A Peer template is a pattern, a model that can be used to facilitate the management of BGP peer configuration. Templates are much more flexible than Peer-group because of the concept of inheritance, in which a common template can be inherited by more specific templates according to a hierarchical scheme.
Two types of templates are available: peer-session templates for session establishment and peer-policy templates for prefix advertisement policies.
Without a prior good planning, peer-templates can turn into a mess, the key is to organize commands by groups from the most common (at the root and nodes of the tree) to the most specific (towards leaves).
Each template in the tree can be applied directly as a configuration pattern for a BGP peer or inherited by an more specific template for more granularity(Figure1).
Figure1: Tree of inheritance
Figure 2 illustrates the topology used to deploy peer-templates: ISPA (AS 56000) connects five customers (AS 56501, 56502, 56503, 56504 and 56505), ISPA is connected in its turn to an upstream ISPB (AS 55000).
Figure2: Topology
The hypothetical policy requirements are as follows:
* One inbound policy is common to all clients, so the root template in the hierarchy of inheritance will contain common policy commands to all categories:
- Receive only Customer prefixes.
- ISPA accept maximum 2 prefixes from each client.
* Outbound policies on ISPA to clients are organized in three categories:
1- Policy1 – Advertise only the default route: “Default_Only” template.
2- Policy2 – Advertise the default route and only ISPA (direct upstream) routes: “Default_n_Local” template.
3- Policy3 – Advertise full BGP (ISPA, ISPB and other clients prefixes): “Full_BGP” template.
The following table resumes the policies and common configurations between ISPA and its downstream customers :
Table 1: configuration and policies
|
|
|
R1-ISPA |
R2-ISPA |
R3-ISPA |
R4-ISPA |
R5-ISPA |
|
|
Session |
BGP version & timers |
x |
|||||
|
Direct interface eBGP |
|
|
x |
|
x |
||
|
eBGP between loopback interfaces : - set eBGP TTL to 2 - specify loopback as source of updates |
|
x |
|
x |
|
||
|
Policy |
Outbound policy |
Policy 1 (Only default route) |
x |
x |
|
|
|
|
Policy 2 (default route + ISPA local networks) |
|
|
x |
x |
|
||
|
Policy 3 (Full BGP) |
|
|
|
|
x |
||
|
Inbound policy |
Policy 4 Accept only customer prefixes (max 2). |
x |
|||||
|
|
description |
own |
own |
own |
own |
own |
|
Configuring Peer-Session Template
Let’s start by configuring BGP sessions with customers.
Under BGP configuration mode ,templates are designed according to table1:
ISPA:
|
template peer-session Common_Session_Config version 4 timers 30 90 exit-peer-session |
This template is common to all sessions and considered as the root peer-session template.
|
template peer-session Indirect_eBGP ebgp-multihop 2 update-source Loopback0 inherit peer-session Common_Session_Config exit-peer-session |
This one inherit commands from the “Common_Session_Config” template in addition to its own commands.
|
ISPA#sh ip bgp template peer-session Template:Common_Session_Config, index:1 Local policies:0×22, Inherited polices:0×0 *Inherited by Template Indirect_eBGP, index= 2 Locally configured session commands: version 4 timers 30 90 Inherited session commands:
Template:Indirect_eBGP, index:2 Local policies:0×88, Inherited polices:0×22 This template inherits: Common_Session_Config index:1 flags:0×0 Locally configured session commands: ebgp-multihop 2 update-source Loopback0 Inherited session commands: version 4 timers 30 90
ISPA# |
Now each neighbor will just inherit the template and apply included commands:
|
router bgp 56000 neighbor 1.1.1.1 remote-as 56501 neighbor 1.1.1.1 inherit peer-session Indirect_eBGP
neighbor 2.2.2.2 remote-as 56502 neighbor 2.2.2.2 inherit peer-session Indirect_eBGP
neighbor 4.4.4.4 remote-as 56504 neighbor 4.4.4.4 inherit peer-session Indirect_eBGP
neighbor 10.1.12.2 remote-as 56503 neighbor 10.1.12.2 inherit peer-session Common_Session_Config
neighbor 10.1.20.2 remote-as 56505 neighbor 10.1.20.2 inherit peer-session Common_Session_Config |
BGP sessions are built according to applied templates:
|
ISPA#sh ip bgp summ BGP router identifier 100.1.1.1, local AS number 56000 BGP table version is 7, main routing table version 7 6 network entries using 702 bytes of memory 6 path entries using 312 bytes of memory 7/6 BGP path/bestpath attribute entries using 868 bytes of memory 5 BGP AS-PATH entries using 120 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 2002 total bytes of memory BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 1.1.1.1 4 56501 26 31 7 0 0 00:10:39 1 2.2.2.2 4 56502 12 18 7 0 0 00:04:11 0 4.4.4.4 4 56504 7 12 7 0 0 00:01:15 1 10.1.12.2 4 56503 7 12 7 0 0 00:02:48 1 10.1.20.2 4 56505 5 10 7 0 0 00:00:29 1 200.2.2.2 4 55000 34 39 7 0 0 00:30:36 1 ISPA# |
|
ISPA(config-router)#do sh ip bgp BGP table version is 11, local router ID is 100.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 1.1.1.1 0 0 56501 i *> 11.0.0.0/24 1.1.1.1 0 0 56501 i *> 12.0.0.0/24 1.1.1.1 0 0 56501 i *> 13.0.0.0/24 1.1.1.1 0 0 56501 i *> 20.0.0.0/24 2.2.2.2 0 0 56502 i *> 30.0.0.0/24 10.1.12.2 0 0 56503 i *> 40.0.0.0/24 4.4.4.4 0 0 56504 i *> 50.0.0.0/24 10.1.20.2 0 0 56505 i *> 55.55.0.0/16 200.2.2.2 0 0 55000 i *> 56.56.0.0/16 0.0.0.0 0 32768 i ISPA(config-router)# |
Without any policy applied client routers R1, R2, R3, R4 and R5 receive all prefixes (equivalent of full BGP) as shown in the following routing table of R1:
|
R1#sh ip bgp BGP table version is 11, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 0.0.0.0 0 32768 i *> 11.0.0.0/24 0.0.0.0 0 32768 i *> 12.0.0.0/24 0.0.0.0 0 32768 i *> 13.0.0.0/24 0.0.0.0 0 32768 i *> 20.0.0.0/24 100.1.1.1 0 56000 56502 i *> 30.0.0.0/24 100.1.1.1 0 56000 56503 i *> 40.0.0.0/24 100.1.1.1 0 56000 56504 i *> 50.0.0.0/24 100.1.1.1 0 56000 56505 i *> 55.55.0.0/16 100.1.1.1 0 56000 55000 i *> 56.56.0.0/16 100.1.1.1 0 0 56000 i R1# |
Peer-policy Template configuration
ISPA:
|
ip as-path access-list 10 permit ^([0-9]+)$
router bgp 56000 template peer-policy Common_Policy_Config filter-list 10 in maximum-prefix 2 exit-peer-policy |
|
ip prefix-list NOTHING_plist seq 5 deny 0.0.0.0/0 le 32
router bgp 56000 template peer-policy Default_Only prefix-list NOTHING_plist out default-originate exit-peer-policy |
|
ip as-path access-list 20 permit ^$
router bgp 56000 template peer-policy Default_n_Local filter-list 20 out default-originate inherit peer-policy Common_Policy_Config 10 exit-peer-policy |
|
access-list 11 permit any
route-map Full_BGP_rmap permit 10 match ip address 11
router bgp 56000 template peer-policy Full_BGP route-map Full_BGP_rmap out inherit peer-policy Common_Policy_Config 10 exit-peer-policy |
|
ISPA#sh ip bgp template peer-policy Template:Default_Only, index:2. Local policies:0×480, Inherited polices:0×0 Locally configured policies: prefix-list NOTHING_plist out default-originate route-map none Inherited policies:
Template:Common_Policy_Config, index:1. Local policies:0×80004, Inherited polices:0×0 *Inherited by Template Default_n_Local, index:3 *Inherited by Template Full_BGP, index:4 Locally configured policies: filter-list 10 in maximum-prefix 2 Inherited policies:
Template:Default_n_Local, index:3. Local policies:0×408, Inherited polices:0×80004 This template inherits: Common_Policy_Config, index:1, seq_no:10, flags:0×408 Locally configured policies: filter-list 20 out default-originate route-map none Inherited policies: filter-list 10 in maximum-prefix 2
Template:Full_BGP, index:4. Local policies:0×2, Inherited polices:0×80004 This template inherits: Common_Policy_Config, index:1, seq_no:10, flags:0×2 Locally configured policies: route-map Full_BGP_rmap out Inherited policies: filter-list 10 in maximum-prefix 2
ISPA# |
Apply peer-policy-template
ISPA:
|
router bgp 56000 neighbor 1.1.1.1 inherit peer-policy Default_Only neighbor 2.2.2.2 inherit peer-policy Default_Only neighbor 4.4.4.4 inherit peer-policy Default_n_Local neighbor 10.1.12.2 inherit peer-policy Default_n_Local neighbor 10.1.20.2 inherit peer-policy Full_BGP |
R1 (1.1.1.1) and R2 (2.2.2.2) will receive only default route from ISPA.
R3 (10.1.12.2) and R4 (4.4.4.4) will receive default route and ISPA prefixes.
R5 will receive all routes (full BGP).
|
ISPA#clear ip bgp * |
R1: (After applying peer-policy template on ISPA)
|
R1#sh ip bgp BGP table version is 48, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 100.1.1.1 0 0 56000 i *> 10.0.0.0/24 0.0.0.0 0 32768 i *> 11.0.0.0/24 0.0.0.0 0 32768 i R1# |
R2: (After applying peer-policy template on ISPA)
|
R2#sh ip bgp BGP table version is 55, local router ID is 20.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 100.1.1.1 0 0 56000 i *> 20.0.0.0/24 0.0.0.0 0 32768 i R2# |
R3: (After applying peer-policy template on ISPA)
|
R3#sh ip bgp BGP table version is 20, local router ID is 30.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 10.1.12.1 0 0 56000 i *> 30.0.0.0/24 0.0.0.0 0 32768 i *> 56.56.0.0/16 10.1.12.1 0 0 56000 i R3# |
R4: (After applying peer-policy template on ISPA)
|
R4#sh ip bgp BGP table version is 4, local router ID is 40.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 100.1.1.1 0 0 56000 i *> 40.0.0.0/24 0.0.0.0 0 32768 i *> 56.56.0.0/16 100.1.1.1 0 0 56000 i R4# |
R5: (After applying peer-policy template on ISPA)
|
R5#sh ip bgp BGP table version is 8, local router ID is 50.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 10.1.20.1 0 56000 56501 i *> 20.0.0.0/24 10.1.20.1 0 56000 56502 i *> 30.0.0.0/24 10.1.20.1 0 56000 56503 i *> 40.0.0.0/24 10.1.20.1 0 56000 56504 i *> 50.0.0.0/24 0.0.0.0 0 32768 i *> 55.55.0.0/16 10.1.20.1 0 56000 55000 i *> 56.56.0.0/16 10.1.20.1 0 0 56000 i R5# |
And R5 has received the full BGP routing table.
