1: @c -*-texinfo-*-
2: @c This is part of the Quagga Manual.
3: @c @value{COPYRIGHT_STR}
4: @c See file quagga.texi for copying conditions.
5: @node BGP
6: @chapter BGP
7:
8: @acronym{BGP} stands for a Border Gateway Protocol. The lastest BGP version
9: is 4. It is referred as BGP-4. BGP-4 is one of the Exterior Gateway
10: Protocols and de-fact standard of Inter Domain routing protocol.
11: BGP-4 is described in @cite{RFC1771, A Border Gateway Protocol
12: 4 (BGP-4)}.
13:
14: Many extensions have been added to @cite{RFC1771}. @cite{RFC2858,
15: Multiprotocol Extensions for BGP-4} provides multiprotocol support to
16: BGP-4.
17:
18: @menu
19: * Starting BGP::
20: * BGP router::
21: * BGP network::
22: * BGP Peer::
23: * BGP Peer Group::
24: * BGP Address Family::
25: * Autonomous System::
26: * BGP Communities Attribute::
27: * BGP Extended Communities Attribute::
28: * Displaying BGP routes::
29: * Capability Negotiation::
30: * Route Reflector::
31: * Route Server::
32: * How to set up a 6-Bone connection::
33: * Dump BGP packets and table::
34: * BGP Configuration Examples::
35: @end menu
36:
37: @node Starting BGP
38: @section Starting BGP
39:
40: Default configuration file of @command{bgpd} is @file{bgpd.conf}.
41: @command{bgpd} searches the current directory first then
42: @value{INSTALL_PREFIX_ETC}/bgpd.conf. All of bgpd's command must be
43: configured in @file{bgpd.conf}.
44:
45: @command{bgpd} specific invocation options are described below. Common
46: options may also be specified (@pxref{Common Invocation Options}).
47:
48: @table @samp
49: @item -p @var{PORT}
50: @itemx --bgp_port=@var{PORT}
51: Set the bgp protocol's port number.
52:
53: @item -r
54: @itemx --retain
55: When program terminates, retain BGP routes added by zebra.
56: @end table
57:
58: @node BGP router
59: @section BGP router
60:
61: First of all you must configure BGP router with @command{router bgp}
62: command. To configure BGP router, you need AS number. AS number is an
63: identification of autonomous system. BGP protocol uses the AS number
64: for detecting whether the BGP connection is internal one or external one.
65:
66: @deffn Command {router bgp @var{asn}} {}
67: Enable a BGP protocol process with the specified @var{asn}. After
68: this statement you can input any @code{BGP Commands}. You can not
69: create different BGP process under different @var{asn} without
70: specifying @code{multiple-instance} (@pxref{Multiple instance}).
71: @end deffn
72:
73: @deffn Command {no router bgp @var{asn}} {}
74: Destroy a BGP protocol process with the specified @var{asn}.
75: @end deffn
76:
77: @deffn {BGP} {bgp router-id @var{A.B.C.D}} {}
78: This command specifies the router-ID. If @command{bgpd} connects to @command{zebra} it gets
79: interface and address information. In that case default router ID value
80: is selected as the largest IP Address of the interfaces. When
81: @code{router zebra} is not enabled @command{bgpd} can't get interface information
82: so @code{router-id} is set to 0.0.0.0. So please set router-id by hand.
83: @end deffn
84:
85: @menu
86: * BGP distance::
87: * BGP decision process::
88: * BGP route flap dampening::
89: @end menu
90:
91: @node BGP distance
92: @subsection BGP distance
93:
94: @deffn {BGP} {distance bgp <1-255> <1-255> <1-255>} {}
95: This command change distance value of BGP. Each argument is distance
96: value for external routes, internal routes and local routes.
97: @end deffn
98:
99: @deffn {BGP} {distance <1-255> @var{A.B.C.D/M}} {}
100: @deffnx {BGP} {distance <1-255> @var{A.B.C.D/M} @var{word}} {}
101: This command set distance value to
102: @end deffn
103:
104: @node BGP decision process
105: @subsection BGP decision process
106:
107: @table @asis
108: @item 1. Weight check
109:
110: @item 2. Local preference check.
111:
112: @item 3. Local route check.
113:
114: @item 4. AS path length check.
115:
116: @item 5. Origin check.
117:
118: @item 6. MED check.
119: @end table
120:
121: @deffn {BGP} {bgp bestpath as-path confed} {}
122: This command specifies that the length of confederation path sets and
123: sequences should should be taken into account during the BGP best path
124: decision process.
125: @end deffn
126:
127: @node BGP route flap dampening
128: @subsection BGP route flap dampening
129:
130: @deffn {BGP} {bgp dampening @var{<1-45>} @var{<1-20000>} @var{<1-20000>} @var{<1-255>}} {}
131: This command enables BGP route-flap dampening and specifies dampening parameters.
132:
133: @table @asis
134: @item @asis{half-life}
135: Half-life time for the penalty
136: @item @asis{reuse-threshold}
137: Value to start reusing a route
138: @item @asis{suppress-threshold}
139: Value to start suppressing a route
140: @item @asis{max-suppress}
141: Maximum duration to suppress a stable route
142: @end table
143:
144: The route-flap damping algorithm is compatible with @cite{RFC2439}. The use of this command
145: is not recommended nowadays, see @uref{http://www.ripe.net/ripe/docs/ripe-378,,RIPE-378}.
146: @end deffn
147:
148: @node BGP network
149: @section BGP network
150:
151: @menu
152: * BGP route::
153: * Route Aggregation::
154: * Redistribute to BGP::
155: @end menu
156:
157: @node BGP route
158: @subsection BGP route
159:
160: @deffn {BGP} {network @var{A.B.C.D/M}} {}
161: This command adds the announcement network.
162: @example
163: @group
164: router bgp 1
165: network 10.0.0.0/8
166: @end group
167: @end example
168: This configuration example says that network 10.0.0.0/8 will be
169: announced to all neighbors. Some vendors' routers don't advertise
170: routes if they aren't present in their IGP routing tables; @code{bgpd}
171: doesn't care about IGP routes when announcing its routes.
172: @end deffn
173:
174: @deffn {BGP} {no network @var{A.B.C.D/M}} {}
175: @end deffn
176:
177: @node Route Aggregation
178: @subsection Route Aggregation
179:
180: @deffn {BGP} {aggregate-address @var{A.B.C.D/M}} {}
181: This command specifies an aggregate address.
182: @end deffn
183:
184: @deffn {BGP} {aggregate-address @var{A.B.C.D/M} as-set} {}
185: This command specifies an aggregate address. Resulting routes inlucde
186: AS set.
187: @end deffn
188:
189: @deffn {BGP} {aggregate-address @var{A.B.C.D/M} summary-only} {}
190: This command specifies an aggregate address. Aggreated routes will
191: not be announce.
192: @end deffn
193:
194: @deffn {BGP} {no aggregate-address @var{A.B.C.D/M}} {}
195: @end deffn
196:
197: @node Redistribute to BGP
198: @subsection Redistribute to BGP
199:
200: @deffn {BGP} {redistribute kernel} {}
201: Redistribute kernel route to BGP process.
202: @end deffn
203:
204: @deffn {BGP} {redistribute static} {}
205: Redistribute static route to BGP process.
206: @end deffn
207:
208: @deffn {BGP} {redistribute connected} {}
209: Redistribute connected route to BGP process.
210: @end deffn
211:
212: @deffn {BGP} {redistribute rip} {}
213: Redistribute RIP route to BGP process.
