]>
Commit | Line | Data |
---|---|---|
9e146a81 QY |
1 | .. _configuring-frr-as-a-route-server: |
2 | ||
3 | Configuring FRR as a Route Server | |
4 | ================================= | |
5 | ||
6 | The purpose of a Route Server is to centralize the peerings between BGP | |
7 | speakers. For example if we have an exchange point scenario with four BGP | |
8 | speakers, each of which maintaining a BGP peering with the other three | |
9 | (:ref:`fig-topologies-full`), we can convert it into a centralized scenario where | |
10 | each of the four establishes a single BGP peering against the Route Server | |
11 | (:ref:`fig-topologies-rs`). | |
12 | ||
13 | We will first describe briefly the Route Server model implemented by FRR. | |
14 | We will explain the commands that have been added for configuring that | |
15 | model. And finally we will show a full example of FRR configured as Route | |
16 | Server. | |
17 | ||
18 | .. _description-of-the-route-server-model: | |
19 | ||
20 | Description of the Route Server model | |
21 | ------------------------------------- | |
22 | ||
23 | First we are going to describe the normal processing that BGP announcements | |
24 | suffer inside a standard BGP speaker, as shown in :ref:`fig-normal-processing`, | |
25 | it consists of three steps: | |
26 | ||
27 | - When an announcement is received from some peer, the `In` filters configured | |
28 | for that peer are applied to the announcement. These filters can reject the | |
29 | announcement, accept it unmodified, or accept it with some of its attributes | |
30 | modified. | |
31 | ||
32 | - The announcements that pass the `In` filters go into the Best Path Selection | |
33 | process, where they are compared to other announcements referred to the same | |
34 | destination that have been received from different peers (in case such other | |
35 | announcements exist). For each different destination, the announcement which | |
36 | is selected as the best is inserted into the BGP speaker's Loc-RIB. | |
37 | ||
38 | - The routes which are inserted in the Loc-RIB are considered for announcement | |
39 | to all the peers (except the one from which the route came). This is done by | |
40 | passing the routes in the Loc-RIB through the `Out` filters corresponding to | |
41 | each peer. These filters can reject the route, accept it unmodified, or | |
42 | accept it with some of its attributes modified. Those routes which are | |
43 | accepted by the `Out` filters of a peer are announced to that peer. | |
44 | ||
45 | .. _fig-normal-processing: | |
6ee602cd | 46 | |
9e146a81 QY |
47 | .. figure:: ../figures/fig-normal-processing.png |
48 | :alt: Normal announcement processing | |
49 | :align: center | |
50 | ||
51 | Announcement processing inside a 'normal' BGP speaker | |
52 | ||
53 | .. _fig-topologies-full: | |
6ee602cd | 54 | |
9e146a81 QY |
55 | .. figure:: ../figures/fig_topologies_full.png |
56 | :alt: Full Mesh BGP Topology | |
57 | :align: center | |
58 | ||
59 | Full Mesh | |
60 | ||
61 | .. _fig-topologies-rs: | |
6ee602cd | 62 | |
9e146a81 QY |
63 | .. figure:: ../figures/fig_topologies_rs.png |
64 | :alt: Route Server BGP Topology | |
65 | :align: center | |
66 | ||
67 | Route server and clients | |
68 | ||
69 | Of course we want that the routing tables obtained in each of the routers are | |
70 | the same when using the route server than when not. But as a consequence of | |
71 | having a single BGP peering (against the route server), the BGP speakers can no | |
72 | longer distinguish from/to which peer each announce comes/goes. | |
73 | ||
74 | .. _filter-delegation: | |
6ee602cd | 75 | |
9e146a81 QY |
76 | This means that the routers connected to the route server are not able to apply |
77 | by themselves the same input/output filters as in the full mesh scenario, so | |
78 | they have to delegate those functions to the route server. | |
79 | ||
80 | Even more, the 'best path' selection must be also performed inside the route | |
81 | server on behalf of its clients. The reason is that if, after applying the | |
82 | filters of the announcer and the (potential) receiver, the route server decides | |
83 | to send to some client two or more different announcements referred to the same | |
84 | destination, the client will only retain the last one, considering it as an | |
85 | implicit withdrawal of the previous announcements for the same destination. | |
86 | This is the expected behavior of a BGP speaker as defined in :rfc:`1771`, | |
87 | and even though there are some proposals of mechanisms that permit multiple | |
88 | paths for the same destination to be sent through a single BGP peering, none | |
89 | are currently supported by most existing BGP implementations. | |
90 | ||
91 | As a consequence a route server must maintain additional information and | |
92 | perform additional tasks for a RS-client that those necessary for common BGP | |
93 | peerings. Essentially a route server must: | |
94 | ||
95 | .. _route-server-tasks: | |
96 | ||
97 | - Maintain a separated Routing Information Base (Loc-RIB) | |
98 | for each peer configured as RS-client, containing the routes | |
99 | selected as a result of the 'Best Path Selection' process | |
100 | that is performed on behalf of that RS-client. | |
101 | ||
102 | - Whenever it receives an announcement from a RS-client, | |
103 | it must consider it for the Loc-RIBs of the other RS-clients. | |
104 | ||
105 | - This means that for each of them the route server must pass the | |
106 | announcement through the appropriate `Out` filter of the | |
107 | announcer. | |
108 | ||
109 | - Then through the appropriate `In` filter of the potential receiver. | |
110 | ||
111 | - Only if the announcement is accepted by both filters it will be passed | |
112 | to the 'Best Path Selection' process. | |
113 | ||
114 | - Finally, it might go into the Loc-RIB of the receiver. | |
115 | ||
116 | When we talk about the 'appropriate' filter, both the announcer and the | |
117 | receiver of the route must be taken into account. Suppose that the route server | |
118 | receives an announcement from client A, and the route server is considering it | |
119 | for the Loc-RIB of client B. The filters that should be applied are the same | |
120 | that would be used in the full mesh scenario, i.e., first the `Out` filter of | |
121 | router A for announcements going to router B, and then the `In` filter of | |
122 | router B for announcements coming from router A. | |
123 | ||
124 | We call 'Export Policy' of a RS-client to the set of `Out` filters that the | |
125 | client would use if there was no route server. The same applies for the 'Import | |
126 | Policy' of a RS-client and the set of `In` filters of the client if there was | |
127 | no route server. | |
128 | ||
129 | It is also common to demand from a route server that it does not modify some | |
130 | BGP attributes (next-hop, as-path and MED) that are usually modified by | |
131 | standard BGP speakers before announcing a route. | |
132 | ||
d1e7591e | 133 | The announcement processing model implemented by FRR is shown in |
9e146a81 QY |
134 | :ref:`fig-rs-processing`. The figure shows a mixture of RS-clients (B, C and D) |
135 | with normal BGP peers (A). There are some details that worth additional | |
136 | comments: | |
137 | ||
138 | - Announcements coming from a normal BGP peer are also considered for the | |
139 | Loc-RIBs of all the RS-clients. But logically they do not pass through any | |
140 | export policy. | |
141 | ||
142 | - Those peers that are configured as RS-clients do not receive any announce | |
143 | from the `Main` Loc-RIB. | |
144 | ||
145 | - Apart from import and export policies, `In` and `Out` filters can also be set | |
146 | for RS-clients. `In` filters might be useful when the route server has also | |
147 | normal BGP peers. On the other hand, `Out` filters for RS-clients are | |
148 | probably unnecessary, but we decided not to remove them as they do not hurt | |
149 | anybody (they can always be left empty). | |
150 | ||
151 | .. _fig-rs-processing: | |
152 | .. figure:: ../figures/fig-rs-processing.png | |
153 | :align: center | |
154 | :alt: Route Server Processing Model | |
155 | ||
156 | Announcement processing model implemented by the Route Server | |
157 | ||
158 | .. _commands-for-configuring-a-route-server: | |
159 | ||
160 | Commands for configuring a Route Server | |
161 | --------------------------------------- | |
162 | ||
163 | Now we will describe the commands that have been added to frr | |
164 | in order to support the route server features. | |
