BGP Dynamic Neighbors

Border Gateway Protocol (BGP) dynamic neighbor support allows BGP peering to a group of remote neighbors that are defined by a range of IP addresses. Each range can be configured as a subnet IP address. BGP dynamic neighbors are configured using a range of IP addresses and BGP peer groups.

Information About BGP Dynamic Neighbors

Overview

Support for the BGP Dynamic Neighbors feature was introduced in Cisco IOS Release 12.2(33)SXH on the Cisco Catalyst 6500 series switches. BGP dynamic neighbor support allows BGP peering to a group of remote neighbors that are defined by a range of IP addresses. Each range can be configured as a subnet IP address. BGP dynamic neighbors are configured using a range of IP addresses and BGP peer groups.

In Cisco IOS XE Denali 16.3 release, support for BGP dynamic neighbors was extended to IPv6 BGP peering with VRF support.

From Cisco IOS XE Dublin 17.11.1a release, support for BGP dynamic neighbors is extended to the following address families:
  • Layer 2 VPN Ethernet VPN (EVPN)
  • Layer 2 VPN Virtual Private LAN Service (VPLS)
  • IPv4 FlowSpec
  • IPv4 MDT
  • IPv4 Multicast
  • IPv4 Multicast VPN (MVPN)
  • IPv6 FlowSpec
  • IPv6 Multicast
  • IPv6 Multicast VPN (MVPN)
  • Link-State
  • Network Service Access Point (NSAP)
  • RT-filter

After a subnet range is configured for a BGP peer group and a TCP session is initiated by another router for an IP address in the subnet range, a new BGP neighbor is dynamically created as a member of that group. After the initial configuration of subnet ranges and activation of the peer group (referred to as a listen range group ), dynamic BGP neighbor creation does not require any further CLI configuration on the initial router. Other routers can establish a BGP session with the listening router, but the initial router need not establish a BGP session to other routers if the IP address of the remote peer used for the BGP session is not within the configured range.

To support the BGP Dynamic Neighbors feature, the output for the show ip bgp neighbors , show ip bgp peer-group , and show ip bgp summary commands was updated to display information about dynamic neighbors.

A dynamic BGP neighbor will inherit any configuration for the peer group. In larger BGP networks, implementing BGP dynamic neighbors can reduce the amount and complexity of CLI configuration and save CPU and memory usage.

Block BGP Dynamic Neighbor Sessions

From Cisco IOS XE Amsterdam 17.2.1, you can block a router from establishing BGP dynamic neighbor sessions with certain nodes in a BGP peer group. Identify a target nodes using its IP address. To block a router from establishing a BGP dynamic neighbor session to a node, use the bgp listen block {ipv4-address|ipv6-address} command.


Note

Use the bgp listen block {ipv4-address | ipv6-address} command in router BGP mode to exclude a neighbour if you require a static peer in the listen range. This permits the listen subnet range to contain both static and dynamic peers.

When you block a router from establishing a BGP dynamic neighbor session to a node, any existing BGP dynamic neighbor session between the router and the node is terminated, and the router does not make future attempts to establish a BGP dynamic neighbor session with the node. The block command does not impact static BGP neighbor sessions.

How to Configure BGP Dynamic Neighbors

Implementing BGP Dynamic Neighbors Using Subnet Ranges

In Cisco IOS Release 12.2(33)SXH, support for BGP dynamic neighbors was introduced. Perform this task to implement the dynamic creation of BGP neighbors using subnet ranges.

In this task, a BGP peer group is created on Router B in the figure below, a global limit is set on the number of dynamic BGP neighbors, and a subnet range is associated with a peer group. Configuring the subnet range enables the dynamic BGP neighbor process. The peer group is added to the BGP neighbor table of the local router, and an alternate autonomous system number is also configured. The peer group is activated under the IPv4 address family.

The next step is to move to another router—Router E in the figure below—where a BGP session is started and the neighbor router, Router B, is configured as a remote BGP peer. The peering configuration opens a TCP session and triggers Router B to create a dynamic BGP neighbor because the IP address that starts the TCP session (192.168.3.2) is within the configured subnet range for dynamic BGP peers. The task moves back to the first router, Router B, to run three show commands that have been modified to display dynamic BGP peer information.

Note

We recommend that you keep the listen limit and listen range the same as the planned neighbor count in order to prevent unexpected peers.

Figure 1. BGP Dynamic Neighbor Topology

Before you begin

This task requires Cisco IOS Release 12.2(33)SXH, or a later release, to be running.


Note

This task supports only IPv4 BGP peering.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router bgp autonomous-system-number
  4. bgp log-neighbor-changes
  5. neighbor peer-group-name peer-group
  6. bgp listen [limit max-number ]
  7. bgp listen [limit max-number | range network / length peer-group peer-group-name ]
  8. neighbor {ip-address | ipv6-address | peer-group-name } ebgp-multihop [ ttl ]
  9. neighbor peer-group-name remote-as autonomous-system-number [alternate-as autonomous-system-number... ]
  10. address-family ipv4
  11. neighbor peer-group-name activate
  12. end
  13. Move to another router that has an interface within the subnet range for the BGP peer group configured in this task.
  14. enable
  15. configure terminal
  16. router bgp autonomous-system-number
  17. neighbor {ip-address | peer-group-name } remote-as autonomous-system-number [alternate-as autonomous-system-number... ]
  18. Return to the first router.
  19. show ip bgp ipv4 summary
  20. show ip bgp ipv4 peer-group [peer-group-name ] [summary ]
  21. show ip bgp ipv4 neighbors [ip-address ]

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


RouterB> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

  • The configuration is entered on router B.