214: @end deffn
215:
216: @deffn {BGP} {redistribute ospf} {}
217: Redistribute OSPF route to BGP process.
218: @end deffn
219:
220: @node BGP Peer
221: @section BGP Peer
222:
223: @menu
224: * Defining Peer::
225: * BGP Peer commands::
226: * Peer filtering::
227: @end menu
228:
229: @node Defining Peer
230: @subsection Defining Peer
231:
232: @deffn {BGP} {neighbor @var{peer} remote-as @var{asn}} {}
233: Creates a new neighbor whose remote-as is @var{asn}. @var{peer}
234: can be an IPv4 address or an IPv6 address.
235: @example
236: @group
237: router bgp 1
238: neighbor 10.0.0.1 remote-as 2
239: @end group
240: @end example
241: In this case my router, in AS-1, is trying to peer with AS-2 at
242: 10.0.0.1.
243:
244: This command must be the first command used when configuring a neighbor.
245: If the remote-as is not specified, @command{bgpd} will complain like this:
246: @example
247: can't find neighbor 10.0.0.1
248: @end example
249: @end deffn
250:
251: @node BGP Peer commands
252: @subsection BGP Peer commands
253:
254: In a @code{router bgp} clause there are neighbor specific configurations
255: required.
256:
257: @deffn {BGP} {neighbor @var{peer} shutdown} {}
258: @deffnx {BGP} {no neighbor @var{peer} shutdown} {}
259: Shutdown the peer. We can delete the neighbor's configuration by
260: @code{no neighbor @var{peer} remote-as @var{as-number}} but all
261: configuration of the neighbor will be deleted. When you want to
262: preserve the configuration, but want to drop the BGP peer, use this
263: syntax.
264: @end deffn
265:
266: @deffn {BGP} {neighbor @var{peer} ebgp-multihop} {}
267: @deffnx {BGP} {no neighbor @var{peer} ebgp-multihop} {}
268: @end deffn
269:
270: @deffn {BGP} {neighbor @var{peer} description ...} {}
271: @deffnx {BGP} {no neighbor @var{peer} description ...} {}
272: Set description of the peer.
273: @end deffn
274:
275: @deffn {BGP} {neighbor @var{peer} version @var{version}} {}
276: Set up the neighbor's BGP version. @var{version} can be @var{4},
277: @var{4+} or @var{4-}. BGP version @var{4} is the default value used for
278: BGP peering. BGP version @var{4+} means that the neighbor supports
279: Multiprotocol Extensions for BGP-4. BGP version @var{4-} is similar but
280: the neighbor speaks the old Internet-Draft revision 00's Multiprotocol
281: Extensions for BGP-4. Some routing software is still using this
282: version.
283: @end deffn
284:
285: @deffn {BGP} {neighbor @var{peer} interface @var{ifname}} {}
286: @deffnx {BGP} {no neighbor @var{peer} interface @var{ifname}} {}
287: When you connect to a BGP peer over an IPv6 link-local address, you
288: have to specify the @var{ifname} of the interface used for the
289: connection. To specify IPv4 session addresses, see the
290: @code{neighbor @var{peer} update-source} command below.
291:
292: This command is deprecated and may be removed in a future release. Its
293: use should be avoided.
294: @end deffn
295:
296: @deffn {BGP} {neighbor @var{peer} next-hop-self} {}
297: @deffnx {BGP} {no neighbor @var{peer} next-hop-self} {}
298: This command specifies an announced route's nexthop as being equivalent
299: to the address of the bgp router.
300: @end deffn
301:
302: @deffn {BGP} {neighbor @var{peer} update-source @var{<ifname|address>}} {}
303: @deffnx {BGP} {no neighbor @var{peer} update-source} {}
304: Specify the IPv4 source address to use for the @acronym{BGP} session to this
305: neighbour, may be specified as either an IPv4 address directly or
306: as an interface name (in which case the @command{zebra} daemon MUST be running
307: in order for @command{bgpd} to be able to retrieve interface state).
308: @example
309: @group
310: router bgp 64555
311: neighbor foo update-source 192.168.0.1
312: neighbor bar update-source lo0
313: @end group
314: @end example
315: @end deffn
316:
317: @deffn {BGP} {neighbor @var{peer} default-originate} {}
318: @deffnx {BGP} {no neighbor @var{peer} default-originate} {}
319: @command{bgpd}'s default is to not announce the default route (0.0.0.0/0) even it
320: is in routing table. When you want to announce default routes to the
321: peer, use this command.
322: @end deffn
323:
324: @deffn {BGP} {neighbor @var{peer} port @var{port}} {}
325: @deffnx {BGP} {neighbor @var{peer} port @var{port}} {}
326: @end deffn
327:
328: @deffn {BGP} {neighbor @var{peer} send-community} {}
329: @deffnx {BGP} {neighbor @var{peer} send-community} {}
330: @end deffn
331:
332: @deffn {BGP} {neighbor @var{peer} weight @var{weight}} {}
333: @deffnx {BGP} {no neighbor @var{peer} weight @var{weight}} {}
334: This command specifies a default @var{weight} value for the neighbor's
335: routes.
336: @end deffn
337:
338: @deffn {BGP} {neighbor @var{peer} maximum-prefix @var{number}} {}
339: @deffnx {BGP} {no neighbor @var{peer} maximum-prefix @var{number}} {}
340: @end deffn
341:
342: @deffn {BGP} {neighbor @var{peer} local-as @var{as-number}} {}
343: @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend} {}
344: @deffnx {BGP} {neighbor @var{peer} local-as @var{as-number} no-prepend replace-as} {}
345: @deffnx {BGP} {no neighbor @var{peer} local-as} {}
346: Specify an alternate AS for this BGP process when interacting with the
347: specified peer. With no modifiers, the specified local-as is prepended to
348: the received AS_PATH when receiving routing updates from the peer, and
349: prepended to the outgoing AS_PATH (after the process local AS) when
350: transmitting local routes to the peer.
351:
352: If the no-prepend attribute is specified, then the supplied local-as is not
353: prepended to the received AS_PATH.
354:
355: If the replace-as attribute is specified, then only the supplied local-as is
356: prepended to the AS_PATH when transmitting local-route updates to this peer.
357:
358: Note that replace-as can only be specified if no-prepend is.
359:
360: This command is only allowed for eBGP peers.
361: @end deffn
362:
363: @node Peer filtering
364: @subsection Peer filtering
365:
366: @deffn {BGP} {neighbor @var{peer} distribute-list @var{name} [in|out]} {}
367: This command specifies a distribute-list for the peer. @var{direct} is
368: @samp{in} or @samp{out}.
369: @end deffn
370:
371: @deffn {BGP command} {neighbor @var{peer} prefix-list @var{name} [in|out]} {}
372: @end deffn
373:
374: @deffn {BGP command} {neighbor @var{peer} filter-list @var{name} [in|out]} {}
375: @end deffn
376:
377: @deffn {BGP} {neighbor @var{peer} route-map @var{name} [in|out]} {}
378: Apply a route-map on the neighbor. @var{direct} must be @code{in} or
379: @code{out}.
380: @end deffn
381:
382: @c -----------------------------------------------------------------------
383: @node BGP Peer Group
384: @section BGP Peer Group
385:
386: @deffn {BGP} {neighbor @var{word} peer-group} {}
387: This command defines a new peer group.
388: @end deffn
389:
390: @deffn {BGP} {neighbor @var{peer} peer-group @var{word}} {}
391: This command bind specific peer to peer group @var{word}.
