community list can be used for matching or manipulating BGP
605 communities attribute in updates.
607 There are two types of community list. One is standard community
608 list and another is expanded community list. Standard community list
609 defines communities attribute. Expanded community list defines
610 communities attribute string with regular expression. Standard
611 community list is compiled into binary format when user define it.
612 Standard community list will be directly compared to BGP communities
613 attribute in BGP updates. Therefore the comparison is faster than
614 expanded community list.
616 @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {}
617 This command defines a new standard community list. @var{community}
618 is communities value. The @var{community} is compiled into community
619 structure. We can define multiple community list under same name. In
620 that case match will happen user defined order. Once the
621 community list matches to communities attribute in BGP updates it
622 return permit or deny by the community list definition. When there is
623 no matched entry, deny will be returned. When @var{community} is
624 empty it matches to any routes.
627 @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
628 This command defines a new expanded community list. @var{line} is a
629 string expression of communities attribute. @var{line} can include
630 regular expression to match communities attribute in BGP updates.
633 @deffn Command {no ip community-list @var{name}} {}
634 @deffnx Command {no ip community-list standard @var{name}} {}
635 @deffnx Command {no ip community-list expanded @var{name}} {}
636 These commands delete community lists specified by @var{name}. All of
637 community lists shares a single name space. So community lists can be
638 removed simpley specifying community lists name.
641 @deffn {Command} {show ip community-list} {}
642 @deffnx {Command} {show ip community-list @var{name}} {}
643 This command display current community list information. When
644 @var{name} is specified the specified community list's information is
648 # show ip community-list
649 Named Community standard list CLIST
650 permit 7675:80 7675:100 no-export
652 Named Community expanded list EXPAND
655 # show ip community-list CLIST
656 Named Community standard list CLIST
657 permit 7675:80 7675:100 no-export
662 @node Numbered BGP Community Lists
663 @subsection Numbered BGP Community Lists
665 When number is used for BGP community list name, the number has
666 special meanings. Community list number in the range from 1 and 99 is
667 standard community list. Community list number in the range from 100
668 to 199 is expanded community list. These community lists are called
669 as numbered community lists. On the other hand normal community lists
670 is called as named community lists.
672 @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {}
673 This command defines a new community list. <1-99> is standard
674 community list number. Community list name within this range defines
675 standard community list. When @var{community} is empty it matches to
679 @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {}
680 This command defines a new community list. <100-199> is expanded
681 community list number. Community list name within this range defines
682 expanded community list.
685 @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {}
686 When community list type is not specifed, the community list type is
687 automatically detected. If @var{community} can be compiled into
688 communities attribute, the community list is defined as a standard
689 community list. Otherwise it is defined as an expanded community
690 list. This feature is left for backward compability. Use of this
691 feature is not recommended.
694 @node BGP Community in Route Map
695 @subsection BGP Community in Route Map
697 In Route Map (@pxref{Route Map}), we can match or set BGP
698 communities attribute. Using this feature network operator can
699 implement their network policy based on BGP communities attribute.
701 Following commands can be used in Route Map.
703 @deffn {Route Map} {match community @var{word}} {}
704 @deffnx {Route Map} {match community @var{word} exact-match} {}
705 This command perform match to BGP updates using community list
706 @var{word}. When the one of BGP communities value match to the one of
707 communities value in community list, it is match. When
708 @code{exact-match} keyword is spcified, match happen only when BGP
709 updates have completely same communities value specified in the
713 @deffn {Route Map} {set community none} {}
714 @deffnx {Route Map} {set community @var{community}} {}
715 @deffnx {Route Map} {set community @var{community} additive} {}
716 This command manipulate communities value in BGP updates. When
717 @code{none} is specified as communities value, it removes entire
718 communities attribute from BGP updates. When @var{community} is not
719 @code{none}, specified communities value is set to BGP updates. If
720 BGP updates already has BGP communities value, the existing BGP
721 communities value is replaced with specified @var{community} value.
722 When @code{additive} keyword is specified, @var{community} is appended
723 to the existing communities value.
