set protocols bgp ebgp-requires-policy

Owned by Tracy Yang (Unlicensed)
Apr 26, 2023
2 min read

The set protocols bgp ebgp-requires-policy command determines whether or not EBGP will exchange routes with peers by using a policy.

The delete protocols bgp ebgp-requires-policy command restores the default configuration.


Command Syntax

set protocols bgp [vrf <vrf-name>ebgp-requires-policy <true | false>


Parameter

Parameter

Description

vrf <vrf-name>

Optional. Specifies a VRF name. The value is a string. It’s a user-defined VRF set by the command set ip vrf <vrf-name> [description <string>].

<true | false>

Enable or disable ebgp-requires-policy. The value could be true or false.

  • true: Enable ebgp-requires-policy.
  • false: Disable ebgp-requires-policy.

By default, ebgp-requires-policy is enabled.


Usage Guidelines

Consider creating appropriate route maps and using them rather than disabling the policy check, as using policies is a more secure behavior, and can prevent unintended routes from being exchanged. Function ebgp-requires-policy is introduced and enabled by default.

With this command enable, EBGP will not exchange routes with a neighbor unless there is a route map configured on the address family neighbor entry which matches and permits the routes inbound and outbound. That is, without the incoming filter, no routes will be accepted; without the outgoing filter, no routes will be announced.

NOTE:

  • If you do not want to control the route exchanging via use BGP policies, you need to disable this feature manually, or the route cannot be correctly exchanged.
  • When ebgp-requires-policy is enabled but the incoming or outgoing filter is missing, the route cannot be correctly updated, additionally a run show bgp neighbor command would indicate in the For address family: block that:
admin@Xorplus# run show bgp neighbor
...
For address family: IPv4 Unicast
  Update group 1, subgroup 1
  Packet Queue length 0
  Community attribute sent to this neighbor(all)
  Inbound updates discarded due to missing policy
  Outbound updates discarded due to missing policy
  0 accepted prefixes
...
For address family: IPv6 Unicast
  Update group 2, subgroup 2
  Packet Queue length 0
  Community attribute sent to this neighbor(all)
  Inbound updates discarded due to missing policy
  Outbound updates discarded due to missing policy
  0 accepted prefixes


Example

  • Configure a BGP route policy “rm1” and enable ebgp-requires-policy to filter the incoming routes by using this policy.
admin@Xorplus# set routing prefix-list ipv4-family plist1 permit prefix 13.13.13.0/24
admin@Xorplus# set routing route-map rm1 order 1 matching-policy permit
admin@Xorplus# set routing route-map rm1 order 1 match ipv4-addr address prefix-list plist1
admin@Xorplus# set protocols bgp neighbor 192.168.170.1 ipv4-unicast in route-map rm1
admin@Xorplus# set protocols bgp ebgp-requires-policy true
admin@Xorplus# commit



Copyright © 2024 Pica8 Inc. All Rights Reserved.