392: @end deffn
393:
394: @node BGP Address Family
395: @section BGP Address Family
396:
397: @c -----------------------------------------------------------------------
398: @node Autonomous System
399: @section Autonomous System
400:
401: The @acronym{AS,Autonomous System} number is one of the essential
402: element of BGP. BGP is a distance vector routing protocol, and the
403: AS-Path framework provides distance vector metric and loop detection to
404: BGP. @cite{RFC1930, Guidelines for creation, selection, and
405: registration of an Autonomous System (AS)} provides some background on
406: the concepts of an AS.
407:
408: The AS number is a two octet value, ranging in value from 1 to 65535.
409: The AS numbers 64512 through 65535 are defined as private AS numbers.
410: Private AS numbers must not to be advertised in the global Internet.
411:
412: @menu
413: * AS Path Regular Expression::
414: * Display BGP Routes by AS Path::
415: * AS Path Access List::
416: * Using AS Path in Route Map::
417: * Private AS Numbers::
418: @end menu
419:
420: @node AS Path Regular Expression
421: @subsection AS Path Regular Expression
422:
423: AS path regular expression can be used for displaying BGP routes and
424: AS path access list. AS path regular expression is based on
425: @code{POSIX 1003.2} regular expressions. Following description is
426: just a subset of @code{POSIX} regular expression. User can use full
427: @code{POSIX} regular expression. Adding to that special character '_'
428: is added for AS path regular expression.
429:
430: @table @code
431: @item .
432: Matches any single character.
433: @item *
434: Matches 0 or more occurrences of pattern.
435: @item +
436: Matches 1 or more occurrences of pattern.
437: @item ?
438: Match 0 or 1 occurrences of pattern.
439: @item ^
440: Matches the beginning of the line.
441: @item $
442: Matches the end of the line.
443: @item _
444: Character @code{_} has special meanings in AS path regular expression.
445: It matches to space and comma , and AS set delimiter @{ and @} and AS
446: confederation delimiter @code{(} and @code{)}. And it also matches to
447: the beginning of the line and the end of the line. So @code{_} can be
448: used for AS value boundaries match. @code{show ip bgp regexp _7675_}
449: matches to all of BGP routes which as AS number include @var{7675}.
450: @end table
451:
452: @node Display BGP Routes by AS Path
453: @subsection Display BGP Routes by AS Path
454:
455: To show BGP routes which has specific AS path information @code{show
456: ip bgp} command can be used.
457:
458: @deffn Command {show ip bgp regexp @var{line}} {}
459: This commands display BGP routes that matches AS path regular
460: expression @var{line}.
461: @end deffn
462:
463: @node AS Path Access List
464: @subsection AS Path Access List
465:
466: AS path access list is user defined AS path.
467:
468: @deffn {Command} {ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
469: This command defines a new AS path access list.
470: @end deffn
471:
472: @deffn {Command} {no ip as-path access-list @var{word}} {}
473: @deffnx {Command} {no ip as-path access-list @var{word} @{permit|deny@} @var{line}} {}
474: @end deffn
475:
476: @node Using AS Path in Route Map
477: @subsection Using AS Path in Route Map
478:
479: @deffn {Route Map} {match as-path @var{word}} {}
480: @end deffn
481:
482: @deffn {Route Map} {set as-path prepend @var{as-path}} {}
483: @end deffn
484:
485: @node Private AS Numbers
486: @subsection Private AS Numbers
487:
488: @c -----------------------------------------------------------------------
489: @node BGP Communities Attribute
490: @section BGP Communities Attribute
491:
492: BGP communities attribute is widely used for implementing policy
493: routing. Network operators can manipulate BGP communities attribute
494: based on their network policy. BGP communities attribute is defined
495: in @cite{RFC1997, BGP Communities Attribute} and
496: @cite{RFC1998, An Application of the BGP Community Attribute
497: in Multi-home Routing}. It is an optional transitive attribute,
498: therefore local policy can travel through different autonomous system.
499:
500: Communities attribute is a set of communities values. Each
501: communities value is 4 octet long. The following format is used to
502: define communities value.
503:
504: @table @code
505: @item AS:VAL
506: This format represents 4 octet communities value. @code{AS} is high
507: order 2 octet in digit format. @code{VAL} is low order 2 octet in
508: digit format. This format is useful to define AS oriented policy
509: value. For example, @code{7675:80} can be used when AS 7675 wants to
510: pass local policy value 80 to neighboring peer.
511: @item internet
512: @code{internet} represents well-known communities value 0.
513: @item no-export
514: @code{no-export} represents well-known communities value @code{NO_EXPORT}@*
515: @r{(0xFFFFFF01)}. All routes carry this value must not be advertised
516: to outside a BGP confederation boundary. If neighboring BGP peer is
517: part of BGP confederation, the peer is considered as inside a BGP
518: confederation boundary, so the route will be announced to the peer.
519: @item no-advertise
520: @code{no-advertise} represents well-known communities value
521: @code{NO_ADVERTISE}@*@r{(0xFFFFFF02)}. All routes carry this value
522: must not be advertise to other BGP peers.
523: @item local-AS
524: @code{local-AS} represents well-known communities value
525: @code{NO_EXPORT_SUBCONFED} @r{(0xFFFFFF03)}. All routes carry this
526: value must not be advertised to external BGP peers. Even if the
527: neighboring router is part of confederation, it is considered as
528: external BGP peer, so the route will not be announced to the peer.
529: @end table
530:
531: When BGP communities attribute is received, duplicated communities
532: value in the communities attribute is ignored and each communities
533: values are sorted in numerical order.
534:
535: @menu
536: * BGP Community Lists::
537: * Numbered BGP Community Lists::
538: * BGP Community in Route Map::
539: * Display BGP Routes by Community::
540: * Using BGP Communities Attribute::
541: @end menu
542:
543: @node BGP Community Lists
544: @subsection BGP Community Lists
545:
546: BGP community list is a user defined BGP communites attribute list.
547: BGP community list can be used for matching or manipulating BGP
548: communities attribute in updates.
549:
550: There are two types of community list. One is standard community
551: list and another is expanded community list. Standard community list
552: defines communities attribute. Expanded community list defines
553: communities attribute string with regular expression. Standard
554: community list is compiled into binary format when user define it.
555: Standard community list will be directly compared to BGP communities
556: attribute in BGP updates. Therefore the comparison is faster than
557: expanded community list.
558:
559: @deffn Command {ip community-list standard @var{name} @{permit|deny@} @var{community}} {}
560: This command defines a new standard community list. @var{community}
561: is communities value. The @var{community} is compiled into community
562: structure. We can define multiple community list under same name. In
563: that case match will happen user defined order. Once the
564: community list matches to communities attribute in BGP updates it
565: return permit or deny by the community list definition. When there is
566: no matched entry, deny will be returned. When @var{community} is
567: empty it matches to any routes.
568: @end deffn
569:
570: @deffn Command {ip community-list expanded @var{name} @{permit|deny@} @var{line}} {}
571: This command defines a new expanded community list. @var{line} is a
572: string expression of communities attribute. @var{line} can include
573: regular expression to match communities attribute in BGP updates.
574: @end deffn
575:
576: @deffn Command {no ip community-list @var{name}} {}
577: @deffnx Command {no ip community-list standard @var{name}} {}
578: @deffnx Command {no ip community-list expanded @var{name}} {}
579: These commands delete community lists specified by @var{name}. All of
580: community lists shares a single name space. So community lists can be
581: removed simpley specifying community lists name.
582: @end deffn
583:
584: @deffn {Command} {show ip community-list} {}
585: @deffnx {Command} {show ip community-list @var{name}} {}
586: This command display current community list information. When
587: @var{name} is specified the specified community list's information is
588: shown.
