diff options
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/protocols/bgp.rst | 409 |
1 files changed, 409 insertions, 0 deletions
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index c576d836..54d996e8 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -174,6 +174,13 @@ ASN and Router ID Route Selection --------------- +.. cfgcmd:: set protocols bgp <asn> parameters always-compare-med + + This command provides to compare the MED on routes, even when they were + received from different neighbouring ASes. Setting this option makes the + order of preference of routes more defined, and should eliminate MED + induced oscillations. + .. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path confed This command specifies that the length of confederation path sets and @@ -190,6 +197,408 @@ Route Selection Ignore AS_PATH length when selecting a route +.. cfgcmd:: set protocols bgp <asn> parameters bestpath compare-routerid + + Ensure that when comparing routes where both are equal on most metrics, + including local-pref, AS_PATH length, IGP cost, MED, that the tie is + broken based on router-ID. + + If this option is enabled, then the already-selected check, where + already selected eBGP routes are preferred, is skipped. + + If a route has an ORIGINATOR_ID attribute because it has been reflected, + that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer + the route was received from will be used. + + The advantage of this is that the route-selection (at this point) will + be more deterministic. The disadvantage is that a few or even one lowest-ID + router may attract all traffic to otherwise-equal paths because of this + check. It may increase the possibility of MED or IGP oscillation, unless + other measures were taken to avoid these. The exact behaviour will be + sensitive to the iBGP and reflection topology. + +.. cfgcmd:: set protocols bgp <asn> parameters bestpath med confed + + This command specifies that BGP considers the MED when comparing routes + originated from different sub-ASs within the confederation to which this + BGP speaker belongs. The default state, where the MED attribute is not + considered. + +.. cfgcmd:: set protocols bgp <asn> parameters bestpath med missing-as-worst + + This command specifies that a route with a MED is always considered to be + better than a route without a MED by causing the missing MED attribute to + have a value of infinity. The default state, where the missing MED + attribute is considered to have a value of zero. + +.. cfgcmd:: set protocols bgp <asn> parameters default local-pref <local-pref value> + + This command specifies the default local preference value. The local + preference range is 0 to 4294967295. + +.. cfgcmd:: set protocols bgp <asn> parameters deterministic-med + + This command provides to compare different MED values that advertised by + neighbours in the same AS for routes selection. When this command is enabled, + routes from the same autonomous system are grouped together, and the best + entries of each group are compared. + +Administrative Distance +----------------------- + +.. cfgcmd:: set protocols bgp <asn> parameters distance global <external|internal|local> <distance> + + This command change distance value of BGP. The arguments are the distance + values for external routes, internal routes and local routes respectively. + The distance range is 1 to 255. + +.. cfgcmd:: set protocols bgp <asn> parameters distance prefix <subnet> distance <distance> + + This command sets the administrative distance for a particular route. The + distance range is 1 to 255. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + +Network Advertisement +--------------------- + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> network <prefix> + + This command is used for advertising IPv4 or IPv6 networks. + + .. note:: By default, the BGP prefix is advertised even if it's not present in + the routing table. This behaviour differs from the implementation of some vendors. + +.. cfgcmd:: set protocols bgp <asn> parameters network-import-check + + This configuration modifies the behavior of the network statement. + If you have this configured the underlying network must exist in the + routing table. + +Route Aggregation +----------------- + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> + + This command specifies an aggregate address. The router will also + announce longer-prefixes inside of the aggregate address. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> as-set + + This command specifies an aggregate address with a mathematical set of + autonomous systems. This command summarizes the AS_PATH attributes of + all the individual routes. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> aggregate-address <prefix> summary-only + + This command specifies an aggregate address and provides that + longer-prefixes inside of the aggregate address are suppressed + before sending BGP updates out to peers. + +Redistribution +-------------- + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute connected + + Redistribute connected routes to BGP process. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute kernel + + Redistribute kernel routes to BGP process. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute ospf + + Redistribute OSPF routes to BGP process. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute rip + + Redistribute RIP routes to BGP process. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute static + + Redistribute static routes to BGP process. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute <route source> metric <number> + + This command specifies metric (MED) for redistributed routes. The + metric range is 0 to 4294967295. + +.