The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The BGP hold time must always be configured higher than the Graceful Restart hold time on a device, even with Graceful Restart disabled. A peer device with an unsupported hold time can establish a session with a device through an open message, but once Graceful Restart is enabled the session will flap.
The Border Gateway Protocol (BGP) is an exterior gateway protocol used to set up an interdomain routing system that guarantees the loop-free exchange of routing information between autonomous systems. Autonomous systems are made up of routers that operate under the same administration and that run Interior Gateway Protocols (IGPs), such as RIP or OSPF, within their boundaries and that interconnect by using an Exterior Gateway Protocol (EGP). BGP Version 4 is the standard EGP for interdomain routing in the Internet. The protocol is defined in RFCs 1163, 1267, and 1771.
Routers that belong to the same autonomous system (AS) and that exchange BGP updates run internal BGP (IBGP), and routers that belong to different autonomous systems and that exchange BGP updates run external BGP (EBGP). Most configuration commands are the same for configuring EBGP and IBGP. The difference is that the routing updates are exchanged either between autonomous systems (EBGP) or within an AS (IBGP). The figure given below shows a network that is running both EBGP and IBGP.
Before exchanging information with an external AS, BGP ensures that networks within the AS can be reached by defining internal BGP peering among routers within the AS and by redistributing BGP routing information to IGPs that run within the AS, such as IGRP and OSPF.
Routers that run a BGP routing process are often referred to as BGP speakers. BGP uses the Transmission Control Protocol (TCP) as its transport protocol (specifically port 179). Two BGP speakers that have a TCP connection to each other for exchanging routing information are known as peers or neighbors. In the above figure, Routers A and B are BGP peers, as are Routers B and C and Routers C and D. The routing information is a series of AS numbers that describe the full path to the destination network. BGP uses this information to construct a loop-free map of autonomous systems.
The network has these characteristics:
Routers A and B are running EBGP, and Routers B and C are running IBGP. Note that the EBGP peers are directly connected and that the IBGP peers are not. As long as there is an IGP running that allows the two neighbors to reach one another, IBGP peers do not have to be directly connected.
All BGP speakers within an AS must establish a peer relationship with each other. That is, the BGP speakers within an AS must be fully meshed logically. BGP4 provides two techniques that reduce the requirement for a logical full mesh: confederations and route reflectors.
AS 200 is a transit AS for AS 100 and AS 300—that is, AS 200 is used to transfer packets between AS 100 and AS 300.
BGP peers initially exchange their full BGP routing tables and then send only incremental updates. BGP peers also exchange keepalive messages (to ensure that the connection is up) and notification messages (in response to errors or special conditions).
In BGP, each route consists of a network number, a list of autonomous systems that information has passed through (the autonomous system path), and a list of other path attributes. The primary function of a BGP system is to exchange network reachability information, including information about the list of AS paths, with other BGP systems. This information can be used to determine AS connectivity, to prune routing loops, and to enforce AS-level policy decisions.
A router or device running Cisco IOS does not select or use an IBGP route unless it has a route available to the next-hop router and it has received synchronization from an IGP (unless IGP synchronization is disabled). When multiple routes are available, BGP bases its path selection on attribute values. See the “Configuring BGP Decision Attributes” section for information about BGP attributes.
BGP Version 4 supports classless interdomain routing (CIDR) so you can reduce the size of your routing tables by creating aggregate routes, resulting in supernets. CIDR eliminates the concept of network classes within BGP and supports the advertising of IP prefixes.
The BGP NSF Awareness feature is supported for IPv4 in the Network Advantage license.. To enable this feature with BGP routing, you need to enable Graceful Restart. When the neighboring router is NSF-capable, and this feature is enabled, the Layer 3 device continues to forward packets from the neighboring router during the interval between the primary Route Processor (RP) in a router failing and the backup RP taking over, or while the primary RP is manually reloaded for a nondisruptive software upgrade.
To enable BGP routing, you establish a BGP routing process and define the local network. Because BGP must completely recognize the relationships with its neighbors, you must also specify a BGP neighbor.
BGP supports two kinds of neighbors: internal and external. Internal neighbors are in the same AS; external neighbors are in different autonomous systems. External neighbors are usually adjacent to each other and share a subnet, but internal neighbors can be anywhere in the same AS.
The switch supports the use of private AS numbers, usually assigned by service providers and given to systems whose routes are not advertised to external neighbors. The private AS numbers are from 64512 to 65535. You can configure external neighbors to remove private AS numbers from the AS path by using the neighbor remove-private-as router configuration command. Then when an update is passed to an external neighbor, if the AS path includes private AS numbers, these numbers are dropped.
If your AS will be passing traffic through it from another AS to a third AS, it is important to be consistent about the routes it advertises. If BGP advertised a route before all routers in the network had learned about the route through the IGP, the AS might receive traffic that some routers could not yet route. To prevent this from happening, BGP must wait until the IGP has propagated information across the AS so that BGP is synchronized with the IGP. Synchronization is enabled by default. If your AS does not pass traffic from one AS to another AS, or if all routers in your autonomous systems are running BGP, you can disable synchronization, which allows your network to carry fewer routes in the IGP and allows BGP to converge more quickly.
Routing policies for a peer include all the configurations that might affect inbound or outbound routing table updates. When you have defined two routers as BGP neighbors, they form a BGP connection and exchange routing information. If you later change a BGP filter, weight, distance, version, or timer, or make a similar configuration change, you must reset the BGP sessions so that the configuration changes take effect.
There are two types of reset, hard reset and soft reset. Cisco IOS Releases 12.1 and later support a soft reset without any prior configuration. To use a soft reset without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the OPEN message sent when the peers establish a TCP session. A soft reset allows the dynamic exchange of route refresh requests and routing information between BGP routers and the subsequent re-advertisement of the respective outbound routing table.
When soft reset generates inbound updates from a neighbor, it is called dynamic inbound soft reset.
When soft reset sends a set of updates to a neighbor, it is called outbound soft reset.
A soft inbound reset causes the new inbound policy to take effect. A soft outbound reset causes the new local outbound policy to take effect without resetting the BGP session. As a new set of updates is sent during outbound policy reset, a new inbound policy can also take effect.
The table given below lists the advantages and disadvantages hard reset and soft reset.
|
Type of Reset |
Advantages |
Disadvantages |
|---|---|---|
|
Hard reset |
No memory overhead |
The prefixes in the BGP, IP, and FIB tables provided by the neighbor are lost. Not recommended. |
|
Outbound soft reset |
No configuration, no storing of routing table updates |
Does not reset inbound routing table updates. |
|
Dynamic inbound soft reset |
Does not clear the BGP session and cache Does not require storing of routing table updates and has no memory overhead |
Both BGP routers must support the route refresh capability (in Cisco IOS Release 12.1 and later). |
When a BGP speaker receives updates from multiple autonomous systems that describe different paths to the same destination, it must choose the single best path for reaching that destination. When chosen, the selected path is entered into the BGP routing table and propagated to its neighbors. The decision is based on the value of attributes that the update contains and other BGP-configurable factors.
When a BGP peer learns two EBGP paths for a prefix from a neighboring AS, it chooses the best path and inserts that path in the IP routing table. If BGP multipath support is enabled and the EBGP paths are learned from the same neighboring autonomous systems, instead of a single best path, multiple paths are installed in the IP routing table. Then, during packet switching, per-packet or per-destination load-balancing is performed among the multiple paths. The maximum-paths router configuration command controls the number of paths allowed.
These factors summarize the order in which BGP evaluates the attributes for choosing the best path:
If the path specifies a next hop that is inaccessible, drop the update. The BGP next-hop attribute, automatically determined by the software, is the IP address of the next hop that is going to be used to reach a destination. For EBGP, this is usually the IP address of the neighbor specified by the neighbor remote-as router configuration command. You can disable next-hop processing by using route maps or the neighbor next-hop-self router configuration command.
Prefer the path with the largest weight (a Cisco proprietary parameter). The weight attribute is local to the router and not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths. Routes with the largest weight are preferred. You can use access lists, route maps, or the neighbor weight router configuration command to set weights.
