Previous: Dump BGP packets and table, Up: BGP


10.17 BGP Configuration Examples

Example of a session to an upstream, advertising only one prefix to it.

     router bgp 64512
      bgp router-id 10.236.87.1
      network 10.236.87.0/24
      neighbor upstream peer-group
      neighbor upstream remote-as 64515
      neighbor upstream capability dynamic
      neighbor upstream prefix-list pl-allowed-adv out
      neighbor 10.1.1.1 peer-group upstream
      neighbor 10.1.1.1 description ACME ISP
     !
     ip prefix-list pl-allowed-adv seq 5 permit 82.195.133.0/25
     ip prefix-list pl-allowed-adv seq 10 deny any
     

A more complex example. With upstream, peer and customer sessions. Advertising global prefixes and NO_EXPORT prefixes and providing actions for customer routes based on community values. Extensive use of route-maps and the 'call' feature to support selective advertising of prefixes. This example is intended as guidance only, it has NOT been tested and almost certainly containts silly mistakes, if not serious flaws.

     router bgp 64512
      bgp router-id 10.236.87.1
      network 10.123.456.0/24
      network 10.123.456.128/25 route-map rm-no-export
      neighbor upstream capability dynamic
      neighbor upstream route-map rm-upstream-out out
      neighbor cust capability dynamic
      neighbor cust route-map rm-cust-in in
      neighbor cust route-map rm-cust-out out
      neighbor cust send-community both
      neighbor peer capability dynamic
      neighbor peer route-map rm-peer-in in
      neighbor peer route-map rm-peer-out out
      neighbor peer send-community both
      neighbor 10.1.1.1 remote-as 64515
      neighbor 10.1.1.1 peer-group upstream
      neighbor 10.2.1.1 remote-as 64516
      neighbor 10.2.1.1 peer-group upstream
      neighbor 10.3.1.1 remote-as 64517
      neighbor 10.3.1.1 peer-group cust-default
      neighbor 10.3.1.1 description customer1
      neighbor 10.3.1.1 prefix-list pl-cust1-network in
      neighbor 10.4.1.1 remote-as 64518
      neighbor 10.4.1.1 peer-group cust
      neighbor 10.4.1.1 prefix-list pl-cust2-network in
      neighbor 10.4.1.1 description customer2
      neighbor 10.5.1.1 remote-as 64519
      neighbor 10.5.1.1 peer-group peer
      neighbor 10.5.1.1 prefix-list pl-peer1-network in
      neighbor 10.5.1.1 description peer AS 1
      neighbor 10.6.1.1 remote-as 64520
      neighbor 10.6.1.1 peer-group peer
      neighbor 10.6.1.1 prefix-list pl-peer2-network in
      neighbor 10.6.1.1 description peer AS 2
     !
     ip prefix-list pl-default permit 0.0.0.0/0
     !
     ip prefix-list pl-upstream-peers permit 10.1.1.1/32
     ip prefix-list pl-upstream-peers permit 10.2.1.1/32
     !
     ip prefix-list pl-cust1-network permit 10.3.1.0/24
     ip prefix-list pl-cust1-network permit 10.3.2.0/24
     !
     ip prefix-list pl-cust2-network permit 10.4.1.0/24
     !
     ip prefix-list pl-peer1-network permit 10.5.1.0/24
     ip prefix-list pl-peer1-network permit 10.5.2.0/24
     ip prefix-list pl-peer1-network permit 192.168.0.0/24
     !
     ip prefix-list pl-peer2-network permit 10.6.1.0/24
     ip prefix-list pl-peer2-network permit 10.6.2.0/24
     ip prefix-list pl-peer2-network permit 192.168.1.0/24
     ip prefix-list pl-peer2-network permit 192.168.2.0/24
     ip prefix-list pl-peer2-network permit 172.16.1/24
     !
     ip as-path access-list asp-own-as permit ^$
     ip as-path access-list asp-own-as permit _64512_
     !
     ! #################################################################
     ! Match communities we provide actions for, on routes receives from
     ! customers. Communities values of <our-ASN>:X, with X, have actions:
     !
     ! 100 - blackhole the prefix
     ! 200 - set no_export
     ! 300 - advertise only to other customers
     ! 400 - advertise only to upstreams
     ! 500 - set no_export when advertising to upstreams
     ! 2X00 - set local_preference to X00
     !
     ! blackhole the prefix of the route
     ip community-list standard cm-blackhole permit 64512:100
     !
     ! set no-export community before advertising
     ip community-list standard cm-set-no-export permit 64512:200
     !
     ! advertise only to other customers
     ip community-list standard cm-cust-only permit 64512:300
     !
     ! advertise only to upstreams
     ip community-list standard cm-upstream-only permit 64512:400
     !
     ! advertise to upstreams with no-export