165 | ||
9e146a81 QY |
166 | .. clicmd:: neighbor PEER-GROUP route-server-client |
167 | ||
9e146a81 QY |
168 | .. clicmd:: neighbor A.B.C.D route-server-client |
169 | ||
9e146a81 QY |
170 | .. clicmd:: neighbor X:X::X:X route-server-client |
171 | ||
172 | This command configures the peer given by `peer`, `A.B.C.D` or `X:X::X:X` as | |
173 | an RS-client. | |
174 | ||
d1e7591e | 175 | Actually this command is not new, it already existed in standard FRR. It |
9e146a81 QY |
176 | enables the transparent mode for the specified peer. This means that some |
177 | BGP attributes (as-path, next-hop and MED) of the routes announced to that | |
178 | peer are not modified. | |
179 | ||
180 | With the route server patch, this command, apart from setting the | |
181 | transparent mode, creates a new Loc-RIB dedicated to the specified peer | |
182 | (those named `Loc-RIB for X` in :ref:`fig-rs-processing`.). Starting from | |
183 | that moment, every announcement received by the route server will be also | |
184 | considered for the new Loc-RIB. | |
185 | ||
e007d49e | 186 | .. clicmd:: neigbor A.B.C.D|X.X::X.X|peer-group route-map WORD in|out |
9e146a81 QY |
187 | |
188 | This set of commands can be used to specify the route-map that represents | |
189 | the Import or Export policy of a peer which is configured as a RS-client | |
190 | (with the previous command). | |
191 | ||
9e146a81 QY |
192 | .. clicmd:: match peer A.B.C.D|X:X::X:X |
193 | ||
194 | This is a new *match* statement for use in route-maps, enabling them to | |
195 | describe import/export policies. As we said before, an import/export policy | |
196 | represents a set of input/output filters of the RS-client. This statement | |
197 | makes possible that a single route-map represents the full set of filters | |
198 | that a BGP speaker would use for its different peers in a non-RS scenario. | |
199 | ||
200 | The *match peer* statement has different semantics whether it is used inside | |
201 | an import or an export route-map. In the first case the statement matches if | |
202 | the address of the peer who sends the announce is the same that the address | |
203 | specified by {A.B.C.D|X:X::X:X}. For export route-maps it matches when | |
204 | {A.B.C.D|X:X::X:X} is the address of the RS-Client into whose Loc-RIB the | |
205 | announce is going to be inserted (how the same export policy is applied | |
206 | before different Loc-RIBs is shown in :ref:`fig-rs-processing`.). | |
207 | ||
9e146a81 QY |
208 | .. clicmd:: call WORD |
209 | ||
210 | This command (also used inside a route-map) jumps into a different | |
211 | route-map, whose name is specified by `WORD`. When the called | |
212 | route-map finishes, depending on its result the original route-map | |
213 | continues or not. Apart from being useful for making import/export | |
214 | route-maps easier to write, this command can also be used inside | |
215 | any normal (in or out) route-map. | |
216 | ||
217 | .. _example-of-route-server-configuration: | |
218 | ||
219 | Example of Route Server Configuration | |
220 | ------------------------------------- | |
221 | ||
d1e7591e | 222 | Finally we are going to show how to configure a FRR daemon to act as a |
9e146a81 QY |
223 | Route Server. For this purpose we are going to present a scenario without |
224 | route server, and then we will show how to use the configurations of the BGP | |
225 | routers to generate the configuration of the route server. | |
226 | ||
227 | All the configuration files shown in this section have been taken | |
228 | from scenarios which were tested using the VNUML tool | |
229 | `http://www.dit.upm.es/vnuml,VNUML <http://www.dit.upm.es/vnuml,VNUML>`_. | |
230 | ||
231 | .. _configuration-of-the-bgp-routers-without-route-server: | |
232 | ||
233 | Configuration of the BGP routers without Route Server | |
234 | ----------------------------------------------------- | |
235 | ||
236 | We will suppose that our initial scenario is an exchange point with three | |
237 | BGP capable routers, named RA, RB and RC. Each of the BGP speakers generates | |
238 | some routes (with the `network` command), and establishes BGP peerings | |
239 | against the other two routers. These peerings have In and Out route-maps | |
