[Top] [Table Of Contents] [Prev] [Next] [Index]
12 out of 25 total pages

BGP Routing 9

This chapter describes the commands you use to configure PortMaster 4, when you are using the Border Gateway Protocol (BGP) as a routing protocol. Lucent implements version 4 of BGP, as defined in RFC 1771, with updates from the draft standard number 5 of January 1997. Also supported are the BGP communities attribute, defined in RFC 1997, BGP autonomous system confederations, defined in RFC 1965, and BGP route reflection, defined in RFC 1966.

See the PortMaster Routing Guide for BGP configuration instructions and examples before attempting to configure BGP.

Note ¯ After making any changes to the BGP configuration, you must use the save all and reset bgp commands to ensure the changes take effect, and are retained after PortMaster reboots. If you are changing only peer-specific policy information, however, you need only reset the affected individual peers with the reset bgp peer Ipaddress command.

Displaying BGP Information

To display BGP information on the console, use the following commands:

show global--see page 2-28
show memory--see page 2-32
show propagation--see page 7-24
show bgp memory
show bgp next-hop
show bgp paths
show bgp peers
show bgp policy
show bgp summarization

Summary of BGP Commands

BGP commands, shown in Table 9-1, allow you to configure the PortMaster for BGP routing.

Table 9-1 BGP Commands
Command Syntax
add bgp peer Ipaddress(sr) Ipaddress(dest) ASN	- see page 9-4
add bgp policy Policyname	- see page 9-5
add bgp summarization Prefix/NM	- see page 9-5
add propagation Protocol(src) Protocol(dest) Metric Filtername	- see page 7-3
delete bgp peer Ipaddress(dest)	- see page 9-6
delete bgp policy Policyname\|all	- see page 9-6
delete bgp summarization Prefix/NM	- see page 9-7
delete propagation Protocol(src) Protocol(dest)	- see page 7-3
reset bgp [peer Ipaddress]	- see page 9-8
reset propagation	- see page 7-5
save bgp	- see page 9-8
set bgp as ASN	- see page 9-9
set bgp cluster-id Ipaddress	- see page 9-9
set bgp cma ASN	- see page 9-10
set bgp connect-retry-interval Seconds	- see page 9-10
set bgp enable\|disable	- see page 9-11
set bgp hold-time Seconds	- see page 9-11
set bgp id Ipaddress	- see page 9-12
set bgp igp-lockstep on\|off	- see page 9-12
set bgp keepalive-timer Seconds	- see page 9-13
set bgp peer Ipaddress(src) Ipaddress(dest) ASN [assume-default [Number]] [confederation-member] [route-reflector-client] [normal] [always-next-hop] {easy-multihome\|[accept-policy Policyname\|all] [inject-policy Policyname\|all] [advertise-policy Policyname\|all]}	- see page 9-13
set bgp policy Policyname [before] RuleNumber permit\|deny\|include Policyname [if [prefix [exactly] Prefix/NM] [prefix-longer-than NM] [as-path String\|empty] [community Tag]] [then [input-multi-exit-disc Number\|strip] [ degree-of-preference Number] [local-pref Number] [output-multi-exit-disc Number\|strip] [next-hop Ipaddress] [community add\|replace\|strip Tag] [ignore-community-restrictions]]	- see page 9-17, page 9-21, page 9-24
set bgp policy Policyname blank	- see page 9-28
set bgp summarization Prefix/NM [as ASN] [cms ASN] [multi-exit-disc Number] [local-pref Number] [community Tag] [all]	- see page 9-29
set debug bgp on\|off	- see page 14-2
show bgp memory	- see page 9-31
show bgp next-hop	- see page 9-32
show bgp paths [Prefix/NM [verbose]]	- see page 9-33
show bgp peers [verbose\|packets]	- see page 9-36
show bgp policy [Policyname]	- see page 9-40
show bgp summarization	- see page 9-41
show routes [String\|Prefix/NM]	- see page 9-42

BGP Commands

These commands are used for configuring the BGP routing protocol on the PortMaster 4.

Note ¯ BGP is a complex protocol to configure. Consult the instructions and examples in the PortMaster Routing Guide before configuring BGP on a PortMaster 4.

add bgp peer

This command creates entries on the PortMaster for BGP peers.

add bgp peer Ipaddress(src) Ipaddress(dest) ASN


Ipaddress(src)	Local address of the PortMaster put in outgoing packets, specified in dotted decimal notation.
Ipaddress(dest)	Destination address of the peer, specified in dotted decimal notation.

Usage

Adding or Changing Peer Parameters. The set bgp peer command permits you to specify the parameters for an existing BGP peer without deleting that peer. However, the command assumes a "clean slate" for all parameters, and requires that you reenter them completely. For example, supposing you want to change your configuration of a peer 192.168.1.5 configured with the following command:

add bgp peer 192.168.1.1 192.168.1.5 105 route-reflector-client
always-next-hop accept all inject all

If you now want to add advertise all as a policy statement to the command, you must specify all the original parameters together with the new parameter in the set bgp peer command, as follows:

set bgp peer 192.168.1.1 192.168.1.5 105 route-reflector-client
always-next-hop accept all inject all advertise all

add bgp policy

This command creates a BGP policy for route acceptance, injection, or advertisement.

add bgp policy Policyname


Policyname	Name of the policy to be created or deleted--a string of up to 16 nonspace characters.

Usage

Use the delete bgp policy command to delete a BGP policy. Define BGP policies with the set bgp policy commands.

Example

Command> add bgp policy admit
New BGP policy admit successfully added

add bgp summarization

This command creates a BGP summarization entry.

add bgp summarization Prefix/NM


Prefix	Address prefix that you want to advertise to the BGP peers in dotted decimal notation.
/NM	Netmask that indicates the number of high-order bits in the address prefix. This is a number from 1 to 32, preceded by a slash (/)--for example, /24.

delete bgp peer

This command deletes existing BGP peer entries on the PortMaster.

delete bgp peer Ipaddress(dest)


Ipaddress(src)	Local address of the PortMaster put in outgoing packets, specified in dotted decimal notation.
Ipaddress(dest)	Destination address of the peer, specified in dotted decimal notation.

Usage

When a peer deletion is in process, the message and countdown timer "Deletion in Progress. Countdown 216" are displayed in the Accept, Inject, and Advertise columns of the show bgp peers command. Deletion is complete when the countdown drops to zero.

Example

Command> delete bgp peer 172.16.0.0
BGP peer to 172.16.0.0 successfully deleted

delete bgp policy

This command deletes a BGP policy.

Caution ¯ Be careful when deleting BGP policy statements. Make sure that they are no longer needed for BGP route selection.

delete bgp policy Policyname|all


Policyname	Name of the policy to be created or deleted--a string of up to 16 nonspace characters.
all	Predefined policy that you can use to permit all routes to be accepted, injected, or advertised.

Usage

Use the add bgp policy command to create a BGP policy. Define BGP policies with the set bgp policy commands.

Example

Command> delete bgp policy admit
BGP policy admit successfully deleted

delete bgp summarization

This command deletes a BGP summarization entry.

delete bgp summarization Prefix/NM


delete	Deletes an existing BGP summarization entry.
Prefix	Address prefix that you want to advertise to the BGP peers. Specified in dotted decimal notation.
/NM	Netmask that indicates the number of high-order bits in the address prefix. This is a number from 1 to 32, preceded by a slash (/)--for example, /24.

Example

command> delete bgp summarization 172.16.0.0/16
BGP summarization to 172.16.0.0/16 successfully deleted

reset bgp

This command recreates startup conditions for BGP.

reset bgp [peer Ipaddress]


peer	Resets only the session with the specified peer.
Ipaddress	IP address of the peer to be reset, specified in dotted decimal notation.

Usage

When used with no parameters, this command causes the PortMaster to lose all currently known BGP information except for configuration information. The PortMaster then rereads configuration information for BGP and re-establishes sessions with peers. This process is not instantaneous, but takes some time to finish.

After you use this command, BGP is in a transient state, during which the show commands are inoperative.

Using the command set console before entering this command allows you to see the message "BGP Reset Complete" on the console when the reset process is complete. Otherwise, the command provides no response.

When you use the command with the optional peer Ipaddress, only the configuration session with the specified peer is reset.

Example

Command> reset bgp

save bgp

This command writes any changes in the BGP tables to the nonvolatile memory of the PortMaster.

save bgp

Note ¯ To save all configuration information, including BGP and global parameters such as the local system and local BGP router ID, use the save all command instead.

Example

Command> save bgp
New configurations successfully saved.

set bgp as

This command sets the number of the autonomous system that the PortMaster is a member of.

set bgp as ASN


ASN	Unique number that identifies the autonomous system--a 16-bit number ranging from 1 to 65535.

Usage

Autonomous system identifiers are supplied by the Internet Network Information Center (InterNIC). If autonomous system confederations are in use, this number identifies your BGP confederation's autonomous system to BGP peers outside the confederation.

Example

Command> set bgp as 106
BGP AS number changed from 0 to 106

set bgp cluster-id

This command identifies the PortMaster as a BGP route reflector in a cluster.

set bgp cluster-id Ipaddress


Ipaddress	IP address in dotted decimal notation. It can be any IP address, but is typically the BGP ID of one of the route reflectors. Setting the cluster ID to 0.0.0.0 removes it, and disables the ability of this PortMaster to be a route reflector. Route reflection is disabled by default.

