Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP). It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs.

The current version in use is BGP-4 (RFC 4271).

BGP has the following characteristics:

· Focuses on route control and selection rather than route discovery and calculation.

· Uses TCP to enhance reliability.

· Measures the distance of a route by using a list of ASs that the route must travel through to reach the destination. BGP is also called a path-vector protocol.

· Supports CIDR.

· Reduces bandwidth consumption by advertising only incremental updates. BGP is very suitable to advertise large numbers of routes on the Internet.

· Eliminates routing loops by adding AS path information to BGP route updates.

· Uses policies to implement flexible route filtering and selection.

· Has good scalability.

BGP speaker and BGP peer

A router running BGP is a BGP speaker. A BGP speaker establishes peer relationships with other BGP speakers to exchange routing information over TCP connections.

BGP peers include the following types:

· IBGP peers—Reside in the same AS as the local router.

· EBGP peers—Reside in different ASs from the local router.

BGP message types

BGP uses the following message types:

· Open—After establishing a TCP connection, BGP sends an Open message to establish a session to the peer.

· Update—BGP sends update messages to exchange routing information between peers. Each update message can advertise a group of feasible routes with identical attributes and multiple withdrawn routes.

· Keepalive—BGP sends Keepalive messages between peers to maintain connectivity.

· Route-refresh—BGP sends a Route-refresh message to request the routing information for a specific address family from a peer.

· Notification—BGP sends a Notification message upon detecting an error and immediately closes the connection.

BGP path attributes

BGP uses the following path attributes in update messages for route filtering and selection:

· ORIGIN

The ORIGIN attribute specifies the origin of BGP routes. This attribute has the following types:

¡ IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute.

¡ EGP—Has the second highest priority. Routes obtained through EGP have the EGP attribute.

¡ INCOMPLETE—Has the lowest priority. The source of routes with this attribute is unknown. Routes redistributed from other routing protocols have the INCOMPLETE attribute.

· AS_PATH

The AS_PATH attribute identifies the ASs through which a route has passed. Before advertising a route to another AS, BGP adds the local AS number into the AS_PATH attribute, so the receiver can determine ASs to route the message back.

The AS_PATH attribute has the following types:

¡ AS_SEQUENCE—Arranges AS numbers in sequence. As shown in Figure 1, the number of the AS closest to the receiver's AS is leftmost.

¡ AS_SET—Arranges AS numbers randomly.

Figure 1 AS_PATH attribute

BGP uses the AS_PATH attribute to implement the following functions:

¡ Avoid routing loops—A BGP router does not receive routes containing the local AS number to avoid routing loops.

¡ Affect route selection—BGP gives priority to the route with the shortest AS_PATH length if other factors are the same. As shown in Figure 1, the BGP router in AS 50 gives priority to the route passing AS 40 for sending data to the destination 8.0.0.0. In some applications, you can apply a routing policy to control BGP route selection by modifying the AS_PATH length. For more information about routing policy, see "Configuring routing policies."

¡ Filter routes—By using an AS path list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about AS path list, see "Configuring routing policies."

· NEXT_HOP

The NEXT_HOP attribute may not be the IP address of a directly connected router. Its value is determined as follows:

¡ When a BGP speaker advertises a self-originated route to a BGP peer, it sets the address of the sending interface as the NEXT_HOP.

¡ When a BGP speaker sends a received route to an EBGP peer, it sets the address of the sending interface as the NEXT_HOP.

¡ When a BGP speaker sends a route received from an EBGP peer to an IBGP peer, it does not modify the NEXT_HOP attribute. If load balancing is configured, BGP modifies the NEXT_HOP attribute for the equal-cost routes. For load balancing information, see "BGP load balancing."

Figure 2 NEXT_HOP attribute

· MED (MULTI_EXIT_DISC)

BGP advertises the MED attribute between two neighboring ASs, each of which does not advertise the attribute to any other AS.

Similar to metrics used by IGPs, MED is used to determine the optimal route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value as the optimal route. As shown in Figure 3, traffic from AS 10 to AS 20 travels through Router B that is selected according to MED.

Figure 3 MED attribute

Generally BGP only compares MEDs of routes received from the same AS. You can also use the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs.

· LOCAL_PREF

The LOCAL_PREF attribute is exchanged between IBGP peers only, and is not advertised to any other AS. It indicates the priority of a BGP router.

BGP uses LOCAL_PREF to determine the optimal route for traffic leaving the local AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the optimal route. As shown in Figure 4, traffic from AS 20 to AS 10 travels through Router C that is selected according to LOCAL_PREF.

Figure 4 LOCAL_PREF attribute

· COMMUNITY

The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community.

A route can carry one or more COMMUNITY attribute values (each of which is represented by a 4-byte integer). A router uses the COMMUNITY attribute to determine whether to advertise the route and the advertising scope without using complex filters such as ACLs. This mechanism simplifies routing policy configuration, management, and maintenance.

Well-known COMMUNITY attributes involve the following:

¡ INTERNET—By default, all routes belong to the Internet community. Routes with this attribute can be advertised to all BGP peers.

¡ NO_EXPORT—Routes with this attribute cannot be advertised out of the local AS or out of the local confederation, but can be advertised to other sub-ASs in the confederation. For confederation information, see "Settlements for problems in large-scale BGP networks."

¡ No_ADVERTISE—Routes with this attribute cannot be advertised to other BGP peers.

¡ No_EXPORT_SUBCONFED—Routes with this attribute cannot be advertised out of the local AS or other sub-ASs in the local confederation.

You can configure BGP community lists to filter BGP routes based on the BGP COMMUNITY attribute.

· Extended community attribute

To meet new demands, BGP defines the extended community attribute. The extended community attribute has the following advantages over the COMMUNITY attribute:

¡ Provides more attribute values by extending the attribute length to eight bytes.

¡ Allows for using different types of extended community attributes in different scenarios to enhance route filtering and control and simplify configuration and management.

The device supports the route target and Site of Origin (SoO) extended community attributes. For information about route target, see MPLS Configuration Guide.

The SoO attribute specifies the site where the route originated. It prevents advertising a route back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.

The SoO attribute has the following formats:

¡ 16-bit AS number:32-bit user-defined number. For example, 100:3.

¡ 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

¡ 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

BGP route selection

BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the optimal route in the following sequence:

1. The route with the highest Preferred_value.

2. The route with the highest LOCAL_PREF.

3. The route generated by the network command, the route redistributed by the import-route command, or the summary route in turn.

4. The route with the shortest AS_PATH.

5. The IGP, EGP, or INCOMPLETE route in turn.

6. The route with the lowest MED value.

7. The route learned from EBGP, confederation EBGP, confederation IBGP, or IBGP in turn.

8. The route with the smallest IGP metric.

9. The route with the smallest recursion depth.

10. If a route received from an EBGP peer is the current optimal route, BGP does not change the optimal route when it receives routes from other EBGP peers.

11. The route advertised by the router with the smallest router ID.

If one of the routes is advertised by a route reflector, BGP compares the ORIGINATOR_ID of the route with the router IDs of other routers. Then, BGP selects the route with the smallest ID as the optimal route.

12. The route with the shortest CLUSTER_LIST.

13. The route advertised by the peer with the lowest IP address.

The CLUSTER_IDs of route reflectors form a CLUSTER_LIST. If a route reflector receives a route that contains its own CLUSTER ID in the CLUSTER_LIST, the router discards the route to avoid routing loops.

If load balancing is configured, the system selects available routes to implement load balancing.

BGP route advertisement rules

BGP follows these rules for route advertisement:

· When multiple feasible routes to a destination exist, BGP advertises only the optimal route to its peers. If the advertise-rib-active command is configured, BGP advertises the optimal route in the IP routing table. If not, BGP advertises the optimal route in the BGP routing table.

· BGP advertises only routes that it uses.

· BGP advertises routes learned from an EBGP peer to all BGP peers, including both EBGP and IBGP peers.

· BGP advertises routes learned from an IBGP peer to EBGP peers, rather than other IBGP peers.

· After establishing a session to a new BGP peer, BGP advertises all the routes matching the above rules to the peer. After that, BGP advertises only incremental updates to the peer.

BGP load balancing

BGP load balancing is applicable between EBGP peers, between IBGP peers, and between confederations.

BGP implements load balancing through route recursion and route selection.

BGP load balancing through route recursion

The next hop of a BGP route might not be directly connected. One of the reasons is that the next hop information exchanged between IBGP peers is not modified. The BGP router must find the directly connected next hop through IGP. The matching route with the direct next hop is called the recursive route. The process of finding a recursive route is route recursion.

If multiple recursive routes to the same destination are load balanced, BGP generates the same number of next hops to forward packets.

BGP load balancing based on route recursion is always enabled in the system.

BGP load balancing through route selection

IGP routing protocols, such as RIP and OSPF, can use route metrics as criteria to load balance between routes that have the same metric. BGP cannot load balance between routes by route metrics as an IGP protocol does, because BGP does not have a route computation algorithm.

BGP uses the following load balancing criteria to determine load balanced routes:

· The routes have the same ORIGIN, LOCAL_PREF, and MED attributes.

· The routes meet the following requirements on the AS_PATH attribute:

¡ If both the balance as-path-neglect and balance as-path-relax commands are configured or only the balance as-path-neglect command is configured, the routes can have different AS_PATH attributes.

¡ If only the balance as-path-relax command is configured, the routes can have different AS_PATH attributes, but the length of the AS_PATH attributes must be the same.

¡ If neither the balance as-path-neglect nor the balance as-path-relax command is configured, the routes must have the same AS_PATH attribute.

· The routes have the same MPLS label assignment status (labeled or not labeled).

BGP does not use the route selection rules described in "BGP route selection" for load balancing.

As shown in Figure 5, Router A and Router B are IBGP peers of Router C. Router C allows a maximum number of two ECMP routes for load balancing.

Router D and Router E both advertise a route 9.0.0.0 to Router C. Router C installs the two routes to its routing table for load balancing if the routes meet the BGP load balancing criteria. After that, Router C forwards to Router A and Router B a single route whose attributes are changed as follows:

· AS_PATH attribute:

¡ If the balance as-path-neglect and balance as-path-relax commands are not configured, the AS_PATH attribute does not change.

¡ If the balance as-path-neglect or balance as-path-relax command is configured, the AS_PATH attribute is changed to the attribute of the optimal route.

· The NEXT_HOP attribute is changed to the IP address of Router C.

· Other attributes are changed to be the same as the optimal route.

Figure 5 Network diagram

Settlements for problems in large-scale BGP networks

You can use the following methods to facilitate management and improve route distribution efficiency on a large-scale BGP network.

· Route summarization

Route summarization can reduce the BGP routing table size by advertising summary routes rather than more specific routes.

The system supports both manual and automatic route summarization. Manual route summarization allows you to determine the attribute of a summary route and whether to advertise more specific routes.

· Route dampening

Route flapping (a route comes up and disappears in the routing table frequently) causes BGP to send many routing updates. It can consume too many resources and affect other operations.

In most cases, BGP runs in complex networks where route changes are more frequent. To solve the problem caused by route flapping, you can use BGP route dampening to suppress unstable routes.

BGP route dampening uses a penalty value to judge the stability of a route. The bigger the value, the less stable the route. Each time a route state changes from reachable to unreachable, or a reachable route's attribute changes, BGP adds a penalty value of 1000 to the route. When the penalty value of the route exceeds the suppress value, the route is suppressed and cannot become the optimal route. When the penalty value reaches the upper limit, no penalty value is added.

If the suppressed route does not flap, its penalty value gradually decreases to half of the suppress value after a period of time. This period is called "Half-life." When the value decreases to the reusable threshold value, the route is usable again.

Figure 6 BGP route dampening

· Peer group

You can organize BGP peers with the same attributes into a group to simplify their configurations.

When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed.

· Community

You can apply a community list or an extended community list to a routing policy for route control. For more information, see "BGP path attributes."

· Route reflector

IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n(n-1)/2. If a large number of IBGP peers exist, large amounts of network and CPU resources are consumed to maintain sessions.

Using route reflectors can solve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards routing information received from a client to other clients. In this way, all clients can receive routing information from one another without establishing BGP sessions.

A router that is neither a route reflector nor a client is a non-client, which, as shown in Figure 7, must establish BGP sessions to the route reflector and other non-clients.

Figure 7 Network diagram for a route reflector

The route reflector and clients form a cluster. Typically a cluster has one route reflector. The ID of the route reflector is the Cluster_ID. You can configure more than one route reflector in a cluster to improve availability, as shown in Figure 8. The configured route reflectors must have the same Cluster_ID to avoid routing loops.

Figure 8 Network diagram for route reflectors

When the BGP routers in an AS are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. You can use commands to disable route reflection instead of modifying network configuration or changing network topology.

After route reflection is disabled between clients, routes can still be reflected between a client and a non-client.

· Confederation

Confederation is another method to manage growing IBGP connections in an AS. It splits an AS into multiple sub-ASs. In each sub-AS, IBGP peers are fully meshed. As shown in Figure 9, intra-confederation EBGP connections are established between sub-ASs in AS 200.

Figure 9 Confederation network diagram

A non-confederation BGP speaker does not need to know sub-ASs in the confederation. It considers the confederation as one AS, and the confederation ID as the AS number. In the above figure, AS 200 is the confederation ID.

Confederation has a deficiency. When you change an AS into a confederation, you must reconfigure the routers, and the topology will be changed.

In large-scale BGP networks, you can use both route reflector and confederation.

MP-BGP

BGP-4 can only advertise IPv4 unicast routing information. Multiprotocol Extensions for BGP-4 (MP-BGP) can advertise routing information for the following address families:

· IPv6 unicast address family.

· IPv4 multicast and IPv6 multicast address families.

PIM uses static and dynamic unicast routes to perform RPF check before creating multicast routing entries. When the multicast and unicast topologies are different, you can use MP-BGP to advertise the routes for RPF check. MP-BGP stores the routes in the BGP multicast routing table. For more information about PIM and RPF check, see IP Multicast Configuration Guide.

· VPNv4 and VPNv6 address families.

For more information about VPNv4 and VPNv6, see MPLS Configuration Guide.

· Labeled IPv4 unicast and IPv6 unicast address families.

MP-BGP advertises IPv4 unicast/IPv6 unicast routes and MPLS labels assigned for the routes. Labeled IPv4 unicast routes apply to inter-AS Option C for MPLS L3VPN. Labeled IPv6 unicast routes apply to 6PE and inter-AS Option C for MPLS L3VPN. For more information about inter-AS Option C, see MPLS Configuration Guide.

· L2VPN address family.

L2VPN information includes label block information and remote peer information. For more information about L2VPN and VPLS, see MPLS Configuration Guide.

· EVPN address family.

MP-BGP advertises EVPN routes to implement automatic VTEP discovery, VXLAN tunnel establishment and assignment, and MAC and ARP information advertisement. For more information about EVPN, see EVPN Configuration Guide.

· IPv4 MDT address family.

MP-BGP advertises MDT information including the PE address and default group so that multicast VPN can create a default MDT that uses the PE as the root on the public network. For more information about multicast VPN, see IP Multicast Configuration Guide.

MP-BGP extended attributes

Prefixes and next hops are key routing information. BGP-4 uses update messages to carry the following information:

· Feasible route prefixes in the Network Layer Reachability Information (NLRI) field.

· Unfeasible route prefixes in the withdrawn routes field.

· Next hops in the NEXT_HOP attribute.

BGP-4 cannot carry routing information for multiple network layer protocols.

To support multiple network layer protocols, MP-BGP defines the following path attributes:

· MP_REACH_NLRI—Carries feasible route prefixes and next hops for multiple network layer protocols.

· MP_UNREACH_NLRI—Carries unfeasible route prefixes for multiple network layer protocols.

MP-BGP uses these two attributes to advertise feasible and unfeasible routes for different network layer protocols. BGP speakers not supporting MP-BGP ignore updates containing these attributes and do not forward them to its peers.

Address family

MP-BGP uses address families and subsequent address families to identify different network layer protocols for routes contained in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes. For example, an Address Family Identifier (AFI) of 2 and a Subsequent Address Family Identifier (SAFI) of 1 identify IPv6 unicast routing information carried in the MP_REACH_NLRI attribute. For address family values, see RFC 1700.

BGP multi-instance

A BGP router can run multiple BGP processes. Each BGP process corresponds to a BGP instance. BGP maintains an independent routing table for each BGP instance.

You can create multiple public address families for a BGP instance. However, each public address family (except for public IPv4 unicast, IPv6 unicast, VPNv4, and VPNv6 address families) can belong to only one BGP instance.

You can create multiple VPN instances for a BGP instance, and each VPN instance can have multiple address families. A VPN instance can belong to only one BGP instance.

Different BGP instances can have the same AS number but cannot have the same name.

BGP configuration views

BGP uses different views to manage routing information for different BGP instances, address families, and VPN instances. Most BGP commands are available in all BGP views. BGP supports multiple VPN instances by establishing a separate routing table for each VPN instance.

Table 1 describes different BGP configuration views.

Table 1 BGP configuration views

View names	Ways to enter the views	Remarks
BGP instance view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc]	You can create a BGP instance and enter its view by specifying the instance keyword in the bgp command. Configurations in this view apply to all public address families for the specified BGP instance and all VPN instances (such as confederation, GR, and logging configurations), or apply to all public address families for the specified BGP instance.
BGP IPv4 unicast address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family ipv4 unicast [Sysname-bgp-abc-ipv4]	Configurations in this view apply to public IPv4 unicast routes and peers of the specified BGP instance.
BGP IPv6 unicast address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family ipv6 unicast [Sysname-bgp-abc-ipv6]	Configurations in this view apply to public IPv6 unicast routes and peers of the specified BGP instance.
BGP IPv4 multicast address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family ipv4 multicast [Sysname-bgp-abc-mul-ipv4]	Configurations in this view apply to IPv4 multicast routes and peers of the specified BGP instance.
BGP IPv6 multicast address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family ipv6 multicast [Sysname-bgp-abc-mul-ipv6]	Configurations in this view apply to IPv6 multicast routes and peers of the specified BGP instance.
BGP VPNv4 address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family vpnv4 [Sysname-bgp-abc-vpnv4]	Configurations in this view apply to VPNv4 routes and peers of the specified BGP instance. For more information about BGP VPNv4 address family view, see MPLS Configuration Guide.
BGP VPNv6 address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family vpnv6 [Sysname-bgp-abc-vpnv6]	Configurations in this view apply to VPNv6 routes and peers of the specified BGP instance. For more information about BGP VPNv6 address family view, see MPLS Configuration Guide.
BGP L2VPN address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family l2vpn [Sysname-bgp-abc-l2vpn]	Configurations in this view apply to L2VPN information and L2VPN peers of the specified BGP instance. For more information about BGP L2VPN address family view, see MPLS Configuration Guide.
BGP EVPN address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family l2vpn evpn [Sysname-bgp-abc-evpn]	Configurations in this view apply to EVPN routes and peers of the specified BGP instance. For more information about BGP EVPN address family view, see EVPN Configuration Guide.
BGP-VPN instance view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] ip vpn-instance vpn1 [Sysname-bgp-abc-vpn1]	Configurations in this view apply to all address families in the specified VPN instance of the specified BGP instance.
BGP-VPN IPv4 unicast address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] ip vpn-instance vpn1 [Sysname-bgp-abc-vpn1] address-family ipv4 unicast [Sysname-bgp-abc-ipv4-vpn1]	Configurations in this view apply to IPv4 unicast routes and peers in the specified VPN instance of the specified BGP instance.
BGP-VPN IPv6 unicast address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] ip vpn-instance vpn1 [Sysname-bgp-abc-vpn1] address-family ipv6 unicast [Sysname-bgp-abc-ipv6-vpn1]	Configurations in this view apply to IPv6 unicast routes and peers in the specified VPN instance of the specified BGP instance.
BGP-VPN VPNv4 address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] ip vpn-instance vpn1 [Sysname-bgp-abc-vpn1] address-family vpnv4 [Sysname-bgp-abc-vpnv4-vpn1]	Configurations in this view apply to VPNv4 routes and peers in the specified VPN instance of the specified BGP instance. For more information about BGP-VPN VPNv4 address family view, see MPLS Configuration Guide.
BGP MDT address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family ipv4 mdt [Sysname-bgp-abc-mdt]	Configurations in this view apply to MDT routes and peers of the specified BGP instance. For more information about BGP MDT address family view, see IP Multicast Configuration Guide.
BGP LS address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family link-state [Sysname-bgp-abc-ls]	Configurations in this view apply to LS messages and peers of the specified BGP instance.
BGP IPv4 RT filter address family view	<Sysname> system-view [Sysname] bgp 100 instance abc [Sysname-bgp-abc] address-family ipv4 rtfilter [Sysname-bgp-abc-rtf-ipv4]	Configurations in this view apply to IPv4 RT filter routes and peers of the specified BGP instance. For more information about BGP IPv4 RT filter address family view, see MPLS Configuration Guide.

Protocols and standards

· RFC 1700, ASSIGNED NUMBERS

· RFC 1771, A Border Gateway Protocol 4 (BGP-4)

· RFC 1997, BGP Communities Attribute

· RFC 2439, BGP Route Flap Damping

· RFC 2796, BGP Route Reflection

· RFC 2858, Multiprotocol Extensions for BGP-4

· RFC 2918, Route Refresh Capability for BGP-4

· RFC 3065, Autonomous System Confederations for BGP

· RFC 3392, Capabilities Advertisement with BGP-4

· RFC 4271, A Border Gateway Protocol 4 (BGP-4)

· RFC 4360, BGP Extended Communities Attribute

· RFC 4724, Graceful Restart Mechanism for BGP

· RFC 4760, Multiprotocol Extensions for BGP-4

· RFC 5082, The Generalized TTL Security Mechanism (GTSM)

· RFC 6037, Cisco Systems' Solution for Multicast in BGP MPLS IP VPNs

BGP configuration task list

On a basic BGP network, perform the following configuration tasks:

· Enable BGP.

· Configure BGP peers or peer groups. If you configure a BGP setting at both the peer group and the peer level, the most recent configuration takes effect on the peer.

· Control BGP route generation.

To control BGP route distribution and path selection, you must perform additional configuration tasks.

