2 @c This is part of the Quagga Manual.
3 @c @value{COPYRIGHT_STR}
4 @c See file quagga.texi for copying conditions.
8 @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version
9 is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway
10 Protocols and de-fact standard of Inter Domain routing protocol.
11 BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol
14 Many extensions have been added to @cite{RFC1771}. @cite{RFC2858,
15 Multiprotocol Extensions for BGP-4} provides multiprotocol support to
24 * BGP Address Family::
26 * BGP Communities Attribute::
27 * BGP Extended Communities Attribute::
28 * Displaying BGP routes::
29 * Capability Negotiation::
32 * How to set up a 6-Bone connection::
33 * Dump BGP packets and table::
34 * BGP Configuration Examples::
40 Default configuration file of @command{bgpd} is @file{bgpd.conf}.
41 @command{bgpd} searches the current directory first then
42 @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be
43 configured in @file{bgpd.conf}.
45 @command{bgpd} specific invocation options are described below. Common
46 options may also be specified (@pxref{Common Invocation Options}).
50 @itemx --bgp_port=@var{PORT}
51 Set the bgp protocol's port number.
55 When program terminates, retain BGP routes added by zebra.
61 First of all you must configure BGP router with @command{router bgp}
62 command. To configure BGP router, you need AS number. AS number is an
63 identification of autonomous system. BGP protocol uses the AS number
64 for detecting whether the BGP connection is internal one or external one.
66 @deffn Command {router bgp @var{asn}} {}
67 Enable a BGP protocol process with the specified @var{asn}. After
68 this statement you can input any @code{BGP Commands}. You can not
69 create different BGP process under different @var{asn} without
70 specifying @code{multiple-instance} (@pxref{Multiple instance}).
73 @deffn Command {no router bgp @var{asn}} {}
74 Destroy a BGP protocol process with the specified @var{asn}.
77 @deffn {BGP} {bgp router-id @var{A.B.C.D}} {}
78 This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets
79 interface and address information. In that case default router ID value
80 is selected as the largest IP Address of the interfaces. When
81 @code{router zebra} is not enabled @command{bgpd} can't get interface information
82 so @code{router-id} is set to 0.0.0.0. So please set router-id by hand.
87 * BGP decision process::
91 @subsection BGP distance
93 @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {}
94 This command change distance value of BGP. Each argument is distance
95 value for external routes, internal routes and local routes.
98 @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {}
99 @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {}
100 This command set distance value to
103 @node BGP decision process
104 @subsection BGP decision process
107 @item 1. Weight check
109 @item 2. Local preference check.
111 @item 3. Local route check.
113 @item 4. AS path length check.
115 @item 5. Origin check.
120 @deffn {BGP} {bgp bestpath as-path confed} {}
121 This command specifies that the length of confederation path sets and
122 sequences should should be taken into account during the BGP best path
131 * Route Aggregation::
132 * Redistribute to BGP::
136 @subsection BGP route
138 @deffn {BGP} {network @var{A.B.C.D/M}} {}
139 This command adds the announcement network.
146 This configuration example says that network 10.0.0.0/8 will be
147 announced to all neighbors. Some vendors' routers don't advertise
148 routes if they aren't present in their IGP routing tables; @code{bgpd}
149 doesn't care about IGP routes when announcing its routes.
152 @deffn {BGP} {no network @var{A.B.C.D/M}} {}
155 @node Route Aggregation
156 @subsection Route Aggregation
158 @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {}
159 This command specifies an aggregate address.
162 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {}
163 This command specifies an aggregate address. Resulting routes inlucde
167 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {}
168 This command specifies an aggregate address. Aggreated routes will
172 @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {}
175 @node Redistribute to BGP
176 @subsection Redistribute to BGP
178 @deffn {BGP} {redistribute kernel} {}
179 Redistribute kernel route to BGP process.
182 @deffn {BGP} {redistribute static} {}
183 Redistribute static route to BGP process.
186 @deffn {BGP} {redistribute connected} {}
187 Redistribute connected route to BGP process.
190 @deffn {BGP} {redistribute rip} {}
191 Redistribute RIP route to BGP process.
194 @deffn {BGP} {redistribute ospf} {}
195 Redistribute OSPF route to BGP process.
203 * BGP Peer commands::
208 @subsection Defining Peer
210 @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {}
211 Creates a new neighbor whose remote-as is @var{asn}. @var{peer}
212 can be an IPv4 address or an IPv6 address.
216 neighbor 10.0.0.1 remote-as 2
219 In this case my router, in AS-1, is trying to peer with AS-2 at
222 This command must be the first command used when configuring a neighbor.
223 If the remote-as is not specified, @command{bgpd} will complain like this:
225 can't find neighbor 10.0.0.1
229 @node BGP Peer commands
230 @subsection BGP Peer commands
232 In a @code{router bgp} clause there are neighbor specific configurations
235 @deffn {BGP} {neighbor @var{peer} shutdown} {}
236 @deffnx {BGP} {no neighbor @var{peer} shutdown} {}
237 Shutdown the peer. We can delete the neighbor's configuration by
238 @code{no neighbor @var{peer} remote-as @var{as-number}} but all
239 configuration of the neighbor will be deleted. When you want to
240 preserve the configuration, but want to drop the BGP peer, use this
244 @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {}
245 @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {}
248 @deffn {BGP} {neighbor @var{peer} description ...} {}
249 @deffnx {BGP} {no neighbor @var{peer} description ...} {}
250 Set description of the peer.
253 @deffn {BGP} {neighbor @var{peer} version @var{version}} {}
254 Set up the neighbor's BGP version. @var{version} can be @var{4},
255 @var{4+} or @var{4-}. BGP version @var{4} is the default value used for
256 BGP peering. BGP version @var{4+} means that the neighbor supports
257 Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but
258 the neighbor speaks the old Internet-Draft revision 00's Multiprotocol
259 Extensions for BGP-4. Some routing software is still using this
263 @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {}
264 @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {}
265 When you connect to a BGP peer over an IPv6 link-local address, you
266 have to specify the @var{ifname} of the interface used for the
267 connection. To specify IPv4 session addresses, see the
268 @code{neighbor @var{peer} update-source} command below.
270 This command is deprecated and may be removed in a future release. Its
271 use should be avoided.
274 @deffn {BGP} {neighbor @var{peer} next-hop-self} {}
275 @deffnx {BGP} {no neighbor @var{peer} next-hop-self} {}
276 This command specifies an announced route's nexthop as being equivalent
277 to the address of the bgp router.
280 @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {}
281 @deffnx {BGP} {no neighbor @var{peer} update-source} {}
282 Specify the IPv4 source address to use for the @acronym{BGP} session to this
283 neighbour, may be specified as either an IPv4 address directly or
284 as an interface name (in which case the @command{zebra} daemon MUST be running
285 in order for @command{bgpd} to be able to retrieve interface state).
289 neighbor foo update-source 192.168.0.1
290 neighbor bar update-source lo0
295 @deffn {BGP} {neighbor @var{peer} default-originate} {}
296 @deffnx {BGP} {no neighbor @var{peer} default-originate} {}
297 @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it
298 is in routing table. When you want to announce default routes to the
299 peer, use this command.
302 @deffn {BGP} {neighbor @var{peer} port @var{port}} {}
303 @deffnx {BGP} {neighbor @var{peer} port @var{port}} {}
306 @deffn {BGP} {neighbor @var{peer} send-community} {}
307 @deffnx {BGP} {neighbor @var{peer} send-community} {}
310 @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {}
311 @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {}
312 This command specifies a default @var{weight} value for the neighbor's
316 @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {}
317 @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {}
321 @subsection Peer filtering
323 @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {}
324 This command specifies a distribute-list for the peer. @var{direct} is
325 @samp{in} or @samp{out}.
328 @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {}
331 @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {}
334 @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {}
335 Apply a route-map on the neighbor. @var{direct} must be @code{in} or
339 @c -----------------------------------------------------------------------
341 @section BGP Peer Group
343 @deffn {BGP} {neighbor @var{word} peer-group} {}
344 This command defines a new peer group.
347 @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {}
348 This command bind specific peer to peer group @var{word}.
351 @node BGP Address Family
352 @section BGP Address Family
354 @c -----------------------------------------------------------------------
355 @node Autonomous System
356 @section Autonomous System
358 The @acronym{AS,Autonomous System} number is one of the essential
359 element of BGP. BGP is a distance vector routing protocol, and the
360 AS-Path framework provides distance vector metric and loop detection to
361 BGP. @cite{RFC1930, Guidelines for creation, selection, and
362 registration of an Autonomous System (AS)} provides some background on
363 the concepts of an AS.
365 The AS number is a two octet value, ranging in value from 1 to 65535.
366 The AS numbers 64512 through 65535 are defined as private AS numbers.
367 Private AS numbers must not to be advertised in the global Internet.
370 * AS Path Regular Expression::
371 * Display BGP Routes by AS Path::
372 * AS Path Access List::
373 * Using AS Path in Route Map::
374 * Private AS Numbers::
377 @node AS Path Regular Expression
378 @subsection AS Path Regular Expression
380 AS path regular expression can be used for displaying BGP routes and
381 AS path access list. AS path regular expression is based on
382 @code{POSIX 1003.2} regular expressions. Following description is
383 just a subset of @code{POSIX} regular expression. User can use full
384 @code{POSIX} regular expression. Adding to that special character '_'
385 is added for AS path regular expression.
389 Matches any single character.
391 Matches 0 or more occurrences of pattern.
393 Matches 1 or more occurrences of pattern.
395 Match 0 or 1 occurrences of pattern.
397 Matches the beginning of the line.
399 Matches the end of the line.
401 Character @code{_} has special meanings in AS path regular expression.
402 It matches to space and comma , and AS set delimiter @{ and @} and AS
403 confederation delimiter @code{(} and @code{)}. And it also matches to
404 the beginning of the line and the end of the line. So @code{_} can be
405 used for AS value boundaries match. @code{show ip bgp regexp _7675_}
406 matches to all of BGP routes which as AS number include @var{7675}.
409 @node Display BGP Routes by AS Path
410 @subsection Display BGP Routes by AS Path
412 To show BGP routes which has specific AS path information @code{show
413 ip bgp} command can be used.
415 @deffn Command {show ip bgp regexp @var{line}} {}
416 This commands display BGP routes that matches AS path regular
417 expression @var{line}.
420 @node AS Path Access List
421 @subsection AS Path Access List
423 AS path access list is user defined AS path.
425 @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
426 This command defines a new AS path access list.
429 @deffn {Command} {no ip as-path access-list @var{word}} {}
430 @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
433 @node Using AS Path in Route Map
434 @subsection Using AS Path in Route Map
436 @deffn {Route Map} {match as-path @var{word}} {}
439 @deffn {Route Map} {set as-path prepend @var{as-path}} {}
442 @node Private AS Numbers
443 @subsection Private AS Numbers
445 @c -----------------------------------------------------------------------
446 @node BGP Communities Attribute
447 @section BGP Communities Attribute
449 BGP communities attribute is widely used for implementing policy
450 routing. Network operators can manipulate BGP communities attribute
451 based on their network policy. BGP communities attribute is defined
452 in @cite{RFC1997, BGP Communities Attribute} and
453 @cite{RFC1998, An Application of the BGP Community Attribute
454 in Multi-home Routing}. It is an optional transitive attribute,
455 therefore local policy can travel through different autonomous system.