726 @deffn {Route Map} {set comm-list @var{word} delete} {}
727 This command remove communities value from BGP communities attribute.
728 The @var{word} is community list name. When BGP route's communities
729 value matches to the community list @var{word}, the communities value
730 is removed. When all of communities value is removed eventually, the
731 BGP update's communities attribute is completely removed.
734 @node Display BGP Routes by Community
735 @subsection Display BGP Routes by Community
737 To show BGP routes which has specific BGP communities attribute,
738 @code{show ip bgp} command can be used. The @var{community} value and
739 community list can be used for @code{show ip bgp} command.
741 @deffn Command {show ip bgp community} {}
742 @deffnx Command {show ip bgp community @var{community}} {}
743 @deffnx Command {show ip bgp community @var{community} exact-match} {}
744 @code{show ip bgp community} displays BGP routes which has communities
745 attribute. When @var{community} is specified, BGP routes that matches
746 @var{community} value is displayed. For this command, @code{internet}
747 keyword can't be used for @var{community} value. When
748 @code{exact-match} is specified, it display only routes that have an
752 @deffn Command {show ip bgp community-list @var{word}} {}
753 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
754 This commands display BGP routes that matches community list
755 @var{word}. When @code{exact-match} is specified, display only routes
756 that have an exact match.
759 @node Using BGP Communities Attribute
760 @subsection Using BGP Communities Attribute
762 Following configuration is the most typical usage of BGP communities
763 attribute. AS 7675 provides upstream Internet connection to AS 100.
764 When following configuration exists in AS 7675, AS 100 networks
765 operator can set local preference in AS 7675 network by setting BGP
766 communities attribute to the updates.
770 neighbor 192.168.0.1 remote-as 100
771 neighbor 192.168.0.1 route-map RMAP in
773 ip community-list 70 permit 7675:70
774 ip community-list 70 deny
775 ip community-list 80 permit 7675:80
776 ip community-list 80 deny
777 ip community-list 90 permit 7675:90
778 ip community-list 90 deny
780 route-map RMAP permit 10
782 set local-preference 70
784 route-map RMAP permit 20
786 set local-preference 80
788 route-map RMAP permit 30
790 set local-preference 90
793 Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
794 The route has communities value 7675:80 so when above configuration
795 exists in AS 7675, announced route's local preference will be set to
801 neighbor 192.168.0.2 remote-as 7675
802 neighbor 192.168.0.2 route-map RMAP out
804 ip prefix-list PLIST permit 10.0.0.0/8
806 route-map RMAP permit 10
807 match ip address prefix-list PLIST
808 set community 7675:80
811 Following configuration is an example of BGP route filtering using
812 communities attribute. This configuration only permit BGP routes
813 which has BGP communities value 0:80 or 0:90. Network operator can
814 put special internal communities value at BGP border router, then
815 limit the BGP routes announcement into the internal network.
819 neighbor 192.168.0.1 remote-as 100
820 neighbor 192.168.0.1 route-map RMAP in
822 ip community-list 1 permit 0:80 0:90
824 route-map RMAP permit in
828 Following exmaple filter BGP routes which has communities value 1:1.
829 When there is no match community-list returns deny. To avoid
830 filtering all of routes, we need to define permit any at last.
834 neighbor 192.168.0.1 remote-as 100
835 neighbor 192.168.0.1 route-map RMAP in
837 ip community-list standard FILTER deny 1:1
838 ip community-list standard FILTER permit
840 route-map RMAP permit 10
841 match community FILTER
844 Communities value keyword @code{internet} has special meanings in
845 standard community lists. In below example @code{internet} act as
846 match any. It matches all of BGP routes even if the route does not
847 have communities attribute at all. So community list @code{INTERNET}
848 is same as above example's @code{FILTER}.
851 ip community-list standard INTERNET deny 1:1
852 ip community-list standard INTERNET permit internet
855 Following configuration is an example of communities value deletion.
856 With this configuration communities value 100:1 and 100:2 is removed
857 from BGP updates. For communities value deletion, only @code{permit}
858 community-list is used. @code{deny} community-list is ignored.
