Border Gateway Protocol (BGP)

BGP is a dynamic routing protocol for routing traffic between different autonomous systems (AS) on the internet. BGP exchanges full routing information when a peer connection is first established and only sends updates for routes that have changed. BGP is highly scalable and can adapt to changes in the network topology, making it suitable for large, complex networks.

For medium to large networks, BGP is a better routing solution than static routing, which is simpler and requires less overhead than BGP but lacks the scalability and adaptability of BGP. With static routing, routes are fixed and do not change unless manually updated by a network administrator.

BGP Policy

BGP import and export policies are sets of rules and configurations that control the selection, advertisement, and acceptance of routing information between BGP peers.

BGP import policy is used for the routes imported from the external BGP peers and BGP export policy is used for the routes exported to the external BGP peers.

  • Default import and export policies are predefined and not configurable.​ The default policy is a template containing rules.
  • If you use both default import and export policies, these routes are not advertised to the external peer.
    • Externally learned routes
    • Default route
    • Internal endpoint IP addresses

To view the default import or export policies, navigate to the Fabrics page. In the Attachments area, choose BGP > Import policies or BGP > Export policies.

Default import policy

Default Import Policy

Match

Set

Action

All

Community

64511:99

Permit

Default export Policy

Default Export Policy

Match

Set

Action

Community

64511:99

-

Deny

Route tag

Black

-

Deny

IPv4 Prefix

0.0.0.0/0 (Exact)

-

Deny

IPv6 Prefix

::/0 (Exact)

-

Deny

Community

64510:*

-

Permit

IPv4 Prefix

0.0.0.0/0 (Exact or longer) 32

-

Deny

IPv6 Prefix

::/0 (Exact or longer) 128

-

Deny

All

All conditions are matched

-

Permit
  • When you add a static route, the Discard option in the Add Static Route page, matches Match Route tag Black, Deny rule in the default export policy. See Add a static route.
  • The rule Community: 64510:* is used to advertise one or more static routes to an external network.
  • In the default export policy, these rules are used to prevent advertising the default route and internal endpoint IP addresses (host routes) to the external network.​
    • Match 0.0.0.0/0 (Exact), Deny
    • Match ::/0 (Exact), Deny
    • Match 0.0.0.0/0 (Exact or longer) 32, Deny
    • Match ::/0 (Exact or longer) 128, Deny
  • Because the route imported from the external BGP peer has the rule Community: 64511:99 set by the default import policy, the route is not exported to a BGP peer because of the Deny rule in the default export policy.

Guidelines

  • For BGP peers that support both IPv4 and IPv6, you must create a separate BGP peer configuration for each address family.
  • BGP peering requires a routed interface or routed sub-interface. An SVI cannot be used.
  • When configuring a BGP peer, your selection of available interfaces in the VRF depends on your chosen time to live (TTL) value.
    • With TTL set to 1, you are presented with only the IP interface that is in the same subnet as the BGP peer.
    • With TTL set to greater than 1, you are shown only the routed or routed sub-interface IP interfaces in the VRF.

Create a BGP peer

Create a BGP peer, also known as a BGP neighbor, to establish a BGP session with another switch to exchange routing information. Follow these steps to create a BGP peer.

Step 1

Choose Fabrics.

Step 2

On the Fabrics page, click the fabric you want to configure.

Step 3

In the Logical Networks area, click Route tables (VRF).

Step 4

In the All route tables (VRFs), click the route table name where you will add a BGP peer.

Step 5

In the Configurations area, click BGP peers.

If BGP peers have already been created in this VRF, a list of existing peers is displayed.

Step 6

In the BGP peers area, click the pencil icon and enter the VRF Local AS. Click Save.

By default, the VRF Local AS will be used in the BGP peer unless a new value is provided in the Local AS override. See 8.e.

Step 7

Click Create BGP peer.

Step 8

Complete the following fields for Create BGP peer.

  1. Enter a name for the new BGP peer.

  2. Enter an IP address for the peer.

    For IPv4 BGP route exchange, enter an IPv4 address.

    For IPv6 BGP route exchange, enter an IPv6 address.

     Note

    For BGP peers that support both IPv4 and IPv6, you must create a separate BGP peer configuration for each address family.

  3. Select the BGP type.

  4. Enter the autonomous system (AS) number of the peer.

  5. (Optional) Enter the Local AS override number.

    Entering an override local AS number allows a switch to replace the AS number of the originating switch with the AS number of the sending BGP switch, preventing the receiving switch from dropping packets from an originator with the same AS as the receiver. By default, the VRF Local AS will be used unless a new value is provided.

  6. For eBGP, select single-hop or multi-hop

  7. Enter the time to live (TTL) in number of hops for a peering session.

    As a security check, BGP will establish or maintain a session only if the TTL value in the received IP packet header is equal to or greater than the TTL value configured here for the peering session.

  8. Select an interface from the list.

  9. Select an Import policy and an Export policy from the drop-down list or keep the defaults.

    These policies are defined in Create a BGP import policy and Create a BGP export policy.

  10. (Optional) Select an Authentication method and enter the credentials.

Step 9

Select an available interface.

In the case of a local BGP peer, the available interfaces based on peer address are displayed.

Step 10

Click Save.

View BGP peer details

When you view BGP peer details, you can actively monitor several key aspects of your fabric’s BGP operations:

  • Peer details: You check whether each BGP session is established and running smoothly. This allows you to quickly verify connectivity with your BGP peers and troubleshoot any issues with session establishment.
  • Received routes: You review the routes your device learns from BGP peers. These routes include important attributes such as AS path, next hop, and local preference. By inspecting these details before import policies are applied, you can make sure your device receives and processes routes from neighbors correctly.
  • Advertised routes: You examine the routes your device advertises to its BGP peers. This helps you detect unusual or unauthorized routes. It enables you to spot potential route leaks or hijacks and control which routes your device shares to optimize traffic flow.

By actively reviewing these details, you can validate BGP connectivity, resolve routing issues, and maintain strong, effective routing policies across your fabric.

This procedure describes how to navigate to BGP peer details from the fabric level. To view BGP peers for a specific VRF, in the Logical Network area, choose Route tables (VRF) > vrf-name > BGP peers > bgp-peer-name.

Step 1

Choose Fabrics, then click the fabric you want to see BGP peering information for.

Step 2

In the Attachments area, click BGP .

Step 3

In the BGP peers table, click the peer name.

Step 4

Select the type of information you want to see: Peer details, Received routes, or Advertised routes.

Create a BGP import policy

Follow these steps to create a BGP import policy.

Step 1

Choose Fabrics, then click the fabric you want to configure a BGP import policy for.

Step 2

In the Attachments area, choose BGP > Import policies.

Step 3

Click + New Policy.

Step 4

Enter BGP import policy details.

  1. For Import policy name, enter a name for the new BGP import policy.

  2. For Labels, click + Add, to enter labels to help categorize the policies, and press Enter.

  3. For Description, add text that describes this BGP import policy.

  4. For Annotations, click + Add and enter key-value pairs to add annotations.

Step 5

Enter BGP import policy rules.

  1. From the Import policy rules (up to 10) area, click + Add rule to add up to 10 rules.

  2. In the Order column, use the arrow key to assign an order to the rules in the policy.

  3. In the Match column, select the rule type.

    • Community: Provide community numbers. Wildcards are supported.
    • IPv4: Provide IPv4 prefixes, match conditions, and route origins.
    • IPv6: Provide IPv6 prefixes, match conditions, and route origins.
    • Route-tag: Provide route tags.

  4. In the Set column, select a BGP attribute from the drop-down list.

  5. In the Action column, select an action (permit or deny) to be taken for packets that match the rule from the drop-down list.

  6. Click to add match values for each rule. Up to 5 comma-separated values are supported for each rule (except route tags).

Step 6

Click Add.

Create a BGP export policy

Follow these steps to create a BGP export policy.

Step 1

Select Fabrics, then click the fabric you want to configure a BGP import policy for.

Step 2

In the Attachments area, choose BGP > Export policies.

Step 3

Click + New Policy.

Step 4

Enter BGP import policy details.

  1. For Import policy name, enter a name for the new BGP import policy.

  2. For Labels, click + Add, to enter labels to help categorize the policies, and press Enter.

  3. For Description, add text that describes this BGP import policy.

  4. For Annotations, click + Add and enter key-value pairs to add annotations.

Step 5

Enter BGP import policy rules.

  1. From the Import policy rules (up to 10) area, click + Add rule to add up to 10 rules.

  2. In the Order column, use the arrow key to assign an order to the rules in the policy.

  3. In the Match column, select the rule type.

    • Community: Provide community numbers. Wildcards are supported.
    • IPv4: Provide IPv4 prefixes, match conditions, and route origins.
    • IPv6: Provide IPv6 prefixes, match conditions, and route origins.
    • Route-tag: Provide route tags.

  4. In the Set column, select a BGP attribute from the drop-down list.

    • AS path pad: Provide AS path list.
    • Community: Provide community numbers.
    • Next-hop IPv4: Provide IPv4 address of the connection between the peers.
    • Next-hop IPv6: Provide IPv6 address of the connection between the peers.

  5. In the Action column, select an action (permit or deny) to be taken for packets that match the rule from the drop-down list.

  6. Expand the row to add match values for each rule. Up to 5 comma-separated values are supported for each rule (except route tags).

Step 6

Click Add .

Finish and commit your changes

Your changes are not applied to the fabric until you review, commit, and push them.

 Note

For a more detailed description of this procedure, see "Workflow for making changes to the fabric" in Cisco Nexus Hyperfabric—Getting Started.

Follow these steps to finish and commit your changes.

Step 1

Click Review configuration

Step 2

Verify your changes in the review list.

Step 3

Click Comment and push.

Step 4

In the Comment before pushing configuration dialog box, enter the reason for the change.

Step 5

Click Push configuration.