240 | configured, named like 'PEER-X-IN' or 'PEER-X-OUT'. For example the | |
241 | configuration file for router RA could be the following: | |
242 | ||
9eb95b3b | 243 | .. code-block:: frr |
9e146a81 QY |
244 | |
245 | #Configuration for router 'RA' | |
246 | ! | |
247 | hostname RA | |
248 | password **** | |
249 | ! | |
250 | router bgp 65001 | |
251 | no bgp default ipv4-unicast | |
252 | neighbor 2001:0DB8::B remote-as 65002 | |
253 | neighbor 2001:0DB8::C remote-as 65003 | |
254 | ! | |
255 | address-family ipv6 | |
256 | network 2001:0DB8:AAAA:1::/64 | |
257 | network 2001:0DB8:AAAA:2::/64 | |
258 | network 2001:0DB8:0000:1::/64 | |
259 | network 2001:0DB8:0000:2::/64 | |
260 | neighbor 2001:0DB8::B activate | |
261 | neighbor 2001:0DB8::B soft-reconfiguration inbound | |
262 | neighbor 2001:0DB8::B route-map PEER-B-IN in | |
263 | neighbor 2001:0DB8::B route-map PEER-B-OUT out | |
264 | neighbor 2001:0DB8::C activate | |
265 | neighbor 2001:0DB8::C soft-reconfiguration inbound | |
266 | neighbor 2001:0DB8::C route-map PEER-C-IN in | |
267 | neighbor 2001:0DB8::C route-map PEER-C-OUT out | |
268 | exit-address-family | |
269 | ! | |
270 | ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64 | |
271 | ipv6 prefix-list COMMON-PREFIXES seq 10 deny any | |
272 | ! | |
273 | ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64 | |
274 | ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any | |
275 | ! | |
276 | ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64 | |
277 | ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any | |
278 | ! | |
279 | ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64 | |
280 | ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any | |
281 | ! | |
282 | route-map PEER-B-IN permit 10 | |
283 | match ipv6 address prefix-list COMMON-PREFIXES | |
284 | set metric 100 | |
285 | route-map PEER-B-IN permit 20 | |
286 | match ipv6 address prefix-list PEER-B-PREFIXES | |
287 | set community 65001:11111 | |
288 | ! | |
289 | route-map PEER-C-IN permit 10 | |
290 | match ipv6 address prefix-list COMMON-PREFIXES | |
291 | set metric 200 | |
292 | route-map PEER-C-IN permit 20 | |
293 | match ipv6 address prefix-list PEER-C-PREFIXES | |
294 | set community 65001:22222 | |
295 | ! | |
296 | route-map PEER-B-OUT permit 10 | |
297 | match ipv6 address prefix-list PEER-A-PREFIXES | |
298 | ! | |
299 | route-map PEER-C-OUT permit 10 | |
300 | match ipv6 address prefix-list PEER-A-PREFIXES | |
301 | ! | |
302 | line vty | |
303 | ! | |
304 | ||
305 | ||
306 | .. _configuration-of-the-bgp-routers-with-route-server: | |
307 | ||
308 | Configuration of the BGP routers with Route Server | |
309 | -------------------------------------------------- | |
310 | ||
311 | To convert the initial scenario into one with route server, first we must | |
312 | modify the configuration of routers RA, RB and RC. Now they must not peer | |
313 | between them, but only with the route server. For example, RA's | |
314 | configuration would turn into: | |
315 | ||
9eb95b3b | 316 | .. code-block:: frr |
9e146a81 | 317 | |
9eb95b3b QY |
318 | # Configuration for router 'RA' |
319 | ! | |
320 | hostname RA | |
321 | password **** | |
322 | ! | |
323 | router bgp 65001 | |
324 | no bgp default ipv4-unicast | |
325 | neighbor 2001:0DB8::FFFF remote-as 65000 | |
326 | ! | |
327 | address-family ipv6 | |
328 | network 2001:0DB8:AAAA:1::/64 | |
329 | network 2001:0DB8:AAAA:2::/64 | |
330 | network 2001:0DB8:0000:1::/64 | |
331 | network 2001:0DB8:0000:2::/64 | |
332 | ||
333 | neighbor 2001:0DB8::FFFF activate | |
334 | neighbor 2001:0DB8::FFFF soft-reconfiguration inbound | |
335 | exit-address-family | |
336 | ! | |
337 | line vty | |
338 | ! | |
9e146a81 QY |
339 | |
340 | ||
341 | Which is logically much simpler than its initial configuration, as it now | |
342 | maintains only one BGP peering and all the filters (route-maps) have | |
343 | disappeared. | |
344 | ||
345 | .. _configuration-of-the-route-server-itself: | |
346 | ||
347 | Configuration of the Route Server itself | |
348 | ---------------------------------------- | |
349 | ||
350 | As we said when we described the functions of a route server | |
351 | (:ref:`description-of-the-route-server-model`), it is in charge of all the | |
352 | route filtering. To achieve that, the In and Out filters from the RA, RB and RC | |
