diff --git a/docs/sources/policy-component.png b/docs/sources/policy-component.png new file mode 100644 index 00000000..f8c21470 Binary files /dev/null and b/docs/sources/policy-component.png differ diff --git a/docs/sources/policy-rs.png b/docs/sources/policy-rs.png deleted file mode 100644 index 8b98c794..00000000 Binary files a/docs/sources/policy-rs.png and /dev/null differ diff --git a/docs/sources/policy-rs.svg b/docs/sources/policy-rs.svg deleted file mode 100644 index 93ea02fe..00000000 --- a/docs/sources/policy-rs.svg +++ /dev/null @@ -1,1508 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - - - - - - - A's Adj-in - FromRS-Client A - - A's InPolicy - - - A's Loc-Rib - - A's ImportPolicy - - - A's ExportPolicy - - - A's Adj-out - - - - ToRS-Client A - - B's Adj-in - FromRS-Client B - - B's InPolicy - - - B's Loc-Rib - - B's ImportPolicy - - - B's ExportPolicy - - - B's Adj-out - - - - ToRS-Client B - - C's Adj-in - FromRS-Client C - - C's InPolicy - - - C's Loc-Rib - - C's ImportPolicy - - - C's ExportPolicy - - - C's Adj-out - - - - ToRS-Client C - - - - - - - - - - diff --git a/docs/sources/policy.md b/docs/sources/policy.md index ed131d76..ccd324b9 100644 --- a/docs/sources/policy.md +++ b/docs/sources/policy.md @@ -8,27 +8,78 @@ We explain the overview firstly, then the details, ## Prerequisites -Assumed that you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). Also [Route Server](https://github.com/osrg/gobgp/blob/master/docs/sources/route-server.md) is plus because we use Route Server setup for an example configuration. +Assumed that you finished [Getting Started](https://github.com/osrg/gobgp/blob/master/docs/sources/getting-started.md). -## Overview +## Contents +- [Overview](#overview) +- [Policy Model](#model) +- [Route Server Policy Model](#rs-model) +- [Policy Structure](#policy) +- [Policy Configuration](#configuration) -### How policies works with RIBs -There are three categories for policies: **Import**, **Export** and **In** policies. +## Overview + +Policy is a way to control how BGP routes inserted to RIB or advertised to +peers. Policy has two parts, **Condition** and **Action**. +When a policy is configured, **Action** is applied to routes which meet **Condition** +before routes proceed to next step. + +GoBGP supports **Condition** like `prefix`, `neighbor`(source/destination of the route), +`aspath` etc.., and **Action** like `accept`, `reject`, `MED/aspath/community manipulation` +etc... + +You can configure policy by configuration file, CLI or gRPC API. + +## Policy Model + +The following figure shows how policy works in normal BGP configuration. + +

+ policy model +

+ +There are **Import** and **Export** policy. **Import** policy is invoked +before best path calculation and pushing routes to RIB. +**Export** policy is invoked after that. + +You can check each policy by the following commands. + +```shell +$ gobgp global policy import +$ gobgp global policy export +``` + +## Route Server Policy Model + +The following figure shows how policy works in [route server BGP configuration](https://github.com/osrg/gobgp/blob/master/docs/sources/route-server.md). + +

+ Announcement processing model implemented by the route server +

+ +In route server mode, adding to **Import** and **Export**, we have **In** policy. **Import** and **Export** policies are defined with respect to the local routing table. The **Import** policy defines what routes will be imported into its local RIBs. The **Export** policy defines what routes will be exported from its local RIBs. **In** polices are -defined with respect to a peer in only Route Server setup. The **In** -policy defines what routes will go to other peers' local routing tables. +defined with respect to a peer. The **In** policy defines what routes will go +to other peers' local routing tables. -The following figure shows how **Import**, **Export**, and **In** -policies work with RIBs in Route Server setup. +You can check each policy by the following commands. -![Announcement processing model implemented by the Route Server](./policy-rs.png) +```shell +$ gobgp neighbor policy in +$ gobgp neighbor policy import +$ gobgp neighbor policy export +``` -### What's a policy? +## Policy Stracture + +