To configure BGP, perform the following tasks (IPv4 unicast/IPv4 multicast):

Tasks at a glance	Remarks
Configuring basic BGP: · (Required.) Enabling BGP · (Required.) Perform one of the following tasks: ¡ Configuring a BGP peer ¡ Configuring dynamic BGP peers ¡ Configuring a BGP peer group · (Optional.) Specifying the source address of TCP connections	As a best practice, configure BGP peer groups on large scale BGP networks for easy configuration and maintenance.
Perform at least one of the following tasks to generate BGP routes: · Injecting a local network · Redistributing IGP routes	N/A
(Optional.) Controlling route distribution and reception: · Configuring BGP route summarization · Advertising optimal routes in the IP routing table · Advertising a default route to a peer or peer group · Enabling prioritized advertisement of default-route withdrawal messages · Limiting routes received from a peer or peer group · Configuring BGP route filtering policies · Setting the BGP route sending rate · Configuring BGP route update delay · Configuring a startup policy for BGP route updates · Configuring BGP route dampening	BGP cannot advertise optimal routes in the IP routing table or limit the route sending rate for IPv4 multicast address family.
(Optional.) Controlling BGP path selection: · Setting a preferred value for routes received · Configuring preferences for BGP routes · Configuring the default local preference · Configuring the MED attribute · Configuring the NEXT_HOP attribute · Configuring the AS_PATH attribute · Ignoring IGP metrics during optimal route selection · Configuring the SoO attribute	N/A
(Optional.) Tuning and optimizing BGP networks: · Configuring the keepalive interval and hold time · Setting the session retry timer · Configuring the interval for sending updates for the same route · Enabling BGP to establish an EBGP session over multiple hops · Enabling immediate re-establishment of direct EBGP connections upon link failure · Enabling BGP ORF capabilities · Enabling 4-byte AS number suppression · Enabling MD5 authentication for BGP peers · Enabling keychain authentication for BGP peers · Configuring BGP load balancing · Configuring the BGP Additional Paths feature · Configuring IPsec for IPv6 BGP · Disabling BGP session establishment · 错误!未找到引用源。 · Configuring BGP soft-reset · Protecting an EBGP peer when memory usage reaches level 2 threshold Configuring an update delay for local MPLS labels · Flushing the suboptimal BGP route to the RIB · Setting a DSCP value for outgoing BGP packets · Disabling route recursion policy control for routes received from a peer or peer group Specifying a label allocation mode · Disabling optimal route selection for labeled routes without tunnel information	N/A
(Optional.) Configuring a large-scale BGP network: · Configuring BGP communities · Configuring BGP route reflection · Configuring a BGP confederation	N/A
(Optional.) Configuring BGP GR	N/A
(Optional.) Configuring BGP NSR	N/A
(Optional.) Enabling SNMP notifications for BGP	N/A
(Optional.) Enabling logging for session state changes	N/A
(Optional.) Enabling logging for BGP route flapping	N/A
(Optional.) Configuring BFD for BGP	N/A
(Optional.) Configuring BGP FRR	BGP does not support FRR for IPv4 multicast routes.
(Optional.) Configuring BGP LS	N/A
(Optional.) Configuring BMP	N/A

To configure BGP, perform the following tasks (IPv6 unicast/IPv6 multicast):

Tasks at a glance	Remarks
Configuring basic BGP: · (Required.) Enabling BGP · (Required.) Perform one of the following tasks: ¡ Configuring a BGP peer ¡ Configuring dynamic BGP peers ¡ Configuring a BGP peer group · (Optional.) Specifying the source address of TCP connections	As a best practice, configure BGP peer groups on large scale BGP networks for easy configuration and maintenance.
Perform at least one of the following tasks to generate BGP routes: · Injecting a local network · Redistributing IGP routes	N/A
(Optional.) Controlling route distribution and reception: · Configuring BGP route summarization · Advertising optimal routes in the IP routing table · Advertising a default route to a peer or peer group · Enabling prioritized advertisement of default-route withdrawal messages · Limiting routes received from a peer or peer group · Configuring BGP route filtering policies · Setting the BGP route sending rate · Configuring a startup policy for BGP route updates · Configuring BGP route dampening	BGP cannot advertise optimal routes in the IP routing table or limit the route sending rate for IPv6 multicast address family.
(Optional.) Controlling BGP path selection: · Setting a preferred value for routes received · Configuring preferences for BGP routes · Configuring the default local preference · Configuring the MED attribute · Configuring the NEXT_HOP attribute · Configuring the AS_PATH attribute · Configuring the SoO attribute	N/A
(Optional.) Tuning and optimizing BGP networks: · Configuring the keepalive interval and hold time · Setting the session retry timer · Configuring the interval for sending updates for the same route · Enabling BGP to establish an EBGP session over multiple hops · Enabling immediate re-establishment of direct EBGP connections upon link failure · Enabling BGP ORF capabilities · Enabling 4-byte AS number suppression · Enabling MD5 authentication for BGP peers · Enabling keychain authentication for BGP peers · Configuring BGP load balancing · Configuring the BGP Additional Paths feature · Configuring IPsec for IPv6 BGP · Disabling BGP session establishment · 错误!未找到引用源。 · Configuring BGP soft-reset · Protecting an EBGP peer when memory usage reaches level 2 threshold · Flushing the suboptimal BGP route to the RIB · Setting a DSCP value for outgoing BGP packets · Disabling route recursion policy control for routes received from a peer or peer group Specifying a label allocation mode · Disabling optimal route selection for labeled routes without tunnel information	N/A
(Optional.) Configuring a large-scale BGP network: · Configuring BGP communities · Configuring BGP route reflection · Configuring a BGP confederation	N/A
(Optional.) Configuring BGP GR	N/A
(Optional.) Configuring BGP NSR	N/A
(Optional.) Enabling SNMP notifications for BGP	N/A
(Optional.) Enabling logging for session state changes	N/A
(Optional.) Enabling logging for BGP route flapping	N/A
(Optional.) Configuring BFD for BGP	N/A
(Optional.) Configuring BGP FRR	BGP does not support FRR for IPv6 multicast routes.
(Optional.) Configuring 6PE	IPv6 multicast does not support 6PE.
(Optional.) Configuring BGP LS	N/A

Configuring basic BGP

This section describes the basic settings required for a BGP network to run.

Enabling BGP

A router ID is the unique identifier of a BGP router in an AS.

· To ensure the uniqueness of a router ID and enhance availability, specify in BGP instance view the IP address of a local loopback interface as the router ID. Different BGP instances can have the same router ID.

· If no router ID is specified in BGP instance view, the global router ID is used.

· To modify a non-zero router ID of a BGP instance , use the router-id command in BGP instance view, rather than the router id command in system view.

· If you specify a router ID in BGP instance view and then remove the interface that owns the router ID, the router does not select a new router ID. To select a new router ID, use the undo router-id command in BGP instance view.

To enable BGP:

Step		Command	Remarks
1. Enter system view.		system-view	N/A
2. Configure a global router ID.		router id router-id	By default, no global router ID is configured, and BGP uses the highest loopback interface IP address—if any—as the router ID. If no loopback interface IP address is available, BGP uses the highest physical interface IP address as the route ID regardless of the interface status.
3. Enable BGP and enter BGP instance view.	bgp as-number [ instance instance-name ]		By default, BGP is disabled and no BGP instances exist.
4. (Optional.) Configure an SNMP context for the BGP instance.		snmp context-name context-name	By default, no SNMP context is configured for a BGP instance.
5. (Optional.) Configure a router ID for the BGP instance.	router-id router-id		By default, no router ID is configured for a BGP instance, and the BGP instance uses the global router ID configured by the router-id command in system view.
6. (Optional.) Enter BGP-VPN instance view.		ip vpn-instance vpn-instance-name	The specified VPN instance must have been created and have an RD. For more information about VPN instances, see MPLS Configuration Guide.
7. (Optional.) Configure a router ID for the BGP VPN instance.		router-id { router-id \| auto-select }	By default, no router ID is configured for a BGP VPN instance, and the BGP VPN instance uses the router ID configured in BGP instance view. If no router ID is configured in BGP instance view, the BGP VPN instance uses the global router ID configured in system view.

Configuring a BGP peer

Configuring a BGP peer (IPv4 unicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an IPv4 BGP peer and specify its AS number.	peer ipv4-address as-number as-number	By default, no IPv4 BGP peers exist.
4. (Optional.) Configure a description for a peer.	peer ipv4-address description text	By default, no description is configured for a peer.
5. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.	address-family ipv4 [ unicast ]	By default, no BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family exists.
6. Enable the router to exchange IPv4 unicast routing information with the specified peer.	peer ipv4-address enable	By default, the router cannot exchange IPv4 unicast routing information with the peer.

Configuring a BGP peer (IPv6 unicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an IPv6 BGP peer and specify its AS number.	peer ipv6-address as-number as-number	By default, no IPv6 BGP peers exist.
4. (Optional.) Configure a description for a peer.	peer ipv6-address description text	By default, no description is configured for a peer.
5. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.	address-family ipv6 [ unicast ]	By default, no BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family exists.
6. Enable the router to exchange IPv6 unicast routing information with the specified peer.	peer ipv6-address enable	By default, the router cannot exchange IPv6 unicast routing information with the peer.

Configuring a BGP peer (IPv4 multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view	bgp as-number [ instance instance-name ]	N/A
3. Create an IPv4 BGP peer and specify its AS number.	peer ipv4-address as-number as-number	By default, no IPv4 BGP peers exist.
4. (Optional.) Configure a description for the peer.	peer ipv4-address description text	By default, no description is configured for a peer.
5. Create the BGP IPv4 multicast address family and enter its view.	address-family ipv4 multicast	By default, no BGP IPv4 multicast address family exists.
6. Enable the router to exchange IPv4 unicast routing information used for RPF check with the specified peer.	peer ipv4-address enable	By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peer.

Configuring a BGP peer (IPv6 multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an IPv6 BGP peer and specify its AS number.	peer ipv6-address as-number as-number	By default, no IPv6 BGP peers exist.
4. (Optional.) Configure a description for the peer.	peer ipv6-address description text	By default, no description is configured for a peer.
5. Create the BGP IPv6 multicast address family and enter its view.	address-family ipv6 multicast	By default, no BGP IPv6 multicast address family exist.
6. Enable the router to exchange IPv6 unicast routing information used for RPF check with the specified peer.	peer ipv6-address enable	By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peer.

Configuring dynamic BGP peers

This feature enables BGP to establish dynamic BGP peer relationships with devices in a network. BGP accepts connection requests from the network but it does not initiate connection requests to the network.

After a device in the network initiates a connection request, BGP establishes a dynamic peer relationship with the device.

If multiple BGP peers reside in the same network, you can use this feature to simplify BGP peer configuration.

For a remote device to establish a peer relationship with the local device, you must specify the IP address of the local device on the remote device.

Configuring dynamic BGP peers (IPv4 unicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.	peer ipv4-address mask-length as-number as-number	By default, no dynamic BGP peers exist.
4. (Optional.) Configure a description for dynamic BGP peers.	peer ipv4-address mask-length description text	By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.	address-family ipv4 [ unicast ]	By default, no BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family exists.
6. Enable BGP to exchange IPv4 unicast routing information with dynamic BGP peers in the specified network.	peer ipv4-address mask-length enable	By default, BGP cannot exchange IPv4 unicast routing information with dynamic BGP peers.

Configuring dynamic BGP peers (IPv6 unicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.	peer ipv6-address prefix-length as-number as-number	By default, no dynamic BGP peers exist.
4. (Optional.) Configure a description for dynamic BGP peers.	peer ipv6-address prefix-length description text	By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.	address-family ipv6 [ unicast ]	By default, no BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family exists.
6. Enable BGP to exchange IPv6 unicast routing information with dynamic BGP peers in the specified network.	peer ipv6-address prefix-length enable	By default, BGP cannot exchange IPv6 unicast routing information with dynamic BGP peers.

