2 @c This is part of the Quagga Manual.
3 @c @value{COPYRIGHT_STR}
4 @c See file quagga.texi for copying conditions.
8 @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version
9 is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway
10 Protocols and de-fact standard of Inter Domain routing protocol.
11 BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol
14 Many extensions have been added to @cite{RFC1771}. @cite{RFC2858,
15 Multiprotocol Extensions for BGP-4} provides multiprotocol support to
24 * BGP Address Family::
26 * BGP Communities Attribute::
27 * BGP Extended Communities Attribute::
28 * Displaying BGP routes::
29 * Capability Negotiation::
32 * How to set up a 6-Bone connection::
33 * Dump BGP packets and table::
34 * BGP Configuration Examples::
40 Default configuration file of @command{bgpd} is @file{bgpd.conf}.
41 @command{bgpd} searches the current directory first then
42 @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be
43 configured in @file{bgpd.conf}.
45 @command{bgpd} specific invocation options are described below. Common
46 options may also be specified (@pxref{Common Invocation Options}).
50 @itemx --bgp_port=@var{PORT}
51 Set the bgp protocol's port number.
55 When program terminates, retain BGP routes added by zebra.
61 First of all you must configure BGP router with @command{router bgp}
62 command. To configure BGP router, you need AS number. AS number is an
63 identification of autonomous system. BGP protocol uses the AS number
64 for detecting whether the BGP connection is internal one or external one.
66 @deffn Command {router bgp @var{asn}} {}
67 Enable a BGP protocol process with the specified @var{asn}. After
68 this statement you can input any @code{BGP Commands}. You can not
69 create different BGP process under different @var{asn} without
70 specifying @code{multiple-instance} (@pxref{Multiple instance}).
73 @deffn Command {no router bgp @var{asn}} {}
74 Destroy a BGP protocol process with the specified @var{asn}.
77 @deffn {BGP} {bgp router-id @var{A.B.C.D}} {}
78 This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets
79 interface and address information. In that case default router ID value
80 is selected as the largest IP Address of the interfaces. When
81 @code{router zebra} is not enabled @command{bgpd} can't get interface information
82 so @code{router-id} is set to 0.0.0.0. So please set router-id by hand.
87 * BGP decision process::
88 * BGP route flap dampening::
92 @subsection BGP distance
94 @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {}
95 This command change distance value of BGP. Each argument is distance
96 value for external routes, internal routes and local routes.
99 @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {}
100 @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {}
101 This command set distance value to
104 @node BGP decision process
105 @subsection BGP decision process
108 @item 1. Weight check
110 @item 2. Local preference check.
112 @item 3. Local route check.
114 @item 4. AS path length check.
116 @item 5. Origin check.
121 @deffn {BGP} {bgp bestpath as-path confed} {}
122 This command specifies that the length of confederation path sets and
123 sequences should should be taken into account during the BGP best path
127 @deffn {BGP} {bgp bestpath as-path multipath-relax} {}
128 This command specifies that BGP decision process should consider paths
129 of equal AS_PATH length candidates for multipath computation. Without
130 the knob, the entire AS_PATH must match for multipath computation.
133 @node BGP route flap dampening
134 @subsection BGP route flap dampening
136 @deffn {BGP} {bgp dampening @var{<1-45>} @var{<1-20000>} @var{<1-20000>} @var{<1-255>}} {}
137 This command enables BGP route-flap dampening and specifies dampening parameters.
140 @item @asis{half-life}
141 Half-life time for the penalty
142 @item @asis{reuse-threshold}
143 Value to start reusing a route
144 @item @asis{suppress-threshold}
145 Value to start suppressing a route
146 @item @asis{max-suppress}
147 Maximum duration to suppress a stable route
150 The route-flap damping algorithm is compatible with @cite{RFC2439}. The use of this command
151 is not recommended nowadays, see @uref{http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378}.
159 * Route Aggregation::
160 * Redistribute to BGP::
164 @subsection BGP route
166 @deffn {BGP} {network @var{A.B.C.D/M}} {}
167 This command adds the announcement network.
174 This configuration example says that network 10.0.0.0/8 will be
175 announced to all neighbors. Some vendors' routers don't advertise
176 routes if they aren't present in their IGP routing tables; @code{bgpd}
177 doesn't care about IGP routes when announcing its routes.
180 @deffn {BGP} {no network @var{A.B.C.D/M}} {}
183 @node Route Aggregation
184 @subsection Route Aggregation
186 @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {}
187 This command specifies an aggregate address.
190 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {}
191 This command specifies an aggregate address. Resulting routes inlucde
195 @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {}
196 This command specifies an aggregate address. Aggreated routes will
200 @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {}
203 @node Redistribute to BGP
204 @subsection Redistribute to BGP
206 @deffn {BGP} {redistribute kernel} {}
207 Redistribute kernel route to BGP process.
210 @deffn {BGP} {redistribute static} {}
211 Redistribute static route to BGP process.
214 @deffn {BGP} {redistribute connected} {}
215 Redistribute connected route to BGP process.
218 @deffn {BGP} {redistribute rip} {}
219 Redistribute RIP route to BGP process.
222 @deffn {BGP} {redistribute ospf} {}
223 Redistribute OSPF route to BGP process.
226 @deffn {BGP} {update-delay @var{max-delay}} {}
227 @deffnx {BGP} {update-delay @var{max-delay} @var{establish-wait}} {}
228 This feature is used to enable read-only mode on BGP process restart or when
229 BGP process is cleared using 'clear ip bgp *'. When applicable, read-only mode
230 would begin as soon as the first peer reaches Established status and a timer
231 for max-delay seconds is started.
233 During this mode BGP doesn't run any best-path or generate any updates to its
234 peers. This mode continues until:
235 1. All the configured peers, except the shutdown peers, have sent explicit EOR
236 (End-Of-RIB) or an implicit-EOR. The first keep-alive after BGP has reached
237 Established is considered an implicit-EOR.
238 If the establish-wait optional value is given, then BGP will wait for
239 peers to reach established from the begining of the update-delay till the
240 establish-wait period is over, i.e. the minimum set of established peers for
241 which EOR is expected would be peers established during the establish-wait
242 window, not necessarily all the configured neighbors.
243 2. max-delay period is over.
244 On hitting any of the above two conditions, BGP resumes the decision process
245 and generates updates to its peers.
247 Default max-delay is 0, i.e. the feature is off by default.
255 * BGP Peer commands::
260 @subsection Defining Peer
262 @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {}
263 Creates a new neighbor whose remote-as is @var{asn}. @var{peer}
264 can be an IPv4 address or an IPv6 address.
268 neighbor 10.0.0.1 remote-as 2
271 In this case my router, in AS-1, is trying to peer with AS-2 at
274 This command must be the first command used when configuring a neighbor.
275 If the remote-as is not specified, @command{bgpd} will complain like this:
277 can't find neighbor 10.0.0.1
281 @node BGP Peer commands
282 @subsection BGP Peer commands
284 In a @code{router bgp} clause there are neighbor specific configurations
287 @deffn {BGP} {neighbor @var{peer} shutdown} {}
288 @deffnx {BGP} {no neighbor @var{peer} shutdown} {}
289 Shutdown the peer. We can delete the neighbor's configuration by
290 @code{no neighbor @var{peer} remote-as @var{as-number}} but all
291 configuration of the neighbor will be deleted. When you want to
292 preserve the configuration, but want to drop the BGP peer, use this
296 @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {}
297 @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {}
300 @deffn {BGP} {neighbor @var{peer} description ...} {}
301 @deffnx {BGP} {no neighbor @var{peer} description ...} {}
302 Set description of the peer.
305 @deffn {BGP} {neighbor @var{peer} version @var{version}} {}
306 Set up the neighbor's BGP version. @var{version} can be @var{4},
307 @var{4+} or @var{4-}. BGP version @var{4} is the default value used for
308 BGP peering. BGP version @var{4+} means that the neighbor supports
309 Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but
310 the neighbor speaks the old Internet-Draft revision 00's Multiprotocol
311 Extensions for BGP-4. Some routing software is still using this
315 @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {}
316 @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {}
317 When you connect to a BGP peer over an IPv6 link-local address, you
318 have to specify the @var{ifname} of the interface used for the
319 connection. To specify IPv4 session addresses, see the
320 @code{neighbor @var{peer} update-source} command below.
322 This command is deprecated and may be removed in a future release. Its
323 use should be avoided.
326 @deffn {BGP} {neighbor @var{peer} next-hop-self [all]} {}
327 @deffnx {BGP} {no neighbor @var{peer} next-hop-self [all]} {}
328 This command specifies an announced route's nexthop as being equivalent
329 to the address of the bgp router if it is learned via eBGP.
330 If the optional keyword @code{all} is specified the modifiation is done
331 also for routes learned via iBGP.
334 @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {}
335 @deffnx {BGP} {no neighbor @var{peer} update-source} {}
336 Specify the IPv4 source address to use for the @acronym{BGP} session to this
337 neighbour, may be specified as either an IPv4 address directly or
338 as an interface name (in which case the @command{zebra} daemon MUST be running
339 in order for @command{bgpd} to be able to retrieve interface state).
343 neighbor foo update-source 192.168.0.1
344 neighbor bar update-source lo0
349 @deffn {BGP} {neighbor @var{peer} default-originate} {}
350 @deffnx {BGP} {no neighbor @var{peer} default-originate} {}
351 @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it
352 is in routing table. When you want to announce default routes to the
353 peer, use this command.
356 @deffn {BGP} {neighbor @var{peer} port @var{port}} {}
357 @deffnx {BGP} {neighbor @var{peer} port @var{port}} {}
360 @deffn {BGP} {neighbor @var{peer} send-community} {}
361 @deffnx {BGP} {neighbor @var{peer} send-community} {}
364 @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {}
365 @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {}
366 This command specifies a default @var{weight} value for the neighbor's
370 @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {}
371 @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {}
374 @deffn {BGP} {neighbor @var{peer} local-as @var{as-number}} {}
375 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend} {}
376 @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend replace-as} {}
377 @deffnx {BGP} {no neighbor @var{peer} local-as} {}
378 Specify an alternate AS for this BGP process when interacting with the
379 specified peer. With no modifiers, the specified local-as is prepended to
380 the received AS_PATH when receiving routing updates from the peer, and
381 prepended to the outgoing AS_PATH (after the process local AS) when
382 transmitting local routes to the peer.
384 If the no-prepend attribute is specified, then the supplied local-as is not
385 prepended to the received AS_PATH.
387 If the replace-as attribute is specified, then only the supplied local-as is
388 prepended to the AS_PATH when transmitting local-route updates to this peer.
390 Note that replace-as can only be specified if no-prepend is.
392 This command is only allowed for eBGP peers.
395 @deffn {BGP} {neighbor @var{peer} ttl-security hops @var{number}} {}
396 @deffnx {BGP} {no neighbor @var{peer} ttl-security hops @var{number}} {}
397 This command enforces Generalized TTL Security Mechanism (GTSM), as
398 specified in RFC 5082. With this command, only neighbors that are the
399 specified number of hops away will be allowed to become neighbors. This
400 command is mututally exclusive with @command{ebgp-multihop}.
404 @subsection Peer filtering
406 @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {}
407 This command specifies a distribute-list for the peer. @var{direct} is
408 @samp{in} or @samp{out}.
411 @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {}
414 @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {}
417 @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {}
418 Apply a route-map on the neighbor. @var{direct} must be @code{in} or
422 @c -----------------------------------------------------------------------
424 @section BGP Peer Group
426 @deffn {BGP} {neighbor @var{word} peer-group} {}
427 This command defines a new peer group.
430 @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {}
431 This command bind specific peer to peer group @var{word}.
434 @node BGP Address Family
435 @section BGP Address Family
437 @c -----------------------------------------------------------------------
438 @node Autonomous System
439 @section Autonomous System
441 The @acronym{AS,Autonomous System} number is one of the essential
442 element of BGP. BGP is a distance vector routing protocol, and the
443 AS-Path framework provides distance vector metric and loop detection to
444 BGP. @cite{RFC1930, Guidelines for creation, selection, and
445 registration of an Autonomous System (AS)} provides some background on
446 the concepts of an AS.
