SYNOPSIS
[-h host ] [-S sources ] [-EP ] [-f asn -G asn ] [-346AbDdJjX ] [-r len ] [-R len ] [-m max ] [-W len ] OBJECTS [...]DESCRIPTION
The utility used to generate Cisco and Juniper prefix-lists, extended access-lists, policy-statement terms and as-path lists based on RADB data.The options are as follows:
- -3
- assume that your device is asn32-safe.
- -4
- generate IPv4 prefix/access-lists (default).
- -6
- generate IPv6 prefix/access-lists (IPv4 by default).
- -A
- try to aggregate prefix-lists as much as possible (not all output formats supported).
- -b
- generate output in BIRD format (default: Cisco).
- -d
- enable some debugging output.
- -D
- use asdot notation for Cisco as-path access-lists.
- -E
- generate extended access-list (Cisco) or policy-statement term using route-filters (Juniper).
- -f number
- generate input as-path access-list.
- -G number
- generate output as-path access-list.
- -h host
- host running IRRD database (default: whois.radb.net).
- -J
- generate config for Juniper (default: Cisco).
- -j
- generate output in JSON format (default: Cisco).
- -m len
- maximum prefix-length of accepted prefixes (default: 32 for IPv4 and 128 for IPv6).
- -M match
- extra match conditions for Juniper route-filters.
- -l name
- name of generated entry.
- -P
- generate prefix-list (default, backward compatibility).
- -r len
- allow more specific routes starting with specified masklen too.
- -R len
- allow more specific routes up to specified masklen too.
- -S sources
- use specified sources only (default: RADB,RIPE,APNIC).
- -T
- disable pipelining.
- -W len
- generate as-path strings of no more than len items (use 0 for inifinity).
- -X
- generate config for Cisco IOS XR devices (plain IOS by default).
- OBJECTS
- means networks (in prefix format), autonomous systems, as-sets and route-sets.
EXAMPLES
Generating named juniper prefix-filter for AS20597:- ~>bgpq3 -Jl eltel AS20597 policy-options { replace: prefix-list eltel { 81.9.0.0/20; 81.9.32.0/20; 81.9.96.0/20; 81.222.128.0/20; 81.222.192.0/18; 85.249.8.0/21; 85.249.224.0/19; 89.112.0.0/19; 89.112.4.0/22; 89.112.32.0/19; 89.112.64.0/19; 217.170.64.0/20; 217.170.80.0/20; } }
For Cisco we can use aggregation (-A) flag to make this prefix-filter more compact:
- ~>bgpq3 -Al eltel AS20597 no ip prefix-list eltel ip prefix-list eltel permit 81.9.0.0/20 ip prefix-list eltel permit 81.9.32.0/20 ip prefix-list eltel permit 81.9.96.0/20 ip prefix-list eltel permit 81.222.128.0/20 ip prefix-list eltel permit 81.222.192.0/18 ip prefix-list eltel permit 85.249.8.0/21 ip prefix-list eltel permit 85.249.224.0/19 ip prefix-list eltel permit 89.112.0.0/18 ge 19 le 19 ip prefix-list eltel permit 89.112.4.0/22 ip prefix-list eltel permit 89.112.64.0/19 ip prefix-list eltel permit 217.170.64.0/19 ge 20 le 20
Well, for Juniper we can generate even more interesting policy-options, using -M <extra match conditions>, -R <len> and hierarchical names:
- ~>bgpq3 -AJEl eltel/specifics -r 29 -R 32 -M "community blackhole" AS20597 policy-options { policy-statement eltel { term specifics { replace: from { community blackhole; route-filter 81.9.0.0/20 prefix-length-range /29-/32; route-filter 81.9.32.0/20 prefix-length-range /29-/32; route-filter 81.9.96.0/20 prefix-length-range /29-/32; route-filter 81.222.128.0/20 prefix-length-range /29-/32; route-filter 81.222.192.0/18 prefix-length-range /29-/32; route-filter 85.249.8.0/21 prefix-length-range /29-/32; route-filter 85.249.224.0/19 prefix-length-range /29-/32; route-filter 89.112.0.0/17 prefix-length-range /29-/32; route-filter 217.170.64.0/19 prefix-length-range /29-/32; } } } }
Of course, this version supports IPv6 (-6):
- ~>bgpq3 -6l as-retn-6 AS-RETN6 no ipv6 prefix-list as-retn-6 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe00::/48 ipv6 prefix-list as-retn-6 permit 2001:7fb:fe01::/48 [....]
- ~>bgpq3 -J3f 112 AS-SPACENET policy-options { replace: as-path-group NN { as-path a0 "^112(112)*$"; as-path a1 "^112(.)*(1898|5539|8495|8763|8878|12136|12931|15909)$"; as-path a2 "^112(.)*(21358|23456|23600|24151|25152|31529|34127|34906)$"; as-path a3 "^112(.)*(35052|41720|43628|44450|196611)$"; } }
For non-ASN32 capable routers you should not use switch -3, and the result will be next:
- ~>bgpq3 -f 112 AS-SPACENET no ip as-path access-list NN ip as-path access-list NN permit ^112(_112)*$ ip as-path access-list NN permit ^112(_[0-9]+)*_(1898|5539|8495|8763)$ ip as-path access-list NN permit ^112(_[0-9]+)*_(8878|12136|12931|15909)$ ip as-path access-list NN permit ^112(_[0-9]+)*_(21358|23456|23600|24151)$ ip as-path access-list NN permit ^112(_[0-9]+)*_(25152|31529|34127|34906)$ ip as-path access-list NN permit ^112(_[0-9]+)*_(35052|41720|43628|44450)$
AS196611 is no more in the list, however, AS23456 (transition AS) would be added to list if it were not present.