Configuring dynamic BGP peers (IPv4 multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.	peer ipv4-address mask-length as-number as-number	By default, no dynamic BGP peers exist.
4. (Optional.) Configure a description for dynamic BGP peers.	peer ipv4-address mask-length description text	By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv4 multicast address family and enter its view.	address-family ipv4 multicast	By default, no BGP IPv4 multicast address family exists.
6. Enable BGP to exchange IPv4 unicast routing information used for RPF check with dynamic BGP peers in the specified network.	peer ipv4-address mask-length enable	By default, BGP cannot exchange IPv4 unicast routing information used for RPF check with dynamic BGP peers.

Configuring dynamic BGP peers (IPv6 multicast address family)

Step	Command		Remarks
1. Enter system view.	system-view		N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]		N/A
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.	peer ipv6-address prefix-length as-number as-number	By default, no dynamic BGP peers exist.
4. (Optional.) Configure a description for dynamic BGP peers.	peer ipv6-address prefix-length description text		By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv6 multicast address family and enter its view.	address-family ipv6 multicast		By default, no BGP IPv6 multicast address family exists.
6. Enable BGP to exchange IPv6 unicast routing information used for RPF check with dynamic BGP peers in the specified network.	peer ipv6-address prefix-length enable		By default, BGP cannot exchange IPv6 unicast routing information used for RPF check with dynamic BGP peers.

Configuring a BGP peer group

The peers in a peer group use the same route selection policy.

In a large-scale network, many peers can use the same route selection policy. You can configure a peer group and add these peers into this group. When you change the policy for the group, the modification also applies to the peers in the group.

A peer group is an IBGP peer group if peers in it belong to the local AS, and is an EBGP peer group if peers in it belong to different ASs.

Configuring an IBGP peer group

After you create an IBGP peer group and then add a peer into it, the system creates the peer in BGP instance view and specifies the local AS number for the peer.

To configure an IBGP peer group (IPv4 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an IBGP peer group.	group group-name [ internal ]	By default, no IBGP peer groups exist.
4. Add a peer into the IBGP peer group.	peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]	By default, no peer exists in the peer group. The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.	address-family ipv4 [ unicast ]	By default, no BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family exists.
7. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information with the peers.

To configure an IBGP peer group (IPv6 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an IBGP peer group.	group group-name [ internal ]	By default, no IBGP peer groups exist.
4. Add a peer into the IBGP peer group.	peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]	By default, no peer exists in the peer group. The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.	address-family ipv6 [ unicast ]	By default, no BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family exists.
7. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information with the peers.

To configure an IBGP peer group (IPv4 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an IBGP peer group.	group group-name [ internal ]	By default, no IBGP peer groups exist.
4. Add an IPv4 peer into the IBGP peer group.	peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]	By default, no peer exists in the peer group. The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv4 multicast address family and enter its view.	address-family ipv4 multicast	By default, no BGP IPv4 multicast address family exists.
7. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the peer group.

To configure an IBGP peer group (IPv6 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an IBGP peer group.	group group-name [ internal ]	By default, no IBGP peer groups exist.
4. Add a peer into the IBGP peer group.	peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]	By default, no peer exists in the peer group. The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv6 multicast address family and enter its view.	address-family ipv6 multicast	By default, no BGP IPv6 multicast address family exists.
7. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the peer group.

Configuring an EBGP peer group

If peers in an EBGP group belong to the same external AS, the EBGP peer group is a pure EBGP peer group. If not, it is a mixed EBGP peer group.

Use one of the following methods to configure an EBGP peer group:

· Method 1—Create an EBGP peer group, specify its AS number, and add peers into it. All the added peers have the same AS number. All peers in the peer group have the same AS number as the peer group. You can specify an AS number for a peer before adding it into the peer group. The AS number must be the same as that of the peer group.

· Method 2—Create an EBGP peer group, specify an AS number for a peer, and add the peer into the peer group. Peers added in the group can have different AS numbers.

· Method 3—Create an EBGP peer group and add a peer with an AS number into it. Peers added in the group can have different AS numbers.

To configure an EBGP peer group by using Method 1 (IPv4 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Specify the AS number of the group.	peer group-name as-number as-number	By default, no AS number is specified. If a peer group contains peers, you cannot remove or change its AS number.
5. Add a peer into the EBGP peer group.	peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.	address-family ipv4 [ unicast ]	By default, no BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family exists.
8. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information with the peers.

To configure an EBGP peer group by using Method 1 (IPv6 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Specify the AS number of the group.	peer group-name as-number as-number	By default, no AS number is specified. If a peer group contains peers, you cannot remove or change its AS number.
5. Add a peer into the EBGP peer group.	peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.	address-family ipv6 [ unicast ]	By default, no BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family exists.
8. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information with the peers.

To configure an EBGP peer group by using Method 1 (IPv4 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Specify the AS number of the group.	peer group-name as-number as-number	By default, no AS number is specified. If a peer group contains peers, you cannot remove or change its AS number.
5. Add an IPv4 BGP peer into the EBGP peer group.	peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv4 multicast address family and enter its view.	address-family ipv4 multicast	By default, no BGP IPv4 multicast address family exists.
8. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the group.

To configure an EBGP peer group by using Method 1 (IPv6 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Specify the AS number of the group.	peer group-name as-number as-number	By default, no AS number is specified. If a peer group contains peers, you cannot remove or change its AS number.
5. Add an IPv6 BGP peer into the EBGP peer group.	peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv6 multicast address family and enter its view.	address-family ipv6 multicast	By default, no BGP IPv6 multicast address family exists.
8. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group.

To configure an EBGP peer group by using Method 2 (IPv4 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Create an IPv4 BGP peer and specify its AS number.	peer ipv4-address [ mask-length ] as-number as-number	By default, no IPv4 BGP peers exist.
5. Add the peer into the EBGP peer group.	peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer ipv4-address [ mask-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.	address-family ipv4 [ unicast ]	By default, no BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family exists.
8. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information with the peers.

To configure an EBGP peer group by using Method 2 (IPv6 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Create an IPv6 BGP peer and specify its AS number.	peer ipv6-address [ prefix-length ] as-number as-number	By default, no IPv6 BGP peers exist.
5. Add the peer into the EBGP peer group.	peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer ipv4-address [ prefix-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.	address-family ipv6 [ unicast ]	By default, no BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family exists.
8. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information with the peers.

To configure an EBGP peer group by using Method 2 (IPv4 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Create an IPv4 BGP peer and specify its AS number.	peer ipv4-address [ mask-length ] as-number as-number	By default, no IPv4 BGP peers exist.
5. Add the peer into the EBGP peer group.	peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer ipv4-address [ mask-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv4 multicast address family and enter its view.	address-family ipv4 multicast	By default, no BGP IPv4 multicast address family exists.
8. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the group.

To configure an EBGP peer group by using Method 2 (IPv6 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Create an IPv6 BGP peer and specify its AS number.	peer ipv6-address [ prefix-length ] as-number as-number	By default, no IPv6 BGP peers exist.
5. Add the peer into the EBGP peer group.	peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]	By default, no peers exist in the peer group. The as-number as-number option, if used, must specify the same AS number as the peer ipv6-address [ prefix-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
7. Create the BGP IPv6 multicast address family and enter its view.	address-family ipv6 multicast	By default, no BGP IPv6 multicast address family exists.
8. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group.

To configure an EBGP peer group by using Method 3 (IPv4 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Add a peer into the EBGP peer group.	peer ipv4-address [ mask-length ] group group-name as-number as-number	By default, no peers exist in the peer group.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.	address-family ipv4 [ unicast ]	By default, no BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family exists.
7. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information with the peers.

To configure an EBGP peer group by using Method 3 (IPv6 unicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Add a peer into the EBGP peer group.	peer ipv6-address [ prefix-length ] group group-name as-number as-number	By default, no peers exist in the peer group.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.	address-family ipv6 [ unicast ]	By default, no BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family exists.
7. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information with the peers.

To configure an EBGP peer group by using Method 3 (IPv4 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Add an IPv4 BGP peer into the EBGP peer group.	peer ipv4-address [ mask-length ] group group-name as-number as-number	By default, no peers exist in the peer group.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv4 multicast address family and enter its view.	address-family ipv4 multicast	By default, no BGP IPv4 multicast address family exists.
7. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers.

To configure an EBGP peer group by using Method 3 (IPv6 multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Create an EBGP peer group.	group group-name external	By default, no EBGP peer groups exist.
4. Add an IPv6 BGP peer into the EBGP peer group.	peer ipv6-address [ prefix-length ] group group-name as-number as-number	By default, no peers exist in the peer group.
5. (Optional.) Configure a description for the peer group.	peer group-name description text	By default, no description is configured for the peer group.
6. Create the BGP IPv6 multicast address family and enter its view.	address-family ipv6 multicast	By default, no BGP IPv6 multicast address family exists.
7. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.	peer group-name enable	By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group.

Specifying the source address of TCP connections

About specifying the source address of TCP connections

This task allows you to specify the source address or source interface for the local router to establish TCP connections to a BGP peer or peer group. This task is applicable to the following scenarios:

· The peer's IPv4/IPv6 address does not belong to the interface directly connected to the local router. To ensure successful TCP connection establishment, use one of the following methods:

¡ Specify the interface to which the IPv4/IPv6 address belongs as the source interface on the peer.

¡ Specify the IPv4/IPv6 address of the interface directly connected to the local router as the source address on the peer.

· On a BGP router that has multiple links to a peer, the source interface for TCP connection changes because the primary source interface fails. To avoid this problem, specify a loopback interface as the source interface or specify the IP address of a loopback interface as the source address.

· You want to establish multiple BGP sessions to a router. In this case, BGP might fail to determine the source address for each TCP connection based on the optimal route to the peer. To prevent this problem, use one of the following methods:

¡ If the BGP sessions use IP addresses of different interfaces, specify a source interface or source address for each session.

¡ If the BGP sessions use different IP addresses of the same interface, specify a source address for each session.

Restrictions and guidelines

BGP immediately tears down the session to an IBGP peer or peer group when the following conditions exist:

· The source interface of TCP connections to the IBGP peer or peer group is a physical interface.

· The source interface fails and the link to the IBGP peer or peer group goes down.

Specifying the source address of TCP connections (IPv4 unicast/multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Specify the source address or source interface for establishing TCP connections to a peer or peer group.	· Specify the source address for establishing TCP connections to a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } source-address source-ipv4-address · Specify the source interface for establishing TCP connections to a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } connect-interface interface-type interface-number	Use either method. By default, BGP uses the primary IPv4 address of the output interface in the optimal route to a peer or peer group as the source address of TCP connections to the peer or peer group.

Specifying the source address of TCP connections (IPv6 unicast/multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Specify the source IPv6 address or source interface for establishing TCP connections to a peer or peer group.	· Specify the source IPv6 address for establishing TCP connections to a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } source-address source-ipv6-address · Specify the source interface for establishing TCP connections to a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } connect-interface interface-type interface-number	Use either method. By default, BGP uses the IPv6 address of the output interface in the optimal route to the BGP peer or peer group as the source address of TCP connections to the peer or peer group.

Generating BGP routes

BGP can generate routes in the following ways:

· Advertise local networks.

· Redistribute IGP routes.

Injecting a local network

Perform this task to inject a network in the local routing table to the BGP routing table, so BGP can advertise the network to BGP peers. The ORIGIN attribute of BGP routes advertised in this way is IGP. You can also use a routing policy to control route advertisement.

The specified network must be available and active in the local IP routing table.