862 neighbor 192.168.0.1 remote-as 100
863 neighbor 192.168.0.1 route-map RMAP in
865 ip community-list standard DEL permit 100:1 100:2
867 route-map RMAP permit 10
868 set comm-list DEL delete
871 @c -----------------------------------------------------------------------
872 @node BGP Extended Communities Attribute
873 @section BGP Extended Communities Attribute
875 BGP extended communities attribute is introduced with MPLS VPN/BGP
876 technology. MPLS VPN/BGP expands capability of network infrastructure
877 to provide VPN functionality. At the same time it requires a new
878 framework for policy routing. With BGP Extended Communities Attribute
879 we can use Route Target or Site of Origin for implementing network
880 policy for MPLS VPN/BGP.
882 BGP Extended Communities Attribute is similar to BGP Communities
883 Attribute. It is an optional transitive attribute. BGP Extended
884 Communities Attribute can carry multiple Extended Community value.
885 Each Extended Community value is eight octet length.
887 BGP Extended Communities Attribute provides an extended range
888 compared with BGP Communities Attribute. Adding to that there is a
889 type field in each value to provides community space structure.
891 There are two format to define Extended Community value. One is AS
892 based format the other is IP address based format.
896 This is a format to define AS based Extended Community value.
897 @code{AS} part is 2 octets Global Administrator subfield in Extended
898 Community value. @code{VAL} part is 4 octets Local Administrator
899 subfield. @code{7675:100} represents AS 7675 policy value 100.
901 This is a format to define IP address based Extended Community value.
902 @code{IP-Address} part is 4 octets Global Administrator subfield.
903 @code{VAL} part is 2 octets Local Administrator subfield.
904 @code{10.0.0.1:100} represents
908 * BGP Extended Community Lists::
909 * BGP Extended Communities in Route Map::
912 @node BGP Extended Community Lists
913 @subsection BGP Extended Community Lists
915 Expanded Community Lists is a user defined BGP Expanded Community
918 @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {}
919 This command defines a new standard extcommunity-list.
920 @var{extcommunity} is extended communities value. The
921 @var{extcommunity} is compiled into extended community structure. We
922 can define multiple extcommunity-list under same name. In that case
923 match will happen user defined order. Once the extcommunity-list
924 matches to extended communities attribute in BGP updates it return
925 permit or deny based upon the extcommunity-list definition. When
926 there is no matched entry, deny will be returned. When
927 @var{extcommunity} is empty it matches to any routes.
930 @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
931 This command defines a new expanded extcommunity-list. @var{line} is
932 a string expression of extended communities attribute. @var{line} can
933 include regular expression to match extended communities attribute in
937 @deffn Command {no ip extcommunity-list @var{name}} {}
938 @deffnx Command {no ip extcommunity-list standard @var{name}} {}
939 @deffnx Command {no ip extcommunity-list expanded @var{name}} {}
940 These commands delete extended community lists specified by
941 @var{name}. All of extended community lists shares a single name
942 space. So extended community lists can be removed simpley specifying
946 @deffn {Command} {show ip extcommunity-list} {}
947 @deffnx {Command} {show ip extcommunity-list @var{name}} {}
948 This command display current extcommunity-list information. When
949 @var{name} is specified the community list's information is shown.
952 # show ip extcommunity-list
956 @node BGP Extended Communities in Route Map
957 @subsection BGP Extended Communities in Route Map
959 @deffn {Route Map} {match extcommunity @var{word}} {}
962 @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {}
963 This command set Route Target value.
966 @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {}
967 This command set Site of Origin value.
970 @c -----------------------------------------------------------------------
971 @node Displaying BGP routes
972 @section Displaying BGP Routes
980 @subsection Show IP BGP
982 @deffn {Command} {show ip bgp} {}
983 @deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
984 @deffnx {Command} {show ip bgp @var{X:X::X:X}} {}
985 This command displays BGP routes. When no route is specified it
986 display all of IPv4 BGP routes.