Usage

An autonomous system can be divided into many clusters. Each cluster contains one or more internal peers configured as route reflectors, with the remaining peers in the cluster called route reflector clients. Peers configured as route reflectors in an autonomous system are fully meshed with each other, but the clients are configured as peers only with route reflectors in their cluster.

The same cluster ID must be set on each route reflector in a cluster, but cluster IDs are not set on the reflector clients.

Advantages of Clustering. The use of clusters reduces the traffic and CPU overhead compared with a fully meshed system. When compared to confederations, route reflector clusters are simpler to configure, but do not allow the degree of policy control that is possible across confederation boundaries. The primary advantage of route reflector clusters is that they allow the PortMaster to interoperate with BGP peers that are third-party routers without the ability to be configured into confederations.

For information about the effects of route reflection on BGP policies, see page 9-16.

Example

Command> set bgp cluster-id 1.2.3.4
BGP Cluster ID changed from 0.0.0.0 to 1.2.3.4

set bgp cma

This command sets the number of the BGP confederation member autonomous system (CMAS) that the PortMaster is in.

set bgp cma ASN


ASN	The CMAS identifier--a 16-bit number ranging from 0 to 65535. A value of 0 disables the CMAS configuration. Confederations are disabled by default.

Usage

You can divide an autonomous system into multiple autonomous systems and group them into a single confederation. To external autonomous systems, the confederation appears as a single autonomous system. When confederations are in use, the PortMaster advertises this autonomous system identifier to BGP peers that are marked as confederation members in its configuration.

Choosing a value of zero disables use of confederations on this PortMaster. Confederations are disabled by default.

Example

Command> set bgp cma 120
BGP Confederation member AS number changed from 0 to 120

set bgp connect-retry-interval

This command sets the BGP connection retry interval for the PortMaster.

set bgp connect-retry-interval Seconds


Seconds	Connection retry interval in seconds. The valid range is from 30 to 1000 seconds. The default is 120 seconds.

Usage

This command sets the interval at which the PortMaster attempts to open sessions to peers that are not fully established.

Example

Command> set bgp connect-retry-interval 180
BGP connect retry interval changed from 120 to 180

set bgp enable|disable

This command enables or disables the use of BGP on the PortMaster.

Note ¯ You must issue the save all and reboot commands immediately after issuing the set bgp enable command, before you can continue with any other BGP configuration.

set bgp enable|disable


enable	Loads the BGP software upon the next PortMaster reboot.
disable	Disables the use of BGP upon the next reboot of the PortMaster, and frees the system memory used by BGP. This is the default.

Usage

You must enable BGP and reboot the PortMaster before configuring or using BGP.
The save all and reboot commands must be issued after you use this command with either the enable or disable options.

set bgp hold-time

This command sets the BGP hold time interval for the PortMaster.

set bgp hold-time Seconds


Seconds	Hold time interval in seconds. The valid range is from 30 to 1000 seconds. The default is 90 seconds.

Usage

This command sets the interval that the PortMaster waits between keepalive, update, or notification messages from a peer, before identifying the peer as no longer operational and dropping all information learned from that peer.

Example

Command> set bgp hold-time 120
BGP hold time changed from 90 to 120

set bgp id

This command identifies the PortMaster as a BGP router.

set bgp id Ipaddress


Ipaddress	PortMaster IP address, specified in dotted decimal notation.

Usage

The BGP identifier must be an IP address on the PortMaster. A setting of 0.0.0.0 removes the BGP ID.

Example

Command> set bgp id 192.168.0.1
BGP ID changed from 0.0.0.0 to 192.168.0.1

set bgp igp-lockstep

This command enables or disables a feature that forces the PortMaster to match a route learned from internal BGP peers with a route learned from OSPF, RIP, static routing, or RADIUS before advertising the route to external peers.

set bgp igp-lockstep on|off


on	Enables the matching feature.
off	Disables the matching feature.

Usage

Normally, when the PortMaster learns a route from internal peers, it forwards the information to any external peers as soon as possible. Enabling the lockstep feature forces the PortMaster to wait until it finds a suitable Interior Gateway Protocol (IGP) route--an OSPF, RIP, or static route, or a static route via RADIUS--that supports the route before advertising it. An IGP route supports a BGP route if it has the same IP address and prefix as the BGP route.

Note ¯ Exact matches only are allowed because simple default routes to support BGP routes can lead to network instability or lost packets.

Example

Command> set bgp igp-lockstep on
bgp igp-lockstep changed from off to on

set bgp keepalive-timer

This command sets the BGP keepalive timer interval.

set bgp keepalive-timer Seconds


Seconds	Keepalive timer interval in seconds. The valid range is from 30 to 1000 seconds. The default is 30 seconds.

Usage

This command sets the interval at which the PortMaster sends keepalive messages to its peers, to let them know it is still reachable.

Example

Command> set bgp keepalive-timer 45
BGP keepalive timer changed from 30 to 45

set bgp peer

This command modifies entries on the PortMaster for BGP peers, and provide options that control how policies are implemented for route selection.

set bgp peer Ipaddress(src) Ipaddress(dest) ASN
[assume-default [Number] ] [confederation-member]
[route-reflector-client] [normal] [always-next-hop]
{easy-multihome|[accept-policy Policyname|all]
[inject-policy Policyname|all] [advertise-policy Policyname|all]}


Ipaddress(src)	Local address of the PortMaster put in outgoing packets, specified in dotted decimal notation.
Ipaddress(dest)	Destination address of the peer, specified in dotted decimal notation.
ASN	Autonomous system number of the peer. If this autonomous system is the same as that of the PortMaster, the peer is an internal peer; if it is different, the peer is an external peer. The autonomous system number is a 16-bit number ranging from 1 to 65535.
assume-default	Indicates that a default route to this external peer is created if the peer is up. You must assign a hop-count value to the default routes of different peers to specify a preferred peer.
Number	Hop count to advertise this default route. When multiple peers are configured with assume-default , the one with the lowest hop count is the preferred router for default-route forwarding. Number is a value from 1 to 15.
confederation-member	When specified, identifies a peer that is a member of the same confederation as the PortMaster. By default this keyword is not specified.
route-reflector-client	When specified, identifies a peer as a route reflector client that the PortMaster forwards internal routes to. For the peer to be enabled as a route-reflector client, you must have configured the PortMaster with a cluster ID using the set bgp cluster-id command.
normal	When specified, identifies a peer that is neither a confederation member nor a route-reflector client. By default normal is specified.
always-next-hop	When specified, identifies the PortMaster as the next hop in any update packet sent to it from the peer, even if the PortMaster determines that it is not always the best next hop choice for this peer. This option is useful when you know that this peer has connectivity to the PortMaster, but possibly not to the same devices that you would choose as a next hop--for example, in a partially meshed Frame Relay network. By default always-next-hop is disabled.
Note ¯ Standard BGP speaker behavior is to forward next hop information to internal peers without modification. The always-next-hop parameter enables this behavior to be changed. Therefore, when using the always-next-hop parameter, you must take care to ensure that inconsistent routing information is not propagated from multiple external peers to the autonomous system.
easy-multihome	Enables an alternative method to policies for handling multihome paths from the PortMaster. The easy-multihome keyword restricts the BGP routing table to accept only paths through the remote autonomous system, and optionally through one additional autonomous system. Otherwise, the PortMaster uses the assume-default keyword to determine how to route packets.
accept-policy	Enables a BGP policy Policyname whose criteria must be met for the PortMaster to accept any IP prefix from this peer as a viable BGP route. If a then degree-of-preference parameter is specified in the policy (see set bgp policy (acceptance) on page 9-17), it is used in place of any information learned from the path for path preference calculation purposes only. Advertisement filters indicate what the other peers are told. If not specified, and easy-multihome is not enabled for this peer, then nothing is accepted from this peer.
all	Predefined policy that you can use to permit all routes to be accepted, injected, or advertised.
Policyname	Name of a BGP policy statement defined by the set bgp policy command.
inject-policy	Enables a BGP policy Policyname whose criteria must be met for the PortMaster to place any IP address prefix received from this peer in the routing table. No then parameters are used in this policy. If not specified, and easy-multihome is not enabled for this peer, then nothing is injected from this peer into the routing table.
advertise-policy	Enables a BGP policy Policyname whose criteria must be met for the PortMaster to advertise any IP address prefix to this peer. The advertisement you set with the set bgp policy command indicates the metrics and any community information to advertise with the prefix. If not specified, and easy-multihome is not enabled for this peer, then nothing is advertised to this peer.

Usage

If no policy is defined, then the default behavior is not to accept, advertise, or inject any BGP routes. Therefore, when you define a peer you must do one of the following:

Define explicit policies with the set bgp policy command to learn, use, or advertise routes.
Use the predefined policy all to permit all routes to be accepted, used or advertised.
Use the easy-multihome option.

add bgp peer 192.168.1.1 192.168.1.5 105 route-reflector-client
always-next-hop accept all inject all

set bgp peer 192.168.1.1 192.168.1.5 105 route-reflector-client
always-next-hop accept all inject all advertise all

Requirement for Internal Peers to Be Fully Meshed. Unless route reflection is used, BGP requires that all BGP peers within an autonomous system or within a confederation member autonomous system (CMAS) be linked to each other. In this way, when one BGP peer learns an external route--path attributes and destination--it forwards this information to all its internal peers. Because they are fully meshed, each peer has the same information as its internal peers in the autonomous system and does not need to forward it again to them. If route reflector clusters are used, only the route reflectors--but not the route reflection clients--need to be fully meshed.

Length of Time Information Is Held Before Forwarding. When information is first learned from a peer, that information is held for at least 30 seconds before being forwarded to other peers as trustworthy and stable.

Peer Deletion. When a peer deletion is in process, the message and countdown timer "Deletion in Progress. Countdown 216" are displayed in the Accept, Inject, and Advertise columns of the show bgp peers command. Deletion is complete when the countdown drops to zero.

Effects of Route Reflection on BGP Policies. When a route reflector reflects an internal route that it learned from other internal peers either from or to a reflector client, the BGP policies for the cluster changes as follows:

For advertisement policies, the route reflector ignores then portions and forwards every permitted route as learned. As a result, no modifications are made to the community, next hop, multiexit discriminator, or local preference values.
For acceptance policies, any multiexit discriminator is advertised as it was originally received and is not modified upon acceptance.

This modified behavior applies only to reflected internal routes learned from other internal peers, and not to routes originating from the route reflector itself. The route reflector can generate routes from locally configured summarizations, or from routing information learned via external peers attached to the route reflector.

You can use policy statements to permit or deny certain routes from being reflected.

Example

Command> set bgp peer 192.168.0.0 172.16.0.0 21 easy-multihome
New BGP peer successfully added

set bgp policy (acceptance)

This command creates a policy rule for admitting an IP prefix learned from a peer into a BGP database on the PortMaster for further consideration as a route.

Caution ¯ The creation of long, complex lists of policy rules can adversely affect PortMaster CPU performance.

set bgp policy Policyname [before] RuleNumber
permit|deny|include Policyname
[if
[prefix [exactly] Prefix/NM]
[prefix-longer-than NM]
[as-path String|empty]
[community Tag]]
[then
[input-multi-exit-disc Number|strip]
[degree-of-preference Number]]


Policyname	Name of an acceptance policy already created.
before	Optionally inserts this BGP rule before an existing rule in the policy.
RuleNumber	Number of a rule in the policy. · Use the RuleNumber of an existing rule to replace that rule. · Add this rule to the end of the list of rules by using a RuleNumber value that is 1 greater than the current largest rule number. · A maximum of 160 rules is permitted in a policy. If more rules are needed, they can be added with the include Policyname option.
permit	Allows the IP prefix into the BGP database if the criteria in the rule are met.
deny	Prohibits the IP prefix from the BGP database if the criteria in the rule are met.
include Policyname	Inserts an existing policy Policyname into the current policy. Included policies can themselves include other policies, up to a maximum level of 10 nested included policies.
if	Compares the prospective IP prefix against corresponding elements specified after if in this rule. Specifying no if elements causes all prefixes to match the current rule. · If all elements of the IP prefix match these if criteria, this rule is applied to the prefix and the prefix is either permitted or denied. · If the elements do not match, the list of policy rules is further scanned for a matching rule. · If no matches are found, the IP prefix is denied from the BGP database.
prefix Prefix/NM	IP prefix Prefix and netmask NM to compare the prospective IP prefix against. The netmask indicates the number of high-order bits in the IP prefix. · Specify Prefix in dotted decimal notation. · Specify NM as number from 1 to 32, preceded by a slash (/)--for example, /24. By default, any prefix that matches the netmask in the rule prefix in the leftmost--most significant--bits, matches the rule prefix.
exactly	Requires the entire prospective IP prefix and netmask to exactly match the IP prefix and netmask specified in the rule.
prefix-longer-than NM	When used with the deny keyword, prohibits from the BGP database any prospective IP address with a prefix containing more high-order bits than are specified by the netmask NM.
as-path String	Autonomous system path String to compare the prospective IP prefix against. String is a list of autonomous system numbers, separated by periods (.)--for example, AS1.AS2.AS3. or AS2.AS1.
	When String is compared to an autonomous system path sequence , the order of the sequence must match the order of String. When String is compared to an autonomous system path set , the set is put in ascending numerical order, and then matched against String. Multiple sequences or sets in a single autonomous system path are concatenated before being compared to String. The following special characters have the following meaning in the expression: · An asterisk (*) matches one or more entries in the autonomous system sequence. · A question mark (?) matches any single item in the autonomous system sequence.
empty	Value for String that matches only paths containing no autonomous system path information. Use as-path empty only to permit or deny routes originating from an internal or confederation member peer within the autonomous system of the PortMaster.
community	Identifier Tag that categorizes a group of destinations to compare the prospective IP prefix against. See RFC 1997 for more information on a BGP community.
Tag	32-bit number that indicates a destination category in one of the following forms: · One 32-bit value identifying the autonomous system of the destination · Two 16-bit values: one containing the autonomous system number of the destination, and the other containing additional information about the autonomous system. If only the first 16-bit word is considered significant in matching the community Tag, replace the second 16-bit value with the keyword any .
	· One of the following reserved community keywords that restrict route advertisement for peers receiving the route information:
	no-export	Destinations only within a confederation. Advertise the route only to BGP peers within your confederation or autonomous system.
	no-advertise	No destinations. Do not advertise this route.
	no-export-subconfed	Internal destinations only. Advertise this route only to internal BGP peers.
	The restrictions imposed by these reserved community keywords do not apply to the PortMaster originating this information.
then	Assigns the following metric or metrics to any IP prefix selected for acceptance by the rule.
input-multi-exit-disc Number\|strip	Assigns an arbitrary Number for the learned multiexit discriminator, overriding any that is learned from the peer. Number is a 32-bit integer. The strip keyword causes any multiexit discriminator information learned from a peer to be ignored. input-multi-exit-disc can be abbreviated as imed in this command. Lower numbers indicate an increased preference for a specific route. Use this metric to discriminate among multiple exit or entry points between the same pair of neighboring autonomous systems.
degree-of-preference Number	Assigns a degree-of-preference Number to a route. Number is a 32-bit integer. degree-of-preference can be abbreviated as dop in this command Higher numbers indicate an increased preference for a specific route when more than one route exists. Use this metric to screen a particular autonomous system from your map of routes, for example. If you do not assign a degree of preference to the IP prefix, one of the following values is assigned by default: · If the route comes from an internal peer, the learned local preference number is assigned. · If the route comes from an external peer, Number is based on the autonomous system path length, with a shorter path being preferred.

Usage

A BGP policy is a list of rules that restrict the BGP routes your PortMaster accepts from its peers, uses, and advertises to its peers. You can use the easy-multihome alternative to policies--or accept-policy all to accept all routes--when you add each BGP peer to your peer group, or you can define your own policies.

A PortMaster uses an acceptance policy to determine whether to admit an IP prefix received in a update from a BGP peer into its BGP database for further consideration as a route. If the PortMaster accepts the IP prefix, it uses an injection policy to determine whether to use the route to forward packets, and an advertisement policy to determine whether to advertise the route to its BGP peers.

You can create any number of acceptance, injection and advertisement policies.

Performing Three Functions in One Policy. You can create separate policies for each function, or create one policy to perform all three functions.

Permitting or Denying All Prefixes. If you define a rule that contains no if or then clauses, the rule universally permits or denies all prefixes, with no modification.

Applying and Saving a Rule. After adding or changing a rule in a BGP policy, use one of the following commands to apply and save the modified policy:

Use reset bgp peer Ipaddress(dest) to reset only those peers that use a policy.
Use reset bgp to reset all peers.

Removing a Rule. Specifying only the rule number RuleNumber in the command, as in set bgp policy policyname 1 , removes that rule from the BGP policy.

Creating a Common Policy. You can create a common BGP policy for inclusion in other BGP policies. For example:

1. Create and define a common BGP policy as follows:

add bgp policy permit1011

set bgp policy permit1011 1 permit if prefix 10.0.0.0/8

set bgp policy permit1011 2 permit if prefix 11.0.0.0/8

2. Include this policy by reference in another policy as follows:

set bgp policy otherone 5 include permit1011

This command inserts the statements of the permit1011 policy at line 5 of the otherone policy.

Policy inclusions can be nested to a maximum depth of 10 levels. Any inclusions beyond the 10th level are ignored.

Reducing the Number of Advertised Routes. Some BGP routes received by your PortMaster might not be summarized. Unsummarized routes can include IP prefixes containing as many as 32 high-order bits--many specific addresses rather than fewer route summaries. If your BGP policy rules accept such routes into your BGP database, you can propagate extremely large numbers of routes to your BGP peers and possibly overwhelm them. To avoid this problem, use the prefix-longer-than keyword in a BGP acceptance policy to deny IP prefixes with a netmask longer than a particular NM value. Specifying prefix-longer-than 16, for example, would be highly effective for this purpose.

For more information about the effects of route reflection on BGP policies, see page 9-16.

Example

Command> set bgp policy acdeg10 1 permit then degree-of-preference 10
Added rule 1 in policy acdeg10
BGP policy acdeg10 updated

set bgp policy (injection)

This command creates a policy rule for injecting IP prefixes into the routing table--displayed by the show route command--that the PortMaster uses to forward packets it receives to their ultimate destination.

