BGP FlowSpec Operational Commands
BGP Show Commands
show bgp peer
The 'show bgp peer' commands display information on BGP peers.
Syntax:
show bgp peer <option> …
| Option | Description |
|---|---|
- |
Without any option, the commands display all BGP peers in all instances in a summary table format. |
detail |
Detailed information on all BGP peers in all instances in a list view. |
<peer-name> |
Detailed information on the peer with the given name. |
history |
Displays BGP peer history information such as the peer state down reasons. |
history <peer-address> |
Displays BGP peer history information such as the peer state down reasons for a specified peer. |
address <peer-address> |
Detailed information on the peer with the given IP address. |
instance <instance-name> |
Summary of all BGP peers in the given instance. |
instance <instance-name> detail |
Detailed information on all BGP peers in the given instance. |
instance <instance-name> detail <peer-name> |
Detailed information on the peer with the given name in the given instance. |
instance <instance-name> detail address <peer-address> |
Detailed information on the peer with the given IP address in the given instance. |
statistics |
Received and sent BGP prefixes per AFI/SAFI for all peers in all instances. |
statistics peer <peer-name> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given name. |
statistics peer address <peer-address> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given IP address. |
statistics instance <instance-name> peer <peer-name> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given name in the given instance. |
statistics instance <instance-name> peer address <peer-address> |
Received and sent BGP prefixes per AFI/SAFI for the peer with the given IP address in the given instance |
Example 1: BGP Peer Summary View
supervisor@rtbrick>LEAF01: op> show bgp peer
Instance: default
Peer Remote AS State Up/Down Time PfxRcvd PfxSent
PE2 4200000002 Established 0d:01h:35m:53s 42 72
99.1.1.2 65002 Established 0d:01h:35m:53s 2 27Example 2: BGP Peer Detail View
supervisor@rtbrick>LEAF01: op> show bgp peer detail
Peer: PE2, Peer IP: 12.0.0.2, Remote AS: 4200000002, Local: 12.0.0.1, Local AS: 4200000001, Any AS: False
Type: ebgp, State: Established, Up/Down Time: 0d:01h:38m:59s, Reason: Cease, Sub-Code: Admin reset
Discovered on interface: -
Last transition: Thu Jun 20 09:35:06 GMT +0000 2024, Flap count: 1
Peer ID : 192.168.0.20, Local ID : 192.168.0.10
Instance : default, Peer group: PE2
6PE enabled : False
Timer values:
Peer keepalive : 30s, Local keepalive: 30s
Peer holddown : 90s, Local holddown : 90s
Connect retry : 30s
Timers:
Connect retry timer : 0s
keepalive timer : expires in 10s 882996us
Holddown timer : expires in 1m 12s 538155us
NLRIs:
Sent : ['l2vpn-evpn', 'l2vpn-vpls', 'ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec', 'ipv4-vpn-unicast', 'ipv6-vpn-unicast', 'ipv4-vpn-multicast', 'ipv4-labeled-unicast', 'ipv6-labeled-unicast']
Received : ['l2vpn-evpn', 'l2vpn-vpls', 'ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec', 'ipv4-vpn-unicast', 'ipv6-vpn-unicast', 'ipv4-vpn-multicast', 'ipv4-labeled-unicast', 'ipv6-labeled-unicast']
Negotiated : ['l2vpn-evpn', 'l2vpn-vpls', 'ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec', 'ipv4-vpn-unicast', 'ipv6-vpn-unicast', 'ipv4-vpn-multicast', 'ipv4-labeled-unicast', 'ipv6-labeled-unicast']
Capabilities:
Addpath sent : None
Addpath received : None
Addpath negotiated : None
Extended nexthop sent : None
Extended nexthop received : None
Extended nexthop negotiated : None
Capabilities:
Feature Sent Received Negotiated
Route refresh True True True
4 byte AS True True True
Graceful restart False False False
Link local only False False False
Prefix Limit:
End of RIB:
Address family Sent Received
IPv4 unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 labeled-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 labeled-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 VPN-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 VPN-unicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 flowspec Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv6 flowspec Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
