summaryrefslogtreecommitdiffstats
path: root/doc/user/bgp.rst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/user/bgp.rst196
1 files changed, 168 insertions, 28 deletions
diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst
index 5b8ec11..53dc551 100644
--- a/doc/user/bgp.rst
+++ b/doc/user/bgp.rst
@@ -14,10 +14,7 @@ interdomain routing protocol. BGP-4 is described in :rfc:`1771` and updated by
Starting BGP
============
-The default configuration file of *bgpd* is :file:`bgpd.conf`. *bgpd* searches
-the current directory first, followed by |INSTALL_PREFIX_ETC|/bgpd.conf. All of
-*bgpd*'s commands must be configured in :file:`bgpd.conf` when the integrated
-config is not being used.
+.. include:: config-include.rst
*bgpd* specific invocation options are described below. Common options may also
be specified (:ref:`common-invocation-options`).
@@ -494,8 +491,8 @@ Require policy on EBGP
exit1# show bgp summary
- IPv4 Unicast Summary (VRF default):
- BGP router identifier 10.10.10.1, local AS number 65001 vrf-id 0
+ IPv4 Unicast Summary:
+ BGP router identifier 10.10.10.1, local AS number 65001 VRF default vrf-id 0
BGP table version 4
RIB entries 7, using 1344 bytes of memory
Peers 2, using 43 KiB of memory
@@ -527,6 +524,27 @@ Reject routes with AS_SET or AS_CONFED_SET types
This command enables rejection of incoming and outgoing routes having AS_SET or AS_CONFED_SET type.
+Enforce first AS
+----------------
+
+.. clicmd:: bgp enforce-first-as
+
+ To configure a router to deny an update received from an external BGP (eBGP)
+ peer that does not list its autonomous system number at the beginning of
+ the `AS_PATH` in the incoming update, use the ``bgp enforce-first-as`` command
+ in router configuration mode.
+
+ In order to exclude an arbitrary neighbor from this enforcement, use the
+ command ``no neighbor NAME enforce-first-as``. And vice-versa if a global
+ enforcement is disabled, you can override this behavior per neighbor too.
+
+ Default: enabled.
+
+.. note::
+
+ If you have a peering to RS (Route-Server), most likely you MUST disable the
+ first AS enforcement.
+
Suppress duplicate updates
--------------------------
@@ -1309,10 +1327,31 @@ section for the specific AF to redistribute into. Protocol availability for
redistribution is determined by BGP AF; for example, you cannot redistribute
OSPFv3 into ``address-family ipv4 unicast`` as OSPFv3 supports IPv6.
-.. clicmd:: redistribute <babel|connected|eigrp|isis|kernel|openfabric|ospf|ospf6|rip|ripng|sharp|static|table> [metric (0-4294967295)] [route-map WORD]
+.. clicmd:: redistribute <babel|connected|eigrp|isis|kernel|openfabric|ospf|ospf6|rip|ripng|sharp|static> [metric (0-4294967295)] [route-map WORD]
Redistribute routes from other protocols into BGP.
+.. clicmd:: redistribute <table|table-direct> (1-65535)] [metric (0-4294967295)] [route-map WORD]
+
+ Redistribute routes from a routing table ID into BGP. There are two
+ techniques for redistribution:
+
+ - Standard Table Redistribution ``table (1-65535)``:
+ - Routes from the specified routing table ID are imported into the
+ default routing table using the ``ip import-table ID`` command.
+ - These routes are identified by the protocol type "T[ID]" when
+ displayed with ``show (ip|ipv6) route``.
+ - The ``redistribute table ID`` command then integrates these routes
+ into BGP.
+
+ - Direct Table Redistribution ``table-direct (1-65535)``:
+ - This method directly imports routes from the designated routing table
+ ID into BGP, omitting the step of adding to the default routing table.
+ - This method is especially relevant when the specified table ID is
+ checked against routing by appending the appropriate `ip rules`.
+
+Redistribute routes from a routing table number into BGP.
+
.. clicmd:: redistribute vnc-direct
Redistribute VNC direct (not via zebra) routes to BGP process.
@@ -1432,6 +1471,23 @@ Defining Peers
peers ASN is the same as mine as specified under the :clicmd:`router bgp ASN`
command the connection will be denied.
+.. clicmd:: neighbor PEER oad
+
+ Mark a peer belonging to the One Administrative Domain.
+
+ Some networks span more than one autonomous system and require more
+ flexibility in the propagation of path attributes.It is worth noting that
+ these multi-AS networks have a common or single administrative entity.
+ These networks are said to belong to One Administrative Domain (OAD).
+ It is desirable to carry IBGP-only attributes across EBGP peerings when
+ the peers belong to an OAD.
+
+ Enabling this peering sub-type will allow the propagation of non-transitive
+ attributes across EBGP peerings (e.g. local-preference). Make sure to
+ turn this peering type on for all peers in the OAD.
+
+ Disabled by default.
+
.. clicmd:: bgp listen range <A.B.C.D/M|X:X::X:X/M> peer-group PGNAME
Accept connections from any peers in the specified prefix. Configuration
@@ -1509,7 +1565,10 @@ Configuring Peers
Discard updates received from the specified (eBGP) peer if the AS_PATH
attribute does not contain the PEER's ASN as the first AS_PATH segment.
- Default: disabled.
+ You can enable or disable this enforcement globally too using
+ ``bgp enforce-first-as`` command.
+
+ Default: enabled.
.. clicmd:: neighbor PEER extended-optional-parameters
@@ -1545,7 +1604,10 @@ Configuring Peers
Configure an unnumbered BGP peer. ``PEER`` should be an interface name. The
session will be established via IPv6 link locals. Use ``internal`` for iBGP
- and ``external`` for eBGP sessions, or specify an ASN if you wish.
+ and ``external`` for eBGP sessions, or specify an ASN if you wish. Finally
+ this connection type is meant for point to point connections. If you are
+ on an ethernet segment and attempt to use this with more than one bgp
+ neighbor, only one neighbor will come up, due to how this feature works.
.. clicmd:: neighbor PEER next-hop-self [force]
@@ -1564,10 +1626,12 @@ Configuring Peers
.. clicmd:: neighbor PEER update-source <IFNAME|ADDRESS>
- Specify the IPv4 source address to use for the :abbr:`BGP` session to this
- neighbour, may be specified as either an IPv4 address directly or as an
+ Specify the IPv4 or IPv6 source address to use for the :abbr:`BGP` session to this
+ neighbour, may be specified as either an IP address directly or as an
interface name (in which case the *zebra* daemon MUST be running in order
- for *bgpd* to be able to retrieve interface state).
+ for *bgpd* to be able to retrieve interface state). When there are multiple
+ addresses on the choosen IFNAME then BGP will use the address that matches
+ the most number of bits in comparison to the destination peer address.
.. code-block:: frr
@@ -1610,7 +1674,18 @@ Configuring Peers
modifying the `net.core.optmem_max` sysctl to a larger value to
avoid out of memory errors from the linux kernel.
-.. clicmd:: neighbor PEER send-community
+.. clicmd:: neighbor PEER send-community <both|all|extended|standard|large>
+
+ Send the communities to the peer.
+
+ Default: enabled.
+
+.. clicmd:: neighbor PEER send-community extended rpki
+
+ Send the extended RPKI communities to the peer. RPKI extended community
+ can be send only to iBGP and eBGP-OAD peers.
+
+ Default: enabled.
.. clicmd:: neighbor PEER weight WEIGHT
@@ -1730,6 +1805,18 @@ Configuring Peers
This includes changing graceful-restart (LLGR also) timers,
enabling/disabling add-path, and other supported capabilities.
+.. clicmd:: neighbor PEER capability fqdn
+
+ Allow BGP to negotiate the FQDN Capability with its peers.
+
+ FQDN Capability defines a new BGP message (CAPABILITY) allowing the
+ use of peer's name and domain name.