Caution ¯ The creation of long, complex lists of policy rules can adversely affect PortMaster CPU performance.

set bgp policy Policyname [before] RuleNumber
permit|deny|include Policyname
[if
[prefix [exactly] Prefix/NM]
[as-path String|empty]
[community Tag]]


Policyname	Name of an injection policy already created.
before	Optionally inserts this BGP rule before an existing rule in the policy.
RuleNumber	Number of a rule in the policy. Use the RuleNumber of an existing rule to replace that rule. Add this rule to the end of the list of rules by using a RuleNumber value that is 1 greater than the current largest rule number.
permit	Allows the IP prefix into the PortMaster routing table if the criteria in the rule are met.
deny	Prohibits the IP prefix from the PortMaster routing table if the criteria in the rule are met.
include Policyname	Inserts an existing policy Policyname into the current policy. Included policies can themselves include other policies, up to a maximum level of 10 nested included policies.
if	Compares the prospective IP prefix against corresponding elements specified after if in this rule. Specifying no if elements causes all prefixes to match the current rule. · If all elements of the IP prefix match these if criteria, this rule is applied to the prefix and the prefix is either added or not added to the PortMaster routing table. · If the elements do not match, the list of policy rules is further scanned for a matching rule. · If no matches are found, the IP prefix is prohibited from the routing table.
prefix Prefix/NM	IP prefix Prefix and netmask NM to compare the prospective IP prefix against. The netmask indicates the number of high-order bits in the IP prefix. · Specify Prefix in dotted decimal notation. · Specify NM as number from 1 to 32, preceded by a slash (/)--for example, /24. By default, any prefix that matches the netmask in the rule prefix in the leftmost--most significant--bits, matches the rule prefix.
exactly	Requires the entire prospective IP prefix and netmask to exactly match the IP prefix and netmask specified in the rule.
as-path String	Autonomous system path String to compare the prospective IP prefix against. String is a list of autonomous system numbers, separated by periods (.)--for example, AS1.AS2.AS3. or AS2.AS1. When String is compared to an autonomous system path sequence , the order of the sequence must match the order of String.
	When String is compared to an autonomous system path set , the set is put in ascending numerical order, and then matched against String. Multiple sequences or sets in a single autonomous system path are concatenated before being compared to String. The following special characters have the following meaning in the expression: · An asterisk (*) matches one or more entries in the autonomous system sequence. · A question mark (?) matches any single item in the autonomous system sequence.
empty	Value for String that matches only paths containing no autonomous system path information. Use as-path empty only to permit or deny routes originating from an internal or confederation member peer within the autonomous system of the PortMaster.
community	Identifier Tag that categorizes a group of destinations to compare the prospective IP prefix against. See RFC 1997 for more information on a BGP community.
Tag	32-bit number that indicates a destination category in one of the following forms: · One 32-bit value identifying the autonomous system of the destination · Two 16-bit values: one containing the autonomous system number of the destination, and the other containing additional information about the autonomous system. If only the first 16-bit word is considered significant in matching the community Tag, replace the second 16-bit value with the keyword any . · One of the following reserved community keywords that restrict route advertisement for peers receiving the route information:
	no-export	Destinations only within a confederation. Advertise the route only to BGP peers within your confederation or autonomous system.
	no-advertise	No destinations. Do not advertise this route.
	no-export-subconfed	Internal destinations only. Advertise this route only to internal BGP peers.
	The restrictions imposed by these reserved community keywords do not apply to the PortMaster originating this information.

Usage

A BGP policy is a list of rules that restrict the BGP routes your PortMaster accepts from its peers, uses, and advertises to its peers. You can use the easy-multihome alternative to policies--or inject-policy all to use all routes--when you add each BGP peer to your peer group, or you can define your own policies.

A PortMaster uses an injection policy to determine whether to add an IP prefix to its routing table, as shown in the output of the show route command. The PortMaster has already accepted this IP prefix for consideration as a BGP route via an acceptance policy . If the PortMaster injects the route, it will use the route to forward packets. The PortMaster also subjects the IP prefix to an advertisement policy to determine whether to share the route with its BGP peers.

An injection policy allows the PortMaster to receive and forward BGP routing information, but to forward packets based on simpler criteria. For example, you might want to forward packets only on routes received from OSPF or on a configured default route.

For more information about creating injection policies, see page 9-20.

Example

Command> add bgp policy inj.one 1 permit if prefix 172.16.0.0/16 community 108 108
Added rule 1 in policy inj.one
BGP policy inj.one updated

set bgp policy (advertisement)

This command creates a policy rule for advertising an IP prefix that the PortMaster learned from another peer to a BGP internal or external peer.

Caution ¯ The creation of long, complex lists of policy rules can adversely affect PortMaster CPU performance.

set bgp policy Policyname [before] RuleNumber
permit|deny|include Policyname
[if
[prefix [exactly] Prefix/NM]
[as-path String|empty]
[community Tag]]
[then
[local-pref Number]
[output-multi-exit-disc Number|strip]
[next-hop Ipaddress]
[community add|replace|strip Tag]
[ignore-community-restrictions]]


Policyname	Name of an advertisement policy already created.
before	Optionally inserts this BGP rule before an existing rule in the policy.
RuleNumber	Number of a rule in the policy. · Use the RuleNumber of an existing rule to replace that rule. · Add this rule to the end of the list of rules by using a RuleNumber value that is 1 greater than the current largest rule number.
permit	Allows the IP prefix to be advertised if the criteria in the rule are met.
deny	Prohibits the IP prefix from being advertised if the criteria in the rule are met.
include Policyname	Inserts an existing policy Policyname into the current policy. Included policies can themselves include other policies, up to a maximum level of 10 nested included policies.
if	Compares the prospective IP prefix against corresponding elements specified after if in this rule. Specifying no if elements causes all prefixes to match the current rule. · If all elements of the IP prefix match these if criteria, this rule is applied to the prefix and the prefix is either advertised or not advertised. · If the elements do not match, the list of policy rules is further scanned for a matching rule. · If no matches are found, the IP prefix is not advertised.
prefix Prefix/NM	IP prefix Prefix and netmask NM to compare the prospective IP prefix against. The netmask indicates the number of high-order bits in the IP prefix. · Specify Prefix in dotted decimal notation. · Specify NM as number from 1 to 32, preceded by a slash (/)--for example, /24. By default, any prefix that matches the netmask in the rule prefix in the leftmost--most significant--bits, matches the rule prefix.
exactly	Requires the entire prospective IP prefix and netmask to exactly match the IP prefix and netmask specified in the rule.
as-path String	Autonomous system path String to compare the prospective IP prefix against. String is a list of autonomous system numbers, separated by periods (.)--for example, AS1.AS2.AS3. or AS2.AS1. When String is compared to an autonomous system path sequence , the order of the sequence must match the order of String. When String is compared to an autonomous system path set , the set is put in ascending numerical order, and then matched against String. Multiple sequences or sets in a single autonomous system path are concatenated before being compared to String.
	The following special characters have the following meaning in the expression: · An asterisk (*) matches one or more entries in the autonomous system sequence. · A question mark (?) matches any single item in the autonomous system sequence.
empty	Value for String that matches only paths containing no autonomous system path information. Use as-path empty only to permit or deny routes originating from an internal or confederation member peer within the autonomous system of the PortMaster.
community	Identifier Tag that categorizes a group of destinations to compare the prospective IP prefix against. See RFC 1997 for more information on a BGP community.
Tag	32-bit number that indicates a destination category in one of the following forms: · One 32-bit value identifying the autonomous system of the destination · Two 16-bit values: one containing the autonomous system number of the destination, and the other containing additional information about the autonomous system. If only the first 16-bit word is considered significant in matching the community Tag, replace the second 16-bit value with the keyword any . · One of the following reserved community keywords that restrict route advertisement for peers receiving the route information:
	no-export	Destinations only within a confederation. Advertise the route only to BGP peers within your confederation or autonomous system.
	no-advertise	No destinations. Do not advertise this route.
	no-export-subconfed	Internal destinations only. Advertise this route only to internal BGP peers.
	The restrictions imposed by these reserved community keywords do not apply to the PortMaster originating this information.
then	Assigns the following metric or set of metrics to any IP prefix selected for advertisement before advertising it.
local-pref Number	Assigns an arbitrary rating Number to an external route for advertisement to internal or confederation-member peers only. Number is a 32-bit integer. local-pref can be abbreviated as lp in this command. Higher numbers indicate an increased preference for a specific route when more than one route exists. Use this metric to screen a particular autonomous system from your map of routes, for example.
	If you do not assign a local preference rating to the IP prefix, one of the following values is assigned by default: · If the route comes from an internal peer, the learned local preference number is assigned. · If the route comes from an external peer, Number is based on the autonomous system path length, with a shorter path being preferred.
output-multi-exit-disc Number\|strip	Assigns an arbitrary rating Number for the multiexit discriminator to an external route for advertisement to external or confederation member peers only. Number is a 32-bit integer. A multiexit discriminator configured in a policy takes precedence over one configured in a route summarization. output-multi-exit-disc can be abbreviated as omed in this command. Lower numbers indicate an increased preference for a specific route. Use this metric to discriminate among multiple exit or entry points between the same pair of neighboring autonomous systems. If you do not assign a multiexit discriminator, no value is sent unless the PortMaster is advertising one of its own summarizations that specifies a multiexit discriminator. In this case, the value specified in the add bgp summarization command is used if none is present in the policy.
	To avoid advertising any multiexit discriminator, use the strip keyword.
next-hop Ipaddress	Assigns the IP address to advertise as the next hop. If you do not assign a value, a value is computed automatically for the best possible next hop to reach this route. However, if this peer is configured with the set peer always-next-hop on option, this router's local IP address is always used as the next hop.
add	Adds the community categories identified in Tag to the IP prefix to be advertised.
replace	Replaces the community categories identified in the community Tag of the IP prefix to be advertised with new Tag values.
strip	Removes existing community categories from the IP prefix to be advertised.
ignore-community-restrictions	Instructs the PortMaster to ignore the restrictive keywords no-advertise , no-export , and no-export-subconfed when advertising this route to a peer. Use this keyword in the rule to override these restrictions received from other peers.

