summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/protocols/bgp.rst409
1 files changed, 409 insertions, 0 deletions
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst
index c576d836..54d996e8 100644
--- a/docs/configuration/protocols/bgp.rst
+++ b/docs/configuration/protocols/bgp.rst
@@ -174,6 +174,13 @@ ASN and Router ID
Route Selection
---------------
+.. cfgcmd:: set protocols bgp <asn> parameters always-compare-med
+
+ This command provides to compare the MED on routes, even when they were
+ received from different neighbouring ASes. Setting this option makes the
+ order of preference of routes more defined, and should eliminate MED
+ induced oscillations.
+
.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path confed
This command specifies that the length of confederation path sets and
@@ -190,6 +197,408 @@ Route Selection
Ignore AS_PATH length when selecting a route
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath compare-routerid
+
+ Ensure that when comparing routes where both are equal on most metrics,
+ including local-pref, AS_PATH length, IGP cost, MED, that the tie is
+ broken based on router-ID.
+
+ If this option is enabled, then the already-selected check, where
+ already selected eBGP routes are preferred, is skipped.
+
+ If a route has an ORIGINATOR_ID attribute because it has been reflected,
+ that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer
+ the route was received from will be used.
+
+ The advantage of this is that the route-selection (at this point) will
+ be more deterministic. The disadvantage is that a few or even one lowest-ID
+ router may attract all traffic to otherwise-equal paths because of this
+ check. It may increase the possibility of MED or IGP oscillation, unless
+ other measures were taken to avoid these. The exact behaviour will be
+ sensitive to the iBGP and reflection topology.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath med confed
+
+ This command specifies that BGP considers the MED when comparing routes
+ originated from different sub-ASs within the confederation to which this
+ BGP speaker belongs. The default state, where the MED attribute is not
+ considered.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath med missing-as-worst
+
+ This command specifies that a route with a MED is always considered to be
+ better than a route without a MED by causing the missing MED attribute to
+ have a value of infinity. The default state, where the missing MED
+ attribute is considered to have a value of zero.
+
+.. cfgcmd:: set protocols bgp <asn> parameters default local-pref <local-pref value>
+
+ This command specifies the default local preference value. The local
+ preference range is 0 to 4294967295.
+
+.. cfgcmd:: set protocols bgp <asn> parameters deterministic-med
+
+ This command provides to compare different MED values that advertised by
+ neighbours in the same AS for routes selection. When this command is enabled,
+ routes from the same autonomous system are grouped together, and the best
+ entries of each group are compared.
+
+Administrative Distance
+-----------------------
+
+.. cfgcmd:: set protocols bgp <asn> parameters distance global <external|internal|local> <distance>
+
+ This command change distance value of BGP. The arguments are the distance
+ values for external routes, internal routes and local routes respectively.
+ The distance range is 1 to 255.
+
+.. cfgcmd:: set protocols bgp <asn> parameters distance prefix <subnet> distance <distance>
+
+ This command sets the administrative distance for a particular route. The
+ distance range is 1 to 255.
+
+ .. note:: Routes with a distance of 255 are effectively disabled and not
+ installed into the kernel.
+
+Network Advertisement
+---------------------
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> network <prefix>
+
+ This command is used for advertising IPv4 or IPv6 networks.
+
+ .. note:: By default, the BGP prefix is advertised even if it's not present in
+ the routing table. This behaviour differs from the implementation of some vendors.
+
+.. cfgcmd:: set protocols bgp <asn> parameters network-import-check
+
+ This configuration modifies the behavior of the network statement.
+ If you have this configured the underlying network must exist in the
+ routing table.
+
+Route Aggregation
+-----------------
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix>
+
+ This command specifies an aggregate address. The router will also
+ announce longer-prefixes inside of the aggregate address.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> as-set
+
+ This command specifies an aggregate address with a mathematical set of
+ autonomous systems. This command summarizes the AS_PATH attributes of
+ all the individual routes.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> summary-only
+
+ This command specifies an aggregate address and provides that
+ longer-prefixes inside of the aggregate address are suppressed
+ before sending BGP updates out to peers.
+
+Redistribution
+--------------
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute connected
+
+ Redistribute connected routes to BGP process.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute kernel
+
+ Redistribute kernel routes to BGP process.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute ospf
+
+ Redistribute OSPF routes to BGP process.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute rip
+
+ Redistribute RIP routes to BGP process.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute static
+
+ Redistribute static routes to BGP process.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute <route source> metric <number>
+
+ This command specifies metric (MED) for redistributed routes. The
+ metric range is 0 to 4294967295.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute <route source> route-map <name>
+
+ This command allows to use route map to filter redistributed routes.
