BGP
Operating Instructions
12/1543-AXI 101 09/1 Uen F
Copyright
© Ericsson AB 2017. All rights reserved. No part of this document may be
reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of
this document.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Contents
Contents
1
Overview
1
1.1
BGP Overview
1
1.2
About BGP
1
1.3
Prerequisites
19
1.4
Restrictions
19
2
Configuration
20
2.1
Configuration Command Hierarchy
20
2.2
Establish an iBGP Session
23
2.3
Establish an eBGP Session
26
2.4
Change a Session Password without Disruption
28
2.5
Redistribute Routes into BGP
31
2.6
Limit the Number of Installed Routes
34
2.7
Configure Route Filtering
37
2.8
43
2.9
Compare MEDs on Paths from Multiple Autonomous
Systems
Configure a Peer Group
2.10
Configure a Route Reflector
48
2.11
Configure a Confederation
54
2.12
Enable BGP Multipath Load Balancing
59
2.13
Advertise the Best External Path
62
2.14
Advertise a Diverse Path
65
2.15
Advertise "Next-Hop-Self" to iBGP Neighbors
70
2.16
Configure Fast Reset
74
2.17
Configure Next-Hop-Triggered Best-Path Calculation
77
2.18
Configure Graceful Restart
82
2.19
Enable Route-Flap Statistics
82
2.20
Enable BGP FRR of Pure IP Network
86
2.21
Enable BGP FRR of L3VPN Basic
90
2.22
Enable BGP FRR of Seamless MPLS
98
2.23
Enable BGP FRR of Inter-as Option B
101
2.24
Enable BGP FRR of Inter-as Option C
112
2.25
Change Route Refresh Mode from RR to ERR
119
2.26
Change Route Refresh Mode from ERR to RR
121
12/1543-AXI 101 09/1 Uen F | 2017-11-22
45
BGP
3
Operations
Reference List
125
128
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
1
Overview
1.1
BGP Overview
This document describes how to configure, monitor, and administer Border
Gateway Protocol (BGP).
This document does not include information on how to configure BGP Layer 3
VPNs (L3VPNs). To configure BGP L3VPNs, see BGP/MPLS VPN.
1.2
About BGP
BGP is an inter-Autonomous System (AS) routing protocol based on distancevector algorithms and uses TCP as its transport protocol. BGP is a protocol
between two BGP nodes or BGP speakers. TCP connection is first
established and then the two BGP speakers exchange dynamic routing
information over the connection. The exchange of messages is a BGP session
between BGP peers.
A BGP routing instance enables the router to be a BGP speaker. Many BGP
parameters that can affect the global routing process can be configured within
a BGP routing instance.
In addition to the base features for BGP-4 ( RFC 4271, A Border Gateway
Protocol 4 (BGP-4)), the BGP IETF drafts and RFCs listed in the Reference
List on page 128 are supported.
1.2.1
iBGP and eBGP
Routers that belong to the same AS and exchange BGP updates are running
iBGP. Routers that belong to different autonomous systems and exchange
BGP updates are running eBGP.
[unresolved external reference] illustrates the concept of autonomous systems
and iBGP versus eBGP.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
1
BGP
Figure 1
Autonomous Systems and iBGP versus eBGP Networks
For additional information, see revised error handling for BGP UPDATE
Messages (Internet Draft, Revised Error Handling for BGP UPDATE
Messages, draft-ietf-idr-error-handling-18 ).
1.2.2
iBGP Route Reflectors
Typically, iBGP speakers must be fully meshed. Any BGP speaker that
receives messages from an external router must advertise the routes it
receives to all BGP speakers in its AS. However, if a route reflector is
configured, although it must have connections to all other BGP speakers in the
AS, not all other BGP speakers must be fully meshed. When a BGP speaker
in the AS receives messages from an external router, it is sufficient to
advertise these routes only to the route reflector, which then readvertises the
best path of each route to all other BGP speakers in the AS.
Internal peers of the route reflector are divided into two groups: client peers
and nonclient peers. A route reflector reflects routes between these two
groups. The route reflector and its client peers form a cluster. Nonclient peers
must be fully meshed with each other. Client peers are not required to be fully
meshed and do not communicate with BGP speakers outside their cluster. If it
is required, peer client-to-peer client route reflection can be disabled.
When the route reflector receives an advertised route:
•
Any route from an eBGP speaker is advertised to all peers.
•
Any route from a nonclient peer is advertised to all client peers.
•
Any route from a client peer is advertised to all peers.
Figure 2 shows iBGP networking using route reflection.
2
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
Figure 2
Example of an iBGP Network Using Route Reflection
For additional information, see route reflection (RFC 4456, BGP Route
Reflection: An Alternative to Full Mesh Internal BGP (IBGP))
1.2.3
iBGP Confederations
You can reduce internal BGP mesh by configuring BGP confederations. In this
method, a single autonomous system is divided into multiple sub-autonomous
systems and grouped into a single confederation. The confederation is viewed
as a single autonomous system externally and can be accessed using the
confederation identifier.
Each sub-autonomous system is fully meshed internally and can have
connections to other sub-autonomous systems inside the confederation.
Neighbors from these sub-autonomous systems are treated as special
external BGP peers and the routing information is exchanged as if they were
internal BGP peers. That is, a single Interior Gateway Protocol (IGP) is used
for all the sub-autonomous systems as shown in Figure 3.
Note:
For iBGP paths, the MED is always 0.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
3
BGP
Figure 3
Example of an iBGP Confederation
For additional information, see AS confederations (RFC 3065, Autonomous
System Confederations for BGP).
1.2.4
Route Aggregation
BGP4 supports Classless Inter-Domain Routing (CIDR). With CIDR, routers
use the network prefix to determine the dividing point between the network
number and the host number. For example, the range of addresses
128.186.1.0 to 128.186.1.255 can be represented as the network prefix
128.186.1.0/24. The 24 indicates that all addresses in the segment agree in
their first 24 bits.
In addition, CIDR does not require a network to be of standard size, as is the
case in classful addressing, which provides 8-bit (Class A), 16-bit (Class B),
and 24-bit (Class C) network deployment. This flexibility in CIDR enables the
creation of arbitrarily sized networks.
Of particular importance is CIDR’s ability to lend itself to the concept of route
aggregation. The Internet is divided into addressing domains. Within a
domain, detailed information is available about all networks that reside in the
domain. Outside of an addressing domain, however, only the common network
prefix is advertised. By allowing a single routing table entry to specify a route
to many individual network addresses, aggregation minimizes the size of the
routing table. A router cannot aggregate an address if it does not have a more
specific route of that address in the BGP routing table. More specific routes
can be injected in the BGP routing table by incoming updates from other
autonomous systems.
1.2.4.1
Path Selection
The rules of Path selection are set according to the rules of Route selection
(see section 9.1.2 of RFC 4271). However, the following change has been
made to minimize network churn:
•
4
If the tie-breaking for a given route's path extends down to "lowest-routerid", then an existing "selected" path is preferred over a path with the lower
router id.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
For iBGP routes, the interior cost to reach the Border router is usually the
deciding factor. For eBGP routes, there are usually policies in place to
determine the Autonomous System (AS) to use. These tie-breaking rules only
offer resolution of path selection in the absence of either criteria, in compliance
to published standards.
1.2.5
Next-Hop-Triggered BGP Best-Path Calculation
By default, a change in a next-hop reachability does not immediately trigger a
BGP best-path calculation. Instead, the router periodically checks whether any
next hop has changed since the last check. If there is a change, it runs BGP
best-path calculations for all routes. This behavior reduces computational
burden, but delays network convergence.
You can change the default behavior by enabling next-hop-triggered BGP
best-path calculation. When the feature is enabled, the router runs the bestpath calculation immediately upon notification of a next-hop change by the
Routing Information Base (RIB), thereby improving the convergence time. A
hold time and a back-off mechanism prevent unnecessary churn and
excessive CPU use during network instability.
If you enable next-hop-triggered best-path calculation for an address family,
the periodic next-hop check is not performed for that address family.
1.2.6
BGP Multipath
You can configure load balancing in networks using BGP route advertisement,
using the BGP multipath capabilities. By default, BGP multipath is disabled,
which means BGP installs a single path in the RIB for each destination. If that
path fails and no other path has installed a path for that prefix, traffic destined
for that path is lost until the path is available again.
When BGP multipath is enabled with the multi-paths command, BGP
installs multiple best equal-cost paths in the routing table for load-balancing
traffic to BGP destinations. With multipath, the paths can be:
•
All iBGP (configured with the multi-paths internal <path-num>
command)
•
All eBGP (configured with the multi-paths external< path-num>
command)
•
In the VPN context, a combination of iBGP and eBGP, where only one
eBGP path is allowed, and the number of allowed iBGP equal-cost paths
is equal to the maximum number of paths allowed (configured with the
multi-paths eibgp< path-num> command) minus one. For
example, if you configure eibgp 7, six iBGP paths and one eBGP path
are installed in the RIB.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
5
BGP
Even though multiple paths are installed in the RIB, BGP advertises only one
path (the best path) to its peers.
1.2.7
Advertising the Best External Path
In general, BGP route advertisement rules allow a speaker to send only one
path—the best path—to its peers. In addition, route advertisement does not
allow a BGP speaker to advertise internal paths to iBGP peers. These two
restrictions reduce the number of routes seen by internal peers, which can
increase network convergence time. Paths that could act as backup paths are
not sent. If the best path becomes unreachable, it can take some time for an
alternative route to be propagated in the network.
The IETF internet draft, Advertisement of the best external route in BGP,
specifies a modification that allows a BGP speaker to send iBGP peers the
best external path received from an external peer. When this feature is
enabled (using the advertise external command in BGP address family
configuration mode), the system computes two best paths: the overall best
path and the best external path. If the best path is an internal path (received
from an internal peer), the speaker is allowed to advertise the best external
path to internal peers.
•
The overall best path is sent to all external peers.
•
If the overall best path is an internal path, the best external route is sent to
internal peers.
This feature is useful when there are multiple distinct paths for a given prefix.
On core routers, this situation is common. On edge routers, this situation can
occur when a customer is dual-homed. Advertising the best external route can
improve network convergence times without causing routing loops. It can also
reduce interdomain churn and permanent route oscillation.
The best external path feature is supported for IPv4 unicast and multicast
address families and the IPv6 unicast address family. It is supported for BGP
speakers in any role except confederation Autonomous System Boundary
Router (ASBR), which is a BGP speaker in a confederation that peers with a
BGP speaker in a different member AS in the confederation. The feature is
supported on route reflectors only if client-to-client reflection is not in effect—
that is, when all clients are fully meshed. This feature is supported for BGP
VPNs, but not in the local context. To use this option with a BGP VPN, you
must configure it within both the local and specific VPN context.
For additional information, see advertisement of best external routes (Internet
Draft, Advertisement of the best external route in BGP, draft-ietf-idr-bestexternal-05 ).
6
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
1.2.8
Advertising a Diverse Path
As specified in RFC 4271, a BGP speaker can announce only one path to a
destination. If it has more than one path, it chooses the best path to announce.
If network conditions change and another path becomes the best path, the
new best path replaces the old best path. The diverse-path feature, an
implementation of draft-ietf-grow-diverse-bgp-path-dist, lets a BGP speaker
announce the second best path (the "diverse path") instead of the best path.
Diverse path is useful in large route-reflector clusters. If IGP cost is used to
determine the route selection (per RFC 4271, paragraph 9.1.2.2 e), and the
IGP cost of paths differ between a route reflector and its clients, the path
selected by the route reflector might not be the best-path for the client.
Announcing the diverse path as well as the best path enables the client to
select the better route.
The diverse path feature can also improve network convergence if the best
path becomes unreachable. If a router has an alternative path available, it can
install the path immediately, instead of waiting for a BGP speaker to announce
the new best path.
The best path and diverse path are sent over separate sessions. One session
is configured as a standard BGP session, and the other for diverse path. To
receive both, BGP speakers are configured with two IP addresses. For a BGP
speaker to send both, it too is configured with two IP addresses. Use the
update-source command on each speaker to ensure that the correct IP
addresses are used for each session.
When separate BGP speakers are configured to announce the best path and
diverse path, and IGP cost is used to select the best path, if costs differ
between the BGP speakers, one speaker's best-path might be the other's
diverse path. In such cases, both speakers announce the same path, failing to
achieve the desired path diversity. The bestpath igp-metric ignore
command causes the router to discard the IGP cost and restores path
diversity.
When changes occur in the network, BGP speakers should receive the new
best path before the new diverse path (or the withdrawal of the diverse path).
But because the best path and diverse path use separate sessions,
announcements of path changes cannot be synchronized. Even if a single
speaker announces both paths, they might still be received out of order. To
increase the likelihood that announcements are received in order, use the
diverse-path-delay command to delay the announcement of the diverse
path.
1.2.8.1
Maintaining Fast BGP Convergence with the Best External and Diverse
Path Features
A common network design is to provide redundant routes. In such a design,
two or more ASBRs are able to route to an external destination network.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
7
BGP
Usually, the routers use local preference to choose one route as best and the
others as backup routes.
BGP requires that only the best path is announced into the autonomous
system (AS). Each router listens to the announcements of every other router.
When a router receives an announcement for a route that is better than its
own, the router withdraws its own announcement. Not storing the less
preferred routes saves memory. However, convergence times are long when a
sourcing router becomes disconnected from the rest of the AS.
Routers in the AS do not have backup paths when the router sourcing the
best-path for a route becomes unreachable. It could take as long as the hold
time on the BGP session before the router with the next best path detects the
change. Announcement of the next best-path must propagate through the
route reflectors to reach all routers in the AS. If many routes are affected, the
convergence time is lengthened by the time required to announce all the
routes.
To achieve better convergence times, the best external feature commands a
router to announce its external route into the AS even if another router has a
better route. All paths, the best and the less preferred, are announced into the
AS. When the best-path goes down, the backup paths are available
immediately to all forwarding routers.
Route reflectors can also affect convergence. A route reflector receives all
paths, chooses the best path, and then announces only the best path to its
clients. Thus, the clients have only one path. The diverse path feature causes
the route reflector to also announce the backup path. The same problem
occurs with confederation border routers, and you can use diverse path in the
same way.
1.2.8.2
Diverse Path between Route Reflectors
For an AS to propagate two paths from a route reflector cluster where they are
sourced by two clients, to another cluster where they are to be used, the two
route reflectors must announce diverse paths to each other.
1.2.9
Fast Reroute
BGP Fast Reroute (FRR) is supported for IPv4 and IPv6 address families.
Without FRR, when the network changes (for example, because of link failure)
BGP must learn of the change, clear the data path, calculate the next best
path, and update RIB and Forwarding Information Base (FIB) with the new
path. Depending on network latency and complexity, convergence may take
up to several minutes and packets might be dropped.
When FRR is enabled, BGP pre-computes both the best path and an
alternative path. The alternative path is the second-best path. FRR provides
double-barrel next-hop (DBNH) information for the primary and alternative
paths to RIB. If BGP/MPLS Virtual Private Networks (VPNs) are configured,
8
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
FRR also provides double-label next-hop (DLNH) information to the Label
Manager (LM). (For more information about BGP/MPLS VPNs, see BGP/
MPLS VPN.)
FIB stores hierarchical forwarding information for the primary and alternative
paths received from RIB. If the network changes, traffic is quickly switched to
the alternative path, and convergence time is reduced to milliseconds. When
the primary path becomes available, traffic is switched back with little or no
traffic loss.
Best external paths and diverse paths can be used as alternative paths.
1.2.9.1
FRR and ECMP
BGP Fast Reroute (FRR) supports two modes in conjunction with Equal-Cost
Multipath (ECMP), prefer ECMP and exclude ECMP.
•
Prefer ECMP mode
This is the default mode of BGP FRR in presence of multipath
configuration.
In this mode, BGP does not compute any alternate (backup) path
explicitly, but uses the available ECMP paths as backup for RIB and LM.
For example, in a configuration where the A, B, and C primary paths back
up each other, the result is Ab, Bc, Ca.
Only if there is no available ECMP path, BGP computes an alternate path
explicitly.
•
Exclude ECMP mode
If exclude ecmp is specified by the ipfrr command, BGP FRR is in
exclude ECMP mode.
In this mode, BGP excludes all ECMP paths for backup computation, and
explicitly computes a new backup path for RIB and LM.
For example, in a configuration where A, B, and C are the primary paths
and d is the alternative path, the result is Ad, Bd, Cd.
Note:
1.2.9.2
Ericsson 6672 supports up to three paths with protection.
Failure Detection and FRR
BGP FRR employs a hierarchical forwarding chain to obtain the fastest
convergence. When configured with an IGP Loop-Free Alternate (LFA), such
as OSPF LFA or Label Distribution Protocol (LDP) LFA, BGP routes occupy
the highest level in the hierarchy. When a failure is detected, lower-level
switchovers are triggered first and the route changes are automatically
12/1543-AXI 101 09/1 Uen F | 2017-11-22
9
BGP
propagated to the higher level. For more information about OSPF LFA, see
OSPF. For more information about LDP LFA, see LDP.
Optionally, you can enable Bidirectional Forwarding Detection (BFD) failure
detection for FRR. BFD single-hop can detect local failures that do not
generate local events. BFD multi-hop tracks multi-hop BGP sessions and
detects remote BGP next hop failures. For more information about BFD multihop, see BFD .
When RIB learns from IGP or BFD that the next hop is unreachable, it
withdraws the route from FIB and sends an Event Tracking Infrastructure (ETI)
event to FALD. If FRR is enabled, FALD performs a fast switchover to the
alternative path.
Note:
1.2.10
The following three factors need to be considered for BFD hello timer.
•
The BFD failure detection time must be longer than the IGP
convergence time if LFA/RLFA is disabled.
•
The BFD failure detection time must be longer than the IGP
convergence time if RLFA is enabled.
•
The BFD failure detection time must be longer than the LFA
switchover time if LFA is enabled.
Advertising "Next-Hop-Self" to iBGP Neighbors
Consider a case where a network is divided into different topologies, or areas,
where the provider edge (PE) routers use the loopback address as their local
peer address. For labeled BGP routes from a PE router to be reachable from
different areas, the PE loopback address must be explicitly redistributed into
all the areas—for example, into the IGP, into LDP, into RSVP, and so on—so
that the transport Label-Switched Paths (LSPs) to the PE loopback addresses
are available in all areas. Redistributing all the PE loopback addresses to the
IGP and to LDP and RSVP does not scale well. However, the PE loopback
addresses can be advertised using BGP if the area border routers are
configured so that they can advertise the local peer address as the next-hop
address in routing advertisements for the given PE loopback routes. This is
called "next-hop-self" advertisement behavior. You can configure the router to
use "next-hop-self" advertisement when forwarding to iBGP neighbors for
eBGP and iBGP routes.
Enable this behavior for individual iBGP neighbors and internal peer groups,
by using the next-hop-self ebgp and next-hop-self ibgp
commands, respectively, in IPv4 unicast or IPv6 unicast peer address family
configuration mode. When enabled, the behavior also applies to labeled BGP
routes.
This feature applies only to iBGP neighbors and internal peer groups. It is not
configurable for external neighbors or peer groups, since "next-hop-self"
advertisement behavior is standard in those cases.
10
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
1.2.11
Routing Policy Triggered Update
The Ericsson IP Operating System updates the routing policies 15 seconds
after a policy change.
Caution!
Risk of dropped connection. If the remote peer does not support the BGP route
refresh capability, an inbound policy change for the peer causes an automatic hard
reset of the session. Make sure that the remote peer supports the BGP route refresh
capability.
For additional information, see route refresh capability in RFC 2918, Route
Refresh Capability for BGP-4.
1.2.12
Nonintrusive MD5 Password Change
Nonintrusive Message-Digest algorithm 5 (MD5) password change allows you
to change the password for a BGP peer without resetting the BGP session.
When an MD5 password is replaced by a new one in a BGP peer
configuration, both passwords are allowed to coexist for authentication until
the old password expires. To facilitate a smooth transition from the old to new
password, you can specify the time interval during which the two passwords
coexist.
For a TCP connection that is already established, or is in one of the closing
states when an existing password is replaced, both password strings coexist
during the specified time interval. The old MD5 password continues to be used
for authentication until either the password expires or the remote TCP for the
peer uses a new MD5 password.
For a TCP connection that is not yet established, when the old password is
replaced, the local TCP immediately uses the new MD5 password.
Note:
BGP keeps only the latest password string and the previous password
to be replaced. If a third password is configured before the timer for
first password expires, the oldest password is immediately deleted,
and the expiration timer is started for the second password.
If the current active MD5 password is deleted from the configuration, the old
password and the current password are both immediately deleted, and the
BGP session with the peer is reset. To avoid session reset, rather than
deleting the password from the configuration, use the password command to
implicitly replace the password.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
11
BGP
For additional information, see MD5 authentication, RFC 2918, Route Refresh
Capability for BGP.
1.2.13
BGP Prefix-Based Outbound Route Filtering
A BGP speaker can use its local routing policy to filter out unwanted routes
received from peers of the speaker. However, filtering uses resources on both
the sender and receiver, which must generate and process BGP updates for
the unwanted routes. To preserve network resources, you can use BGP prefixbased outbound route filtering (ORF) to prevent the generation and processing
of these BGP updates.
With ORF, a BGP speaker sends a set of outbound route filters to a BGP peer
to prevent unnecessary outbound routing updates from being sent to the
speaker. The peer applies these filters, in addition to any locally configured
outbound filters.
To configure ORF on your system:
1. Configure the sending BGP speaker to send ORFs.
–
Use the send filter prefix-list command to advertise to a
BGP peer that this BGP speaker can send prefixed-based filtering to
the peer.
–
Use the prefix-list command to specify the prefix list you want to
apply, along with the in keyword.
2. On the receiving BGP speaker, use the accept filter prefix-list
command to configure the receiving BGP speaker to accept ORFs from
the sending BGP speaker.
Note:
When you enter the accept filter prefix-list and send
filter prefix-list commands, the connection between the
BGP speakers automatically resets. The commands do not take effect
until the connection resets.
For additional information, see outbound route filtering (ORF) capability (RFC
5291, Outbound Route Filtering Capability for BGP-4 ) and address prefixbased ORF capability (RFC 5292, Address-Prefix-Based Outbound Route
Filter for BGP-4).
1.2.14
BGP Graceful Restart
Graceful restart is enabled on all BGP routing instances and supported for all
IPv4 and IPv6 address families. When configured as a BGP speaker, the
router preserves the forwarding state of the speaker during a BGP restart and
generates the end-of-RIB (EOB) marker when the initial routing updates
complete.
12
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
The BGP speaker advertises these graceful restart capabilities to the peers.
Keep the following in mind when configuring graceful restart for a BGP routing
instance:
•
When an iBGP peer restarts, the restarting and helper peers exchange
graceful restart capabilities. In addition, all iBGP peers within the same
domain exchange their graceful restart capabilities, including the list of IP
address families with routes that can be gracefully restarted. The helper
router helps restart only those iBGP peers that have the same addressfamily capabilities.
Note:
To ensure that routes are maintained in an iBGP system, configure all
iBGP peers in a domain with the same address family capabilities.
Figure 4 illustrates an example of how routes are maintained in an iBGP
system. This example has four iBGP peers, and router A is the helper router. If
router D fails, router A retains the address families and routes from router D
only if routers B and C are configured with the same routing capabilities as
router D. For example, if router D is configured with IPv4 unicast address
family capabilities, router A retains those IPv4 unicast routes only if routers B
and C are also configured with IPv4 unicast address family capabilities. Router
A retains only the IPv4 unicast address families and routers when router D
fails.
Figure 4
iBGP Graceful Restart: How iBGP Routes Are Maintained
For additional information, see graceful restart capability (RFC 4724, Graceful
Restart Mechanism for BGP).
12/1543-AXI 101 09/1 Uen F | 2017-11-22
13
BGP
1.2.15
Fast-Reset of BGP Sessions
The BGP fast-reset feature enables fast resetting of a BGP peer session when
all the interfaces in the BGP neighbor fast-reset list go down.
Note:
In this section, the term peer is used synonymously with the term
BGP neighbor.
•
If fast-reset is not enabled and all the interfaces through which a BGP
peer can be reached go down, the BGP hold time clock starts counting
down because the BGP router is not receiving packets from the peer. If
the BGP router continues to receive no packets from the peer and the hold
time clock expires, the BGP peer session is reset. (Hold time is configured
by the timers keepalive command in BGP router configuration
mode.)
•
If fast-reset is enabled and all the interfaces in the fast-interface list of a
BGP peer goes down, the fast-reset interval clock starts counting down. If
all these interfaces remain down and the fast-reset interval clock expires,
the BGP peer session goes down and does not become active until at
least one of the interfaces (in the list) becomes active again. (Fast reset
interval is configured by the fast-reset interval command.) When
BGP fast-reset is enabled on peers, packet loss is minimized during
interface failures because the fast-reset interval timer can be set for a
much shorter time period than the hold time timer.
Fast-reset is supported on directly connected, iBGP, and multihop eBGP
sessions.
–
For directly connected eBGP peers, use the fast-reset (BGP
router) command to enable fast reset and specify the fast-reset
interval timer milliseconds. In this case, the fast-reset configuration
applies to all eBGP peers that are directly connected to the local
system.
–
For iBGP or multihop eBGP sessions, peers might be reachable
through multiple interfaces in the interface list and not directly
connected. For iBGP or multihop eBGP sessions, fast reset is
configured through two commands:
•
14
Use the fast-reset (BGP neighbor) or fast-reset (BGP
peer group) command to enable fast reset and specify the fastreset interval timer milliseconds.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
Attention!
The BGP fast-reset configuration for a particular neighbor takes
precedence over the BGP fast-reset configuration for a peer group. For
example, if a BGP neighbor is configured with a fast-reset interval of 50
milliseconds, and that neighbor belongs to a peer group that is
configured with a fast-reset interval of 20 seconds, the BGP neighbor
ignores the peer group configuration and uses the 50 millisecond
interval.
1.2.16
BGP Minimum Route Advertisement Interval
You can configure the Minimum Route Advertisement Interval (MRAI) by using
the advertisement-interval command. The MRAI starts when an
UPDATE message is sent to a BGP neighbor or peer group. After sending an
UPDATE message to the specified BGP peers, the router waits for the
specified MRAI before sending the next UPDATE message. If a route change
occurs and the MRAI has passed since the last UPDATE message was sent,
the router immediately sends an UPDATE message to the peer. If a route
change occurs and the MRAI has not passed since the last UPDATE message
was sent to the peer, the router waits the specified MRAI before sending a
new UPDATE message.
Figure 5 illustrates an example of how MRAI sends UPDATE messages to
BGP peers.
Figure 5
MRAI Example
If the MRAI in Figure 5 is set to 20 seconds:
•
The first route change occurs, and the BGP router immediately sends an
UPDATE message to the specified peers and starts the MRAI. (The first
route change always occurs at 0 seconds according to the MRAI)
•
A second route change occurs 2 seconds after the MRAI starts. In this
case, the router waits 18 more seconds before sending an UPDATE
message to the specified peers. The router restarts the MRAI after
sending the UPDATE message to the specified peers.
•
A third route change occurs at 60 seconds. Because 40 seconds (greater
than the configured MRAI of 20 seconds) passed since the last UPDATE
message was sent, the router immediately sends the third UPDATE
message.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
15
BGP
1.2.17
Route Filtering in BGP Route Reflectors
In scenarios where the router acts as a pure BGP route reflector, you can filter
which routes get downloaded from BGP to the RIB and Forwarding
Information Base (FIB) before being readvertised to peer BGP routers. The
smaller routing tables in the RIB and FIB that result from route filtering
conserve memory and CPU.
Usually, a router acting as a pure route reflector should not have a VPN
context configured, or provider edge functionality. For a pure route reflector
scenario in which you do not want VPN routes from PE peers to be
downloaded to the RIB, do not import those routes into a VPN context. Not
downloading VPN routes to the RIB is the default behavior.
Disabling the next-hop reachability check reduces the CPU load caused by
processing incoming next-hop change messages from the RIB. Filtering the
route download to the RIB disables the next-hop reachability check for IPv4
and IPv6 address families, but you must explicitly disable the reachability
check for reflected VPN networks on a route reflector.
Before enabling route filtering or disabling the next-hop reachability check,
consider the following.
•
The network must be designed so that when this feature is enabled, the
routes that are advertised by the route reflector do not attract traffic.
Caution!
An incorrect configuration can lead to traffic loss.
Avoid configurations that include Layer 3 VPN routes that are exported
from or imported to a VPN context, routes with labels, or routes whose
next hop is changed to be the route reflector using a route map or nexthop-self.
•
•
16
If you enable the route filtering feature under the VPN context, caution
must be used to design the network so that the routes that are advertised
by the route reflector do not attract traffic; otherwise, traffic may be
dropped. The following routes attract traffic:
–
Routes that are imported to a VPN context and are advertised to
customer edges (CEs)
–
Routes that are exported from the VPN context and advertised to PEs
It is essential that import and export communities are not used on a route
that is not downloaded to the RIB.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
•
When you disable the reachability check, configurations related to the
physical reachability of next-hop routers, including those using the
nexthop triggered, send label, and next-hop-self commands,
might be nonfunctional or partially functional when the no nexthop
check-reachability command is used. Using the send label or
next-hop-self option with this feature might result in traffic loss.
Triggering the next hop can reduce the time required to apply a new
check-reachability configuration in the back end, which otherwise can take
up to 30 seconds. However, if no nexthop check-reachability is
configured, the IGP metric is ignored in calculating the best path and
nexthop triggered does not trigger a best-path recalculation when a
next-hop change message arrives from the RIB.
•
Routes that are not downloaded to the RIB or FIB are not redistributed to
other protocols such as IGPs.
For additional information, see Extended Communities attribute (RFC 1997,
BGP Communities Attribute).
1.2.18
Peer Group Inheritance
This section describes how neighbor attributes and neighbor address family
attributes can inherit their configuration from peer groups. You can specify
peer group inheritance at the neighbor level. You can also specify peer group
inheritance at the address family neighbor level to apply only to address family
attributes. You can configure neighbor address family attributes to inherit
attributes from a different peer group than the neighbor peer-group.
All BGP peer group attributes obey the following inheritance rules:
•
If attribute is configured in neighbor configuration, then it obtains its setting
from the neighbor configuration:
–
When you configure an attribute in neighbor configuration mode or
address family neighbor configuration mode, you take the attribute out
of its default state, and the attribute can no longer inherit its
configuration from a peer group, even if you configure the attribute
back to its default value.
–
When you configure an attribute in neighbor configuration mode or
address family neighbor configuration mode, with the no form of an
attribute command, you take the attribute out of its default state, and
the attribute can no longer inherit its configuration from a peer group,
even if the no form returns the attribute back to its default value.
Note:
12/1543-AXI 101 09/1 Uen F | 2017-11-22
A no attribute command (for example, no timers
keepalive) resets timer attributes to their default but does
not disable the timer. With all other attributes, a no
attribute command disables the attribute.
17
BGP
•
•
If an attribute is in the default state (not explicitly configured by the user) in
neighbor configuration mode and the neighbor has a peer-group
configured, the following inheritance rules apply:
–
If the attribute is configured in the peer-group, the neighbor inherits
the attribute from the peer group.
–
If the attribute is in the default state in the peer-group, the neighbor
attribute is set to the default value.
If an attribute is in the default state (and not explicitly configured by the
user) in neighbor configuration mode and no peer-group is also
configured in neighbor configuration mode, the neighbor attribute is set to
the default value of the attribute.
By default, address family inheritance is enabled. To disable inheritance enter
the no form of the address family command in neighbor configuration mode.
Note:
1.2.19
You cannot enter the peer-group command in address family
neighbor configuration mode if you have not already specified a peer
group in neighbor configuration mode.
BGP ERR
The BGP Enhanced Route-Refresh (ERR) feature is an enhancement of the
standard BGP route refresh (RR), which is described in RFC 2918, Route
Refresh Capability for BGP-4. ERR is described in RFC 7313, Enhanced
Route Refresh Capability for BGP-4.
BGP ERR facilitates quicker and more certain correction of the BGP Routing
Information Base (RIB) inconsistencies. When the router uses ERR, it sends
demarcation messages at the beginning and end of a BGP route refresh,
thereby making the BGP route refresh a stateful event.
If the router is configured for both graceful restart and ERR, an event that
triggers graceful restart takes precedence over ERR, as recommended per
RFC 7313 .
In some topologies, the user deploys ERR to facilitate correction of the BGP
RIB inconsistencies in a non-disruptive manner. For BGP topologies, the
router uses ERR demarcations at the beginning and end of a BGP route
refresh, thereby making the BGP route refresh a stateful event. These
demarcations are described in RFC 7313. Prior to BGP ERR, BGP route
refresh was not stateful.
The first step in the BGP route refresh process is to establish whether ERR or
RR is used in each peer session. The session uses ERR if both peers are
enabled for ERR; RR if the peer is enabled for RR; or no route refresh if the
peer is not enabled for RR. This negotiation occurs through the BGP OPEN
message.
18
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Overview
If the peer session is ERR, the enhanced-refresh command is used to enable
the peer to operate in ERR mode and to set the BGP cleanup timer once the
beginning of Route Refresh (BoRR) is received.
When the BGP router receives the BoRR message, all BGP routes received
from the peer (AFI, SAFI) that sent the BoRR are marked as stale, while other
BGP routes are untouched. At this point, cleanup-time and eorr-max-time start
counting down.
Route advertisements are sent between peers. When a router concludes
transporting its route advertisements, it sends the End of Route Refresh
(EoRR) message, and the route refresh session ends. There are three
exceptions to this behavior:
•
If the number of route advertisements are more than expected, the
cleanup-time on the peer receiving the advertisements can expire before it
receives the EoRR message. If that occurs, the receiving router removes
all remaining stale routes.
•
If the BGP peer transmitting route advertisements fails to send an EoRR
message, the eorr-max-time expires, and the router receiving routes send
the EoRR message to the peer.
•
If the BGP routes are changing rapidly, eorr-max-time can only expire on
the transmitting peer, as the receiving peer is not active. If the eorr-maxtime expires, the router sends the EoRR message and the ERR session
ends.
More information on ERR and BoRR can be found in RFC 7313, Enhanced
Route Refresh Capability for BGP-4.
1.3
Prerequisites
1.4
Restrictions
•
EIBGP FRR + ECMP on egress node is not supported.
•
EIBGP ECMP on egress node is not supported.
•
EBGP FRR + ECMP on egress node is not supported.
•
BGP FRR on local ASBR for 2 labeled L3VPN option C is not supported.
•
BGP FRR + ECMP is not supported on ASBR for inter-AS option B/C
scenarios.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
19
BGP
2
Configuration
2.1
Configuration Command Hierarchy
Configure BGP attributes in context configuration mode.
The hierarchy of configuration commands is:
router bgp
address-family ipv4 (BGP) , address-family ipv6 unicast, address-family
ipv4 vpn, or address-family ipv6 vpn
See the configuration hierarchy for BGP address family
configuration mode below.
bestpath med always-compare
client-to-client reflection
cluster-id
confederation identifier
confederation peers
enhanced-refresh
fast-reset (BGP router)
graceful-restart (BGP)
ipfrr (BGP)
local-preference
log-neighbor-changes
maximum restart-time
maximum retain-time
maximum update-delay
multi-paths
neighbor (BGP)
accept filter prefix-list
advertisement-interval
address-family ipv4 (BGP) , address-family ipv6 unicast, addressfamily ipv4 vpn, or address-family ipv6 vpn
See the configuration hierarchy for BGP peer address family
configuration mode below.
20
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
as-override
asloop-in
bfd
description (BGP)
ebgp-multihop
enforce first-as
enforce ttl
fast-reset (BGP neighbor)
local-as
maximum restart-time
maximum retain-time
next-hop-self
password (BGP)
peer-group
remote-as
retain-ibgp-routes
route-target filter
send community
send ext-community
send filter prefix-list
session-dampening
shutdown (BGP)
timers active-open
timers keepalive
update-source
peer-group
advertisement-interval
address-family ipv4 (BGP) or address-family ipv6 unicast
See the configuration hierarchy for BGP address family
configuration mode below.
as-override
asloop-in
bfd
description (BGP)
ebgp-multihop
12/1543-AXI 101 09/1 Uen F | 2017-11-22
21
BGP
enforce ttl
fat-reset (BGP peer group)
maximum restart-time
maximum retain-time
next-hop-self
password (BGP)
peer-group
retain-ibgp-routes
send community
send ext-community
send filter prefix-list
session-dampening
shutdown (BGP)
timers active-open
timers keepalive
update-source
snmp traps (BGP)
router-id (BGP)
route-target filter
timers password
timers keepalive
Note:
In addition to the commands above, you can also use standard
configuration commands, such as abort, comment, commit,
default, exit, and no.
BGP address family configuration mode
The hierarchy of configuration commands is:
address-family ipv4 (BGP) or address-family ipv6 unicast
advertise external
aggregate-address
bestpath igp-metric ignore
dampening
distance (BGP address family)
diverse-path-delay
22
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
flap-statistics
network
nexthop triggered
nexthop triggered delay
nexthop triggered holdtime
redistribute (BGP, IPv4) or redistribute (BGP, IPv6)
suppress-route-download
BGP peer address family configuration mode
The hierarchy of configuration commands is:
address-family ipv4 (BGP) or address-family ipv6 unicast
advertise diverse-path
as-path-list (BGP)
default-originate
maximum prefix
next-hop-self ebgp
next-hop-self ibgp
next-hop-unchanged
peer-group (BGP neighbor only)
prefix-list
remove-private-as
route-map (BGP)
route-reflector-client
send label
2.2
Establish an iBGP Session
This example establishes BGP routing between two routers in the same AS.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
23
BGP
Figure 6
Basic iBGP
Figure 6 shows routers R1-1 and R1-2 configured to establish an iBGP
session over subnet 192.0.2.0/29 in AS 1.
2.2.1
iBGP Configure R1-1
R1-1 uses the following two interfaces for the iBGP session:
•
Loopback interface ifLB with IP address 192.0.2.101/32 for the
update source
•
An interface with IP address 192.0.2.1/29 to bind an Ethernet port to
the link to R1-2
To configure R1-1 for the iBGP session, do the following starting in global
configuration mode.
Steps
1. Enter the context, access BGP configuration mode, and configure BGP for
the IPv4 unicast address family.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#ip route 192.0.2.102/32 192.0. →
2.2
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#neighbor 192.0.2.102 internal
[local]R1-1(config-bgp)#router-id 192.0.2.101
24
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
[local]R1-1(config-bgp-neighbor)#update-source ifLB
[local]R1-1(config-bgp-neighbor)#address-family ipv4 u →
nicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-neighbor)#exit
[local]R1-1(config-bgp)#commit
2. Confirm the configuration of R1-1.
Example
[local]R1-1(config-bgp)#show configuration bgp
...
context local
!
router bgp 1
!
router-id 192.0.2.101
neighbor 192.0.2.102 internal
update-source ifLB
address-family ipv4 unicast
...
2.2.2
iBGP Configure R1-2
R1-2 uses the following two interfaces for the iBGP session:
•
Loopback interface ifLB with IP address 192.0.2.102/32 for the
update source
•
An interface with IP address 192.0.2.2 to bind an Ethernet port to the
link to R1-1
To configure R1-2, repeat the procedure used to configure R1-1 for neighbor
IP address 192.0.2.101.
2.2.3
Verify an iBGP Session
Verify that the routers have established an iBGP session. The State field
shows a value of Established.
Example 1
[local]R1-1(config-bgp)#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1
Neighbors Configured: 1, Established: 1
12/1543-AXI 101 09/1 Uen F | 2017-11-22
25
BGP
Neighbor
AS MsgRcvd MsgSent InQ OutQ Rs
t Up/Down State
192.0.2.102
1
52
51
0
0
1 00:49:19 Established
CapSent : refresh 4byteAS unicast restart enhanced-ref
resh
CapRcvd : refresh 4byteAS unicast restart enhanced-ref
resh
unicast : rcvd: 0 imported: 0 active: 0 history: 0 dam
pened: 0 sent: 0
2.3
Establish an eBGP Session
This example configures BGP routing between two routers in different
autonomous systems.
Figure 7
Basic eBGP
Figure 7 shows router R1-2 in AS 1 and router R2-1 in AS 2 configured to
establish an eBGP session over subnet 203.0.113.0/28.
You can configure additional session settings using commands such as those
shown in Establish an iBGP Session on page 23.
2.3.1
eBGP Configure R1-2
R1-2 uses the following two interfaces for the eBGP session:
•
Loopback interface ifLB with IP address 192.0.2.102/32 for the
update source
•
An interface with IP address 203.0.113.1/28 to bind an Ethernet port to
the link to R2-1
To configure R1-2 for the eBGP session, do the following starting in global
configuration mode.
26
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
→
→
→
→
Configuration
Steps
1. Enter the context, access BGP configuration mode, and configure BGP for
the IPv4 unicast address family.
Example
[local]R1-2(config)#context local
[local]R1-2(config-ctx)#ip route 192.0.2.101/32 192.0.2.1
[local]R1-2(config-ctx)#router bgp 1
[local]R1-2(config-bgp)#neighbor 198.51.100.101 external
[local]R1-2(config-bgp)#router-id 192.0.2.102
[local]R1-2(config-bgp-neighbor)#update-source ifLB
[local]R1-2(config-bgp-neighbor)#ebgp-multihop 3
[local]R1-2(config-bgp-neighbor)#remote-as 2
[local]R1-2(config-bgp-neighbor)#address-family ipv4 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-neighbor)#exit
[local]R1-2(config-bgp)#commit
2. Confirm the configuration.
Example
[local]R1-2(config-bgp)#show configuration bgp
...
router bgp 1
!
router-id 192.0.2.102
neighbor 192.0.2.101 internal
update-source ifLB
address-family ipv4 unicast
!
neighbor 198.51.100.101 external
remote-as 2
ebgp-multihop 3
update-source ifLB
address-family ipv4 unicast
12/1543-AXI 101 09/1 Uen F | 2017-11-22
27
BGP
...
2.3.2
eBGP Configure R2-1
R2-1 uses the following two interfaces for the eBGP session:
•
Loopback interface ifLB with IP address 198.51.100.101/32 for the
update source
•
An interface with IP address 203.0.113.2/28 to bind an Ethernet port to
the link to R1-2
To configure R2-1, repeat the procedure used to configure R1-2 for neighbor
IP address 192.0.2.102 and remote AS 1.
2.3.3
Verify That an eBGP Session Is Established
Verify that the routers established an eBGP session. The State field for the
external neighbor (198.51.100.101) shows a value of Established.
Example 2
[local]R1-2(config-bgp)#show bgp neighbor summary
Neighbors Configured: 2, Established: 2
Neighbor
AS MsgRcvd MsgSent
InQ OutQ Rst
Up/Down State
192.0.2.101
1
1161
1175
0
0
1 19:37:28 Established
CapSent : refresh 4byteAS unicast restart enhanced-refresh
CapRcvd : refresh 4byteAS unicast restart enhanced-refresh
198.51.100.101
2
8
8
0
0
1 00:05:54 Established
CapSent : refresh 4byteAS unicast restart enhanced-refresh
CapRcvd : refresh 4byteAS unicast restart enhanced-refresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0 dampened: 0 sent: 0
2.4
Change a Session Password without Disruption
This example changes the password for a BGP session without disrupting the
session (a nonintrusive password change).
28
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Figure 8
Nonintrusive Password Change
Figure 8 shows a nonintrusive password change for an iBGP session between
two routers. R1-3 with router ID 192.0.2.103 and R1-2 with router ID
198.51.100.101 are linked over subnet 203.0.113.16/28. The existing
iBGP session uses password Secret5.
This example changes the password to Secret6 without disrupting the
session. The routers are configured to allow the old and new passwords to
coexist for up to 300 seconds (5 minutes).
To change a password without disrupting the established BGP session, do the
following starting in global configuration mode.
Steps
1. On R1-3, enter the context, access BGP configuration mode, and set the
amount of time that the old and new passwords can coexist.
Example
[local]R1-3(config)#context local
[local]R1-3(config-ctx)#router bgp 1
[local]R1-3(config-bgp)#timers password 300
2. Set the new password.
Example
[local]R1-3(config-bgp)#neighbor 198.51.100.101 intern →
al
12/1543-AXI 101 09/1 Uen F | 2017-11-22
29
BGP
[local]R1-3(config-bgp-neighbor)#password Secret6
[local]R1-3(config-bgp-neighbor)#exit
[local]R1-3(config-bgp)#commit
3. Confirm the configuration.
Example
[local]R1-3(config-bgp)#show configuration bgp
router-id 192.0.2.103
context local
!
router bgp 1
timers password 300
address-family ipv4 unicast
...
neighbor 198.51.100.101 internal
password encrypted F646B500E99068B0
update-source ifLB
address-family ipv4 unicast
...
4. Verify that the password change did not disrupt the BGP session. The
session on R1-2 shows a state of 00:02:57 Established.
Example
[local]R1-2#show bgp neighbor summary
BGP router identifier: 198.51.100.101, local AS number: 1
Neighbors Configured: 2, Established: 2
Neighbor
AS MsgRcvd MsgSent
InQ OutQ Rst
Up/Down State
192.0.2.103
1
7
7
0
0
2 00:02:57 Established
CapSent : refresh 4byteAS unicast restart enhanced-refresh
CapRcvd : refresh 4byteAS unicast restart enhanced-refresh
unicast : rcvd: 6 imported: 0 active: 4 history: 0 dampened: 0 sent: 8
5. Configure the password on R1-2.
6. Repeat the procedure used to configure R1-3 for neighbor 192.0.2.103.
30
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
7. Verify that the password change did not disrupt the session. The session
on R1-2 shows a state of 00:04:38 Established.
Example
[local]R1-2#neighbor bgp neighbor summary
BGP router identifier: 198.51.100.101, local AS number: 1
Neighbors Configured: 2, Established: 2
Neighbor
AS MsgRcvd MsgSent
InQ OutQ Rst
Up/Down State
192.0.2.103
1
9
9
0
0
2 00:04:38 Established
CapSent : refresh 4byteAS unicast restart enhanced-refresh
CapRcvd : refresh 4byteAS unicast restart enhanced-refresh
unicast : rcvd: 6 imported: 0 active: 4 history: 0 dampened: 0 sent: 8
2.5
Redistribute Routes into BGP
This example redistributes connected routes into BGP.
Figure 9
Redistributing Routes into BGP
Figure 9 shows R2-1 redistributing connected routes 198.51.100.40/29
and 198.51.100.48/29 into two BGP autonomous systems configured as
follows:
•
The AS 1 routers R1-1 with router ID 192.0.2.101 and R1-2 with router
ID 192.0.2.102/32 run an iBGP session over subnet 192.0.2.0/29.
•
The AS 2 router R2-1 with router ID 198.51.100.101 runs an eBGP
session with and R1-2 over subnet 203.0.113.0/28.
To redistribute routes into BGP, do the following starting in global configuration
mode.
Steps
1. Enter the context, access BGP configuration mode, and configure route
redistribution.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
31
BGP
Example
[local]R2-1(config)#context local
[local]R2-1(config-ctx)#router bgp 2
[local]R2-1(config-bgp)#address-family ipv4 unicast
[local]R2-1(config-bgp-af)#redistribute connected
[local]R2-1(config-bgp-af)#exit
[local]R2-1(config-bgp)#commit
2. Confirm the configuration.
R2-1 shows routes 198.51.100.40/29 and 198.51.100.48/29 as
sourced routes.
Example
[local]R2-1(config-bgp)#show bgp route sourced
Address Family: ipv4 unicast
BGP table version is 5, local router ID is 198.51.100. →
101
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
LocPrf Weight Path
Next Hop
Metric
→
>
192.0.2.16/29
100
32768 ?
0.0.0.0
0
→
>
198.51.100.40/29
100
32768 ?
0.0.0.0
0
→
>
198.51.100.48/29
100
32768 ?
0.0.0.0
0
→
>
198.51.100.101/32
100
32768 ?
0.0.0.0
0
→
>
203.0.113.0/28
100
32768 ?
0.0.0.0
0
→
R1-1 shows these routes as IGP routes.
32
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example
[local]R1-1(config-bgp)#show bgp route
Address Family: ipv4 unicast
BGP table version is 6, local router ID is 192.0.2.101
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
LocPrf Weight Path
Next Hop
Metric
→
i
192.0.2.16/29
100
100 2 ?
198.51.100.101
0
→
i
198.51.100.40/29
100
100 2 ?
198.51.100.101
0
→
i
198.51.100.48/29
100
100 2 ?
198.51.100.101
0
→
i
198.51.100.101/32
100
100 2 ?
198.51.100.101
0
→
i
203.0.113.0/28
100
100 2 ?
198.51.100.101
0
→
R1-2 shows these routes as eBGP routes.
Example
[local]R1-2(config-bgp)#show ip route bgp
Codes: C - connected, S - static, S dv - dvsr, R - RIP →
, e B - EBGP, i B - IBGP
A,H - derived hidden
rea,
O
- OSPF, O3
- OSPFv3, IA - OSPF(v3) inter-a →
...
Type
tric
Network
UpTime Interface
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Next Hop
Dist
Me →
33
BGP
2.6
> e B
192.0.2.16/29
0 00:02:00
198.51.100.101
20
→
> e B
198.51.100.40/29
0 00:02:00
198.51.100.101
20
→
> e B
198.51.100.48/29
0 00:02:00
198.51.100.101
20
→
e B
0
198.51.100.101/32
198.51.100.101
20
→
e B
0
203.0.113.0/28
198.51.100.101
20
→
Limit the Number of Installed Routes
This example sets a limit to the number of routes accepted from a BGP peer.
Figure 10
Limiting Installed Routes
Figure 10 shows router R1-1 in AS 1 configured to limit the number of routes
accepted from peer 192.0.2.102 to 3. This example sets the route limit as
an advisory limit. An advisory limit triggers a warning but does not reject
additional routes.
You can configure additional route settings using commands such as the
following:
•
34
aggregate-address to create an aggregate entry in the BGP database
for an address family
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
•
suppress-route-download to apply a filter to prevent routes for an
address family from being downloaded to the RIB before being
readvertised
To limit the number of installed routes, do the following starting in global
configuration mode.
Steps
1. Check the number of BGP routes from peer 192.0.2.102 that are
currently installed on R1-1.
Example
[local]R1-1(config)#show bgp route neighbor 192.0.2.10 →
2 received
Address Family: ipv4 unicast
BGP table version is 60, local router ID is 192.0.2.10 →
1
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
LocPrf Weight Path
Next Hop
Metric
→
192.0.2.0/29
100
100 2 ?
192.0.2.102
15
→
>
192.0.2.80/28
100
100 2 ?
192.0.2.102
15
→
>
192.0.2.102/32
100
100 2 ?
192.0.2.102
15
→
2. Enter the context, access BGP configuration mode, and specify the
number of routes to trigger the advisory warning.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#neighbor 192.0.2.102 external
[local]R1-1(config-bgp-neighbor)#address-family ipv4 u →
nicast
12/1543-AXI 101 09/1 Uen F | 2017-11-22
35
BGP
[local]R1-1(config-bgp-peer-af)#maximum prefix 3 warni →
ng-only
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp-neighbor)#exit
[local]R1-1(config-bgp)#commit
3. Confirm the configuration.
Example
[local]R1-1(config-bgp)#show configuration bgp
router bgp 1
...
!
neighbor 192.0.2.102 external
remote-as 2
...
address-family ipv4 unicast
maximum prefix 3 warning-only
...
4. Verify the route limitation by adding a route on R2-1. When the number of
routes exceeds the configured route limit, R1-1 displays a warning
message.
Example
[local]R1-1#show bgp route neighbor 192.0.2.102 receiv →
ed
Address Family: ipv4 unicast
BGP table version is 61, local router ID is 192.0.2.10 →
1
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
LocPrf Weight Path
36
Next Hop
Metric
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
Configuration
192.0.2.0/29
100
100 2 ?
192.0.2.102
15
→
>
192.0.2.80/28
100
100 2 ?
192.0.2.102
15
→
>
192.0.2.102/32
100
100 2 ?
192.0.2.102
15
→
>
192.0.2.128/28
100
100 2 ?
192.0.2.102
15
→
Example
[local]R1-1#
[local]R1-1#Feb 19 23:49:12: [0001]: %BGP-5-PFXLIMIT:
192.0.2.102 pfx 4 for
afi/subafi 1/1 over configured limit
2.7
Configure Route Filtering
This example configures ORF for an eBGP session.
Figure 11
Route Filtering
Figure 11 shows outbound route filtering for an eBGP session configured as
follows:
•
AS 1 router R1-1 with router ID 192.0.2.101 and AS 2 router R2-1 with
router ID 192.0.2.102 run an eBGP session over subnet
192.0.2.0/29.
•
Local peer R1-1 advertises to remote peer R2-1 route filter ORF1 for IPv4
unicast routes.
•
Remote peer R2-1 advertises to local peer R1-2 acceptance of route filters
for the IPv4 unicast address family.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
37
→
BGP
•
Route filter ORF1 drops routes to subnet 192.0.2.80/28 and accepts all
other routes.
You can configure additional route filtering settings using commands such as
the following:
2.7.1
•
as-path-list (BGP) to filter BGP routing updates from or to a
neighbor address family
•
remove-private-as to remove ASNs from routes advertised to a
neighbor address family
•
route-map (BGP) to apply a route map that modifies BGP attributes or
filters BGP routes received from or sent to a neighbor
Configure the Local Router
To configure ORF on R1-1, do the following starting in global configuration
mode.
Steps
1. Enter the context and configure the route filter.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#ip prefix-list ORF1
[local]R1-1(config-prefix-list)#deny 192.0.2.80/28
[local]R1-1(config-prefix-list)#permit any
[local]R1-1(config-prefix-list)#exit
2. Enter BGP configuration mode and configure ORF.
Example
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#neighbor 192.0.2.102 external
[local]R1-1(config-bgp)#send filter prefix-list
[local]R1-1(config-bgp)#address-family ipv4 unicast
[local]R1-1(config-bgp-peer-af)#prefix-list ORF1 in
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp)#commit
3. Confirm the configuration.
Example 3
[local]R1-1(config-bgp)#show configuration bgp
router bgp 1
38
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
address-family ipv4 unicast
redistribute connected
!
neighbor 192.0.2.102 external
remote-as 2
ebgp-multihop 2
update-source ifLB
send filter prefix-list
address-family ipv4 unicast
prefix-list ORF1 in
!
neighbor 192.0.2.103 internal
...
2.7.2
Configure the Remote Router
To configure ORF on R2-1, do the following starting in global configuration
mode.
Steps
1. Enter the context, access BGP configuration mode, and configure ORF.
Example
[local]R2-1(config-ctx)#router bgp 2
[local]R2-1(config-bgp)#neighbor 192.0.2.101 external
[local]R2-1(config-bgp)#accept filter prefix-list
[local]R2-1(config-bgp)#commit
2. Confirm the configuration.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
39
BGP
Example 4
[local]R2-1(config-bgp)#show configuration bgp
router bgp 2
address-family ipv4 unicast
redistribute connected
!
neighbor 192.0.2.101 external
remote-as 1
ebgp-multihop 2
update-source ifLB
accept filter prefix-list
address-family ipv4 unicast
...
2.7.3
Verify Route Filtering
To verify the route filtering, this example shows that after ORF is configured,
R2-1 no longer advertises its route to subnet 192.0.2.80/29 to R1-1.
For comparison, this example shows the routes advertised to R1-1 before
ORF configuration. R2-1 shows the route to 192.0.2.80/28.
[local]R2-1#show bgp route neighbor 192.0.2.101 advertise →
d
Address Family: ipv4 unicast
BGP table version is 61, local router ID is 192.0.2.102
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtered)
40
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Prf
Network
Weight Path
Next Hop
Metric
Loc →
>
192.0.2.0/29
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.80/28
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.102/32
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.112/28
100
32768 2 ?
192.0.2.102
15
→
Steps
1. Verify that R2-1 now uses filter ORF1 sent from R1-1.
Example
[local]R2-1#show bgp neighbor 192.0.2.101 received pre →
fix-filter
seq 10 deny 192.0.2.80/28
seq 20 permit 0.0.0.0/0 le 32
2. Verify that R2-1 adds the route to the filtered subnet to the routes it does
not advertise to R1-1. R2-1 shows the route to 192.0.2.80/28.
Example
[local]R2-1#show bgp route neighbor 192.0.2.101 not-ad →
vertised
Address Family: ipv4 unicast
BGP table version is 61, local router ID is 192.0.2.10 →
2
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
12/1543-AXI 101 09/1 Uen F | 2017-11-22
41
BGP
Network
LocPrf Weight Path
Next Hop
Metric
→
>
192.0.2.80/28
100
32768 ?
0.0.0.0
0
→
>
192.0.2.101/32
100
100 1 ?
192.0.2.101
0
→
3. Verify that R2-1 no longer advertises to R1-1 the route to the filtered
subnet. R2-1 no longer shows the route to 192.0.2.80/28.
Example
[local]R2-1#show bgp route neighbor 192.0.2.101 advert →
ised
Address Family: ipv4 unicast
BGP table version is 61, local router ID is 192.0.2.10 →
2
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
LocPrf Weight Path
Next Hop
Metric
→
>
192.0.2.0/29
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.80/28
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.102/32
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.112/28
100
32768 2 ?
192.0.2.102
15
→
Example
[local]R2-1#show bgp route neighbor 192.0.2.101 advert →
ised
Address Family: ipv4 unicast
BGP table version is 61, local router ID is 192.0.2.10 →
42
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
2
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
LocPrf Weight Path
2.8
Next Hop
Metric
→
>
192.0.2.0/29
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.102/32
100
32768 2 ?
192.0.2.102
15
→
>
192.0.2.112/28
100
32768 2 ?
192.0.2.102
15
→
Compare MEDs on Paths from Multiple Autonomous
Systems
This example enables the router to compare the Multi-Exit Discriminators
(MED) on paths advertised by routers in two or more autonomous systems.
Figure 12
MED Comparison
Figure 12 shows router R1-1 with router ID 198.51.100.101 in AS 1
receiving paths to subnet 192.0.2.80/28 from routers in two different
autonomous systems configured as follows:
12/1543-AXI 101 09/1 Uen F | 2017-11-22
43
BGP
•
AS 2 router with router ID 192.0.2.102 advertises a path over subnet
203.0.113.0/28 with a MED of 20.
•
AS 3 router with router ID 192.0.2.105 advertises a path over subnet
203.0.113.16/28 with a MED of 30.
To compare MEDs on paths from multiple autonomous systems, do the
following starting in global configuration mode.
Steps
1. Check which path R1-1 uses. BGP selects the path with the higher MED
(next hop 192.0.2.105 with med 30 is labeled best).
Example
[local]R1-1(config)#show bgp route 192.0.2.80/28
BGP ipv4 unicast routing table entry: 192.0.2.80/28, v →
ersion 17
Paths: total 2, best path count 1, best peer 192.0.2.1 →
05
Advertised to non-peer-group peers: 1
192.0.2.102
2
Nexthop 192.0.2.102 (0), peer 192.0.2.102 (192.0.2.1 →
02), AS 2
Origin incomplete, localpref 100, med 20, weight 100 →
, external
3
Nexthop 192.0.2.105 (0), peer 192.0.2.105 (192.0.2.1 →
05), AS 3
Origin incomplete, localpref 100, med 30, weight 100 →
, external, best
2. Enter the context, access BGP configuration mode, and enable BGP to
compare MEDs on paths advertised by routers in different autonomous
systems.
44
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#bestpath med always-compare
[local]R1-1(config-bgp)#commit
3. Confirm the configuration. BGP now selects the path with the lower MED
(next hop 192.0.2.102 with med 20 is labeled best).
Example
[local]R1-1(config-bgp)#show bgp route 192.0.2.80/28
BGP ipv4 unicast routing table entry: 192.0.2.80/28, v →
ersion 28
Paths: total 2, best path count 1, best peer 192.0.2.1 →
02
Advertised to non-peer-group peers: 1
192.0.2.105
2
Nexthop 192.0.2.102 (0), peer 192.0.2.102 (192.0.2.1 →
02), AS 2
Origin incomplete, localpref 100, med 20, weight 100 →
, external, best
3
Nexthop 192.0.2.105 (0), peer 192.0.2.105 (192.0.2.1 →
05), AS 3
Origin incomplete, localpref 100, med 30, weight 100 →
, external
2.9
Configure a Peer Group
This example creates a peer group and uses it to facilitate the configuration of
BGP peers.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
45
BGP
Figure 13
Configuring a Peer Group
Figure 13 shows router R1-3 with router ID 192.0.2.103 in AS 1 configured
to establish iBGP sessions with several peers. This example creates peer
group PG1 and then uses it to configure the following iBGP neighbors:
•
R1-1 with router ID 192.0.2.101, linked to R1-3 over subnet
192.0.2.8/29
•
R1-4 with router ID 192.0.2.104, linked to R1-3 over subnet
192.0.2.16/29
Peer group PG1 configures a basic BGP session. Interface ifLB is the update
source for the IPv4 unicast address family, which is a route-reflector client of
R1-3.
To configure and use a peer group, do the following starting in global
configuration mode.
Steps
1. Enter the context, access BGP configuration mode, and configure the
peer group.
Example
[local]R1-3(config)#context local
[local]R1-3(config-ctx)#router bgp 1
[local]R1-3(config-bgp)#peer-group PG1 internal
[local]R1-3(config-bgp-peer-group)#update-source ifLB
[local]R1-3(config-bgp-peer-group)#address-family ipv4 →
unicast
[local]R1-3(config-bgp-peer-af)#route-reflector-client
46
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
[local]R1-3(config-bgp-peer-af)#exit
[local]R1-3(config-bgp-peer-group)#exit
[local]R1-3(config-bgp)#commit
2. Use the peer group to configure neighbors.
Example
[local]R1-3(config-bgp)#neighbor 192.0.2.101 internal
[local]R1-3(config-bgp-neighbor)#peer-group PG1
[local]R1-3(config-bgp-neighbor)#exit
[local]R1-3(config-bgp)#neighbor 192.0.2.104 internal
[local]R1-3(config-bgp-neighbor)#peer-group PG1
[local]R1-3(config-bgp-neighbor)#exit
[local]R1-3(config-bgp)#commit
3. Confirm the configuration.
Example
[local]R1-3(config-bgp)#show configuration bgp
router bgp 1
address-family ipv4 unicast
diverse-path-delay 20
!
peer-group PG1 internal
update-source ifLB
address-family ipv4 unicast
route-reflector-client
!
neighbor 192.0.2.101 internal
peer-group PG1
!
neighbor 192.0.2.104 internal
peer-group PG1
!
neighbor 192.0.2.144 internal
update-source ifLB_DP
12/1543-AXI 101 09/1 Uen F | 2017-11-22
47
BGP
...
4. Verify that peer-group sessions are established. This example verifies that
R1-3 establishes iBGP sessions with neighbors 192.0.2.101 and
192.0.2.104 configured using peer group PG1. The iBGP sessions are
configured in the procedure described in Establish an iBGP Session on
page 23.
Example
[local]R1-3(config-bgp)#show bgp neighbor summary
BGP router identifier: 192.0.2.103, local AS number: 1
Neighbors Configured: 4, Established: 4
Neighbor
Rst Up/Down State
AS MsgRcvd MsgSent
InQ OutQ →
192.0.2.101
1
13
15
0
0
0 00:08:55 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 6 imported: 0 active: 6 history: 0
dampened: 0 sent: 12
→
192.0.2.104
1
11
15
0
0
0 00:08:57 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0
dampened: 0 sent: 12
→
→
→
→
→
→
→
192.0.2.144
1
214
218
0
0 →
0 03:32:32 Established
CapSent : refresh 4byteAS unicast restart enhanced- →
refresh
...
2.10
Configure a Route Reflector
This example configures a route reflector and its client routers.
48
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Figure 14
Configuring a Route Reflector
Figure 14 shows route reflector RR1-1 serving client BGP routers R1-2 over
link 192.0.2.0/29 and R1-3 over link 192.0.2.8/29. These AS 1 routers
are configured as follows:
•
Route reflector RR1-1 is configured with a loopback interface with IP
address 192.0.2.101/32 and cluster ID 192.0.2.101.
•
Client BGP router R1-2 is configured with a loopback interface with IP
address 192.0.2.102/32 and is connected to subnet
203.0.113.0/28.
•
Client BGP router R1-3 is configured with a loopback interface with IP
address 192.0.2.103/32.
You can configure additional route reflector settings using commands such as
nexthop check-reachability, which disables the next-hop reachability check for
an address family. By default, Layer 3 VPN routes received from a PE peer
and not imported into a VPN context are not downloaded to the RIB. However,
disabling the next-hop reachability check reduces CPU load.
Note:
Configuring a route reflector while using RSVP-MPLS requires that
each Route Reflector (P-Router) is provisioned manually with an
active LSP path to each of the PE routers, otherwise VPN routes will
not be downloaded in the respective PEs, and traffic loss results. LDP
is not susceptible to this issue as the LSPs are provisioned
dynamically.
The following is an example of an LSP configuration on RR #1 in
Figure 14:
12/1543-AXI 101 09/1 Uen F | 2017-11-22
49
BGP
Example 5
lsp to-PE1
ingress x.x.x.x (Loopback_of_RR#1)
egress y.y.y.y (PE1_Loopback)
cspf
2.10.1
Configure Route Reflection
To configure a route reflector, do the following starting in global configuration
mode.
Steps
1. Enter the context, access BGP configuration mode, and configure the
cluster ID.
Example
[local]RR1-1(config)#context local
[local]RR1-1(config-ctx)#router bgp 1
[local]RR1-1(config-bgp)#cluster-id 192.0.2.101
2. Configure the client BGP routers.
Example
[local]RR1-1(config-bgp)#neighbor 192.0.2.102 internal
[local]RR1-1(config-bgp-neighbor)#address-family ipv4
unicast
[local]RR1-1(config-bgp-peer-af)#route-reflector-clien
t
[local]RR1-1(config-bgp-peer-af)#exit
[local]RR1-1(config-bgp-neighbor)#exit
[local]RR1-1(config-bgp)#neighbor 192.0.2.103 internal
[local]RR1-1(config-bgp-neighbor)#address-family ipv4
unicast
[local]RR1-1(config-bgp-peer-af)#route-reflector-clien
t
[local]RR1-1(config-bgp-peer-af)#exit
[local]RR1-1(config-bgp-neighbor)#exit
[local]RR1-1(config-bgp)#commit
3. Confirm the configuration. Both neighbor BGP routers are identified as
route reflector clients.
Example 6
[local]RR1-1(config-bgp)#show bgp neighbor
BGP neighbor: 192.0.2.102, remote AS: 1, internal link
50
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
→
→
→
Configuration
Version: 4, router identifier: 192.0.2.102
State: Established for 00:34:01
...
Address family: ipv4 unicast
BGP table version: 20, neighbor version: 20
Neighbor is a route reflector client
...
BGP neighbor: 192.0.2.103, remote AS: 1, internal link
Version: 4, router identifier: 192.0.2.103
State: Established for 00:34:24
...
Address family: ipv4 unicast
BGP table version: 20, neighbor version: 20
Neighbor is a route reflector client
...
2.10.2
Disable Client-to-Client Reflection and Verify Route Reflection
This example disables client-to-client reflection. As a result, the route to
subnet 203.0.113.0/28 sourced from R1-2 is not installed on R1-3.
To disable client-to-client reflection and verify route reflection, do the following.
Steps
1. Show routes sourced on client BGP router R1-2. The client router
advertises the directly connected route 203.0.113.0/28.
