This document contains frequently asked questions (FAQs) about Border
Gateway Protocol (BGP).
How do I configure BGP?
A. Refer to these documents for information on how to configure BGP and
How do I configure BGP with the use of a loopback address?
A. The use of a loopback interface ensures that the neighbor stays up and
is not affected by malfunctioning hardware.
BGP uses the IP address configured on the physical interface directly
connected to the BGP peer as the source address when it establishes the BGP
peering session, by default. Issue the neighbor <ip address>
update-source <interface> command in order to change this
behavior and configure the BGP that speaks to the router to establish peering
with the use of a loopback address as the source address.
Configuration for iBGP and eBGP With or Without a Loopback Address for
What is the order of preference of attributes when some or all are
applied to one neighbor in BGP?
A. The order of preference varies based on whether the attributes are
applied for inbound updates or outbound updates.
For inbound updates the order of preference is:
For outbound updates the order of preference is:
route-map | unsuppress-map
ORF prefix-list (a prefix-list the neighbor sends
Note: The attributes prefix-list and distribute-list are mutually
exclusive, and only one command (neighbor
prefix-list or neighbor
distribute-list) can be applied to each inbound or outbound
direction for a particular neighbor.
What does a next hop of 0.0.0.0 mean in the show ip
bgp command output?
A. A network in the BGP table with a next hop address of 0.0.0.0 means
that the network is locally originated via redistribution of Interior Gateway
Protocol (IGP) into BGP, or via a network or
aggregate command in the BGP configuration.
What are the well known communities of the BGP community attribute?
A. The community attribute is a transitive, optional attribute designed to
group destinations in a certain community and apply certain policies (such as
accept, prefer, or redistribute). This table shows the well known BGP
Use in confederation scenarios to prevent sending packets
outside the local autonomous system (AS).
Do not advertise to external BGP (eBGP) peers. Keep this route
within an AS.
Do not advertise this route to any peer, internal or
Apply no community attribute when you want to clear the
communities associated with a route.
Advertise this route to the internet community, and any router
that belongs to it.
Refer to the
BGP Community Filtering section of
Configuring BGP for more information about the configuration of
What formats can I use to configure the BGP community attribute?
A. In Cisco IOS® Software Release 12.0 and later, you can configure
communities in three different formats called decimal, hexadecimal, and AA:NN.
By default, IOS uses the older decimal format. In order to configure and
display in AA:NN, where the first part is the AS number and the second part is
a 2-byte number, issue the
global configuration command.
Note: BGP Community Attribute is a numerical value (arbitrary) that can be
assigned to a specific prefix and advertised to other neighbors. Although the
community attribute can be represented in decimal, hexadecimal, or AA:NN, it is
still a 32-bit number. For example, any of these three configuration commands
specify the community 30:20 (AS 30, number 20):
set community 30:20
set community 0x1E0014
set community 1966100
Regardless of which command you use, the community displayed in the
router configuration file and the BGP table is 30:20.
Refer to the
Attribute section of
Case Studies, and
BGP Community Values to Control Routing Policy in Upstream Provider
Network for more information.
How does BGP behave differently with auto-summary enabled or disabled?
A. Auto-summary behavior has changed across Cisco IOS software releases.
Initially, auto-summary was enabled by default. However, with Cisco bug ID
registered customers only)
this behavior has changed. In the latest
Cisco IOS, auto-summary is disabled by default. When auto-summary is enabled,
it summarizes the locally originated BGP networks to their classfull
boundaries. Auto-summary is only enabled by default in the old versions. When
auto-summary is disabled, the routes introduced locally into the BGP table are
not summarized to their classfull boundaries. When a subnet exists in the
routing table and these three conditions are satisfied, then any subnet of that
classfull network in the local routing table will prompt BGP to install the
classfull network into the BGP table.
For example, if the subnet in the routing table is 22.214.171.124 mask
255.255.255.0, and you configure network 126.96.36.199 under the
router bgp command, and auto-summary is enabled, BGP
introduces the classfull network 188.8.131.52 mask 255.0.0.0 in the BGP
If these three conditions are not all met, then BGP does not install
any entry in the BGP table unless there is an exact match in the local routing
Note: If the AS that performs BGP does not own the complete classfull
network, Cisco recommends that you issue the no
auto-summary command under router bgp
in order to disable auto-summary.
