set protocols bgp ebgp-requires-policy
The set protocols bgp ebgp-requires-policy command determines whether or not EBGP will exchange routes with peers by using a policy.
The delete protocols bgp ebgp-requires-policy command restores the default configuration.
Command Syntax
set protocols bgp [vrf <vrf-name>] ebgp-requires-policy <true | false>
Parameter
Parameter | Description |
vrf <vrf-name> | Optional. Specifies a VRF name. The value is a string. It’s a user-defined VRF set by the command set ip vrf <vrf-name> [description <string>]. |
<true | false> | Enable or disable ebgp-requires-policy. The value could be true or false.
By default, ebgp-requires-policy is enabled. |
Usage Guidelines
Consider creating appropriate route maps and using them rather than disabling the policy check, as using policies is a more secure behavior, and can prevent unintended routes from being exchanged. Function ebgp-requires-policy is introduced and enabled by default.
With this command enable, EBGP will not exchange routes with a neighbor unless there is a route map configured on the address family neighbor entry which matches and permits the routes inbound and outbound. That is, without the incoming filter, no routes will be accepted; without the outgoing filter, no routes will be announced.
NOTE:
- If you do not want to control the route exchanging via use BGP policies, you need to disable this feature manually, or the route cannot be correctly exchanged.
- When ebgp-requires-policy is enabled but the incoming or outgoing filter is missing, the route cannot be correctly updated, additionally a run show bgp neighbor command would indicate in the For address family: block that:
admin@Xorplus# run show bgp neighbor ... For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound updates discarded due to missing policy Outbound updates discarded due to missing policy 0 accepted prefixes ... For address family: IPv6 Unicast Update group 2, subgroup 2 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound updates discarded due to missing policy Outbound updates discarded due to missing policy 0 accepted prefixes
Example
- Configure a BGP route policy “rm1” and enable ebgp-requires-policy to filter the incoming routes by using this policy.
admin@Xorplus# set routing prefix-list ipv4-family plist1 permit prefix 13.13.13.0/24 admin@Xorplus# set routing route-map rm1 order 1 matching-policy permit admin@Xorplus# set routing route-map rm1 order 1 match ipv4-addr address prefix-list plist1 admin@Xorplus# set protocols bgp neighbor 192.168.170.1 ipv4-unicast in route-map rm1 admin@Xorplus# set protocols bgp ebgp-requires-policy true admin@Xorplus# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.