Example
[local]R1-2#show bgp route neighbor 192.0.2.101 advert →
ised
12/1543-AXI 101 09/1 Uen F | 2017-11-22
51
BGP
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
Next Hop
Metric
→
>
192.0.2.0/29
100
32768 ?
0.0.0.0
0
→
>
192.0.2.102/32
100
32768 ?
0.0.0.0
0
→
>
203.0.113.0/28
100
32768 ?
0.0.0.0
0
→
2. Show routes that RR1-1 reflects to R1-3. RR1-1 reflects route
203.0.113.0/28.
Example
[local]RR1-1#show bgp route neighbor 192.0.2.103 adver →
tised
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
Next Hop
Metric
→
>
192.0.2.0/29
100
32768 ?
0.0.0.0
0
→
>
192.0.2.8/29
100
32768 ?
0.0.0.0
0
→
>
192.0.2.101/32
100
32768 ?
0.0.0.0
0
→
>i
192.0.2.102/32
100
100 ?
192.0.2.102
0
→
>
192.0.2.240/29
100
32768 ?
0.0.0.0
0
→
>i
203.0.113.0/28
100
100 ?
192.0.2.102
0
→
3. Show routes received on R1-3 from the route reflector. R1-3 shows route
203.0.113.0/28.
52
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example
[local]R1-3#show bgp route neighbor 192.0.2.101 receiv →
ed
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
Next Hop
Metric
→
>i
192.0.2.0/29
100
100 ?
192.0.2.101
0
→
>i
192.0.2.8/29
100
100 ?
192.0.2.101
0
→
>i
192.0.2.101/32
100
100 ?
192.0.2.101
0
→
>i
192.0.2.102/32
100
100 ?
192.0.2.102
0
→
>i
192.0.2.240/29
100
100 ?
192.0.2.101
0
→
>i
203.0.113.0/28
100
100 ?
192.0.2.102
0
→
4. On route reflector RR1-1, disable client-to-client reflection.
Example
[local]RR1-1#configuration
[local]RR1-1(config)#context local
[local]RR1-1(config-ctx)#router bgp 1
[local]RR1-1(config-bgp)#no client-to-client reflectio →
n
[local]RR1-1(config-bgp)#commit
5. Show routes received on R1-3 from the route reflector. R1-3 no longer
shows route 203.0.113.0/28.
Example
[local]R1-3#show bgp route neighbor 192.0.2.101 receiv →
ed
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Next Hop
Metric
53
→
BGP
2.11
>i
192.0.2.0/29
100
100 ?
192.0.2.101
0
→
>i
192.0.2.8/29
100
100 ?
192.0.2.101
0
→
>i
192.0.2.101/32
100
100 ?
192.0.2.101
0
→
>i
192.0.2.240/29
100
100 ?
192.0.2.101
0
→
Configure a Confederation
This example configures two sub-autonomous systems as a confederation.
Figure 15
Configuring a Confederation
Figure 15 shows AS 1 configured as a confederation of sub-autonomous
systems 101 and 102 as follows:
2.11.1
•
Sub-AS 101 contains routers R1-1 with router ID 192.0.2.101 and R1-3
with router ID 192.0.2.103.
•
Sub-AS 102 contains router R1-2 with router ID 192.0.2.102.
•
Routers R1-2 and R1-3 establish eBGP sessions with AS 2 router R2-1
with router ID 198.51.100.101.
Configure R1-1
R1-1 is linked to sub-AS 101 router R1-3 over subnet 192.0.2.8/29 and to
sub-AS 102 router R1-2 over subnet 192.0.2.0/29.
To configure R1-1, do the following starting in global configuration mode.
54
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Steps
1. Enter the context, access BGP configuration mode, and configure the
confederation.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 101
[local]R1-1(config-bgp)#confederation identifier 1
[local]R1-1(config-bgp)#confederation peers 102
2. Identify R1-3as an internal BGP peer.
Example
[local]R1-1(config-bgp)#neighbor 192.0.2.103 internal
[local]R1-1(config-bgp-neighbor)#update-source ifLB
[local]R1-1(config-bgp-neighbor)#address-family ipv4 u →
nicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-neighbor)#exit
3. Identify R1-2as an external BGP peer.
Example
[local]R1-1(config-bgp)#neighbor 192.0.2.102 external
[local]R1-1(config-bgp-neighbor)#update-source ifLB
[local]R1-1(config-bgp-neighbor)#remote-as 102
[local]R1-1(config-bgp-neighbor)#ebgp-multihop 2
[local]R1-1(config-bgp-neighbor)#address-family ipv4 u →
nicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-neighbor)#exit
[local]R1-1(config-bgp)#commit
4. Confirm the configuration.
Example 7
[local]R1-1(config-bgp)#show configuration bgp
router bgp 101
confederation identifier 1
confederation peers 102
address-family ipv4 unicast
redistribute connected
!
12/1543-AXI 101 09/1 Uen F | 2017-11-22
55
BGP
neighbor 192.0.2.102 external
remote-as 102
ebgp-multihop 2
update-source ifLB
address-family ipv4 unicast
!
neighbor 192.0.2.103 internal
update-source ifLB
address-family ipv4 unicast
2.11.2
Configure R1-3 and R1-2
R1-3 is linked to sub-AS 101 router R1-1 over subnet 192.0.2.8/29. R1-2
is linked to R1-1 over subnet 192.0.2.0/29.
To configure these routers, repeat the procedure used to configure R1-1 as an
iBGP peer for R1-3 and an eBGP peer for R1-2.
2.11.3
Verify the Confederation
This example shows that the autonomous systems attributed to the
participating routers are the configured sub-autonomous systems.
Steps
1. Show which autonomous systems R1-1attributes to its BGP sessions. The
local AS number field and AS field for neighbor R1-3 (192.0.2.103)
show a value of 101. The AS field for neighbor R1-2 (192.0.2.102)
shows a value of 102.
Example
[local]R1-1#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1 →
01
Neighbors Configured: 2, Established: 2
56
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Neighbor
Rst Up/Down State
AS MsgRcvd MsgSent
InQ OutQ →
192.0.2.102
102
132
68
0
0
1 01:05:58 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 7 imported: 0 active: 0 history: 0
dampened: 0 sent: 4
192.0.2.103
101
78
146
0
0
0 01:15:31 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0
dampened: 0 sent: 4
→
→
→
→
→
→
→
→
2. Show which autonomous systems router R1-2 attributes to its BGP
sessions. The local AS number field shows a value of 102. The AS
field for neighbor R1-1 (192.0.2.101) shows a value of 101. The AS
field for external neighbor R2-1 (198.51.100.101) shows a value of 2.
Example
[local]R1-2#show bgp neighbor summary
BGP router identifier: 192.0.2.102, local AS number: 1 →
02
Neighbors Configured: 2, Established: 2
Neighbor
Rst Up/Down State
AS MsgRcvd MsgSent
InQ OutQ →
192.0.2.101
101
78
151
0
0
1 01:15:27 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 4 imported: 0 active: 3 history: 0
dampened: 0 sent: 8
12/1543-AXI 101 09/1 Uen F | 2017-11-22
57
→
→
→
→
BGP
198.51.100.101
2
76
148
0
0
0 01:12:26 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 6 imported: 0 active: 4 history: 0
dampened: 0 sent: 3
→
→
→
→
3. Show which autonomous systems router R1-3 attributes to its BGP
sessions. The local AS number field shows a value of 101. The AS
field for neighbor R1-1 (192.0.2.101) shows a value of 101. The AS
field for external neighbor R2-1 (198.51.100.101) shows a value of 2.
Example
[local]R1-3#show bgp neighbor summary
BGP router identifier: 192.0.2.103, local AS number: 1 →
01
Neighbors Configured: 2, Established: 2
Neighbor
Rst Up/Down State
AS MsgRcvd MsgSent
InQ OutQ →
192.0.2.101
101
174
93
0
0
0 01:29:08 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 6 imported: 0 active: 6 history: 0
dampened: 0 sent: 4
→
198.51.100.101
2
4
5
0
0
0 00:00:32 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 6 imported: 0 active: 4 history: 0
dampened: 0 sent: 6
→
4. Show which autonomous systems router R2-1 attributes to its BGP
sessions. The local AS number field shows a value of 2. The AS fields
for neighbors R1-2 and R1-3 show a value of 1.
58
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
→
→
→
→
→
Configuration
Example
[local]R2-1#show bgp neighbor summary
BGP router identifier: 198.51.100.101, local AS number →
: 2
Neighbors Configured: 2, Established: 2
Neighbor
Rst Up/Down State
AS MsgRcvd MsgSent
InQ OutQ →
192.0.2.102
1
156
80
0
0
1 01:16:21 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 3 imported: 0 active: 2 history: 0
dampened: 0 sent: 6
192.0.2.103
1
4
4
0
0
1 00:00:19 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 4 imported: 0 active: 2 history: 0
dampened: 0 sent: 6
2.12
Enable BGP Multipath Load Balancing
This example uses the multipath feature to load-balance traffic from an ingress
router across two next hops to an egress router. For more information on load
balancing, see Load Balancing.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
59
→
→
→
→
→
→
→
→
BGP
Figure 16
BGP Multipath Load Balancing
Figure 16 shows router R1-1 using multiple best equal-cost paths to balance
incoming traffic from AS 100 across R1-2 and R1-3. R1-1 connects to R100-1
in AS 100 over subnet 198.0.2.112/28, to R1-2 over subnet
192.0.2.0/28, and to R1-3 over subnet 192.0.2.16/28. AS 1 uses OSPF
as the IGP, and BGP redistributes the path to subnet 192.51.100.10/24.
Two hosts in a subnet connected to AS 100 send packets over R1-1 to a host
in a subnet connected to AS 1. BGP routes the packets over both R1-2 and
R1-3:
•
Subnet 203.0.113.0/24 → R100-1 → R1-1→ R1-2 → R1-4 → Subnet
192.51.100.10/24
•
Subnet 203.0.113.0/24 → R100-1 → R1-1→ R1-3 → R1-4 → Subnet
192.51.100.10/24
To enable multipath load balancing, do the following starting in global
configuration mode.
Steps
1. Enter the context, access BGP configuration mode, and enable the
multipath feature.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#multi-paths internal 3
[local]R1-1(config-bgp)#commit
2. Confirm the configuration.
60
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
The router is configured to allow three equal-cost paths. OSPF has
discovered two paths to 192.51.100.0/24 with cost 110 (the default
cost): through R1-2 (next hop 192.0.2.2) and through R1-3 (next hop
192.0.2.22).
Example
[local]R1-1(config-bgp)#show ip route
Codes: C - connected, S - static, S dv - dvsr, R - RIP →
, e B - EBGP, i B - IBGP
...
Type
tric
Network
UpTime Interface
Next Hop
Dist
Me →
...
> O
2
192.0.2.32/28
00:03:48 if2B
192.0.2.2
110
→
2
192.0.2.48/28
00:03:48 if2C
192.0.2.22
110
→
> O E2 192.51.100.0/24
0 00:03:48 if2B
192.0.2.2
110
→
>
192.0.2.22
> O
...
if2C
> e B
203.0.113.0/24
0 02:09:36 if2ASN100
198.0.2.122
→
20
→
...
To verify that BGP uses multiple paths to route traffic across AS 1, this
example uses the traceroute utility on Host1 and Host2 to send packets to
the destination 192.51.100.10. The next hops of R1-1 to the destination
192.51.100.10/24 depend on the source addresses: R1-2 (192.0.2.2)
for Host1 and R1-3 (192.0.2.22) for Host2.
Example
[local]Host1#traceroute 192.51.100.10
traceroute to 192.51.100.10 (192.51.100.10), 30 hops m →
ax, 60 byte packets
1 203.0.113.3 (203.0.113.3) 36.237 ms 36.865 ms 36.7 →
81 ms
12/1543-AXI 101 09/1 Uen F | 2017-11-22
61
BGP
2 198.0.2.121 (198.0.2.121) 36.995 ms 36.640 ms 37.1 →
01 ms
3 192.0.2.2 (192.0.2.2) 37.221 ms
ms
37.044 ms
36.869 →
4 192.0.2.36 (192.0.2.36) 37.446 ms 38.243 ms 35.381
ms
→
5 192.51.100.10 (192.51.100.0) 36.649 ms 37.397 ms 37 →
.223 ms
[local]Host1#traceroute 192.51.100.10
traceroute to 192.51.100.10 (192.51.100.10), 30 hops m →
ax, 60 byte packets
1 203.0.113.3 (203.0.113.3) 36.771 ms 36.214 ms 36.7 →
87 ms
2 198.0.2.121 (198.0.2.121) 36.007 ms 37.914 ms 37.6 →
83 ms
3 192.0.2.22 (192.0.2.22) 37.446 ms
81 ms
38.243 ms
35.3 →
4 192.0.2.52 (192.0.2.52) 37.221 ms 37.243 ms 36.381
ms
5 192.51.100.10 (192.51.100.10) 34.699 ms
34.766 ms
2.13
34.949 ms
Advertise the Best External Path
This example enables the best external path feature.
Figure 17
62
Advertising the Best External Path
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
→
Configuration
Figure 17 shows sub-AS 101 router R1-3 advertising to R1-4 two paths to
subnet 192.0.2.240/29. One is an internal path using next hop R1-1. The
other is the best external path using next hop R2-1.
This example uses the network configured in Configure a Confederation on
page 54 with the addition of R1-4. Sub-AS 101 router R1-4 with router ID
192.0.2.104 links to R1-3 over subnet 192.0.2.16/29.
To advertise the best external path, do the following starting in global
configuration mode.
Steps
1. Check the paths that R1-3 advertises and does not advertise to internal
peer R1-4. Subnet 192.0.2.240/29 is an internal path and not
advertised.
Example
[local]R1-3(config)#show bgp route neighbor 192.0.2.10 →
4 advertised
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
Next Hop
Metric
→
>
198.51.100.40/29
100
100 2 ?
198.51.100.101
0
→
>
198.51.100.48/29
100
100 2 ?
198.51.100.101
0
→
>
198.51.100.101/32
100
100 2 ?
198.51.100.101
0
→
>
203.0.113.16/28
198.51.100.101
0 →
100
100 2 ?
[local]R1-3(config)#show bgp route neighbor 192.0.2.10 →
4 not-advertised
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
Next Hop
Metric
→
>i
192.0.2.0/29
100
100 ?
192.0.2.101
0
→
>i
192.0.2.8/29
192.0.2.101
0
→
12/1543-AXI 101 09/1 Uen F | 2017-11-22
63
BGP
100
100 ?
>i
192.0.2.101/32
100
100 ?
192.0.2.101
0
→
>i
192.0.2.240/29
100
100 ?
192.0.2.101
0
→
>i
203.0.113.0/28
192.0.2.102
100
100 (102) ?
0
→
2. Enter the context, access BGP configuration mode, and enable the best
external path feature.
Example
[local]R1-3(config)#context local
[local]R1-3(config-ctx)#router bgp 1
[local]R1-3(config-bgp)#address-family ipv4 unicast
[local]R1-3(config-bgp-af)#advertise external uncondit →
ional
[local]R1-3(config-bgp-af)#exit
[local]R1-3(config-bgp)#commit
3. Confirm the configuration. R1-3 now advertises the best external path to
subnet 192.0.2.240/29.
Example
[local]R1-3(config-bgp)#show bgp route neighbor 192.0. →
2.104 advertised
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
64
Next Hop
Metric
→
192.0.2.240/29
100
100 2 ?
198.51.100.101
0
→
>
198.51.100.40/29
100
100 2 ?
198.51.100.101
0
→
>
198.51.100.48/29
100
100 2 ?
198.51.100.101
0
→
>
198.51.100.101/32
100
100 2 ?
198.51.100.101
0
→
203.0.113.0/28
100
100 2 ?
198.51.100.101
0
→
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
>
2.14
203.0.113.16/28
100
100 2 ?
198.51.100.101
0
Advertise a Diverse Path
This example enables the diverse path feature.
Figure 18
Advertising a Diverse Path
Figure 18 shows route reflector RR1-1 in AS 1 receiving paths to subnet
192.0.2.80/28 from routers in two different autonomous systems
configured as follows:
•
AS 2 router R2-1 with router ID 192.0.2.102 advertises to AS 1 router
R1-1 with router ID 192.0.2.102 a path over subnet 192.0.2.0/29.
•
AS 3 router R3-1 with router ID 192.0.2.105 advertises to AS 1 router
R1-2 router ID 198.51.100.101 a path over subnet 203.0.113.0/28.
RR1-1 reflects a best path and a diverse path to its client routers. For
information on configuring a route reflector, see Configure a Route Reflector
on page 48. The diverse path for router R1-4 is configured as follows:
•
RR1-1 uses loopback interface if_LB with IP address 192.0.2.103 to
advertise the best path to R1-4 IP address 192.0.2.104.
•
RR1-1 uses loopback interface if_LB_DP with IP address 192.0.2.133
to advertise the diverse path to R1-4 IP address 192.0.2.144.
You can configure additional diverse path settings using commands such as
bestpath igp-metric ignore, which sets the router to ignore the IGP
metric.
To advertise the diverse path, configure the routers as described in the
following sections.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
65
→
BGP
2.14.1
Configure RR1-1
Steps
1. Enter the context, access BGP configuration mode, and configure diverse
path advertising.
Example
[local]RR1-1(config)#context local
[local]RR1-1(config-ctx)#router bgp 1
[local]RR1-1(config-bgp)#address-family ipv4 unicast
[local]RR1-1(config-bgp-af)#diverse-path-delay 20
[local]RR1-1(config-bgp-af)#exit
[local]RR1-1(config-bgp)#neighbor 192.0.2.144 internal
[local]RR1-1(config-bgp-neighbor)#update-source ifLB_D
P
[local]RR1-1(config-bgp-neighbor)#address-family ipv4
unicast
[local]RR1-1(config-bgp-peer-af)#route-reflector-clien
t
[local]RR1-1(config-bgp-peer-af)#advertise diverse-pat
h
[local]RR1-1(config-bgp-peer-af)#exit
[local]RR1-1(config-bgp-neighbor)#exit
[local]RR1-1(config-bgp)#commit
2. Confirm the configuration.
Example 8
[local]RR1-1(config-bgp)#show configuration bgp
...
router-id 192.0.2.103
context local
!
router bgp 1
address-family ipv4 unicast
diverse-path-delay 20
...
neighbor 192.0.2.104 internal
66
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
→
→
→
Configuration
update-source ifLB
address-family ipv4 unicast
route-reflector-client
!
neighbor 192.0.2.144 internal
update-source ifLB_DP
address-family ipv4 unicast
route-reflector-client
advertise diverse-path
...
2.14.2
Configure R1-4
Steps
1. Enter the context, access BGP configuration mode, and configure diverse
path advertising.
Example
[local]R1-4(config)#context local
[local]R1-4(config-ctx)#router bgp 1
[local]R1-4(config-bgp)#address-family ipv4 unicast
[local]R1-4(config-bgp-af)#diverse-path-delay 20
[local]R1-4(config-bgp-af)#exit
[local]R1-4(config-bgp)#neighbor 192.0.2.133 internal
[local]R1-4(config-bgp-neighbor)#update-source ifLB_DP
[local]R1-4(config-bgp-neighbor)#address-family ipv4 u →
nicast
[local]R1-4(config-bgp-peer-af)#advertise diverse-path
[local]R1-4(config-bgp-peer-af)#exit
[local]R1-4(config-bgp-neighbor)#exit
[local]R1-4(config-bgp)#commit
2. Confirm the configuration.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
67
BGP
Example 9
[local]R1-4(config-bgp)#show configuration bgp
router bgp 1
address-family ipv4 unicast
diverse-path-delay 20
!
neighbor 192.0.2.103 internal
update-source ifLB
address-family ipv4 unicast
!
neighbor 192.0.2.133 internal
update-source ifLB_DP
address-family ipv4 unicast
advertise diverse-path
2.14.3
Verify Diverse Path Advertisement
Steps
1. Verify that RR1-1installs two paths to subnet 192.0.2.80/28. RR1-1
has paths to the subnet through R2-1 (192.0.2.102) and R3-1
(192.0.2.105).
Example
[local]RR1-1#show bgp route
Address Family: ipv4 unicast
...
Network
LocPrf Weight Path
>i
68
192.0.2.0/29
100
100 ?
Next Hop
192.0.2.101
Metric
→
0
→
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
>i
192.0.2.8/29
100
100 ?
192.0.2.101
0
→
>i
192.0.2.80/28
100
100 2 ?
192.0.2.102
15
→
192.0.2.105
5
→
192.0.2.101
0
→
i
>i
100
100 3 ?
192.0.2.101/32
100
100 ?
...
2. Verify that RR1-1advertises the diverse path to client router R1-4. RR1-1
now advertises the diverse path (Nexthop 192.0.2.105) to peer
192.0.2.104 (R1-4), among other clients, with the diverse path
label.
Example
[local]RR1-1(config-bgp)#show bgp route 192.0.2.80/28
BGP ipv4 unicast routing table entry: 192.0.2.80/28, v →
ersion 42
Paths: total 2, best path count 1, best peer 192.0.2.1 →
01
Advertised to non-peer-group peers: 3
192.0.2.104
192.0.2.144
198.51.100.101
2
Nexthop 192.0.2.102 (0), peer 192.0.2.101 (192.0.2.1 →
01), AS 1
Origin incomplete, localpref 100, med 15, weight 100 →
, internal, rr-client, best
3
Nexthop 192.0.2.105 (0), peer 198.51.100.101 (198.51 →
.100.101), AS 1
Origin incomplete, localpref 100, med 5, weight 100, →
internal, rr-client, diverse path
12/1543-AXI 101 09/1 Uen F | 2017-11-22
69
BGP
3. Verify that R1-4 receives the advertised diverse path from route reflector
RR1-1. R1-4 shows the path 192.0.2.105 with the diverse path
label.
Example
[local]R1-4(config-bgp)#show bgp route 192.0.2.80/28
BGP ipv4 unicast routing table entry: 192.0.2.80/28, v →
ersion 42
Paths: total 2, best path count 1, best peer 192.0.2.1 →
03
Not advertised to any peer
2
Nexthop 192.0.2.102 (0), peer 192.0.2.103 (192.0.2.1 →
01), AS 1
Origin incomplete, localpref 100, med 15, weight 100 →
, internal, best
Originator: 192.0.2.101, Cluster list: 192.0.2.103
3
Nexthop 192.0.2.105 (0), peer 192.0.2.133 (198.51.10 →
0.101), AS 1
Origin incomplete, localpref 100, med 5, weight 100, →
internal, diverse path
3
2.15
Originator: 198.51.100.101, Cluster list: 192.0.2.10 →
Advertise "Next-Hop-Self" to iBGP Neighbors
This example configures two route reflectors routers to use "next-hop-self"
advertisement behavior for iBGP neighbors.
70
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Figure 19
Enabling "Next-Hop-Self" Advertisement for iBGP Neighbors
In Figure 19, the network is divided into three topologies served by a
combination of LDP and RSVP. The route reflectors are both configured to use
"next-hop-self" advertisement when forwarding to their iBGP neighbors. As a
result, at the area boundary, the route reflector changes the next hops for the
BGP labeled routes to advertise the route reflector's local peer address.
Therefore, all the labeled BGP routes in the area will have the route reflector's
address as the next hop. In this example, the route reflectors are configured
as follows:
2.15.1
•
RR1 and RR2 are both configured as route reflectors and Area Border
Routers at the boundaries of the areas.
•
RR1 advertises its own address to the iBGP neighbor at
192.168.124.15 for IPv4 unicast iBGP routes. The neighbor is
configured directly.
•
RR2 advertises its own address to the iBGP neighbor at 10.10.31.114
for IPv4 and IPv6 labeled unicast eBGP and iBGP routes. The neighbor is
configured using the internal peer group NHS.
Configure RR1
To configure RR1 to use "next-hop-self" advertisement for the iBGP neighbor
at 192.168.124.15, do the following starting in global configuration mode.
Steps
1. Enter the context and access configuration for the iBGP neighbor. Enable
"next-hop-self" advertisement for iBGP routes for the IPv4 unicast address
family.
Example
[local]RR1(config)#context local
[local]RR1(config-ctx)#router bgp 1
[local]RR1(config-bgp)#neighbor 192.168.124.15 interna →
l
[local]RR1(config-bgp-neighbor)#address-family ipv4 un →
icast
[local]RR1(config-bgp-peer-af)#next-hop-self ibgp
[local]RR1(config-bgp-peer-af)#commit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
71
BGP
[local]RR1(config-bgp-peer-af)#exit
[local]RR1(config-neighbor)#exit
[local]RR1(config-bgp)#commit
2. Confirm the configuration.
Example 10
[local]RR1#show configuration bgp
:
router bgp 1
!
neighbor 192.168.124.15 internal
address-family ipv4 unicast
next-hop-self ibgp
!
:
2.15.2
Configure RR2
To configure RR2 to use "next-hop-self" advertisement for the iBGP neighbor
at 10.10.31.114, do the following starting in global configuration mode.
Steps
1. Enter the routing context and create the peer group. For the IPv4 unicast
address family, enable "next-hop-self" advertisement for eBGP and iBGP
routes.
Example
[local]RR2(config)#context local
[local]RR2(config-ctx)#router bgp 1
[local]RR2(config-bgp)#peer-group NHS internal
[local]RR2(config-bgp-peer-group)#address-family ipv4
unicast
[local]RR2(config-bgp-peer-af)#send label
[local]RR2(config-bgp-peer-af)#next-hop-self ebgp
72
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
Configuration
[local]RR2(config-bgp-peer-af)#next-hop-self ibgp
[local]RR2(config-bgp-peer-af)#exit
2. For the IPv6 unicast address family, enable "next-hop-self" advertisement
for eBGP and iBGP routes.
Example
[local]RR2(config-bgp-peer-group)#address-family ipv6
unicast
[local]RR2(config-bgp-peer-af)#next-hop-self ebgp
[local]RR2(config-bgp-peer-af)#next-hop-self ibgp
[local]RR2(config-bgp-peer-af)#commit
[local]RR2(config-bgp-peer-af)#exit
[local]RR2(config-peer-group)#exit
3. Use the peer group to configure the neighbor at 10.10.31.114.
Example
[local]RR2(config-bgp)#neighbor 10.10.31.114 internal
[local]RR2(config-bgp-neighbor)#peer-group NHS
[local]RR2(config-bgp-neighbor)#commit
[local]RR2(config-bgp-neighbor)#exit
[local]RR2(config-bgp)#exit
[local]RR2(config-ctx)#exit
[local]RR2(config)#exit
4. Confirm the configuration.
Example
[local]RR2#show configuration bgp
:
!
router bgp 1
!
peer-group NHS internal
address-family ipv4 unicast
next-hop-self ebgp
next-hop-self ibgp
address-family ipv6 unicast
next-hop-self ebgp
next-hop-self ibgp
12/1543-AXI 101 09/1 Uen F | 2017-11-22
73
→
BGP
!
neighbor 10.10.31.114 internal
peer-group NHS
!
:
2.16
Configure Fast Reset
This example configures fast reset (neighbor) for the eBGP session configured
in Establish an eBGP Session on page 26.
•
On R1-1, the if2R21 interface provides a physical link its neighbor R2-1.
•
The IP address of if2R21 is 192.0.2.1/29.
•
The only interface through which R1-1 can reach its neighbor R2-1 is
if2R21; therefore, the only interface in the fast-reset list is if2R21.
You can configure additional timer settings using commands such as timers
keepalive, which modifies keepalive and holdtime timers for BGP
neighbors.
2.16.1
Configure Fast Reset on R1-1
To configure fast reset (neighbor) on R1-1, do the following starting in global
configuration mode.
Steps
1. Enter the context, access BGP configuration mode, and configure fast
reset for the interface.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#neighbor 198.51.100.101 extern →
al
[local]R1-1(config-bgp-neighbor)#fast-reset 2000
[local]R1-1(config-nbr-fast-reset)#interface if2R21
[local]R1-1(config-nbr-fast-reset)#exit
[local]R1-1(config-neighbor)#exit
[local]R1-1(config-bgp)#commit
74
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
2. Confirm the configuration. The show bgp neighbor command now
displays the configured value in a Fast reset timer field.
Example 11
[local]R1-2(config-bgp)#show bgp neighbor 198.51.100.101
BGP neighbor: 198.51.100.101, remote AS: 2, external link
Version: 4, router identifier: 198.51.100.101
State: Established for 00:48:04
Last read 00:00:24, last send 00:00:53
Hold time: configured 180, negotiated 180
Keepalive time: configured 60, negotiated 60
...
Fast reset timer 2000 msecs
Interface name: if2R21
State: UP
Address family: ipv4 unicast
...
2.16.2
Verify Fast Reset
To verify fast reset, this example disables interface if2R21. Because the fastreset timer is set to 2 seconds, you can verify that BGP is down before the
negotiated hold time of 180 seconds passes; that is, as a result of fast reset
rather than hold time expiry.
Steps
1. Verify that the BGP session is up by checking that the State field shows
a value of Established for the external peer (198.51.100.101).
Example
[local]R1-2#show bgp neighbor summary
BGP router identifier: 192.0.2.102, local AS number: 1
12/1543-AXI 101 09/1 Uen F | 2017-11-22
75
BGP
Neighbors Configured: 2, Established: 2
Neighbor
AS MsgRcvd MsgSent InQ OutQ
Rst Up/Down State
192.0.2.101
1
1219
1235
0
0
1 20:36:48 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0
dampened: 0 sent: 0
198.51.100.101
2
3
3
0
0
2 00:00:10 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0
dampened: 0 sent: 0
→
→
→
→
→
→
→
→
→
2. On router R1-2, disable the interface to the external peer.
Example
[local]R1-2#configuration
[local]R1-2(config)#port ethernet1/2
[local]R1-2(config-port)#shutdown
[local]R1-2(config-port)#commit
3. Verify that the eBGP session is down. The State field for the external
neighbor (198.51.100.101) shows a value of Idle, the reset
reason field shows a value of Interface reset, and the State in the
Fast reset timer field shows a value of DOWN.
Example
[local]R1-2(config-port)#show bgp neighbor 198.51.100. →
101
BGP neighbor: 198.51.100.101, remote AS: 2, external l →
ink
Version: 4, router identifier: 198.51.100.101
State: Idle for 00:00:06
Last read 00:00:52, last send 00:00:52
Hold time: configured 180, negotiated 0
Keepalive time: configured 60, negotiated 0
76
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
...
Last active open: 00:04:04, reason: no active or con →
nected route
Reset count: 3, last reset time: 00:00:06, reset rea →
son: Interface reset
...
Fast reset timer 2000 msecs
Interface name: if2R21
State: DOWN
Address family: ipv4 unicast
...
2.17
Configure Next-Hop-Triggered Best-Path Calculation
This example configures the router to trigger a recalculation of its best path
when it detects changes to a next hop.
Figure 20
Next-Hop-Triggered Best-Path Calculation
Figure 20 shows AS 1 router R1-1 with router ID 192.0.2.101 (loopback
interface ifLB with IP address 192.0.2.101/32 in the local context)
configured to recalculate the best path if it detects changes.
In this example, R1-1 establishes eBGP sessions over links 192.0.2.0/29
and 203.0.113.0/28 to peer routers configured as follows:
•
AS 2 router R2-1 advertises a path to subnet 192.0.2.80/29 using next
hop 192.0.2.102.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
77
BGP
•
2.17.1
AS 3 router R3-1 advertises a path to subnet 192.0.2.80/29 using next
hop 192.0.2.105.
Configure R1-1
To configure next-hop-triggered best-path calculation on R1-1, do the following
starting in global configuration mode.
Steps
1. Enter the context, access BGP configuration mode, and configure nexthop-triggered best-path calculation.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#address-family ipv4 unicast
[local]R1-1(config-bgp-af)#redistribute connected
[local]R1-1(config-bgp-af)#nexthop triggered delay 5 h →
oldtime 10
[local]R1-1(config-bgp-af)#exit
[local]R1-1(config-bgp)#neighbor 192.0.2.102 external
[local]R1-1(config-bgp-neighbor)#remote as 2
[local]R1-1(config-bgp-neighbor)#ebgp-multihop 2
[local]R1-1(config-bgp-neighbor)#update-source ifLB
[local]R1-1(config-bgp-neighbor)#send filter prefix-li →
st
[local]R1-1(config-bgp-neighbor)#exit
[local]R1-1(config-bgp)#address-family ipv4 unicast
[local]R1-1(config-bgp-peer-af)#prefix-list ORF1 in
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp-neighbor)#exit
[local]R1-1(config-bgp)#neighbor 192.0.2.103 external
[local]R1-1(config-bgp-neighbor)#update-source ifLB
...
[local]R1-1(config-bgp-neighbor)#commit
2. Confirm the BGP configuration.
Example 12
[local]R1-1(config-bgp)#show configuration bgp
router bgp 1
address-family ipv4 unicast
redistribute connected
78
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
nexthop triggered delay 5 holdtime 10
!
neighbor 192.0.2.102 external
remote-as 2
ebgp-multihop 2
update-source ifLB
send filter prefix-list
address-family ipv4 unicast
prefix-list ORF1 in
!
neighbor 192.0.2.103 internal
update-source ifLB
...
2.17.2
Verify That a Change to a Next Hop Triggers a Best-Path
Calculation
To verify that the router recalculates its best path when it detects changes to a
next hop, this example disables the link to the current best-hop router.
Steps
1. Verify that R1-1 has selected a best path from the two available paths.
Nexthop 192.0.2.105 (R3-1) shows the best label.
Example
[local]R1-1#show bgp route 192.0.2.80/28
BGP ipv4 unicast routing table entry: 192.0.2.80/28, v →
ersion 23
Paths: total 2, best path count 1, best peer 192.0.2.1 →
05
Advertised to non-peer-group peers: 2
12/1543-AXI 101 09/1 Uen F | 2017-11-22
79
BGP
192.0.2.102
192.0.2.103
2
Nexthop 192.0.2.102 (0), peer 192.0.2.102 (192.0.2.1 →
02), AS 2
Origin incomplete, localpref 100, med 15, weight 100 →
, external
3
Nexthop 192.0.2.105 (0), peer 192.0.2.105 (192.0.2.1 →
05), AS 3
Origin incomplete, localpref 100, med 0, weight 100, →
external, best
2. Check the negotiated hold time and keepalive time for the next-hop
routers. The Hold time field for both next hops shows a negotiated
value of 180 (3 minutes). The Keepalive time field for both next hops
shows a negotiated value of 60 (one minute).
Example
[local]R1-1#show bgp neighbor 192.0.2.102
BGP neighbor: 192.0.2.102, remote AS: 2, external link
Version: 4, router identifier: 192.0.2.102
State: Established for 04:30:01
Last read 00:00:33, last send 00:00:56
Hold time: configured 180, negotiated 180
Keepalive time: configured 60, negotiated 60
...
[local]R1-1#show bgp neighbor 192.0.2.105
BGP neighbor: 192.0.2.105, remote AS: 3, external link
Version: 4, router identifier: 192.0.2.105
State: Established for 02:29:48
Last read 00:00:37, last send 00:00:45
80
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Hold time: configured 180, negotiated 180
Keepalive time: configured 60, negotiated 60
...
3. On router R3-1, disable the interface to R1-1.
Example
[local]R3-1(config)#port ethernet1/2
[local]R3-1(config-port)#shutdown
[local]R3-1(config-port)#commit
4. Verify that R1-1 recalculates the best path immediately Nexthop
192.0.2.102 (R2-1) now shows the best label.
Example
[local]R1-1#show bgp route 192.0.2.80/28
BGP ipv4 unicast routing table entry: 192.0.2.80/28, v →
ersion 36
Paths: total 2, best path count 1, best peer 192.0.2.1 →
02
Advertised to non-peer-group peers: 2
192.0.2.102
192.0.2.103
2
Nexthop 192.0.2.102 (0), peer 192.0.2.102 (192.0.2.1 →
02), AS 2
Origin incomplete, localpref 100, med 15, weight 100 →
, external, best
3
Nexthop 192.0.2.105 (0), peer 192.0.2.105 (192.0.2.1 →
05), AS 3
Origin incomplete, localpref 100, med 0, weight 100, →
external
12/1543-AXI 101 09/1 Uen F | 2017-11-22
81
BGP
2.18
Configure Graceful Restart
This example configures graceful restart (GR) for the BGP sessions,
configured in Establish an iBGP Session on page 23 and Establish an eBGP
Session on page 26.
You can configure additional graceful restart settings using commands such as
the following:
•
graceful-restart (BGP) with the no keyword to disable graceful
restart.
•
maximum update-delay to set the maximum delay time for the BGP
routing process between a reset and performing initial best-path
calculations.
Note:
2.19
The maximum delay time must not be configured for the BGP
routing process in case of VPN contexts. The VPN contexts are
assigned with the same value configured for the local context. If
the maximum delay time is not configured for the local context,
the default value is assigned for the BGP process.
•
timers active-open to set the interval the router waits for a BGP peer
to come up after a graceful restart before the router starts the best-path
computation.
•
retain-ibgp-routes to specify that the BGP router retains routes
established with the iBGP neighbor 198.51.100.102 when the iBGP
neighbor restarts, even if not all iBGP peers support graceful restart.
Enable Route-Flap Statistics
This example enables route-flap statistics for an address family on router R1-1
in a network similar to that of Compare MEDs on Paths from Multiple
Autonomous Systems on page 43. Route-flap damping is described in RFC
2439, BGP Route Flap Damping.
You can configure additional statistics and flap settings using commands such
as the following:
•
2.19.1
dampening to enable eBGP route dampening for an address family.
Enable Route-Flap Statistics on R1-1
To enable route flap statistics, do the following starting in global configuration
mode.
82
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Steps
1. Enter the context, access BGP configuration mode, and enable route-flap
statistics for the address family.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#address-family ipv4 unicast
[local]R1-1(config-bgp-af)#flap-statistics
[local]R1-1(config-bgp-af)#exit
[local]R1-1(config-bgp)#commit
2. Confirm the configuration.
Example 13
[local]R1-1(config-bgp)#show configuration bgp
router bgp 1
timers keepalive 10 holdtime 15
address-family ipv4 unicast
flap-statistics
redistribute connected
nexthop triggered delay 5 holdtime 10
!
neighbor 192.0.2.102 external
remote-as 2
ebgp-multihop 2
update-source ifLB
send filter prefix-list
address-family ipv4 unicast
prefix-list ORF1 in
...
12/1543-AXI 101 09/1 Uen F | 2017-11-22
83
BGP
2.19.2
Verify Recording
To verify that the router records flap statistics, this example disables and reenables the interface to subnet 192.0.2.80/28.
Steps
1. Verify that the BGP sessions are up on the router. The State field shows
a value of Established for three peers.
Example
[local]R1-1#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1
Neighbors Configured: 3, Established: 3
Neighbor
Rst Up/Down State
AS MsgRcvd MsgSent
InQ OutQ →
192.0.2.102
2
353
362
0
0
1 05:43:45 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
prefix-orf
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
prefix-orf
unicast : rcvd: 3 imported: 0 active: 2 history: 0
dampened: 0 sent: 10
84
→
→
→
→
192.0.2.103
1
305
301
0
0
0 04:31:46 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 5 imported: 0 active: 5 history: 0
dampened: 0 sent: 7
→
192.0.2.105
3
202
186
0
0
2 00:17:09 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 3 imported: 0 active: 1 history: 0
dampened: 0 sent: 11
→
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
→
→
→
→
→
Configuration
2. On router R1-2, disable the interface to subnet 192.0.2.80/28
advertised by router 192.0.2.105.
Example
[local]R1-2#configuration
[local]R1-2(config)#port ethernet1/11
[local]R1-2(config-port)#shutdown
[local]R1-2(config-port)#commit
3. Verify that R1-1 records the route flap.
Example
[local]R1-1(config-port)#show bgp route flap-statistic →
s external
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
ation Reuse
Path
h
192.0.2.80/28
820 00:04:10
From
Flaps Penalty Dur →
192.0.2.105
3
1
→
4. On router R1-2, re-enable the interface to subnet 192.0.2.80/28
advertised by router 192.0.2.105.
Example
[local]R1-2(config-port)#no shutdown
[local]R1-2(config-port)#commit
5. Verify that the router records the route flap.
Example
[local]R1-1(config-port)#show bgp route flap-statistic →
s external
Address Family: ipv4 unicast
BGP table version is 60, local router ID is 192.0.2.10 →
1
Status codes: d damped, h history, > best, i internal
Origin codes: i - IGP, e - EGP, ? - incomplete
12/1543-AXI 101 09/1 Uen F | 2017-11-22
85
BGP
RIB download codes: x - not downloaded to RIB (filtere →
d)
Network
ation Reuse
Path
192.0.2.80/28
616 00:10:15
2.20
From
Flaps Penalty Dur →
192.0.2.105
3
1
Enable BGP FRR of Pure IP Network
This example enables FRR for the IPv4 and IPv6 address families in a pure IP
network spanning two autonomous systems.
Figure 21
BGP FRR of Pure IP Network
In Figure 21, routers R1-1, R1-2, and R1-3 participate in an iBGP session in
AS1, and routers R1-2 and R1-3 participate in an eBGP session with R2-1,
which is a member of AS2. The best path from R1-1 to R2-1 is through R1-2.
With FRR enabled, R1-1 precomputes an alternate path to R2-1 through R1-3.
If R1-2 is unreachable, traffic is automatically routed through R1-3.
To configure FRR in this way, perform the procedures detailed in the following
sections.
2.20.1
Configure R1-1
To configure the R1-1, perform the following steps starting in global
configuration mode.
Steps
1. Enter the context, access BGP configuration mode and enable FRR.
86
12/1543-AXI 101 09/1 Uen F | 2017-11-22
→
Configuration
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#address-family ipv4 unicast
[local]R1-1(config-bgp-af)#ipfrr
[local]R1-1(config-bgp-af)#exit
[local]R1-1(config-bgp)#address-family ipv6 unicast
[local]R1-1(config-bgp-af)#ipfrr
[local]R1-1(config-bgp-af)#exit
2. Configure the iBGP neighbors.
Example
[local]R1-1(config-bgp)#neighbor 192.0.2.102 internal
[local]R1-1(config-bgp-neighbor)#address-family ipv4 unicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp-neighbor)#address-family ipv6 unicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp-neighbor)#exit
[local]R1-1(config-bgp)#neighbor 192.0.2.103 internal
[local]R1-1(config-bgp-neighbor)#address-family ipv4 unicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp-neighbor)#address-family ipv6 unicast
[local]R1-1(config-bgp-peer-af)#exit
[local]R1-1(config-bgp-neighbor)#exit
[local]R1-1(config-bgp)#commit
3. Confirm the configuration.
Example 14
[local]R1-1(config-bgp)#show configuration bgp
context local
!
router bgp 1
address-family ipv4 unicast
ipfrr
!
neighbor 192.0.2.102 internal
address-family ipv4 unicast
address-family ipv6 unicast
!
neighbor 192.0.2.103 internal
address-family ipv4 unicast
address-family ipv6 unicast
!
2.20.2
Configure R1-2 and R1-3
To configure R1-2 and R1-3, perform the following steps starting in global
configuration mode.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
87
BGP
Steps
1. On R1-2, enter the context, access BGP configuration mode and enable
FRR.
Example
[local]R1-2(config)#context local
[local]R1-2(config-ctx)#router bgp 1
[local]R1-2(config-bgp)#address-family ipv4 unicast
[local]R1-2(config-bgp-af)#exit
[local]R1-2(config-bgp)#address-family ipv6 unicast
[local]R1-2(config-bgp-af)#exit
2. Configure the iBGP and eBGP neighbors.
Example
[local]R1-2(config-bgp)#neighbor 192.0.2.101 internal
[local]R1-2(config-bgp-neighbor)#address-family ipv4 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-bgp-neighbor)#address-family ipv6 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-bgp-neighbor)#exit
[local]R1-2(config-bgp)#neighbor 192.0.2.103 internal
[local]R1-2(config-bgp-neighbor)#address-family ipv4 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-bgp-neighbor)#address-family ipv6 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-bgp-neighbor)#exit
[local]R1-2(config-bgp)#neighbor 198.51.100.1 external
[local]R1-2(config-bgp-neighbor)#remote-as 2
[local]R1-2(config-bgp-neighbor)#address-family ipv4 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-bgp-neighbor)#address-family ipv6 unicast
[local]R1-2(config-bgp-peer-af)#exit
[local]R1-2(config-bgp-neighbor)#exit
[local]R1-2(config-bgp)#commit
3. Confirm the configuration.
Example
[local]R1-2(config-bgp)#show configuration bgp
context local
!
router bgp 1
address-family ipv4 unicast
!
neighbor 192.0.2.101 internal
address-family ipv4 unicast
address-family ipv6 unicast
!
neighbor 192.0.2.103 internal
address-family ipv4 unicast
address-family ipv6 unicast
!
neighbor 198.51.100.1 external
88
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
remote-as 2
address-family ipv4 unicast
address-family ipv6 unicast
!
4. To configure R1-3, repeat the procedure used to configure R1-2,
substituting the IP address 192.0.2.102 for R1-2 where appropriate.
2.20.3
Configure R2-1
To configure R2-1, perform the following steps starting in global configuration
mode.
Steps
1. On R2-1, enter the context, access BGP configuration mode, and
configure the eBGP neighbors.
Example
[local]R2-1(config)#context local
[local]R2-1(config-ctx)#router bgp 2
[local]R2-1(config-bgp)#neighbor 192.0.2.102 external
[local]R2-1(config-bgp-neighbor)#remote-as 1
[local]R2-1(config-bgp-neighbor)#address-family ipv4 unicast
[local]R2-1(config-bgp-peer-af)#exit
[local]R2-1(config-bgp-neighbor)#address-family ipv6 unicast
[local]R2-1(config-bgp-peer-af)#exit
[local]R2-1(config-neighbor)#exit
[local]R2-1(config-bgp)#neighbor 192.0.2.103 external
[local]R2-1(config-bgp-neighbor)#remote-as 1
[local]R2-1(config-bgp-neighbor)#address-family ipv4 unicast
[local]R2-1(config-bgp-peer-af)#exit
[local]R2-1(config-bgp-neighbor)#address-family ipv6 unicast
[local]R2-1(config-bgp-peer-af)#exit
[local]R2-1(config-neighbor)#exit
[local]R2-1(config-bgp)#commit
2. Confirm the configuration.
Example 15
[local]R2-1(config-bgp)#show configuration bgp
context local
!
router bgp 2
!
neighbor 192.0.2.102 external
remote-as 1
address-family ipv4 unicast
address-family ipv6 unicast
!
neighbor 192.0.2.103 external
remote-as 1
12/1543-AXI 101 09/1 Uen F | 2017-11-22
89
BGP
address-family ipv4 unicast
address-family ipv6 unicast
!
2.21
Enable BGP FRR of L3VPN Basic
This example enables BGP FRR of L3VPN basic in a network spanning two
autonomous systems.
Primary Path
P
AS 100
12.1.1.2/24
eBGP
PE2
23.1.1.2/24
vpn1
23.1.1.3/24
PE1
34.1.1.3/24
12.1.1.1/24
35.1.1.3/24
2035::3/64
14.1.1.1/24
14.1.1.4/24
AS 200
35.1.1.5/24
2035::5/64
CE
45.1.1.5/24
2045::5/64
PE334.1.1.4/24
vpn1
45.1.1.4/24
2045::4/64
Backup Path
G107930A
Figure 22
BGP FRR of L3VPN Basic
Figure 22 shows the network topology for this configuration.
•
BGP FRR is enabled on both PE1 and PE2 routers.
•
BFD failure detection for BGP FRR is configured on PE1, PE2, and CE
routers.
•
VPN context vpn1 provides connectivity to router CE.
Note:
90
The following prerequisites need to be satisfied before configuring
BGP FRR for the above network:
•
All the interfaces connected with between routers are configured
according to the topology.
•
OSPF, MPLS, and LDP are enabled on routers PE1, P, PE2, PE3.
•
BGP is configured on router CE.
•
BFD is configured on routers PE1, PE2, and CE.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Note:
It is not recommended to configure BGP FRR on backup PE3 for dual
homed CE case.
If BGP FRR is configured on PE3, per-prefix label allocation needs to
be enabled. Otherwise, route oscillation may happen in the BGP FRR.
To configure FRR in this way, perform the procedures detailed in the following
sections.
2.21.1
Configure PE1
To configure the PE1, perform the following steps starting in global
configuration mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]PE1(config)#context local
[local]PE1(config-ctx)#ip prefix-list 32bit
[local]PE1(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]PE1(config-prefix-list)#seq 20 deny any
[local]PE1(config-prefix-list)#exit
[local]PE1(config-ctx)#route-map BACKUP permit 10
[local]PE1(config-route-map)#set local-preference 100
[local]PE1(config-route-map)#exit
[local]PE1(config-ctx)#route-map PRIMARY permit 10
[local]PE1(config-route-map)#set local-preference 200
[local]PE1(config-route-map)#exit
[local]PE1(config-ctx)#route-map loopback_only permit 10
[local]PE1(config-route-map)#match ip address prefix-list 32bit
[local]PE1(config-route-map)#commit
[local]PE1(config-route-map)#exit
2. Access BGP configuration mode, and configure route redistribution.
Example
[local]PE1(config-ctx)#router bgp 100
[local]PE1(config-bgp)#address-family ipv4 unicast
[local]PE1(config-bgp-af)#redistribute connected route-map loopback_only
[local]PE1(config-bgp-af)#exit
[local]PE1(config-bgp)#address-family ipv4 vpn
[local]PE1(config-bgp-af)#ipfrr bfd
[local]PE1(config-bgp-af)#exit
[local]PE1(config-bgp)#address-family ipv6 vpn
[local]PE1(config-bgp-af)#ipfrr bfd
[local]PE1(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]PE1(config-bgp)#neighbor 3.3.3.3 internal
[local]PE1(config-bgp-neighbor)#update-source loop0
[local]PE1(config-bgp-neighbor)#next-hop-self
[local]PE1(config-bgp-neighbor)#bfd
[local]PE1(config-bgp-neighbor)#address-family ipv4 vpn
[local]PE1(config-bgp-peer-af)#route-map PRIMARY in
12/1543-AXI 101 09/1 Uen F | 2017-11-22
91
BGP
[local]PE1(config-bgp-peer-af)#exit
[local]PE1(config-bgp-neighbor)#address-family ipv6 vpn
[local]PE1(config-bgp-peer-af)#route-map PRIMARY in
[local]PE1(config-bgp-peer-af)#exit
[local]PE1(config-bgp-neighbor)#exit
[local]PE1(config-bgp)#neighbor 4.4.4.4 internal
[local]PE1(config-bgp-neighbor)#update-source loop0
[local]PE1(config-bgp-neighbor)#next-hop-self
[local]PE1(config-bgp-neighbor)#bfd
[local]PE1(config-bgp-neighbor)#address-family ipv4 vpn
[local]PE1(config-bgp-peer-af)#route-map BACKUP in
[local]PE1(config-bgp-peer-af)#exit
[local]PE1(config-bgp-neighbor)#address-family ipv6 vpn
[local]PE1(config-bgp-peer-af)#route-map BACKUP in
[local]PE1(config-bgp-peer-af)#commit
[local]PE1(config-bgp-peer-af)#exit
[local]PE1(config-bgp-neighbor)#exit
4. Create a new VPN context and specify a route distinguisher.
Example
[local]PE1(config)#context vpn1 vpn-rd 1:1
5. Create an interface in the context and assign it an IP address.
Example
[local]PE1(config-ctx)#interface to_ce
[local]PE1(config-if)#ip address 100.1.1.1/24
[local]PE1(config-if)#ipv6 address 1000::1/64
[local]PE1(config-if)#exit
6. Enable a BGP routing instance in the VPN context.
Example
[local]PE1(config-ctx)#router bgp vpn
7. Identify the IPv4 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]PE1(config-bgp)#address-family ipv4 unicast
[local]PE1(config-bgp-af)#export
[local]PE1(config-bgp-af-export)#route-target 1:1
[local]PE1(config-bgp-af-export)#exit
[local]PE1(config-bgp-af)#import
[local]PE1(config-bgp-af-import)#route-target 1:1
[local]PE1(config-bgp-af-import)#exit
8. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example
[local]PE1(config-bgp-af)#redistribute connected
[local]PE1(config-bgp-af)#ipfrr bfd
[local]PE1(config-bgp-af)#commit
[local]PE1(config-bgp-af)#exit
9. Identify the IPv6 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
92
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example
[local]PE1(config-bgp)#address-family ipv6 unicast
[local]PE1(config-bgp-af)#export
[local]PE1(config-bgp-af-export)#route-target 1:1
[local]PE1(config-bgp-af-export)#exit
[local]PE1(config-bgp-af)#import
[local]PE1(config-bgp-af-import)#route-target 1:1
[local]PE1(config-bgp-af-import)#exit
10. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example 16
[local]PE1(config-bgp-af)#redistribute connected
[local]PE1(config-bgp-af)#ipfrr bfd
[local]PE1(config-bgp-af)#commit
[local]PE1(config-bgp-af)#exit
2.21.2
Configure PE2
To configure the PE2, perform the following steps starting in global
configuration mode.
Steps
1. In the local context, create prefix list and route map to redistribute the
permitted routes from the prefix list.
Example
[local]PE2(config)#context local
[local]PE2(config-ctx)#ip prefix-list 32bit
[local]PE2(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]PE2(config-prefix-list)#seq 20 deny any
[local]PE2(config-prefix-list)#exit
[local]PE2(config-ctx)#route-map loopback_only permit 10
[local]PE2(config-route-map)#match ip address prefix-list 32bit
[local]PE2(config-route-map)#commit
[local]PE2(config-route-map)#exit
2. Access BGP configuration mode, and configure route redistribution.
Example
[local]PE2(config-ctx)#router bgp 100
[local]PE2(config-bgp)#address-family ipv4 unicast
[local]PE2(config-bgp-af)#redistribute connected route-map loopback_only
[local]PE2(config-bgp-af)#exit
[local]PE2(config-bgp)#address-family ipv4 vpn
[local]PE2(config-bgp-af)#ipfrr bfd
[local]PE2(config-bgp-af)#exit
[local]PE2(config-bgp)#address-family ipv6 vpn
[local]PE2(config-bgp-af)#ipfrr bfd
[local]PE2(config-bgp-af)#exit
3. Configure the BGP neighbors.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
93
BGP
Example
[local]PE2(config-bgp)#neighbor 1.1.1.1 internal
[local]PE2(config-bgp-neighbor)#update-source loop0
[local]PE2(config-bgp-neighbor)#next-hop-self
[local]PE2(config-bgp-neighbor)#bfd
[local]PE2(config-bgp-neighbor)#address-family ipv4
[local]PE2(config-bgp-peer-af)#exit
[local]PE2(config-bgp-neighbor)#address-family ipv6
[local]PE2(config-bgp-peer-af)#exit
[local]PE2(config-bgp-neighbor)#exit
[local]PE2(config-bgp)#neighbor 4.4.4.4 internal
[local]PE2(config-bgp-neighbor)#update-source loop0
[local]PE2(config-bgp-neighbor)#next-hop-self
[local]PE2(config-bgp-neighbor)#address-family ipv4
[local]PE2(config-bgp-peer-af)#exit
[local]PE2(config-bgp-neighbor)#address-family ipv6
[local]PE2(config-bgp-peer-af)#commit
[local]PE2(config-bgp-peer-af)#exit
[local]PE2(config-bgp-neighbor)#exit
vpn
vpn
vpn
vpn
4. Create a new VPN context.
Example
[local]PE2(config)#context vpn1 vpn-rd 1:1
5. Create an interface in the context and assign it an IP address.
Example
[local]PE2(config-ctx)#interface to_ce
[local]PE2(config-if)#ip address 35.1.1.3/24
[local]PE2(config-if)#ipv6 address 2035::3/64
[local]PE2(config-if)#exit
6. Create the single-hop BFD neighbors 35.1.1.5 for IPv4 and 2035::5 for
IPv6. And set the minimum required receive and transmit intervals.
Example
[local]PE2(config-ctx)#router bfd
[local]PE2(config-bfd)#neighbor 35.1.1.5
[local]PE2(config-bfd-nbr)#minimum transmit-interval 3.3
[local]PE2(config-bfd-nbr)#minimum receive-interval 3.3
[local]PE2(config-bfd-nbr)#exit
[local]PE2(config-bfd)#neighbor 2035::5
[local]PE2(config-bfd-nbr)#minimum transmit-interval 3.3
[local]PE2(config-bfd-nbr)#minimum receive-interval 3.3
[local]PE2(config-bfd-nbr)#commit
[local]PE2(config-bfd-nbr)#exit
7. Enable a BGP routing instance in the VPN context.
Example
[local]PE2(config-ctx)#router bgp vpn
8. Identify the IPv4 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]PE2(config-bgp)#address-family ipv4 unicast
[local]PE2(config-bgp-af)#export
[local]PE2(config-bgp-af-export)#route-target 1:1
[local]PE2(config-bgp-af-export)#exit
94
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
[local]PE2(config-bgp-af)#import
[local]PE2(config-bgp-af-import)#route-target 1:1
[local]PE2(config-bgp-af-import)#exit
9. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example
[local]PE2(config-bgp-af)#redistribute connected
[local]PE2(config-bgp-af)#ipfrr bfd
[local]PE21(config-bgp-af)#commit
[local]PE2(config-bgp-af)#exit
10. Identify the IPv6 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]PE2(config-bgp)#address-family ipv6 unicast
[local]PE2(config-bgp-af)#export
[local]PE2(config-bgp-af-export)#route-target 1:1
[local]PE2(config-bgp-af-export)#exit
[local]PE2(config-bgp-af)#import
[local]PE2(config-bgp-af-import)#route-target 1:1
[local]PE2(config-bgp-af-import)#exit
11. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example
[local]PE2(config-bgp-af)#redistribute connected
[local]PE2(config-bgp-af)#ipfrr bfd
[local]PE2(config-bgp-af)#commit
[local]PE2(config-bgp-af)#exit
12. Identify the CE router as an external BGP peer.
Example 17
[local]PE2(config-bgp)#neighbor 35.1.1.5 external
[local]PE2(config-bgp-neighbor)#remote-as 200
[local]PE2(config-bgp-neighbor)#bfd
[local]PE2(config-bgp-neighbor)#address-family ipv4 unicast
[local]PE2(config-bgp-neighbor)#address-family ipv6 unicast
[local]PE2(config-bgp-neighbor)#exit
[local]PE2(config-bgp)#neighbor 2035::5 external
[local]PE2(config-bgp-neighbor)#remote-as 200
[local]PE2(config-bgp-neighbor)#bfd
[local]PE2(config-bgp-neighbor)#address-family ipv6 unicast
[local]PE2(config-bgp-neighbor)#commit
2.21.3
Configure PE3
To configure the PE3, perform the following steps starting in global
configuration mode.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
95
BGP
Steps
1. In the local context, create prefix list and route map to redistribute the
permitted routes from the prefix list.
Example
[local]PE3(config)#context local
[local]PE3(config-ctx)#ip prefix-list 32bit
[local]PE3(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]PE3(config-prefix-list)#seq 20 deny any
[local]PE3(config-prefix-list)#exit
[local]PE3(config-ctx)#route-map loopback_only permit 10
[local]PE3(config-route-map)#match ip address prefix-list 32bit
[local]PE3(config-route-map)#commit
[local]PE3(config-route-map)#exit
2. Access BGP configuration mode, and configure route redistribution.
Example
[local]PE3(config-ctx)#router bgp 100
[local]PE3(config-bgp)#address-family ipv4 unicast
[local]PE3(config-bgp-af)#redistribute connected route-map loopback_only
[local]PE3(config-bgp-af)#exit
[local]PE3(config-bgp)#address-family ipv4 vpn
[local]PE3(config-bgp-af)#exit
[local]PE3(config-bgp)#address-family ipv6 vpn
[local]PE3(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]PE3(config-bgp)#neighbor 1.1.1.1 internal
[local]PE3(config-bgp-neighbor)#update-source loop0
[local]PE3(config-bgp-neighbor)#next-hop-self
[local]PE3(config-bgp-neighbor)#bfd
[local]PE3(config-bgp-neighbor)#address-family ipv4
[local]PE3(config-bgp-peer-af)#exit
[local]PE3(config-bgp-neighbor)#address-family ipv6
[local]PE3(config-bgp-peer-af)#exit
[local]PE3(config-bgp-neighbor)#exit
[local]PE3(config-bgp)#neighbor 3.3.3.3 internal
[local]PE3(config-bgp-neighbor)#update-source loop0
[local]PE3(config-bgp-neighbor)#next-hop-self
[local]PE3(config-bgp-neighbor)#bfd
[local]PE3(config-bgp-neighbor)#address-family ipv4
[local]PE3(config-bgp-peer-af)#exit
[local]PE3(config-bgp-neighbor)#address-family ipv6
[local]PE3(config-bgp-peer-af)#commit
[local]PE3(config-bgp-peer-af)#exit
[local]PE3(config-bgp-neighbor)#exit
vpn
vpn
vpn
vpn
4. Create a new VPN context.
Example
[local]PE3(config)#context vpn1 vpn-rd 1:1
5. Create an interface in the context and assign it an IP address.
Example
[local]PE3(config-ctx)#interface to_ce
[local]PE3(config-if)#ip address 45.1.1.4/24
[local]PE3(config-if)#ipv6 address 2045::4/64
[local]PE3(config-if)#exit
96
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
6. Enable a BGP routing instance in the VPN context.
Example
[local]PE3(config-ctx)#router bgp vpn
7. Identify the IPv4 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]PE3(config-bgp)#address-family ipv4 unicast
[local]PE3(config-bgp-af)#export
[local]PE3(config-bgp-af-export)#route-target 1:1
[local]PE3(config-bgp-af-export)#exit
[local]PE3(config-bgp-af)#import
[local]PE3(config-bgp-af-import)#route-target 1:1
[local]PE3(config-bgp-af-import)#exit
8. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain.
Example
[local]PE3(config-bgp-af)#redistribute connected
[local]PE3(config-bgp-af)#commit
[local]PE3(config-bgp-af)#exit
9. Identify the IPv6 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]PE3(config-bgp)#address-family ipv6 unicast
[local]PE3(config-bgp-af)#export
[local]PE3(config-bgp-af-export)#route-target 1:1
[local]PE3(config-bgp-af-export)#exit
[local]PE3(config-bgp-af)#import
[local]PE3(config-bgp-af-import)#route-target 1:1
[local]PE3(config-bgp-af-import)#exit
10. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain.
Example
[local]PE3(config-bgp-af)#redistribute connected
[local]PE3(config-bgp-af)#commit
[local]PE3(config-bgp-af)#exit
11. Identify the CE router as an external BGP peer.
Example 18
[local]PE3(config-bgp)#neighbor 45.1.1.5 external
[local]PE3(config-bgp-neighbor)#remote-as 200
[local]PE3(config-bgp-neighbor)#address-family ipv4 unicast
[local]PE3(config-bgp-neighbor)#address-family ipv6 unicast
[local]PE3(config-bgp-neighbor)#exit
[local]PE3(config-bgp)#neighbor 2045::5 external
[local]PE3(config-bgp-neighbor)#remote-as 200
[local]PE3(config-bgp-neighbor)#address-family ipv6 unicast
[local]PE3(config-bgp-neighbor)#commit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
97
BGP
2.22
Enable BGP FRR of Seamless MPLS
This example enables BGP FRR of seamless MPLS in a network spanning
two areas.
Area 1
Area 2
D3
D2
12.1.1.2/24
D5
35.1.1.3/24
23.1.1.3/24
35.1.1.5/24
23.1.1.2/24
36.1.1.3/24
57.1.1.5/24
2057::5/64
vpn1
45.1.1.5/24
12.1.1.1/24
57.1.1.7/24
2057::7/64
14.1.1.1/24
67.1.1.7/24
2067::7/64
D7
D1
45.1.1.4/24
14.1.1.4/24
46.1.1.4/24
vpn1
36.1.1.6/24
46.1.1.6/24
D4
D6
67.1.1.6/24
2067::6/64
G107931A
Figure 23
BGP FRR of Seamless MPLS
Figure 23 shows the network topology for this configuration.
•
98
Node role:
–
D1 is ingress PE
–
D3 and D4 are ABRs
–
D5 and D6 are egress PEs
–
D7 is remote CE
•
BGP FRR is enabled on D1.
•
Customer service: L2VPN (VPWS) and L3VPN
•
BGP FRR type:
–
VPN FRR, which is configued under "ipv4 or ipv6 unicast/context
vpn1": primary path is D1-to-D5; backup path is D1-to-D6.
–
BGP LU FRR, which is configured under "ipv4 unicast/context local" :
priamry path is D1-to-D3; backup path is D1-to-D4.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Note:
The following prerequisites need to be satisfied before configuring
BGP FRR for the above network:
•
All the interfaces connected with between routers are configured
according to the topology.
•
ISIS, MPLS, and LDP are enabled on routers D1, D2, D3, D4, D5,
and D6.
•
BGP is configured on routers D3, D4, D5, D6, and D7.
•
BFD is configured on routers D1, D3, D5, and D7.
To configure FRR in this way, perform the procedures detailed in the following
sections.
2.22.1
Configure D1
To configure the D1, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D1(config)#context local
[local]D1(config-ctx)#ip prefix-list 32bit
[local]D1(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D1(config-prefix-list)#seq 20 deny any
[local]D1(config-prefix-list)#exit
[local]D1(config-ctx)#route-map BACKUP permit 10
[local]D1(config-route-map)#set local-preference 100
[local]D1(config-route-map)#exit
[local]D1(config-ctx)#route-map PRIMARY permit 10
[local]D1(config-route-map)#set local-preference 200
[local]D1(config-route-map)#exit
[local]D1(config-ctx)#route-map loopback_only permit 10
[local]D1(config-route-map)#match ip address prefix-list 32bit
[local]D1(config-route-map)#commit
[local]D1(config-route-map)#exit
2. Access BGP configuration mode, and configure route redistribution.
Example
[local]D1(config-ctx)#router bgp 100
[local]D1(config-bgp)#address-family ipv4 unicast
[local]D1(config-bgp-af)#redistribute connected route-map loopback_only
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
[local]D1(config-bgp)#address-family ipv4 vpn
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
[local]D1(config-bgp)#address-family ipv6 vpn
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
99
BGP
3. Configure the BGP neighbors.
Example
[local]D1(config-bgp)#neighbor 3.3.3.3 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#next-hop-self
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#send label
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#send label
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 4.4.4.4 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#next-hop-self
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#send label
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 5.5.5.5 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#next-hop-self
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 6.6.6.6 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#next-hop-self
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#commit
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
vpn
vpn
unicast
vpn
vpn
vpn
vpn
4. Create a new VPN context and specify a route distinguisher.
Example
[local]D1(config)#context vpn1 vpn-rd 1:1
5. Create two interfaces in the context and assign them IP addresses.
Example
[local]D1(config-ctx)#interface loop0 loopback
[local]D1(config-if)#ip address 11.11.11.11/32
[local]D1(config-if)#ipv6 address 1111::1/128
[local]D1(config-if)#commit
[local]D1(config-if)#exit
[local]D1(config-ctx)#interface to_ce
[local]D1(config-if)#ip address 100.1.1.1/24
[local]D1(config-if)#ipv6 address 1000::1/64
6. Enable a BGP routing instance in the VPN context.
100
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example
[local]D1(config-ctx)#router bgp vpn
7. Identify the IPv4 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]D1(config-bgp)#address-family ipv4 unicast
[local]D1(config-bgp-af)#export
[local]D1(config-bgp-af-export)#route-target 1:1
[local]D1(config-bgp-af-export)#exit
[local]D1(config-bgp-af)#import
[local]D1(config-bgp-af-import)#route-target 1:1
[local]D1(config-bgp-af-import)#exit
8. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example
[local]D1(config-bgp-af)#redistribute connected
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#commit
[local]D1(config-bgp-af)#exit
9. Identify the IPv6 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]D1(config-bgp)#address-family ipv6 unicast
[local]D1(config-bgp-af)#export
[local]D1(config-bgp-af-export)#route-target 1:1
[local]D1(config-bgp-af-export)#exit
[local]D1(config-bgp-af)#import
[local]D1(config-bgp-af-import)#route-target 1:1
[local]D1(config-bgp-af-import)#exit
10. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example 19
[local]D1(config-bgp-af)#redistribute connected
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#commit
[local]D1(config-bgp-af)#exit
2.23
Enable BGP FRR of Inter-as Option B
This example enables BGP FRR of inter-as option B in a network spanning
three autonomous systems.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
101
BGP
AS 100
D2
12.1.1.2/24
AS 300
AS 200
D3
D7
D5
35.1.1.3/24
23.1.1.3/24
79.1.1.7/24
2079::7/64
57.1.1.5/24
35.1.1.5/24
57.1.1.7/24
23.1.1.2/24
36.1.1.3/24
45.1.1.5/24
58.1.1.5/24
67.1.1.7/24
vpn1
79.1.1.9/24
2079::9/64
12.1.1.1/24
14.1.1.1/24
D9
89.1.1.9/24
2089::9/64
D1
45.1.1.4/24
36.1.1.6/24
67.1.1.6/24
58.1.1.8/24 vpn1
68.1.1.8/24
14.1.1.4/24
46.1.1.4/24
D4
89.1.1.8/24
2089::8/64
68.1.1.6/24
46.1.1.6/24
D6
D8
G107932A
Figure 24
BGP FRR of Inter-as Option B
Figure 24 shows the network topology for this configuration.
•
BGP FRR is enabled on ingress PE: D1; local ASBRs: D3 and D4; remote
ASBRs: D5 and D6.
•
BFD failure detection for BGP FRR is configured on the following routers:
–
D1: D1-to-D3 as primary path and D1-to-D4 as backup path.
–
D3: D3-to-D5 as primary path and D3-to-D6 as backup path. It is
similar for D4.
–
D5: D5-to-D7 as primary path and D5-to-D8 as backup path. It is
similar for D6.
Note:
The following prerequisites need to be satisfied before configuring
BGP FRR for the above network:
•
All the interfaces connected with between routers are configured
according to the topology.
•
OSPF, MPLS, and LDP are enabled on routers D1, D2, D3, D4,
D5, D6, D7, and D8.
•
BGP is configured on routers D1, D3, D4, D5, D6, D7, D8, and
D9.
•
BFD is configured on routers D1, D3, D4, D5, D6, D7, and D9.
To configure FRR in this way, perform the procedures detailed in the following
sections.
2.23.1
Configure D1
To configure the D1, perform the following steps starting in global configuration
mode.
102
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D1(config)#context local
[local]D1(config-ctx)#ip prefix-list 32bit
[local]D1(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D1(config-prefix-list)#seq 20 deny any
[local]D1(config-prefix-list)#exit
[local]D1(config-ctx)#route-map BACKUP permit 10
[local]D1(config-route-map)#set local-preference 100
[local]D1(config-route-map)#exit
[local]D1(config-ctx)#route-map PRIMARY permit 10
[local]D1(config-route-map)#set local-preference 200
[local]D1(config-route-map)#exit
[local]D1(config-ctx)#route-map loopback_only permit 10
[local]D1(config-route-map)#match ip address prefix-list 32bit
[local]D1(config-route-map)#commit
[local]D1(config-route-map)#exit
2. Access BGP configuration mode, and configure route redistribution.
Example
[local]D1(config-ctx)#router bgp 100
[local]D1(config-bgp)#address-family ipv4 unicast
[local]D1(config-bgp-af)#redistribute connected route-map loopback_only
[local]D1(config-bgp-af)#exit
[local]D1(config-bgp)#address-family ipv4 vpn
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
[local]D1(config-bgp)#address-family ipv6 vpn
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D1(config-bgp)#neighbor 3.3.3.3 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#next-hop-self
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 4.4.4.4 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#next-hop-self
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#commit
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
vpn
vpn
vpn
vpn
4. Create a new VPN context and specify a route distinguisher.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
103
BGP
Example
[local]D1(config)#context vpn1 vpn-rd 1:1
5. Create two interfaces in the context and assign them IP addresses.
Example
[local]D1(config-ctx)#interface loop0 loopback
[local]D1(config-if)#ip address 11.11.11.11/32
[local]D1(config-if)#ipv6 address 1111::1/128
[local]D1(config-if)#commit
[local]D1(config-if)#exit
[local]D1(config-ctx)#interface to_ce
[local]D1(config-if)#ip address 100.1.1.1/24
[local]D1(config-if)#ipv6 address 1000::1/64
6. Enable a BGP routing instance in the VPN context.
Example
[local]D1(config-ctx)#router bgp vpn
7. Identify the IPv4 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]D1(config-bgp)#address-family ipv4 unicast
[local]D1(config-bgp-af)#export
[local]D1(config-bgp-af-export)#route-target 1:1
[local]D1(config-bgp-af-export)#exit
[local]D1(config-bgp-af)#import
[local]D1(config-bgp-af-import)#route-target 1:1
[local]D1(config-bgp-af-import)#exit
8. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example
[local]D1(config-bgp-af)#redistribute connected
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#commit
[local]D1(config-bgp-af)#exit
9. Identify the IPv6 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]D1(config-bgp)#address-family ipv6 unicast
[local]D1(config-bgp-af)#export
[local]D1(config-bgp-af-export)#route-target 1:1
[local]D1(config-bgp-af-export)#exit
[local]D1(config-bgp-af)#import
[local]D1(config-bgp-af-import)#route-target 1:1
[local]D1(config-bgp-af-import)#exit
10. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
104
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example 20
[local]D1(config-bgp-af)#redistribute connected
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#commit
[local]D1(config-bgp-af)#exit
2.23.2
Configure D3
To configure the D3, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D3(config)#context local
[local]D3(config-ctx)#ip prefix-list 32bit
[local]D3(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D3(config-prefix-list)#seq 20 deny any
[local]D3(config-prefix-list)#exit
[local]D3(config-ctx)#route-map BACKUP permit 10
[local]D3(config-route-map)#set local-preference 100
[local]D3(config-route-map)#exit
[local]D3(config-ctx)#route-map PRIMARY permit 10
[local]D3(config-route-map)#set local-preference 200
[local]D3(config-route-map)#exit
[local]D3(config-ctx)#route-map loopback_only permit 10
[local]D3(config-route-map)#match ip address prefix-list 32bit
[local]D3(config-route-map)#commit
[local]D3(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
Example
[local]D3(config-ctx)#router bgp 100
[local]D3(config-bgp)#address-family ipv4 unicast
[local]D3(config-bgp-af)#redistribute connected route-map loopback_only
[local]D3(config-bgp-af)#exit
[local]D3(config-bgp)#address-family ipv4 vpn
[local]D3(config-bgp-af)#no route-target filter
[local]D3(config-bgp-af)#ipfrr bfd
[local]D3(config-bgp-af)#exit
[local]D3(config-bgp)#address-family ipv6 vpn
[local]D3(config-bgp-af)#no route-target filter
[local]D3(config-bgp-af)#ipfrr bfd
[local]D3(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D3(config-bgp)#neighbor 1.1.1.1 internal
[local]D3(config-bgp-neighbor)#update-source loop0
[local]D3(config-bgp-neighbor)#next-hop-self
[local]D3(config-bgp-neighbor)#bfd
[local]D3(config-bgp-neighbor)#address-family ipv4 vpn
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#address-family ipv6 vpn
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#exit
[local]D3(config-bgp)#neighbor 35.1.1.5 external
12/1543-AXI 101 09/1 Uen F | 2017-11-22
105
BGP
[local]D3(config-bgp-neighbor)#remote-as 200
[local]D3(config-bgp-neighbor)#next-hop-self
[local]D3(config-bgp-neighbor)#address-family ipv4
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#address-family ipv4
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#address-family ipv6
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#exit
[local]D3(config-bgp)#neighbor 36.1.1.6 external
[local]D3(config-bgp-neighbor)#remote-as 200
[local]D3(config-bgp-neighbor)#next-hop-self
[local]D3(config-bgp-neighbor)#address-family ipv4
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#address-family ipv4
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#address-family ipv6
[local]D3(config-bgp-peer-af)#commit
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#exit
unicast
vpn
vpn
unicast
vpn
vpn
4. Confirm the configuration.
Example 21
[local]D3(config-bgp)#show configuration bgp
context local
!
!
!
!
!
!
!
router bgp 100
address-family ipv4 unicast
redistribute connected route-map loopback_only
address-family ipv4 vpn
no route-target filter
ipfrr bfd
address-family ipv6 vpn
no route-target filter
ipfrr bfd
neighbor 1.1.1.1 internal
update-source loop0
next-hop-self
bfd
address-family ipv4 vpn
address-family ipv6 vpn
neighbor 35.1.1.5 external
remote-as 200
next-hop-self
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
neighbor 36.1.1.6 external
remote-as 200
next-hop-self
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
2.23.3
Configure D4
To configure the D4, perform the following steps starting in global configuration
mode.
106
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D4(config)#context local
[local]D4(config-ctx)#ip prefix-list 32bit
[local]D4(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D4(config-prefix-list)#seq 20 deny any
[local]D4(config-prefix-list)#exit
[local]D4(config-ctx)#route-map BACKUP permit 10
[local]D4(config-route-map)#set local-preference 100
[local]D4(config-route-map)#exit
[local]D4(config-ctx)#route-map PRIMARY permit 10
[local]D4(config-route-map)#set local-preference 200
[local]D4(config-route-map)#exit
[local]D4(config-ctx)#route-map loopback_only permit 10
[local]D4(config-route-map)#match ip address prefix-list 32bit
[local]D4(config-route-map)#commit
[local]D4(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
Example
[local]D4(config-ctx)#router bgp 100
[local]D4(config-bgp)#address-family ipv4 unicast
[local]D4(config-bgp-af)#redistribute connected route-map loopback_only
[local]D4(config-bgp-af)#exit
[local]D4(config-bgp)#address-family ipv4 vpn
[local]D4(config-bgp-af)#no route-target filter
[local]D4(config-bgp-af)#ipfrr bfd
[local]D4(config-bgp-af)#exit
[local]D4(config-bgp)#address-family ipv6 vpn
[local]D4(config-bgp-af)#no route-target filter
[local]D4(config-bgp-af)#ipfrr bfd
[local]D4(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D4(config-bgp)#neighbor 1.1.1.1 internal
[local]D4(config-bgp-neighbor)#update-source loop0
[local]D4(config-bgp-neighbor)#next-hop-self
[local]D4(config-bgp-neighbor)#bfd
[local]D4(config-bgp-neighbor)#address-family ipv4
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#address-family ipv6
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#exit
[local]D4(config-bgp)#neighbor 45.1.1.5 external
[local]D4(config-bgp-neighbor)#remote-as 200
[local]D4(config-bgp-neighbor)#next-hop-self
[local]D4(config-bgp-neighbor)#address-family ipv4
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#address-family ipv4
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#address-family ipv6
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#exit
[local]D4(config-bgp)#neighbor 46.1.1.6 external
[local]D4(config-bgp-neighbor)#remote-as 200
[local]D4(config-bgp-neighbor)#next-hop-self
[local]D4(config-bgp-neighbor)#address-family ipv4
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#address-family ipv4
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#address-family ipv6
[local]D4(config-bgp-peer-af)#commit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
vpn
vpn
unicast
vpn
vpn
unicast
vpn
vpn
107
BGP
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#exit
4. Confirm the configuration.
Example 22
[local]D4(config-bgp)#show configuration bgp
context local
!
!
!
!
!
!
!
router bgp 100
address-family ipv4 unicast
redistribute connected route-map loopback_only
address-family ipv4 vpn
no route-target filter
ipfrr bfd
address-family ipv6 vpn
no route-target filter
ipfrr bfd
neighbor 1.1.1.1 internal
update-source loop0
next-hop-self
bfd
address-family ipv4 vpn
address-family ipv6 vpn
neighbor 45.1.1.5 external
remote-as 200
next-hop-self
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
neighbor 46.1.1.6 external
remote-as 200
next-hop-self
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
2.23.4
Configure D5
To configure the D5, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D5(config)#context local
[local]D5(config-ctx)#ip prefix-list 32bit
[local]D5(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D5(config-prefix-list)#seq 20 deny any
[local]D5(config-prefix-list)#exit
[local]D5(config-ctx)#route-map BACKUP permit 10
[local]D5(config-route-map)#set local-preference 100
[local]D5(config-route-map)#exit
[local]D5(config-ctx)#route-map PRIMARY permit 10
108
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
[local]D5(config-route-map)#set local-preference 200
[local]D5(config-route-map)#exit
[local]D5(config-ctx)#route-map loopback_only permit 10
[local]D5(config-route-map)#match ip address prefix-list 32bit
[local]D5(config-route-map)#commit
[local]D5(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
Example
[local]D5(config-ctx)#router bgp 200
[local]D5(config-bgp)#address-family ipv4 unicast
[local]D5(config-bgp-af)#redistribute connected route-map loopback_only
[local]D5(config-bgp-af)#exit
[local]D5(config-bgp)#address-family ipv4 vpn
[local]D5(config-bgp-af)#no route-target filter
[local]D5(config-bgp-af)#ipfrr bfd
[local]D5(config-bgp-af)#exit
[local]D5(config-bgp)#address-family ipv6 vpn
[local]D5(config-bgp-af)#no route-target filter
[local]D5(config-bgp-af)#ipfrr bfd
[local]D5(config-bgp-af)#commit
[local]D5(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D5(config-bgp)#neighbor 7.7.7.7 internal
[local]D5(config-bgp-neighbor)#update-source loop0
[local]D5(config-bgp-neighbor)#next-hop-self
[local]D5(config-bgp-neighbor)#address-family ipv4
[local]D5(config-bgp-peer-af)#route-map PRIMARY in
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#address-family ipv6
[local]D5(config-bgp-peer-af)#route-map PRIMARY in
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#exit
[local]D5(config-bgp)#neighbor 8.8.8.8 internal
[local]D5(config-bgp-neighbor)#update-source loop0
[local]D5(config-bgp-neighbor)#next-hop-self
[local]D5(config-bgp-neighbor)#address-family ipv4
[local]D5(config-bgp-peer-af)#route-map BACKUP in
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#address-family ipv6
[local]D5(config-bgp-peer-af)#route-map BACKUP in
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#exit
[local]D5(config-bgp)#neighbor 35.1.1.3 external
[local]D5(config-bgp-neighbor)#remote-as 100
[local]D5(config-bgp-neighbor)#next-hop-self
[local]D5(config-bgp-neighbor)#bfd
[local]D5(config-bgp-neighbor)#address-family ipv4
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#address-family ipv4
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#address-family ipv6
[local]D5(config-bgp-peer-af)#commit
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#exit
[local]D5(config-bgp)#neighbor 45.1.1.4 external
[local]D5(config-bgp-neighbor)#remote-as 100
[local]D5(config-bgp-neighbor)#next-hop-self
[local]D5(config-bgp-neighbor)#bfd
[local]D5(config-bgp-neighbor)#address-family ipv4
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#address-family ipv4
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#address-family ipv6
[local]D5(config-bgp-peer-af)#commit
[local]D5(config-bgp-peer-af)#exit
[local]D5(config-bgp-neighbor)#exit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
vpn
vpn
vpn
vpn
unicast
vpn
vpn
unicast
vpn
vpn
109
BGP
4. Confirm the configuration.
Example 23
[local]D5(config-bgp)#show configuration bgp
context local
!
router bgp 200
address-family ipv4 unicast
redistribute connected route-map loopback_only
address-family ipv4 vpn
no route-target filter
ipfrr bfd
address-family ipv6 vpn
no route-target filter
ipfrr bfd
!
!
!
!
!
!
!
neighbor 7.7.7.7 internal
update-source loop0
next-hop-self
address-family ipv4 vpn
route-map PRIMARY in
address-family ipv6 vpn
route-map PRIMARY in
neighbor 8.8.8.8 internal
update-source loop0
next-hop-self
address-family ipv4 vpn
route-map BACKUP in
address-family ipv6 vpn
route-map BACKUP in
neighbor 35.1.1.3 external
remote-as 100
next-hop-self
bfd
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
neighbor 45.1.1.4 external
remote-as 100
next-hop-self
bfd
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
2.23.5
Configure D6
To configure the D6, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D6(config)#context local
[local]D6(config-ctx)#ip prefix-list 32bit
110
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
[local]D6(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D6(config-prefix-list)#seq 20 deny any
[local]D6(config-prefix-list)#exit
[local]D6(config-ctx)#route-map BACKUP permit 10
[local]D6(config-route-map)#set local-preference 100
[local]D6(config-route-map)#exit
[local]D6(config-ctx)#route-map PRIMARY permit 10
[local]D6(config-route-map)#set local-preference 200
[local]D6(config-route-map)#exit
[local]D6(config-ctx)#route-map loopback_only permit 10
[local]D6(config-route-map)#match ip address prefix-list 32bit
[local]D6(config-route-map)#commit
[local]D6(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
Example
[local]D6(config)#context local
[local]D6(config-ctx)#router bgp 200
[local]D6(config-bgp)#address-family ipv4 unicast
[local]D6(config-bgp-af)#redistribute connected route-map loopback_only
[local]D6(config-bgp-af)#exit
[local]D6(config-bgp)#address-family ipv4 vpn
[local]D6(config-bgp-af)#no route-target filter
[local]D6(config-bgp-af)#ipfrr bfd
[local]D6(config-bgp-af)#exit
[local]D6(config-bgp)#address-family ipv6 vpn
[local]D6(config-bgp-af)#no route-target filter
[local]D6(config-bgp-af)#ipfrr bfd
[local]D6(config-bgp-af)#commit
[local]D6(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D6(config-bgp)#neighbor 7.7.7.7 internal
[local]D6(config-bgp-neighbor)#update-source loop0
[local]D6(config-bgp-neighbor)#next-hop-self
[local]D6(config-bgp-neighbor)#address-family ipv4
[local]D6(config-bgp-peer-af)#route-map PRIMARY in
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#address-family ipv6
[local]D6(config-bgp-peer-af)#route-map PRIMARY in
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#exit
[local]D6(config-bgp)#neighbor 8.8.8.8 internal
[local]D6(config-bgp-neighbor)#update-source loop0
[local]D6(config-bgp-neighbor)#next-hop-self
[local]D6(config-bgp-neighbor)#address-family ipv4
[local]D6(config-bgp-peer-af)#route-map BACKUP in
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#address-family ipv6
[local]D6(config-bgp-peer-af)#route-map BACKUP in
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#exit
[local]D6(config-bgp)#neighbor 36.1.1.3 external
[local]D6(config-bgp-neighbor)#remote-as 100
[local]D6(config-bgp-neighbor)#next-hop-self
[local]D6(config-bgp-neighbor)#address-family ipv4
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#address-family ipv4
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#address-family ipv6
[local]D6(config-bgp-peer-af)#commit
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#exit
[local]D6(config-bgp)#neighbor 46.1.1.4 external
[local]D6(config-bgp-neighbor)#remote-as 100
[local]D6(config-bgp-neighbor)#next-hop-self
[local]D6(config-bgp-neighbor)#address-family ipv4
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#address-family ipv4
[local]D6(config-bgp-peer-af)#exit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
vpn
vpn
vpn
vpn
unicast
vpn
vpn
unicast
vpn
111
BGP
[local]D6(config-bgp-neighbor)#address-family ipv6 vpn
[local]D6(config-bgp-peer-af)#commit
[local]D6(config-bgp-peer-af)#exit
[local]D6(config-bgp-neighbor)#exit
4. Confirm the configuration.
Example 24
[local]D6(config-bgp)#show configuration bgp
context local
!
!
router bgp 200
address-family ipv4 unicast
redistribute connected route-map loopback_only
address-family ipv4 vpn
no route-target filter
ipfrr bfd
address-family ipv6 vpn
no route-target filter
ipfrr bfd
!
!
!
!
!
neighbor 7.7.7.7 internal
update-source loop0
next-hop-self
address-family ipv4 vpn
route-map PRIMARY in
address-family ipv6 vpn
route-map PRIMARY in
neighbor 8.8.8.8 internal
update-source loop0
next-hop-self
address-family ipv4 vpn
route-map BACKUP in
address-family ipv6 vpn
route-map BACKUP in
neighbor 36.1.1.3 external
remote-as 100
next-hop-self
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
neighbor 46.1.1.4 external
remote-as 100
next-hop-self
address-family ipv4 unicast
address-family ipv4 vpn
address-family ipv6 vpn
2.24
Enable BGP FRR of Inter-as Option C
This example enables BGP FRR of inter-as option C in a network spanning
three autonomous systems.
Figure 24 shows the network topology for this configuration.
112
•
BGP FRR is enabled on D1, D3, and D4 routers.
•
BFD failure detection for BGP FRR is configured on the following routers:
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
–
BGP VPN FRR on D1 (ingress PE): D1-to-D7 as primary path and D1to-D8 as backup path.
–
BGP LU FRR on D1 (ingress PE): D1-to-D3 as primar path and D1-toD4 as backup path.
–
BGP LU FRR on D3&D4 (local ASBR): For D3, D3-to-D5 as primary
path and D3-to-D6 as backup path. It is similar for D4.
Note:
The following prerequisites need to be satisfied before configuring
BGP FRR for the above network:
•
All the interfaces connected with between routers are configured
according to the topology.
•
OSPF, MPLS, and LDP are enabled on routers D1, D2, D3, D4,
D5, D6, D7, and D8.
•
BGP is configured on routers D1, D3, D4, D5, D6, D7, D8, and
D9.
•
BFD is configured on routers D1, D3, D4, D5, D6, D7, and D9.
To configure FRR in this way, perform the procedures detailed in the following
sections.
