Implementing BGP

Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free interdomain routing between autonomous systems. An autonomous system is a set of routers under a single technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols (IGPs) to exchange routing information inside the autonomous system and an EGP to route packets outside the autonomous system.

This module provides conceptual and configuration information on BGP.

Release

Modification

Release 6.0

This feature was introduced.

Restrictions for Implementing BGP

  • When paths of different technologies are resolved over ECMP, it results in heterogeneous ECMP, leading to severe network traffic issues. Don’t use ECMP for any combination of the following technologies:

    • LDP.

    • BGP-LU, including services over BGP-LU loopback peering or recursive services at Level-3.

    • VPNv4.

    • 6PE and 6VPE.

    • EVPN.

    • Recursive static routing.

Information about Implementing BGP

To implement BGP, you need to understand the following concepts:

BGP Router Identifier

For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is sent to BGP peers in the OPEN message when a BGP session is established.

BGP attempts to obtain a router ID in the following ways (in order of preference):

  • By means of the address configured using the bgp router-id command in router configuration mode.

  • By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved loopback address configuration.

  • By using the primary IPv4 address of the first loopback address that gets configured if there are not any in the saved configuration.

If none of these methods for obtaining a router ID succeeds, BGP does not have a router ID and cannot establish any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log, and the show bgp summary command displays a router ID of 0.0.0.0. After BGP has obtained a router ID, it continues to use it even if a better router ID becomes available. This usage avoids unnecessary flapping for all BGP sessions. However, if the router ID currently in use becomes invalid (because the interface goes down or its configuration is changed), BGP selects a new router ID (using the rules described) and all established peering sessions are reset.


Note

We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes to the router ID (and consequent flapping of BGP sessions).

BGP Default Limits

BGP imposes maximum limits on the number of neighbors that can be configured on the router and on the maximum number of prefixes that are accepted from a peer for a given address family. This limitation safeguards the router from resource depletion caused by misconfiguration, either locally or on the remote neighbor. The following limits apply to BGP configurations:

  • The default maximum number of peers that can be configured is 100. The default can be changed using the bgp maximum neighbor command. Any attempt to configure additional peers beyond the maximum limit or set the maximum limit to a number that is less than the number of peers currently configured will fail.

  • To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes that are accepted from a peer for each supported address family. The default limits can be overridden through configuration of the maximum-prefix limit command for the peer for the appropriate address family. The following default limits are used if the user does not configure the maximum number of prefixes for the address family:

    • IPv4 prefixes: 128K

    • IPv6 Prefixes: 64K

    A cease notification message is sent to the neighbor and the peering with the neighbor is terminated when the number of prefixes received from the peer for a given address family exceeds the maximum limit (either set by default or configured by the user) for that address family.

    It is possible that the maximum number of prefixes for a neighbor for a given address family has been configured after the peering with the neighbor has been established and a certain number of prefixes have already been received from the neighbor for that address family. A cease notification message is sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if the configured maximum number of prefixes is fewer than the number of prefixes that have already been received from the neighbor for the address family.

BGP Attributes and Operators

This table summarizes the BGP attributes and operators per attach points.

Table 1. BGP Attributes and Operators

Attach Point

Attribute

Match

Set

aggregation

as-path

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

community

is-empty

matches-any

matches-every

set

set additive

delete in

delete not in

delete all

destination

in

extcommunity cost

set

set additive

local-preference

is, ge, le, eq

set

med

is, eg, ge, le

setset +set -

next-hop

in

set

origin

is

set

source

in

suppress-route

suppress-route

weight

set

allocate-label

as-path

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

community

is-empty

matches-any

matches-every

destination

in

label

set

local-preference

is, ge, le, eq

med

is, eg, ge, le

next-hop

in

origin

is

source

in

clear-policy

as-path

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

dampening

as-path

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

community

is-empty

matches-any

matches-every

dampening

—/

set dampening

destination

in

local-preference

is, ge, le, eq

med

is, eg, ge, le

next-hop

in

origin

is

source

in

debug

destination

in

default originate

med

set

set +

set -

rib-has-route

in

neighbor-in

as-path

in

is-local

length

NA

neighbor-is

originates-from

passes-through

unique-length

prepend

prepend most-recent

remove as-path private-as

replace

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

communitycommunity with ‘peeras’

is-empty

matches-any

matches-every

set

set additive

delete-in

delete-not-in

delete-all

destination

in

extcommunity cost

set

set additive

extcommunity rt

is-empty

matches-any

matches-every

matches-within

set

additive

delete-in

delete-not-in

delete-all

extcommunity soo

is-empty

matches-any

matches-every

matches-within

local-preference

is, ge, le, eq

set

med

is, eg, ge, le

set

set +

set -

next-hop

in

set

set peer address

origin

is

set

route-aggregated

route-aggregated

NA

source

in

weight

set

neighbor-out

as-path

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

prepend

prepend most-recent

remove as-path private-as

replace

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

communitycommunity with ‘peeras’

is-empty

matches-any

matches-every

set

set additive

delete-in

delete-not-in

delete-all

destination

in

extcommunity cost

set

set additive

extcommunity rt

is-empty

matches-any

matches-every

matches-within

set

additive

delete-in

delete-not-in

delete-all

extcommunity soo

is-empty

matches-any

matches-every

matches-within

local-preference

is, ge, le, eq

set

med

is, eg, ge, le

set

set +

set -

set max-unreachable

set igp-cost

next-hop

in

set

set self

origin

is

set

path-type

is

rd

in

route-aggregated

route-aggregated

source

in

unsuppress-route

unsuppress-route

vpn-distinguisher

set

neighbor-orf

orf-prefix

in

n/a

network

as-path

prepend

community

set

set additive

delete-in

delete-not-in

delete-all

destination

in

extcommunity cost

set

set additive

mpls-label

route-has-label

local-preference

set

med

set

set+

set-

next-hop

in

set

origin

set

route-type

is

tag

is, ge, le, eq

weight

set

next-hop

destination

in

protocol

is,in

source

in

redistribute

as-path

prepend

community

set

set additive

delete in

delete not in

delete all

destination

in

extcommunity cost

setset additive

local-preference

set

med

set

set+

set-

next-hop

in

set

origin

set

mpls-label

route-has-label

route-type

is

tag

is, eq, ge, le

weight

set

retain-rt

extcommunity rt

is-empty

matches-any

matches-every

matches-within

show

as-path

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-path-length

is, ge, le, eq

as-path-unique-length

is, ge, le, eq

community

is-empty

matches-any

matches-every

destination

in

extcommunity rt

is-empty

matches-any

matches-every

matches-within

extcommunity soo

is-empty

matches-any

matches-every

matches-within

med

is, eg, ge, le

next-hop

in

origin

is

source

in

Some BGP route attributes are inaccessible from some BGP attach points for various reasons. For example, the set med igp-cost only command makes sense when there is a configured igp-cost to provide a source value.

This table summarizes which operations are valid and where they are valid.

Table 2. Restricted BGP Operations by Attach Point

Command

import

export

aggregation

redistribution

prepend as-path most-recent

eBGP only

eBGP only

n/a

n/a

replace as-path

eBGP only

eBGP only

n/a

n/a

set med igp-cost

forbidden

eBGP only

forbidden

forbidden

set weight

n/a

forbidden

n/a

n/a

suppress

forbidden

forbidden

n/a

forbidden

The bgp cluster-id option is used to configure the router as one of the route reflectors serving the cluster. The cluster-id option is also available in the BGP neighbor address-family (config-bgp-nbr-af) mode. To enable a router to accept BGP routes which have the same first cluster-ID as the router’s own cluster-ID in the list of cluster-IDs, use the cluster-id allow-equal command. You must use this command with care to avoid routing loops.

BGP Best Path Algorithm

BGP routers typically receive multiple paths to the same destination. The BGP best-path algorithm determines the best path to install in the IP routing table and to use for forwarding traffic. This section describes the Cisco IOS XR software implementation of BGP best-path algorithm, as specified in Section 9.1 of the Internet Engineering Task Force (IETF) Network Working Group draft-ietf-idr-bgp4-24.txt document.

The BGP best-path algorithm implementation is in three parts:

  • Part 1—Compares two paths to determine which is better.

  • Part 2—Iterates over all paths and determines which order to compare the paths to select the overall best path.

  • Part 3—Determines whether the old and new best paths differ enough so that the new best path should be used.


Note

The order of comparison determined by Part 2 is important because the comparison operation is not transitive; that is, if three paths, A, B, and C exist, such that when A and B are compared, A is better, and when B and C are compared, B is better, it is not necessarily the case that when A and C are compared, A is better. This nontransitivity arises because the multi exit discriminator (MED) is compared only among paths from the same neighboring autonomous system (AS) and not among all paths.

Comparing Pairs of Paths

Perform the following steps to compare two paths and determine the better path:

  1. If either path is invalid (for example, a path has the maximum possible MED value or it has an unreachable next hop), then the other path is chosen (provided that the path is valid).

  2. If the paths have unequal pre-bestpath cost communities, the path with the lower pre-bestpath cost community is selected as the best path.

  3. If the paths have unequal weights, the path with the highest weight is chosen.

    Note

    The weight is entirely local to the router, and can be set with the weight command or using a routing policy.

  4. If the paths have unequal local preferences, the path with the higher local preference is chosen.


    Note

    If a local preference attribute was received with the path or was set by a routing policy, then that value is used in this comparison. Otherwise, the default local preference value of 100 is used. The default value can be changed using the bgp default local-preference command.

  5. If one of the paths is a redistributed path, which results from a redistribute or network command, then it is chosen. Otherwise, if one of the paths is a locally generated aggregate, which results from an aggregate-address command, it is chosen.


    Note

    Step 1 through Step 4 implement the “Path Selection with BGP”of RFC 1268.

  6. If the paths have unequal AS path lengths, the path with the shorter AS path is chosen. This step is skipped if bgp bestpath as-path ignore command is configured.


    Note

    When calculating the length of the AS path, confederation segments are ignored, and AS sets count as 1.


    Note

    eiBGP specifies internal and external BGP multipath peers. eiBGP allows simultaneous use of internal and external paths.

  7. If the paths have different origins, the path with the lower origin is selected. Interior Gateway Protocol (IGP) is considered lower than EGP, which is considered lower than INCOMPLETE.

  8. If appropriate, the MED of the paths is compared. If they are unequal, the path with the lower MED is chosen.

    A number of configuration options exist that affect whether or not this step is performed. In general, the MED is compared if both paths were received from neighbors in the same AS; otherwise the MED comparison is skipped. However, this behavior is modified by certain configuration options, and there are also some corner cases to consider.

    If the bgp bestpath med always command is configured, then the MED comparison is always performed, regardless of neighbor AS in the paths. Otherwise, MED comparison depends on the AS paths of the two paths being compared, as follows:

    • If a path has no AS path or the AS path starts with an AS_SET, then the path is considered to be internal, and the MED is compared with other internal paths.

    • If the AS path starts with an AS_SEQUENCE, then the neighbor AS is the first AS number in the sequence, and the MED is compared with other paths that have the same neighbor AS.

    • If the AS path contains only confederation segments or starts with confederation segments followed by an AS_SET, then the MED is not compared with any other path unless the bgp bestpath med confed command is configured. In that case, the path is considered internal and the MED is compared with other internal paths.

    • If the AS path starts with confederation segments followed by an AS_SEQUENCE, then the neighbor AS is the first AS number in the AS_SEQUENCE, and the MED is compared with other paths that have the same neighbor AS.


    Note

    If no MED attribute was received with the path, then the MED is considered to be 0 unless the bgp bestpath med missing-as-worst command is configured. In that case, if no MED attribute was received, the MED is considered to be the highest possible value.

  9. If one path is received from an external peer and the other is received from an internal (or confederation) peer, the path from the external peer is chosen.

  10. If the paths have different IGP metrics to their next hops, the path with the lower IGP metric is chosen.

  11. If the paths have unequal IP cost communities, the path with the lower IP cost community is selected as the best path.

  12. If all path parameters in Step 1 through Step 10 are the same, then the router IDs are compared. If the path was received with an originator attribute, then that is used as the router ID to compare; otherwise, the router ID of the neighbor from which the path was received is used. If the paths have different router IDs, the path with the lower router ID is chosen.


    Note

    Where the originator is used as the router ID, it is possible to have two paths with the same router ID. It is also possible to have two BGP sessions with the same peer router, and therefore receive two paths with the same router ID.

  13. If the paths have different cluster lengths, the path with the shorter cluster length is selected. If a path was not received with a cluster list attribute, it is considered to have a cluster length of 0.

  14. Finally, the path received from the neighbor with the lower IP address is chosen. Locally generated paths (for example, redistributed paths) are considered to have a neighbor IP address of 0.

Order of Comparisons

The second part of the BGP best-path algorithm implementation determines the order in which the paths should be compared. The order of comparison is determined as follows:

  1. The paths are partitioned into groups such that within each group the MED can be compared among all paths. The same rules as in are used to determine whether MED can be compared between any two paths. Normally, this comparison results in one group for each neighbor AS. If the bgp bestpath med always command is configured, then there is just one group containing all the paths.

  2. The best path in each group is determined. Determining the best path is achieved by iterating through all paths in the group and keeping track of the best one seen so far. Each path is compared with the best-so-far, and if it is better, it becomes the new best-so-far and is compared with the next path in the group.

  3. A set of paths is formed containing the best path selected from each group in Step 2. The overall best path is selected from this set of paths, by iterating through them as in Step 2.

Best Path Change Suppression

The third part of the implementation is to determine whether the best-path change can be suppressed or not—whether the new best path should be used, or continue using the existing best path. The existing best path can continue to be used if the new one is identical to the point at which the best-path selection algorithm becomes arbitrary (if the router-id is the same). Continuing to use the existing best path can avoid churn in the network.


Note

This suppression behavior does not comply with the IETF Networking Working Group draft-ietf-idr-bgp4-24.txt document, but is specified in the IETF Networking Working Group draft-ietf-idr-avoid-transition-00.txt document.

The suppression behavior can be turned off by configuring the bgp bestpath compare-routerid command. If this command is configured, the new best path is always preferred to the existing one.

Otherwise, the following steps are used to determine whether the best-path change can be suppressed:

  1. If the existing best path is no longer valid, the change cannot be suppressed.

  2. If either the existing or new best paths were received from internal (or confederation) peers or were locally generated (for example, by redistribution), then the change cannot be suppressed. That is, suppression is possible only if both paths were received from external peers.

  3. If the paths were received from the same peer (the paths would have the same router-id), the change cannot be suppressed. The router ID is calculated using rules in .

  4. If the paths have different weights, local preferences, origins, or IGP metrics to their next hops, then the change cannot be suppressed. Note that all these values are calculated using the rules in .

  5. If the paths have different-length AS paths and the bgp bestpath as-path ignore command is not configured, then the change cannot be suppressed. Again, the AS path length is calculated using the rules in .

  6. If the MED of the paths can be compared and the MEDs are different, then the change cannot be suppressed. The decision as to whether the MEDs can be compared is exactly the same as the rules in , as is the calculation of the MED value.

  7. If all path parameters in Step 1 through Step 6 do not apply, the change can be suppressed.

BGP Update Generation and Update Groups

The BGP Update Groups feature separates BGP update generation from neighbor configuration. The BGP Update Groups feature introduces an algorithm that dynamically calculates BGP update group membership based on outbound routing policies. This feature does not require any configuration by the network operator. Update group-based message generation occurs automatically and independently.

BGP Update Group

When a change to the configuration occurs, the router automatically recalculates update group memberships and applies the changes.

For the best optimization of BGP update group generation, we recommend that the network operator keeps outbound routing policy the same for neighbors that have similar outbound policies. This feature contains commands for monitoring BGP update groups.

BGP Cost Community Reference

The cost community attribute is applied to internal routes by configuring the set extcommunity cost command in a route policy. The cost community set clause is configured with a cost community ID number (0–255) and cost community number (0–4294967295). The cost community number determines the preference for the path. The path with the lowest cost community number is preferred. Paths that are not specifically configured with the cost community number are assigned a default cost community number of 2147483647 (the midpoint between 0 and 4294967295) and evaluated by the best-path selection process accordingly. When two paths have been configured with the same cost community number, the path selection process prefers the path with the lowest cost community ID. The cost-extended community attribute is propagated to iBGP peers when extended community exchange is enabled.

The following commands include the route-policy keyword, which you can use to apply a route policy that is configured with the cost community set clause:

  • aggregate-address

  • redistribute

  • network

BGP Next Hop Reference

Event notifications from the RIB are classified as critical and noncritical. Notifications for critical and noncritical events are sent in separate batches. BGP is notified when any of the following events occurs:

  • Next hop becomes unreachable

  • Next hop becomes reachable

  • Fully recursed IGP metric to the next hop changes

  • First hop IP address or first hop interface change

  • Next hop becomes connected

  • Next hop becomes unconnected

  • Next hop becomes a local address

  • Next hop becomes a nonlocal address


Note

Reachability and recursed metric events trigger a best-path recalculation.

However, a noncritical event is sent along with the critical events if the noncritical event is pending and there is a request to read the critical events.

  • Critical events are related to the reachability (reachable and unreachable), connectivity (connected and unconnected), and locality (local and nonlocal) of the next hops. Notifications for these events are not delayed.

  • Noncritical events include only the IGP metric changes. These events are sent at an interval of 3 seconds. A metric change event is batched and sent 3 seconds after the last one was sent.

BGP is notified when any of the following events occurs:

  • Next hop becomes unreachable

  • Next hop becomes reachable

  • Fully recursed IGP metric to the next hop changes

  • First hop IP address or first hop interface change

  • Next hop becomes connected

  • Next hop becomes unconnected

  • Next hop becomes a local address

  • Next hop becomes a nonlocal address


Note

Reachability and recursed metric events trigger a best-path recalculation.

The next-hop trigger delay for critical and noncritical events can be configured to specify a minimum batching interval for critical and noncritical events using the nexthop trigger-delay command. The trigger delay is address family dependent.

The BGP next-hop tracking feature allows you to specify that BGP routes are resolved using only next hops whose routes have the following characteristics:

  • To avoid the aggregate routes, the prefix length must be greater than a specified value.

  • The source protocol must be from a selected list, ensuring that BGP routes are not used to resolve next hops that could lead to oscillation.

This route policy filtering is possible because RIB identifies the source protocol of route that resolved a next hop as well as the mask length associated with the route. The nexthop route-policy command is used to specify the route-policy.

Next Hop as the IPv6 Address of Peering Interface

BGP can carry IPv6 prefixes over an IPv4 session. The next hop for the IPv6 prefixes can be set through a nexthop policy. In the event that the policy is not configured, the nexthops are set as the IPv6 address of the peering interface (IPv6 neighbor interface or IPv6 update source interface, if any one of the interfaces is configured).

If the nexthop policy is not configured and neither the IPv6 neighbor interface nor the IPv6 update source interface is configured, the next hop is the IPv4 mapped IPv6 address.

Scoped IPv4/VPNv4 Table Walk

To determine which address family to process, a next-hop notification is received by first de-referencing the gateway context associated with the next hop, then looking into the gateway context to determine which address families are using the gateway context. The IPv4 unicast and VPNv4 unicast address families share the same gateway context, because they are registered with the IPv4 unicast table in the RIB. As a result, both the global IPv4 unicast table and the VPNv4 table are is processed when an IPv4 unicast next-hop notification is received from the RIB. A mask is maintained in the next hop, indicating if whether the next hop belongs to IPv4 unicast or VPNv4 unicast, or both. This scoped table walk localizes the processing in the appropriate address family table.

Reordered Address Family Processing

The software walks address family tables based on the numeric value of the address family. When a next-hop notification batch is received, the order of address family processing is reordered to the following order:

  • IPv4 tunnel

  • VPNv4 unicast

  • VPNv6 unicast

  • IPv4 labeled unicast

  • IPv4 unicast

  • IPv4 MDT

  • IPv6 unicast

  • IPv6 labeled unicast

  • IPv4 tunnel

  • VPNv4 unicast

  • IPv4 unicast

  • IPv6 unicast

New Thread for Next-Hop Processing

The critical-event thread in the spkr process handles only next-hop, Bidirectional Forwarding Detection (BFD), and fast-external-failover (FEF) notifications. This critical-event thread ensures that BGP convergence is not adversely impacted by other events that may take a significant amount of time.

show, clear, and debug Commands

The show bgp nexthops command provides statistical information about next-hop notifications, the amount of time spent in processing those notifications, and details about each next hop registered with the RIB. The clear bgp nexthop performance-statistics command ensures that the cumulative statistics associated with the processing part of the next-hop show command can be cleared to help in monitoring. The clear bgp nexthop registration command performs an asynchronous registration of the next hop with the RIB.

The debug bgp nexthop command displays information on next-hop processing. The out keyword provides debug information only about BGP registration of next hops with RIB. The in keyword displays debug information about next-hop notifications received from RIB. The out keyword displays debug information about next-hop notifications sent to the RIB.

iBGP Multipath Load Sharing Reference

When there are multiple border BGP routers having reachability information heard over eBGP, if no local policy is applied, the border routers will choose their eBGP paths as best. They advertise that bestpath inside the ISP network. For a core router, there can be multiple paths to the same destination, but it will select only one path as best and use that path for forwarding. iBGP multipath load sharing adds the ability to enable load sharing among multiple equi-distant paths. Configuring multiple iBGP best paths enables a router to evenly share the traffic destined for a particular site. The iBGP Multipath Load Sharing feature functions similarly in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) with a service provider backbone.

For multiple paths to the same destination to be considered as multipaths, the following criteria must be met:

  • All attributes must be the same. The attributes include weight, local preference, autonomous system path (entire attribute and not just length), origin code, Multi Exit Discriminator (MED), and Interior Gateway Protocol (iGP) distance.

  • The next hop router for each multipath must be different.

Even if the criteria are met and multiple paths are considered multipaths, the BGP speaking router designates one of the multipaths as the best path and advertises this best path to its neighbors.

Note

  • Overwriting of next-hop calculation for multipath prefixes is not allowed. The next-hop-unchanged multipath command disables overwriting of next-hop calculation for multipath prefixes.

  • The ability to ignore as-path onwards while computing multipath is added. The bgp multipath as-path ignore onwards command ignores as-path onwards while computing multipath.

IPv6 Unicast Routing

Cisco provides complete Internet Protocol Version 6 (IPv6) unicast capability.

An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast address is delivered to the interface identified by that address. Cisco IOS XR software supports the following IPv6 unicast address types:

  • Global aggregatable address

  • Site-local address

  • Link-local address

  • IPv4-compatible IPv6 address

For more information on IPv6 unicast addressing, refer the IP Addresses and Services Configuration Guide.

Remove and Replace Private AS Numbers from AS Path in BGP

Private autonomous system numbers (ASNs) are used by Internet Service Providers (ISPs) and customer networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the global Internet because they are not unique. AS numbers appear in eBGP AS paths in routing updates. Removing private ASNs from the AS path is necessary if you have been using private ASNs and you want to access the global Internet.

Public AS numbers are assigned by InterNIC and are globally unique. They range from 1 to 64511. Private AS numbers are used to conserve globally unique AS numbers, and they range from 64512 to 65535. Private AS numbers cannot be leaked to a global BGP routing table because they are not unique, and BGP best path calculations require unique AS numbers. Therefore, it might be necessary to remove private AS numbers from an AS path before the routes are propagated to a BGP peer.

External BGP (eBGP) requires that globally unique AS numbers be used when routing to the global Internet. Using private AS numbers (which are not unique) would prevent access to the global Internet. The remove and replace private AS Numbers from AS Path in BGP feature allows routers that belong to a private AS to access the global Internet. A network administrator configures the routers to remove private AS numbers from the AS path contained in outgoing update messages and optionally, to replace those numbers with the ASN of the local router, so that the AS Path length remains unchanged.

The ability to remove and replace private AS numbers from the AS Path is implemented in the following ways:

  • The remove-private-as command removes private AS numbers from the AS path even if the path contains both public and private ASNs.

  • The remove-private-as command removes private AS numbers even if the AS path contains only private AS numbers. There is no likelihood of a 0-length AS path because this command can be applied to eBGP peers only, in which case the AS number of the local router is appended to the AS path.

  • The remove-private-as command removes private AS numbers even if the private ASNs appear before the confederation segments in the AS path.

  • The replace-as command replaces the private AS numbers being removed from the path with the local AS number, thereby retaining the same AS path length.

The feature can be applied to neighbors per address family (address family configuration mode). Therefore, you can apply the feature for a neighbor in one address family and not on another, affecting update messages on the outbound side for only the address family for which the feature is configured.

Use show bgp neighbors and show bgp update-group commands to verify that the that private AS numbers were removed or replaced.

Replace BGP AS Path with Custom Values

Table 3. Feature History Table

Feature Name

Release Information

Feature Description

Replace BGP AS Path with Custom Values

Release 7.5.2

You can now configure route policies to replace the Autonomous System (AS) Path in BGP with custom values to control the best path selection process.

This feature introduces the replace as-path all command.

BGP routers typically receive multiple paths to the same destination. The BGP best-path algorithm determines the best path to install in the IP routing table and to use for forwarding traffic. The overall best path is selected based on various attributes. .

AS path is one of the attributes used for best path selection. By default, BGP always prefers the route with shortest AS path as the best path. The best path selected by BGP might have traffic engineering issues, like heavy traffic that leads to congestion. In such cases, you can alter the best path by replacing the AS path with custom values.

The following are the custom values you can use to replace the AS path:

  • None: Use this option to modify an AS path as the shortest path in the network. When you choose this option, the AS path is replaced with a null or empty value. Use the replace as-path all none command to replace with none.

  • Auto: Use this option to advertise the local AS number or the neigbor's AS number as the AS path. When you choose this option, AS path is replaced based on the route policy:

    • For inbound route policy, AS path is replaced with AS path of BGP neighbor from where the prefix is received.

    • For outbound route policy, AS path is replaced with the local AS number.

    Use the replace as-path all auto command to replace with auto.

  • 'x': Use this option to replace AS path with any specified value. Use the replace as-path all 'x' command to replace with this option, where 'x' can be a single AS number or a sequence of AS numbers separated by space.

  • Optionally, you can repeat replacing the AS path for a specified number of times. This option is supported only for the auto and 'x' parameters. Use the replace as-path all {auto | 'x'} [n] command to enable the repeat option.

  • Optionally, you can use a parameter name along with the repeat option. The parameter name must be preceded with a “$.” You can attach the route policy with the parameter to a neighbor and specify the number of times the AS path replacement should be repeated. This opton allows you to apply the same route policy to different neighbors with different AS path values.

    Use the replace as-path all {auto | 'x'} [n] [parameter] command to enable the parameter along with repeat option.

You can replace the AS path for inbound eBGP, outbound eBGP, and outbound iBGP paths.


Note

For outbound eBGP paths, the AS number of the local router is always prepended to the replaced AS path.

Interoperability with BGP Confederation

BGP confederation is a group of multiple autonomous systems that looks like a single autonomous system to the outside world. When confederation is configured on BGP peers, the AS path is replaced as follows:

  • When you replace the AS path in an outbound BGP router, which receives prefix from a BGP neighbor configured with confederation, the specified AS path value is appended to the confederation sequence.

  • When you replace the AS path in an inbound BGP router configured with confederation, the confederation sequence is replaced with the specified AS path value.

Deployment Scenario

Consider a BGP network configured with AS paths. By default, BGP selects the route with shortest AS path to reach the destination. You can alter the default route by using the replace BGP AS path feature.

In the following figure, the network consists of BGP routers configured with AS Path values. To reach Server B, Server A typically selects Path B (via S1_1, S0), as the AS path value of S0 is shorter.

You may want to use Path A to reach the destination (via S1_1, S2_1, S1_2, S0), for traffic engineering purpose. For example, Path A may be less congested and is better than Path B. To use Path A, you can replace the AS path values with one of the following options:

  • Replace AS path of Router S2_1 with a shorter value.

  • Replace AS path of Router S0 with a longer value.

Restrictions

  • The replace as-path all command isn't supported on inbound iBGP paths.

  • The replace as-path all command isn't supported on a route policy that is already configured with remove-private-as or replace as commands.

  • You can apply the route policy configured with replace as-path all only on neighbor-in or neighbor-out attach points.

Configuration Example

To replace BGP AS path with custom values, perform the following tasks on a BGP router:

This example shows how to replace AS path with null value.

/*Configure route policy to replace AS path with none*/
Router(config)#hw-module profile stats ?
Router(config)# route-policy aspath-none
Router(config-rpl)# replace as-path all none
Router(config-rpl)# end-policy

/* Apply route policy to BGP neighbor */
Router(config)# router bgp 65530
Router(config-bgp)# neighbor 111.0.0.1
Router(config-bgp-nbr)# address-family ipv4 unicast
Router(config-bgp-nbr-af)# route-policy aspath-none in

This example shows how to replace AS path with auto option.


/*Configure route policy to replace AS path with auto*/
Router(config)#route-policy aspath-auto
Router(config-rpl)# replace as-path all auto
Router(config-rpl)# end-policy


/* Apply route policy to BGP neighbor */
Router(config)# router bgp 65530
Router(config-bgp)# neighbor 111.0.0.1
Router(config-bgp-nbr)# address-family ipv4 unicast
Router(config-bgp-nbr-af)# route-policy aspath-auto out

This example shows how to replace AS path with a specified sequence of AS numbers. In this example, sequence '10 100 200 300' is used. 


/*Configure route policy to replace AS path with 'x'*/
Router(config)# route-policy aspath-str
Router(config-rpl)# replace as-path all '10 100 200 300'
Router(config-rpl)# end-policy


/* Apply route policy to BGP neighbor */
Router(config)# router bgp 1
Router(config-bgp)# neighbor 111.0.0.1
Router(config-bgp-nbr)# address-family ipv4 unicast
Router(config-bgp-nbr-af)# route-policy aspath-str in

This example shows how to use replace as-path all command along with parameter to replace the AS path with specified sequence of values, repeated for specified number of times. In this example, AS path is replaced with sequence '45 55', repeated for 6 times. 



/*Configure route policy to replace AS path with parameter ($n)*/
Router(config)# route-policy aspath-par($n)
Router(config-rpl)# replace as-path all '45 55' $n
Router(config-rpl)# end-policy


/* Apply route policy to BGP neighbor */
Router(config)# router bgp 1
Router(config-bgp)# neighbor 111.0.0.1
Router(config-bgp-nbr)# address-family ipv4 unicast
Router(config-bgp-nbr-af)# route-policy aspath-par(6) in

Verification

In the following output, AS path is replaced with null value. 


Router# show bgp
Network               Next Hop            Metric LocPrf Weight Path
*> 192.168.3.0/24     192.168.3.1                     0      0    i

In the following output, AS path is replaced with auto for an outbound path, where the AS path of local router is [40]. 


Router# show bgp
Network            Next Hop            Metric LocPrf Weight Path
*> 111.0.0.2/32    200.0.0.5                       0         40 i    

In the following output, AS path is replaced with the sequence '10 100 200 300'. 


Router# show bgp
Network            Next Hop            Metric LocPrf Weight Path
*>111.0.0.2/32      200.0.0.5                      0 10 100 200 300 i

In the following output, AS path is replaced with the sequence '45 55', repeated for 6 times. 


Router# show bgp
Network            Next Hop            Metric LocPrf Weight Path
*>111.0.0.8/32      200.0.0.5                      0        45 55 45 55 45 55 45 55 45 55 45 55 i

Configure Replace BGP AS Path with Custom Values

Perform the following steps to replace BGP AS path with custom values.

SUMMARY STEPS

  1. configure
  2. route-policy route-policy-name
  3. replace as-path all { none | auto | x } [n ] [parameter ]
  4. Use the show bgp command to verify the replaced AS path.

DETAILED STEPS

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2

route-policy route-policy-name

Example:

RP/0/RP0/CPU0:router(config)# route-policy test-match-all

Defines the route policy and enters route-policy configuration mode.

Step 3

replace as-path all { none | auto | x } [n ] [parameter ]

Replaces the entire AS path with specified values.

  • none – Replaces AS path with null or empty value.

  • auto – For Inbound route policy, replaces AS path with AS path of neighbor from where the prefix is received. For Outbound route policy, replaces AS path with the configured local AS path.

  • x – Replaces AS path with specified value, where x can be a single AS number or a sequence of AS numbers separated by space.

  • [n ] – (Optional) Repeats the AS path replacement for specified number of times. Range is from 2 to 64. This option is supported only for the parameters auto and x .

  • [parameter ] – (Optional) Parameter name used along with repeat option. The parameter name must be preceded with a “$.” You can attach the route policy with the parameter to a neighbor and specify the number of times the AS path replacement should be repeated.

Note

 
You can apply the route policy configured with replace as-path all only to neighbor-in or neighbor-out attach points.
Example:
In this example, AS path is replaced with null value.

RP/0/RP0/CPU0:router(config-rpl)# replace as-path all none
In this example, AS path is replaced with auto , repeated for 2 times.

RP/0/RP0/CPU0:router(config-rpl)# replace as-path all auto 2
In this example, AS path is replaced with '77' for 3 times.

RP/0/RP0/CPU0:router(config-rpl)# replace as-path all '77' 3
The following example uses parameter $n to replace the AS path with auto , repeated for 2 times.

RP/0/RP0/CPU0:router(config)# route-policy replace-auto($n)
RP/0/RP0/CPU0:router(config-rpl)# replace as-path all auto $n
RP/0/RP0/CPU0:router(config-rpl)# end-policy
RP/0/RP0/CPU0:router(config)# router bgp 65530
RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.0.101.1
RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-policy replace-auto(2) in

Step 4

Use the show bgp command to verify the replaced AS path.

Example:
RP/0/RP0/CPU0:router# show bgp
Network               Next Hop            Metric LocPrf Weight Path
*>i1.1.1.0/24         192.168.1.1              0    100      0 i
*> 2.2.2.0/24         0.0.0.0                  0         32768 i
*>i3.3.3.0/24         192.168.2.2              0    100      0 i
*> 4.4.4.0/24         192.168.3.1              0             0 35 35 1000 2000 i
*>i5.5.5.0/24         192.168.2.2              0    100      0 300 i
*> 192.168.3.0/24     192.168.3.1              0             0 35 35 1000 2000 i
*>i192.168.4.0/24     192.168.2.2              0    100      0 300 i

BGP Update Message Error Handling

The BGP UPDATE message error handling changes BGP behavior in handling error UPDATE messages to avoid session reset. Based on the approach described in IETF IDR I-D:draft-ietf-idr-error-handling, the Cisco IOS XR BGP UPDATE Message Error handling implementation classifies BGP update errors into various categories based on factors such as, severity, likelihood of occurrence of UPDATE errors, or type of attributes. Errors encountered in each category are handled according to the draft. Session reset will be avoided as much as possible during the error handling process. Error handling for some of the categories are controlled by configuration commands to enable or disable the default behavior.

According to the base BGP specification, a BGP speaker that receives an UPDATE message containing a malformed attribute is required to reset the session over which the offending attribute was received. This behavior is undesirable as a session reset would impact not only routes with the offending attribute, but also other valid routes exchanged over the session.

BGP Error Handling and Attribute Filtering Syslog Messages

When a router receives a malformed update packet, an ios_msg of type ROUTING-BGP-3-MALFORM_UPDATE is printed on the console. This is rate limited to 1 message per minute across all neighbors. For malformed packets that result in actions "Discard Attribute" (A5) or "Local Repair" (A6), the ios_msg is printed only once per neighbor per action. This is irrespective of the number of malformed updates received since the neighbor last reached an "Established" state.

This is a sample BGP error handling syslog message: 

%ROUTING-BGP-3-MALFORM_UPDATE : Malformed UPDATE message received from neighbor 13.0.3.50 - message length 90 bytes,
 error flags 0x00000840, action taken "TreatAsWithdraw". 
Error details: "Error 0x00000800, Field "Attr-missing", Attribute 1 (Flags 0x00, Length 0), Data []"
This is a sample BGP attribute filtering syslog message for the "discard attribute" action: 

[4843.46]RP/0/0/CPU0:Aug 21 17:06:17.919 : bgp[1037]: %ROUTING-BGP-5-UPDATE_FILTERED : 
One or more attributes were filtered from UPDATE message received from neighbor 40.0.101.1 - message length 173 bytes,
 action taken "DiscardAttr".
 Filtering details: "Attribute 16 (Flags 0xc0): Action "DiscardAttr"". NLRIs: [IPv4 Unicast] 88.2.0.0/17
This is a sample BGP attribute filtering syslog message for the "treat-as-withdraw" action: 

[391.01]RP/0/0/CPU0:Aug 20 19:41:29.243 : bgp[1037]: %ROUTING-BGP-5-UPDATE_FILTERED :
 One or more attributes were filtered from UPDATE message received from neighbor 40.0.101.1 - message length 166 bytes,
 action taken "TreatAsWdr".
 Filtering details: "Attribute 4 (Flags 0xc0): Action "TreatAsWdr"". NLRIs: [IPv4 Unicast] 88.2.0.0/17

Use-defined Martian Check

The solution allows disabling the Martian check for these IP address prefixes:

  • IPv4 address prefixes

    • 0.0.0.0/8

    • 127.0.0.0/8

    • 224.0.0.0/4

  • IPv6 address prefixes

    • ::

    • ::0002 - ::ffff

    • ::ffff:a.b.c.d

    • fe80:xxxx

    • ffxx:xxxx

BGP Functional Overview

BGP uses TCP as its transport protocol. Two BGP routers form a TCP connection between one another (peer routers) and exchange messages to open and confirm the connection parameters.

BGP routers exchange network reachability information. This information is mainly an indication of the full paths (BGP autonomous system numbers) that a route should take to reach the destination network. This information helps construct a graph that shows which autonomous systems are loop free and where routing policies can be applied to enforce restrictions on routing behavior.

Any two routers forming a TCP connection to exchange BGP routing information are called peers or neighbors. BGP peers initially exchange their full BGP routing tables. After this exchange, incremental updates are sent as the routing table changes. BGP keeps a version number of the BGP table, which is the same for all of its BGP peers. The version number changes whenever BGP updates the table due to routing information changes. Keepalive packets are sent to ensure that the connection is alive between the BGP peers and notification packets are sent in response to error or special conditions.


Note
VPNv4 address family is supported effective from Cisco IOS XR Release 6.0.1. However, VPNv6 and VPN routing and forwarding (VRF) address families will be supported in a future release.