589:
590: @example
591: # show ip community-list
592: Named Community standard list CLIST
593: permit 7675:80 7675:100 no-export
594: deny internet
595: Named Community expanded list EXPAND
596: permit :
597:
598: # show ip community-list CLIST
599: Named Community standard list CLIST
600: permit 7675:80 7675:100 no-export
601: deny internet
602: @end example
603: @end deffn
604:
605: @node Numbered BGP Community Lists
606: @subsection Numbered BGP Community Lists
607:
608: When number is used for BGP community list name, the number has
609: special meanings. Community list number in the range from 1 and 99 is
610: standard community list. Community list number in the range from 100
611: to 199 is expanded community list. These community lists are called
612: as numbered community lists. On the other hand normal community lists
613: is called as named community lists.
614:
615: @deffn Command {ip community-list <1-99> @{permit|deny@} @var{community}} {}
616: This command defines a new community list. <1-99> is standard
617: community list number. Community list name within this range defines
618: standard community list. When @var{community} is empty it matches to
619: any routes.
620: @end deffn
621:
622: @deffn Command {ip community-list <100-199> @{permit|deny@} @var{community}} {}
623: This command defines a new community list. <100-199> is expanded
624: community list number. Community list name within this range defines
625: expanded community list.
626: @end deffn
627:
628: @deffn Command {ip community-list @var{name} @{permit|deny@} @var{community}} {}
629: When community list type is not specifed, the community list type is
630: automatically detected. If @var{community} can be compiled into
631: communities attribute, the community list is defined as a standard
632: community list. Otherwise it is defined as an expanded community
633: list. This feature is left for backward compability. Use of this
634: feature is not recommended.
635: @end deffn
636:
637: @node BGP Community in Route Map
638: @subsection BGP Community in Route Map
639:
640: In Route Map (@pxref{Route Map}), we can match or set BGP
641: communities attribute. Using this feature network operator can
642: implement their network policy based on BGP communities attribute.
643:
644: Following commands can be used in Route Map.
645:
646: @deffn {Route Map} {match community @var{word}} {}
647: @deffnx {Route Map} {match community @var{word} exact-match} {}
648: This command perform match to BGP updates using community list
649: @var{word}. When the one of BGP communities value match to the one of
650: communities value in community list, it is match. When
651: @code{exact-match} keyword is spcified, match happen only when BGP
652: updates have completely same communities value specified in the
653: community list.
654: @end deffn
655:
656: @deffn {Route Map} {set community none} {}
657: @deffnx {Route Map} {set community @var{community}} {}
658: @deffnx {Route Map} {set community @var{community} additive} {}
659: This command manipulate communities value in BGP updates. When
660: @code{none} is specified as communities value, it removes entire
661: communities attribute from BGP updates. When @var{community} is not
662: @code{none}, specified communities value is set to BGP updates. If
663: BGP updates already has BGP communities value, the existing BGP
664: communities value is replaced with specified @var{community} value.
665: When @code{additive} keyword is specified, @var{community} is appended
666: to the existing communities value.
667: @end deffn
668:
669: @deffn {Route Map} {set comm-list @var{word} delete} {}
670: This command remove communities value from BGP communities attribute.
671: The @var{word} is community list name. When BGP route's communities
672: value matches to the community list @var{word}, the communities value
673: is removed. When all of communities value is removed eventually, the
674: BGP update's communities attribute is completely removed.
675: @end deffn
676:
677: @node Display BGP Routes by Community
678: @subsection Display BGP Routes by Community
679:
680: To show BGP routes which has specific BGP communities attribute,
681: @code{show ip bgp} command can be used. The @var{community} value and
682: community list can be used for @code{show ip bgp} command.
683:
684: @deffn Command {show ip bgp community} {}
685: @deffnx Command {show ip bgp community @var{community}} {}
686: @deffnx Command {show ip bgp community @var{community} exact-match} {}
687: @code{show ip bgp community} displays BGP routes which has communities
688: attribute. When @var{community} is specified, BGP routes that matches
689: @var{community} value is displayed. For this command, @code{internet}
690: keyword can't be used for @var{community} value. When
691: @code{exact-match} is specified, it display only routes that have an
692: exact match.
693: @end deffn
694:
695: @deffn Command {show ip bgp community-list @var{word}} {}
696: @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
697: This commands display BGP routes that matches community list
698: @var{word}. When @code{exact-match} is specified, display only routes
699: that have an exact match.
700: @end deffn
701:
702: @node Using BGP Communities Attribute
703: @subsection Using BGP Communities Attribute
704:
705: Following configuration is the most typical usage of BGP communities
706: attribute. AS 7675 provides upstream Internet connection to AS 100.
707: When following configuration exists in AS 7675, AS 100 networks
708: operator can set local preference in AS 7675 network by setting BGP
709: communities attribute to the updates.
710:
711: @example
712: router bgp 7675
713: neighbor 192.168.0.1 remote-as 100
714: neighbor 192.168.0.1 route-map RMAP in
715: !
716: ip community-list 70 permit 7675:70
717: ip community-list 70 deny
718: ip community-list 80 permit 7675:80
719: ip community-list 80 deny
720: ip community-list 90 permit 7675:90
721: ip community-list 90 deny
722: !
723: route-map RMAP permit 10
724: match community 70
725: set local-preference 70
726: !
727: route-map RMAP permit 20
728: match community 80
729: set local-preference 80
730: !
731: route-map RMAP permit 30
732: match community 90
733: set local-preference 90
734: @end example
735:
736: Following configuration announce 10.0.0.0/8 from AS 100 to AS 7675.
737: The route has communities value 7675:80 so when above configuration
738: exists in AS 7675, announced route's local preference will be set to
739: value 80.
740:
741: @example
742: router bgp 100
743: network 10.0.0.0/8
744: neighbor 192.168.0.2 remote-as 7675
745: neighbor 192.168.0.2 route-map RMAP out
746: !
747: ip prefix-list PLIST permit 10.0.0.0/8
748: !
749: route-map RMAP permit 10
750: match ip address prefix-list PLIST
751: set community 7675:80
752: @end example
753:
754: Following configuration is an example of BGP route filtering using
755: communities attribute. This configuration only permit BGP routes
756: which has BGP communities value 0:80 or 0:90. Network operator can
757: put special internal communities value at BGP border router, then
758: limit the BGP routes announcement into the internal network.
759:
760: @example
761: router bgp 7675
762: neighbor 192.168.0.1 remote-as 100
763: neighbor 192.168.0.1 route-map RMAP in
764: !
765: ip community-list 1 permit 0:80 0:90
766: !
767: route-map RMAP permit in
768: match community 1
769: @end example
770:
771: Following exmaple filter BGP routes which has communities value 1:1.
772: When there is no match community-list returns deny. To avoid
773: filtering all of routes, we need to define permit any at last.
774:
775: @example
776: router bgp 7675
777: neighbor 192.168.0.1 remote-as 100
778: neighbor 192.168.0.1 route-map RMAP in
779: !
780: ip community-list standard FILTER deny 1:1
781: ip community-list standard FILTER permit
782: !
783: route-map RMAP permit 10
784: match community FILTER
785: @end example
786:
787: Communities value keyword @code{internet} has special meanings in
788: standard community lists. In below example @code{internet} act as
789: match any. It matches all of BGP routes even if the route does not
790: have communities attribute at all. So community list @code{INTERNET}
791: is same as above example's @code{FILTER}.
792:
793: @example
794: ip community-list standard INTERNET deny 1:1
795: ip community-list standard INTERNET permit internet
796: @end example
797:
798: Following configuration is an example of communities value deletion.
799: With this configuration communities value 100:1 and 100:2 is removed
800: from BGP updates. For communities value deletion, only @code{permit}
801: community-list is used. @code{deny} community-list is ignored.
802:
803: @example
804: router bgp 7675
805: neighbor 192.168.0.1 remote-as 100
806: neighbor 192.168.0.1 route-map RMAP in
807: !
808: ip community-list standard DEL permit 100:1 100:2
809: !
810: route-map RMAP permit 10
811: set comm-list DEL delete
812: @end example
813:
814: @c -----------------------------------------------------------------------
815: @node BGP Extended Communities Attribute
816: @section BGP Extended Communities Attribute
817:
818: BGP extended communities attribute is introduced with MPLS VPN/BGP
819: technology. MPLS VPN/BGP expands capability of network infrastructure
820: to provide VPN functionality. At the same time it requires a new
821: framework for policy routing. With BGP Extended Communities Attribute
822: we can use Route Target or Site of Origin for implementing network
823: policy for MPLS VPN/BGP.
824:
825: BGP Extended Communities Attribute is similar to BGP Communities
826: Attribute. It is an optional transitive attribute. BGP Extended
827: Communities Attribute can carry multiple Extended Community value.
828: Each Extended Community value is eight octet length.
829:
830: BGP Extended Communities Attribute provides an extended range
831: compared with BGP Communities Attribute. Adding to that there is a
832: type field in each value to provides community space structure.
833:
834: There are two format to define Extended Community value. One is AS
835: based format the other is IP address based format.
836:
837: @table @code
838: @item AS:VAL
839: This is a format to define AS based Extended Community value.
840: @code{AS} part is 2 octets Global Administrator subfield in Extended
841: Community value. @code{VAL} part is 4 octets Local Administrator
842: subfield. @code{7675:100} represents AS 7675 policy value 100.
843: @item IP-Address:VAL
844: This is a format to define IP address based Extended Community value.
845: @code{IP-Address} part is 4 octets Global Administrator subfield.
846: @code{VAL} part is 2 octets Local Administrator subfield.
847: @code{10.0.0.1:100} represents
848: @end table
849:
850: @menu
851: * BGP Extended Community Lists::
852: * BGP Extended Communities in Route Map::
853: @end menu
854:
855: @node BGP Extended Community Lists
856: @subsection BGP Extended Community Lists
857:
858: Expanded Community Lists is a user defined BGP Expanded Community
859: Lists.
860:
861: @deffn Command {ip extcommunity-list standard @var{name} @{permit|deny@} @var{extcommunity}} {}
862: This command defines a new standard extcommunity-list.
863: @var{extcommunity} is extended communities value. The
864: @var{extcommunity} is compiled into extended community structure. We
865: can define multiple extcommunity-list under same name. In that case
866: match will happen user defined order. Once the extcommunity-list
867: matches to extended communities attribute in BGP updates it return
868: permit or deny based upon the extcommunity-list definition. When
869: there is no matched entry, deny will be returned. When
870: @var{extcommunity} is empty it matches to any routes.
871: @end deffn
872:
873: @deffn Command {ip extcommunity-list expanded @var{name} @{permit|deny@} @var{line}} {}
874: This command defines a new expanded extcommunity-list. @var{line} is
875: a string expression of extended communities attribute. @var{line} can
876: include regular expression to match extended communities attribute in
877: BGP updates.
878: @end deffn
879:
880: @deffn Command {no ip extcommunity-list @var{name}} {}
881: @deffnx Command {no ip extcommunity-list standard @var{name}} {}
882: @deffnx Command {no ip extcommunity-list expanded @var{name}} {}
883: These commands delete extended community lists specified by
884: @var{name}. All of extended community lists shares a single name
885: space. So extended community lists can be removed simpley specifying
886: the name.
887: @end deffn
888:
889: @deffn {Command} {show ip extcommunity-list} {}
890: @deffnx {Command} {show ip extcommunity-list @var{name}} {}
891: This command display current extcommunity-list information. When
892: @var{name} is specified the community list's information is shown.
893:
894: @example
895: # show ip extcommunity-list
896: @end example
897: @end deffn
898:
899: @node BGP Extended Communities in Route Map
900: @subsection BGP Extended Communities in Route Map
901:
902: @deffn {Route Map} {match extcommunity @var{word}} {}
903: @end deffn
904:
905: @deffn {Route Map} {set extcommunity rt @var{extcommunity}} {}
906: This command set Route Target value.
907: @end deffn
908:
909: @deffn {Route Map} {set extcommunity soo @var{extcommunity}} {}
910: This command set Site of Origin value.
911: @end deffn
912:
913: @c -----------------------------------------------------------------------
914: @node Displaying BGP routes
915: @section Displaying BGP Routes
916:
917: @menu
918: * Show IP BGP::
919: * More Show IP BGP::
920: @end menu
921:
922: @node Show IP BGP
923: @subsection Show IP BGP
924:
925: @deffn {Command} {show ip bgp} {}
926: @deffnx {Command} {show ip bgp @var{A.B.C.D}} {}
927: @deffnx {Command} {show ip bgp @var{X:X::X:X}} {}
928: This command displays BGP routes. When no route is specified it
929: display all of IPv4 BGP routes.
930: @end deffn
931:
932: @example
933: BGP table version is 0, local router ID is 10.1.1.1
934: Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
935: Origin codes: i - IGP, e - EGP, ? - incomplete
936:
937: Network Next Hop Metric LocPrf Weight Path
938: *> 1.1.1.1/32 0.0.0.0 0 32768 i
939:
940: Total number of prefixes 1
941: @end example
942:
943: @node More Show IP BGP
944: @subsection More Show IP BGP
945:
946: @deffn {Command} {show ip bgp regexp @var{line}} {}
947: This command display BGP routes using AS path regular expression (@pxref{Display BGP Routes by AS Path}).
948: @end deffn
949:
950: @deffn Command {show ip bgp community @var{community}} {}
951: @deffnx Command {show ip bgp community @var{community} exact-match} {}
952: This command display BGP routes using @var{community} (@pxref{Display
953: BGP Routes by Community}).
954: @end deffn
955:
956: @deffn Command {show ip bgp community-list @var{word}} {}
957: @deffnx Command {show ip bgp community-list @var{word} exact-match} {}
958: This command display BGP routes using community list (@pxref{Display
959: BGP Routes by Community}).
960: @end deffn
961:
962: @deffn {Command} {show ip bgp summary} {}
963: @end deffn
964:
965: @deffn {Command} {show ip bgp neighbor [@var{peer}]} {}
966: @end deffn
967:
968: @deffn {Command} {clear ip bgp @var{peer}} {}
969: Clear peers which have addresses of X.X.X.X
970: @end deffn
971:
972: @deffn {Command} {clear ip bgp @var{peer} soft in} {}
973: Clear peer using soft reconfiguration.