457 Communities attribute is a set of communities values. Each
458 communities value is 4 octet long. The following format is used to
459 define communities value.
463 This format represents 4 octet communities value. @code{AS} is high
464 order 2 octet in digit format. @code{VAL} is low order 2 octet in
465 digit format. This format is useful to define AS oriented policy
466 value. For example, @code{7675:80} can be used when AS 7675 wants to
467 pass local policy value 80 to neighboring peer.
469 @code{internet} represents well-known communities value 0.
471 @code{no-export} represents well-known communities value @code{NO_EXPORT}@*
472 @r{(0xFFFFFF01)}. All routes carry this value must not be advertised
473 to outside a BGP confederation boundary. If neighboring BGP peer is
474 part of BGP confederation, the peer is considered as inside a BGP
475 confederation boundary, so the route will be announced to the peer.
477 @code{no-advertise} represents well-known communities value
478 @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value
479 must not be advertise to other BGP peers.
481 @code{local-AS} represents well-known communities value
482 @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this
483 value must not be advertised to external BGP peers. Even if the
484 neighboring router is part of confederation, it is considered as
485 external BGP peer, so the route will not be announced to the peer.
488 When BGP communities attribute is received, duplicated communities
489 value in the communities attribute is ignored and each communities
490 values are sorted in numerical order.
493 * BGP Community Lists::
494 * Numbered BGP Community Lists::
495 * BGP Community in Route Map::
496 * Display BGP Routes by Community::
497 * Using BGP Communities Attribute::
500 @node BGP Community Lists
501 @subsection BGP Community Lists
503 BGP community list is a user defined BGP communites attribute list.
504 BGP community list can be used for matching or manipulating BGP
505 communities attribute in updates.
507 There are two types of community list. One is standard community
508 list and another is expanded community list. Standard community list
509 defines communities attribute. Expanded community list defines
510 communities attribute string with regular expression. Standard
511 community list is compiled into binary format when user define it.
512 Standard community list will be directly compared to BGP communities
513 attribute in BGP updates. Therefore the comparison is faster than
514 expanded community list.
516 @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {}
517 This command defines a new standard community list. @var{community}
518 is communities value. The @var{community} is compiled into community
519 structure. We can define multiple community list under same name. In
520 that case match will happen user defined order. Once the
521 community list matches to communities attribute in BGP updates it
522 return permit or deny by the community list definition. When there is
523 no matched entry, deny will be returned. When @var{community} is
524 empty it matches to any routes.
527 @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
528 This command defines a new expanded community list. @var{line} is a
529 string expression of communities attribute. @var{line} can include
530 regular expression to match communities attribute in BGP updates.
533 @deffn Command {no ip community-list @var{name}} {}
534 @deffnx Command {no ip community-list standard @var{name}} {}
535 @deffnx Command {no ip community-list expanded @var{name}} {}
536 These commands delete community lists specified by @var{name}. All of
537 community lists shares a single name space. So community lists can be
538 removed simpley specifying community lists name.
541 @deffn {Command} {show ip community-list} {}
542 @deffnx {Command} {show ip community-list @var{name}} {}
543 This command display current community list information. When
544 @var{name} is specified the specified community list's information is
548 # show ip community-list
549 Named Community standard list CLIST
550 permit 7675:80 7675:100 no-export
552 Named Community expanded list EXPAND
555 # show ip community-list CLIST
556 Named Community standard list CLIST
557 permit 7675:80 7675:100 no-export
562 @node Numbered BGP Community Lists
563 @subsection Numbered BGP Community Lists
565 When number is used for BGP community list name, the number has
566 special meanings. Community list number in the range from 1 and 99 is
567 standard community list. Community list number in the range from 100
568 to 199 is expanded community list. These community lists are called
569 as numbered community lists. On the other hand normal community lists
570 is called as named community lists.
572 @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {}
573 This command defines a new community list. <1-99> is standard
574 community list number. Community list name within this range defines
575 standard community list. When @var{community} is empty it matches to
579 @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {}
580 This command defines a new community list. <100-199> is expanded
581 community list number. Community list name within this range defines
582 expanded community list.
585 @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {}
586 When community list type is not specifed, the community list type is
587 automatically detected. If @var{community} can be compiled into
588 communities attribute, the community list is defined as a standard
589 community list. Otherwise it is defined as an expanded community
590 list. This feature is left for backward compability. Use of this
591 feature is not recommended.
594 @node BGP Community in Route Map
595 @subsection BGP Community in Route Map
597 In Route Map (@pxref{Route Map}), we can match or set BGP
598 communities attribute. Using this feature network operator can
599 implement their network policy based on BGP communities attribute.
601 Following commands can be used in Route Map.
603 @deffn {Route Map} {match community @var{word}} {}
604 @deffnx {Route Map} {match community @var{word} exact-match} {}
605 This command perform match to BGP updates using community list
606 @var{word}. When the one of BGP communities value match to the one of
607 communities value in community list, it is match. When
608 @code{exact-match} keyword is spcified, match happen only when BGP
609 updates have completely same communities value specified in the
613 @deffn {Route Map} {set community none} {}
614 @deffnx {Route Map} {set community @var{community}} {}
615 @deffnx {Route Map} {set community @var{community} additive} {}
616 This command manipulate communities value in BGP updates. When
617 @code{none} is specified as communities value, it removes entire
618 communities attribute from BGP updates. When @var{community} is not
619 @code{none}, specified communities value is set to BGP updates. If
620 BGP updates already has BGP communities value, the existing BGP
621 communities value is replaced with specified @var{community} value.