Enable BGP Routing

Perform this task to enable BGP routing and establish a BGP routing process. Configuring BGP neighbors is included as part of enabling BGP routing.


Note

  • At least one neighbor and at least one address family must be configured to enable BGP routing. At least one neighbor with both a remote AS and an address family must be configured globally using the address family and remote as commands.

  • When one BGP session has both IPv4 unicast and IPv4 labeled-unicast AFI/SAF, then the routing behavior is nondeterministic. Therefore, the prefixes may not be correctly advertised. Incorrect prefix advertisement results in reachability issues. In order to avoid such reachability issues, you must explicitly configure a route policy to advertise prefixes either through IPv4 unicast or through IPv4 labeled-unicast address families.

Before you begin

BGP must be able to obtain a router identifier (for example, a configured loopback address). At least, one address family must be configured in the BGP router configuration and the same address family must also be configured under the neighbor.


Note

If the neighbor is configured as an external BGP (eBGP) peer, you must configure an inbound and outbound route policy on the neighbor using the route-policy command.

SUMMARY STEPS

  1. configure
  2. route-policy route-policy-name
  3. end-policy
  4. Use the commit or end command.
  5. configure
  6. router bgp as-number
  7. bgp router-id ip-address
  8. address-family { ipv4 | ipv6 } unicast
  9. exit
  10. neighbor ip-address
  11. remote-as as-number
  12. address-family { ipv4 | ipv6 } unicast
  13. route-policy route-policy-name { in | out }
  14. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

route-policy route-policy-name

Example:


RP/0/RP0/CPU0:router(config)# route-policy drop-as-1234
  RP/0/RP0/CPU0:router(config-rpl)# if as-path passes-through '1234' then
  RP/0/RP0/CPU0:router(config-rpl)# apply check-communities
  RP/0/RP0/CPU0:router(config-rpl)# else
  RP/0/RP0/CPU0:router(config-rpl)# pass
  RP/0/RP0/CPU0:router(config-rpl)# endif

(Optional) Creates a route policy and enters route policy configuration mode, where you can define the route policy.

Step 3

end-policy

Example:


RP/0/RP0/CPU0:router(config-rpl)# end-policy

(Optional) Ends the definition of a route policy and exits route policy configuration mode.

Step 4

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Step 5

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 6

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 7

bgp router-id ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24

Configures the local router with a specified router ID.

Step 8

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 9

exit

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# exit

Exits the current configuration mode.

Step 10

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 11

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number to it.

Step 12

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 13

route-policy route-policy-name { in | out }

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-policy drop-as-1234 in

(Optional) Applies the specified policy to inbound IPv4 unicast routes.

Step 14

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Enabling BGP: Example

The following shows how to enable BGP. 


  prefix-set static
     2020::/64,
     2012::/64,
     10.10.0.0/16,
     10.2.0.0/24
  end-set
  
  route-policy pass-all
    pass
  end-policy
  route-policy set_next_hop_agg_v4
    set next-hop 10.0.0.1  
  end-policy
  
  route-policy set_next_hop_static_v4
    if (destination in static) then
      set next-hop 10.1.0.1
    else
      drop
    endif
  end-policy
  
  route-policy set_next_hop_agg_v6
    set next-hop 2003::121
  end-policy
  
  route-policy set_next_hop_static_v6
    if (destination in static) then
       set next-hop 2011::121
    else
       drop
    endif
  end-policy
  
  router bgp 65000
    bgp fast-external-fallover disable
    bgp confederation peers
      65001
      65002
    bgp confederation identifier 1
    bgp router-id 1.1.1.1
    address-family ipv4 unicast
      aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4
      aggregate-address 10.3.0.0/24 
      redistribute static route-policy set_next_hop_static_v4
    address-family ipv6 unicast
      aggregate-address 2012::/64 route-policy set_next_hop_agg_v6
      aggregate-address 2013::/64
      redistribute static route-policy set_next_hop_static_v6
   			neighbor 10.0.101.60
      remote-as 65000
      address-family ipv4 unicast
      neighbor 10.0.101.61
      remote-as 65000 
      address-family ipv4 unicast
      neighbor 10.0.101.62
      remote-as 3
      address-family ipv4 unicast
        route-policy pass-all in
        route-policy pass-all out
      neighbor 10.0.101.64
      remote-as 5
      update-source Loopback0
      address-family ipv4 unicast
        route-policy pass-all in
        route-policy pass-all out

Adjust BGP Timers

BGP uses certain timers to control periodic activities, such as the sending of keepalive messages and the interval after which a neighbor is assumed to be down if no messages are received from the neighbor during the interval. The values set using the timers bgp command in router configuration mode can be overridden on particular neighbors using the timers command in the neighbor configuration mode.

Perform this task to set the timers for BGP neighbors.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. timers bgp keepalive hold-time
  4. neighbor ip-address
  5. timers keepalive hold-time
  6. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 123

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

timers bgp keepalive hold-time

Example:


RP/0/RP0/CPU0:router(config-bgp)# timers bgp 30 90

Sets a default keepalive time and a default hold time for all neighbors.

Step 4

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 5

timers keepalive hold-time

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# timers 60 220

(Optional) Sets the keepalive timer and the hold-time timer for the BGP neighbor.

Step 6

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Change BGP Default Local Preference Value

Perform this task to set the default local preference value for BGP paths.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. bgp default local-preference value
  4. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

bgp default local-preference value

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp default local-preference 200

Sets the default local preference value from the default of 100, making it either a more preferable path (over 100) or less preferable path (under 100).

Step 4

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Configure MED Metric for BGP

Perform this task to set the multi exit discriminator (MED) to advertise to peers for routes that do not already have a metric set (routes that were received with no MED attribute).

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. default-metric value
  4. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

default-metric value

Example:


RP/0/RP0/CPU0:router(config-bgp)# default-metric

Sets the default metric, which is used to set the MED to advertise to peers for routes that do not already have a metric set (routes that were received with no MED attribute).

Step 4

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Configure BGP Weights

A weight is a number that you can assign to a path so that you can control the best-path selection process. If you have particular neighbors that you want to prefer for most of your traffic, you can use the weight command to assign a higher weight to all routes learned from that neighbor. Perform this task to assign a weight to routes received from a neighbor.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. remote-as as-number
  5. address-family { ipv4 | ipv6 } unicast
  6. weight weight-value
  7. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number to it.

Step 5

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 6

weight weight-value

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr-af)# weight 41150

Assigns a weight to all routes learned through the neighbor.

Step 7

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

What to do next

You the clear bgp command for the newly configured weight to take effect.

Tune BGP Best-Path Calculation

BGP routers typically receive multiple paths to the same destination. The BGP best-path algorithm determines the best path to install in the IP routing table and to use for forwarding traffic. The BGP best-path comprises of three steps:

  • Step 1—Compare two paths to determine which is better.

  • Step 2—Iterate over all paths and determines which order to compare the paths to select the overall best path.

  • Step 3—Determine whether the old and new best paths differ enough so that the new best path should be used.


Note
The order of comparison determined by Step 2 is important because the comparison operation is not transitive; that is, if three paths, A, B, and C exist, such that when A and B are compared, A is better, and when B and C are compared, B is better, it is not necessarily the case that when A and C are compared, A is better. This nontransitivity arises because the multi exit discriminator (MED) is compared only among paths from the same neighboring autonomous system (AS) and not among all paths. BGP Best Path Algorithm provides additional conceptual details.
Perform this task to change the default BGP best-path calculation behavior.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. bgp bestpath med missing-as-worst
  4. bgp bestpath med always
  5. bgp bestpath med confed
  6. bgp bestpath as-path ignore
  7. bgp bestpath compare-routerid
  8. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 126

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

bgp bestpath med missing-as-worst

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp bestpath med missing-as-worst

Directs the BGP software to consider a missing MED attribute in a path as having a value of infinity, making this path the least desirable path.

Step 4

bgp bestpath med always

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp bestpath med always

Configures the BGP speaker in the specified autonomous system to compare MEDs among all the paths for the prefix, regardless of the autonomous system from which the paths are received.

Step 5

bgp bestpath med confed

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp bestpath med confed

Enables BGP software to compare MED values for paths learned from confederation peers.

Step 6

bgp bestpath as-path ignore

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp bestpath as-path ignore

Configures the BGP software to ignore the autonomous system length when performing best-path selection.

Step 7

bgp bestpath compare-routerid

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp bestpath compare-routerid

Configure the BGP speaker in the autonomous system to compare the router IDs of similar paths.

Step 8

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Set BGP Administrative Distance

An administrative distance is a rating of the trustworthiness of a routing information source. In general, the higher the value, the lower the trust rating. Normally, a route can be learned through more than one protocol. Administrative distance is used to discriminate between routes learned from more than one protocol. The route with the lowest administrative distance is installed in the IP routing table. By default, BGP uses the administrative distances shown in here:
Table 4. BGP Default Administrative Distances

Distance

Default Value

Function

External

20

Applied to routes learned from eBGP.

Internal

200

Applied to routes learned from iBGP.

Local

200

Applied to routes originated by the router.


Note

Distance does not influence the BGP path selection algorithm, but it does influence whether BGP-learned routes are installed in the IP routing table.

Perform this task to specify the use of administrative distances that can be used to prefer one class of route over another.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. distance bgp external-distance internal-distance local-distance
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

distance bgp external-distance internal-distance local-distance

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# distance bgp 20 20 200

Sets the external, internal, and local administrative distances to prefer one class of routes over another. The higher the value, the lower the trust rating.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Indicate BGP Back-door Routes

In most cases, when a route is learned through eBGP, it is installed in the IP routing table because of its distance. Sometimes, however, two ASs have an IGP-learned back-door route and an eBGP-learned route. Their policy might be to use the IGP-learned path as the preferred path and to use the eBGP-learned path when the IGP path is down.

Perform this task to set the administrative distance on an external Border Gateway Protocol (eBGP) route to that of a locally sourced BGP route, causing it to be less preferred than an Interior Gateway Protocol (IGP) route.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. network { ip-address / prefix-length | ip-address mask } backdoor
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

network { ip-address / prefix-length | ip-address mask } backdoor

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# network 172.20.0.0/16

Configures the local router to originate and advertise the specified network.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Back Door: Example

Here, Routers A and C and Routers B and C are running eBGP. Routers A and B are running an IGP (such as Routing Information Protocol [RIP], Interior Gateway Routing Protocol [IGRP], Enhanced IGRP, or Open Shortest Path First [OSPF]). The default distances for RIP, IGRP, Enhanced IGRP, and OSPF are 120, 100, 90, and 110, respectively. All these distances are higher than the default distance of eBGP, which is 20. Usually, the route with the lowest distance is preferred.

Router A receives updates about 160.10.0.0 from two routing protocols: eBGP and IGP. Because the default distance for eBGP is lower than the default distance of the IGP, Router A chooses the eBGP-learned route from Router C. If you want Router A to learn about 160.10.0.0 from Router B (IGP), establish a BGP back door. See .

In the following example, a network back-door is configured: 


RP/0/RP0/CPU0:router(config)# router bgp 100
RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-af)# network 160.10.0.0/16 backdoor

Router A treats the eBGP-learned route as local and installs it in the IP routing table with a distance of 200. The network is also learned through Enhanced IGRP (with a distance of 90), so the Enhanced IGRP route is successfully installed in the IP routing table and is used to forward traffic. If the Enhanced IGRP-learned route goes down, the eBGP-learned route is installed in the IP routing table and is used to forward traffic.

Although BGP treats network 160.10.0.0 as a local entry, it does not advertise network 160.10.0.0 as it normally would advertise a local entry.

Configure Aggregate Addresses

Perform this task to create aggregate entries in a BGP routing table.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ]
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ]

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# aggregate-address 10.0.0.0/8 as-set

Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized.

  • The as-set keyword generates autonomous system set path information and community information from contributing paths.

  • The as-confed-set keyword generates autonomous system confederation set path information from contributing paths.

  • The summary-only keyword filters all more specific routes from updates.

  • The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Autonomous System Number Formats in BGP

Autonomous system numbers (ASNs) are globally unique identifiers used to identify autonomous systems (ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in BGP. 


RP/0/RP0/CPU0:router(config)# as-format [asdot | asplain]
RP/0/RP0/CPU0:router(config)# as-format asdot

Note

ASN change for BGP process is not currently supported via commit replace command.

BGP Multi-Instance and Multi-AS

Multi-AS BGP enables configuring each instance of a multi-instance BGP with a different AS number. Multi-Instance and Multi-AS BGP provides these capabilities:

  • Mechanism to consolidate the services provided by multiple routers using a common routing infrastructure into a single IOS-XR router.

  • Mechanism to achieve AF isolation by configuring the different AFs in different BGP instances.

  • Means to achieve higher session scale by distributing the overall peering sessions between multiple instances.

  • Mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying different BGP tables.

  • Improved BGP convergence under certain scenarios.

  • All BGP functionalities including NSR are supported for all the instances.

  • The load and commit router-level operations can be performed on previously verified or applied configurations.

Restrictions

  • The router supports maximum of 4 BGP instances.

  • Each BGP instance needs a unique router-id.

  • Only one Address Family can be configured under each BGP instance (VPNv4, VPNv6 and RT-Constrain can be configured under multiple BGP instances).

  • IPv4/IPv6 Unicast should be within the same BGP instance in which IPv4/IPv6 Labeled-Unicast is configured.

  • IPv4/IPv6 Multicast should be within the same BGP instance in which IPv4/IPv6 Unicast is configured.

  • All configuration changes for a single BGP instance can be committed together. However, configuration changes for multiple instances cannot be committed together.

  • Cisco recommends that BGP update-source should be unique in the default VRF over all instances while peering with the same remote router.

Configure Multiple BGP Instances for a Specific Autonomous System

Perform this task to configure multiple BGP instances for a specific autonomous system. All configuration changes for a single BGP instance can be committed together. However, configuration changes for multiple instances cannot be committed together.

SUMMARY STEPS

  1. configure
  2. router bgp as-number [instance instance name ]
  3. bgp router-id ip-address
  4. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number [instance instance name ]

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 100 instance inst1

Enters BGP configuration mode for the user specified BGP instance.

Step 3

bgp router-id ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 10.0.0.0

Configures a fixed router ID for the BGP-speaking router (BGP instance).

Note

 

You must manually configure unique router ID for each BGP instance.

Step 4

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Routing Domain Confederation

One way to reduce the iBGP mesh is to divide an autonomous system into multiple sub-autonomous systems and group them into a single confederation. To the outside world, the confederation looks like a single autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other autonomous systems in the same confederation. Although the peers in different autonomous systems have eBGP sessions, they exchange routing information as if they were iBGP peers. Specifically, the next hop, MED, and local preference information is preserved. This feature allows you to retain a single IGP for all of the autonomous systems.

Configure Routing Domain Confederation for BGP

Perform this task to configure the routing domain confederation for BGP. This includes specifying a confederation identifier and autonomous systems that belong to the confederation.

Configuring a routing domain confederation reduces the internal BGP (iBGP) mesh by dividing an autonomous system into multiple autonomous systems and grouping them into a single confederation. Each autonomous system is fully meshed within itself and has a few connections to another autonomous system in the same confederation. The confederation maintains the next hop and local preference information, and that allows you to retain a single Interior Gateway Protocol (IGP) for all autonomous systems. To the outside world, the confederation looks like a single autonomous system.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. bgp confederation identifier as-number
  4. bgp confederation peers as-number
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

bgp confederation identifier as-number

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp confederation identifier 5

Specifies a BGP confederation identifier.

Step 4

bgp confederation peers as-number

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers 1091
  RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers 1092
  RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers 1093
  RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers 1094
  RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers 1095
  RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers 1096

Specifies that the BGP autonomous systems belong to a specified BGP confederation identifier. You can associate multiple AS numbers to the same confederation identifier, as shown in the example.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Confederation: Example

The following is a sample configuration that shows several peers in a confederation. The confederation consists of three internal autonomous systems with autonomous system numbers 6001, 6002, and 6003. To the BGP speakers outside the confederation, the confederation looks like a normal autonomous system with autonomous system number 666 (specified using the bgp confederation identifier command).

In a BGP speaker in autonomous system 6001, the bgp confederation peers command marks the peers from autonomous systems 6002 and 6003 as special eBGP peers. Hence, peers 171.16 .232.55 and 171.16 .232.56 get the local preference, next hop, and MED unmodified in the updates. The router at 171 .19 .69.1 is a normal eBGP speaker, and the updates received by it from this peer are just like a normal eBGP update from a peer in autonomous system 666. 


  router bgp 6001
   bgp confederation identifier 666
   bgp confederation peers 
    6002
    6003
     exit
   address-family ipv4 unicast
    neighbor 171.16.232.55 
    remote-as 6002
     exit
   address-family ipv4 unicast
    neighbor 171.16.232.56 
    remote-as 6003
     exit
   address-family ipv4 unicast
    neighbor 171.19.69.1 
    remote-as 777
In a BGP speaker in autonomous system 6002, the peers from autonomous systems 6001 and 6003 are configured as special eBGP peers. Peer 171 .17 .70.1 is a normal iBGP peer, and peer 199.99.99.2 is a normal eBGP peer from autonomous system 700. 

  router bgp 6002
   bgp confederation identifier 666
   bgp confederation peers 
    6001
    6003
     exit
   address-family ipv4 unicast
    neighbor 171.17.70.1 
     remote-as 6002
     exit
   address-family ipv4 unicast
    neighbor 171.19.232.57 
     remote-as 6001
     exit
   address-family ipv4 unicast
    neighbor 171.19.232.56 
     remote-as 6003
     exit
   address-family ipv4 unicast
    neighbor 171.19.99.2 
     remote-as 700
     exit
   address-family ipv4 unicast
    route-policy pass-all in
    route-policy pass-all out
In a BGP speaker in autonomous system 6003, the peers from autonomous systems 6001 and 6002 are configured as special eBGP peers. Peer 192 .168 .200.200 is a normal eBGP peer from autonomous system 701. 

  router bgp 6003
   bgp confederation identifier 666
   bgp confederation peers
    6001
    6002
     exit
   address-family ipv4 unicast
    neighbor 171.19.232.57 
     remote-as 6001
     exit
   address-family ipv4 unicast
    neighbor 171.19.232.55 
     remote-as 6002
     exit
   address-family ipv4 unicast
    neighbor 192.168.200.200 
     remote-as 701
     exit
   address-family ipv4 unicast
    route-policy pass-all in
    route-policy pass-all out
The following is a part of the configuration from the BGP speaker 192 .168 .200.205 from autonomous system 701 in the same example. Neighbor 171.16 .232.56 is configured as a normal eBGP speaker from autonomous system 666. The internal division of the autonomous system into multiple autonomous systems is not known to the peers external to the confederation. 

  router bgp 701
   address-family ipv4 unicast
    neighbor 172.16.232.56 
     remote-as 666
     exit
   address-family ipv4 unicast
    route-policy pass-all in
    route-policy pass-all out
     exit
   address-family ipv4 unicast
    neighbor 192.168.200.205 
     remote-as 701

BGP Additional Paths

The Border Gateway Protocol (BGP) Additional Paths feature modifies the BGP protocol machinery for a BGP speaker to be able to send multiple paths for a prefix. This gives 'path diversity' in the network. The add path enables BGP prefix independent convergence (PIC) at the edge routers.

BGP add path enables add path advertisement in an iBGP network and advertises the following types of paths for a prefix:

  • Backup paths—to enable fast convergence and connectivity restoration.

  • Group-best paths—to resolve route oscillation.

  • All paths—to emulate an iBGP full-mesh.

Configure BGP Additional Paths

Perform these tasks to configure BGP Additional Paths capability:

SUMMARY STEPS

  1. configure
  2. route-policy route-policy-name
  3. if conditional-expression then action-statement else
  4. pass endif
  5. end-policy
  6. router bgp as-number
  7. address-family {ipv4 {unicast } | ipv6 {unicast | l2vpn vpls-vpws | vpnv4 unicast | vpnv6 unicast }
  8. additional-paths receive
  9. additional-paths send
  10. additional-paths selection route-policy route-policy-name
  11. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

route-policy route-policy-name

Example:

RP/0/RP0/CPU0:router (config)#route-policy add_path_policy

Defines the route policy and enters route-policy configuration mode.

Step 3

if conditional-expression then action-statement else

Example:

RP/0/RP0/CPU0:router (config-rpl)#if community matches-any (*) then
    set path-selection all advertise
  else

Decides the actions and dispositions for the given route.

Step 4

pass endif

Example:


RP/0/RP0/CPU0:router(config-rpl-else)#pass
RP/0/RP0/CPU0:router(config-rpl-else)#endif

Passes the route for processing and ends the if statement.

Step 5

end-policy

Example:

RP/0/RP0/CPU0:router(config-rpl)#end-policy

Ends the route policy definition of the route policy and exits route-policy configuration mode.

Step 6

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)#router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 7

address-family {ipv4 {unicast } | ipv6 {unicast | l2vpn vpls-vpws | vpnv4 unicast | vpnv6 unicast }

Example:

RP/0/RP0/CPU0:router(config-bgp)#address-family ipv4 unicast

Specifies the address family and enters address family configuration submode.

Step 8

additional-paths receive

Example:

RP/0/RP0/CPU0:router(config-bgp-af)#additional-paths receive

Configures receive capability of multiple paths for a prefix to the capable peers.

Step 9

additional-paths send

Example:

RP/0/RP0/CPU0:router(config-bgp-af)#additional-paths send

Configures send capability of multiple paths for a prefix to the capable peers .

Step 10

additional-paths selection route-policy route-policy-name

Example:

RP/0/RP0/CPU0:router(config-bgp-af)#additional-paths selection route-policy add_path_policy

Configures additional paths selection capability for a prefix.

Step 11

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Maximum Prefix

The maximum-prefix feature imposes a maximum limit on the number of prefixes that are received from a neighbor for a given address family. Whenever the number of prefixes received exceeds the maximum number configured, the BGP session is terminated, which is the default behavior, after sending a cease notification to the neighbor. The session is down until a manual clear is performed by the user. The session can be resumed by using the clear bgp command. It is possible to configure a period after which the session can be automatically brought up by using the maximum-prefix command with the restart keyword. The maximum prefix limit can be configured by the user. Default limits are used if the user does not configure the maximum number of prefixes for the address family.

Discard Extra Paths

An option to discard extra paths is added to the maximum-prefix configuration. Configuring the discard extra paths option drops all excess prefixes received from the neighbor when the prefixes exceed the configured maximum value. This drop does not, however, result in session flap.

The benefits of discard extra paths option are:

  • Limits the memory footstamp of BGP.

  • Stops the flapping of the peer if the paths exceed the set limit.

When the discard extra paths configuration is removed, BGP sends a route-refresh message to the neighbor if it supports the refresh capability; otherwise the session is flapped.

On the same lines, the following describes the actions when the maximum prefix value is changed:

  • If the maximum value alone is changed, a route-refresh message is sourced, if applicable.

  • If the new maximum value is greater than the current prefix count state, the new prefix states are saved.

  • If the new maximum value is less than the current prefix count state, then some existing prefixes are deleted to match the new configured state value.

There is currently no way to control which prefixes are deleted.

Configure Discard Extra Paths

The discard extra paths option in the maximum-prefix configuration allows you to drop all excess prefixes received from the neighbor when the prefixes exceed the configured maximum value. This drop does not, however, result in session flap.

The benefits of discard extra paths option are:

  • Limits the memory footstamp of BGP.

  • Stops the flapping of the peer if the paths exceed the set limit.

When the discard extra paths configuration is removed, BGP sends a route-refresh message to the neighbor if it supports the refresh capability; otherwise the session is flapped.

Note

  • When the router drops prefixes, it is inconsistent with the rest of the network, resulting in possible routing loops.

  • If prefixes are dropped, the standby and active BGP sessions may drop different prefixes. Consequently, an NSR switchover results in inconsistent BGP tables.

  • The discard extra paths configuration cannot co-exist with the soft reconfig configuration.

  • When the system runs out of physical memory, bgp process exits and you must manually restart bpm. To manually restart, use the process restart bpm command.

Perform this task to configure BGP maximum-prefix discard extra paths.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. address-family { ipv4 | ipv6 } unicast
  5. maximum-prefix maximum discard-extra-paths
  6. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters XR Config mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 10

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.0.0.1

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

address-family { ipv4 | ipv6 } unicast

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

Step 5

maximum-prefix maximum discard-extra-paths

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr-af)# maximum-prefix 1000 discard-extra-paths

Configures a limit to the number of prefixes allowed.

Configures discard extra paths to discard extra paths when the maximum prefix limit is exceeded.

Step 6

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Example

The following example shows how to configure discard extra paths feature for the IPv4 address family: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# router bgp 10
RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.0.0.1
RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# maximum-prefix 1000 discard-extra-paths
RP/0/RP0/CPU0:router(config-bgp-vrf-af)# commit

The show bgp neighbor output shows the cumulative number for the Prefix advertised count if the same prefixes are withdrawn and re-advertised.

The following screen output shows details about the discard extra paths option: 


RP/0/RP0/CPU0:ios# show bgp neighbor 10.0.0.1 

BGP neighbor is 10.0.0.1
Remote AS 10, local AS 10, internal link
Remote router ID 0.0.0.0
BGP state = Idle (No best local address found)
Last read 00:00:00, Last read before reset 00:00:00
Hold time is 180, keepalive interval is 60 seconds
Configured hold time: 180, keepalive: 60, min acceptable hold time: 3
Last write 00:00:00, attempted 0, written 0
Second last write 00:00:00, attempted 0, written 0
Last write before reset 00:00:00, attempted 0, written 0
Second last write before reset 00:00:00, attempted 0, written 0
Last write pulse rcvd not set last full not set pulse count 0
Last write pulse rcvd before reset 00:00:00
Socket not armed for io, not armed for read, not armed for write
Last write thread event before reset 00:00:00, second last 00:00:00
Last KA expiry before reset 00:00:00, second last 00:00:00
Last KA error before reset 00:00:00, KA not sent 00:00:00
Last KA start before reset 00:00:00, second last 00:00:00
Precedence: internet
Multi-protocol capability not received
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 0 secs

For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1 Filter-group: 0.0 No Refresh request being processed
Route refresh request: received 0, sent 0
0 accepted prefixes, 0 are bestpaths
Cumulative no. of prefixes denied: 0. 
Prefix advertised 0, suppressed 0, withdrawn 0
Maximum prefixes allowed 10 (discard-extra-paths) <<<<<<<<<<<<<<<<<<<<<
Threshold for warning message 75%, restart interval 0 min
AIGP is enabled
An EoR was not received during read-only mode
Last ack version 1, Last synced ack version 0
Outstanding version objects: current 0, max 0
Additional-paths operation: None
Send Multicast Attributes

Connections established 0; dropped 0
Local host: 0.0.0.0, Local port: 0, IF Handle: 0x00000000
Foreign host: 10.0.0.1, Foreign port: 0
Last reset 00:00:00

BGP Best-External Path

The best–external path functionality supports advertisement of the best–external path to the iBGP and Route Reflector peers when a locally selected bestpath is from an internal peer. BGP selects one best path and one backup path to every destination. By default, selects one best path . Additionally, BGP selects another bestpath from among the remaining external paths for a prefix. Only a single path is chosen as the best–external path and is sent to other PEs as the backup path. BGP calculates the best–external path only when the best path is an iBGP path. If the best path is an eBGP path, then best–external path calculation is not required.

The procedure to determine the best–external path is as follows:

  1. Determine the best path from the entire set of paths available for a prefix.

  2. Eliminate the current best path.

  3. Eliminate all the internal paths for the prefix.

  4. From the remaining paths, eliminate all the paths that have the same next hop as that of the current best path.

  5. Rerun the best path algorithm on the remaining set of paths to determine the best–external path.

BGP considers the external and confederations BGP paths for a prefix to calculate the best–external path. BGP advertises the best path and the best–external path as follows:

  • On the primary PE—advertises the best path for a prefix to both its internal and external peers

  • On the backup PE—advertises the best path selected for a prefix to the external peers and advertises the best–external path selected for that prefix to the internal peers

Configure Best-External Path Advertisement

Perform the following tasks to advertise the best–external path to the iBGP and route-reflector peers:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. Do one of the following
    • address-family { vpnv4 unicast | vpnv6 unicast }
    • vrf vrf-name { ipv4 unicast |ipv6 unicast }
  4. advertise best-external
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

Do one of the following

  • address-family { vpnv4 unicast | vpnv6 unicast }
  • vrf vrf-name { ipv4 unicast |ipv6 unicast }

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family vpnv4 unicast

Specifies the address family or VRF address family and enters the address family or VRF address family configuration submode.

Step 4

advertise best-external

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# advertise best-external

Advertise the best–external path to the iBGP and route-reflector peers.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Local Label Retention

When a primary PE-CE link fails, BGP withdraws the route corresponding to the primary path along with its local label and programs the backup path in the Routing Information Base (RIB) and the Forwarding Information Base (FIB), by default.

However, until all the internal peers of the primary PE reconverge to use the backup path as the new bestpath, the traffic continues to be forwarded to the primary PE with the local label that was allocated for the primary path. Hence the previously allocated local label for the primary path must be retained on the primary PE for some configurable time after the reconvergence. BGP Local Label Retention feature enables the retention of the local label for a specified period. If no time is specified, the local lable is retained for a default value of five minutes.

Retain Allocated Local Label for Primary Path

Perform the following tasks to retain the previously allocated local label for the primary path on the primary PE for some configurable time after reconvergence:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { vpnv4 unicast | vpnv6 unicast }
  4. retain local-label minutes
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { vpnv4 unicast | vpnv6 unicast }

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family vpnv4 unicast

Specifies the address family and enters the address family configuration submode.

Step 4

retain local-label minutes

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# retain local-label 10

Retains the previously allocated local label for the primary path on the primary PE for 10 minutes after reconvergence.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Allocated Local Label Retention: Example

The following example shows how to retain the previously allocated local label for the primary path on the primary PE for 10 minutes after reconvergence: 


  router bgp 100
  address-family l2vpn vpnv4 unicast
    retain local-label 10
  end

iBGP Multipath Load Sharing

When a Border Gateway Protocol (BGP) speaking router that has no local policy configured, receives multiple network layer reachability information (NLRI) from the internal BGP (iBGP) for the same destination, the router will choose one iBGP path as the best path. The best path is then installed in the IP routing table of the router. The iBGP Multipath Load Sharing feature enables the BGP speaking router to select multiple iBGP paths as the best paths to a destination. The best paths or multipaths are then installed in the IP routing table of the router.

iBGP Multipath Load Sharing Reference provides additional details.

Configure iBGP Multipath Load Sharing

Perform this task to configure the iBGP Multipath Load Sharing:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family {ipv4 |ipv6 } {unicast |multicast }
  4. maximum-paths ibgp number
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family {ipv4 |ipv6 } {unicast |multicast }

Example:

RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 multicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

Step 4

maximum-paths ibgp number

Example:

RP/0/RP0/CPU0:router(config-bgp-af)# maximum-paths ibgp 30

Configures the maximum number of iBGP paths for load sharing.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

iBGP Multipath Loadsharing Configuration: Example

The following is a sample configuration where 30 paths are used for loadsharing: 


router bgp 100
 address-family ipv4 multicast
  maximum-paths ibgp 30
 !
!
end

Route Dampening

Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then unavailable, and so on.

For example, consider a network with three BGP autonomous systems: autonomous system 1, autonomous system 2, and autonomous system 3. Suppose the route to network A in autonomous system 1 flaps (it becomes unavailable). Under circumstances without route dampening, the eBGP neighbor of autonomous system 1 to autonomous system 2 sends a withdraw message to autonomous system 2. The border router in autonomous system 2, in turn, propagates the withdrawal message to autonomous system 3. When the route to network A reappears, autonomous system 1 sends an advertisement message to autonomous system 2, which sends it to autonomous system 3. If the route to network A repeatedly becomes unavailable, then available, many withdrawal and advertisement messages are sent. Route flapping is a problem in an internetwork connected to the Internet, because a route flap in the Internet backbone usually involves many routes.

The route dampening feature minimizes the flapping problem as follows. Suppose again that the route to network A flaps. The router in autonomous system 2 (in which route dampening is enabled) assigns network A a penalty of 1000 and moves it to history state. The router in autonomous system 2 continues to advertise the status of the route to neighbors. The penalties are cumulative. When the route flaps so often that the penalty exceeds a configurable suppression limit, the router stops advertising the route to network A, regardless of how many times it flaps. Thus, the route is dampened.

The penalty placed on network A is decayed until the reuse limit is reached, upon which the route is once again advertised. At half of the reuse limit, the dampening information for the route to network A is removed.


Note

No penalty is applied to a BGP peer reset when route dampening is enabled, even though the reset withdraws the route.

Configuring BGP Route Dampening

Perform this task to configure and monitor BGP route dampening.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either the IPv4 or IPv6 address family and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500 10000 120

Configures BGP dampening for the specified address family.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Configure BGP Neighbor Group and Neighbors

Perform this task to configure BGP neighbor groups and apply the neighbor group configuration to a neighbor. A neighbor group is a template that holds address family-independent and address family-dependent configurations that are associated with the neighbor.

After a neighbor group is configured, each neighbor can inherit the configuration through the usecommand. If a neighbor is configured to use a neighbor group, the neighbor (by default) inherits the entire configuration of the neighbor group, which includes the address family-independent and address family-dependent configurations. The inherited configuration can be overridden if you directly configure commands for the neighbor or configure session groups or address family groups through the usecommand.

You can configure an address family-independent configuration under the neighbor group. An address family-dependent configuration requires you to configure the address family under the neighbor group to enter address family submode. From neighbor group configuration mode, you can configure address family-independent parameters for the neighbor group. Use the address-familycommand when in the neighbor group configuration mode. After specifying the neighbor group name using the neighbor group command, you can assign options to the neighbor group.


Note

All commands that can be configured under a specified neighbor group can be configured under a neighbor.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. exit
  5. neighbor-group name
  6. remote-as as-number
  7. address-family { ipv4 | ipv6 } unicast
  8. route-policy route-policy-name { in | out }
  9. exit
  10. exit
  11. neighbor ip-address
  12. use neighbor-group group-name
  13. remote-as as-number
  14. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

exit

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# exit

Exits the current configuration mode.

Step 5

neighbor-group name

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor-group nbr-grp-A

Places the router in neighbor group configuration mode.

Step 6

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbrgrp)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number to it.

Step 7

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 8

route-policy route-policy-name { in | out }

Example:


RP/0/RP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy drop-as-1234 in

(Optional) Applies the specified policy to inbound IPv4 unicast routes.

Step 9

exit

Example:


RP/0/RP0/CPU0:router(config-bgp-nbrgrp-af)# exit

Exits the current configuration mode.

Step 10

exit

Example:


RP/0/RP0/CPU0:router(config-bgp-nbrgrp)# exit

Exits the current configuration mode.

Step 11

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 12

use neighbor-group group-name

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# use neighbor-group nbr-grp-A

(Optional) Specifies that the BGP neighbor inherit configuration from the specified neighbor group.

Step 13

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number to it.

Step 14

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Neighbor Configuration: Example

The following example shows how BGP neighbors on an autonomous system are configured to share information. In the example, a BGP router is assigned to autonomous system 109, and two networks are listed as originating in the autonomous system. Then the addresses of three remote routers (and their autonomous systems) are listed. The router being configured shares information about networks 172 .16 .0.0 and 192.168 .7.0 with the neighbor routers. The first router listed is in a different autonomous system; the second neighbor and remote-as commands specify an internal neighbor (with the same autonomous system number) at address 172 .26 .234.2; and the third neighbor and remote-as commands specify a neighbor on a different autonomous system. 


  route-policy pass-all 
   pass
  end-policy
  router bgp 109
   address-family ipv4 unicast
    network 172.16.0.0 255.255.0.0
    network 192.168.7.0 255.255.0.0
    neighbor 172.16.200.1 
     remote-as 167

   address-family ipv4 unicast
    route-policy pass-all in
    route-policy pass-out out
    neighbor 172.26.234.2 
     remote-as 109

   address-family ipv4 unicast
    neighbor 172.26.64.19 
     remote-as 99

   address-family ipv4 unicast
    route-policy pass-all in
    route-policy pass-all out

Disable BGP Neighbor

Perform this task to administratively shut down a neighbor session without removing the configuration.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. shutdown
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 127

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

shutdown

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# shutdown

Disables all active sessions for the specified neighbor.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Resetting Neighbors Using BGP Inbound Soft Reset

Perform this task to trigger an inbound soft reset of the specified address families for the specified group or neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments.

Resetting neighbors is useful if you change the inbound policy for the neighbors or any other configuration that affects the sending or receiving of routing updates. If an inbound soft reset is triggered, BGP sends a REFRESH request to the neighbor if the neighbor has advertised the ROUTE_REFRESH capability. To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors command.

SUMMARY STEPS

  1. show bgp neighbors
  2. soft  [ in [ prefix-filter ] | out ]

DETAILED STEPS

  Command or Action Purpose

Step 1

show bgp neighbors

Example:


RP/0/RP0/CPU0:router# show bgp neighbors

Verifies that received route refresh capability from the neighbor is enabled.

Step 2

soft  [ in [ prefix-filter ] | out ]

Example:


RP/0/RP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.1 soft in

Soft resets a BGP neighbor.

  • The * keyword resets all BGP neighbors.

  • The ip-address argument specifies the address of the neighbor to be reset.

  • The as-number argument specifies that all neighbors that match the autonomous system number be reset.

  • The external keyword specifies that all external neighbors are reset.

Resetting Neighbors Using BGP Outbound Soft Reset

Perform this task to trigger an outbound soft reset of the specified address families for the specified group or neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments.

Resetting neighbors is useful if you change the outbound policy for the neighbors or any other configuration that affects the sending or receiving of routing updates.

If an outbound soft reset is triggered, BGP resends all routes for the address family to the given neighbors.

To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors command.

SUMMARY STEPS

  1. show bgp neighbors

DETAILED STEPS

  Command or Action Purpose

Step 1

show bgp neighbors

Example:


RP/0/RP0/CPU0:router# show bgp neighbors

Verifies that received route refresh capability from the neighbor is enabled.

Step 2

Example:


RP/0/RP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.2 soft out

Soft resets a BGP neighbor.

  • The * keyword resets all BGP neighbors.

  • The ip-address argument specifies the address of the neighbor to be reset.

  • The as-number argument specifies that all neighbors that match the autonomous system number be reset.

  • The external keyword specifies that all external neighbors are reset.

Reset Neighbors Using BGP Hard Reset

Perform this task to reset neighbors using a hard reset. A hard reset removes the TCP connection to the neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the session with the neighbor. If the graceful keyword is specified, the routes from the neighbor are not removed from the BGP table immediately, but are marked as stale. After the session is re-established, any stale route that has not been received again from the neighbor is removed.

SUMMARY STEPS

  1. clear bgp { ipv4 { unicast | labeled-unicast | all | tunnel tunnel | mdt } | ipv6 unicast | all | labeled-unicast } | all { unicast | multicast | all | labeled-unicast | mdt | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | labeled-unicast } | ipv6 unicast } | vpnv6 unicast } { * | ip-address | as as-number | external } [ graceful ] soft  [ in [ prefix-filter ] | out ] clear bgp { ipv4 | ipv6} { unicast | labeled-unicast }

DETAILED STEPS

clear bgp { ipv4 { unicast | labeled-unicast | all | tunnel tunnel | mdt } | ipv6 unicast | all | labeled-unicast } | all { unicast | multicast | all | labeled-unicast | mdt | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | labeled-unicast } | ipv6 unicast } | vpnv6 unicast } { * | ip-address | as as-number | external } [ graceful ] soft  [ in [ prefix-filter ] | out ] clear bgp { ipv4 | ipv6} { unicast | labeled-unicast }

Example:


RP/0/RP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.3

Clears a BGP neighbor.

  • The * keyword resets all BGP neighbors.

  • The ip-address argument specifies the address of the neighbor to be reset.

  • The as-number argument specifies that all neighbors that match the autonomous system number be reset.

  • The external keyword specifies that all external neighbors are reset.

The graceful keyword specifies a graceful restart.

Configure Software to Store Updates from Neighbor

Perform this task to configure the software to store updates received from a neighbor.

The soft-reconfiguration inbound command causes a route refresh request to be sent to the neighbor if the neighbor is route refresh capable. If the neighbor is not route refresh capable, the neighbor must be reset to relearn received routes using the clear bgp soft command.


Note

Storing updates from a neighbor works only if either the neighbor is route refresh capable or the soft-reconfiguration inbound command is configured. Even if the neighbor is route refresh capable and the soft-reconfiguration inbound command is configured, the original routes are not stored unless the always option is used with the command. The original routes can be easily retrieved with a route refresh request. Route refresh sends a request to the peer to resend its routing information. The soft-reconfiguration inbound command stores all paths received from the peer in an unmodified form and refers to these stored paths during the clear. Soft reconfiguration is memory intensive.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. address-family { ipv4 | ipv6 } unicast
  5. soft-reconfiguration inbound [ always]
  6. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 5

soft-reconfiguration inbound [ always]

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr-af)# soft-reconfiguration inbound always

Configures the software to store updates received from a specified neighbor. Soft reconfiguration inbound causes the software to store the original unmodified route in addition to a route that is modified or filtered. This allows a “soft clear” to be performed after the inbound policy is changed.

Soft reconfiguration enables the software to store the incoming updates before apply policy if route refresh is not supported by the peer (otherwise a copy of the update is not stored). The always keyword forces the software to store a copy even when route refresh is supported by the peer.

Step 6

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Log Neighbor Changes

Logging neighbor changes is enabled by default. Use thebgp log neighbor changes disable command to turn off logging. Use the no bgp log neighbor changes disable command to turn logging back on, if it has been disabled.

Configure BGP Route Filtering by Route Policy

Perform this task to configure BGP routing filtering by route policy.

SUMMARY STEPS

  1. configure
  2. route-policy name
  3. end-policy
  4. router bgp as-number
  5. neighbor ip-address
  6. address-family { ipv4 | ipv6 } unicast
  7. route-policy route-policy-name { in | out }
  8. Use the commit or end command.

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

route-policy name

Example:


RP/0/RP0/CPU0:router(config)# route-policy drop-as-1234
  RP/0/RP0/CPU0:router(config-rpl)# if as-path passes-through '1234' then
  RP/0/RP0/CPU0:router(config-rpl)# apply check-communities
  RP/0/RP0/CPU0:router(config-rpl)# else
  RP/0/RP0/CPU0:router(config-rpl)# pass
  RP/0/RP0/CPU0:router(config-rpl)# endif

(Optional) Creates a route policy and enters route policy configuration mode, where you can define the route policy.

Step 3

end-policy

Example:


RP/0/RP0/CPU0:router(config-rpl)# end-policy

(Optional) Ends the definition of a route policy and exits route policy configuration mode.

Step 4

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 5

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 6

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 7

route-policy route-policy-name { in | out }

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-policy drop-as-1234 in

Applies the specified policy to inbound routes.

Step 8

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Configure BGP Attribute Filtering

The BGP Attribute Filter checks integrity of BGP updates in BGP update messages and optimizes reaction when detecting invalid attributes. BGP Update message contains a list of mandatory and optional attributes. These attributes in the update message include MED, LOCAL_PREF, COMMUNITY, and so on. In some cases, if the attributes are malformed, there is a need to filter these attributes at the receiving end of the router. The BGP Attribute Filter functionality filters the attributes received in the incoming update message. The attribute filter can also be used to filter any attributes that may potentially cause undesirable behavior on the receiving router. Some of the BGP updates are malformed due to wrong formatting of attributes such as the network layer reachability information (NLRI) or other fields in the update message. These malformed updates, when received, causes undesirable behavior on the receiving routers. Such undesirable behavior may be encountered during update message parsing or during re-advertisement of received NLRIs. In such scenarios, its better to filter these corrupted attributes at the receiving end.

The Attribute-filtering is configured by specifying a single or a range of attribute codes and an associated action. When a received Update message contains one or more filtered attributes, the configured action is applied on the message. Optionally, the Update message is also stored to facilitate further debugging and a syslog message is generated on the console. When an attribute matches the filter, further processing of the attribute is stopped and the corresponding action is taken. Perform the following tasks to configure BGP attribute filtering:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. attribute-filter group attribute-filter group name
  4. attribute attribute code { discard | treat-as-withdraw }

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

attribute-filter group attribute-filter group name

Example:


RP/0/RP0/CPU0:router(config-bgp)# attribute-filter group ag_discard_med

Specifies the attribute-filter group name and enters the attribute-filter group configuration mode, allowing you to configure a specific attribute filter group for a BGP neighbor.

Step 4

attribute attribute code { discard | treat-as-withdraw }

Example:


RP/0/RP0/CPU0:router(config-bgp-attrfg)# attribute 24 discard
Specifies a single or a range of attribute codes and an associated action. The allowed actions are:

  • Treat-as-withdraw— Considers the update message for withdrawal. The associated IPv4-unicast or MP_REACH NLRIs, if present, are withdrawn from the neighbor's Adj-RIB-In.

  • Discard Attribute— Discards this attribute. The matching attributes alone are discarded and the rest of the Update message is processed normally.

BGP Next Hop Tracking

BGP receives notifications from the Routing Information Base (RIB) when next-hop information changes (event-driven notifications). BGP obtains next-hop information from the RIB to:

  • Determine whether a next hop is reachable.

  • Find the fully recursed IGP metric to the next hop (used in the best-path calculation).

  • Validate the received next hops.

  • Calculate the outgoing next hops.

  • Verify the reachability and connectedness of neighbors.

BGP Next Hop Reference provides additional conceptual details on BGP next hop.

Configure BGP Next-Hop Trigger Delay

Perform this task to configure BGP next-hop trigger delay. The Routing Information Base (RIB) classifies the dampening notifications based on the severity of the changes. Event notifications are classified as critical and noncritical. This task allows you to specify the minimum batching interval for the critical and noncritical events.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. nexthop trigger-delay { critical delay | non-critical delay }
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

nexthop trigger-delay { critical delay | non-critical delay }

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# nexthop trigger-delay critical 15000

Sets the critical next-hop trigger delay.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Disable Next-Hop Processing on BGP Updates

Perform this task to disable next-hop calculation for a neighbor and insert your own address in the next-hop field of BGP updates. Disabling the calculation of the best next hop to use when advertising a route causes all routes to be advertised with the network device as the next hop.


Note

Next-hop processing can be disabled for address family group, neighbor group, or neighbor address family.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. remote-as as-number
  5. address-family { ipv4 | ipv6 } unicast
  6. next-hop-self
  7. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 206

Creates a neighbor and assigns a remote autonomous system number to it.

Step 5

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 6

next-hop-self

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr-af)# next-hop-self

Sets the next-hop attribute for all routes advertised to the specified neighbor to the address of the local router. Disabling the calculation of the best next hop to use when advertising a route causes all routes to be advertised with the local network device as the next hop.

Step 7

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Cost Community

The BGP cost community is a nontransitive extended community attribute that is passed to internal BGP (iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows you to customize the local route preference and influence the best-path selection process by assigning cost values to specific routes. The extended community format defines generic points of insertion (POI) that influence the best-path decision at different points in the best-path algorithm.

BGP Cost Community Reference provides additional conceptual details on BGP cost community.

Configure BGP Cost Community

BGP receives multiple paths to the same destination and it uses the best-path algorithm to decide which is the best path to install in RIB. To enable users to determine an exit point after partial comparison, the cost community is defined to tie-break equal paths during the best-path selection process. Perform this task to configure the BGP cost community.

SUMMARY STEPS

  1. configure
  2. route-policy name
  3. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ]
  4. end-policy
  5. router bgp as-number
  6. Do one of the following:
    • default-information originate
    • aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ]
    • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
    • process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
  7. Do one of the following:
    • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
    • network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ]
    • neighbor ip-address remote-as as-number
    • route-policy route-policy-name { in | out }
  8. Use the commit or end command.
  9. show bgp ip-address

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

route-policy name

Example:


RP/0/RP0/CPU0:router(config)# route-policy costA

Enters route policy configuration mode and specifies the name of the route policy to be configured.

Step 3

set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ]

Example:


RP/0/RP0/CPU0:router(config)# set extcommunity cost cost_A

Specifies the BGP extended community attribute for cost.

Step 4

end-policy

Example:


RP/0/RP0/CPU0:router(config)# end-policy

Ends the definition of a route policy and exits route policy configuration mode.

Step 5

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Enters BGP configuration mode allowing you to configure the BGP routing process.

Step 6

Do one of the following:

  • default-information originate
  • aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ]
  • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
  • process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]

Applies the cost community to the attach point (route policy).

Step 7

Do one of the following:

  • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
  • network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ]
  • neighbor ip-address remote-as as-number
  • route-policy route-policy-name { in | out }

Step 8

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Step 9

show bgp ip-address

Example:


RP/0/RP0/CPU0:router# show bgp 172.168.40.24

Displays the cost community in the following format:

Cost: POI : cost-community-ID : cost-number

Configure BGP Community and Extended-Community Advertisements

Perform this task to specify that community/extended-community attributes should be sent to an eBGP neighbor. These attributes are not sent to an eBGP neighbor by default. By contrast, they are always sent to iBGP neighbors. This section provides examples on how to enable sending community attributes. The send-community-ebgp keyword can be replaced by the send-extended-community-ebgp keyword to enable sending extended-communities.

If the send-community-ebgp command is configured for a neighbor group or address family group, all neighbors using the group inherit the configuration. Configuring the command specifically for a neighbor overrides inherited values.


Note

BGP community and extended-community filtering cannot be configured for iBGP neighbors. Communities and extended-communities are always sent to iBGP neighbors under VPNv4, MDT, IPv4, and IPv6 address families.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. remote-as as-number
  5. address-family {ipv4 {labeled-unicast | unicast | mdt | | mvpn | rt-filter | tunnel } | ipv6 {labeled-unicast | mvpn | unicast }}
  6. Use one of these commands:
    • send-community-ebgp
    • send-extended-community-ebgp
  7. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

remote-as as-number

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number to it.

Step 5

address-family {ipv4 {labeled-unicast | unicast | mdt | | mvpn | rt-filter | tunnel } | ipv6 {labeled-unicast | mvpn | unicast }}

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv6 unicast

Enters neighbor address family configuration mode for the specified address family. Use either ipv4 or ipv6 address family keyword with one of the specified address family sub mode identifiers.

IPv6 address family mode supports these sub modes:

  • labeled-unicast

  • mvpn

  • unicast

IPv4 address family mode supports these sub modes:

  • labeled-unicast

  • mdt

  • mvpn

  • rt-filter

  • tunnel

  • unicast

Step 6

Use one of these commands:

  • send-community-ebgp
  • send-extended-community-ebgp

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr-af)# send-community-ebgp

or 

RP/0/RP0/CPU0:router(config-bgp-nbr-af)# send-extended-community-ebgp

Specifies that the router send community attributes or extended community attributes (which are disabled by default for eBGP neighbors) to a specified eBGP neighbor.

Step 7

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Redistribute iBGP Routes into IGP

Perform this task to redistribute iBGP routes into an Interior Gateway Protocol (IGP), such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).


Note

Use of the bgp redistribute-internal command requires the clear route * command to be issued to reinstall all BGP routes into the IP routing table.


Caution

Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system. Use this command with caution.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. bgp redistribute-internal
  4. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

bgp redistribute-internal

Example:


RP/0/RP0/CPU0:router(config-bgp)# bgp redistribute-internal

Allows the redistribution of iBGP routes into an IGP, such as IS-IS or OSPF.

Step 4

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Redistribute IGPs to BGP

Perform this task to configure redistribution of a protocol into the VRF address family.

Even if Interior Gateway Protocols (IGPs) are used as the PE-CE protocol, the import logic happens through BGP. Therefore, all IGP routes have to be imported into the BGP VRF table.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. vrf vrf-name
  4. address-family { ipv4 | ipv6 } unicast
  5. Do one of the following:
    • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
    • redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
  6. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

vrf vrf-name

Example:


RP/0/RP0/CPU0:router(config-bgp)# vrf vrf_a

Enables BGP routing for a particular VRF on the PE router.

Step 4

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-vrf)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 5

Do one of the following:

  • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
  • redistribute static [ metric metric-value ] [ route-policy route-policy-name ]

Example:


RP/0/RP0/CPU0:router(config-bgp-vrf-af)# redistribute ospf 1

Configures redistribution of a protocol into the VRF address family context.

The redistribute command is used if BGP is not used between the PE-CE routers. If BGP is used between PE-CE routers, the IGP that is used has to be redistributed into BGP to establish VPN connectivity with other PE sites. Redistribution is also required for inter-table import and export.

Step 6

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Remotely Triggered Null Route Filtering with RPL Next-hop Discard Configuration

Remotely triggered black hole (RTBH) filtering is a technique that provides the ability to drop undesirable traffic before it enters a protected network. RTBH filtering provides a method for quickly dropping undesirable traffic at the edge of the network, based on either source addresses or destination addresses by forwarding it to a null0 interface. RTBH filtering based on a destination address is commonly known as Destination-based RTBH filtering. Whereas, RTBH filtering based on a source address is known as Source-based RTBH filtering.

RTBH filtering is one of the many techniques in the security toolkit that can be used together to enhance network security in the following ways:

  • Effectively mitigate DDoS and worm attacks

  • Quarantine all traffic destined for the target under attack

  • Enforce blocklist filtering


Note

RTBH is not supported in cases such as L3VPN iBGP route over NULL0.

Note

On Jericho2 TCAM-based platforms, when you configure a NULL interface, both destination-based RTBH filtering (D-RTBH) and source-based RTBH filtering (S-RTBH) are triggered.

Configuring Destination-based RTBH Filtering

RTBH is implemented by defining a route policy (RPL) to discard undesirable traffic at next-hop using set next-hop discard command.

RTBH filtering sets the next-hop of the victim's prefix to the null interface. The traffic destined to the victim is dropped at the ingress.

The set next-hop discard configuration is used in the neighbor inbound policy. When this config is applied to a path, though the primary next-hop is associated with the actual path but the RIB is updated with next-hop set to Null0. Even if the primary received next-hop is unreachable, the RTBH path is considered reachable and will be a candidate in the bestpath selection process. The RTBH path is readvertised to other peers with either the received next-hop or nexthop-self based on normal BGP advertisement rules.

A typical deployment scenario for RTBH filtering would require running internal Border Gateway Protocol (iBGP) at the access and aggregation points and configuring a separate device in the network operations center (NOC) to act as a trigger. The triggering device sends iBGP updates to the edge, that cause undesirable traffic to be forwarded to a null0 interface and dropped.

Consider below topology, where a rogue router is sending traffic to a border router.

Figure 1. Topology to Implement RTBH Filtering

Configurations applied on the Trigger Router

Configure a static route redistribution policy that sets a community on static routes marked with a special tag, and apply it in BGP: 

route-policy RTBH-trigger
  if tag is 777 then
    set community (1234:4321, no-export) additive
    pass
  else
    pass
  endif
  end-policy

router bgp 65001
 address-family ipv4 unicast
  redistribute static route-policy RTBH-trigger
 !
 neighbor 192.168.102.1 
  remote-as 65001
  address-family ipv4 unicast
   route-policy bgp_all in
   route-policy bgp_all out

Configure a static route with the special tag for the source prefix that has to be block-holed:

router static
 address-family ipv4 unicast
 10.7.7.7/32 Null0 tag 777

Configurations applied on the Border Router

Configure a route policy that matches the community set on the trigger router and configure set next-hop discard:

route-policy RTBH
  if community matches-any (1234:4321) then
    set next-hop discard
  else
    pass
  endif
end-policy

Apply the route policy on the iBGP peers:

router bgp 65001
 address-family ipv4 unicast
 !
 neighbor 192.168.102.2 
  remote-as 65001
  address-family ipv4 unicast
   route-policy RTBH in
   route-policy bgp_all out

Verification

On the border router, the prefix 10.7.7.7/32 is flagged as Nexthop-discard:

RP/0/RSP0/CPU0:router#show bgp
BGP router identifier 10.210.0.5, local AS number 65001
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000   RD version: 12
BGP main routing table version 12
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
N>i10.7.7.7/32        192.168.102.2            0    100      0 ?

RP/0/RSP0/CPU0:router#show bgp 10.7.7.7/32
BGP routing table entry for 10.7.7.7/32
Versions:
  Process           bRIB/RIB  SendTblVer
  Speaker                 12          12
Last Modified: Jul  4 14:37:29.048 for 00:20:52
Paths: (1 available, best #1, not advertised to EBGP peer)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Not advertised to any peer
  Local
    192.168.102.2 (discarded) from 192.168.102.2 (10.210.0.2)
      Origin incomplete, metric 0, localpref 100, valid, internal best, group-best
      Received Path ID 0, Local Path ID 1, version 12
      Community: 1234:4321 no-export
RP/0/RSP0/CPU0:router#show route 10.7.7.7/32

Routing entry for 10.7.7.7/32
  Known via "bgp 65001", distance 200, metric 0, type internal
  Installed Jul 4 14:37:29.394 for 01:47:02
  Routing Descriptor Blocks
    directly connected, via Null0
      Route metric is 0
  No advertising protos.

Update Groups

The BGP Update Groups feature contains an algorithm that dynamically calculates and optimizes update groups of neighbors that share outbound policies and can share the update messages. The BGP Update Groups feature separates update group replication from peer group configuration, improving convergence time and flexibility of neighbor configuration.

Monitor BGP Update Groups

This task displays information related to the processing of BGP update groups.

SUMMARY STEPS

  1. show bgp [ ipv4 { unicast | multicast | all | tunnel } | ipv6 { unicast | all } | all { unicast | multicast | all labeled-unicast | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ipv6 unicast ] | vpvn6 unicast ] update-group [ neighbor ip-address | process-id.index [ summary | performance-statistics ]]

DETAILED STEPS

show bgp [ ipv4 { unicast | multicast | all | tunnel } | ipv6 { unicast | all } | all { unicast | multicast | all labeled-unicast | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ipv6 unicast ] | vpvn6 unicast ] update-group [ neighbor ip-address | process-id.index [ summary | performance-statistics ]]

Example:


RP/0/RP0/CPU0:router# show bgp update-group 0.0

Displays information about BGP update groups.

  • The ip-address argument displays the update groups to which that neighbor belongs.

  • The process-id.index argument selects a particular update group to display and is specified as follows: process ID (dot) index. Process ID range is from 0 to 254. Index range is from 0 to 4294967295.

  • The summary keyword displays summary information for neighbors in a particular update group.

  • If no argument is specified, this command displays information for all update groups (for the specified address family).

  • The performance-statistics keyword displays performance statistics for an update group.

Displaying BGP Update Groups: Example

The following is sample output from the show bgp update-group command run in EXEC configurationXR EXEC mode: 


  
 show bgp update-group
  
  Update group for IPv4 Unicast, index 0.1:
    Attributes:
      Outbound Route map:rm
      Minimum advertisement interval:30
    Messages formatted:2, replicated:2
    Neighbors in this update group:
      10.0.101.92
  
  Update group for IPv4 Unicast, index 0.2:
    Attributes:
      Minimum advertisement interval:30
    Messages formatted:2, replicated:2
    Neighbors in this update group:
      10.0.101.91

BGP Keychains

BGP keychains enable keychain authentication between two BGP peers. The BGP endpoints must both comply with draft-bonica-tcp-auth-05.txt and a keychain on one endpoint and a password on the other endpoint does not work.

BGP is able to use the keychain to implement hitless key rollover for authentication. Key rollover specification is time based, and in the event of clock skew between the peers, the rollover process is impacted. The configurable tolerance specification allows for the accept window to be extended (before and after) by that margin. This accept window facilitates a hitless key rollover for applications (for example, routing and management protocols).

The key rollover does not impact the BGP session, unless there is a keychain configuration mismatch at the endpoints resulting in no common keys for the session traffic (send or accept).

Configure Keychains for BGP

Keychains provide secure authentication by supporting different MAC authentication algorithms and provide graceful key rollover. Perform this task to configure keychains for BGP. This task is optional.


Note

If a keychain is configured for a neighbor group or a session group, a neighbor using the group inherits the keychain. Values of commands configured specifically for a neighbor override inherited values.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. remote-as as-number
  5. keychain name
  6. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number to it.

Step 5

keychain name

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# keychain kych_a

Configures keychain-based authentication.

Step 6

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Session Authentication and Integrity using TCP Authentication Option Overview

BGP Session Authentication and Integrity using TCP Authentication Option feature enables you to use stronger Message Authentication Codes that protect against replays, even for long-lived TCP connections. This feature also provides more details on the association of security with TCP connections than TCP MD5 Signature option (TCP MD5).

This feature supports the following functionalities of TCP MD5:

  • Protection of long-lived connections such as BGP and LDP.

  • Support for larger set of MACs with minimal changes to the system and operations

BGP Session Authentication and Integrity using TCP Authentication Option feature supports IPv6. It supports these two cryptographic algorithms: HMAC-SHA-1-96 and AES-128-CMAC-96.

You can use two sets of keys, namely Master Key Tuples and traffic keys to authenticate incoming and outgoing segments.

This feature applies different option identifier than TCP MD5. This feature cannot be used simultaneously with TCP MD5.

Master Key Tuples

Traffic keys are the keying material used to compute the message authentication codes of individual TCP segments.

The BGP Session Authentication and Integrity using TCP Authentication Option (AO) feature uses the existing keychain fucntionality to define the key string, message authentication codes algorithm, and key lifetimes.

Master Key Tuples (MKTs) enable you to derive unique traffic keys, and to include the keying material required to generate those traffic keys. MKTs indicate the parameters under which the traffic keys are configured. The parameters include whether TCP options are authenticated, and indicators of the algorithms used for traffic key derivation and MAC calculation.

Each MKT has two identifiers, namely SendID and a RecvID . The SendID identifier is inserted as the KeyID identifier of the TCP AO option of the outgoing segments.The RecvID is matched against the TCP AO KeyID of the incoming segments.

Configure BGP Session Authentication and Integrity using TCP Authentication Option

This section describes how you can configure BGP Session Authentication and Integrity using TCP Authentication Option (TCP AO) feature :

  • Configure Keychain


    Note

    Configure send-life and accept-lifetime keywords with identical values in the keychain configuration, otherwise the values become invalid.

  • Configure TCP


    Note

    The Send ID and Receive ID you configured on the device must match the Receive ID and Send ID configured on the peer respectively.

  • Configure BGP

Configuration Example

Configure a keychain. 


Router# configure
Router#(config)# key chain tcpao1
Router#(config-tcpao1)# key 1
Router#(config-tcpao1-1)# cryptographic-algorithm HMAC-SHA-1-96 
Router#(config-tcpao1-1)# key-string keys1
Router#(config-tcpao1-1)# send-lifetime 16:00:00 march 3 2018 infinite 
Router#(config-tcpao1-1)# accept-lifetime 16:00:00 march 3 2018 infinite

Configure TCP

 
Router# tcp ao 	
Router(config-tcp-ao)# keychain tcpao1
Router(config-tcp-ao-tpcao1)# key 1 sendID 5 receiveID 5
/* Configure BGP */ 
Router#(config-bgp)# router bgp 1
Router(config-bgp)# bgp router-id 10.101.101.1
Router(config-bgp)# address-family ipv4 unicast 
Router(config-bgp-af)# exit
Router(config-bgp)# neighbor 10.51.51.1
Router(config-bgp-nbr)# remote-as 1
Router(config-bgp-nbr)# ao tcpao1 include-tcp-options disable accept-ao-mismatch-connection

Configure BGP


Router#(config-bgp)# router bgp 1
Router(config-bgp)# bgp router-id 10.101.101.1
Router(config-bgp)# address-family ipv4 unicast
Router(config-bgp-af)# exit
Router(config-bgp)# neighbor 10.51.51.1
Router(config-bgp-nbr)# remote-as 1
Router(config-bgp-nbr)# ao tcpao1 include-tcp-options disable accept-ao-mismatch-connection

Verification

Verify the keychain information configured for BGP Session Authentication and Integrity using TCP Authentication Option feature.


Router# show bgp sessions | i 10.51.51.1
Wed Mar 21 12:55:57.812 UTC
10.51.51.1  default  1     1     0     0    Established  None

The following output displays details of a key, such as Send Id, Receive Id, and cryptographic algorithm.


Router# show bgp sessions | i 10.51.51.1
Wed Mar 21 12:55:57.812 UTC
10.51.51.1  default  1     1     0     0    Established  None

The following output displays the state of the BGP neighbors. 


Router# show bgp sessions | i 10.51.51.1
Wed Mar 21 12:55:57.812 UTC
10.51.51.1  default  1     1     0     0    Established  None

The following output displays the state of a particular BGP neighbor. 


Router# show bgp sessions | i 10.51.51.1
Wed Mar 21 12:55:57.812 UTC
10.51.51.1  default  1     1     0     0    Established  None

The following output displays brief information of the protocol control block (PCB) of the neighbor. 


Router# show tcp brief | i 10.51.51.2 
Wed Mar 21 12:55:13.652 UTC
0x143df858 0x60000000  0  0  10.51.51.2:43387  10.51.51.1:179 ESTAB

The following output displays authentication details of the PCB:


Router# show tcp detail pcb 0x143df858 location 0/rsp0/CPU0 | begin Authen
Wed Mar 21 12:56:46.129 UTC
Authentication peer details:
    Peer: 10.51.51.1/32, OBJ_ID: 0x40002fd8
    Port: BGP, vrf_id: 0x60000000, type: AO, debug_on:0
    Keychain_name: tcpao1, options: 0x00000000, linked peer: 0x143e00  Keychain name
    Send_SNE: 0, Receive_SNE: 0, Send_SNE_flag: 0
    Recv_SNE_flag: 0, Prev_send_seq: 4120835405, Prev_receive_seq: 2461932863
    ISS: 4120797604, IRS: 2461857361
    Current key: 2
    Traffic keys: send_non_SYN: 006a2975, recv_non_SYN: 00000000
    RNext key: 2 
    Traffic keys: send_non_SYN: 00000000, recv_non_SYN: 00000000
    Last 1 keys used: 
        key: 2, time: Mar 20 03:52:35.969.151, reason: No current key set

Configure BGP Accept Own

The BGP Accept Own feature allows you to handle self-originated VPN routes, which a BGP speaker receives from a route-reflector (RR). A 'self-originated' route is one which was originally advertized by the speaker itself. As per BGP protocol [RFC4271], a BGP speaker rejects advertisements that were originated by the speaker itself. However, the BGP Accept Own mechanism enables a router to accept the prefixes it has advertised, when reflected from a route-reflector that modifies certain attributes of the prefix. A special community called ACCEPT-OWN is attached to the prefix by the route-reflector, which is a signal to the receiving router to bypass the ORIGINATOR_ID and NEXTHOP/MP_REACH_NLRI check. Generally, the BGP speaker detects prefixes that are self-originated through the self-origination check (ORIGINATOR_ID, NEXTHOP/MP_REACH_NLRI) and drops the received updates. However, with the Accept Own community present in the update, the BGP speaker handles the route.

One of the applications of BGP Accept Own is auto-configuration of extranets within MPLS VPN networks. In an extranet configuration, routes present in one VRF is imported into another VRF on the same PE. Normally, the extranet mechanism requires that either the import-rt or the import policy of the extranet VRFs be modified to control import of the prefixes from another VRF. However, with Accept Own feature, the route-reflector can assert that control without the need for any configuration change on the PE. This way, the Accept Own feature provides a centralized mechanism for administering control of route imports between different VRFs.


Note

BGP Accept Own is supported only for VPNv4 and VPNv6 address families in neighbor configuration mode.

Perform this task to configure BGP Accept Own:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. remote-as as-number
  5. update-source type interface-path-id
  6. address-family {vpnv4 unicast | vpnv6 unicast }
  7. accept-own [inheritance-disable ]

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)#router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp)#neighbor 10.1.2.3

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

remote-as as-number

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)#remote-as 100

Assigns a remote autonomous system number to the neighbor.

Step 5

update-source type interface-path-id

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)#update-source Loopback0

Allows sessions to use the primary IP address from a specific interface as the local address when forming a session with a neighbor.

Step 6

address-family {vpnv4 unicast | vpnv6 unicast }

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)#address-family vpnv6 unicast

Specifies the address family as VPNv4 or VPNv6 and enters neighbor address family configuration mode.

Step 7

accept-own [inheritance-disable ]

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr-af)#accept-own

Enables handling of self-originated VPN routes containing Accept_Own community.

Use the inheritance-disable keyword to disable the "accept own" configuration and to prevent inheritance of "acceptown" from a parent configuration.

BGP Accept Own Configuration: Example

In this configuration example:

  • PE11 is configured with Customer VRF and Service VRF.

  • OSPF is used as the IGP.

  • VPNv4 unicast and VPNv6 unicast address families are enabled between the PE and RR neighbors and IPv4 and IPv6 are enabled between PE and CE neighbors.

The Accept Own configuration works as follows:

  1. CE1 originates prefix X.

  2. Prefix X is installed in customer VRF as (RD1:X).

  3. Prefix X is advertised to IntraAS-RR11 as (RD1:X, RT1).

  4. IntraAS-RR11 advertises X to InterAS-RR1 as (RD1:X, RT1).

  5. InterAS-RR1 attaches RT2 to prefix X on the inbound and ACCEPT_OWN community on the outbound and advertises prefix X to IntraAS-RR31.

  6. IntraAS-RR31 advertises X to PE11.

  7. PE11 installs X in Service VRF as (RD2:X,RT1, RT2, ACCEPT_OWN).

This example shows how to configure BGP Accept Own on a PE router. 

router bgp 100
 neighbor 45.1.1.1
   remote-as 100
   update-source Loopback0
   address-family vpnv4 unicast
    route-policy pass-all in
    accept-own
    route-policy drop_111.x.x.x out
   !
   address-family vpnv6 unicast
    route-policy pass-all in
    accept-own
    route-policy drop_111.x.x.x out
   !
  !
This example shows an InterAS-RR configuration for BGP Accept Own. 
router bgp 100
 neighbor 45.1.1.1
  remote-as 100
  update-source Loopback0
  address-family vpnv4 unicast
   route-policy rt_stitch1 in
   route-reflector-client
   route-policy add_bgp_ao out
  !
  address-family vpnv6 unicast
   route-policy rt_stitch1 in
   route-reflector-client
   route-policy add_bgp_ao out
  !
 !
extcommunity-set rt cs_100:1
  100:1
end-set
!
extcommunity-set rt cs_1001:1
  1001:1
end-set
!
route-policy rt_stitch1
  if extcommunity rt matches-any cs_100:1 then
    set extcommunity rt cs_1000:1 additive
 endif
end-policy
!
route-policy add_bgp_ao
  set community (accept-own) additive
end-policy
!

BGP Link-State

BGP Link-State (LS) is an Address Family Identifier (AFI) and Sub-address Family Identifier (SAFI) originally defined to carry interior gateway protocol (IGP) link-state information through BGP. The BGP Network Layer Reachability Information (NLRI) encoding format for BGP-LS and a new BGP Path Attribute called the BGP-LS attribute are defined in RFC7752. The identifying key of each Link-State object, namely a node, link, or prefix, is encoded in the NLRI and the properties of the object are encoded in the BGP-LS attribute.


Note
IGPs do not use BGP LS data from remote peers. BGP does not download the received BGP LS data to any other component on the router.

An example of a BGP-LS application is the Segment Routing Path Computation Element (SR-PCE). The SR-PCE can learn the SR capabilities of the nodes in the topology and the mapping of SR segments to those nodes. This can enable the SR-PCE to perform path computations based on SR-TE and to steer traffic on paths different from the underlying IGP-based distributed best-path computation.

The following figure shows a typical deployment scenario. In each IGP area, one or more nodes (BGP speakers) are configured with BGP-LS. These BGP speakers form an iBGP mesh by connecting to one or more route-reflectors. This way, all BGP speakers (specifically the route-reflectors) obtain Link-State information from all IGP areas (and from other ASes from eBGP peers).

Exchange Link State Information with BGP Neighbor

The following example shows how to exchange link-state information with a BGP neighbor:


Router# configure
Router(config)# router bgp 1
Router(config-bgp)# neighbor 10.0.0.2
Router(config-bgp-nbr)# remote-as 1
Router(config-bgp-nbr)# address-family link-state link-state
Router(config-bgp-nbr-af)# exit

IGP Link-State Database Distribution

A given BGP node may have connections to multiple, independent routing domains. IGP link-state database distribution into BGP-LS is supported for both OSPF and IS-IS protocols in order to distribute this information on to controllers or applications that desire to build paths spanning or including these multiple domains.

To distribute OSPFv2 link-state data using BGP-LS, use the distribute link-state command in router configuration mode. 


Router# configure
Router(config)# router ospf 100
Router(config-ospf)# distribute link-state instance-id 32

Usage Guidelines and Limitations

  • BGP-LS supports IS-IS and OSPFv2.

  • The identifier field of BGP-LS (referred to as the Instance-ID) identifies the IGP routing domain where the NLRI belongs. The NLRIs representing link-state objects (nodes, links, or prefixes) from the same IGP routing instance must use the same Instance-ID value.

  • When there is only a single protocol instance in the network where BGP-LS is operational, we recommend configuring the Instance-ID value to 0.

  • Assign consistent BGP-LS Instance-ID values on all BGP-LS Producers within a given IGP domain.

  • NLRIs with different Instance-ID values are considered to be from different IGP routing instances.

  • Unique Instance-ID values must be assigned to routing protocol instances operating in different IGP domains. This allows the BGP-LS Consumer (for example, SR-PCE) to build an accurate segregated multi-domain topology based on the Instance-ID values, even when the topology is advertised via BGP-LS by multiple BGP-LS Producers in the network.

  • If the BGP-LS Instance-ID configuration guidelines are not followed, a BGP-LS Consumer may see duplicate link-state objects for the same node, link, or prefix when there are multiple BGP-LS Producers deployed. This may also result in the BGP-LS Consumers getting an inaccurate network-wide topology.

For segment routing, the following attributes have been added to BGP-LS:

  • Node—Segment routing capability (including SRGB range) and algorithm

  • Link—Adjacency SID and LAN adjacency SID

  • Prefix—Prefix SID and segment routing mapping server (SRMS) prefix range

Configure BGP Link-state

To exchange BGP link-state (LS) information with a BGP neighbor, perform these steps:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family link-state link-state
  4. neighbor ip-address
  5. remote-as as-number
  6. address-family link-state link-state
  7. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family link-state link-state

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family link-state link-state

Distributes BGP link-state information to the specified neighbor.

Step 4

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.0.0.2

Configures a CE neighbor. The ip-address argument must be a private address.

Step 5

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 1

Configures the remote AS for the CE neighbor.

Step 6

address-family link-state link-state

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family link-state link-state

Distributes BGP link-state information to the specified neighbor.

Step 7

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Example


router bgp 100
 address-family link-state link-state
 !
 neighbor 10.0.0.2
  remote-as 1
  address-family link-state link-state

Configure Domain Distinguisher

To configure unique identifier four-octet ASN, perform these steps:

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family link-state link-state
  4. domain-distinguisher unique-id
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family link-state link-state

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family link-state link-state

Enters address-family link-state configuration mode.

Step 4

domain-distinguisher unique-id

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# domain-distinguisher 1234:1.2.3.4

Configures unique identifier four-octet ASN. Range is from 1 to 4294967295.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

IGP extensions

A given BGP node may have connections to multiple, independent routing domains, IGP link state distribution into BGP has been added for both the OSPF and ISIS protocols to enable that node to likewise pass this information on to applications that desire to build paths spanning or including these multiple domains.

BGP Labeled-Unicast

When BGP is used to distribute a particular route, it can be also be used to distribute a Multiprotocol Label Switching (MPLS) label which is mapped to that route. This feature enables BGP UPDATE message to include MPLS label mapping information about a particular prefix.

Sample configuration:



!
router bgp 1
 bgp router-id 192.168.70.24
 address-family ipv4 unicast
 redistribute connected route-policy set-lbl-idx
 allocate-label all
!
 neighbor 172.168.40.24
 remote-as 1
 update-source Loopback0
 address-family ipv4 unicast
 route-policy pass-all in
 route-policy pass-all out
!
 address-family ipv4 labeled-unicast
 route-policy pass-all in
 route-policy pass-all out
!