448 The AS number is a two octet value, ranging in value from 1 to 65535.
449 The AS numbers 64512 through 65535 are defined as private AS numbers.
450 Private AS numbers must not to be advertised in the global Internet.
453 * AS Path Regular Expression::
454 * Display BGP Routes by AS Path::
455 * AS Path Access List::
456 * Using AS Path in Route Map::
457 * Private AS Numbers::
460 @node AS Path Regular Expression
461 @subsection AS Path Regular Expression
463 AS path regular expression can be used for displaying BGP routes and
464 AS path access list. AS path regular expression is based on
465 @code{POSIX 1003.2} regular expressions. Following description is
466 just a subset of @code{POSIX} regular expression. User can use full
467 @code{POSIX} regular expression. Adding to that special character '_'
468 is added for AS path regular expression.
472 Matches any single character.
474 Matches 0 or more occurrences of pattern.
476 Matches 1 or more occurrences of pattern.
478 Match 0 or 1 occurrences of pattern.
480 Matches the beginning of the line.
482 Matches the end of the line.
484 Character @code{_} has special meanings in AS path regular expression.
485 It matches to space and comma , and AS set delimiter @{ and @} and AS
486 confederation delimiter @code{(} and @code{)}. And it also matches to
487 the beginning of the line and the end of the line. So @code{_} can be
488 used for AS value boundaries match. @code{show ip bgp regexp _7675_}
489 matches to all of BGP routes which as AS number include @var{7675}.
492 @node Display BGP Routes by AS Path
493 @subsection Display BGP Routes by AS Path
495 To show BGP routes which has specific AS path information @code{show
496 ip bgp} command can be used.
498 @deffn Command {show ip bgp regexp @var{line}} {}
499 This commands display BGP routes that matches AS path regular
500 expression @var{line}.
503 @node AS Path Access List
504 @subsection AS Path Access List
506 AS path access list is user defined AS path.
508 @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
509 This command defines a new AS path access list.
512 @deffn {Command} {no ip as-path access-list @var{word}} {}
513 @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
516 @node Using AS Path in Route Map
517 @subsection Using AS Path in Route Map
519 @deffn {Route Map} {match as-path @var{word}} {}
522 @deffn {Route Map} {set as-path prepend @var{as-path}} {}
525 @node Private AS Numbers
526 @subsection Private AS Numbers
528 @c -----------------------------------------------------------------------
529 @node BGP Communities Attribute
530 @section BGP Communities Attribute
532 BGP communities attribute is widely used for implementing policy
533 routing. Network operators can manipulate BGP communities attribute
534 based on their network policy. BGP communities attribute is defined
535 in @cite{RFC1997, BGP Communities Attribute} and
536 @cite{RFC1998, An Application of the BGP Community Attribute
537 in Multi-home Routing}. It is an optional transitive attribute,
538 therefore local policy can travel through different autonomous system.
540 Communities attribute is a set of communities values. Each
541 communities value is 4 octet long. The following format is used to
542 define communities value.
546 This format represents 4 octet communities value. @code{AS} is high
547 order 2 octet in digit format. @code{VAL} is low order 2 octet in
548 digit format. This format is useful to define AS oriented policy
549 value. For example, @code{7675:80} can be used when AS 7675 wants to
550 pass local policy value 80 to neighboring peer.
552 @code{internet} represents well-known communities value 0.
554 @code{no-export} represents well-known communities value @code{NO_EXPORT}@*
555 @r{(0xFFFFFF01)}. All routes carry this value must not be advertised
556 to outside a BGP confederation boundary. If neighboring BGP peer is
557 part of BGP confederation, the peer is considered as inside a BGP
558 confederation boundary, so the route will be announced to the peer.
560 @code{no-advertise} represents well-known communities value
561 @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value
562 must not be advertise to other BGP peers.
564 @code{local-AS} represents well-known communities value
565 @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this
566 value must not be advertised to external BGP peers. Even if the
567 neighboring router is part of confederation, it is considered as
568 external BGP peer, so the route will not be announced to the peer.
571 When BGP communities attribute is received, duplicated communities
572 value in the communities attribute is ignored and each communities
573 values are sorted in numerical order.
576 * BGP Community Lists::
577 * Numbered BGP Community Lists::
578 * BGP Community in Route Map::
579 * Display BGP Routes by Community::
580 * Using BGP Communities Attribute::
583 @node BGP Community Lists
584 @subsection BGP Community Lists
586 BGP community list is a user defined BGP communites attribute list.
587 BGP community list can be used for matching or manipulating BGP
588 communities attribute in updates.
590 There are two types of community list. One is standard community
591 list and another is expanded community list. Standard community list
592 defines communities attribute. Expanded community list defines
593 communities attribute string with regular expression. Standard
594 community list is compiled into binary format when user define it.
595 Standard community list will be directly compared to BGP communities
596 attribute in BGP updates. Therefore the comparison is faster than
597 expanded community list.
599 @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {}
600 This command defines a new standard community list. @var{community}
601 is communities value. The @var{community} is compiled into community
602 structure. We can define multiple community list under same name. In
603 that case match will happen user defined order. Once the
604 community list matches to communities attribute in BGP updates it
605 return permit or deny by the community list definition. When there is
606 no matched entry, deny will be returned. When @var{community} is
607 empty it matches to any routes.
610 @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
611 This command defines a new expanded community list. @var{line} is a
612 string expression of communities attribute. @var{line} can include
613 regular expression to match communities attribute in BGP updates.
616 @deffn Command {no ip community-list @var{name}} {}
617 @deffnx Command {no ip community-list standard @var{name}} {}
618 @deffnx Command {no ip community-list expanded @var{name}} {}
619 These commands delete community lists specified by @var{name}. All of
620 community lists shares a single name space. So community lists can be
621 removed simpley specifying community lists name.