622 When @code{additive} keyword is specified, @var{community} is appended
623 to the existing communities value.
626 @deffn {Route Map} {set comm-list @var{word} delete} {}
627 This command remove communities value from BGP communities attribute.
628 The @var{word} is community list name. When BGP route's communities
629 value matches to the community list @var{word}, the communities value
630 is removed. When all of communities value is removed eventually, the
631 BGP update's communities attribute is completely removed.
634 @node Display BGP Routes by Community
635 @subsection Display BGP Routes by Community
637 To show BGP routes which has specific BGP communities attribute,
638 @code{show ip bgp} command can be used. The @var{community} value and
639 community list can be used for @code{show ip bgp} command.
641 @deffn Command {show ip bgp community} {}
642 @deffnx Command {show ip bgp community @var{community}} {}
643 @deffnx Command {show ip bgp community @var{community} exact-match} {}
644 @code{show ip bgp community} displays BGP routes which has communities
645 attribute. When @var{community} is specified, BGP routes that matches
646 @var{community} value is displayed. For this command, @code{internet}
647 keyword can't be used for @var{community} value. When
648 @code{exact-match} is specified, it display only routes that have an
652 @deffn Command {show ip bgp community-list @var{word}} {}
653 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
654 This commands display BGP routes that matches community list
655 @var{word}. When @code{exact-match} is specified, display only routes
656 that have an exact match.
659 @node Using BGP Communities Attribute
660 @subsection Using BGP Communities Attribute
662 Following configuration is the most typical usage of BGP communities
663 attribute. AS 7675 provides upstream Internet connection to AS 100.
664 When following configuration exists in AS 7675, AS 100 networks
665 operator can set local preference in AS 7675 network by setting BGP
666 communities attribute to the updates.
670 neighbor 192.168.0.1 remote-as 100
671 neighbor 192.168.0.1 route-map RMAP in
673 ip community-list 70 permit 7675:70
674 ip community-list 70 deny
675 ip community-list 80 permit 7675:80
676 ip community-list 80 deny
677 ip community-list 90 permit 7675:90
678 ip community-list 90 deny
680 route-map RMAP permit 10
682 set local-preference 70
684 route-map RMAP permit 20
686 set local-preference 80
688 route-map RMAP permit 30
690 set local-preference 90
693 Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
694 The route has communities value 7675:80 so when above configuration
695 exists in AS 7675, announced route's local preference will be set to
701 neighbor 192.168.0.2 remote-as 7675
702 neighbor 192.168.0.2 route-map RMAP out
704 ip prefix-list PLIST permit 10.0.0.0/8
706 route-map RMAP permit 10
707 match ip address prefix-list PLIST
708 set community 7675:80
711 Following configuration is an example of BGP route filtering using
712 communities attribute. This configuration only permit BGP routes
713 which has BGP communities value 0:80 or 0:90. Network operator can
714 put special internal communities value at BGP border router, then
715 limit the BGP routes announcement into the internal network.
719 neighbor 192.168.0.1 remote-as 100
720 neighbor 192.168.0.1 route-map RMAP in
722 ip community-list 1 permit 0:80 0:90
724 route-map RMAP permit in
728 Following exmaple filter BGP routes which has communities value 1:1.
729 When there is no match community-list returns deny. To avoid
730 filtering all of routes, we need to define permit any at last.
734 neighbor 192.168.0.1 remote-as 100
735 neighbor 192.168.0.1 route-map RMAP in
737 ip community-list standard FILTER deny 1:1
738 ip community-list standard FILTER permit
740 route-map RMAP permit 10
741 match community FILTER
744 Communities value keyword @code{internet} has special meanings in
745 standard community lists. In below example @code{internet} act as
746 match any. It matches all of BGP routes even if the route does not
747 have communities attribute at all. So community list @code{INTERNET}
748 is same as above example's @code{FILTER}.
751 ip community-list standard INTERNET deny 1:1
752 ip community-list standard INTERNET permit internet
755 Following configuration is an example of communities value deletion.
756 With this configuration communities value 100:1 and 100:2 is removed
757 from BGP updates. For communities value deletion, only @code{permit}
758 community-list is used. @code{deny} community-list is ignored.
762 neighbor 192.168.0.1 remote-as 100
763 neighbor 192.168.0.1 route-map RMAP in
765 ip community-list standard DEL permit 100:1 100:2
767 route-map RMAP permit 10
768 set comm-list DEL delete
771 @c -----------------------------------------------------------------------
772 @node BGP Extended Communities Attribute
773 @section BGP Extended Communities Attribute
775 BGP extended communities attribute is introduced with MPLS VPN/BGP
776 technology. MPLS VPN/BGP expands capability of network infrastructure
777 to provide VPN functionality. At the same time it requires a new
778 framework for policy routing. With BGP Extended Communities Attribute
779 we can use Route Target or Site of Origin for implementing network
780 policy for MPLS VPN/BGP.
782 BGP Extended Communities Attribute is similar to BGP Communities
783 Attribute. It is an optional transitive attribute. BGP Extended
784 Communities Attribute can carry multiple Extended Community value.
785 Each Extended Community value is eight octet length.
787 BGP Extended Communities Attribute provides an extended range
788 compared with BGP Communities Attribute. Adding to that there is a
789 type field in each value to provides community space structure.
791 There are two format to define Extended Community value. One is AS
792 based format the other is IP address based format.
796 This is a format to define AS based Extended Community value.
797 @code{AS} part is 2 octets Global Administrator subfield in Extended
798 Community value. @code{VAL} part is 4 octets Local Administrator
799 subfield. @code{7675:100} represents AS 7675 policy value 100.
801 This is a format to define IP address based Extended Community value.
802 @code{IP-Address} part is 4 octets Global Administrator subfield.
803 @code{VAL} part is 2 octets Local Administrator subfield.
804 @code{10.0.0.1:100} represents
808 * BGP Extended Community Lists::
809 * BGP Extended Communities in Route Map::
812 @node BGP Extended Community Lists
813 @subsection BGP Extended Community Lists
815 Expanded Community Lists is a user defined BGP Expanded Community
818 @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {}
819 This command defines a new standard extcommunity-list.
820 @var{extcommunity} is extended communities value. The
821 @var{extcommunity} is compiled into extended community structure. We
822 can define multiple extcommunity-list under same name. In that case
823 match will happen user defined order. Once the extcommunity-list
824 matches to extended communities attribute in BGP updates it return
825 permit or deny based upon the extcommunity-list definition. When
826 there is no matched entry, deny will be returned. When
827 @var{extcommunity} is empty it matches to any routes.
830 @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
831 This command defines a new expanded extcommunity-list. @var{line} is
832 a string expression of extended communities attribute. @var{line} can
833 include regular expression to match extended communities attribute in
837 @deffn Command {no ip extcommunity-list @var{name}} {}
838 @deffnx Command {no ip extcommunity-list standard @var{name}} {}
839 @deffnx Command {no ip extcommunity-list expanded @var{name}} {}
840 These commands delete extended community lists specified by
841 @var{name}. All of extended community lists shares a single name
842 space. So extended community lists can be removed simpley specifying
846 @deffn {Command} {show ip extcommunity-list} {}
847 @deffnx {Command} {show ip extcommunity-list @var{name}} {}
848 This command display current extcommunity-list information. When
849 @var{name} is specified the community list's information is shown.
852 # show ip extcommunity-list
856 @node BGP Extended Communities in Route Map
857 @subsection BGP Extended Communities in Route Map
859 @deffn {Route Map} {match extcommunity @var{word}} {}
862 @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {}
863 This command set Route Target value.
866 @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {}
867 This command set Site of Origin value.
870 @c -----------------------------------------------------------------------
871 @node Displaying BGP routes
872 @section Displaying BGP Routes
880 @subsection Show IP BGP
882 @deffn {Command} {show ip bgp} {}
883 @deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
884 @deffnx {Command} {show ip bgp @var{X:X::X:X}} {}
885 This command displays BGP routes. When no route is specified it
886 display all of IPv4 BGP routes.
890 BGP table version is 0, local router ID is 10.1.1.1
891 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
892 Origin codes: i - IGP, e - EGP, ? - incomplete
894 Network Next Hop Metric LocPrf Weight Path
895 *> 1.1.1.1/32 0.0.0.0 0 32768 i
897 Total number of prefixes 1
900 @node More Show IP BGP
901 @subsection More Show IP BGP
903 @deffn {Command} {show ip bgp regexp @var{line}} {}
904 This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}).
907 @deffn Command {show ip bgp community @var{community}} {}
908 @deffnx Command {show ip bgp community @var{community} exact-match} {}
909 This command display BGP routes using @var{community} (@pxref{Display
910 BGP Routes by Community}).
913 @deffn Command {show ip bgp community-list @var{word}} {}
914 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
915 This command display BGP routes using community list (@pxref{Display
916 BGP Routes by Community}).
919 @deffn {Command} {show ip bgp summary} {}
922 @deffn {Command} {show ip bgp neighbor [@var{peer}]} {}
925 @deffn {Command} {clear ip bgp @var{peer}} {}
926 Clear peers which have addresses of X.X.X.X
929 @deffn {Command} {clear ip bgp @var{peer} soft in} {}
930 Clear peer using soft reconfiguration.
933 @deffn {Command} {show debug} {}
936 @deffn {Command} {debug event} {}
939 @deffn {Command} {debug update} {}
942 @deffn {Command} {debug keepalive} {}
945 @deffn {Command} {no debug event} {}
948 @deffn {Command} {no debug update} {}
951 @deffn {Command} {no debug keepalive} {}
954 @node Capability Negotiation
955 @section Capability Negotiation
957 When adding IPv6 routing information exchange feature to BGP. There
958 were some proposals. @acronym{IETF,Internet Engineering Task Force}
959 @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted
960 a proposal called Multiprotocol Extension for BGP. The specification
961 is described in @cite{RFC2283}. The protocol does not define new protocols.
962 It defines new attributes to existing BGP. When it is used exchanging
963 IPv6 routing information it is called BGP-4+. When it is used for
964 exchanging multicast routing information it is called MBGP.
966 @command{bgpd} supports Multiprotocol Extension for BGP. So if remote
967 peer supports the protocol, @command{bgpd} can exchange IPv6 and/or
968 multicast routing information.
970 Traditional BGP did not have the feature to detect remote peer's
971 capabilities, e.g. whether it can handle prefix types other than IPv4
972 unicast routes. This was a big problem using Multiprotocol Extension
973 for BGP to operational network. @cite{RFC2842, Capabilities
974 Advertisement with BGP-4} adopted a feature called Capability
975 Negotiation. @command{bgpd} use this Capability Negotiation to detect
976 the remote peer's capabilities. If the peer is only configured as IPv4
977 unicast neighbor, @command{bgpd} does not send these Capability
978 Negotiation packets (at least not unless other optional BGP features
979 require capability negotation).
981 By default, Quagga will bring up peering with minimal common capability
982 for the both sides. For example, local router has unicast and
983 multicast capabilitie and remote router has unicast capability. In
984 this case, the local router will establish the connection with unicast
985 only capability. When there are no common capabilities, Quagga sends
986 Unsupported Capability error and then resets the connection.
988 If you want to completely match capabilities with remote peer. Please
989 use @command{strict-capability-match} command.
991 @deffn {BGP} {neighbor @var{peer} strict-capability-match} {}
992 @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {}
993 Strictly compares remote capabilities and local capabilities. If capabilities
994 are different, send Unsupported Capability error then reset connection.
997 You may want to disable sending Capability Negotiation OPEN message
998 optional parameter to the peer when remote peer does not implement
999 Capability Negotiation. Please use @command{dont-capability-negotiate}
1000 command to disable the feature.
1002 @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {}
1003 @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {}
1004 Suppress sending Capability Negotiation as OPEN message optional
1005 parameter to the peer. This command only affects the peer is configured
1006 other than IPv4 unicast configuration.
1009 When remote peer does not have capability negotiation feature, remote
1010 peer will not send any capabilities at all. In that case, bgp
1011 configures the peer with configured capabilities.
1013 You may prefer locally configured capabilities more than the negotiated
1014 capabilities even though remote peer sends capabilities. If the peer
1015 is configured by @command{override-capability}, @command{bgpd} ignores
1016 received capabilities then override negotiated capabilities with
1019 @deffn {BGP} {neighbor @var{peer} override-capability} {}
1020 @deffnx {BGP} {no neighbor @var{peer} override-capability} {}
1021 Override the result of Capability Negotiation with local configuration.
1022 Ignore remote peer's capability value.
1025 @node Route Reflector
1026 @section Route Reflector
1028 @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {}
1031 @deffn {BGP} {neighbor @var{peer} route-reflector-client} {}
1032 @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {}
1036 @section Route Server
1038 At an Internet Exchange point, many ISPs are connected to each other by
1039 external BGP peering. Normally these external BGP connection are done by
1040 @samp{full mesh} method. As with internal BGP full mesh formation,
1041 this method has a scaling problem.
1043 This scaling problem is well known. Route Server is a method to resolve
1044 the problem. Each ISP's BGP router only peers to Route Server. Route
1045 Server serves as BGP information exchange to other BGP routers. By
1046 applying this method, numbers of BGP connections is reduced from
1047 O(n*(n-1)/2) to O(n).
1049 Unlike normal BGP router, Route Server must have several routing tables
1050 for managing different routing policies for each BGP speaker. We call the
1051 routing tables as different @code{view}s. @command{bgpd} can work as
1052 normal BGP router or Route Server or both at the same time.
1055 * Multiple instance::
1056 * BGP instance and view::
1058 * Viewing the view::
1061 @node Multiple instance
1062 @subsection Multiple instance
1064 To enable multiple view function of @code{bgpd}, you must turn on
1065 multiple instance feature beforehand.
1067 @deffn {Command} {bgp multiple-instance} {}
1068 Enable BGP multiple instance feature. After this feature is enabled,
1069 you can make multiple BGP instances or multiple BGP views.
1072 @deffn {Command} {no bgp multiple-instance} {}
1073 Disable BGP multiple instance feature. You can not disable this feature
1074 when BGP multiple instances or views exist.
1077 When you want to make configuration more Cisco like one,
1079 @deffn {Command} {bgp config-type cisco} {}
1080 Cisco compatible BGP configuration output.
1083 When bgp config-type cisco is specified,
1085 ``no synchronization'' is displayed.
1086 ``no auto-summary'' is displayed.
1088 ``network'' and ``aggregate-address'' argument is displayed as
1091 Quagga: network 10.0.0.0/8
1092 Cisco: network 10.0.0.0
1094 Quagga: aggregate-address 192.168.0.0/24
1095 Cisco: aggregate-address 192.168.0.0 255.255.255.0
1097 Community attribute handling is also different. If there is no
1098 configuration is specified community attribute and extended community
1099 attribute are sent to neighbor. When user manually disable the
1100 feature community attribute is not sent to the neighbor. In case of
1101 @command{bgp config-type cisco} is specified, community attribute is not
1102 sent to the neighbor by default. To send community attribute user has
1103 to specify @command{neighbor A.B.C.D send-community} command.
1108 neighbor 10.0.0.1 remote-as 1
1109 no neighbor 10.0.0.1 send-community
1112 neighbor 10.0.0.1 remote-as 1
1113 neighbor 10.0.0.1 send-community
1117 @deffn {Command} {bgp config-type zebra} {}
1118 Quagga style BGP configuration. This is default.
1121 @node BGP instance and view
1122 @subsection BGP instance and view
1124 BGP instance is a normal BGP process. The result of route selection
1125 goes to the kernel routing table. You can setup different AS at the
1126 same time when BGP multiple instance feature is enabled.
1128 @deffn {Command} {router bgp @var{as-number}} {}
1129 Make a new BGP instance. You can use arbitrary word for the @var{name}.
1134 bgp multiple-instance
1137 neighbor 10.0.0.1 remote-as 2
1138 neighbor 10.0.0.2 remote-as 3
1141 neighbor 10.0.0.3 remote-as 4
1142 neighbor 10.0.0.4 remote-as 5
1146 BGP view is almost same as normal BGP process. The result of
1147 route selection does not go to the kernel routing table. BGP view is
1148 only for exchanging BGP routing information.
1150 @deffn {Command} {router bgp @var{as-number} view @var{name}} {}
1151 Make a new BGP view. You can use arbitrary word for the @var{name}. This
1152 view's route selection result does not go to the kernel routing table.
1155 With this command, you can setup Route Server like below.
1159 bgp multiple-instance
1162 neighbor 10.0.0.1 remote-as 2
1163 neighbor 10.0.0.2 remote-as 3
1166 neighbor 10.0.0.3 remote-as 4
1167 neighbor 10.0.0.4 remote-as 5
1171 @node Routing policy
1172 @subsection Routing policy
1174 You can set different routing policy for a peer. For example, you can
1175 set different filter for a peer.
1179 bgp multiple-instance
1182 neighbor 10.0.0.1 remote-as 2
1183 neighbor 10.0.0.1 distribute-list 1 in
1186 neighbor 10.0.0.1 remote-as 2
1187 neighbor 10.0.0.1 distribute-list 2 in
1191 This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view
1192 2. When the update is inserted into view 1, distribute-list 1 is
1193 applied. On the other hand, when the update is inserted into view 2,
1194 distribute-list 2 is applied.
1196 @node Viewing the view
1197 @subsection Viewing the view
1199 To display routing table of BGP view, you must specify view name.
1201 @deffn {Command} {show ip bgp view @var{name}} {}
1202 Display routing table of BGP view @var{name}.
1205 @node How to set up a 6-Bone connection
1206 @section How to set up a 6-Bone connection
1214 ! Actually there is no need to configure zebra
1220 ! This means that routes go through zebra and into the kernel.
1224 ! MP-BGP configuration
1227 bgp router-id 10.0.0.1
1228 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number}
1231 network 3ffe:506::/32
1232 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
1233 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
1234 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number}
1235 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
1238 ipv6 access-list all permit any
1240 ! Set output nexthop address.
1242 route-map set-nexthop permit 10
1243 match ipv6 address all
1244 set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
1245 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
1247 ! logfile FILENAME is obsolete. Please use log file FILENAME
1254 @node Dump BGP packets and table
1255 @section Dump BGP packets and table
1257 @deffn Command {dump bgp all @var{path}} {}
1258 @deffnx Command {dump bgp all @var{path} @var{interval}} {}
1259 Dump all BGP packet and events to @var{path} file.
1262 @deffn Command {dump bgp updates @var{path}} {}
1263 @deffnx Command {dump bgp updates @var{path} @var{interval}} {}
1264 Dump BGP updates to @var{path} file.
1267 @deffn Command {dump bgp routes @var{path}} {}
1268 @deffnx Command {dump bgp routes @var{path}} {}
1269 Dump whole BGP routing table to @var{path}. This is heavy process.
1272 @node BGP Configuration Examples
1273 @section BGP Configuration Examples
1275 Example of a session to an upstream, advertising only one prefix to it.
1279 bgp router-id 10.236.87.1
1280 network 10.236.87.0/24
1281 neighbor upstream peer-group
1282 neighbor upstream remote-as 64515
1283 neighbor upstream capability dynamic
1284 neighbor upstream prefix-list pl-allowed-adv out
1285 neighbor 10.1.1.1 peer-group upstream
1286 neighbor 10.1.1.1 description ACME ISP
1288 ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
1289 ip prefix-list pl-allowed-adv seq 10 deny any
1293 A more complex example. With upstream, peer and customer sessions.
1294 Advertising global prefixes and NO_EXPORT prefixes and providing
1295 actions for customer routes based on community values. Extensive use of
1296 route-maps and the 'call' feature to support selective advertising of
1297 prefixes. This example is intended as guidance only, it has NOT been
1298 tested and almost certainly containts silly mistakes, if not serious
1303 bgp router-id 10.236.87.1
1304 network 10.123.456.0/24
1305 network 10.123.456.128/25 route-map rm-no-export
1306 neighbor upstream capability dynamic
1307 neighbor upstream route-map rm-upstream-out out
1308 neighbor cust capability dynamic
1309 neighbor cust route-map rm-cust-in in
1310 neighbor cust route-map rm-cust-out out
1311 neighbor cust send-community both
1312 neighbor peer capability dynamic
1313 neighbor peer route-map rm-peer-in in
1314 neighbor peer route-map rm-peer-out out
1315 neighbor peer send-community both
1316 neighbor 10.1.1.1 remote-as 64515
1317 neighbor 10.1.1.1 peer-group upstream
1318 neighbor 10.2.1.1 remote-as 64516
1319 neighbor 10.2.1.1 peer-group upstream
1320 neighbor 10.3.1.1 remote-as 64517
1321 neighbor 10.3.1.1 peer-group cust-default
1322 neighbor 10.3.1.1 description customer1
1323 neighbor 10.3.1.1 prefix-list pl-cust1-network in
1324 neighbor 10.4.1.1 remote-as 64518
1325 neighbor 10.4.1.1 peer-group cust
1326 neighbor 10.4.1.1 prefix-list pl-cust2-network in
1327 neighbor 10.4.1.1 description customer2
1328 neighbor 10.5.1.1 remote-as 64519
1329 neighbor 10.5.1.1 peer-group peer
1330 neighbor 10.5.1.1 prefix-list pl-peer1-network in
1331 neighbor 10.5.1.1 description peer AS 1
1332 neighbor 10.6.1.1 remote-as 64520
1333 neighbor 10.6.1.1 peer-group peer
1334 neighbor 10.6.1.1 prefix-list pl-peer2-network in
1335 neighbor 10.6.1.1 description peer AS 2
1337 ip prefix-list pl-default permit 0.0.0.0/0
1339 ip prefix-list pl-upstream-peers permit 10.1.1.1/32
1340 ip prefix-list pl-upstream-peers permit 10.2.1.1/32
1342 ip prefix-list pl-cust1-network permit 10.3.1.0/24
1343 ip prefix-list pl-cust1-network permit 10.3.2.0/24
1345 ip prefix-list pl-cust2-network permit 10.4.1.0/24
1347 ip prefix-list pl-peer1-network permit 10.5.1.0/24
1348 ip prefix-list pl-peer1-network permit 10.5.2.0/24