Step 2

configure terminal

Example:


RouterB# configure terminal

Enters global configuration mode.

Step 3

router bgp autonomous-system-number

Example:


RouterB(config)# router bgp 64503

Enters router configuration mode for the specified routing process.

Step 4

bgp log-neighbor-changes

Example:


RouterB(config-router)# bgp log-neighbor-changes

(Optional) Enables logging of BGP neighbor status changes (up or down) and neighbor resets.

  • Use this command for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network and should be investigated.

Step 5

neighbor peer-group-name peer-group

Example:


RouterB(config-router)# neighbor group192 peer-group

Creates a BGP peer group.

  • In this example, a peer group named group192 is created. This group will be used as a listen range group.

Step 6

bgp listen [limit max-number ]

Example:


RouterB(config-router)# bgp listen limit 200

Sets a global limit of BGP dynamic subnet range neighbors.

  • Use the optional limit keyword and max-number argument to define the maximum number of BGP dynamic subnet range neighbors that can be created.

Note

 

Only the syntax applicable to this task is used in this example. For the complete syntax, see Step 7.

Step 7

bgp listen [limit max-number | range network / length peer-group peer-group-name ]

Example:


RouterB(config-router)# bgp listen range 192.168.0.0/16 peer-group group192

Associates a subnet range with a BGP peer group and activates the BGP dynamic neighbors feature.

  • Use the optional limit keyword and max-number argument to define the maximum number of BGP dynamic neighbors that can be created.

  • Use the optional range keyword and network / length argument to define a prefix range to be associated with the specified peer group.

  • In this example, the prefix range 192.168.0.0/16 is associated with the listen range group named group192.

Step 8

neighbor {ip-address | ipv6-address | peer-group-name } ebgp-multihop [ ttl ]

Example:


RouterB(config-router)# neighbor group192 ebgp-multihop 255

Accepts and attempts BGP connections to external peers residing on networks that are not directly connected.

Step 9

neighbor peer-group-name remote-as autonomous-system-number [alternate-as autonomous-system-number... ]

Example:


RouterB(config-router)# neighbor group192 remote-as 64501 alternate-as 64502

Adds the IP address or peer group name of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

  • Use the optional alternate-as keyword and autonomous-system-number argument to identify up to five alternate autonomous system numbers for listen range neighbors.

  • In this example, the peer group named group192 is configured with two possible autonomous system numbers.

Note

 

The alternate-as keyword is used only with the listen range peer groups, not with individual BGP neighbors.

Step 10

address-family ipv4

Example:


RouterB(config-router)# address-family ipv4 unicast

Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations.

Step 11

neighbor peer-group-name activate

Example:


RouterB(config-router-af)# neighbor group192 activate

Activates the neighbor or listen range peer group for the configured address family.

  • In this example, the neighbor 172.16.1.1 is activated for the IPv4 address family.

Note

 

Usually BGP peer groups cannot be activated using this command, but the listen range peer groups are a special case.

Step 12

end

Example:


RouterB(config-router-af)# end

Exits address family configuration mode and returns to privileged EXEC mode.

Step 13

Move to another router that has an interface within the subnet range for the BGP peer group configured in this task.

Step 14

enable

Example:


RouterE> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

  • The configuration is entered on Router E.

Step 15

configure terminal

Example:


RouterE# configure terminal

Enters global configuration mode.

Step 16

router bgp autonomous-system-number

Example:


RouterE(config)# router bgp 64502

Enters router configuration mode for the specified routing process.

Step 17

neighbor {ip-address | peer-group-name } remote-as autonomous-system-number [alternate-as autonomous-system-number... ]

Example:


RouterE(config-router)# neighbor 192.168.3.1 remote-as 64503

Adds the IP address or peer group name of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

  • In this example, the interface (192.168.3.2 in the figure above) at Router E is with the subnet range set for the BGP listen range group, group192. When TCP opens a session to peer to Router B, Router B creates this peer dynamically.

Step 18

Return to the first router.

Step 19

show ip bgp ipv4 summary

Example:


RouterB# show ip bgp ipv4 summary

(Optional) Displays the BGP path, prefix, and attribute information for all connections to BGP neighbors.

  • In this step, the configuration has returned to Router B.

Step 20

show ip bgp ipv4 peer-group [peer-group-name ] [summary ]

Example:


RouterB# show ip bgp ipv4 peer-group group192

(Optional) Displays information about BGP peer groups.

Step 21

show ip bgp ipv4 neighbors [ip-address ]

Example:


RouterB# show ip bgp ipv4 neighbors 192.168.3.2

(Optional) Displays information about BGP and TCP connections to neighbors.

  • In this example, information is displayed about the dynamically created neighbor at 192.168.3.2. The IP address of this BGP neighbor can be found in the output of either the show ip bgp summary or the show ip bgp peer-group command.

Note

 

Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS IP Routing: BGP Command Reference.

Examples

The following output examples were taken from Router B in the figure above after the appropriate configuration steps in this task were completed on both Router B and Router E.

The following output from the show ip bgp summary command shows that the BGP neighbor 192.168.3.2 was dynamically created and is a member of the listen range group, group192. The output also shows that the IP prefix range of 192.168.0.0/16 is defined for the listen range named group192. 