974: @end deffn
975:
976: @deffn {Command} {show ip bgp dampened-paths} {}
977: Display paths suppressed due to dampening
978: @end deffn
979:
980: @deffn {Command} {show ip bgp flap-statistics} {}
981: Display flap statistics of routes
982: @end deffn
983:
984: @deffn {Command} {show debug} {}
985: @end deffn
986:
987: @deffn {Command} {debug event} {}
988: @end deffn
989:
990: @deffn {Command} {debug update} {}
991: @end deffn
992:
993: @deffn {Command} {debug keepalive} {}
994: @end deffn
995:
996: @deffn {Command} {no debug event} {}
997: @end deffn
998:
999: @deffn {Command} {no debug update} {}
1000: @end deffn
1001:
1002: @deffn {Command} {no debug keepalive} {}
1003: @end deffn
1004:
1005: @node Capability Negotiation
1006: @section Capability Negotiation
1007:
1008: When adding IPv6 routing information exchange feature to BGP. There
1009: were some proposals. @acronym{IETF,Internet Engineering Task Force}
1010: @acronym{IDR, Inter Domain Routing} @acronym{WG, Working group} adopted
1011: a proposal called Multiprotocol Extension for BGP. The specification
1012: is described in @cite{RFC2283}. The protocol does not define new protocols.
1013: It defines new attributes to existing BGP. When it is used exchanging
1014: IPv6 routing information it is called BGP-4+. When it is used for
1015: exchanging multicast routing information it is called MBGP.
1016:
1017: @command{bgpd} supports Multiprotocol Extension for BGP. So if remote
1018: peer supports the protocol, @command{bgpd} can exchange IPv6 and/or
1019: multicast routing information.
1020:
1021: Traditional BGP did not have the feature to detect remote peer's
1022: capabilities, e.g. whether it can handle prefix types other than IPv4
1023: unicast routes. This was a big problem using Multiprotocol Extension
1024: for BGP to operational network. @cite{RFC2842, Capabilities
1025: Advertisement with BGP-4} adopted a feature called Capability
1026: Negotiation. @command{bgpd} use this Capability Negotiation to detect
1027: the remote peer's capabilities. If the peer is only configured as IPv4
1028: unicast neighbor, @command{bgpd} does not send these Capability
1029: Negotiation packets (at least not unless other optional BGP features
1030: require capability negotation).
1031:
1032: By default, Quagga will bring up peering with minimal common capability
1033: for the both sides. For example, local router has unicast and
1034: multicast capabilitie and remote router has unicast capability. In
1035: this case, the local router will establish the connection with unicast
1036: only capability. When there are no common capabilities, Quagga sends
1037: Unsupported Capability error and then resets the connection.
1038:
1039: If you want to completely match capabilities with remote peer. Please
1040: use @command{strict-capability-match} command.
1041:
1042: @deffn {BGP} {neighbor @var{peer} strict-capability-match} {}
1043: @deffnx {BGP} {no neighbor @var{peer} strict-capability-match} {}
1044: Strictly compares remote capabilities and local capabilities. If capabilities
1045: are different, send Unsupported Capability error then reset connection.
1046: @end deffn
1047:
1048: You may want to disable sending Capability Negotiation OPEN message
1049: optional parameter to the peer when remote peer does not implement
1050: Capability Negotiation. Please use @command{dont-capability-negotiate}
1051: command to disable the feature.
1052:
1053: @deffn {BGP} {neighbor @var{peer} dont-capability-negotiate} {}
1054: @deffnx {BGP} {no neighbor @var{peer} dont-capability-negotiate} {}
1055: Suppress sending Capability Negotiation as OPEN message optional
1056: parameter to the peer. This command only affects the peer is configured
1057: other than IPv4 unicast configuration.
1058: @end deffn
1059:
1060: When remote peer does not have capability negotiation feature, remote
1061: peer will not send any capabilities at all. In that case, bgp
1062: configures the peer with configured capabilities.
1063:
1064: You may prefer locally configured capabilities more than the negotiated
1065: capabilities even though remote peer sends capabilities. If the peer
1066: is configured by @command{override-capability}, @command{bgpd} ignores
1067: received capabilities then override negotiated capabilities with
1068: configured values.
1069:
1070: @deffn {BGP} {neighbor @var{peer} override-capability} {}
1071: @deffnx {BGP} {no neighbor @var{peer} override-capability} {}
1072: Override the result of Capability Negotiation with local configuration.
1073: Ignore remote peer's capability value.
1074: @end deffn
1075:
1076: @node Route Reflector
1077: @section Route Reflector
1078:
1079: @deffn {BGP} {bgp cluster-id @var{a.b.c.d}} {}
1080: @end deffn
1081:
1082: @deffn {BGP} {neighbor @var{peer} route-reflector-client} {}
1083: @deffnx {BGP} {no neighbor @var{peer} route-reflector-client} {}
1084: @end deffn
1085:
1086: @node Route Server
1087: @section Route Server
1088:
1089: At an Internet Exchange point, many ISPs are connected to each other by
1090: external BGP peering. Normally these external BGP connection are done by
1091: @samp{full mesh} method. As with internal BGP full mesh formation,
1092: this method has a scaling problem.
1093:
1094: This scaling problem is well known. Route Server is a method to resolve
1095: the problem. Each ISP's BGP router only peers to Route Server. Route
1096: Server serves as BGP information exchange to other BGP routers. By
1097: applying this method, numbers of BGP connections is reduced from
1098: O(n*(n-1)/2) to O(n).
1099:
1100: Unlike normal BGP router, Route Server must have several routing tables
1101: for managing different routing policies for each BGP speaker. We call the
1102: routing tables as different @code{view}s. @command{bgpd} can work as
1103: normal BGP router or Route Server or both at the same time.
1104:
1105: @menu
1106: * Multiple instance::
1107: * BGP instance and view::
1108: * Routing policy::
1109: * Viewing the view::
1110: @end menu
1111:
1112: @node Multiple instance
1113: @subsection Multiple instance
1114:
1115: To enable multiple view function of @code{bgpd}, you must turn on
1116: multiple instance feature beforehand.
1117:
1118: @deffn {Command} {bgp multiple-instance} {}
1119: Enable BGP multiple instance feature. After this feature is enabled,
1120: you can make multiple BGP instances or multiple BGP views.
1121: @end deffn
1122:
1123: @deffn {Command} {no bgp multiple-instance} {}
1124: Disable BGP multiple instance feature. You can not disable this feature
1125: when BGP multiple instances or views exist.
1126: @end deffn
1127:
1128: When you want to make configuration more Cisco like one,
1129:
1130: @deffn {Command} {bgp config-type cisco} {}
1131: Cisco compatible BGP configuration output.
1132: @end deffn
1133:
1134: When bgp config-type cisco is specified,
1135:
1136: ``no synchronization'' is displayed.
1137: ``no auto-summary'' is displayed.
1138:
1139: ``network'' and ``aggregate-address'' argument is displayed as
1140: ``A.B.C.D M.M.M.M''
1141:
1142: Quagga: network 10.0.0.0/8
1143: Cisco: network 10.0.0.0
1144:
1145: Quagga: aggregate-address 192.168.0.0/24
1146: Cisco: aggregate-address 192.168.0.0 255.255.255.0
1147:
1148: Community attribute handling is also different. If there is no
1149: configuration is specified community attribute and extended community
1150: attribute are sent to neighbor. When user manually disable the
1151: feature community attribute is not sent to the neighbor. In case of
1152: @command{bgp config-type cisco} is specified, community attribute is not
1153: sent to the neighbor by default. To send community attribute user has
1154: to specify @command{neighbor A.B.C.D send-community} command.
1155:
1156: @example
1157: !
1158: router bgp 1
1159: neighbor 10.0.0.1 remote-as 1
1160: no neighbor 10.0.0.1 send-community
1161: !
1162: router bgp 1
1163: neighbor 10.0.0.1 remote-as 1
1164: neighbor 10.0.0.1 send-community
1165: !
1166: @end example
1167:
1168: @deffn {Command} {bgp config-type zebra} {}
1169: Quagga style BGP configuration. This is default.