Sample output:


Note

The IPv4 unicast address family must be configured in router configuration mode before configuring the IPv4 labeled-unicast address family for a neighbor in neighbor configuration mode. 


router#sh cef 1.2.2.1
Sat Jun 18 20:07:00.833 UTC
1.2.2.1/32, version 1312, internal 0x5000001 0x0 (ptr 0x8bb7a388) [1], 0x0 (0x8cd0a018), 0xa08 (0x8cbccbd8)
 Updated Jun 18 19:56:47.237
 Prefix Len 32, traffic index 0, precedence n/a, priority 4
   via 2.2.2.2/32, 3 dependencies, recursive [flags 0x6000]
    path-idx 0 NHID 0x0 [0x8d37f928 0x0]
    recursion-via-/32
    next hop 2.2.2.2/32 via 24001/0/21
     local label 24053 
     next hop 12.1.1.1/32 Te0/0/0/12   labels imposed {24006 24004}
     next hop 112.1.1.2/32 Te0/0/0/12.1 labels imposed {24006 24004}

BGP Permanent Network

BGP permanent network feature supports static routing through BGP. BGP routes to IPv4 or IPv6 destinations (identified by a route-policy) can be administratively created and selectively advertised to BGP peers. These routes remain in the routing table until they are administratively removed. A permanent network is used to define a set of prefixes as permanent, that is, there is only one BGP advertisement or withdrawal in upstream for a set of prefixes. For each network in the prefix-set, a BGP permanent path is created and treated as less preferred than the other BGP paths received from its peer. The BGP permanent path is downloaded into RIB when it is the best-path.

The permanent-network command in global address family configuration mode uses a route-policy to identify the set of prefixes (networks) for which permanent paths is to be configured. The advertise permanent-network command in neighbor address-family configuration mode is used to identify the peers to whom the permanent paths must be advertised. The permanent paths is always advertised to peers having the advertise permanent-network configuration, even if a different best-path is available. The permanent path is not advertised to peers that are not configured to receive permanent path.

The permanent network feature supports only prefixes in IPv4 unicast and IPv6 unicast address-families under the default Virtual Routing and Forwarding (VRF).

Restrictions

These restrictions apply while configuring the permanent network:

  • Permanent network prefixes must be specified by the route-policy on the global address family.

  • You must configure the permanent network with route-policy in global address family configuration mode and then configure it on the neighbor address family configuration mode.

  • When removing the permanent network configuration, remove the configuration in the neighbor address family configuration mode and then remove it from the global address family configuration mode.

Configure BGP Permanent Network

Perform this task to configure BGP permanent network. You must configure at least one route-policy to identify the set of prefixes (networks) for which the permanent network (path) is to be configured.

SUMMARY STEPS

  1. configure
  2. prefix-set prefix-set-name
  3. exit
  4. route-policy route-policy-name
  5. end-policy
  6. router bgp as-number
  7. address-family { ipv4 | ipv6 } unicast
  8. permanent-network route-policy route-policy-name
  9. Use the commit or end command.
  10. show bgp {ipv4 | ipv6} unicast prefix-set

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

prefix-set prefix-set-name

Example:


RP/0/RP0/CPU0:router(config)# prefix-set PERMANENT-NETWORK-IPv4
RP/0/RP0/CPU0:router(config-pfx)# 1.1.1.1/32,
RP/0/RP0/CPU0:router(config-pfx)# 2.2.2.2/32,
RP/0/RP0/CPU0:router(config-pfx)# 3.3.3.3/32
RP/0/RP0/CPU0:router(config-pfx)# end-set

Enters prefix set configuration mode and defines a prefix set for contiguous and non-contiguous set of bits.

Step 3

exit

Example:


RP/0/RP0/CPU0:router(config-pfx)# exit

Exits prefix set configuration mode and enters global configuration mode.

Step 4

route-policy route-policy-name

Example:


RP/0/RP0/CPU0:router(config)# route-policy POLICY-PERMANENT-NETWORK-IPv4
RP/0/RP0/CPU0:router(config-rpl)# if destination in PERMANENT-NETWORK-IPv4 then
RP/0/RP0/CPU0:router(config-rpl)# pass
RP/0/RP0/CPU0:router(config-rpl)# endif

Creates a route policy and enters route policy configuration mode, where you can define the route policy.

Step 5

end-policy

Example:


RP/0/RP0/CPU0:router(config-rpl)# end-policy

Ends the definition of a route policy and exits route policy configuration mode.

Step 6

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode.

Step 7

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

Step 8

permanent-network route-policy route-policy-name

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# permanent-network route-policy POLICY-PERMANENT-NETWORK-IPv4

Configures the permanent network (path) for the set of prefixes as defined in the route-policy.

Step 9

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Step 10

show bgp {ipv4 | ipv6} unicast prefix-set

Example:


RP/0/RP0/CPU0:routershow bgp ipv4 unicast

(Optional) Displays whether the prefix-set is a permanent network in BGP.

Advertise Permanent Network

Perform this task to identify the peers to whom the permanent paths must be advertised.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. remote-as as-number
  5. address-family { ipv4 | ipv6 } unicast
  6. advertise permanent-network
  7. Use the commit or end command.
  8. show bgp {ipv4 | ipv6} unicast neighbor ip-address

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode.

Step 3

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.255.255.254

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 4

remote-as as-number

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 4713

Assigns the neighbor a remote autonomous system number.

Step 5

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

Step 6

advertise permanent-network

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr-af)# advertise permanent-network

Specifies the peers to whom the permanent network (path) is advertised.

Step 7

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Step 8

show bgp {ipv4 | ipv6} unicast neighbor ip-address

Example:


RP/0/RP0/CPU0:routershow bgp ipv4 unicast neighbor 10.255.255.254

(Optional) Displays whether the neighbor is capable of receiving BGP permanent networks.

BGP Prefix Origin Validation using RPKI

A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH attribute in BGP and starts with the AS that originated the prefix.

To help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route) needs to be verified and authorized by the prefix holder.

The Resource Public Key Infrastructure (RPKI) is an approach to build a formally verifiable database of IP addresses and AS numbers as resources. The RPKI is a globally distributed database containing, among other things, information mapping BGP (internet) prefixes to their authorized origin-AS numbers. Routers running BGP can connect to the RPKI to validate the origin-AS of BGP paths.

Configure RPKI Cache-server

Perform this task to configure Resource Public Key Infrastructure (RPKI) cache-server parameters.

Configure the RPKI cache-server parameters in rpki-server configuration mode. Use the rpki server command in router BGP configuration mode to enter into the rpki-server configuration mode

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. rpki cache {host-name | ip-address }
  4. Use one of these commands:
    • transport ssh port port_number
    • transport tcp port port_number
  5. (Optional) username user_name
  6. (Optional) password
  7. preference preference_value
  8. purge-time time
  9. Use one of these commands.
    • refresh-time time
    • refresh-time off
  10. Use one these commands.
    • response-time time
    • response-time off
  11. shutdown
  12. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)#router bgp 100

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

rpki cache {host-name | ip-address }

Example:

RP/0/RP0/CPU0:router(config-bgp)#rpki server 10.2.3.4

Enters rpki-server configuration mode and enables configuration of RPKI cache parameters.

Step 4

Use one of these commands:

  • transport ssh port port_number
  • transport tcp port port_number

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#transport ssh port 22

Or 

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#transport tcp port 2

Specifies a transport method for the RPKI cache.

  • ssh —Select ssh to connect to the RPKI cache using SSH.

  • tcp —Select tcp to connect to the RPKI cache using TCP (unencrypted).

  • port port_number —Specify the port number for the RPKI cache transport over TCP and SSH protocols. The port number ranges from 1 to 65535.

Note

 

  • SSH supports custom ports in addition to the default port number 22.

  • You can set the transport to either TCP or SSH. Change of transport causes the cache session to flap.

Step 5

(Optional) username user_name

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#username ssh_rpki_cache

Specifies a (SSH) username for the RPKI cache-server.

Step 6

(Optional) password

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#password ssh_rpki_pass

Specifies a (SSH) password for the RPKI cache-server.

Note

 

The “username” and “password” configurations only apply if the SSH method of transport is active.

Step 7

preference preference_value

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#preference 1

Specifies a preference value for the RPKI cache. Range for the preference value is 1 to 10. Setting a lower preference value is better.

Step 8

purge-time time

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#purge-time 30

Configures the time BGP waits to keep routes from a cache after the cache session drops. Set purge time in seconds. Range for the purge time is 30 to 360 seconds.

Step 9

Use one of these commands.

  • refresh-time time
  • refresh-time off

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#refresh-time 20

Or 

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#refresh-time off

Configures the time BGP waits in between sending periodic serial queries to the cache. Set refresh-time in seconds. Range for the refresh time is 15 to 3600 seconds.

Configure the off option to specify not to send serial-queries periodically.

Step 10

Use one these commands.

  • response-time time
  • response-time off

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#response-time 30

Or 

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#response-time off

Configures the time BGP waits for a response after sending a serial or reset query. Set response-time in seconds. Range for the response time is 15 to 3600 seconds.

Configure the off option to wait indefinitely for a response.

Step 11

shutdown

Example:

RP/0/RP0/CPU0:router(config-bgp-rpki-server)#shutdown

Configures shut down of the RPKI cache.

Step 12

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Configure RPKI Prefix Validation

Perform this task to control the behavior of RPKI prefix validation processing.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. Use one of these commands.
    • rpki origin-as validation disable
    • rpki origin-as validation time {off | prefix_validation_time
  4. origin-as validity signal ibgp
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)#router bgp 100

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

Use one of these commands.

  • rpki origin-as validation disable
  • rpki origin-as validation time {off | prefix_validation_time

Example:

RP/0/RP0/CPU0:router(config-bgp)#rpki origin-as validation disable

Or 

RP/0/RP0/CPU0:router(config-bgp)#rpki origin-as validation time 50

Or 

RP/0/RP0/CPU0:router(config-bgp)#rpki origin-as validation time off
Sets the BGP origin-AS validation parameters.

  • disable —Use disable option to disable RPKI origin-AS validation.

  • time —Use time option to either set prefix validation time (in seconds) or to set off the automatic prefix validation after an RPKI update.

    Range for prefix validation time is 5 to 60 seconds.

    Configuring the disable option disables prefix validation for all eBGP paths and all eBGP paths are marked as "valid" by default.

    Note

     

    The rpki origin-as validation options can also configured in neighbor and neighbor address family submodes. The neighbor must be an ebgp neighbor. If configured at the neighbor or neighor address family level, prefix validation disable or time options will be valid only for that specific neighbor or neighbor address family.

Step 4

origin-as validity signal ibgp

Example:

RP/0/RP0/CPU0:router(config-bgp)#rpki origin-as validity signal ibgp

Enables the iBGP signaling of validity state through an extended-community.

This can also be configured in global address family submode.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Configure BGP Prefix Validation

Starting from Release 6.5.1, RPKI is disabled by default. From Release 6.5.1, use the following task to configure RPKI Prefix Validation. 

Router(config)# router bgp 100
/* The bgp origin-as validation time and bgp origin-as validity signal ibgp commands are optional. */. 
Router(config-bgp)# bgp origin-as validation time 50
Router(config-bgp)# bgp origin-as validation time off
Router(config-bgp)# bgp origin-as validation signal ibgp
Router(config-bgp)# address-family ipv4 unicast
Router(config-bgp-af)# bgp origin-as validation enable

Use the following commands to verify the origin-as validation configuration:

Router# show bgp origin-as validity

Thu Mar 14 04:18:09.656 PDT
BGP router identifier 10.1.1.1, local AS number 1
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000   RD version: 514
BGP main routing table version 514
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Origin-AS validation codes: V valid, I invalid, N not-found, D disabled
    Network                  Next Hop            Metric LocPrf Weight Path
 *> 209.165.200.223/27       0.0.0.0                  0         32768 ?

 *> 209.165.200.225/27       0.0.0.0                  0         32768 ?

 *> 19.1.2.0/24              0.0.0.0                  0         32768 ?

 *> 19.1.3.0/24              0.0.0.0                  0         32768 ?

 *> 10.1.2.0/24              0.0.0.0                  0         32768 ?

 *> 10.1.3.0/24              0.0.0.0                  0         32768 ?

 *> 10.1.4.0/24              0.0.0.0                  0         32768 ?

 *> 198.51.100.1/24          0.0.0.0                  0         32768 ?

 *> 203.0.113.235/24         0.0.0.0                  0         32768 ?

V*> 209.165.201.0/27        10.1.2.1                  0         4002 i

N*> 198.51.100.2/24         10.1.2.1                  0         4002 i

I*> 198.51.100.1/24         10.1.2.1                  0          4002 i

 *> 192.0.2.1.0/24          0.0.0.0                    0         32768 ?

Router# show bgp process                  
Mon Jul  9 16:47:39.428 PDT

BGP Process Information: 
...
Use origin-AS validity in bestpath decisions
Allow (origin-AS) INVALID paths
Signal origin-AS validity state to neighbors

Address family: IPv4 Unicast
...
Origin-AS validation is enabled for this address-family
Use origin-AS validity in bestpath decisions for this address-family
Allow (origin-AS) INVALID paths for this address-family
Signal origin-AS validity state to neighbors with this address-family

Configure RPKI Bestpath Computation

Perform this task to configure RPKI bestpath computation options.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. rpki bestpath use origin-as validity
  4. rpki bestpath origin-as allow invalid
  5. Use the commit or end command.

DETAILED STEPS

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)#router bgp 100

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

rpki bestpath use origin-as validity

Example:

RP/0/RP0/CPU0:router(config-bgp)#rpki bestpath use origin-as validity

Enables the validity states of BGP paths to affect the path's preference in the BGP bestpath process. This configuration can also be done in router BGP address family submode.

Step 4

rpki bestpath origin-as allow invalid

Example:

RP/0/RP0/CPU0:router(config-bgp)#rpki bestpath origin-as allow invalid

Allows all "invalid" paths to be considered for BGP bestpath computation.

Note

 

This configuration can also be done at global address family, neighbor, and neighbor address family submodes. Configuring rpki bestpath origin-as allow invalid in router BGP and address family submodes allow all "invalid" paths to be considered for BGP bestpath computation. By default, all such paths are not bestpath candidates. Configuring pki bestpath origin-as allow invalid in neighbor and neighbor address family submodes allow all "invalid" paths from that specific neighbor or neighbor address family to be considered as bestpath candidates. The neighbor must be an eBGP neighbor.

This configuration takes effect only when the rpki bestpath use origin-as validity configuration is enabled.

Step 5

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Enabling BGP Unequal Cost Recursive Load Balancing

Perform this task to enable unequal cost recursive load balancing for external BGP (eBGP) and eiBGP and to enable BGP to carry link bandwidth attribute of the demilitarized zone (DMZ) link.

When the PE router includes the link bandwidth extended community in its updates to the remote PE through the Multiprotocol Interior BGP (MP-iBGP) session (either IPv4 or VPNv4), the remote PE automatically does load balancing if the maximum-paths command is enabled.

Unequal cost recursive load balancing happens across maximum eight paths only.


Note

Enabling BGP unequal cost recursive load balancing feature is not supported on CPP based cards.

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ]
  5. exit
  6. neighbor ip-address
  7. dmz-link-bandwidth
  8. Use the commit or end command.

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:


RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:


RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:


RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ]

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# maximum-paths ebgp 3

Configures the maximum number of parallel routes that BGP installs in the routing table.

  • ebgp maximum : Consider only eBGP paths for multipath.

  • ibgp maximum [ unequal-cost ]: Consider load balancing between iBGP learned paths.

  • eibgp maximum : Consider both eBGP and iBGP learned paths for load balancing. eiBGP load balancing always does unequal-cost load balancing.

When eiBGP is applied, eBGP or iBGP load balancing cannot be configured; however, eBGP and iBGP load balancing can coexist.

Step 5

exit

Example:


RP/0/RP0/CPU0:router(config-bgp-af)# exit

Exits the current configuration mode.

Step 6

neighbor ip-address

Example:


RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.0.0.1

Configures a CE neighbor. The ip-address argument must be a private address.

Step 7

dmz-link-bandwidth

Example:


RP/0/RP0/CPU0:router(config-bgp-nbr)# dmz-link-bandwidth

Originates a demilitarized-zone (DMZ) link-bandwidth extended community for the link to an eBGP neighbor.

Step 8

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing

The demilitarized zone (DMZ) link bandwidth for unequal cost recursive load balancing feature provides support for unequal cost load balancing for recursive prefixes on local node using DMZ link bandwidth. Use the dmz-link-bandwidth command in BGP neighbor configuration mode and the bandwidth command in interface configuration mode to The unequal load balance is achieved.

When the PE router includes the link bandwidth extended community in its updates to the remote PE through the Multiprotocol Interior BGP (MP-iBGP) session (either IPv4 or VPNv4), the remote PE automatically does load balancing if the maximum-paths command is enabled.


Note

Unequal cost recursive load balancing happens across maximum eight paths only.

Enable BGP Unequal Cost Recursive Load Balancing

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. address-family { ipv4 | ipv6 } unicast
  4. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ]
  5. exit
  6. neighbor ip-address
  7. dmz-link-bandwidth
  8. Use the commit or end command.

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 120

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

address-family { ipv4 | ipv6 } unicast

Example:

RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode.

To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Step 4

maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ]

Example:

RP/0/RP0/CPU0:router(config-bgp-af)# maximum-paths ebgp 3

Configures the maximum number of parallel routes that BGP installs in the routing table.

  • ebgp maximum : Consider only eBGP paths for multipath.

  • ibgp maximum [ unequal-cost ]: Consider load balancing between iBGP learned paths.

  • eibgp maximum : Consider both eBGP and iBGP learned paths for load balancing. eiBGP load balancing always does unequal-cost load balancing.

When eiBGP is applied, eBGP or iBGP load balancing cannot be configured; however, eBGP and iBGP load balancing can coexist.

Step 5

exit

Example:

RP/0/RP0/CPU0:router(config-bgp-af)# exit

Exits the current configuration mode.

Step 6

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.0.0.0

Configures a CE neighbor. The ip-address argument must be a private address.

Step 7

dmz-link-bandwidth

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)# dmz-link-bandwidth

Originates a demilitarized-zone (DMZ) link-bandwidth extended community for the link to an eBGP/iBGP neighbor.