624 @deffn {Command} {show ip community-list} {}
625 @deffnx {Command} {show ip community-list @var{name}} {}
626 This command display current community list information. When
627 @var{name} is specified the specified community list's information is
631 # show ip community-list
632 Named Community standard list CLIST
633 permit 7675:80 7675:100 no-export
635 Named Community expanded list EXPAND
638 # show ip community-list CLIST
639 Named Community standard list CLIST
640 permit 7675:80 7675:100 no-export
645 @node Numbered BGP Community Lists
646 @subsection Numbered BGP Community Lists
648 When number is used for BGP community list name, the number has
649 special meanings. Community list number in the range from 1 and 99 is
650 standard community list. Community list number in the range from 100
651 to 199 is expanded community list. These community lists are called
652 as numbered community lists. On the other hand normal community lists
653 is called as named community lists.
655 @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {}
656 This command defines a new community list. <1-99> is standard
657 community list number. Community list name within this range defines
658 standard community list. When @var{community} is empty it matches to
662 @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {}
663 This command defines a new community list. <100-199> is expanded
664 community list number. Community list name within this range defines
665 expanded community list.
668 @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {}
669 When community list type is not specifed, the community list type is
670 automatically detected. If @var{community} can be compiled into
671 communities attribute, the community list is defined as a standard
672 community list. Otherwise it is defined as an expanded community
673 list. This feature is left for backward compability. Use of this
674 feature is not recommended.
677 @node BGP Community in Route Map
678 @subsection BGP Community in Route Map
680 In Route Map (@pxref{Route Map}), we can match or set BGP
681 communities attribute. Using this feature network operator can
682 implement their network policy based on BGP communities attribute.
684 Following commands can be used in Route Map.
686 @deffn {Route Map} {match community @var{word}} {}
687 @deffnx {Route Map} {match community @var{word} exact-match} {}
688 This command perform match to BGP updates using community list
689 @var{word}. When the one of BGP communities value match to the one of
690 communities value in community list, it is match. When
691 @code{exact-match} keyword is spcified, match happen only when BGP
692 updates have completely same communities value specified in the
696 @deffn {Route Map} {set community none} {}
697 @deffnx {Route Map} {set community @var{community}} {}
698 @deffnx {Route Map} {set community @var{community} additive} {}
699 This command manipulate communities value in BGP updates. When
700 @code{none} is specified as communities value, it removes entire
701 communities attribute from BGP updates. When @var{community} is not
702 @code{none}, specified communities value is set to BGP updates. If
703 BGP updates already has BGP communities value, the existing BGP
704 communities value is replaced with specified @var{community} value.
705 When @code{additive} keyword is specified, @var{community} is appended
706 to the existing communities value.
709 @deffn {Route Map} {set comm-list @var{word} delete} {}
710 This command remove communities value from BGP communities attribute.
711 The @var{word} is community list name. When BGP route's communities
712 value matches to the community list @var{word}, the communities value
713 is removed. When all of communities value is removed eventually, the
714 BGP update's communities attribute is completely removed.
717 @node Display BGP Routes by Community
718 @subsection Display BGP Routes by Community
720 To show BGP routes which has specific BGP communities attribute,
721 @code{show ip bgp} command can be used. The @var{community} value and
722 community list can be used for @code{show ip bgp} command.
724 @deffn Command {show ip bgp community} {}
725 @deffnx Command {show ip bgp community @var{community}} {}
726 @deffnx Command {show ip bgp community @var{community} exact-match} {}
727 @code{show ip bgp community} displays BGP routes which has communities
728 attribute. When @var{community} is specified, BGP routes that matches
729 @var{community} value is displayed. For this command, @code{internet}
730 keyword can't be used for @var{community} value. When
731 @code{exact-match} is specified, it display only routes that have an
735 @deffn Command {show ip bgp community-list @var{word}} {}
736 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
737 This commands display BGP routes that matches community list
738 @var{word}. When @code{exact-match} is specified, display only routes
739 that have an exact match.
742 @node Using BGP Communities Attribute
743 @subsection Using BGP Communities Attribute
745 Following configuration is the most typical usage of BGP communities
746 attribute. AS 7675 provides upstream Internet connection to AS 100.
747 When following configuration exists in AS 7675, AS 100 networks
748 operator can set local preference in AS 7675 network by setting BGP
749 communities attribute to the updates.
753 neighbor 192.168.0.1 remote-as 100
754 neighbor 192.168.0.1 route-map RMAP in
756 ip community-list 70 permit 7675:70
757 ip community-list 70 deny
758 ip community-list 80 permit 7675:80
759 ip community-list 80 deny
760 ip community-list 90 permit 7675:90
761 ip community-list 90 deny
763 route-map RMAP permit 10
765 set local-preference 70
767 route-map RMAP permit 20
769 set local-preference 80
771 route-map RMAP permit 30
773 set local-preference 90
776 Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
777 The route has communities value 7675:80 so when above configuration
778 exists in AS 7675, announced route's local preference will be set to
784 neighbor 192.168.0.2 remote-as 7675
785 neighbor 192.168.0.2 route-map RMAP out
787 ip prefix-list PLIST permit 10.0.0.0/8
789 route-map RMAP permit 10
790 match ip address prefix-list PLIST
791 set community 7675:80
794 Following configuration is an example of BGP route filtering using
795 communities attribute. This configuration only permit BGP routes
796 which has BGP communities value 0:80 or 0:90. Network operator can
797 put special internal communities value at BGP border router, then
798 limit the BGP routes announcement into the internal network.
802 neighbor 192.168.0.1 remote-as 100
803 neighbor 192.168.0.1 route-map RMAP in
805 ip community-list 1 permit 0:80 0:90
807 route-map RMAP permit in
811 Following exmaple filter BGP routes which has communities value 1:1.
812 When there is no match community-list returns deny. To avoid
813 filtering all of routes, we need to define permit any at last.
817 neighbor 192.168.0.1 remote-as 100
818 neighbor 192.168.0.1 route-map RMAP in
820 ip community-list standard FILTER deny 1:1
821 ip community-list standard FILTER permit
823 route-map RMAP permit 10
824 match community FILTER
827 Communities value keyword @code{internet} has special meanings in
828 standard community lists. In below example @code{internet} act as
829 match any. It matches all of BGP routes even if the route does not
830 have communities attribute at all. So community list @code{INTERNET}
831 is same as above example's @code{FILTER}.
834 ip community-list standard INTERNET deny 1:1
835 ip community-list standard INTERNET permit internet
838 Following configuration is an example of communities value deletion.
839 With this configuration communities value 100:1 and 100:2 is removed
840 from BGP updates. For communities value deletion, only @code{permit}
841 community-list is used. @code{deny} community-list is ignored.
845 neighbor 192.168.0.1 remote-as 100
846 neighbor 192.168.0.1 route-map RMAP in
848 ip community-list standard DEL permit 100:1 100:2
850 route-map RMAP permit 10
851 set comm-list DEL delete
854 @c -----------------------------------------------------------------------
855 @node BGP Extended Communities Attribute
856 @section BGP Extended Communities Attribute
858 BGP extended communities attribute is introduced with MPLS VPN/BGP
859 technology. MPLS VPN/BGP expands capability of network infrastructure
860 to provide VPN functionality. At the same time it requires a new
861 framework for policy routing. With BGP Extended Communities Attribute
862 we can use Route Target or Site of Origin for implementing network
863 policy for MPLS VPN/BGP.
865 BGP Extended Communities Attribute is similar to BGP Communities
866 Attribute. It is an optional transitive attribute. BGP Extended
867 Communities Attribute can carry multiple Extended Community value.
868 Each Extended Community value is eight octet length.
870 BGP Extended Communities Attribute provides an extended range
871 compared with BGP Communities Attribute. Adding to that there is a
872 type field in each value to provides community space structure.
874 There are two format to define Extended Community value. One is AS
875 based format the other is IP address based format.
879 This is a format to define AS based Extended Community value.
880 @code{AS} part is 2 octets Global Administrator subfield in Extended
881 Community value. @code{VAL} part is 4 octets Local Administrator
882 subfield. @code{7675:100} represents AS 7675 policy value 100.
884 This is a format to define IP address based Extended Community value.
885 @code{IP-Address} part is 4 octets Global Administrator subfield.
886 @code{VAL} part is 2 octets Local Administrator subfield.
887 @code{10.0.0.1:100} represents
891 * BGP Extended Community Lists::
892 * BGP Extended Communities in Route Map::
895 @node BGP Extended Community Lists
896 @subsection BGP Extended Community Lists
898 Expanded Community Lists is a user defined BGP Expanded Community
901 @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {}
902 This command defines a new standard extcommunity-list.
903 @var{extcommunity} is extended communities value. The
904 @var{extcommunity} is compiled into extended community structure. We
905 can define multiple extcommunity-list under same name. In that case
906 match will happen user defined order. Once the extcommunity-list
907 matches to extended communities attribute in BGP updates it return
908 permit or deny based upon the extcommunity-list definition. When
909 there is no matched entry, deny will be returned. When
910 @var{extcommunity} is empty it matches to any routes.
913 @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
914 This command defines a new expanded extcommunity-list. @var{line} is
915 a string expression of extended communities attribute. @var{line} can
916 include regular expression to match extended communities attribute in
920 @deffn Command {no ip extcommunity-list @var{name}} {}
921 @deffnx Command {no ip extcommunity-list standard @var{name}} {}
922 @deffnx Command {no ip extcommunity-list expanded @var{name}} {}
923 These commands delete extended community lists specified by
924 @var{name}. All of extended community lists shares a single name
925 space. So extended community lists can be removed simpley specifying
929 @deffn {Command} {show ip extcommunity-list} {}
930 @deffnx {Command} {show ip extcommunity-list @var{name}} {}
931 This command display current extcommunity-list information. When
932 @var{name} is specified the community list's information is shown.
935 # show ip extcommunity-list
939 @node BGP Extended Communities in Route Map
940 @subsection BGP Extended Communities in Route Map
942 @deffn {Route Map} {match extcommunity @var{word}} {}
945 @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {}
946 This command set Route Target value.
949 @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {}
950 This command set Site of Origin value.
953 @c -----------------------------------------------------------------------
954 @node Displaying BGP routes
955 @section Displaying BGP Routes
963 @subsection Show IP BGP
965 @deffn {Command} {show ip bgp} {}
966 @deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
967 @deffnx {Command} {show ip bgp @var{X:X::X:X}} {}
968 This command displays BGP routes. When no route is specified it
969 display all of IPv4 BGP routes.
973 BGP table version is 0, local router ID is 10.1.1.1
974 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
975 Origin codes: i - IGP, e - EGP, ? - incomplete
977 Network Next Hop Metric LocPrf Weight Path
978 *> 1.1.1.1/32 0.0.0.0 0 32768 i
980 Total number of prefixes 1
983 @node More Show IP BGP
984 @subsection More Show IP BGP
986 @deffn {Command} {show ip bgp regexp @var{line}} {}
987 This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}).
990 @deffn Command {show ip bgp community @var{community}} {}
991 @deffnx Command {show ip bgp community @var{community} exact-match} {}
992 This command display BGP routes using @var{community} (@pxref{Display
993 BGP Routes by Community}).
996 @deffn Command {show ip bgp community-list @var{word}} {}
997 @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
998 This command display BGP routes using community list (@pxref{Display
999 BGP Routes by Community}).
1002 @deffn {Command} {show ip bgp summary} {}
1005 @deffn {Command} {show ip bgp neighbor [@var{peer}]} {}
1008 @deffn {Command} {clear ip bgp @var{peer}} {}
1009 Clear peers which have addresses of X.X.X.X
1012 @deffn {Command} {clear ip bgp @var{peer} soft in} {}
1013 Clear peer using soft reconfiguration.
1016 @deffn {Command} {show ip bgp dampened-paths} {}
1017 Display paths suppressed due to dampening
1020 @deffn {Command} {show ip bgp flap-statistics} {}
1021 Display flap statistics of routes
1024 @deffn {Command} {show debug} {}
1027 @deffn {Command} {debug event} {}
1030 @deffn {Command} {debug update} {}
1033 @deffn {Command} {debug keepalive} {}
1036 @deffn {Command} {no debug event} {}
1039 @deffn {Command} {no debug update} {}
1042 @deffn {Command} {no debug keepalive} {}
1045 @node Capability Negotiation
1046 @section Capability Negotiation
1048 When adding IPv6 routing information exchange feature to BGP. There
1049 were some proposals. @acronym{IETF,Internet Engineering Task Force}
1050 @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted
1051 a proposal called Multiprotocol Extension for BGP. The specification
1052 is described in @cite{RFC2283}. The protocol does not define new protocols.
