2 @c This is part of the Frr Manual.
3 @c @value{COPYRIGHT_STR}
5 @c Copyright @copyright{} 2015 Hewlett Packard Enterprise Development LP
6 @c See file frr.texi for copying conditions.
10 @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version
11 is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway
12 Protocols and de-fact standard of Inter Domain routing protocol.
13 BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol
16 Many extensions have been added to @cite{RFC1771}. @cite{RFC2858,
17 Multiprotocol Extensions for BGP-4} provides multiprotocol support to
27 * BGP Address Family::
29 * BGP Communities Attribute::
30 * BGP Extended Communities Attribute::
31 * BGP Large Communities Attribute::
32 * Displaying BGP information::
33 * Capability Negotiation::
36 * BGP Regular Expressions::
37 * How to set up a 6-Bone connection::
38 * Dump BGP packets and table::
39 * BGP Configuration Examples::
40 * Prefix Origin Validation Using RPKI::
46 Default configuration file of @command{bgpd} is @file{bgpd.conf}.
47 @command{bgpd} searches the current directory first then
48 @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be
49 configured in @file{bgpd.conf}.
51 @command{bgpd} specific invocation options are described below. Common
52 options may also be specified (@pxref{Common Invocation Options}).
56 @itemx --bgp_port=@var{PORT}
57 Set the bgp protocol's port number.
61 When program terminates, retain BGP routes added by zebra.
65 Specify a specific IP address for bgpd to listen on, rather than its
66 default of INADDR_ANY / IN6ADDR_ANY. This can be useful to constrain bgpd
67 to an internal address, or to run multiple bgpd processes on one host.
74 First of all you must configure BGP router with @command{router bgp}
75 command. To configure BGP router, you need AS number. AS number is an
76 identification of autonomous system. BGP protocol uses the AS number
77 for detecting whether the BGP connection is internal one or external one.
79 @deffn Command {router bgp @var{asn}} {}
80 Enable a BGP protocol process with the specified @var{asn}. After
81 this statement you can input any @code{BGP Commands}. You can not
82 create different BGP process under different @var{asn} without
83 specifying @code{multiple-instance} (@pxref{Multiple instance}).
86 @deffn Command {no router bgp @var{asn}} {}
87 Destroy a BGP protocol process with the specified @var{asn}.
90 @deffn {BGP} {bgp router-id @var{A.B.C.D}} {}
91 This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets
92 interface and address information. In that case default router ID value
93 is selected as the largest IP Address of the interfaces. When
94 @code{router zebra} is not enabled @command{bgpd} can't get interface information
95 so @code{router-id} is set to 0.0.0.0. So please set router-id by hand.
100 * BGP decision process::
101 * BGP route flap dampening::
105 @subsection BGP distance
107 @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {}
108 This command change distance value of BGP. Each argument is distance
109 value for external routes, internal routes and local routes.
112 @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {}
113 @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {}
114 This command set distance value to
117 @node BGP decision process
118 @subsection BGP decision process
120 The decision process Frr BGP uses to select routes is as follows:
123 @item 1. Weight check
124 prefer higher local weight routes to lower routes.
126 @item 2. Local preference check
127 prefer higher local preference routes to lower.
129 @item 3. Local route check
130 Prefer local routes (statics, aggregates, redistributed) to received routes.
132 @item 4. AS path length check
133 Prefer shortest hop-count AS_PATHs.
135 @item 5. Origin check
136 Prefer the lowest origin type route. That is, prefer IGP origin routes to
137 EGP, to Incomplete routes.
140 Where routes with a MED were received from the same AS,
141 prefer the route with the lowest MED. @xref{BGP MED}.
143 @item 7. External check
144 Prefer the route received from an external, eBGP peer
145 over routes received from other types of peers.
147 @item 8. IGP cost check
148 Prefer the route with the lower IGP cost.
150 @item 9. Multi-path check
151 If multi-pathing is enabled, then check whether
152 the routes not yet distinguished in preference may be considered equal. If
153 @ref{bgp bestpath as-path multipath-relax} is set, all such routes are
154 considered equal, otherwise routes received via iBGP with identical AS_PATHs
155 or routes received from eBGP neighbours in the same AS are considered equal.
157 @item 10 Already-selected external check
159 Where both routes were received from eBGP peers, then prefer the route which
160 is already selected. Note that this check is not applied if @ref{bgp
161 bestpath compare-routerid} is configured. This check can prevent some cases
164 @item 11. Router-ID check
165 Prefer the route with the lowest @w{router-ID}. If the
166 route has an @w{ORIGINATOR_ID} attribute, through iBGP reflection, then that
167 router ID is used, otherwise the @w{router-ID} of the peer the route was
168 received from is used.
170 @item 12. Cluster-List length check
171 The route with the shortest cluster-list
172 length is used. The cluster-list reflects the iBGP reflection path the
175 @item 13. Peer address
176 Prefer the route received from the peer with the higher
177 transport layer address, as a last-resort tie-breaker.
181 @deffn {BGP} {bgp bestpath as-path confed} {}
182 This command specifies that the length of confederation path sets and
183 sequences should should be taken into account during the BGP best path
187 @deffn {BGP} {bgp bestpath as-path multipath-relax} {}
188 @anchor{bgp bestpath as-path multipath-relax}
189 This command specifies that BGP decision process should consider paths
190 of equal AS_PATH length candidates for multipath computation. Without
191 the knob, the entire AS_PATH must match for multipath computation.
194 @deffn {BGP} {bgp bestpath compare-routerid} {}
195 @anchor{bgp bestpath compare-routerid}
197 Ensure that when comparing routes where both are equal on most metrics,
198 including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken
201 If this option is enabled, then the already-selected check, where
202 already selected eBGP routes are preferred, is skipped.
204 If a route has an @w{ORIGINATOR_ID} attribute because it has been reflected,
205 that @w{ORIGINATOR_ID} will be used. Otherwise, the router-ID of the peer the
206 route was received from will be used.
208 The advantage of this is that the route-selection (at this point) will be
209 more deterministic. The disadvantage is that a few or even one lowest-ID
210 router may attract all trafic to otherwise-equal paths because of this
211 check. It may increase the possibility of MED or IGP oscillation, unless
212 other measures were taken to avoid these. The exact behaviour will be
213 sensitive to the iBGP and reflection topology.
218 @node BGP route flap dampening
219 @subsection BGP route flap dampening
221 @deffn {BGP} {bgp dampening @var{<1-45>} @var{<1-20000>} @var{<1-20000>} @var{<1-255>}} {}
222 This command enables BGP route-flap dampening and specifies dampening parameters.
225 @item @asis{half-life}
226 Half-life time for the penalty
227 @item @asis{reuse-threshold}
228 Value to start reusing a route
229 @item @asis{suppress-threshold}
230 Value to start suppressing a route
231 @item @asis{max-suppress}
232 Maximum duration to suppress a stable route
235 The route-flap damping algorithm is compatible with @cite{RFC2439}. The use of this command
236 is not recommended nowadays, see @uref{http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378}.
242 The BGP MED (Multi_Exit_Discriminator) attribute has properties which can
243 cause subtle convergence problems in BGP. These properties and problems
244 have proven to be hard to understand, at least historically, and may still
245 not be widely understood. The following attempts to collect together and
246 present what is known about MED, to help operators and Frr users in
247 designing and configuring their networks.
249 The BGP @acronym{MED, Multi_Exit_Discriminator} attribute is intended to
250 allow one AS to indicate its preferences for its ingress points to another
251 AS. The MED attribute will not be propagated on to another AS by the
252 receiving AS - it is `non-transitive' in the BGP sense.
254 E.g., if AS X and AS Y have 2 different BGP peering points, then AS X
255 might set a MED of 100 on routes advertised at one and a MED of 200 at the
256 other. When AS Y selects between otherwise equal routes to or via
257 AS X, AS Y should prefer to take the path via the lower MED peering of 100 with
258 AS X. Setting the MED allows an AS to influence the routing taken to it
259 within another, neighbouring AS.
261 In this use of MED it is not really meaningful to compare the MED value on
262 routes where the next AS on the paths differs. E.g., if AS Y also had a
263 route for some destination via AS Z in addition to the routes from AS X, and
264 AS Z had also set a MED, it wouldn't make sense for AS Y to compare AS Z's
265 MED values to those of AS X. The MED values have been set by different
266 administrators, with different frames of reference.
268 The default behaviour of BGP therefore is to not compare MED values across
269 routes received from different neighbouring ASes. In Frr this is done by
270 comparing the neighbouring, left-most AS in the received AS_PATHs of the
271 routes and only comparing MED if those are the same.
273 @c TeXInfo uses the old, non-UTF-8 capable, pdftex, and so
274 @c doesn't render TeX the unicode precedes character correctly in PDF, etc.
275 @c Using a TeX code on the other hand doesn't work for non-TeX outputs
276 @c (plaintext, e.g.). So, use an output-conditional macro.
290 Unfortunately, this behaviour of MED, of sometimes being compared across
291 routes and sometimes not, depending on the properties of those other routes,
292 means MED can cause the order of preference over all the routes to be
293 undefined. That is, given routes A, B, and C, if A is preferred to B, and B
294 is preferred to C, then a well-defined order should mean the preference is
295 transitive (in the sense of orders @footnote{For some set of objects to have
296 an order, there @emph{must} be some binary ordering relation that is defined
297 for @emph{every} combination of those objects, and that relation @emph{must}
298 be transitive. I.e.@:, if the relation operator is @mprec{}, and if
299 a @mprec{} b and b @mprec{} c then that relation must carry over
300 and it @emph{must} be that a @mprec{} c for the objects to have an
301 order. The ordering relation may allow for equality, i.e.
302 a @mprec{} b and b @mprec{} a may both be true amd imply that
303 a and b are equal in the order and not distinguished by it, in
304 which case the set has a partial order. Otherwise, if there is an order,
305 all the objects have a distinct place in the order and the set has a total
306 order.}) and that A would be preferred to C.
308 However, when MED is involved this need not be the case. With MED it is
309 possible that C is actually preferred over A. So A is preferred to B, B is
310 preferred to C, but C is preferred to A. This can be true even where BGP
311 defines a deterministic ``most preferred'' route out of the full set of
312 A,B,C. With MED, for any given set of routes there may be a
313 deterministically preferred route, but there need not be any way to arrange
314 them into any order of preference. With unmodified MED, the order of
315 preference of routes literally becomes undefined.
317 That MED can induce non-transitive preferences over routes can cause issues.
318 Firstly, it may be perceived to cause routing table churn locally at
319 speakers; secondly, and more seriously, it may cause routing instability in
320 iBGP topologies, where sets of speakers continually oscillate between
323 The first issue arises from how speakers often implement routing decisions.
324 Though BGP defines a selection process that will deterministically select
325 the same route as best at any given speaker, even with MED, that process
326 requires evaluating all routes together. For performance and ease of
327 implementation reasons, many implementations evaluate route preferences in a
328 pair-wise fashion instead. Given there is no well-defined order when MED is
329 involved, the best route that will be chosen becomes subject to
330 implementation details, such as the order the routes are stored in. That
331 may be (locally) non-deterministic, e.g.@: it may be the order the routes
334 This indeterminism may be considered undesirable, though it need not cause
335 problems. It may mean additional routing churn is perceived, as sometimes
336 more updates may be produced than at other times in reaction to some event .
338 This first issue can be fixed with a more deterministic route selection that
339 ensures routes are ordered by the neighbouring AS during selection.
340 @xref{bgp deterministic-med}. This may reduce the number of updates as
341 routes are received, and may in some cases reduce routing churn. Though, it
342 could equally deterministically produce the largest possible set of updates
343 in response to the most common sequence of received updates.
345 A deterministic order of evaluation tends to imply an additional overhead of
346 sorting over any set of n routes to a destination. The implementation of
347 deterministic MED in Frr scales significantly worse than most sorting
348 algorithms at present, with the number of paths to a given destination.
349 That number is often low enough to not cause any issues, but where there are
350 many paths, the deterministic comparison may quickly become increasingly
351 expensive in terms of CPU.
353 Deterministic local evaluation can @emph{not} fix the second, more major,
354 issue of MED however. Which is that the non-transitive preference of routes
355 MED can cause may lead to routing instability or oscillation across multiple
356 speakers in iBGP topologies. This can occur with full-mesh iBGP, but is
357 particularly problematic in non-full-mesh iBGP topologies that further
358 reduce the routing information known to each speaker. This has primarily
359 been documented with iBGP route-reflection topologies. However, any
360 route-hiding technologies potentially could also exacerbate oscillation with
363 This second issue occurs where speakers each have only a subset of routes,
364 and there are cycles in the preferences between different combinations of
365 routes - as the undefined order of preference of MED allows - and the routes
366 are distributed in a way that causes the BGP speakers to 'chase' those
367 cycles. This can occur even if all speakers use a deterministic order of
368 evaluation in route selection.
370 E.g., speaker 4 in AS A might receive a route from speaker 2 in AS X, and
371 from speaker 3 in AS Y; while speaker 5 in AS A might receive that route
372 from speaker 1 in AS Y. AS Y might set a MED of 200 at speaker 1, and 100
373 at speaker 3. I.e, using ASN:ID:MED to label the speakers:
378 X:2------|--A:4-------A:5--|-Y:1:200
384 Assuming all other metrics are equal (AS_PATH, ORIGIN, 0 IGP costs), then
385 based on the RFC4271 decision process speaker 4 will choose X:2 over
386 Y:3:100, based on the lower ID of 2. Speaker 4 advertises X:2 to speaker 5.
387 Speaker 5 will continue to prefer Y:1:200 based on the ID, and advertise
388 this to speaker 4. Speaker 4 will now have the full set of routes, and the
389 Y:1:200 it receives from 5 will beat X:2, but when speaker 4 compares
390 Y:1:200 to Y:3:100 the MED check now becomes active as the ASes match, and
391 now Y:3:100 is preferred. Speaker 4 therefore now advertises Y:3:100 to 5,
392 which will also agrees that Y:3:100 is preferred to Y:1:200, and so
393 withdraws the latter route from 4. Speaker 4 now has only X:2 and Y:3:100,
394 and X:2 beats Y:3:100, and so speaker 4 implicitly updates its route to
395 speaker 5 to X:2. Speaker 5 sees that Y:1:200 beats X:2 based on the ID,
396 and advertises Y:1:200 to speaker 4, and the cycle continues.
398 The root cause is the lack of a clear order of preference caused by how MED
399 sometimes is and sometimes is not compared, leading to this cycle in the
400 preferences between the routes:
404 /---> X:2 ---beats---> Y:3:100 --\
407 \---beats--- Y:1:200 <---beats---/
411 This particular type of oscillation in full-mesh iBGP topologies can be
412 avoided by speakers preferring already selected, external routes rather than
413 choosing to update to new a route based on a post-MED metric (e.g.
414 router-ID), at the cost of a non-deterministic selection process. Frr
415 implements this, as do many other implementations, so long as it is not
416 overridden by setting @ref{bgp bestpath compare-routerid}, and see also
417 @ref{BGP decision process}, .
419 However, more complex and insidious cycles of oscillation are possible with
420 iBGP route-reflection, which are not so easily avoided. These have been
421 documented in various places. See, e.g., @cite{McPherson, D. and Gill, V.
422 and Walton, D., "Border Gateway Protocol (BGP) Persistent Route Oscillation
423 Condition", IETF RFC3345}, and @cite{Flavel, A. and M. Roughan, "Stable
424 and flexible iBGP", ACM SIGCOMM 2009}, and @cite{Griffin, T. and G. Wilfong,
425 "On the correctness of IBGP configuration", ACM SIGCOMM 2002} for concrete
426 examples and further references.
428 There is as of this writing @emph{no} known way to use MED for its original
429 purpose; @emph{and} reduce routing information in iBGP topologies;
430 @emph{and} be sure to avoid the instability problems of MED due the
431 non-transitive routing preferences it can induce; in general on arbitrary
434 There may be iBGP topology specific ways to reduce the instability risks,
435 even while using MED, e.g.@: by constraining the reflection topology and by
436 tuning IGP costs between route-reflector clusters, see RFC3345 for details.
437 In the near future, the Add-Path extension to BGP may also solve MED
438 oscillation while still allowing MED to be used as intended, by distributing
439 "best-paths per neighbour AS". This would be at the cost of distributing at
440 least as many routes to all speakers as a full-mesh iBGP would, if not more,
441 while also imposing similar CPU overheads as the "Deterministic MED" feature
442 at each Add-Path reflector.
444 More generally, the instability problems that MED can introduce on more
445 complex, non-full-mesh, iBGP topologies may be avoided either by:
450 Setting @ref{bgp always-compare-med}, however this allows MED to be compared
451 across values set by different neighbour ASes, which may not produce
452 coherent desirable results, of itself.
455 Effectively ignoring MED by setting MED to the same value (e.g.@: 0) using
456 @ref{routemap set metric} on all received routes, in combination with
457 setting @ref{bgp always-compare-med} on all speakers. This is the simplest
458 and most performant way to avoid MED oscillation issues, where an AS is happy
459 not to allow neighbours to inject this problematic metric.
463 As MED is evaluated after the AS_PATH length check, another possible use for
464 MED is for intra-AS steering of routes with equal AS_PATH length, as an
465 extension of the last case above. As MED is evaluated before IGP metric,
466 this can allow cold-potato routing to be implemented to send traffic to
467 preferred hand-offs with neighbours, rather than the closest hand-off
468 according to the IGP metric.
470 Note that even if action is taken to address the MED non-transitivity
471 issues, other oscillations may still be possible. E.g., on IGP cost if
472 iBGP and IGP topologies are at cross-purposes with each other - see the
473 Flavel and Roughan paper above for an example. Hence the guideline that the
474 iBGP topology should follow the IGP topology.
476 @deffn {BGP} {bgp deterministic-med} {}
477 @anchor{bgp deterministic-med}
479 Carry out route-selection in way that produces deterministic answers
480 locally, even in the face of MED and the lack of a well-defined order of
481 preference it can induce on routes. Without this option the preferred route
482 with MED may be determined largely by the order that routes were received
485 Setting this option will have a performance cost that may be noticeable when
486 there are many routes for each destination. Currently in Frr it is
487 implemented in a way that scales poorly as the number of routes per
488 destination increases.
