1. Introduction to RtBrick BGP
The RtBrick Full Stack (RBFS) is a distributed, web-scale network operating system based on micro-service architecture and packaged in a Linux container currently based on Ubuntu 18.04. The RBFS decreases the complexity of a network by providing users with capabilities such as composability, programmability, and elasticity in a visionary way.
The RBFS operating system operates on the leaf and spine framework. This framework provides the network operators with methods to configure and manage a network brick by brick, and provides full control of the network so the focus can be on the deployment of the new services and not the constant juggling of hardware.
1.1. BGP Overview
BGP is a standard exterior gateway protocol (EGP) supported by RtBrick. BGP is considered a “Path Vector” routing protocol and maintains a separate routing table based on shortest Autonomous system (AS) path and various other route attributes.
1.2. Supported BGP Standards
RFC Number | Description |
---|---|
RFC 2545 |
Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing |
RFC 2918 |
Route Refresh Capability for BGP-4 |
RFC 4271 |
A Border Gateway Protocol 4 (BGP-4) |
RFC 4364 |
BGP/MPLS IP Virtual Private Networks (VPNs) |
RFC 4456 |
BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) |
RFC 4486 |
Subcodes for BGP Cease Notification Message |
RFC 4760 |
Multiprotocol Extensions for BGP-4 |
RFC 5492 |
Capabilities Advertisement with BGP-4 |
RFC 6793 |
BGP Support for Four-Octet Autonomous System (AS) Number Space |
RFC 6608 |
Subcodes for BGP Finite State Machine Error |
RFC 6774 |
Distribution of Diverse BGP Paths [Partial Support] |
1.3. Supported BGP Features
The RBFS supports the following BGP functions:
-
Basic BGP Protocol
-
Multiprotocol extension for BGP
-
Multipath for iBGP and eBGP
-
Four-byte AS numbers
-
Nexthop Self or nexthop unchanged
-
Fast external-failover
-
Route reflection
-
MD5 Authentication
-
Route refresh
-
Advanced route refresh
-
Route redistribution
-
Multihop EBGP
-
Route selection flexibility (always compare MED, ignore AS Path, and so on)
-
Add path
-
Host name/Domain name
-
Dynamic peers
-
Community, Extended Community, and Large Community support
-
6PE Support
The statements and commands required to configure and verify the functioning of BGP features are described in this guide.
2. RBFS BGP Instance Hierarchy
The RBFS uses a distinct hierarchy for the BGP statements and commands. When installed, the RBFS runs a default instance named “default.” In most applications, more instances are needed, and many configuration statements apply to various levels of the statement hierarchy.
You can apply BGP configuration statements and commands at the instance, address family, or protocol BGP hierarchy level.
This BGP hierarchy can be represented as:
instance <instance> - address-family - protocol bgp - address-family - redistribute - peer-group < peer-group-name > - address-family - peer
The configuration of instances, the BGP protocol, peer groups, and peers are straightforward. A few words of explanation are needed for address families and redistribute.
2.1. Address Family
The address family configured at the instance level determines the types of address families that the virtual routing and forwarding (VRF) instance supports. At this level, you also configure the route target (RT), and the import and export policies for the instance. The forwarding daemon (FWDD) uses these configuration statements to create the VRF tables for each address family. Note that the route distinguisher (RD) is configured under the instance hierarchy level.
At the BGP protocol level, the address family configuration is used to determine which address families BGP supports. Multiple commands exist under this hierarchy level.
At the BGP peer group level, the address family configuration is used to determine which address families are needed to negotiate usage with the other BGP peers in the group.
There is no configuration under the peer hierarchy level. This statement establishes the peer, and all peers must be associated with a peer group. All of the parameters that apply to a peer are determined at the peer-group hierarchy level.
For example, this sequence configures IPv4 unicast support for the vrf1 instance:
root@leaf1:confd> edit instance vrf1 instance vrf1 ] root@leaf1:confd> edit address-family ipv4 unicast [ instance vrf1 address-family ipv4 unicast ]
2.2. Redistribute
BGP determines support for route redistribution based on address family. The selected address family can redistribute local interface routes, static routes, routes learned by IS-IS, and so on. Complete redistribute statement information and examples are included in other sections.
The example below shows route redistribution possibilities:
root@leaf1:confd> edit instance vrf1 instance vrf1 ] root@leaf1:confd> edit address-family ipv4 unicast [ instance vrf1 address-family ipv4 unicast ] root@leaf1:confd> set redistribute direct Redistribute connected routes isis Redistribute isis routes local Redistribute local routes ospf Redistribute ospf routes pim Redistribute pim routes ppp Redistribute ppp routes static Redistribute static routes [<Enter>] Execute the command
Some configuration statements start with edit and other start with set. These are called modes and commands in the RBFS.
2.3. Modes and Commands
The RBFS uses both modes (using “edit”) and commands (using “set”) to configure statements and determine parameters. All edits and sets are done through the configuration daemon CONFD. Their end result is similar, but the terms apply to slightly different configuration methods:
-
Mode—An “edit” is used to provide a hierarchical configuration option for the module instance.
