vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

bgp: adjust to new CLI syntax where local-as is an individual leafNode

Browse Source
This commit is contained in:
Christian Poessinger 2021-05-26 00:01:45 +02:00
parent 274b4dc65f
commit 1534070b0d
8 changed files with 112 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/automation/command-scripting.rst
View File

@ -26,7 +26,8 @@ example, if you want to disable a BGP peer on VRRP transition to backup:
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
set protocols bgp 65536 neighbor 192.168.2.1 shutdown
set protocols bgp local-as 65536
set protocols bgp neighbor 192.168.2.1 shutdown
commit
exit

11
docs/configexamples/azure-vpn-bgp.rst
View File

@ -120,13 +120,14 @@ Vyos configuration
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 64499 neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp 64499 neighbor 10.0.0.4 timers keepalive '10'
set protocols bgp local-as 64499
set protocols bgp neighbor 10.0.0.4 remote-as '65540'
set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp neighbor 10.0.0.4 timers keepalive '10'
- **Important**: Disable connected check \
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
set protocols bgp neighbor 10.0.0.4 disable-connected-check

21
docs/configexamples/azure-vpn-dual-bgp.rst
View File

@ -136,20 +136,21 @@ Vyos configuration
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 64499 neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp 64499 neighbor 10.0.0.4 timers keepalive '10'
set protocols bgp local-as 64499
set protocols bgp neighbor 10.0.0.4 remote-as '65540'
set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp neighbor 10.0.0.4 timers holdtime '30'
set protocols bgp neighbor 10.0.0.4 timers keepalive '10'
set protocols bgp 64499 neighbor 10.0.0.5 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.5 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 64499 neighbor 10.0.0.5 timers holdtime '30'
set protocols bgp 64499 neighbor 10.0.0.5 timers keepalive '10'
set protocols bgp neighbor 10.0.0.5 remote-as '65540'
set protocols bgp neighbor 10.0.0.5 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp neighbor 10.0.0.5 timers holdtime '30'
set protocols bgp neighbor 10.0.0.5 timers keepalive '10'
- **Important**: Disable connected check, otherwise the routes learned
from Azure will not be imported into the routing table.
.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
set protocols bgp 64499 neighbor 10.0.0.5 disable-connected-check
set protocols bgp neighbor 10.0.0.4 disable-connected-check
set protocols bgp neighbor 10.0.0.5 disable-connected-check

58
docs/configexamples/bgp-ipv6-unnumbered.rst
View File

@ -13,39 +13,41 @@ Configuration
.. code-block:: none
set protocols bgp 64496 address-family ipv4-unicast redistribute connected
set protocols bgp 64496 address-family ipv6-unicast redistribute connected
set protocols bgp 64496 neighbor eth1 interface v6only
set protocols bgp 64496 neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp 64496 neighbor eth2 interface v6only
set protocols bgp 64496 neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp 64496 parameters bestpath as-path multipath-relax
set protocols bgp 64496 parameters bestpath compare-routerid
set protocols bgp 64496 parameters default no-ipv4-unicast
set protocols bgp 64496 parameters router-id '192.168.0.1'
set protocols bgp 64496 peer-group fabric address-family ipv4-unicast
set protocols bgp 64496 peer-group fabric address-family ipv6-unicast
set protocols bgp 64496 peer-group fabric capability extended-nexthop
set protocols bgp 64496 peer-group fabric remote-as 'external'
set protocols bgp local-as 64496
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family ipv6-unicast redistribute connected
set protocols bgp neighbor eth1 interface v6only
set protocols bgp neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp neighbor eth2 interface v6only
set protocols bgp neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp parameters bestpath as-path multipath-relax
set protocols bgp parameters bestpath compare-routerid
set protocols bgp parameters default no-ipv4-unicast
set protocols bgp parameters router-id '192.168.0.1'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
- Router B:
.. code-block:: none
set protocols bgp 64499 address-family ipv4-unicast redistribute connected
set protocols bgp 64499 address-family ipv6-unicast redistribute connected
set protocols bgp 64499 neighbor eth1 interface v6only
set protocols bgp 64499 neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp 64499 neighbor eth2 interface v6only
set protocols bgp 64499 neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp 64499 parameters bestpath as-path multipath-relax
set protocols bgp 64499 parameters bestpath compare-routerid
set protocols bgp 64499 parameters default no-ipv4-unicast
set protocols bgp 64499 parameters router-id '192.168.0.2'
set protocols bgp 64499 peer-group fabric address-family ipv4-unicast
set protocols bgp 64499 peer-group fabric address-family ipv6-unicast
set protocols bgp 64499 peer-group fabric capability extended-nexthop
set protocols bgp 64499 peer-group fabric remote-as 'external'
set protocols bgp local-as 64499
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family ipv6-unicast redistribute connected
set protocols bgp neighbor eth1 interface v6only
set protocols bgp neighbor eth1 interface v6only peer-group 'fabric'
set protocols bgp neighbor eth2 interface v6only
set protocols bgp neighbor eth2 interface v6only peer-group 'fabric'
set protocols bgp parameters bestpath as-path multipath-relax
set protocols bgp parameters bestpath compare-routerid
set protocols bgp parameters default no-ipv4-unicast
set protocols bgp parameters router-id '192.168.0.2'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
Results
=======

21
docs/configexamples/ha.rst
View File

@ -6,7 +6,7 @@ This document walks you through a complete HA setup of two VyOS machines. This
design is based on a VM as the primary router, and a physical machine as a
backup, using VRRP, BGP, OSPF and conntrack sharing.
The aim of this document is to walk you through setting everything up, so
The aim of this document is to walk you through setting everything up, so
at a point where you can reboot any machine and not lose more than a few
seconds worth of connectivity.
@ -555,6 +555,7 @@ it is not 203.0.113.0/24.
set policy prefix-list BGPOUT rule 100 prefix '203.0.113.0/24'
set policy prefix-list BGPOUT rule 10000 action 'deny'
set policy prefix-list BGPOUT rule 10000 prefix '0.0.0.0/0'
set policy route-map BGPOUT description 'BGP Export Filter'
set policy route-map BGPOUT rule 10 action 'permit'
set policy route-map BGPOUT rule 10 match ip address prefix-list 'BGPOUT'
@ -564,14 +565,16 @@ it is not 203.0.113.0/24.
set policy route-map BGPPREPENDOUT rule 10 set as-path-prepend '65551 65551 65551'
set policy route-map BGPPREPENDOUT rule 10 match ip address prefix-list 'BGPOUT'
set policy route-map BGPPREPENDOUT rule 10000 action 'deny'
set protocols bgp 65551 address-family ipv4-unicast network 192.0.2.0/24
set protocols bgp 65551 address-family ipv4-unicast redistribute connected metric '50'
set protocols bgp 65551 address-family ipv4-unicast redistribute ospf metric '50'
set protocols bgp 65551 neighbor 192.0.2.11 address-family ipv4-unicast route-map export 'BGPOUT'
set protocols bgp 65551 neighbor 192.0.2.11 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 65551 neighbor 192.0.2.11 remote-as '65550'
set protocols bgp 65551 neighbor 192.0.2.11 update-source '192.0.2.21'
set protocols bgp 65551 parameters router-id '192.0.2.21'
set protocols bgp local-as 65551
set protocols bgp address-family ipv4-unicast network 192.0.2.0/24
set protocols bgp address-family ipv4-unicast redistribute connected metric '50'
set protocols bgp address-family ipv4-unicast redistribute ospf metric '50'
set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast route-map export 'BGPOUT'
set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 192.0.2.11 remote-as '65550'
set protocols bgp neighbor 192.0.2.11 update-source '192.0.2.21'
set protocols bgp parameters router-id '192.0.2.21'
**router2**

5
docs/configuration/policy/index.rst
View File

@ -27,8 +27,9 @@ Example
set policy route-map setmet rule 2 set as-path-prepend '2 2 2'
# Apply policy to BGP
set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet'
set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp local-as 1
set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet'
set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound'
Using 'soft-reconfiguration' we get the policy update without bouncing the
neighbor.

10
docs/configuration/protocols/bfd.rst
View File

@ -10,7 +10,7 @@ BFD
the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`.
In the age of very fast networks, a second of unreachability may equal millions of lost packets.
The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast.
The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast.
BFD sends lots of small UDP packets very quickly to ensures that the peer is still alive.
@ -31,7 +31,7 @@ Configure BFD
Allow this BFD peer to not be directly connected
.. cfgcmd:: set protocols bfd peer <address> source
.. cfgcmd:: set protocols bfd peer <address> source
[address <address> | interface <interface>]
Bind listener to specifid interface/address, mandatory for IPv6
@ -45,7 +45,7 @@ Configure BFD
Remote transmission interval will be multiplied by this value
.. cfgcmd:: set protocols bfd peer <address> interval
.. cfgcmd:: set protocols bfd peer <address> interval
[receive | transmit] <10-60000>
Interval in milliseconds
@ -58,11 +58,11 @@ Configure BFD
Enable BFD in BGP
-----------------
.. cfgcmd:: set protocols bgp <asn> neighbor <address> bfd
.. cfgcmd:: set protocols bgp neighbor <neighbor> bfd
Enable BFD on a single BGP neighbor
.. cfgcmd:: set protocols bgp <asn> peer-group <group> bfd
.. cfgcmd:: set protocols bgp peer-group <neighbor> bfd
Enable BFD on a BGP peer group

77
docs/configuration/protocols/bgp.rst
View File

@ -897,15 +897,14 @@ between these sub-ASes we use something that looks like EBGP but behaves like
IBGP (called confederation BGP). Confederation mechanism is described in
:rfc:`5065`
.. cfgcmd:: set protocols bgp <subasn> parameters confederation identifier
.. cfgcmd:: set protocols bgp parameters confederation identifier
<asn>
This command specifies a BGP confederation identifier. <asn> is the number
of the autonomous system that internally includes multiple sub-autonomous
systems (a confederation). <subasn> is the number sub-autonomous system
inside <asn>.
systems (a confederation).
.. cfgcmd:: set protocols bgp <subasn> parameters confederation confederation
.. cfgcmd:: set protocols bgp parameters confederation confederation
peers <nsubasn>
This command sets other confederations <nsubasn> as members of autonomous
@ -1070,21 +1069,23 @@ A simple eBGP configuration:
.. code-block:: none
set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2'
set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535'
set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1'
set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16'
set protocols bgp 65534 parameters router-id '192.168.0.1'
set protocols bgp local-as 65534
set protocols bgp neighbor 192.168.0.2 ebgp-multihop '2'
set protocols bgp neighbor 192.168.0.2 remote-as '65535'
set protocols bgp neighbor 192.168.0.2 update-source '192.168.0.1'
set protocols bgp address-family ipv4-unicast network '172.16.0.0/16'
set protocols bgp parameters router-id '192.168.0.1'
**Node 2:**
.. code-block:: none
set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2'
set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534'
set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2'
set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16'
set protocols bgp 65535 parameters router-id '192.168.0.2'
set protocols bgp local-as 65535
set protocols bgp neighbor 192.168.0.1 ebgp-multihop '2'
set protocols bgp neighbor 192.168.0.1 remote-as '65534'
set protocols bgp neighbor 192.168.0.1 update-source '192.168.0.2'
set protocols bgp address-family ipv4-unicast network '172.17.0.0/16'
set protocols bgp parameters router-id '192.168.0.2'
Don't forget, the CIDR declared in the network statement MUST **exist in your
@ -1113,23 +1114,25 @@ A simple BGP configuration via IPv6.
.. code-block:: none
set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2'
set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535'
set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast
set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48'
set protocols bgp 65534 parameters router-id '10.1.1.1'
set protocols bgp local-as 65534
set protocols bgp neighbor 2001:db8::2 ebgp-multihop '2'
set protocols bgp neighbor 2001:db8::2 remote-as '65535'
set protocols bgp neighbor 2001:db8::2 update-source '2001:db8::1'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast
set protocols bgp address-family ipv6-unicast network '2001:db8:1::/48'
set protocols bgp parameters router-id '10.1.1.1'
**Node 2:**
.. code-block:: none
set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2'
set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534'
set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast
set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48'
set protocols bgp 65535 parameters router-id '10.1.1.2'
set protocols bgp local-as 65535
set protocols bgp neighbor 2001:db8::1 ebgp-multihop '2'
set protocols bgp neighbor 2001:db8::1 remote-as '65534'
set protocols bgp neighbor 2001:db8::1 update-source '2001:db8::2'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast
set protocols bgp address-family ipv6-unicast network '2001:db8:2::/48'
set protocols bgp parameters router-id '10.1.1.2'
Don't forget, the CIDR declared in the network statement **MUST exist in your
routing table (dynamic or static), the best way to make sure that is true is
@ -1164,6 +1167,7 @@ Route filter can be applied using a route-map:
set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48'
set policy prefix-list6 AS65535-OUT rule 10 action 'deny'
set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48'
set policy route-map AS65535-IN rule 10 action 'permit'
set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN'
set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN'
@ -1172,10 +1176,12 @@ Route filter can be applied using a route-map:
set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT'
set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT'
set policy route-map AS65535-OUT rule 20 action 'permit'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN'
set protocols bgp local-as 65534
set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN'
**Node2:**
@ -1189,6 +1195,7 @@ Route filter can be applied using a route-map:
set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48'
set policy prefix-list6 AS65534-OUT rule 10 action 'deny'
set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48'
set policy route-map AS65534-IN rule 10 action 'permit'
set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN'
set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN'
@ -1197,10 +1204,12 @@ Route filter can be applied using a route-map:
set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT'
set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT'
set policy route-map AS65534-OUT rule 20 action 'permit'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN'
set protocols bgp local-as 65535
set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN'
We could expand on this and also deny link local and multicast in the rule 20
action deny.