2.24.1
Configure D1
To configure the D1, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D1(config)#context local
[local]D1(config-ctx)#ip prefix-list 32bit
[local]D1(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D1(config-prefix-list)#seq 20 deny any
[local]D1(config-prefix-list)#exit
[local]D1(config-ctx)#route-map BACKUP permit 10
[local]D1(config-route-map)#set local-preference 100
[local]D1(config-route-map)#exit
[local]D1(config-ctx)#route-map PRIMARY permit 10
[local]D1(config-route-map)#set local-preference 200
[local]D1(config-route-map)#exit
[local]D1(config-ctx)#route-map loopback_only permit 10
[local]D1(config-route-map)#match ip address prefix-list 32bit
[local]D1(config-route-map)#commit
[local]D1(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
113
BGP
Example
[local]D1(config-ctx)#router bgp 100
[local]D1(config-bgp)#address-family ipv4 unicast
[local]D1(config-bgp-af)#redistribute connected route-map loopback_only
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
[local]D1(config-bgp)#address-family ipv4 vpn
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
[local]D1(config-bgp)#address-family ipv6 vpn
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D1(config-bgp)#neighbor 3.3.3.3 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#send label
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 4.4.4.4 internal
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#bfd
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#send label
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 7.7.7.7 external
[local]D1(config-bgp-neighbor)#remote-as 200
[local]D1(config-bgp-neighbor)#ebgp-multihop 10
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map PRIMARY in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#neighbor 8.8.8.8 external
[local]D1(config-bgp-neighbor)#remote-as 200
[local]D1(config-bgp-neighbor)#ebgp-multihop 10
[local]D1(config-bgp-neighbor)#update-source loop0
[local]D1(config-bgp-neighbor)#address-family ipv4
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#address-family ipv6
[local]D1(config-bgp-peer-af)#route-map BACKUP in
[local]D1(config-bgp-peer-af)#commit
[local]D1(config-bgp-peer-af)#exit
[local]D1(config-bgp-neighbor)#exit
[local]D1(config-bgp)#exit
unicast
unicast
vpn
vpn
vpn
vpn
4. Create a new VPN context and specify a route distinguisher.
Example
[local]D1(config)#context vpn1 vpn-rd 1:1
5. Create two interfaces in the context and assign them IP addresses.
Example
[local]D1(config-ctx)#interface loop0 loopback
[local]D1(config-if)#ip address 11.11.11.11/32
[local]D1(config-if)#ipv6 address 1111::1/128
[local]D1(config-if)#commit
114
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
[local]D1(config-if)#exit
[local]D1(config-ctx)#interface to_ce
[local]D1(config-if)#ip address 100.1.1.1/24
[local]D1(config-if)#ipv6 address 1000::1/64
6. Enable a BGP routing instance in the VPN context.
Example
[local]D1(config-ctx)#router bgp vpn
7. Identify the IPv4 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]D1(config-bgp)#address-family ipv4 unicast
[local]D1(config-bgp-af)#export
[local]D1(config-bgp-af-export)#route-target 1:1
[local]D1(config-bgp-af-export)#exit
[local]D1(config-bgp-af)#import
[local]D1(config-bgp-af-import)#route-target 1:1
[local]D1(config-bgp-af-import)#exit
8. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example
[local]D1(config-bgp-af)#redistribute connected
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#commit
[local]D1(config-bgp-af)#exit
9. Identify the IPv6 unicast address prefixes that the routing instance sends
to its neighbors, and specify the route targets for the context.
Example
[local]D1(config-bgp)#address-family ipv6 unicast
[local]D1(config-bgp-af)#export
[local]D1(config-bgp-af-export)#route-target 1:1
[local]D1(config-bgp-af-export)#exit
[local]D1(config-bgp-af)#import
[local]D1(config-bgp-af-import)#route-target 1:1
[local]D1(config-bgp-af-import)#exit
10. Configure the routing instance to redistribute routes from directly attached
networks into the BGP routing domain, and configure the BFD failure
detection for BGP FRR.
Example 25
[local]D1(config-bgp-af)#redistribute connected
[local]D1(config-bgp-af)#ipfrr bfd
[local]D1(config-bgp-af)#commit
[local]D1(config-bgp-af)#exit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
115
BGP
2.24.2
Configure D3
To configure the D3, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D3(config)#context local
[local]D3(config-ctx)#ip prefix-list 32bit
[local]D3(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D3(config-prefix-list)#seq 20 deny any
[local]D3(config-prefix-list)#exit
[local]D3(config-ctx)#route-map BACKUP permit 10
[local]D3(config-route-map)#set local-preference 100
[local]D3(config-route-map)#exit
[local]D3(config-ctx)#route-map PRIMARY permit 10
[local]D3(config-route-map)#set local-preference 200
[local]D3(config-route-map)#exit
[local]D3(config-ctx)#route-map loopback_only permit 10
[local]D3(config-route-map)#match ip address prefix-list 32bit
[local]D3(config-route-map)#commit
[local]D3(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
Example
[local]D3(config-ctx)#router bgp 100
[local]D3(config-bgp)#address-family ipv4 unicast
[local]D3(config-bgp-af)#redistribute connected route-map loopback_only
[local]D3(config-bgp-af)#ipfrr bfd
[local]D3(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D3(config-bgp)#neighbor 1.1.1.1 internal
[local]D3(config-bgp-neighbor)#update-source loop0
[local]D3(config-bgp-neighbor)#bfd
[local]D3(config-bgp-neighbor)#address-family ipv4 unicast
[local]D3(config-bgp-peer-af)#send label
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#exit
[local]D3(config-bgp)#neighbor 35.1.1.5 external
[local]D3(config-bgp-neighbor)#remote-as 200
[local]D3(config-bgp-neighbor)#address-family ipv4 unicast
[local]D3(config-bgp-peer-af)#send label
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#exit
[local]D3(config-bgp)#neighbor 36.1.1.6 external
[local]D3(config-bgp-neighbor)#remote-as 200
[local]D3(config-bgp-neighbor)#address-family ipv4 unicast
[local]D3(config-bgp-peer-af)#send label
[local]D3(config-bgp-peer-af)#commit
[local]D3(config-bgp-peer-af)#exit
[local]D3(config-bgp-neighbor)#exit
4. Confirm the configuration.
116
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Example 26
[local]D3(config-bgp)#show configuration bgp
context local
ip prefix-list 32bit
seq 10 permit 0.0.0.0/0 eq 32
seq 20 deny any
!
route-map BACKUP permit 10
set local-preference 100
!
!
route-map PRIMARY permit 10
set local-preference 200
!
route-map loopback_only permit 10
match ip address prefix-list 32bit
!
router bgp 100
address-family ipv4 unicast
redistribute connected route-map loopback_only
ipfrr bfd
!
!
!
!
!
!
!
neighbor 1.1.1.1 internal
update-source loop0
bfd
address-family ipv4 unicast
send label
neighbor 35.1.1.5 external
remote-as 200
address-family ipv4 unicast
send label
neighbor 36.1.1.6 external
remote-as 200
address-family ipv4 unicast
send label
2.24.3
Configure D4
To configure the D4, perform the following steps starting in global configuration
mode.
Steps
1. In the local context, create prefix list and route maps to redistribute the
permitted routes from the prefix list.
Example
[local]D4(config)#context local
[local]D4(config-ctx)#ip prefix-list 32bit
[local]D4(config-prefix-list)#seq 10 permit 0.0.0.0/0 eq 32
[local]D4(config-prefix-list)#seq 20 deny any
[local]D4(config-prefix-list)#exit
[local]D4(config-ctx)#route-map BACKUP permit 10
[local]D4(config-route-map)#set local-preference 100
[local]D4(config-route-map)#exit
[local]D4(config-ctx)#route-map PRIMARY permit 10
[local]D4(config-route-map)#set local-preference 200
[local]D4(config-route-map)#exit
[local]D4(config-ctx)#route-map loopback_only permit 10
[local]D4(config-route-map)#match ip address prefix-list 32bit
12/1543-AXI 101 09/1 Uen F | 2017-11-22
117
BGP
[local]D4(config-route-map)#commit
[local]D4(config-route-map)#exit
2. Access BGP configuration mode and enable FRR and BFD.
Example
[local]D4(config-ctx)#router bgp 100
[local]D4(config-bgp)#address-family ipv4 unicast
[local]D4(config-bgp-af)#redistribute connected route-map loopback_only
[local]D4(config-bgp-af)#ipfrr bfd
[local]D4(config-bgp-af)#exit
3. Configure the BGP neighbors.
Example
[local]D4(config-bgp)#neighbor 1.1.1.1 internal
[local]D4(config-bgp-neighbor)#update-source loop0
[local]D4(config-bgp-neighbor)#address-family ipv4 unicast
[local]D4(config-bgp-peer-af)#send label
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#exit
[local]D4(config-bgp)#neighbor 45.1.1.5 external
[local]D4(config-bgp-neighbor)#remote-as 200
[local]D4(config-bgp-neighbor)#address-family ipv4 unicast
[local]D4(config-bgp-peer-af)#send label
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#exit
[local]D4(config-bgp)#neighbor 46.1.1.6 external
[local]D4(config-bgp-neighbor)#remote-as 200
[local]D4(config-bgp-neighbor)#address-family ipv4 unicast
[local]D4(config-bgp-peer-af)#send label
[local]D4(config-bgp-peer-af)#commit
[local]D4(config-bgp-peer-af)#exit
[local]D4(config-bgp-neighbor)#exit
4. Confirm the configuration.
Example 27
[local]D4(config-bgp)#show configuration bgp
context local
ip prefix-list 32bit
seq 10 permit 0.0.0.0/0 eq 32
seq 20 deny any
!
route-map BACKUP permit 10
set local-preference 100
!
!
route-map PRIMARY permit 10
set local-preference 200
!
route-map loopback_only permit 10
match ip address prefix-list 32bit
!
router bgp 100
address-family ipv4 unicast
redistribute connected route-map loopback_only
ipfrr bfd
!
neighbor 1.1.1.1 internal
update-source loop0
address-family ipv4 unicast
send label
!
!
neighbor 45.1.1.5 external
remote-as 200
address-family ipv4 unicast
118
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
!
!
!
!
send label
neighbor 46.1.1.6 external
remote-as 200
address-family ipv4 unicast
send label
2.25
Change Route Refresh Mode from RR to ERR
The starting point for this example is the BGP router configured in Change
Route Refresh Mode from ERR to RR on page 121 and illustrated in Figure
25.
To change the route refresh mode from ERR to RR for an existing BGP, do the
following global configuration mode:
Steps
1. Enter the context in which the existing BGP router is running. Next, enter
BGP configuration mode using the ID of the existing BGP router. Enter the
enhanced-refresh command and commit the configuration.
In this example, the cleanup-time is set to 180 seconds, while the
eorr-max-time remains at its default of 780 seconds. The eorr-maxtime should be greater than the cleanup-time.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#enhanced-refresh cleanup-time
180
[local]R1-1(config-bgp)#commit
→
2. Although you have changed the route refresh configuration, all BGP peer
sessions continue running in their existing refresh mode. Confirm the
status of the BGP peer sessions by entering the show bgp neighbor
summary command.
Example
[local]R1-1(config-bgp)#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1
Neighbors Configured: 1, Established: 1
Neighbor
AS MsgRcvd MsgSent
Rst Up/Down State
192.0.2.102
1
52
51
1 00:49:19 Established
CapSent : refresh 4byteAS unicast restart
CapRcvd : refresh 4byteAS unicast restart
12/1543-AXI 101 09/1 Uen F | 2017-11-22
InQ OutQ →
0
0 →
119
BGP
unicast : rcvd: 0 imported: 0 active: 0 history: 0
dampened: 0 sent: 0
→
3. Exit the configure mode and enter the exec mode. If the existing BGP
router is running in a non-local context, enter that context. (In this
example, the existing BGP router is running in the local context.
4. Enter the show bgp neighbor summary command to verify the peer
session that you wish changed from ERR to RR are running in the correct
mode.
Example
[local]R1-1#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1
Neighbors Configured: 1, Established: 1
Neighbor
AS MsgRcvd MsgSent InQ OutQ
Rst Up/Down State
192.0.2.102
1
52
51
0
0
1 00:49:19 Established
CapSent : refresh 4byteAS unicast restart enhancedrefresh
CapRcvd : refresh 4byteAS unicast restart enhancedrefresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0
dampened: 0 sent: 0
→
→
→
→
→
5. Enter the show bgp neighbor without the summary keyword to provide
additional details about the state of ERR and the state of other BGP
features.
Example
BGP neighbor: 192.0.2.6, remote AS: 1, internal link
Version: 4, router identifier: 192.0.2.6
Peer Group member: hank
State: Established for 4d21h
Last read 00:00:28, last send 00:00:38
Hold time: configured 180, negotiated 180
Keepalive time: configured 60, negotiated 60
Local restart timer 120 sec, stale route retain time →
r 420 sec
Received restart timer 120 sec, flag 0x0
Minimum time between advertisement runs: 5 secs
Enhanced refresh capable
Send NLRI + MPLS label to this neighbour
120
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
Source IP address used from interface: lo2
Source (local) IP address: 192.0.3.1
Accept prefix-filter
Received messages: 6968 (132480 bytes), notification →
s: 1, in queue: 0
Sent messages: 7003 (133203 bytes), notifications: 2 →
, out queue: 0
Reset count: 2, last reset time: 4d21h, reset reason →
: Remote/TCP close
CapSent: refresh, 4byteAS, unicast, vpn, ipv4+label, →
v6unicast, restart
enhanced-refresh
prefix-orf: unicast (send)
CapRcvd: refresh, 4byteAS, unicast, ipv4+label,
restart (time 120, flags 0x0, unicast)
enhanced-refresh
prefix-orf: unicast (send)
Address family: ipv4 unicast
Peer Group member: hank
Generate Common Updates
BGP table version: 17, neighbor version: 17
Routes: rcvd 2, imported 0, active 0, history 0, d →
ampend 0, sent 5
End-of-RIB marker rcvd
Enhanced refresh in: BoRR
Enhanced refresh out: refreshing routes
2.26
Change Route Refresh Mode from ERR to RR
The starting point for this example is the BGP router configured in Establish an
iBGP Session on page 23 and illustrated in Figure 25. Because the
configuration steps did not specify the route refresh mode, the system enables
ERR, which is the default. In fact, the output of the show bgp summary
command shows that when the session is established, the route refresh mode
is Enhanced refresh; in other words, ERR.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
121
BGP
Figure 25
Basic iBGP Topology
To change the route refresh mode from ERR to RR for an existing BGP, do the
following starting in global configuration mode:
Steps
1. Enter the context in which the existing BGP router is running. Next, enter
BGP configuration mode using the ID of the existing BGP router. Enter the
no enhanced-refresh command and commit the configuration.
Example
[local]R1-1(config)#context local
[local]R1-1(config-ctx)#router bgp 1
[local]R1-1(config-bgp)#no enhanced-refresh
[local]R1-1(config-bgp)#commit
2. Although you have changed the route refresh configuration, all BGP peer
sessions continue running in their existing refresh mode. Confirm the
status of the BGP peer sessions by entering the show bgp neighbor
summary command.
Example
[local]R1-1(config-bgp)#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1
Neighbors Configured: 1, Established: 1
Neighbor
AS MsgRcvd MsgSent InQ OutQ →
Rst Up/Down State
192.0.2.102
1
52
51
0
0 →
1 00:49:19 Established
CapSent : refresh 4byteAS unicast restart enhanced- →
122
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Configuration
refresh
CapRcvd : refresh 4byteAS unicast restart enhanced- →
refresh
unicast : rcvd: 0 imported: 0 active: 0 history: 0 →
dampened: 0 sent: 0
3. Exit the configure mode and enter the exec mode. If the existing BGP
router is running in a non-local context, enter that context. (In this
example, the existing BGP router is running in the local context.
4. Enter the show bgp neighbor summary command to verify the peer
session that you wish changed from ERR to RR are running in the correct
mode.
Example
[local]R1-1#show bgp neighbor summary
BGP router identifier: 192.0.2.101, local AS number: 1
Neighbors Configured: 1, Established: 1
Neighbor
AS MsgRcvd MsgSent InQ OutQ →
Rst Up/Down State
192.0.2.102
1
52
51
0
0 →
1
4w1d Established
CapSent : refresh 4byteAS unicast restart
CapRcvd : refresh 4byteAS unicast restart
unicast : rcvd: 0 imported: 0 active: 0 history: 0 →
dampened: 0 sent: 0
2.26.1
Enable BGP SNMP Notification
This example enables BGP SNMP notification on a BGP instance.
In this example, a BGP routing instance is configured using an autonomous
system number (ASN) 100 and SNMP notification is enabled in BGP4MIBv2
format.
To enable BGP SNMP notification, do the following starting in global
configuration mode.
Steps
1. Enable BGP routing for the ASN.
Example
[local]Ericsson(config)#context local
[local]Ericsson(config-ctx)#router bgp 100
2. Enable SNMP notification.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
123
BGP
Example
[local]Ericsson(config-bgp)#snmp traps bgp4mib2
[local]Ericsson(config-bgp)#commit
3. Confirm configuration.
Example
[local]Ericsson(config-bgp)#show configuration bgp
Building configuration...
Current configuration:
context local
!
router bgp 100
snmp traps bgp4mib2
!
! ** End Context **
!
end
124
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Operations
3
Operations
To manage BGP functions, perform the tasks described in Table 1. Enter the
show commands in any mode. Enter the clear and debug commands in
exec mode.
Table 1
Operational Commands for BGP
Task
Root Command
Apply new BGP routing policies or reset BGP
connections globally without dropping
connections.
clear bgp
Apply new routing policies for eBGP neighbors
or reset eBGP connections.
clear bgp external
Clear BGP route-flap statistics.
clear bgp flap-statistics
Apply new BGP routing policies to connections
using unicast address prefixes or reset BGP
IPv4 address connections.
clear bgp ipv4 unicast
Apply new BGP routing policies to connections
using VPN prefixes or reset BGP IPv4 address
connections.
clear bgp ipv4 vpn
Apply new BGP neighbor routing policies or
reset BGP neighbor connections.
clear bgp neighbor
Apply new BGP peer group routing policies or
reset BGP peer group connections.
clear bgp peer-group
Enable the generation of messages for BGP
best-path events.
debug bgp bestpath
Enable the generation of BGP general-event
messages.
debug bgp event
Enable the generation of debug messages for
BGP passive open connections.
debug bgp listen
Enable the generation of debug messages for
BGP nonupdate events.
debug bgp message
Enable the generation of messages for all
general BGP neighbor events.
debug bgp neighbor
Enable the generation of messages for all
general BGP performance events.
debug bgp performance
Enable the generation of debug messages for
BGP routing policies.
debug bgp policy
Enable the generation of debug messages for
interaction between BGP and the RIB.
debug bgp rib
12/1543-AXI 101 09/1 Uen F | 2017-11-22
125
BGP
Task
Root Command
Enable the generation of debug messages for
BGP session states and timers.
debug bgp session-state
Enable the generation of debug messages for
BGP update events.
debug bgp update
Display BGP attribute information, including AS show bgp attribute
path, community, next-hop address, and route
reflector attributes.
Display malformed BGP messages for
troubleshooting.
show bgp malform
Display BGP neighbor status, configuration,
and statistical information.
show bgp neighbor
Display BGP notification messages.
show bgp notification
Display BGP peer group information, including
peer group membership and session status.
show bgp peer-group
Display BGP neighbor reset information for
troubleshooting.
show bgp reset-log
Display information about all BGP routes or for
a subset of routes.
show bgp route
Display community information for BGP routes. show bgp route community
126
Display BGP route-flap statistics.
show bgp route flapstatistics
Display BGP routes sourced from more than
one AS.
show bgp route
inconsistent-as
Display information about BGP unicast IPv4
address prefix-based routes.
show bgp route ipv4
Display information about BGP unicast IPv6
address prefix-based routes.
show bgp route ipv6
unicast
Display MPLS labels associated with BGP
routes.
show bgp route labels
Display information about routes to or from
BGP neighbors.
show bgp route neighbor
Display BGP communities that match an AS
path string.
show bgp route regexp
Display BGP routes sourced from the local AS.
show bgp route sourced
Display a summary report of BGP routes in the
routing table.
show bgp route summary
Display a summary of BGP status and
statistical information.
show bgp summary
Display the current BGP configuration
information for the current context. (1)
show configuration bgp
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Operations
(1) If you configure a BGP neighbor attribute or BGP address family neighbor attribute to its
default value, the attribute does not return to its default state. The show configuration
command displays all attributes not in the default state. For example, ebgp-multihop 1 is
displayed because ebgp-multihop is not returned to its default state. Only the default
attribute configuration command (for example, default ebgp-multihop) returns an attribute
to its default state where it is not displayed.
Caution!
Risk of dropped connection. A hard reset can affect network connectivity. When using
any clear bgp command, the soft keyword for inbound traffic only takes effect if
the BGP neighbor supports the refresh capability. The soft keyword for outbound
traffic is local and does not require the capability. To check whether a BGP neighbor
supports the refresh capability, use the show bgp neighbor summary command in
exec mode. Specify the soft keyword if you do not want the BGP neighbor
connection dropped. Only use a hard reset as a last resort.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
127
BGP
Reference List
IETF RFCs - BGP
128
•
RFC 1268, Application of the Border Gateway Protocol in the Internet
•
RFC 1403, BGP OSPF Interaction
•
RFC 1745, BGP4/IDRP for IP---OSPF Interaction
•
RFC 1997, BGP Communities Attribute
•
RFC 2385, Protection of BGP Sessions via the TCP MD5 Signature
Option
•
RFC 2439, BGP Route Flap Damping
•
RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain
Routing
•
RFC 2858, Multiprotocol Extensions for BGP-4
•
RFC 2918, Route Refresh Capability for BGP-4
•
RFC 3065, Autonomous System Confederations for BGP
•
RFC 3107, Carrying Label Information in BGP-4
•
RFC 4271, A Border Gateway Protocol 4 (BGP-4)
•
RFC 4273, Definitions of Managed Objects for BGP-4
•
RFC 4360, BGP Extended Communities Attribute
•
RFC 4456, BGP Route Reflection: An Alternative to Full Mesh Internal
BGP (IBGP)
•
RFC 4486, Subcodes for BGP Cease Notification Message
•
RFC 4724, Graceful Restart Mechanism for BGP
•
RFC 4798, Connecting IPv6 Islands over IPv4 MPLS Using IPv6 Provider
Edge Routers (6PE)
•
RFC 4893, BGP Support for Four-octet AS Number Space
12/1543-AXI 101 09/1 Uen F | 2017-11-22
Reference List
•
RFC 5065, Autonomous System Confederations for BGP
•
RFC 5291, Outbound Route Filtering Capability for BGP-4
•
RFC 5292, Address-Prefix-Based Outbound Route Filter for BGP-4
•
RFC 5492, Capabilities Advertisement with BGP-4
•
RFC 7313, Enhanced Route Refresh Capability for BGP-4.
•
Internet Draft, Advertisement of the best external route in BGP, draft-ietfidr-best-external-05
•
Internet Draft, Definitions of Managed Objects for the Fourth Version of
Border Gateway Protocol (BGP-4), Second Version, draft-ietf-idr-bgp4mibv2-15
•
Internet Draft, Revised Error Handling for BGP UPDATE Messages, draftietf-idr-error-handling-18
IETF RFCs - Additional Information
•
RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates.
12/1543-AXI 101 09/1 Uen F | 2017-11-22
129