490 The default is that this option is not set.
493 Note that there are other sources of indeterminism in the route selection
494 process, specifically, the preference for older and already selected routes
495 from eBGP peers, @xref{BGP decision process}.
497 @deffn {BGP} {bgp always-compare-med} {}
498 @anchor{bgp always-compare-med}
500 Always compare the MED on routes, even when they were received from
501 different neighbouring ASes. Setting this option makes the order of
502 preference of routes more defined, and should eliminate MED induced
505 If using this option, it may also be desirable to use @ref{routemap set
506 metric} to set MED to 0 on routes received from external neighbours.
508 This option can be used, together with @ref{routemap set metric} to use MED
509 as an intra-AS metric to steer equal-length AS_PATH routes to, e.g., desired
520 * Route Aggregation::
521 * Redistribute to BGP::
525 @subsection BGP route
527 @deffn {BGP} {network @var{A.B.C.D/M}} {}
528 This command adds the announcement network.
532 address-family ipv4 unicast
537 This configuration example says that network 10.0.0.0/8 will be
538 announced to all neighbors. Some vendors' routers don't advertise
539 routes if they aren't present in their IGP routing tables; @code{bgpd}
540 doesn't care about IGP routes when announcing its routes.
543 @deffn {BGP} {no network @var{A.B.C.D/M}} {}
546 @node Route Aggregation
547 @subsection Route Aggregation
549 @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {}
550 This command specifies an aggregate address.
553 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {}
554 This command specifies an aggregate address. Resulting routes include
558 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {}
559 This command specifies an aggregate address. Aggreated routes will
563 @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {}
566 @node Redistribute to BGP
567 @subsection Redistribute to BGP
569 @deffn {BGP} {redistribute kernel} {}
570 Redistribute kernel route to BGP process.
573 @deffn {BGP} {redistribute static} {}
574 Redistribute static route to BGP process.
577 @deffn {BGP} {redistribute connected} {}
578 Redistribute connected route to BGP process.
581 @deffn {BGP} {redistribute rip} {}
582 Redistribute RIP route to BGP process.
585 @deffn {BGP} {redistribute ospf} {}
586 Redistribute OSPF route to BGP process.
589 @deffn {BGP} {redistribute vpn} {}
590 Redistribute VNC routes to BGP process.
593 @deffn {BGP} {update-delay @var{max-delay}} {}
594 @deffnx {BGP} {update-delay @var{max-delay} @var{establish-wait}} {}
595 This feature is used to enable read-only mode on BGP process restart or when
596 BGP process is cleared using 'clear ip bgp *'. When applicable, read-only mode
597 would begin as soon as the first peer reaches Established status and a timer
598 for max-delay seconds is started.
600 During this mode BGP doesn't run any best-path or generate any updates to its
601 peers. This mode continues until:
602 1. All the configured peers, except the shutdown peers, have sent explicit EOR
603 (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached
604 Established is considered an implicit-EOR.
605 If the establish-wait optional value is given, then BGP will wait for
606 peers to reach established from the begining of the update-delay till the
607 establish-wait period is over, i.e. the minimum set of established peers for
608 which EOR is expected would be peers established during the establish-wait
609 window, not necessarily all the configured neighbors.
610 2. max-delay period is over.
611 On hitting any of the above two conditions, BGP resumes the decision process
612 and generates updates to its peers.
614 Default max-delay is 0, i.e. the feature is off by default.
617 @deffn {BGP} {table-map @var{route-map-name}} {}
618 This feature is used to apply a route-map on route updates from BGP to Zebra.
619 All the applicable match operations are allowed, such as match on prefix,
620 next-hop, communities, etc. Set operations for this attach-point are limited
621 to metric and next-hop only. Any operation of this feature does not affect
624 Supported for ipv4 and ipv6 address families. It works on multi-paths as well,
625 however, metric setting is based on the best-path only.
633 * BGP Peer commands::
638 @subsection Defining Peer
640 @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {}
641 Creates a new neighbor whose remote-as is @var{asn}. @var{peer}
642 can be an IPv4 address or an IPv6 address.
646 neighbor 10.0.0.1 remote-as 2
649 In this case my router, in AS-1, is trying to peer with AS-2 at
652 This command must be the first command used when configuring a neighbor.
653 If the remote-as is not specified, @command{bgpd} will complain like this:
655 can't find neighbor 10.0.0.1
659 @node BGP Peer commands
660 @subsection BGP Peer commands
662 In a @code{router bgp} clause there are neighbor specific configurations
665 @deffn {BGP} {neighbor @var{peer} shutdown} {}
666 @deffnx {BGP} {no neighbor @var{peer} shutdown} {}
667 Shutdown the peer. We can delete the neighbor's configuration by
668 @code{no neighbor @var{peer} remote-as @var{as-number}} but all
669 configuration of the neighbor will be deleted. When you want to
670 preserve the configuration, but want to drop the BGP peer, use this
674 @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {}
675 @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {}
678 @deffn {BGP} {neighbor @var{peer} description ...} {}
679 @deffnx {BGP} {no neighbor @var{peer} description ...} {}
680 Set description of the peer.
683 @deffn {BGP} {neighbor @var{peer} version @var{version}} {}
684 Set up the neighbor's BGP version. @var{version} can be @var{4},
685 @var{4+} or @var{4-}. BGP version @var{4} is the default value used for
686 BGP peering. BGP version @var{4+} means that the neighbor supports
687 Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but
688 the neighbor speaks the old Internet-Draft revision 00's Multiprotocol
689 Extensions for BGP-4. Some routing software is still using this
693 @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {}
694 @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {}
695 When you connect to a BGP peer over an IPv6 link-local address, you
696 have to specify the @var{ifname} of the interface used for the
697 connection. To specify IPv4 session addresses, see the
698 @code{neighbor @var{peer} update-source} command below.
700 This command is deprecated and may be removed in a future release. Its
701 use should be avoided.
704 @deffn {BGP} {neighbor @var{peer} next-hop-self [all]} {}
705 @deffnx {BGP} {no neighbor @var{peer} next-hop-self [all]} {}
706 This command specifies an announced route's nexthop as being equivalent
707 to the address of the bgp router if it is learned via eBGP.
708 If the optional keyword @code{all} is specified the modifiation is done
709 also for routes learned via iBGP.
712 @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {}
713 @deffnx {BGP} {no neighbor @var{peer} update-source} {}
714 Specify the IPv4 source address to use for the @acronym{BGP} session to this
715 neighbour, may be specified as either an IPv4 address directly or
716 as an interface name (in which case the @command{zebra} daemon MUST be running
717 in order for @command{bgpd} to be able to retrieve interface state).
721 neighbor foo update-source 192.168.0.1
722 neighbor bar update-source lo0
727 @deffn {BGP} {neighbor @var{peer} default-originate} {}
728 @deffnx {BGP} {no neighbor @var{peer} default-originate} {}
729 @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it
730 is in routing table. When you want to announce default routes to the
731 peer, use this command.
734 @deffn {BGP} {neighbor @var{peer} port @var{port}} {}
735 @deffnx {BGP} {neighbor @var{peer} port @var{port}} {}
738 @deffn {BGP} {neighbor @var{peer} send-community} {}
739 @deffnx {BGP} {neighbor @var{peer} send-community} {}
742 @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {}
743 @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {}
744 This command specifies a default @var{weight} value for the neighbor's
748 @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {}
749 @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {}
752 @deffn {BGP} {neighbor @var{peer} local-as @var{as-number}} {}
753 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend} {}
754 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend replace-as} {}
755 @deffnx {BGP} {no neighbor @var{peer} local-as} {}
756 Specify an alternate AS for this BGP process when interacting with the
757 specified peer. With no modifiers, the specified local-as is prepended to
758 the received AS_PATH when receiving routing updates from the peer, and
759 prepended to the outgoing AS_PATH (after the process local AS) when
760 transmitting local routes to the peer.
762 If the no-prepend attribute is specified, then the supplied local-as is not
763 prepended to the received AS_PATH.
765 If the replace-as attribute is specified, then only the supplied local-as is
766 prepended to the AS_PATH when transmitting local-route updates to this peer.
768 Note that replace-as can only be specified if no-prepend is.
770 This command is only allowed for eBGP peers.
773 @deffn {BGP} {neighbor @var{peer} ttl-security hops @var{number}} {}
774 @deffnx {BGP} {no neighbor @var{peer} ttl-security hops @var{number}} {}
775 This command enforces Generalized TTL Security Mechanism (GTSM), as
776 specified in RFC 5082. With this command, only neighbors that are the
777 specified number of hops away will be allowed to become neighbors. This
778 command is mututally exclusive with @command{ebgp-multihop}.
782 @subsection Peer filtering
784 @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {}
785 This command specifies a distribute-list for the peer. @var{direct} is
786 @samp{in} or @samp{out}.
789 @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {}
792 @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {}
795 @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {}
796 Apply a route-map on the neighbor. @var{direct} must be @code{in} or
800 @deffn {BGP} {bgp route-reflector allow-outbound-policy} {}
801 By default, attribute modification via route-map policy out is not reflected
802 on reflected routes. This option allows the modifications to be reflected as
803 well. Once enabled, it affects all reflected routes.