Prefer the route with the highest local preference. Local preference is part of the routing update and exchanged among routers in the same AS. The default value of the local preference attribute is 100. You can set local preference by using the bgp default local-preference router configuration command or by using a route map.
Prefer the route that was originated by BGP running on the local router.
Prefer the route with the shortest AS path.
Prefer the route with the lowest origin type. An interior route or IGP is lower than a route learned by EGP, and an EGP-learned route is lower than one of unknown origin or learned in another way.
Prefer the route with the lowest multi -exit discriminator (MED) metric attribute if the neighboring AS is the same for all routes considered. You can configure the MED by using route maps or by using the default-metric router configuration command. When an update is sent to an IBGP peer, the MED is included.
Prefer the external (EBGP) path over the internal (IBGP) path.
Prefer the route that can be reached through the closest IGP neighbor (the lowest IGP metric). This means that the router will prefer the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop).
If the following conditions are all true, insert the route for this path into the IP routing table:
Both the best route and this route are external.
Both the best route and this route are from the same neighboring autonomous system.
Maximum-paths is enabled.
If multipath is not enabled, prefer the route with the lowest IP address value for the BGP router ID. The router ID is usually the highest IP address on the router or the loopback (virtual) address, but might be implementation-specific.
Within BGP, route maps can be used to control and to modify routing information and to define the conditions by which routes are redistributed between routing domains. Each route map has a name that identifies the route map (map tag ) and an optional sequence number.
You can filter BGP advertisements by using AS-path filters, such as the as-path access-list global configuration command and the neighbor filter-list router configuration command. You can also use access lists with the neighbor distribute-list router configuration command. Distribute-list filters are applied to network numbers. See the “Controlling Advertising and Processing in Routing Updates” section for information about the distribute-list command.
You can use route maps on a per-neighbor basis to filter updates and to modify various attributes. A route map can be applied to either inbound or outbound updates. Only the routes that pass the route map are sent or accepted in updates. On both inbound and outbound updates, matching is supported based on AS path, community, and network numbers. Autonomous system path matching requires the match as-path access-list route-map command, community based matching requires the match community-list route-map command, and network-based matching requires the ip access-list global configuration command.
You can use prefix lists as an alternative to access lists in many BGP route filtering commands, including the neighbor distribute-list router configuration command. The advantages of using prefix lists include performance improvements in loading and lookup of large lists, incremental update support, easier CLI configuration, and greater flexibility.
Filtering by a prefix list involves matching the prefixes of routes with those listed in the prefix list, as when matching access lists. When there is a match, the route is used. Whether a prefix is permitted or denied is based upon these rules:
An empty prefix list permits all prefixes.
An implicit deny is assumed if a given prefix does not match any entries in a prefix list.
When multiple entries of a prefix list match a given prefix, the sequence number of a prefix list entry identifies the entry with the lowest sequence number.
By default, sequence numbers are generated automatically and incremented in units of five. If you disable the automatic generation of sequence numbers, you must specify the sequence number for each entry. You can specify sequence values in any increment. If you specify increments of one, you cannot insert additional entries into the list; if you choose very large increments, you might run out of values.
One way that BGP controls the distribution of routing information based on the value of the COMMUNITIES attribute. The attribute is a way to groups destinations into communities and to apply routing decisions based on the communities. This method simplifies configuration of a BGP speaker to control distribution of routing information.
A community is a group of destinations that share some common attribute. Each destination can belong to multiple communities. AS administrators can define to which communities a destination belongs. By default, all destinations belong to the general Internet community. The community is identified by the COMMUNITIES attribute, an optional, transitive, global attribute in the numerical range from 1 to 4294967200. These are some predefined, well-known communities:
internet —Advertise this route to the Internet community. All routers belong to it.
no-export —Do not advertise this route to EBGP peers.
no-advertise —Do not advertise this route to any peer (internal or external).
local-as —Do not advertise this route to peers outside the local autonomous system.
Based on the community, you can control which routing information to accept, prefer, or distribute to other neighbors. A BGP speaker can set, append, or modify the community of a route when learning, advertising, or redistributing routes. When routes are aggregated, the resulting aggregate has a COMMUNITIES attribute that contains all communities from all the initial routes.
You can use community lists to create groups of communities to use in a match clause of a route map. As with an access list, a series of community lists can be created. Statements are checked until a match is found. As soon as one statement is satisfied, the test is concluded.
Often many BGP neighbors are configured with the same update policies (that is, the same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and to make updating more efficient. When you have configured many peers, we recommend this approach.
To configure a BGP peer group, you create the peer group, assign options to the peer group, and add neighbors as peer group members. You configure the peer group by using the neighbor router configuration commands. By default, peer group members inherit all the configuration options of the peer group, including the remote-as (if configured), version, update-source, out-route-map, out-filter-list, out-dist-list, minimum-advertisement-interval, and next-hop-self. All peer group members also inherit changes made to the peer group. Members can also be configured to override the options that do not affect outbound updates.
Classless interdomain routing (CIDR) enables you to create aggregate routes (or supernets) to minimize the size of routing tables. You can configure aggregate routes in BGP either by redistributing an aggregate route into BGP or by creating an aggregate entry in the BGP routing table. An aggregate address is added to the BGP table when there is at least one more specific entry in the BGP table.
One way to reduce the IBGP mesh is to divide an autonomous system into multiple subautonomous systems and to group them into a single confederation that appears as a single autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other autonomous systems in the same confederation. Even though the peers in different autonomous systems have EBGP sessions, they exchange routing information as if they were IBGP peers. Specifically, the next hop, MED, and local preference information is preserved. You can then use a single IGP for all of the autonomous systems.
BGP requires that all of the IBGP speakers be fully meshed. When a router receives a route from an external neighbor, it must advertise it to all internal neighbors. To prevent a routing information loop, all IBPG speakers must be connected. The internal neighbors do not send routes learned from internal neighbors to other internal neighbors.
With route reflectors, all IBGP speakers need not be fully meshed because another method is used to pass learned routes to neighbors. When you configure an internal BGP peer to be a route reflector, it is responsible for passing IBGP learned routes to a set of IBGP neighbors. The internal peers of the route reflector are divided into two groups: client peers and nonclient peers (all the other routers in the autonomous system). A route reflector reflects routes between these two groups. The route reflector and its client peers form a cluster. The nonclient peers must be fully meshed with each other, but the client peers need not be fully meshed. The clients in the cluster do not communicate with IBGP speakers outside their cluster.
When the route reflector receives an advertised route, it takes one of these actions, depending on the neighbor:
A route from an external BGP speaker is advertised to all clients and nonclient peers.
A route from a nonclient peer is advertised to all clients.
A route from a client is advertised to all clients and nonclient peers. Hence, the clients need not be fully meshed.
Usually a cluster of clients have a single route reflector, and the cluster is identified by the route reflector router ID. To increase redundancy and to avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the same 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. All the route reflectors serving a cluster should be fully meshed and should have identical sets of client and nonclient peers.
Route flap dampening is a BGP feature designed to minimize the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then unavailable, and so on. When route dampening is enabled, a numeric penalty value is assigned to a route when it flaps. When a route’s accumulated penalties reach a configurable limit, BGP suppresses advertisements of the route, even if the route is running. The reuse limit is a configurable value that is compared with the penalty. If the penalty is less than the reuse limit, a suppressed route that is up is advertised again.
Dampening is not applied to routes that are learned by IBGP. This policy prevents the IBGP peers from having a higher penalty for routes external to the AS.
Routes that are advertised through the BGP are commonly aggregated to minimize the number of routes that are used and reduce the size of global routing tables. However, common route aggregation can obscure more specific routing information that is more accurate but not necessary to forward packets to their destinations. Routing accuracy is obscured by common route aggregation because a prefix that represents multiple addresses or hosts over a large topological area cannot be accurately reflected in a single route. Cisco software provides several methods by which you can originate a prefix into BGP. Prior to the BGP conditional route injection feature, the existing methods included redistribution and using the network or aggregate-address command. However, these methods assume the existence of more specific routing information (matching the route to be originated) in either the routing table or the BGP table.
BGP conditional route injection allows you to originate a prefix into a BGP routing table without the corresponding match. This feature allows more specific routes to be generated based on administrative policy or traffic engineering information in order to provide more specific control over the forwarding of packets to these more specific routes, which are injected into the BGP routing table only if the configured conditions are met. Enabling this feature will allow you to improve the accuracy of common route aggregation by conditionally injecting or replacing less specific prefixes with more specific prefixes. Only prefixes that are equal to or more specific than the original prefix may be injected. BGP conditional route injection is enabled with the bgp inject-map exist-map command and uses two route maps (inject map and exist map) to install one (or more) more specific prefixes into a BGP routing table. The exist map specifies the prefixes that the BGP speaker will track. The inject map defines the prefixes that will be created and installed into the local BGP table.
 Note |
Inject maps and exist maps will only match a single prefix per route map clause. To inject additional prefixes, you must configure additional route map clauses. If multiple prefixes are used, the first prefix matched will be used. |
To address some of the limitations of peer groups such as configuration management, BGP peer templates were introduced to support the BGP update group configuration.
A peer template is a configuration pattern that can be applied to neighbors that share policies. Peer templates are reusable and support inheritance, which allows the network operator to group and apply distinct neighbor configurations for BGP neighbors that share policies. Peer templates also allow the network operator to define very complex configuration patterns through the capability of a peer template to inherit a configuration from another peer template.
There are two types of peer templates:
Peer session templates are used to group and apply the configuration of general session commands that are common to all address family and NLRI configuration modes.
Peer policy templates are used to group and apply the configuration of commands that are applied within specific address families and NLRI configuration modes.
Peer templates improve the flexibility and enhance the capability of neighbor configuration. Peer templates also provide an alternative to peer group configuration and overcome some limitations of peer groups. BGP peer devices using peer templates also benefit from automatic update group configuration. With the configuration of the BGP peer templates and the support of the BGP dynamic update peer groups, the network operator no longer needs to configure peer groups in BGP and the network can benefit from improved configuration flexibility and faster convergence.
Note |
A BGP neighbor cannot be configured to work with both peer groups and peer templates. A BGP neighbor can be configured to belong only to a peer group or to inherit policies from peer templates. |
The following restrictions apply to the peer policy templates:
A peer policy template can directly or indirectly inherit up to eight peer policy templates.
A BGP neighbor cannot be configured to work with both peer groups and peer templates. A BGP neighbor can be configured to belong only to a peer group or to inherit policies only from peer templates.
The inheritance capability is a key component of peer template operation. Inheritance in a peer template is similar to node and tree structures commonly found in general computing, for example, file and directory trees. A peer template can directly or indirectly inherit the configuration from another peer template. The directly inherited peer template represents the tree in the structure. The indirectly inherited peer template represents a node in the tree. Because each node also supports inheritance, branches can be created that apply the configurations of all indirectly inherited peer templates within a chain back to the directly inherited peer template or the source of the tree.
This structure eliminates the need to repeat configuration statements that are commonly reapplied to groups of neighbors because common configuration statements can be applied once and then indirectly inherited by peer templates that are applied to neighbor groups with common configurations. Configuration statements that are duplicated separately within a node and a tree are filtered out at the source of the tree by the directly inherited template. A directly inherited template will overwrite any indirectly inherited statements that are duplicated in the directly inherited template.
Inheritance expands the scalability and flexibility of neighbor configuration by allowing you to chain together peer templates configurations to create simple configurations that inherit common configuration statements or complex configurations that apply very specific configuration statements along with common inherited configurations. Specific details about configuring inheritance in peer session templates and peer policy templates are provided in the following sections.
When BGP neighbors use inherited peer templates it can be difficult to determine which policies are associated with a specific template. The detail keyword of the show ip bgp template peer-policy command displays the detailed configuration of local and inherited policies associated with a specific template.
Peer session templates are used to group and apply the configuration of general session commands to groups of neighbors that share session configuration elements. General session commands that are common for neighbors that are configured in different address families can be configured within the same peer session template. Peer session templates are created and configured in peer session configuration mode. Only general session commands can be configured in a peer session template. The following general session commands are supported by peer session templates:
description
disable-connected-check
ebgp-multihop
exit peer-session
inherit peer-session
local-as
password
remote-as
shutdown
timers
translate-update
update-source
version
General session commands can be configured once in a peer session template and then applied to many neighbors through the direct application of a peer session template or through indirect inheritance from a peer session template. The configuration of peer session templates simplifies the configuration of general session commands that are commonly applied to all neighbors within an autonomous system.
Peer session templates support direct and indirect inheritance. A peer can be configured with only one peer session template at a time, and that peer session template can contain only one indirectly inherited peer session template.
Note |
If you attempt to configure more than one inherit statement with a single peer session template, an error message will be displayed. |
This behavior allows a BGP neighbor to directly inherit only one session template and indirectly inherit up to seven additional peer session templates. This allows you to apply up to a maximum of eight peer session configurations to a neighbor: the configuration from the directly inherited peer session template and the configurations from up to seven indirectly inherited peer session templates. Inherited peer session configurations are evaluated first and applied starting with the last node in the branch and ending with the directly applied peer session template configuration at the source of the tree. The directly applied peer session template will have priority over inherited peer session template configurations. Any configuration statements that are duplicated in inherited peer session templates will be overwritten by the directly applied peer session template. So, if a general session command is reapplied with a different value, the subsequent value will have priority and overwrite the previous value that was configured in the indirectly inherited template. The following examples illustrate the use of this feature.
In the following example, the general session command remote-as 1 is applied in the peer session template named SESSION-TEMPLATE-ONE:
template peer-session SESSION-TEMPLATE-ONE
remote-as 1
exit peer-session
Peer session templates support only general session commands. BGP policy configuration commands that are configured only for a specific address family or NLRI configuration mode are configured with peer policy templates.
Peer policy templates are used to group and apply the configuration of commands that are applied within specific address families and NLRI configuration mode. Peer policy templates are created and configured in peer policy configuration mode. BGP policy commands that are configured for specific address families are configured in a peer policy template. The following BGP policy commands are supported by peer policy templates:
advertisement-interval
allowas-in
as-override
capability
default-originate
distribute-list
dmzlink-bw
exit-peer-policy
filter-list
inherit peer-policy
maximum-prefix
next-hop-self
next-hop-unchanged
prefix-list
remove-private-as
route-map
route-reflector-client
send-community
send-label
soft-reconfiguration
unsuppress-map
weight
Peer policy templates are used to configure BGP policy commands that are configured for neighbors that belong to specific address families. Like peer session templates, peer policy templates are configured once and then applied to many neighbors through the direct application of a peer policy template or through inheritance from peer policy templates. The configuration of peer policy templates simplifies the configuration of BGP policy commands that are applied to all neighbors within an autonomous system.
Like a peer session template, a peer policy template supports inheritance. However, there are minor differences. A directly applied peer policy template can directly or indirectly inherit configurations from up to seven peer policy templates. So, a total of eight peer policy templates can be applied to a neighbor or neighbor group. Like route maps, inherited peer policy templates are configured with sequence numbers. Also like a route map, an inherited peer policy template is evaluated starting with the inherit peer-policy statement with the lowest sequence number and ending with the highest sequence number. However, there is a difference; a peer policy template will not collapse like a route map. Every sequence is evaluated, and if a BGP policy command is reapplied with a different value, it will overwrite any previous value from a lower sequence number.
The directly applied peer policy template and the inherit peer-policy statement with the highest sequence number will always have priority and be applied last. Commands that are reapplied in subsequent peer templates will always overwrite the previous values. This behavior is designed to allow you to apply common policy configurations to large neighbor groups and specific policy configurations only to certain neighbors and neighbor groups without duplicating individual policy configuration commands.
Peer policy templates support only policy configuration commands. BGP policy configuration commands that are configured only for specific address families are configured with peer policy templates.
The configuration of peer policy templates simplifies and improves the flexibility of BGP configuration. A specific policy can be configured once and referenced many times. Because a peer policy supports up to eight levels of inheritance, very specific and very complex BGP policies can also be created.
The BGP Route Map Next Hop Self feature provides a way to override the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath selectively. These settings are global for an address family. For some routes this may not be appropriate. For example, static routes may need to be redistributed with a next hop of self, but connected routes and routes learned via Interior Border Gateway Protocol (IBGP) or Exterior Border Gateway Protocol (EBGP) may continue to be redistributed with an unchanged next hop.
The BGP route map next hop self functionality modifies the existing route map infrastructure to configure a new ip next-hop self setting, which overrides the bgp next-hop unchanged and bgp next-hop unchanged allpaths settings.
The ip next-hop self setting is applicable only to VPNv4 and VPNv6 address families. Routes distributed by protocols other than BGP are not affected.
You configure a new bgp route-map priority setting to inform BGP that the route map will take priority over the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath. The bgp route-map priority setting only impacts BGP. The bgp route-map priority setting has no impact unless you configure the bgp next-hop unchanged or bgp next-hop unchanged allpaths settings.
The following sections provide configurational information about BGP.
The table given below shows the basic default BGP configuration.
|
Feature |
Default Setting |
|---|---|
|
Aggregate address |
Disabled: None defined. |
|
AS path access list |
None defined. |
|
Auto summary |
Disabled. |
|
Best path |
|
|
BGP community list |
|
|
BGP confederation identifier/peers |
|
|
BGP Fast external fallover |
Enabled. |
|
BGP local preference |
100. The range is 0 to 4294967295 with the higher value preferred. |
|
BGP network |
None specified; no backdoor route advertised. |
|
BGP route dampening |
Disabled by default. When enabled:
|
|
BGP router ID |
The IP address of a loopback interface if one is configured or the highest IP address configured for a physical interface on the router. |
|
Default information originate (protocol or network redistribution) |
Disabled. |
|
Default metric |
Built-in, automatic metric translations. |
|
Distance |
|
|
Distribute list |
|
|
Internal route redistribution |
Disabled. |
|
IP prefix list |
None defined. |
|
Multi exit discriminator (MED) |
|
|
Neighbor |
|
|
NSF1 Awareness |
Disabled2. If enabled, allows Layer 3 switches to continue forwarding packets from a neighboring NSF-capable router during hardware or software changes. |
|
Route reflector |
None configured. |
|
Synchronization (BGP and IGP) |
Disabled. |
|
Table map update |
Disabled. |
|
Timers |
Keepalive: 60 seconds; holdtime: 180 seconds. |
Note |
To enable BGP, the standalone switch or active switch must be running the Network Advantage license. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
ip routing Example: |
Enables IP routing. |
|
Step 4 |
router bgp autonomous-system Example: |
Enables a BGP routing process, assign it an AS number, and enter router configuration mode. The AS number can be from 1 to 65535, with 64512 to 65535 designated as private autonomous numbers. |
|
Step 5 |
network network-number [mask network-mask] [route-map route-map-name] Example: |
Configures a network as local to this AS, and enter it in the BGP table. |
|
Step 6 |
neighbor {ip-address | peer-group-name} remote-as number Example: |
Adds an entry to the BGP neighbor table specifying that the neighbor identified by the IP address belongs to the specified AS. For EBGP, neighbors are usually directly connected, and the IP address is the address of the interface at the other end of the connection. For IBGP, the IP address can be the address of any of the router interfaces. |
|
Step 7 |
neighbor {ip-address | peer-group-name} remove-private-as Example: |
(Optional) Removes private AS numbers from the AS-path in outbound routing updates. |
|
Step 8 |
synchronization Example: |
(Optional) Enables synchronization between BGP and an IGP. |
|
Step 9 |
auto-summary Example: |
(Optional) Enables automatic network summarization. When a subnet is redistributed from an IGP into BGP, only the network route is inserted into the BGP table. |
|
Step 10 |
bgp graceful-restart Example: |
(Optional) Enables NSF awareness on switch. By default, NSF awareness is disabled. |
|
Step 11 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 12 |
show ip bgp network network-number Example: |
Verifies the configuration. |
|
Step 13 |
show ip bgp neighbor Example: |
Verifies that NSF awareness (Graceful Restart) is enabled on the neighbor. If NSF awareness is enabled on the switch and the neighbor, this message appears: Graceful Restart Capability: advertised and received If NSF awareness is enabled on the switch, but not on the neighbor, this message appears: Graceful Restart Capability: advertised |
|
Step 14 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
To learn if a BGP peer supports the route refresh capability and to reset the BGP session:
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
show ip bgp neighbors Example: |
Displays whether a neighbor supports the route refresh capability. When supported, this message appears for the router: Received route refresh capability from peer. |
|
Step 2 |
clear ip bgp {* | address | peer-group-name} Example: |
Resets the routing table on the specified connection.
|
|
Step 3 |
clear ip bgp {* | address | peer-group-name} soft out Example: |
(Optional) Performs an outbound soft reset to reset the inbound routing table on the specified connection. Use this command if route refresh is supported.
|
|
Step 4 |
show ip bgp Example: |
Verifies the reset by checking information about the routing table and about BGP neighbors. |
|
Step 5 |
show ip bgp neighbors Example: |
Verifies the reset by checking information about the routing table and about BGP neighbors. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system Example: |
Enables a BGP routing process, assign it an AS number, and enter router configuration mode. |
|
Step 4 |
bgp best-path as-path ignore Example: |
(Optional) Configures the router to ignore AS path length in selecting a route. |
|
Step 5 |
neighbor {ip-address | peer-group-name} next-hop-self Example: |
(Optional) Disables next-hop processing on BGP updates to a neighbor by entering a specific IP address to be used instead of the next-hop address. |
|
Step 6 |
neighbor {ip-address | peer-group-name} weight weight Example: |
(Optional) Assign a weight to a neighbor connection. Acceptable values are from 0 to 65535; the largest weight is the preferred route. Routes learned through another BGP peer have a default weight of 0; routes sourced by the local router have a default weight of 32768. |
|
Step 7 |
default-metric number Example: |
(Optional) Sets a MED metric to set preferred paths to external neighbors. All routes without a MED will also be set to this value. The range is 1 to 4294967295. The lowest value is the most desirable. |
|
Step 8 |
bgp bestpath med missing-as-worst Example: |
(Optional) Configures the switch to consider a missing MED as having a value of infinity, making the path without a MED value the least desirable path. |
|
Step 9 |
bgp always-compare med Example: |
(Optional) Configures the switch to compare MEDs for paths from neighbors in different autonomous systems. By default, MED comparison is only done among paths in the same AS. |
|
Step 10 |
bgp bestpath med confed Example: |
(Optional) Configures the switch to consider the MED in choosing a path from among those advertised by different subautonomous systems within a confederation. |
|
Step 11 |
bgp deterministic med Example: |
(Optional) Configures the switch to consider the MED variable when choosing among routes advertised by different peers in the same AS. |
|
Step 12 |
bgp default local-preference value Example: |
(Optional) Change the default local preference value. The range is 0 to 4294967295; the default value is 100. The highest local preference value is preferred. |
|
Step 13 |
maximum-paths number Example: |
(Optional) Configures the number of paths to be added to the IP routing table. The default is to only enter the best path in the routing table. The range is from 1 to 16. Having multiple paths allows load-balancing among the paths. (Although the switch software allows a maximum of 32 equal-cost routes, the switch hardware will never use more than 16 paths per route.) |
|
Step 14 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 15 |
show ip bgp Example: |
Verifies the reset by checking information about the routing table and about BGP neighbors. |
|
Step 16 |
show ip bgp neighbors Example: |
Verifies the reset by checking information about the routing table and about BGP neighbors. |
|
Step 17 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
route-map map-tag [permit | deny] [sequence-number] Example: |
Creates a route map, and enter route-map configuration mode. |
|
Step 4 |
set ip next-hop ip-address [...ip-address] [peer-address] Example: |
(Optional) Sets a route map to disable next-hop processing
|
|
Step 5 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 6 |
show route-map [map-name] Example: |
Displays all route maps configured or only the one specified to verify configuration. |
|
Step 7 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
router bgp autonomous-system Example: |
Enables a BGP routing process, assign it an AS number, and enter router configuration mode. |
||
|
Step 4 |
neighbor {ip-address | peer-group name} distribute-list { access-list-number | name} {in | out} Example: |
(Optional) Filters BGP routing updates to or from neighbors as specified in an access list.
|
||
|
Step 5 |
neighbor {ip-address | peer-group name} route-map map-tag {in | out} Example: |
(Optional) Applies a route map to filter an incoming or outgoing route. |
||
|
Step 6 |
end Example: |
Returns to privileged EXEC mode. |
||
|
Step 7 |
show ip bgp neighbors Example: |
Verifies the configuration. |
||
|
Step 8 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
Another method of filtering is to specify an access list filter on both incoming and outbound updates, based on the BGP autonomous system paths. Each filter is an access list based on regular expressions. To use this method, define an autonomous system path access list, and apply it to updates to and from particular neighbors.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
ip as-path access-list access-list-number {permit | deny} as-regular-expressions Example: |
Defines a BGP-related access list. |
|
Step 4 |
router bgp autonomous-system Example: |
Enters BGP router configuration mode. |
|
Step 5 |
neighbor {ip-address | peer-group name} filter-list {access-list-number | name} {in | out | weight weight} Example: |
Establishes a BGP filter based on an access list. |
|
Step 6 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 7 |
show ip bgp neighbors [paths regular-expression] Example: |
Verifies the configuration. |
|
Step 8 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
You do not need to specify a sequence number when removing a configuration entry. Show commands include the sequence numbers in their output.
Before using a prefix list in a command, you must set up the prefix list.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
ip prefix-list list-name [seq seq-value] deny | permit network/len [ge ge-value] [le le-value] Example: |
Creates a prefix list with an optional sequence number to deny or permit access for matching conditions. You must enter at least one permit or deny clause.
|
|
Step 4 |
ip prefix-list list-name seq seq-value deny | permit network/len [ge ge-value] [le le-value] Example: |
(Optional) Adds an entry to a prefix list, and assign a sequence number to the entry. |
|
Step 5 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 6 |
show ip prefix list [detail | summary] name [network/len] [seq seq-num] [longer] [first-match] Example: |
Verifies the configuration by displaying information about a prefix list or prefix list entries. |
|
Step 7 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
By default, no COMMUNITIES attribute is sent to a neighbor. You can specify that the COMMUNITIES attribute be sent to the neighbor at an IP address by using the neighbor send-community router configuration command.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
ip community-list community-list-number {permit | deny} community-number Example: |
Creates a community list, and assigns it a number.
|
|
Step 4 |
router bgp autonomous-system Example: |
Enters BGP router configuration mode. |
|
Step 5 |
neighbor {ip-address | peer-group name} send-community Example: |
Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address. |
|
Step 6 |
set comm-list list-num delete Example: |
(Optional) Removes communities from the community attribute of an inbound or outbound update that match a standard or extended community list specified by a route map. |
|
Step 7 |
exit Example: |
Returns to global configuration mode. |
|
Step 8 |
ip bgp-community new-format Example: |
(Optional) Displays and parses BGP communities in the format AA:NN. A BGP community is displayed in a two-part format 2 bytes long. The Cisco default community format is in the format NNAA. In the most recent RFC for BGP, a community takes the form AA:NN, where the first part is the AS number and the second part is a 2-byte number. |
|
Step 9 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 10 |
show ip bgp community Example: |
Verifies the configuration. |
|
Step 11 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
To assign configuration options to an individual neighbor, specify any of these router configuration commands by using the neighbor IP address. To assign the options to a peer group, specify any of the commands by using the peer group name. You can disable a BGP peer or peer group without removing all the configuration information by using the neighbor shutdown router configuration command.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system |
Enters BGP router configuration mode. |
|
Step 4 |
neighbor peer-group-name peer-group |
Creates a BGP peer group. |
|
Step 5 |
neighbor ip-address peer-group peer-group-name |
Makes a BGP neighbor a member of the peer group. |
|
Step 6 |
neighbor {ip-address | peer-group-name} remote-as number |
Specifies a BGP neighbor. If a peer group is not configured with a remote-as number , use this command to create peer groups containing EBGP neighbors. The range is 1 to 65535. |
|
Step 7 |
neighbor {ip-address | peer-group-name} description text |
(Optional) Associates a description with a neighbor. |
|
Step 8 |
neighbor {ip-address | peer-group-name} default-originate [route-map map-name] |
(Optional) Allows a BGP speaker (the local router) to send the default route 0.0.0.0 to a neighbor for use as a default route. |
|
Step 9 |
neighbor {ip-address | peer-group-name} send-community |
(Optional) Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address. |
|
Step 10 |
neighbor {ip-address | peer-group-name} update-source interface |
(Optional) Allows internal BGP sessions to use any operational interface for TCP connections. |
|
Step 11 |
neighbor {ip-address | peer-group-name} ebgp-multihop |
(Optional) Allows BGP sessions, even when the neighbor is not on a directly connected segment. The multihop session is not established if the only route to the multihop peer’s address is the default route (0.0.0.0). |
|
Step 12 |
neighbor {ip-address | peer-group-name} local-as number |
(Optional) Specifies an AS number to use as the local AS. The range is 1 to 65535. |
|
Step 13 |
neighbor {ip-address | peer-group-name} advertisement-interval seconds |
(Optional) Sets the minimum interval between sending BGP routing updates. |
|
Step 14 |
neighbor {ip-address | peer-group-name} maximum-prefix maximum [threshold] |
(Optional) Controls how many prefixes can be received from a neighbor. The range is 1 to 4294967295. The threshold (optional) is the percentage of maximum at which a warning message is generated. The default is 75 percent. |
|
Step 15 |
neighbor {ip-address | peer-group-name} next-hop-self |
(Optional) Disables next-hop processing on the BGP updates to a neighbor. |
|
Step 16 |
neighbor {ip-address | peer-group-name} password string |
(Optional) Sets MD5 authentication on a TCP connection to a BGP peer. The same password must be configured on both BGP peers, or the connection between them is not made. |
|
Step 17 |
neighbor {ip-address | peer-group-name} route-map map-name {in | out} |
(Optional) Applies a route map to incoming or outgoing routes. |
|
Step 18 |
neighbor {ip-address | peer-group-name} send-community |
(Optional) Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address. |
|
Step 19 |
neighbor {ip-address | peer-group-name} timers keepalive holdtime |
(Optional) Sets timers for the neighbor or peer group.
|
|
Step 20 |
neighbor {ip-address | peer-group-name} weight weight |
(Optional) Specifies a weight for all routes from a neighbor. |
|
Step 21 |
neighbor {ip-address | peer-group-name} distribute-list {access-list-number | name} {in | out} |
(Optional) Filter BGP routing updates to or from neighbors, as specified in an access list. |
|
Step 22 |
neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out | weight weight} |
(Optional) Establish a BGP filter. |
|
Step 23 |
neighbor {ip-address | peer-group-name} version value |
(Optional) Specifies the BGP version to use when communicating with a neighbor. |
|
Step 24 |
neighbor {ip-address | peer-group-name} soft-reconfiguration inbound |
(Optional) Configures the software to start storing received updates. |
|
Step 25 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 26 |
show ip bgp neighbors |
Verifies the configuration. |
|
Step 27 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system Example: |
Enters BGP router configuration mode. |
|
Step 4 |
aggregate-address address mask Example: |
Creates an aggregate entry in the BGP routing table. The aggregate route is advertised as coming from the AS, and the atomic aggregate attribute is set to indicate that information might be missing. |
|
Step 5 |
aggregate-address address mask as-set Example: |
(Optional) Generates AS set path information. This command creates an aggregate entry following the same rules as the previous command, but the advertised path will be an AS_SET consisting of all elements contained in all paths. Do not use this keyword when aggregating many paths because this route must be continually withdrawn and updated. |
|
Step 6 |
aggregate-address address-mask summary-only Example: |
(Optional) Advertises summary addresses only. |
|
Step 7 |
aggregate-address address mask suppress-map map-name Example: |
(Optional) Suppresses selected, more specific routes. |
|
Step 8 |
aggregate-address address mask advertise-map map-name Example: |
(Optional) Generates an aggregate based on conditions specified by the route map. |
|
Step 9 |
aggregate-address address mask attribute-map map-name Example: |
(Optional) Generates an aggregate with attributes specified in the route map. |
|
Step 10 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 11 |
show ip bgp neighbors [advertised-routes] Example: |
Verifies the configuration. |
|
Step 12 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
You must specify a confederation identifier that acts as the autonomous system number for the group of autonomous systems.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system Example: |
Enters BGP router configuration mode. |
|
Step 4 |
bgp confederation identifier autonomous-system Example: |
Configures a BGP confederation identifier. |
|
Step 5 |
bgp confederation peers autonomous-system [autonomous-system ...] Example: |
Specifies the autonomous systems that belong to the confederation and that will be treated as special EBGP peers. |
|
Step 6 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 7 |
show ip bgp neighbor Example: |
Verifies the configuration. |
|
Step 8 |
show ip bgp network Example: |
Verifies the configuration. |
|
Step 9 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system Example: |
Enters BGP router configuration mode. |
|
Step 4 |
neighbor {ip-address | peer-group-name} route-reflector-client Example: |
Configures the local router as a BGP route reflector and the specified neighbor as a client. |
|
Step 5 |
bgp cluster-id cluster-id Example: |
(Optional) Configures the cluster ID if the cluster has more than one route reflector. |
|
Step 6 |
no bgp client-to-client reflection Example: |
(Optional) Disables client-to-client route reflection. By default, the routes from a route reflector client are reflected to other clients. However, if the clients are fully meshed, the route reflector does not need to reflect routes to clients. |
|
Step 7 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 8 |
show ip bgp Example: |
Verifies the configuration. Displays the originator ID and the cluster-list attributes. |
|
Step 9 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system Example: |
Enters BGP router configuration mode. |
|
Step 4 |
bgp dampening Example: |
Enables BGP route dampening. |
|
Step 5 |
bgp dampening half-life reuse suppress max-suppress [route-map map] Example: |
(Optional) Changes the default values of route dampening factors. |
|
Step 6 |
end Example: |
Returns to privileged EXEC mode. |
|
Step 7 |
show ip bgp flap-statistics [{regexp regexp} | {filter-list list} | {address mask [longer-prefix]}] Example: |
(Optional) Monitors the flaps of all paths that are flapping. The statistics are deleted when the route is not suppressed and is stable. |
|
Step 8 |
show ip bgp dampened-paths Example: |
(Optional) Displays the dampened routes, including the time remaining before they are suppressed. |
|
Step 9 |
clear ip bgp flap-statistics [{regexp regexp} | {filter-list list} | {address mask [longer-prefix]} Example: |
(Optional) Clears BGP flap statistics to make it less likely that a route will be dampened. |
|
Step 10 |
clear ip bgp dampening Example: |
(Optional) Clears route dampening information, and unsuppress the suppressed routes. |
|
Step 11 |
copy running-config startup-config Example: |
(Optional) Saves your entries in the configuration file. |
Use this task to inject more specific prefixes into a BGP routing table over less specific prefixes that were selected through normal route aggregation. These more specific prefixes can be used to provide a finer granularity of traffic engineering or administrative control than is possible with aggregated routes.
This task assumes that the IGP is already configured for the BGP peers.
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode for the specified routing process. |
||
|
Step 4 |
bgp inject-map inject-map-name exist-map exist-map-name [copy-attributes ] Example: |
Specifies the inject map and the exist map for conditional route injection.
|
||
|
Step 5 |
exit Example: |
Exits router configuration mode and enters global configuration mode. |
||
|
Step 6 |
route-map map-tag [permit | deny ] [sequence-number ] Example: |
Configures a route map and enters route map configuration mode. |
||
|
Step 7 |
match ip address {access-list-number [access-list-number ... | access-list-name ...] | access-list-name [access-list-number ... | access-list-name ] | prefix-list prefix-list-name [prefix-list-name ...]} Example: |
Specifies the aggregate route to which a more specific route will be injected.
|
||
|
Step 8 |
match ip route-source {access-list-number | access-list-name } [access-list-number ...| access-list-name ...] Example: |
Specifies the match conditions for redistributing the source of the route.
|
||
|
Step 9 |
exit Example: |
Exits route map configuration mode and enters global configuration mode. |
||
|
Step 10 |
route-map map-tag [permit | deny ] [sequence-number ] Example: |
Configures a route map and enters route map configuration mode. |
||
|
Step 11 |
set ip address {access-list-number [access-list-number ... | access-list-name ...] | access-list-name [access-list-number... | access-list-name ] | prefix-list prefix-list-name [prefix-list-name ...]} Example: |
Specifies the routes to be injected. In this example, the prefix list named originated_routes is used to redistribute the source of the route. |
||
|
Step 12 |
set community {community-number [additive ] [well-known-community ] | none } Example: |
Sets the BGP community attribute of the injected route. |
||
|
Step 13 |
exit Example: |
Exits route map configuration mode and enters global configuration mode. |
||
|
Step 14 |
ip prefix-list list-name [seq seq-value ] {deny network / length | permit network / length } [ge ge-value ] [le le-value ] Example: |
Configures a prefix list. In this example, the prefix list named SOURCE is configured to permit routes from network 10.1.1.0/24. |
||
|
Step 15 |
Repeat Step 14 for every prefix list to be created. |
-- |
||
|
Step 16 |
exit Example: |
Exits global configuration mode and returns to privileged EXEC mode. |
||
|
Step 17 |
show ip bgp injected-paths Example: |
(Optional) Displays information about injected paths. |
Use the following tasks to create and configure a peer session template:
Perform this task to create a basic peer session template with general BGP routing session commands that can be applied to many neighbors using one of the next two tasks.
Note |
The commands in Step 5 and 6 are optional and could be replaced with any supported general session commands. |
Note |
The following restrictions apply to the peer session templates:
|
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
||
|
Step 4 |
template peer-session session-template-name Example: |
Enters session-template configuration mode and creates a peer session template. |
||
|
Step 5 |
remote-as autonomous-system-number Example: |
(Optional) Configures peering with a remote neighbor in the specified autonomous system.
|
||
|
Step 6 |
timers keepalive-interval hold-time Example: |
(Optional) Configures BGP keepalive and hold timers. The hold time must be at least twice the keepalive time.
|
||
|
Step 7 |
end Example: |
Exits session-template configuration mode and returns to privileged EXEC mode. |
||
|
Step 8 |
show ip bgp template peer-session [session-template-name ] Example: |
Displays locally configured peer session templates. The output can be filtered to display a single peer policy template with the session-template-name argument. This command also supports all standard output modifiers. |
This task configures peer session template inheritance with the inherit peer-session command. It creates and configures a peer session template and allows it to inherit a configuration from another peer session template.