990 BGP table version is 0, local router ID is 10.1.1.1
991 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
992 Origin codes: i - IGP, e - EGP, ? - incomplete
994 Network Next Hop Metric LocPrf Weight Path
995 *> 1.1.1.1/32 0.0.0.0 0 32768 i
997 Total number of prefixes 1
1000 @node More Show IP BGP
1001 @subsection More Show IP BGP
1003 @deffn {Command} {show ip bgp regexp @var{line}} {}
1004 This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}).
1007 @deffn Command {show ip bgp community @var{community}} {}
1008 @deffnx Command {show ip bgp community @var{community} exact-match} {}
1009 This command display BGP routes using @var{community} (@pxref{Display
1010 BGP Routes by Community}).
1013 @deffn Command {show ip bgp community-list @var{word}} {}
1014 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
1015 This command display BGP routes using community list (@pxref{Display
1016 BGP Routes by Community}).
1019 @deffn {Command} {show ip bgp summary} {}
1022 @deffn {Command} {show ip bgp neighbor [@var{peer}]} {}
1025 @deffn {Command} {clear ip bgp @var{peer}} {}
1026 Clear peers which have addresses of X.X.X.X
1029 @deffn {Command} {clear ip bgp @var{peer} soft in} {}
1030 Clear peer using soft reconfiguration.
1033 @deffn {Command} {show ip bgp dampened-paths} {}
1034 Display paths suppressed due to dampening
1037 @deffn {Command} {show ip bgp flap-statistics} {}
1038 Display flap statistics of routes
1041 @deffn {Command} {show debug} {}
1044 @deffn {Command} {debug event} {}
1047 @deffn {Command} {debug update} {}
1050 @deffn {Command} {debug keepalive} {}
1053 @deffn {Command} {no debug event} {}
1056 @deffn {Command} {no debug update} {}
1059 @deffn {Command} {no debug keepalive} {}
1062 @node Capability Negotiation
1063 @section Capability Negotiation
1065 When adding IPv6 routing information exchange feature to BGP. There
1066 were some proposals. @acronym{IETF,Internet Engineering Task Force}
1067 @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted
1068 a proposal called Multiprotocol Extension for BGP. The specification
1069 is described in @cite{RFC2283}. The protocol does not define new protocols.
1070 It defines new attributes to existing BGP. When it is used exchanging
1071 IPv6 routing information it is called BGP-4+. When it is used for
1072 exchanging multicast routing information it is called MBGP.
1074 @command{bgpd} supports Multiprotocol Extension for BGP. So if remote
1075 peer supports the protocol, @command{bgpd} can exchange IPv6 and/or
1076 multicast routing information.
1078 Traditional BGP did not have the feature to detect remote peer's
1079 capabilities, e.g. whether it can handle prefix types other than IPv4
1080 unicast routes. This was a big problem using Multiprotocol Extension
1081 for BGP to operational network. @cite{RFC2842, Capabilities
1082 Advertisement with BGP-4} adopted a feature called Capability
1083 Negotiation. @command{bgpd} use this Capability Negotiation to detect
1084 the remote peer's capabilities. If the peer is only configured as IPv4
1085 unicast neighbor, @command{bgpd} does not send these Capability
1086 Negotiation packets (at least not unless other optional BGP features
1087 require capability negotation).
1089 By default, Quagga will bring up peering with minimal common capability
1090 for the both sides. For example, local router has unicast and
1091 multicast capabilitie and remote router has unicast capability. In
1092 this case, the local router will establish the connection with unicast
1093 only capability. When there are no common capabilities, Quagga sends
1094 Unsupported Capability error and then resets the connection.
1096 If you want to completely match capabilities with remote peer. Please
1097 use @command{strict-capability-match} command.
1099 @deffn {BGP} {neighbor @var{peer} strict-capability-match} {}
1100 @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {}
1101 Strictly compares remote capabilities and local capabilities. If capabilities
1102 are different, send Unsupported Capability error then reset connection.
1105 You may want to disable sending Capability Negotiation OPEN message
1106 optional parameter to the peer when remote peer does not implement
1107 Capability Negotiation. Please use @command{dont-capability-negotiate}
1108 command to disable the feature.
1110 @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {}
1111 @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {}
1112 Suppress sending Capability Negotiation as OPEN message optional
1113 parameter to the peer. This command only affects the peer is configured
1114 other than IPv4 unicast configuration.
1117 When remote peer does not have capability negotiation feature, remote
1118 peer will not send any capabilities at all. In that case, bgp
1119 configures the peer with configured capabilities.
1121 You may prefer locally configured capabilities more than the negotiated
1122 capabilities even though remote peer sends capabilities. If the peer
1123 is configured by @command{override-capability}, @command{bgpd} ignores
1124 received capabilities then override negotiated capabilities with
1127 @deffn {BGP} {neighbor @var{peer} override-capability} {}
1128 @deffnx {BGP} {no neighbor @var{peer} override-capability} {}
1129 Override the result of Capability Negotiation with local configuration.
1130 Ignore remote peer's capability value.
1133 @node Route Reflector
1134 @section Route Reflector
1136 @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {}
1139 @deffn {BGP} {neighbor @var{peer} route-reflector-client} {}
1140 @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {}
1144 @section Route Server
1146 At an Internet Exchange point, many ISPs are connected to each other by
1147 external BGP peering. Normally these external BGP connection are done by
1148 @samp{full mesh} method. As with internal BGP full mesh formation,
1149 this method has a scaling problem.
1151 This scaling problem is well known. Route Server is a method to resolve
1152 the problem. Each ISP's BGP router only peers to Route Server. Route
1153 Server serves as BGP information exchange to other BGP routers. By
1154 applying this method, numbers of BGP connections is reduced from
1155 O(n*(n-1)/2) to O(n).
1157 Unlike normal BGP router, Route Server must have several routing tables
1158 for managing different routing policies for each BGP speaker. We call the
1159 routing tables as different @code{view}s. @command{bgpd} can work as
1160 normal BGP router or Route Server or both at the same time.
1163 * Multiple instance::
1164 * BGP instance and view::
1166 * Viewing the view::
1169 @node Multiple instance
1170 @subsection Multiple instance
1172 To enable multiple view function of @code{bgpd}, you must turn on
1173 multiple instance feature beforehand.
1175 @deffn {Command} {bgp multiple-instance} {}
1176 Enable BGP multiple instance feature. After this feature is enabled,
1177 you can make multiple BGP instances or multiple BGP views.
1180 @deffn {Command} {no bgp multiple-instance} {}
1181 Disable BGP multiple instance feature. You can not disable this feature
1182 when BGP multiple instances or views exist.
1185 When you want to make configuration more Cisco like one,
1187 @deffn {Command} {bgp config-type cisco} {}
1188 Cisco compatible BGP configuration output.
1191 When bgp config-type cisco is specified,
1193 ``no synchronization'' is displayed.
1194 ``no auto-summary'' is displayed.
1196 ``network'' and ``aggregate-address'' argument is displayed as
1199 Quagga: network 10.0.0.0/8
1200 Cisco: network 10.0.0.0
1202 Quagga: aggregate-address 192.168.0.0/24
1203 Cisco: aggregate-address 192.168.0.0 255.255.255.0
1205 Community attribute handling is also different. If there is no
1206 configuration is specified community attribute and extended community
1207 attribute are sent to neighbor. When user manually disable the
1208 feature community attribute is not sent to the neighbor. In case of
1209 @command{bgp config-type cisco} is specified, community attribute is not
1210 sent to the neighbor by default. To send community attribute user has
1211 to specify @command{neighbor A.B.C.D send-community} command.
1216 neighbor 10.0.0.1 remote-as 1
1217 no neighbor 10.0.0.1 send-community
1220 neighbor 10.0.0.1 remote-as 1
1221 neighbor 10.0.0.1 send-community
1225 @deffn {Command} {bgp config-type zebra} {}
1226 Quagga style BGP configuration. This is default.
1229 @node BGP instance and view
1230 @subsection BGP instance and view
1232 BGP instance is a normal BGP process. The result of route selection
1233 goes to the kernel routing table. You can setup different AS at the
1234 same time when BGP multiple instance feature is enabled.
1236 @deffn {Command} {router bgp @var{as-number}} {}
1237 Make a new BGP instance. You can use arbitrary word for the @var{name}.
1242 bgp multiple-instance
1245 neighbor 10.0.0.1 remote-as 2
1246 neighbor 10.0.0.2 remote-as 3
1249 neighbor 10.0.0.3 remote-as 4
1250 neighbor 10.0.0.4 remote-as 5
1254 BGP view is almost same as normal BGP process. The result of
1255 route selection does not go to the kernel routing table. BGP view is
1256 only for exchanging BGP routing information.
1258 @deffn {Command} {router bgp @var{as-number} view @var{name}} {}
1259 Make a new BGP view. You can use arbitrary word for the @var{name}. This
1260 view's route selection result does not go to the kernel routing table.
