* Autonomous System::
* BGP Communities Attribute::
* BGP Extended Communities Attribute::
-* Displaying BGP routes::
+* BGP Large Communities Attribute::
+* Displaying BGP information::
* Capability Negotiation::
* Route Reflector::
* Route Server::
+* BGP Regular Expressions::
* How to set up a 6-Bone connection::
* Dump BGP packets and table::
* BGP Configuration Examples::
+* Prefix Origin Validation Using RPKI::
@end menu
@node Starting BGP
@example
@group
router bgp 1
- network 10.0.0.0/8
+ address-family ipv4 unicast
+ network 10.0.0.0/8
+ exit-address-family
@end group
@end example
This configuration example says that network 10.0.0.0/8 will be
@cite{RFC4364} and @cite{RFC4659}, and Encapsulation information
@cite{RFC5512} is supported.
-@deffn {Command} {show ip bgp vpnv4 all} {}
-@deffnx {Command} {show ipv6 bgp vpn all} {}
+@deffn {Command} {show ip bgp ipv4 vpn} {}
+@deffnx {Command} {show ipv6 bgp ipv6 vpn} {}
Print active IPV4 or IPV6 routes advertised via the VPN SAFI.
@end deffn
Private AS numbers must not to be advertised in the global Internet.
@menu
-* AS Path Regular Expression::
* Display BGP Routes by AS Path::
* AS Path Access List::
* Using AS Path in Route Map::
* Private AS Numbers::
@end menu
-@node AS Path Regular Expression
-@subsection AS Path Regular Expression
-
-AS path regular expression can be used for displaying BGP routes and
-AS path access list. AS path regular expression is based on
-@code{POSIX 1003.2} regular expressions. Following description is
-just a subset of @code{POSIX} regular expression. User can use full
-@code{POSIX} regular expression. Adding to that special character '_'
-is added for AS path regular expression.
-
-@table @code
-@item .
-Matches any single character.
-@item *
-Matches 0 or more occurrences of pattern.
-@item +
-Matches 1 or more occurrences of pattern.
-@item ?
-Match 0 or 1 occurrences of pattern.
-@item ^
-Matches the beginning of the line.
-@item $
-Matches the end of the line.
-@item _
-Character @code{_} has special meanings in AS path regular expression.
-It matches to space and comma , and AS set delimiter @{ and @} and AS
-confederation delimiter @code{(} and @code{)}. And it also matches to
-the beginning of the line and the end of the line. So @code{_} can be
-used for AS value boundaries match. @code{show ip bgp regexp _7675_}
-matches to all of BGP routes which as AS number include @var{7675}.
-@end table
-
@node Display BGP Routes by AS Path
@subsection Display BGP Routes by AS Path
To show BGP routes which has specific AS path information @code{show
ip bgp} command can be used.
-@deffn Command {show ip bgp regexp @var{line}} {}
-This commands display BGP routes that matches AS path regular
-expression @var{line}.
+@deffn Command {show bgp @{ipv4|ipv6@} regexp @var{line}} {}
+This commands displays BGP routes that matches a regular
+expression @var{line} (@pxref{BGP Regular Expressions}).
@end deffn
@node AS Path Access List
@deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
This command defines a new expanded community list. @var{line} is a
-string expression of communities attribute. @var{line} can include
-regular expression to match communities attribute in BGP updates.
+string expression of communities attribute. @var{line} can be a
+regular expression (@pxref{BGP Regular Expressions}) to match
+the communities attribute in BGP updates.
@end deffn
@deffn Command {no ip community-list @var{name}} {}
@deffn {Command} {show ip community-list} {}
@deffnx {Command} {show ip community-list @var{name}} {}
-This command display current community list information. When
+This command displays current community list information. When
@var{name} is specified the specified community list's information is
shown.
@subsection Display BGP Routes by Community
To show BGP routes which has specific BGP communities attribute,
-@code{show ip bgp} command can be used. The @var{community} value and
-community list can be used for @code{show ip bgp} command.
+@code{show bgp @{ipv4|ipv6@}} command can be used. The
+@var{community} and @var{community-list} subcommand can be used.
-@deffn Command {show ip bgp community} {}
-@deffnx Command {show ip bgp community @var{community}} {}
-@deffnx Command {show ip bgp community @var{community} exact-match} {}
-@code{show ip bgp community} displays BGP routes which has communities
-attribute. When @var{community} is specified, BGP routes that matches
-@var{community} value is displayed. For this command, @code{internet}
-keyword can't be used for @var{community} value. When
-@code{exact-match} is specified, it display only routes that have an
-exact match.
+@deffn Command {show bgp @{ipv4|ipv6@} community} {}
+@deffnx Command {show bgp @{ipv4|ipv6@} community @var{community}} {}
+@deffnx Command {show bgp @{ipv4|ipv6@} community @var{community} exact-match} {}
+@code{show bgp @{ipv4|ipv6@} community} displays BGP routes which has communities
+attribute. Where the address family can be IPv4 or IPv6 among others. When
+@var{community} is specified, BGP routes that matches @var{community} value is
+displayed. For this command, @code{internet} keyword can't be used for
+@var{community} value. When @code{exact-match} is specified, it display only
+routes that have an exact match.
@end deffn
-@deffn Command {show ip bgp community-list @var{word}} {}
-@deffnx Command {show ip bgp community-list @var{word} exact-match} {}
-This commands display BGP routes that matches community list
-@var{word}. When @code{exact-match} is specified, display only routes
-that have an exact match.
+@deffn Command {show bgp @{ipv4|ipv6@} community-list @var{word}} {}
+@deffnx Command {show bgp @{ipv4|ipv6@} community-list @var{word} exact-match} {}
+This commands display BGP routes for the address family specified that matches
+community list @var{word}. When @code{exact-match} is specified, display only
+routes that have an exact match.
@end deffn
@node Using BGP Communities Attribute
@example
router bgp 7675
neighbor 192.168.0.1 remote-as 100
- neighbor 192.168.0.1 route-map RMAP in
+ address-family ipv4 unicast
+ neighbor 192.168.0.1 route-map RMAP in
+ exit-address-family
!
ip community-list 70 permit 7675:70
ip community-list 70 deny
router bgp 100
network 10.0.0.0/8
neighbor 192.168.0.2 remote-as 7675
- neighbor 192.168.0.2 route-map RMAP out
+ address-family ipv4 unicast
+ neighbor 192.168.0.2 route-map RMAP out
+ exit-address-family
!
ip prefix-list PLIST permit 10.0.0.0/8
!
@example
router bgp 7675
neighbor 192.168.0.1 remote-as 100
- neighbor 192.168.0.1 route-map RMAP in
+ address-family ipv4 unicast
+ neighbor 192.168.0.1 route-map RMAP in
+ exit-address-family
!
ip community-list 1 permit 0:80 0:90
!
@example
router bgp 7675
neighbor 192.168.0.1 remote-as 100
- neighbor 192.168.0.1 route-map RMAP in
+ address-family ipv4 unicast
+ neighbor 192.168.0.1 route-map RMAP in
+ exit-address-family
!
ip community-list standard FILTER deny 1:1
ip community-list standard FILTER permit
@example
router bgp 7675
neighbor 192.168.0.1 remote-as 100
- neighbor 192.168.0.1 route-map RMAP in
+ address-family ipv4 unicast
+ neighbor 192.168.0.1 route-map RMAP in
+ exit-address-family
!
ip community-list standard DEL permit 100:1 100:2
!
@deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
This command defines a new expanded extcommunity-list. @var{line} is
a string expression of extended communities attribute. @var{line} can
-include regular expression to match extended communities attribute in
-BGP updates.
+be a regular expression (@pxref{BGP Regular Expressions}) to match an
+extended communities attribute in BGP updates.
@end deffn
@deffn Command {no ip extcommunity-list @var{name}} {}
@deffn {Command} {show ip extcommunity-list} {}
@deffnx {Command} {show ip extcommunity-list @var{name}} {}
-This command display current extcommunity-list information. When
+This command displays current extcommunity-list information. When
@var{name} is specified the community list's information is shown.
