Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BGPQ3(8)		FreeBSD	System Manager's Manual		      BGPQ3(8)

NAME
     bgpq3 -- bgp filtering automation for cisco and juniper routers

SYNOPSIS
     bgpq3 [-h host[:port]] [-S	sources] [-EPz]	[-f asn	| -F fmt | -G asn -t]
	   [-2346ABbDdJjNnsXU] [-a asn]	[-r len] [-R len] [-m max] [-W len]
	   OBJECTS [...] [EXCEPT OBJECTS]

DESCRIPTION
     The bgpq3 utility used to generate	Cisco and Juniper prefix-lists,	ex-
     tended access-lists, policy-statement terms and as-path lists based on
     RADB data.

     The options are as	follows:

     -2	     accept routes registered for as23456 (transition-as) (default:
	     false)

     -3	     assume that your device is	asn32-safe.

     -4	     generate IPv4 prefix/access-lists (default).

     -6	     generate IPv6 prefix/access-lists (IPv4 by	default).

     -A	     try to aggregate prefix-lists as much as possible (not all	output
	     formats supported).

     -a	asn  specify what asn shall be denied in case of empty prefix-list
	     (OpenBGPD)

     -B	     generate output in	OpenBGPD format	(default: Cisco)

     -b	     generate output in	BIRD format (default: Cisco).

     -d	     enable some debugging output.

     -D	     use asdot notation	for Cisco as-path access-lists.

     -E	     generate extended access-list (Cisco), policy-statement term us-
	     ing route-filters (Juniper), [ip|ipv6]-prefix-list	(Nokia)	or
	     prefix-sets (OpenBGPd).

     -f	number
	     generate input as-path access-list.

     -F	fmt  generate output in	user-defined format.

     -G	number
	     generate output as-path access-list.

     -h	host[:port]
	     host running IRRD database	(default: whois.radb.net).

     -J	     generate config for Juniper (default: Cisco).

     -j	     generate output in	JSON format (default: Cisco).

     -l	name
	     name of generated entry.

     -L	limit
	     limit recursion depth when	expanding as-sets.

     -m	len  maximum prefix-length of accepted prefixes	(default: 32 for IPv4
	     and 128 for IPv6).

     -M	match
	     extra match conditions for	Juniper	route-filters.

     -n	     generate config for Nokia SR OS MD-CLI (Cisco IOS by default)

     -N	     generate config for Nokia SR OS classic CLI (Cisco	IOS by de-
	     fault).

     -p	     accept routes registered for private ASNs (default: disabled)

     -P	     generate prefix-list (default, backward compatibility).

     -r	len  allow more	specific routes	starting with specified	masklen	too.

     -R	len  allow more	specific routes	up to specified	masklen	too.

     -s	     generate sequence numbers in IOS-style prefix-lists.

     -S	sources
	     use specified sources only	(recommended: RADB,RIPE,APNIC).

     -t	     generate as-sets for OpenBGPD (OpenBSD 6.4+), BIRD	and JSON for-
	     mats.

     -T	     disable pipelining.

     -W	len  generate as-path strings of no more than len items	(use 0 for in-
	     ifinity).

     -U	     generate config for Huawei	devices	(Cisco IOS by default)

     -X	     generate config for Cisco IOS XR devices (plain IOS by default).

     -z	     generate route-filter-lists (JunOS	16.2+).

     OBJECTS
	     means networks (in	prefix format),	autonomous systems, as-sets
	     and route-sets.

     EXCEPT OBJECTS
	     those objects will	be excluded from expansion.

EXAMPLES
     Generating	named juniper prefix-filter for	AS20597:
     ~>bgpq3 -Jl eltel AS20597
     policy-options {
     replace:
      prefix-list eltel	{
	 81.9.0.0/20;
	 81.9.32.0/20;
	 81.9.96.0/20;
	 81.222.128.0/20;
	 81.222.192.0/18;
	 85.249.8.0/21;
	 85.249.224.0/19;
	 89.112.0.0/19;
	 89.112.4.0/22;
	 89.112.32.0/19;
	 89.112.64.0/19;
	 217.170.64.0/20;
	 217.170.80.0/20;
      }
     }

     For Cisco we can use aggregation (-A) flag	to make	this prefix-filter
     more compact:
     ~>bgpq3 -Al eltel AS20597
     no	ip prefix-list eltel
     ip	prefix-list eltel permit 81.9.0.0/20
     ip	prefix-list eltel permit 81.9.32.0/20
     ip	prefix-list eltel permit 81.9.96.0/20
     ip	prefix-list eltel permit 81.222.128.0/20
     ip	prefix-list eltel permit 81.222.192.0/18
     ip	prefix-list eltel permit 85.249.8.0/21
     ip	prefix-list eltel permit 85.249.224.0/19
     ip	prefix-list eltel permit 89.112.0.0/18 ge 19 le	19
     ip	prefix-list eltel permit 89.112.4.0/22
     ip	prefix-list eltel permit 89.112.64.0/19
     ip	prefix-list eltel permit 217.170.64.0/19 ge 20 le 20
     - you see,	prefixes 89.112.0.0/19 and 89.112.32.0/19 now aggregated into
     single entry 89.112.0.0/18	ge 19 le 19.

     Well, for Juniper we can generate even more interesting policy-options,
     using -M <extra match conditions>,	-R <len> and hierarchical names:
     ~>bgpq3 -AJEl eltel/specifics -r 29 -R 32 -M "community blackhole"	AS20597
     policy-options {
      policy-statement eltel {
       term specifics {
     replace:
	from {
	 community blackhole;
	 route-filter 81.9.0.0/20 prefix-length-range /29-/32;
	 route-filter 81.9.32.0/20 prefix-length-range /29-/32;
	 route-filter 81.9.96.0/20 prefix-length-range /29-/32;
	 route-filter 81.222.128.0/20 prefix-length-range /29-/32;
	 route-filter 81.222.192.0/18 prefix-length-range /29-/32;
	 route-filter 85.249.8.0/21 prefix-length-range	/29-/32;
	 route-filter 85.249.224.0/19 prefix-length-range /29-/32;
	 route-filter 89.112.0.0/17 prefix-length-range	/29-/32;
	 route-filter 217.170.64.0/19 prefix-length-range /29-/32;
	}
       }
      }
     }
     generated policy-option term now allows all specifics with	prefix-length
     between /29 and /32 for eltel networks if they match with special commu-
     nity blackhole (defined elsewhere in configuration).

     Of	course,	this version supports IPv6 (-6):
     ~>bgpq3 -6l as-retn-6 AS-RETN6
     no	ipv6 prefix-list as-retn-6
     ipv6 prefix-list as-retn-6	permit 2001:7fb:fe00::/48
     ipv6 prefix-list as-retn-6	permit 2001:7fb:fe01::/48
     [....]
     and support for ASN 32 is also here
     ~>bgpq3 -J3f 112 AS-SPACENET
     policy-options {
     replace:
      as-path-group NN {
       as-path a0 "^112(112)*$";
       as-path a1 "^112(.)*(1898|5539|8495|8763|8878|12136|12931|15909)$";
       as-path a2 "^112(.)*(21358|23456|23600|24151|25152|31529|34127|34906)$";
       as-path a3 "^112(.)*(35052|41720|43628|44450|196611)$";
      }
     }
     see AS196611 in the end of	the list ? That's AS3.3	in 'asplain' notation.

     For non-ASN32 capable routers you should not use switch -3, and the re-
     sult will be next:
     ~>bgpq3 -f	112 AS-SPACENET
     no	ip as-path access-list NN
     ip	as-path	access-list NN permit ^112(_112)*$
     ip	as-path	access-list NN permit ^112(_[0-9]+)*_(1898|5539|8495|8763)$
     ip	as-path	access-list NN permit ^112(_[0-9]+)*_(8878|12136|12931|15909)$
     ip	as-path	access-list NN permit ^112(_[0-9]+)*_(21358|23456|23600|24151)$
     ip	as-path	access-list NN permit ^112(_[0-9]+)*_(25152|31529|34127|34906)$
     ip	as-path	access-list NN permit ^112(_[0-9]+)*_(35052|41720|43628|44450)$

     AS196611 is no more in the	list, however, AS23456 (transition AS) would
     be	added to list if it were not present.

USER-DEFINED FORMAT
     If	you want to generate configuration not for routers, but	for some other
     programs/systems, you may use user-defined	formatting, like in example
     below:
     user@host:~>bgpq3 -F "ipfw	add pass all from %n/%l	to any\n" as3254
     ipfw add pass all from 62.244.0.0/18 to any
     ipfw add pass all from 91.219.29.0/24 to any
     ipfw add pass all from 91.219.30.0/24 to any
     ipfw add pass all from 193.193.192.0/19 to	any

     Recognized	format characters: %n -	network, %l - mask length, %N -	object
     name, %m -	object mask and	%i - inversed mask.  Recognized	escape charac-
     ters: \n -	new line, \t - tabulation.  Please note	that no	new lines in-
     serted automatically after	each sentence, you have	to add them into for-
     mat string	manually, elsewhere output will	be in one line (sometimes it
     makes sense):
     user@host:~>bgpq3 -6F "%n/%l; " as-eltel
     2001:1b00::/32; 2620:4f:8000::/48;	2a04:bac0::/29;	2a05:3a80::/48;

DIAGNOSTICS
     When everything is	OK, bgpq3 generates access-list	to standard output and
     exits with	status == 0.  In case of errors	they are printed to stderr and
     program exits with	non-zero status.

SEE ALSO
     http://www.radb.net/ Routing Arbiter project
     http://tools.ietf.org/html/draft-michaelson-4byte-as-representation-05
     for information on	'asdot'	and 'asplain' notations.
     http://www.cisco.com/en/US/docs/ios/12_0s/release/ntes/120SNEWF.html#wp3521658
     for information on	Cisco implementation of	ASN32.

AUTHOR
     Alexandre Snarskii	<snar@snar.spb.ru>

FreeBSD	13.0			 Oct 27, 2008			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | USER-DEFINED FORMAT | DIAGNOSTICS | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=bgpq3&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help