353 | configurations must be converted into Import and Export policies in the route | |
354 | server. | |
355 | ||
356 | This is a fragment of the route server configuration (we only show | |
357 | the policies for client RA): | |
358 | ||
9eb95b3b QY |
359 | .. code-block:: frr |
360 | ||
361 | # Configuration for Route Server ('RS') | |
362 | ! | |
363 | hostname RS | |
364 | password ix | |
365 | ! | |
9eb95b3b QY |
366 | router bgp 65000 view RS |
367 | no bgp default ipv4-unicast | |
368 | neighbor 2001:0DB8::A remote-as 65001 | |
369 | neighbor 2001:0DB8::B remote-as 65002 | |
370 | neighbor 2001:0DB8::C remote-as 65003 | |
371 | ! | |
372 | address-family ipv6 | |
373 | neighbor 2001:0DB8::A activate | |
374 | neighbor 2001:0DB8::A route-server-client | |
e007d49e ME |
375 | neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT in |
376 | neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT out | |
9eb95b3b | 377 | neighbor 2001:0DB8::A soft-reconfiguration inbound |
9e146a81 | 378 | |
9eb95b3b QY |
379 | neighbor 2001:0DB8::B activate |
380 | neighbor 2001:0DB8::B route-server-client | |
e007d49e ME |
381 | neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT in |
382 | neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT out | |
9eb95b3b QY |
383 | neighbor 2001:0DB8::B soft-reconfiguration inbound |
384 | ||
385 | neighbor 2001:0DB8::C activate | |
386 | neighbor 2001:0DB8::C route-server-client | |
e007d49e ME |
387 | neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT in |
388 | neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT out | |
9eb95b3b QY |
389 | neighbor 2001:0DB8::C soft-reconfiguration inbound |
390 | exit-address-family | |
391 | ! | |
392 | ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64 | |
393 | ipv6 prefix-list COMMON-PREFIXES seq 10 deny any | |
394 | ! | |
395 | ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64 | |
396 | ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any | |
397 | ! | |
398 | ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64 | |
399 | ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any | |
400 | ! | |
401 | ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64 | |
402 | ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any | |
403 | ! | |
404 | route-map RSCLIENT-A-IMPORT permit 10 | |
405 | match peer 2001:0DB8::B | |
406 | call A-IMPORT-FROM-B | |
407 | route-map RSCLIENT-A-IMPORT permit 20 | |
408 | match peer 2001:0DB8::C | |
409 | call A-IMPORT-FROM-C | |
410 | ! | |
411 | route-map A-IMPORT-FROM-B permit 10 | |
412 | match ipv6 address prefix-list COMMON-PREFIXES | |
413 | set metric 100 | |
414 | route-map A-IMPORT-FROM-B permit 20 | |
415 | match ipv6 address prefix-list PEER-B-PREFIXES | |
416 | set community 65001:11111 | |
417 | ! | |
418 | route-map A-IMPORT-FROM-C permit 10 | |
419 | match ipv6 address prefix-list COMMON-PREFIXES | |
420 | set metric 200 | |
421 | route-map A-IMPORT-FROM-C permit 20 | |
422 | match ipv6 address prefix-list PEER-C-PREFIXES | |
423 | set community 65001:22222 | |
424 | ! | |
425 | route-map RSCLIENT-A-EXPORT permit 10 | |
426 | match peer 2001:0DB8::B | |
427 | match ipv6 address prefix-list PEER-A-PREFIXES | |
428 | route-map RSCLIENT-A-EXPORT permit 20 | |
429 | match peer 2001:0DB8::C | |
430 | match ipv6 address prefix-list PEER-A-PREFIXES | |
431 | ! | |
432 | ... | |
433 | ... | |
434 | ... | |
9e146a81 QY |
435 | |
436 | ||
437 | If you compare the initial configuration of RA with the route server | |
438 | configuration above, you can see how easy it is to generate the Import and | |
439 | Export policies for RA from the In and Out route-maps of RA's original | |
440 | configuration. | |
441 | ||
442 | When there was no route server, RA maintained two peerings, one with RB and | |
443 | another with RC. Each of this peerings had an In route-map configured. To | |
444 | build the Import route-map for client RA in the route server, simply add | |
445 | route-map entries following this scheme: | |
446 | ||
447 | :: | |
448 | ||
449 | route-map <NAME> permit 10 | |
450 | match peer <Peer Address> | |
451 | call <In Route-Map for this Peer> | |
452 | route-map <NAME> permit 20 | |
453 | match peer <Another Peer Address> | |
