1BGPQ4(8) BSD System Manager's Manual BGPQ4(8)
2
4 bgpq4 — bgp filtering automation tool
5
7 bgpq4 [-h host[:port]] [-S sources] [-EPz] [-f asn | -F fmt | -G asn -t]
8 [-46ABbDdJjNnsXU] [-a asn] [-r len] [-R len] [-m max] [-W len]
9 OBJECTS [...] [EXCEPT OBJECTS]
10
12 The bgpq4 utility used to generate configurations (prefix-lists, extended
13 access-lists, policy-statement terms and as-path lists) based on RADB
14 data.
15 The options are as follows:
17 -4 generate IPv4 prefix/access-lists (default).
19 -6 generate IPv6 prefix/access-lists (IPv4 by default).
21 -A try to aggregate prefix-lists as much as possible (not all output
23 formats supported).
24 -a asn specify what asn shall be denied in case of empty prefix-list
26 (OpenBGPD)
27 -B generate output in OpenBGPD format (default: Cisco)
29 -b generate output in BIRD format (default: Cisco).
31 -d enable some debugging output.
33 -e generate output in Arista EOS format (default: Cisco).
35 -E generate extended access-list (Cisco), policy-statement term us‐
37 ing route-filters (Juniper), [ip|ipv6]-prefix-list (Nokia) or
38 prefix-sets (OpenBGPd).
39 -f number
41 generate input as-path access-list.
42 -F fmt generate output in user-defined format.
44 -G number
46 generate output as-path access-list.
47 -h host[:port]
49 host running IRRD database (default: rr.ntt.net).
50 -J generate config for Juniper (default: Cisco).
52 -j generate output in JSON format (default: Cisco).
54 -K generate config for Mikrotik (default: Cisco).
56 -l name
58 name of generated entry.
59 -L limit
61 limit recursion depth when expanding as-sets.
62 -m len maximum prefix-length of accepted prefixes (default: 32 for IPv4
64 and 128 for IPv6).
65 -M match
67 extra match conditions for Juniper route-filters.
68 -n generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
70 -N generate config for Nokia SR OS classic CLI (Cisco IOS by de‐
72 fault).
73 -p accept routes registered for private ASNs (default: disabled)
75 -P generate prefix-list (default, backward compatibility).
77 -r len allow more specific routes starting with specified masklen too.
79 -R len allow more specific routes up to specified masklen too.
81 -s generate sequence numbers in IOS-style prefix-lists.
83 -S sources
85 use specified sources only (recommended: RADB,RIPE,APNIC).
86 -t generate as-sets for OpenBGPd, BIRD and JSON formats.
88 -T disable pipelining (not recommended).
90 -W len generate as-path strings of no more than len items (use 0 for in‐
92 ifinity).
93 -U generate config for Huawei devices (Cisco IOS by default)
95 -X generate config for Cisco IOS XR devices (plain IOS by default).
97 -z generate route-filter-lists (JunOS 16.2+).
99 OBJECTS
101 means networks (in prefix format), autonomous systems, as-sets
102 and route-sets.
103 EXCEPT OBJECTS
105 those objects will be excluded from expansion.
106
108 Generating named juniper prefix-filter for AS20597:
109 $ bgpq4 -Jl eltel AS20597
111 policy-options {
112 replace:
113 prefix-list eltel {
114 81.9.0.0/20;
115 81.9.32.0/20;
116 81.9.96.0/20;
117 81.222.128.0/20;
118 81.222.192.0/18;
119 85.249.8.0/21;
120 85.249.224.0/19;
121 89.112.0.0/19;
122 89.112.4.0/22;
123 89.112.32.0/19;
124 89.112.64.0/19;
125 217.170.64.0/20;
126 217.170.80.0/20;
127 }
128 }
129 For Cisco we can use aggregation (-A) flag to make this prefix-filter
131 more compact:
132 $ bgpq4 -Al eltel AS20597
134 no ip prefix-list eltel
135 ip prefix-list eltel permit 81.9.0.0/20
136 ip prefix-list eltel permit 81.9.32.0/20
137 ip prefix-list eltel permit 81.9.96.0/20
138 ip prefix-list eltel permit 81.222.128.0/20
139 ip prefix-list eltel permit 81.222.192.0/18
140 ip prefix-list eltel permit 85.249.8.0/21
141 ip prefix-list eltel permit 85.249.224.0/19
142 ip prefix-list eltel permit 89.112.0.0/18 ge 19 le 19
143 ip prefix-list eltel permit 89.112.4.0/22
144 ip prefix-list eltel permit 89.112.64.0/19
145 ip prefix-list eltel permit 217.170.64.0/19 ge 20 le 20
146 - you see, prefixes 89.112.0.0/19 and 89.112.32.0/19 now aggregated into
147 single entry 89.112.0.0/18 ge 19 le 19.