Usage

A BGP policy is a list of rules that restrict the BGP routes your PortMaster accepts from its peers, uses, and advertises to its peers. You can use the easy-multihome alternative to policies--or advertise-policy all to advertise all routes--when you add each BGP peer to your peer group, or you can define your own policies.

A PortMaster uses an advertisement policy to determine whether to share an IP prefix as a route with its internal and external BGP peers. The PortMaster has already accepted this IP prefix for consideration as a BGP route via an acceptance policy . The PortMaster also subjects the IP prefix to an injection policy to determine whether to add an IP prefix to its routing table, as shown in the output of the show route command. For more information about creating injection policies, see page 9-20.

Examples

Command> set bgp policy adver.one 1 permit if prefix 172.16.0.0/16
then community add 108 108
Added rule 1 in policy adver.one
BGP policy adver.one updated

Command> set bgp policy adver.one 2 permit then local-pref 5 community
add 108 108
Added rule 2 in policy adver.one
BGP policy adver.one updated

set bgp policy blank

This command deletes all policy rules from a BGP policy list.

set bgp policy Policyname blank


Policyname	Name of the policy to be created or deleted--a string of up to 16 nonspace ASCII characters.

Usage

Use the set bgp policy blank command to remove all the policy rules from a BGP policy list.

Example

Command> set bgp policy admit blank
Removed all rules from BGP policy admit

set bgp summarization

This command modifies a BGP summarization entry that indicates how Interior Gateway Protocol (IGP) routing information from OSPF, RIP, or static routing is forwarded into BGP for advertisement to other BGP peers.

set bgp summarization Prefix/NM
[as ASN] [cma ASN] [multi-exit-disc Number]
[local-pref Number] [community Tag]


set	Modifies an existing BGP summarization entry. All settings need to be respecified.
delete	Deletes an existing BGP summarization entry.
Prefix	Address prefix that you want to advertise to the BGP peers in dotted decimal notation.
/NM	Netmask that indicates the number of high-order bits in the address prefix. This is a number from 1 to 32, preceded by a slash (/)--for example, /24.
as	Autonomous system that receives this summarization. Include your local autonomous system number in this list to enable the summarization to go to local internal peers. You can list up to 14 autonomous systems.
ASN	Autonomous system number.
cma	Your confederation member autonomous system (CMAS) that receives this summarization. Include your CMAS number in this list to enable the summarization to go to internal peers in your CMAS.
multi-exit-disc Number	Assigns an arbitrary rating Number to an external route for advertisement to external or confederation-member peers only. Number is a 32-bit integer. multi-exit-disc can be abbreviated as med in this command. Lower numbers indicate an increased preference for a specific route. Use this metric to discriminate among multiple exit or entry points between the same pair of neighboring autonomous systems. If you do not assign a multiexit discriminator, the value 1 is assigned by default. A multiexit discriminator configured in a policy takes precedence over one configured in this route summarization.
	To explicitly prevent advertisement of a multiexit discriminator for IP prefixes matching this rule, set this keyword to zero (0). The PortMaster never forwards a 0 value of this metric to any peer, even if 0 was explicitly received from a peer.
local-pref Number	Assigns an arbitrary rating Number to an external route for advertisement to internal or confederation-member peers only. Number is a 32-bit integer. local-pref can be abbreviated as lp in this command. Higher numbers indicate an increased preference for a specific route when more than one route exists. Use this metric to screen a particular autonomous system from your map of routes, for example.
	If you do not assign a local preference rating to the IP prefix, one of the following values is assigned by default: · If the route comes from an internal peer, the learned local preference number is assigned. · If the route comes from an external peer, Number is based on the autonomous system path length, with a shorter path being preferred. A local preference value configured in a policy takes precedence over one configured in this summarization.
community	Advertises the 32-bit community attribute, defined by Tag, along with this summarization.
Tag	Thirty-two-bit number that indicates a destination category in one of the following forms: · One 32-bit value identifying the autonomous system of the destination · Two 16-bit values: one containing the autonomous system number of the destination, and the other containing additional information about the autonomous system. If only the first 16-bit word is considered significant in matching the community Tag, replace the second 16-bit value with the keyword any . One of the following reserved community keywords that restrict route advertisement for peers receiving the route information:
	no-export	Destinations only within a confederation. Advertise the route only to BGP peers within your confederation or autonomous system.
	no-advertise	No destinations. Do not advertise this route.
	no-export-subconfed	Internal destinations only. Advertise this route only to internal BGP peers.
	The restrictions imposed by these reserved community keywords do not apply to the PortMaster originating this information.

Usage

BGP originates to peers only the routing information that is explicitly indicated by--and supported by--the interior routing protocols in use (OSPF, RIP, static routes, or directly attached routes). These special advertisements are called summarizations , and must be explicitly configured in most cases.

The settings you configure for community, local preference, and multiexit discriminator in this summarization command interact with advertisement policy definitions as follows:

The advertisement policy definition overrides any values for local preference and multiexit discriminator.
If the advertisement policy definition adds new community categories (community add ), that information is added to the community information specified in the summarization.
If the advertisement policy definition replaces community categories (community replace ), it replaces any community information specified in the summarization.

To help provide stability in the Internet, summarizations are advertised only when supported by one or more specific routes that exist for at least 30 seconds before the advertisement.

Example

Command> set bgp summarization 172.16.0.0/16 multi 55 as 2 as 3 as 4
BGP summarization successfully added

show bgp memory

This command displays information on BGP memory usage.

show bgp memory

Example

Command> show bgp memory
BGP is using a total of 7024480 bytes of memory for 42313 destinations:

Destination-specific use: 3296384 bytes
Peer-specific use: 3728096 bytes

Explanation

Memory usage is an important concern when you are running BGP because of the large number of routes that are stored in the BGP database.


Destination-specific use: 3,296,384	This value depends on the total number of IP prefixes accepted in the network layer reachability information (NLRI) from all peers, whether or not multiple peers provide the same prefix. Destination-specific bytes of memory are normally consumed only once for each unique destination.
Peer-specific use: 3,728,096 bytes	This value depends on the total amount of information accepted from all peers. Redundant information from multiple peers can increase this value.

show bgp next-hop

This command displays the known BGP next hop addresses and the gateways to them.

show bgp next-hop

Usage

Use this command to conveniently determine where packets go when forwarded. The information displayed is based on entries in the routing table that are used to forward BGP packets to their destinations.

Example

Command> show bgp next-hop

Next Hop Gateway Src Addr to it Source Metric Interface

------------- ------------ ------------- ------- ------ ---------

192.168.1.2 172.16.96.2 172.16.95.1 ospf/IA 1 ether0

172.16.96.129 172.16.96.129 172.16.96.1 local 1 ether0

172.16.96.133 172.16.96.129 172.16.96.1 local 1 ether0

Command> show bgp next-hop
Next Hop	Gateway	Src Addr to it	Source	Metric	Interface
-------------	------------	-------------	-------	------	---------
192.168.1.2	172.16.96.2	172.16.95.1	ospf/IA	1	ether0
172.16.96.129	172.16.96.129	172.16.96.1	local	1	ether0
172.16.96.133	172.16.96.129	172.16.96.1	local	1	ether0

Explanation

Next Hop Next hop address, learned from the next hop attribute in a BGP route.

Gateway Address of the directly adjacent router that forwards packets so that they reach the next hop. If the next hop and gateway addresses are the same, the next hop router is directly adjacent to the PortMaster.

Src Addr to it Local network address of the interface on the PortMaster that is used to reach the next hop.

Source Origin of the route information:

local Route learned from an interface on the PortMaster.

rip RIP route learned from a connected network.

ospf OSPF route learned from an internal neighbor.

ospf/E1
ospf/E2 OSPF route learned from Type 1 external or Type 2 external routes.

ospf/N1
ospf/N2 OSPF learned route as Type 1 external or Type 2 external routes from not-so-stubby areas (NSSAs).

ospf/IA OSPF route originating from another area and learned via an area border router.

bgp/D BGP route for the default network (network 0).

bgp/E BGP route learned from an external neighbor.

bgp/I BGP route learned from an internal neighbor.

Metric Hop count to the next hop.

Interface Interface used for forwarding packets to the gateway for the next hop.