+
+ This capability is activated by default. The ``no neighbor PEER capability
+ fqdn`` avoid negotiation of that capability. This is useful for peers who
+ are not supporting this capability or supporting BGP Capabilities
+ Negotiation RFC 2842.
+
.. clicmd:: neighbor <A.B.C.D|X:X::X:X|WORD> accept-own
Enable handling of self-originated VPN routes containing ``accept-own`` community.
@@ -1860,8 +1947,8 @@ Configuring Peers
.. code-block:: frr
- IPv4 Unicast Summary (VRF default):
- BGP router identifier 10.0.0.6, local AS number 65001 vrf-id 0
+ IPv4 Unicast Summary:
+ BGP router identifier 10.0.0.6, local AS number 65001 VRF default vrf-id 0
BGP table version 12
RIB entries 23, using 4600 bytes of memory
Peers 3, using 2174 KiB of memory
@@ -2059,7 +2146,6 @@ Capability Negotiation
.. clicmd:: neighbor PEER strict-capability-match
-
Strictly compares remote capabilities and local capabilities. If
capabilities are different, send Unsupported Capability error then reset
connection.
@@ -2986,7 +3072,33 @@ address-family:
Specifies the route-target list to be attached to a route (export) or the
route-target list to match against (import) when exporting/importing between
- the current unicast VRF and VPN.
+ the current unicast VRF and VPN. The `rt vpn export RTLIST` command is not
+ mandatory and can be replaced or completed by the `set extcommunity rt`
+ command in the route-map attached with the `route-map vpn export`. The below
+ configuration illustrates how the route target is selected based on the
+ prefixes, and not solely on vrf criterium:
+
+ .. code-block:: frr
+
+ access-list acl1 permit 192.0.2.0/24
+ access-list acl2 permit 192.0.3.0/24
+ route-map rmap permit 10
+ match address acl1
+ set extcommunity rt 65001:10
+ !
+ route-map rmap permit 20
+ match address acl1
+ set extcommunity rt 65001:20
+ !
+ router bgp 65001 vrf vrf1
+ !
+ address-family ipv4 unicast
+ rd vpn export 65001:1
+ import vpn
+ export vpn
+ rt vpn import 65001:1
+ route-map vpn export rmap
+
The RTLIST is a space-separated list of route-targets, which are BGP
extended community values as described in
@@ -3374,7 +3486,7 @@ The import filtering described in item (2) is constrained just to Type-2
The EVPN MAC-VRF Site-of-Origin can be configured using a single CLI command
under ``address-family l2vpn evpn`` of the EVPN underlay BGP instance.
-.. clicmd:: [no] mac-vrf soo <site-of-origin-string>
+.. clicmd:: mac-vrf soo <site-of-origin-string>
Example configuration:
@@ -3520,7 +3632,7 @@ route maybe fragmented.
The number of EVIs per-EAD route can be configured via the following
BGP command -
-.. clicmd:: [no] ead-es-frag evi-limit (1-1000)
+.. clicmd:: ead-es-frag evi-limit (1-1000)
Sample Configuration
^^^^^^^^^^^^^^^^^^^^^
@@ -3698,7 +3810,7 @@ When default route is present in R2'2 BGP table, 10.139.224.0/20 and 192.0.2.1/3
*> 192.0.2.1/32 10.10.10.1 0 0 1 i
*> 192.0.2.5/32 10.10.10.1 0 0 1 i
- Displayed 4 routes and 4 total paths
+ Displayed 4 routes and 4 total paths
Router2# show ip bgp neighbors 10.10.20.3
!--- Output suppressed.
@@ -3746,7 +3858,7 @@ When default route is not present in R2'2 BGP table, 10.139.224.0/20 and 192.0.2
*> 192.0.2.1/32 10.10.10.1 0 0 1 i
*> 192.0.2.5/32 10.10.10.1 0 0 1 i
- Displayed 3 routes and 3 total paths
+ Displayed 3 routes and 3 total paths
Router2# show ip bgp neighbors 10.10.20.3
@@ -3815,12 +3927,20 @@ Debugging
information on BGP events such as peer connection / disconnection, session
establishment / teardown, and capability negotiation.