     ip community-list standard cm-upstream-noexport permit 64512:500
     !
     ! set local-pref to least significant 3 digits of the community
     ip community-list standard cm-prefmod-100 permit 64512:2100
     ip community-list standard cm-prefmod-200 permit 64512:2200
     ip community-list standard cm-prefmod-300 permit 64512:2300
     ip community-list standard cm-prefmod-400 permit 64512:2400
     ip community-list expanded cme-prefmod-range permit 64512:2...
     !
     ! Informational communities
     !
     ! 3000 - learned from upstream
     ! 3100 - learned from customer
     ! 3200 - learned from peer
     !
     ip community-list standard cm-learnt-upstream permit 64512:3000
     ip community-list standard cm-learnt-cust permit 64512:3100
     ip community-list standard cm-learnt-peer permit 64512:3200
     !
     ! ###################################################################
     ! Utility route-maps
     !
     ! These utility route-maps generally should not used to permit/deny
     ! routes, i.e. they do not have meaning as filters, and hence probably
     ! should be used with 'on-match next'. These all finish with an empty
     ! permit entry so as not interfere with processing in the caller.
     !
     route-map rm-no-export permit 10
      set community additive no-export
     route-map rm-no-export permit 20
     !
     route-map rm-blackhole permit 10
      description blackhole, up-pref and ensure it cant escape this AS
      set ip next-hop 127.0.0.1
      set local-preference 10
      set community additive no-export
     route-map rm-blackhole permit 20
     !
     ! Set local-pref as requested
     route-map rm-prefmod permit 10
      match community cm-prefmod-100
      set local-preference 100
     route-map rm-prefmod permit 20
      match community cm-prefmod-200
      set local-preference 200
     route-map rm-prefmod permit 30
      match community cm-prefmod-300
      set local-preference 300
     route-map rm-prefmod permit 40
      match community cm-prefmod-400
      set local-preference 400
     route-map rm-prefmod permit 50
     !
     ! Community actions to take on receipt of route.
     route-map rm-community-in permit 10
      description check for blackholing, no point continuing if it matches.
      match community cm-blackhole
      call rm-blackhole
     route-map rm-community-in permit 20
      match community cm-set-no-export
      call rm-no-export
      on-match next
     route-map rm-community-in permit 30
      match community cme-prefmod-range
      call rm-prefmod
     route-map rm-community-in permit 40
     !
     ! #####################################################################
     ! Community actions to take when advertising a route.
     ! These are filtering route-maps,
     !
     ! Deny customer routes to upstream with cust-only set.
     route-map rm-community-filt-to-upstream deny 10
      match community cm-learnt-cust
      match community cm-cust-only
     route-map rm-community-filt-to-upstream permit 20
     !
     ! Deny customer routes to other customers with upstream-only set.
     route-map rm-community-filt-to-cust deny 10
      match community cm-learnt-cust
      match community cm-upstream-only
     route-map rm-community-filt-to-cust permit 20
     !
     ! ###################################################################
     ! The top-level route-maps applied to sessions. Further entries could
     ! be added obviously..
     !
     ! Customers
     route-map rm-cust-in permit 10
      call rm-community-in
      on-match next
     route-map rm-cust-in permit 20
      set community additive 64512:3100
     route-map rm-cust-in permit 30
     !
     route-map rm-cust-out permit 10
      call rm-community-filt-to-cust
      on-match next
     route-map rm-cust-out permit 20
     !
     ! Upstream transit ASes
     route-map rm-upstream-out permit 10
      description filter customer prefixes which are marked cust-only
      call rm-community-filt-to-upstream
      on-match next
     route-map rm-upstream-out permit 20
      description only customer routes are provided to upstreams/peers
      match community cm-learnt-cust
     !
     ! Peer ASes
     ! outbound policy is same as for upstream
     route-map rm-peer-out permit 10
      call rm-upstream-out
     !
     route-map rm-peer-in permit 10
      set community additive 64512:3200