1BGPQ3(8) BSD System Manager's Manual BGPQ3(8)
2
4 bgpq3 — bgp filtering automation for cisco and juniper routers
5
7 bgpq3 [-h host] [-S sources] [-EP] [-f asn | -G asn] [-346AbDdJjX]
8 [-r len] [-R len] [-m max] [-W len] OBJECTS [...]
9
11 The bgpq3 utility used to generate Cisco and Juniper prefix-lists,
12 extended access-lists, policy-statement terms and as-path lists based on
13 RADB data.
14 The options are as follows:
16 -3 assume that your device is asn32-safe.
18 -4 generate IPv4 prefix/access-lists (default).
20 -6 generate IPv6 prefix/access-lists (IPv4 by default).
22 -A try to aggregate prefix-lists as much as possible (not all output
24 formats supported).
25 -b generate output in BIRD format (default: Cisco).
27 -d enable some debugging output.
29 -D use asdot notation for Cisco as-path access-lists.
31 -E generate extended access-list (Cisco) or policy-statement term
33 using route-filters (Juniper).
34 -f number
36 generate input as-path access-list.
37 -G number
39 generate output as-path access-list.
40 -h host
42 host running IRRD database (default: whois.radb.net).
43 -J generate config for Juniper (default: Cisco).
45 -j generate output in JSON format (default: Cisco).
47 -m len maximum prefix-length of accepted prefixes (default: 32 for IPv4
49 and 128 for IPv6).
50 -M match
52 extra match conditions for Juniper route-filters.
53 -l name
55 name of generated entry.
56 -P generate prefix-list (default, backward compatibility).
58 -r len allow more specific routes starting with specified masklen too.
60 -R len allow more specific routes up to specified masklen too.
62 -S sources
64 use specified sources only (default: RADB,RIPE,APNIC).
65 -T disable pipelining.
67 -W len generate as-path strings of no more than len items (use 0 for
69 inifinity).
70 -X generate config for Cisco IOS XR devices (plain IOS by default).
72 OBJECTS
74 means networks (in prefix format), autonomous systems, as-sets
75 and route-sets.
76
78 Generating named juniper prefix-filter for AS20597:
79 ~>bgpq3 -Jl eltel AS20597
80 policy-options {
81 replace:
82 prefix-list eltel {
83 81.9.0.0/20;
84 81.9.32.0/20;
85 81.9.96.0/20;
86 81.222.128.0/20;
87 81.222.192.0/18;
88 85.249.8.0/21;
89 85.249.224.0/19;
90 89.112.0.0/19;
91 89.112.4.0/22;
92 89.112.32.0/19;
93 89.112.64.0/19;
94 217.170.64.0/20;
95 217.170.80.0/20;
96 }
97 }
98 For Cisco we can use aggregation (-A) flag to make this prefix-filter
100 more compact:
101 ~>bgpq3 -Al eltel AS20597
102 no ip prefix-list eltel
103 ip prefix-list eltel permit 81.9.0.0/20
104 ip prefix-list eltel permit 81.9.32.0/20
105 ip prefix-list eltel permit 81.9.96.0/20
106 ip prefix-list eltel permit 81.222.128.0/20
107 ip prefix-list eltel permit 81.222.192.0/18
108 ip prefix-list eltel permit 85.249.8.0/21
109 ip prefix-list eltel permit 85.249.224.0/19
110 ip prefix-list eltel permit 89.112.0.0/18 ge 19 le 19
111 ip prefix-list eltel permit 89.112.4.0/22
112 ip prefix-list eltel permit 89.112.64.0/19
113 ip prefix-list eltel permit 217.170.64.0/19 ge 20 le 20
114 - you see, prefixes 89.112.0.0/19 and 89.112.32.0/19 now aggregated into
115 single entry 89.112.0.0/18 ge 19 le 19.
116 Well, for Juniper we can generate even more interesting policy-options,
118 using -M <extra match conditions>, -R <len> and hierarchical names:
119 policy-options {
120 policy-statement eltel {
121 term specifics {
122 replace:
123 from {
124 community blackhole;
125 route-filter 81.9.0.0/20 prefix-length-range /29-/32;
126 route-filter 81.9.32.0/20 prefix-length-range /29-/32;
127 route-filter 81.9.96.0/20 prefix-length-range /29-/32;
128 route-filter 81.222.128.0/20 prefix-length-range /29-/32;
129 route-filter 81.222.192.0/18 prefix-length-range /29-/32;
130 route-filter 85.249.8.0/21 prefix-length-range /29-/32;
131 route-filter 85.249.224.0/19 prefix-length-range /29-/32;
132 route-filter 89.112.0.0/17 prefix-length-range /29-/32;
133 route-filter 217.170.64.0/19 prefix-length-range /29-/32;
134 }
135 }
136 }
137 }
138 generated policy-option term now allows all specifics with prefix-length
139 between /29 and /32 for eltel networks if they match with special commu‐
140 nity
141 Of course, this version supports IPv6 (-6):
143 ~>bgpq3 -6l as-retn-6 AS-RETN6
144 no ipv6 prefix-list as-retn-6
145 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe00::/48
146 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe01::/48
147 [....]
148 and support for ASN 32 is also here
149 ~>bgpq3 -J3f 112 AS-SPACENET
150 policy-options {
151 replace:
152 as-path-group NN {
153 as-path a0 "^112(112)*$";
154 as-path a1 "^112(.)*(1898|5539|8495|8763|8878|12136|12931|15909)$";
155 as-path a2 "^112(.)*(21358|23456|23600|24151|25152|31529|34127|34906)$";
156 as-path a3 "^112(.)*(35052|41720|43628|44450|196611)$";
157 }
158 }
159 see AS196611 in the end of the list ? That's AS3.3 in 'asplain' notation.
160 For non-ASN32 capable routers you should not use switch -3, and the
162 result will be next:
163 ~>bgpq3 -f 112 AS-SPACENET
164 no ip as-path access-list NN
165 ip as-path access-list NN permit ^112(_112)*$
166 ip as-path access-list NN permit ^112(_[0-9]+)*_(1898|5539|8495|8763)$
167 ip as-path access-list NN permit ^112(_[0-9]+)*_(8878|12136|12931|15909)$
168 ip as-path access-list NN permit ^112(_[0-9]+)*_(21358|23456|23600|24151)$
169 ip as-path access-list NN permit ^112(_[0-9]+)*_(25152|31529|34127|34906)$
170 ip as-path access-list NN permit ^112(_[0-9]+)*_(35052|41720|43628|44450)$
171 AS196611 is no more in the list, however, AS23456 (transition AS) would
173 be added to list if it were not present.
174
176 When everything is OK, bgpq3 generates access-list to standard output and
177 exits with status == 0. In case of errors they are printed to stderr and
178 program exits with non-zero status.
179
181 http://www.radb.net/ Routing Arbiter project
182 http://tools.ietf.org/html/draft-michaelson-4byte-as-representation-05
183 for information on 'asdot' and 'asplain' notations.
184 http://www.cisco.com/en/US/docs/ios/12_0s/release/ntes/120SNEWF.html#wp3521658
185 for information on Cisco implementation of ASN32.
186
188 Alexandre Snarskii <snar@snar.spb.ru>
189BSD Oct 27, 2008 BSD