-
Commands—A “set” is used to set the statement parameters and attributes for the module instance.
In a typical configuration session, you will use both methods:
root@leaf1:confd> edit instance [ instance ] root@leaf1:confd> edit protocol bgp [ instance protocol bgp ] root@leaf1:confd> set peer ipv4 peer-address 10.1.1.1 update-source 10.2.2.2 peer-group spine
You leave the edit mode with the exit command.
2.4. Hierarchy Levels and Configuration Statements
In many cases, you can configure the same feature from different levels of the configuration hierarchy. For example, you can set a BGP redistribution for direct addresses at the global, protocol, or address family level of the hierarchy.
The following three statements set redistribution of direct addresses for BGP. At the global level:
[edit] root@spine1:confd> set bgp address-family ipv4-unicast redistribute direct
At the BGP protocol level:
[edit bgp] root@spine1:confd> set address-family ipv4-unicast redistribute direct
At the address family level:
[edit bgp address-family ipv4-unicast] root@spine1:confd> set redistribute direct
When committed without errors, all three result in the same configuration, displayed with show running-configuration:
[edit] # show running-configuration { “running-configuration”: { “bgp”: { “address-family:ipv4-unicast” { “redistribute”: { “source:direct” } } } } }
3. BGP Global Configuration Commands
When it comes to BGP configuration, global BGP commands configure the routing instance, and instance BGP commands configure how BGP behaves in the instance.
This describes the BGP global commands. These commands establish the instance, the route distinguisher (RD), and the route target (RT) for BGP to use.
3.1. Instance
Configure and log into the RBFS instance
edit instance <instance-name>
Command arguments
<instance-name> |
Name of the routing instance |
<Enter> |
Execute command |
Example
Configure vrf1 on spine1 root@spine1:confd> edit instance vrf1
3.2. Route Distinguisher
Configure the route distinguisher (RD) to define unique routes within an IPv4 network. Provider Edge (PE) routers use route distinguishers to identify which virtual private network (VPN) a packet belongs to in a PE network.
set instance <instance-name> rd <as-number | ipv4-address>:<rd-value>
Command arguments
<instance-name> |
Name of the routing instance |
<as-number> |
The AS number to use for this RD (the RD is in two-byte AS format) |
<ipv4-address> |
The IPv4 address to use for the RD (in dotted decimal format) |
<rd-value> |
The unique RT identifier. Range: 0 through 429967295 |
<Enter> |
Execute command |
Example
Configure RD 192.168.1.1:65001 to vrf1 root@spine1:confd> set instance vrf1 rd 192.168.1.1:65001
3.3. Route Target
Configure the route target (RT) to use to transfer routes between VRFs and VPNs. The RT identifies a subset of routes within the BGP VPNv3 unicast table that should be used in a VRF for a particular customer. You configure an RT for importing or exporting routes, or both.
set rt ( import | export } both ) target:<rt-value>
Command arguments
import |
Use this RT for imported routes |
export |
Use this RT for exported routes |
both |
Use this RT for both imported and exported routes |
target:<rt-value> |
The value to use for the RT, in the same format as the RD |
<Enter> |
Execute command |
Example: Configure an RT for import and export routes
[ edit instance vrf1 address-family ipv4 unicast] root@spine1:confd> set rt import target:192.168.1.1:111 [ edit instance vrf1 address-family ipv4 unicast] root@spine1:confd> set rt export target:192.168.1.1:222
4. BGP Instance Configuration Commands
This section describes the commands used to configure BGP in an instance.
4.1. bgp
You must enable BGP inside an instance before you configure the BGP-specific instance options. When this enable command is successfully executed, the mode is changed from edit to set.
edit protocol bgp
Example: Configure BGP for the vrf1 instance
[ edit instance vrf1 ] root@spine1:confd> edit protocol bgp
4.2. address-family (and BGP Options)
You must configure the BGP address families if you are using route redistribution, load balancing, or other advanced features. By default, BGP neighbor sessions support IP4v unicast and multicast address families.
set protocol bgp address-family <address-family-afi> <address-family-safi>
<address-family-afi> |
Enables the address family identifier (AFI) IPv4 or IPv6 |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<Enter> |
Execute command |
Example: Enable the IPv4 unicast address family for BGP on the vrf1 instance
[ edit instance vrf1 ] root@spine1:confd> set protocol bgp address-family ipv4 unicast
In addition to the basic family support, you can also configure a number of options. These are mostly self-explanatory and only basic information is provided.
Supported options, detailed in sections below, are:
default-information |
Configure default route information to distribute |
download-count |
Forward packets over multiple paths, but set maximum prefixes to use |
download-policy |
Establish a policy for downloading routes |
multipath |
Enable load sharing among multiple BGP paths |
redistribute |
Enter redistribution configuration mode |
retain-route-target |
Retain VPN routes for all route targets |
srgb |
Establish Segment Routing Global Block for segment routing |
You should always configure BGP to distribute a default route. |
Example: Configure BGP to distributes a default IPv4 unicast address in the vrf1 instance
[ edit instance vrf1 ] root@spine1:confd> set protocol bgp address-family ipv4 unicast default-information originate
4.3. download-count
This statement is for temporary use until full routing policy support is configured. Use this statement to configure the number of prefixes that the BGP unicast session can download to the forwarding daemon (FWDD). BGP downloads the attribute information (community, extended community, and as-path) for prefixes to the Routing Information Base (RIB) and Forwarding Information Base (FIB) for advertising.
