[Xorp-hackers] BGP groups

Thomas Mangin thomas.mangin@exa-networks.co.uk
Mon, 31 Oct 2005 19:08:44 +0000


This is a Juniper BGP conf which use the some of the feature of the
language which are really nice when you have lots of sessions.

# show  protoocols bgp

apply-groups bgp-log;
path-selection always-compare-med;
damping;
remove-private;
graceful-restart;

group ibgp {
    type internal;
    inactive: traceoptions {
        file log-bgp-ibgp size 1m files 5;
    }
    local-address <IP>;
    import blackhole; ## Used to null route some tagged routes
    authentication-key "$....."; ## SECRET-DATA
    peer-as <ASN>;
    neighbor <IP>;
    neighbor <IP>;
}

group transit {
    type external;
    local-preference 75;
    remove-private;
    neighbor <IP> {
        inactive: traceoptions {
            file log-bgp-transit1 size 1m files 5;
        }
        local-address <IP>;
        import [ no-ix no-bogons no-small-prefixes tag-transit1 damping
local-preference-transit community-clear ];
        export [ originate export-transit export-transit1
community-clear next-hop-self ];
        peer-as <ASN>;
    }
    neighbor 212.187.136.41 {
        inactive: traceoptions {
            file log-bgp-transit2 size 1m files 5;
        }
        local-address <IP>;
        import [ no-ix no-bogons no-small-prefixes tag-transit2 damping
local-preference-transit community-clear ];
        export [ originate export-transit export-transit2
community-clear next-hop-self ];
        peer-as <ASN>;
    }
}

group internet_exchange {
    type external;
    traceoptions {
        file log-bgp-exchange size 1m files 5;
        flag all;
    }
    local-preference 150;
    local-address <IP>;
    import [ no-ix no-bogons no-small-prefixes tag-ix damping
local-preference-peer community-clear ];
    export [ originate export-peering export-ix community-clear
next-hop-self ];
    neighbor <IP> {
        apply-groups bgp-limit-50;
        description "IX / Route Collector";
        authentication-key "$...."; ## SECRET-DATA
        peer-as <ASN>;
    }
    neighbor <IP> {
        apply-groups bgp-limit-50;
        description "ISP Name / AS-MACRO";
        peer-as <ASN>;
    }
    neighbor <IP> {
        apply-groups bgp-limit-500;
        description "ISP Name / AS-MACRO";
        peer-as <ASN>;
    }
}

with

#show groups

bgp-log {
    protocols {
        bgp {
            traceoptions {
                file log-bgp size 1m files 5;
                flag state;
                flag normal;
                flag general;
            }
            log-updown;
            group <*> {
                traceoptions {
                    flag normal;
                    flag general;
                    flag state;
                }
                log-updown;
            }
        }
    }
}


bgp-limit-50 {
    protocols {
        bgp {
            group <*> {
                neighbor <*> {
                    family inet {
                        unicast {
                            prefix-limit {
                                maximum 50;
                                teardown 80;
                            }
                        }
                    }
                }
            }
        }
    }
}

....

Thomas