2
0
mirror of https://github.com/opnsense/docs synced 2024-11-18 21:28:29 +00:00
opensense-docs/source/manual/how-tos/dynamicrouting_bgp.rst
2020-11-13 08:38:04 +01:00

127 lines
7.0 KiB
ReStructuredText

====================
Dynamic Routing: BGP
====================
.. Note::
Since OPNsense version 20.7 the frr package was updated to version 7,
which requires an eBGP outbound policy by default. The requirement was
disabled but it is strongly advised to use a prefix-list and filter
your networks to your outbound neighbors.
-------------
Configuration
-------------
The following tables describe the most used configurations.
General:
====================== =======================================================================
Setting Description
====================== =======================================================================
Enable Enables the BGP daemon
BGP AS Number The internal AS number
Router ID Router ID this system is uses for communication with other peers
Network A list of local networks to announce. With frr version 6 this setting
and an additional Null-Route was enough to announce the networks
Now it is advised to add a prefix-list and link it in neighbor config
Route Redistribution Allows to redistribute additional routes (static, kernel, OSPF etc.)
into the BGP process. Usually this is only used with OSPF but also
available here
====================== =======================================================================
Neighbors:
========================= ===================================================================
Setting Description
========================= ===================================================================
Enable Enables the neighbor config
Description Give a description for documentation when many neighbors are used
Peer IP The IP address of the neighbor
Remote AS Remote AS where this neighbor belongs to. For iBGP this has to be
the same number as in General tab
Update-Source Interface Interface name nearest to the peer, usually WAN for eBGP and LAN
for iBGP
Next-Hop-Self Enable this option if this is an iBGP neighbor
Multi-Hop When the neighbor is not directly connected enable this option
BGP packets usually have a TTL of 1 and would get lost otherwise
Send Defaultroute Enable this option to send the neighbor itself as default gateway
Prefix-List Match against linked prefix-list and direction of in and out
To advertise a network to neighbor it would be direction out
To filter out specific networks advertised by peer it would be in
Route-Map Same as prefix-list but used with route-maps. Route-maps are more
powerful compared to prefix-list but also more complex
========================= ===================================================================
AS Path Lists:
============= ===================================================================
Setting Description
============= ===================================================================
Enable Enables the list entry
Description Give a description for documentation when many entries are used
Number The ACL rule number (10-99); keep in mind that there are no
sequence numbers with AS-Path lists. When you want to add a
new line between you have to completely remove the ACL
Action Permit or Deny for this list. This can also be done via route-map
AS A regular expression to match for AS Paths like *.$*. This is
typically used for path prepending
============= ===================================================================
Prefix Lists:
================= ===================================================================
Setting Description
================= ===================================================================
Enable Enables the list entry
Name Prefix Lists are named lists so they are not grouped by a number
Description Give a description for documentation when many entries are used
Sequence Number Multiple rules can belong to a named list. With the squence
number the ordering is done (top to bottom)
Action Permit or Deny for this list. This can also be done via route-map
Network The network pattern to match. It is also possible to add "ge" or
"le" additions after the network statement. Usually this is used
to announce the local network or maybe to decline specific routes
from a neighbor
================= ===================================================================
Community Lists:
================= ===================================================================
Setting Description
================= ===================================================================
Enable Enables the list entry
Number Prefix Lists are numbered lists so they are not grouped by a name
Description Give a description for documentation when many entries are used
Sequence Number Multiple rules can belong to a named list. With the squence
number the ordering is done (top to bottom)
Action Permit or Deny for this list. This can also be done via route-map
Community The BGP communities attribute is widely used for implementing
policy routing. Network operators can manipulate BGP communities
attribute based on network policy
================= ===================================================================
Route Maps:
============= =================================================================
Setting Description
============= =================================================================
Enable Enables the list entry
Description Give a description for documentation when many entries are used
Name Route Maps are named lists so they are not grouped by a number
Action Permit or Deny for this list
ID Multiple rules can belong to a route-map. With the ID the
ordering is done (top to bottom)
AS Path A linked AS Path to match against
Prefix List A linked Prefix List to match against
Community A linked Community List to match against
Set Via the set statement the specified matches can be manipulated.
There are many options to set communities, change the local
preference for gateway selection or use metrics for MED (Multi
Exit Descriminator)
============= =================================================================
Here you can find a couple of examples:
http://docs.frrouting.org/en/latest/bgp.html#miscellaneous-configuration-examples