1263 With this command, you can setup Route Server like below.
1267 bgp multiple-instance
1270 neighbor 10.0.0.1 remote-as 2
1271 neighbor 10.0.0.2 remote-as 3
1274 neighbor 10.0.0.3 remote-as 4
1275 neighbor 10.0.0.4 remote-as 5
1279 @node Routing policy
1280 @subsection Routing policy
1282 You can set different routing policy for a peer. For example, you can
1283 set different filter for a peer.
1287 bgp multiple-instance
1290 neighbor 10.0.0.1 remote-as 2
1291 neighbor 10.0.0.1 distribute-list 1 in
1294 neighbor 10.0.0.1 remote-as 2
1295 neighbor 10.0.0.1 distribute-list 2 in
1299 This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view
1300 2. When the update is inserted into view 1, distribute-list 1 is
1301 applied. On the other hand, when the update is inserted into view 2,
1302 distribute-list 2 is applied.
1304 @node Viewing the view
1305 @subsection Viewing the view
1307 To display routing table of BGP view, you must specify view name.
1309 @deffn {Command} {show ip bgp view @var{name}} {}
1310 Display routing table of BGP view @var{name}.
1313 @node How to set up a 6-Bone connection
1314 @section How to set up a 6-Bone connection
1322 ! Actually there is no need to configure zebra
1328 ! This means that routes go through zebra and into the kernel.
1332 ! MP-BGP configuration
1335 bgp router-id 10.0.0.1
1336 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number}
1339 network 3ffe:506::/32
1340 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
1341 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
1342 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number}
1343 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
1346 ipv6 access-list all permit any
1348 ! Set output nexthop address.
1350 route-map set-nexthop permit 10
1351 match ipv6 address all
1352 set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
1353 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
1355 ! logfile FILENAME is obsolete. Please use log file FILENAME
1362 @node Dump BGP packets and table
1363 @section Dump BGP packets and table
1365 @deffn Command {dump bgp all @var{path} [@var{interval}]} {}
1366 @deffnx Command {dump bgp all-et @var{path} [@var{interval}]} {}
1367 @deffnx Command {no dump bgp all [@var{path}] [@var{interval}]} {}
1368 Dump all BGP packet and events to @var{path} file.
1369 If @var{interval} is set, a new file will be created for echo @var{interval} of seconds.
1370 The path @var{path} can be set with date and time formatting (strftime).
1371 The type ‘all-et’ enables support for Extended Timestamp Header (@pxref{Packet Binary Dump Format}).
1372 (@pxref{Packet Binary Dump Format})
