Esse artigo foi homologado no equipamento CCR2116-12G-4S+, na versão v7.18.2, o uso em uma versão diferente pode não resultar da mesma forma.
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::PREPEND-GLOBAL disabled=yes rule="set bgp-path-prepend 1"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::MED rule="set bgp-med 0"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::EXPORT-GERAL rule="if (bgp-communities includes 990:100) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::EXPORT-TRANSITO rule="if (bgp-communities includes 990:101) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1 rule="if (bgp-communities includes 991:100) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1-PREPEND+1 rule="if (bgp-communities includes 991:101) {set bgp-path-prepend 2; accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1-PREPEND+2 rule="if (bgp-communities includes 991:102) {set bgp-path-prepend 3; accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1-PREPEND+3 rule="if (bgp-communities includes 991:103) {set bgp-path-prepend 4; accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT comment=!::PREPEND disabled=yes rule="set bgp-path-prepend 1"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.0.0/22) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.0.0/23) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.2.0/23) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.0.0/24) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.1.0/24) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.2.0/24) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-EXPORT disabled=yes rule="if (dst == 99.70.3.0/24) {accept}"
#
| Community |
Descrição |
| 991:100 |
EXPORT-1-UPSTREAM-PEER1 |
| 991:101 |
EXPORT-1-UPSTREAM-PEER1-PREPEND+1 |
| 991:102 |
EXPORT-1-UPSTREAM-PEER1-PREPEND+2 |
| 991:103 |
EXPORT-1-UPSTREAM-PEER1-PREPEND+3 |
| 991:200 |
IMPORT-1-UPSTREAM-PEER1 |
| Local Pref |
Tipo do peer |
| 1100 |
IBGP |
| 1000 |
Cliente |
| 900 |
CDN |
| 800 |
IX/PNI |
| 700 |
Trânsito |
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-IMPORT comment=!::DESCARTE-GENERICO disabled=no rule="if (dst in 10.0.0.0/8) {reject}\
\nif (dst in 100.64.0.0/10) {reject}\
\nif (dst in 127.0.0.0/8) {reject}\
\nif (dst in 169.254.0.0/16) {reject}\
\nif (dst in 172.16.0.0/12) {reject}\
\nif (dst in 192.0.0.0/24) {reject}\
\nif (dst in 192.0.2.0/24) {reject}\
\nif (dst in 192.88.99.0/24) {reject}\
\nif (dst in 192.168.0.0/16) {reject}\
\nif (dst in 198.18.0.0/15) {reject}\
\nif (dst in 198.51.100.0/24) {reject}\
\nif (dst in 203.0.113.0/24) {reject}\
\nif (dst in 240.0.0.0/4) {reject}\
\nif (dst == 0.0.0.0 && dst-len > 25) {reject;}\
\nif (dst == 0.0.0.0 && dst-len > 1 && dst-len < 7) {reject;}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-IMPORT comment=!::LOCAL-PREF disabled=no rule="set bgp-local-pref 700"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-IMPORT comment=!::COMMUNITIES-INFORMATIVAS disabled=no rule="append bgp-communities 990:200,990:201,991:200"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-IMPORT comment=!::DESCARTE-PREFIXO disabled=no rule="if (dst == 192.0.2.254/32) {reject}\
\nif (dst == 192.0.2.253/32) {reject}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-IMPORT comment=!::DESCARTE-ASPATH disabled=no rule="if (bgp-as-path .65534.) {reject}\
\nif (bgp-as-path .65533.) {reject}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V4-IMPORT comment=!::ROTA-DEFAULT disabled=no rule="if (dst == 0.0.0.0/0) {accept}"
#
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::PREPEND-GLOBAL disabled=yes rule="set bgp-path-prepend 1"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::MED rule="set bgp-med 0"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::EXPORT-GERAL rule="if (bgp-communities includes 990:100) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::EXPORT-TRANSITO rule="if (bgp-communities includes 990:101) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1 rule="if (bgp-communities includes 991:100) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1-PREPEND+1 rule="if (bgp-communities includes 991:101) {set bgp-path-prepend 2; accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1-PREPEND+2 rule="if (bgp-communities includes 991:102) {set bgp-path-prepend 3; accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::EXPORT-1-UPSTREAM-PEER1-PREPEND+3 rule="if (bgp-communities includes 991:103) {set bgp-path-prepend 4; accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT comment=!::PREPEND disabled=yes rule="set bgp-path-prepend 1"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70::/32) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70::/33) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70:8000::/33) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70::/34) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70:4000::/34) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70:8000::/34) {accept}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-EXPORT disabled=yes rule="if (dst == 99:70:c000::/34) {accept}"
#
| Community |
Descrição |
| 991:100 |
EXPORT-1-UPSTREAM-PEER1 |
| 991:101 |
EXPORT-1-UPSTREAM-PEER1-PREPEND+1 |
| 991:102 |
EXPORT-1-UPSTREAM-PEER1-PREPEND+2 |
| 991:103 |
EXPORT-1-UPSTREAM-PEER1-PREPEND+3 |
| 991:200 |
IMPORT-1-UPSTREAM-PEER1 |
| Local Pref |
Tipo do peer |
| 1100 |
IBGP |
| 1000 |
Cliente |
| 900 |
CDN |
| 800 |
IX/PNI |
| 700 |
Trânsito |
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-IMPORT comment=!::DESCARTE-GENERICO disabled=no rule="if (dst in ::/128) {reject}\
\nif (dst in ::1/128) {reject}\
\nif (dst in ::ffff:0:0/96) {reject}\
\nif (dst in ::ffff:0:0:0/96) {reject}\
\nif (dst in 64:ff9b::/96) {reject}\
\nif (dst in 64:ff9b:1::/96) {reject}\
\nif (dst in 100::/64) {reject}\
\nif (dst in 2001:0::/32) {reject}\
\nif (dst in 2001:20::/48) {reject}\
\nif (dst in 2001:db8::/32) {reject}\
\nif (dst in 2002::/16) {reject}\
\nif (dst in fc00::/7) {reject}\
\nif (dst in fe80::/10) {reject}\
\nif (dst in ff00::/8) {reject}\
\nif (dst == ::/0 && dst-len > 49) {reject;}\
\nif (dst == ::/0 && dst-len > 1 && dst-len < 7) {reject;}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-IMPORT comment=!::LOCAL-PREF disabled=no rule="set bgp-local-pref 700"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-IMPORT comment=!::COMMUNITIES-INFORMATIVAS disabled=no rule="append bgp-communities 990:200,990:201,991:200"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-IMPORT comment=!::DESCARTE-PREFIXO disabled=no rule="if (dst == 2001:DB8:9000::/128) {reject}\
\nif (dst == 2001:DB8:9000::1/128) {reject}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-IMPORT comment=!::DESCARTE-ASPATH disabled=no rule="if (bgp-as-path .65534.) {reject}\
\nif (bgp-as-path .65533.) {reject}"
/routing filter rule add chain=1-UPSTREAM-PEER1-V6-IMPORT comment=!::ROTA-DEFAULT disabled=no rule="if (dst == ::/0) {accept}"
#
A partir da versão v7.19, o parâmetro address-families passou a ser chamado afi.
/routing bgp connection add \
name=TRANSITO-1-UPSTREAM-PEER1-V4 \
address-families=ip \
connect=yes \
as=65000 \
router-id=99.70.3.253 \
local.role=ebgp \
local.address=10.64.249.2 \
remote.as=65001 \
remote.address=10.64.249.1 \
multihop=yes \
keepalive-time=3s
hold-time=30s
nexthop-choice=force-self \
input.filter=1-UPSTREAM-PEER1-V4-IMPORT \
output.filter-chain=1-UPSTREAM-PEER1-V4-EXPORT \
output.network=BGP-NETWORK \
output.remove-private-as=yes \
disabled=yes \
#
/routing bgp connection add \
name=TRANSITO-1-UPSTREAM-PEER1-V6 \
address-families=ipv6 \
connect=yes \
as=65000 \
router-id=99.70.3.253 \
local.role=ebgp \
local.address=2001:DB8:249::2 \
remote.as=65001 \
remote.address=2001:DB8:249::1 \
multihop=yes \
keepalive-time=3s
hold-time=30s
nexthop-choice=force-self \
input.filter=1-UPSTREAM-PEER1-V6-IMPORT \
output.filter-chain=1-UPSTREAM-PEER1-V6-EXPORT \
output.network=BGP-NETWORK \
output.remove-private-as=yes \
disabled=yes \
#