1BGPQ4(8) BSD System Manager's Manual BGPQ4(8)
2
4 bgpq4 — bgp filtering automation tool
5
7 bgpq4 [-h host[:port]] [-S sources] [-EPz] [-f asn | -F fmt | -G asn -t]
8 [-46ABbDdJjNnsXU] [-a asn] [-r len] [-R len] [-m max] [-W len]
9 OBJECTS [...] [EXCEPT OBJECTS]
10
12 The bgpq4 utility used to generate configurations (prefix-lists, extended
13 access-lists, policy-statement terms and as-path lists) based on RADB
14 data.
15 The options are as follows:
17 -4 generate IPv4 prefix/access-lists (default).
19 -6 generate IPv6 prefix/access-lists (IPv4 by default).
21 -A try to aggregate prefix-lists as much as possible (not all output
23 formats supported).
24 -a asn specify what asn shall be denied in case of empty prefix-list
26 (OpenBGPD)
27 -B generate output in OpenBGPD format (default: Cisco)
29 -b generate output in BIRD format (default: Cisco).
31 -d enable some debugging output.
33 -E generate extended access-list (Cisco), policy-statement term
35 using route-filters (Juniper), [ip|ipv6]-prefix-list (Nokia) or
36 prefix-sets (OpenBGPd).
37 -f number
39 generate input as-path access-list.
40 -F fmt generate output in user-defined format.
42 -G number
44 generate output as-path access-list.
45 -h host[:port]
47 host running IRRD database (default: rr.ntt.net).
48 -J generate config for Juniper (default: Cisco).
50 -j generate output in JSON format (default: Cisco).
52 -K generate config for Mikrotik (default: Cisco).
54 -l name
56 name of generated entry.
57 -L limit
59 limit recursion depth when expanding as-sets.
60 -m len maximum prefix-length of accepted prefixes (default: 32 for IPv4
62 and 128 for IPv6).
63 -M match
65 extra match conditions for Juniper route-filters.
66 -n generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
68 -N generate config for Nokia SR OS classic CLI (Cisco IOS by
70 default).
71 -p accept routes registered for private ASNs (default: disabled)
73 -P generate prefix-list (default, backward compatibility).
75 -r len allow more specific routes starting with specified masklen too.
77 -R len allow more specific routes up to specified masklen too.
79 -s generate sequence numbers in IOS-style prefix-lists.
81 -S sources
83 use specified sources only (recommended: RADB,RIPE,APNIC).
84 -t generate as-sets for OpenBGPD (OpenBSD 6.4+), BIRD and JSON for‐
86 mats.
87 -T disable pipelining (not recommended).
89 -W len generate as-path strings of no more than len items (use 0 for
91 inifinity).
92 -U generate config for Huawei devices (Cisco IOS by default)
94 -X generate config for Cisco IOS XR devices (plain IOS by default).
96 -z generate route-filter-lists (JunOS 16.2+).
98 OBJECTS
100 means networks (in prefix format), autonomous systems, as-sets
101 and route-sets.
102 EXCEPT OBJECTS
104 those objects will be excluded from expansion.
105
107 Generating named juniper prefix-filter for AS20597:
108 $ bgpq4 -Jl eltel AS20597
109 policy-options {
110 replace:
111 prefix-list eltel {
112 81.9.0.0/20;
113 81.9.32.0/20;
114 81.9.96.0/20;
115 81.222.128.0/20;
116 81.222.192.0/18;
117 85.249.8.0/21;
118 85.249.224.0/19;
119 89.112.0.0/19;
120 89.112.4.0/22;
121 89.112.32.0/19;
122 89.112.64.0/19;
123 217.170.64.0/20;
124 217.170.80.0/20;
125 }
126 }
127 For Cisco we can use aggregation (-A) flag to make this prefix-filter
129 more compact:
130 $ bgpq4 -Al eltel AS20597
131 no ip prefix-list eltel
132 ip prefix-list eltel permit 81.9.0.0/20
133 ip prefix-list eltel permit 81.9.32.0/20
134 ip prefix-list eltel permit 81.9.96.0/20
135 ip prefix-list eltel permit 81.222.128.0/20
136 ip prefix-list eltel permit 81.222.192.0/18
137 ip prefix-list eltel permit 85.249.8.0/21
138 ip prefix-list eltel permit 85.249.224.0/19
139 ip prefix-list eltel permit 89.112.0.0/18 ge 19 le 19
140 ip prefix-list eltel permit 89.112.4.0/22
141 ip prefix-list eltel permit 89.112.64.0/19
142 ip prefix-list eltel permit 217.170.64.0/19 ge 20 le 20
143 - you see, prefixes 89.112.0.0/19 and 89.112.32.0/19 now aggregated into
144 single entry 89.112.0.0/18 ge 19 le 19.
145 Well, for Juniper we can generate even more interesting policy-options,
147 using -M <extra match conditions>, -R <len> and hierarchical names:
148 $ bgpq4 -AJEl eltel/specifics -r 29 -R 32 -M "community blackhole" AS20597
149 policy-options {
150 policy-statement eltel {
151 term specifics {
152 replace:
153 from {
154 community blackhole;
155 route-filter 81.9.0.0/20 prefix-length-range /29-/32;
156 route-filter 81.9.32.0/20 prefix-length-range /29-/32;
157 route-filter 81.9.96.0/20 prefix-length-range /29-/32;
158 route-filter 81.222.128.0/20 prefix-length-range /29-/32;
159 route-filter 81.222.192.0/18 prefix-length-range /29-/32;
160 route-filter 85.249.8.0/21 prefix-length-range /29-/32;
161 route-filter 85.249.224.0/19 prefix-length-range /29-/32;
162 route-filter 89.112.0.0/17 prefix-length-range /29-/32;
163 route-filter 217.170.64.0/19 prefix-length-range /29-/32;
164 }
165 }
166 }
167 }
168 generated policy-option term now allows all specifics with prefix-length
169 between /29 and /32 for eltel networks if they match with special commu‐
170 nity blackhole (defined elsewhere in configuration).
171 Of course, this version supports IPv6 (-6):
173 $ bgpq4 -6l as-retn-6 AS-RETN6
174 no ipv6 prefix-list as-retn-6
175 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe00::/48
176 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe01::/48
177 [....]
178 and assumes your device supports 32-bit ASNs
179 $ bgpq4 -Jf 112 AS-SPACENET
180 policy-options {
181 replace:
182 as-path-group NN {
183 as-path a0 "^112(112)*$";
184 as-path a1 "^112(.)*(1898|5539|8495|8763|8878|12136|12931|15909)$";
185 as-path a2 "^112(.)*(21358|23456|23600|24151|25152|31529|34127|34906)$";
186 as-path a3 "^112(.)*(35052|41720|43628|44450|196611)$";
187 }
188 }
189 see `AS196611` in the end of the list ? That's a 32-bit ASN.
190
192 If you want to generate configuration not for routers, but for some other
193 programs/systems, you may use user-defined formatting, like in example
194 below:
195 $ bgpq4 -F "ipfw add pass all from %n/%l to any\n" as3254
196 ipfw add pass all from 62.244.0.0/18 to any
197 ipfw add pass all from 91.219.29.0/24 to any
198 ipfw add pass all from 91.219.30.0/24 to any
199 ipfw add pass all from 193.193.192.0/19 to any
200 Recognized format characters: %n - network, %l - mask length, %a - aggre‐
202 gate low mask length, %A - aggregate high mask length, %N - object name,
203 %m - object mask and %i - inversed mask. Recognized escape characters:
204 \n - new line, \t - tabulation. Please note that no new lines inserted
205 automatically after each sentence, you have to add them into format
206 string manually, elsewhere output will be in one line (sometimes it makes
207 sense):
208 $ bgpq4 -6F "%n/%l; " as-eltel
209 2001:1b00::/32; 2620:4f:8000::/48; 2a04:bac0::/29; 2a05:3a80::/48;
210
212 When everything is OK, bgpq4 generates access-list to standard output and
213 exits with status == 0. In case of errors they are printed to stderr and
214 program exits with non-zero status.
215
217 https://github.com/bgp/bgpq4 BGPQ4 on Github.
218
220 Job Snijders <job@ntt.net>
221BSD Dec 1, 2019 BSD