diff options
| author | IWASE Yusuke <iwase.yusuke0@gmail.com> | 2018-03-30 13:51:51 +0900 |
|---|---|---|
| committer | IWASE Yusuke <iwase.yusuke0@gmail.com> | 2018-04-02 16:16:01 +0900 |
| commit | 008f34053c87650c83946874980fa97179267149 (patch) | |
| tree | 436e7a1a0eb4208a845b9bc710253af16e344f15 /docs | |
| parent | 79d264bfb008370a6af7ff42dc3962d0bf1ddf63 (diff) | |
*.md: Improvements for markdownlint
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/sources/add-paths.md | 28 | ||||
| -rw-r--r-- | docs/sources/bmp.md | 15 | ||||
| -rw-r--r-- | docs/sources/cli-command-syntax.md | 182 | ||||
| -rw-r--r-- | docs/sources/cli-operations.md | 8 | ||||
| -rw-r--r-- | docs/sources/configuration.md | 2 | ||||
| -rw-r--r-- | docs/sources/dynamic-neighbor.md | 6 | ||||
| -rw-r--r-- | docs/sources/ebgp-multihop.md | 20 | ||||
| -rw-r--r-- | docs/sources/evpn.md | 7 | ||||
| -rw-r--r-- | docs/sources/getting-started.md | 5 | ||||
| -rw-r--r-- | docs/sources/graceful-restart.md | 21 | ||||
| -rw-r--r-- | docs/sources/grpc-client.md | 82 | ||||
| -rw-r--r-- | docs/sources/lib.md | 5 | ||||
| -rw-r--r-- | docs/sources/mrt.md | 25 | ||||
| -rw-r--r-- | docs/sources/peer-group.md | 3 | ||||
| -rw-r--r-- | docs/sources/policy.md | 676 | ||||
| -rw-r--r-- | docs/sources/route-reflector.md | 2 | ||||
| -rw-r--r-- | docs/sources/route-server.md | 14 | ||||
| -rw-r--r-- | docs/sources/rpki.md | 27 | ||||
| -rw-r--r-- | docs/sources/ttl-security.md | 64 | ||||
| -rw-r--r-- | docs/sources/unnumbered-bgp.md | 10 |
20 files changed, 682 insertions, 520 deletions
diff --git a/docs/sources/add-paths.md b/docs/sources/add-paths.md index 4b99cf96..09828bf8 100644 --- a/docs/sources/add-paths.md +++ b/docs/sources/add-paths.md @@ -8,16 +8,16 @@ the "Advertise N Paths" mode described in ## Prerequisites -Assumed that you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assumed that you finished [Getting Started](getting-started.md). ## Contents -- [Configuration](#section0) -- [Verification](#section1) - - [Example Topology and Configuration](#section1.1) - - [Advertise Multiple Paths](#section1.2) +- [Configuration](#configuration) +- [Verification](#verification) + - [Example Topology and Configuration](#example-topology-and-configuration) + - [Advertise Multiple Paths](#advertise-multiple-paths) -## <a name="section0"> Configuration +## Configuration In order to advertise multiple paths to the specific neighbors, you need to configure `[neighbors.add-paths.config]` section for each neighbor. @@ -54,14 +54,14 @@ unicast family. send-max = 8 ``` -## <a name="section1"> Verification +## Verification -### <a name="section1.1"> Example Topology and Configuration +### Example Topology and Configuration To test BGP Additional Paths features, this page supposes the following topology. -``` +```text +----------+ +----------+ +----------+ | r1 | | r2 | | r3 | | AS 65001 | ADD-PATH enabled | AS 65002 | | AS 65003 | @@ -131,14 +131,14 @@ Configuration on r2: afi-safi-name = "ipv4-unicast" ``` -### <a name="section1.2"> Advertise Multiple Paths +### Advertise Multiple Paths Start GoBGP on r1, r2, r3 and r4, and confirm the establishment of each BGP session. e.g.: -``` +```bash r1> gobgpd -f gobgpd.toml {"level":"info","msg":"gobgpd started","time":"YYYY-MM-DDTHH:mm:ss+09:00"} {"Topic":"Config","level":"info","msg":"Finished reading the config file","time":""YYYY-MM-DDTHH:mm:ss+09:00"} @@ -149,11 +149,11 @@ r1> gobgpd -f gobgpd.toml Advertise a prefix "192.168.1.0/24" on r3 and r4. -``` +```bash r3> gobgp global rib -a ipv4 add 192.168.1.0/24 ``` -``` +```bash r4> gobgp global rib -a ipv4 add 192.168.1.0/24 ``` @@ -161,7 +161,7 @@ Then confirm 2 paths (from r3 and r4) are advertised to r1 from r2. In the following output shows the path with AS_PATH 65002 65003 (r3->r2->r1) and the path with AS_PATH 65002 65004 (r4->r2->r1). -``` +```bash r1> gobgp global rib -a ipv4 Network Next Hop AS_PATH Age Attrs *> 192.168.1.0/24 10.0.0.2 65002 65003 HH:mm:ss [{Origin: ?}] diff --git a/docs/sources/bmp.md b/docs/sources/bmp.md index 22f6a193..ad885326 100644 --- a/docs/sources/bmp.md +++ b/docs/sources/bmp.md @@ -4,15 +4,16 @@ GoBGP supports [BGP Monitoring Protocol (RFC 7854)](https://tools.ietf.org/html/ ## Prerequisites -Assume you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assume you finished [Getting Started](getting-started.md). ## Contents -- [Configuration](#config) -- [Verification](#verify) -## <a name="config"> Configuration +- [Configuration](#configuration) +- [Verification](#verification) -Add `[bmp-servers]` session to enable BMP. +## Configuration + +Add `[bmp-servers]` session to enable BMP. ```toml [global.config] @@ -26,6 +27,7 @@ Add `[bmp-servers]` session to enable BMP. ``` The supported route monitoring policy types are: + - pre-policy (Default) - post-policy - both (Obsoleted) @@ -75,13 +77,14 @@ Please note this option is mainly for debugging purpose. route-mirroring-enabled = true ``` -## <a name="verify"> Verification +## Verification Let's check if BMP works with a bmp server. GoBGP also supports BMP server (currently, just shows received BMP messages in the json format). ```bash $ go get github.com/osrg/gobgp/gobmpd $ gobmpd +...(snip)... ``` Once the BMP server accepts a connection from gobgpd, then you see diff --git a/docs/sources/cli-command-syntax.md b/docs/sources/cli-command-syntax.md index e63067a6..16a4f254 100644 --- a/docs/sources/cli-command-syntax.md +++ b/docs/sources/cli-command-syntax.md @@ -2,23 +2,27 @@ This page explains gobgp client command syntax. +## basic command pattern +```shell +gobgp <subcommand> <object> opts... +``` -## basic command pattern -gobgp \<subcommand> \<object> opts... +gobgp has the following subcommands. -gobgp has six subcommands. -- [global](#global) -- [neighbor](#neighbor) -- [policy](#policy) -- [vrf](#vrf) -- [monitor](#monitor) -- [mrt](#mrt) +- [global](#1-global-subcommand) +- [neighbor](#2-neighbor-subcommand) +- [policy](#3-policy-subcommand) +- [vrf](#4-vrf-subcommand) +- [monitor](#5-monitor-subcommand) +- [mrt](#6-mrt-subcommand) +## 1. global subcommand -## 1. <a name="global"> global subcommand ### 1.1 Global Configuration + #### syntax + ```shell # configure global setting and start acting as bgp daemon % gobgp global as <VALUE> router-id <VALUE> [listen-port <VALUE>] [listen-addresses <VALUE>...] [mpls-label-min <VALUE>] [mpls-label-max <VALUE>] @@ -29,7 +33,9 @@ gobgp has six subcommands. ``` ### 1.2. Operations for Global-Rib - add/del/show - + #### - syntax + ```shell # add Route % gobgp global rib add <prefix> [-a <address family>] @@ -46,16 +52,21 @@ gobgp has six subcommands. ``` #### - example -If you want to add routes with the address of the ipv4 to global rib: + +If you want to add routes with the address of the ipv4 to global rib: + ```shell % gobgp global rib add 10.33.0.0/16 -a ipv4 ``` -If you want to remove routes with the address of the ipv6 from global rib: + +If you want to remove routes with the address of the ipv6 from global rib: + ```shell % gobgp global rib del 2001:123:123:1::/64 -a ipv6 ``` #### more examples + ```shell % gobgp global rib add -a ipv4 10.0.0.0/24 origin igp % gobgp global rib add -a ipv4 10.0.0.0/24 origin egp @@ -84,6 +95,7 @@ If you want to remove routes with the address of the ipv6 from global rib: ``` #### - option + The following options can be specified in the global subcommand: | short |long | description | default | @@ -95,9 +107,12 @@ Also, refer to the following for the detail syntax of each address family. - `evpn` address family: [CLI Syntax for EVPN](evpn.md#cli-syntax) - `*-flowspec` address family: [CLI Syntax for Flow Specification](flowspec.md#cli-syntax) -## 2. <a name="neighbor"> neighbor subcommand +## 2. neighbor subcommand + ### 2.1. Show Neighbor Status + #### - syntax + ```shell # show neighbor's status as list % gobgp neighbor @@ -106,7 +121,9 @@ Also, refer to the following for the detail syntax of each address family. ``` ### 2.2. Operations for neighbor - shutdown/reset/softreset/enable/disable - + #### - syntax + ```shell # add neighbor % gobgp neighbor add { <neighbor address> | interface <ifname> } as <as number> [ vrf <vrf-name> | route-reflector-client [<cluster-id>] | route-server-client | allow-own-as <num> | remove-private-as (all|replace) | replace-peer-as ] @@ -119,15 +136,19 @@ Also, refer to the following for the detail syntax of each address family. % gobgp neighbor <neighbor address> disable % gobgp neighbor <neighbor address> reset ``` + #### - option - The following options can be specified in the neighbor subcommand: + +The following options can be specified in the neighbor subcommand: | short |long | description | default | |--------|---------------|--------------------------------------------|---------| |a |address-family |specify any one from among `ipv4`, `ipv6`, `vpnv4`, `vpnv6`, `ipv4-labeled`, `ipv6-labeld`, `evpn`, `encap`, `rtc`, `ipv4-flowspec`, `ipv6-flowspec`, `l2vpn-flowspec`, `opaque` | `ipv4` | ### 2.3. Show Rib - local-rib/adj-rib-in/adj-rib-out - + #### - syntax + ```shell # show all routes in [local|adj-in|adj-out] table % gobgp neighbor <neighbor address> [local|adj-in|adj-out] [-a <address family>] @@ -140,21 +161,25 @@ Also, refer to the following for the detail syntax of each address family. ``` #### - example -If you want to show the local rib of ipv4 that neighbor(10.0.0.1) has: + +If you want to show the local rib of ipv4 that neighbor(10.0.0.1) has: + ```shell % gobgp neighbor 10.0.0.1 local -a ipv4 ``` #### - option + The following options can be specified in the neighbor subcommand: | short |long | description | default | |--------|---------------|--------------------------------------------|---------| |a |address-family |specify any one from among `ipv4`, `ipv6`, `vpnv4`, `vpnv6`, `ipv4-labeled`, `ipv6-labeld`, `evpn`, `encap`, `rtc`, `ipv4-flowspec`, `ipv6-flowspec`, `l2vpn-flowspec`, `opaque` | `ipv4` | - ### 2.4. Operations for Policy - add/del/show - + #### Syntax + ```shell # show neighbor policy assignment % gobgp neighbor <neighbor address> policy { in | import | export } @@ -169,20 +194,23 @@ The following options can be specified in the neighbor subcommand: ``` #### Example -If you want to add the import policy to neighbor(10.0.0.1): + +If you want to add the import policy to neighbor(10.0.0.1): + ```shell % gobgp neighbor 10.0.0.1 policy import add policy1 policy2 default accept ``` -You can specify multiple policy to neighbor separated by commas. -\<default policy action> means the operation(accept | reject) in the case where the route does not match the conditions of the policy. +You can specify multiple policy to neighbor separated by commas. +`default <policy action>` means the operation `{accept | reject}` in the case where the route does not match the conditions of the policy. -<br> +## 3. policy subcommand -## 3. <a name="policy"> policy subcommand ### 3.1. Operations for PrefixSet - add/del/show - + #### Syntax + ```shell # add PrefixSet % gobgp policy prefix add <prefix set name> <prefix> [<mask length range>] @@ -197,21 +225,29 @@ You can specify multiple policy to neighbor separated by commas. ``` #### Example -If you want to add the PrefixSet: + +If you want to add the PrefixSet: + ```shell % gobgp policy prefix add ps1 10.33.0.0/16 16..24 ``` + A PrefixSet it is possible to have multiple prefix, if you want to remove the PrefixSet to specify only PrefixSet name. + ```shell % gobgp policy prefix del ps1 ``` + If you want to remove one element(prefix) of PrefixSet, to specify a prefix in addition to the PrefixSet name. + ```shell % gobgp policy prefix del ps1 10.33.0.0/16 ``` ### 3.2. Operations for NeighborSet - add/del/show - + #### Syntax + ```shell # add NeighborSet % gobgp policy neighbor add <neighbor set name> <neighbor address/prefix> @@ -226,25 +262,35 @@ If you want to remove one element(prefix) of PrefixSet, to specify a prefix in a ``` #### Example -If you want to add the NeighborSet: + +If you want to add the NeighborSet: + ```shell % gobgp policy neighbor add ns1 10.0.0.1 ``` + You can also specify a neighbor address range with the prefix representation: + ```shell % gobgp policy neighbor add ns 10.0.0.0/24 -`````` +``` + A NeighborSet is possible to have multiple address, if you want to remove the NeighborSet to specify only NeighborSet name. + ```shell % gobgp policy neighbor del ns1 ``` + If you want to remove one element(address) of NeighborSet, to specify a address in addition to the NeighborSet name. + ```shell % gobgp policy prefix del ns1 10.0.0.1 ``` ### 3.3. Operations for AsPathSet - add/del/show - + #### Syntax + ```shell # add AsPathSet % gobgp policy as-path add <aspath set name> <as path> @@ -259,33 +305,42 @@ If you want to remove one element(address) of NeighborSet, to specify a address ``` #### Example -If you want to add the AsPathSet: + +If you want to add the AsPathSet: + ```shell % gobgp policy as-path add ass1 ^65100 ``` You can specify the position using regexp-like expression as follows: -- From: "^65100" means the route is passed from AS 65100 directly. -- Any: "65100" means the route comes through AS 65100. -- Origin: "65100$" means the route is originated by AS 65100. -- Only: "^65100$" means the route is originated by AS 65100 and comes from it directly. + +- From: `^65100` means the route is passed from AS 65100 directly. +- Any: `_65100_` means the route comes through AS 65100. +- Origin: `_65100$` means the route is originated by AS 65100. +- Only: `^65100$` means the route is originated by AS 65100 and comes from it directly. Further you can specify the consecutive aspath and use regexp in each element as follows: -- ^65100_65001 -- 65100_[0-9]+_.*$ -- ^6[0-9]_5.*_65.?00$ + +- `^65100_65001` +- `65100_[0-9]+_.*$` +- `^6[0-9]_5.*_65.?00$` An AsPathSet it is possible to have multiple as path, if you want to remove the AsPathSet to specify only AsPathSet name. + ```shell % gobgp policy as-path del ass1 ``` + If you want to remove one element(as path) of AsPathSet, to specify an as path in addition to the AsPathSet name. + ```shell % gobgp policy as-path del ass1 ^65100 ``` ### 3.4. Operations for CommunitySet - add/del/show - + #### Syntax + ```shell # add CommunitySet % gobgp policy community add <community set name> <community> @@ -300,25 +355,34 @@ If you want to remove one element(as path) of AsPathSet, to specify an as path i ``` #### Example -If you want to add the CommunitySet: + +If you want to add the CommunitySet: + ```shell % gobgp policy community add cs1 65100:10 ``` - You can specify the position using regexp-like expression as follows: - - 6[0-9]+:[0-9]+ - - ^[0-9]*:300$ + +You can specify the position using regexp-like expression as follows: + +- `6[0-9]+:[0-9]+` +- `^[0-9]*:300$` A CommunitySet it is possible to have multiple community, if you want to remove the CommunitySet to specify only CommunitySet name. + ```shell % gobgp policy neighbor del cs1 ``` + If you want to remove one element(community) of CommunitySet, to specify a address in addition to the CommunitySet name. + ```shell % gobgp policy prefix del cs1 65100:10 ``` ### 3.5. Operations for ExtCommunitySet - add/del/show - + #### Syntax + ```shell # add ExtCommunitySet % gobgp policy ext-community add <extended community set name> <extended community> @@ -333,31 +397,40 @@ If you want to remove one element(community) of CommunitySet, to specify a addre ``` #### Example -If you want to add the ExtCommunitySet: + +If you want to add the ExtCommunitySet: + ```shell % gobgp policy ext-community add ecs1 RT:65100:10 ``` -Extended community set as \<SubType>:\<Global Admin>:\<LocalAdmin>. + +Extended community set as `<SubType>:<Global Admin>:<LocalAdmin>`. If you read the [RFC4360](https://tools.ietf.org/html/rfc4360) and [RFC7153](https://tools.ietf.org/html/rfc7153), you can know more about Extended community. You can specify the position using regexp-like expression as follows: - - RT:[0-9]+:[0-9]+ - - SoO:10.0.10.10:[0-9]+ + +- `RT:[0-9]+:[0-9]+` +- `SoO:10.0.10.10:[0-9]+` However, regular expressions for subtype can not be used, to use for the global admin and local admin. A ExtCommunitySet it is possible to have multiple extended community, if you want to remove the ExtCommunitySet to specify only ExtCommunitySet name. + ```shell % gobgp policy neighbor del ecs1 ``` + If you want to remove one element(extended community) of ExtCommunitySet, to specify a address in addition to the ExtCommunitySet name. + ```shell % gobgp policy prefix del ecs1 RT:65100:10 ``` ### 3.6. Operations for LargeCommunitySet - add/del/show - + #### Syntax + ```shell # add LargeCommunitySet % gobgp policy large-community add <set name> <large community>... @@ -372,6 +445,7 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe ``` #### Example + ```shell % gobgp policy large-community add l0 100:100:100 % gobgp policy large-community add l0 ^100: @@ -383,7 +457,9 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe ``` ### 3.7 Statement Operation - add/del/show - + #### Syntax + ```shell # mod statement % gobgp policy statement { add | del } <statement name> @@ -398,7 +474,9 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe ``` ### 3.8 Policy Operation - add/del/show - + #### Syntax + ```shell # mod policy % gobgp policy { add | del | set } <policy name> [<statement name>...] @@ -408,9 +486,12 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe % gobgp policy <policy name> ``` -## 4. <a name="vrf"> vrf subcommand +## 4. vrf subcommand + ### 4.1 Add/Delete/Show VRF + #### Syntax + ```shell # add vrf % gobgp vrf add <vrf name> rd <rd> rt {import|export|both} <rt>... @@ -421,6 +502,7 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe ``` #### Example + ```shell % gobgp vrf add vrf1 rd 10.100:100 rt both 10.100:100 import 10.100:101 export 10.100:102 % gobgp vrf @@ -432,7 +514,9 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe ``` ### 4.2 Add/Delete/Show VRF routes + #### Syntax + ```shell # add routes to vrf % gobgp vrf <vrf name> rib add <prefix> [-a <address family>] @@ -443,6 +527,7 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe ``` #### Example + ```shell % gobgp vrf vrf1 rib add 10.0.0.0/24 % gobgp vrf vrf1 rib add 2001::/64 -a ipv6 @@ -456,7 +541,7 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe % gobgp vrf vrf1 rib del 2001::/64 ``` -## 5. <a name="monitor"> monitor subcommand +## 5. monitor subcommand ### 5.1 monitor global rib @@ -530,9 +615,12 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe % gobgp global rib -a ipv4 del 10.2.1.0/24 ``` -## 6. <a name="mrt"> mrt subcommand +## 6. mrt subcommand + ### 6.1 dump mrt records + #### Syntax + ```shell % gobgp mrt dump rib global [<interval>] % gobgp mrt dump rib neighbor <neighbor address> [<interval>] @@ -546,13 +634,17 @@ If you want to remove one element(extended community) of ExtCommunitySet, to spe | o | outdir | output directory of dump files | #### Example -see [MRT](https://github.com/osrg/gobgp/blob/master/docs/sources/mrt.md). + +see [MRT](mrt.md). ### 6.2 inject mrt records + #### Syntax + ```shell % gobgp mrt inject global <filename> [<count>] ``` #### Example -see [MRT](https://github.com/osrg/gobgp/blob/master/docs/sources/mrt.md). + +see [MRT](mrt.md). diff --git a/docs/sources/cli-operations.md b/docs/sources/cli-operations.md index 48f373b3..94f772d7 100644 --- a/docs/sources/cli-operations.md +++ b/docs/sources/cli-operations.md @@ -4,11 +4,12 @@ This page explains comprehensive examples of operations via GoBGP CLI. ## Prerequisites -Assumed that you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assumed that you finished [Getting Started](getting-started.md). ## Configuration -This example starts with the same configuration with [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md) +This example starts with the same configuration with +[Getting Started](getting-started.md) Make sure that all the peers are connected. @@ -113,5 +114,4 @@ $ gobgp neighbor 10.0.255.1 softresetin $ gobgp neighbor 10.0.255.1 softresetout ``` - -You can know more about gobgp command syntax [here](https://github.com/osrg/gobgp/blob/master/docs/sources/cli-command-syntax.md). +You can know more about [CLI command syntax](cli-command-syntax.md). diff --git a/docs/sources/configuration.md b/docs/sources/configuration.md index 78ad4c42..15a86761 100644 --- a/docs/sources/configuration.md +++ b/docs/sources/configuration.md @@ -1,4 +1,4 @@ -# Configuration example +# Configuration Example ```toml [global.config] diff --git a/docs/sources/dynamic-neighbor.md b/docs/sources/dynamic-neighbor.md index aee75c92..8e940673 100644 --- a/docs/sources/dynamic-neighbor.md +++ b/docs/sources/dynamic-neighbor.md @@ -10,6 +10,7 @@ Dynamic Neighbor enables GoBGP to accept connections from the peers in specific - [Verification](#verification) ## Prerequisite + Assumed that you finished [Getting Started](getting-started.md) and learned [Peer Group](peer-group.md). ## Configuration @@ -44,9 +45,10 @@ and the `sample-group` configuration is used as the configuration of members of Note that GoBGP will be passive mode to members of dynamic neighbors. So if both peers listen to each other as dynamic neighbors, the connection will never be established. -# Verification +## Verification Dynamic neighbors are not shown by `gobgp neighbor` command until the connection is established. + ```shell $ gobgp neighbor Peer AS Up/Down State |#Received Accepted @@ -66,7 +68,7 @@ BGP neighbor is 172.40.1.3, remote AS 65002 BGP OutQ = 0, Flops = 0 Hold time is 90, keepalive interval is 30 seconds Configured hold time is 90, keepalive interval is 30 seconds - + Neighbor capabilities: multiprotocol: ipv4-unicast: advertised and received diff --git a/docs/sources/ebgp-multihop.md b/docs/sources/ebgp-multihop.md index 8770daf7..d30069fc 100644 --- a/docs/sources/ebgp-multihop.md +++ b/docs/sources/ebgp-multihop.md @@ -5,14 +5,14 @@ BGP (eBGP) peers are not directly connected and multiple IP hops away. ## Prerequisites -Assume you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assume you finished [Getting Started](getting-started.md). ## Contents -- [Configuration](#section0) -- [Verification](#section1) +- [Configuration](#configuration) +- [Verification](#verification) -## <a name="section0"> Configuration +## Configuration If eBGP neighbor "10.0.0.2" is 2 hops away, you need to configure `[neighbors.ebgp-multihop.config]` with `multihop-ttl >= 3` in @@ -33,15 +33,15 @@ router-id = "10.0.0.1" ``` **NOTE:** eBGP Multihop feature is mututally exclusive with -[TTL Security](https://github.com/osrg/gobgp/blob/master/docs/sources/ttl-security.md). +[TTL Security](ttl-security.md). These features cannot be configured for the same neighbor. -## <a name="section1"> Verification +## Verification Without eBGP multihop configuration, the default TTL for eBGP session is 1, and GoBGP cannot reach the neighbor on 2 hops away. -``` +```bash $ gobgpd -f gobgpd.toml {"level":"info","msg":"gobgpd started","time":"YYYY-MM-DDTHH:mm:ss+09:00"} {"Topic":"Config","level":"info","msg":"Finished reading the config file","time":"YYYY-MM-DDTHH:mm:ss+09:00"} @@ -50,7 +50,7 @@ $ gobgpd -f gobgpd.toml ...(No connection)... ``` -``` +```bash $ tcpdump -i ethXX tcp -v tcpdump: listening on ethXX, link-type EN10MB (Ethernet), capture size 262144 bytes hh:mm:ss IP (tos 0x0, ttl 1, id 19110, offset 0, flags [DF], proto TCP (6), length 60) @@ -65,7 +65,7 @@ hh:mm:ss IP (tos 0x0, ttl 1, id 19112, offset 0, flags [DF], proto TCP (6), leng With eBGP multihop configuration, GoBGP will set the given TTL for eBGP session and successfully connect to the neighbor on 2 hops away. -``` +```bash $ gobgpd -f gobgpd.toml {"level":"info","msg":"gobgpd started","time":"YYYY-MM-DDTHH:mm:ss+09:00"} {"Topic":"Config","level":"info","msg":"Finished reading the config file","time":"YYYY-MM-DDTHH:mm:ss+09:00"} @@ -75,7 +75,7 @@ $ gobgpd -f gobgpd.toml ...(snip)... ``` -``` +```bash $ tcpdump -i ethXX tcp -v tcpdump: listening on ethXX, link-type EN10MB (Ethernet), capture size 262144 bytes hh:mm:ss IP (tos 0x0, ttl 3, id 31155, offset 0, flags [DF], proto TCP (6), length 60) diff --git a/docs/sources/evpn.md b/docs/sources/evpn.md index ddf80376..ab53fea1 100644 --- a/docs/sources/evpn.md +++ b/docs/sources/evpn.md @@ -253,7 +253,7 @@ Then the following example shows two OSS BGP implementations can interchange EVP Topology: -``` +```text +------------+ | GoBGP (RR) | +-----| AS 65000 |-----+ @@ -429,7 +429,7 @@ with eBGP and GoBGP interchanges EVPN routes from one YABGP peer to another. Topology: -``` +```text +------------+ | GoBGP | +-----| AS 65254 |-----+ @@ -501,7 +501,7 @@ In the REST request, you need to specify the `Authorization` header is `admin/ad Request URL for sending UPDATE messages: -``` +```text POST http://10.0.0.1:8801/v1/peer/10.0.0.254/send/update ``` @@ -608,6 +608,7 @@ curl -X POST -u admin:admin -H 'Content-Type: application/json' http://10.0.0.1: } }' ``` + EVPN type 4: ```bash diff --git a/docs/sources/getting-started.md b/docs/sources/getting-started.md index 8115060a..8dfad0e7 100644 --- a/docs/sources/getting-started.md +++ b/docs/sources/getting-started.md @@ -28,8 +28,8 @@ If you don't like `toml`, you can use `json`, `yaml` and `hcl` instead. peer-as = 65002 ``` -see [here](https://github.com/osrg/gobgp/blob/master/docs/sources/configuration.md) for -more complicated configuration. +See [Configuration Example](configuration.md) for more complicated +configuration. ## Starting GoBGP @@ -100,6 +100,7 @@ BGP neighbor is 10.0.255.1, remote AS 65001 ``` Check out the global table. + ```bash $ gobgp global rib Network Next Hop AS_PATH Age Attrs diff --git a/docs/sources/graceful-restart.md b/docs/sources/graceful-restart.md index 390f779d..914d2305 100644 --- a/docs/sources/graceful-restart.md +++ b/docs/sources/graceful-restart.md @@ -9,12 +9,15 @@ to do graceful restart. GoBGP supports both roles. ## Contents -- [Helper speaker](#helper) -- [Restarting speaker](#restarting) -- [Graceful Restart Notification Support](#notification) -- [Long Lived Graceful Restart](#long-lived) +- [Helper speaker](#helper-speaker) +- [Restarting speaker](#restarting-speaker) +- [Graceful Restart Notification Support](#graceful-restart-notification-support) +- [Long Lived Graceful Restart](#long-lived-graceful-restart) + - [Long Lived Graceful Restart Helper Speaker Configuration](#long-lived-graceful-restart-helper-speaker-configuration) + - [Long Lived Graceful Restart Restarting Speaker Configuration](#long-lived-graceful-restart-restarting-speaker-configuration) + - [Combination with normal Graceful Restart](#combination-with-normal-graceful-restart) -## <a name="helper"> Helper speaker +## Helper speaker Below is the configuration to enable helper speaker behavior. @@ -64,7 +67,7 @@ BGP neighbor is 10.0.255.1, remote AS 65001 Accepted: 0 ``` -## <a name="restarting"> Restarting speaker +## Restarting speaker To support restarting speaker behavior, try the configuration below. @@ -145,7 +148,7 @@ Also, when `gobgpd` doesn't recovered within `restart-time`, the peers will withdraw all routes. Default value of `restart-time` is equal to `hold-time`. -## <a name="notification"> Graceful Restart Notification Support +## Graceful Restart Notification Support [RFC4724](https://tools.ietf.org/html/rfc4724) specifies gracful restart procedures are triggered only when the BGP session between graceful restart capable peers turns down without @@ -168,7 +171,7 @@ To turn on this feature, add `notification-enabled = true` to configuration like notification-enabled = true ``` -## <a name="long-lived"> Long Lived Graceful Restart +## Long Lived Graceful Restart ### Long Lived Graceful Restart Helper Speaker Configuration @@ -211,7 +214,7 @@ restart-time as per address family. restart-time = 100000 ``` -### Conbination with normal Graceful Restart +### Combination with normal Graceful Restart You can also use long lived graceful restart with normal graceful restart. diff --git a/docs/sources/grpc-client.md b/docs/sources/grpc-client.md index bc91c3f0..1b0d758a 100644 --- a/docs/sources/grpc-client.md +++ b/docs/sources/grpc-client.md @@ -14,16 +14,21 @@ Ruby, C++, Node.js, and Java. It assumes that you use Ubuntu 16.04 (64bit). - [Node.js](#nodejs) - [Java](#java) -## <a name="prerequisite"> Prerequisite -We assumes that you have finished installing `protoc` [protocol buffer](https://github.com/google/protobuf) compiler to generate stub server and client code and "protobuf runtime" for your favorite language. +## Prerequisite -Please refer to [the official docs of gRPC](http://www.grpc.io/docs/) for details. +We assumes that you have finished installing `protoc` +[protocol buffer](https://github.com/google/protobuf) compiler to generate stub +server and client code and "protobuf runtime" for your favorite language. -## <a name="python"> Python +Please refer to [the official docs of gRPC](http://www.grpc.io/docs/) for +details. + +## Python ### Generating Stub Code We need to generate stub code GoBGP at first. + ```bash $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc/python $ GOBGP_API=$GOPATH/src/github.com/osrg/gobgp/api @@ -32,7 +37,8 @@ $ protoc -I $GOBGP_API --python_out=. --grpc_out=. --plugin=protoc-gen-grpc=`wh ### Get Neighbor -['tools/grpc/python/get_neighbor.py'](https://github.com/osrg/gobgp/blob/master/tools/grpc/python/get_neighbor.py) shows an example for getting neighbor's information. +['tools/grpc/python/get_neighbor.py'](https://github.com/osrg/gobgp/blob/master/tools/grpc/python/get_neighbor.py) +shows an example for getting neighbor's information. Let's run this script. ```bash @@ -47,11 +53,12 @@ BGP neighbor is 10.0.0.2, remote AS 65002 We got the neighbor information successfully. -## <a name="ruby"> Ruby +## Ruby ### Generating Stub Code We need to generate stub code GoBGP at first. + ```bash $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc/ruby $ GOBGP_API=$GOPATH/src/github.com/osrg/gobgp/api @@ -60,7 +67,8 @@ $ protoc -I $GOBGP_API --ruby_out=. --grpc_out=. --plugin=protoc-gen-grpc=`whic ### Get Neighbor -['tools/grpc/ruby/get_neighbor.py'](https://github.com/osrg/gobgp/blob/master/tools/grpc/ruby/get_neighbor.rb) shows an example for getting neighbor's information. +['tools/grpc/ruby/get_neighbor.py'](https://github.com/osrg/gobgp/blob/master/tools/grpc/ruby/get_neighbor.rb) +shows an example for getting neighbor's information. Let's run this script. ```bash @@ -73,22 +81,28 @@ BGP neighbor is 10.0.0.2, remote AS 65002 Configured hold time is 90 ``` -## <a name="cpp"> C++ +## C++ -We use .so compilation with golang, please use only 1.5 or newer version of Go Lang. +We use .so compilation with golang, please use only 1.5 or newer version of Go +Lang. -['tools/grpc/cpp/gobgp_api_client.cc'](https://github.com/osrg/gobgp/blob/master/tools/grpc/cpp/gobgp_api_client.cc) shows an example for getting neighbor's information. +['tools/grpc/cpp/gobgp_api_client.cc'](https://github.com/osrg/gobgp/blob/master/tools/grpc/cpp/gobgp_api_client.cc) +shows an example for getting neighbor's information. -We provide ['tools/grpc/cpp/build.sh'](https://github.com/osrg/gobgp/blob/master/tools/grpc/cpp/build.sh) to build this sample code. +We provide +['tools/grpc/cpp/build.sh'](https://github.com/osrg/gobgp/blob/master/tools/grpc/cpp/build.sh) +to build this sample code. This script also generates stub codes and builds GoBGP shared library. Let's build the sample code: + ```bash $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc/cpp $ bash build.sh ``` -### Let's run it: +### Let's run it + ```bash $ ./gobgp_api_client 172.18.0.2 BGP neighbor is: 10.0.0.2, remote AS: 1 @@ -105,7 +119,7 @@ BGP neighbor is: 10.0.0.3, remote AS: 1 Configured hold time is 90 ``` -## <a name="nodejs"> Node.js +## Node.js ### Example @@ -116,10 +130,11 @@ $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc/nodejs $ ln -s $GOPATH/src/github.com/osrg/gobgp/api/gobgp.proto ``` -['tools/grpc/nodejs/get_neighbor.js'](https://github.com/osrg/gobgp/blob/master/tools/grpc/nodejs/get_neighbors.js) shows an example to show neighbor information. +['tools/grpc/nodejs/get_neighbor.js'](https://github.com/osrg/gobgp/blob/master/tools/grpc/nodejs/get_neighbors.js) +shows an example to show neighbor information. Let's run this: -``` +```bash $ node get_neighbors.js BGP neighbor: 10.0.255.1 , remote AS: 65001 BGP version 4, remote router ID: 10.0.255.1 @@ -135,17 +150,22 @@ BGP neighbor: 10.0.255.2 , remote AS: 65002 Configured hold time: 90 ``` -## <a name="java"> Java +## Java + +At the time of this writing, versions of each plugins and tools are as +following: -At the time of this writing, versions of each plugins and tools are as following: -* ProtocolBuffer: 3.3.0 -* grpc-java: 1.4.0 -* java: 1.8.0_131 +- ProtocolBuffer: 3.3.0 +- grpc-java: 1.4.0 +- java: 1.8.0_131 -In proceeding with the following procedure, please substitute versions to the latest. +In proceeding with the following procedure, please substitute versions to the +latest. + +### Install JDK -### Install JDK: We need to install JDK and we use Oracle JDK8 in this example. + ```bash $ sudo add-apt-repository ppa:webupd8team/java $ sudo apt-get update @@ -158,8 +178,10 @@ $ echo "export JAVA_HOME=/usr/lib/jvm/java-8-oracle" >> ~/.bashrc $ source ~/.bashrc ``` -### Create protobuf library for Java: +### Create protobuf library for Java + We assume you've cloned gRPC repository in your home directory. + ```bash $ sudo apt-get install maven $ cd ~/grpc/third_party/protobuf/java @@ -179,6 +201,7 @@ $ ls ./core/target/proto* ``` ### Clone grpc-java and get plugins + ```bash $ cd ~/work $ git clone https://github.com/grpc/grpc-java.git @@ -190,7 +213,8 @@ $ ls ../compiler/build/binaries/java_pluginExecutable/ protoc-gen-grpc-java ``` -### Generate stub classes: +### Generate stub classes + ```bash $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc $ mkdir -p java/src @@ -202,11 +226,14 @@ $ ls ./src/gobgpapi/ Gobgp.java GobgpApiGrpc.java ``` -### Build sample client: +### Build sample client -['tools/grpc/java/src/gobgp/example/GobgpSampleClient.java'](https://github.com/osrg/gobgp/blob/master/tools/grpc/java/src/gobgp/example/GobgpSampleClient.java) is an example to show neighbor information. +['tools/grpc/java/src/gobgp/example/GobgpSampleClient.java'](https://github.com/osrg/gobgp/blob/master/tools/grpc/java/src/gobgp/example/GobgpSampleClient.java) +is an example to show neighbor information. + +Let's build and run it. However we need to download and copy some dependencies +beforehand. -Let's build and run it. However we need to download and copy some dependencies beforehand. ```bash $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc/java $ mkdir lib @@ -225,6 +252,7 @@ $ cp ~/work/grpc-java/okhttp/build/libs/grpc-okhttp-1.4.0.jar ./ ``` We are ready to build and run. + ```bash $ cd $GOPATH/src/github.com/osrg/gobgp/tools/grpc/java $ mkdir classes diff --git a/docs/sources/lib.md b/docs/sources/lib.md index 0e5b7e9f..390a5970 100644 --- a/docs/sources/lib.md +++ b/docs/sources/lib.md @@ -3,9 +3,10 @@ This page explains how to use GoBGP as a Go Native BGP library. ## Contents -- [Basic Example](#basic) -## <a name="basic"> Basic Example +- [Basic Example](#basic-example) + +## Basic Example ```go package main diff --git a/docs/sources/mrt.md b/docs/sources/mrt.md index 682eef97..158815db 100644 --- a/docs/sources/mrt.md +++ b/docs/sources/mrt.md @@ -4,24 +4,25 @@ This page explains how to play with GoBGP's MRT feature. ## Prerequisites -Assume you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assume you finished [Getting Started](getting-started.md). ## Contents -- [Inject routes from MRT table v2 records](#section0) -- [Dump updates in MRT BGP4MP format](#section1) - - [Configuration](#section1.1) -- [Dump the RIB in MRT TABLE_DUMPv2 format](#section2) - - [Configuration](#section2.1) -## <a name="section0"> Inject routes from MRT table v2 records +- [Inject routes from MRT table v2 records](#inject-routes-from-mrt-table-v2-records) +- [Dump updates in MRT BGP4MP format](#dump-updates-in-mrt-bgp4mp-format) +- [Dump the RIB in MRT TABLE_DUMPv2 format](#dump-the-rib-in-mrt-table_dumpv2-format) + +## Inject routes from MRT table v2 records + Route injection can be done by + ```bash $ gobgp mrt inject global <dumpfile> [<number of prefix to inject>] ``` -## <a name="section1"> Dump updates in MRT BGP4MP format +## Dump updates in MRT BGP4MP format -### <a name="section1.1"> Configuration +### Configuration With the following configuration, gobgpd continuously dumps BGP update messages to `/tmp/updates.dump` file in the BGP4MP format. @@ -48,15 +49,14 @@ specified in golang's rotation-interval = 180 ``` -## <a name="section2"> Dump the RIB in MRT TABLE_DUMPv2 format +## Dump the RIB in MRT TABLE_DUMPv2 format -### <a name="section2.1"> Configuration +### Configuration With the following configuration, gobgpd continuously dumps routes in the global rib to `/tmp/table.dump` file in the TABLE_DUMPv2 format every 60 seconds. - ```toml [[mrt-dump]] [mrt-dump.config] @@ -68,7 +68,6 @@ every 60 seconds. With a route server configuration, gobgpd can dump routes in each peer's RIB. - ```toml [[neighbors]] [neighbors.config] diff --git a/docs/sources/peer-group.md b/docs/sources/peer-group.md index a9ee39f0..516716e2 100644 --- a/docs/sources/peer-group.md +++ b/docs/sources/peer-group.md @@ -10,6 +10,7 @@ With Peer Group, you can set the same configuration to multiple peers. - [Verification](#verification) ## Prerequisite + Assumed that you finished [Getting Started](getting-started.md). ## Configuration @@ -58,7 +59,7 @@ BGP neighbor is 172.40.1.3, remote AS 65001 BGP OutQ = 0, Flops = 0 Hold time is 99, keepalive interval is 33 seconds Configured hold time is 99, keepalive interval is 33 seconds - + Neighbor capabilities: multiprotocol: ipv4-unicast: advertised and received diff --git a/docs/sources/policy.md b/docs/sources/policy.md index dde2c664..ee051a1c 100644 --- a/docs/sources/policy.md +++ b/docs/sources/policy.md @@ -1,49 +1,49 @@ -# Policy configuration +# Policy Configuration This page explains GoBGP policy feature for controlling the route advertisement. It might be called Route Map in other BGP implementations. -We explain the overview firstly, then the details, +We explain the overview firstly, then the details. ## Prerequisites -Assumed that you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assumed that you finished [Getting Started](getting-started.md). ## Contents + - [Overview](#overview) -- [Policy Model](#model) -- [Route Server Policy Model](#rs-model) -- [Policy Structure](#policy) -- [Policy Configuration](#configuration) - - [Defining defined-sets](#defined-sets) - - [Defining bgp-defined-sets](#bgp-defined-sets) - - [Defining policy-definitions](#policy-definition) - - [Attaching policy](#attachment) - - [Attach policy to global rib](#global-attachment) - - [Attach policy to route-server-client](#rs-attachment) - -## <a name="overview"> Overview +- [Policy Model](#policy-model) +- [Route Server Policy Model](#route-server-policy-model) +- [Policy Structure](#policy-structure) +- [Configure Policies](#configure-policies) + - [Defining defined-sets](#1-defining-defined-sets) + - [Defining bgp-defined-sets](#2-defining-bgp-defined-sets) + - [Defining policy-definitions](#3-Defining-policy-definitions) + - [Attaching policy](#4-attaching-policy) + - [Attach policy to global rib](#41-attach-policy-to-global-rib) + - [Attach policy to route-server-client](#42-attach-policy-to-route-server-client) +- [Policy Configuration Example](#policy-configuration-example) + +## Overview Policy is a way to control how BGP routes inserted to RIB or advertised to -peers. Policy has two parts, **Condition** and **Action**. -When a policy is configured, **Action** is applied to routes which meet **Condition** -before routes proceed to next step. +peers. Policy has two parts, **Condition** and **Action**. +When a policy is configured, **Action** is applied to routes which meet +**Condition** before routes proceed to next step. -GoBGP supports **Condition** like `prefix`, `neighbor`(source/destination of the route), -`aspath` etc.., and **Action** like `accept`, `reject`, `MED/aspath/community manipulation` -etc... +GoBGP supports **Condition** like `prefix`, `neighbor`(source/destination of +the route), `aspath` etc.., and **Action** like `accept`, `reject`, +`MED/aspath/community manipulation` etc... You can configure policy by configuration file, CLI or gRPC API. Here, we show how to configure policy via configuration file. -## <a name="model"> Policy Model +## Policy Model The following figure shows how policy works in normal BGP configuration. -<p align="center"> - <img src="./policy.png" alt="policy model"/> -</p> + There are **Import** and **Export** policy. **Import** policy is invoked before best path calculation and pushing routes to RIB. @@ -56,15 +56,15 @@ $ gobgp global policy import $ gobgp global policy export ``` -## <a name="rs-model"> Route Server Policy Model +## Route Server Policy Model -The following figure shows how policy works in [route server BGP configuration](https://github.com/osrg/gobgp/blob/master/docs/sources/route-server.md). +The following figure shows how policy works in +[route server BGP configuration](route-server.md). -<p align="center"> - <img src="./rs-policy.png" alt="Announcement processing model implemented by the route server"/> -</p> + -In route server mode, adding to **Import** and **Export**, we have **In** policy. +In route server mode, adding to **Import** and **Export**, we have **In** +policy. **Import** and **Export** policies are defined with respect to the local routing table. The **Import** policy defines what routes will be @@ -81,11 +81,9 @@ $ gobgp neighbor <neighbor-addr> policy import $ gobgp neighbor <neighbor-addr> policy export ``` -## <a name="policy"> Policy Stracture +## Policy Structure -<p align="center"> - <img src="./policy-component.png" alt="policy component"/> -</p> + A policy consists of statements. Each statement has condition(s) and action(s). @@ -113,7 +111,8 @@ Actions are categorized into attributes below: - set local-pref - prepend AS number in the AS_PATH attribute -When **ALL** conditions in the statement are `true`, the action(s) in the statement are executed. +When **ALL** conditions in the statement are `true`, the action(s) in the +statement are executed. You can check policy configuration by the following commands. @@ -128,37 +127,46 @@ $ gobgp policy ext-community $ gobgp policy large-community ``` -## <a name="configuration"> Policy Configuration +## Configure Policies -Policy Configuration comes from two parts, [definition](#defined-sets) and [attachment](#attachment). -For definition, we have [defined-sets](#defined-sets) and [policy-definition](#policy-definition). +Policy Configuration comes from two parts, [definition](#defined-sets) and +[attachment](#attachment). For definition, we have +[defined-sets](#defined-sets) and [policy-definition](#policy-definition). **defined-sets** defines condition item for some of the condition type. **policy-definitions** defines policies based on actions and conditions. - **defined-sets** - A single **defined-sets** entry has prefix match that is named **prefix-sets** and neighbor match part that is named **neighbor-sets**. It also has **bgp-defined-sets**, a subset of **defined-sets** that defines conditions referring to BGP attributes such as aspath. This **defined-sets** has a name and it's used to refer to **defined-sets** items from outside. + A single **defined-sets** entry has prefix match that is named + **prefix-sets** and neighbor match part that is named **neighbor-sets**. It + also has **bgp-defined-sets**, a subset of **defined-sets** that defines + conditions referring to BGP attributes such as aspath. This **defined-sets** + has a name and it's used to refer to **defined-sets** items from outside. - **policy-definitions** - **policy-definitions** is a list of policy. A single element has **statements** part that combines conditions with an action. + **policy-definitions** is a list of policy. A single element has + **statements** part that combines conditions with an action. Below are the steps for policy configuration 1. define defined-sets - 1. define prefix-sets - 1. define neighbor-sets -1. define bgp-defined-sets - 1. define community-sets - 1. define ext-community-sets - 1. define as-path-setList - 1. define large-community-sets -1. define policy-definitions -1. attach policies to global rib (or neighbor local rib when neighbor is [route-server-client](https://github.com/osrg/gobgp/blob/master/docs/sources/route-server.md)). - - -### <a name="defined-sets"> 1. Defining defined-sets -defined-sets has prefix information and neighbor information in prefix-sets and neighbor-sets section, and GoBGP uses these information to evaluate routes. + 1. define prefix-sets + 1. define neighbor-sets +1. define bgp-defined-sets + 1. define community-sets + 1. define ext-community-sets + 1. define as-path-setList + 1. define large-community-sets +1. define policy-definitions +1. attach policies to global rib (or neighbor local rib when neighbor is + [route-server-client](route-server.md)). + +### 1. Defining defined-sets + +defined-sets has prefix information and neighbor information in prefix-sets and +neighbor-sets section, and GoBGP uses these information to evaluate routes. Defining defined-sets is needed at first. -prefix-sets and neighbor-sets section are prefix match part and neighbor match part. +prefix-sets and neighbor-sets section are prefix match part and neighbor match +part. - defined-sets example @@ -176,30 +184,33 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p neighbor-info-list = ["10.0.255.1"] ``` - ---- +#### prefix-sets - #### prefix-sets - prefix-sets has prefix-set-list, and prefix-set-list has prefix-set-name and prefix-list as its element. prefix-set-list is used as a condition. Note that prefix-sets has either v4 or v6 addresses. +prefix-sets has prefix-set-list, and prefix-set-list has prefix-set-name and +prefix-list as its element. prefix-set-list is used as a condition. Note that +prefix-sets has either v4 or v6 addresses. - **prefix-set-list** has 1 element and list of subelement. +**prefix-set-list** has 1 element and list of sub-elements. - | Element | Description | Example | Optional | - |------------------|------------------------------------|---------------|------------| - | prefix-set-name | name of prefix-set | "ps1" | | - | prefix-list | list of prefix and range of length | | | +| Element | Description | Example | Optional | +|------------------|------------------------------------|---------------|------------| +| prefix-set-name | name of prefix-set | "ps1" | | +| prefix-list | list of prefix and range of length | | | - **PrefixLlist** has 2 elements. +**PrefixList** has 2 elements. - | Element | Description | Example | Optional | - |------------------|-------------------|----------------|------------| - | ip-prefix | prefix value | "10.33.0.0/16" | | - | masklength-range | range of length | "21..24" | Yes | +| Element | Description | Example | Optional | +|------------------|-------------------|----------------|------------| +| ip-prefix | prefix value | "10.33.0.0/16" | | +| masklength-range | range of length | "21..24" | Yes | +##### Examples - ##### Examples - - example 1 - - Match routes whose high order 2 octets of NLRI is 10.33 and its prefix length is between from 21 to 24 - - If you define a prefix-list that doesn't have MasklengthRange, it matches routes that have just 10.33.0.0/16 as NLRI. +- example 1 + - Match routes whose high order 2 octets of NLRI is 10.33 and its prefix + length is between from 21 to 24 + - If you define a prefix-list that doesn't have MasklengthRange, it matches + routes that have just 10.33.0.0/16 as NLRI. ```toml # example 1 @@ -210,10 +221,11 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p masklength-range = "21..24" ``` - - - example 2 - - If you want to evaluate multiple routes with a single prefix-set-list, you can do this by adding an another prefix-list like this: - - This prefix-set-list match checks if a route has 10.33.0.0/21 to 24 or 10.50.0.0/21 to 24. +- example 2 + - If you want to evaluate multiple routes with a single prefix-set-list, you + can do this by adding an another prefix-list like this: + - This prefix-set-list match checks if a route has 10.33.0.0/21 to 24 or + 10.50.0.0/21 to 24. ```toml # example 2 @@ -227,9 +239,10 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p masklength-range = "21..24" ``` - - example 3 - - prefix-set-name under prefix-set-list is reference to a single prefix-set. - - If you want to add different prefix-set more, you can add other blocks that form the same structure with example 1. +- example 3 + - prefix-set-name under prefix-set-list is reference to a single prefix-set. + - If you want to add different prefix-set more, you can add other blocks that + form the same structure with example 1. ```toml # example 3 @@ -245,28 +258,30 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p masklength-range = "21..24" ``` - ---- +#### neighbor-sets - #### neighbor-sets +neighbor-sets has neighbor-set-list, and neighbor-set-list has +neighbor-set-name and neighbor-info-list as its element. It is necessary to +specify a neighbor address in neighbor-info-list. neighbor-set-list is used as +a condition. - neighbor-sets has neighbor-set-list, and neighbor-set-list has neighbor-set-name and neighbor-info-list as its element. It is necessary to specify a neighbor address in neighbor-info-list. neighbor-set-list is used as a condition. +**neighbor-set-list** has 1 element and list of sub-elements. - **neighbor-set-list** has 1 element and list of subelement. +| Element |Description | Example | Optional | +|--------------------|---------------------------|--------------|------------| +| neighbor-set-name | name of neighbor-set | "ns1" | | +| neighbor-info-list | list of neighbor address | | | - | Element |Description | Example | Optional | - |--------------------|---------------------------|--------------|------------| - | neighbor-set-name | name of neighbor-set | "ns1" | | - | neighbor-info-list | list of neighbor address | | | +**neighbor-info-list** has 1 element. - **neighbor-info-list** has 1 element. +| Element |Description | Example | Optional | +|-----------------|---------------------|--------------|------------| +| address | neighbor address | "10.0.255.1" | | - | Element |Description | Example | Optional | - |-----------------|---------------------|--------------|------------| - | address | neighbor address | "10.0.255.1" | | +##### Examples - ##### Examples +- example 1 - - example 1 ```toml # example 1 [[defined-sets.neighbor-sets]] @@ -278,8 +293,9 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p neighbor-info-list = ["10.0.0.0/24"] ``` - - example 2 - - As with prefix-set-list, neighbor-set-list can have multiple neighbor-info-list like this. +- example 2 + - As with prefix-set-list, neighbor-set-list can have multiple + neighbor-info-list like this. ```toml # example 2 @@ -288,9 +304,9 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p neighbor-info-list = ["10.0.255.1", "10.0.255.2"] ``` - - example 3 - - As with prefix-set-list, multiple neighbor-set-lists can be defined. - +- example 3 + - As with prefix-set-list, multiple neighbor-set-lists can be defined. + ```toml # example 3 [[defined-sets.neighbor-sets]] @@ -302,15 +318,14 @@ prefix-sets and neighbor-sets section are prefix match part and neighbor match p neighbor-info-list = ["10.0.254.1"] ``` ---- - -### <a name="bgp-defined-sets"> 2. Defining bgp-defined-sets +### 2. Defining bgp-defined-sets bgp-defined-sets has Community information, Extended Community information and AS_PATH information in each Sets section respectively. And it is a child element of defined-sets. community-sets, ext-community-sets and as-path-sets section are each match -part. Like prefix-sets and neighbor-sets, each can have multiple sets and each set can have multiple values. +part. Like prefix-sets and neighbor-sets, each can have multiple sets and each +set can have multiple values. - bgp-defined-sets example @@ -327,33 +342,34 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s [[defined-sets.bgp-defined-sets.as-path-sets]] as-path-set-name = "aspath1" as-path-list = ["^65100"] -# Large Community match part + # Large Community match part [[defined-sets.bgp-defined-sets.large-community-sets]] large-community-set-name = "lcommunity1" large-community-list = ["65100:100:100"] ``` - ---- +#### community-sets - #### community-sets - community-sets has community-set-name and community-list as its element. The Community value are used to evaluate communities held by the destination. +community-sets has community-set-name and community-list as its element. The +Community value are used to evaluate communities held by the destination. - | Element | Description | Example | Optional | - |--------------------|-------------------------|--------------|----------| - | community-set-name | name of CommunitySet | "community1" | | - | community-list | list of community value | | | +| Element | Description | Example | Optional | +|--------------------|-------------------------|--------------|----------| +| community-set-name | name of CommunitySet | "community1" | | +| community-list | list of community value | | | - **community-list** has 1 element. +**community-list** has 1 element. - | Element | Description | Example | Optional | - |------------|-------------------------|--------------|----------| - | community | community value | "65100:10" | | +| Element | Description | Example | Optional | +|------------|-------------------------|--------------|----------| +| community | community value | "65100:10" | | - You can use regular expressions to specify community in community-list. +You can use regular expressions to specify community in community-list. - ##### Examples - - example 1 - - Match routes which has "65100:10" as a community value. +##### Examples + +- example 1 + - Match routes which has "65100:10" as a community value. ```toml # example 1 @@ -362,9 +378,9 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s community-list = ["65100:10"] ``` - - example 2 - - Specifying community by regular expression - - You can use regular expressions based on POSIX 1003.2 regular expressions. +- example 2 + - Specifying community by regular expression + - You can use regular expressions based on POSIX 1003.2 regular expressions. ```toml # example 2 @@ -372,32 +388,36 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s community-set-name = "community2" community-list = ["6[0-9]+:[0-9]+"] ``` - ---- - #### ext-community-sets - ext-community-sets has ext-community-set-name and ext-community-list as its element. The values are used to evaluate extended communities held by the destination. +#### ext-community-sets + +ext-community-sets has ext-community-set-name and ext-community-list as its +element. The values are used to evaluate extended communities held by the +destination. - | Element | Description | Example | Optional | - |------------------------|------------------------------------|------------------|----------| - | ext-community-set-name | name of ExtCommunitySet | "ecommunity1" | | - | ext-community-list | list of extended community value | | | +| Element | Description | Example | Optional | +|------------------------|------------------------------------|------------------|----------| +| ext-community-set-name | name of ExtCommunitySet | "ecommunity1" | | +| ext-community-list | list of extended community value | | | - **ext-community-list** has 1 element. +**ext-community-list** has 1 element. - | Element | Description | Example | Optional | - |----------------|----------------------------|------------------|----------| - | ext-community | extended community value | "RT:65001:200" | | +| Element | Description | Example | Optional | +|----------------|----------------------------|------------------|----------| +| ext-community | extended community value | "RT:65001:200" | | - You can use regular expressions to specify extended community in ext-community-list. - However, the first one element separated by (part of "RT") does not support to the regular expression. - The part of "RT" indicates a subtype of extended community and subtypes that can be used are as follows: +You can use regular expressions to specify extended community in +ext-community-list. However, the first one element separated by (part of "RT") +does not support to the regular expression. The part of "RT" indicates a +subtype of extended community and subtypes that can be used are as follows: - - RT: mean the route target. - - SoO: mean the site of origin(route origin). +- RT: mean the route target. +- SoO: mean the site of origin(route origin). + +##### Examples - ##### Examples - - example 1 - - Match routes which has "RT:65001:200" as a extended community value. +- example 1 + - Match routes which has "RT:65001:200" as a extended community value. ```toml # example 1 @@ -406,9 +426,9 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s ext-community-list = ["RT:65100:200"] ``` - - example 2 - - Specifying extended community by regular expression - - You can use regular expressions that is available in Golang. +- example 2 + - Specifying extended community by regular expression + - You can use regular expressions that is available in Golang. ```toml # example 2 @@ -417,37 +437,42 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s ext-community-list = ["RT:6[0-9]+:[0-9]+"] ``` - ---- +#### as-path-sets - #### as-path-sets - as-path-sets has as-path-set-name and as-path-list as its element. The numbers are used to evaluate AS numbers in the destination's AS_PATH attribute. +as-path-sets has as-path-set-name and as-path-list as its element. The numbers +are used to evaluate AS numbers in the destination's AS_PATH attribute. - | Element | Description | Example | Optional | - |------------------|---------------------------|------------|----------| - | as-path-set-name | name of as-path-set | "aspath1" | | - | as-path-list | list of as path value | | | +| Element | Description | Example | Optional | +|------------------|---------------------------|------------|----------| +| as-path-set-name | name of as-path-set | "aspath1" | | +| as-path-list | list of as path value | | | - **as-path-list** has 1 elements. +**as-path-list** has 1 elements. - | Element | Description | Example | Optional | - |------------------|-------------------|------------|----------| - | as-path-set | as path value | "^65100" | | +| Element | Description | Example | Optional | +|------------------|-------------------|------------|----------| +| as-path-set | as path value | "^65100" | | - The AS path regular expression is compatible with [Quagga](http://www.nongnu.org/quagga/docs/docs-multi/AS-Path-Regular-Expression.html) and Cisco. - Note Character `_` has special meaning. It is abbreviation for `(^|[,{}() ]|$)`. +The AS path regular expression is compatible with +[Quagga](http://www.nongnu.org/quagga/docs/docs-multi/AS-Path-Regular-Expression.html) +and Cisco. Note Character `_` has special meaning. It is abbreviation for +`(^|[,{}() ]|$)`. - Some examples follow: - - From: `^65100_` means the route is passed from AS 65100 directly. - - Any: `_65100_` means the route comes through AS 65100. - - Origin: `_65100$` means the route is originated by AS 65100. - - Only: `^65100$` means the route is originated by AS 65100 and comes from it directly. - - `^65100_65001` - - `65100_[0-9]+_.*$` - - `^6[0-9]_5.*_65.?00$` +Some examples follow: - ##### Examples - - example 1 - - Match routes which come from AS 65100. +- From: `^65100_` means the route is passed from AS 65100 directly. +- Any: `_65100_` means the route comes through AS 65100. +- Origin: `_65100$` means the route is originated by AS 65100. +- Only: `^65100$` means the route is originated by AS 65100 and comes from it + directly. +- `^65100_65001` +- `65100_[0-9]+_.*$` +- `^6[0-9]_5.*_65.?00$` + +##### Examples + +- example 1 + - Match routes which come from AS 65100. ```toml # example 1 @@ -456,8 +481,9 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s as-path-list = ["^65100_"] ``` - - example 2 - - Match routes which come Origin AS 65100 and use regular expressions to other AS. +- example 2 + - Match routes which come Origin AS 65100 and use regular expressions to + other AS. ```toml # example 2 @@ -466,11 +492,10 @@ part. Like prefix-sets and neighbor-sets, each can have multiple sets and each s as-path-list = ["[0-9]+_65[0-9]+_65100$"] ``` ---- +### 3. Defining policy-definitions -### <a name="policy-definition"> 3. Defining policy-definitions - -policy-definitions consists of condition and action. Condition part is used to evaluate routes from neighbors, if matched, action will be applied. +policy-definitions consists of condition and action. Condition part is used to +evaluate routes from neighbors, if matched, action will be applied. - an example of policy-definitions @@ -512,91 +537,92 @@ policy-definitions consists of condition and action. Condition part is used to e The elements of policy-definitions are as follows: - - policy-definitions - - | Element | Description | Example | - |---------|---------------|------------------| - | name | policy's name | "example-policy" | +- policy-definitions - - policy-definitions.statements + | Element | Description | Example | + |---------|---------------|------------------| + | name | policy's name | "example-policy" | - | Element | Description | Example | - |---------|-------------------|----------------| - | name | statements's name | "statement1" | +- policy-definitions.statements - - policy-definitions.statements.conditions.match-prefix-set + | Element | Description | Example | + |---------|-------------------|----------------| + | name | statements's name | "statement1" | - | Element | Description | Example | - |------------------|---------------------------------------------------------------------------|---------| - | prefix-set | name for defined-sets.prefix-sets.prefix-set-list that is used in this policy | "ps1" | - | match-set-options | option for the check:<br> "any" or "invert". default is "any" | "any" | +- policy-definitions.statements.conditions.match-prefix-set - - policy-definitions.statements.conditions.match-neighbor-set + | Element | Description | Example | + |--------------------|-------------------------------------------------------------------------------|---------| + | prefix-set | name for defined-sets.prefix-sets.prefix-set-list that is used in this policy | "ps1" | + | match-set-options | option for the check:<br> "any" or "invert". default is "any" | "any" | - | Element | Description | Example | - |-------------------|-------------------------------------------------------------------------------|---------| - | neighbor-set | name for defined-sets.neighbor-sets.neighbor-set-list that is used in this policy | "ns1" | - | match-set-options | option for the check:<br> "any" or "invert". default is "any" | "any" | +- policy-definitions.statements.conditions.match-neighbor-set - - policy-definitions.statements.conditions.bgp-conditions.match-community-set + | Element | Description | Example | + |-------------------|-------------------------------------------------------------------------------|---------| + | neighbor-set | name for defined-sets.neighbor-sets.neighbor-set-list that is used in this policy | "ns1" | + | match-set-options | option for the check:<br> "any" or "invert". default is "any" | "any" | - | Element | Description | Example | - |-------------------|----------------------------------------------------------------------------------------------------|----------------| - | community-set | name for defined-sets.bgp-defined-sets.community-sets.CommunitySetList that is used in this policy | "community1" | - | match-set-options | option for the check:<br> "any" or "all" or "invert". default is "any" | "invert" | +- policy-definitions.statements.conditions.bgp-conditions.match-community-set - - policy-definitions.statements.conditions.bgp-conditions.match-ext-community-set + | Element | Description | Example | + |-------------------|----------------------------------------------------------------------------------------------------|----------------| + | community-set | name for defined-sets.bgp-defined-sets.community-sets.CommunitySetList that is used in this policy | "community1" | + | match-set-options | option for the check:<br> "any" or "all" or "invert". default is "any" | "invert" | - | Element | Description | Example | - |-------------------|---------------------------------------------------------------------------------------|---------------| - | ext-community-set | name for defined-sets.bgp-defined-sets.ext-community-sets that is used in this policy | "ecommunity1" | - | match-set-options | option for the check:<br> "any" or "all" or "invert". default is "any" | "invert" | +- policy-definitions.statements.conditions.bgp-conditions.match-ext-community-set - - policy-definitions.statements.conditions.bgp-conditions.match-as-path-set + | Element | Description | Example | + |-------------------|---------------------------------------------------------------------------------------|---------------| + | ext-community-set | name for defined-sets.bgp-defined-sets.ext-community-sets that is used in this policy | "ecommunity1" | + | match-set-options | option for the check:<br> "any" or "all" or "invert". default is "any" | "invert" | - | Element | Description | Example | - |--------------------|---------------------------------------------------------------------------------|-----------| - | as-path-set | name for defined-sets.bgp-defined-sets.as-path-sets that is used in this policy | "aspath1" | - | match-set-options | option for the check:<br> "any" or "all" or "invert". default is "any" | "invert" | +- policy-definitions.statements.conditions.bgp-conditions.match-as-path-set - - policy-definitions.statements.conditions.bgp-conditions.match-as-path-length + | Element | Description | Example | + |--------------------|---------------------------------------------------------------------------------|-----------| + | as-path-set | name for defined-sets.bgp-defined-sets.as-path-sets that is used in this policy | "aspath1" | + | match-set-options | option for the check:<br> "any" or "all" or "invert". default is "any" | "invert" | - | Element | Description | Example | - |----------|----------------------------------------------------------------------------------------------------|---------| - | operator | operator to compare the length of AS number in AS_PATH attribute. <br> "eq","ge","le" can be used. <br> "eq" means that length of AS number is equal to Value element <br> "ge" means that length of AS number is equal or greater than the Value element <br> "le" means that length of AS number is equal or smaller than the Value element| "eq" | - | value | value used to compare with the length of AS number in AS_PATH attribute | 2 | +- policy-definitions.statements.conditions.bgp-conditions.match-as-path-length - - policy-definitions.statements.actions + | Element | Description | Example | + |----------|----------------------------------------------------------------------------------------------------|---------| + | operator | operator to compare the length of AS number in AS_PATH attribute. <br> "eq","ge","le" can be used. <br> "eq" means that length of AS number is equal to Value element <br> "ge" means that length of AS number is equal or greater than the Value element <br> "le" means that length of AS number is equal or smaller than the Value element| "eq" | + | value | value used to compare with the length of AS number in AS_PATH attribute | 2 | - | Element | Description | Example | - |-------------------|---------------------------------------------------------------------------------------------------------------|----------------| - | route-disposition | stop following policy/statement evaluation and accept/reject the route:<br> "accept-route" or "reject-route" | "accept-route" | +- policy-definitions.statements.actions - - policy-definitions.statements.actions.bgp-actions + | Element | Description | Example | + |-------------------|---------------------------------------------------------------------------------------------------------------|----------------| + | route-disposition | stop following policy/statement evaluation and accept/reject the route:<br> "accept-route" or "reject-route" | "accept-route" | - | Element | Description | Example | - |----------|---------------------------------------------------------------------------------------|---------| - | set-med | set-med used to change the med value of the route. <br> If only numbers have been specified, replace the med value of route.<br> if number and operater(+ or -) have been specified, adding or subtracting the med value of route. | "-200" | +- policy-definitions.statements.actions.bgp-actions - - policy-definitions.statements.actions.bgp-actions.set-community + | Element | Description | Example | + |----------|---------------------------------------------------------------------------------------|---------| + | set-med | set-med used to change the med value of the route. <br> If only numbers have been specified, replace the med value of route.<br> if number and operater(+ or -) have been specified, adding or subtracting the med value of route. | "-200" | - | Element | Description | Example | - |-------------|----------------------------------------------------------------------------------|------------| - | options | operator to manipulate Community attribute in the route | "ADD" | - | communities | communities used to manipulate the route's community accodriong to options below | "65100:20" | +- policy-definitions.statements.actions.bgp-actions.set-community - - policy-definitions.statements.actions.bgp-actions.set-as-path-prepend + | Element | Description | Example | + |-------------|----------------------------------------------------------------------------------|------------| + | options | operator to manipulate Community attribute in the route | "ADD" | + | communities | communities used to manipulate the route's community according to options below | "65100:20" | - | Element | Description | Example | - |----------|-------------------------------------------------------------------------------------------------------|---------| - | as | AS number to prepend. You can use "last-as" to prepend the leftmost AS number in the aspath attribute.| "65100" | - | repeat-n | repeat count to prepend AS | 5 | +- policy-definitions.statements.actions.bgp-actions.set-as-path-prepend + | Element | Description | Example | + |----------|-------------------------------------------------------------------------------------------------------|---------| + | as | AS number to prepend. You can use "last-as" to prepend the leftmost AS number in the aspath attribute.| "65100" | + | repeat-n | repeat count to prepend AS | 5 | - - Execution condition of Action +#### Execution condition of Action - Action statement is executed when the result of each Condition, including match-set-options is all true. - **match-set-options** is defined how to determine the match result, in the condition with multiple evaluation set as follows: + Action statement is executed when the result of each Condition, including + match-set-options is all true. + **match-set-options** is defined how to determine the match result, in the + condition with multiple evaluation set as follows: | Value | Description | |--------|---------------------------------------------------------------------------| @@ -604,64 +630,63 @@ policy-definitions consists of condition and action. Condition part is used to e | all | match is true if given value matches all members of the defined set | | invert | match is true if given value does not match any member of the defined set | - - - <br> - ##### Examples - - example 1 - - This policy definition has prefix-set *ps1* and neighbor-set *ns1* as its condition and routes matches the condition is rejected. - ```toml - # example 1 - [[policy-definitions]] - name = "policy1" - [[policy-definitions.statements]] - name = "statement1" - [policy-definitions.statements.conditions.match-prefix-set] - prefix-set = "ps1" - [policy-definitions.statements.conditions.match-neighbor-set] - neighbor-set = "ns1" - [policy-definitions.statements.actions] - route-disposition = "reject-route" - ``` +- example 1 + - This policy definition has prefix-set *ps1* and neighbor-set *ns1* as its + condition and routes matches the condition is rejected. - - example 2 - - policy-definition has two statements + ```toml + # example 1 + [[policy-definitions]] + name = "policy1" + [[policy-definitions.statements]] + name = "statement1" + [policy-definitions.statements.conditions.match-prefix-set] + prefix-set = "ps1" + [policy-definitions.statements.conditions.match-neighbor-set] + neighbor-set = "ns1" + [policy-definitions.statements.actions] + route-disposition = "reject-route" + ``` - ```toml - # example 2 - [[policy-definitions]] - name = "policy1" - # first statement - (1) - [[policy-definitions.statements]] - name = "statement1" - [policy-definitions.statements.conditions.match-prefix-set] - prefix-set = "ps1" - [policy-definitions.statements.conditions.match-neighbor-set] - neighbor-set = "ns1" - [policy-definitions.statements.actions] - route-disposition = "reject-route" - # second statement - (2) - [[policy-definitions.statements]] - name = "statement2" - [policy-definitions.statements.conditions.match-prefix-set] - prefix-set = "ps2" - [policy-definitions.statements.conditions.match-neighbor-set] - neighbor-set = "ns2" - [policy-definitions.statements.actions] - route-disposition = "reject-route" - ``` - - if a route matches the condition inside the first statement(1), GoBGP applies its action and quits the policy evaluation. +- example 2 + - policy-definition has two statements + - If a route matches the condition inside the first statement(1), GoBGP + applies its action and quits the policy evaluation. + ```toml + # example 2 + [[policy-definitions]] + name = "policy1" + # first statement - (1) + [[policy-definitions.statements]] + name = "statement1" + [policy-definitions.statements.conditions.match-prefix-set] + prefix-set = "ps1" + [policy-definitions.statements.conditions.match-neighbor-set] + neighbor-set = "ns1" + [policy-definitions.statements.actions] + route-disposition = "reject-route" + # second statement - (2) + [[policy-definitions.statements]] + name = "statement2" + [policy-definitions.statements.conditions.match-prefix-set] + prefix-set = "ps2" + [policy-definitions.statements.conditions.match-neighbor-set] + neighbor-set = "ns2" + [policy-definitions.statements.actions] + route-disposition = "reject-route" + ``` - - example 3 - - If you want to add other policies, just add policy-definitions block following the first one like this +- example 3 + - If you want to add other policies, just add policy-definitions block + following the first one like this - ```toml - # example 3 - # first policy - [[policy-definitions]] + ```toml + # example 3 + # first policy + [[policy-definitions]] name = "policy1" [[policy-definitions.statements]] name = "statement1" @@ -671,8 +696,8 @@ policy-definitions consists of condition and action. Condition part is used to e neighbor-set = "ns1" [policy-definitions.statements.actions] route-disposition = "reject-route" - # second policy - [[policy-definitions]] + # second policy + [[policy-definitions]] name = "policy2" [[policy-definitions.statements]] name = "statement2" @@ -682,22 +707,24 @@ policy-definitions consists of condition and action. Condition part is used to e neighbor-set = "ns2" [policy-definitions.statements.actions] route-disposition = "reject-route" - ``` + ``` - - example 4 - - This PolicyDefinition has multiple conditions including BgpConditions as follows: +- example 4 + - This PolicyDefinition has multiple conditions including BgpConditions as + follows: - prefix-set: *ps1* - neighbor-set: *ns1* - community-set: *community1* - ext-community-set: *ecommunity1* - as-path-set: *aspath1* - as-path length: *equal 2* + - If a route matches all these conditions, it will be accepted with community + "65100:20", next-hop 10.0.0.1, local-pref 110, med subtracted 200, as-path + prepended 65005 five times. - - If a route matches all these conditions, it will be accepted with community "65100:20", next-hop 10.0.0.1, local-pref 110, med subtracted 200, as-path prepended 65005 five times. - - ```toml - # example 4 - [[policy-definitions]] + ```toml + # example 4 + [[policy-definitions]] name = "policy1" [[policy-definitions.statements]] name = "statement1" @@ -727,14 +754,14 @@ policy-definitions consists of condition and action. Condition part is used to e options = "ADD" [policy-definitions.statements.actions.bgp-actions.set-community.set-community-method] communities-list = ["65100:20"] - ``` + ``` - - example 5 - - example of multiple statement +- example 5 + - example of multiple statement - ```toml - # example 5 - [[policy-definitions]] + ```toml + # example 5 + [[policy-definitions]] name = "policy1" [[policy-definitions.statements]] # statement without route-disposition continues to the next statement @@ -762,20 +789,17 @@ policy-definitions consists of condition and action. Condition part is used to e prefix-set = "ps3" [policy-definitions.statements.actions.bgp-actions] set-med = "+10" - ``` - - - ---- + ``` -### <a name="attachment"> 4. Attaching policy +### 4. Attaching policy -Here we explain how to attach defined policies to [global rib](#global-attachment) -and [neighbor local rib](#rs-attachment). +Here we explain how to attach defined policies to +[global rib](#global-attachment) and [neighbor local rib](#rs-attachment). -#### <a name="global-attachment"> 4.1 Attach policy to global rib +#### 4.1 Attach policy to global rib -To attach policies to global rib, add policy name to `global.apply-policy.config`. +To attach policies to global rib, add policy name to +`global.apply-policy.config`. ```toml [global.apply-policy.config] @@ -792,14 +816,15 @@ default-export-policy = "accept-route" | default-import-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:<br> "accept-route" or "reject-route". default is "accept-route" | "accept-route" | | default-export-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:<br> "accept-route" or "reject-route". default is "accept-route" | "accept-route" | - -#### <a name="rs-attachment"> 4.2. Attach policy to route-server-client +#### 4.2. Attach policy to route-server-client You can use policies defined above as Import or Export or In policy by attaching them to neighbors which is configured to be route-server client. -To attach policies to neighbors, you need to add policy's name to `neighbors.apply-policy` in the neighbor's setting. -This example attatches *policy1* to Import policy and *policy2* to Export policy and *policy3* is used as the In policy. +To attach policies to neighbors, you need to add policy's name to +`neighbors.apply-policy` in the neighbor's setting. +This example attaches *policy1* to Import policy and *policy2* to Export policy +and *policy3* is used as the In policy. ```toml [[neighbors]] @@ -817,8 +842,8 @@ This example attatches *policy1* to Import policy and *policy2* to Export policy default-in-policy = "accept-route" ``` -neighbors has a section to specify policies and the section's name is apply-policy. -The apply-policy has 6 elements. +neighbors has a section to specify policies and the section's name is +apply-policy. The apply-policy has 6 elements. | Element | Description | Example | |-------------------------|---------------------------------------------------------------------------------------------|----------------| @@ -829,8 +854,6 @@ The apply-policy has 6 elements. | default-export-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:<br> "accept-route" or "reject-route". default is "accept-route" | "accept-route" | | default-in-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:<br> "accept-route" or "reject-route". default is "accept-route" | "accept-route" | - - ## Policy Configuration Example Neighbor 10.0.255.1 advertises 10.33.0.0/16 and 10.3.0.0/16 routes. We @@ -891,13 +914,22 @@ define an import policy for neighbor 10.0.255.2 that drops route-disposition = "reject-route" ``` -Neighbor 10.0.255.2 has pd2 policy. The pd2 policy consists of ps2 prefix match and ns1 neighbor match. The ps2 specifies 10.33.0.0 and 10.50.0.0 address. The ps2 specifies the mask with **MASK** keyword. **masklength-range** keyword can specify the range of mask length like ```masklength-range 24..26```. The *ns1* specifies neighbor 10.0.255.1. +Neighbor 10.0.255.2 has pd2 policy. The pd2 policy consists of ps2 prefix match +and ns1 neighbor match. The ps2 specifies 10.33.0.0 and 10.50.0.0 address. The +ps2 specifies the mask with **MASK** keyword. **masklength-range** keyword can +specify the range of mask length like ```masklength-range 24..26```. The *ns1* +specifies neighbor 10.0.255.1. -The pd2 sets multiple condition, This means that only when all match conditions meets, the policy will be applied. +The pd2 sets multiple condition, This means that only when all match conditions +meets, the policy will be applied. -The match-prefix-set sets match-set-options to "any". This means that when match to any of prefix-list, the policy will be applied. the policy will be applied to 10.33.0.0/16 or 10.50.0.0 route from neighbor 10.0.255.1. +The match-prefix-set sets match-set-options to "any". This means that when +match to any of prefix-list, the policy will be applied. the policy will be +applied to 10.33.0.0/16 or 10.50.0.0 route from neighbor 10.0.255.1. -If the match-prefix-set sets match-set-options to "invert", It does not match to any of prefix-list, the policy will be applied. the policy will be applied to other than 10.33.0.0/16 or 10.50.0.0 route from neighbor 10.0.255.1 +If the match-prefix-set sets match-set-options to "invert", It does not match +to any of prefix-list, the policy will be applied. the policy will be applied +to other than 10.33.0.0/16 or 10.50.0.0 route from neighbor 10.0.255.1 Let's confirm that 10.0.255.1 neighbor advertises two routes. diff --git a/docs/sources/route-reflector.md b/docs/sources/route-reflector.md index ed037656..a0f5529b 100644 --- a/docs/sources/route-reflector.md +++ b/docs/sources/route-reflector.md @@ -4,7 +4,7 @@ This page explains how to set up GoBGP as a route reflector. ## Prerequisites -Assumed you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assumed you finished [Getting Started](getting-started.md). ## Configuration diff --git a/docs/sources/route-server.md b/docs/sources/route-server.md index fd718f19..917f1c81 100644 --- a/docs/sources/route-server.md +++ b/docs/sources/route-server.md @@ -4,16 +4,16 @@ This page explains how to set up GoBGP as a [route server](https://tools.ietf.or ## Prerequisites -Assumed that you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assumed that you finished [Getting Started](getting-started.md). ## Configuration -This example uses the following simple configuration file, `gobgpd.conf`. There are three changes from -the configuration file used in [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md) +This example uses the following simple configuration file, `gobgpd.conf`. There are three changes from +the configuration file used in [Getting Started](getting-started.md) - * Peers are configured as route server clients (of course!). - * GoBGP doesn't try to connect to peers. It only listens and accepts. - * MD5 passwords are enabled. +- Peers are configured as route server clients (of course!). +- GoBGP doesn't try to connect to peers. It only listens and accepts. +- MD5 passwords are enabled. ```toml [global.config] @@ -68,4 +68,4 @@ $ gobgp neighbor 10.0.255.2 local *> 10.3.0.1/32 10.0.255.1 [65001] 00:06:12 [{Origin: 0} {Med: 0}] ``` -Of course, you can also look at the adjacent rib-in and rib-out of each peer as done in [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Of course, you can also look at the adjacent rib-in and rib-out of each peer as done in [Getting Started](getting-started.md). diff --git a/docs/sources/rpki.md b/docs/sources/rpki.md index c2037a98..c7818e7e 100644 --- a/docs/sources/rpki.md +++ b/docs/sources/rpki.md @@ -5,17 +5,16 @@ This page explains how to use a Resource Public Key Infrastructure ## Prerequisites -Assume you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assume you finished [Getting Started](getting-started.md). ## Contents -- [Configuration](#section0) -- [Validation](#section1) -- [Policy with validation results](#section2) -- [Force Re-validation](#section3) -- [Monitoring validation](#section4) +- [Configuration](#configuration) +- [Validation](#validation) +- [Policy with validation results](#policy-with-validation-results) +- [Force Re-validation](#force-re-validation) -## <a name="section0"> Configuration +## Configuration You need to add **[RpkiServers]** section to your configuration file. We use the following file. Note that this is for route server @@ -46,7 +45,7 @@ router-id = "10.0.255.254" port = 323 ``` -## <a name="section1"> Validation +## Validation You can verify whether gobgpd successfully connects to the RPKI server and get the ROA (Route Origin Authorization) information in the @@ -100,11 +99,9 @@ $ gobgp neighbor 10.0.255.1 adj-in As you can see, the first is marked as "V" (Valid), the second as "I" (Invalid), and the third as "N" (Not Found). +## Policy with validation results -## <a name="section2"> Policy with validation results - -The validation result can be used as [Policy's -condition](https://github.com/osrg/gobgp/blob/master/docs/sources/policy.md). You +The validation result can be used as [Policy's condition](policy.md). You can do any actions (e.g., drop the route, adding some extended community attribute, etc) according to the validation result. As an example, this section shows how to drop an invalid route. @@ -175,9 +172,10 @@ $ gobgp neighbor 10.0.255.2 local N*> 192.168.1.0/24 10.0.255.1 65001 00:00:21 [{Origin: i}] ``` - ### Detailed Information about validation + You can get the detailed information about announced routes. + ```bash $ gobgp neighbor 10.0.255.1 adj-in 2.1.0.0/16 validation Target Prefix: 2.1.0.0/16, AS: 65001 @@ -193,10 +191,11 @@ Target Prefix: 2.1.0.0/16, AS: 65001 Unmatched Length VRPs: No Entry ``` + From this, we can notice that 2.1.0.0/16 (Origin AS: 65001) is invalid due to its origin AS, the origin AS should be 3215. -## <a name="section3"> Force Re-validation +## Force Re-validation Validation is executed every time bgp update messages arrive. The changes of ROAs doesn't trigger off validation. The following command diff --git a/docs/sources/ttl-security.md b/docs/sources/ttl-security.md index 260886ff..b99979eb 100644 --- a/docs/sources/ttl-security.md +++ b/docs/sources/ttl-security.md @@ -6,14 +6,14 @@ Mechanism (GTSM). ## Prerequisites -Assume you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). +Assume you finished [Getting Started](getting-started.md). ## Contents -- [Configuration](#section0) -- [Verification](#section1) +- [Configuration](#configuration) +- [Verification](#verification) -## <a name="section0"> Configuration +## Configuration If the BGP neighbor "10.0.0.2" is directly connected and the "malicious" BGP router is 2 hops away, you can block the connection from the malicious BGP @@ -34,10 +34,10 @@ router-id = "10.0.0.1" ``` **NOTE:** TTL Security feature is mututally exclusive with -[eBGP Multihop](https://github.com/osrg/gobgp/blob/master/docs/sources/ebgp-multihop.md). +[eBGP Multihop](ebgp-multihop.md). These features cannot be configured for the same neighbor. -## <a name="section1"> Verification +## Verification With TTL Security configuration, GoBGP will set TTL of all BGP messages to 255 and set the minimal acceptable TTL to the given `ttl-min` value. @@ -46,7 +46,7 @@ Then, with the above configuration, only directly connected neighbor For the connection from the proper neighbor: -``` +```bash $ gobgpd -f gobgpd.toml {"level":"info","msg":"gobgpd started","time":"YYYY-MM-DDTHH:mm:ss+09:00"} {"Topic":"Config","level":"info","msg":"Finished reading the config file","time":"YYYY-MM-DDTHH:mm:ss+09:00"} @@ -56,7 +56,7 @@ $ gobgpd -f gobgpd.toml ...(snip)... ``` -``` +```bash $ tcpdump -i ethXX tcp -v tcpdump: listening on ethXX, link-type EN10MB (Ethernet), capture size 262144 bytes hh:mm:ss IP (tos 0x0, ttl 255, id 51126, offset 0, flags [DF], proto TCP (6), length 60) @@ -67,32 +67,32 @@ hh:mm:ss IP (tos 0x0, ttl 255, id 51127, offset 0, flags [DF], proto TCP (6), le 10.0.0.2.xxx > 10.0.0.1.bgp: Flags [.], cksum 0x837a (incorrect -> 0xb260), ack 1, win 58, options [nop,nop,TS val 4431487 ecr 4431487], length 0 hh:mm:ss IP (tos 0x0, ttl 255, id 51128, offset 0, flags [DF], proto TCP (6), length 103) 10.0.0.2.xxx > 10.0.0.1.bgp: Flags [P.], cksum 0x83ad (incorrect -> 0x8860), seq 1:52, ack 1, win 58, options [nop,nop,TS val 4431487 ecr 4431487], length 51: BGP - Open Message (1), length: 51 - Version 4, my AS 65002, Holdtime 90s, ID 2.2.2.2 - Optional parameters, length: 22 - Option Capabilities Advertisement (2), length: 20 - Route Refresh (2), length: 0 - Multiprotocol Extensions (1), length: 4 - AFI IPv4 (1), SAFI Unicast (1) - Multiprotocol Extensions (1), length: 4 - AFI IPv6 (2), SAFI Unicast (1) - 32-Bit AS Number (65), length: 4 - 4 Byte AS 65002 + Open Message (1), length: 51 + Version 4, my AS 65002, Holdtime 90s, ID 2.2.2.2 + Optional parameters, length: 22 + Option Capabilities Advertisement (2), length: 20 + Route Refresh (2), length: 0 + Multiprotocol Extensions (1), length: 4 + AFI IPv4 (1), SAFI Unicast (1) + Multiprotocol Extensions (1), length: 4 + AFI IPv6 (2), SAFI Unicast (1) + 32-Bit AS Number (65), length: 4 + 4 Byte AS 65002 hh:mm:ss IP (tos 0x0, ttl 255, id 48934, offset 0, flags [DF], proto TCP (6), length 52) 10.0.0.1.bgp > 10.0.0.2.xxx: Flags [.], cksum 0x837a (incorrect -> 0xb22e), ack 52, win 57, options [nop,nop,TS val 4431487 ecr 4431487], length 0 hh:mm:ss IP (tos 0x0, ttl 255, id 48935, offset 0, flags [DF], proto TCP (6), length 103) 10.0.0.1.bgp > 10.0.0.2.xxx: Flags [P.], cksum 0x83ad (incorrect -> 0x8b31), seq 1:52, ack 52, win 57, options [nop,nop,TS val 4431487 ecr 4431487], length 51: BGP - Open Message (1), length: 51 - Version 4, my AS 65001, Holdtime 90s, ID 1.1.1.1 - Optional parameters, length: 22 - Option Capabilities Advertisement (2), length: 20 - Route Refresh (2), length: 0 - Multiprotocol Extensions (1), length: 4 - AFI IPv4 (1), SAFI Unicast (1) - Multiprotocol Extensions (1), length: 4 - AFI IPv6 (2), SAFI Unicast (1) - 32-Bit AS Number (65), length: 4 - 4 Byte AS 65001 + Open Message (1), length: 51 + Version 4, my AS 65001, Holdtime 90s, ID 1.1.1.1 + Optional parameters, length: 22 + Option Capabilities Advertisement (2), length: 20 + Route Refresh (2), length: 0 + Multiprotocol Extensions (1), length: 4 + AFI IPv4 (1), SAFI Unicast (1) + Multiprotocol Extensions (1), length: 4 + AFI IPv6 (2), SAFI Unicast (1) + 32-Bit AS Number (65), length: 4 + 4 Byte AS 65001 hh:mm:ss IP (tos 0x0, ttl 255, id 51129, offset 0, flags [DF], proto TCP (6), length 52) 10.0.0.2.xxx > 10.0.0.1.bgp: Flags [.], cksum 0x837a (incorrect -> 0xb1fa), ack 52, win 58, options [nop,nop,TS val 4431487 ecr 4431487], length 0 hh:mm:ss IP (tos 0x0, ttl 255, id 51131, offset 0, flags [DF], proto TCP (6), length 52) @@ -102,7 +102,7 @@ hh:mm:ss IP (tos 0x0, ttl 255, id 51131, offset 0, flags [DF], proto TCP (6), le For the connection from the malicious BGP router: -``` +```bash $ gobgpd -f gobgpd.toml {"level":"info","msg":"gobgpd started","time":"YYYY-MM-DDTHH:mm:ss+09:00"} {"Topic":"Config","level":"info","msg":"Finished reading the config file","time":"YYYY-MM-DDTHH:mm:ss+09:00"} @@ -111,7 +111,7 @@ $ gobgpd -f gobgpd.toml ...(No connection)... ``` -``` +```bash $ tcpdump -i ethXX tcp -v tcpdump: listening on ethXX, link-type EN10MB (Ethernet), capture size 262144 bytes hh:mm:ss IP (tos 0x0, ttl 253, id 396, offset 0, flags [DF], proto TCP (6), length 60) diff --git a/docs/sources/unnumbered-bgp.md b/docs/sources/unnumbered-bgp.md index 737ad1ea..bc35e6a3 100644 --- a/docs/sources/unnumbered-bgp.md +++ b/docs/sources/unnumbered-bgp.md @@ -1,7 +1,7 @@ # Unnumbered BGP BGP is not only for the Internet. Due to proven scalability and configuration -flexibility, large data center operators are using BGP for thier data center +flexibility, large data center operators are using BGP for their data center networking [[ietf-rtgwg-bgp-routing-large-dc](https://tools.ietf.org/html/rfc7938)]. In typical case, the topology of the network is CLOS network which can offer @@ -10,11 +10,11 @@ Each ToR switches run BGP daemon and peer to uplink switches connected with P2P link. In this case, since all switches are operated by single administrator and trusted, -we can skip tedius neighbor configurations like specifing neighbor address or -neighbor AS number by using unnumberd BGP feature. +we can skip tedious neighbor configurations like specifying neighbor address or +neighbor AS number by using unnumbered BGP feature. Unnumbered BGP utilizes IPv6 link local address to automatically decide who -to connect. Also, when using unnumberd BGP, you don't need to specify neighbor AS number. +to connect. Also, when using unnumbered BGP, you don't need to specify neighbor AS number. GoBGP will accept any AS number in the neighbor's open message. ## Prerequisites @@ -41,7 +41,7 @@ PING ff02::1%eth0 (ff02::1%eth0): 56 data bytes round-trip min/avg/max/stddev = 0.312/0.312/0.312/0.000 ms ``` -More reliable method is to run [radvd](http://www.litech.org/radvd/) or +More reliable method is to run [radvd](http://www.litech.org/radvd/) or [zebra](http://www.nongnu.org/quagga/) to periodically send router advertisement. |