IPv4 VPN-multicast Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
L2VPN VPLS Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
L2VPN EVPN Thu Jun 20 09:35:11 GMT +0000 2024 Thu Jun 20 09:35:11 GMT +0000 2024
Message stats:
Session stats:
Direction Open Update Keepalive Notify Route refresh
Input 1 40 235 0 0
Output 1 52 239 0 0
Total stats:
Input 2 80 299 0 0
Output 2 102 302 1 0
Route stats:
Address family Received Sent Prefix limit Idle timeout
IPv4 unicast 4 4 0 0
IPv4 labeled-unicast 2 2 0 0
IPv6 unicast 4 4 0 0
IPv6 labeled-unicast 2 2 0 0
IPv4 VPN-unicast 8 4 0 0
IPv6 VPN-unicast 6 4 0 0
IPv4 VPN-multicast 2 6 0 0
L2VPN VPLS 7 7 0 0
L2VPN EVPN 7 7 0 0
IPv4 flowspec 0 8 0 0
IPv6 flowspec 0 0 0 0
Peer: , Peer IP: 99.1.1.2, Remote AS: 65002, Local: 99.1.1.1, Local AS: 4200000001, Any AS: False
Type: ebgp, State: Established, Up/Down Time: 0d:01h:38m:59s, Reason: Cease, Sub-Code: Admin reset
Discovered on interface: -
Last transition: Thu Jun 20 09:35:06 GMT +0000 2024, Flap count: 2
Peer ID : 192.168.1.3, Local ID : 192.168.0.10
Instance : default, Peer group: SN
6PE enabled : False
Timer values:
Peer keepalive : 30s, Local keepalive: 30s
Peer holddown : 90s, Local holddown : 90s
Connect retry : 30s
Timers:
Connect retry timer : 0s
keepalive timer : expires in 14s 885374us
Holddown timer : expires in 1m 806199us
NLRIs:
Sent : ['ipv4-unicast', 'ipv6-unicast', 'ipv4-flowspec', 'ipv6-flowspec']
Received : ['ipv4-flowspec', 'ipv6-flowspec']
Negotiated : ['ipv4-flowspec', 'ipv6-flowspec']
Capabilities:
Addpath sent : None
Addpath received : None
Addpath negotiated : None
Extended nexthop sent : None
Extended nexthop received : ['ipv4-flowspec', 'ipv6-flowspec']
Extended nexthop negotiated : None
Capabilities:
Feature Sent Received Negotiated
Route refresh True True True
4 byte AS True True True
Graceful restart False False False
Link local only False False False
<...>Example 4: BGP Peer history for a specified peer
supervisor@rtbrick.net: op> show bgp peer history peer address 192:168::40 Instance: ip2vrf Peer Address Source Address Type Last Reset Reason 192:168::40 192:168:5::20 FSM Error FSM Error, Sub-Code: Unexpected message in OpenSent State
show bgp rib-in
This command displays the received routes.
Syntax:
show bgp rib-in <option> …
| Option | Description |
|---|---|
- |
Without any option, the command displays information on the received BGP routing table on all instances in a summary table format. |
<afi> |
BGP routing table summary for the given address family (AFI), all sub-address families and all instances. Supported AFI values are 'ipv4' and 'ipv6'. |
<afi> <safi> |
BGP routing table summary for the given address family (AFI) and sub-address family (SAFI), and all instances. Supported SAFI values are 'labeled-unicast', 'unicast', 'vpn-multicast', 'vpn-unicast', ‘evpn-vpws’, ‘evpn’, ‘vpls-vpws’, ‘vpls’, and ‘flowspec’. |
<afi> <safi> detail |
Detailed list view of the BGP routing table for the given address family (AFI) and sub-address family (SAFI), and all instances. |
<afi> <safi> <prefix> |
BGP routing table entry for the given prefix and all instances. |
<afi> <safi> instance <instance-name> |
BGP routing table summary for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> detail |
Detailed list view of BGP routing table for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> <prefix> |
BGP routing table entry for the given prefix and instance. |
<afi> <safi> community <community-name> |
BGP community details for the given AFI, SAFI, and instance. |
<afi> <safi> error |
BGP route with error status for the given AFI, SAFI, and instance. |
<afi> <safi> peer <name> / peer address <ip> |
Peer name or address |
Example 1: Summary view of the BGP rib-in for the ipv4 flowspec address family.
supervisor@rtbrick>LEAF01: op> show bgp rib-in ipv4 flowspec
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Peer IP: 99.1.1.2, Source IP: 99.1.1.1, Total routes: 2
Flowspec Hash Match Action AS Path Status
236e3111 src-prefix : 192.0.2.3/32 rate-limit:400.0 kbps 65002 Valid
ip-proto : [ ==tcp or ==udp ]
src-port : [ ==200 or ==100 or ==300 ]
e05a9523 dest-prefix : 203.0.113.0/24 discard 65002 ValidExample 2: Summary view of the BGP rib-in for the ipv6 flowspec address family.
supervisor@rtbrick>LEAF01: op> show bgp rib-in ipv6 flowspec
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv6, SAFI: flowspec
Peer IP: 99.1.1.2, Source IP: 99.1.1.1, Total routes: 1
Flowspec Hash Match Action AS Path Status
eff682bf src-prefix : 2001:db8::1/128 rate-limit:500.0 kbps - Valid
ip-proto : [ ==udp ]
src-port : [ ==4000 or ==5000 ]Example 3: Summary view of the BGP rib-in for the IPv4 with the error flag.
supervisor@rtbrick>rtbrick.net: op> show bgp rib-in ipv4
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: unicast
Hostname: Local, Peer IP: 0.0.0.0
Source IP: 0.0.0.0, Total routes: 4
Flags Prefix Next Hop MED Lpref AS Path
12.0.0.0/24 - 0 100 -
12.1.0.0/24 - 0 100 -
192.168.0.10/32 - 0 100 -
192.168.0.11/32 - 0 100 -
Hostname: P1, Peer IP: 12.0.0.2
Source IP: 12.0.0.1, Total routes: 4
Flags Prefix Next Hop MED Lpref AS Path
12.0.0.0/24 12.0.0.2 0 - 4200000002
12.1.0.0/24 12.0.0.2 0 - 4200000002
192.168.0.20/32 12.0.0.2 0 - 4200000002
192.168.0.21/32 12.0.0.2 0 - 4200000002show bgp rib-out
This command displays the send routes.
Syntax:
show bgp rib-out <option> …
| Option | Description |
|---|---|
- |
Without any option, the command displays advertised BGP routes for all instances. |
<afi> |
BGP routing table summary for the given address family (AFI), all sub-address families and all instances. Supported AFI values are 'ipv4' and 'ipv6'. |
<afi> <safi> |
BGP routing table summary for the given address family (AFI) and sub-address family (SAFI), and all instances. Supported SAFI values are 'unicast', 'labeled-unicast', 'multicast', 'vpn-unicast', ‘evpn’, ‘vpls’, ‘vpls-vpws’, and ‘flowspec’. |
<afi> <safi> detail |
Detailed list view of the BGP routing table for the given address family (AFI) and sub-address family (SAFI), and all instances. |
<afi> <safi> <prefix> |
BGP routing table entry for the given prefix and all instances. |
<afi> <safi> instance <instance-name> |
BGP routing table summary for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> detail |
Detailed list view of BGP routing table for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> <prefix> |
BGP routing table entry for the given prefix and instance. |
<afi> <safi> peer <name> / peer address <ip> |
Peer name or address |
Example 1: Summary view of the IPv4 FlowSpec routes advertised to a peer
supervisor@rtbrick>LEAF01: op> show bgp rib-out ipv4 flowspec
Instance: default, AFI: ipv4, SAFI: flowspec
Peer-group: PE2, Sent routes: 2
Flowspec Hash Match Action Origin
236e3111 src-prefix : 192.0.2.3/32 rate-limit:400.0 kbps Incomplete
ip-proto : [ ==tcp or ==udp ]
src-port : [ ==200 or ==100 or ==300 ]
e05a9523 dest-prefix : 203.0.113.0/24 discard IncompleteExample 2: Summary view of the IPv6 FlowSpec routes advertised to a peer
supervisor@rtbrick>LEAF01: op> show bgp rib-out ipv6 flowspec
Instance: default, AFI: ipv6, SAFI: flowspec
Peer-group: PE2, Sent routes: 1
Flowspec Hash Match Action Origin
eff682bf src-prefix : 2001:db8::1/128 rate-limit:500.0 kbps Incomplete
ip-proto : [ ==udp ]
src-port : [ ==4000 or ==5000 ]show bgp fib
The 'show bgp fib' commands display the BGP forwarding table. In contrast to the 'show bgp rib' commands, the output of the 'show bgp fib' commands includes only the selected routes. The BGP route selection occurs between the RIB and the FIB.
Syntax:
show bgp fib <option> …
| Option | Description |
|---|---|
- |
Without any option, the commands display the BGP forwarding table for all address families and all instances in a summary table format. |
<afi> |
BGP forwarding table summary for the given address family (AFI), all sub-address families and all instances. Supported AFI values are 'ipv4' and 'ipv6'. |
<afi> <safi> |
BGP forwarding table summary for the given address family (AFI) and sub-address family (SAFI), and all instances. Supported SAFI values are 'unicast', 'labeled-unicast', 'vpn-multicast', 'vpn-unicast', ‘evpn-vpws’, ‘vpls’, ‘vpls-vpws’ and ‘flowspec’. |
<afi> <safi> detail |
Detailed list view of the BGP forwarding table for the given address family (AFI) and sub-address family (SAFI), and all instances. |
<afi> <safi> <prefix> |
BGP forwarding table entry for the given prefix and all instances. |
<afi> <safi> instance <instance-name> |
BGP forwarding table summary for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> detail |
Detailed list view of BGP forwarding table for the given AFI, SAFI, and instance. |
<afi> <safi> instance <instance-name> <prefix> |
BGP forwarding table entry for the given prefix and instance. |
Example 1: Summary view of the BGP FIB for IPv4 flowspec address family
supervisor@rtbrick>LEAF01: op> show bgp fib ipv4 flowspec
Instance: default, AFI: ipv4, SAFI: flowspec
Flowspec Hash Match Action Priority Status
236e3111 src-prefix : 192.0.2.3/32 rate-limit:400.0 kbps 1502 Installed
ip-proto : [ ==tcp or ==udp ]
src-port : [ ==200 or ==100 or ==300 ]
e05a9523 dest-prefix : 203.0.113.0/24 discard 1501 InstalledExample 2: Summary view of the BGP FIB for a specific IPv4 flowspec hash
supervisor@rtbrick>LEAF01: op> show bgp fib ipv4 flowspec e05a9523
Instance: default, AFI: ipv4, SAFI: flowspec
Flowspec hash: e05a9523
Match:
dest-prefix: 203.0.113.0/24
Action:
discard
Extended community:
flowspec:traffic-rate-bytes:0:0.000000
Priority: 1509
Status: Installed
Number of ACL installed: 1
Rule: bgp-flowspec-e05a95230d1f7153ac561b564947a9457b1083f57fa5cb10
ACL type: l3v4
Ordinal: 0 Priority: 1501
Match:
Destination IPv4 prefix: 203.0.113.0/24
Action:
Drop: True
Statistics:
Total Accepted Dropped
Packets: 45 0 45
Bytes: 11700 0 11700Example 3: Summary view of the BGP FIB for IPv6 flowspec address family
supervisor@rtbrick>LEAF01: op> show bgp fib ipv6 flowspec
Instance: default, AFI: ipv6, SAFI: flowspec
Flowspec Hash Match Action Priority Status
eff682bf src-prefix : 2001:db8::1/128 rate-limit:500.0 kbps 1501 Installed
ip-proto : [ ==udp ]
src-port : [ ==4000 or ==5000 ]Example 3: Summary view of the BGP FIB for a specific IPv4 flowspec address family
supervisor@rtbrick>LEAF01: op> show bgp fib ipv4 flowspec 236e3111
Instance: default, AFI: ipv4, SAFI: flowspec
Flowspec hash: 236e3111
Match:
src-prefix: 192.0.2.3/32
ip-proto: [ ==tcp or ==udp ]
src-port: [ ==200 or ==100 or ==300 ]
Action:
rate-limit:400.0 kbps
Extended community:
flowspec:traffic-rate-bytes:0:400000.000000
Priority: 1502
Status: Installed
Number of ACL installed: 6
Rule: bgp-flowspec-236e31110de8e5920e5caed1e4bc3fe92d570bda99bd49f7
ACL type: l3v4
Ordinal: 4 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 100
IP protocol: udp
ACL type: l3v4
Ordinal: 3 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 200
IP protocol: udp
ACL type: l3v4
Ordinal: 0 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 200
IP protocol: tcp
ACL type: l3v4
Ordinal: 2 Priority: 1502
Match:
Source IPv4 prefix: 192.0.2.3/32
Source L4 port:: 300
IP protocol: tcp
ACL type: l3v4
Ordinal: 5 Priority: 1502
<...>Show Command Filter Options for RIB-in, RIB-out, and FIB
Syntax
show bgp fib|rib-in|rib-out <afi> flowspec filter <options>
| Option | Description |
|---|---|
<afi> flowspec filter <options> |
Filter BGP Flowspec entries across the RIB based on the option specified. |
destination-port |
Filters based on destination port number. |
destination-prefix |
Filters based on the destination IP prefix. |
instance-name |
Filters entries based on the BGP instance. Useful to verify the Flowspec entries specific to one instance in a multi-instance BGP configurations. |
ip-proto |
Filters based on the protocol. |
port |
Filters Flowspec entries based on the protocol port number. |
source-port |
Filters entries based on the source port. Useful to identify different applications or services originating from specific ports. |
source-prefix |
Filters entries based on the source IP prefix. |
supervisor@rtbrick.net: cfg> show bgp rib-in ipv4 flowspec filter port 3344
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Hostname: SN, Peer IP: 23.1.1.3
Source IP: 23.1.1.1, Total routes: 9999
Flags Flowspec Hash Match Action AS Path
647718a2 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==3344 and >=3345 or >3346 ]
dst-port : [ ==3344 and >=3345 or >3346 ]
src-port : [ ==3344 and >=3345 or >3346 ]
f547079c dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==3343 and >=3344 or >3345 ]
dst-port : [ ==3343 and >=3344 or >3345 ]
src-port : [ ==3343 and >=3344 or >3345 ]
fa25370c dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==3342 and >=3343 or >3344 ]
dst-port : [ ==3342 and >=3343 or >3344 ]
src-port : [ ==3342 and >=3343 or >3344 ]
supervisor@rtbrick.net: cfg> show bgp rib-in ipv4 flowspec filter destination-prefix 20.1.1.1/32
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Hostname: SN, Peer IP: 23.1.1.3
Source IP: 23.1.1.1, Total routes: 9999
Flags Flowspec Hash Match Action AS Path
36f587c2 dest-prefix : 20.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==28 and >=29 or >30 ]
dst-port : [ ==28 and >=29 or >30 ]
src-port : [ ==28 and >=29 or >30 ]
dbedeed9 dest-prefix : 20.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==9978 and >=9979 or >9980 ]
dst-port : [ ==9978 and >=9979 or >9980 ]
src-port : [ ==9978 and >=9979 or >9980 ]
supervisor@rtbrick.net: cfg> show bgp rib-in ipv4 flowspec filter source-prefix 20.123.133.1/32
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Hostname: SN, Peer IP: 23.1.1.3
Source IP: 23.1.1.1, Total routes: 9999
Flags Flowspec Hash Match Action AS Path
38bfcfd3 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 20.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==251 and >=252 or >253 ]
dst-port : [ ==251 and >=252 or >253 ]
src-port : [ ==251 and >=252 or >253 ]
5fa337e5 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 20.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==9997 and >=9998 or >9999 ]
dst-port : [ ==9997 and >=9998 or >9999 ]
src-port : [ ==9997 and >=9998 or >9999 ]
91c84623 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 20.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==154 and >=155 or >156 ]
dst-port : [ ==154 and >=155 or >156 ]
src-port : [ ==154 and >=155 or >156 ]
supervisor@rtbrick.net: cfg> show bgp rib-in ipv4 flowspec filter destination-port 100
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Hostname: SN, Peer IP: 23.1.1.3
Source IP: 23.1.1.1, Total routes: 9999
Flags Flowspec Hash Match Action AS Path
14c614cf dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==100 and >=101 or >102 ]
dst-port : [ ==100 and >=101 or >102 ]
src-port : [ ==100 and >=101 or >102 ]
2eaa5fab dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==99 and >=100 or >101 ]
dst-port : [ ==99 and >=100 or >101 ]
src-port : [ ==99 and >=100 or >101 ]
3b8548f9 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==98 and >=99 or >100 ]
dst-port : [ ==98 and >=99 or >100 ]
src-port : [ ==98 and >=99 or >100 ]
supervisor@rtbrick.net: cfg> show bgp rib-in ipv4 flowspec filter source-port 200
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Hostname: SN, Peer IP: 23.1.1.3
Source IP: 23.1.1.1, Total routes: 9999
Flags Flowspec Hash Match Action AS Path
908f5353 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==199 and >=200 or >201 ]
dst-port : [ ==199 and >=200 or >201 ]
src-port : [ ==199 and >=200 or >201 ]
a6c7b490 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==200 and >=201 or >202 ]
dst-port : [ ==200 and >=201 or >202 ]
src-port : [ ==200 and >=201 or >202 ]
c2a0d3e2 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp ]
port : [ ==198 and >=199 or >200 ]
dst-port : [ ==198 and >=199 or >200 ]
src-port : [ ==198 and >=199 or >200 ]
supervisor@rtbrick.net: cfg> show bgp rib-in ipv4 flowspec filter ip-proto icmp
Flags: & - Imported, ! - Error
Instance: default, AFI: ipv4, SAFI: flowspec
Hostname: SN, Peer IP: 23.1.1.3
Source IP: 23.1.1.1, Total routes: 9999
Flags Flowspec Hash Match Action AS Path
3dca36d8 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp or <icmp ]
port : [ ==9516 and >=9517 or >9518 ]
dst-port : [ ==9516 and >=9517 or >9518 ]
src-port : [ ==9516 and >=9517 or >9518 ]
db68d8a6 dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp or >icmp ]
port : [ ==29 and >=30 or >31 ]
dst-port : [ ==29 and >=30 or >31 ]
src-port : [ ==29 and >=30 or >31 ]
deb2048d dest-prefix : 10.1.1.1/32 None 65002
src-prefix : 123.123.133.1/32
ip-proto : [ ==tcp or !=ospf or >=udp or <=igmp or <icmp ]
port : [ ==9674 and >=9675 or >9676 ]
dst-port : [ ==9674 and >=9675 or >9676 ]
src-port : [ ==9674 and >=9675 or >9676 ]
Validating FlowSpec ACLs
In forwarding, the FlowSpec rules can be validated using the "show acl rule <…>" command as shown in the example below:
supervisor@rtbrick>LEAF01: op> show acl rule bgp-flowspec-b9342ffc0d1f7153ac561b564947a9457b1083f57fa5cb10
Rule: bgp-flowspec-b9342ffc0d1f7153ac561b564947a9457b1083f57fa5cb10
ACL type: l3v4
Ordinal: 0 Priority: 1501
Match:
Direction: ingress
Destination IPv4 prefix: 203.0.113.0/24
Action:
Stats enabled: True
Drop: True
Result:
ACL Handle: 93
Statistics:
Units Total Accepted Dropped
Packets 45 0 45
Bytes 11700 0 11700BGP FlowSpec Clear Commands
Clear commands allow to reset operational states.
BGP Peer
This commands resets BGP peerings.
Syntax:
clear bgp peer <option> …
| Option | Description |
|---|---|
all |
Clears all the BGP peers. |
all soft-in <afi> <safi> |
Sends route refresh to all neighbors. |
all soft-out <afi> <safi> |
Re-advertises all the routes previously sent to the peer. |
all stats |
Clears the statistics of all the BGP peers. |
instance <instance> <peer-ip> |
Clears the peer for the given instance and peer IP address. |
instance <instance> <peer-ip> source <src-ip> |
Clears a specific peer for the given peer IP address and source IP address in the specified instance. |
instance <instance> all |
Clears all peers in the given instance. |
instance <instance> <peer-ip> source <src-ip> soft-in <afi> <safi> |
Sends route refresh to specific peer for the given instance, peer-ip, source-ip and address-family. |
instance <instance> <peer-ip> soft-in <afi> <safi> |
Sends route refresh to peer for the given instance, peer-ip and address-family. |
instance <instance> all soft-in <afi> <safi> |
Sends route refresh to all peers for the given instance and address family. |
instance <instance> <peer-ip> source <src-ip> soft-out <afi> <safi> |
Re-advertises all the routes previously sent to the specific peer for the given instance, peer-ip, source-ip and address-family. |
instance <instance> <peer-ip> soft-out <afi> <safi> |
Sends route refresh to peer for a given instance, peer-ip and address-family. |
instance <instance> all soft-out <afi> <safi> |
Sends route update to all peers for given instance and address family. |
instance <instance> <peer-ip> source <src-ip> stats |
Clears the statistics of a specific peer for a given instance, peer-ip and source-IP. |
instance <instance> <peer-ip> stats |
Clears the statistics of the peer for a given instance and peer-IP. |
instance <instance> all stats |
Clears the statistics of all peers for a given instance. |
Example: The example below shows how to clear all the BGP peers.
supervisor@rtbrick: op> clear bgp peer all
Example: Route Refresh in IPv4/IPv6 for BGP FlowSpec
supervisor@rtbrick: op> clear bgp peer all soft-out ipv4 flowspec supervisor@rtbrick: op> clear bgp peer all soft-in ipv6 flowspec