1349 ip prefix-list pl-peer1-network permit 192.168.0.0/24
1351 ip prefix-list pl-peer2-network permit 10.6.1.0/24
1352 ip prefix-list pl-peer2-network permit 10.6.2.0/24
1353 ip prefix-list pl-peer2-network permit 192.168.1.0/24
1354 ip prefix-list pl-peer2-network permit 192.168.2.0/24
1355 ip prefix-list pl-peer2-network permit 172.16.1/24
1357 ip as-path access-list asp-own-as permit ^$
1358 ip as-path access-list asp-own-as permit _64512_
1360 ! #################################################################
1361 ! Match communities we provide actions for, on routes receives from
1362 ! customers. Communities values of <our-ASN>:X, with X, have actions:
1364 ! 100 - blackhole the prefix
1365 ! 200 - set no_export
1366 ! 300 - advertise only to other customers
1367 ! 400 - advertise only to upstreams
1368 ! 500 - set no_export when advertising to upstreams
1369 ! 2X00 - set local_preference to X00
1371 ! blackhole the prefix of the route
1372 ip community-list standard cm-blackhole permit 64512:100
1374 ! set no-export community before advertising
1375 ip community-list standard cm-set-no-export permit 64512:200
1377 ! advertise only to other customers
1378 ip community-list standard cm-cust-only permit 64512:300
1380 ! advertise only to upstreams
1381 ip community-list standard cm-upstream-only permit 64512:400
1383 ! advertise to upstreams with no-export
1384 ip community-list standard cm-upstream-noexport permit 64512:500
1386 ! set local-pref to least significant 3 digits of the community
1387 ip community-list standard cm-prefmod-100 permit 64512:2100
1388 ip community-list standard cm-prefmod-200 permit 64512:2200
1389 ip community-list standard cm-prefmod-300 permit 64512:2300
1390 ip community-list standard cm-prefmod-400 permit 64512:2400
1391 ip community-list expanded cme-prefmod-range permit 64512:2...
1393 ! Informational communities
1395 ! 3000 - learned from upstream
1396 ! 3100 - learned from customer
1397 ! 3200 - learned from peer
1399 ip community-list standard cm-learnt-upstream permit 64512:3000
1400 ip community-list standard cm-learnt-cust permit 64512:3100
1401 ip community-list standard cm-learnt-peer permit 64512:3200
1403 ! ###################################################################
1404 ! Utility route-maps
1406 ! These utility route-maps generally should not used to permit/deny
1407 ! routes, i.e. they do not have meaning as filters, and hence probably
1408 ! should be used with 'on-match next'. These all finish with an empty
1409 ! permit entry so as not interfere with processing in the caller.
1411 route-map rm-no-export permit 10
1412 set community additive no-export
1413 route-map rm-no-export permit 20
1415 route-map rm-blackhole permit 10
1416 description blackhole, up-pref and ensure it cant escape this AS
1417 set ip next-hop 127.0.0.1
1418 set local-preference 10
1419 set community additive no-export
1420 route-map rm-blackhole permit 20
1422 ! Set local-pref as requested
1423 route-map rm-prefmod permit 10
1424 match community cm-prefmod-100
1425 set local-preference 100
1426 route-map rm-prefmod permit 20
1427 match community cm-prefmod-200
1428 set local-preference 200
1429 route-map rm-prefmod permit 30
1430 match community cm-prefmod-300
1431 set local-preference 300
1432 route-map rm-prefmod permit 40
1433 match community cm-prefmod-400
1434 set local-preference 400
1435 route-map rm-prefmod permit 50
1437 ! Community actions to take on receipt of route.
1438 route-map rm-community-in permit 10
1439 description check for blackholing, no point continuing if it matches.
1440 match community cm-blackhole
1442 route-map rm-community-in permit 20
1443 match community cm-set-no-export
1446 route-map rm-community-in permit 30
1447 match community cme-prefmod-range
1449 route-map rm-community-in permit 40
1451 ! #####################################################################
1452 ! Community actions to take when advertising a route.
1453 ! These are filtering route-maps,
1455 ! Deny customer routes to upstream with cust-only set.
1456 route-map rm-community-filt-to-upstream deny 10
1457 match community cm-learnt-cust
1458 match community cm-cust-only
1459 route-map rm-community-filt-to-upstream permit 20
1461 ! Deny customer routes to other customers with upstream-only set.
1462 route-map rm-community-filt-to-cust deny 10
1463 match community cm-learnt-cust
1464 match community cm-upstream-only
1465 route-map rm-community-filt-to-cust permit 20
1467 ! ###################################################################
1468 ! The top-level route-maps applied to sessions. Further entries could
1469 ! be added obviously..
1472 route-map rm-cust-in permit 10
1473 call rm-community-in
1475 route-map rm-cust-in permit 20
1476 set community additive 64512:3100
1477 route-map rm-cust-in permit 30
1479 route-map rm-cust-out permit 10
1480 call rm-community-filt-to-cust
1482 route-map rm-cust-out permit 20
1484 ! Upstream transit ASes
1485 route-map rm-upstream-out permit 10
1486 description filter customer prefixes which are marked cust-only
1487 call rm-community-filt-to-upstream
1489 route-map rm-upstream-out permit 20
1490 description only customer routes are provided to upstreams/peers
1491 match community cm-learnt-cust
1494 ! outbound policy is same as for upstream
1495 route-map rm-peer-out permit 10
1496 call rm-upstream-out
1498 route-map rm-peer-in permit 10
1499 set community additive 64512:3200