How can I verify if a BGP router announces its BGP networks and
propagates them to the global BGP mesh?
A. Use these commands in order to check if the IP blocks are announced to
the directly connected ISP:
Note: The show ip bgp neighbors
[address] advertise-routes command does
not take into account any outbound policies you might have applied. In future
Cisco IOS software releases, the command output will be changed to reflect the
outbound policies. If there are two alternate paths to a destination, BGP
always uses the best route to advertise.
In order to verify how the IP blocks get propagated to the global BGP
mesh via the directly connected ISP, log onto a
on the Internet and look for the BGP entries of the prefix in the
When and how should I reset a BGP session?
A. Clear a BGP session when you change the inbound/outbound policy for
this session. Issue the clear ip bgp
x.x.x.x soft out command to clear a BGP
session in order to bring outbound policy changes into effect. Issue the
clear ip bgp x.x.x.x
in order to clear a BGP session to bring inbound policy changes into effect. If
the neighbor has the soft reconfiguration capability, you can issue the
clear ip bgp x.x.x.x soft in
command. The BGP session can be cleared automatically if you setup the
Optimized Edge Routing (OER). OER automatically clears the BGP session for both
Inbound and Outbound directions. Refer to
Up OER Network Components for more information on OER.
Note: With Cisco IOS Software Release 12.0 and later, a new BGP Soft Reset
Enhancement feature is introduced. Refer to
Soft Reset Enhancement for more information.
Is there any special configuration needed on PIX/ASA to allow BGP
sessions through it?
A. Yes, refer to
BGP through ASA Configuration Example for complete configuration
What is an autonomous system (AS) number and how do I obtain
A. AS numbers are globally unique numbers that are used to identify ASes,
and which enable an AS to exchange exterior routing information between
neighboring ASes. An AS is a connected group of IP networks that adhere to a
single and clearly defined routing policy.
There are a limited number of available AS numbers. Therefore, it is
important to determine which sites require unique AS numbers and which do not.
Sites that do not require a unique AS number should use one or more of the AS
numbers reserved for private use, which are in the range from 64512 to 65535.
Number Registration Services
website to obtain an AS number.
What is the BGP path selection criteria?
A. BGP path selection criteria is documented in
Best Path Selection Algorithm.
What is the difference between
A. A complete explanation of the differences between these commands is
the bgp deterministic-med Command Differs from the
bgp always-compare-med Command.
Do internal BGP (iBGP) sessions modify the next hop?
A. iBGP sessions preserve the next hop attribute learned from eBGP peers.
This is why it is important to have an internal route to the next hop. The BGP
route is otherwise unreachable. In order to make sure you can reach the eBGP
next hop, include the network that the next hop belongs to in the IGP or issue
the next-hop-self neighbor command to force the
router to advertise itself, rather than the external peer, as the next hop.
Refer to the
Next Hop Attribute section of
Case Studies for a more detailed explanation.
Do external BGP (eBGP) sessions between confederations modify the next
A. No, eBGP sessions between confederation sub-ASes do not modify the next
hop attribute. All iBGP rules still apply to have the whole AS behave as a
single entity. The metric and local preference values also remain unaltered
among confederation eBGP peers. Refer to the
Confederation section of
Case Studies for more information about confederations.
In external BGP (eBGP) sessions, which IP address is sent as the next
A. In eBGP peering, the next hop is the IP address of the neighbor that
announces the route. However, when the route is advertised on a multi-access
media (such as Ethernet or Frame Relay), the next hop is usually the IP address
of the router interface connected to that media, which originated the route.
Refer to the
Next Hop Attribute of
Case Studies for a more detailed explanation.
Does the route reflector change the next hop attribute of a reflected
A. By default, the next hop attribute is not changed when a prefix is
reflected by route reflector. However, you can issue the neighbor
next-hop-self command in order to change the attribute of the
next hop for prefixes reflected from an eBGP peer to any route reflector
How can I announce a prefix conditionally to one ISP only when I lose the
connection to my primary ISP?
A. BGP advertises routes from its BGP table to external peers by default.
The BGP conditional advertisement feature provides additional control of route
advertisement depending on the existence of other prefixes in the BGP table.