You can assign counters based on BGP prefixes and attributes on a per-input interface basis.
set protocol bgp address-family <address-family-afi> <address-family-safi> unicast download-count <count-number>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
unicast |
BGP distributes unicast routes |
download-count |
Count prefixes |
<count-number> |
Number of prefixes to forward over multiple paths |
<Enter> |
Execute command |
Example: Configure BGP for a maximum of 40 prefixes
[ edit instance vrf1 ] root@spine1:confd> set protocol bgp address-family ipv4 unicast download-count 40
4.4. download-policy
Apply the BGP routing policy for downloaded routes. The policy is defined elsewhere.
set protocol bgp address-family <address-family-afi> <address-family-safi> download-policy <policy-name>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<policy-name> |
Name of the policy to apply |
<Enter> |
Execute command |
The policy is NOT configured here. Routing policy configuration is covered in another chapter. |
Example: Configure download policy
[edit] root@spine1:confd> set bgp address-family ipv4 unicast download-policy fibpolicy
4.5. multipath
Allow load sharing among the configured number of multiple Exterior BGP (EBGP) and Internal BGP (IBGP) paths.
set protocol bgp address-family <address-family-afi> <address-family-safi> multipath <number-of-paths>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<number-of-paths> |
Number of paths that can be installed in the forwarding table. This is an integer in the range 0 to 255. |
<Enter> |
Execute command |
Example: Configure multipath for a value of 10 forwarding table entries
[edit] root@spine1:confd> set bgp address-family ipv4 unicast multipath 10
4.6. redistribute
Enable the redistribution feature to dynamically inject routes from a certain protocol into the IP routing table.
set protocol bgp address-family <address-family-afi> <address-family-safi> redistribute <protocol>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<protocol> |
Redistribute routes from this protocol. Protocols can be direct or local interfaces, IS-IS, OSPF, PIM, PPP, or static routes. |
<Enter> |
Execute command |
IS-IS and OSPF have additional options detailed below. |
Example: Configure redistribution on direct routes into BGP.
[edit] root@spine1:confd> set protocol bgp address-family ipv4 unicast redistribute direct
4.6.1. IS-IS Redistribute Options
If you configure the redistribution of IS-IS routes, you have the option of testing for a match on either level-1 or level-2 IS-IS routers. The syntax is as follows:
set protocol bgp address-family <address-family-afi> <address-family-safi> redistribute is-is match <isis-level>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<isis-level> |
Match routes from either IS-IS level-1 or level-2 routers |
<Enter> |
Execute command |
[edit] root@spine1:confd> set protocol bgp address-family ipv4 unicast redistribute isis match level-1
4.6.2. OSPF Redistribute Options
If you configure the redistribution of OSPF routes, you have the option of testing for a match on several types of OSPF routers. The syntax is as follows:
set protocol bgp address-family <address-family-afi> <address-family-safi> redistribute is-is match <ospf-type>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<ospf-type> |
Match routes from this route type and install into the routing table: |
<Enter> |
Execute command |
[edit] root@spine1:confd> set protocol bgp address-family ipv4 unicast redistribute ospf match inter-area
4.7. retain-route-target
By default, the forwarding table retains the VPN routes for all route targets when the roputing protocol process shuts down. If you disable this retention of route targets, the VPN routes are removed from the forwarding table when the routing protocol shuts down.
set protocol bgp address-family <address-family-afi> <address-family-safi> retain-route-target disable
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) for vpn-unicast (the only family supported) |
<Enter> |
Execute command |
[edit] root@spine1:confd> set bgp address-family ipv4 vpn-unicast retain-route-target disable
4.8. srgb
The Segment Routing Global Block (SRGB) is the range of label values reserved for segment routing (SR). These values are assigned as segment identifiers (SIDs) to SR-enabled network nodes and have global significance throughout the routing domain.
SRGB is supported only for labeled unicast. |
You must specify the base starting value for the labels (a number greater than 15), a range for the labels, and an index within the label range.
set protocol bgp address-family <address-family-afi> labeled-unicast srgb base <base-value> range <range-value> index <index-value>
<address-family-afi> |
Enables the IPv4 or IPv6 address families |
base <base-value> |
Starting base value, greater than 15, of the SRGB values |
range <range-value> |
Range of label values |
index <index-value> |
Index within the label range |
<Enter> |
Execute command |
[edit] root@spine1:confd> set protocol bgp address-family ipv4 labeled-unicast base 2000 range 100 index 2
4.9. bestroute-selection
BGP route selection involves more than just adding routes to the BGP routing table and forwarding table. By default, BGP implementations provide their own criteria for selecting the “best route” based on the values of BGP attributes associated with the route. If the route selection process is not producing optimal routes within a routing domain, you can steer the BGP route selection process in a number of ways with the best route selection option.
set protocol bgp bestroute-selection <best-route-option>
<best-route-option> |
Instead of default, consider best route selection using these options:
|
||||||||||||||||||
<Enter> |
Execute command |
Example: Configure BGP to ignore AS path considerations during route selection.
[edit] root@spine1:confd> set protocol bgp bestroute-selection ignore-as-path
You cannot configure both the always-compare-med and ignore-med options. By default, the system always compares MEDs. |
4.10. cluster-id
Configure cluster ID to associate routers in a group within a BGP routing instance. Routers belong to the same cluster if they have the same cluster ID. The cluster ID is formatted as an IPv4 address.
set protocol bgp cluster-id <cluster-identifier>
<cluster-identifier> |
An IPv4 address |
<Enter> |
Execute command |
Example: Configure cluster-id 192.168.1.1 for this BGP instance.
[edit] root@spine1:confd> set protocol bgp cluster-id 192.168.1.1
4.11. domain-name
Configure the domain name for this BGP routing instance.
set protocol bgp domain-name <domain-name>
<domain-name> |
The name of the BGP routing domain, to a maximum of 64 characters |
<Enter> |
Execute command |
Example: Configure domain name spine for this BGP instance.
[edit] root@spine1:confd> set protocol bgp domain-name spine
4.12. enforce-first-as
By default, the BGP routing process enforces the First AS feature. This feature discards updates received from an eBGP peer if the peer does not list its own AS number as the first segment in the AS_PATH BGP attribute.
To disable the First AS feature and accept updates without the peer’s source AS matching the first AS in the AS_PATH attribute, configure the feature to disable the enforce First AS feature.
set protocol bgp enforce-first-as disable
disable |
Disable the default First AS feature BGP behavior |
<Enter> |
Execute command |
Example: Configure this BGP instance to disable the First AS feature.
[edit] root@spine1:confd> set protocol bgp enforce-first-as disable
4.13. host-name
Configure a host name for BGP to use.
set protocol bgp host-name <host-name>
<host-name> |
The name of the BGP host, to a maximum of 64 characters |
<Enter> |
Execute command |
Example: Configure this BGP instance to use host name spine1.
[edit] root@spine1:confd> set protocol bgp host-name spine1
4.14. local-as
Configure the local AS number in four-byte format for BGP to use.
set protocol bgp local-as <as4-number>
<as4-number> |
The AS number in four-byte format. The numbers allowed are from 1 to 4294967285 |
<Enter> |
Execute command |
Example: Configure this BGP instance to use local AS Number 65001.
[edit] root@spine1:confd> set protocol bgp local-as 65001
4.15. local-preference
Configure the value to use as BGP local preference. You can use the local AS preference number to choose the exit path for an AS.
set protocol bgp local-preference <preference-number>
<preference-number> |
The local preference number for the BGP protocol. The numbers allowed are from 0 to 4294967285 |
<Enter> |
Execute command |
Example: Configure this BGP instance to use local preference 150.
[edit] root@spine1:confd> set protocol bgp local-preference 150
4.16. out-metric
Configure the value to use as BGP Multi-Exit Discriminator (MED) value. When an AS has multiple links to another AS, the MED value is used to determine the exit to use to reach the other AS.
set protocol bgp out-metric <med-value>
<med-value> |
The MED value for the BGP protocol. The numbers allowed are from 0 to 4294967285 |
<Enter> |
Execute command |
Example: Configure this BGP instance to use MED 10.
[edit] root@spine1:confd> set protocol bgp out-metric 10
4.17. protocol-preference
Assign a protocol preference distance value to routes learned by eBGP, iBGP, or both.
set protocol bgp protocol-preference ( internal | external) <preference-value>
internal |
Use this distance value preference for routes learned by iBGP |
external |
Use this distance value preference for routes learned by eBGP |
<preference-value> |
Use this distance value as BGP route protocol preference |
<Enter> |
Execute command |
Example: Configure this BGP instance to use a value of 50 for eBGP routes and a value of 100 for iBPG routes.
[edit] root@spine1:confd> set protocol bgp protocol-preference external 50 root@spine1:confd> set protocol bgp protocol-preference internal 100
4.18. router-id
Configure the value used as the router ID.
set protocol bgp router-id <router-id>
<router-id> |
Router identifier in IPv4 format |
<Enter> |
Execute command |
Example: Configure the router identifier to be 192.168.1.1.
[edit] root@spine1:confd> set protocol bgp router-id 192.168.1.1
4.19. timer
Configure the timer value used to keep the router active.
set protocol bgp timer hold-time <seconds> keep-alive <seconds>
hold-time |
The time in seconds that the router keeps the connection as active when negotiating a connection with a peer. The valid range is 5 to 65535. |
keep-alive |
The frequency at which the router sends a keep-alive to retry a connection to keep the router active. The valid range is 5 to 65535 |
<seconds> |
Time in seconds (ranges defined above) |
<Enter> |
Execute command |
Example: Configure the router connect retry to 15 seconds, and the hold-time to 60 seconds.
[edit] root@spine1:confd> set protocol bgp hold-time 60 keep-alive 30
4.20. type-of-service
Configure the value for the type-of-service (DSCP) bits.
set protocol bgp type-of-service <tos-value>
<tos-value> |
Value of the type-of-service bits |
<Enter> |
Execute command |
Example: Configure the type-of-service value used to 32.
[edit] root@spine1:confd> set protocol bgp type-of-service 32
4.21. peer-group
Configure a name for a peer group of BGP routers. Neighbor peers with the same update policies can be grouped as peers (equals) to simplify the initial configuration and updates. Peers share the same policies such as route maps, distribution lists, filter lists, update source, and so on, so peer groups only need one configuration statement for these values.
set protocol bgp peer-group <peer-group-name> ( address-family <address-family-afi> | any-as | ebgp-multihop <hop-count> | link-local-nexthop-only | local-as <as-number> | remote-as <as-number>)
<peer-group-name> | Name of the peer group |
---|---|
address-family |
Configure to address family AFI and SAFI for the peer group (for supported AFI and SAFI values, see the address-family BGP configuration statement) |
any-as |
Enable dynamic AS negotiation for this peer group |
ebgp-multihop <hop-count> |
By default, the maximum number of hops between eBGP peers is 1 (direct connection). This hop count overrides the default behavior allow connectivity between eBGP peers not directly connected. |
link-local-nexthop-only |
Enable link-local nexthop only feature |
local-as |
Configure local AS number |
remote-as |
Configure remote AS number |
add-path <count ( both | receive-only | send-only )> |
Configure the number of additional paths to a destination to advertise (send), or to receive, or both. |
<Enter> |
Execute command |
Example: Configure the BGP peer as spine and enable dynamic negotiation of the AS number, sets the eBGP multihop count to 3, and set the number of additional paths sent to the peer group to 20.
[edit] root@spine1:confd> set protocol bgp peer-group spine any-as root@spine1:confd> set protocol bgp peer-group spine ebgp-multihop 3 root@spine1:confd> set protocol bgp peer-group spine add-path 20 send-only
The full set of address family names is listed under the address-family configuration statement. |
4.22. address-family (peer-group)
You must configure the BGP address families for a peer-group if you are using route redistribution, load balancing, or other advanced features. Note: The advanced features are NOT configured here, but under the BGP instance. By default, BGP neighbor sessions support IP4v unicast and multicast address families.
set protocol bgp peer-group <peer-group-name> address-family <address-family-afi> <address-family-safi> [ options ]
<peer-group-name> |
Name of the peer group supporting these families |
<address-family-afi> |
Enables the address family identifier (AFI) IPv4 or IPv6 |
<address-family-safi> |
Enables the subsequent address family identifier (SAFI) options: unicast, labeled-unicast, or vpn-unicast |
<Enter> |
Execute command |
Additional options:
add-path |
Negotiate additional path capabilities with these peers, so that more than one path can be active to the peers in the group |
default-information |
Enable default route information to be sent to peers in group |
extended-nexthop |
Enable extended nexthop capability so that peers in the group do not have to be directly connected |
( nexthop-self | nexthop-unchanged ) |
Propagate nexthop self or nexthop unchanged for advertised paths |
policy |
Apply a routing policy to the peer group |
remove-private-as |
Remove private AS numbers from routes advertised to group peers |
route-reflect-client |
Configure this peer as a route reflector client |
update-nexthop |
Update the nexthop for routes advertised to this peer group |
<Enter> |
Execute command |
Example: Enable the IPv4 unicast address family for BGP on the vrf1 instance and make the peer a route-reflector client
[ edit instance vrf1 ] root@spine1:confd> set protocol bgp address-family ipv4 unicast route-reflect-client
4.23. peer
Configure parameters for a, IPv4 or IPv6 BGP peer. A BGP peer is a BGP router that has an active TCP connection to another BGP router. To establish point-to-point connections between peer autonomous systems (ASs) for eBGP or within the AS for iBGP, you configure a BGP session on an interface. When you configure a BGP peer, the configuration adds the IP address of the peer in the specified autonomous system to the multiprotocol BGP (mBPG) neighbor table maintained in the local router.
set instance protocol bgp peer ( ipv4 | ipv6) peer-address <ip-address> ( update-source >ip-address> | peer-group <peer-group-name> | interface <interface-name> )
(ipv4 | ipv6 ) |
Configure either an IPv4 or IPv6 BGP peer |
peer-address <ip-address> |
Configure the peer IPv4 or IPv6 address. You cannot use this option with the interface option below. |
update-source <ip-address> |
Configure an IP address to use as the source for packets sent to the peer address |
peer-group <peer-group-name> |
Assign this peer to this peer group |
interface <interface-name> |
Enable BGP on this interface. You cannot use this option with the peer-address option above. Peers configured with a BGP interface are known as dynamic peers. |
<Enter> |
Execute command |
The peer-address and interface options are mutually exclusive. In other words, you cannot locate a peer by both interface and address; only one or the other. |
There are three main peer types to configure:
-
IPv4 peers
-
IPv6 peers
-
IPv6 link local peers (dynamic peers)
Each type has a general peer configuration format associated with it: * (IPv4 peer) set instance protocol bgp peer ipv4 peer-address <ipv4-address> update-source <ipv4-address> peer-group <group-name> * (IPv6 peer) set instance protocol bgp peer ipv6 peer-address <ipv6-address> update-source <ipv6-address> peer-group <group-name> * (IPv6 link-local dynamic peer) set instance protocol bgp peer interface <interface-name> peer-group <group-name> Note that IP6v link-local peers configure the interface. The following examples configure a peer of each type.
Example 1: Configure an IPv4 BGP peer and assign the peer to the spine peer group.
[edit] root@spine1:confd> set instance protocol bgp peer ipv4 peer-address 192.168.1.1 update-source 192.168.1.2 peer-group spine
Example 2: Configure an IPv6 peer and assign the peer to the spine peer group.
[edit] root@spine1:confd> set instance protocol bgp peer ipv6 peer-address 1::1 update-source 1::2 peer-group spine
Example 3: Configure an IPv6 dynamic peer on interface ifl-0/0/1/1/1 and assign the peer to peer group spine.
[edit] root@spine1:confd> set instance protocol bgp peer interface ifl-0/0/1/1/1 peer-group spine
5. BGP Show Commands for APPD
Configuration statements can be shown to be working properly using show commands.
This section details the fields displayed by BGP show commands handled by the APPD module. BGP is implemented in two modules: APPD and IOD.
5.1. show bgp rib
Display information about the BGP routing information base local (rib-local) table for an address family. The rib-local table is used to determine entries for the forwarding table.
show bgp rib <afi> <safi>
Command arguments
<afi> |
AFI value: ipv4 or ipv6 |
<safi> |
SAFI value: unicast, labeled-unicast, or vpn-unicast |
<Enter> |
Execute command |
Output Fields
Prefix |
The Network Layer Routing Information (NLRI) in BGP RIB-in |
Snd-Path-ID |
Path ID to be sent for the NLRI |
Rcv-Path-ID |
Add Path-ID received for the NLRI |
Peer |
Peer IP address supplying this information |
Next-Hop |
Next-Hop address for the NLRI |
Up Time |
Time since this NLRI was installed in table |
Example Output: show bgp rib ipv4 unicast
5.2. show bgp fib
Display information summary about the BGP routes downloaded to the Forwarding Information Base (FIB) table.
show bgp rib <afi> <safi>
Command arguments
<afi> |
AFI value: ipv4 or ipv6 |
<safi> |
SAFI value: unicast, labeled-unicast, or vpn-unicast |
<Enter> |
Execute command |
Output Fields
Prefix |
The Network Layer Routing Information (NLRI) in the FIB |
Preference |
Preference value for the NLRI |
Next-Hop |
Next-Hop address for the NLRI |
Example Output: show bgp fib ipv4 unicast
5.3. show bgp ribout
Display information summary about the BGP routes in the peer group table that will be sent to peers from the Routing Information Base output (RIB-out) table.
show bgp rib <peer-group-name> <afi> <safi>
Command arguments
<peer-group-name> |
Name of the peer group |
<afi> |
AFI value: ipv4 or ipv6 |
<safi> |
SAFI value: unicast, labeled-unicast, or vpn-unicast |
<Enter> |
Execute command |
Output Fields
Prefix |
The Network Layer Routing Information (NLRI) to be sent to peer |
Rcv-Path-ID |
Add Path-ID received for the NLRI |
MED |
MED for this NLRI |
LocalPref |
Local Preference value for the NLRI |
Origin |
Origin value for the NLRI |
Next-Hop |
Next-Hop address for the NLRI |
AS-Path |
AS-Path for the NLRI |
Example Output: show bgp ribout vanilla_bgp ipv4 unicast
6. BGP Show Commands for IOD
Configuration statements can be shown to be working properly using show commands.
This section details the fields displayed by BGP show commands handled by the APPD module. BGP is implemented in two modules: APPD and IOD.
6.1. show bgp peer
Display information summary about the BGP peers.
show bgp peer ( instance <instance-name> )
Command arguments
instance |
Display information about peers in an instance |
<instance-name> |
Name of the instance: you must specify “default” for the default instance. |
<Enter> |
Execute command |
Output Fields
Peer |
Peer at the remote end of the BGP session |
Remote-AS |
AS number of the peer |
State |
State of the peer (active, established, and so on) |
Up/Down Time |
Time since the peer has been in session or down |
PfxRcvd |
Prefixes received |
PfxSent |
Prefixes sent |
Example Output: show bgp peer
6.2. show bgp peer detail
Display detailed information about the BGP peers.
show bgp peer <peer-ip> detail ( instance <instance-name> )
Command arguments
<peer-ip> |
Display information about the peer at this IP address |
instance |
Display information about peers in an instance |
<instance-name> |
Name of the instance: you must specify “default” for the default instance. |
<Enter> |
Execute command |
Output Fields
Peer |
Peer host name |
Peer Domain |
Peer domain name |
Peer IP |
IP address of the peer |
AS |
AS number of the peer |
Local |
Source IP address for the peer session |
Level |
Level negotiated for the peer |
AS |
Local AS number |
Any-AS |
Dynamic AS negotiation configuration |
Type |
Type of BGP session |
State |
State of the peer session |
Up Time |
Time since the peer has been in session |
Reason |
Last transition reason |
Sub-Code |
Code for transition reason |
Discovered |
Interface where peer is located |
Last Transition |
Time of last transition |
Flap count |
Number of times the peer has flapped |
Peer ID |
Peer BGP identifier for the session |
Local ID |
Local BGP identifier for the session |
Instance |
Instance of the session |
Peer Group |
Peer group for this peer |
Detail Fields
Timers |
Time to expiration for timers listed |
NLRI |
Address families configured, received, or negotiated |
Capabilites |
Session capabilities configured, received, negotiated, or supported |
End-Of-RIB |
End-of-RIB sent and received time for each address family |
Message Stats |
BGP message sent and received count |
Route Stats |
NLRI sent and received count by address family |
Example Output: show bgp peer detail
6.3. show bgp peer rib-in
Display information summary about the RIB-in table and a peer.
show bgp peer <peer-ip> rib-in <afi> <safi>
Command arguments
<peer-ip> |
Display information about the peer at this IP address |
<afi> |
AFI value: ipv4 or ipv6 |
<safi> |
SAFI value: unicast, labeled-unicast, or vpn-unicast |
<Enter> |
Execute command |
Output Fields
Prefix |
The NLRI received from the peer |
Rcv-Path-ID |
Add Path-ID received for the NLRI |
MED |
MED received for this NLRI |
LocalPref |
Local Preference value received for the NLRI |
Origin |
Origin value received for the NLRI |
Next-Hop |
Next-Hop address received for the NLRI |
AS-Path |
AS-Path received for the NLRI |
Example Output: show bgp peer 10.11.1.7 rib-in ipv4 unicast
7. Routing Policies and Examples
This section covers the RtBrick way of configuring routing polices.
7.1. The Role of Routing Policy
The main job of network nodes like routers is to maintain information about “what networks are where?” and also about the links between the routers. The network nodes route traffic from one to another so packets are always making progress toward a destination (that is, there are no loops or black holes). Routers use routing protocols to share their knowledge of the network topology and interfaces so that all parts of the networks are reachable, even if some links and routers are not working properly.
However, it is also the job of the network nodes to filter or modify routing information as it is advertised from router to router in the network. This filtering is needed so that a simple edge router with a local and remote interface does not have to carry a core routing table with hundreds of thousands of entries. The modification of the free flow of routing information around the network is known as establishing a routing policy for the router. A routing policy determines which routing updates are accepted by the router, which properties should be changed, and which routes should be advertised to other routers.
Routing policies can be applied to any routing protocol, internal to an AS (an IGP) or not (an EGP). Nevertheless, the most critical routing protocol for applied routing policy is BGP. Because BGP comes in IGP (iBGP) and EGP (eBGP) forms, BGP information potentially goes everywhere in the network. To control this flow, which might overwhelm smaller devices, BGP routes are carefully filtered before and during acceptance, modification, and advertisement.
7.2. RtBrick Routing Policy Implementation
There is no standard for routing policy implementation. Therefore, each hardware or software vendor is free to create their own implementation of features and goals. RtBrick supports extensive options for policies. This document contains basic examples that can easily be extended to cover other situations.
RtBrick supports attaching a BGP routing policy at two levels:
-
Peer group address-family level
-
Instance address-family level
In each case, you can apply the policy as an import or export policy and filter. As expected, import filters determine which routing updates are accepted and export filters determine which routes are advertised to other peers.
7.3. Peer Group and Instance Details
An import policy, when applied to an address family at the peer group level, examines all incoming routes from all BGP peers in the peer group, but only for that address family.
An export policy, when applied to an address family at the peer group level, examines all outgoing routes to all BGP peers in the peer group. but only for that address family.
At the instance level, routing policies that are applied to an address family can work as import or export filters, but for the instance as a whole.
An import policy, when applied to an address family at the instance level, examines all incoming routes before accepting the information for the global VPN or other instance level, but only for that address family.
An export policy, when applied to an address family at the instance level, examines all outgoing routes before sending the information from the global VPN or other instance level, but only for that address family.
7.4. Routing Policy Specifics
There are three types of routing policy in this implementation:
-
Route filter—a list of conditions to be matched to determine a permit or deny operation. The match conditions can be configured to:
-
Match all conditions listed
-
Match any one condition in the list
-
-
Route policy
-
Route map
Do not be confused by the use of the terms “filter” and “policy” as specific types of routing policy. Instead of these terms referring to generic route filtering and application of a routing policy, RtBrick uses these terms as specific forms of an overall approach to BGP policy and routing.
7.5. Routing Policy Examples
Here are some examples of useful routing policies for BGP. In some cases, only two steps are required, for a route filter and import or export policy application: configure the filter policy and apply where needed. On others, three or even four steps are needed: configure the filter policy, then the route policy, then the route map, and finally, apply the routing policy where needed. This section gives examples of each
7.5.1. Routing Policy Example #1
Allow only the default route (0.0.0.0/0) from a peer (two steps).
-
Configure the filter policy named FILTER:
edit route filter FILTER operation permit match all edit rules set rule 1 match equal rd 192.168.1.1:65000 set rule 2 match equal prefix4 0.0.0.0/0 exit exit
The
rd
keyword matches the BGP route descriptor configured. The keywordprefix4
indicates the match is on the IPv4 address and mask that follows. Both rules must evaluate to true (match all
) in order for the route to be accepted. -
Apply the policy FILTER as an import policy to the correct peer group. In this case, the peer group is called spine:
edit instance protocol bgp edit peer-group spine edit address-family ipv4 vpn-unicast set policy policy-name FILTER import exit exit exit
7.5.2. Routing Policy Example #2
Modify the MED of two prefixes (0.0.0.0/0 and 10.1.1.1/32) before advertising the routes to a peer (four steps).
-
Configure the filter policy
edit route filter FILTER operation permit match any edit rules set rule 1 match equal prefix4 0.0.0.0/0 set rule 1 match equal prefix4 10.1.1.1/32 exit exit
The keyword prefix4 indicates the match is on the IPv4 address and mask that follows. Either rule can evaluate to true (match any) in order for the route to be accepted.
-
Configure the route policy named UPDATE_MED:
edit route policy UPDATE_MED edit rules set rule 1 operation set med 50 exit exit
This policy changes the MED for matching routes to a value of 50.
-
Configure the route map named DEFAUT_PREFIX_UPDATE_MED:
edit route map DEFAUT_PREFIX_UPDATE_MED edit rules set rule 1 if(FILTER) apply-continue UPDATE_MED exit exit
If the IP addresses listed in FILTER are matched, the MEDs are updated as specified in the UPDATE_MED policy.
-
Apply the route map to the correct peer group (spine) as an export policy:
edit instance protocol bgp edit peer-group spine edit address-family ipv4 unicast set policy-name DEFAULT_PREFIX_UPDATE_MED export exit exit exit
Note how the various pieces of route filter, policy, map, and import or export all act together to change the MEDs on the correct routes.
7.5.3. Routing Policy Example #3
Set the export route target (RT) for all routes exported from the instance vrf1
(two steps).
-
Configure the route policy named UPDATE_RT:
edit route policy UPDATE_RT edit rules set rule 1 operation set extended-community target:192.168.1.1:111 exit exit
This rule applies to all route because there is no condition to match.
-
Configure a route map named PREFIX_FILTER:
edit instance vrf1 edit address-family ipv4 unicast set policy policy-name UPDATE_RT export exit exit
There is no need to specify the protocol when the policy applies to other than the main instance.
7.5.4. Routing Policy Example #4
Import only two prefixes into an instance (three steps, with two filters).
-
Configure the route filters named FILTER1 and FILTER2:
edit route filter FILTER1 operation permit match all edit rules set rule 1 match equal rd 192.168.1.1:65000 set rule 2 match equal prefix4 0.0.0.0/0 exit exit
edit route filter FILTER2 operation permit match all edit rules set rule 1 match equal rd 192.168.100.100:65000 set rule 2 match equal prefix4 10.1.1.1/32 exit
Note the presence of the common 192.168.1.1:65000 prefix in both rules. The rule is applied to all routes (there is no condition to match). Because there are two rules and the route must match all conditions in the rule set, the set matches two different VPN routes.
-
Configure the route map for the two rules:
edit route-map PREFIX_FILTER edit rules set rule1 if(FILTER1 | FILTER2) operation permit exit exit
This route map creates a rule that is true with an OR condition, meaning that the rule is true if either FILTER1 or FILTER2 has the routes listed in step (a). Then this route map permits the routes to pass.
-
Apply the
PREFIX_FILTER
route map to the instancevrf1
for the address familyipv4 unicast
:edit instance vrf1 edit address-family ipv4 unicast set policy policy-name UPDATE_RT export exit exit
The vrf1
instance exports routes that match the listed route filters.
7.6. Routing Policy Summary
These examples show only the basics of the complete application of routing policy. Almost all BGP attributes can be used, along with many possible keywords. The current list is as follows:
-
as-path
-
bgp-nh4
-
bgp-nh6
-
cluster-list
-
community
-
extended-community
-
label
-
large-community
-
local-preference
-
med
-
origin
-
originator-id
-
peer4
-
peer6
-
prefix4
-
prefix6
-
rd
-
router-id4
-
src-ipv4-address
-
src-ipv6-address
©Copyright 2020 RtBrick, Inc. All rights reserved. The information contained herein is subject to change without notice. The trademarks, logos and service marks ("Marks") displayed in this documentation are the property of RtBrick in the United States and other countries. Use of the Marks are subject to RtBrick’s Term of Use Policy, available at https://www.rtbrick.com/privacy. Use of marks belonging to other parties is for informational purposes only.