+
+Peers
+-----
+
+Defining Peers
+^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as <nasn>
+
+ This command creates a new neighbor whose remote-as is NASN. The neighbor
+ address can be an IPv4 address or an IPv6 address or an interface to use
+ for the connection. The command it applicable for peer and peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as internal
+
+ Create a peer as you would when you specify an ASN, except that if the
+ peers ASN is different than mine as specified under the :cfgcmd:`protocols
+ bgp <asn>` command the connection will be denied.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as external
+
+ Create a peer as you would when you specify an ASN, except that if the
+ peers ASN is the same as mine as specified under the :cfgcmd:`protocols
+ bgp <asn>` command the connection will be denied.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> shutdown
+
+ This command disable the peer or peer group. To reenable the peer use
+ the delete form of this command.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> description <text>
+
+ Set description of the peer or peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> update-source <address|interface>
+
+ Specify the IPv4 source address to use for the BGP session to this neighbour,
+ may be specified as either an IPv4 address directly or as an interface name.
+
+Capability Negotiation
+^^^^^^^^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability dynamic
+
+ This command would allow the dynamic update of capabilities over an
+ established BGP session.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability extended-nexthop
+
+ Allow bgp to negotiate the extended-nexthop capability with it’s peer.
+ If you are peering over a IPv6 Link-Local address then this capability
+ is turned on automatically. If you are peering over a IPv6 Global Address
+ then turning on this command will allow BGP to install IPv4 routes with
+ IPv6 nexthops if you do not have IPv4 configured on interfaces.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> disable-capability-negotiation
+
+ Suppress sending Capability Negotiation as OPEN message optional
+ parameter to the peer. This command only affects the peer is
+ configured other than IPv4 unicast configuration.
+
+ When remote peer does not have capability negotiation feature,
+ remote peer will not send any capabilities at all. In that case,
+ bgp configures the peer with configured capabilities.
+
+ You may prefer locally configured capabilities more than the negotiated
+ capabilities even though remote peer sends capabilities. If the peer is
+ configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities
+ then override negotiated capabilities with configured values.
+
+ Additionally you should keep in mind that this feature fundamentally
+ disables the ability to use widely deployed BGP features. BGP unnumbered,
+ hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities,
+ and graceful restart.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> override-capability
+
+ This command allow override the result of Capability Negotiation with
+ local configuration. Ignore remote peer’s capability value.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> strict-capability-match
+
+ This command forces strictly compare remote capabilities and local
+ capabilities. If capabilities are different, send Unsupported Capability
+ error then reset connection.
+
+ You may want to disable sending Capability Negotiation OPEN message
+ optional parameter to the peer when remote peer does not implement
+ Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation`
+ command to disable the feature.
+
+Peer Parameters
+^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> allowas-in number <number>
+
+ This command accept incoming routes with AS path containing AS
+ number with the same value as the current system AS. This is
+ used when you want to use the same AS number in your sites,
+ but you can’t connect them directly.
+
+ The number parameter (1-10) configures the amount of accepted
+ occurences of the system AS number in AS path.
+
+ This command is only allowed for eBGP peers. It is not applicable
+ for peer groups.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> as-override
+
+ This command override AS number of the originating router with
+ the local AS number.
+
+ Usually this configuration is used in PEs (Provider Edge) to
+ replace the incoming customer AS number so the connected CE (
+ Customer Edge) can use the same AS number as the other customer
+ sites. This allows customers of the provider network to use the
+ same AS number across their sites.
+
+ This command is only allowed for eBGP peers.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> attribute-unchanged <as-path|med|next-hop>
+
+ This command specifies attributes to be left unchanged for
+ advertisements sent to a peer or peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> maximum-prefix <number>
+
+ This command specifies a maximum number of prefixes we can receive
+ from a given peer. If this number is exceeded, the BGP session
+ will be destroyed. The number range is 1 to 4294967295.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> nexthop-self
+
+ This command forces the BGP speaker to report itself as the
+ next hop for an advertised route it advertised to a neighbor.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> remove-private-as
+
+ This command removes the private ASN of routes that are advertised
+ to the configured peer. It removes only private ASNs on routes
+ advertised to EBGP peers.
+
+ If the AS-Path for the route has only private ASNs, the private
+ ASNs are removed.
