Westermo MR Series User Manual

Page 54

background image

54

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

set attribute ...

Set the AS path attributes to some default per neighbor or group block:

set localpref 300

See also the ATTRIBUTE SET section. Set parameters are applied to the received prefixes; the
only exceptions are prepend-self, nexthop no-modify and nexthop self. These sets are rewritten
into filter rules and can be viewed with ``bgp -nv’’.

softreconfig (in|out) (yes|no)

Turn soft reconfiguration on or off for the specified direction. If soft reconfiguration is turned
on, filter changes will be applied on configuration reloads. If turned off, a BGP session needs to
be cleared to apply the filter changes. Enabling softreconfig in will raise the memory require-
ments of bgp because the unmodified AS path attributes need to be stored as well.

tcp md5sig password secret

tcp md5sig key secret Enable TCP MD5 signatures per RFC 2385. The shared secret can either
be given as a password or hexadecimal key.

tcp md5sig password mekmidasdigoat

tcp md5sig key deadbeef

ttl-security (yes|no)

Enable or disable ttl-security. When enabled, outgoing packets are sent using a TTL of 255 and a
check is made against an incoming packet’s TTL. For directly connected peers, incoming packets
are required to have a TTL of 255, ensuring they have not been routed. For multihop peers,
incoming packets are required to have a TTL of 256 minus multihop distance, ensuring they have
not passed through more than the expected number of hops. The default is no.

Filter

BGP has the ability to allow and deny UPDATES based on prefix or AS path attributes. In addi-
tion, UPDATES may also be modified by filter rules. For each UPDATE processed by the filter,
the filter rules are evaluated in sequential order, from first to last. The last matching allow or
deny rule decides what action is taken.

The following actions can be used in the filter:

allow

The UPDATE is passed.

deny

The UPDATE is blocked.

match

Apply the filter attribute set without influencing the filter decision.

PARAMETERS

The rule parameters specify the UPDATES to which a rule applies. An UPDATE always comes
from, or goes to, one neighbor. Most parameters are optional, but each can appear at most
once per rule. If a parameter is specified, the rule only applies to packets with matching
attributes.

as-type as-number

This rule applies only to UPDATES where the AS path matches. The as-number is matched
against a part of the AS path specified by the as-type. as-type is one of the following operators:

AS (any part)

source-as (rightmost AS number)

transit-as (all but the rightmost AS number)

Multiple as-number entries for a given type or as-type as-number entries may also be specified,
separated by commas or whitespace, if enclosed in curly brackets:

deny from any AS { 1, 2, 3 }

deny from any { AS 1, source-as 2, transit-as 3 }

deny from any { AS { 1, 2, 3 }, source-as 4, transit-as 5 }

This manual is related to the following products: