BGP FlowSpec Operational Commands
show bgp peer
The 'show bgp peer' commands display information on BGP peers.
Syntax:
show bgp peer <option> …
| Option | Description |
|---|---|
- |
Without any option, the commands display all BGP peers in all instances in a summary table format. |
detail |
Detailed information on all BGP peers in all instances in a list view. |
<peer-name> |
Detailed information on the peer with the given name. |
address <peer-address> |
Detailed information on the peer with the given IP address. |
instance <instance-name> |
Summary of all BGP peers in the given instance. |
instance <instance-name> detail |
Detailed information on all BGP peers in the given instance. |
instance <instance-name> detail <peer-name> |
Detailed information on the peer with the given name in the given instance. |
instance <instance-name> detail address <peer-address> |
Detailed information on the peer with the given IP address in the given instance. |
statistics |
Received and sent BGP prefixes per AFI/SAFI for all peers in all instances. |
statistics peer <peer-name> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given name. |
statistics peer address <peer-address> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given IP address. |
statistics instance <instance-name> peer <peer-name> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given name in the given instance. |
statistics instance <instance-name> peer address <peer-address> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given IP address in the given instance |
Example 1: BGP Peer Summary View
supervisor@rtbrick>LEAF01: op> show bgp peer
Instance: default
Peer Remote AS State Up/Down Time PfxRcvd PfxSent
PE2 4200000002 Established 0d:01h:35m:53s 42 72
99.1.1.2 65002 Established 0d:01h:35m:53s 2 27Example 2: BGP Peer Detail View
supervisor@rtbrick>LEAF01: op> show bgp peer detail
Peer: PE2, Peer IP: 12.0.0.2, Remote AS: 4200000002, Local: 12.0.0.1, Local AS: 4200000001, Any AS: False
Type: ebgp, State: Established, Up/Down Time: 0d:01h:38m:59s, Reason: Cease, Sub-Code: Admin reset
Discovered on interface: -
Last transition: Thu Jun 20 09:35:06 GMT +0000 2024, Flap count: 1
Peer ID : 192.168.0.20, Local ID : 192.168.0.10
Instance : default, Peer group: PE2
6PE enabled : False
Timer values:
Peer keepalive : 30s, Local keepalive: 30s
Peer holddown : 90s, Local holddown : 90s
Connect retry : 30s
Timers:
Connect retry timer : 0s
keepalive timer : expires in 10s 882996us
Holddown timer : expires in 1m 12s 538155us
NLRIs:
Sent : ['l2vpn-evpn', 'l2vpn-vpls', 'ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec', 'ipv4-vpn-unicast', 'ipv6-vpn-unicast', 'ipv4-vpn-multicast', 'ipv4-labeled-unicast', 'ipv6-labeled-unicast']
Received : ['l2vpn-evpn', 'l2vpn-vpls', 'ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec', 'ipv4-vpn-unicast', 'ipv6-vpn-unicast', 'ipv4-vpn-multicast', 'ipv4-labeled-unicast', 'ipv6-labeled-unicast']
Negotiated : ['l2vpn-evpn', 'l2vpn-vpls', 'ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec', 'ipv4-vpn-unicast', 'ipv6-vpn-unicast', 'ipv4-vpn-multicast', 'ipv4-labeled-unicast', 'ipv6-labeled-unicast']
Capabilities:
Addpath sent : None
Addpath received : None
Addpath negotiated : None
Extended nexthop sent : None
Extended nexthop received : None
Extended nexthop negotiated : None
Capabilities:
Feature Sent Received Negotiated
Route refresh True True True
4 byte AS True True True
Graceful restart False False False
Link local only False False False
Prefix Limit:
End of RIB:
Address family Sent Received
IPv4 unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 labeled-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 labeled-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 VPN-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 VPN-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 flowspec Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 flowspec Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 VPN-multicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
L2VPN VPLS Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
L2VPN EVPN Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
Message stats:
Session stats:
Direction Open Update Keepalive Notify Route refresh
Input 1 40 235 0 0
Output 1 52 239 0 0
Total stats:
Input 2 80 299 0 0
Output 2 102 302 1 0
Route stats:
Address family Received Sent Prefix limit Idle timeout
IPv4 unicast 4 4 0 0
IPv4 labeled-unicast 2 2 0 0
IPv6 unicast 4 4 0 0
IPv6 labeled-unicast 2 2 0 0
IPv4 VPN-unicast 8 4 0 0
IPv6 VPN-unicast 6 4 0 0
IPv4 VPN-multicast 2 6 0 0
L2VPN VPLS 7 7 0 0
L2VPN EVPN 7 7 0 0
IPv4 flowspec 0 8 0 0
IPv6 flowspec 0 0 0 0
Peer: , Peer IP: 99.1.1.2, Remote AS: 65002, Local: 99.1.1.1, Local AS: 4200000001, Any AS: False
Type: ebgp, State: Established, Up/Down Time: 0d:01h:38m:59s, Reason: Cease, Sub-Code: Admin reset
Discovered on interface: -
Last transition: Thu Jun 20 09:35:06 GMT +0000 2024, Flap count: 2
Peer ID : 192.168.1.3, Local ID : 192.168.0.10
Instance : default, Peer group: SN
6PE enabled : False
Timer values:
Peer keepalive : 30s, Local keepalive: 30s
Peer holddown : 90s, Local holddown : 90s
Connect retry : 30s
Timers:
Connect retry timer : 0s
keepalive timer : expires in 14s 885374us
Holddown timer : expires in 1m 806199us
NLRIs:
Sent : ['ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec']
Received : ['ipv4-flowspec', 'ipv6-flowspec']
Negotiated : ['ipv4-flowspec', 'ipv6-flowspec']
Capabilities:
Addpath sent : None
Addpath received : None
Addpath negotiated : None
Extended nexthop sent : None
Extended nexthop received : ['ipv4-flowspec', 'ipv6-flowspec']
Extended nexthop negotiated : None
Capabilities:
Feature Sent Received Negotiated
Route refresh True True True
4 byte AS True True True
Graceful restart False False False
Link local only False False False
<...>show bgp rib-in
This command displays the received routes.
Syntax:
show bgp rib-in <option> …
| Option | Description |
|---|---|
- |
Without any option, the command displays information on the received BGP routing table on all instances in a summary table format. |
<afi> |
BGP routing table summary for the given address family (AFI), all sub-address families and all instances. Supported AFI values are 'ipv4' and 'ipv6'. |
<afi> <safi> |
BGP routing table summary for the given address family (AFI) and sub-address family (SAFI), and all instances. Supported SAFI values are 'labeled-unicast', 'unicast', 'vpn-multicast', 'vpn-unicast', ‘evpn-vpws’, ‘evpn’, ‘vpls-vpws’, ‘vpls’, and ‘flowspec’. |
<afi> <safi> detail |
Detailed list view of the BGP routing table for the given address family (AFI) and sub-address family (SAFI), and all instances. |
<afi> <safi> <prefix> |
BGP routing table entry for the given prefix and all instances. |
<afi> <safi> instance <instance-name> |
BGP routing table summary for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> detail |
Detailed list view of BGP routing table for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> <prefix> |
BGP routing table entry for the given prefix and instance. |
<afi> <safi> peer <name> / peer address <ip> |
Peer name or address |
Example 1: Summary view of the BGP rib-in for the ipv4 flowspec address family.
supervisor@rtbrick>LEAF01: op> show bgp rib-in ipv4 flowspec
Instance: default, AFI: ipv4, SAFI: flowspec
Peer IP: 99.1.1.2, Source IP: 99.1.1.1, Received routes: 2
Flowspec Hash Match Action AS Path Status
236e3111 src-prefix : 192.0.2.3/32 rate-limit:400.0 kbps 65002 Valid
ip-proto : [ ==tcp or ==udp ]
src-port : [ ==200 or ==100 or ==300 ]
e05a9523 dest-prefix : 203.0.113.0/24 discard 65002 ValidExample 2: Summary view of the BGP rib-in for the ipv6 flowspec address family.
supervisor@rtbrick>LEAF01: op> show bgp rib-in ipv6 flowspec
Instance: default, AFI: ipv6, SAFI: flowspec
Peer IP: 99.1.1.2, Source IP: 99.1.1.1, Received routes: 1
Flowspec Hash Match Action AS Path Status
eff682bf src-prefix : 2001:db8::1/128 rate-limit:500.0 kbps - Valid
ip-proto : [ ==udp ]
src-port : [ ==4000 or ==5000 ]show bgp rib-out
This command displays the send routes.
Syntax:
show bgp rib-out <option> …
| Option | Description |
|---|---|
- |
Without any option, the command displays advertised BGP routes for all instances. |
<afi> |
BGP routing table summary for the given address family (AFI), all sub-address families and all instances. Supported AFI values are 'ipv4' and 'ipv6'. |
<afi> <safi> |
BGP routing table summary for the given address family (AFI) and sub-address family (SAFI), and all instances. Supported SAFI values are 'unicast', 'labeled-unicast', 'multicast', 'vpn-unicast', ‘evpn’, ‘vpls’, ‘vpls-vpws’, and ‘flowspec’. |
<afi> <safi> detail |
Detailed list view of the BGP routing table for the given address family (AFI) and sub-address family (SAFI), and all instances. |
<afi> <safi> <prefix> |
BGP routing table entry for the given prefix and all instances. |
<afi> <safi> instance <instance-name> |
BGP routing table summary for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> detail |
Detailed list view of BGP routing table for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> <prefix> |
BGP routing table entry for the given prefix and instance. |
<afi> <safi> peer <name> / peer address <ip> |
Peer name or address |
Example 1: Summary view of the IPv4 FlowSpec routes advertised to a peer
supervisor@rtbrick>LEAF01: op> show bgp rib-out ipv4 flowspec
Instance: default, AFI: ipv4, SAFI: flowspec
Peer-group: PE2, Sent routes: 2
Flowspec Hash Match Action Origin
236e3111 src-prefix : 192.0.2.3/32 rate-limit:400.0 kbps Incomplete
ip-proto : [ ==tcp or ==udp ]
src-port : [ ==200 or ==100 or ==300 ]
e05a9523 dest-prefix : 203.0.113.0/24 discard IncompleteExample 2: Summary view of the IPv6 FlowSpec routes advertised to a peer
supervisor@rtbrick>LEAF01: op> show bgp rib-out ipv6 flowspec
Instance: default, AFI: ipv6, SAFI: flowspec
Peer-group: PE2, Sent routes: 1
Flowspec Hash Match Action Origin
eff682bf src-prefix : 2001:db8::1/128 rate-limit:500.0 kbps Incomplete
ip-proto : [ ==udp ]
src-port : [ ==4000 or ==5000 ]show bgp fib
The 'show bgp fib' commands display the BGP forwarding table. In contrast to the 'show bgp rib' commands, the output of the 'show bgp fib' commands includes only the selected routes. The BGP route selection occurs between the RIB and the FIB.
Syntax:
show bgp fib <option> …
| Option | Description |
|---|---|
- |
Without any option, the commands display the BGP forwarding table for all address families and all instances in a summary table format. |
<afi> |
BGP forwarding table summary for the given address family (AFI), all sub-address families and all instances. Supported AFI values are 'ipv4' and 'ipv6'. |
<afi> <safi> |
BGP forwarding table summary for the given address family (AFI) and sub-address family (SAFI), and all instances. Supported SAFI values are 'unicast', 'labeled-unicast', 'vpn-multicast', 'vpn-unicast', ‘evpn-vpws’, ‘vpls’, ‘vpls-vpws’ and ‘flowspec’. |
<afi> <safi> detail |
Detailed list view of the BGP forwarding table for the given address family (AFI) and sub-address family (SAFI), and all instances. |
<afi> <safi> <prefix> |
BGP forwarding table entry for the given prefix and all instances. |
<afi> <safi> instance <instance-name> |
BGP forwarding table summary for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> detail |
Detailed list view of BGP forwarding table for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> <prefix> |
BGP forwarding table entry for the given prefix and instance. |
Example 1: Summary view of the BGP FIB for IPv4 flowspec address family
supervisor@rtbrick>LEAF01: op> show bgp fib ipv4 flowspec
Instance: default, AFI: ipv4, SAFI: flowspec
Flowspec Hash Match Action Priority Status
236e3111 src-prefix : 192.0.2.3/32 rate-limit:400.0 kbps 1502 Installed
ip-proto : [ ==tcp or ==udp ]
src-port : [ ==200 or ==100 or ==300 ]
e05a9523 dest-prefix : 203.0.113.0/24 discard 1501 InstalledExample 2: Summary view of the BGP FIB for a specific IPv4 flowspec hash
supervisor@rtbrick>LEAF01: op> show bgp fib ipv4 flowspec e05a9523
Instance: default, AFI: ipv4, SAFI: flowspec
Flowspec hash: e05a9523
Match:
dest-prefix: 203.0.113.0/24
Action:
discard
Extended community:
flowspec:traffic-rate-bytes:0:0.000000
Priority: 1509
Status: Installed
Number of ACL installed: 1
Rule: bgp-flowspec-e05a95230d1f7153ac561b564947a9457b1083f57fa5cb10
ACL type: l3v4
Ordinal: 0 Priority: 1501
Match:
Destination IPv4 prefix: 203.0.113.0/24
Action:
Drop: True
Statistics:
Total Accepted Dropped
Packets: 45 0 45
Bytes: 11700 0 11700Example 3: Summary view of the BGP FIB for IPv6 flowspec address family
supervisor@rtbrick>LEAF01: op> show bgp fib ipv6 flowspec
Instance: default, AFI: ipv6, SAFI: flowspec
Flowspec Hash Match Action Priority Status
eff682bf src-prefix : 2001:db8::1/128 rate-limit:500.0 kbps 1501 Installed
ip-proto : [ ==udp ]
src-port : [ ==4000 or ==5000 ]Example 3: Summary view of the BGP FIB for a specific IPv4 flowspec address family
supervisor@rtbrick>LEAF01: op> show bgp fib ipv4 flowspec 236e3111
Instance: default, AFI: ipv4, SAFI: flowspec
Flowspec hash: 236e3111
Match:
src-prefix: 192.0.2.3/32
ip-proto: [ ==tcp or ==udp ]
src-port: [ ==200 or ==100 or ==300 ]
Action:
rate-limit:400.0 kbps
Extended community:
flowspec:traffic-rate-bytes:0:400000.000000
Priority: 1502
Status: Installed
Number of ACL installed: 6
Rule: bgp-flowspec-236e31110de8e5920e5caed1e4bc3fe92d570bda99bd49f7
ACL type: l3v4
Ordinal: 4 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 100
IP protocol: udp
ACL type: l3v4
Ordinal: 3 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 200
IP protocol: udp
ACL type: l3v4
Ordinal: 0 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 200
IP protocol: tcp
ACL type: l3v4
Ordinal: 2 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 300
IP protocol: tcp
ACL type: l3v4
Ordinal: 5 Priority: 1502
<...>Validating FlowSpec ACLs:
In forwarding, the FlowSpec rules can be validated using the "show acl rule <…>" command as shown in the example below:
supervisor@rtbrick>LEAF01: op> show acl rule bgp-flowspec-b9342ffc0d1f7153ac561b564947a9457b1083f57fa5cb10
Rule: bgp-flowspec-b9342ffc0d1f7153ac561b564947a9457b1083f57fa5cb10
ACL type: l3v4
Ordinal: 0 Priority: 1501
Match:
Direction: ingress
Destination IPv4 prefix: 203.0.113.0/24
Action:
Stats enabled: True
Drop: True
Result:
ACL Handle: 93
Statistics:
Units Total Accepted Dropped
Packets 45 0 45
Bytes 11700 0 11700