To inject a local network (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure BGP to advertise a local network.	network ipv4-address [ mask-length \| mask ] [ route-policy route-policy-name ]	By default, BGP does not advertise local networks.

To inject a local network (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure BGP to advertise a local network.	network ipv6-address prefix-length [ route-policy route-policy-name ]	By default, BGP does not advertise local networks.

Redistributing IGP routes

Perform this task to configure route redistribution from an IGP to BGP.

By default, BGP does not redistribute default IGP routes. You can use the default-route imported command to redistribute default IGP routes into the BGP routing table.

Only active routes can be redistributed. To view route state information, use the display ip routing-table protocol or display ipv6 routing-table protocol command.

The ORIGIN attribute of BGP routes redistributed from IGPs is INCOMPLETE.

To configure BGP to redistribute IGP routes (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Enable route redistribution from the specified IGP into BGP.	import-route protocol [ { process-id \| all-processes } [ allow-direct \| med med-value \| route-policy route-policy-name ] * ]	By default, BGP does not redistribute IGP routes.
4. (Optional.) Enable default route redistribution into BGP.	default-route imported	By default, BGP does not redistribute default routes.

To configure BGP to redistribute IGP routes (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Enable route redistribution from the specified IGP into BGP.	import-route protocol [ { process-id \| all-processes } [ allow-direct \| med med-value \| route-policy route-policy-name ] * ]	By default, BGP does not redistribute IGP routes.
4. (Optional.) Enable default route redistribution into BGP.	default-route imported	By default, BGP does not redistribute default routes.

Controlling route distribution and reception

This section describes how to control route distribution and reception.

Configuring BGP route summarization

Route summarization can reduce the number of redistributed routes and the routing table size. IPv4 BGP supports automatic route summarization and manual route summarization. Manual summarization takes precedence over automatic summarization. IPv6 BGP supports only manual route summarization.

The output interface of a BGP summary route is Null 0 on the originating router. Therefore, a summary route must not be an optimal route on the originating router. Otherwise, BGP will fail to forward packets matching the route. If a summarized specific route has the same mask as the summary route, but has a lower priority, the summary route becomes the optimal route. To ensure correct packet forwarding, change the priority of the summary or specific route to make the specific route the optimal route.

Configuring automatic route summarization

Automatic route summarization enables BGP to summarize IGP subnet routes redistributed by the import-route command so BGP advertises only natural network routes.

To configure automatic route summarization (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure automatic route summarization.	summary automatic	By default, automatic route summarization is not configured.

Configuring manual route summarization

By configuring manual route summarization, you can do the following:

· Summarize both redistributed routes and routes injected using the network command.

· Determine the mask length for a summary route.

To configure BGP manual route summarization (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Create a summary route in the BGP routing table.	aggregate ipv4-address { mask-length \| mask } [ as-set \| attribute-policy route-policy-name \| detail-suppressed \| origin-policy route-policy-name \| suppress-policy route-policy-name ] *	By default, no summary routes are configured.

To configure BGP manual route summarization (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Create a summary route in the IPv6 BGP routing table.	aggregate ipv6-address prefix-length [ as-set \| attribute-policy route-policy-name \| detail-suppressed \| origin-policy route-policy-name \| suppress-policy route-policy-name ] *	By default, no summary routes are configured.

Advertising optimal routes in the IP routing table

By default, BGP advertises optimal routes in the BGP routing table, which may not be optimal in the IP routing table. This task allows you to advertise BGP routes that are optimal in the IP routing table.

To enable BGP to advertise optimal routes in the IP routing table (IPv4 unicast):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Enable BGP to advertise optimal routes in the IP routing table.	advertise-rib-active	By default, BGP advertises optimal routes in the BGP routing table.
4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.	· Enter BGP IPv4 unicast address family view: address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. ip vpn-instance vpn-instance-name b. address-family ipv4 [ unicast ]	N/A
5. Enable BGP to advertise optimal routes in the IP routing table of the address family in the VPN instance.	advertise-rib-active	By default, the setting is the same as that in BGP instance view.

To enable BGP to advertise optimal routes in the IPv6 routing table (IPv6 unicast):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Enable BGP to advertise optimal routes in the IPv6 routing table.	advertise-rib-active	By default, BGP advertises optimal routes in the BGP routing table.
4. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.	· Enter BGP IPv6 unicast address family view: address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. ip vpn-instance vpn-instance-name b. address-family ipv6 [ unicast ]	N/A
5. Enable BGP to advertise optimal routes in the IPv6 routing table of the address family in the VPN instance.	advertise-rib-active	By default, the setting is the same as that in BGP instance view.

Advertising a default route to a peer or peer group

Perform this task to advertise a default BGP route with the next hop being the advertising router to a peer or peer group.

To advertise a default route to a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Advertise a default route to a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } default-route-advertise [ route-policy route-policy-name ]	By default, no default route is advertised.

To advertise a default route to a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Advertise a default route to a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } default-route-advertise [ route-policy route-policy-name ]	By default, no default route is advertised.

Enabling prioritized advertisement of default-route withdrawal messages

Typically a BGP router does not send withdrawal messages of the default route prior to other routes to its peers. If the peer relationship is down, the default route cannot be withdrawn first. Traffic interruption might occur. Perform this task to configure BGP to send the withdrawal message of the default route prior to other routes. This can reduce the traffic interruption time when the peer relationship is down.

As shown in Figure 10, Device A and Device B send a default route and large numbers of external routes to the internal network. After optimal route selection, Device E selects Device A as the egress router to reach the external network. If the peer relationship between Device A and Device C is down, Device C sends route withdrawal messages to Device E. If the withdrawal message of the default route is not sent prior to other routes, traffic forwarded through the default route will be interrupted. After you configure this task, traffic can be immediately switched to Device D to reduce traffic interruption time.

Figure 10 Network diagram

To enable prioritized advertisement of default-route withdrawal messages:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Enable prioritized advertisement of default-route withdrawal messages.	default-route update-first	By default, BGP does not send withdrawal messages of the default route prior to other routes.

Limiting routes received from a peer or peer group

This feature can prevent attacks that send a large number of BGP routes to the router.

If the number of routes received from a peer or peer group exceeds the upper limit, the router takes one of the following actions based on your configuration:

· Tears down the BGP session to the peer or peer group and does not attempt to re-establish the session.

· Continues to receive routes from the peer or peer group and generates a log message.

· Retains the session to the peer or peer group, but it discards excess routes and generates a log message.

· Tears down the BGP session to the peer or peer group and, after a specific period of time, re-establishes a BGP session to the peer or peer group.

You can specify a percentage threshold for the router to generate a log message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router generates a log message.

To limit routes that a router can receive from a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Specify the maximum number of routes that a router can receive from a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } route-limit prefix-number [ { alert-only \| discard \| reconnect reconnect-time } \| percentage-value ] *	By default, the number of routes that a router can receive from a peer or peer group is not limited.

To limit routes that a router can receive from a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Specify the maximum number of routes that a router can receive from a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } route-limit prefix-number [ { alert-only \| discard \| reconnect reconnect-time } \| percentage-value ] *	By default, the number of routes that a router can receive from a peer or peer group is not limited.

Configuring BGP route filtering policies

Configuration prerequisites

Before you configure BGP routing filtering policies, configure the following filters used for route filtering as needed:

· ACL (see ACL and QoS Configuration Guide).

· Prefix list (see "Configuring routing policies").

· Routing policy (see "Configuring routing policies").

· AS path list (see "Configuring routing policies").

Configuring BGP route distribution filtering policies

To configure BGP route distribution filtering policies, use the following methods:

· Use an ACL or prefix list to filter routing information advertised to all peers.

· Use a routing policy, ACL, AS path list, or prefix list to filter routing information advertised to a peer or peer group.

If you configure multiple filtering policies, apply them in the following sequence:

1. filter-policy export

2. peer filter-policy export

3. peer as-path-acl export

4. peer prefix-list export

5. peer route-policy export

Only routes passing all the configured policies can be advertised.

To configure BGP route distribution filtering policies (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure BGP route distribution filtering policies.	· Reference an ACL or IP prefix list to filter advertised BGP routes: filter-policy { ipv4-acl-number \| prefix-list ipv4-prefix-list-name } export [ direct \| isis process-id \| ospf process-id \| rip process-id \| static ] · Reference a routing policy to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } route-policy route-policy-name export · Reference an ACL to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } filter-policy ipv4-acl-number export · Reference an AS path list to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } as-path-acl as-path-acl-number export · Reference an IPv4 prefix list to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } prefix-list ipv4-prefix-list-name export	Use at least one method. By default, no BGP distribution filtering policy is configured.

To configure BGP route distribution filtering policies (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure BGP route distribution filtering policies.	· Reference an ACL or IPv6 prefix list to filter advertised BGP routes: filter-policy { ipv6-acl-number \| prefix-list ipv6-prefix-list-name } export [ direct \| isisv6 process-id \| ospfv3 process-id \| ripng process-id \| static ] · Reference a routing policy to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } route-policy route-policy-name export · Reference an ACL to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } filter-policy ipv6-acl-number export · Reference an AS path list to filter BGP routes advertised to a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } as-path-acl as-path-acl-number export · Reference an IPv6 prefix list to filter BGP routes advertised to a peer or peer group peer { group-name \| ipv6-address [ prefix-length ] } prefix-list ipv6-prefix-list-name export	Use at least one method. By default, no BGP distribution filtering policy is configured.

Configuring BGP route reception filtering policies

You can use the following methods to configure BGP route reception filtering policies:

· Use an ACL or prefix list to filter routing information received from all peers.

· Use a routing policy, ACL, AS path list, or prefix list to filter routing information received from a peer or peer group.

If you configure multiple filtering policies, apply them in the following sequence:

1. filter-policy import

2. peer filter-policy import

3. peer as-path-acl import

4. peer prefix-list import

5. peer route-policy import

Only routes passing all the configured policies can be received.

To configure BGP route reception filtering policies (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure BGP route reception filtering policies.	· Reference an ACL or IP prefix list to filter BGP routes received from all peers: filter-policy { ipv4-acl-number \| prefix-list ipv4-prefix-list-name } import · Reference a routing policy to filter BGP routes received from a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } route-policy route-policy-name import · Reference an ACL to filter BGP routes received from a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } filter-policy ipv4-acl-number import · Reference an AS path list to filter BGP routes received from a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } as-path-acl as-path-acl-number import · Reference an IPv4 prefix list to filter BGP routes received from a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } prefix-list ipv4-prefix-list-name import	Use at least one method. By default, no route reception filtering is configured.

To configure BGP route reception filtering policies (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure BGP route reception filtering policies.	· Reference ACL or IPv6 prefix list to filter BGP routes received from all peers: filter-policy { ipv6-acl-number \| prefix-list ipv6-prefix-list-name } import · Reference a routing policy to filter BGP routes received from a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } route-policy route-policy-name import · Reference an ACL to filter BGP routes received from a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } filter-policy ipv6-acl-number import · Reference an AS path list to filter BGP routes received from a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } as-path-acl as-path-acl-number import · Reference an IPv6 prefix list to filter BGP routes received from a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } prefix-list ipv6-prefix-list-name import	Use at least one method. By default, no route reception filtering is configured.

Setting the BGP route sending rate

If a device sends many new routes within a short time period, it might be unable to add the routes to the FIB before the peer device adds them. This might result in traffic forwarding failure. To avoid this problem, you can perform this task to set an appropriate route sending rate for the device.