Router# show ip bgp summary
BGP router identifier 192.168.3.1, local AS number 64503
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
*192.168.3.2    4 64502       2       2        0    0    0 00:00:37        0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1/(200 max), Subnet ranges: 1
BGP peergroup group192 listen range group members: 
  192.168.0.0/16

The following output from the show ip bgp peer-group command shows information about the listen range group, group192 that was configured in this task: 


Router# show ip bgp peer-group group192
BGP peer-group is group192,  remote AS 64501
  BGP peergroup group192 listen range group members: 
  192.168.0.0/16 
  BGP version 4
  Default minimum time between advertisement runs is 30 seconds
 For address family: IPv4 Unicast
  BGP neighbor is group192, peer-group external, members:
  *192.168.3.2 
  Index 0, Offset 0, Mask 0x0
  Update messages formatted 0, replicated 0
  Number of NLRIs in the update sent: max 0, min 0

The following sample output from the show ip bgp neighbors command shows that the neighbor 192.168.3.2 is a member of the peer group, group192, and belongs to the subnet range group 192.168.0.0/16, which shows that this peer was dynamically created: 


Router# show ip bgp neighbors 192.168.3.2
BGP neighbor is *192.168.3.2,  remote AS 64502, external link
 Member of peer-group group192 for session parameters
 Belongs to the subnet range group: 192.168.0.0/16
  BGP version 4, remote router ID 192.168.3.2
  BGP state = Established, up for 00:06:35
  Last read 00:00:33, last write 00:00:25, hold time is 180, keepalive intervals
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
    
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                0          0
    Keepalives:             7          7
    Route Refresh:          0          0
    Total:                  8          8
  Default minimum time between advertisement runs is 30 seconds
 For address family: IPv4 Unicast
  BGP table version 1, neighbor version 1/0
  Output queue size : 0
  Index 1, Offset 0, Mask 0x2
  1 update-group member
  group192 peer-group member
.
.
.

Configuring BGP Dynamic Neighbor Support for L2VPN EVPN

To configure BGP Dynamic Neighbor Support for L2VPN EVPN, perform these steps.

Before you begin

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router bgp autonomous-system-number
  4. bgp log-neighbor-changes
  5. neighbor peer-group-name peer-group
  6. bgp listen [limit max-number ]
  7. bgp listen [limit max-number | range network / length peer-group peer-group-name ]
  8. neighbor {ip-address | ipv6-address | peer-group-name } ebgp-securityhop [ ttl ]
  9. neighbor peer-group-name remote-as autonomous-system-number [alternate-as autonomous-system-number... ]
  10. address-family l2vpn evpn
  11. neighbor peer-group-name activate
  12. end
  13. enable
  14. configure terminal
  15. router bgp autonomous-system-number
  16. neighbor {ip-address | peer-group-name } remote-as autonomous-system-number [alternate-as autonomous-system-number... ]
  17. address-family l2vpn evpn
  18. neighbor {ip-address | peer-group-name } activate
  19. end
  20. Return to the first router.
  21. show ip bgp l2vpn evpn summary
  22. show ip bgp l2vpn evpn peer-group [peer-group-name ] [summary ]
  23. show ip bgp l2vpn evpn neighbors [ip-address ]

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


RouterB> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Note

 

This configuration is entered on router B.

Step 2

configure terminal

Example:


RouterB# configure terminal

Enters global configuration mode.

Step 3

router bgp autonomous-system-number

Example:


RouterB(config)# router bgp 64501

Enters router configuration mode for the specified routing process.

Step 4

bgp log-neighbor-changes

Example:


RouterB(config-router)# bgp log-neighbor-changes

(Optional) Enables logging of BGP neighbor status changes (up or down) and neighbor resets.

  • Use the bgp log-neighbor-changes command for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network and should be investigated.

Step 5

neighbor peer-group-name peer-group

Example:


RouterB(config-router)# neighbor group192 peer-group

Creates a BGP peer group.

  • In this example, a peer group named group192 is created. This group is used as a listen range group.

Step 6

bgp listen [limit max-number ]

Example:


RouterB(config-router)# bgp listen limit 200

Sets a global limit of BGP dynamic subnet range neighbors.

  • Use the optional limit keyword and max-number argument to define the maximum number of BGP dynamic subnet range neighbors that can be created.

Note

 

Only the syntax applicable to this task is used in this example. For the complete syntax, see Step 7.

Step 7

bgp listen [limit max-number | range network / length peer-group peer-group-name ]

Example:


RouterB(config-router)# bgp listen range 192.168.0.0/16 peer-group group192

Associates a subnet range with a BGP peer group and activates the BGP dynamic neighbors feature.

  • Use the optional limit keyword and max-number argument to define the maximum number of BGP dynamic neighbors that can be created.

  • Use the optional range keyword and network / length argument to define a prefix range to be associated with the specified peer group.

  • In this example, the prefix range 192.168.0.0/16 is associated with the listen range group named group192.

Step 8

neighbor {ip-address | ipv6-address | peer-group-name } ebgp-securityhop [ ttl ]

Example:


RouterB(config-router)# neighbor group192 ttl-security hops 2

Accepts and attempts BGP connections to external peers residing on networks that are not directly connected.

Step 9

neighbor peer-group-name remote-as autonomous-system-number [alternate-as autonomous-system-number... ]

Example:


RouterB(config-router)# neighbor group192 remote-as 64501 alternate-as 64502

Adds the IP address or peer group name of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

  • Use the optional alternate-as keyword and autonomous-system-number argument to identify up to five alternate autonomous system numbers for listen range neighbors.

  • In this example, the peer group named group192 is configured with two possible autonomous system numbers.

Note

 

The alternate-as keyword is used only with the listen range peer groups, not with individual BGP neighbors.

Step 10

address-family l2vpn evpn

Example:


RouterB(config-router)# address-family l2vpn evpn

Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations.

Step 11

neighbor peer-group-name activate

Example:


RouterB(config-router-af)# neighbor group192 activate

Activates the neighbor or listen range peer group for the configured address family.

  • In this example, the neighbor 192.168.5.7 is activated for the L2VPN EVPN address family.

Note

 

Usually, BGP peer groups cannot be activated using neighbor peer-group-name activate command, but the listen range peer groups are a special case.

Step 12

end

Example:


RouterB(config-router-af)# end

Exits address family configuration mode and returns to privileged EXEC mode.

Move to another router that has an interface within the subnet range for the BGP peer group configured in this task.

Step 13

enable

Example:


RouterE> enable

Enables privileged EXEC mode.Enter your password, if prompted.

Note

 

The configuration is entered on Router E.

Step 14

configure terminal

Example:


RouterE# configure terminal

Enters global configuration mode.

Step 15

router bgp autonomous-system-number

Example:


RouterE(config)# router bgp 64502

Enters router configuration mode for the specified routing process.

Step 16

neighbor {ip-address | peer-group-name } remote-as autonomous-system-number [alternate-as autonomous-system-number... ]

Example:


RouterE(config-router)# neighbor 192.168.3.1 remote-as 64503

Adds the IP address or peer group name of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

  • In this example, the interface (192.168.3.1 in the figure above) at Router E is with the subnet range set for the BGP listen range group, group192. When TCP opens a session to peer to Router B, Router B creates this peer dynamically.

Step 17

address-family l2vpn evpn

Example:


RouterE(config-router)# address-family l2vpn evpn

Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations.

Step 18

neighbor {ip-address | peer-group-name } activate

Example:


RouterE(config-router-af)# neighbor group192 activate

Activates the neighbor or listen range peer group for the configured address family.

  • In this example, the neighbor 192.168.1.1 is activated for the L2VPN EVPN address family.

Note

 

Usually, BGP peer groups cannot be activated using this command, but the listen range peer groups are a special case.

Step 19

end

Example:


RouterE(config-router-af)# end

Exits address family configuration mode and returns to privileged EXEC mode.

Step 20

Return to the first router.

Step 21

show ip bgp l2vpn evpn summary

Example:


RouterB# show ip bgp l2vpn evpn summary

(Optional) Displays the BGP path, prefix, and attribute information for all connections to BGP neighbors.

  • In this step, the configuration has returned to Router A.

Step 22

show ip bgp l2vpn evpn peer-group [peer-group-name ] [summary ]

Example:


RouterB# show ip bgp peer-group group192

(Optional) Displays information about BGP peer groups.

Step 23

show ip bgp l2vpn evpn neighbors [ip-address ]

Example:


RouterB# show ip bgp l2vpn evpn neighbors 192.168.3.2

(Optional) Displays information about BGP and TCP connections to neighbors.

  • In this example, information is displayed about the dynamically created neighbor at 192.168.3.2. The IP address of this BGP neighbor can be found in the output of either the show ip bgp l2vpn evpnsummary or the show ipbgp l2vpn evpnpeer-group command.

Note

 

Only the syntax applicable to this task is used in this example. For more details, see the Cisco IOS IP Routing: BGP Command Reference.

Verifying BGP Dynamic Neighbor Support for L2VPN EVPN address family

Use the show running-config | section router bgp command to view the configuration for L2VPN EVPN address family. 


RouterB# show running-config | section router bgp
router bgp 64503
 bgp log-neighbor-changes
 bgp listen range 192.168.0.0/16 peer-group group192
 bgp listen range 172.0.0.0/8 peer-group group172
 bgp listen range ABCD::/64 peer-group v6group
 bgp listen limit 200
 no bgp default ipv4-unicast
 neighbor group172 peer-group
 neighbor group172 remote-as 64503
 neighbor group192 peer-group
 neighbor group192 remote-as 64501 alternate-as 64502 
 neighbor v6group peer-group
 neighbor v6group remote-as 64502
 !
 address-family ipv4
 exit-address-family
 address-family l2vpn evpn
  neighbor group172 activate
  neighbor group172 send-community both
  neighbor group192 activate
  neighbor group192 send-community both
  neighbor v6group activate
  neighbor v6group send-community extended
 exit-address-family

After both Router B and Router E are configured, use the show ipbgp l2vpn evpnsummary command on Router B to view the regular BGP neighbor, 172.21.1.2, and the two BGP neighbors that were created dynamically when Router A and Router E initiated TCP sessions for BGP peering to Router B. The output also shows information about the configured listen range subnet groups. 


RouterB# sh ip bgp l2vpn evpn sum
BGP router identifier 192.168.0.1, local AS number 64503
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
*ABCD::2        4        64502       4       4        1    0    0 00:00:32        0
*172.0.0.2      4        64503       9       9        1    0    0 00:04:29        0
*192.168.0.2    4        64501       8       7        1    0    0 00:04:31        0
*192.168.0.3    4        64502       7       9        1    0    0 00:04:33        0
* Dynamically created based on a listen range command
Dynamically created neighbors: 4, Subnet ranges: 3

BGP peergroup group172 listen range group members: 
  172.0.0.0/8 
BGP peergroup group192 listen range group members: 
  192.168.0.0/16 
BGP peergroup v6group listen range group members: 
  ABCD::/64 
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
Total dynamically created neighbors: 4/(200 max), Subnet ranges: 3

The following output from the show ipbgp all summary command shows that the BGP neighbor 192.168.3.2 was dynamically created and is a member of the listen range group, group192. The output also shows that the IP prefix range of 192.168.0.0/16 is defined for the listen range named group192. Similarly, the same is seen for the IPv6 neighbor range group, v6group. 


RouterB# sh ip bgp all sum
For address family: L2VPN E-VPN
BGP router identifier 192.168.0.1, local AS number 64503
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
*ABCD::2        4        64502       4       4        1    0    0 00:00:03        0
*172.0.0.2      4        64503       8       8        1    0    0 00:04:00        0
*192.168.0.2    4        64501       8       6        1    0    0 00:04:02        0
*192.168.0.3    4        64502       7       8        1    0    0 00:04:05        0
* Dynamically created based on a listen range command
Dynamically created neighbors: 4, Subnet ranges: 3
BGP peergroup group172 listen range group members: 
  172.0.0.0/8 
BGP peergroup group192 listen range group members: 
  192.168.0.0/16 
BGP peergroup v6group listen range group members: 
  ABCD::/64 
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

Total dynamically created neighbors: 4/(200 max), Subnet ranges: 3

Configuring BGP IPv6 Dynamic Neighbor Support with VRF Support

In Cisco IOS XE Denali 16.3 release, support for BGP dynamic neighbors was extended to IPv6 BGP peering.


Note

You can also configure BGP IPv6 dynamic neighbors without VRF support.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router bgp autonomous-system-number
  4. bgp listen [limit max-number | range network / length peer-group peer-group-name ]
  5. address-family [ipv4 | ipv6 ] [mdt | multicast | unicast [vrf vrf-name ]]
  6. bgp listen [limit max-number ]
  7. neighbor peer-group-name peer-group
  8. neighbor peer-group-name remote-as autonomous-system-number [alternate-as autonomous-system-number... ]
  9. address-family [ipv4 | ipv6 ] [mdt | multicast | unicast [vrf vrf-name ]]
  10. neighbor peer-group-name activate
  11. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

  • The configuration is entered on router B.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

router bgp autonomous-system-number

Example:


Device(config)# router bgp 64503

Enters router configuration mode for the specified routing process.

Step 4

bgp listen [limit max-number | range network / length peer-group peer-group-name ]

Example:


Device(config-router)# bgp listen range 2001::0/64 peer-group group192

Associates a subnet range with a BGP peer group and activates the BGP dynamic neighbors feature.

  • Use the optional limit keyword and max-number argument to define the maximum number of BGP dynamic neighbors that can be created.

  • Use the optional range keyword and network / length argument to define a prefix range to be associated with the specified peer group.

  • In this example, the prefix range 2001::0/64 is associated with the listen range group named group192.

Step 5

address-family [ipv4 | ipv6 ] [mdt | multicast | unicast [vrf vrf-name ]]

Example:


Device(config-router-af)# address-family ipv6 unicast vrf vrf1

Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations.

Step 6

bgp listen [limit max-number ]

Example:


Device(config-router)# bgp listen limit 500

Specifies the maximum number of prefixes in VRF address family.

Step 7

neighbor peer-group-name peer-group

Example:


Device(config-router)# neighbor group192 peer-group

Creates a BGP peer group.

  • In this example, a peer group named group192 is created. This group will be used as a listen range group.

Step 8

neighbor peer-group-name remote-as autonomous-system-number [alternate-as autonomous-system-number... ]

Example:


Device(config-router)# neighbor group192 remote-as 101 alternate-as 102

Adds the IP address or peer group name of the neighbor in the specified autonomous system to the IPv6 BGP neighbor table.

  • Use the optional alternate-as keyword and autonomous-system-number argument to identify up to five alternate autonomous system numbers for listen range neighbors.

  • In this example, the peer group named group192 is configured with two possible autonomous system numbers.

Note

 

The alternate-as keyword is used only with the listen range peer groups, not with individual BGP neighbors.

Step 9

address-family [ipv4 | ipv6 ] [mdt | multicast | unicast [vrf vrf-name ]]

Example:


Device(config-router-af)# address-family ipv4 unicast vrf vrf1

Enable IPv4 address family for this peer-group.

Step 10

neighbor peer-group-name activate

Example:


Device(config-router-af)# neighbor group192 activate

Activates the neighbor or listen range peer group for the configured address family.

Step 11

end

Example:


Device(config-router-af)# end

Exits address family configuration mode and returns to privileged EXEC mode.

Verifying BGP IPv6 Dynamic Neighbor Configuration

Use the show ip bgp ipv6 unicast summary command to verify the BGP IPv6 unicast address family configuration in global routing table: 

Device# show ip bgp ipv6 unicast summary
BGP router identifier 192.168.3.1, local AS number 64503
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*2001::1 4 64502 2 2 0 0 0 00:00:37 0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1/(200 max), Subnet ranges: 1
BGP peergroup group192 listen range group members:
2001::0/64

Use the show ip bgp { ipv4 | ipv6 } unicast peer-group< name> command to verify the IPv6 dynamic neighbors configuration in global routing table: 

Device# show ip bgp ipv6 unicast peer-group group192 
BGP peer-group is group192, remote AS 64501
BGP peergroup group192 listen range group members:
2001::0/64
BGP version 4
Default minimum time between advertisement runs is 30 seconds
For address family: IPv6 Unicast
BGP neighbor is group192, peer-group external, members:
*2001::1
Index 0, Offset 0, Mask 0x0
Update messages formatted 0, replicated 0
Number of NLRIs in the update sent: max 0, min 0

You can use the following commands to verify the BGP IPv6 dynamic neighbors configuration in the VRF routing table:

  • show ip bgp vpnv6 unicast vrf <name> neighbors

  • show ip bgp vpnv6 unicast vrf <name> summary

  • show ip bgp vpnv6 unicast vrf <name> peer-group <name>

  • debug bgp [ipv6 | vpnv6 ] unicast range

Block BGP Dynamic Neighbor Session Establishment with a Node

Usage Notes

  • After you block BGP dynamic neighbor sessions to a node, the router rejects requests to create BGP dynamic neighbor sessions to the node.

  • You can configure multiple block commands at the router level.

  • The block command does not affect static BGP neighbor sessions.

  • The router does not verify whether the IP address specified with the block command falls in the IP address range of the dynamic peer group.

To block a router from establishing a BGP dynamic neighbor session with a node, use the router-level command bgp listen block {ipv4-address|ipv6-address} . 

router bgp 1
 bgp listen block ipv4-address
 bgp listen range subnet-ipv4-prefix/subnet-mask-length peer-group DYN_NBR_GROUP
 neighbor DYN_NBR_GROUP peer-group
 neighbor DYN_NBR_GROUP remote-as 200
 !
 address-family ipv4
  neighbor DYN_NBR_GROUP activate
 exit-address-family
!

You can use the bgp listen block {ipv4-address|ipv6-address} command to block dynamic neighbor sessions to global and VRF neighbors. To block dynamic neighbor sessions to VRF neighbors, use the command in the address family configuration mode. 

Example:
vrf definition example
 rd 1:1
 address-family ipv4
  route-target export 1:1
  route-target import 1:1
 
router bgp 100
 bgp listen range 10.0.101.0/24 peer-group dn-group-v4
 address-family ipv4 vrf example
  bgp listen block 10.0.101.103
  bgp listen block 10.0.101.106
  neighbor dn-group-v4 peer-group
  neighbor dn-group-v4 remote-as 1.101
  neighbor dn-group-v4 activate
 exit-address-family

To undo the blocking of BGP dynamic neighbor sessions to a node, use the command no bgp listen block {ipv4-address|ipv6-address} at the router-level or in the address family configuration mode.

View Blocked BGP Dynamic Neighbor Sessions

Use the show ip bgp summary command to view blocked BGP dynamic neighbor sessions. 

Router#show ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 10.16.16.100, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
*10.16.16.2     4          200      40      39        1    0    0 00:34:07        0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1, Subnet ranges: 1

BGP peergroup DYN_NBR_GROUP listen range group members: 
  10.16.16.0/24 

Blocked Dynamic sessions:
  10.16.16.1

Debug Blocked BGP Dynamic Neighbor Sessions

The following debugging events related to blocked BGP dynamic neighbor sessions are added to the output of the debug command debug ip bgp range [detail] :

  • Neighbor processing due to configuration of the block command or undoing the block configuration.

  • BGP sessions that are not formed because of the block configuration.

Configuration Examples for BGP Dynamic Neighbors

Example: Implementing BGP Dynamic Neighbors Using Subnet Ranges

In the following example, two BGP peer groups are created on Router B in the figure below, a global limit is set on the number of dynamic BGP neighbors, and a subnet range is associated with a peer group. Configuring the subnet range enables the dynamic BGP neighbor process. The peer groups are added to the BGP neighbor table of the local router, and an alternate autonomous system number is also configured for one of the peer groups, group192. The subnet range peer groups and a standard BGP peer are then activated under the IPv4 address family.

The configuration moves to another router—Router A in the figure below—where a BGP session is started and the neighbor router, Router B, is configured as a remote BGP peer. The peering configuration opens a TCP session and triggers Router B to create a dynamic BGP neighbor because the IP address that starts the TCP session (192.168.1.2) is within the configured subnet range for dynamic BGP peers.

A third router—Router E in the figure below—also starts a BGP peering session with Router B. Router E is in the autonomous system 64502, which is the configured alternate autonomous system. Router B responds to the resulting TCP session by creating another dynamic BGP peer.

This example concludes with the output of the show ip bgp summary command entered on Router B.

Figure 2. BGP Dynamic Neighbor Topology

Router B


enable
configure terminal
router bgp 64503
 bgp log-neighbor-changes
 bgp listen limit 200
 bgp listen range 172.21.0.0/16 peer-group group172  
 bgp listen range 192.168.0.0/16 peer-group group192   
 neighbor group172 peer-group
 neighbor group172 remote-as 64503
 neighbor group192 peer-group     
 neighbor group192 remote-as 64501 alternate-as 64502
 neighbor 172.16.1.2 remote-as 64503
 address-family ipv4 unicast 
 neighbor group172 activate
 neighbor group192 activate
 neighbor 172.16.1.2 activate
 end

Router A


enable
configure terminal
router bgp 64501
 neighbor 192.168.1.1 remote-as 64503
 exit

Router E


enable
configure terminal
router bgp 64502
 neighbor 192.168.3.1 remote-as 64503
 exit

After both Router A and Router E are configured, the show ip bgp summary command is run on Router B. The output displays the regular BGP neighbor, 172.16.1.2, and the two BGP neighbors that were created dynamically when Router A and Router E initiated TCP sessions for BGP peering to Router B. The output also shows information about the configured listen range subnet groups. 


BGP router identifier 192.168.3.1, local AS number 64503
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.1.2      4 64503      15      15        1    0    0 00:12:20        0
*192.168.1.2    4 64501       3       3        1    0    0 00:00:37        0
*192.168.3.2    4 64502       6       6        1    0    0 00:04:36        0
* Dynamically created based on a listen range command
Dynamically created neighbors: 2/(200 max), Subnet ranges: 2
BGP peergroup group172 listen range group members: 
  172.21.0.0/16  
BGP peergroup group192 listen range group members: 
  192.168.0.0/16

Example: Configuring BGP IPv6 Dynamic Neighbor Support with VRF Support

Configuring BGP IPv6 Dynamic Neighbor Support with VRF Support 


enable
configure terminal 
router bgp 55000 
  bgp listen range 2001::0/64 peer-group group182 
  bgp listen limit 600
  address-family ipv6 unicast vrf vrf2
    bgp listen limit 600 
    neighbor group182 peer-group
    neighbor group182 remote-as 103 alternate-as 104 
  exit-address-family
  address-family ipv4 unicast vrf vrf2 
    neighbor group182 activate 
  exit-address-family
    end

Configuring BGP IPv6 Dynamic Neighbor Support without VRF Support 


enable
configure terminal
router bgp 100
 bgp listen range 2001::0/64 peer-group group192
 bgp listen limit 500
 neighbor group192 peer-group
 neighbor group192 remote-as 64510 alternate-as 65511
 address family ipv6 unicast 
  neighbor group192 activate   
  address family ipv4 unicast 
  neighbor group192 activate
 end

Persistent Dynamic Neighbors

Persistent Dynamic Neighbor is a feature enhancement that will delay the deletion of dynamic neighbors even after the session is terminated. This feature prevents you from deleting the configured neighbors for a specified time or indefinitely after leaving the established state and therefore maintain the session information. The feature can be configured both globally and per peer-group. If the persistent feature is configured without a timer value, any dynamic neighbor associated with the configuration will be persistent indefinitely.

This functionality can also prove useful in other interoperability aspects like maximum-prefix and Non Stop Forwarding (NSF) that require maintaining the neighbor information after the session is no longer established.


Note

Note: If the persistent feature is configured without a timer value, any dynamic neighbor associated with the configuration will be persistent indefinitely. The persistent dynamic neighbor timer must be larger than the maximum-prefix restart timer when configured together. Similarly, restart timer can be of any value if the Persistent timer is indefinite. For more information on BGP Maximum Prefix see, BGP Maximum Prefix on IOS XE

How to configure Persistent Dynamic Neighbors

Configuring Persistent Dynamic Neighbor

Perform this task to configure Persistent Dynamic Neighbor.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. router bgp as-number
  4. bgp listen range <range> peer-group <pg> [persistent [<1-65535>]]
  5. bgp listen [persistent [<1-65535>]]
  6. neighbor peer-group-name peer-group
  7. neighbor peer-group-name remote-as autonomous-system-number
  8. address-family address-family
  9. neighbor { ip-address \ peer-group-name} activate
  10. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:
Device# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

Example:
Device# configure terminal

Enters Global Configuration mode.

Step 3

router bgp as-number

Example:
Device(config)# router bgp 3

Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.

Step 4

bgp listen range <range> peer-group <pg> [persistent [<1-65535>]]

Example:
Device(config-bgp)# bgp listen
range 1.1.1.0/24 peer-group DN
persistent 60

Note

 

Please use the bgp listen range peer group persistent command to enable Persistent Dynamic Neighbor per range group.

Specifies the time for the Persistent Dynamic timer.

Note

 

If no timer value is provided, dynamic neighbors will be persistent indefinitely.

Step 5

bgp listen [persistent [<1-65535>]]

Example:
Device(config-bgp)# bgp listen
range 1.1.1.0/24 peer-group DN
persistent 60

Note

 

Please use the bgp listen persistent command to enable Persistent Dynamic Neighbor globally.

Specifies the time for the Persistent Dynamic timer.

Step 6

neighbor peer-group-name peer-group

Example:
Device (config-bgp)# neighbor DN
peer-group

Creates a BGP peer group.

Step 7

neighbor peer-group-name remote-as autonomous-system-number

Example:
Device (config-bgp)# neighbor DN
remote-as 1000

Adds the IP address or peer group name of the neighbor in the specified autonomous system to the BGP neighbor table of the local router.

Step 8

address-family address-family

Example:
Device(config-bgp)# addressfamily
ipv4 unicast

Enable IPv4 address family for this peer-group and enters address family configuration submode.

Step 9

neighbor { ip-address \ peer-group-name} activate

Example:
(config-bgp-nbr-af)# neighbor DN
activate

Activates the neighbor or listen range peer group for the configured address family.

Step 10

end

Example:
Device(config-bgp-nbr-af)# end

Exits address family configuration mode and returns to privileged EXEC mode.

Configuration Example for Persistent Dynamic Neighbor

The following example shows how to configure BGP Persistent Dynamic Neighbor feature for the IPv4 address family:

Router bgp 3
bgp listen range 1.1.1.0/24 peer-group DN persistent 60
neighbor DN peer-group
neighbor DN remote-as 1000
address-family ipv4 unicast
neighbor DN activate

Troubleshooting

The following output from the show ip bgp [address-family] summary command shows the added additional information about the number of persistent dynamic neighbors 

Router# show ip bgp ipv4 unicast summary
BGP router identifier 10.0.96.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*10.0.101.1 4 1 3 4 1 0 0 00:00:19 0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1 (1 persistent), Subnet ranges: 4
BGP peergroup DN1 listen range group members:
10.0.0.0/16
Number of dynamically created neighbors in vrf red: 2/(200 max)
Total dynamically created neighbors: 4/(400 max) (4 persistent), Subnet ranges: 4
The following output from the show ip bgp neighbor A.B.C.D command shows the added additional information about if/when the neighbor will be deleted.
Router# show ip bgp neighbors 10.0.101.1
BGP neighbor is *10.0.101.1, remote AS 1, external link
Member of peer-group DN1 for session parameters
Belongs to the subnet range group: 10.0.0.0/16
BGP version 4, remote router ID 0.0.0.0
BGP state = Idle, down for 00:00:02
Persistent Dynamic Neighbor:
persistence timer: 1
deleting in: 1 minutes
Last update received: n/a
...

The following output from the clear ip bgp X.X.X.X command shows that persistent dynamic neighbors can be cleaned.

In the following example, a soft reconfiguration is initiated for the inbound session with the neighbor 10.100.0.1, and the outbound session is unaffected:
Router# clear ip bgp 10.100.0.1 soft in
In the following example, the route refresh capability is enabled on the BGP neighbor routers and a soft reconfiguration is initiated for the inbound session with the neighbor 172.16.10.2, and the outbound session is unaffected:
Router# clear ip bgp 172.16.10.2 in
In the following example, a hard reset is initiated for sessions with all routers in the autonomous system numbered 35700:
Router# clear ip bgp 35700
In the following example, a hard reset is initiated for sessions with all routers in the 4-byte autonomous system numbered 65538 in asplain notation. This example requires Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, or a later release.
Router# clear ip bgp 65538
In the following example, a hard reset is initiated for sessions with all routers in the 4-byte autonomous system numbered 1.2 in asdot notation. This example requires Cisco IOS Release 12.0(32)SY8, 12.0(32)S12, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, 12.4(24)T, and Cisco IOS XE Release 2.3, or a later release.
Router# clear ip bgp 1.2

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

BGP commands

Cisco IOS IP Routing: BGP Command Reference

Standards and RFCs

Standard/RFC

Title

RFC 2918

Route Refresh Capability for BGP-4

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for BGP Dynamic Neighbors

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1. Feature Information for BGP Dynamic Neighbors

Feature Name

Releases

Feature Information

BGP Dynamic Neighbors

BGP dynamic neighbor support allows BGP peering to a group of remote neighbors that are defined by a range of IP addresses. Each range can be configured as a subnet IP address. BGP dynamic neighbors are configured using a range of IP addresses and BGP peer groups. After a subnet range is configured for a BGP peer group and a TCP session is initiated for an IP address in the subnet range, a new BGP neighbor is dynamically created as a member of that group. The new BGP neighbor will inherit any configuration for the peer group.

The following commands were introduced or modified by this feature: bgp listen, debug ip bgp range, neighbor remote-as, show ip bgp neighbors, show ip bgp peer-group, and show ip bgp summary.

BGP IPv6 Dynamic Neighbor Support and VRF Support

Cisco IOS XE Denali 16.3.1

In Cisco IOS XE Denali 16.3 release, support for BGP dynamic neighbors was extended to IPv6 BGP peering with support for VRF.

The following commands were introduced or modified by this feature: bgp listen, debug ip bgp range, neighbor remote-as, show bgp neighbors, show bgp summary, show bgp vpnv6 unicast vrf neighbors, show bgp vpnv6 unicast vrf peer-group , show bgp vpnv6 unicast vrf summary.

Block BGP Dynamic Neighbor Sessions

Cisco IOS XE Amsterdam 17.2.1

From IOS XE Release 17.2.1, you can block a router from forming BGP dynamic neighbor sessions with certain nodes in a BGP peer group by identifying these nodes by their IP addresses.

The following commands are introduced or modified: bgp listen block {ipv4-address|ipv6-address} , show ip bgp summary , debug ip bgp range [detail] .

BGP Dynamic Neighbor Support for L2VPN EVPN and other address families

Cisco IOS XE Dublin 17.11.1a
From Cisco IOS XE Dublin 17.11.1a release, support for BGP dynamic neighbors is extended to the following address families:
  • Layer 2 VPN Ethernet VPN (EVPN)
  • Layer 2 VPN Virtual Private LAN Service (VPLS)
  • IPv4 FlowSpec
  • IPv4 MDT
  • IPv4 Multicast
  • IPv4 Multicast VPN (MVPN)
  • IPv6 FlowSpec
  • IPv6 Multicast
  • IPv6 Multicast VPN (MVPN)
  • Link-State
  • Network Service Access Point (NSAP)
  • RT-filter

Support for Persistence of BGP Dynamic Neighbors

Cisco IOX XE 17.13.1a

From IOS XE 17.13.1a, the device maintains the neighbor information even after the session is terminated. To configure this, use the bgp listen persistent command for all dynamic neighbors and bgp listen range peer-group persistent command for specific neighbors.