BGP Commands (FRR)

To create or modify a routing configuration file, you must use the correct routing commands. This topic includes a list of example BGP routing commands.

In Fireware v12.9 or higher, Fireware uses the Free Range Routing (FRR) routing engine, which replaces Quagga. If your configuration includes Quagga commands for dynamic routing, those commands work after you upgrade. Some FRR commands appear in a different section than in Quagga.

For BGP code samples, see Sample BGP Routing Configuration File (FRR).

To configure BGP, see Configure IPv4 and IPv6 Routing with BGP.

Fireware v12.8.x or lower uses the Quagga routing software suite. For a list of example Quagga commands, see BGP Commands (Quagga).

Example BGP Commands (FRR in Fireware v12.9 or Higher)

This list includes example FRR commands that you might include in your BGP configuration. For a complete list of FRR commands, see the FRRouting User Guide.

The sections must appear in the configuration file in the same order they appear in this table. Do not use BGP configuration parameters that you do not get from your ISP.

Section Command Description
Configure BGP Routing Daemon
  router bgp [ASN] Enable BGP daemon and set autonomous system number (ASN); this is supplied by your ISP.
  bgp router-id [A.B.C.D] Configure the router ID.
  ipv6 bgp network [A:B:C:D:E:F:G:H/M] Announce BGP on network.
  ipv6 bgp aggregate-prefix [A:B:C:D:E:F:G:H/M] Configure BGP aggregate entries.
  timers bgp [keepalive] [holdtime] Set the BGP keepalive time and the hold down time, in seconds. The default keepalive time is 60 seconds, and the default holdtime is 180 seconds. As a general rule, the holdtime should be three times the keepalive time.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] remote-as [ASN] Set neighbor as a member of remote ASN.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] timers connect [time] Set the BGP connection timer, in seconds.
  neighbor[A.B.C.D|A:B:C:D:E:F:G:H] bfd Set bidirectional forwarding (BFD) to detect faults between two routers or switches connected by a link (see Bidirectional Forwarding)
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] port 189 Set custom TCP port to communicate with BGP neighbor [A,B,C,D].
  neighbor [A.B.C.D] password [password] Set the password for MD5 authentication.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] ebgp-multihop Set neighbor on another network using EBGP multi-hop.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] update-source [WORD] Set the BGP session to use a specific interface for TCP connections.
Set Address Family Properties

 

network [A.B.C.D/M] Announce BGP on network: A.B.C.D/M, identifies the subnet to advertise.
  no network [A.B.C.D/M] Disable BGP announcements on network A.B.C.D/M.
  bgp network import-check Enabled by default for new BGP configurations configured in Fireware v12.9 or higher. When this setting is enabled, routes created by the network command must be validated before those routes can be advertised to neighbors. If you add a new BGP configuration in Fireware v12.9 or higher, we recommend that you manually disable this setting so BGP peers can learn Firebox routes. To disable this setting, use the command no bgp network import-check.
  no bgp network import-check If your Firebox includes an existing BGP configuration, and you upgrade from Fireware v12.8.x or lower to Fireware v12.9 or higher, the configuration conversion automatically adds the command no bgp network import-check.
  redistribute static Redistribute static routes to BGP.
  redistribute ripng Redistribute RIPng routes to BGP.
  redistribute ospf6 Redistribute OSPFv3 routes to BGP.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] default-originate Announce default route to BGP neighbor [A,B,C,D]. In Fireware v12.5.6 or higher, if the BGP configuration on your Firebox includes this command, and if Link Monitor detects a link failure for all WAN connections, BGP does not announce the default route to neighbors.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] weight 1000 Set a default weight for neighbor's [A.B.C.D] routes.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] distribute-list [LISTNAME] [in|out] Set distribute list and direction for peer.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] route-map [MAPNAME] [in|out] To apply a route map to incoming or outgoing routes.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] filter-list [LISTNAME] [in|out] To match an autonomous system path access list to incoming routes or outgoing routes.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] maximum-prefix [NUMBER]

Set maximum number of prefixes allowed from this neighbor.

 

  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] send-community Set peer send-community.
  neighbor [A.B.C.D|A:B:C:D:E:F:G:H] prefix-list [LISTNAME] [in|out] To apply a prefix list to be matched to incoming advertisements or outgoing advertisements to that neighbor.
Set IPv6 Address Family command mode
  address-family ipv6

Enter the IPv6 address family command mode.

 

neighbor [A:B:C:D:E:F:G:H] activate

The neighbor activate command must be used in the address-family ipv6 mode.

 

network [A:B:C:D:E:F:G:H/M]

This network statement here can replace the “ipv6 bgp network [A:B:C:D:E:F:G:H/M]” command. This works only within the address-family ipv6 mode.

  exit-address-family Exit the IPv6 address family command mode.
Community Lists
  bgp community-list [<1-99>|<100-199>] permit AA:NN Specify community to accept autonomous system number and network number separated by a colon.
Route Reflection
  bgp cluster-id A.B.C.D To configure the cluster ID if the BGP cluster has more than one route reflector.

 

neighbor [W.X.Y.Z|A:B:C:D:E:F:G:H] route-reflector-client To configure the router as a BGP route reflector and configure the specified neighbor as its client.
Access Lists and IP Prefix Lists
  ip prefix-list [PRELIST] permit A.B.C.D/M Set IPv4 prefix list.
  ipv6 prefix-list [PRELIST] [deny|permit] [A:B:C:D:E:F:G:H/M|Any] Set IPv6 prefix list.
  access-list NAME [deny|permit] A.B.C.D/M Set IPv4 access list.
  ipv6 access-list [NAME] [deny|permit] [A:B:C:D:E:F:G:H/M|Any] Set IPv6 access list.
  route-map [MAPNAME] [deny|permit] [N] In conjunction with the "match" and "set" commands, this defines the conditions and actions for redistributing routes.
  match ip address prefix-list [LISTNAME] Match the specified access-list.
  set community [A:B] Set the BGP community attribute.
  match community [N] Match the specified community_list.
  set local-preference [N] Set the preference value for the autonomous system path.
Resource Public Key Infrastructure (RPKI)
  rpki

Enable the Resource Public Key Infrastructure (RPKI) configuration mode.

RPKI is a component of Route Origin Authorization (ROA). ROA verifies whether the origin autonomous system number (AS) of an IP prefix can legitimately announce that IP prefix. RPKI defines how cache servers and routers exchange AS information. BGP routers connect to RPKI cache servers to receive validated prefix-to-origin AS mappings.

For information about how to configure an RPKI cache server, see Configure RPKI Cache Servers in the FRR documentation.

To configure a route map to prefer valid routes over invalid prefixes, see Validating BGP Updates in the FRR documentation.

To see an RPKI configuration example for BGP, see RPKI Configuration Example in the FRR documentation.

For more information about RPKI, see the ARIN documentation.

  rpki polling_period (1–3600)

Set the number of seconds the router waits until the router requests updated data from the cache server.

The default value is 300 seconds.

  rpki cache (A.B.C.D|WORD) PORT [SSH_USERNAME] [SSH_PRIVKEY_PATH] [SSH_PUBKEY_PATH] [KNOWN_HOSTS_PATH] [source A.B.C.D] PREFERENCE Specify the connection information for an RPKI cache server.

Related Topics

About Border Gateway Protocol (BGP)

Configure IPv4 and IPv6 Routing with BGP