1375 @deffn Command {dump bgp updates @var{path} [@var{interval}]} {}
1376 @deffnx Command {dump bgp updates-et @var{path} [@var{interval}]} {}
1377 @deffnx Command {no dump bgp updates [@var{path}] [@var{interval}]} {}
1378 Dump only BGP updates messages to @var{path} file.
1379 If @var{interval} is set, a new file will be created for echo @var{interval} of seconds.
1380 The path @var{path} can be set with date and time formatting (strftime).
1381 The type ‘updates-et’ enables support for Extended Timestamp Header (@pxref{Packet Binary Dump Format}).
1384 @deffn Command {dump bgp routes-mrt @var{path}} {}
1385 @deffnx Command {dump bgp routes-mrt @var{path} @var{interval}} {}
1386 @deffnx Command {no dump bgp route-mrt [@var{path}] [@var{interval}]} {}
1387 Dump whole BGP routing table to @var{path}. This is heavy process.
1388 The path @var{path} can be set with date and time formatting (strftime).
1389 If @var{interval} is set, a new file will be created for echo @var{interval} of seconds.
1392 Note: the interval variable can also be set using hours and minutes: 04h20m00.
1395 @node BGP Configuration Examples
1396 @section BGP Configuration Examples
1398 Example of a session to an upstream, advertising only one prefix to it.
1402 bgp router-id 10.236.87.1
1403 network 10.236.87.0/24
1404 neighbor upstream peer-group
1405 neighbor upstream remote-as 64515
1406 neighbor upstream capability dynamic
1407 neighbor upstream prefix-list pl-allowed-adv out
1408 neighbor 10.1.1.1 peer-group upstream
1409 neighbor 10.1.1.1 description ACME ISP
1411 ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
1412 ip prefix-list pl-allowed-adv seq 10 deny any
1416 A more complex example. With upstream, peer and customer sessions.
1417 Advertising global prefixes and NO_EXPORT prefixes and providing
1418 actions for customer routes based on community values. Extensive use of
1419 route-maps and the 'call' feature to support selective advertising of
1420 prefixes. This example is intended as guidance only, it has NOT been
1421 tested and almost certainly containts silly mistakes, if not serious
1426 bgp router-id 10.236.87.1
1427 network 10.123.456.0/24
1428 network 10.123.456.128/25 route-map rm-no-export
1429 neighbor upstream capability dynamic
1430 neighbor upstream route-map rm-upstream-out out
1431 neighbor cust capability dynamic
1432 neighbor cust route-map rm-cust-in in
1433 neighbor cust route-map rm-cust-out out
1434 neighbor cust send-community both
1435 neighbor peer capability dynamic
1436 neighbor peer route-map rm-peer-in in
1437 neighbor peer route-map rm-peer-out out
1438 neighbor peer send-community both
1439 neighbor 10.1.1.1 remote-as 64515
1440 neighbor 10.1.1.1 peer-group upstream
1441 neighbor 10.2.1.1 remote-as 64516
1442 neighbor 10.2.1.1 peer-group upstream
1443 neighbor 10.3.1.1 remote-as 64517
1444 neighbor 10.3.1.1 peer-group cust-default
1445 neighbor 10.3.1.1 description customer1
1446 neighbor 10.3.1.1 prefix-list pl-cust1-network in
1447 neighbor 10.4.1.1 remote-as 64518
1448 neighbor 10.4.1.1 peer-group cust
1449 neighbor 10.4.1.1 prefix-list pl-cust2-network in
1450 neighbor 10.4.1.1 description customer2
1451 neighbor 10.5.1.1 remote-as 64519
1452 neighbor 10.5.1.1 peer-group peer
1453 neighbor 10.5.1.1 prefix-list pl-peer1-network in
1454 neighbor 10.5.1.1 description peer AS 1
1455 neighbor 10.6.1.1 remote-as 64520
1456 neighbor 10.6.1.1 peer-group peer
1457 neighbor 10.6.1.1 prefix-list pl-peer2-network in
1458 neighbor 10.6.1.1 description peer AS 2
1460 ip prefix-list pl-default permit 0.0.0.0/0
1462 ip prefix-list pl-upstream-peers permit 10.1.1.1/32
1463 ip prefix-list pl-upstream-peers permit 10.2.1.1/32
1465 ip prefix-list pl-cust1-network permit 10.3.1.0/24
1466 ip prefix-list pl-cust1-network permit 10.3.2.0/24
1468 ip prefix-list pl-cust2-network permit 10.4.1.0/24
1470 ip prefix-list pl-peer1-network permit 10.5.1.0/24
1471 ip prefix-list pl-peer1-network permit 10.5.2.0/24
1472 ip prefix-list pl-peer1-network permit 192.168.0.0/24
1474 ip prefix-list pl-peer2-network permit 10.6.1.0/24
1475 ip prefix-list pl-peer2-network permit 10.6.2.0/24
1476 ip prefix-list pl-peer2-network permit 192.168.1.0/24
1477 ip prefix-list pl-peer2-network permit 192.168.2.0/24
1478 ip prefix-list pl-peer2-network permit 172.16.1/24
1480 ip as-path access-list asp-own-as permit ^$
1481 ip as-path access-list asp-own-as permit _64512_
1483 ! #################################################################
1484 ! Match communities we provide actions for, on routes receives from
1485 ! customers. Communities values of <our-ASN>:X, with X, have actions:
1487 ! 100 - blackhole the prefix
1488 ! 200 - set no_export
1489 ! 300 - advertise only to other customers
1490 ! 400 - advertise only to upstreams
1491 ! 500 - set no_export when advertising to upstreams
1492 ! 2X00 - set local_preference to X00
1494 ! blackhole the prefix of the route
1495 ip community-list standard cm-blackhole permit 64512:100
1497 ! set no-export community before advertising
1498 ip community-list standard cm-set-no-export permit 64512:200
1500 ! advertise only to other customers
1501 ip community-list standard cm-cust-only permit 64512:300
1503 ! advertise only to upstreams
1504 ip community-list standard cm-upstream-only permit 64512:400
1506 ! advertise to upstreams with no-export
1507 ip community-list standard cm-upstream-noexport permit 64512:500
1509 ! set local-pref to least significant 3 digits of the community
1510 ip community-list standard cm-prefmod-100 permit 64512:2100
1511 ip community-list standard cm-prefmod-200 permit 64512:2200
1512 ip community-list standard cm-prefmod-300 permit 64512:2300
1513 ip community-list standard cm-prefmod-400 permit 64512:2400
1514 ip community-list expanded cme-prefmod-range permit 64512:2...
1516 ! Informational communities
1518 ! 3000 - learned from upstream
1519 ! 3100 - learned from customer
1520 ! 3200 - learned from peer
1522 ip community-list standard cm-learnt-upstream permit 64512:3000
1523 ip community-list standard cm-learnt-cust permit 64512:3100
1524 ip community-list standard cm-learnt-peer permit 64512:3200
1526 ! ###################################################################
1527 ! Utility route-maps
1529 ! These utility route-maps generally should not used to permit/deny
1530 ! routes, i.e. they do not have meaning as filters, and hence probably
1531 ! should be used with 'on-match next'. These all finish with an empty
1532 ! permit entry so as not interfere with processing in the caller.
1534 route-map rm-no-export permit 10
1535 set community additive no-export
1536 route-map rm-no-export permit 20
1538 route-map rm-blackhole permit 10
1539 description blackhole, up-pref and ensure it cant escape this AS
1540 set ip next-hop 127.0.0.1
1541 set local-preference 10
1542 set community additive no-export
1543 route-map rm-blackhole permit 20
1545 ! Set local-pref as requested
1546 route-map rm-prefmod permit 10
1547 match community cm-prefmod-100
1548 set local-preference 100
1549 route-map rm-prefmod permit 20
1550 match community cm-prefmod-200
1551 set local-preference 200
1552 route-map rm-prefmod permit 30
1553 match community cm-prefmod-300
1554 set local-preference 300
1555 route-map rm-prefmod permit 40
1556 match community cm-prefmod-400
1557 set local-preference 400
1558 route-map rm-prefmod permit 50
1560 ! Community actions to take on receipt of route.
1561 route-map rm-community-in permit 10
1562 description check for blackholing, no point continuing if it matches.
1563 match community cm-blackhole
1565 route-map rm-community-in permit 20
1566 match community cm-set-no-export
1569 route-map rm-community-in permit 30
1570 match community cme-prefmod-range
1572 route-map rm-community-in permit 40
1574 ! #####################################################################
1575 ! Community actions to take when advertising a route.
1576 ! These are filtering route-maps,
1578 ! Deny customer routes to upstream with cust-only set.
1579 route-map rm-community-filt-to-upstream deny 10
1580 match community cm-learnt-cust
1581 match community cm-cust-only
1582 route-map rm-community-filt-to-upstream permit 20
1584 ! Deny customer routes to other customers with upstream-only set.
1585 route-map rm-community-filt-to-cust deny 10
1586 match community cm-learnt-cust
1587 match community cm-upstream-only
1588 route-map rm-community-filt-to-cust permit 20
1590 ! ###################################################################
1591 ! The top-level route-maps applied to sessions. Further entries could
1592 ! be added obviously..
1595 route-map rm-cust-in permit 10
1596 call rm-community-in
1598 route-map rm-cust-in permit 20
1599 set community additive 64512:3100
1600 route-map rm-cust-in permit 30
1602 route-map rm-cust-out permit 10
1603 call rm-community-filt-to-cust
1605 route-map rm-cust-out permit 20
1607 ! Upstream transit ASes
1608 route-map rm-upstream-out permit 10
1609 description filter customer prefixes which are marked cust-only
1610 call rm-community-filt-to-upstream
1612 route-map rm-upstream-out permit 20
1613 description only customer routes are provided to upstreams/peers
1614 match community cm-learnt-cust
1617 ! outbound policy is same as for upstream
1618 route-map rm-peer-out permit 10
1619 call rm-upstream-out
1621 route-map rm-peer-in permit 10
1622 set community additive 64512:3200