For a device with high performance, you can set a high BGP route sending rate as needed. For a device without high performance, set a relatively low BGP route sending rate as a best practice.

This task applies only to IPv4 unicast routes and IPv6 unicast routes.

To set the BGP route sending rate:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Set the BGP route sending rate.	route-rate-limit rate	By default, the BGP route sending rate is not set.

Configuring BGP route update delay

Perform this task to configure BGP to delay sending route updates on reboot to reduce traffic loss. With this feature enabled, BGP redistributes all routes from other neighbors on reboot, selects the optimal route, and then advertises it.

To configure BGP route update delay:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Configure BGP to delay sending route updates on reboot.	bgp update-delay on-startup seconds	By default, BGP immediately sends route updates on reboot.
4. (Optional.) Configure BGP to immediately send route updates for routes that match a prefix list.	bgp update-delay on-startup prefix-list ipv4-prefix-list-name	By default, no prefix list is specified to filter routes. Use this command when the updates for the specified routes must be sent immediately. This command is available only to IPv4 prefix lists.

Configuring a startup policy for BGP route updates

About startup policy for BGP route updates

Perform this task to configure BGP to send route updates with the specified attributes within the specified period after reboot.

As shown in Figure 11, if Router B restarts and sends route updates before route convergence completes, traffic sent from Router A through Router B might be lost. This feature enables Router B to send route updates with the specified attribute values within the specified period after reboot, so that Router A can forward traffic through Router C.

Figure 11 Network diagram

Procedure

To configure a startup policy for BGP route updates:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Specify the period after reboot within which the startup policy is effective.	bgp apply-policy on-startup duration seconds	By default, the startup policy does not take effect.
4. Specify a MED attribute value in the startup policy.	bgp policy on-startup med med-value	By default, the MED attribute value in the startup policy is 4294967295.

Configuring BGP route dampening

Route dampening enables BGP to not select unstable routes as optimal routes. This feature applies to EBGP routes but not to IBGP routes.

If an EBGP peer goes down after you configure this feature, routes coming from the peer are dampened but not deleted.

To configure BGP route dampening (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure BGP route dampening.	dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling \| route-policy route-policy-name ] *	By default, BGP route dampening is not configured.

To configure BGP route dampening (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure IPv6 BGP route dampening.	dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling \| route-policy route-policy-name ] *	By default, IPv6 BGP route dampening is not configured.

Controlling BGP path selection

By configuring BGP path attributes, you can control BGP path selection.

Setting a preferred value for routes received

Perform this task to set a preferred value for specific routes to control BGP path selection.

Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the optimal route.

To set a preferred value for routes from a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Set a preferred value for routes received from a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } preferred-value value	The default preferred value is 0.

To set a preferred value for routes from a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Set a preferred value for routes received from a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } preferred-value value	The default preferred value is 0.

Configuring preferences for BGP routes

Routing protocols each have a default preference. If they find multiple routes destined for the same network, the route found by the routing protocol with the highest preference is selected as the optimal route.

You can use the preference command to modify preferences for EBGP, IBGP, and local BGP routes, or use a routing policy to set a preference for matching routes. For routes not matching the routing policy, the default preference applies.

If a device has an EBGP route and a local BGP route to reach the same destination, it does not select the EBGP route because the EBGP route has a lower preference than the local BGP route by default. You can use the network short-cut command to configure the EBGP route as a shortcut route that has the same preference as the local BGP route. The EBGP route will more likely become the optimal route.

To configure preferences for BGP routes (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure preferences for EBGP, IBGP, and local BGP routes.	preference { external-preference internal-preference local-preference \| route-policy route-policy-name }	The default preferences for EBGP, IBGP, and local BGP routes are 255, 255, and 130.
4. Configure an EBGP route as a shortcut route.	network ipv4-address [ mask-length \| mask ] short-cut	By default, an EBGP route has a preference of 255.

To configure preferences for BGP routes (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure preferences for EBGP, IBGP, and local BGP routes.	preference { external-preference internal-preference local-preference \| route-policy route-policy-name }	The default preferences for EBGP, IBGP, and local BGP routes are 255, 255, and 130.
4. Configure an EBGP route as a shortcut route.	network ipv6-address prefix-length short-cut	By default, an EBGP route has a preference of 255.

Configuring the default local preference

The local preference is used to determine the optimal route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination, but with different next hops, it considers the route with the highest local preference as the optimal route.

This task allows you to specify the default local preference for routes sent to IBGP peers.

To specify the default local preference (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure the default local preference.	default local-preference value	The default local preference is 100.

To specify the default local preference (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure the default local preference.	default local-preference value	The default local preference is 100.

Configuring the MED attribute

BGP uses MED to determine the optimal route for traffic going into an AS. When a BGP router obtains multiple routes with the same destination but with different next hops, it considers the route with the smallest MED value as the optimal route if other conditions are the same.

Configuring the default MED value

To configure the default MED value (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure the default MED value.	default med med-value	The default MED value is 0.

To configure the default MED value (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure the default MED value.	default med med-value	The default MED value is 0.

Enabling MED comparison for routes from different ASs

This task enables BGP to compare the MEDs of routes from different ASs.

To enable MED comparison for routes from different ASs:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable MED comparison for routes from different ASs.	compare-different-as-med	By default, MED comparison for routes from different ASs is disabled.

Enabling MED comparison for routes on a per-AS basis

This task enables BGP to compare the MEDs of routes from an AS.

Figure 12 Route selection based on MED (in an IPv4 network)

As shown in Figure 12, Router D establishes indirect EBGP peer relationships with Router A, Router B, and Router C, and learns addresses 1.1.1.1/32, 2.2.2.2/32, and 3.3.3.3/32 through OSPF. The following output shows the routing information on Router D.

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.1/32 O_INTRA 10 10 11.1.1.2 XGE1/0/1

2.2.2.2/32 O_INTRA 10 20 12.1.1.2 XGE1/0/2

3.3.3.3/32 O_INTRA 10 30 13.1.1.2 XGE1/0/3

Router D learns network 10.0.0.0 from both Router A and Router B. Because the route learned from Router B has a smaller IGP metric, the route is optimal. The following output shows the BGP routing table on Router D.

Network NextHop MED LocPrf PrefVal Path/Ogn

*>e 10.0.0.0 2.2.2.2 50 0 300 400e

* e 3.3.3.3 50 0 200 400e

When Router D learns network 10.0.0.0 from Router C, it compares the route with the optimal route in its routing table. Because Router C and Router B reside in different ASs, BGP does not compare the MEDs of the two routes. The route from Router C has a smaller IGP metric than the route from Router B, so the route from Router C becomes optimal. The following output shows the BGP routing table on Router D.

Network NextHop MED LocPrf PrefVal Path/Ogn

*>e 10.0.0.0 1.1.1.1 60 0 200 400e

* e 10.0.0.0 2.2.2.2 50 0 300 400e

* e 3.3.3.3 50 0 200 400e

However, Router C and Router A reside in the same AS, and Router C has a greater MED, so network 10.0.0.0 learned from Router C should not be optimal.

To avoid this problem, you can configure the bestroute compare-med command to enable MED comparison for routes from the same AS on Router D. After that, Router D puts the routes received from each AS into a group, selects the route with the lowest MED from each group, and compares routes from different groups. Network 10.0.0.0 learned from Router B is the optimal route. The following output shows the BGP routing table on Router D.

Network NextHop MED LocPrf PrefVal Path/Ogn

*>e 10.0.0.0 2.2.2.2 50 0 300 400e

* e 3.3.3.3 50 0 200 400e

* e 1.1.1.1 60 0 200 400e

To enable MED comparison for routes on a per-AS basis:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable MED comparison for routes on a per-AS basis.	bestroute compare-med	By default, MED comparison for routes on a per-AS basis is disabled.

Enabling MED comparison for routes from confederation peers

This task enables BGP to compare the MEDs of routes received from confederation peers. However, if a route received from a confederation peer has an AS number that does not belong to the confederation, BGP does not compare the route with other routes. For example, a confederation has three AS numbers 65006, 65007, and 65009. BGP receives three routes from different confederation peers. The AS_PATH attributes of these routes are 65006 65009, 65007 65009, and 65008 65009, and the MED values of them are 2, 3, and 1. Because the third route's AS_PATH attribute contains AS number 65008 that does not belong to the confederation, BGP does not compare it with other routes. As a result, the first route becomes the optimal route.

To enable MED comparison for routes from confederation peers:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable MED comparison for routes from confederation peers.	bestroute med-confederation	By default, MED comparison for routes from confederation peers is disabled.

Configuring the NEXT_HOP attribute

By default, a BGP router does not set itself as the next hop for routes advertised to an IBGP peer or peer group. In some cases, however, you must configure the advertising router as the next hop to ensure that the BGP peer can find the correct next hop.

For example, as shown in Figure 13, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship. If Router C has no route destined for IP address 1.1.1.1/24, you must configure Router B to set itself 3.1.1.1/24 as the next hop for the network 2.1.1.1/24 advertised to Router C.

Figure 13 NEXT_HOP attribute configuration

If a BGP router has two peers on a broadcast network, it does not set itself as the next hop for routes sent to an EBGP peer by default. As shown in Figure 14, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship. They are on the same broadcast network 1.1.1.0/24. When Router B sends EBGP routes to Router A, it does not set itself as the next hop by default. However, you can configure Router B to set it (1.1.1.2/24) as the next hop for routes sent to Router A by using the peer next-hop-local command as needed.

Figure 14 NEXT_HOP attribute configuration

IMPORTANT:

If you have configured BGP load balancing, the router sets itself as the next hop for routes sent to an IBGP peer or peer group regardless of whether the peer next-hop-local command is configured.

To configure the NEXT_HOP attribute (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Specify the router as the next hop for routes sent to a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } next-hop-local	By default, the router sets itself as the next hop for routes sent to an EBGP peer or peer group. However, it does not set itself as the next hop for routes sent to an IBGP peer or peer group.

To configure the NEXT_HOP attribute (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Specify the router as the next hop for routes sent to a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } next-hop-local	By default, the router sets itself as the next hop for routes sent to an EBGP peer or peer group. However, it does not set itself as the next hop for routes sent to an IBGP peer or peer group.

Configuring the AS_PATH attribute

Permitting local AS number to appear in routes from a peer or peer group

In general, BGP checks whether the AS_PATH attribute of a route from a peer contains the local AS number. If yes, it discards the route to avoid routing loops.

In certain network environments, however, the AS_PATH attribute of a route from a peer must be allowed to contain the local AS number. Otherwise, the route cannot be advertised correctly.

To permit the local AS number to appear in routes from a peer or peer group and specify the appearance times (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Permit the local AS number to appear in routes from a peer or peer group and set the appearance times.	peer { group-name \| ipv4-address [ mask-length ] } allow-as-loop [ number ]	By default, the local AS number is not allowed in routes from a peer or peer group.

To permit the local AS number to appear in routes from a peer or peer group and specify the appearance times (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Permit the local AS number to appear in routes from a peer or peer group and set the appearance times.	peer { group-name \| ipv6-address [ prefix-length ] } allow-as-loop [ number ]	By default, the local AS number is not allowed in routes from a peer or peer group.

Ignoring the AS_PATH attribute during optimal route selection

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure BGP to ignore the AS_PATH attribute during optimal route selection	bestroute as-path-neglect	By default, BGP considers AS_PATH during optimal route selection.

Advertising a fake AS number to a peer or peer group

After you move a BGP router from an AS to another AS (from AS 2 to AS 3 for example), you have to modify the AS number of the router on all its EBGP peers. To avoid such modifications, you can configure the router to advertise a fake AS number 2 to its EBGP peers so that the EBGP peers still think that Router A is in AS 2.

To advertise a fake AS number to a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Advertise a fake AS number to a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } fake-as as-number	By default, no fake AS number is advertised to a peer or peer group. This command applies only to EBGP peers or EBGP peer groups.

To advertise a fake AS number to a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Advertise a fake AS number to a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } fake-as as-number	By default, no fake AS number is advertised to a peer or peer group. This command applies only to EBGP peers or EBGP peer groups.

Configuring AS number substitution

IMPORTANT:

Do not configure AS number substitution in normal circumstances. Otherwise, routing loops might occur.

To use EBGP between PE and CE in MPLS L3VPN, VPN sites in different geographical areas should have different AS numbers. Otherwise, BGP discards route updates containing the local AS number. If two CEs connected to different PEs use the same AS number, you must configure AS number substitution on each PE. This substitution can replace the AS number in route updates originated by the remote CE as its own AS number before advertising them to the connected CE.

Figure 15 AS number substitution configuration (in an IPv4 network)

As shown in Figure 15, CE 1 and CE 2 use the same AS number 800. To ensure bidirectional communication between the two sites, configure AS number substitution on PE 2. PE 2 replaces AS 800 with AS 100 for the BGP route update originated from CE 1 before advertising it to CE 2. Perform the same configuration on PE 1.

To configure AS number substitution for a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure AS number substitution for a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } substitute-as	By default, AS number substitution is not configured.

To configure AS number substitution for a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure AS number substitution for a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } substitute-as	By default, AS number substitution is not configured.

Removing private AS numbers from updates sent to an EBGP peer or peer group

Private AS numbers are typically used in test networks, and should not be transmitted in public networks. The range of private AS numbers is from 64512 to 65535.

To remove private AS numbers from updates sent to an EBGP peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure BGP to remove private AS numbers from the AS_PATH attribute of updates sent to an EBGP peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } public-as-only	By default, BGP updates sent to an EBGP peer or peer group can carry both public and private AS numbers. This command is applicable only to EBGP peers or peer groups.

To remove private AS numbers from updates sent to an EBGP peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure BGP to remove private AS numbers from the AS_PATH attribute of updates sent to an EBGP peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } public-as-only	By default, BGP updates sent to an EBGP peer or peer group can carry both public and private AS numbers. This command is applicable only to EBGP peers or peer groups.

Ignoring the first AS number of EBGP route updates

By default, BGP checks the first AS number of a received EBGP route update. If the first AS number is neither the AS number of the BGP peer nor a private AS number, the BGP router disconnects the BGP session to the peer.

To ignore the first AS number of EBGP route updates:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Configure BGP to ignore the first AS number of EBGP route updates.	ignore-first-as	By default, BGP checks the first AS number of EBGP route updates.

Ignoring IGP metrics during optimal route selection

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure BGP to ignore IGP metrics during optimal route selection.	bestroute igp-metric-ignore	By default, BGP considers IGP metrics during optimal route selection. If multiple routes to the same destination are available, BGP selects the route with the smallest IGP metric as the optimal route.

Configuring the SoO attribute

After you configure the SoO attribute for a BGP peer or peer group, BGP adds the SoO attribute into the route updates received from the BGP peer or peer group. In addition, before advertising route updates to the peer or peer group, BGP checks the SoO attribute of the route update against the configured SoO attribute. If they are the same, BGP does not advertise the route updates to the BGP peer or peer group.

To configure the SoO attribute (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Configure the SoO attribute for a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } soo site-of-origin	By default, no SoO attribute is configured for a peer or peer group.

To configure the SoO attribute (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Configure the SoO attribute for a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } soo site-of-origin	By default, no SoO attribute is configured for a peer or peer group.

Tuning and optimizing BGP networks

This section describes how to tune and optimize BGP networks.

Configuring the keepalive interval and hold time

BGP sends keepalive messages regularly to keep the BGP session between two routers.

If a router receives no keepalive or update message from a peer within the hold time, it tears down the session.

You can configure the keepalive interval and hold time globally or for a peer or peer group. The individual settings take precedence over the global settings.

The actual keepalive interval and hold time are determined as follows:

· If the hold time settings on the local and peer routers are different, the smaller setting is used. If the hold time is 0, BGP does not send keepalive messages to its peers and never tears down the session.

· If the keepalive interval is not 0, the actual keepalive interval is the smaller one between 1/3 of the hold time and the keepalive interval.

To configure the keepalive interval and hold time (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure the keepalive interval and hold time.	· Configure the global keepalive interval and hold time: timer keepalive keepalive hold holdtime · Configure the keepalive interval and hold time for a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } timer keepalive keepalive hold holdtime	Use at least one method. By default, the keepalive interval is 60 seconds, and hold time is 180 seconds. The timer command takes effect for new BGP sessions and does not affect existing sessions. The timers configured with the timer and peer timer commands do not take effect until a session is re-established (for example, a session is reset). The hold time must be at least three times the keepalive interval.

To configure the keepalive interval and hold time (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure the keepalive interval and hold time.	· Configure the global keepalive interval and hold time: timer keepalive keepalive hold holdtime · Configure the keepalive interval and hold time for a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } timer keepalive keepalive hold holdtime	Use at least one method. By default, the keepalive interval is 60 seconds, and hold time is 180 seconds. The timer command takes effect for new BGP sessions and does not affect existing sessions. The timers configured with the timer and peer timer commands do not take effect until a session is re-established (for example, a session is reset). The hold time must be at least three times the keepalive interval.

Setting the session retry timer

About setting the session retry timer

To speed up session establishment to a peer or peer group and route convergence, set a small session retry timer. If the BGP session flaps, you can set a large session retry timer to reduce the impact.

Restrictions and guidelines

The timer set by the peer timer connect-retry command takes precedence over the timer set by the timer connect-retry command.

Setting the session retry timer (IPv4 unicast/multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Set the session retry timer.	· Set the session retry timer for all peers or peer groups: timer connect-retry retry-time · Set the session retry timer for a peer or peer group: peer { group-name \| ipv4-address [ mask-length ] } timer connect-retry retry-time	Use either method. By default, the session retry timer is 32 seconds for a peer or peer group.

Setting the session retry timer (IPv6 unicast/multicast address family)

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Set the session retry timer.	· Set the session retry timer for all peers or peer groups: timer connect-retry retry-time · Set the session retry timer for a peer or peer group: peer { group-name \| ipv6-address [ prefix-length ] } timer connect-retry retry-time	By default, the session retry timer is 32 seconds for a peer or peer group.

Configuring the interval for sending updates for the same route

A BGP router sends an update message to its peers when a route is changed. If the route changes frequently, the BGP router keeps sending updates for the same route, resulting route flapping. To prevent this situation, perform this task to configure the interval for sending updates for the same route to a peer or peer group. This feature does not take effect on withdrawn routes. For withdrawn routes, BGP sends the withdrawal messages immediately.

To configure the interval for sending the same update to a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure the interval for sending updates for the same route to a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } route-update-interval interval	By default, the interval is 15 seconds for an IBGP peer and 30 seconds for an EBGP peer.

To configure the interval for sending the same update to a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Configure the interval for sending updates for the same route to a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } route-update-interval interval	By default, the interval is 15 seconds for an IBGP peer and 30 seconds for an EBGP peer.

Enabling BGP to establish an EBGP session over multiple hops

To establish an EBGP session, two routers must have a direct physical link and use directly connected interfaces. If no direct link is available, you must use the peer ebgp-max-hop command to enable BGP to establish an EBGP session over multiple hops and specify the maximum hops.

When the BGP GTSM feature is enabled, two peers can establish an EBGP session after passing GTSM check, regardless of whether the maximum number of hops is reached.

To enable BGP to establish an indirect EBGP session (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable BGP to establish an EBGP session to an indirectly connected peer or peer group and specify the maximum hop count.	peer { group-name \| ipv4-address [ mask-length ] } ebgp-max-hop [ hop-count ]	By default, BGP cannot establish an EBGP session to an indirectly connected peer or peer group.

To enable BGP to establish an indirect EBGP session (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable BGP to establish an EBGP session to an indirectly connected peer or peer group and specify the maximum hop count.	peer { group-name \| ipv6-address [ prefix-length ] } ebgp-max-hop [ hop-count ]	By default, BGP cannot establish an EBGP session to an indirectly connected peer or peer group.

Enabling immediate re-establishment of direct EBGP connections upon link failure

When the link to a directly connected EBGP peer goes down, the router does not re-establish a session to the peer until the hold time timer expires. This feature enables BGP to immediately recreate the session in that situation. When this feature is disabled, route flapping does not affect EBGP session state.

To enable immediate re-establishment of direct EBGP connections:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Enable immediate re-establishment of direct EBGP connections upon link failure.	ebgp-interface-sensitive	By default, immediate re-establishment of direct EBGP connections is enabled.

Enabling BGP ORF capabilities

About BGP ORF

BGP Outbound Route Filtering (ORF) saves the system resources by reducing the route updates that are sent between BGP peers.

The BGP peers negotiate the ORF capabilities through Open messages. After completing the negotiation process, the BGP peers can exchange ORF information (local route reception filtering policy) through route refresh messages. Then, only routes that pass both the local route distribution filtering policy and the received route reception filtering policy can be advertised.

Restrictions and guidelines

You can enable the ORF information sending, receiving, or both sending and receiving capabilities on a BGP router. For two BGP peers to successfully negotiate the ORF capabilities, make sure one end has the sending capability and the other end has the receiving capability.

Enabling BGP ORF capabilities

To enable BGP ORF capabilities (IPv4 unicast/IPv4 multicast):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Enable BGP ORF capabilities.	peer { group-name \| ipv4-address [ mask-length ] } capability-advertise orf prefix-list { both \| receive \| send }	By default, BGP ORF capabilities are disabled.

To enable BGP ORF capabilities (IPv6 unicast/IPv6 multicast):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Enable BGP ORF capabilities.	peer { group-name \| ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both \| receive \| send }	By default, BGP ORF capabilities are disabled.

Enabling nonstandard BGP ORF capabilities

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable nonstandard BGP ORF capabilities.	peer { group-name \| ip-address [ mask-length ] \| ipv6-address [ prefix-length ] } capability-advertise orf non-standard	By default, nonstandard BGP ORF capabilities are disabled. To enable the BGP peers to exchange nonstandard ORF information, you must configure this command together with the peer capability-advertise orf prefix-list command.

Enabling 4-byte AS number suppression

BGP supports 4-byte AS numbers. The 4-byte AS number occupies four bytes, in the range of 1 to 4294967295. By default, a device sends an Open message to the peer device for session establishment. The Open message indicates that the device supports 4-byte AS numbers. If the peer device supports 2-byte AS numbers instead of 4-byte AS numbers, the session cannot be established. To resolve this issue, enable the 4-byte AS number suppression feature. The device then sends an Open message to inform the peer that it does not support 4-byte AS numbers, so the BGP session can be established.

If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression feature. Otherwise, the BGP session cannot be established.

To enable 4-byte AS number suppression (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable 4-byte AS number suppression.	peer { group-name \| ipv4-address [ mask-length ] } capability-advertise suppress-4-byte-as	By default, 4-byte AS number suppression is disabled.

To enable 4-byte AS number suppression (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable 4-byte AS number suppression.	peer { group-name \| ipv6-address [ prefix-length ] } capability-advertise suppress-4-byte-as	By default, 4-byte AS number suppression is disabled.

Enabling MD5 authentication for BGP peers

MD5 authentication provides the following benefits:

· Peer authentication ensures that only BGP peers that have the same password can establish TCP connections.

· Integrity check ensures that BGP packets exchanged between peers are intact.

To enable MD5 authentication for BGP peers (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable MD5 authentication for a BGP peer group or peer.	peer { group-name \| ipv4-address [ mask-length ] } password { cipher \| simple } password	By default, MD5 authentication is disabled.

To enable MD5 authentication for BGP peers (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable MD5 authentication for a BGP peer group or peer.	peer { group-name \| ipv6-address [ prefix-length ] } password { cipher \| simple } password	By default, MD5 authentication is disabled.

Enabling keychain authentication for BGP peers

Keychain authentication enhances the security of TCP connection establishment between BGP peers. It allows BGP peers to establish TCP connections only when the following conditions are met:

· Keychain authentication is enabled on both BGP peers.

· The keys used by the BGP peers have the same authentication algorithm and key string.

Before configuring keychain authentication, make sure the specified keychain has been created.

For more information about keychains, see Security Configuration Guide.

To enable keychain authentication for BGP peers (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view of BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable keychain authentication for a BGP peer or peer group.	peer { group-name \| ip-address [ mask-length ] } keychain keychain-name	By default, keychain authentication is disabled.

To enable keychain authentication for BGP peers (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Enable keychain authentication for a BGP peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } keychain keychain-name	By default, keychain authentication is disabled.

Configuring BGP load balancing

Perform this task to specify the maximum number of BGP ECMP routes for load balancing.

To specify the maximum number of BGP ECMP routes for load balancing (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ] · Enter BGP IPv4 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 multicast	N/A
3. Specify the maximum number of BGP ECMP routes for load balancing.	balance [ ebgp \| eibgp \| ibgp ] number	By default, load balancing is disabled.
4. (Optional.) Enable BGP to ignore the AS_PATH attribute when it implements load balancing.	balance as-path-neglect		By default, BGP does not ignore the AS_PATH attribute when it implements load balancing.
5. (Optional.) Enable load balancing for routes that have different AS_PATH attributes of the same length.	balance as-path-relax		By default, BGP cannot perform load balancing for routes that have different AS_PATH attributes of the same length.

To specify the maximum number of BGP ECMP routes for load balancing (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ] · Enter BGP IPv6 multicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 multicast	N/A
3. Specify the maximum number of BGP ECMP routes for load balancing.	balance [ ebgp \| eibgp \| ibgp ] number	By default, load balancing is disabled.
4. (Optional.) Enable BGP to ignore the AS_PATH attribute when it implements load balancing.	balance as-path-neglect		By default, BGP does not ignore the AS_PATH attribute when it implements load balancing.
5. (Optional.) Enable load balancing for routes that have different AS_PATH attributes of the same length.	balance as-path-relax		By default, BGP cannot perform load balancing for routes that have different AS_PATH attributes of the same length.

Configuring the BGP Additional Paths feature

About the BGP Additional Paths feature

By default, BGP advertises only one optimal route. When the optimal route fails, traffic forwarding will be interrupted until route convergence completes.

The BGP Additional Paths (Add-Path) feature enables BGP to advertise multiple routes with the same prefix and different next hops to a peer or peer group. When the optimal route fails, the suboptimal route becomes the optimal route, which shortens the traffic interruption time.

You can enable the BGP additional path sending, receiving, or both sending and receiving capabilities on a BGP router. For two BGP peers to successfully negotiate the Additional Paths capabilities, make sure one end has the sending capability and the other end has the receiving capability.

Procedure (IPv4 unicast address family)

To configure the BGP Additional Paths feature:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.	· Enter BGP IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv4 [ unicast ] · Enter BGP-VPN IPv4 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv4 [ unicast ]	N/A
3. Configure the BGP Additional Paths capabilities.	peer { group-name \| ipv4-address [ mask-length ] } additional-paths { receive \| send } *	By default, no BGP Additional Paths capabilities are configured.
4. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } advertise additional-paths best number	By default, a maximum of one Add-Path optimal route can be advertised to a peer or peer group.
5. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.	additional-paths select-best best-number	By default, a maximum of one Add-Path optimal route can be advertised to all peers.

Procedure (IPv4 unicast address family)

To configure the BGP Additional Paths feature:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.	· Enter BGP IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. address-family ipv6 [ unicast ] · Enter BGP-VPN IPv6 unicast address family view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name c. address-family ipv6 [ unicast ]	N/A
3. Configure the BGP Additional Paths capabilities.	peer { group-name \| ipv6-address [ mask-length ] } additional-paths { receive \| send } *	By default, no BGP Additional Paths capabilities are configured.
4. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.	peer { group-name \| ipv6-address [ mask-length ] } advertise additional-paths best number	By default, a maximum of one Add-Path optimal route can be advertised to a peer or peer group.
5. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.	additional-paths select-best best-number	By default, a maximum of one Add-Path optimal route can be advertised to all peers.

Configuring IPsec for IPv6 BGP

Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication for IPv6 BGP packets exchanged between BGP peers.

When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully receives and de-encapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A and learns IPv6 BGP routes from Device A. If Device B receives but fails to de-encapsulate the packet, or receives a packet not protected by IPsec, it discards the packet.

To configure IPsec for IPv6 BGP packets (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure an IPsec transform set and a manual IPsec profile.	See Security Configuration Guide.	By default, no IPsec transform set or manual IPsec profile exists.
3. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
4. Apply the IPsec profile to an IPv6 BGP peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } ipsec-profile profile-name	By default, no IPsec profile is configured for any IPv6 BGP peer or peer group. This command supports only IPsec profiles in manual mode.

Disabling BGP session establishment

About disabling BGP session establishment

This task enables you to temporarily tear down BGP sessions to a peer/peer group or all peers/peer groups. You can perform network upgrade and maintenance without needing to delete and reconfigure the peers and peer groups. To recover the sessions, execute the undo peer ignore or undo ignore all-peers command.

If you specify the graceful keyword in the peer ignore command, BGP performs the following tasks:

· Gracefully shuts down the session to the specified peer or peer group in the specified graceful shutdown period of time.

· Advertises all routes to the specified peer or peer group and changes the attribute of the advertised routes to the specified value.

· Advertises routes from the specified peer or peer group to other IBGP peers and peer groups and changes the attribute of the advertised routes to the specified value.

If you specify the graceful keyword in the ignore all-peers command, BGP performs the following tasks:

· Gracefully shuts down the sessions to all peers and peer groups in the specified graceful shutdown period of time.

· Advertises all routes to all peers and peer groups and changes the attribute of the advertised routes to the specified value.

Restrictions and guidelines

For a BGP peer or peer group, the configuration made by the peer ignore command takes precedence over the configuration made by the ignore all-peers command.

Disabling BGP to establish sessions to a peer or peer group

To disable BGP to establish a session to a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Disable BGP to establish a session to a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } ignore [ graceful graceful-time { community { community-number \| aa:nn } \| local-preference preference \| med med } * ]	By default, BGP can establish a session to a peer or peer group.

To disable BGP to establish a session to a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view or BGP-VPN instance view.	· Enter BGP instance view: bgp as-number [ instance instance-name ] · Enter BGP-VPN instance view: a. bgp as-number [ instance instance-name ] b. ip vpn-instance vpn-instance-name	N/A
3. Disable BGP to establish a session to a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } ignore [ graceful graceful-time { community { community-number \| aa:nn } \| local-preference preference \| med med } * ]	By default, BGP can establish a session to a peer.

Disabling BGP to establish sessions to all peers or peer groups

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP instance view.	bgp as-number [ instance instance-name ]	N/A
3. Disable BGP to establish sessions to all peers or peer groups.	ignore all-peers [ graceful graceful-time { community { community-number \| aa:nn } \| local-preference preference \| med med } * ]	By default, BGP can establish sessions to all peers and peer groups.

Configuring GTSM for BGP

The Generalized TTL Security Mechanism (GTSM) protects a BGP session by comparing the TTL value in the IP header of incoming BGP packets against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.

The valid TTL range is from 255 – the configured hop count + 1 to 255.

When GTSM is configured, the BGP packets sent by the device have a TTL of 255.

GTSM provides best protection for directly connected EBGP sessions, but not for multihop EBGP or IBGP sessions because the TTL of packets might be modified by intermediate devices.

IMPORTANT:

· When GTSM is configured, the local device can establish an EBGP session to the peer after both devices pass GTSM check, regardless of whether the maximum number of hops is reached.

· To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values for them.

To configure GTSM for BGP (IPv4 unicast/multicast address family):

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter BGP instance view or BGP-VPN instance view.

· Enter BGP instance view:
bgp as-number [ instance instance-name ]

· Enter BGP-VPN instance view:

Products & Technology

Solutions

Support

Training & Certification

Partners

About Us

05-Layer 3-IP Routing Configuration Guide

Configuring BGP

Overview

BGP load balancing through route recursion

BGP load balancing through route selection

Settlements for problems in large-scale BGP networks

MP-BGP extended attributes

Address family

BGP configuration task list

Enabling BGP

Configuring a BGP peer (IPv4 unicast address family)

Configuring a BGP peer (IPv6 multicast address family)

Configuring dynamic BGP peers (IPv4 unicast address family)

Configuring dynamic BGP peers (IPv6 unicast address family)

Configuring dynamic BGP peers (IPv4 multicast address family)

Configuring dynamic BGP peers (IPv6 multicast address family)

Configuring an IBGP peer group

Configuring an EBGP peer group

Specifying the source address of TCP connections

About specifying the source address of TCP connections

Restrictions and guidelines

Specifying the source address of TCP connections (IPv4 unicast/multicast address family)

Specifying the source address of TCP connections (IPv6 unicast/multicast address family)

Configuring BGP route summarization

Configuring automatic route summarization

Configuring manual route summarization

Advertising a default route to a peer or peer group

Configuration prerequisites

Configuring BGP route distribution filtering policies

Configuring BGP route reception filtering policies

About startup policy for BGP route updates

Procedure

Controlling BGP path selection

Setting a preferred value for routes received

Configuring the default MED value

Enabling MED comparison for routes from different ASs

Enabling MED comparison for routes on a per-AS basis

Permitting local AS number to appear in routes from a peer or peer group

Ignoring the AS_PATH attribute during optimal route selection

Advertising a fake AS number to a peer or peer group

Configuring AS number substitution

Removing private AS numbers from updates sent to an EBGP peer or peer group

Ignoring the first AS number of EBGP route updates

Ignoring IGP metrics during optimal route selection

Configuring the keepalive interval and hold time

About setting the session retry timer

Restrictions and guidelines

Setting the session retry timer (IPv4 unicast/multicast address family)

Setting the session retry timer (IPv6 unicast/multicast address family)

Configuring the interval for sending updates for the same route

Enabling BGP ORF capabilities

About BGP ORF

Restrictions and guidelines

Enabling BGP ORF capabilities

Enabling nonstandard BGP ORF capabilities

Enabling keychain authentication for BGP peers

Configuring BGP load balancing

About the BGP Additional Paths feature

Procedure (IPv4 unicast address family)

Procedure (IPv4 unicast address family)

About disabling BGP session establishment

Restrictions and guidelines

Disabling BGP to establish sessions to a peer or peer group