148 Well, for Juniper we can generate even more interesting policy-options,
150 using -M <extra match conditions>, -R <len> and hierarchical names:
151 $ bgpq4 -AJEl eltel/specifics -r 29 -R 32 -M "community blackhole" AS20597
153 policy-options {
154 policy-statement eltel {
155 term specifics {
156 replace:
157 from {
158 community blackhole;
159 route-filter 81.9.0.0/20 prefix-length-range /29-/32;
160 route-filter 81.9.32.0/20 prefix-length-range /29-/32;
161 route-filter 81.9.96.0/20 prefix-length-range /29-/32;
162 route-filter 81.222.128.0/20 prefix-length-range /29-/32;
163 route-filter 81.222.192.0/18 prefix-length-range /29-/32;
164 route-filter 85.249.8.0/21 prefix-length-range /29-/32;
165 route-filter 85.249.224.0/19 prefix-length-range /29-/32;
166 route-filter 89.112.0.0/17 prefix-length-range /29-/32;
167 route-filter 217.170.64.0/19 prefix-length-range /29-/32;
168 }
169 }
170 }
171 }
172 generated policy-option term now allows all specifics with prefix-length
173 between /29 and /32 for eltel networks if they match with special commu‐
174 nity blackhole (defined elsewhere in configuration).
175 Of course, this version supports IPv6 (-6):
177 $ bgpq4 -6l as-retn-6 AS-RETN6
179 no ipv6 prefix-list as-retn-6
180 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe00::/48
181 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe01::/48
182 [....]
183 and assumes your device supports 32-bit ASNs
184 $ bgpq4 -Jf 112 AS-SPACENET
186 policy-options {
187 replace:
188 as-path-group NN {
189 as-path a0 "^112(112)*$";
190 as-path a1 "^112(.)*(1898|5539|8495|8763|8878|12136|12931|15909)$";
191 as-path a2 "^112(.)*(21358|23456|23600|24151|25152|31529|34127|34906)$";
192 as-path a3 "^112(.)*(35052|41720|43628|44450|196611)$";
193 }
194 }
195 see `AS196611` in the end of the list ? That's a 32-bit ASN.
196
198 If you want to generate configuration not for routers, but for some other
199 programs/systems, you may use user-defined formatting, like in example
200 below:
201 $ bgpq4 -F "ipfw add pass all from %n/%l to any\n" as3254
203 ipfw add pass all from 62.244.0.0/18 to any
204 ipfw add pass all from 91.219.29.0/24 to any
205 ipfw add pass all from 91.219.30.0/24 to any
206 ipfw add pass all from 193.193.192.0/19 to any
207 Recognized format characters: %n - network, %l - mask length, %a - aggre‐
209 gate low mask length, %A - aggregate high mask length, %N - object name,
210 %m - object mask and %i - inversed mask. Recognized escape characters:
211 \n - new line, \t - tabulation. Please note that no new lines inserted
212 automatically after each sentence, you have to add them into format
213 string manually, elsewhere output will be in one line (sometimes it makes
214 sense):
215 $ bgpq4 -6F "%n/%l; " as-eltel
217 2001:1b00::/32; 2620:4f:8000::/48; 2a04:bac0::/29; 2a05:3a80::/48;
218
220 When everything is OK, bgpq4 generates access-list to standard output and
221 exits with status == 0. In case of errors they are printed to stderr and
222 program exits with non-zero status.
223
225 https://github.com/bgp/bgpq4 BGPQ4 on Github.
226
228 Job Snijders <job@sobornost.net>
229BSD December 23, 2020 BSD