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast> redistribute <route source> route-map <name> + + This command allows to use route map to filter redistributed routes. + +Peers +----- + +Defining Peers +^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as <nasn> + + This command creates a new neighbor whose remote-as is NASN. The neighbor + address can be an IPv4 address or an IPv6 address or an interface to use + for the connection. The command it applicable for peer and peer group. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as internal + + Create a peer as you would when you specify an ASN, except that if the + peers ASN is different than mine as specified under the :cfgcmd:`protocols + bgp <asn>` command the connection will be denied. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as external + + Create a peer as you would when you specify an ASN, except that if the + peers ASN is the same as mine as specified under the :cfgcmd:`protocols + bgp <asn>` command the connection will be denied. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> shutdown + + This command disable the peer or peer group. To reenable the peer use + the delete form of this command. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> description <text> + + Set description of the peer or peer group. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> update-source <address|interface> + + Specify the IPv4 source address to use for the BGP session to this neighbour, + may be specified as either an IPv4 address directly or as an interface name. + +Capability Negotiation +^^^^^^^^^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability dynamic + + This command would allow the dynamic update of capabilities over an + established BGP session. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability extended-nexthop + + Allow bgp to negotiate the extended-nexthop capability with it’s peer. + If you are peering over a IPv6 Link-Local address then this capability + is turned on automatically. If you are peering over a IPv6 Global Address + then turning on this command will allow BGP to install IPv4 routes with + IPv6 nexthops if you do not have IPv4 configured on interfaces. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> disable-capability-negotiation + + Suppress sending Capability Negotiation as OPEN message optional + parameter to the peer. This command only affects the peer is + configured other than IPv4 unicast configuration. + + When remote peer does not have capability negotiation feature, + remote peer will not send any capabilities at all. In that case, + bgp configures the peer with configured capabilities. + + You may prefer locally configured capabilities more than the negotiated + capabilities even though remote peer sends capabilities. If the peer is + configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities + then override negotiated capabilities with configured values. + + Additionally you should keep in mind that this feature fundamentally + disables the ability to use widely deployed BGP features. BGP unnumbered, + hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities, + and graceful restart. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> override-capability + + This command allow override the result of Capability Negotiation with + local configuration. Ignore remote peer’s capability value. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> strict-capability-match + + This command forces strictly compare remote capabilities and local + capabilities. If capabilities are different, send Unsupported Capability + error then reset connection. + + You may want to disable sending Capability Negotiation OPEN message + optional parameter to the peer when remote peer does not implement + Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` + command to disable the feature. + +Peer Parameters +^^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> allowas-in number <number> + + This command accept incoming routes with AS path containing AS + number with the same value as the current system AS. This is + used when you want to use the same AS number in your sites, + but you can’t connect them directly. + + The number parameter (1-10) configures the amount of accepted + occurences of the system AS number in AS path. + + This command is only allowed for eBGP peers. It is not applicable + for peer groups. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> as-override + + This command override AS number of the originating router with + the local AS number. + + Usually this configuration is used in PEs (Provider Edge) to + replace the incoming customer AS number so the connected CE ( + Customer Edge) can use the same AS number as the other customer + sites. This allows customers of the provider network to use the + same AS number across their sites. + + This command is only allowed for eBGP peers. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> attribute-unchanged <as-path|med|next-hop> + + This command specifies attributes to be left unchanged for + advertisements sent to a peer or peer group. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> maximum-prefix <number> + + This command specifies a maximum number of prefixes we can receive + from a given peer. If this number is exceeded, the BGP session + will be destroyed. The number range is 1 to 4294967295. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> nexthop-self + + This command forces the BGP speaker to report itself as the + next hop for an advertised route it advertised to a neighbor. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> remove-private-as + + This command removes the private ASN of routes that are advertised + to the configured peer. It removes only private ASNs on routes + advertised to EBGP peers. + + If the AS-Path for the route has only private ASNs, the private + ASNs are removed. + + If the AS-Path for the route has a private ASN between public + ASNs, it is assumed that this is a design choice, and the + private ASN is not removed. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> weight <number> + + This command specifies a default weight value for the neighbor’s + routes. The number range is 1 to 65535. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> advertisement-interval <seconds> + + This command specifies the minimum route advertisement interval for + the peer. This number is between 0 and 600 seconds, with the default + advertisement interval being 0. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> disable-connected-check + + This command allows peerings between directly connected eBGP peers + using loopback addresses without adjusting the default TTL of 1. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ebgp-multihop <number> + + This command allows sessions to be established with eBGP neighbors + when they are multiple hops away. When the neighbor is not directly + connected and this knob is not enabled, the session will not establish. + The number of hops range is 1 to 255. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> local-as <asn> [no-prepend] [replace-as] + + Specify an alternate AS for this BGP process when interacting with + the specified peer or peer group. With no modifiers, the specified + local-as is prepended to the received AS_PATH when receiving routing + updates from the peer, and prepended to the outgoing AS_PATH (after + the process local AS) when transmitting local routes to the peer. + + If the :cfgcmd:`no-prepend` attribute is specified, then the supplied + local-as is not prepended to the received AS_PATH. + + If the :cfgcmd:`replace-as` attribute is specified, then only the supplied + local-as is prepended to the AS_PATH when transmitting local-route + updates to this peer. + + Note that replace-as can only be specified if no-prepend is. + This command is only allowed for eBGP peers. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> passive + + Configures the BGP speaker so that it only accepts inbound connections + from, but does not initiate outbound connections to the peer or peer group. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ttl-security hops <number> + + This command enforces Generalized TTL Security Mechanism (GTSM), + as specified in :rfc:`5082`. With this command, only neighbors + that are the specified number of hops away will be allowed to + become neighbors. The number of hops range is 1 to 254.This + command is mutually exclusive with :cfgcmd:`ebgp-multihop`. + +Peer Groups +^^^^^^^^^^^ + +Peer groups are used to help improve scaling by generating the same update +information to all members of a peer group. Note that this means that the +routes generated by a member of a peer group will be sent back to that +originating peer with the originator identifier attribute set to indicated +the originating peer. All peers not associated with a specific peer group +are treated as belonging to a default peer group, and will share updates. + +.. cfgcmd:: set protocols bgp <asn> peer-group <name> + + This command defines a new peer group. You can specify to the group + the same parameters that you can specify for specific neighbors. + +.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> peer-group <name> + + This command bind specific peer to peer group with a given name. + +General configuration +--------------------- + +.. cfgcmd:: set protocols bgp <asn> maximum-paths <ebgp|ibgp> <number> + + This command defines the maximum number of parallel routes that + the BGP can support. In order for BGP to use the second path, the + following attributes have to match: Weight, Local Preference, AS + Path (both AS number and AS path length), Origin code, MED, IGP + metric. Also, the next hop address for each path must be different. + +.. cfgcmd:: set protocols bgp <asn> parameters default no-ipv4-unicast + + This command allows the user to specify that IPv4 peering is turned off by + default. + +.. cfgcmd:: set protocols bgp <asn> parameters log-neighbor-changes + + Tis command enable logging neighbor up/down changes and reset reason. + +.. cfgcmd:: set protocols bgp <asn> parameters no-client-to-client-reflection + + Tis command disables route reflection between route reflector clients. + By default, the clients of a route reflector are not required to be + fully meshed and the routes from a client are reflected to other clients. + However, if the clients are fully meshed, route reflection is not required. + In this case, use the :cfgcmd:`no-client-to-client-reflection` command + to disable client-to-client reflection. + +.. cfgcmd:: set protocols bgp <asn> parameters no-fast-external-failover + + Disable immediate sesison reset if peer's connected link goes down. + +Timers +^^^^^^ + +.. cfgcmd:: set protocols bgp <asn> timers holdtime <seconds> + + This command specifies hold-time in seconds. The timer can + range from 4 to 65535.The default value is 180 second. If + you set value to 0 VyOS will not hold routes. + +.. cfgcmd:: set protocols bgp <asn> timers keepalive <seconds> + + This command specifies keep-alive time in seconds. The timer + can range from 4 to 65535.The default value is 60 second. + +Configuration Examples +---------------------- + IPv4 ^^^^ |