Note |
The commands in Steps 5 and 6 are optional and could be replaced with any supported general session commands. |
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
||
|
Step 4 |
template peer-session session-template-name Example: |
Enter session-template configuration mode and creates a peer session template. |
||
|
Step 5 |
description text-string Example: |
(Optional) Configures a description. The text string can be up to 80 characters.
|
||
|
Step 6 |
update-source interface-type interface-number Example: |
(Optional) Configures a router to select a specific source or interface to receive routing table updates. The example uses a loopback interface. The advantage to this configuration is that the loopback interface is not as susceptible to the effects of a flapping interface.
|
||
|
Step 7 |
inherit peer-session session-template-name Example: |
Configures this peer session template to inherit the configuration of another peer session template. The example configures this peer session template to inherit the configuration from INTERNAL-BGP. This template can be applied to a neighbor, and the configuration INTERNAL-BGP will be applied indirectly. No additional peer session templates can be directly applied. However, the directly inherited template can contain up to seven indirectly inherited peer session templates. |
||
|
Step 8 |
end Example: |
Exits session-template configuration mode and enters privileged EXEC mode. |
||
|
Step 9 |
show ip bgp template peer-session [session-template-name ] Example: |
Displays locally configured peer session templates. The output can be filtered to display a single peer policy template with the optional session-template-name argument. This command also supports all standard output modifiers. |
This task configures a device to send a peer session template to a neighbor to inherit the configuration from the specified peer session template with the neighbor inherit peer-session command. Use the following steps to send a peer session template configuration to a neighbor to inherit.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
|
Step 4 |
neighbor ip-address remote-as autonomous-system-number Example: |
Configures a peering session with the specified neighbor. The explicit remote-as statement is required for the neighbor inherit statement in Step 5 to work. If a peering is not configured, the specified neighbor in Step 5 will not accept the session template. |
|
Step 5 |
neighbor ip-address inherit peer-session session-template-name Example: |
Sends a peer session template to a neighbor so that the neighbor can inherit the configuration. The example configures a device to send the peer session template named CORE1 to the 172.16.0.1 neighbor to inherit. This template can be applied to a neighbor, and if another peer session template is indirectly inherited in CORE1, the indirectly inherited configuration will also be applied. No additional peer session templates can be directly applied. However, the directly inherited template can also inherit up to seven additional indirectly inherited peer session templates. |
|
Step 6 |
end Example: |
Exits router configuration mode and enters privileged EXEC mode. |
|
Step 7 |
show ip bgp template peer-session [session-template-name ] Example: |
Displays locally configured peer session templates. The output can be filtered to display a single peer policy template with the optional session-template-name argument. This command also supports all standard output modifiers. |
Use the following tasks to create and configure a peer policy template:
Perform this task to create a basic peer policy template with BGP policy configuration commands that can be applied to many neighbors using one of the next two tasks.
Note |
The commands in Steps 5 through 7 are optional and could be replaced with any supported BGP policy configuration commands. |
Note |
The following restrictions apply to the peer policy templates:
|
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
||
|
Step 4 |
template peer-policy policy-template-name Example: |
Enters policy-template configuration mode and creates a peer policy template. |
||
|
Step 5 |
maximum-prefix prefix-limit [threshold ] [restart restart-interval | warning-only ] Example: |
(Optional) Configures the maximum number of prefixes that a neighbor will accept from this peer.
|
||
|
Step 6 |
weight weight-value Example: |
(Optional) Sets the default weight for routes that are sent from this neighbor.
|
||
|
Step 7 |
prefix-list prefix-list-name {in | out } Example: |
(Optional) Filters prefixes that are received by the router or sent from the router. The prefix list in the example filters inbound internal addresses.
|
||
|
Step 8 |
end Example: |
Exits policy-template configuration mode and returns to privileged EXEC mode. |
This task configures peer policy template inheritance using the inherit peer-policy command. It creates and configure a peer policy template and allows it to inherit a configuration from another peer policy template.
Note |
The commands in Steps 5 and 6 are optional and could be replaced with any supported BGP policy configuration commands. |
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
||
|
Step 4 |
template peer-policy policy-template-name Example: |
Enter policy-template configuration mode and creates a peer policy template. |
||
|
Step 5 |
route-map map-name {in | out } Example: |
(Optional) Applies the specified route map to inbound or outbound routes.
|
||
|
Step 6 |
inherit peer-policy policy-template-name sequence-number Example: |
Configures the peer policy template to inherit the configuration of another peer policy template.
|
||
|
Step 7 |
end Example: |
Exits policy-template configuration mode and returns to privileged EXEC mode. |
||
|
Step 8 |
show ip bgp template peer-policy [policy-template-name [detail ]] Example: |
Displays locally configured peer policy templates.
|
The following sample output of the show ip bgp template peer-policy command with the detail keyword displays details of the policy named NETWORK1. The output in this example shows that the GLOBAL template was inherited. Details of route map and prefix list configurations are also displayed.
Device# show ip bgp template peer-policy NETWORK1 detail
Template:NETWORK1, index:2.
Local policies:0x1, Inherited polices:0x80840
This template inherits:
GLOBAL, index:1, seq_no:10, flags:0x1
Locally configured policies:
route-map ROUTE in
Inherited policies:
prefix-list NO-MARKETING in
weight 300
maximum-prefix 10000
Template:NETWORK1 <detail>
Locally configured policies:
route-map ROUTE in
route-map ROUTE, permit, sequence 10
Match clauses:
ip address prefix-lists: DEFAULT
ip prefix-list DEFAULT: 1 entries
seq 5 permit 10.1.1.0/24
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Inherited policies:
prefix-list NO-MARKETING in
ip prefix-list NO-MARKETING: 1 entries
seq 5 deny 10.2.2.0/24This task configures a device to send a peer policy template to a neighbor to inherit using the neighbor inherit peer-policy command. Perform the following steps to send a peer policy template configuration to a neighbor to inherit.
When BGP neighbors use multiple levels of peer templates, it can be difficult to determine which policies are applied to the neighbor. The policy and detail keywords of the show ip bgp neighbors command display the inherited policies and policies configured directly on the specified neighbor.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
|
Step 4 |
neighbor ip-address remote-as autonomous-system-number Example: |
Configures a peering session with the specified neighbor.
|
|
Step 5 |
address-family ipv4 [multicast | unicast | vrf vrf-name ] Example: |
Enters address family configuration mode to configure a neighbor to accept address family-specific command configurations. |
|
Step 6 |
neighbor ip-address inherit peer-policy policy-template-name Example: |
Sends a peer policy template to a neighbor so that the neighbor can inherit the configuration. The example configures a router to send the peer policy template named GLOBAL to the 192.168.1.2 neighbor to inherit. This template can be applied to a neighbor, and if another peer policy template is indirectly inherited from GLOBAL, the indirectly inherited configuration will also be applied. Up to seven additional peer policy templates can be indirectly inherited from GLOBAL. |
|
Step 7 |
end Example: |
Exits address family configuration mode and returns to privileged EXEC mode. |
|
Step 8 |
show ip bgp neighbors [ip-address [policy [detail ]]] Example: |
Displays locally configured peer policy templates.
|
The following sample output shows the policies applied to the neighbor at 192.168.1.2. The output displays both inherited policies and policies configured on the neighbor device. Inherited polices are policies that the neighbor inherits from a peer-group or a peer-policy template.
Device# show ip bgp neighbors 192.168.1.2 policy
Neighbor: 192.168.1.2, Address-Family: IPv4 Unicast
Locally configured policies:
route-map ROUTE in
Inherited polices:
prefix-list NO-MARKETING in
route-map ROUTE in
weight 300
maximum-prefix 10000Perform this task to modify the existing route map by adding the ip next-hop self setting and overriding the bgp next-hop unchanged and bgp next-hop unchanged allpaths settings.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
route-map map-tag permit sequence-number Example: |
Defines conditions for redistributing routes from one routing protocol to another routing protocol and enters route-map configuration mode. |
|
Step 4 |
match source-protocol source-protocol Example: |
Matches Enhanced Interior Gateway Routing Protocol (EIGRP) external routes based on a source protocol. |
|
Step 5 |
set ip next-hop self Example: |
Configure local routes (for BGP only) with next hop of self. |
|
Step 6 |
exit Example: |
Exits route-map configuration mode and enters global configuration mode. |
|
Step 7 |
route-map map-tag permit sequence-number Example: |
Defines conditions for redistributing routes from one routing protocol to another routing protocol and enters route-map configuration mode. |
|
Step 8 |
match route-type internal Example: |
Redistributes routes of the specified type. |
|
Step 9 |
match route-type external Example: |
Redistributes routes of the specified type. |
|
Step 10 |
match source-protocol source-protocol Example: |
Matches Enhanced Interior Gateway Routing Protocol (EIGRP) external routes based on a source protocol. |
|
Step 11 |
exit Example: |
Exits route-map configuration mode and enters global configuration mode. |
|
Step 12 |
router bgp autonomous-system-number Example: |
Enters router configuration mode and creates a BGP routing process. |
|
Step 13 |
neighbor {ip-address | ipv6-address | peer-group-name} remote-as autonomous-system-number Example: |
Adds an entry to the BGP or multiprotocol BGP neighbor table. |
|
Step 14 |
address-family vpnv4 Example: |
Specifies the VPNv4 address family and enters address family configuration mode. |
|
Step 15 |
neighbor {ip-address | ipv6-address | peer-group-name} activate Example: |
Enables the exchange of information with a Border Gateway Protocol (BGP) neighbor. |
|
Step 16 |
neighbor {ip-address | ipv6-address | peer-group-name} next-hop unchanged allpaths Example: |
Enables an external EBGP peer that is configured as multihop to propagate the next hop unchanged. |
|
Step 17 |
neighbor {ip-address | ipv6-address | peer-group-name} route-map map-name out Example: |
Applies a route map to an outgoing route. |
|
Step 18 |
exit Example: |
Exits address family configuration mode and enters router configuration mode. |
|
Step 19 |
address-family ipv4 [unicast | multicast | vrf vrf-name ] Example: |
Specifies the IPv4 address family and enters address family configuration mode. |
|
Step 20 |
bgp route-map priority Example: |
Configures the route map priority for the local BGP routing process |
|
Step 21 |
redistribute protocol Example: |
Redistributes routes from one routing domain into another routing domain. |
|
Step 22 |
redistribute protocol Example: |
Redistributes routes from one routing domain into another routing domain. |
|
Step 23 |
exit-address-family Example: |
Exits address family configuration mode and enters router configuration mode . |
|
Step 24 |
end Example: |
Exits router configuration mode and enters privileged EXEC mode. |
The following sections provide configuration examples for BGP.
