Differences

This shows you the differences between two versions of the page.

--- cisco:bgp [2008/07/06 12:49]
a Extracting BGP info with regular expressions
+++ cisco:bgp [2009/05/25 00:35]
@@ Line 1: / Line 1: @@
-====== Cisco BGP ======
-see also: **[[:networking]]**, **[[:cisco]]**, **[[http://www.cymru.com/Documents/secure-bgp-template.html|Secure BGP template for Cisco]]**
-----
-commands:
-//closes bgp sessions//
-  clear ip bgp *
-[[http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#wp1002274]]
-**Please write more coments on configurations!!**
-  router bgp 15393
-   no synchronization
-   bgp dampening
-   neighbor customer-pg peer-group
-   neighbor customer-pg route-map customer-rm in
-   neighbor customer-pg route-map standardout out
-   neighbor X.X.X.A peer-group customer-pg
-   neighbor X.X.X.A remote-as 65502
-   neighbor X.X.X.A filter-list 100 in
-   neighbor X.X.X.A distribute-list 100 in
-  !
-  ! as-path filter to catch peers announcements
-  no ip as-path access-list 100
-  ip as-path access-list 100 permit _(65502)$
-  ! acl to catch adverts for peers address space
-  no access-list 100
-  access-list 100 permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
-  ! acl to catch adverts for sub-aggregates of own address space
-  no access-list 199
-  access-list 199 permit ip X.X.X.0 0.0.31.255 255.255.240.0 0.0.15.255
-  ! acl to catch adverts for own address space
-  no access-list 97
-  access-list 97 permit X.X.X.0 0.0.31.255
-  ! acl to catch adverts for bogus address space
-  no access-list 98
-  access-list 98 permit 10.0.0.0 0.255.255.255
-  access-list 98 permit 172.16.0.0 0.15.255.255
-  access-list 98 permit 192.168.0.0 0.0.255.255
-  access-list 98 permit 0.0.0.0 0.255.255.255
-  access-list 98 permit 127.0.0.0 0.255.255.255
-  access-list 98 permit 128.0.0.0 0.0.255.255
-  access-list 98 permit 191.255.0.0 0.0.255.255
-  access-list 98 permit 192.0.0.0 0.0.0.255
-  access-list 98 permit 223.255.255.0 0.0.0.255
-  access-list 98 permit 224.0.0.0 15.255.255.255
-  ! acl to catch adverts for default route
-  no access-list 99
-  access-list 99 permit 0.0.0.0 0.0.0.0
-  route-map customer-rm deny 10
-   match ip address 97 98 99
-  route-map customer-rm permit 20
-  set local-preference 150
-  route-map standardout deny 10
-   match ip address 98 99 199
-  route-map standardout permit 20
-===== Preventing AS from becoming Transit AS =====
-To prevent your AS from becoming a Transit AS, use following startegy
-Create a route map say ''“transit”'' in config mode
-   route-map transit permit 10
-   match as-path 1
-In config mode, use following command
-   ip as-path access-list 1 deny ^$
-This command will only allow routes with origin code “''i''” and filter all routes with incomplete as-path.
-Apply the above route-map  with neighbor statement
-   router bgp 64000
-   neighbor 2.2.2.2 route-map transit in
-Only routes with origin code” i” will enter your AS.
-===== AS-path prepending =====
-   router bgp 65001
-     neighbor 10.1.0.2 remote-as 65200
-     neighbor 10.1.0.2 description Backup ISP
-     neighbor 10.1.0.2 route-map prepend out
-    !
-    route-map prepend permit 10
-    set as-path prepend 65001 65001 65001
-===== Extracting BGP info with regular expressions =====
-To find all subnets originating from AS 100 (AS path ends with 100): \\
-\\
-''**Router# show ip bgp regexp _100$**''
-   ...
-      Network          Next Hop            Metric LocPrf Weight Path
-   *  10.1.0.0/30      172.16.0.6                             0 300 100 ?
-   *>                  172.16.0.1               0             0 100 ?
-   *  172.16.0.0/30    172.16.0.6                             0 300 100 ?
-   *                   172.16.0.1               0             0 100 ?
-   ...
-To find all subnets reachable via AS 100 (AS path begins with 100):\\
-\\
-**''Router# show ip bgp regexp ^100_''**
-   ...
-      Network          Next Hop            Metric LocPrf Weight Path
-   *> 10.1.0.0/30      172.16.0.1               0             0 100 ?
-   *  10.3.0.0/30      172.16.0.1                             0 100 300 ?
-   *  172.16.0.0/30    172.16.0.1               0             0 100 ?
-   *> 172.16.0.8/30    172.16.0.1               0             0 100 ?
-   ...
-To find all routes traversing AS 100:\\
-\\
-**''Router# show ip bgp regexp _100_''**
-   ...
-      Network          Next Hop            Metric LocPrf Weight Path
-   *  10.1.0.0/30      172.16.0.6                             0 300 100 ?
-   *>                  172.16.0.1               0             0 100 ?
-   *  10.3.0.0/30      172.16.0.1                             0 100 300 ?
-   *  172.16.0.0/30    172.16.0.6                             0 300 100 ?
-   ...
-If you need to further filter the output, use quote-regexp instead. For example, to find all 172.x.x.x routes originating from AS 100: \\
-\\
-''**Router# show ip bgp quote-regexp "_100$" | include ^.  172\.**''
-    ...
-    *  172.16.0.0/30    172.16.0.6                             0 300 100 ?
-    *  172.31.0.1/32    172.16.0.6                             0 300 100 ?
-Or, to find all subnets currently being reached via AS 100: \\
-**''Router# show ip bgp quote-regexp "^100_" | i ^.>''**
-    ...
-    *> 10.1.0.0/30      172.16.0.1               0             0 100 ?
-    *> 172.16.0.8/30    172.16.0.1               0             0 100 ?
-    *> 172.31.0.1/32    172.16.0.1               0             0 100 ?