BGP Dynamic Neighbors

Earlier, IOS-XR supported explicitly configured or static neighbor configuration. BGP dynamic neighbor support allows BGP peering to a group of remote neighbors that are defined by a range of IP addresses. Each range can be configured as a subnet IP address.

In larger BGP networks, implementing BGP dynamic neighbors can reduce the amount and complexity of CLI configuration and save CPU and memory usage. Both IPv4 and IPv6 peering are supported.

Configuring BGP Dynamic Neighbors using Address Range

The existing neighbor command is extended to accept a prefix instead of an address.

In the following task, Router B is configured as a remote BGP peer. After a subnet range is configured, a TCP session is initiated by Router B which has an IP address in the subnet range and a new BGP neighbor is dynamically established.

After the initial configuration of subnet ranges and activation of the peer neighbor, dynamic BGP neighbor creation does not require any further CLI configuration on the Router A.

Configuration

Router# configure
Router(config)# router bgp as-number
Router(config-bgp)# neighbor address prefix 
Router(config-bgp-nbr)# remote-as as-number
Router(config-bgp-nbr)# update-source interface 
Router(config-bgp-nbr)# address-family ipv4 unicast 
Router# commit

Running Configuration

Router# show running-config router bgp

router bgp 100
address-family ipv4 unicast
!
neighbor 12.12.12.0/24
  remote-as 100
  update-source TenGigE0/0/0/5
  address-family ipv4 unicast
  !
!
!

Configuring BGP Dynamic Neighbors Using Address Range With Authentication

The following task shows how to configure BGP dynamic neighbors using address range with Message Digest 5 (MD5) authentication.

Router# configure
Router(config)# router bgp as-number
Router(config-bgp)# neighbor address prefix 
Router(config-bgp-nbr)# remote-as as-number 
Router(config-bgp-nbr)# password {clear | encrypted} password
Router(config-bgp-nbr)# update-source interface
Router(config-bgp-nbr)# address-family ipv4 unicast 
Router# commit

Running Configuration

Router# show running-config router bgp

router bgp 100
address-family ipv4 unicast
!
neighbor 12.12.12.0/24
  remote-as 100
  password encrypted 053816063349401D
  update-source TenGigE0/0/0/5
  address-family ipv4 unicast
  !
!
!

Configuring EA Authentication

The following task shows how to configure the EA authentication.


Note

Configuring EA authentication is a prerequisite for configuring BGP dynamic neighbors with EA authentication.



RP/0/RP0/CPU0:R1(config)# key chain bgp_ea
RP/0/RP0/CPU0:R1(config-bgp_ea)# key 1
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# accept-lifetime 00:00:00 january 01 2019 infinite
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# key-string bgp_ea_key
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# send-lifetime 00:00:00 january 01 2019 infinite
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# cryptographic-algorithm HMAC-SHA1-12 
RP/0/RP0/CPU0:R1(config-bgp_ea-1)# root
RP/0/RP0/CPU0:R1(config)# commit
Sat Sep  5 10:30:37.219 UTC
RP/0/RP0/CPU0:R1(config)# show run key chain 
Sat Sep  5 10:30:41.976 UTC
key chain bgp_ea
 key 1
  accept-lifetime 00:00:00 january 01 2019 infinite
  key-string password 01110114640E07302A4957
  send-lifetime 00:00:00 january 01 2019 infinite
  cryptographic-algorithm HMAC-SHA1-12
 !
!
RP/0/RP0/CPU0:R1# show install active summary 
Sat Sep  5 10:36:51.537 UTC
Active Packages:    XR: 115    All: 1080
Label:              7.0.1

Optional Packages                                                        Version
---------------------------------------------------- ---------------------------
xr-bgp                                                             7.0.1v1.0.0-1

The following task shows how to configure BGP dynamic neighbors using address range with EA authentication.

Router# configure
Router(config)# router bgp as-number
Router(config-bgp)# neighbor address prefix 
Router(config-bgp-nbr)# remote-as as-number 
Router(config-bgp-nbr)# keychain bgp_ea
Router(config-bgp-nbr)# address-family ipv4 unicast 
Router(config-bgp-nbr)# route-policy name 
Router(config-bgp-nbr)# route-policy name
Router# commit

Running Configuration


router bgp 100
neighbor 6.1.1.2
  remote-as 200
  keychain bgp_ea
  address-family ipv4 unicast
   route-policy bgp_policy in
   route-policy bgp_policy out
  !

Maximum-peers and Idle-watch timeout

In the following task, maximum-peers and idle-watch timeout commands are configured for a remote BGP peer.

Configuration

Router# configure
Router(config)# router bgp as-number
Router(config-bgp)# neighbor address prefix
Router(config-bgp-nbr)# remote-as as-number
Router(config-bgp-nbr)# password {clear | encrypted} password
Router(config-bgp-nbr)# maximum-peers number
Router(config-bgp-nbr)# update-source interface 
Router(config-bgp-nbr)# idle-watch-time number
Router(config-bgp-nbr)# address-family ipv4 unicast 
Router# commit

Running Configuration

Router# show running-config router bgp
router bgp 100
address-family ipv4 unicast
!
neighbor 12.12.12.0/24
  remote-as 100
  password encrypted 053816063349401D
  maximum-peers 10
  update-source TenGigE0/0/0/5
  idle-watch-time 40
  address-family ipv4 unicast
  !
!
!