set protocols bgp ebgp-requires-policy

The set protocols bgp ebgp-requires-policy command determines whether or not EBGP will exchange routes with peers by using a policy.

The delete protocols bgp ebgp-requires-policy command restores the default configuration.

Command Syntax

set protocols bgp [vrf <vrf-name>] ebgp-requires-policy <true | false>

Parameter

Parameter

Description

vrf <vrf-name>

Optional. Specifies a VRF name. The value is a string. It’s a user-defined VRF set by the command set ip vrf <vrf-name> [description <string>].

<true | false>

Enable or disable ebgp-requires-policy. The value could be true or false.

true: Enable ebgp-requires-policy.
false: Disable ebgp-requires-policy.

By default, ebgp-requires-policy is enabled.

Usage Guidelines

Consider creating appropriate route maps and using them rather than disabling the policy check, as using policies is a more secure behavior, and can prevent unintended routes from being exchanged. Function ebgp-requires-policy is introduced and enabled by default.

With this command enable, EBGP will not exchange routes with a neighbor unless there is a route map configured on the address family neighbor entry which matches and permits the routes inbound and outbound. That is, without the incoming filter, no routes will be accepted; without the outgoing filter, no routes will be announced.

NOTE:

If you do not want to control the route exchanging via use BGP policies, you need to disable this feature manually, or the route cannot be correctly exchanged.
When ebgp-requires-policy is enabled but the incoming or outgoing filter is missing, the route cannot be correctly updated, additionally a run show bgp neighbor command would indicate in the For address family: block that:

admin@Xorplus# run show bgp neighbor
...
For address family: IPv4 Unicast
  Update group 1, subgroup 1
  Packet Queue length 0
  Community attribute sent to this neighbor(all)
  Inbound updates discarded due to missing policy
  Outbound updates discarded due to missing policy
  0 accepted prefixes
...
For address family: IPv6 Unicast
  Update group 2, subgroup 2
  Packet Queue length 0
  Community attribute sent to this neighbor(all)
  Inbound updates discarded due to missing policy
  Outbound updates discarded due to missing policy
  0 accepted prefixes

Example

Configure a BGP route policy “rm1” and enable ebgp-requires-policy to filter the incoming routes by using this policy.

admin@Xorplus# set routing prefix-list ipv4-family plist1 permit prefix 13.13.13.0/24
admin@Xorplus# set routing route-map rm1 order 1 matching-policy permit
admin@Xorplus# set routing route-map rm1 order 1 match ipv4-addr address prefix-list plist1
admin@Xorplus# set protocols bgp neighbor 192.168.170.1 ipv4-unicast in route-map rm1
admin@Xorplus# set protocols bgp ebgp-requires-policy true
admin@Xorplus# commit