Normally, routes are propagated regardless of the existence of a different
path. The BGP conditional advertisement feature uses the
advertise-map configuration commands to track routes
by the route prefix. If a route prefix is not present in the
non-exist-map command, the route specified by the
advertise-map command is announced. Refer to the
BGP Conditional Advertisement section of
BGP for more information.
How can I configure BGP to provide load sharing and redundancy in my
A. Use these documents for detailed configuration information:
How much memory should I have in my router to receive the complete BGP
routing table from my ISP?
A. The amount of memory required to store BGP routes depends on many
factors, such as the router, the number of alternate paths available, route
dampening, community, the number of maximum paths configured, BGP attributes,
and VPN configurations. Without knowledge of these parameters it is difficult
to calculate the amount of memory required to store a certain number of BGP
routes. Cisco typically recommends a minimum of 512 MB of RAM in the router to
store a complete global BGP routing table from one BGP peer. However, it is
important to understand ways to reduce memory consumption and achieve optimal
routing without the need to receive the complete Internet routing table. Refer
Achieve Optimal Routing and Reduce BGP Memory
Consumption for more detailed information.
What are the benefits of configuring BGP peer groups?
A. The major benefit of specifying a BGP peer group is that it reduces the
amount of system resources (CPU and memory) used in an update generation. It
also simplifies BGP configuration since it allows the routing table to be
checked only once, and updates to be replicated to all other in-sync peer group
members. This can significantly reduce the load, which depends on the number of
peer group members, the number of prefixes in the table, and the number of
prefixes advertised. Cisco recommends that you group together peers with
identical outbound announcement policies. Refer to
Peer Groups for more detailed information.
Why do I see the same route twice form the same peer in BGP ?
64512 28513 8151 65194 65230 65085
184.108.40.206 from 220.127.116.11 (18.104.22.168)
Origin IGP, localpref 200, valid, external
Community: 100:2 28513:1281
64512 28513 8151 65194 65230 65085, (received-only)
22.214.171.124 from 126.96.36.199 (188.8.131.52)
Origin IGP, localpref 100, valid, external
A. Two entries are seen due to soft-reconfiguration configured. Both the
un-modified path and the modified path, which depends on the inbound policy, if
permitted, are stored in the path table for the prefix. Refer to
BGP Soft Reconfiguration for more information.
What is synchronization, and how does it influence BGP routes installed
in the IP routing table?
A. If your AS passes traffic from another AS to a third AS, BGP should not
advertise a route before all routers in your AS learn about the route via IGP.
BGP waits until IGP propagates the route within the AS and then advertises it
to external peers. A BGP router with synchronization enabled does not install
iBGP learned routes into its routing table if it is not able to validate those
routes in its IGP. Issue the no synchronization
command under router bgp in order to disable
synchronization. This prevents BGP from validating iBGP routes in IGP. Refer to
Case Studies: Synchronization for a more detailed explanation.
How do I know which Cisco IOS software release supports a particular BGP
A. Use the
Cisco IOS Software
registered customers only)
to quickly find which Cisco IOS software release supports your
How can I set the Multi Exit Discriminator (MED) value on prefixes
advertised to external BGP (eBGP) neighbors to match the Interior Gateway
Protocol (IGP) next hop metric?
A. The set metric-type internal route-map
configuration command causes BGP to advertise a MED that corresponds to the IGP
metric associated with the next hop of the route. This command is available in
Cisco IOS Software Release 10.3 and later. Refer to
Commands for more information.
What is the default BGP ConnectRetry timer, and is it possible to tune
the BGP ConnectRetry timer?
A. The default BGP ConnectRetry timer is 120 seconds. Only after this time
passes does the BGP process check to see if the passive TCP session is
established. If the passive TCP session is not established, then the BGP
process starts a new active TCP attempt to connect to the remote BGP speaker.
During this idle 120 seconds of the ConnectRetry timer, the remote BGP peer can
establish a BGP session to it. Presently, the Cisco IOS ConnectRetry timer
cannot be changed from its default of 120 seconds.
What does r RIB-Failure mean in the
show ip bgp command
R1> show ip bgp
BGP table version is 5, local router ID is 184.108.40.206
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r> 220.127.116.11/24 10.10.13.3 0 130 0 30 i
*> 18.104.22.168/24 10.10.13.3 0 125 0 30 i
A. When BGP tries to install the
prefix into Routing Information Base (RIB) (for example, the IP Routing table),
RIB might reject the BGP route due to any of these reasons:
Route with better administrative distance already present in IGP. For
example, if a static route already exists in IP Routing
The number of routes in VPN routing/forwarding (VRF) exceeds the
route-limit configured under the VRF
In such cases, the prefixes that are rejected for these reasons are
identified by r RIB Failure in the
show ip bgp command output and are not advertised to
the peers. This feature was first made available in Cisco IOS Software Release
How can I redistribute internal BGP (iBGP) learned default-route
(0.0.0.0/0) route into EIGRP/OSPF/IS-IS?
A. The redistribution of iBGP routes into Interior Gateway Protocol
(IGP)—Enhanced Interior Gateway Routing Protocol/Open Shortest Path
First/Intermediate System-to-Intermediate System (EIGRP/OSPF/IS-IS)—can cause
routing loops within the Autonomous System, which is not recommended. By
default, iBGP redistribution into IGP is disabled. Issue the
command in order to enable
redistribution of iBGP routes into IGP. Precautions must be taken to
redistribute specific routes using route-maps into IGP. A sample configuration
for redistributing a iBGP learned default route 0.0.0.0/0 into EIGRP is shown
in this output. Configurations for OSPF/IS-IS are similar.
router bgp 65345
router eigrp 10
redistribute bgp 65345 route-map check-def
ip prefix-list def-route seq 5 permit 0.0.0.0/0
route-map check-def permit 10
match ip address prefix-list def-route
Note: After you configure the
command, ensure that
clear ip bgp command is entered so as to clear all
routes in the local routing table.
How can I filter all IP routes advertised to a BGP neighbor except the
default route 0.0.0.0/0?
A. The specific routes can be filtered if you use inbound filter-list,
distribute-list, prefix-list and route-map all at the same time for the same
bgp neighbor. This is the order of operation:
Distribute-list (or) prefix-list
How to resolve the error Protocol not in this
A. The reason for getting the error message protocol not in
this image is because BGP feature is not supported in the IOS
version running on the router. To resolve this error upgrade the IOS to newer
IOS versions that supports BGP.
BGP: timer-wheel running slow by 1 ticks appears in the debug
A. This message only shows up when a BGP debug is turned on the router. It
is just an informational message and not an error message. This informational
message relates to BGP internal timers. This message can be ignored by issuing
undebug all command.
Is it possible to track an interface and change the route
A. Yes, it is possible to track the state change of an interface and route
availability with the Enhanced Object tracking. Refer to
Object Tracking for more information.
How does IP RIB Update allocate memory?
A. IP RIB Update allocates the prefixes, and attributes are held in
chunks. It is not possible to free the entire chunk until every element in the
chunk is freed. If more routes are learned, then those free elements in the
chunks are used.
What is the command to see IPv6 BGP neighbors?
show bgp ipv6 unicast summary
used to see the IPv6 BGP neighbours
In regards to the removal of the static route "ip route
10.150.0.0 255.255.0.0 Null0", does no auto-summary in BGP cause all
subnets of 10.150.0.0 to be advertised?
network 10.150.0.0 mask 255.255.0.0
ip route 10.150.0.0 255.255.0.0 Null0
A. The router stops to advert the route but it still sends the other most
Why are there no statistic results when I use the debug bfd
events and debug bfd packets
A. It is the normal behaviour, as bfd hellos are sent in sub minimal
seconds and in case you run debugs for that, the router cannot handle. So the
bfd messages are seen in debug only when flaps happens. This is the purpose of
debug bfd events
This command enables the logging of BFD events for all the currently
configured BFD sessions. It captures BFD events like session state change,
session configuration change triggered by local CLI or by remote end.
debug bfd packets
This command enables the logging of BFD packets for all the currently
configured BFD sessions. It only captures BFD hello packets that are exchanged
when there are bfd configuration changes like session state change happens.
Normal BFD packets are not captured by this command.
Does the router have to be restarted after a new BGP Neighbor Maximum
Prefix is configured?
A. If the new maximum number of Prefixes is larger that the current
maximum, there is no need to soft/hard clear the BGP session, and reload is not
Is there a command to check the advertised routes along with the prepend
of the AS-paths?
A. When AS-path prepending is set, the AS numbers to be prepended are
appended to the AS-path and when the update leaves the AS towards the eBGP
peers, the local AS number is prepended to the complete AS-path.
But, you can easily check whether the AS Path prending is done with one
of these options:
Check the BGP AS PATH Attribute on Peering device. This is one of the
easiest ways to check whether the router performs AS PATH prepending or
Run debug on BGP updates (in outbound direction) and then check for
prepends. Use an access-list while you debug BGP updates.
Debug ip bgp update 1 out
BGP: TX IPv4 Unicast Mem global 3 1 22.214.171.124 Refresh has to wait for net
BGP: TX IPv4 Unicast Top global Start net prepend.
BGP: TX IPv4 Unicast Top global Done net prepend (1 attrs).
The router has prepended the prefix.
BGP: TX IPv4 Unicast Grp global 3 Starting refresh after prepend completion.
Another option would be to take a packet capture on exit interface
and see what update is being sent on the wire.
How does neighbor soft-reconfiguration inbound command
command causes the router to
store all received (inbound) routing policy updates without modification, for
example, a duplicate table is stored in the memory for each peer. This method
is memory-intensive and not recommended unless absolutely necessary. Refer to
in order to achieve the soft reset without
the use of additional memory .
What does the %BGP-3-NOTIFICATION: sent to neighbor
*A.B.C.D passive 6/0 (cease) 0 bytes error message
A. This message occurs when there is another BGP session already
established. The router that receives the cease message has tried to send a BGP
OPEN message to the same peer on another IP. This message is cosmetic and is
due to a misconfiguration.
What does the %IPRT-3-ROUTEINSERTERROR: Error inserting
routing entry error message mean?
A. This error message indicates that there is not enough memory to
accommodate BGP prefixes, learnt from neighbors.
Q. Does GSR with IOS-XR support the VPLS-BGP auto-discovery feature as a
A. Yes, GSR with IOS-XR supports Route Reflector functionality for
How do I debug routes for a particular vrf in the Cisco IOS-XR
A. Use the
bgp keepalive [vrf [vrf-name | all]] vpnv4 unicast command
in order to debug routes for a given vrf in the Cisco IOS-XR environment. This
is a sample output:
*Mar 1 00:16:06.735: BGP: ses TWO 126.96.36.199 (0x69A1C8F4:1) Keep alive timerfired.
*Mar 1 00:16:06.735: BGP: 188.8.131.52 KEEPALIVE requested (bgp_keepalive_timer_expired)
*Mar 1 00:16:06.743: BGP: ses TWO 184.108.40.206 (0x69A1C8F4:1) service keepalive IO request.
*Mar 1 00:16:06.747: BGP: 220.127.116.11 KEEPALIVE write request serviced in BGP_IO
*Mar 1 00:16:07.759: BGP: ses ONE 18.104.22.168 (0x6900D344:1) Keep alive timer fired.
*Mar 1 00:16:07.759: BGP: 22.214.171.124 KEEPALIVE requested (bgp_keepalive_timer_expired)
*Mar 1 00:16:07.759: BGP: ses ONE 126.96.36.199 (0x6900D344:1) service keepalive IO request.
*Mar 1 00:16:07.763: BGP: 188.8.131.52 KEEPALIVE write request serviced in BGP_IO
What is the difference between when a route is injected in BGP via
redistribute command or a network command?
A. When you use the redistribution of IGP into BGP to advertise the route,
then there is no need to specify the network statement for all the subnets
individually. Also when the route is obtained from any other routing protocols
into BGP table by redistribution, the Origin attribute is
Incomplete (?) and when you specify the
network command then it is
Internal/IGP (i). During the route selection,
the lowest origin code is preferred
How do I verify Layer 4 forwarding summary
A. In order to view the summary information on Layer 4 forwarding, use the
show mls cef summary command. For example:
show mls cef summary
Total routes: 532462
IPv4 unicast routes: 502841
IPv4 Multicast routes: 6
MPLS routes: 19794
IPv6 unicast routes: 9821
IPv6 multicast routes: 3
EoM routes: 0
show mls cef maximum-routes
FIB TCAM maximum routes :
IPv4 + MPLS - 512k (default)
IPv6 + IP Multicast - 256k