@example
@end deffn
@c -----------------------------------------------------------------------
-@node Displaying BGP routes
-@section Displaying BGP Routes
+@node BGP Large Communities Attribute
+@section BGP Large Communities Attribute
+
+The BGP Large Communities attribute was introduced in Feb 2017 with
+@cite{RFC8092, BGP Large Communities Attribute}.
+
+The BGP Large Communities Attribute is similar to the BGP Communities
+Attribute except that it has 3 components instead of two and each of
+which are 4 octets in length. Large Communities bring additional
+functionality and convenience over traditional communities, specifically
+the fact that the @code{GLOBAL} part below is now 4 octets wide allowing
+AS4 operators seamless use.
+
+@table @code
+@item GLOBAL:LOCAL1:LOCAL2
+This is the format to define Large Community values. Referencing
+@cite{RFC8195, Use of BGP Large Communities} the values are commonly
+referred to as follows.
+The @code{GLOBAL} part is a 4 octet Global Administrator field, common
+use of this field is the operators AS number.
+The @code{LOCAL1} part is a 4 octet Local Data Part 1 subfield referred
+to as a function.
+The @code{LOCAL2} part is a 4 octet Local Data Part 2 field and referred
+to as the parameter subfield. @code{65551:1:10} represents AS 65551
+function 1 and parameter 10.
+The referenced RFC above gives some guidelines on recommended usage.
+@end table
@menu
-* Show IP BGP::
-* More Show IP BGP::
+* BGP Large Community Lists::
+* BGP Large Communities in Route Map::
@end menu
-@node Show IP BGP
-@subsection Show IP BGP
+@node BGP Large Community Lists
+@subsection BGP Large Community Lists
+
+Two types of large community lists are supported, namely @code{standard} and
+@code{expanded}.
+
+@deffn Command {ip large-community-list standard @var{name} @{permit|deny@} @var{large-community}} {}
+This command defines a new standard large-community-list.
+@var{large-community} is the Large Community value. We
+can add multiple large communities under same name. In that case
+the match will happen in the user defined order. Once the large-community-list
+matches the Large Communities attribute in BGP updates it will return
+permit or deny based upon the large-community-list definition. When
+there is no matched entry, a deny will be returned. When @var{large-community}
+is empty it matches any routes.
+@end deffn
+
+@deffn Command {ip large-community-list expanded @var{name} @{permit|deny@} @var{line}} {}
+This command defines a new expanded large-community-list. Where @var{line} is
+a string matching expression, it will be compared to the entire Large Communities
+attribute as a string, with each large-community in order from lowest to highest.
+@var{line} can also be a regular expression which matches this Large
+Community attribute.
+@end deffn
+
+@deffn Command {no ip large-community-list @var{name}} {}
+@deffnx Command {no ip large-community-list standard @var{name}} {}
+@deffnx Command {no ip large-community-list expanded @var{name}} {}
+These commands delete Large Community lists specified by
+@var{name}. All Large Community lists share a single namespace.
+This means Large Community lists can be removed by simply specifying the name.
+@end deffn
+
+@deffn {Command} {show ip large-community-list} {}
+@deffnx {Command} {show ip large-community-list @var{name}} {}
+This command display current large-community-list information. When
+@var{name} is specified the community list information is shown.
+@end deffn
+
+@deffn {Command} {show ip bgp large-community-info} {}
+This command displays the current large communities in use.
+@end deffn
+
+@node BGP Large Communities in Route Map
+@subsection BGP Large Communities in Route Map
+
+@deffn {Route Map} {match large-community @var{line}} {}
+Where @var{line} can be a simple string to match, or a regular expression.
+It is very important to note that this match occurs on the entire
+large-community string as a whole, where each large-community is ordered
+from lowest to highest.
+@end deffn
+
+@deffn {Route Map} {set large-community @var{large-community}} {}
+@deffnx {Route Map} {set large-community @var{large-community} @var{large-community}} {}
+@deffnx {Route Map} {set large-community @var{large-community} additive} {}
+These commands are used for setting large-community values. The first
+command will overwrite any large-communities currently present.
+The second specifies two large-communities, which overwrites the current
+large-community list. The third will add a large-community value without
+overwriting other values. Multiple large-community values can be specified.
+@end deffn
+
+@c -----------------------------------------------------------------------
+
+@node Displaying BGP information
+@section Displaying BGP information
+
+@menu
+* Showing BGP information::
+* Other BGP commands::
+@end menu
+
+@node Showing BGP information
+@subsection Showing BGP information
@deffn {Command} {show ip bgp} {}
@deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
Total number of prefixes 1
@end example
-@node More Show IP BGP
-@subsection More Show IP BGP
-
@deffn {Command} {show ip bgp regexp @var{line}} {}
-This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}).
+This command displays BGP routes using AS path regular expression
+(@pxref{BGP Regular Expressions}).
@end deffn
@deffn Command {show ip bgp community @var{community}} {}
@deffnx Command {show ip bgp community @var{community} exact-match} {}
-This command display BGP routes using @var{community} (@pxref{Display
+This command displays BGP routes using @var{community} (@pxref{Display
BGP Routes by Community}).
@end deffn
@deffn Command {show ip bgp community-list @var{word}} {}
@deffnx Command {show ip bgp community-list @var{word} exact-match} {}
-This command display BGP routes using community list (@pxref{Display
+This command displays BGP routes using community list (@pxref{Display
BGP Routes by Community}).
@end deffn
-@deffn {Command} {show ip bgp summary} {}
+@deffn {Command} {show bgp @{ipv4|ipv6@} summary} {}
+Show a bgp peer summary for the specified address family.
@end deffn
-@deffn {Command} {show ip bgp neighbor [@var{peer}]} {}
+@deffn {Command} {show bgp @{ipv4|ipv6@} neighbor [@var{peer}]} {}
+This command shows information on a specific BGP @var{peer}.
@end deffn
-@deffn {Command} {clear ip bgp @var{peer}} {}
-Clear peers which have addresses of X.X.X.X
+@deffn {Command} {show bgp @{ipv4|ipv6@} dampening dampened-paths} {}
+Display paths suppressed due to dampening.
@end deffn
-@deffn {Command} {clear ip bgp @var{peer} soft in} {}
-Clear peer using soft reconfiguration.
+@deffn {Command} {show bgp @{ipv4|ipv6@} dampening flap-statistics} {}
+Display flap statistics of routes.
+@end deffn
+
+@node Other BGP commands
+@subsection Other BGP commands
+
+@deffn {Command} {clear bgp @{ipv4|ipv6@} *} {}
+Clear all address family peers.
@end deffn
-@deffn {Command} {show ip bgp dampened-paths} {}
-Display paths suppressed due to dampening
+@deffn {Command} {clear bgp @{ipv4|ipv6@} @var{peer}} {}
+Clear peers which have addresses of X.X.X.X
@end deffn
-@deffn {Command} {show ip bgp flap-statistics} {}
-Display flap statistics of routes
+@deffn {Command} {clear bgp @{ipv4|ipv6@} @var{peer} soft in} {}
+Clear peer using soft reconfiguration.
@end deffn
@deffn {Command} {show debug} {}
!
router bgp 1
neighbor 10.0.0.1 remote-as 1
- no neighbor 10.0.0.1 send-community
+ address-family ipv4 unicast
+ no neighbor 10.0.0.1 send-community
+ exit-address-family
!
router bgp 1
neighbor 10.0.0.1 remote-as 1
- neighbor 10.0.0.1 send-community
+ address-family ipv4 unicast
+ neighbor 10.0.0.1 send-community
+ exit-address-family
!
@end example
!
router bgp 1 view 1
neighbor 10.0.0.1 remote-as 2
- neighbor 10.0.0.1 distribute-list 1 in
+ address-family ipv4 unicast
+ neighbor 10.0.0.1 distribute-list 1 in
+ exit-address-family
!
router bgp 1 view 2
neighbor 10.0.0.1 remote-as 2
- neighbor 10.0.0.1 distribute-list 2 in
+ address-family ipv4 unicast
+ neighbor 10.0.0.1 distribute-list 2 in
+ exit-address-family
@end group
@end example
Display routing table of BGP view @var{name}.
@end deffn
+@node BGP Regular Expressions
+@section BGP Regular Expressions
+
+BGP regular expressions are based on @code{POSIX 1003.2} regular
+expressions. The following description is just a quick subset of the
+@code{POSIX} regular expressions. Adding to that, the special character
+'_' is added.
+
+@table @code
+@item .
+Matches any single character.
+@item *
+Matches 0 or more occurrences of pattern.
+@item +
+Matches 1 or more occurrences of pattern.
+@item ?
+Match 0 or 1 occurrences of pattern.
+@item ^
+Matches the beginning of the line.
+@item $
+Matches the end of the line.
+@item _
+Character @code{_} has special meanings in BGP regular expressions.
+It matches to space and comma , and AS set delimiter @{ and @} and AS
+confederation delimiter @code{(} and @code{)}. And it also matches to
+the beginning of the line and the end of the line. So @code{_} can be
+used for AS value boundaries match. This character technically evaluates
+to @code{(^|[,@{@}() ]|$)}.
+@end table
+
@node How to set up a 6-Bone connection
@section How to set up a 6-Bone connection
@example
router bgp 64512
bgp router-id 10.236.87.1
- network 10.236.87.0/24
neighbor upstream peer-group
neighbor upstream remote-as 64515
neighbor upstream capability dynamic
- neighbor upstream prefix-list pl-allowed-adv out
neighbor 10.1.1.1 peer-group upstream
neighbor 10.1.1.1 description ACME ISP
+
+ address-family ipv4 unicast
+ network 10.236.87.0/24
+ neighbor upstream prefix-list pl-allowed-adv out
+ exit-address-family
!
ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
ip prefix-list pl-allowed-adv seq 10 deny any
@example
router bgp 64512
bgp router-id 10.236.87.1
- network 10.123.456.0/24
- network 10.123.456.128/25 route-map rm-no-export
neighbor upstream capability dynamic
- neighbor upstream route-map rm-upstream-out out
neighbor cust capability dynamic
- neighbor cust route-map rm-cust-in in
- neighbor cust route-map rm-cust-out out
- neighbor cust send-community both
neighbor peer capability dynamic
- neighbor peer route-map rm-peer-in in
- neighbor peer route-map rm-peer-out out
- neighbor peer send-community both
neighbor 10.1.1.1 remote-as 64515
neighbor 10.1.1.1 peer-group upstream
neighbor 10.2.1.1 remote-as 64516
neighbor 10.3.1.1 remote-as 64517
neighbor 10.3.1.1 peer-group cust-default
neighbor 10.3.1.1 description customer1
- neighbor 10.3.1.1 prefix-list pl-cust1-network in
neighbor 10.4.1.1 remote-as 64518
neighbor 10.4.1.1 peer-group cust
- neighbor 10.4.1.1 prefix-list pl-cust2-network in
neighbor 10.4.1.1 description customer2
neighbor 10.5.1.1 remote-as 64519
neighbor 10.5.1.1 peer-group peer
- neighbor 10.5.1.1 prefix-list pl-peer1-network in
neighbor 10.5.1.1 description peer AS 1
neighbor 10.6.1.1 remote-as 64520
neighbor 10.6.1.1 peer-group peer
- neighbor 10.6.1.1 prefix-list pl-peer2-network in
neighbor 10.6.1.1 description peer AS 2
+
+ address-family ipv4 unicast
+ network 10.123.456.0/24
+ network 10.123.456.128/25 route-map rm-no-export
+ neighbor upstream route-map rm-upstream-out out
+ neighbor cust route-map rm-cust-in in
+ neighbor cust route-map rm-cust-out out
+ neighbor cust send-community both
+ neighbor peer route-map rm-peer-in in
+ neighbor peer route-map rm-peer-out out
+ neighbor peer send-community both
+ neighbor 10.3.1.1 prefix-list pl-cust1-network in
+ neighbor 10.4.1.1 prefix-list pl-cust2-network in
+ neighbor 10.5.1.1 prefix-list pl-peer1-network in
+ neighbor 10.6.1.1 prefix-list pl-peer2-network in
+ exit-address-family
!
ip prefix-list pl-default permit 0.0.0.0/0
!
route-map rm-peer-in permit 10
set community additive 64512:3200
@end example
+
+@include rpki.texi