paul | 0c3368a | 2004-11-07 19:00:16 +0000 | [diff] [blame] | 1 | @c -*-texinfo-*-
|
| 2 | @c @value{COPYRIGHT_STR}
|
| 3 | @c See file quagga.texi for copying conditions.
|
| 4 | @c
|
| 5 | @c This file is a modified version of Jose Luis Rubio's TeX sources
|
| 6 | @c of his RS-Manual document
|
| 7 |
|
| 8 | @node Configuring Quagga as a Route Server
|
| 9 | @chapter Configuring Quagga as a Route Server
|
| 10 |
|
| 11 | The purpose of a Route Server is to centralize the peerings between BGP
|
| 12 | speakers. For example if we have an exchange point scenario with four BGP
|
| 13 | speakers, each of which maintaining a BGP peering with the other three
|
| 14 | (@pxref{fig:full-mesh}), we can convert it into a centralized scenario where
|
| 15 | each of the four establishes a single BGP peering against the Route Server
|
| 16 | (@pxref{fig:route-server}).
|
| 17 |
|
| 18 | We will first describe briefly the Route Server model implemented by Quagga.
|
| 19 | We will explain the commands that have been added for configuring that
|
| 20 | model. And finally we will show a full example of Quagga configured as Route
|
| 21 | Server.
|
| 22 |
|
| 23 | @menu
|
| 24 | * Description of the Route Server model::
|
| 25 | * Commands for configuring a Route Server::
|
| 26 | * Example of Route Server Configuration::
|
| 27 | @end menu
|
| 28 |
|
| 29 | @node Description of the Route Server model
|
| 30 | @section Description of the Route Server model
|
| 31 |
|
| 32 | First we are going to describe the normal processing that BGP announcements
|
| 33 | suffer inside a standard BGP speaker, as shown in @ref{fig:normal-processing},
|
| 34 | it consists of three steps:
|
| 35 |
|
| 36 | @itemize
|
| 37 | @item When an announcement is received from some peer, the `In' filters
|
| 38 | configured for that peer are applied to the announcement. These filters can
|
| 39 | reject the announcement, accept it unmodified, or accept it with some of its
|
| 40 | attributes modified.
|
| 41 |
|
| 42 | @item The announcements that pass the `In' filters go into the
|
| 43 | Best Path Selection process, where they are compared to other
|
| 44 | announcements referred to the same destination that have been
|
| 45 | received from different peers (in case such other
|
| 46 | announcements exist). For each different destination, the announcement
|
| 47 | which is selected as the best is inserted into the BGP speaker's Loc-RIB.
|
| 48 |
|
| 49 | @item The routes which are inserted in the Loc-RIB are
|
| 50 | considered for announcement to all the peers (except the one
|
| 51 | from which the route came). This is done by passing the routes
|
| 52 | in the Loc-RIB through the `Out' filters corresponding to each
|
| 53 | peer. These filters can reject the route,
|
| 54 | accept it unmodified, or accept it with some of its attributes
|
| 55 | modified. Those routes which are accepted by the `Out' filters
|
| 56 | of a peer are announced to that peer.
|
| 57 | @end itemize
|
| 58 |
|
| 59 | @float Figure,fig:normal-processing
|
| 60 | @image{fig-normal-processing,500pt,,Normal announcement processing,eps}
|
| 61 | @caption{Announcement processing inside a ``normal'' BGP speaker}
|
| 62 | @end float
|
| 63 |
|
| 64 | @float Figure,fig:full-mesh
|
| 65 | @image{fig_topologies_full,,,Full Mesh BGP Topology,eps}
|
| 66 | @caption{Full Mesh}
|
| 67 | @end float
|
| 68 |
|
| 69 | @float Figure,fig:route-server
|
| 70 | @image{fig_topologies_rs,,,Route Server BGP Topology,eps}
|
| 71 | @caption{Route Server and clients}
|
| 72 | @end float
|
| 73 |
|
| 74 | Of course we want that the routing tables obtained in each of the routers
|
| 75 | are the same when using the route server than when not. But as a consequence
|
| 76 | of having a single BGP peering (against the route server), the BGP speakers
|
| 77 | can no longer distinguish from/to which peer each announce comes/goes.
|
| 78 | @anchor{filter-delegation}This means that the routers connected to the route
|
| 79 | server are not able to apply by themselves the same input/output filters
|
| 80 | as in the full mesh scenario, so they have to delegate those functions to
|
| 81 | the route server.
|
| 82 |
|
| 83 | Even more, the ``best path'' selection must be also performed inside the route
|
| 84 | server on behalf of its clients. The reason is that if, after applying the
|
| 85 | filters of the announcer and the (potential) receiver, the route server
|
| 86 | decides to send to some client two or more different announcements referred
|
| 87 | to the same destination, the client will only retain the last one,
|
| 88 | considering it as an implicit withdrawal of the previous announcements for
|
| 89 | the same destination. This is the expected behavior of a BGP speaker as
|
| 90 | defined in @cite{RFC1771}, and even though there are some proposals of
|
| 91 | mechanisms that permit multiple paths for the same destination to be sent
|
| 92 | through a single BGP peering, none of them are currently supported by most
|
| 93 | of the existing BGP implementations.
|
| 94 |
|
| 95 | As a consequence a route server must maintain additional information and
|
| 96 | perform additional tasks for a RS-client that those necessary for common BGP
|
| 97 | peerings. Essentially a route server must:
|
| 98 |
|
| 99 | @anchor{Route Server tasks}
|
| 100 | @itemize
|
| 101 | @item Maintain a separated Routing Information Base (Loc-RIB)
|
| 102 | for each peer configured as RS-client, containing the routes
|
| 103 | selected as a result of the ``Best Path Selection'' process
|
| 104 | that is performed on behalf of that RS-client.
|
| 105 |
|
| 106 | @item Whenever it receives an announcement from a RS-client,
|
| 107 | it must consider it for the Loc-RIBs of the other RS-clients.
|
| 108 |
|
| 109 | @anchor{Route-server path filter process}
|
| 110 | @itemize
|
| 111 | @item
|
| 112 | This means that for each of them the route server must pass the
|
| 113 | announcement through the appropriate `Out' filter of the
|
| 114 | announcer.
|
| 115 |
|
| 116 | @item
|
| 117 | Then through the appropriate `In' filter of
|
| 118 | the potential receiver.
|
| 119 |
|
| 120 | @item
|
| 121 | Only if the announcement is accepted by both filters it will be passed
|
| 122 | to the ``Best Path Selection'' process.
|
| 123 |
|
| 124 | @item
|
| 125 | Finally, it might go into the Loc-RIB of the receiver.
|
| 126 | @end itemize
|
| 127 | @c end of route-server best path process list
|
| 128 | @end itemize
|
| 129 | @c end of route-server tasks list
|
| 130 |
|
| 131 | When we talk about the ``appropriate'' filter, both the announcer and the
|
| 132 | receiver of the route must be taken into account. Suppose that the route
|
| 133 | server receives an announcement from client A, and the route server is
|
| 134 | considering it for the Loc-RIB of client B. The filters that should be
|
| 135 | applied are the same that would be used in the full mesh scenario, i.e.,
|
| 136 | first the `Out' filter of router A for announcements going to router B, and
|
| 137 | then the `In' filter of router B for announcements coming from router A.
|
| 138 |
|
| 139 | We call ``Export Policy'' of a RS-client to the set of `Out' filters that
|
| 140 | the client would use if there was no route server. The same applies for the
|
| 141 | ``Import Policy'' of a RS-client and the set of `In' filters of the client
|
| 142 | if there was no route server.
|
| 143 |
|
| 144 | It is also common to demand from a route server that it does not
|
| 145 | modify some BGP attributes (next-hop, as-path and MED) that are usually
|
| 146 | modified by standard BGP speakers before announcing a route.
|
| 147 |
|
| 148 | The announcement processing model implemented by Quagga is shown in
|
| 149 | @ref{fig:rs-processing}. The figure shows a mixture of RS-clients (B, C and D)
|
| 150 | with normal BGP peers (A). There are some details that worth additional
|
| 151 | comments:
|
| 152 |
|
| 153 | @itemize
|
| 154 | @item Announcements coming from a normal BGP peer are also
|
| 155 | considered for the Loc-RIBs of all the RS-clients. But
|
| 156 | logically they do not pass through any export policy.
|
| 157 |
|
| 158 | @item Those peers that are configured as RS-clients do not
|
| 159 | receive any announce from the `Main' Loc-RIB.
|
| 160 |
|
| 161 | @item Apart from import and export policies,
|
| 162 | `In' and `Out' filters can also be set for RS-clients. `In'
|
| 163 | filters might be useful when the route server has also normal
|
| 164 | BGP peers. On the other hand, `Out' filters for RS-clients are
|
| 165 | probably unnecessary, but we decided not to remove them as
|
| 166 | they do not hurt anybody (they can always be left empty).
|
| 167 | @end itemize
|
| 168 |
|
| 169 | @float Figure,fig:rs-processing
|
| 170 | @image{fig-rs-processing,500pt,,,eps}
|
| 171 | @caption{Announcement processing model implemented by the Route Server}
|
| 172 | @end float
|
| 173 |
|
| 174 | @node Commands for configuring a Route Server
|
| 175 | @section Commands for configuring a Route Server
|
| 176 |
|
| 177 | Now we will describe the commands that have been added to quagga
|
| 178 | in order to support the route server features.
|
| 179 |
|
| 180 | @deffn {Route-Server} {neighbor @var{peer-group} route-server-client} {}
|
| 181 | @deffnx {Route-Server} {neighbor @var{A.B.C.D} route-server-client} {}
|
| 182 | @deffnx {Route-Server} {neighbor @var{X:X::X:X} route-server-client} {}
|
| 183 | This command configures the peer given by @var{peer}, @var{A.B.C.D} or
|
| 184 | @var{X:X::X:X} as an RS-client.
|
| 185 |
|
| 186 | Actually this command is not new, it already existed in standard Quagga. It
|
| 187 | enables the transparent mode for the specified peer. This means that some
|
| 188 | BGP attributes (as-path, next-hop and MED) of the routes announced to that
|
| 189 | peer are not modified.
|
| 190 |
|
| 191 | With the route server patch, this command, apart from setting the
|
| 192 | transparent mode, creates a new Loc-RIB dedicated to the specified peer
|
| 193 | (those named `Loc-RIB for X' in @ref{fig:rs-processing}.). Starting from
|
| 194 | that moment, every announcement received by the route server will be also
|
| 195 | considered for the new Loc-RIB.
|
| 196 | @end deffn
|
| 197 |
|
| 198 | @deffn {Route-Server} {neigbor @{A.B.C.D|X.X::X.X|peer-group@} route-map WORD @{import|export@}} {}
|
| 199 | This set of commands can be used to specify the route-map that
|
| 200 | represents the Import or Export policy of a peer which is
|
| 201 | configured as a RS-client (with the previous command).
|
| 202 | @end deffn
|
| 203 |
|
| 204 | @deffn {Route-Server} {match peer @{A.B.C.D|X:X::X:X@}} {}
|
| 205 | This is a new @emph{match} statement for use in route-maps, enabling them to
|
| 206 | describe import/export policies. As we said before, an import/export policy
|
| 207 | represents a set of input/output filters of the RS-client. This statement
|
| 208 | makes possible that a single route-map represents the full set of filters
|
| 209 | that a BGP speaker would use for its different peers in a non-RS scenario.
|
| 210 |
|
| 211 | The @emph{match peer} statement has different semantics whether it is used
|
| 212 | inside an import or an export route-map. In the first case the statement
|
| 213 | matches if the address of the peer who sends the announce is the same that
|
| 214 | the address specified by @{A.B.C.D|X:X::X:X@}. For export route-maps it
|
| 215 | matches when @{A.B.C.D|X:X::X:X@} is the address of the RS-Client into whose
|
| 216 | Loc-RIB the announce is going to be inserted (how the same export policy is
|
| 217 | applied before different Loc-RIBs is shown in @ref{fig:rs-processing}.).
|
| 218 | @end deffn
|
| 219 |
|
| 220 | @deffn {Route-map Command} {call @var{WORD}} {}
|
| 221 | This command (also used inside a route-map) jumps into a different
|
| 222 | route-map, whose name is specified by @var{WORD}. When the called
|
| 223 | route-map finishes, depending on its result the original route-map
|
| 224 | continues or not. Apart from being useful for making import/export
|
| 225 | route-maps easier to write, this command can also be used inside
|
| 226 | any normal (in or out) route-map.
|
| 227 | @end deffn
|
| 228 |
|
| 229 | @node Example of Route Server Configuration
|
| 230 | @section Example of Route Server Configuration
|
| 231 |
|
| 232 | Finally we are going to show how to configure a Quagga daemon to act as a
|
| 233 | Route Server. For this purpose we are going to present a scenario without
|
| 234 | route server, and then we will show how to use the configurations of the BGP
|
| 235 | routers to generate the configuration of the route server.
|
| 236 |
|
| 237 | All the configuration files shown in this section have been taken
|
| 238 | from scenarios which were tested using the VNUML tool
|
| 239 | @uref{http://www.dit.upm.es/vnuml,VNUML}.
|
| 240 |
|
| 241 | @menu
|
| 242 | * Configuration of the BGP routers without Route Server::
|
| 243 | * Configuration of the BGP routers with Route Server::
|
| 244 | * Configuration of the Route Server itself::
|
| 245 | * Further considerations about Import and Export route-maps::
|
| 246 | @end menu
|
| 247 |
|
| 248 | @node Configuration of the BGP routers without Route Server
|
| 249 | @subsection Configuration of the BGP routers without Route Server
|
| 250 |
|
| 251 | We will suppose that our initial scenario is an exchange point with three
|
| 252 | BGP capable routers, named RA, RB and RC. Each of the BGP speakers generates
|
| 253 | some routes (with the @var{network} command), and establishes BGP peerings
|
| 254 | against the other two routers. These peerings have In and Out route-maps
|
| 255 | configured, named like ``PEER-X-IN'' or ``PEER-X-OUT''. For example the
|
| 256 | configuration file for router RA could be the following:
|
| 257 |
|
| 258 | @example
|
| 259 | #Configuration for router 'RA'
|
| 260 | !
|
| 261 | hostname RA
|
| 262 | password ****
|
| 263 | !
|
| 264 | router bgp 65001
|
| 265 | no bgp default ipv4-unicast
|
| 266 | neighbor 2001:0DB8::B remote-as 65002
|
| 267 | neighbor 2001:0DB8::C remote-as 65003
|
| 268 | !
|
| 269 | address-family ipv6
|
| 270 | network 2001:0DB8:AAAA:1::/64
|
| 271 | network 2001:0DB8:AAAA:2::/64
|
| 272 | network 2001:0DB8:0000:1::/64
|
| 273 | network 2001:0DB8:0000:2::/64
|
| 274 |
|
| 275 | neighbor 2001:0DB8::B activate
|
| 276 | neighbor 2001:0DB8::B soft-reconfiguration inbound
|
| 277 | neighbor 2001:0DB8::B route-map PEER-B-IN in
|
| 278 | neighbor 2001:0DB8::B route-map PEER-B-OUT out
|
| 279 |
|
| 280 | neighbor 2001:0DB8::C activate
|
| 281 | neighbor 2001:0DB8::C soft-reconfiguration inbound
|
| 282 | neighbor 2001:0DB8::C route-map PEER-C-IN in
|
| 283 | neighbor 2001:0DB8::C route-map PEER-C-OUT out
|
| 284 | exit-address-family
|
| 285 | !
|
| 286 | ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
|
| 287 | ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
|
| 288 | !
|
| 289 | ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
|
| 290 | ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
|
| 291 | !
|
| 292 | ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
|
| 293 | ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
|
| 294 | !
|
| 295 | ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
|
| 296 | ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
|
| 297 | !
|
| 298 | route-map PEER-B-IN permit 10
|
| 299 | match ipv6 address prefix-list COMMON-PREFIXES
|
| 300 | set metric 100
|
| 301 | route-map PEER-B-IN permit 20
|
| 302 | match ipv6 address prefix-list PEER-B-PREFIXES
|
| 303 | set community 65001:11111
|
| 304 | !
|
| 305 | route-map PEER-C-IN permit 10
|
| 306 | match ipv6 address prefix-list COMMON-PREFIXES
|
| 307 | set metric 200
|
| 308 | route-map PEER-C-IN permit 20
|
| 309 | match ipv6 address prefix-list PEER-C-PREFIXES
|
| 310 | set community 65001:22222
|
| 311 | !
|
| 312 | route-map PEER-B-OUT permit 10
|
| 313 | match ipv6 address prefix-list PEER-A-PREFIXES
|
| 314 | !
|
| 315 | route-map PEER-C-OUT permit 10
|
| 316 | match ipv6 address prefix-list PEER-A-PREFIXES
|
| 317 | !
