diff options
Diffstat (limited to 'docs/configuration/protocols')
-rw-r--r-- | docs/configuration/protocols/bgp.rst | 213 |
1 files changed, 160 insertions, 53 deletions
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index b577e5b9..ae7eb795 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -231,7 +231,8 @@ Route Selection have a value of infinity. The default state, where the missing MED attribute is considered to have a value of zero. -.. cfgcmd:: set protocols bgp <asn> parameters default local-pref <local-pref value> +.. cfgcmd:: set protocols bgp <asn> parameters default local-pref + <local-pref value> This command specifies the default local preference value. The local preference range is 0 to 4294967295. @@ -246,13 +247,15 @@ Route Selection Administrative Distance ----------------------- -.. cfgcmd:: set protocols bgp <asn> parameters distance global <external|internal|local> <distance> +.. cfgcmd:: set protocols bgp <asn> parameters distance global + <external|internal|local> <distance> This command change distance value of BGP. The arguments are the distance values for external routes, internal routes and local routes respectively. The distance range is 1 to 255. -.. cfgcmd:: set protocols bgp <asn> parameters distance prefix <subnet> distance <distance> +.. cfgcmd:: set protocols bgp <asn> parameters distance prefix <subnet> distance + <distance> This command sets the administrative distance for a particular route. The distance range is 1 to 255. @@ -263,34 +266,47 @@ Administrative Distance Network Advertisement --------------------- -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> network <prefix> +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + network <prefix> This command is used for advertising IPv4 or IPv6 networks. - .. note:: By default, the BGP prefix is advertised even if it's not present in - the routing table. This behaviour differs from the implementation of some vendors. + .. note:: By default, the BGP prefix is advertised even if it's not present + in the routing table. This behaviour differs from the implementation of + some vendors. -.. cfgcmd:: set protocols bgp <asn> parameters network-import-check +.. cfgcmd:: set protocols bgp <asn> parameters network-import-check - This configuration modifies the behavior of the network statement. - If you have this configured the underlying network must exist in the - routing table. + This configuration modifies the behavior of the network statement. If you + have this configured the underlying network must exist in the routing table. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> default-originate [route-map <name>] + + By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is + in routing table. When you want to announce default routes to the peer, use + this command. Using optional argument :cfgcmd:`route-map` you can inject the + default route to given neighbor only if the conditions in the route map are + met. Route Aggregation ----------------- -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + aggregate-address <prefix> This command specifies an aggregate address. The router will also announce longer-prefixes inside of the aggregate address. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> as-set +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + aggregate-address <prefix> as-set This command specifies an aggregate address with a mathematical set of autonomous systems. This command summarizes the AS_PATH attributes of all the individual routes. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> summary-only +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + aggregate-address <prefix> summary-only This command specifies an aggregate address and provides that longer-prefixes inside of the aggregate address are suppressed @@ -299,54 +315,64 @@ Route Aggregation Redistribution -------------- -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute connected +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute connected Redistribute connected routes to BGP process. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute kernel +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute kernel Redistribute kernel routes to BGP process. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute ospf +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute ospf Redistribute OSPF routes to BGP process. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute rip +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute rip Redistribute RIP routes to BGP process. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute static +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute static Redistribute static routes to BGP process. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute <route source> metric <number> +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute <route source> metric <number> This command specifies metric (MED) for redistributed routes. The metric range is 0 to 4294967295. -.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute <route source> route-map <name> +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> + redistribute <route source> route-map <name> This command allows to use route map to filter redistributed routes. -Peers ------ +Peers Configuration +------------------- Defining Peers ^^^^^^^^^^^^^^ -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as <nasn> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as + <nasn> This command creates a new neighbor whose remote-as is NASN. The neighbor address can be an IPv4 address or an IPv6 address or an interface to use for the connection. The command it applicable for peer and peer group. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as internal +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as + internal Create a peer as you would when you specify an ASN, except that if the peers ASN is different than mine as specified under the :cfgcmd:`protocols bgp <asn>` command the connection will be denied. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as external +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as + external Create a peer as you would when you specify an ASN, except that if the peers ASN is the same as mine as specified under the :cfgcmd:`protocols @@ -357,11 +383,13 @@ Defining Peers This command disable the peer or peer group. To reenable the peer use the delete form of this command. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> description <text> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> description + <text> Set description of the peer or peer group. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> update-source <address|interface> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> update-source + <address|interface> Specify the IPv4 source address to use for the BGP session to this neighbour, may be specified as either an IPv4 address directly or as an interface name. @@ -369,12 +397,14 @@ Defining Peers Capability Negotiation ^^^^^^^^^^^^^^^^^^^^^^ -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability dynamic +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability + dynamic This command would allow the dynamic update of capabilities over an established BGP session. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability extended-nexthop +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability + extended-nexthop Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability @@ -382,7 +412,8 @@ Capability Negotiation then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> disable-capability-negotiation +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> + disable-capability-negotiation Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is @@ -394,20 +425,22 @@ Capability Negotiation You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is - configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities - then override negotiated capabilities with configured values. + configured by :cfgcmd:`override-capability`, VyOS ignores received + capabilities then override negotiated capabilities with configured values. Additionally you should keep in mind that this feature fundamentally disables the ability to use widely deployed BGP features. BGP unnumbered, hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities, and graceful restart. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> override-capability +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> + override-capability This command allow override the result of Capability Negotiation with local configuration. Ignore remote peer’s capability value. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> strict-capability-match +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> + strict-capability-match This command forces strictly compare remote capabilities and local capabilities. If capabilities are different, send Unsupported Capability @@ -421,7 +454,8 @@ Capability Negotiation Peer Parameters ^^^^^^^^^^^^^^^ -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> allowas-in number <number> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> allowas-in number <number> This command accept incoming routes with AS path containing AS number with the same value as the current system AS. This is @@ -434,7 +468,8 @@ Peer Parameters This command is only allowed for eBGP peers. It is not applicable for peer groups. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> as-override +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> as-override This command override AS number of the originating router with the local AS number. @@ -447,23 +482,43 @@ Peer Parameters This command is only allowed for eBGP peers. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> attribute-unchanged <as-path|med|next-hop> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> attribute-unchanged <as-path|med|next-hop> This command specifies attributes to be left unchanged for advertisements sent to a peer or peer group. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> maximum-prefix <number> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> distribute-list <export|import> <number> + + This command applys the access list filters named in <number> to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the prefix lists are applied. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> filter-list <export|import> <name> + + This command applys the AS path access list filters named in <name> to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the prefix lists are applied. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> maximum-prefix <number> This command specifies a maximum number of prefixes we can receive from a given peer. If this number is exceeded, the BGP session will be destroyed. The number range is 1 to 4294967295. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> nexthop-self +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> nexthop-self This command forces the BGP speaker to report itself as the next hop for an advertised route it advertised to a neighbor. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> remove-private-as +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> remove-private-as This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes @@ -475,24 +530,45 @@ Peer Parameters If the AS-Path for the route has a private ASN between public ASNs, it is assumed that this is a design choice, and the private ASN is not removed. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> soft-reconfiguration inbound + + Changes in BGP policies require the BGP session to be cleared. Clearing has a + large negative impact on network operations. Soft reconfiguration enables you + to generate inbound updates from a neighbor, change and activate BGP policies + without clearing the BGP session. + + This command specifies that route updates received from this neighbor will be + stored unmodified, regardless of the inbound policy. When inbound soft + reconfiguration is enabled, the stored updates are processed by the new + policy configuration to create new inbound updates. + + .. note:: Storage of route updates uses memory. If you enable soft + reconfiguration inbound for multiple neighbors, the amount of memory used + can become significant. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> weight <number> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family + <ipv4-unicast|ipv6-unicast> weight <number> This command specifies a default weight value for the neighbor’s routes. The number range is 1 to 65535. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> advertisement-interval <seconds> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> + advertisement-interval <seconds> This command specifies the minimum route advertisement interval for - the peer. This number is between 0 and 600 seconds, with the default + the peer. The interval value is 0 to 600 seconds, with the default advertisement interval being 0. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> disable-connected-check +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> + disable-connected-check This command allows peerings between directly connected eBGP peers using loopback addresses without adjusting the default TTL of 1. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ebgp-multihop <number> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ebgp-multihop + <number> This command allows sessions to be established with eBGP neighbors when they are multiple hops away. When the neighbor is not directly @@ -500,7 +576,8 @@ Peer Parameters The number of hops range is 1 to 255. This command is mutually exclusive with :cfgcmd:`ttl-security hops`. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> local-as <asn> [no-prepend] [replace-as] +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> local-as <asn> + [no-prepend] [replace-as] Specify an alternate AS for this BGP process when interacting with the specified peer or peer group. With no modifiers, the specified @@ -515,15 +592,15 @@ Peer Parameters local-as is prepended to the AS_PATH when transmitting local-route updates to this peer. - Note that replace-as can only be specified if no-prepend is. - This command is only allowed for eBGP peers. + .. note:: This command is only allowed for eBGP peers. .. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> passive Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ttl-security hops <number> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ttl-security + hops <number> This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors @@ -543,10 +620,15 @@ are treated as belonging to a default peer group, and will share updates. .. cfgcmd:: set protocols bgp <asn> peer-group <name> - This command defines a new peer group. You can specify to the group - the same parameters that you can specify for specific neighbors. + This command defines a new peer group. You can specify to the group the same + parameters that you can specify for specific neighbors. + + .. note:: If you apply a parameter to an individual neighbor IP address, you + override the action defined for a peer group that includes that IP + address. -.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> peer-group <name> +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> peer-group + <name> This command bind specific peer to peer group with a given name. @@ -597,6 +679,30 @@ Timers This command specifies keep-alive time in seconds. The timer can range from 4 to 65535.The default value is 60 second. +Route Reflector Configuration +----------------------------- + +BGP routers connected inside the same AS through BGP belong to an internal BGP +session, or IBGP. In order to prevent routing table loops, IBGP speaker does not +advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). +As such, IBGP requires a full mesh of all peers. For large networks, this +quickly becomes unscalable. Introducing route reflectors removes the need for +the full-mesh. Route reflectors mechanism is described in :rfc:`4456` and +updated by :rfc:`7606`. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address> address-family + <ipv4-unicast|ipv6-unicast> route-reflector-client + + This command specifies the given neighbor as route reflector client. + +.. cfgcmd:: set protocols bgp <asn> parameters cluster-id <id> + + This command specifies cluster ID which identifies a collection of route + reflectors and their clients, and is used by route reflectors to avoid + looping. By default cluster ID is set to the BGP router id value, but can be + set to an arbitrary 32-bit value. + + Operational Mode Commands ========================= @@ -624,7 +730,8 @@ Show .. opcmd:: show <ip|ipv6> bgp <address|prefix> - This command displays information about the particular entry in the BGP routing table. + This command displays information about the particular entry in the BGP + routing table. .. code-block:: none |