====== Cisco BGP ====== see also: **[[:networking]]**, **[[:cisco]]**, **[[http://www.cymru.com/Documents/secure-bgp-template.html|Secure BGP template for Cisco]]** ---- commands: //closes bgp sessions// clear ip bgp * [[http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#wp1002274]] **Please write more coments on configurations!!** router bgp 15393 no synchronization bgp dampening neighbor customer-pg peer-group neighbor customer-pg route-map customer-rm in neighbor customer-pg route-map standardout out neighbor X.X.X.A peer-group customer-pg neighbor X.X.X.A remote-as 65502 neighbor X.X.X.A filter-list 100 in neighbor X.X.X.A distribute-list 100 in ! ! as-path filter to catch peers announcements no ip as-path access-list 100 ip as-path access-list 100 permit _(65502)$ ! acl to catch adverts for peers address space no access-list 100 access-list 100 permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ! acl to catch adverts for sub-aggregates of own address space no access-list 199 access-list 199 permit ip X.X.X.0 0.0.31.255 255.255.240.0 0.0.15.255 ! acl to catch adverts for own address space no access-list 97 access-list 97 permit X.X.X.0 0.0.31.255 ! acl to catch adverts for bogus address space no access-list 98 access-list 98 permit 10.0.0.0 0.255.255.255 access-list 98 permit 172.16.0.0 0.15.255.255 access-list 98 permit 192.168.0.0 0.0.255.255 access-list 98 permit 0.0.0.0 0.255.255.255 access-list 98 permit 127.0.0.0 0.255.255.255 access-list 98 permit 128.0.0.0 0.0.255.255 access-list 98 permit 191.255.0.0 0.0.255.255 access-list 98 permit 192.0.0.0 0.0.0.255 access-list 98 permit 223.255.255.0 0.0.0.255 access-list 98 permit 224.0.0.0 15.255.255.255 ! acl to catch adverts for default route no access-list 99 access-list 99 permit 0.0.0.0 0.0.0.0 route-map customer-rm deny 10 match ip address 97 98 99 route-map customer-rm permit 20 set local-preference 150 route-map standardout deny 10 match ip address 98 99 199 route-map standardout permit 20 ===== Useful commands ===== FIXME - styling (and more detailed) Router# show ip bgp nei 172.16.0.2 received-routes and Router# show ip bgp nei 172.16.0.2 routes and Router# show ip bgp rib-failure ===== Preventing AS from becoming Transit AS ===== To prevent your AS from becoming a Transit AS, use following startegy Create a route map say ''“transit”'' in config mode route-map transit permit 10 match as-path 1 In config mode, use following command ip as-path access-list 1 deny ^$ This command will only allow routes with origin code “''i''” and filter all routes with incomplete as-path. Apply the above route-map with neighbor statement router bgp 64000 neighbor 2.2.2.2 route-map transit in Only routes with origin code” i” will enter your AS. ===== AS-path prepending ===== router bgp 65001 neighbor 10.1.0.2 remote-as 65200 neighbor 10.1.0.2 description Backup ISP neighbor 10.1.0.2 route-map prepend out ! route-map prepend permit 10 set as-path prepend 65001 65001 65001 ===== Extracting BGP info with regular expressions ===== **Short version:** show ip bgp regexp [AS]$ - list all network paths with that AS show ip bgp regexp _AS_ - match any route going through AS show ip bgp regexp _AS AS_ - match any route passed through AS and AS show ip bgp regexp _AS$ - match only routes originated in this AS To find all subnets originating from AS 100 (AS path ends with 100): \\ \\ ''**Router# show ip bgp regexp _100$**'' ... Network Next Hop Metric LocPrf Weight Path * 10.1.0.0/30 172.16.0.6 0 300 100 ? *> 172.16.0.1 0 0 100 ? * 172.16.0.0/30 172.16.0.6 0 300 100 ? * 172.16.0.1 0 0 100 ? ... To find all subnets reachable via AS 100 (AS path begins with 100):\\ \\ **''Router# show ip bgp regexp ^100_''** ... Network Next Hop Metric LocPrf Weight Path *> 10.1.0.0/30 172.16.0.1 0 0 100 ? * 10.3.0.0/30 172.16.0.1 0 100 300 ? * 172.16.0.0/30 172.16.0.1 0 0 100 ? *> 172.16.0.8/30 172.16.0.1 0 0 100 ? ... To find all routes traversing AS 100:\\ \\ **''Router# show ip bgp regexp _100_''** ... Network Next Hop Metric LocPrf Weight Path * 10.1.0.0/30 172.16.0.6 0 300 100 ? *> 172.16.0.1 0 0 100 ? * 10.3.0.0/30 172.16.0.1 0 100 300 ? * 172.16.0.0/30 172.16.0.6 0 300 100 ? ... If you need to further filter the output, use quote-regexp instead. For example, to find all 172.x.x.x routes originating from AS 100: \\ \\ ''**Router# show ip bgp quote-regexp "_100$" | include ^. 172\.**'' ... * 172.16.0.0/30 172.16.0.6 0 300 100 ? * 172.31.0.1/32 172.16.0.6 0 300 100 ? Or, to find all subnets currently being reached via AS 100: \\ **''Router# show ip bgp quote-regexp "^100_" | i ^.>''** ... *> 10.1.0.0/30 172.16.0.1 0 0 100 ? *> 172.16.0.8/30 172.16.0.1 0 0 100 ? *> 172.31.0.1/32 172.16.0.1 0 0 100 ?