1053 It defines new attributes to existing BGP. When it is used exchanging
1054 IPv6 routing information it is called BGP-4+. When it is used for
1055 exchanging multicast routing information it is called MBGP.
1057 @command{bgpd} supports Multiprotocol Extension for BGP. So if remote
1058 peer supports the protocol, @command{bgpd} can exchange IPv6 and/or
1059 multicast routing information.
1061 Traditional BGP did not have the feature to detect remote peer's
1062 capabilities, e.g. whether it can handle prefix types other than IPv4
1063 unicast routes. This was a big problem using Multiprotocol Extension
1064 for BGP to operational network. @cite{RFC2842, Capabilities
1065 Advertisement with BGP-4} adopted a feature called Capability
1066 Negotiation. @command{bgpd} use this Capability Negotiation to detect
1067 the remote peer's capabilities. If the peer is only configured as IPv4
1068 unicast neighbor, @command{bgpd} does not send these Capability
1069 Negotiation packets (at least not unless other optional BGP features
1070 require capability negotation).
1072 By default, Quagga will bring up peering with minimal common capability
1073 for the both sides. For example, local router has unicast and
1074 multicast capabilitie and remote router has unicast capability. In
1075 this case, the local router will establish the connection with unicast
1076 only capability. When there are no common capabilities, Quagga sends
1077 Unsupported Capability error and then resets the connection.
1079 If you want to completely match capabilities with remote peer. Please
1080 use @command{strict-capability-match} command.
1082 @deffn {BGP} {neighbor @var{peer} strict-capability-match} {}
1083 @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {}
1084 Strictly compares remote capabilities and local capabilities. If capabilities
1085 are different, send Unsupported Capability error then reset connection.
1088 You may want to disable sending Capability Negotiation OPEN message
1089 optional parameter to the peer when remote peer does not implement
1090 Capability Negotiation. Please use @command{dont-capability-negotiate}
1091 command to disable the feature.
1093 @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {}
1094 @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {}
1095 Suppress sending Capability Negotiation as OPEN message optional
1096 parameter to the peer. This command only affects the peer is configured
1097 other than IPv4 unicast configuration.
1100 When remote peer does not have capability negotiation feature, remote
1101 peer will not send any capabilities at all. In that case, bgp
1102 configures the peer with configured capabilities.
1104 You may prefer locally configured capabilities more than the negotiated
1105 capabilities even though remote peer sends capabilities. If the peer
1106 is configured by @command{override-capability}, @command{bgpd} ignores
1107 received capabilities then override negotiated capabilities with
1110 @deffn {BGP} {neighbor @var{peer} override-capability} {}
1111 @deffnx {BGP} {no neighbor @var{peer} override-capability} {}
1112 Override the result of Capability Negotiation with local configuration.
1113 Ignore remote peer's capability value.
1116 @node Route Reflector
1117 @section Route Reflector
1119 @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {}
1122 @deffn {BGP} {neighbor @var{peer} route-reflector-client} {}
1123 @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {}
1127 @section Route Server
1129 At an Internet Exchange point, many ISPs are connected to each other by
1130 external BGP peering. Normally these external BGP connection are done by
1131 @samp{full mesh} method. As with internal BGP full mesh formation,
1132 this method has a scaling problem.
1134 This scaling problem is well known. Route Server is a method to resolve
1135 the problem. Each ISP's BGP router only peers to Route Server. Route
1136 Server serves as BGP information exchange to other BGP routers. By
1137 applying this method, numbers of BGP connections is reduced from
1138 O(n*(n-1)/2) to O(n).
1140 Unlike normal BGP router, Route Server must have several routing tables
1141 for managing different routing policies for each BGP speaker. We call the
1142 routing tables as different @code{view}s. @command{bgpd} can work as
1143 normal BGP router or Route Server or both at the same time.
1146 * Multiple instance::
1147 * BGP instance and view::
1149 * Viewing the view::
1152 @node Multiple instance
1153 @subsection Multiple instance
1155 To enable multiple view function of @code{bgpd}, you must turn on
1156 multiple instance feature beforehand.
1158 @deffn {Command} {bgp multiple-instance} {}
1159 Enable BGP multiple instance feature. After this feature is enabled,
1160 you can make multiple BGP instances or multiple BGP views.
1163 @deffn {Command} {no bgp multiple-instance} {}
1164 Disable BGP multiple instance feature. You can not disable this feature
1165 when BGP multiple instances or views exist.
1168 When you want to make configuration more Cisco like one,
1170 @deffn {Command} {bgp config-type cisco} {}
1171 Cisco compatible BGP configuration output.
1174 When bgp config-type cisco is specified,
1176 ``no synchronization'' is displayed.
1177 ``no auto-summary'' is displayed.
1179 ``network'' and ``aggregate-address'' argument is displayed as
1182 Quagga: network 10.0.0.0/8
1183 Cisco: network 10.0.0.0
1185 Quagga: aggregate-address 192.168.0.0/24
1186 Cisco: aggregate-address 192.168.0.0 255.255.255.0
1188 Community attribute handling is also different. If there is no
1189 configuration is specified community attribute and extended community
1190 attribute are sent to neighbor. When user manually disable the
1191 feature community attribute is not sent to the neighbor. In case of
1192 @command{bgp config-type cisco} is specified, community attribute is not
1193 sent to the neighbor by default. To send community attribute user has
1194 to specify @command{neighbor A.B.C.D send-community} command.
1199 neighbor 10.0.0.1 remote-as 1
1200 no neighbor 10.0.0.1 send-community
1203 neighbor 10.0.0.1 remote-as 1
1204 neighbor 10.0.0.1 send-community
1208 @deffn {Command} {bgp config-type zebra} {}
1209 Quagga style BGP configuration. This is default.
1212 @node BGP instance and view
1213 @subsection BGP instance and view
1215 BGP instance is a normal BGP process. The result of route selection
1216 goes to the kernel routing table. You can setup different AS at the
1217 same time when BGP multiple instance feature is enabled.