1170: @end deffn
1171:
1172: @node BGP instance and view
1173: @subsection BGP instance and view
1174:
1175: BGP instance is a normal BGP process. The result of route selection
1176: goes to the kernel routing table. You can setup different AS at the
1177: same time when BGP multiple instance feature is enabled.
1178:
1179: @deffn {Command} {router bgp @var{as-number}} {}
1180: Make a new BGP instance. You can use arbitrary word for the @var{name}.
1181: @end deffn
1182:
1183: @example
1184: @group
1185: bgp multiple-instance
1186: !
1187: router bgp 1
1188: neighbor 10.0.0.1 remote-as 2
1189: neighbor 10.0.0.2 remote-as 3
1190: !
1191: router bgp 2
1192: neighbor 10.0.0.3 remote-as 4
1193: neighbor 10.0.0.4 remote-as 5
1194: @end group
1195: @end example
1196:
1197: BGP view is almost same as normal BGP process. The result of
1198: route selection does not go to the kernel routing table. BGP view is
1199: only for exchanging BGP routing information.
1200:
1201: @deffn {Command} {router bgp @var{as-number} view @var{name}} {}
1202: Make a new BGP view. You can use arbitrary word for the @var{name}. This
1203: view's route selection result does not go to the kernel routing table.
1204: @end deffn
1205:
1206: With this command, you can setup Route Server like below.
1207:
1208: @example
1209: @group
1210: bgp multiple-instance
1211: !
1212: router bgp 1 view 1
1213: neighbor 10.0.0.1 remote-as 2
1214: neighbor 10.0.0.2 remote-as 3
1215: !
1216: router bgp 2 view 2
1217: neighbor 10.0.0.3 remote-as 4
1218: neighbor 10.0.0.4 remote-as 5
1219: @end group
1220: @end example
1221:
1222: @node Routing policy
1223: @subsection Routing policy
1224:
1225: You can set different routing policy for a peer. For example, you can
1226: set different filter for a peer.
1227:
1228: @example
1229: @group
1230: bgp multiple-instance
1231: !
1232: router bgp 1 view 1
1233: neighbor 10.0.0.1 remote-as 2
1234: neighbor 10.0.0.1 distribute-list 1 in
1235: !
1236: router bgp 1 view 2
1237: neighbor 10.0.0.1 remote-as 2
1238: neighbor 10.0.0.1 distribute-list 2 in
1239: @end group
1240: @end example
1241:
1242: This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view
1243: 2. When the update is inserted into view 1, distribute-list 1 is
1244: applied. On the other hand, when the update is inserted into view 2,
1245: distribute-list 2 is applied.
1246:
1247: @node Viewing the view
1248: @subsection Viewing the view
1249:
1250: To display routing table of BGP view, you must specify view name.
1251:
1252: @deffn {Command} {show ip bgp view @var{name}} {}
1253: Display routing table of BGP view @var{name}.
1254: @end deffn
1255:
1256: @node How to set up a 6-Bone connection
1257: @section How to set up a 6-Bone connection
1258:
1259:
1260: @example
1261: @group
1262: zebra configuration
1263: ===================
1264: !
1265: ! Actually there is no need to configure zebra
1266: !
1267:
1268: bgpd configuration
1269: ==================
1270: !
1271: ! This means that routes go through zebra and into the kernel.
1272: !
1273: router zebra
1274: !
1275: ! MP-BGP configuration
1276: !
1277: router bgp 7675
1278: bgp router-id 10.0.0.1
1279: neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 remote-as @var{as-number}
1280: !
1281: address-family ipv6
1282: network 3ffe:506::/32
1283: neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 activate
1284: neighbor 3ffe:1cfa:0:2:2a0:c9ff:fe9e:f56 route-map set-nexthop out
1285: neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 remote-as @var{as-number}
1286: neighbor 3ffe:1cfa:0:2:2c0:4fff:fe68:a231 route-map set-nexthop out
1287: exit-address-family
1288: !
1289: ipv6 access-list all permit any
1290: !
1291: ! Set output nexthop address.
1292: !
1293: route-map set-nexthop permit 10
1294: match ipv6 address all
1295: set ipv6 nexthop global 3ffe:1cfa:0:2:2c0:4fff:fe68:a225
1296: set ipv6 nexthop local fe80::2c0:4fff:fe68:a225
1297: !
1298: ! logfile FILENAME is obsolete. Please use log file FILENAME
1299:
1300: log file bgpd.log
1301: !
1302: @end group
1303: @end example
1304:
1305: @node Dump BGP packets and table
1306: @section Dump BGP packets and table
1307:
1308: @deffn Command {dump bgp all @var{path}} {}
1309: @deffnx Command {dump bgp all @var{path} @var{interval}} {}
1310: Dump all BGP packet and events to @var{path} file.
1311: @end deffn
1312:
1313: @deffn Command {dump bgp updates @var{path}} {}
1314: @deffnx Command {dump bgp updates @var{path} @var{interval}} {}
1315: Dump BGP updates to @var{path} file.
1316: @end deffn
1317:
1318: @deffn Command {dump bgp routes @var{path}} {}
1319: @deffnx Command {dump bgp routes @var{path}} {}
1320: Dump whole BGP routing table to @var{path}. This is heavy process.
1321: @end deffn
1322:
1323: @node BGP Configuration Examples
1324: @section BGP Configuration Examples
1325:
1326: Example of a session to an upstream, advertising only one prefix to it.
1327:
1328: @example
1329: router bgp 64512
1330: bgp router-id 10.236.87.1
1331: network 10.236.87.0/24
1332: neighbor upstream peer-group
1333: neighbor upstream remote-as 64515
1334: neighbor upstream capability dynamic
1335: neighbor upstream prefix-list pl-allowed-adv out
1336: neighbor 10.1.1.1 peer-group upstream
1337: neighbor 10.1.1.1 description ACME ISP
1338: !
1339: ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
1340: ip prefix-list pl-allowed-adv seq 10 deny any
1341:
1342: @end example
1343:
1344: A more complex example. With upstream, peer and customer sessions.
1345: Advertising global prefixes and NO_EXPORT prefixes and providing
1346: actions for customer routes based on community values. Extensive use of
1347: route-maps and the 'call' feature to support selective advertising of
1348: prefixes. This example is intended as guidance only, it has NOT been
1349: tested and almost certainly containts silly mistakes, if not serious
1350: flaws.
1351:
1352: @example
1353: router bgp 64512
1354: bgp router-id 10.236.87.1
1355: network 10.123.456.0/24
1356: network 10.123.456.128/25 route-map rm-no-export
1357: neighbor upstream capability dynamic
1358: neighbor upstream route-map rm-upstream-out out
1359: neighbor cust capability dynamic
1360: neighbor cust route-map rm-cust-in in
1361: neighbor cust route-map rm-cust-out out
1362: neighbor cust send-community both
1363: neighbor peer capability dynamic
1364: neighbor peer route-map rm-peer-in in
1365: neighbor peer route-map rm-peer-out out
1366: neighbor peer send-community both
1367: neighbor 10.1.1.1 remote-as 64515
1368: neighbor 10.1.1.1 peer-group upstream
1369: neighbor 10.2.1.1 remote-as 64516
1370: neighbor 10.2.1.1 peer-group upstream
1371: neighbor 10.3.1.1 remote-as 64517
1372: neighbor 10.3.1.1 peer-group cust-default
1373: neighbor 10.3.1.1 description customer1
1374: neighbor 10.3.1.1 prefix-list pl-cust1-network in
1375: neighbor 10.4.1.1 remote-as 64518
1376: neighbor 10.4.1.1 peer-group cust
1377: neighbor 10.4.1.1 prefix-list pl-cust2-network in
1378: neighbor 10.4.1.1 description customer2
1379: neighbor 10.5.1.1 remote-as 64519
1380: neighbor 10.5.1.1 peer-group peer
1381: neighbor 10.5.1.1 prefix-list pl-peer1-network in
1382: neighbor 10.5.1.1 description peer AS 1
1383: neighbor 10.6.1.1 remote-as 64520
1384: neighbor 10.6.1.1 peer-group peer
1385: neighbor 10.6.1.1 prefix-list pl-peer2-network in
1386: neighbor 10.6.1.1 description peer AS 2
1387: !