Next Hop	Next hop address, learned from the next hop attribute in a BGP route.
Gateway	Address of the directly adjacent router that forwards packets so that they reach the next hop. If the next hop and gateway addresses are the same, the next hop router is directly adjacent to the PortMaster.
Src Addr to it	Local network address of the interface on the PortMaster that is used to reach the next hop.
Source	Origin of the route information:
	local	Route learned from an interface on the PortMaster.
	rip	RIP route learned from a connected network.
	ospf	OSPF route learned from an internal neighbor.
	ospf/E1 ospf/E2	OSPF route learned from Type 1 external or Type 2 external routes.
	ospf/N1 ospf/N2	OSPF learned route as Type 1 external or Type 2 external routes from not-so-stubby areas (NSSAs).
	ospf/IA	OSPF route originating from another area and learned via an area border router.
	bgp/D	BGP route for the default network (network 0).
	bgp/E	BGP route learned from an external neighbor.
	bgp/I	BGP route learned from an internal neighbor.
Metric	Hop count to the next hop.
Interface	Interface used for forwarding packets to the gateway for the next hop.

show bgp paths

This command displays BGP path information learned by the PortMaster.

show bgp paths [Prefix/NM [verbose]]


Prefix	IP prefix address, specified in dotted decimal notation. If you do not include the verbose keyword, the display shows only the NLRI for the best match to this specified prefix address.
/NM	Netmask that indicates the number of high-order bits in the IP prefix. This value is a number from 0 to 32, preceded by a slash (/)--for example, /24.
verbose	Displays all the NLRI associated with the paths that the specified prefix address is on.

Example


Command> show bgp paths
O: INC	AAS: 12345	AIP: 1.2.3.4	OID: 192.168.1.130
Cluster List: 192.168.135.1
Sequence: 60149 1 2 3
NH: 172.16.96.76 LP: 99000		MED Learned/Used: 100/200
Metrics to NH: 3/2/0/2/0		Gateway to NH: 192.168.10.1
Communities info: 129/129/8454273
NLRI: +10.24.0.0/16/8/7

This example shows a simple path, with few routes.

Explanation

O: The origin of the learned path information:

IGP: NLRI originated from an Interior Gateway Protocol (IGP) such as OSPF.

EGP: NLRI originated from the Exterior Gateway Protocol (EGP).

INC: Full origin of the information is not known for this path.

AAS: Aggregating autonomous system number.

AIP: Aggregating IP address.

OID: ID of the originating router for the route, if learned across a route reflector in the local autonomous system.

Cluster List: The chain of route reflector clusters that the route has traversed in the local autonomous system.

Sequence: Ordered set of autonomous systems in the path. The closest autonomous system in the path is shown first.

Set: Unordered collection of autonomous systems in the path.

Confederation Sequence: Ordered set of autonomous systems for a confederation. The closest autonomous system in the path is shown first.

Confederation Set: Unordered collection of autonomous systems for a confederation.

NH:
IP address of the next hop that is used to reach the following NLRI addresses. The next hop is usually, but not always, the router that advertises them. The message "self-generated" in this field indicates that the path was generated from a summarization configured on the PortMaster.

LP: Learned local preference attribute for this path. In most cases, internal peers prefer paths that have the highest local preference. When the local preference is not learned for the path, the message "not present" is shown.

MED Learned/Used: Multiexit discriminator for this path that indicates a preference for a specific path when more than one exists. Both the learned multiexit discriminator and the one used--which can be different due to acceptance policy criteria--are shown. If none is either learned or used, the message "not present" is shown. A lower value indicates a higher preference for the path. The multiexit discriminator value is a 32-bit nonnegative integer.

Metrics to NH: Metrics to the next hop--an A/B/C/D/E string, used for debugging.

Gateway to NH: IP address of the adjacent router that leads to the next hop router.

Communities info: One of the reserved community keywords that restrict route advertisement for peers receiving the route information:
no-export , no-advertise , or no-export-subconfed . Or: Values of communities attribute information in the path, in the format A/B/C:

A Autonomous system number--the first 16-bit portion of the communities attribute.

B Additional information about the autonomous system--the second 16-bit portion of the communities attribute.

C A+B--a single 32-bit number for the communities attribute.

NLRI: Network layer reachability information (NLRI), shown in the format +Prefix/NM/BMAd/BMP:

+ Indicates the path was chosen as the best path for this NLRI among all available paths that contain this NLRI.

Prefix IP address prefix of the NLRI.

NM Netmask of the NLRI.

BMAd Combined bit mask, in hexadecimal, of all peers that have advertised this NLRI and path to this PortMaster. The bit mask for each peer can be found in the output of show bgp peers verbose .

BMP Combined bit mask, in hexadecimal, of all peers to whom the PortMaster has advertised this NLRI for this path.

O:	The origin of the learned path information:
	IGP:	NLRI originated from an Interior Gateway Protocol (IGP) such as OSPF.
	EGP:	NLRI originated from the Exterior Gateway Protocol (EGP).
	INC:	Full origin of the information is not known for this path.
AAS:	Aggregating autonomous system number.
AIP:	Aggregating IP address.
OID:	ID of the originating router for the route, if learned across a route reflector in the local autonomous system.
Cluster List:	The chain of route reflector clusters that the route has traversed in the local autonomous system.
Sequence:	Ordered set of autonomous systems in the path. The closest autonomous system in the path is shown first.
Set:	Unordered collection of autonomous systems in the path.
Confederation Sequence:	Ordered set of autonomous systems for a confederation. The closest autonomous system in the path is shown first.
Confederation Set:	Unordered collection of autonomous systems for a confederation.
NH:	IP address of the next hop that is used to reach the following NLRI addresses. The next hop is usually, but not always, the router that advertises them. The message "self-generated" in this field indicates that the path was generated from a summarization configured on the PortMaster.
LP:	Learned local preference attribute for this path. In most cases, internal peers prefer paths that have the highest local preference. When the local preference is not learned for the path, the message "not present" is shown.
MED Learned/Used:	Multiexit discriminator for this path that indicates a preference for a specific path when more than one exists. Both the learned multiexit discriminator and the one used--which can be different due to acceptance policy criteria--are shown. If none is either learned or used, the message "not present" is shown. A lower value indicates a higher preference for the path. The multiexit discriminator value is a 32-bit nonnegative integer.
Metrics to NH:	Metrics to the next hop--an A/B/C/D/E string, used for debugging.
Gateway to NH:	IP address of the adjacent router that leads to the next hop router.
Communities info:	One of the reserved community keywords that restrict route advertisement for peers receiving the route information: no-export , no-advertise , or no-export-subconfed . Or: Values of communities attribute information in the path, in the format A/B/C:
	A	Autonomous system number--the first 16-bit portion of the communities attribute.
	B	Additional information about the autonomous system--the second 16-bit portion of the communities attribute.
	C	A+B--a single 32-bit number for the communities attribute.
NLRI:	Network layer reachability information (NLRI), shown in the format +Prefix/NM/BMAd/BMP:
	+	Indicates the path was chosen as the best path for this NLRI among all available paths that contain this NLRI.
	Prefix	IP address prefix of the NLRI.
	NM	Netmask of the NLRI.
	BMAd	Combined bit mask, in hexadecimal, of all peers that have advertised this NLRI and path to this PortMaster. The bit mask for each peer can be found in the output of show bgp peers verbose .
	BMP	Combined bit mask, in hexadecimal, of all peers to whom the PortMaster has advertised this NLRI for this path.

show bgp peers

This command displays a list of BGP peers and, optionally, a summary of packets sent to and received from the peers.

show bgp peers [verbose|packets]

show table bgp


verbose	Provides detailed information about BGP peers.
packets	Provides a summary of packets sent to and received from the peers.

Usage

Using the command without either optional keyword provides summary information. This is the default.

The command show table bgp displays the same output as show bgp peers .

Example 1--Summary Information

Command> show bgp peers

Remote IP AS Fl DH Up Accept Inject Advertise

------------- --- --- --- --- ------------ ------------- ----------

192.168.1.2 2 RN 2 Up only207 only207 only207

192.168.1.3 3 C -- Dn all all all

Command> show bgp peers
Remote IP	AS	Fl	DH	Up	Accept	Inject	Advertise
-------------	---	---	---	---	------------	-------------	----------
192.168.1.2	2	RN	2	Up	only207	only207	only207
192.168.1.3	3	C	--	Dn	all	all	all

Explanation

Remote IP IP address of the BGP peer.

AS Autonomous system number of the BGP peer.

Fl Flags:

C Identifies this peer as a confederation member peer of the PortMaster.

R Identifies this peer as a route-reflector client of the PortMaster.

N This peer is configured to always consider the PortMaster as the next hop for any update packet sent from this peer.

DH Hop count for the default route to this peer, if one is configured with the assume-default keyword.

Up State of the peer:

Up Peer is in a fully established state.

Dn Peer is not in a fully established state.

Accept Acceptance policy name, if configured.

Inject Injection policy name, if configured.

Advertise Advertisement policy name, if configured.

Remote IP	IP address of the BGP peer.
AS	Autonomous system number of the BGP peer.
Fl	Flags:
	C	Identifies this peer as a confederation member peer of the PortMaster.
	R	Identifies this peer as a route-reflector client of the PortMaster.
	N	This peer is configured to always consider the PortMaster as the next hop for any update packet sent from this peer.
DH	Hop count for the default route to this peer, if one is configured with the assume-default keyword.
Up	State of the peer:
	Up	Peer is in a fully established state.
	Dn	Peer is not in a fully established state.
Accept	Acceptance policy name, if configured.
Inject	Injection policy name, if configured.
Advertise	Advertisement policy name, if configured.

Note ¯ When a peer deletion is in process, a message and countdown timer is displayed in the Accept, Inject, and Advertise columns, as follows:
-- Deletion in Progress. Countdown 216 --
Deletion is complete when the countdown drops to zero. A similar "idling" message is shown when the peer is idling down from a previously established up state.

Example 2--Verbose Information

Command> show bgp peers verbose

Incoming Peer Source: 192.168.96.135 Destination: 192.168.96.130

Remote Autonomous System: 60149 Remote Id: 192.168.96.130

Current state: Established Last Event: Received Update

Timer expiration in 64 seconds Bitmask: 8

NLRI from/to this peer: 43839/ 43211 Peer up 10:40.80

Last sent error: 0/0. Last received error: 2/3.

Accept NLRIs Policy: all

Inject NLRIs Policy: all

Advertise NLRIs Policy: all

Packet Type Sent Received

--------------- ------- -------

Opens 2 2

Keepalives 5 5

Notifications 2 0

Updates 3375 4852

Command> show bgp peers verbose
Incoming Peer Source: 192.168.96.135	Destination: 192.168.96.130
Remote Autonomous System: 60149	Remote Id: 192.168.96.130
Current state: Established	Last Event: Received Update
Timer expiration in 64 seconds	Bitmask: 8
NLRI from/to this peer: 43839/ 43211	Peer up 10:40.80
Last sent error: 0/0. Last received error: 2/3.
Accept NLRIs Policy: all
Inject NLRIs Policy: all
Advertise NLRIs Policy: all

Packet Type	Sent	Received
---------------	-------	-------
Opens	2	2
Keepalives	5	5
Notifications	2	0
Updates	3375	4852

Incoming Peer Source: Local IP address used to attach to the peer. Each peer consists of two subpeers, only one of which is active at any time:

Incoming Local subpeer is attempting a connection.

Outgoing Local subpeer is listening for connections from others.

Destination: Destination of the remote peer.

Remote Autonomous System: Remote autonomous system number of the peer.

Remote Id: BGP ID of the remote peer.

Current state: Current state of the BGP peer, as defined in RFC 1771:

Established Full connectivity is established to this peer.

Other The PortMaster is attempting to establish connectivity to this peer.

Last Event: The most recent events for this peer:

Start Connection attempt started.

Stop Result of a reset bgp command.

Transport Open TCP session opened.

Transport Closed TCP session closed.

Transport Open Fail TCP open session failed--for example, because the PortMaster was unable to reach the remote host.

Transport Error TCP session reported an error.

Connect Time Expired BGP connection time expired, and BGP is starting to open a new connection after being in an idle state.

Hold Time Expired Remote BGP peer did not send a keepalive message within the hold time, so the peer is dropped.

Keepalive Time Expired Keepalive timer expired for the peer. This event indicates that the PortMaster needed to send another keepalive packet.

Received Open PortMaster received an open message from the peer.

Received Keepalive PortMaster received a keepalive message from the peer.

Received Update PortMaster received an update message from the peer. Update messages contain the path and route data updates.

Received Notification PortMaster received a notification message from the peer. This event indicates that the peer requires the PortMaster to drop the current session.

Deleted PortMaster has deleted the peer.

Dropped Peer was dropped by the PortMaster because a notification error message had to be sent to the peer.

Idling Down Done PortMaster has finished idling down this peer from an established state to an idle state.

Timer expiration...: Number of seconds that must elapse before the next timed event will occur:
· For sessions not in an open state, the time that must elapse until the next connection attempt.

· For sessions either open or established, the time that must elapse before the required keepalive message is received from the peer. If the PortMaster does not receive a keepalive message from the peer, the peer is unreachable.

Bitmask: Gives the bit mask of this peer. This value is useful when you are looking at the NLRI information in the output of
show bgp path .

NLRI from/to this peer: Total active NLRI received from and sent to the peer.

Peer up Time that peer has been up in hours :minutes .seconds .

Last sent error: Last error sent in a notification message to this peer. BGP notification error codes are fully described in RFC 1771.

Last received error: Last error received in a notification message from this peer. BGP notification error codes are fully described in RFC 1771.

Accept NLRIs Policy Acceptance policy name, if configured.

Inject NLRIs Policy: Injection policy name, if configured.

Advertise NLRIs Policy: Advertisement policy name, if configured.

Packet Type Type of BGP packet sent to or received from the peer.

Sent Number of packets of each type sent to the peer since it was defined.

Received Number of packets of each type received from the peer since it was defined.

Explanation

Incoming Peer Source:	Local IP address used to attach to the peer. Each peer consists of two subpeers, only one of which is active at any time:
	Incoming	Local subpeer is attempting a connection.
	Outgoing	Local subpeer is listening for connections from others.
Destination:	Destination of the remote peer.
Remote Autonomous System:	Remote autonomous system number of the peer.
Remote Id:	BGP ID of the remote peer.
Current state:	Current state of the BGP peer, as defined in RFC 1771:
	Established	Full connectivity is established to this peer.
	Other	The PortMaster is attempting to establish connectivity to this peer.
Last Event:	The most recent events for this peer:
	Start	Connection attempt started.
	Stop	Result of a reset bgp command.
	Transport Open	TCP session opened.
	Transport Closed	TCP session closed.
	Transport Open Fail	TCP open session failed--for example, because the PortMaster was unable to reach the remote host.
	Transport Error	TCP session reported an error.
	Connect Time Expired	BGP connection time expired, and BGP is starting to open a new connection after being in an idle state.
	Hold Time Expired	Remote BGP peer did not send a keepalive message within the hold time, so the peer is dropped.
	Keepalive Time Expired	Keepalive timer expired for the peer. This event indicates that the PortMaster needed to send another keepalive packet.
	Received Open	PortMaster received an open message from the peer.
	Received Keepalive	PortMaster received a keepalive message from the peer.
	Received Update	PortMaster received an update message from the peer. Update messages contain the path and route data updates.
	Received Notification	PortMaster received a notification message from the peer. This event indicates that the peer requires the PortMaster to drop the current session.
	Deleted	PortMaster has deleted the peer.
	Dropped	Peer was dropped by the PortMaster because a notification error message had to be sent to the peer.
	Idling Down Done	PortMaster has finished idling down this peer from an established state to an idle state.
Timer expiration...:	Number of seconds that must elapse before the next timed event will occur: · For sessions not in an open state, the time that must elapse until the next connection attempt. · For sessions either open or established, the time that must elapse before the required keepalive message is received from the peer. If the PortMaster does not receive a keepalive message from the peer, the peer is unreachable.
Bitmask:	Gives the bit mask of this peer. This value is useful when you are looking at the NLRI information in the output of show bgp path .
NLRI from/to this peer:	Total active NLRI received from and sent to the peer.
Peer up	Time that peer has been up in hours :minutes .seconds .
Last sent error:	Last error sent in a notification message to this peer. BGP notification error codes are fully described in RFC 1771.
Last received error:	Last error received in a notification message from this peer. BGP notification error codes are fully described in RFC 1771.
Accept NLRIs Policy	Acceptance policy name, if configured.
Inject NLRIs Policy:	Injection policy name, if configured.
Advertise NLRIs Policy:	Advertisement policy name, if configured.
Packet Type	Type of BGP packet sent to or received from the peer.
Sent	Number of packets of each type sent to the peer since it was defined.
Received	Number of packets of each type received from the peer since it was defined.

Note ¯ When a BGP peer has been deleted or idled, you might see one of the following messages in place of a configured policy name:

"Waiting for TCP close before deletion"
"Waiting for TCP close before idle"

This message appears because a peer is not fully deleted or idled until the peer has acknowledged the close of the TCP session.

Example 3--Packets Sent and Received Information

Command> show bgp peers packets

Open Keepalive Notification Update NLRI

Remote IP Up In/Out In/Out In/Out In/Out In/Out

------------ --- ------ --------- ----------- -------- -------

192.168.1.135 Up 2
3 24
23 0
3 3933
1005 44073
354

192.168.1.133 Dn 5
6 23
21 0
4 7714
7717 44092
44089

192.168.1.130 Up 4
4 21
23 0
2 3525
3535 44085
44094

Command> show bgp peers packets
		Open	Keepalive	Notification	Update	NLRI
Remote IP	Up	In/Out	In/Out	In/Out	In/Out	In/Out
------------	---	------	---------	-----------	--------	-------
192.168.1.135	Up	2 3	24 23	0 3	3933 1005	44073 354
192.168.1.133	Dn	5 6	23 21	0 4	7714 7717	44092 44089
192.168.1.130	Up	4 4	21 23	0 2	3525 3535	44085 44094

Explanation

Remote IP IP address of the BGP peer.

Up State of the peer:

Up Peer is in a fully established state.

Dn Peer is not in a fully established state.

Open
In/Out Number of open messages received from and sent to the peer since the last reboot or reset bgp command.

Keepalive
In/Out Number of keepalive messages received from and sent to the peer since the last reboot or reset bgp command.

Notification In/Out Number of notification messages received from and sent to the peer since the last reboot or reset bgp command.

Update
In/Out Number of update messages received from and sent to the peer since the last reboot or reset bgp command.

NLRI
In/Out The total active NLRI received from and sent to the peer.

Remote IP	IP address of the BGP peer.
Up	State of the peer:
	Up	Peer is in a fully established state.
	Dn	Peer is not in a fully established state.
Open In/Out	Number of open messages received from and sent to the peer since the last reboot or reset bgp command.
Keepalive In/Out	Number of keepalive messages received from and sent to the peer since the last reboot or reset bgp command.
Notification In/Out	Number of notification messages received from and sent to the peer since the last reboot or reset bgp command.
Update In/Out	Number of update messages received from and sent to the peer since the last reboot or reset bgp command.
NLRI In/Out	The total active NLRI received from and sent to the peer.

show bgp policy

This command shows BGP policy names and definitions.

show bgp policy [Policyname]


Policyname	Name of an existing policy for which you want details displayed--a string of up to 16 nonspace ASCII characters. Without this option only the names of existing BGP policies are displayed.