-.. clicmd:: debug bgp updates
+.. clicmd:: debug bgp updates [detail]
Enable or disable debugging for BGP updates. This provides information on
BGP UPDATE messages transmitted and received between local and remote
instances.
+ If ``detail`` is specified, the output will include the full BGP UPDATE with
+ detailed information such as attribute length, withdraw length, and more.
+
+.. clicmd:: debug bgp updates <in|out> [<A.B.C.D|X:X::X:X|WORD> [prefix-list WORD]]
+
+ Enable or disable debugging for BGP updates. Optionally, you can specify
+ a prefix-list to filter the updates for an arbitrary neighbor.
+
.. clicmd:: debug bgp keepalives
Enable or disable debugging for BGP keepalives. This provides information on
@@ -3921,6 +4041,26 @@ The following are available in the top level *enable* mode:
Clear BGP message statistics for a specified peer or for all peers,
optionally filtered by activated address-family and sub-address-family.
+.. clicmd:: clear bgp [ipv4|ipv6] [unicast] PEER|\* capabilities
+
+ Clear specific BGP capabilities for a specified peer or for all peers. This
+ includes such capabilities like FQDN capability, that can't be controlled by
+ any other configuration knob.
+
+ For example, if you want to change the FQDN, you MUST reset the BGP session
+ in order to send a new FQDN capability to the peer. This command allows you
+ to resend FQDN capability without resetting the session.
+
+ .. code-block:: frr
+
+ hostname bgp-new.example.com
+ clear bgp 10.10.10.1 capabilities
+
+.. note::
+
+ Changing the hostname is possible only when connected to the specific daemon.
+ If you change the hostname via ``vtysh``, it won't be changed.
+
The following are available in the ``router bgp`` mode:
.. clicmd:: write-quanta (1-64)
@@ -4044,8 +4184,8 @@ structure is extended with :clicmd:`show bgp [afi] [safi]`.
exit1# show ip bgp summary wide
- IPv4 Unicast Summary (VRF default):
- BGP router identifier 192.168.100.1, local AS number 65534 vrf-id 0
+ IPv4 Unicast Summary:
+ BGP router identifier 192.168.100.1, local AS number 65534 VRF default vrf-id 0
BGP table version 3
RIB entries 5, using 920 bytes of memory
Peers 1, using 27 KiB of memory
@@ -4339,7 +4479,7 @@ incoming/outgoing directions.
Origin incomplete, metric 0, weight 32768, valid, sourced, bestpath-from-AS Local, best (First path received)
Last update: Wed May 8 12:54:41 2023
- Displayed 2 routes and 2 total paths
+ Displayed 2 routes and 2 total paths
.. code-block:: frr
@@ -4364,7 +4504,7 @@ incoming/outgoing directions.
Origin incomplete, metric 0, weight 32768, valid, sourced, bestpath-from-AS Local, best (First path received)
Last update: Wed May 8 12:45:01 2023
- Displayed 2 routes and 2 total paths
+ Displayed 2 routes and 2 total paths
Instance vrf3:
@@ -4389,7 +4529,7 @@ incoming/outgoing directions.
Extended Community: RT:65000:1009 ET:8 Rmac:00:02:00:00:00:58
Last update: Fri May 8 02:41:55 2023
- Displayed 2 routes and 2 total paths
+ Displayed 2 routes and 2 total paths
.. code-block:: frr
@@ -4417,7 +4557,7 @@ incoming/outgoing directions.
Extended Community: RT:65000:1009 ET:8 Rmac:00:02:00:00:00:58
Last update: Fri May 8 02:23:55 2023
- Displayed 2 routes and 2 total paths
+ Displayed 2 routes and 2 total paths
.. _bgp-display-routes-by-community: