group (Protocols BGP)
Syntax
group group-name {
advertise-bgp-static
advertise-inactive;
allow [ network/mask-length ];
authentication-key key;
cluster cluster-identifier;
damping;
description text-description;
enforce-first-as;
export [ policy-names ];
family {
(inet | inet6 | inet-vpn | inet6-vpn | l2-vpn) {
(any | multicast | unicast | signaling) {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
drop-excess <percentage>;
hide-excess <percentage>;
}
add-path {
receive;
send {
include-backup-path backup_path_number;
multipath;
path-count number;
path-selection-mode {
(all-paths | equal-cost-paths);
}
prefix-policy [ policy-names ];
}
}
aigp [disable];
damping;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
drop-excess <percentage>;
hide-excess <percentage>;
}
rib-group group-name;
topology name {
community {
target identifier;
}
}
}
flow {
no-validate policy-name;
}
labeled-unicast {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
drop-excess <percentage>;
hide-excess <percentage>;
}
explicit-null {
connected-only;
}
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
drop-excess <percentage>;
hide-excess <percentage>;
}
resolve-vpn;
rib inet.3;
rib-group group-name;
}
}
route-target {
accepted-prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
drop-excess <percentage>;
hide-excess <percentage>;
}
advertise-default;
external-paths number;
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | minutes)>;
drop-excess <percentage>;
hide-excess <percentage>;
}
}
}
graceful-restart {
long-lived {
receiver {
enable:
disable;
}
advertise-to-non-llgr-neighbor {
omit-no-export;
}
}
}
graceful-restart {
long-lived {
disable-notification-flag;
disable-notification-extensions {
omit-no-export;
}
forwarding-state-bit (from-fib | set); /* Configurable to be common for all address families */
forwarding-state-bit (as-rr-client | from-fib); /* Configurable for each address family */
restarter {
disable;
stale-time interval;
}
}
}
hold-time seconds;
import [ policy-names ];
ipsec-sa ipsec-sa;
keep (all | none);
local-address address;
local-as autonomous-system <private>;
local-preference local-preference;
log-updown;
link-bandwith auto-sense;
metric-out metric;
multihop <ttl-value>;
multipath {
multiple-as;
}
mvpn-iana-rt-import;
no-aggregator-id;
no-client-reflect;
out-delay seconds;
passive;
peer-as autonomous-system;
preference preference;
remove-private;
rfc6514-compliant-safi129;
send-non-transitive-link-bandwidth;
tcp-aggressive-transmission;
tcp-mss segment-size;
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}
type type;
neighbor address {
... peer-specific-options ...
}
}
Hierarchy Level
[edit logical-systems logical-system-name protocols bgp], [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp], [edit protocols bgp], [edit protocols bgp family prefix-limit (inet | inet6)(any | flow | labeled-unicast | multicast | unicast)], [edit routing-instances routing-instance-name protocols bgp]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Define a BGP peer group. BGP peer groups share
a common type, peer autonomous system (AS) number, and cluster ID,
if present. To configure multiple BGP groups, include multiple group statements.
By default, the group’s options are identical to the global
BGP options. To override the global options, include group-specific
options within the group statement.
The group statement is one of the statements you
must include in the configuration to run BGP on the routing device.
Each group must contain at least one peer and can establish up to 2048 peers. Before establishing a BGP session, RPD checks for established peer count for the group. If the peer count is more than 2048 then the BGP session fails.
Options
| group-name |
Name of the BGP group |
| link-bandwith auto-sense |
Enable this option to automatically detect the bandwidth towards the peer
and attach the link-bandwith value to the interface speed over which the
BGP route was received. This prevents a policy churn when there is a
change in the link-bandwidth of an interface. Make sure that you also
include the |
| send-non-transitive-link-bandwidth |
Enable this option to send non-transitive-link-bandwidth-extended-community towards EBGP neighbors only for link-bandwidth communities. All non-transitive link bandwith community values are advertised including originated or received and readvertised link-bw community. |
| ttl ttl-value |
Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets. Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets. For BGP multihop scenarios, in which EBGP peers are not directly connected to each other, setting a TTL is optional. The default setting is 64. For BGP single-hop scenarios, in which external EBGP peers are directly connected to each other, you can, optionally, set the TTL to 255 and configure an inbound firewall filter to allow only BGP control packets with the TTL set to 255. This is in accordance with RFC 3682, The Generalized TTL Security Mechanism (GTSM). For example: Send all BGP control packets with the TTL set to 255: user@host# show protocols
bgp {
group toAS2 {
type external;
peer-as 2;
ttl 255;
neighbor 10.1.2.3;
neighbor 10.3.4.5;
neighbor 10.5.6.7;
}
}
Accept only BGP control packets that have the TTL set to 255: user@host# show firewall
filter ttl-security {
term gtsm {
from {
source-address {
10.1.2.3/32;
10.3.4.5/32;
10.5.6.7/32;
}
protocol tcp;
ttl-except 255;
port 179;
}
then {
discard;
}
}
term else {
then {
accept;
}
}
}
Apply the firewall filter to the inbound interface for the EBGP single-hop peer: user@host# show interfaces
ge-1/0/0 {
unit 0 {
family inet {
filter {
input ttl-security;
}
}
}
}
|
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
link-bandwith auto-sense, and
send-non-transitive-link-bandwidth options introduced in Junos
OS Release 24.2R1.