806 @c -----------------------------------------------------------------------
808 @section BGP Peer Group
810 @deffn {BGP} {neighbor @var{word} peer-group} {}
811 This command defines a new peer group.
814 @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {}
815 This command bind specific peer to peer group @var{word}.
818 @node BGP Address Family
819 @section BGP Address Family
821 Multiprotocol BGP enables BGP to carry routing information for multiple
822 Network Layer protocols. BGP supports multiple Address Family
823 Identifier (AFI), namely IPv4 and IPv6. Support is also provided for
824 multiple sets of per-AFI information via Subsequent Address Family
825 Identifiers (SAFI). In addition to unicast information, VPN information
826 @cite{RFC4364} and @cite{RFC4659}, and Encapsulation information
827 @cite{RFC5512} is supported.
829 @deffn {Command} {show ip bgp vpnv4 all} {}
830 @deffnx {Command} {show ipv6 bgp vpn all} {}
831 Print active IPV4 or IPV6 routes advertised via the VPN SAFI.
834 @deffn {Command} {show ip bgp encap all} {}
835 @deffnx {Command} {show ipv6 bgp encap all} {}
836 Print active IPV4 or IPV6 routes advertised via the Encapsulation SAFI.
839 @deffn {Command} {show bgp ipv4 encap summary} {}
840 @deffnx {Command} {show bgp ipv4 vpn summary} {}
841 @deffnx {Command} {show bgp ipv6 encap summary} {}
842 @deffnx {Command} {show bgp ipv6 vpn summary} {}
843 Print a summary of neighbor connections for the specified AFI/SAFI combination.
846 @c -----------------------------------------------------------------------
847 @node Autonomous System
848 @section Autonomous System
850 The @acronym{AS,Autonomous System} number is one of the essential
851 element of BGP. BGP is a distance vector routing protocol, and the
852 AS-Path framework provides distance vector metric and loop detection to
853 BGP. @cite{RFC1930, Guidelines for creation, selection, and
854 registration of an Autonomous System (AS)} provides some background on
855 the concepts of an AS.
857 The AS number is a two octet value, ranging in value from 1 to 65535.
858 The AS numbers 64512 through 65535 are defined as private AS numbers.
859 Private AS numbers must not to be advertised in the global Internet.
862 * Display BGP Routes by AS Path::
863 * AS Path Access List::
864 * Using AS Path in Route Map::
865 * Private AS Numbers::
868 @node Display BGP Routes by AS Path
869 @subsection Display BGP Routes by AS Path
871 To show BGP routes which has specific AS path information @code{show
872 ip bgp} command can be used.
874 @deffn Command {show bgp @{ipv4|ipv6@} regexp @var{line}} {}
875 This commands displays BGP routes that matches a regular
876 expression @var{line} (@pxref{BGP Regular Expressions}).
879 @node AS Path Access List
880 @subsection AS Path Access List
882 AS path access list is user defined AS path.
884 @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
885 This command defines a new AS path access list.
888 @deffn {Command} {no ip as-path access-list @var{word}} {}
889 @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
892 @node Using AS Path in Route Map
893 @subsection Using AS Path in Route Map
895 @deffn {Route Map} {match as-path @var{word}} {}
898 @deffn {Route Map} {set as-path prepend @var{as-path}} {}
899 Prepend the given string of AS numbers to the AS_PATH.
902 @deffn {Route Map} {set as-path prepend last-as @var{num}} {}
903 Prepend the existing last AS number (the leftmost ASN) to the AS_PATH.
906 @node Private AS Numbers
907 @subsection Private AS Numbers
909 @c -----------------------------------------------------------------------
910 @node BGP Communities Attribute
911 @section BGP Communities Attribute
913 BGP communities attribute is widely used for implementing policy
914 routing. Network operators can manipulate BGP communities attribute
915 based on their network policy. BGP communities attribute is defined
916 in @cite{RFC1997, BGP Communities Attribute} and
917 @cite{RFC1998, An Application of the BGP Community Attribute
918 in Multi-home Routing}. It is an optional transitive attribute,
919 therefore local policy can travel through different autonomous system.
921 Communities attribute is a set of communities values. Each
922 communities value is 4 octet long. The following format is used to
923 define communities value.
927 This format represents 4 octet communities value. @code{AS} is high
928 order 2 octet in digit format. @code{VAL} is low order 2 octet in
929 digit format. This format is useful to define AS oriented policy
930 value. For example, @code{7675:80} can be used when AS 7675 wants to
931 pass local policy value 80 to neighboring peer.
933 @code{internet} represents well-known communities value 0.
935 @code{no-export} represents well-known communities value @code{NO_EXPORT}@*
936 @r{(0xFFFFFF01)}. All routes carry this value must not be advertised
937 to outside a BGP confederation boundary. If neighboring BGP peer is
938 part of BGP confederation, the peer is considered as inside a BGP
939 confederation boundary, so the route will be announced to the peer.
941 @code{no-advertise} represents well-known communities value
942 @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value
943 must not be advertise to other BGP peers.
945 @code{local-AS} represents well-known communities value
946 @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this
947 value must not be advertised to external BGP peers. Even if the
948 neighboring router is part of confederation, it is considered as
949 external BGP peer, so the route will not be announced to the peer.
952 When BGP communities attribute is received, duplicated communities
953 value in the communities attribute is ignored and each communities
954 values are sorted in numerical order.
957 * BGP Community Lists::
958 * Numbered BGP Community Lists::
959 * BGP Community in Route Map::
960 * Display BGP Routes by Community::
961 * Using BGP Communities Attribute::
964 @node BGP Community Lists
965 @subsection BGP Community Lists
967 BGP community list is a user defined BGP communites attribute list.
968 BGP community list can be used for matching or manipulating BGP
969 communities attribute in updates.
971 There are two types of community list. One is standard community
972 list and another is expanded community list. Standard community list
973 defines communities attribute. Expanded community list defines
974 communities attribute string with regular expression. Standard
975 community list is compiled into binary format when user define it.
976 Standard community list will be directly compared to BGP communities
977 attribute in BGP updates. Therefore the comparison is faster than
978 expanded community list.
980 @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {}
981 This command defines a new standard community list. @var{community}
982 is communities value. The @var{community} is compiled into community
983 structure. We can define multiple community list under same name. In
984 that case match will happen user defined order. Once the
985 community list matches to communities attribute in BGP updates it
986 return permit or deny by the community list definition. When there is
987 no matched entry, deny will be returned. When @var{community} is
988 empty it matches to any routes.
991 @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
992 This command defines a new expanded community list. @var{line} is a
993 string expression of communities attribute. @var{line} can be a
994 regular expression (@pxref{BGP Regular Expressions}) to match
995 the communities attribute in BGP updates.
998 @deffn Command {no ip community-list @var{name}} {}
999 @deffnx Command {no ip community-list standard @var{name}} {}
1000 @deffnx Command {no ip community-list expanded @var{name}} {}
1001 These commands delete community lists specified by @var{name}. All of
1002 community lists shares a single name space. So community lists can be
1003 removed simpley specifying community lists name.
1006 @deffn {Command} {show ip community-list} {}
1007 @deffnx {Command} {show ip community-list @var{name}} {}
1008 This command displays current community list information. When
1009 @var{name} is specified the specified community list's information is
1013 # show ip community-list
1014 Named Community standard list CLIST
1015 permit 7675:80 7675:100 no-export
1017 Named Community expanded list EXPAND
1020 # show ip community-list CLIST
1021 Named Community standard list CLIST
1022 permit 7675:80 7675:100 no-export
1027 @node Numbered BGP Community Lists
1028 @subsection Numbered BGP Community Lists
1030 When number is used for BGP community list name, the number has
1031 special meanings. Community list number in the range from 1 and 99 is
1032 standard community list. Community list number in the range from 100
1033 to 199 is expanded community list. These community lists are called
1034 as numbered community lists. On the other hand normal community lists
1035 is called as named community lists.
1037 @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {}
1038 This command defines a new community list. <1-99> is standard
1039 community list number. Community list name within this range defines
1040 standard community list. When @var{community} is empty it matches to
1044 @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {}
1045 This command defines a new community list. <100-199> is expanded
1046 community list number. Community list name within this range defines
1047 expanded community list.
1050 @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {}
1051 When community list type is not specifed, the community list type is
1052 automatically detected. If @var{community} can be compiled into
1053 communities attribute, the community list is defined as a standard
1054 community list. Otherwise it is defined as an expanded community
1055 list. This feature is left for backward compability. Use of this
1056 feature is not recommended.
1059 @node BGP Community in Route Map
1060 @subsection BGP Community in Route Map
1062 In Route Map (@pxref{Route Map}), we can match or set BGP
1063 communities attribute. Using this feature network operator can
1064 implement their network policy based on BGP communities attribute.
1066 Following commands can be used in Route Map.
1068 @deffn {Route Map} {match community @var{word}} {}
1069 @deffnx {Route Map} {match community @var{word} exact-match} {}
1070 This command perform match to BGP updates using community list
1071 @var{word}. When the one of BGP communities value match to the one of
1072 communities value in community list, it is match. When
1073 @code{exact-match} keyword is spcified, match happen only when BGP
1074 updates have completely same communities value specified in the
1078 @deffn {Route Map} {set community none} {}
1079 @deffnx {Route Map} {set community @var{community}} {}
1080 @deffnx {Route Map} {set community @var{community} additive} {}
1081 This command manipulate communities value in BGP updates. When
1082 @code{none} is specified as communities value, it removes entire
1083 communities attribute from BGP updates. When @var{community} is not
1084 @code{none}, specified communities value is set to BGP updates. If
1085 BGP updates already has BGP communities value, the existing BGP
1086 communities value is replaced with specified @var{community} value.
1087 When @code{additive} keyword is specified, @var{community} is appended
1088 to the existing communities value.
1091 @deffn {Route Map} {set comm-list @var{word} delete} {}
1092 This command remove communities value from BGP communities attribute.
1093 The @var{word} is community list name. When BGP route's communities
1094 value matches to the community list @var{word}, the communities value
1095 is removed. When all of communities value is removed eventually, the
1096 BGP update's communities attribute is completely removed.
1099 @node Display BGP Routes by Community
1100 @subsection Display BGP Routes by Community
1102 To show BGP routes which has specific BGP communities attribute,
1103 @code{show bgp @{ipv4|ipv6@}} command can be used. The
1104 @var{community} and @var{community-list} subcommand can be used.
1106 @deffn Command {show bgp @{ipv4|ipv6@} community} {}
1107 @deffnx Command {show bgp @{ipv4|ipv6@} community @var{community}} {}
1108 @deffnx Command {show bgp @{ipv4|ipv6@} community @var{community} exact-match} {}
1109 @code{show bgp @{ipv4|ipv6@} community} displays BGP routes which has communities
1110 attribute. Where the address family can be IPv4 or IPv6 among others. When
1111 @var{community} is specified, BGP routes that matches @var{community} value is
1112 displayed. For this command, @code{internet} keyword can't be used for
1113 @var{community} value. When @code{exact-match} is specified, it display only
1114 routes that have an exact match.
1117 @deffn Command {show bgp @{ipv4|ipv6@} community-list @var{word}} {}
1118 @deffnx Command {show bgp @{ipv4|ipv6@} community-list @var{word} exact-match} {}
1119 This commands display BGP routes for the address family specified that matches
1120 community list @var{word}. When @code{exact-match} is specified, display only
1121 routes that have an exact match.
1124 @node Using BGP Communities Attribute
1125 @subsection Using BGP Communities Attribute
1127 Following configuration is the most typical usage of BGP communities
1128 attribute. AS 7675 provides upstream Internet connection to AS 100.
1129 When following configuration exists in AS 7675, AS 100 networks
1130 operator can set local preference in AS 7675 network by setting BGP
1131 communities attribute to the updates.
1135 neighbor 192.168.0.1 remote-as 100
1136 address-family ipv4 unicast
1137 neighbor 192.168.0.1 route-map RMAP in
1140 ip community-list 70 permit 7675:70
1141 ip community-list 70 deny
1142 ip community-list 80 permit 7675:80
1143 ip community-list 80 deny
1144 ip community-list 90 permit 7675:90
1145 ip community-list 90 deny
1147 route-map RMAP permit 10
1149 set local-preference 70
1151 route-map RMAP permit 20
1153 set local-preference 80
1155 route-map RMAP permit 30
1157 set local-preference 90
1160 Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
1161 The route has communities value 7675:80 so when above configuration
1162 exists in AS 7675, announced route's local preference will be set to
1168 neighbor 192.168.0.2 remote-as 7675
1169 address-family ipv4 unicast
1170 neighbor 192.168.0.2 route-map RMAP out
1173 ip prefix-list PLIST permit 10.0.0.0/8
1175 route-map RMAP permit 10
1176 match ip address prefix-list PLIST
1177 set community 7675:80
1180 Following configuration is an example of BGP route filtering using
1181 communities attribute. This configuration only permit BGP routes
1182 which has BGP communities value 0:80 or 0:90. Network operator can
1183 put special internal communities value at BGP border router, then
1184 limit the BGP routes announcement into the internal network.
1188 neighbor 192.168.0.1 remote-as 100
1189 address-family ipv4 unicast
1190 neighbor 192.168.0.1 route-map RMAP in
1193 ip community-list 1 permit 0:80 0:90
1195 route-map RMAP permit in
1199 Following exmaple filter BGP routes which has communities value 1:1.
1200 When there is no match community-list returns deny. To avoid
1201 filtering all of routes, we need to define permit any at last.
1205 neighbor 192.168.0.1 remote-as 100
1206 address-family ipv4 unicast
1207 neighbor 192.168.0.1 route-map RMAP in
1210 ip community-list standard FILTER deny 1:1
1211 ip community-list standard FILTER permit
1213 route-map RMAP permit 10
1214 match community FILTER
1217 Communities value keyword @code{internet} has special meanings in
1218 standard community lists. In below example @code{internet} act as
1219 match any. It matches all of BGP routes even if the route does not
1220 have communities attribute at all. So community list @code{INTERNET}
1221 is same as above example's @code{FILTER}.
1224 ip community-list standard INTERNET deny 1:1
1225 ip community-list standard INTERNET permit internet
1228 Following configuration is an example of communities value deletion.
1229 With this configuration communities value 100:1 and 100:2 is removed
1230 from BGP updates. For communities value deletion, only @code{permit}
1231 community-list is used. @code{deny} community-list is ignored.
1235 neighbor 192.168.0.1 remote-as 100
1236 address-family ipv4 unicast
1237 neighbor 192.168.0.1 route-map RMAP in
1240 ip community-list standard DEL permit 100:1 100:2
1242 route-map RMAP permit 10
1243 set comm-list DEL delete
1246 @c -----------------------------------------------------------------------
1247 @node BGP Extended Communities Attribute
1248 @section BGP Extended Communities Attribute
1250 BGP extended communities attribute is introduced with MPLS VPN/BGP
1251 technology. MPLS VPN/BGP expands capability of network infrastructure
1252 to provide VPN functionality. At the same time it requires a new
1253 framework for policy routing. With BGP Extended Communities Attribute
1254 we can use Route Target or Site of Origin for implementing network
1255 policy for MPLS VPN/BGP.
1257 BGP Extended Communities Attribute is similar to BGP Communities
1258 Attribute. It is an optional transitive attribute. BGP Extended
1259 Communities Attribute can carry multiple Extended Community value.
1260 Each Extended Community value is eight octet length.
1262 BGP Extended Communities Attribute provides an extended range
1263 compared with BGP Communities Attribute. Adding to that there is a
1264 type field in each value to provides community space structure.
1266 There are two format to define Extended Community value. One is AS
1267 based format the other is IP address based format.
1271 This is a format to define AS based Extended Community value.
1272 @code{AS} part is 2 octets Global Administrator subfield in Extended
1273 Community value. @code{VAL} part is 4 octets Local Administrator
1274 subfield. @code{7675:100} represents AS 7675 policy value 100.
1275 @item IP-Address:VAL
1276 This is a format to define IP address based Extended Community value.
1277 @code{IP-Address} part is 4 octets Global Administrator subfield.
1278 @code{VAL} part is 2 octets Local Administrator subfield.
1279 @code{10.0.0.1:100} represents
1283 * BGP Extended Community Lists::
1284 * BGP Extended Communities in Route Map::
1287 @node BGP Extended Community Lists
1288 @subsection BGP Extended Community Lists
1290 Expanded Community Lists is a user defined BGP Expanded Community
1293 @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {}
1294 This command defines a new standard extcommunity-list.
1295 @var{extcommunity} is extended communities value. The
1296 @var{extcommunity} is compiled into extended community structure. We
1297 can define multiple extcommunity-list under same name. In that case
1298 match will happen user defined order. Once the extcommunity-list
1299 matches to extended communities attribute in BGP updates it return
1300 permit or deny based upon the extcommunity-list definition. When
1301 there is no matched entry, deny will be returned. When
1302 @var{extcommunity} is empty it matches to any routes.
1305 @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
1306 This command defines a new expanded extcommunity-list. @var{line} is
1307 a string expression of extended communities attribute. @var{line} can
1308 be a regular expression (@pxref{BGP Regular Expressions}) to match an
1309 extended communities attribute in BGP updates.
1312 @deffn Command {no ip extcommunity-list @var{name}} {}
1313 @deffnx Command {no ip extcommunity-list standard @var{name}} {}
1314 @deffnx Command {no ip extcommunity-list expanded @var{name}} {}
1315 These commands delete extended community lists specified by
1316 @var{name}. All of extended community lists shares a single name
1317 space. So extended community lists can be removed simpley specifying
1321 @deffn {Command} {show ip extcommunity-list} {}
1322 @deffnx {Command} {show ip extcommunity-list @var{name}} {}
1323 This command displays current extcommunity-list information. When
1324 @var{name} is specified the community list's information is shown.
1327 # show ip extcommunity-list
1331 @node BGP Extended Communities in Route Map
1332 @subsection BGP Extended Communities in Route Map
1334 @deffn {Route Map} {match extcommunity @var{word}} {}
1337 @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {}
1338 This command set Route Target value.
1341 @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {}
1342 This command set Site of Origin value.
1345 @c -----------------------------------------------------------------------
1346 @node BGP Large Communities Attribute
1347 @section BGP Large Communities Attribute
1349 The BGP Large Communities attribute was introduced in Feb 2017 with
1350 @cite{RFC8092, BGP Large Communities Attribute}.
1352 The BGP Large Communities Attribute is similar to the BGP Communities
1353 Attribute except that it has 3 components instead of two and each of
1354 which are 4 octets in length. Large Communities bring additional
1355 functionality and convenience over traditional communities, specifically
1356 the fact that the @code{GLOBAL} part below is now 4 octets wide allowing
1357 AS4 operators seamless use.
1360 @item GLOBAL:LOCAL1:LOCAL2
1361 This is the format to define Large Community values. Referencing
1362 @cite{RFC8195, Use of BGP Large Communities} the values are commonly
1363 referred to as follows.
1364 The @code{GLOBAL} part is a 4 octet Global Administrator field, common
1365 use of this field is the operators AS number.
1366 The @code{LOCAL1} part is a 4 octet Local Data Part 1 subfield referred
1368 The @code{LOCAL2} part is a 4 octet Local Data Part 2 field and referred
1369 to as the parameter subfield. @code{65551:1:10} represents AS 65551
1370 function 1 and parameter 10.
1371 The referenced RFC above gives some guidelines on recommended usage.
1375 * BGP Large Community Lists::
1376 * BGP Large Communities in Route Map::
1379 @node BGP Large Community Lists
1380 @subsection BGP Large Community Lists
1382 Two types of large community lists are supported, namely @code{standard} and
1385 @deffn Command {ip large-community-list standard @var{name} @{permit|deny@} @var{large-community}} {}
1386 This command defines a new standard large-community-list.
1387 @var{large-community} is the Large Community value. We
1388 can add multiple large communities under same name. In that case
1389 the match will happen in the user defined order. Once the large-community-list
1390 matches the Large Communities attribute in BGP updates it will return
1391 permit or deny based upon the large-community-list definition. When
1392 there is no matched entry, a deny will be returned. When @var{large-community}
1393 is empty it matches any routes.
1396 @deffn Command {ip large-community-list expanded @var{name} @{permit|deny@} @var{line}} {}
1397 This command defines a new expanded large-community-list. Where @var{line} is
1398 a string matching expression, it will be compared to the entire Large Communities
1399 attribute as a string, with each large-community in order from lowest to highest.
1400 @var{line} can also be a regular expression which matches this Large
1401 Community attribute.
1404 @deffn Command {no ip large-community-list @var{name}} {}
1405 @deffnx Command {no ip large-community-list standard @var{name}} {}
1406 @deffnx Command {no ip large-community-list expanded @var{name}} {}
1407 These commands delete Large Community lists specified by
1408 @var{name}. All Large Community lists share a single namespace.
1409 This means Large Community lists can be removed by simply specifying the name.
1412 @deffn {Command} {show ip large-community-list} {}
1413 @deffnx {Command} {show ip large-community-list @var{name}} {}
1414 This command display current large-community-list information. When
1415 @var{name} is specified the community list information is shown.
1418 @deffn {Command} {show ip bgp large-community-info} {}
1419 This command displays the current large communities in use.
1422 @node BGP Large Communities in Route Map
1423 @subsection BGP Large Communities in Route Map
1425 @deffn {Route Map} {match large-community @var{line}} {}
1426 Where @var{line} can be a simple string to match, or a regular expression.
1427 It is very important to note that this match occurs on the entire
1428 large-community string as a whole, where each large-community is ordered
1429 from lowest to highest.
1432 @deffn {Route Map} {set large-community @var{large-community}} {}
1433 @deffnx {Route Map} {set large-community @var{large-community} @var{large-community}} {}
1434 @deffnx {Route Map} {set large-community @var{large-community} additive} {}
1435 These commands are used for setting large-community values. The first
1436 command will overwrite any large-communities currently present.
1437 The second specifies two large-communities, which overwrites the current
1438 large-community list. The third will add a large-community value without
1439 overwriting other values. Multiple large-community values can be specified.
1442 @c -----------------------------------------------------------------------
1444 @node Displaying BGP information
1445 @section Displaying BGP information
1448 * Showing BGP information::
1449 * Other BGP commands::
1452 @node Showing BGP information
1453 @subsection Showing BGP information
1455 @deffn {Command} {show ip bgp} {}
1456 @deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
1457 @deffnx {Command} {show ip bgp @var{X:X::X:X}} {}
1458 This command displays BGP routes. When no route is specified it
1459 display all of IPv4 BGP routes.
1463 BGP table version is 0, local router ID is 10.1.1.1
1464 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
1465 Origin codes: i - IGP, e - EGP, ? - incomplete
1467 Network Next Hop Metric LocPrf Weight Path
1468 *> 1.1.1.1/32 0.0.0.0 0 32768 i
1470 Total number of prefixes 1
1473 @deffn {Command} {show ip bgp regexp @var{line}} {}
1474 This command displays BGP routes using AS path regular expression
1475 (@pxref{BGP Regular Expressions}).
1478 @deffn Command {show ip bgp community @var{community}} {}
1479 @deffnx Command {show ip bgp community @var{community} exact-match} {}
1480 This command displays BGP routes using @var{community} (@pxref{Display
1481 BGP Routes by Community}).
1484 @deffn Command {show ip bgp community-list @var{word}} {}
1485 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
1486 This command displays BGP routes using community list (@pxref{Display
1487 BGP Routes by Community}).
1490 @deffn {Command} {show bgp @{ipv4|ipv6@} summary} {}
1491 Show a bgp peer summary for the specified address family.
1494 @deffn {Command} {show bgp @{ipv4|ipv6@} neighbor [@var{peer}]} {}
1495 This command shows information on a specific BGP @var{peer}.
1498 @deffn {Command} {show bgp @{ipv4|ipv6@} dampening dampened-paths} {}
1499 Display paths suppressed due to dampening.
1502 @deffn {Command} {show bgp @{ipv4|ipv6@} dampening flap-statistics} {}
1503 Display flap statistics of routes.
1506 @node Other BGP commands
1507 @subsection Other BGP commands
1509 @deffn {Command} {clear bgp @{ipv4|ipv6@} *} {}
1510 Clear all address family peers.
1513 @deffn {Command} {clear bgp @{ipv4|ipv6@} @var{peer}} {}
1514 Clear peers which have addresses of X.X.X.X
1517 @deffn {Command} {clear bgp @{ipv4|ipv6@} @var{peer} soft in} {}
1518 Clear peer using soft reconfiguration.
1521 @deffn {Command} {show debug} {}
1524 @deffn {Command} {debug event} {}
1527 @deffn {Command} {debug update} {}
1530 @deffn {Command} {debug keepalive} {}
1533 @deffn {Command} {no debug event} {}
1536 @deffn {Command} {no debug update} {}
1539 @deffn {Command} {no debug keepalive} {}
1542 @node Capability Negotiation
1543 @section Capability Negotiation
1545 When adding IPv6 routing information exchange feature to BGP. There
1546 were some proposals. @acronym{IETF,Internet Engineering Task Force}
1547 @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted
1548 a proposal called Multiprotocol Extension for BGP. The specification
1549 is described in @cite{RFC2283}. The protocol does not define new protocols.
1550 It defines new attributes to existing BGP. When it is used exchanging
1551 IPv6 routing information it is called BGP-4+. When it is used for
1552 exchanging multicast routing information it is called MBGP.
1554 @command{bgpd} supports Multiprotocol Extension for BGP. So if remote
1555 peer supports the protocol, @command{bgpd} can exchange IPv6 and/or
1556 multicast routing information.
1558 Traditional BGP did not have the feature to detect remote peer's
1559 capabilities, e.g. whether it can handle prefix types other than IPv4
1560 unicast routes. This was a big problem using Multiprotocol Extension
1561 for BGP to operational network. @cite{RFC2842, Capabilities
1562 Advertisement with BGP-4} adopted a feature called Capability
1563 Negotiation. @command{bgpd} use this Capability Negotiation to detect
1564 the remote peer's capabilities. If the peer is only configured as IPv4
1565 unicast neighbor, @command{bgpd} does not send these Capability
1566 Negotiation packets (at least not unless other optional BGP features
1567 require capability negotation).
1569 By default, Frr will bring up peering with minimal common capability
1570 for the both sides. For example, local router has unicast and
1571 multicast capabilitie and remote router has unicast capability. In
1572 this case, the local router will establish the connection with unicast
1573 only capability. When there are no common capabilities, Frr sends
1574 Unsupported Capability error and then resets the connection.
1576 If you want to completely match capabilities with remote peer. Please
1577 use @command{strict-capability-match} command.
1579 @deffn {BGP} {neighbor @var{peer} strict-capability-match} {}
1580 @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {}
1581 Strictly compares remote capabilities and local capabilities. If capabilities
1582 are different, send Unsupported Capability error then reset connection.
1585 You may want to disable sending Capability Negotiation OPEN message
1586 optional parameter to the peer when remote peer does not implement
1587 Capability Negotiation. Please use @command{dont-capability-negotiate}
1588 command to disable the feature.
1590 @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {}
1591 @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {}
1592 Suppress sending Capability Negotiation as OPEN message optional
1593 parameter to the peer. This command only affects the peer is configured
1594 other than IPv4 unicast configuration.
1597 When remote peer does not have capability negotiation feature, remote
1598 peer will not send any capabilities at all. In that case, bgp
1599 configures the peer with configured capabilities.
1601 You may prefer locally configured capabilities more than the negotiated
1602 capabilities even though remote peer sends capabilities. If the peer
1603 is configured by @command{override-capability}, @command{bgpd} ignores
1604 received capabilities then override negotiated capabilities with
1607 @deffn {BGP} {neighbor @var{peer} override-capability} {}
1608 @deffnx {BGP} {no neighbor @var{peer} override-capability} {}
1609 Override the result of Capability Negotiation with local configuration.
1610 Ignore remote peer's capability value.
1613 @node Route Reflector
1614 @section Route Reflector
1616 @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {}
1619 @deffn {BGP} {neighbor @var{peer} route-reflector-client} {}
1620 @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {}
1624 @section Route Server
1626 At an Internet Exchange point, many ISPs are connected to each other by
1627 external BGP peering. Normally these external BGP connection are done by
1628 @samp{full mesh} method. As with internal BGP full mesh formation,
1629 this method has a scaling problem.
1631 This scaling problem is well known. Route Server is a method to resolve
1632 the problem. Each ISP's BGP router only peers to Route Server. Route
1633 Server serves as BGP information exchange to other BGP routers. By
1634 applying this method, numbers of BGP connections is reduced from
1635 O(n*(n-1)/2) to O(n).
1637 Unlike normal BGP router, Route Server must have several routing tables
1638 for managing different routing policies for each BGP speaker. We call the
1639 routing tables as different @code{view}s. @command{bgpd} can work as
1640 normal BGP router or Route Server or both at the same time.
1643 * Multiple instance::
1644 * BGP instance and view::
1646 * Viewing the view::
1649 @node Multiple instance
1650 @subsection Multiple instance
1652 To enable multiple view function of @code{bgpd}, you must turn on
1653 multiple instance feature beforehand.
1655 @deffn {Command} {bgp multiple-instance} {}
1656 Enable BGP multiple instance feature. After this feature is enabled,
1657 you can make multiple BGP instances or multiple BGP views.
1660 @deffn {Command} {no bgp multiple-instance} {}
1661 Disable BGP multiple instance feature. You can not disable this feature
1662 when BGP multiple instances or views exist.
1665 When you want to make configuration more Cisco like one,
1667 @deffn {Command} {bgp config-type cisco} {}
1668 Cisco compatible BGP configuration output.
1671 When bgp config-type cisco is specified,
1673 ``no synchronization'' is displayed.
1674 ``no auto-summary'' is displayed.
1676 ``network'' and ``aggregate-address'' argument is displayed as
1679 Frr: network 10.0.0.0/8
1680 Cisco: network 10.0.0.0
1682 Frr: aggregate-address 192.168.0.0/24
1683 Cisco: aggregate-address 192.168.0.0 255.255.255.0
1685 Community attribute handling is also different. If there is no
1686 configuration is specified community attribute and extended community
1687 attribute are sent to neighbor. When user manually disable the
1688 feature community attribute is not sent to the neighbor. In case of
1689 @command{bgp config-type cisco} is specified, community attribute is not
1690 sent to the neighbor by default. To send community attribute user has
1691 to specify @command{neighbor A.B.C.D send-community} command.
1696 neighbor 10.0.0.1 remote-as 1
1697 address-family ipv4 unicast
1698 no neighbor 10.0.0.1 send-community
1702 neighbor 10.0.0.1 remote-as 1
1703 address-family ipv4 unicast
1704 neighbor 10.0.0.1 send-community
1709 @deffn {Command} {bgp config-type zebra} {}
1710 Frr style BGP configuration. This is default.
1713 @node BGP instance and view
1714 @subsection BGP instance and view
1716 BGP instance is a normal BGP process. The result of route selection
1717 goes to the kernel routing table. You can setup different AS at the
1718 same time when BGP multiple instance feature is enabled.
1720 @deffn {Command} {router bgp @var{as-number}} {}
1721 Make a new BGP instance. You can use arbitrary word for the @var{name}.
1726 bgp multiple-instance
1729 neighbor 10.0.0.1 remote-as 2
1730 neighbor 10.0.0.2 remote-as 3
1733 neighbor 10.0.0.3 remote-as 4
1734 neighbor 10.0.0.4 remote-as 5
1738 BGP view is almost same as normal BGP process. The result of
1739 route selection does not go to the kernel routing table. BGP view is
1740 only for exchanging BGP routing information.
1742 @deffn {Command} {router bgp @var{as-number} view @var{name}} {}
1743 Make a new BGP view. You can use arbitrary word for the @var{name}. This
1744 view's route selection result does not go to the kernel routing table.
1747 With this command, you can setup Route Server like below.
1751 bgp multiple-instance
1754 neighbor 10.0.0.1 remote-as 2
1755 neighbor 10.0.0.2 remote-as 3
1758 neighbor 10.0.0.3 remote-as 4
1759 neighbor 10.0.0.4 remote-as 5
1763 @node Routing policy
1764 @subsection Routing policy
1766 You can set different routing policy for a peer. For example, you can
1767 set different filter for a peer.
1771 bgp multiple-instance
1774 neighbor 10.0.0.1 remote-as 2
1775 address-family ipv4 unicast
1776 neighbor 10.0.0.1 distribute-list 1 in
1780 neighbor 10.0.0.1 remote-as 2
1781 address-family ipv4 unicast
1782 neighbor 10.0.0.1 distribute-list 2 in
1787 This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view
1788 2. When the update is inserted into view 1, distribute-list 1 is
1789 applied. On the other hand, when the update is inserted into view 2,
1790 distribute-list 2 is applied.
1792 @node Viewing the view
1793 @subsection Viewing the view
1795 To display routing table of BGP view, you must specify view name.
1797 @deffn {Command} {show ip bgp view @var{name}} {}
1798 Display routing table of BGP view @var{name}.
1801 @node BGP Regular Expressions
1802 @section BGP Regular Expressions
1804 BGP regular expressions are based on @code{POSIX 1003.2} regular
1805 expressions. The following description is just a quick subset of the
1806 @code{POSIX} regular expressions. Adding to that, the special character
1811 Matches any single character.
1813 Matches 0 or more occurrences of pattern.
1815 Matches 1 or more occurrences of pattern.
1817 Match 0 or 1 occurrences of pattern.
1819 Matches the beginning of the line.
1821 Matches the end of the line.
1823 Character @code{_} has special meanings in BGP regular expressions.
1824 It matches to space and comma , and AS set delimiter @{ and @} and AS
1825 confederation delimiter @code{(} and @code{)}. And it also matches to
1826 the beginning of the line and the end of the line. So @code{_} can be
1827 used for AS value boundaries match. This character technically evaluates
1828 to @code{(^|[,@{@}() ]|$)}.
1831 @node How to set up a 6-Bone connection
1832 @section How to set up a 6-Bone connection
1840 ! Actually there is no need to configure zebra
1846 ! This means that routes go through zebra and into the kernel.
1850 ! MP-BGP configuration
1853 bgp router-id 10.0.0.1
1854 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number}
1857 network 3ffe:506::/32
1858 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
1859 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
1860 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number}
1861 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
1864 ipv6 access-list all permit any
1866 ! Set output nexthop address.
1868 route-map set-nexthop permit 10
1869 match ipv6 address all
1870 set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
1871 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
1873 ! logfile FILENAME is obsolete. Please use log file FILENAME
1880 @node Dump BGP packets and table
1881 @section Dump BGP packets and table
1883 @deffn Command {dump bgp all @var{path} [@var{interval}]} {}
1884 @deffnx Command {dump bgp all-et @var{path} [@var{interval}]} {}
1885 @deffnx Command {no dump bgp all [@var{path}] [@var{interval}]} {}
1886 Dump all BGP packet and events to @var{path} file.
1887 If @var{interval} is set, a new file will be created for echo @var{interval} of seconds.
1888 The path @var{path} can be set with date and time formatting (strftime).
1889 The type ‘all-et’ enables support for Extended Timestamp Header (@pxref{Packet Binary Dump Format}).
1890 (@pxref{Packet Binary Dump Format})