454 | call <In Route-Map for this Peer> | |
455 | ||
456 | ||
457 | This is exactly the process that has been followed to generate the route-map | |
458 | RSCLIENT-A-IMPORT. The route-maps that are called inside it (A-IMPORT-FROM-B | |
459 | and A-IMPORT-FROM-C) are exactly the same than the In route-maps from the | |
460 | original configuration of RA (PEER-B-IN and PEER-C-IN), only the name is | |
461 | different. | |
462 | ||
463 | The same could have been done to create the Export policy for RA (route-map | |
464 | RSCLIENT-A-EXPORT), but in this case the original Out route-maps where so | |
465 | simple that we decided not to use the `call WORD` commands, and we | |
466 | integrated all in a single route-map (RSCLIENT-A-EXPORT). | |
467 | ||
468 | The Import and Export policies for RB and RC are not shown, but | |
469 | the process would be identical. | |
470 | ||
471 | Further considerations about Import and Export route-maps | |
472 | --------------------------------------------------------- | |
473 | ||
474 | The current version of the route server patch only allows to specify a | |
475 | route-map for import and export policies, while in a standard BGP speaker | |
476 | apart from route-maps there are other tools for performing input and output | |
477 | filtering (access-lists, community-lists, ...). But this does not represent | |
478 | any limitation, as all kinds of filters can be included in import/export | |
479 | route-maps. For example suppose that in the non-route-server scenario peer | |
480 | RA had the following filters configured for input from peer B: | |
481 | ||
9eb95b3b | 482 | .. code-block:: frr |
9e146a81 QY |
483 | |
484 | neighbor 2001:0DB8::B prefix-list LIST-1 in | |
485 | neighbor 2001:0DB8::B filter-list LIST-2 in | |
486 | neighbor 2001:0DB8::B route-map PEER-B-IN in | |
487 | ... | |
488 | ... | |
489 | route-map PEER-B-IN permit 10 | |
490 | match ipv6 address prefix-list COMMON-PREFIXES | |
491 | set local-preference 100 | |
492 | route-map PEER-B-IN permit 20 | |
493 | match ipv6 address prefix-list PEER-B-PREFIXES | |
494 | set community 65001:11111 | |
495 | ||
496 | ||
d1e7591e QY |
497 | It is possible to write a single route-map which is equivalent to the three |
498 | filters (the community-list, the prefix-list and the route-map). That route-map | |
499 | can then be used inside the Import policy in the route server. Lets see how to | |
500 | do it: | |
9e146a81 | 501 | |
9eb95b3b | 502 | .. code-block:: frr |
9e146a81 | 503 | |
e007d49e | 504 | neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT in |
9e146a81 QY |
505 | ... |
506 | ! | |
507 | ... | |
508 | route-map RSCLIENT-A-IMPORT permit 10 | |
509 | match peer 2001:0DB8::B | |
510 | call A-IMPORT-FROM-B | |
511 | ... | |
512 | ... | |
513 | ! | |
514 | route-map A-IMPORT-FROM-B permit 1 | |
515 | match ipv6 address prefix-list LIST-1 | |
516 | match as-path LIST-2 | |
517 | on-match goto 10 | |
518 | route-map A-IMPORT-FROM-B deny 2 | |
519 | route-map A-IMPORT-FROM-B permit 10 | |
520 | match ipv6 address prefix-list COMMON-PREFIXES | |
521 | set local-preference 100 | |
522 | route-map A-IMPORT-FROM-B permit 20 | |
523 | match ipv6 address prefix-list PEER-B-PREFIXES | |
524 | set community 65001:11111 | |
525 | ! | |
526 | ... | |
527 | ... | |
528 | ||
529 | ||
530 | The route-map A-IMPORT-FROM-B is equivalent to the three filters (LIST-1, | |
531 | LIST-2 and PEER-B-IN). The first entry of route-map A-IMPORT-FROM-B (sequence | |
532 | number 1) matches if and only if both the prefix-list LIST-1 and the | |
533 | filter-list LIST-2 match. If that happens, due to the 'on-match goto 10' | |
534 | statement the next route-map entry to be processed will be number 10, and as of | |
535 | that point route-map A-IMPORT-FROM-B is identical to PEER-B-IN. If the first | |
536 | entry does not match, `on-match goto 10`' will be ignored and the next | |
537 | processed entry will be number 2, which will deny the route. | |
538 | ||
539 | Thus, the result is the same that with the three original filters, i.e., if | |
540 | either LIST-1 or LIST-2 rejects the route, it does not reach the route-map | |
541 | PEER-B-IN. In case both LIST-1 and LIST-2 accept the route, it passes to | |
542 | PEER-B-IN, which can reject, accept or modify the route. |