1388: ip prefix-list pl-default permit 0.0.0.0/0
1389: !
1390: ip prefix-list pl-upstream-peers permit 10.1.1.1/32
1391: ip prefix-list pl-upstream-peers permit 10.2.1.1/32
1392: !
1393: ip prefix-list pl-cust1-network permit 10.3.1.0/24
1394: ip prefix-list pl-cust1-network permit 10.3.2.0/24
1395: !
1396: ip prefix-list pl-cust2-network permit 10.4.1.0/24
1397: !
1398: ip prefix-list pl-peer1-network permit 10.5.1.0/24
1399: ip prefix-list pl-peer1-network permit 10.5.2.0/24
1400: ip prefix-list pl-peer1-network permit 192.168.0.0/24
1401: !
1402: ip prefix-list pl-peer2-network permit 10.6.1.0/24
1403: ip prefix-list pl-peer2-network permit 10.6.2.0/24
1404: ip prefix-list pl-peer2-network permit 192.168.1.0/24
1405: ip prefix-list pl-peer2-network permit 192.168.2.0/24
1406: ip prefix-list pl-peer2-network permit 172.16.1/24
1407: !
1408: ip as-path access-list asp-own-as permit ^$
1409: ip as-path access-list asp-own-as permit _64512_
1410: !
1411: ! #################################################################
1412: ! Match communities we provide actions for, on routes receives from
1413: ! customers. Communities values of <our-ASN>:X, with X, have actions:
1414: !
1415: ! 100 - blackhole the prefix
1416: ! 200 - set no_export
1417: ! 300 - advertise only to other customers
1418: ! 400 - advertise only to upstreams
1419: ! 500 - set no_export when advertising to upstreams
1420: ! 2X00 - set local_preference to X00
1421: !
1422: ! blackhole the prefix of the route
1423: ip community-list standard cm-blackhole permit 64512:100
1424: !
1425: ! set no-export community before advertising
1426: ip community-list standard cm-set-no-export permit 64512:200
1427: !
1428: ! advertise only to other customers
1429: ip community-list standard cm-cust-only permit 64512:300
1430: !
1431: ! advertise only to upstreams
1432: ip community-list standard cm-upstream-only permit 64512:400
1433: !
1434: ! advertise to upstreams with no-export
1435: ip community-list standard cm-upstream-noexport permit 64512:500
1436: !
1437: ! set local-pref to least significant 3 digits of the community
1438: ip community-list standard cm-prefmod-100 permit 64512:2100
1439: ip community-list standard cm-prefmod-200 permit 64512:2200
1440: ip community-list standard cm-prefmod-300 permit 64512:2300
1441: ip community-list standard cm-prefmod-400 permit 64512:2400
1442: ip community-list expanded cme-prefmod-range permit 64512:2...
1443: !
1444: ! Informational communities
1445: !
1446: ! 3000 - learned from upstream
1447: ! 3100 - learned from customer
1448: ! 3200 - learned from peer
1449: !
1450: ip community-list standard cm-learnt-upstream permit 64512:3000
1451: ip community-list standard cm-learnt-cust permit 64512:3100
1452: ip community-list standard cm-learnt-peer permit 64512:3200
1453: !
1454: ! ###################################################################
1455: ! Utility route-maps
1456: !
1457: ! These utility route-maps generally should not used to permit/deny
1458: ! routes, i.e. they do not have meaning as filters, and hence probably
1459: ! should be used with 'on-match next'. These all finish with an empty
1460: ! permit entry so as not interfere with processing in the caller.
1461: !
1462: route-map rm-no-export permit 10
1463: set community additive no-export
1464: route-map rm-no-export permit 20
1465: !
1466: route-map rm-blackhole permit 10
1467: description blackhole, up-pref and ensure it cant escape this AS
1468: set ip next-hop 127.0.0.1
1469: set local-preference 10
1470: set community additive no-export
1471: route-map rm-blackhole permit 20
1472: !
1473: ! Set local-pref as requested
1474: route-map rm-prefmod permit 10
1475: match community cm-prefmod-100
1476: set local-preference 100
1477: route-map rm-prefmod permit 20
1478: match community cm-prefmod-200
1479: set local-preference 200
1480: route-map rm-prefmod permit 30
1481: match community cm-prefmod-300
1482: set local-preference 300
1483: route-map rm-prefmod permit 40
1484: match community cm-prefmod-400
1485: set local-preference 400
1486: route-map rm-prefmod permit 50
1487: !
1488: ! Community actions to take on receipt of route.
1489: route-map rm-community-in permit 10
1490: description check for blackholing, no point continuing if it matches.
1491: match community cm-blackhole
1492: call rm-blackhole
1493: route-map rm-community-in permit 20
1494: match community cm-set-no-export
1495: call rm-no-export
1496: on-match next
1497: route-map rm-community-in permit 30
1498: match community cme-prefmod-range
1499: call rm-prefmod
1500: route-map rm-community-in permit 40
1501: !
1502: ! #####################################################################
1503: ! Community actions to take when advertising a route.
1504: ! These are filtering route-maps,
1505: !
1506: ! Deny customer routes to upstream with cust-only set.
1507: route-map rm-community-filt-to-upstream deny 10
1508: match community cm-learnt-cust
1509: match community cm-cust-only
1510: route-map rm-community-filt-to-upstream permit 20
1511: !
1512: ! Deny customer routes to other customers with upstream-only set.
1513: route-map rm-community-filt-to-cust deny 10
1514: match community cm-learnt-cust
1515: match community cm-upstream-only
1516: route-map rm-community-filt-to-cust permit 20
1517: !
1518: ! ###################################################################
1519: ! The top-level route-maps applied to sessions. Further entries could
1520: ! be added obviously..
1521: !
1522: ! Customers
1523: route-map rm-cust-in permit 10
1524: call rm-community-in
1525: on-match next
1526: route-map rm-cust-in permit 20
1527: set community additive 64512:3100
1528: route-map rm-cust-in permit 30
1529: !
1530: route-map rm-cust-out permit 10
1531: call rm-community-filt-to-cust
1532: on-match next
1533: route-map rm-cust-out permit 20
1534: !
1535: ! Upstream transit ASes
1536: route-map rm-upstream-out permit 10
1537: description filter customer prefixes which are marked cust-only
1538: call rm-community-filt-to-upstream
1539: on-match next
1540: route-map rm-upstream-out permit 20
1541: description only customer routes are provided to upstreams/peers
1542: match community cm-learnt-cust
1543: !
1544: ! Peer ASes
1545: ! outbound policy is same as for upstream
1546: route-map rm-peer-out permit 10
1547: call rm-upstream-out
1548: !
1549: route-map rm-peer-in permit 10
1550: set community additive 64512:3200
1551: @end example
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bgpd.texi CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / quagga / doc