1893 @deffn Command {dump bgp updates @var{path} [@var{interval}]} {}
1894 @deffnx Command {dump bgp updates-et @var{path} [@var{interval}]} {}
1895 @deffnx Command {no dump bgp updates [@var{path}] [@var{interval}]} {}
1896 Dump only BGP updates messages to @var{path} file.
1897 If @var{interval} is set, a new file will be created for echo @var{interval} of seconds.
1898 The path @var{path} can be set with date and time formatting (strftime).
1899 The type ‘updates-et’ enables support for Extended Timestamp Header (@pxref{Packet Binary Dump Format}).
1902 @deffn Command {dump bgp routes-mrt @var{path}} {}
1903 @deffnx Command {dump bgp routes-mrt @var{path} @var{interval}} {}
1904 @deffnx Command {no dump bgp route-mrt [@var{path}] [@var{interval}]} {}
1905 Dump whole BGP routing table to @var{path}. This is heavy process.
1906 The path @var{path} can be set with date and time formatting (strftime).
1907 If @var{interval} is set, a new file will be created for echo @var{interval} of seconds.
1910 Note: the interval variable can also be set using hours and minutes: 04h20m00.
1913 @node BGP Configuration Examples
1914 @section BGP Configuration Examples
1916 Example of a session to an upstream, advertising only one prefix to it.
1920 bgp router-id 10.236.87.1
1921 neighbor upstream peer-group
1922 neighbor upstream remote-as 64515
1923 neighbor upstream capability dynamic
1924 neighbor 10.1.1.1 peer-group upstream
1925 neighbor 10.1.1.1 description ACME ISP
1927 address-family ipv4 unicast
1928 network 10.236.87.0/24
1929 neighbor upstream prefix-list pl-allowed-adv out
1932 ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
1933 ip prefix-list pl-allowed-adv seq 10 deny any
1937 A more complex example. With upstream, peer and customer sessions.
1938 Advertising global prefixes and NO_EXPORT prefixes and providing
1939 actions for customer routes based on community values. Extensive use of
1940 route-maps and the 'call' feature to support selective advertising of
1941 prefixes. This example is intended as guidance only, it has NOT been
1942 tested and almost certainly containts silly mistakes, if not serious
1947 bgp router-id 10.236.87.1
1948 neighbor upstream capability dynamic
1949 neighbor cust capability dynamic
1950 neighbor peer capability dynamic
1951 neighbor 10.1.1.1 remote-as 64515
1952 neighbor 10.1.1.1 peer-group upstream
1953 neighbor 10.2.1.1 remote-as 64516
1954 neighbor 10.2.1.1 peer-group upstream
1955 neighbor 10.3.1.1 remote-as 64517
1956 neighbor 10.3.1.1 peer-group cust-default
1957 neighbor 10.3.1.1 description customer1
1958 neighbor 10.4.1.1 remote-as 64518
1959 neighbor 10.4.1.1 peer-group cust
1960 neighbor 10.4.1.1 description customer2
1961 neighbor 10.5.1.1 remote-as 64519
1962 neighbor 10.5.1.1 peer-group peer
1963 neighbor 10.5.1.1 description peer AS 1
1964 neighbor 10.6.1.1 remote-as 64520
1965 neighbor 10.6.1.1 peer-group peer
1966 neighbor 10.6.1.1 description peer AS 2
1968 address-family ipv4 unicast
1969 network 10.123.456.0/24
1970 network 10.123.456.128/25 route-map rm-no-export
1971 neighbor upstream route-map rm-upstream-out out
1972 neighbor cust route-map rm-cust-in in
1973 neighbor cust route-map rm-cust-out out
1974 neighbor cust send-community both
1975 neighbor peer route-map rm-peer-in in
1976 neighbor peer route-map rm-peer-out out
1977 neighbor peer send-community both
1978 neighbor 10.3.1.1 prefix-list pl-cust1-network in
1979 neighbor 10.4.1.1 prefix-list pl-cust2-network in
1980 neighbor 10.5.1.1 prefix-list pl-peer1-network in
1981 neighbor 10.6.1.1 prefix-list pl-peer2-network in
1984 ip prefix-list pl-default permit 0.0.0.0/0
1986 ip prefix-list pl-upstream-peers permit 10.1.1.1/32
1987 ip prefix-list pl-upstream-peers permit 10.2.1.1/32
1989 ip prefix-list pl-cust1-network permit 10.3.1.0/24
1990 ip prefix-list pl-cust1-network permit 10.3.2.0/24
1992 ip prefix-list pl-cust2-network permit 10.4.1.0/24
1994 ip prefix-list pl-peer1-network permit 10.5.1.0/24
1995 ip prefix-list pl-peer1-network permit 10.5.2.0/24
1996 ip prefix-list pl-peer1-network permit 192.168.0.0/24
1998 ip prefix-list pl-peer2-network permit 10.6.1.0/24
1999 ip prefix-list pl-peer2-network permit 10.6.2.0/24
2000 ip prefix-list pl-peer2-network permit 192.168.1.0/24
2001 ip prefix-list pl-peer2-network permit 192.168.2.0/24
2002 ip prefix-list pl-peer2-network permit 172.16.1/24
2004 ip as-path access-list asp-own-as permit ^$
2005 ip as-path access-list asp-own-as permit _64512_
2007 ! #################################################################
2008 ! Match communities we provide actions for, on routes receives from
2009 ! customers. Communities values of <our-ASN>:X, with X, have actions:
2011 ! 100 - blackhole the prefix
2012 ! 200 - set no_export
2013 ! 300 - advertise only to other customers
2014 ! 400 - advertise only to upstreams
2015 ! 500 - set no_export when advertising to upstreams
2016 ! 2X00 - set local_preference to X00
2018 ! blackhole the prefix of the route
2019 ip community-list standard cm-blackhole permit 64512:100
2021 ! set no-export community before advertising
2022 ip community-list standard cm-set-no-export permit 64512:200
2024 ! advertise only to other customers
2025 ip community-list standard cm-cust-only permit 64512:300
2027 ! advertise only to upstreams
2028 ip community-list standard cm-upstream-only permit 64512:400
2030 ! advertise to upstreams with no-export
2031 ip community-list standard cm-upstream-noexport permit 64512:500
2033 ! set local-pref to least significant 3 digits of the community
2034 ip community-list standard cm-prefmod-100 permit 64512:2100
2035 ip community-list standard cm-prefmod-200 permit 64512:2200
2036 ip community-list standard cm-prefmod-300 permit 64512:2300
2037 ip community-list standard cm-prefmod-400 permit 64512:2400
2038 ip community-list expanded cme-prefmod-range permit 64512:2...
2040 ! Informational communities
2042 ! 3000 - learned from upstream
2043 ! 3100 - learned from customer
2044 ! 3200 - learned from peer
2046 ip community-list standard cm-learnt-upstream permit 64512:3000
2047 ip community-list standard cm-learnt-cust permit 64512:3100
2048 ip community-list standard cm-learnt-peer permit 64512:3200
2050 ! ###################################################################
2051 ! Utility route-maps
2053 ! These utility route-maps generally should not used to permit/deny
2054 ! routes, i.e. they do not have meaning as filters, and hence probably
2055 ! should be used with 'on-match next'. These all finish with an empty
2056 ! permit entry so as not interfere with processing in the caller.
2058 route-map rm-no-export permit 10
2059 set community additive no-export
2060 route-map rm-no-export permit 20
2062 route-map rm-blackhole permit 10
2063 description blackhole, up-pref and ensure it cant escape this AS
2064 set ip next-hop 127.0.0.1
2065 set local-preference 10
2066 set community additive no-export
2067 route-map rm-blackhole permit 20
2069 ! Set local-pref as requested
2070 route-map rm-prefmod permit 10
2071 match community cm-prefmod-100
2072 set local-preference 100
2073 route-map rm-prefmod permit 20
2074 match community cm-prefmod-200
2075 set local-preference 200
2076 route-map rm-prefmod permit 30
2077 match community cm-prefmod-300
2078 set local-preference 300
2079 route-map rm-prefmod permit 40
2080 match community cm-prefmod-400
2081 set local-preference 400
2082 route-map rm-prefmod permit 50
2084 ! Community actions to take on receipt of route.
2085 route-map rm-community-in permit 10
2086 description check for blackholing, no point continuing if it matches.
2087 match community cm-blackhole
2089 route-map rm-community-in permit 20
2090 match community cm-set-no-export
2093 route-map rm-community-in permit 30
2094 match community cme-prefmod-range
2096 route-map rm-community-in permit 40
2098 ! #####################################################################
2099 ! Community actions to take when advertising a route.
2100 ! These are filtering route-maps,
2102 ! Deny customer routes to upstream with cust-only set.
2103 route-map rm-community-filt-to-upstream deny 10
2104 match community cm-learnt-cust
2105 match community cm-cust-only
2106 route-map rm-community-filt-to-upstream permit 20
2108 ! Deny customer routes to other customers with upstream-only set.
2109 route-map rm-community-filt-to-cust deny 10
2110 match community cm-learnt-cust
2111 match community cm-upstream-only
2112 route-map rm-community-filt-to-cust permit 20
2114 ! ###################################################################
2115 ! The top-level route-maps applied to sessions. Further entries could
2116 ! be added obviously..
2119 route-map rm-cust-in permit 10
2120 call rm-community-in
2122 route-map rm-cust-in permit 20
2123 set community additive 64512:3100
2124 route-map rm-cust-in permit 30
2126 route-map rm-cust-out permit 10
2127 call rm-community-filt-to-cust
2129 route-map rm-cust-out permit 20
2131 ! Upstream transit ASes
2132 route-map rm-upstream-out permit 10
2133 description filter customer prefixes which are marked cust-only
2134 call rm-community-filt-to-upstream
2136 route-map rm-upstream-out permit 20
2137 description only customer routes are provided to upstreams/peers
2138 match community cm-learnt-cust
2141 ! outbound policy is same as for upstream
2142 route-map rm-peer-out permit 10
2143 call rm-upstream-out
2145 route-map rm-peer-in permit 10
2146 set community additive 64512:3200