mirror of
				https://github.com/vyos/vyos-documentation.git
				synced 2025-10-26 08:41:46 +01:00 
			
		
		
		
	bgp: adjust to new CLI syntax where local-as is an individual leafNode
This commit is contained in:
		
							parent
							
								
									274b4dc65f
								
							
						
					
					
						commit
						1534070b0d
					
				| @ -26,7 +26,8 @@ example, if you want to disable a BGP peer on VRRP transition to backup: | ||||
|   #!/bin/vbash | ||||
|   source /opt/vyatta/etc/functions/script-template | ||||
|   configure | ||||
|   set protocols bgp 65536 neighbor 192.168.2.1 shutdown | ||||
|   set protocols bgp local-as 65536 | ||||
|   set protocols bgp neighbor 192.168.2.1 shutdown | ||||
|   commit | ||||
|   exit | ||||
| 
 | ||||
|  | ||||
| @ -120,13 +120,14 @@ Vyos configuration | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 timers holdtime '30' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 timers keepalive '10' | ||||
|   set protocols bgp local-as 64499 | ||||
|   set protocols bgp neighbor 10.0.0.4 remote-as '65540' | ||||
|   set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp neighbor 10.0.0.4 timers holdtime '30' | ||||
|   set protocols bgp neighbor 10.0.0.4 timers keepalive '10' | ||||
| 
 | ||||
| - **Important**: Disable connected check \ | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check | ||||
|   set protocols bgp neighbor 10.0.0.4 disable-connected-check | ||||
|  | ||||
| @ -136,20 +136,21 @@ Vyos configuration | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 timers holdtime '30' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 timers keepalive '10' | ||||
|   set protocols bgp local-as 64499 | ||||
|   set protocols bgp neighbor 10.0.0.4 remote-as '65540' | ||||
|   set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp neighbor 10.0.0.4 timers holdtime '30' | ||||
|   set protocols bgp neighbor 10.0.0.4 timers keepalive '10' | ||||
| 
 | ||||
|   set protocols bgp 64499 neighbor 10.0.0.5 remote-as '65540' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.5 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.5 timers holdtime '30' | ||||
|   set protocols bgp 64499 neighbor 10.0.0.5 timers keepalive '10' | ||||
|   set protocols bgp neighbor 10.0.0.5 remote-as '65540' | ||||
|   set protocols bgp neighbor 10.0.0.5 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp neighbor 10.0.0.5 timers holdtime '30' | ||||
|   set protocols bgp neighbor 10.0.0.5 timers keepalive '10' | ||||
| 
 | ||||
| - **Important**: Disable connected check, otherwise the routes learned | ||||
|   from Azure will not be imported into the routing table. | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check | ||||
|   set protocols bgp 64499 neighbor 10.0.0.5 disable-connected-check | ||||
|   set protocols bgp neighbor 10.0.0.4 disable-connected-check | ||||
|   set protocols bgp neighbor 10.0.0.5 disable-connected-check | ||||
|  | ||||
| @ -13,39 +13,41 @@ Configuration | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 64496 address-family ipv4-unicast redistribute connected | ||||
|   set protocols bgp 64496 address-family ipv6-unicast redistribute connected | ||||
|   set protocols bgp 64496 neighbor eth1 interface v6only | ||||
|   set protocols bgp 64496 neighbor eth1 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp 64496 neighbor eth2 interface v6only | ||||
|   set protocols bgp 64496 neighbor eth2 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp 64496 parameters bestpath as-path multipath-relax | ||||
|   set protocols bgp 64496 parameters bestpath compare-routerid | ||||
|   set protocols bgp 64496 parameters default no-ipv4-unicast | ||||
|   set protocols bgp 64496 parameters router-id '192.168.0.1' | ||||
|   set protocols bgp 64496 peer-group fabric address-family ipv4-unicast | ||||
|   set protocols bgp 64496 peer-group fabric address-family ipv6-unicast | ||||
|   set protocols bgp 64496 peer-group fabric capability extended-nexthop | ||||
|   set protocols bgp 64496 peer-group fabric remote-as 'external' | ||||
|   set protocols bgp local-as 64496 | ||||
|   set protocols bgp address-family ipv4-unicast redistribute connected | ||||
|   set protocols bgp address-family ipv6-unicast redistribute connected | ||||
|   set protocols bgp neighbor eth1 interface v6only | ||||
|   set protocols bgp neighbor eth1 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp neighbor eth2 interface v6only | ||||
|   set protocols bgp neighbor eth2 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp parameters bestpath as-path multipath-relax | ||||
|   set protocols bgp parameters bestpath compare-routerid | ||||
|   set protocols bgp parameters default no-ipv4-unicast | ||||
|   set protocols bgp parameters router-id '192.168.0.1' | ||||
|   set protocols bgp peer-group fabric address-family ipv4-unicast | ||||
|   set protocols bgp peer-group fabric address-family ipv6-unicast | ||||
|   set protocols bgp peer-group fabric capability extended-nexthop | ||||
|   set protocols bgp peer-group fabric remote-as 'external' | ||||
| 
 | ||||
| - Router B: | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 64499 address-family ipv4-unicast redistribute connected | ||||
|   set protocols bgp 64499 address-family ipv6-unicast redistribute connected | ||||
|   set protocols bgp 64499 neighbor eth1 interface v6only | ||||
|   set protocols bgp 64499 neighbor eth1 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp 64499 neighbor eth2 interface v6only | ||||
|   set protocols bgp 64499 neighbor eth2 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp 64499 parameters bestpath as-path multipath-relax | ||||
|   set protocols bgp 64499 parameters bestpath compare-routerid | ||||
|   set protocols bgp 64499 parameters default no-ipv4-unicast | ||||
|   set protocols bgp 64499 parameters router-id '192.168.0.2' | ||||
|   set protocols bgp 64499 peer-group fabric address-family ipv4-unicast | ||||
|   set protocols bgp 64499 peer-group fabric address-family ipv6-unicast | ||||
|   set protocols bgp 64499 peer-group fabric capability extended-nexthop | ||||
|   set protocols bgp 64499 peer-group fabric remote-as 'external' | ||||
|   set protocols bgp local-as 64499 | ||||
|   set protocols bgp address-family ipv4-unicast redistribute connected | ||||
|   set protocols bgp address-family ipv6-unicast redistribute connected | ||||
|   set protocols bgp neighbor eth1 interface v6only | ||||
|   set protocols bgp neighbor eth1 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp neighbor eth2 interface v6only | ||||
|   set protocols bgp neighbor eth2 interface v6only peer-group 'fabric' | ||||
|   set protocols bgp parameters bestpath as-path multipath-relax | ||||
|   set protocols bgp parameters bestpath compare-routerid | ||||
|   set protocols bgp parameters default no-ipv4-unicast | ||||
|   set protocols bgp parameters router-id '192.168.0.2' | ||||
|   set protocols bgp peer-group fabric address-family ipv4-unicast | ||||
|   set protocols bgp peer-group fabric address-family ipv6-unicast | ||||
|   set protocols bgp peer-group fabric capability extended-nexthop | ||||
|   set protocols bgp peer-group fabric remote-as 'external' | ||||
| 
 | ||||
| Results | ||||
| ======= | ||||
|  | ||||
| @ -6,7 +6,7 @@ This document walks you through a complete HA setup of two VyOS machines. This | ||||
| design is based on a VM as the primary router, and a physical machine as a | ||||
| backup, using VRRP, BGP, OSPF and conntrack sharing. | ||||
| 
 | ||||
| The aim of this document is to walk you through setting everything up, so  | ||||
| The aim of this document is to walk you through setting everything up, so | ||||
| at a point where you can reboot any machine and not lose more than a few | ||||
| seconds worth of connectivity. | ||||
| 
 | ||||
| @ -555,6 +555,7 @@ it is not 203.0.113.0/24. | ||||
|    set policy prefix-list BGPOUT rule 100 prefix '203.0.113.0/24' | ||||
|    set policy prefix-list BGPOUT rule 10000 action 'deny' | ||||
|    set policy prefix-list BGPOUT rule 10000 prefix '0.0.0.0/0' | ||||
| 
 | ||||
|    set policy route-map BGPOUT description 'BGP Export Filter' | ||||
|    set policy route-map BGPOUT rule 10 action 'permit' | ||||
|    set policy route-map BGPOUT rule 10 match ip address prefix-list 'BGPOUT' | ||||
| @ -564,14 +565,16 @@ it is not 203.0.113.0/24. | ||||
|    set policy route-map BGPPREPENDOUT rule 10 set as-path-prepend '65551 65551 65551' | ||||
|    set policy route-map BGPPREPENDOUT rule 10 match ip address prefix-list 'BGPOUT' | ||||
|    set policy route-map BGPPREPENDOUT rule 10000 action 'deny' | ||||
|    set protocols bgp 65551 address-family ipv4-unicast network 192.0.2.0/24 | ||||
|    set protocols bgp 65551 address-family ipv4-unicast redistribute connected metric '50' | ||||
|    set protocols bgp 65551 address-family ipv4-unicast redistribute ospf metric '50' | ||||
|    set protocols bgp 65551 neighbor 192.0.2.11 address-family ipv4-unicast route-map export 'BGPOUT' | ||||
|    set protocols bgp 65551 neighbor 192.0.2.11 address-family ipv4-unicast soft-reconfiguration inbound | ||||
|    set protocols bgp 65551 neighbor 192.0.2.11 remote-as '65550' | ||||
|    set protocols bgp 65551 neighbor 192.0.2.11 update-source '192.0.2.21' | ||||
|    set protocols bgp 65551 parameters router-id '192.0.2.21' | ||||
| 
 | ||||
|    set protocols bgp local-as 65551 | ||||
|    set protocols bgp address-family ipv4-unicast network 192.0.2.0/24 | ||||
|    set protocols bgp address-family ipv4-unicast redistribute connected metric '50' | ||||
|    set protocols bgp address-family ipv4-unicast redistribute ospf metric '50' | ||||
|    set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast route-map export 'BGPOUT' | ||||
|    set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast soft-reconfiguration inbound | ||||
|    set protocols bgp neighbor 192.0.2.11 remote-as '65550' | ||||
|    set protocols bgp neighbor 192.0.2.11 update-source '192.0.2.21' | ||||
|    set protocols bgp parameters router-id '192.0.2.21' | ||||
| 
 | ||||
| 
 | ||||
| **router2** | ||||
|  | ||||
| @ -27,8 +27,9 @@ Example | ||||
|   set policy route-map setmet rule 2 set as-path-prepend '2 2 2' | ||||
| 
 | ||||
|   # Apply policy to BGP | ||||
|   set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' | ||||
|   set protocols bgp 1 neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
|   set protocols bgp local-as 1 | ||||
|   set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' | ||||
|   set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' | ||||
| 
 | ||||
| Using 'soft-reconfiguration' we get the policy update without bouncing the | ||||
| neighbor. | ||||
|  | ||||
| @ -10,7 +10,7 @@ BFD | ||||
| the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`. | ||||
| 
 | ||||
| In the age of very fast networks, a second of unreachability may equal millions of lost packets. | ||||
| The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast.  | ||||
| The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast. | ||||
| 
 | ||||
| BFD sends lots of small UDP packets very quickly to ensures that the peer is still alive. | ||||
| 
 | ||||
| @ -31,7 +31,7 @@ Configure BFD | ||||
| 
 | ||||
|    Allow this BFD peer to not be directly connected | ||||
| 
 | ||||
| .. cfgcmd:: set protocols bfd peer <address> source  | ||||
| .. cfgcmd:: set protocols bfd peer <address> source | ||||
|    [address <address> | interface <interface>] | ||||
| 
 | ||||
|    Bind listener to specifid interface/address, mandatory for IPv6 | ||||
| @ -45,7 +45,7 @@ Configure BFD | ||||
| 
 | ||||
|    Remote transmission interval will be multiplied by this value | ||||
| 
 | ||||
| .. cfgcmd:: set protocols bfd peer <address> interval  | ||||
| .. cfgcmd:: set protocols bfd peer <address> interval | ||||
|    [receive | transmit] <10-60000> | ||||
| 
 | ||||
|    Interval in milliseconds | ||||
| @ -58,11 +58,11 @@ Configure BFD | ||||
| Enable BFD in BGP | ||||
| ----------------- | ||||
| 
 | ||||
| .. cfgcmd:: set protocols bgp <asn> neighbor <address> bfd | ||||
| .. cfgcmd:: set protocols bgp neighbor <neighbor> bfd | ||||
| 
 | ||||
|    Enable BFD on a single BGP neighbor | ||||
| 
 | ||||
| .. cfgcmd:: set protocols bgp <asn> peer-group <group> bfd | ||||
| .. cfgcmd:: set protocols bgp peer-group <neighbor> bfd | ||||
| 
 | ||||
|    Enable BFD on a BGP peer group | ||||
| 
 | ||||
|  | ||||
| @ -897,15 +897,14 @@ between these sub-ASes we use something that looks like EBGP but behaves like | ||||
| IBGP (called confederation BGP). Confederation mechanism is described in | ||||
| :rfc:`5065` | ||||
| 
 | ||||
| .. cfgcmd:: set protocols bgp <subasn> parameters confederation identifier | ||||
| .. cfgcmd:: set protocols bgp parameters confederation identifier | ||||
|    <asn> | ||||
| 
 | ||||
|    This command specifies a BGP confederation identifier. <asn> is the number | ||||
|    of the autonomous system that internally includes multiple sub-autonomous | ||||
|    systems (a confederation). <subasn> is the number sub-autonomous system | ||||
|    inside <asn>. | ||||
|    systems (a confederation). | ||||
| 
 | ||||
| .. cfgcmd:: set protocols bgp <subasn> parameters confederation confederation | ||||
| .. cfgcmd:: set protocols bgp parameters confederation confederation | ||||
|    peers <nsubasn> | ||||
| 
 | ||||
|    This command sets other confederations <nsubasn> as members of autonomous | ||||
| @ -1070,21 +1069,23 @@ A simple eBGP configuration: | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2' | ||||
|   set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535' | ||||
|   set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1' | ||||
|   set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16' | ||||
|   set protocols bgp 65534 parameters router-id '192.168.0.1' | ||||
|   set protocols bgp local-as 65534 | ||||
|   set protocols bgp neighbor 192.168.0.2 ebgp-multihop '2' | ||||
|   set protocols bgp neighbor 192.168.0.2 remote-as '65535' | ||||
|   set protocols bgp neighbor 192.168.0.2 update-source '192.168.0.1' | ||||
|   set protocols bgp address-family ipv4-unicast network '172.16.0.0/16' | ||||
|   set protocols bgp parameters router-id '192.168.0.1' | ||||
| 
 | ||||
| **Node 2:** | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2' | ||||
|   set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534' | ||||
|   set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2' | ||||
|   set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16' | ||||
|   set protocols bgp 65535 parameters router-id '192.168.0.2' | ||||
|   set protocols bgp local-as 65535 | ||||
|   set protocols bgp neighbor 192.168.0.1 ebgp-multihop '2' | ||||
|   set protocols bgp neighbor 192.168.0.1 remote-as '65534' | ||||
|   set protocols bgp neighbor 192.168.0.1 update-source '192.168.0.2' | ||||
|   set protocols bgp address-family ipv4-unicast network '172.17.0.0/16' | ||||
|   set protocols bgp parameters router-id '192.168.0.2' | ||||
| 
 | ||||
| 
 | ||||
| Don't forget, the CIDR declared in the network statement MUST **exist in your | ||||
| @ -1113,23 +1114,25 @@ A simple BGP configuration via IPv6. | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast | ||||
|   set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48' | ||||
|   set protocols bgp 65534 parameters router-id '10.1.1.1' | ||||
|   set protocols bgp local-as 65534 | ||||
|   set protocols bgp neighbor 2001:db8::2 ebgp-multihop '2' | ||||
|   set protocols bgp neighbor 2001:db8::2 remote-as '65535' | ||||
|   set protocols bgp neighbor 2001:db8::2 update-source '2001:db8::1' | ||||
|   set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast | ||||
|   set protocols bgp address-family ipv6-unicast network '2001:db8:1::/48' | ||||
|   set protocols bgp parameters router-id '10.1.1.1' | ||||
| 
 | ||||
| **Node 2:** | ||||
| 
 | ||||
| .. code-block:: none | ||||
| 
 | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast | ||||
|   set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48' | ||||
|   set protocols bgp 65535 parameters router-id '10.1.1.2' | ||||
|   set protocols bgp local-as 65535 | ||||
|   set protocols bgp neighbor 2001:db8::1 ebgp-multihop '2' | ||||
|   set protocols bgp neighbor 2001:db8::1 remote-as '65534' | ||||
|   set protocols bgp neighbor 2001:db8::1 update-source '2001:db8::2' | ||||
|   set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast | ||||
|   set protocols bgp address-family ipv6-unicast network '2001:db8:2::/48' | ||||
|   set protocols bgp parameters router-id '10.1.1.2' | ||||
| 
 | ||||
| Don't forget, the CIDR declared in the network statement **MUST exist in your | ||||
| routing table (dynamic or static), the best way to make sure that is true is | ||||
| @ -1164,6 +1167,7 @@ Route filter can be applied using a route-map: | ||||
|   set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48' | ||||
|   set policy prefix-list6 AS65535-OUT rule 10 action 'deny' | ||||
|   set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48' | ||||
| 
 | ||||
|   set policy route-map AS65535-IN rule 10 action 'permit' | ||||
|   set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN' | ||||
|   set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN' | ||||
| @ -1172,10 +1176,12 @@ Route filter can be applied using a route-map: | ||||
|   set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT' | ||||
|   set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT' | ||||
|   set policy route-map AS65535-OUT rule 20 action 'permit' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT' | ||||
|   set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN' | ||||
| 
 | ||||
|   set protocols bgp local-as 65534 | ||||
|   set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT' | ||||
|   set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN' | ||||
|   set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT' | ||||
|   set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN' | ||||
| 
 | ||||
| **Node2:** | ||||
| 
 | ||||
| @ -1189,6 +1195,7 @@ Route filter can be applied using a route-map: | ||||
|   set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48' | ||||
|   set policy prefix-list6 AS65534-OUT rule 10 action 'deny' | ||||
|   set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48' | ||||
| 
 | ||||
|   set policy route-map AS65534-IN rule 10 action 'permit' | ||||
|   set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN' | ||||
|   set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN' | ||||
| @ -1197,10 +1204,12 @@ Route filter can be applied using a route-map: | ||||
|   set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT' | ||||
|   set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT' | ||||
|   set policy route-map AS65534-OUT rule 20 action 'permit' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT' | ||||
|   set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN' | ||||
| 
 | ||||
|   set protocols bgp local-as 65535 | ||||
|   set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT' | ||||
|   set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN' | ||||
|   set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT' | ||||
|   set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN' | ||||
| 
 | ||||
| We could expand on this and also deny link local and multicast in the rule 20 | ||||
| action deny. | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user