|
| 318 | line vty
|
| 319 | !
|
| 320 | @end example
|
| 321 |
|
| 322 | @node Configuration of the BGP routers with Route Server
|
| 323 | @subsection Configuration of the BGP routers with Route Server
|
| 324 |
|
| 325 | To convert the initial scenario into one with route server, first we must
|
| 326 | modify the configuration of routers RA, RB and RC. Now they must not peer
|
| 327 | between them, but only with the route server. For example, RA's
|
| 328 | configuration would turn into:
|
| 329 |
|
| 330 | @example
|
| 331 | # Configuration for router 'RA'
|
| 332 | !
|
| 333 | hostname RA
|
| 334 | password ****
|
| 335 | !
|
| 336 | router bgp 65001
|
| 337 | no bgp default ipv4-unicast
|
| 338 | neighbor 2001:0DB8::FFFF remote-as 65000
|
| 339 | !
|
| 340 | address-family ipv6
|
| 341 | network 2001:0DB8:AAAA:1::/64
|
| 342 | network 2001:0DB8:AAAA:2::/64
|
| 343 | network 2001:0DB8:0000:1::/64
|
| 344 | network 2001:0DB8:0000:2::/64
|
| 345 |
|
| 346 | neighbor 2001:0DB8::FFFF activate
|
| 347 | neighbor 2001:0DB8::FFFF soft-reconfiguration inbound
|
| 348 | exit-address-family
|
| 349 | !
|
| 350 | line vty
|
| 351 | !
|
| 352 | @end example
|
| 353 |
|
| 354 | Which is logically much simpler than its initial configuration, as it now
|
| 355 | maintains only one BGP peering and all the filters (route-maps) have
|
| 356 | disappeared.
|
| 357 |
|
| 358 | @node Configuration of the Route Server itself
|
| 359 | @subsection Configuration of the Route Server itself
|
| 360 |
|
| 361 | As we said when we described the functions of a route server
|
| 362 | (@pxref{Description of the Route Server model}), it is in charge of all the
|
| 363 | route filtering. To achieve that, the In and Out filters from the RA, RB and
|
| 364 | RC configurations must be converted into Import and Export policies in the
|
| 365 | route server.
|
| 366 |
|
| 367 | This is a fragment of the route server configuration (we only show
|
| 368 | the policies for client RA):
|
| 369 |
|
| 370 | @example
|
| 371 | # Configuration for Route Server ('RS')
|
| 372 | !
|
| 373 | hostname RS
|
| 374 | password ix
|
| 375 | !
|
| 376 | bgp multiple-instance
|
| 377 | !
|
| 378 | router bgp 65000 view RS
|
| 379 | no bgp default ipv4-unicast
|
| 380 | neighbor 2001:0DB8::A remote-as 65001
|
| 381 | neighbor 2001:0DB8::B remote-as 65002
|
| 382 | neighbor 2001:0DB8::C remote-as 65003
|
| 383 | !
|
| 384 | address-family ipv6
|
| 385 | neighbor 2001:0DB8::A activate
|
| 386 | neighbor 2001:0DB8::A route-server-client
|
| 387 | neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
|
| 388 | neighbor 2001:0DB8::A route-map RSCLIENT-A-EXPORT export
|
| 389 | neighbor 2001:0DB8::A soft-reconfiguration inbound
|
| 390 |
|
| 391 | neighbor 2001:0DB8::B activate
|
| 392 | neighbor 2001:0DB8::B route-server-client
|
| 393 | neighbor 2001:0DB8::B route-map RSCLIENT-B-IMPORT import
|
| 394 | neighbor 2001:0DB8::B route-map RSCLIENT-B-EXPORT export
|
| 395 | neighbor 2001:0DB8::B soft-reconfiguration inbound
|
| 396 |
|
| 397 | neighbor 2001:0DB8::C activate
|
| 398 | neighbor 2001:0DB8::C route-server-client
|
| 399 | neighbor 2001:0DB8::C route-map RSCLIENT-C-IMPORT import
|
| 400 | neighbor 2001:0DB8::C route-map RSCLIENT-C-EXPORT export
|
| 401 | neighbor 2001:0DB8::C soft-reconfiguration inbound
|
| 402 | exit-address-family
|
| 403 | !
|
| 404 | ipv6 prefix-list COMMON-PREFIXES seq 5 permit 2001:0DB8:0000::/48 ge 64 le 64
|
| 405 | ipv6 prefix-list COMMON-PREFIXES seq 10 deny any
|
| 406 | !
|
| 407 | ipv6 prefix-list PEER-A-PREFIXES seq 5 permit 2001:0DB8:AAAA::/48 ge 64 le 64
|
| 408 | ipv6 prefix-list PEER-A-PREFIXES seq 10 deny any
|
| 409 | !
|
| 410 | ipv6 prefix-list PEER-B-PREFIXES seq 5 permit 2001:0DB8:BBBB::/48 ge 64 le 64
|
| 411 | ipv6 prefix-list PEER-B-PREFIXES seq 10 deny any
|
| 412 | !
|
| 413 | ipv6 prefix-list PEER-C-PREFIXES seq 5 permit 2001:0DB8:CCCC::/48 ge 64 le 64
|
| 414 | ipv6 prefix-list PEER-C-PREFIXES seq 10 deny any
|
| 415 | !
|
| 416 | route-map RSCLIENT-A-IMPORT permit 10
|
| 417 | match peer 2001:0DB8::B
|
| 418 | call A-IMPORT-FROM-B
|
| 419 | route-map RSCLIENT-A-IMPORT permit 20
|
| 420 | match peer 2001:0DB8::C
|
| 421 | call A-IMPORT-FROM-C
|
| 422 | !
|
| 423 | route-map A-IMPORT-FROM-B permit 10
|
| 424 | match ipv6 address prefix-list COMMON-PREFIXES
|
| 425 | set metric 100
|
| 426 | route-map A-IMPORT-FROM-B permit 20
|
| 427 | match ipv6 address prefix-list PEER-B-PREFIXES
|
| 428 | set community 65001:11111
|
| 429 | !
|
| 430 | route-map A-IMPORT-FROM-C permit 10
|
| 431 | match ipv6 address prefix-list COMMON-PREFIXES
|
| 432 | set metric 200
|
| 433 | route-map A-IMPORT-FROM-C permit 20
|
| 434 | match ipv6 address prefix-list PEER-C-PREFIXES
|
| 435 | set community 65001:22222
|
| 436 | !
|
| 437 | route-map RSCLIENT-A-EXPORT permit 10
|
| 438 | match peer 2001:0DB8::B
|
| 439 | match ipv6 address prefix-list PEER-A-PREFIXES
|
| 440 | route-map RSCLIENT-A-EXPORT permit 20
|
| 441 | match peer 2001:0DB8::C
|
| 442 | match ipv6 address prefix-list PEER-A-PREFIXES
|
| 443 | !
|
| 444 | ...
|
| 445 | ...
|
| 446 | ...
|
| 447 | @end example
|
| 448 |
|
| 449 | If you compare the initial configuration of RA with the route server
|
| 450 | configuration above, you can see how easy it is to generate the Import and
|
| 451 | Export policies for RA from the In and Out route-maps of RA's original
|
| 452 | configuration.
|
| 453 |
|
| 454 | When there was no route server, RA maintained two peerings, one with RB and
|
| 455 | another with RC. Each of this peerings had an In route-map configured. To
|
| 456 | build the Import route-map for client RA in the route server, simply add
|
| 457 | route-map entries following this scheme:
|
| 458 |
|
| 459 | @example
|
| 460 | route-map <NAME> permit 10
|
| 461 | match peer <Peer Address>
|
| 462 | call <In Route-Map for this Peer>
|
| 463 | route-map <NAME> permit 20
|
| 464 | match peer <Another Peer Address>
|
| 465 | call <In Route-Map for this Peer>
|
| 466 | @end example
|
| 467 |
|
| 468 | This is exactly the process that has been followed to generate the route-map
|
| 469 | RSCLIENT-A-IMPORT. The route-maps that are called inside it (A-IMPORT-FROM-B
|
| 470 | and A-IMPORT-FROM-C) are exactly the same than the In route-maps from the
|
| 471 | original configuration of RA (PEER-B-IN and PEER-C-IN), only the name is
|
| 472 | different.
|
| 473 |
|
| 474 | The same could have been done to create the Export policy for RA (route-map
|
| 475 | RSCLIENT-A-EXPORT), but in this case the original Out route-maps where so
|
| 476 | simple that we decided not to use the @var{call WORD} commands, and we
|
| 477 | integrated all in a single route-map (RSCLIENT-A-EXPORT).
|
| 478 |
|
| 479 | The Import and Export policies for RB and RC are not shown, but
|
| 480 | the process would be identical.
|
| 481 |
|
| 482 | @node Further considerations about Import and Export route-maps
|
| 483 | @subsection Further considerations about Import and Export route-maps
|
| 484 |
|
| 485 | The current version of the route server patch only allows to specify a
|
| 486 | route-map for import and export policies, while in a standard BGP speaker
|
| 487 | apart from route-maps there are other tools for performing input and output
|
| 488 | filtering (access-lists, community-lists, ...). But this does not represent
|
| 489 | any limitation, as all kinds of filters can be included in import/export
|
| 490 | route-maps. For example suppose that in the non-route-server scenario peer
|
| 491 | RA had the following filters configured for input from peer B:
|
| 492 |
|
| 493 | @example
|
| 494 | neighbor 2001:0DB8::B prefix-list LIST-1 in
|
| 495 | neighbor 2001:0DB8::B filter-list LIST-2 in
|
| 496 | neighbor 2001:0DB8::B route-map PEER-B-IN in
|
| 497 | ...
|
| 498 | ...
|
| 499 | route-map PEER-B-IN permit 10
|
| 500 | match ipv6 address prefix-list COMMON-PREFIXES
|
| 501 | set local-preference 100
|
| 502 | route-map PEER-B-IN permit 20
|
| 503 | match ipv6 address prefix-list PEER-B-PREFIXES
|
| 504 | set community 65001:11111
|
| 505 | @end example
|
| 506 |
|
| 507 | It is posible to write a single route-map which is equivalent to
|
| 508 | the three filters (the community-list, the prefix-list and the
|
| 509 | route-map). That route-map can then be used inside the Import
|
| 510 | policy in the route server. Lets see how to do it:
|
| 511 |
|
| 512 | @example
|
| 513 | neighbor 2001:0DB8::A route-map RSCLIENT-A-IMPORT import
|
| 514 | ...
|
| 515 | !
|
| 516 | ...
|
| 517 | route-map RSCLIENT-A-IMPORT permit 10
|
| 518 | match peer 2001:0DB8::B
|
| 519 | call A-IMPORT-FROM-B
|
| 520 | ...
|
| 521 | ...
|
| 522 | !
|
| 523 | route-map A-IMPORT-FROM-B permit 1
|
| 524 | match ipv6 address prefix-list LIST-1
|
| 525 | match as-path LIST-2
|
| 526 | on-match goto 10
|
| 527 | route-map A-IMPORT-FROM-B deny 2
|
| 528 | route-map A-IMPORT-FROM-B permit 10
|
| 529 | match ipv6 address prefix-list COMMON-PREFIXES
|
| 530 | set local-preference 100
|
| 531 | route-map A-IMPORT-FROM-B permit 20
|
| 532 | match ipv6 address prefix-list PEER-B-PREFIXES
|
| 533 | set community 65001:11111
|
| 534 | !
|
| 535 | ...
|
| 536 | ...
|
| 537 | @end example
|
| 538 |
|
| 539 | The route-map A-IMPORT-FROM-B is equivalent to the three filters
|
| 540 | (LIST-1, LIST-2 and PEER-B-IN). The first entry of route-map
|
| 541 | A-IMPORT-FROM-B (sequence number 1) matches if and only if both
|
| 542 | the prefix-list LIST-1 and the filter-list LIST-2 match. If that
|
| 543 | happens, due to the ``on-match goto 10'' statement the next
|
| 544 | route-map entry to be processed will be number 10, and as of that
|
| 545 | point route-map A-IMPORT-FROM-B is identical to PEER-B-IN. If
|
| 546 | the first entry does not match, `on-match goto 10'' will be
|
| 547 | ignored and the next processed entry will be number 2, which will
|
| 548 | deny the route.
|
| 549 |
|
| 550 | Thus, the result is the same that with the three original filters,
|
| 551 | i.e., if either LIST-1 or LIST-2 rejects the route, it does not
|
| 552 | reach the route-map PEER-B-IN. In case both LIST-1 and LIST-2
|
| 553 | accept the route, it passes to PEER-B-IN, which can reject, accept
|
| 554 | or modify the route.
|