-
Distribution lists, prefix lists, AS_PATH filters, route maps, aggregate address
-
All can filter in and out updates
-
Peer group processes update once, not per peer
-
Cannot apply to single neighbour in peer group
-
Matching logic is on BGP update
-
Clear required to take effect
-
Clear can be soft
-
neighbor distribute-list - Standard ACL, match prfx and wildcard mask
-
neighbor distribute-list - Ext ACL, prefix, length and WC mask
-
neighbor prefix-list - Exact or first N of prefix, plus range of lengths
-
neighbor filter-list - AS_PATH
-
neighbor route-map - Prefix, length, AS_PATH, and/or PA
- Use Ext ACL
- Most IGPs have standard ACL
- Prefix and length
- Update compare to route-map, filtered or not based on clause
- deny filters route, deny in ACL/list doesnt match route
-
clear ip bgp { * | neighbor-address | peer-group} {soft [in | out]}
-
Soft applies policy config in and out, and can be direct
-
Soft default for sending updates
-
Enable for inbound, neighbor x.x.x.x soft-reconfiguration inbound
-
Received updates stored
-
Config changes for local injection cant be soft \
-
Just reprocesses updates
- Dist lists can match BGP NLRI
- Prefix lists more flexible
- Route maps add nothing for filtering NLRI, but can manipulate
- Also combine match criteria
- summary-only key word
- supress-map
- Route map, any subnets with route-map permit suppressed
- Suppressed in advertisement only
- ip as-path access-list NUMBER permit/deny REGEX
- neighbor x.x.x.x filter-list AS-PATH-ACL { in | out }
- AS SEQ most common, most recently added first ASN
- AS_SET comma delimited, enclosed with {}
- AS_CONFED_SEQ space delimited, enclosed with ()
- AS_CONFED_SET, comma delimiter, enclosed with {}
- Regex of first line applied to AS_PATH of each route
- For match NLRIs, action permit or deny
- For unmatched, step 1 and 2 for lines
- Any NLRI not matched is filtered
Regex characters
-
^ - Start of line
-
$ - EOL
-
| - Logical OR
-
_ - Any delimiter (blank, comma, SOL, EOL)
-
. - Any character
-
? - Zero or one
-
-
- Zero or more
-
-
-
- 1 or more
-
-
(string) - Make string single entity
-
[string] - Wildcard for any single character
-
For regex on BGP route, IOS searchs AS_PATH for first instance of first item in regex, then rest of path sequentially
-
show ip bgp neighbor x.x.x.x advertised-routes - after filtering
-
show ip bgp neighbor x.x.x.x received-routes - before filtering
-
Match AS_CONFED with [(] and [)], as ( and ) are Regex characters
- Well known or optional
- Mandatory or discretionary
- ATOMIC_AGGREGATE - Well known discretionary
- AS_PATH - Well known mandatory
- Transitive - Silent forward to other routers, even if unknown to self
- Nontransitive - Remove PA and not propagate
| Name | Description | Type |
|---|---|---|
| AS_PATH | Transitted ASNs | Well-known mandatory |
| NEXT_HOP | Next Hop of NLRI | Well-known mandatory |
| AGGREGATOR | RID and ASN of summarizing router | Optional transitive |
| ATOMIC_AGGREGATE | Tags NLRI as being a summary | Well knon discretionary |
| ORIGIN | Where route injected | Well known mandatory |
| ORIGINATOR_ID | RRs for RID of original route | Optional Nontransitive |
| CLUSTER_LIST | Cluster IDs of RRs | Optional nontransitive |
- Next hop reachable
- Highest admin weight, higher better
- Local Pref - Higher better
- Locally injected routes (network, redist or summarization)
- Shortest AS path, ignore with bgp bestpath as-path ignore
- Origin - IGP over EGP over ?
- Smallest MED
- Neighbour type - eBGP over iBGP (confed eBGP is still iBGP)\
- IGP metric to next hop
- Above done before looking at maximum paths
- Oldest route
- Smallest neighbor RID (only if bgp bestpath compare-routerid configured)
- Smallest neighbor ID (means router has two neighbour relationships to same touer)
- If best path done in first 9, only one added
- If best path after step 9, considers multiple
- Even if multiple added, best path chosen and only one advertised
- next-hop-self
- next-hop-unchanged
- 0 through 65535
- Dfault 0 for learned, 32768 for local injection
- Route map or neighbor weight
- Route map takes preference
- Default 100
- bgp default local-preference <0-4294967295>
- With local injection weight, automatically used
- For routes that might happen, would need local injection, advertisement and a route-map assigning weight
- Or same NLRI from different sources (i.e. network and redistribute connected)
- AS_SET - Counts as single ASN always
- Confeds - Don't count
- Aggregate address - See agg rules
- neighbor remove-private-as - By router attached to private AS
- neighbor local-as no-prepend - Can use different AS than in neighbour command
- AS_PATH prepending
- bgp bestpath as-path ignore
In IOS: -
- Private ASNs only removed for eBGP updates
- If current AS_SEQ has priv and public, private ASNs not removed
- If ASN of eBGP peer in current AS_PATH, private ASN not removed
- Can prepend any ASN
- Route agg can decrease path length
- set origin
- Default 0
- Sent to one AS, no further
- bgp bestpath med missing-as-worst
- Range of 0 through 2^32 -1
- bgp always-compared-med - MED can discriminate before AS path with this (put on all routers)
- bgp deterministic-med - Processes routes per adjacent AS, then picks best from them
- Without this, just goes sequential
- External should always be preferred
- Find shortest path to next hop
- Which route is best - tiebreakers
- Whether to add multiple paths - maximum-paths command
- Examine eBGP routes only, picking routes with lowest RID
- If only iBGP routes, lowest RID
-
Exception when BGP has best route to NLRI, but learned new info from other routes
-
Including BGP route to reach previously known prefix
-
Router then goes through decision process again
-
If gone through process and gets here again, If existing route is eBGP route, do not replacee exisitng best, even if new has smaller RID
-
Stops flaps
-
bgp bestpath compare-routerid - eBGP routes only
- Does consider all routes again if it gets to this step first
- Defaults to 1
Rules for eBGP
- Must have had to use tiebreaker
- Max paths above 1
- Only eBGP routes where adjacent ASN same is candidate
- If more candidates exist than can be used, tiebreakers on these
Rules for iBGP
- Same as rule 1
- maximum-paths ibgp command for this
- Only those with differing next hops considered
- Same as rule 4
- maximum eibgp exist, but this is MPLS only
- Optional transitive
- neighbor send-community
- ip community-list
- Were a 32 bit decimal
- When added to BGP standard RFC 1997, formatted AA:NN, still 32 bit
- ip bgp-community new-format
- Multiple entries with set or set additive
- Multiple values on same community-list
- Must included all values (unordered)
- Extended can use regex
- No more than 16 lines in standard
- Many in extended
- set community none
- set comm-list COMMUNITY-LIST delete
-
Can match and also match exact
-
NO_EXPORT - FFFF:FF01 - Not out of this AS, can be to confeds
-
NO_ADVERT - FFFF:FF02 - Not to any other peer
-
LOCAL_AS - FFFF:FF03 - Not out the local confed sub-AS (also known as NO_EXPORT_SUBCONFED)
- Updates peers every 5 seconds for iBGP, 30 for eBGP
- Also relies on IGP
- eBGP direct neighbours immediately torn down if connected subnet
- Immediate route flush
- Immediate alternative routes
- Enabled by default in IOS 10.0+
- Since 12.0
- neighbor fall-over means keepalive traffic isn't required to signal pull down neighbour quickly
- Moment IP of peer removed from table, session torn down
- IGP must be able to find BGP peer immeditely
- If interrupted, BGP session already disconnected
- Holdown/delay in BGP session deactivaiton not used
- Works on all BGP session, quick detects failures of EBGP to loopbacks, or when external fallover disabled
- Per neighbour
- Disable fast external with no bgp fast-external fallover - retains quick response to interface failure
- Identical to iBGP use case described
- Inmplemented through fall-over command
- Can reflect rule that BGP peer has to be correctly connected, with route map command matching only connected subnets