+ policy component +

A policy consists of statements. Each statement has condition(s) and action(s). @@ -40,6 +91,7 @@ Conditions are categorized into attributes below: - aspath length - community - extended community +- rpki validation result Actions are categorized into attributes below: @@ -48,7 +100,7 @@ Actions are categorized into attributes below: - add/subtract or replace MED value - prepend AS number in the AS_PATH attribute -All the condition(s) in the statement are true, the action(s) in the statement are executed. +If All condition in the statement are true, the action(s) in the statement are executed. A condition can have multiple values. For example, you can define a prefix condition that has 10.20.0.0/16, 10.30.3.0/24, and 10.30.4.0/24. You can specify @@ -58,11 +110,19 @@ false. In this case, you can specify either: - true if a route matches any of 10.20.0.0/16, 10.30.3.0/24, and 10.30.4.0/24. - true if a route matches none of 10.20.0.0/16, 10.30.3.0/24, and 10.30.4.0/24. -The details will be explained in the following sections. If you -quickly check out what policy configuration looks like, skip the next -sections to go to the last section. +You can check policy configuration by the following commands. -## The details of steps to define policies +```shell +$ gobgp policy +$ gobgp policy statement +$ gobgp policy prefix +$ gobgp policy neighbor +$ gobgp policy as-path +$ gobgp policy community +$ gobgp policy ext-community +``` + +## Policy Configuration GoBGP's configuration file has two parts named **DefinedSets** and **PolicyDefinitions** as its policy configuration. **DefinedSets** part defines conditions. **PolicyDefinitions** defines policies based on actions and these conditions. @@ -701,16 +761,8 @@ The ApplyPolicy has 6 elements. | DefaultInPolicy | action when the route doesn't match any policy:
"accept-route" or "reject-route". default is "accept-route" | "reject-route" | -## Simple configuration example -A policy consists of a match and an action. A match defines if an -action will be applied to a route. For now, GoBGP uses only the source -of a peer and a prefix as match conditions. Only dropping and -accepting are supported as an action. - -This example the configuration in [Route -Server](https://github.com/osrg/gobgp/blob/master/docs/sources/route-server.md) -with one more peer (IP:10.0.255.3, AS:65001). +## Policy Configuration Example Neighbor 10.0.255.1 advertises 10.33.0.0/16 and 10.3.0.0/16 routes. We define an import policy for neighbor 10.0.255.2 that drops diff --git a/docs/sources/policy.png b/docs/sources/policy.png new file mode 100644 index 00000000..ac4aee07 Binary files /dev/null and b/docs/sources/policy.png differ diff --git a/docs/sources/policy.svg b/docs/sources/policy.svg new file mode 100644 index 00000000..850c3702 --- /dev/null +++ b/docs/sources/policy.svg @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A + + + B + + + C + + + Adj-IN + + + + + + + + + + + + + + + + + + + A + + + B + + + C + + + Adj-OUT + + + + + + + + + + + RIB + + + + + + + + + + + Import + Policy + + + Export + Policy + + + diff --git a/docs/sources/policy_component.svg b/docs/sources/policy_component.svg new file mode 100644 index 00000000..05f9c350 --- /dev/null +++ b/docs/sources/policy_component.svg @@ -0,0 +1,195 @@ + + + + + + + + + + + + + + + + + + Condition + + + + + + + Action + + + Statement + + + + + + + Statement + + + + + + + Statement + + + + + + + Statement + + + Policy + + + + + + + + + + + Condition + + + - prefix-set-name + - neighbor-set-name + - community-set-name + - ext-community-set-name + - as-path-set-name + - as-path-length + - rpki-validation-result + + + + + + + + + + + Action + + + - accept/reject + - add/remove community/ + ext-community + - prepend as-path + - manipulate MED + + + + + + + + + + + Prefix Sets + + + + + + + prefix-set + + + + + + + Defined Sets + + + + + + + + Neighbor Sets + + + + + + + neighbor-set + + + + + + + + + + + + Community Sets + + + + + + + community-set + + + + + + + + + + + + ExtCommunity Sets + + + + + + + ext-community-set + + + + + + + + + + + + AsPath Sets + + + + + + + as-path-set + + + + + + + + diff --git a/docs/sources/rs-policy.png b/docs/sources/rs-policy.png new file mode 100644 index 00000000..3f0a2ea5 Binary files /dev/null and b/docs/sources/rs-policy.png differ diff --git a/docs/sources/rs-policy.svg b/docs/sources/rs-policy.svg new file mode 100644 index 00000000..fbf7685c --- /dev/null +++ b/docs/sources/rs-policy.svg @@ -0,0 +1,246 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A + + + A + + + A + + + B + + + B + + + B + + + C + + + C + + + C + + + Adj-IN + + + Loc-RIB + + + Adj-OUT + + + In + Policy + + + Import + Policy + + + Export + Policy + + + + + + + + + + + + + + + + + + + + + + + + + + +