+
+ If the AS-Path for the route has a private ASN between public
+ ASNs, it is assumed that this is a design choice, and the
+ private ASN is not removed.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> weight <number>
+
+ This command specifies a default weight value for the neighbor’s
+ routes. The number range is 1 to 65535.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> advertisement-interval <seconds>
+
+ This command specifies the minimum route advertisement interval for
+ the peer. This number is between 0 and 600 seconds, with the default
+ advertisement interval being 0.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> disable-connected-check
+
+ This command allows peerings between directly connected eBGP peers
+ using loopback addresses without adjusting the default TTL of 1.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ebgp-multihop <number>
+
+ This command allows sessions to be established with eBGP neighbors
+ when they are multiple hops away. When the neighbor is not directly
+ connected and this knob is not enabled, the session will not establish.
+ The number of hops range is 1 to 255.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> local-as <asn> [no-prepend] [replace-as]
+
+ Specify an alternate AS for this BGP process when interacting with
+ the specified peer or peer group. With no modifiers, the specified
+ local-as is prepended to the received AS_PATH when receiving routing
+ updates from the peer, and prepended to the outgoing AS_PATH (after
+ the process local AS) when transmitting local routes to the peer.
+
+ If the :cfgcmd:`no-prepend` attribute is specified, then the supplied
+ local-as is not prepended to the received AS_PATH.
+
+ If the :cfgcmd:`replace-as` attribute is specified, then only the supplied
+ local-as is prepended to the AS_PATH when transmitting local-route
+ updates to this peer.
+
+ Note that replace-as can only be specified if no-prepend is.
+ This command is only allowed for eBGP peers.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> passive
+
+ Configures the BGP speaker so that it only accepts inbound connections
+ from, but does not initiate outbound connections to the peer or peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ttl-security hops <number>
+
+ This command enforces Generalized TTL Security Mechanism (GTSM),
+ as specified in :rfc:`5082`. With this command, only neighbors
+ that are the specified number of hops away will be allowed to
+ become neighbors. The number of hops range is 1 to 254.This
+ command is mutually exclusive with :cfgcmd:`ebgp-multihop`.
+
+Peer Groups
+^^^^^^^^^^^
+
+Peer groups are used to help improve scaling by generating the same update
+information to all members of a peer group. Note that this means that the
+routes generated by a member of a peer group will be sent back to that
+originating peer with the originator identifier attribute set to indicated
+the originating peer. All peers not associated with a specific peer group
+are treated as belonging to a default peer group, and will share updates.
+
+.. cfgcmd:: set protocols bgp <asn> peer-group <name>
+
+ This command defines a new peer group. You can specify to the group
+ the same parameters that you can specify for specific neighbors.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> peer-group <name>
+
+ This command bind specific peer to peer group with a given name.
+
+General configuration
+---------------------
+
+.. cfgcmd:: set protocols bgp <asn> maximum-paths <ebgp|ibgp> <number>
+
+ This command defines the maximum number of parallel routes that
+ the BGP can support. In order for BGP to use the second path, the
+ following attributes have to match: Weight, Local Preference, AS
+ Path (both AS number and AS path length), Origin code, MED, IGP
+ metric. Also, the next hop address for each path must be different.
+
+.. cfgcmd:: set protocols bgp <asn> parameters default no-ipv4-unicast
+
+ This command allows the user to specify that IPv4 peering is turned off by
+ default.
+
+.. cfgcmd:: set protocols bgp <asn> parameters log-neighbor-changes
+
+ Tis command enable logging neighbor up/down changes and reset reason.
+
+.. cfgcmd:: set protocols bgp <asn> parameters no-client-to-client-reflection
+
+ Tis command disables route reflection between route reflector clients.
+ By default, the clients of a route reflector are not required to be
+ fully meshed and the routes from a client are reflected to other clients.
+ However, if the clients are fully meshed, route reflection is not required.
+ In this case, use the :cfgcmd:`no-client-to-client-reflection` command
+ to disable client-to-client reflection.
+
+.. cfgcmd:: set protocols bgp <asn> parameters no-fast-external-failover
+
+ Disable immediate sesison reset if peer's connected link goes down.
+
+Timers
+^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> timers holdtime <seconds>
+
+ This command specifies hold-time in seconds. The timer can
+ range from 4 to 65535.The default value is 180 second. If
+ you set value to 0 VyOS will not hold routes.
+
+.. cfgcmd:: set protocols bgp <asn> timers keepalive <seconds>
+
+ This command specifies keep-alive time in seconds. The timer
+ can range from 4 to 65535.The default value is 60 second.
+
+Configuration Examples
+----------------------
+
IPv4
^^^^