GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  BGPQ (8)

NAME

bgpq - generate access-lists for cisco/juniper routers and GateD

CONTENTS

Synopsis
Description
Examples
RPSL Syntax
Formatted Output.
Renewing access-lists whith files
Generating Juniper as-path-groups/prefix-lists
See Also
Diagnostics
Bugs
Author

SYNOPSIS

bgpq [-l name] [-h host] [-p port] [-d] [ -P -| -i -| -o -| -s -| -g -| -e -| -f number | -F format | -G number ] [ -a -| -q ] [ -j -| -J ] [ -b -| -v ] [-S src] objects [...] [EXCEPT objects] bgpq -r filename

DESCRIPTION

The bgpq utility is used to generate cisco access/prefix-lists, cisco as-path access-lists, GateD network filters and Juniper policy-statements (as-path-groups and prefix-lists) based on RADB data.

The options are as follows:
-A try to aggregate routes
-a print all routes uncommented
-b display keys that do not exists in RADB database
-c include commandline in output
-d increase debugging level
-e generate standard access-list
-F format
  generate user-formatted output. See section Formatted Output for details.
-f number
  generate as-path access-list using number as ’starting AS’ (see examples for explanation)
-G number
  generate output as-path access-list using number as ’starting AS’ (see examples for explanation)
-g generate GateD network filter
-H do not print headers to access-list.
-h host
  host with irrd (can be set with IRRD_HOST environment variable)
-i generate input packet filter
-J generate Juniper policy-statements for ’load merge’
-j generate Juniper policy-statements for ’cut-n-paste’
-l name
  name of generated access/prefixlist
-o generate output packet filter
-P generate prefixlist (access-list extended by default)
-p port
  irrd port (43 by default)
-q print only aggreagated routes
-R masklen
  allow more specific routes up to masklen
-r filename
  used to ’recompute’ file.
-s print statistics about
-S source
  use only specified source (RIPE or RADB, for example). There can be more than one source, separated with commas (And not by spaces, please, that makes getopt(3) crazy). Sources can also be set with IRRD_SOURCE enviroinment variable. Default set: RADB,RIPE,APNIC.
-v print nice prompt describing current operation
"objects" mean networks (in prefix aka a.a.a.a/b format), autonomous systems (in ASnnn format) and as-macros (AS-xxxx format). You may also use RPSL format for networks as well.

EXAMPLES


.Lp Generating prefix-list for AS3319 using host sivka as a radb mirror.

bgpq -h sivka AS3319 !generated with bgpq no ip access-list extended UNKNOWN ip access-list extended UNKNOWN permit ip host 194.44.31.0 host 255.255.255.0 permit ip host 194.44.158.0 host 255.255.255.0 permit ip host 194.44.162.0 host 255.255.255.0 permit ip host 194.44.164.0 host 255.255.255.0 permit ip host 194.44.170.0 host 255.255.255.0 permit ip host 194.44.192.0 host 255.255.255.0 permit ip host 194.44.193.0 host 255.255.255.0 permit ip host 194.44.194.0 host 255.255.255.0 permit ip host 194.44.195.0 host 255.255.255.0 permit ip host 194.44.196.0 host 255.255.255.0 permit ip host 194.44.197.0 host 255.255.255.0 permit ip host 194.44.216.0 host 255.255.255.0 permit ip host 195.178.128.0 host 255.255.224.0 ! overlayed by 195.178.128.0/19 in the same AS3319 ! - permit ip host 195.178.136.0 host 255.255.254.0 ! overlayed by 195.178.128.0/19 in the same AS3319 ! - permit ip host 195.178.150.0 host 255.255.255.0 ! overlayed by 195.178.128.0/19 in the same AS3319 ! - permit ip host 195.178.128.0 host 255.255.255.0 ! overlayed by 195.178.128.0/19 in the same AS3319 ! - permit ip host 195.178.130.0 host 255.255.254.0 ! overlayed by 195.178.128.0/19 in the same AS3319 ! - permit ip host 195.178.132.0 host 255.255.255.0 deny ip any any

.Lp As you can see, this access-list includes all unique non-overlapped networks, and those overlapped - commented out. You can use -a to print overlapped routes uncommented or -q to do not print them.
.Lp
Note, that certain routes (e.g. 194.44.192.0/24 and 194.44.193.0/24) can be aggregated, so -A option does this for you:

bgpq -h sivka -qA AS3319 !generated with bgpq no ip access-list extended UNKNOWN ip access-list extended UNKNOWN permit ip host 194.44.31.0 host 255.255.255.0 permit ip host 194.44.158.0 host 255.255.255.0 permit ip host 194.44.162.0 host 255.255.255.0 permit ip host 194.44.164.0 host 255.255.255.0 permit ip host 194.44.170.0 host 255.255.255.0 permit ip 194.44.192.0 0.0.3.0 host 255.255.255.0 permit ip 194.44.196.0 0.0.1.0 host 255.255.255.0 permit ip host 194.44.216.0 host 255.255.255.0 permit ip host 195.178.128.0 host 255.255.224.0 deny ip any any
using quiet and aggregate mode we got more compact access list.
.Lp
Now try to use some RPSL filters - for example to allow any /24 specific from 194.44.0.0/16 block to pass our generated prefix-list:

bgpq -h sivka -APql AS3319-IN AS3319 194.44.0.0/16^24 !generated with bgpq no ip prefix-list AS3319-IN ip prefix-list AS3319-IN permit 194.44.0.0/16 ge 24 le 24 ip prefix-list AS3319-IN permit 195.178.128.0/19
You can see, that the PPSL filter refined all specifics into one string.
.Lp
Another useful feature of bgpq is a possibility to generate as-path access-list s. For generation you need to specify ’starting AS’ number, because it’s not possible to determine it based on RADB data. In next example we will build as-path access-list 88 to filter AS-LUCKY from AS3254 :

bgpq -h sivka -f 3254 -l 88 AS-LUCKY !generated with bgpq no ip as-path access-list 88 ip as-path access-list 88 permit ^3254(_3254)*$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(3319|6876|8192|8258)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(8464|8601|8813|12593)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(12984|13027|13032|13103)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(13107|15458|15461|15595)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(15615|15682|15820|16002)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(16165|16223|16329|20586)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(20754|20790|20839|20949)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(20971|21011|21131|21219)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(21256|21257|21310|21354)$ ip as-path access-list 88 permit ^3254(_[0-9]+)*_(21432|24621|24664|24682)$
I think, this feature is not really useful because this type of filtering is much less strict then extended access-list or prefix-list filtering. For example, in the case of wrongly configured peer router you can get fullview with all routes ’originated’ from peer AS.

RPSL Syntax

The below is just a cite from RFC2622
.Lp
^- is the exclusive more specifics operator; it stands for the more specifics of the address prefix excluding the address prefix itself. For example, 128.9.0.0/16^- contains all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16.
.Lp
^+ is the inclusive more specifics operator; it stands for the more specifics of the address prefix including the address prefix itself. For example, 5.0.0.0/8^+ contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8.
.Lp
^n where n is an integer, stands for all the length n specifics of the address prefix. For example, 30.0.0.0/8^16 contains all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16.
.Lp
^n-m where n and m are integers, stands for all the length n to length m specifics of the address prefix. For example, 30.0.0.0/8^24-32 contains all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.

Formatted Output.


.Lp
In some cases you need to generate configs in non-predefined format. This can be achieved easily with -F format option. The format string consists of conversion specifiers and ordinary characters, while the former are substituted by their meaning, the latter are copied directly as entered. The conversion specifiers are: %r and %n for generated route prefix, %m for mask, %M for inverted mask and %l for prefix length respectively, coming from ’_r_oute’, ’_n_etwork’, ’net_m_ask’ and ’_l_ength’ accordingly). The final linefeed ’\n’ MUST be specified unless you want one line output. Example:

bgpq -h sivka -F "ipfw add pass any from %r:%m to any in via xl1\n" AS3254 !generated with bgpq ipfw add pass any from 62.244.0.0:255.255.192.0 to any in via xl1 ipfw add pass any from 193.124.50.0:255.255.255.0 to any in via xl1 ipfw add pass any from 193.193.192.0:255.255.224.0 to any in via xl1

Renewing access-lists whith files

You can ’renew’ access-list in case of changed AS-macro and so, if they were created with -c (include commandline in output) option, and stored in some file. To renew access-list just use bgpq -r filename , where filename is the location of stored access-list.

Generating Juniper as-path-groups/prefix-lists

There are two options for generate Juniper policy-statements - -j which generates ’scripts’ used to cut and paste them from terminal to juniper and -J which creates configs used to use with ’load merge’ command on juniper.

SEE ALSO

http://www.radb.net/ for information about Routing Arbiter project, http://www.ripe.net/ for information about RIPE NCC, http://www.cisco.com/ for information about Cisco Systems, http://www.gated.org/ for information about GateD Consortium, RFC2622 defines RPSL.

DIAGNOSTICS

When everything is ok, bgpq generates access-list to standard output and exits with status==0. In case of errors they are printed to stderr and program exists with non-zero status.

BUGS

No one known in code (yet ? :) ), many in documentation (English is not my native :( )

AUTHOR

Alexandre Snarskii, <snar@snar.spb.ru>
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.