1219 @deffn {Command} {router bgp @var{as-number}} {}
1220 Make a new BGP instance. You can use arbitrary word for the @var{name}.
1225 bgp multiple-instance
1228 neighbor 10.0.0.1 remote-as 2
1229 neighbor 10.0.0.2 remote-as 3
1232 neighbor 10.0.0.3 remote-as 4
1233 neighbor 10.0.0.4 remote-as 5
1237 BGP view is almost same as normal BGP process. The result of
1238 route selection does not go to the kernel routing table. BGP view is
1239 only for exchanging BGP routing information.
1241 @deffn {Command} {router bgp @var{as-number} view @var{name}} {}
1242 Make a new BGP view. You can use arbitrary word for the @var{name}. This
1243 view's route selection result does not go to the kernel routing table.
1246 With this command, you can setup Route Server like below.
1250 bgp multiple-instance
1253 neighbor 10.0.0.1 remote-as 2
1254 neighbor 10.0.0.2 remote-as 3
1257 neighbor 10.0.0.3 remote-as 4
1258 neighbor 10.0.0.4 remote-as 5
1262 @node Routing policy
1263 @subsection Routing policy
1265 You can set different routing policy for a peer. For example, you can
1266 set different filter for a peer.
1270 bgp multiple-instance
1273 neighbor 10.0.0.1 remote-as 2
1274 neighbor 10.0.0.1 distribute-list 1 in
1277 neighbor 10.0.0.1 remote-as 2
1278 neighbor 10.0.0.1 distribute-list 2 in
1282 This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view
1283 2. When the update is inserted into view 1, distribute-list 1 is
1284 applied. On the other hand, when the update is inserted into view 2,
1285 distribute-list 2 is applied.
1287 @node Viewing the view
1288 @subsection Viewing the view
1290 To display routing table of BGP view, you must specify view name.
1292 @deffn {Command} {show ip bgp view @var{name}} {}
1293 Display routing table of BGP view @var{name}.
1296 @node How to set up a 6-Bone connection
1297 @section How to set up a 6-Bone connection
1305 ! Actually there is no need to configure zebra
1311 ! This means that routes go through zebra and into the kernel.
1315 ! MP-BGP configuration
1318 bgp router-id 10.0.0.1
1319 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number}
1322 network 3ffe:506::/32
1323 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
1324 neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
1325 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number}
1326 neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
1329 ipv6 access-list all permit any
1331 ! Set output nexthop address.
1333 route-map set-nexthop permit 10
1334 match ipv6 address all
1335 set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
1336 set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
1338 ! logfile FILENAME is obsolete. Please use log file FILENAME
1345 @node Dump BGP packets and table
1346 @section Dump BGP packets and table
1348 @deffn Command {dump bgp all @var{path}} {}
1349 @deffnx Command {dump bgp all @var{path} @var{interval}} {}
1350 Dump all BGP packet and events to @var{path} file.
1353 @deffn Command {dump bgp updates @var{path}} {}
1354 @deffnx Command {dump bgp updates @var{path} @var{interval}} {}
1355 Dump BGP updates to @var{path} file.
1358 @deffn Command {dump bgp routes @var{path}} {}
1359 @deffnx Command {dump bgp routes @var{path}} {}
1360 Dump whole BGP routing table to @var{path}. This is heavy process.
1363 @node BGP Configuration Examples
1364 @section BGP Configuration Examples
1366 Example of a session to an upstream, advertising only one prefix to it.
1370 bgp router-id 10.236.87.1
1371 network 10.236.87.0/24
1372 neighbor upstream peer-group
1373 neighbor upstream remote-as 64515
1374 neighbor upstream capability dynamic
1375 neighbor upstream prefix-list pl-allowed-adv out
1376 neighbor 10.1.1.1 peer-group upstream
1377 neighbor 10.1.1.1 description ACME ISP
1379 ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
1380 ip prefix-list pl-allowed-adv seq 10 deny any
1384 A more complex example. With upstream, peer and customer sessions.
1385 Advertising global prefixes and NO_EXPORT prefixes and providing
1386 actions for customer routes based on community values. Extensive use of
1387 route-maps and the 'call' feature to support selective advertising of
1388 prefixes. This example is intended as guidance only, it has NOT been
1389 tested and almost certainly containts silly mistakes, if not serious
1394 bgp router-id 10.236.87.1
1395 network 10.123.456.0/24
1396 network 10.123.456.128/25 route-map rm-no-export
1397 neighbor upstream capability dynamic
1398 neighbor upstream route-map rm-upstream-out out
1399 neighbor cust capability dynamic
1400 neighbor cust route-map rm-cust-in in
1401 neighbor cust route-map rm-cust-out out
1402 neighbor cust send-community both
1403 neighbor peer capability dynamic
1404 neighbor peer route-map rm-peer-in in
1405 neighbor peer route-map rm-peer-out out
1406 neighbor peer send-community both
1407 neighbor 10.1.1.1 remote-as 64515
1408 neighbor 10.1.1.1 peer-group upstream
1409 neighbor 10.2.1.1 remote-as 64516
1410 neighbor 10.2.1.1 peer-group upstream
1411 neighbor 10.3.1.1 remote-as 64517
1412 neighbor 10.3.1.1 peer-group cust-default
1413 neighbor 10.3.1.1 description customer1
1414 neighbor 10.3.1.1 prefix-list pl-cust1-network in
1415 neighbor 10.4.1.1 remote-as 64518
1416 neighbor 10.4.1.1 peer-group cust
1417 neighbor 10.4.1.1 prefix-list pl-cust2-network in
1418 neighbor 10.4.1.1 description customer2
1419 neighbor 10.5.1.1 remote-as 64519
1420 neighbor 10.5.1.1 peer-group peer
1421 neighbor 10.5.1.1 prefix-list pl-peer1-network in
1422 neighbor 10.5.1.1 description peer AS 1
1423 neighbor 10.6.1.1 remote-as 64520
1424 neighbor 10.6.1.1 peer-group peer
1425 neighbor 10.6.1.1 prefix-list pl-peer2-network in
1426 neighbor 10.6.1.1 description peer AS 2
1428 ip prefix-list pl-default permit 0.0.0.0/0