The following sample output is similar to the output that will be displayed when the show ip bgp injected-paths command is entered:
Device# show ip bgp injected-paths
BGP table version is 11, local router ID is 10.0.0.1
Status codes:s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes:i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.0.0 10.0.0.2 0 ?
*> 172.17.0.0/16 10.0.0.2 0 ?The following example creates a peer session template named INTERNAL-BGP in session-template configuration mode:
router bgp 45000
template peer-session INTERNAL-BGP
remote-as 50000
timers 30 300
exit-peer-session
The following example creates a peer session template named CORE1. This example inherits the configuration of the peer session template named INTERNAL-BGP.
router bgp 45000
template peer-session CORE1
description CORE-123
update-source loopback 1
inherit peer-session INTERNAL-BGP
exit-peer-session
The following example configures the 192.168.3.2 neighbor to inherit the CORE1 peer session template. The 192.168.3.2 neighbor will also indirectly inherit the configuration from the peer session template named INTERNAL-BGP. The explicit remote-as statement is required for the neighbor inherit statement to work. If a peering is not configured, the specified neighbor will not accept the session template.
router bgp 45000
neighbor 192.168.3.2 remote-as 50000
neighbor 192.168.3.2 inherit peer-session CORE1The following example creates a peer policy template named GLOBAL and enters policy-template configuration mode:
router bgp 45000
template peer-policy GLOBAL
weight 1000
maximum-prefix 5000
prefix-list NO_SALES in
exit-peer-policy
The following example creates a peer policy template named PRIMARY-IN and enters policy-template configuration mode:
router bgp 45000
template peer-policy PRIMARY-IN
prefix-list ALLOW-PRIMARY-A in
route-map SET-LOCAL in
weight 2345
default-originate
exit-peer-policy
The following example creates a peer policy template named CUSTOMER-A. This peer policy template is configured to inherit the configuration from the peer policy templates named PRIMARY-IN and GLOBAL.
router bgp 45000
template peer-policy CUSTOMER-A
route-map SET-COMMUNITY in
filter-list 20 in
inherit peer-policy PRIMARY-IN 20
inherit peer-policy GLOBAL 10
exit-peer-policy
The following example configures the 192.168.2.2 neighbor in address family mode to inherit the peer policy template named CUSTOMER-A. Assuming this example is a continuation of the example above, because the peer policy template named CUSTOMER-A above inherited the configuration from the templates named PRIMARY-IN and GLOBAL, the 192.168.2.2 neighbor will also indirectly inherit the peer policy templates named PRIMARY-IN and GLOBAL.
router bgp 45000
neighbor 192.168.2.2 remote-as 50000
address-family ipv4 unicast
neighbor 192.168.2.2 inherit peer-policy CUSTOMER-A
endThis section contains an example of how to configure BGP Route Map next-hop self.
In this example, a route map is configured that matches the networks where you wish to override settings for bgp next-hop unchanged and bgp next-hop unchanged allpath. Subsequently, next-hop self is configured. After this, the bgp route map priority is configured for the specified address family so that the previously specified route map takes priority over the settings for bgp next-hop unchanged and bgp next-hop unchanged allpath. This configuration results in static routes being redistributed with a next hop of self, but connected routes and routes learned via IBGP or EBGP continue to be redistributed with an unchanged next hop.
route-map static-nexthop-rewrite permit 10
match source-protocol static
set ip next-hop self
route-map static-nexthop-rewrite permit 20
match route-type internal
match route-type external
match source-protocol connected
!
router bgp 65000
neighbor 172.16.232.50 remote-as 65001
address-family vpnv4
neighbor 172.16.232.50 activate
neighbor 172.16.232.50 next-hop unchanged allpaths
neighbor 172.16.232.50 route-map static-nexthop-rewrite out
exit-address-family
address-family ipv4 unicast vrf inside
bgp route-map priority
redistribute static
redistribute connected
exit-address-family
end
You can remove all contents of a particular cache, table, or database. This might be necessary when the contents of the particular structure have become or are suspected to be invalid.
You can display specific statistics, such as the contents of BGP routing tables, caches, and databases. You can use the information to get resource utilization and solve network problems. You can also display information about node reachability and discover the routing path your device’s packets are taking through the network.
The table given below lists the privileged EXEC commands for clearing and displaying BGP.
|
clear ip bgp address |
Resets a particular BGP connection. |
|
clear ip bgp * |
Resets all BGP connections. |
|
clear ip bgp peer-group tag |
Removes all members of a BGP peer group. |
|
show ip bgp prefix |
Displays peer groups and peers not in peer groups to which the prefix has been advertised. Also displays prefix attributes such as the next hop and the local prefix. |
|
show ip bgp cidr-only |
Displays all BGP routes that contain subnet and supernet network masks. |
|
show ip bgp community [community-number] [exact] |
Displays routes that belong to the specified communities. |
|
show ip bgp community-list community-list-number [exact-match] |
Displays routes that are permitted by the community list. |
|
show ip bgp filter-list access-list-number |
Displays routes that are matched by the specified AS path access list. |
|
show ip bgp inconsistent-as |
Displays the routes with inconsistent originating autonomous systems. |
|
show ip bgp regexp regular-expression |
Displays the routes that have an AS path that matches the specified regular expression entered on the command line. |
|
show ip bgp |
Displays the contents of the BGP routing table. |
|
show ip bgp neighbors [address] |
Displays detailed information on the BGP and TCP connections to individual neighbors. |
|
show ip bgp neighbors [address] [advertised-routes | dampened-routes | flap-statistics | paths regular-expression | received-routes | routes] |
Displays routes learned from a particular BGP neighbor. |
|
show ip bgp paths |
Displays all BGP paths in the database. |
|
show ip bgp peer-group [tag] [summary] |
Displays information about BGP peer groups. |
|
show ip bgp summary |
Displays the status of all BGP connections. |
The bgp log-neighbor changes command is enabled by default. It allows to log messages that are generated when a BGP neighbor resets, comes up, or goes down.
|
Feature Name |
Release |
Feature Information |
|---|---|---|
|
Border Gateway Protocol |
Cisco IOS XE Everest 16.5.1a |
This feature was introduced. |
|
Conditional BGP Route Injection |
Cisco IOS XE Gibraltar 16.11.1 |
This feature was introduced. |
|
BGP Peer Templates |
Cisco IOS XE Gibraltar 16.11.1 |
This feature was introduced. |
|
BGP Route Map Next Hop Self |
Cisco IOS XE Gibraltar 16.11.1 |
This feature was introduced. |
Feedback