Examples

Command> show bgp policy
add401 admit

Command> show bgp policy add401
set bgp policy add401 1 permit
if prefix 10.0.0.0/8
then community add 401 401

show bgp summarization

This command shows the route summaries configured for advertisement to BGP peers.

show bgp summarization [all


all	Displays both manually configured summaries and those automatically built with the add propagation static bgp command. The manually configured summaries are shown with /C after the prefix and netmask, and the automatically generated ones are shown with /A. The default is to display only manually configured summaries.

]

Example

The following example shows a summary configured for a route to an IP address with a prefix of 10.0.0.0, a netmask of /8, and a multiexit discriminator of 5. The summary is being forwarded to autonomous systems 1, 2, and 3.


Command> show bgp summarization all
10.0.0.0/8/C	Count of Supporting Routes: 53
LP: 0	MED: 5	CAS: no-advertise
Export to AS: 1 2 3
Export to CMA: 4

Explanation

10.0.0.0/8/C IP prefix and netmask of the route summary. /C-- A configured summarization. /A --A summary automatically generated from static route information with the add propagation static bgp command.

Count of Supporting Routes Number of routes known to the system that are learned from an interior routing protocol (such as OSPF), or are directly connected or statically configured and support this summary. If the count is zero, the PortMaster does not advertise the summary to any of its peers.

LP: Configured local preference value to use when advertising this summary to internal or confederation member peers. Zero (0) indicates that no local preference will be advertised.

MED: Configured multiexit discriminator to use when advertising this summary to external and confederation member peers.

CAS: Community autonomous system information configured to be sent when this summary is advertised. Shown as a pair of numbers, the first is the autonomous system number, and the second is information about the autonomous system. A value of 0 0 indicates that no communities attribute is advertised. If the communities attribute is a reserved value, as in this example, it is shown as a text string.

Export to AS: List of the numbers of adjacent autonomous systems to which this summary is advertised. If the autonomous system of the PortMaster is displayed, this summarization is also advertised to internal peers in the same autonomous system.

Export to CMA: List of the numbers of adjacent confederation member autonomous systems (CMAs) to which this summary is advertised. If the CMAs of the PortMaster are displayed, this summarization is also advertised to internal confederation-member peers.

10.0.0.0/8/C	IP prefix and netmask of the route summary. /C-- A configured summarization. /A --A summary automatically generated from static route information with the add propagation static bgp command.
Count of Supporting Routes	Number of routes known to the system that are learned from an interior routing protocol (such as OSPF), or are directly connected or statically configured and support this summary. If the count is zero, the PortMaster does not advertise the summary to any of its peers.
LP:	Configured local preference value to use when advertising this summary to internal or confederation member peers. Zero (0) indicates that no local preference will be advertised.
MED:	Configured multiexit discriminator to use when advertising this summary to external and confederation member peers.
CAS:	Community autonomous system information configured to be sent when this summary is advertised. Shown as a pair of numbers, the first is the autonomous system number, and the second is information about the autonomous system. A value of 0 0 indicates that no communities attribute is advertised. If the communities attribute is a reserved value, as in this example, it is shown as a text string.
Export to AS:	List of the numbers of adjacent autonomous systems to which this summary is advertised. If the autonomous system of the PortMaster is displayed, this summarization is also advertised to internal peers in the same autonomous system.
Export to CMA:	List of the numbers of adjacent confederation member autonomous systems (CMAs) to which this summary is advertised. If the CMAs of the PortMaster are displayed, this summarization is also advertised to internal confederation-member peers.

show routes

This command shows the IP routing table. For more information, see the explanation of routing tables in the PortMaster Routing Guide.

show routes [String|Prefix/NM]


String	Displays only routes that contain the matching String in their show routes command output. For example, show routes bgp shows only routes that contain the string bgp .
Prefix/NM	Displays routes only to the destination indicated by this IP address prefix Prefix and netmask NM. The netmask indicates the number of high-order bits in the IP prefix. · Specify Prefix in dotted decimal notation. · Specify NM as number from 1 to 32, preceded by a slash (/)--for example, /24.

Example

Command> show routes bgp

Destination Mask Gateway Source Flag Met Interface

------------ ----- -------------- ------- ----- ---- ----------

0.0.0.0 0 172.31.96.129 bgp/D ND 3 ether0

192.168.1.0 24 172.31.96.129 bgp/E ND 1 ether0

172.16.0.0 16 172.31.96.130 bgp/I ND 2 ether0

Command> show routes bgp
Destination	Mask	Gateway	Source	Flag	Met	Interface
------------	-----	--------------	-------	-----	----	----------
0.0.0.0	0	172.31.96.129	bgp/D	ND	3	ether0
192.168.1.0	24	172.31.96.129	bgp/E	ND	1	ether0
172.16.0.0	16	172.31.96.130	bgp/I	ND	2	ether0

Explanation

Destination IP address of the host or network to which packets are sent.

Mask Netmask in use for the destination.

Gateway IP address of the directly connected host through which packets are forwarded to the destination.

Source Source of the route information:

local Route learned from an interface on the PortMaster.

rip RIP route learned from a connected network.

ospf OSPF route learned from an internal neighbor.

ospf/E1
ospf/E2 OSPF route learned from Type 1 external or Type 2 external routes.

ospf/N1
ospf/N2 OSPF route learned as Type 1 external or Type 2 external routes from not-so-stubby areas (NSSAs).

ospf/IA OSPF route originating from another area and learned via an area border router.

bgp/D BGP route for the default network (network 0).

bgp/E BGP route learned from an external neighbor.

bgp/I BGP route learned from an internal neighbor.

Flag
· H --A host route.

· N --A network route.

· S --A static route that is either configured (permanent) or learned via a RADIUS Framed-Route (temporary).

· L --A route attached to an interface on the PortMaster.

· D --A route dynamically learned via RIP or OSPF.

· C --A changed route that has yet to be advertised to all interfaces.

· O --An obsolete route scheduled for deletion.

Met Metric--Hop count to the remote destination.

Interface Interface used for forwarding packets to the gateway for the destination.

Destination	IP address of the host or network to which packets are sent.
Mask	Netmask in use for the destination.
Gateway	IP address of the directly connected host through which packets are forwarded to the destination.
Source	Source of the route information:
	local	Route learned from an interface on the PortMaster.
	rip	RIP route learned from a connected network.
	ospf	OSPF route learned from an internal neighbor.
	ospf/E1 ospf/E2	OSPF route learned from Type 1 external or Type 2 external routes.
	ospf/N1 ospf/N2	OSPF route learned as Type 1 external or Type 2 external routes from not-so-stubby areas (NSSAs).
	ospf/IA	OSPF route originating from another area and learned via an area border router.
	bgp/D	BGP route for the default network (network 0).
	bgp/E	BGP route learned from an external neighbor.
	bgp/I	BGP route learned from an internal neighbor.
Flag	· H --A host route. · N --A network route. · S --A static route that is either configured (permanent) or learned via a RADIUS Framed-Route (temporary). · L --A route attached to an interface on the PortMaster. · D --A route dynamically learned via RIP or OSPF. · C --A changed route that has yet to be advertised to all interfaces. · O --An obsolete route scheduled for deletion.
Met	Metric--Hop count to the remote destination.
Interface	Interface used for forwarding packets to the gateway for the destination.

[Top] [Table Of Contents] [Prev] [Next] [Index]
12 out of 25 total pages

spider@livingston.com

BGP Routing 9

Displaying BGP Information

Summary of BGP Commands

BGP Commands

add bgp peer

Usage

See Also

add bgp policy

Usage

Example

See Also

add bgp summarization

See Also

delete bgp peer

Usage

Example

See Also

delete bgp policy

Usage

Example

See Also

delete bgp summarization

Example

See Also

reset bgp

Usage

Example

save bgp

Example

set bgp as

Usage

Example

set bgp cluster-id

Usage

Example

set bgp cma

Usage

Example

set bgp connect-retry-interval

Usage

Example

set bgp enable|disable

Usage

set bgp hold-time

Usage

Example

set bgp id

Usage

Example

set bgp igp-lockstep

Usage

Example

set bgp keepalive-timer

Usage

Example

set bgp peer

Usage

Example

See Also

set bgp policy (acceptance)

Usage

Example

set bgp policy (injection)

Usage

Example

set bgp policy (advertisement)

Usage

Examples

set bgp policy blank

Usage

Example

See Also

set bgp summarization

Usage

Example

See Also

show bgp memory

Example

Explanation

show bgp next-hop

Example 1--Summary Information

Command> show bgp peers

Remote IP AS Fl DH Up Accept Inject Advertise

------------- --- --- --- --- ------------ ------------- ----------

192.168.1.2 2 RN 2 Up only207 only207 only207

192.168.1.3 3 C -- Dn all all all

Example

Command> show routes bgp

Destination Mask Gateway Source Flag Met Interface

------------ ----- -------------- ------- ----- ---- ----------

0.0.0.0 0 172.31.96.129 bgp/D ND 3 ether0

192.168.1.0 24 172.31.96.129 bgp/E ND 1 ether0

172.16.0.0 16 172.31.96.130 bgp/I ND 2 ether0