1430 ip prefix-list pl-upstream-peers permit 10.1.1.1/32
1431 ip prefix-list pl-upstream-peers permit 10.2.1.1/32
1433 ip prefix-list pl-cust1-network permit 10.3.1.0/24
1434 ip prefix-list pl-cust1-network permit 10.3.2.0/24
1436 ip prefix-list pl-cust2-network permit 10.4.1.0/24
1438 ip prefix-list pl-peer1-network permit 10.5.1.0/24
1439 ip prefix-list pl-peer1-network permit 10.5.2.0/24
1440 ip prefix-list pl-peer1-network permit 192.168.0.0/24
1442 ip prefix-list pl-peer2-network permit 10.6.1.0/24
1443 ip prefix-list pl-peer2-network permit 10.6.2.0/24
1444 ip prefix-list pl-peer2-network permit 192.168.1.0/24
1445 ip prefix-list pl-peer2-network permit 192.168.2.0/24
1446 ip prefix-list pl-peer2-network permit 172.16.1/24
1448 ip as-path access-list asp-own-as permit ^$
1449 ip as-path access-list asp-own-as permit _64512_
1451 ! #################################################################
1452 ! Match communities we provide actions for, on routes receives from
1453 ! customers. Communities values of <our-ASN>:X, with X, have actions:
1455 ! 100 - blackhole the prefix
1456 ! 200 - set no_export
1457 ! 300 - advertise only to other customers
1458 ! 400 - advertise only to upstreams
1459 ! 500 - set no_export when advertising to upstreams
1460 ! 2X00 - set local_preference to X00
1462 ! blackhole the prefix of the route
1463 ip community-list standard cm-blackhole permit 64512:100
1465 ! set no-export community before advertising
1466 ip community-list standard cm-set-no-export permit 64512:200
1468 ! advertise only to other customers
1469 ip community-list standard cm-cust-only permit 64512:300
1471 ! advertise only to upstreams
1472 ip community-list standard cm-upstream-only permit 64512:400
1474 ! advertise to upstreams with no-export
1475 ip community-list standard cm-upstream-noexport permit 64512:500
1477 ! set local-pref to least significant 3 digits of the community
1478 ip community-list standard cm-prefmod-100 permit 64512:2100
1479 ip community-list standard cm-prefmod-200 permit 64512:2200
1480 ip community-list standard cm-prefmod-300 permit 64512:2300
1481 ip community-list standard cm-prefmod-400 permit 64512:2400
1482 ip community-list expanded cme-prefmod-range permit 64512:2...
1484 ! Informational communities
1486 ! 3000 - learned from upstream
1487 ! 3100 - learned from customer
1488 ! 3200 - learned from peer
1490 ip community-list standard cm-learnt-upstream permit 64512:3000
1491 ip community-list standard cm-learnt-cust permit 64512:3100
1492 ip community-list standard cm-learnt-peer permit 64512:3200
1494 ! ###################################################################
1495 ! Utility route-maps
1497 ! These utility route-maps generally should not used to permit/deny
1498 ! routes, i.e. they do not have meaning as filters, and hence probably
1499 ! should be used with 'on-match next'. These all finish with an empty
1500 ! permit entry so as not interfere with processing in the caller.
1502 route-map rm-no-export permit 10
1503 set community additive no-export
1504 route-map rm-no-export permit 20
1506 route-map rm-blackhole permit 10
1507 description blackhole, up-pref and ensure it cant escape this AS
1508 set ip next-hop 127.0.0.1
1509 set local-preference 10
1510 set community additive no-export
1511 route-map rm-blackhole permit 20
1513 ! Set local-pref as requested
1514 route-map rm-prefmod permit 10
1515 match community cm-prefmod-100
1516 set local-preference 100
1517 route-map rm-prefmod permit 20
1518 match community cm-prefmod-200
1519 set local-preference 200
1520 route-map rm-prefmod permit 30
1521 match community cm-prefmod-300
1522 set local-preference 300
1523 route-map rm-prefmod permit 40
1524 match community cm-prefmod-400
1525 set local-preference 400
1526 route-map rm-prefmod permit 50
1528 ! Community actions to take on receipt of route.
1529 route-map rm-community-in permit 10
1530 description check for blackholing, no point continuing if it matches.
1531 match community cm-blackhole
1533 route-map rm-community-in permit 20
1534 match community cm-set-no-export
1537 route-map rm-community-in permit 30
1538 match community cme-prefmod-range
1540 route-map rm-community-in permit 40
1542 ! #####################################################################
1543 ! Community actions to take when advertising a route.
1544 ! These are filtering route-maps,
1546 ! Deny customer routes to upstream with cust-only set.
1547 route-map rm-community-filt-to-upstream deny 10
1548 match community cm-learnt-cust
1549 match community cm-cust-only
1550 route-map rm-community-filt-to-upstream permit 20
1552 ! Deny customer routes to other customers with upstream-only set.
1553 route-map rm-community-filt-to-cust deny 10
1554 match community cm-learnt-cust
1555 match community cm-upstream-only
1556 route-map rm-community-filt-to-cust permit 20
1558 ! ###################################################################
1559 ! The top-level route-maps applied to sessions. Further entries could
1560 ! be added obviously..
1563 route-map rm-cust-in permit 10
1564 call rm-community-in
1566 route-map rm-cust-in permit 20
1567 set community additive 64512:3100
1568 route-map rm-cust-in permit 30
1570 route-map rm-cust-out permit 10
1571 call rm-community-filt-to-cust
1573 route-map rm-cust-out permit 20
1575 ! Upstream transit ASes
1576 route-map rm-upstream-out permit 10
1577 description filter customer prefixes which are marked cust-only
1578 call rm-community-filt-to-upstream
1580 route-map rm-upstream-out permit 20
1581 description only customer routes are provided to upstreams/peers
1582 match community cm-learnt-cust
1585 ! outbound policy is same as for upstream
1586 route-map rm-peer-out permit 10
1587 call rm-upstream-out
1589 route-map rm-peer-in permit 10
1590 set community additive 64512:3200