Step 8

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:

  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

BGP Unequal Cost Recursive Load Balancing: Example

This is a sample configuration for unequal cost recursive load balancing: 



interface Loopback0
 ipv4 address 20.20.20.20 255.255.255.255
!
interface MgmtEth0/RSP0/CPU0/0
 ipv4 address 8.43.0.10 255.255.255.0
!
interface TenGigE0/3/0/0
 bandwidth 8000000 
 ipv4 address 11.11.11.11 255.255.255.0
 ipv6 address 11:11:0:1::11/64
!
interface TenGigE0/3/0/1
 bandwidth 7000000
 ipv4 address 11.11.12.11 255.255.255.0
 ipv6 address 11:11:0:2::11/64
!
interface TenGigE0/3/0/2
 bandwidth 6000000
 ipv4 address 11.11.13.11 255.255.255.0
 ipv6 address 11:11:0:3::11/64
!
interface TenGigE0/3/0/3
 bandwidth 5000000
 ipv4 address 11.11.14.11 255.255.255.0
 ipv6 address 11:11:0:4::11/64
!
interface TenGigE0/3/0/4
 bandwidth 4000000
 ipv4 address 11.11.15.11 255.255.255.0
 ipv6 address 11:11:0:5::11/64
!
interface TenGigE0/3/0/5
 bandwidth 3000000
 ipv4 address 11.11.16.11 255.255.255.0
 ipv6 address 11:11:0:6::11/64
!
interface TenGigE0/3/0/6
 bandwidth 2000000
 ipv4 address 11.11.17.11 255.255.255.0
 ipv6 address 11:11:0:7::11/64
!
interface TenGigE0/3/0/7
 bandwidth 1000000
 ipv4 address 11.11.18.11 255.255.255.0
 ipv6 address 11:11:0:8::11/64
!
interface TenGigE0/4/0/0
 description CONNECTED TO IXIA 1/3
 transceiver permit pid all
!
interface TenGigE0/4/0/2
 ipv4 address 9.9.9.9 255.255.0.0
 ipv6 address 9:9::9/64
 ipv6 enable
!
route-policy pass-all
  pass
end-policy
!
router static
 address-family ipv4 unicast
  202.153.144.0/24 8.43.0.1
 !
!
router bgp 100
 bgp router-id 20.20.20.20
 address-family ipv4 unicast
  maximum-paths eibgp 8
  redistribute connected
 !
 neighbor 11.11.11.12
  remote-as 200
  dmz-link-bandwidth    
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.12.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.13.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.14.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.15.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.16.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.17.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
 neighbor 11.11.18.12
  remote-as 200
  dmz-link-bandwidth
  address-family ipv4 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 !
!
end

DMZ Link Bandwidth Over EBGP Peer

The demilitarized zone (DMZ) link bandwidth extended community is an optional non-transitive attribute; therefore, it is not advertised to eBGP peers by default but it is advertised only to iBGP peers. This extended community is meant for load balancing over multi-paths. However, Cisco IOS-XR enables advertising of the DMZ link bandwidth to an eBGP peer, or receiving the DMZ link bandwidth by an eBGP peer. This feature also gives the user the option to send the bandwidth unchanged, or take the accumulated bandwidth over all the egress links and advertise that to the upstream eBGP peer.

Use the ebgp-send-community-dmz command to send the community to eBGP peers. By default, the link bandwidth extended-community attribute associated with the best path is sent.

When the cumulative keyword is used, the value of the link bandwidth extended community is set to the sum of link bandwidth values of all the egress-multipaths. If the DMZ link bandwidth value of the multipaths is unknown, for instance, some paths do not have that attribute, then unequal cost load-balancing is not done at that node. However, the sum of the known DMZ link bandwidth values is calculated and sent to the eBGP peer.

Use the ebgp-recv-community-dmz command to receive the community from eBGP peers.


Note

The ebgp-send-community-dmz and ebgp-recv-community-dmz commands can be configured in the neigbor, neighbour-group, and session-group configuration mode.

Use the bgp bestpath as-path multipath-relax and bgp bestpath as-path ignore commands to handle multipath across different autonomous systems.

Sending and Receiving DMZ Link Bandwidth Extended Community over eBGP Peer

SUMMARY STEPS

  1. configure
  2. router bgp as-number
  3. neighbor ip-address
  4. ebgp-send-extcommunity-dmz ip-address
  5. exit
  6. neighbor ip-address
  7. ebgp-recv-extcommunity-dmz
  8. exit

DETAILED STEPS

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters mode.

Step 2

router bgp as-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 100

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 3

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.1.1.1

Enters the neighbor configuration mode for configuring BGP routing sessions.

Step 4

ebgp-send-extcommunity-dmz ip-address

Example:
RP/0/RP0/CPU0:router(config-bgp)# ebgp-send-extcommunity-dmz

Sends the DMZ link bandwidth extended community to the eBGP neighbor.

Note

 

Use the cumulative keyword with this command to set the value of the link bandwidth extended community to the sum of link bandwidth values of all the egress multipaths.

Step 5

exit

Example:
RP/0/RP0/CPU0:router(config-bgp-nbr)# exit

Exits the neighbor configuration mode and enters into BGP configuration mode.

Step 6

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.16.0.1

Enters the neighbor configuration mode for configuring BGP routing sessions.

Step 7

ebgp-recv-extcommunity-dmz

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)# ebgp-recv-extcommunity-dmz

Receives the DMZ link bandwidth extended community to the eBGP neighbor.

Step 8

exit

Example:
RP/0/RP0/CPU0:router(config-bgp-nbr)# exit

Exits the neighbor configuration mode and enters into BGP configuration mode.

DMZ Link Bandwidth: Example
The following examples shows how Router R1 sends DMZ link bandwidth extended communities to Router R2 over eBGP peer connection: 

R1: sending router
------------------
neighbour 10.3.3.3
  remote-as 2
  ebgp-send-extcommunity-dmz
  address-family ipv4 unicast
   route-policy pass in
   route-policy pass out
  !

R2: Receiving router
--------------------
neighbor 192.0.2.1
  remote-as 3
  ebgp-recv-extcommunity-dmz
  address-family ipv4 unicast
   route-policy pass in
  !		
route-policy pass out		
!

The following is a sample configuration that displays the DMZ link bandwidth configuration in the sending (R1) router: 

RP/0/RP0/CPU0:router)# show bgp ipv4 unicast 10.1.1.1/32 detail
 
Path #1: Received by speaker 0
  Flags: 0x4000000001040003, import: 0x20
  Advertised to update-groups (with more than one peer):
    0.4 
  Advertised to peers (in unique update groups):
    20.0.0.1        
  3
    11.1.0.2 from 11.1.0.2 (11.1.0.2)
      Origin incomplete, metric 20, localpref 100, valid, external, best, group-best
      Received Path ID 0, Local Path ID 0, version 21
      Extended community: LB:3:192 
      Origin-AS validity: not-found

The following is a sample configuration that displays DMZ link bandwidth configuration in the receiving (R2) router: 

RP/0/RP0/CPU0:router)# show bgp ipv4 unicast 10.1.1.1/32 detail
 
Paths: (1 available, best #1)
  Not advertised to any peer
  Path #1: Received by speaker 0
  Not advertised to any peer
  1 3
    20.0.0.2 from 20.0.0.2 (10.0.0.81)
      Origin incomplete, localpref 100, valid, external, best, group-best
      Received Path ID 0, Local Path ID 0, version 17
      Extended community: LB:1:192 
      Origin-AS validity: not-found

BGP Accounting Policy Statistics for Interfaces and Subinterfaces

Table 5. Feature History Table

Feature Name

Release

Description

BGP Accounting Policy Statistics for Interfaces and Subinterfaces

Release 7.9.1

Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is received from different peers. You can identify and account for all traffic by customer and bill accordingly.

Policy accounting is enabled on an individual input interface basis. Using BGP policy accounting, you can now account for traffic according to the route it traverses.

This feature is supported on routers that have the Cisco NC57 based line cards with external TCAM (eTCAM) and operate in native mode.

This feature introduces the hw-module fib bgppa stats-mode command.

IP traffic received from various peers is measured and categorised using Border Gateway Protocol (BGP) policy accounting. All traffic can be tracked down, accounted for, and billed individually for. On an individual input interface basis, policy accounting is enabled. Now that traffic can be accounted for based on the route it takes, BGP policy accounting is available.

This feature introduces the hw-module fib bgppa stats-mode command. After configuring the command, you must reload the router for the feature to take effect.

Restriction

  • This feature is applicable for the following address families:

    • IPv4

    • IPv6

  • This feature supports input destination-based accounting only.

Configuration

For main interface:

Router# config
Router(config)# hw-module fib bgppa stats-mode main-intf

Router(config)# commit
For sub interface:

Router# config
Router(config)# hw-module fib bgppa stats-mode sub-intf

Router(config)# commit

Note

After configuring the command, you must reload the router for the feature to take effect.

Running Configuration

For main interface:

hw-module fib bgppa stats-mode main-intf
!
For sub interface:

hw-module fib bgppa stats-mode sub-intf
!

Verification

The show output displays that the BGP policy accounting is configured.


Router#show ipv4 int bundle-ether 54 
Bundle-Ether54 is Up, ipv4 protocol is Up 
  Vrf is default (vrfid 0x60000000)
  Internet address is 54.1.1.2/24
  MTU is 1514 (1500 is available to IP)
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  common access list is not set, access list is not set
  Proxy ARP is disabled
  ICMP redirects are never sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  Table Id is 0xe0000000
IP Input BGP policy accounting is configured

The following example shows the statistic details.

For IPv4:

Router#show cef ipv4 interface bundle-ether 22 bgp-policy-statistics          
Bundle-Ether22 is UP 
Input BGP policy accounting on dst IP address enabled
  buckets      packets       bytes
  default    207598474 309736310837
  1            4946185  7379708020
  2            2471450  3687403400
  3            2472189  3688505988
  4            2472271  3688628332
  5            2468753  3683379476
  6            2468877  3683564484
  7            2472353  3688750676
  8            2472434  3688871528
  9            2472517  3688995364
  10           2468958  3683685336
  11           2469081  3683868852
  12           2472599  3689117708
  13           2467559  3681598028
  14           2467682  3681781544
  15           2472680  3689238560
For IPv6:

Router#show cef ipv6 interface hundredGigE 0/7/0/26 bgp-policy-statistics 
HundredGigE0/7/0/26 is UP 
Input BGP policy accounting on dst IP address enabled
  buckets      packets       bytes
  default    275658703 412385419688
  1             166908   249694368
  2              83455   124848680
  3              83455   124848680
  4              83455   124848680
  5              83456   124850176
  6              83456   124850176
  7              83456   124850176
  8              83456   124850176
  9              83457   124851672
  10             83457   124851672
  11             83457   124851672
  12             83458   124853168
  13             83458   124853168
  14             83458   124853168
  15             83459   124854664

Peering Between BGP Routers Within a Confederation

Table 6. Feature History Table

Feature Name

Release Name

Description
Peering Between BGP Routers Within the Same Confederation Release 7.11.1

You can now enable BGP peering between routers in the sub-autonomous system (AS) within a confederation to advertise specific router updates using iBGP. This capability ensures that the mesh of routers between sub-ASes in a confederation maintains consistent routing tables, ensuring proper network reachability. Enabling this feature helps improve preventing performance reduction and traffic management challenges.

The feature introduces these changes:

CLI:

New Command:

YANG Data Models

  • New XPaths for

    Cisco-IOS-XR-ipv4-bgp-cfg.yang

  • Cisco-IOS-XR-um-router-bgp-cfg

(see GitHub, YANG Data Models Navigator)

Overview

This feature, with its ability to enable BGP peering between routers in the sub-autonomous system (AS) within a confederation allows for specific router updates to be advertised using iBGP. This ensures that in the mesh of routers between sub-ASes in a confederation, the routers maintain consistent routing tables, and ensure proper reachability between networks within the confederation. To enable this featiure, the users need to configure the allowconfedas-in command, thus circumventing the split horizon rule. You can specify the number of times the peer routers in the confederation can learn from each other when you configure the allowconfedas-in command.

In specific scenarios necessitating routing customization and optimization, breaking the split horizon rule is necessary. This rule restricts routers from sharing routes within the confederation. This feature allows you to achieve that. You can configure the allowconfedas-in command to permit peers to learn routes from the same confederation.

In the topology illustrated in Figure 1: Peering Between BGP Routers Within the Same Confederation, the PE1 router connects to the ISP router via the 192.0.2.0/24 prefix, while the PE2 router connects via the 198.51.100.0/24 prefix. The CE router advertises the 10.10.10.0/24 route to PE1, which, in turn, advertises it to PE2. To achieve this, PE1 advertises the route to the ISP router, which then passes it to PE2 since PE1 and PE2 aren't directly connected. While relaying the advertisement, the ISP router learns the route. PE2, with a confederation AS number of AS 20, examines the AS number list in the advertisement to understand the route's path. PE2 identifies the AS numbers of the ISP router , which is AS 500, and PE1 router, which is AS 100. As the AS numbers of both PE1 and PE2 routers match, indicating they belong to the same confederation, PE2 drops the route in accordance with the split horizon rule. Hence these routers do not learn each others routes. The PE1 and PE2 routers are part of the same confederation and have different AS numbers. In this case, the allowas-in command, which prevents dropping of the routes coming from a peer router of the same autonmous system, is not enough to allow the loop detection to be bypassed. Because of this, PE2 will not be able to learn prefixes from PE1 router. To override the split horizon rule and prevent PE2 from discarding the learned route, configure the allowconfedas-in command on both the PE1 and PE2 routers. The allowconfedas-in command enables you to configure the frequency with which peer routers within the same confederation learn from each other.

Figure 2. Peering Between BGP Routers Within the Same Confederation

Terminology

Autonomous Systems:

BGP, operating as an Exterior Gateway Protocol (EGP), establishes loop-free interdomain routing between autonomous systems (AS). An AS comprises routers under single administration, utilizing IGPs for internal routing. Additionally, it employs EGP to route packets beyond its boundaries.

Sub-Autonomous System

A sub-autonomous system is a distinct subset within a larger autonomous system, possessing individual administrative control. It operates with specific routing policies, contributing to the hierarchical organization and efficient management of network configurations.

Confederation:

To reduce the iBGP mesh, an autonomous system can be segmented into sub-autonomous systems organized into a confederation. Externally, this confederation appears as a single autonomous system. Internally, each autonomous system is fully meshed but maintains limited connections to others in the same confederation. Peers in different autonomous systems engage in eBGP sessions, exchanging routing information resembling iBGP peers, preserving vital parameters like next hop, MED, and local preference.

Autonomous System Number

The Autonomous System Number (ASN) is crucial in networking, serving as a unique identifier for autonomous systems, including sub-autonomous systems within a confederation.

Split Horizon

Split horizon, a network protocol routing rule, boosts stability by prohibiting routers in the same confederation from sharing routes. It prevents a router from advertising routes back to the network from which it learned them. This prevents potential loops, ensuring accurate network topology views and enabling efficient data forwarding, thereby addressing routing issues.

Restrictions for Peering Between BGP Routers Within the Same Confederation

Peer routers within a confederation are restricted in the frequency at which they can exchange information with each other on configuring the allowconfedas-in command. The number of times they can share information ranges from 1 to 10. The default value is 3.

Configure Peering Between BGP Routers Within the Same Confederation

Configuration Example

To enable peering between routers that exist in the same confederation, perform the following steps:

  • Enter router configuration mode.

  • Assign BGP autonomous systems belonging to a confederation.

  • Assign an identifier to the confederation.

  • Place the router in neighbor configuration mode for routing and configure the neighbor IP address as a BGP peer.

  • Specify either the IPv4 or IPv6 address family and enter address family configuration submode.

  • Enable peer routers in the same confederation to learn from each other for a specified number of times.

Router# router bgp 65001
Router(config-bgp)# bgp confederation peers 65002
Router(config-bgp)# bgp confederation identifier 100
Router(config-bgp)# neighbor 198.51.100.3
Router(config-bgp-nbr)# address-family ipv4 unicast
Router(config-bgp-nbr-af)# allowconfedas-in 1

Running Configuration


router bgp 65001
 bgp confederation peers 65002
 bgp confederation identifier 100
 neighbor 198.51.100.3
  address-family ipv4 unicast
   allowconfedas-in 1

Verification

Verify the learning of routes among BGP peers. This output shows that the peers within the same confederation have learned from each others' routes, and the learning among peers has occurred thrice. 

show bgp neighbor 198.51.100.3 | in allow
Fri Mar  7 15:38:13.092 +0530
  Inbound soft reconfiguration allowed (override route-refresh)
  My confederation AS number is allowed 3 times in received updates.

Virtual Routing Forwarding Next Hop Routing Policy

Table 7. Feature History Table

Feature Name

Release Name

Description
Virtual Routing Forwarding Next Hop Routing Policy Release 7.11.1

Introduced in this release on:NCS 5500 modular routers(NCS 5500 line cards)

You can now enable a route policy at the BGP next-hop attach point to limit notifications delivered to BGP for specific prefixes, which equips you with better control over routing decisions, and allows for precise traffic engineering and security compliance for each VRF instance, and helps establish redundant paths specific to each VRF.

The feature introduces these changes:

CLI:

Modified Command:

YANG Data Model

  • New XPaths for

    Cisco-IOS-XR-ipv4-bgp-cfg.yang

  • Cisco-IOS-XR-um-router-bgp-cfg

(see GitHub, YANG Data Models Navigator)

Overview

This functionality enables the extension of BGP capabilities by permitting the configuration of next-hop route policies on specific VRFs. A technique within BGP route policies allows limiting notifications for specific prefixes, optimizing BGP routing within a VRF. When dealing with scenarios requiring VRF-specific route policies for BGP, configuring a route policy at the BGP next-hop attach point becomes crucial.

The following are some of the benefits of applying next-hop route policies on individual VRFs:

  • Enabling next-hop route policies at the Virtual Routing and Forwarding (VRF) instances level provides network administrators with better control over routing decisions within each VRF instance.

  • Implementing next-hop route policies within VRF instances allows for precise traffic engineering and optimization management. VRFs might have specific traffic routing requirements, taking into account criteria like latency, bandwidth, or preferred routes.

  • Implementing policies on individual VRF instances assures precise security compliance, addressing unique VRF needs. Traffic adheres strictly, following defined rules and access controls.

  • Configuring next-hop route policies at the VRF level is critical for establishing failover mechanisms or redundant paths specific to each VRF. This ensures high availability and reliability within the VRF boundaries.

Configure VRF Next Hop Policy

To enable next hop route policy on a VRF table, perform the following steps:

  • Configure a route policy and enter route-policy configuration mode.

  • Define the route policy to help limit notifications delivered to BGP for specific prefixes.

  • Drop the prefix of the routes that matches the conditions set in the route policy.

  • Enable BGP routing and enter the router configuration mode.

  • Configure a VRF.

  • Configure an IPv4 or IPv6 address family.

  • Configure route policy filtering using next hops.


Router(config)# route-policy nh-route-policy
Router(config-rpl)# if destination in (10.1.1.0/24) and protocol in (connected, static) then
Router(config-rpl-if)# drop
Router(config-rpl-if)# endif
Router(config-rpl)# end-policy
Router(config-rpl)# exit
Router(config)# router bgp 500
Router(config-bgp)# vrf vrf10 
Router(config-bgp-vrf)# address-family ipv4 unicast
Router(config-bgp-vrf-af)# nexthop route-policy nh-route-policy

Running Configuration


route-policy nh-route-policy
 if destination in (10.1.1.0/24) and protocol in (connected, static) then
  drop
  endif
end-policy
!

router bgp 500
 vrf vrf10 
  address-family ipv4 unicast
    nexthop route-policy nh-route-policy

Verification

Verify that the configurred next route hop policy is enabled in a VRF table. The "BGP table nexthop route policy" field indicates the route policy used to determine the next hop for BGP routes in the specified VRF instance VRF1. 

Router# show bgp vrf vrf1 ipv4 unicast 
Fri Jul  7 15:51:16.309 +0530
BGP VRF vrf1, state: Active
BGP Route Distinguisher: 1:1
VRF ID: 0x6000000b
BGP router identifier 10.1.1.1, local AS number 65001
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe000000b   RD version: 1356
BGP table nexthop route policy: nh-route-policy --> This is the same route policy that was configured.
BGP main routing table version 1362
BGP NSR Initial initsync version 1355 (Reached)
BGP NSR/ISSU Sync-Group versions 1362/0

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
 Network           Next Hop      Metric  LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf vrf1)
Route Distinguisher Version: 1356
*> 10.1.1.0/24      0.0.0.0       0       32768  ?
*> 192.0.2.0/24     10.1.1.1      0       32768  ?
*> 198.50.100.0/24  10.1.1.1      0               101  i